X64Dbg

v1.0.0Securitystable

MCP server plugin for x64dbg debugger - enables AI agents and external tools to control debugging via JSON-RPC 2.0 over HTTP/SSE;Develop with cursor/windsurf

ai-debuggingbinary-analysisclaudecppdebugger
Share:
136
Stars
0
Downloads
0
Weekly
0/5

What is X64Dbg?

X64Dbg is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to mcp server plugin for x64dbg debugger - enables ai agents and external tools to control debugging via json-rpc 2.0 over http/sse;develop with cursor/windsurf

MCP server plugin for x64dbg debugger - enables AI agents and external tools to control debugging via JSON-RPC 2.0 over HTTP/SSE;Develop with cursor/windsurf

This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.

Features

  • MCP server plugin for x64dbg debugger - enables AI agents an

Use Cases

Control x64dbg debugger remotely for binary analysis and debugging.
Enable AI agents to analyze malware and perform reverse engineering tasks.
SetsunaYukiOvO

Maintainer

LicenseMIT
Languagec++
Versionv1.0.0
UpdatedMay 22, 2026
Statushealthy
Maintenanceactive

Works with

ClaudeOpenAIwindowsmacoslinux

Installation

Manual Installation

npx x64dbg

Configuration

Configuration Details

Config File

claude_desktop_config.json

Performance

Response Metrics

Response Time< 200ms
ThroughputMedium

Resource Usage

Memory UsageLow
CPU UsageLow

How to Set Up and Use X64Dbg

The x64dbg MCP server is a native C++ plugin for the x64dbg debugger that exposes a JSON-RPC 2.0 API over HTTP and Server-Sent Events, enabling AI agents and external tools to remotely control every aspect of a debugging session. It provides 79 tools spanning debug control, register and memory read/write, breakpoint management, disassembly, symbol resolution, thread control, stack analysis, expression evaluation, cross-reference lookup, function analysis, patching, and packer/OEP detection. Security researchers and malware analysts use it to connect AI assistants like Claude or Cursor to live x64dbg sessions for AI-assisted reverse engineering and binary analysis.

Prerequisites

  • x64dbg installed on Windows (download from x64dbg.com)
  • Visual Studio 2022 or the pre-built plugin DLL files from the repository releases
  • An MCP-compatible client configured to reach the HTTP/SSE endpoint (Claude Desktop, Cursor, Windsurf)
  • Windows operating system (x64dbg is Windows-only)
1

Obtain the plugin binaries

Download the pre-built plugin files from the GitHub releases page, or build from source using Visual Studio 2022 with vcpkg. You will need x64dbg_mcp.dp64 for 64-bit targets and x32dbg_mcp.dp32 for 32-bit targets.

# Build from source (requires Visual Studio 2022 and vcpkg):
git clone https://github.com/SetsunaYukiOvO/x64dbg-mcp.git
cd x64dbg-mcp
# Open x64dbg_mcp.sln in Visual Studio and build in Release mode
2

Install the plugin into x64dbg

Copy the compiled plugin files into the x64dbg plugins directories. Restart x64dbg after copying to load the plugin.

copy dist\x64dbg_mcp.dp64 <x64dbg-install-path>\x64\plugins\
copy dist\x32dbg_mcp.dp32 <x64dbg-install-path>\x32\plugins\
3

Configure the plugin (optional)

The plugin creates a configuration file in the plugin directory on first run. Edit it to change the bind address, port, and security permissions. By default the server listens on 127.0.0.1:3000.

{
  "version": "1.0.8",
  "server": {
    "address": "127.0.0.1",
    "port": 3000
  },
  "permissions": {
    "allow_memory_write": false,
    "allow_register_write": false,
    "allow_script_execution": false,
    "allow_breakpoint_modification": true
  }
}
4

Add the MCP server to your AI client configuration

Configure your MCP client to connect to the x64dbg MCP server endpoint. Since this is an HTTP/SSE server rather than a stdio process, use the url field.

{
  "mcpServers": {
    "x64dbg": {
      "url": "http://127.0.0.1:3000/sse"
    }
  }
}
5

Open a binary in x64dbg and begin analysis

Load a target executable in x64dbg and run it to a stopped state. Your AI client can now issue debugging commands through the MCP interface.

X64Dbg Examples

Client configuration

claude_desktop_config.json entry for the x64dbg MCP server connecting to the local HTTP/SSE endpoint.

{
  "mcpServers": {
    "x64dbg": {
      "url": "http://127.0.0.1:3000/sse"
    }
  }
}

Prompts to try

Example prompts for AI-assisted reverse engineering and malware analysis using x64dbg MCP tools.

- "Read the memory at the entry point address and disassemble the first 50 instructions."
- "List all imported functions for the loaded module and identify any suspicious network-related APIs."
- "Set a breakpoint at the address of VirtualAlloc and tell me when it is hit and what size is being allocated."
- "Get the current values of all general-purpose registers and explain what the function is likely doing."
- "Search memory for the byte pattern 'E8 ?? ?? ?? ??' to find all CALL instructions in the .text section."
- "Check if this binary has any known packer signatures and attempt OEP detection."

Troubleshooting X64Dbg

The plugin does not load after copying and restarting x64dbg

Ensure you copied the correct architecture: dp64 goes into the x64\plugins directory for 64-bit x64dbg, and dp32 goes into x32\plugins for 32-bit x32dbg. Check the x64dbg log pane on startup for plugin load error messages.

Connection refused when the MCP client tries to reach http://127.0.0.1:3000

The HTTP server only starts when a binary is loaded and x64dbg is running with the plugin active. Ensure x64dbg is open and the plugin loaded successfully. Check the plugin configuration file to confirm the address and port match what your client is connecting to.

Memory write or register write operations are refused

These operations are disabled by default for safety. Edit the plugin configuration file and set allow_memory_write and/or allow_register_write to true, then restart x64dbg. Enable these only in controlled analysis environments.

Frequently Asked Questions about X64Dbg

What is X64Dbg?

X64Dbg is a Model Context Protocol (MCP) server that mcp server plugin for x64dbg debugger - enables ai agents and external tools to control debugging via json-rpc 2.0 over http/sse;develop with cursor/windsurf It connects AI assistants to external tools and data sources through a standardized interface.

How do I install X64Dbg?

Follow the installation instructions on the X64Dbg GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.

Which AI clients work with X64Dbg?

X64Dbg works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.

Is X64Dbg free to use?

Yes, X64Dbg is open source and available under the MIT license. You can use it freely in both personal and commercial projects.

X64Dbg Alternatives — Similar Security Servers

Looking for alternatives to X64Dbg? Here are other popular security servers you can use with Claude, Cursor, and VS Code.

Casdoor

13.6k

An open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD

ghidraMCP

9.0k

An Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through

HexStrike AI

8.9k

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b

IDA Pro MCP

8.7k

Enables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.

Anthropic Cybersecurity Skills

6.6k

754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform

Hooker

5.1k

🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u

Browse More Security MCP Servers

Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.

Quick Config Preview

{ "mcpServers": { "x64dbg": { "command": "npx", "args": ["-y", "x64dbg"] } } }

Add this to your claude_desktop_config.json or .cursor/mcp.json

Read the full setup guide →

Ready to use X64Dbg?

Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.

33,000+ ServersFree & Open SourceStep-by-Step Guides