The public download link for the “MEX” extension is:
https://www.microsoft.com/en-us/download/details.aspx?id=53304
However, based on some experiences with customers who have had Microsoft analyze kernel memory dump files, it appears that Microsoft is using a much newer version of the extension than what is available for download. This has lead to some problems with analysis efforts and coming up with comparable results since the newer build that MS is using has additional commands in it that aren’t otherwise available to me.
Does anybody here have access to the version of the extension that Microsoft is using that could be shared?
Also, there is another extension that I’ve observed being used by Microsoft, which provides a “!tc” (not the built-in “tc” trace continue command), which provides an enhanced stack trace with more comprehensive function call parameter decoding. Again, there doesn’t appear to be any publicly available source for this extension.