I have been late to the game with adopting GenAI into my workflow, but we are at full steam now. I have slowly been adding it into my daily routines to see where I can gain efficiency leveraging this new tech. One of the big areas I am playing with right now is for writing Windows based CTF challenges, and now in the past few days, seeing how I can leverage GenAI for writing POCs for these new challenges. In this post we are going to walk through my initial setup for using the WinDbg EXT MCP to control a windbg instance that has the extension I wrote a long time ago, WEDP (Windows Exploit Development Plugin), to improve the process of going from crash to POC.

Up front, I will probably try to update this over time as I improve this setup. The current set up is very simple and needs some adjusting. I have just began dabbling with MCP servers, so I will not go into details on what they are other than they allow you to connect GenAI to other tools.

My Environment

The below is the setup I was using for this iteration:

• Windows 11 Pro
• Visual Studio 2026 (most recent as of Feb 2026)
• Python 3.14
• WinDbg (installed from MS Store)
• WinDbg EXT MCP (commit hash: 49ec16224fad7428ca2e80608dd656b683c70a0c)
• WEDP (Windows Exploit Development Plugin)
• Gemini CLI (I am using a paid subscription)

Setup

This section is going to go through setting up the MCP server and getting it to interact with windbg and wedp. I assume you have Visual Studio, python, windbg and whatever GenAI platform your using.

MCP Server

WinDbg EXT MCP

First things first, we will build and install the MCP server. This MCP server consists of 2 components, a native windbg extension and a python MCP server. You should be able to follow along with the install instructions in the repo, but I will add on some additional steps I used to make life a little easier. Lets set up our native extension first.

Native Extension

• Build the extension as described in the repo, you may need to re-target the solution depending on the version of VS you are using
• I like to create a dedicated directory for user windbg extensions and would recommend the same. If you do use this method, you should also set the _NT_DEBUGGER_EXTENSION_PATH environment variable to point to your extension directory so that you can load extensions from it without having to use a full path.
• If you followed the above you can open WinDbg, load an exe and run .load windbgmcpExt to make sure it loads. You should see the following output:

MCP server started on pipe: \\.\pipe\windbgmcp
MCPServer: Waiting for client connection on \\.\pipe\windbgmcp

Python MCP Server

• To install, you should just follow the instructions on the repo. As a note, I install poetry using pipx.
• Using python 3.14 I had to update a few modules to make this work

poetry add pywin32@latest fastmcp@latest
poetry install

• Now the selftest and mcp commands should work

Gemini CLI Configuration

If your not using Gemini, this will be different and the MCP server has a script to install into the config of several of the other major GenAI tools.

• In your gemini config file, at C:\users\<USER>\.gemini\settings.json add the following block into the mcpServers key. Create the key if it does note exist.

"windbg-mcp": {
    "command": "<ABSOLUTE PATH TO POETRY.EXE>", 
    "args": [ "run", "mcp" ],
    "cwd": "<ABSOLUTE PATH>\\windbg-ext-mcp",
    "env": {
        "DEBUG": "false"
    }
    "trust": true
}

• Start a fresh gemini session and you should be able to run /mcp list and get a list of tools and a nice green bubble next to windbg-mcp

WEDP

If you followed the steps in the Native Extension simply download the most recent release of WEDP from the releases page and drop it in the windbg extension directory you created.

Run Commands

Once you are all set up and in your gemini session you can prompt to load wedp.

load the wedp windbg extension, it is already in the .extpath

Once its loaded you can ask it fun questions. There are issues with the size of output you get from some commands, which is where some of the next steps will help, but here is an example command:

 what protections are enabled on the main binary?

 ✦ The main binary, agentactivationruntimestarter.exe, has the following protections enabled:


   * ASLR (Address Space Layout Randomization): True
   * DEP (Data Execution Prevention): True
   * CFG (Control Flow Guard): True
   * SafeSEH: False (Note: SafeSEH is an x86 protection; as this is an x64 binary, it uses exception handling tables
     instead).
   * Rebased: True


  All modern mitigations are active for this binary.

Next Steps

• Generate a system prompt to provide better context into how to use WEDP.
• Add an MCP server into WEDP and adjust output to take up less tokens and be more machine readable.
• Re-visit WEDP and see what additional stuff would be helpful for this guided productization process.

Conclusion

This is the bare minimum setup and the next step I am taking is working out a better GEMINI.md file that will guide Gemini in how to use wedp more efficiently. The primary issues now are that wedp outputs a lot of information, so we need to make sure Gemini knows that it should output all data to a file that it can then ingest and not try to pass all the data through the MCP. This has also got me thinking about just updating WEDP to natively have an MCP server you can turn on and make the output more machine readable. Anyway, have fun with this and if you come up with a good system prompt for this let me know!