WinDbg File Association and Explorer Context Menu

For a long time now I’ve had a registry file to make context menu entries for WinDbg.  The entries allow you to select the x86 or x64 debugger.  Internally at Microsoft, I have another version of the registry file that contains two more context menu entries for the private symbol server.  You can see all 4 options I add internally in this screenshot.


Note, the registry file assumes WinDBG is installed in c:\debuggers_x86 and c:\debuggers (for the x86 and AMD64 debuggers respectively).  FYI: The reason you need to install the debugger twice is the lack of architecture agnostic support in some extensions – yes, SOS.DLL I’m looking at you.  The multiple entries give you a quick way of jumping between the two architectures.

The registry entries pass in the symbol path for the Microsoft Public Symbol Server ( and for me, the Microsoft Private Symbol Server. In both cases, the symbols are cached locally (e.g. c:\symbols) through SRV* chaining. Much like the architecture entries, this technique gives you a quick way to toggle between (in my case) the public and private symbols.  The passing of the symbol path, as opposed to using the _NT_SYMBOL_PATH environment variable is the only way to get around the concatination that WinDBG does. If you have the environment variable set, it will be prepended to the symbol path passed. This means that a environment variable path could still be used instead of a passed path.  I’ll admit that this is only an issue for people needing support of both symbols stores and that for the vast majority of people, the environment variable is a better way to go. If you go this way, just remove the -y section of the command line.

The registry file makes an association for all of the dump variants, including reflected dumps (*.ini).  Reflected dumps can be made using ProcDump with the -r switch (e.g. procdump.exe -r -ma notepad.exe). Currently, I piggy back on the Visual Studio 2010 keys so as to get an icon, and still support opening dumps in Visual Studio via the Open entry (I have no idea why you would want to do that though).

The other thing I do is load the debugger extensions that I commonly use.  In this (example) registry file, I just include one of my own extensions (myext.dll) via the -a switch (the extension I made for the MSDN Magazine Debugging API series).  If you want to load more, you just include multiple -a myext.dll entries in the command line.  (Side note, if you are doing the same with cdb, you can’t have a space between -a and the dll name). In my personal version of this, I load six extensions.

One thing you may want to consider is adding the -WX switch to ignore the default workspace.  I personally set up the default workspace the way I like it (command window docked, WinDbg maximized on my main monitor, font colors set for each text type, etc.) and use this as a template for each new debug session.  As such, I don’t want the -WX switch (that’s a double negative) as I want the workspace to apply.  If you however want to use the ‘out of box’ defaults always, add the -WX switch.

Windows Registry Editor Version 5.00







@=”Open with WinDbg x86 (Public)”

@=”\”C:\\Debuggers_x86\\windbg.exe\” -z \”%1\” -a myext.dll -y \”SRV*C:\\Symbols*\””

@=”Open with WinDbg x64 (Public)”

@=”\”C:\\Debuggers\\windbg.exe\” -z \”%1\” -a myext.dll -y \”SRV*C:\\Symbols*\””

WinDbg Support

I’ve always known that WinDbg had a -I (that’s a capital i) switch to set it as the (automatic) postmortem debugger. This follows in the Dr.Watson footsteps that has the same option. Of interest here, you can do this association twice on 64bit versions of Windows (running -I on the x86 and x64 debugger versions of WinDbg). By setting it twice, the x64 debugger is used for x64 failures (via the HKLM AeDebug key) and the x86 debugger is used for x86 failures (via the HKLM WOW64 AeDebug key).  (Handy for those architecture agnostic extension issues.)

  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AeDebug
  • HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\AeDebug

Note, there is no built-in way to revert the -I setting to the WER default.  Maarten van de Bospoort has posted about this previously.  You need to resort to a backup of the keys (i.e. export them prior to the running of WinDbg -I).

So what happened today to prompt me to write this post?

Today, I discovered that WinDbg can do file association too!  WinDbg.exe supports a -IA switch to register the file associations.  Both the -I and -IA options are both listed in the Debugger.chm file for the WinDbg command line topic; but the description is a little brief for -IA. 

