Today we are releasing CrashCatch Analyze v1.0.0. It is free to download and use with no license key, no account, no usage limits, and no expiry date.
We shipped a beta last March to validate the core analysis workflow. Engineers sent us dumps. They used Engineer Mode on their own crashes. Several told us they found bugs they had been chasing for weeks. That was the signal we needed. The product is ready, and the right move is to remove every friction point between a developer and their first useful crash analysis.
What changed from v0.3.0-beta
The headline is the model change: every feature, including Engineer Mode, Explain Mode, batch analysis, PDF export, and crash comparison, is free. No tier. No key. No expiry.
Beyond that, v1.0.0 is a security hardening release.
Malicious dump protection
A crash dump is a raw snapshot of process memory. If an attacker can convince you to open a crafted .dmp file, they can attempt to exploit the parser. This is not theoretical: over the years, vulnerabilities have been found in WinDbg, in DbgHelp, and in several third-party crash analysis tools.
CrashCatch v1.0.0 enforces two gates before any dump is parsed:
- Magic byte validation — the file must begin with the MDMP signature. Files that do not match are rejected immediately, before any parsing begins.
- 500 MB size cap — legitimate minidumps are almost never this large. Files above the cap are refused. This prevents memory exhaustion attacks that abuse the parser's allocation path.
Neither check requires network access. Both run locally, synchronously, before the Rust analysis engine sees a single byte of the file.
UNC path blocking
Symbol paths in CrashCatch can point to local directories where your PDB files live. In previous versions, nothing prevented you from pointing a symbol path at a UNC network share (\\server\share\symbols).
This matters because of how Windows resolves UNC paths. When CrashCatch attempts to load a PDB from a UNC path, Windows sends an NTLM authentication request to the server at that address. An attacker who controls a .dmp file can craft it to include a module whose PDB path points to a server they control. When you open the dump, your machine authenticates to that server, leaking your NTLM hash.
v1.0.0 blocks UNC paths at the settings level. You cannot configure a symbol path that begins with \\. The block happens before any network traffic is initiated.
Key-safe settings export
CrashCatch lets you export your configuration as a JSON file and import it on another machine. Before v1.0.0, this export included your Anthropic API key if one was configured.
Sharing a settings file with a teammate or posting it in a repo would accidentally leak that key. The v1.0.0 export intentionally omits all credential fields. API keys and license keys are never written to the exported file. If you import settings that were exported before this version, any key fields in the file are ignored.
What is not changing
The analysis is still fully local. Crash dumps never leave your machine unless you explicitly choose to share them. Engineer Mode is still a deterministic Rust engine with no API key and no network. Explain Mode still requires an Anthropic API key and internet connection. None of that changed.
Cloud team features — aggregation, dashboards, regression tracking, team collaboration — are still coming as an optional subscription tier. The desktop app will always be complete without it.
Download
v1.0.0 is available now. Windows 10/11 x64. The installer is not yet code-signed, so Windows SmartScreen will show a warning on first run. Click "More info" then "Run anyway".
If you run into anything, open an issue. All feedback is read.