X64Dbg
STDIOMCP server plugin for x64dbg debugger enabling AI-assisted reverse engineering and remote debugging automation
MCP server plugin for x64dbg debugger enabling AI-assisted reverse engineering and remote debugging automation
This project is a starting point for building an MCP (Memory Command Protocol) server plugin for x96/x64/x32dbg https://github.com/x64dbg/x64dbg/ using C# on the classic Windows-only .NET Framework platform (No ASP.NET Core hosting required).
The plugin acts as a lightweight HTTP interface bridge between an MCP client and the debugger, allowing you to have an LLM MCP client interactively send commands to inspect memory, disassemble, query registers, manipulate labels/comments, and more—all remotely and programmatically.
On top of essential bindings to the x64dbg debugger engine, this template offers a clean project structure, a built-in command system, and a simple HTTP listener that exposes your commands through a text-based API.
Cursor Connection:
{ "mcpServers": { "AgentSmithers X64Dbg MCP Server": { "url": "http://127.0.0.1:3001/sse" } } }
Claude Configuration Connection:
{
"mcpServers": {
"x64Dbg": {
"command": "C:\\MCPProxy-STDIO-to-SSE.exe",
"args": ["http://localhost:3001"]
}
}
}
Claude Configuration Connection:
{
"mcpServers": {
"AgentSmithers x64Dbg STDIO<->SSE": {
"command": "C:\\MCPProxy-STDIO-to-SSE.exe",
"args": ["http://localhost:3001"]
}
}
}
Known: Context deadline exceeded (timeout) issue with directly using SSE.
https://github.com/AgentSmithers/x64DbgMCPServer/blob/master/Sample1
https://github.com/AgentSmithers/x64DbgMCPServer/blob/master/Sample2
To build and run this project, you'll need:
Clone or fork the project: git clone https://github.com/AgentSmithers/x64DbgMCPServer
Download DLlExport.bat and place it in the root folder of the project. Then, run the DllExport.bat.
In the DllExport GUI,
Installed checkbox.System.Runtime.InteropServices.x64 or x86).Open the solution and build.
📌 Tip: If you see x64DbgMCPServer.dll in the output folder, rename it to x64DbgMCPServer.dp64 so that x64dbg can load the plugin.
copy the files (x64DbgMCPServer\bin\x64\Debug) into the x64DBG plugin (x96\release\x64\plugins\x64DbgMCPServer) folder to run
Sample Debug log when loaded
Start the Debugger, goto plugins -> Click "Start MCP Server"
Connect to it with your prefered MCP Client on port 3001 via SSE.
Access the latest sample client to use as a starting point of integration with this project: https://github.com/AgentSmithers/mcp-csharp-sdk-client/
I’ve validated several commands already and they are working wonders. I’m especially excited to be using this system to explore how AI-assisted reverse engineering could streamline security workflows. Once the MCP server is running (via the plugin menu in x64dbg), you can issue commands like:
ExecuteDebuggerCommand command=init C:\InjectGetTickCount\InjectSpeed.exe
ExecuteDebuggerCommand command="AddFavouriteCommand Log s, NameOfCmd"
ReadDismAtAddress addressStr=0x000000014000153f, byteCount=5
ReadMemAtAddress addressStr=00007FFA1AC81000, byteCount=5
WriteMemToAddress addressStr=0x000000014000153f, byteString=90 90 90 90 90 90
CommentOrLabelAtAddress addressStr=0x000000014000153f, value=Test, mode=Comment
CommentOrLabelAtAddress addressStr=0x000000014000153f, value=
GetAllRegisters
GetLabel addressStr=0x000000014000153f
GetAllActiveThreads
GetAllModulesFromMemMap
GetCallStack
These commands return JSON or text-formatted output that’s suitable for ingestion by AI models or integration scripts. Example:
DotNetPlugin.Impl contains the following within the project build post commands. Update it to reflect the corret path to x64dbg for faster debugging. Upon rebuilding X64Dbg will autoload the new plugin and you can reattach to the X64Dbg instance if needed.
xcopy /Y /I "$(TargetDir)*.*" "C:\Users\User\Desktop\x96\release\x64\plugins\x64DbgMCPServer"
C:\Users\User\Desktop\x96\release\x64\x64dbg.exe
Not every command is fully implemented althrough I am actively working on getting this project moving to support full stack, thread and module dumps for the AI to query.
The MCP server runs a simple HTTP listener and routes incoming commands to C# methods marked with the [Command] attribute. These methods can perform any logic (e.g., memory reads, disassembly, setting breakpoints) and return data in a structured format back to a MCP client.
ExecuteDebuggerCommand always returns true as it pertains to the comment successfully being execute and not the results of the actual command. Currently the already compiled version is set to listen on all IP's on port 3001 thus requiring Administrative privileges. Future releases will look to detect this and will listen only on 127.0.0.1 so it may be used without administrative privileges.
⚡ With the help of DotNetPluginCS by Adams85. That and roughly ~20 hours of focused coding, MCP Protocol review resulted in a decent proof-of-concept self-contained HTTP MCP server plugin for x64dbg.
One of the most satisfying aspects of this project was overcoming the challenge of building an HTTP server entirely self-contained — no Kestrel, no ASP.NET, just raw HttpListener powering your reverse engineering automation.
I plan to continue improving this codebase as part of my journey into AI-assisted analysis, implementation security, and automation tooling.
If you'd like help creating your own integration, extending this plugin, or discussing potential use cases — feel free to reach out (see contact info in the repo or my profile). I’m eager to collaborate and learn with others exploring this space.
💻 Let’s reverse engineer smarter. Not harder.
Cheers 🎉