So as to find out what -IA actually does, I recorded it’s execution with ProcMon. Running WinDbg.exe -IA elevated from c:\debuggers produces the following screenshot and ProcMon log file (lots of filtering has been applied).

8:21:12.7253212 PM windbg.exe 7140 RegOpenKey HKCR\.dmp SUCCESS Desired Access: Read, Maximum Allowed
8:21:12.7254430 PM windbg.exe 7140 RegCreateKey HKCR\.dmp SUCCESS Desired Access: All Access
8:21:12.7255690 PM windbg.exe 7140 RegQueryKey HKCR\.dmp SUCCESS Query: Name
8:21:12.7256082 PM windbg.exe 7140 RegQueryKey HKCR\.dmp SUCCESS Query: HandleTags, HandleTags: 0x0
8:21:12.7257391 PM windbg.exe 7140 RegSetValue HKCR\.dmp\(Default) SUCCESS Type: REG_SZ, Length: 36, Data: WinDbg.DumpFile.1
8:21:12.7265370 PM windbg.exe 7140 RegOpenKey HKCR\.hdmp SUCCESS Desired Access: Read, Maximum Allowed
8:21:12.7266420 PM windbg.exe 7140 RegCreateKey HKCR\.hdmp SUCCESS Desired Access: All Access
8:21:12.7275875 PM windbg.exe 7140 RegQueryKey HKCR\.hdmp SUCCESS Query: Name
8:21:12.7276288 PM windbg.exe 7140 RegQueryKey HKCR\.hdmp SUCCESS Query: HandleTags, HandleTags: 0x0
8:21:12.7277548 PM windbg.exe 7140 RegSetValue HKCR\.hdmp\(Default) SUCCESS Type: REG_SZ, Length: 36, Data: WinDbg.DumpFile.1
8:21:12.7282217 PM windbg.exe 7140 RegOpenKey HKCR\.mdmp SUCCESS Desired Access: Read, Maximum Allowed
8:21:12.7283812 PM windbg.exe 7140 RegCreateKey HKCR\.mdmp SUCCESS Desired Access: All Access
8:21:12.7284834 PM windbg.exe 7140 RegQueryKey HKCR\.mdmp SUCCESS Query: Name
8:21:12.7285233 PM windbg.exe 7140 RegQueryKey HKCR\.mdmp SUCCESS Query: HandleTags, HandleTags: 0x0
8:21:12.7286521 PM windbg.exe 7140 RegSetValue HKCR\.mdmp\(Default) SUCCESS Type: REG_SZ, Length: 36, Data: WinDbg.DumpFile.1
8:21:12.7291973 PM windbg.exe 7140 RegCreateKey HKCR\.kdmp SUCCESS Desired Access: All Access
8:21:12.7307581 PM windbg.exe 7140 RegQueryKey HKCR\.kdmp SUCCESS Query: Name
8:21:12.7307980 PM windbg.exe 7140 RegQueryKey HKCR\.kdmp SUCCESS Query: HandleTags, HandleTags: 0x0
8:21:12.7309261 PM windbg.exe 7140 RegSetValue HKCR\.kdmp\(Default) SUCCESS Type: REG_SZ, Length: 36, Data: WinDbg.DumpFile.1
8:21:12.7332358 PM windbg.exe 7140 RegCreateKey HKCR\WinDbg.DumpFile.1 SUCCESS Desired Access: All Access
8:21:12.7349016 PM windbg.exe 7140 RegQueryKey HKCR\WinDbg.DumpFile.1 SUCCESS Query: Name
8:21:12.7349436 PM windbg.exe 7140 RegQueryKey HKCR\WinDbg.DumpFile.1 SUCCESS Query: HandleTags, HandleTags: 0x0
8:21:12.7350913 PM windbg.exe 7140 RegSetValue HKCR\WinDbg.DumpFile.1\(Default) SUCCESS Type: REG_SZ, Length: 58, Data: WinDbg Post-Mortem Dump File
8:21:12.7373303 PM windbg.exe 7140 RegQueryKey HKCR\WinDbg.DumpFile.1 SUCCESS Query: Name
8:21:12.7373793 PM windbg.exe 7140 RegQueryKey HKCR\WinDbg.DumpFile.1 SUCCESS Query: HandleTags, HandleTags: 0x0
8:21:12.7377440 PM windbg.exe 7140 RegCreateKey HKCR\WinDbg.DumpFile.1\DefaultIcon SUCCESS Desired Access: All Access
8:21:12.7388456 PM windbg.exe 7140 RegQueryKey HKCR\WinDbg.DumpFile.1\DefaultIcon SUCCESS Query: Name
