Downloads


Tools

CodeMachine Debugger Extension DLL

2013.12.07 | X86 and x64 | 1.2.7.0

Contains the !stack, !kvas, !ptelist, !packet commands.


Presentations

Developing Drivers with Visual Studio 2012 (.PDF File) Advanced Developers Conference 2013 Bad Aibling, Germany
x64 Deep Dive (.PDF File) Microsoft Global Escalation Conference 2010 Redmond, WA, USA
Supporting Support (.PDF File) Microsoft Global Escalation Conference 2009 Virtual
Writing Debugger Extensions (.PDF File) Microsoft Global Escalation Conference 2007 Las Colinas, TX, USA

Windows Debugger (WinDBG) Downloads

Windows 10 Version 1607 (RS1 Release) Debuggers and Tools

X86 Debuggers And Tools (Windows 10 1607) 10.0.14321.1024 32-bit (.MSI File) [22.7 MB]

X64 Debuggers And Tools (Windows 10 1607) 10.0.14321.1024 64-bit (.MSI File) [25.7 MB]

Windows 10 Version 1511 (TH2 Release) Debuggers and Tools

X86 Debuggers And Tools (Windows 10 1511) 10.0.10586.567 32-bit (.MSI File) [21.8 MB]

X64 Debuggers And Tools (Windows 10 1511) 10.0.10586.567 64-bit (.MSI File) [24.7 MB]

Windows 10 Debuggers and Tools

X86 Debuggers And Tools (Windows 10) 10.0.10075.9 32-bit (.MSI File) [19.7 MB]

X64 Debuggers And Tools (Windows 10) 10.0.10075.9 64-bit (.MSI File) [22.1 MB]

Windows 8.1 Debuggers and Tools

X86 Debuggers And Tools (Windows 8.1) 6.3.9600.16384 32-bit (.MSI File) [18.0 MB]

X64 Debuggers And Tools (Windows 8.1) 6.3.9600.16384 64-bit (.MSI File) [19.1 MB]

Windows 8 Debuggers and Tools

X86 Debuggers And Tools (Windows 8) 6.2.9200.16384 32-bit (.MSI File) [17.2 MB]

X64 Debuggers And Tools (Windows 8) 6.2.9200.16384 64-bit (.MSI File) [18.2 MB]

Windows 7 Debugging Tools for Windows

Debugging Tools for Windows 6.12.2.633 32-bit (.MSI File) [18.8 MB]

Debugging Tools for Windows 6.12.2.633 64-bit (.MSI File) [17.1 MB]


Windows Driver Kit (WDK) Header File Downloads

Windows Version BugCheck Codes Native API Kernel Types Status Codes Hardware Drivers Kernel Drivers FileSystem Drivers
Windows 7 bugcodes.h winnt.h ntdef.h ntstatus.h wdm.h ntddk.h ntifs.h
Windows 8 bugcodes.h winnt.h ntdef.h ntstatus.h wdm.h ntddk.h ntifs.h
Windows 8.1 bugcodes.h winnt.h ntdef.h ntstatus.h wdm.h ntddk.h ntifs.h
Windows 10 bugcodes.h winnt.h ntdef.h ntstatus.h wdm.h ntddk.h ntifs.h
Windows 10 1511 bugcodes.h winnt.h ntdef.h ntstatus.h wdm.h ntddk.h ntifs.h
Windows 10 1607 bugcodes.h winnt.h ntdef.h ntstatus.h wdm.h ntddk.h ntifs.h

Windows Kernel Debugging Setup Scripts

Collection of handy scripts for setting up debug and test systems.

