chichicaste/dnSpy.MCP.Server

dnSpy MCP Server

A Model Context Protocol (MCP) server embedded in dnSpy that exposes full .NET assembly analysis, editing, debugging, memory-dump, and deobfuscation capabilities to any MCP-compatible AI assistant.

Version: 1.7.0 | Tools: 98 | Status: beta2 | Targets: .NET 4.8 + .NET 10.0-windows

Table of Contents

1. Features
2. Build & Install
3. Client Configuration
4. Tool Reference
   • Assembly Tools
   • Type & Member Tools
   • Method & Decompilation Tools
   • IL Tools
   • Analysis & Cross-Reference Tools
   • Edit Tools
   • Embedded Resource Tools
   • Debug Tools
   • Memory Dump & PE Tools
   • Static PE Analysis
   • Deobfuscation Tools
   • Window / Dialog Tools
   • Utility
5. Pattern Syntax
6. Pagination
7. Usage Examples
8. Architecture
9. Project Structure
10. Configuration
11. Troubleshooting

Features

Build & Install

Prerequisites

de4dot integration — de4dot libraries are bundled in libs/de4dot/ (net48) and libs/de4dot-net8/ (net8/net10). No external dependencies required; all deobfuscation tools are available in both build targets.

Clone & Restore

git clone https://github.com/dnSpyEx/dnSpy --recursive
cd dnSpy

Build commands

# Build only the MCP Server extension (Debug)
dotnet build Extensions/dnSpy.MCP.Server/dnSpy.MCP.Server.csproj -c Debug

# Build only the MCP Server extension (Release)
dotnet build Extensions/dnSpy.MCP.Server/dnSpy.MCP.Server.csproj -c Release

# Build the full dnSpy solution (both targets)
dotnet build dnSpy.sln -c Debug

# Build for a specific target framework only
dotnet build Extensions/dnSpy.MCP.Server/dnSpy.MCP.Server.csproj -c Release -f net10.0-windows
dotnet build Extensions/dnSpy.MCP.Server/dnSpy.MCP.Server.csproj -c Release -f net48

# Restore NuGet packages without building
dotnet restore Extensions/dnSpy.MCP.Server/dnSpy.MCP.Server.csproj

# Clean build artifacts
dotnet clean Extensions/dnSpy.MCP.Server/dnSpy.MCP.Server.csproj

Output locations

The MCP Server DLL is output directly into dnSpy's bin directory so it loads automatically when you start dnSpy.

Verify the build

# Check for errors (expects "Compilación correcta" or "Build succeeded")
dotnet build Extensions/dnSpy.MCP.Server/dnSpy.MCP.Server.csproj -c Release --nologo 2>&1 | tail -5

Runtime

1. Start dnSpy — the MCP server starts automatically on http://localhost:3100
2. Verify it is running:

   curl http://localhost:3100/health
   curl -N --max-time 3 http://localhost:3100/sse   # should print event: endpoint
   

3. Configure your MCP client (see next section)

Client Configuration

The server implements the MCP SSE transport (spec version 2024-11-05). On connect the server sends an event: endpoint with the per-session POST URL; responses are pushed back over the SSE stream.

Claude Code (CLI)

claude mcp add dnspy --transport sse http://localhost:3100/sse

Claude Desktop

{
  "mcpServers": {
    "dnspy": {
      "type": "sse",
      "url": "http://localhost:3100/sse"
    }
  }
}

OpenCode

{
  "$schema": "https://opencode.ai/config.json",
  "mcp": {
    "dnspy": {
      "type": "remote",
      "url": "http://localhost:3100/sse",
      "enabled": true
    }
  }
}

Kilo Code / Roo Code

{
  "mcpServers": {
    "dnspy-mcp": {
      "type": "sse",
      "url": "http://localhost:3100/sse",
      "alwaysAllow": [
        "list_assemblies", "list_tools", "search_types",
        "get_type_info", "list_methods_in_type"
      ],
      "disabled": false
    }
  }
}

Codex CLI

{
  "mcpServers": {
    "dnspy": {
      "type": "sse",
      "url": "http://localhost:3100/sse",
      "timeout": 30
    }
  }
}

Gemini CLI

mcpServers:
  dnspy:
    type: sse
    url: http://localhost:3100/sse

SSE endpoints: GET /sse (or /events, /) opens the event stream. The server immediately sends event: endpoint\ndata: http://localhost:3100/message?sessionId=<id>. The client then POSTs JSON-RPC requests to that URL and receives responses as event: message SSE events. POST / still accepts direct JSON-RPC for curl/scripting use.

Tool Reference

All tools are called over MCP as tools/call with a JSON arguments object. Parameters marked required must always be provided; all others are optional.

Assembly Tools

Tools for listing and inspecting .NET assemblies loaded in dnSpy.

Parameter details

Type & Member Tools

Tools for inspecting the internals of a specific type.

Parameter details

Method & Decompilation Tools

Tools for decompiling code and exploring method metadata.

Parameter details

IL Tools

Low-level IL inspection for a method body.

Parameter details (dump_cordbg_il)

Analysis & Cross-Reference Tools

Call-graph, usage, and dependency analysis across all loaded assemblies.

Parameter details

Edit Tools

In-memory metadata editing. Changes are applied immediately to dnlib's in-memory model and persist until save_assembly is called or dnSpy is closed without saving.

