Hello All,
I have been in a training class this week and I ran into the brightest Gentlemen. My constituents are Luis Acosta and Vagner Pilar. They are a good Troubleshooting team and they have taught me some things about WinDBG that I did not know.
In fact there is a lot to WinDBG, which I wont bore you with. If you face Blue screens on a regular basis, Vagner has put together a tree access menu for WinDGB. This menu allows you to get information, you you didn’t know was available in such a Crash Dump.
The Tool is called WinDBGTree. Now there is a few setup things to do, but its not to bad. Let me walk you through it.
#####UPDATED 5/2017
But first, let me make a correction. When i went over the instructions recently, to recreate my Windbg Menu, I found I ran into a problem where you have to have the SwishDBGEXT Dll File. It looks like you have to compile it yourself. This means it only comes with the Default .H and .C files. I couldn’t get the thing to compile. So… As a work around, I am including the DLL at this location. You can email me if the link expires and you need the DLL. I would also say Please send me an email with steps if you got this to compile on windows. I think you could just use Visual Studio to do it, but I ran our of time and had to move on.
again step 2 – First point DLL is here-> shared
Updated 11/2018
My apologies, All referenced DLLs below reference the X86 DLL. don’t worry about the X64 DLL. I noticed If you use the x64DLL, the menu does not work. I have used this three times now. It has worked every time. I apologize for messy instructions but i only use this once every refresh.
Updated 5/25/2017
So I talked with one of my colleagues and he let me know you should be able to generate the Dll from within WinDBG. I must have done this originally, but I didnt record that in the instructions. So basically the command to make the DLL (SwishDbgExt.dll) would be:
!load X:\FullPath\SwishDbgExt.dll
In the path needs to be the Files from the download. this should generate the DLL and then you can put into the proper place, as the instructions show.
Update 5/25/2017
Update 10./3/2017
This is not rocket science but it took me a few tries to get the instructions right. so there is a step missing. After you are all done, but before you start anything. you need to go find the folder called WinExt, located (C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\winext). There is an x86 folder. look for the file called dbgkit.dll and will need to be copied to the existing “winext folder. to realize there is two locations for the windows it for WinDbg:
C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\winext
C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\winext
So just copy one DLL from the folder (x86) , to the root X64 folder, and i put one in the root of the winext folder as well. ( . I got them backwards and Rammp style memory GUI was not working.
mex.dll goes in C:\Program Files (x86)\Windows Kits\10\Debuggers\x64
Windbgtree.txt goes in C:\Program Files (x86)\Windows Kits\10\Debuggers\x64
SwishDbgExt.dll goes in C:\Program Files (x86)\Windows Kits\10\Debuggers\x64
OK so you are ready to go one and actually try to get the steps right. Good Luck!!
————————–
The components of this solution are:
1. WinDBGTree is the Item written by Vagner.
2. SwishdbgExt, DBGKit, MEX, Wdbgark and Patterns are the extentions as shown in step 2.
- 1. Download the WinDBGTree
- 2. Download all the links below. this group of files will go to the same location See #3.
SwishdbgExt - https://github.com/comaeio/SwishDbgExt (Thanks to Matt Suiche (@msuiche))DBGkit - http://www.andreybazhan.com/dbgkit.html (Kuddos to @AndreyBazhan)MEX - https://www.microsoft.com/en-us/download/details.aspx?id=53304 (kuddos to Microsoft)WinDBG Anti-RootKit Extension -https://github.com/swwwolf/wdbgark (Kuddos to Vyacheslav Rusakoff @@swwwolf)Patterns Debugger Extension DLL - http://www.patterndiagnostics.com/patterns-extension
3. What do I mean by the same location? Ok so once the Zip files are unzipped, the contents of each folder go into the following folder- C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\
- SwiishDBGExt has an extra step. once you have copied files into X64 folder, find the folder you just pasted in, called swishDBG-ext master. Inside this folder, copy the DLL called SwishDbgExt.dll to the X64 Folder.
- The WinDBGTree Text file goes into C:\Program Files (x86)\Windows Kits\10\Debuggers\x64 as well.
- 4. This is the one Step you may need a little help with. I have recreated the String you will use to rename the WINDBG link. The Text is:
“C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\windbg.exe” -c “.cmdtree C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\Windbgtree.txt”
What I did was Right Click WinDBG and send a shortcut to the Desktop. Your going to edit this link to change the target of the command. See Figure 1.
Figure 1. 
Paste the highlighted text in the Target Location. Once you have the files in the X64 folder. Start WinDBG and Open a crash Dump.
I am including a screen shot of the menu. I must say Thank you to Vagner, Luis, and the Extension writers Matt, Andery, Vyacheslav, and Microsoft. This can help oodles in troubleshooting difficult cases!
Figure 2. New DBG menu.
Let me get you a little more close up shot of the menu choices.
Figure 3. The menu! 
The bottom line Ii s you will not be impressed until you actually use this. it greatly increases the ease of getting information from a Dump File. It allows you to focus on the issue and not the syntax of the tool and all things you don’t know how to form the commands.
Kudos to you guys and Bravo.
Louis Reeves
DigitalBamboo's Blog 