I have been in a training class this week and I ran into the brightest Gentlemen. My constituents are Luis Acosta and Vagner Pilar. They are a good Troubleshooting team and they have taught me some things about WinDBG that I did not know.
In fact there is a lot to WinDBG, which I wont bore you with. If you face Blue screens on a regular basis, Vagner has put together a tree access menu for WinDGB. This menu allows you to get information, you you didn’t know was available in such a Crash Dump.
The Tool is called WinDBGTree. Now there is a few setup things to do, but its not to bad. Let me walk you through it.
But first, let me make a correction. When i went over the instructions recently, to recreate my Windbg Menu, I found I ran into a problem where you have to have the SwishDBGEXT Dll File. It looks like you have to compile it yourself. This means it only comes with the Default .H and .C files. I couldn’t get the thing to compile. So… As a work around, I am including the DLL at this location. You can email me if the link expires and you need the DLL. I would also say Please send me an email with steps if you got this to compile on windows. I think you could just use Visual Studio to do it, but I ran our of time and had to move on.
again step 2 – First point DLL is here-> shared
So I talked with one of my colleagues and he let me know you should be able to generate the Dll from within WinDBG. I must have done this originally, but I didnt record that in the instructions. So basically the command to make the DLL (SwishDbgExt.dll) would be:
In the path needs to be the Files from the download. this should generate the DLL and then you can put into the proper place, as the instructions show.
Do you have the .dll file already? If yes, just need to drop the file into the C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\winext folder and run the .dll using Windbg .load and the path.
The components of this solution are:
1. WinDBGTree is the Item written by Vagner.
2. SwishdbgExt, DBGKit, MEX, Wdbgark and Patterns are the extentions as shown in step 2.
- 1. Download the WinDBGTree
- 2. Download all the links below. this group of files will go to the same location See #3.
SwishdbgExt - https://github.com/comaeio/SwishDbgExt (Thanks to Matt Suiche (@msuiche))
DBGkit - http://www.andreybazhan.com/dbgkit.html (Kuddos to @AndreyBazhan)
MEX - https://www.microsoft.com/en-us/download/details.aspx?id=53304 (kuddos to Microsoft)
WinDBG Anti-RootKit Extension -https://github.com/swwwolf/wdbgark (Kuddos to Vyacheslav Rusakoff @@swwwolf)
Patterns Debugger Extension DLL - http://www.patterndiagnostics.com/patterns-extension
3. What do I mean by the same location? Ok so once the Zip files are unzipped, the contents of each folder go into the following folder
- C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\
- SwiishDBGExt has an extra step. once you have copied files into X64 folder, find the folder you just pasted in, called swishDBG-ext master. Inside this folder, copy the DLL called SwishDbgExt.dll to the X64 Folder.
- The WinDBGTree Text file goes into C:\Program Files (x86)\Windows Kits\10\Debuggers\x64 as well.
- 4. This is the one Step you may need a little help with. I have recreated the String you will use to rename the WINDBG link. The Text is:
“C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\windbg.exe” -c “.cmdtree C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\Windbgtree.txt”
What I did was Right Click WinDBG and send a shortcut to the Desktop. Your going to edit this link to change the target of the command. See Figure 1.
Paste the highlighted text in the Target Location. Once you have the files in the X64 folder. Start WinDBG and Open a crash Dump.
I am including a screen shot of the menu. I must say Thank you to Vagner, Luis, and the Extension writers Matt, Andery, Vyacheslav, and Microsoft. This can help oodles in troubleshooting difficult cases!
Figure 2. New DBG menu.
Let me get you a little more close up shot of the menu choices.
The bottom line Ii s you will not be impressed until you actually use this. it greatly increases the ease of getting information from a Dump File. It allows you to focus on the issue and not the syntax of the tool and all things you don’t know how to form the commands.
Kudos to you guys and Bravo.