Configure System Settings

Deletes Shadow Copies
Disables System Restore on the System Drive
Enables RDP to the system
Disables Shutdown Event Tracker (applies only to Windows Servers)
Disables Automatic Updates

[Download batch file containing the following commands]
    wmic /namespace:\\root\default path SystemRestore call Disable %SystemDrive%
    wmic shadowcopy delete
    wmic rdtoggle where ServerName="%COMPUTERNAME%" CALL SetAllowTSConnections 1, 1
    reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Reliability" /f
    reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Reliability" /v ShutdownReasonOn  /t REG_DWORD /d 0x0 /f
    reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v AUOptions /t REG_DWORD /d 1 /f
    

Configure Dump Generation and Debug Prints

Configures the system to generate complete kernel memory dumps
Retains kernel mode memory dumps, unconditionally
Configures the system to generate a kernel or complete memory dump from a PS/2 keyboard
Configures the system to generate a kernel or complete memory dump from a USB keyboard
Configures the system to generate a user mode mini-dump with full memory information
Enables DbgPrint() output to appear in the kernel debugger
Disables paging of kernel and device driver code pages

[Download batch file containing the following commands]
    wmic recoveros set DebugInfoType = 1
    reg add "HKLM\SYSTEM\CurrentControlSet\Control\CrashControl" /v AlwaysKeepMemoryDump /t REG_DWORD /d 0x1
    reg add "HKLM\SYSTEM\CurrentControlSet\Control\CrashControl" /v NMICrashDump /t REG_DWORD /d 0x1
    reg add "HKLM\SYSTEM\CurrentControlSet\Services\kbdhid\Parameters" /v CrashOnCtrlScroll /t REG_DWORD /d 0x1
    reg add "HKLM\SYSTEM\CurrentControlSet\Services\i8042prt\Parameters" /v CrashOnCtrlScroll /t REG_DWORD /d 0x1
    reg add "HKLM\Software\Microsoft\Windows\Windows Error Reporting\LocalDumps"
    reg add "HKLM\Software\Microsoft\Windows\Windows Error Reporting\LocalDumps" /v DumpType /t REG_DWORD /d 0x2 
    reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Debug Print Filter" /v DEFAULT  /t REG_DWORD /d 0xffffffff
    reg add "HKLM\System\CurrentControlSet\Control\Session Manager\Memory Management" /v DisablePagingExecutive  /t REG_DWORD /d 1 /f
    

Configure Kernel Mode Debugging

Backs up the current boot entry into a new entry.
Turns on kernel debugging
Configures kernel debugging to use COM1 at 115200 baud

[Download batch file containing the following commands]
    bcdedit /copy {current} /d "Windows [debugger disabled]"
    bcdedit /debug {current} ON
    bcdedit /set {current} debugtype SERIAL 
    bcdedit /set {current} debugport 1
    bcdedit /set {current} baudrate 115200
    

Setup network share

Creates a new directory c:\Shared
Shares it using Windows Print and File Sharing and give everybody on the system full access to it

[Download batch file containing the following commands]
    mkdir c:\Shared
    net share Shared=c:\Shared /GRANT:Everyone,FULL
    

Setup New Account

Creates a new administrator user with username="tester" and password="tester"
Enables this account to automatically log into the system

[Download batch file containing the following commands]
    net user tester tester /add
    net localgroup administrators tester /add
    reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoAdminLogon /t REG_DWORD /d 0x1 /f
    reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultUserName /t REG_SZ /d "tester" /f
    reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultPassword /t REG_SZ /d "tester" /f
    

Configure User Preferences

Enables RDP access for current user
Configures Explorer to show hidden files, folders and drives
Configures Explorer to show extensions of known files types
Configures Explorer to show protected operating system files
Configures Explorer to display full path in the title bar
Configures Explorer to prevent windows from being automatically arranged when moved to the edge of the screen

[Download batch file containing the following commands]
    wmic rdpermissions where TerminalName="RDP-Tcp" CALL AddAccount "%USERNAME%",1 
    reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v SuperHidden /t REG_DWORD /d 0x1 /f
    reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v ShowSuperHidden /t REG_DWORD /d 0x1 /f
    reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v HideFileExt /t REG_DWORD /d 0x0 /f
    reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState" /v FullPath /t REG_DWORD /d 0x1 /f
    reg add "HKCU\Control Panel\Desktop" /v WindowArrangementActive /t REG_SZ /d "0" /f