mcp-windbg 0.10.0

A Model Context Protocol server providing tools to analyze Windows crash dumps using WinDbg/CDB

MCP Server for WinDbg Crash Analysis

A Model Context Protocol server that bridges AI models with WinDbg for crash dump analysis and remote debugging.

Overview

This MCP server integrates with CDB to enable AI models to analyze Windows crash dumps and connect to remote debugging sessions using WinDbg/CDB.

What is this?

An AI-powered tool that bridges LLMs with WinDbg for crash dump analysis and live debugging. Execute debugger commands through natural language queries like "Show me the call stack and explain this access violation".

What This is Not

Not a magical auto-fix solution. It's a Python wrapper around CDB that leverages LLM knowledge to assist with debugging.

Usage Modes

• Crash Dump Analysis: Examine Windows crash dumps
• Live Debugging: Connect to remote debugging targets
• Directory Analysis: Process multiple dumps for patterns

Quick Start

Prerequisites

• Windows with Debugging Tools for Windows or WinDbg from Microsoft Store.
• Python 3.10 or higher
• Any MCP-compatible client (GitHub Copilot, Claude Desktop, Cline, etc.)
• Configure MCP server in your chosen client

[!TIP] In enterprise environments, MCP server usage might be restricted by organizational policies. Check with your IT team about AI tool usage and ensure you have the necessary permissions before proceeding.

Installation

pip install mcp-windbg

Configuration

Create .vscode/mcp.json in your workspace:

{
    "servers": {
        "mcp_windbg": {
            "type": "stdio",
            "command": "python",
            "args": ["-m", "mcp_windbg"],
            "env": {
                "_NT_SYMBOL_PATH": "SRV*C:\\Symbols*https://msdl.microsoft.com/download/symbols"
            }
        }
    }
}

Other MCP Clients: Configuration for Claude Desktop, Cline, and other clients is available in the Installation documentation.

Once configured, restart your MCP client and start debugging:

Analyze the crash dump at C:\dumps\app.dmp

MCP Compatibility

This server implements the Model Context Protocol (MCP), making it compatible with any MCP-enabled client:

The beauty of MCP is that you write the server once, and it works everywhere. Choose your favorite AI assistant!

Tools

Tool	Purpose	Use Case
list_windbg_dumps	List crash dump files	Discovery and batch analysis
open_windbg_dump	Analyze crash dumps	Initial crash dump analysis
close_windbg_dump	Cleanup dump sessions	Resource management
open_windbg_remote	Connect to remote debugging	Live debugging sessions
close_windbg_remote	Cleanup remote sessions	Resource management
run_windbg_cmd	Execute WinDbg commands	Custom analysis and investigation

Documentation

Documentation

Topic	Description
Getting Started	Quick setup and first steps
Installation	Detailed installation for pip, MCP registry, and from source
Usage	MCP client integration, command-line usage, and workflows
Tools Reference	Complete API reference and examples
Troubleshooting	Common issues and solutions

Examples

Crash Dump Analysis

Analyze this heap address with !heap -p -a 0xABCD1234 and check for buffer overflow"

Execute !peb and tell me if there are any environment variables that might affect this crash"

Run .ecxr followed by k and explain the exception's root cause"

Remote Debugging

"Connect to tcp:Port=5005,Server=192.168.0.100 and show me the current thread state"

"Check for timing issues in the thread pool with !runaway and !threads"

"Show me all threads with ~*k and identify which one is causing the hang"

Blog

Read about the development journey: The Future of Crash Analysis: AI Meets WinDbg

Links

• Reddit: I taught Copilot to analyze Windows Crash Dumps
• Hackernews: AI Meets WinDbg

Star History

License

MIT