8:21:12.7388848 PM windbg.exe 7140 RegQueryKey HKCR\WinDbg.DumpFile.1\DefaultIcon SUCCESS Query: HandleTags, HandleTags: 0x0
8:21:12.7390150 PM windbg.exe 7140 RegSetValue HKCR\WinDbg.DumpFile.1\DefaultIcon\(Default) SUCCESS Type: REG_SZ, Length: 64, Data: “C:\debuggers\windbg.exe”,-3002
8:21:12.7467553 PM windbg.exe 7140 RegQueryKey HKCR\WinDbg.DumpFile.1 SUCCESS Query: Name
8:21:12.7474203 PM windbg.exe 7140 RegQueryKey HKCR\WinDbg.DumpFile.1 SUCCESS Query: HandleTags, HandleTags: 0x0
8:21:12.7477828 PM windbg.exe 7140 RegCreateKey HKCR\WinDbg.DumpFile.1\shell SUCCESS Desired Access: All Access
8:21:12.7511046 PM windbg.exe 7140 RegQueryKey HKCR\WinDbg.DumpFile.1\shell SUCCESS Query: Name
8:21:12.7511515 PM windbg.exe 7140 RegQueryKey HKCR\WinDbg.DumpFile.1\shell SUCCESS Query: HandleTags, HandleTags: 0x0
8:21:12.7513244 PM windbg.exe 7140 RegSetValue HKCR\WinDbg.DumpFile.1\shell\(Default) SUCCESS Type: REG_SZ, Length: 10, Data: Open
8:21:12.7540113 PM windbg.exe 7140 RegQueryKey HKCR\WinDbg.DumpFile.1\shell SUCCESS Query: Name
8:21:12.7540540 PM windbg.exe 7140 RegQueryKey HKCR\WinDbg.DumpFile.1\shell SUCCESS Query: HandleTags, HandleTags: 0x0
8:21:12.7544075 PM windbg.exe 7140 RegCreateKey HKCR\WinDbg.DumpFile.1\shell\Open SUCCESS Desired Access: All Access
8:21:12.7556393 PM windbg.exe 7140 RegQueryKey HKCR\WinDbg.DumpFile.1\shell\Open SUCCESS Query: Name
8:21:12.7556785 PM windbg.exe 7140 RegQueryKey HKCR\WinDbg.DumpFile.1\shell\Open SUCCESS Query: HandleTags, HandleTags: 0x0
8:21:12.7558143 PM windbg.exe 7140 RegSetValue HKCR\WinDbg.DumpFile.1\shell\Open\(Default) SUCCESS Type: REG_SZ, Length: 12, Data: &Open
8:21:12.7576306 PM windbg.exe 7140 RegQueryKey HKCR\WinDbg.DumpFile.1\shell\Open SUCCESS Query: Name
8:21:12.7576775 PM windbg.exe 7140 RegQueryKey HKCR\WinDbg.DumpFile.1\shell\Open SUCCESS Query: HandleTags, HandleTags: 0x0
8:21:12.7580456 PM windbg.exe 7140 RegCreateKey HKCR\WinDbg.DumpFile.1\shell\Open\command SUCCESS Desired Access: All Access
8:21:12.7592768 PM windbg.exe 7140 RegQueryKey HKCR\WinDbg.DumpFile.1\shell\Open\command SUCCESS Query: Name
8:21:12.7593167 PM windbg.exe 7140 RegQueryKey HKCR\WinDbg.DumpFile.1\shell\Open\command SUCCESS Query: HandleTags, HandleTags: 0x0
8:21:12.7594629 PM windbg.exe 7140 RegSetValue HKCR\WinDbg.DumpFile.1\shell\Open\command\(Default) SUCCESS Type: REG_SZ, Length: 68, Data: “C:\debuggers\windbg.exe” -z “%1”
8:21:12.7630360 PM windbg.exe 7140 RegCreateKey HKCR\.wew SUCCESS Desired Access: All Access
8:21:12.7641811 PM windbg.exe 7140 RegQueryKey HKCR\.wew SUCCESS Query: Name
8:21:12.7642168 PM windbg.exe 7140 RegQueryKey HKCR\.wew SUCCESS Query: HandleTags, HandleTags: 0x0
8:21:12.7644407 PM windbg.exe 7140 RegSetValue HKCR\.wew\(Default) SUCCESS Type: REG_SZ, Length: 38, Data: WinDbg.Workspace.1
8:21:12.7677107 PM windbg.exe 7140 RegCreateKey HKCR\WinDbg.Workspace.1 SUCCESS Desired Access: All Access
8:21:12.7688110 PM windbg.exe 7140 RegQueryKey HKCR\WinDbg.Workspace.1 SUCCESS Query: Name
8:21:12.7688488 PM windbg.exe 7140 RegQueryKey HKCR\WinDbg.Workspace.1 SUCCESS Query: HandleTags, HandleTags: 0x0
