LUA Buglight

LUA Buglight 2.1 is here.  LUA Buglight identifies admin-permissions issues ("LUA bugs") in desktop applications.  I've made a lot of changes to LUA Buglight since the last "2.0 Preview" that I posted, so the version number has been bumped up:

  • Support for Windows 7, Vista and XP, and corresponding Servers (2008 R2, 2008, 2003)
  • Support for x64 (except on XP/2003)
  • Completely revamped Reporter -- streamlined and with more detailed results

Note:  The new Reporter has necessitated a new file format, so the new Buglight cannot read reports generated from older versions of Buglight.

One thing that is seriously missing is documentation -- I hope to have that posted here in some form soon.  The basics:

  • On XP/2003, you need to run it as a standard user, and you need the username/password for an administrative account; on Vista and higher, you need to run it non-elevated as a member of the Administrators group, with UAC and admin-approval mode enabled.
  • Tell it what program to run, then run it.  Whenever your app performs an action that fails unelevated, it will repeat the operation with admin rights before returning control back to the program.  If it fails without admin rights and succeeds with admin rights, details about that operation get logged.
  • Click the "Stop Logging" button to close the log file; by default this will also open the Reporter and show the results.

Another feature that isn't present yet is that while LUA Buglight does an excellent job of identifying when a program performs operations that succeed only when run as administrator, right now it doesn't provide the details to fix it if you can't modify the source code.  My plan is to turn that into a community effort by documenting the report's XML format and then providing some PowerShell scripts that process the results and point to app-compat shims, permissions changes, or other mitigations for the identified problems.

I wish I could work on LUA Buglight full time, but it's an unfunded, spare-time effort, outside of my day job.  I know that LUA Buglight would be a lot more useful with documentation, but it's more useful posted without documentation than it is not posted at all waiting for me to write up documentation.

More information will be posted to this blog. 

[Update 3/25/2011: LUA Buglight 2.1.1 with support for Windows 7 SP1 and Server 2008 R2 SP1 is here .]