x64DbgMCPServer

abbasdivian/x64DbgMCPServer

3.1

If you are the rightful owner of x64DbgMCPServer and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to henry@mcphub.com.

The X64Dbg MCP Server is a plugin designed to facilitate remote and programmatic interaction with the x64dbg debugger through a lightweight HTTP interface.

X64Dbg MCP Server (plugin)

This project is a starting point for building an MCP (Memory Command Protocol) server plugin for x96/x64/x32dbg https://github.com/x64dbg/x64dbg/ using C# on the classic Windows-only .NET Framework platform (No ASP.NET Core hosting required).

The plugin acts as a lightweight HTTP interface bridge between an MCP client and the debugger, allowing you to have an LLM MCP client interactively send commands to inspect memory, disassemble, query registers, manipulate labels/comments, and more—all remotely and programmatically.

On top of essential bindings to the x64dbg debugger engine, this template offers a clean project structure, a built-in command system, and a simple HTTP listener that exposes your commands through a text-based API.

X64Dbg MCP Client - Need a client to sample?

mcp-csharp-sdk-client.zip

Open the project Edit line 590 in Program.cs and enter your GeminiAI key from Google Cloud API. Edit line 615 in Program.cs and enter in your MCP Server IP: Location = "http://192.168.x.x:3001/sse", Open your x96 debugger, your logs should reflect that the server automatically loaded. To interact with the server by hand instead of using the AI, uncomment line 634 and comment out line 635. Hit start debug on the client and the AI should automatically execute the Prompt located on line 434 (Program.cs)

image

Access the latest sample client to use as a starting point of integration with this project: https://github.com/AgentSmithers/mcp-csharp-sdk-client/

Features

✅ Self-hosted HTTP command interface (no ASP.NET Core required) ✅ Lightweight, zero-dependency binary deployment ✅ Modular commands with parameter mapping ✅ Direct interaction with registers, memory, threads, disassembly ✅ Bi-directional AI/LLM command support ✅ Plugin reload without restarting x64dbg ✅ Expression function and menu extension support

Sample Conversations:

AI Tasked with loading a file, counting the internal modules and begin labeling important material functions.

https://github.com/AgentSmithers/x64DbgMCPServer/blob/master/Sample1

Singleshot Speedhack identification

https://github.com/AgentSmithers/x64DbgMCPServer/blob/master/Sample2

Prerequisites

To build and run this project, you'll need: Visual Studio Build Tools (2019 v16.7 or later) .NET Framework 4.7.2 SDK

Getting Started

Clone or fork the project: git clone https://github.com/AgentSmithers/x64DbgMCPServer

Open the solution and build.

copy the files (x64DbgMCPServer\bin\x64\Debug) into the x64DBG plugin (x96\release\x64\plugins\x64DbgMCPServer) folder to run image

Sample Debug log when loaded

image

Start the Debugger, goto plugins -> Click "Start MCP Server"

Connect to it with your prefered MCP Client on port 3001 via SSE.

Sample Commands

I’ve validated several commands already and they are working wonders. I’m especially excited to be using this system to explore how AI-assisted reverse engineering could streamline security workflows. Once the MCP server is running (via the plugin menu in x64dbg), you can issue commands like:

ExecuteDebuggerCommand command=init C:\InjectGetTickCount\InjectSpeed.exe
ExecuteDebuggerCommand command="AddFavouriteCommand Log s, NameOfCmd"
ReadDismAtAddress addressStr=0x000000014000153f, byteCount=5
ReadMemAtAddress addressStr=00007FFA1AC81000, byteCount=5
WriteMemToAddress addressStr=0x000000014000153f, byteString=90 90 90 90 90 90
CommentOrLabelAtAddress addressStr=0x000000014000153f, value=Test, mode=Comment
CommentOrLabelAtAddress addressStr=0x000000014000153f, value=
GetAllRegisters
GetLabel addressStr=0x000000014000153f
GetAllActiveThreads
GetAllModulesFromMemMap
GetCallStack
These commands return JSON or text-formatted output that’s suitable for ingestion by AI models or integration scripts. Example:

image image

Debugging

DotNetPlugin.Impl contains the following within the project build post commands. Update it to reflect the corret path to x64dbg for faster debugging: xcopy /Y /I "$(TargetDir)." "C:\Users\User\Desktop\x96\release\x64\plugins\x64DbgMCPServer" C:\Users\User\Desktop\x96\release\x64\x64dbg.exe

Actively working on implementing several functions

Not every command is fully implemented althrough I am actively working on getting this project moving to support full stack, thread and module dumps for the AI to query.

How It Works

The MCP server runs a simple HTTP listener and routes incoming commands to C# methods marked with the [Command] attribute. These methods can perform any logic (e.g., memory reads, disassembly, setting breakpoints) and return data in a structured format back to a MCP client.

Known Issues

ExecuteDebuggerCommand always returns true as it pertains to the comment successfully being execute and not the results of the actual command.

Special thanks

⚡ With the help of DotNetPluginCS by Adams85. That and roughly ~20 hours of focused coding, MCP Protocol review resulted in a decent proof-of-concept self-contained HTTP MCP server plugin for x64dbg.

Integration Notes

One of the most satisfying aspects of this project was overcoming the challenge of building an HTTP server entirely self-contained — no Kestrel, no ASP.NET, just raw HttpListener powering your reverse engineering automation.

I plan to continue improving this codebase as part of my journey into AI-assisted analysis, implementation security, and automation tooling.

If you'd like help creating your own integration, extending this plugin, or discussing potential use cases — feel free to reach out (see contact info in the repo or my profile). I’m eager to collaborate and learn with others exploring this space.

💻 Let’s reverse engineer smarter. Not harder.

Cheers 🎉