8:21:12.7690853 PM windbg.exe 7140 RegSetValue HKCR\WinDbg.Workspace.1\(Default) SUCCESS Type: REG_SZ, Length: 44, Data: WinDbg Workspace File
8:21:12.7708855 PM windbg.exe 7140 RegQueryKey HKCR\WinDbg.Workspace.1 SUCCESS Query: Name
8:21:12.7709275 PM windbg.exe 7140 RegQueryKey HKCR\WinDbg.Workspace.1 SUCCESS Query: HandleTags, HandleTags: 0x0
8:21:12.7712446 PM windbg.exe 7140 RegCreateKey HKCR\WinDbg.Workspace.1\DefaultIcon SUCCESS Desired Access: All Access
8:21:12.7722720 PM windbg.exe 7140 RegQueryKey HKCR\WinDbg.Workspace.1\DefaultIcon SUCCESS Query: Name
8:21:12.7723098 PM windbg.exe 7140 RegQueryKey HKCR\WinDbg.Workspace.1\DefaultIcon SUCCESS Query: HandleTags, HandleTags: 0x0
8:21:12.7724169 PM windbg.exe 7140 RegSetValue HKCR\WinDbg.Workspace.1\DefaultIcon\(Default) SUCCESS Type: REG_SZ, Length: 64, Data: “C:\debuggers\windbg.exe”,-3002
8:21:12.7742535 PM windbg.exe 7140 RegQueryKey HKCR\WinDbg.Workspace.1 SUCCESS Query: Name
8:21:12.7742990 PM windbg.exe 7140 RegQueryKey HKCR\WinDbg.Workspace.1 SUCCESS Query: HandleTags, HandleTags: 0x0
8:21:12.7746364 PM windbg.exe 7140 RegCreateKey HKCR\WinDbg.Workspace.1\shell SUCCESS Desired Access: All Access
8:21:12.7784159 PM windbg.exe 7140 RegQueryKey HKCR\WinDbg.Workspace.1\shell SUCCESS Query: Name
8:21:12.7784565 PM windbg.exe 7140 RegQueryKey HKCR\WinDbg.Workspace.1\shell SUCCESS Query: HandleTags, HandleTags: 0x0
8:21:12.7785895 PM windbg.exe 7140 RegSetValue HKCR\WinDbg.Workspace.1\shell\(Default) SUCCESS Type: REG_SZ, Length: 10, Data: Open
8:21:12.7806080 PM windbg.exe 7140 RegQueryKey HKCR\WinDbg.Workspace.1\shell SUCCESS Query: Name
8:21:12.7806528 PM windbg.exe 7140 RegQueryKey HKCR\WinDbg.Workspace.1\shell SUCCESS Query: HandleTags, HandleTags: 0x0
8:21:12.7809825 PM windbg.exe 7140 RegCreateKey HKCR\WinDbg.Workspace.1\shell\Open SUCCESS Desired Access: All Access
8:21:12.7821576 PM windbg.exe 7140 RegQueryKey HKCR\WinDbg.Workspace.1\shell\Open SUCCESS Query: Name
8:21:12.7821933 PM windbg.exe 7140 RegQueryKey HKCR\WinDbg.Workspace.1\shell\Open SUCCESS Query: HandleTags, HandleTags: 0x0
8:21:12.7823025 PM windbg.exe 7140 RegSetValue HKCR\WinDbg.Workspace.1\shell\Open\(Default) SUCCESS Type: REG_SZ, Length: 12, Data: &Open
8:21:12.7840075 PM windbg.exe 7140 RegQueryKey HKCR\WinDbg.Workspace.1\shell\Open SUCCESS Query: Name
8:21:12.7840460 PM windbg.exe 7140 RegQueryKey HKCR\WinDbg.Workspace.1\shell\Open SUCCESS Query: HandleTags, HandleTags: 0x0
8:21:12.7856271 PM windbg.exe 7140 RegCreateKey HKCR\WinDbg.Workspace.1\shell\Open\command SUCCESS Desired Access: All Access
8:21:12.7869639 PM windbg.exe 7140 RegQueryKey HKCR\WinDbg.Workspace.1\shell\Open\command SUCCESS Query: Name
8:21:12.7870052 PM windbg.exe 7140 RegQueryKey HKCR\WinDbg.Workspace.1\shell\Open\command SUCCESS Query: HandleTags, HandleTags: 0x0
8:21:12.7871508 PM windbg.exe 7140 RegSetValue HKCR\WinDbg.Workspace.1\shell\Open\command\(Default) SUCCESS Type: REG_SZ, Length: 70, Data: “C:\debuggers\windbg.exe” -WF “%1”

The context menu registered using the same technique as my regsitry file – it uses shell commands in the HKCR hive.

The dump associations aren’t as useful as my registry file as only one debugger is supported and it skips *.ini files, but it does however associate the workspace files. I’ve personally never opened a workspace, but if you have, this might be a good thing to have.

So what will I be doing on my systems from now on?

I’ll be running WinDbg.exe -IA against my x64 debugger, I’ll then run WinDbg.exe -I against the x64 and x86 debugger, and then I’ll run my registry script to give me more flexibility (and file type support) in the way that dumps are loaded.

BTW, if after doing this you find that you aren’t getting the context menu, the odds are that you have a ‘Open With…’ file association in your HKCU hive. Find the .dmp key and delete it to revert to the global HKCR configuration.

Note, if you have no intention of debugging the AeDebug dumps, you are much better off leaving WER as the postmortem debugger (i.e. don’t run -I) and sending the issue to Microsoft for analysis. Its the best way of getting the issue fixed. 


Comments (4)

  1. What a great post!! Let me just add that I hit the current user "Open with…" file association issue and solved it as you suggested, Andrew. In case somebody else hits it, the key I deleted was HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.dmp.

  2. @MrOliv:  Thanks for the post.

  3. Good Post.

    On Windows 8, I had to set windbg as the default program to get this working. The IA switch didn't register windbg as the default application irrespective of multiple attempts.

    I also had VS 2010 and 2012, if that affects this.

  4. Check out this Defrag Tools episode.  I just used the registry file on a new box last night and it works perfectly.  This may indeed be a VS2012 induced issue….…/Defrag-Tools-13-WinDbg