Parameter details

Note: rename_member changes only the metadata name. It does not update call sites, string literals, or XML docs.

Note: patch_method_to_ret is ideal for disabling anti-debug, anti-tamper, or license-check routines before saving and re-analyzing.

Embedded Resource Tools

Read, write, and extract entries from the ManifestResource table. All write operations are in-memory until save_assembly is called.

Parameter details

Costura.Fody workflow: list_resources (confirm costura.* entries exist) → extract_costura output_directory=C:\extracted → load_assembly each extracted DLL → analyse normally with MCP tools.

Skills Knowledge Base

A persistent reverse-engineering knowledge base stored in %APPDATA%\dnSpy\dnSpy.MCPServer\skills\. Each skill is a pair of files: a Markdown narrative ({id}.md) and a JSON technical record ({id}.json). Skills capture step-by-step procedures, magic values, crypto keys, algorithms, offsets, and generic prompts — so once you've reversed a packer or obfuscator, the knowledge is reusable.

Workflow: Before analysing a new binary, call search_skills to check for existing knowledge. After completing an analysis, call save_skill to record findings.

Parameter details

Example JSON skill record structure

{
  "id": "confuserex-unpacking",
  "name": "ConfuserEx Unpacking",
  "version": "1",
  "tags": ["packer", "confuserex", "unpacking"],
  "targets": ["MyProtectedApp.exe"],
  "description": "Step-by-step procedure to unpack ConfuserEx 1.x protected assemblies",
  "procedure": [
    { "step": 1, "tool": "detect_obfuscator", "prompt": "Detect which obfuscator was applied", "expected": "ConfuserEx v1.x" },
    { "step": 2, "tool": "start_debugging",   "prompt": "Launch under dnSpy with break_kind=EntryPoint", "expected": "Paused at entry point after .cctor" },
    { "step": 3, "tool": "dump_module_from_memory", "prompt": "Dump decrypted module from RAM", "expected": "Raw PE bytes" }
  ],
  "magic_values": { "key_offset": "0x1234", "xor_key": "0xDEADBEEF" },
  "crypto_keys": [],
  "algorithms": ["XOR", "AES-128-ECB"],
  "prompts": {
    "identify": "Use detect_obfuscator on the assembly. If ConfuserEx, proceed with this skill.",
    "apply": "Follow procedure steps 1-3. After dump, reload and deobfuscate.",
    "verify": "Decompile Main() — if readable C# appears, unpacking succeeded.",
    "troubleshoot": "If dump_module_from_memory fails, try dump_module_unpacked with fix_pe_header=true."
  }
}

Debug Tools

Interact with dnSpy's integrated debugger. Most tools require an active debug session.

Parameter details

Tip: Use start_debugging + break_kind: EntryPoint for ConfuserEx-packed assemblies — method bodies are decrypted by the time the breakpoint hits. Then use dump_module_from_memory or unpack_from_memory.

Step workflow: break_debugger (or wait for a BP) → get_current_location → step_over / step_into → inspect with get_local_variables or eval_expression → repeat.

Memory Dump & PE Tools

Extract raw bytes from a debugged process. Requires an active debug session unless otherwise noted.

Parameter details

Layout note: dump_module_from_memory reports IsFileLayout in its response. If false, use dump_module_unpacked instead for a corrected PE layout.

Static PE Analysis

Tools that operate on raw PE file bytes — no debug session required.

Parameter details

Workflow: scan_pe_strings → understand what the packed binary contains → unpack_from_memory → deobfuscate_assembly → load the clean file in dnSpy.

Deobfuscation Tools

Two de4dot integration modes: in-process (deobfuscate_assembly — uses bundled de4dot libraries, available in all builds) and external process (run_de4dot — spawns de4dot.exe, supports dynamic string decryption, available in all builds).

Parameter details

Window / Dialog Tools

Enumerate and dismiss dialog boxes (Win32 MessageBox, #32770 dialogs, and WPF windows) that appear in the dnSpy process — for example, error popups that block a debug session. No debug session required.

Parameter details

Button matching — the tool first checks common exact tokens (EN + ES), then falls back to substring matching. If no button matches, WM_CLOSE is sent to the dialog.

Example

// List all open dialogs
{ "tool": "list_dialogs" }

// Dismiss the first dialog by clicking OK
{ "tool": "close_dialog" }

// Dismiss a specific dialog by HWND, clicking Cancel
{ "tool": "close_dialog", "arguments": { "hwnd": "1A2B3C", "button": "cancel" } }

Utility

Pattern Syntax

Several tools accept a name_pattern or query parameter that supports both glob and regex syntax. The engine auto-detects the mode.

All pattern matching is case-insensitive.

# Find all types whose name starts with "Player"
name_pattern: "Player*"

# Find all interfaces (start with I, followed by uppercase)
name_pattern: "^I[A-Z]"

# Find methods ending in "Async"
name_pattern: "Async$"

# Find all Get* or Set* methods
name_pattern: "^(Get|Set)[A-Z]"

Pagination

List operations return paginated results. The default page size is 50 items.

{
  "items": [ ... ],
  "total_count": 312,
  "returned_count": 50,
  "nextCursor": "eyJvZmZzZXQiOjUwLCJwYWdlU2l6ZSI6NTB9"
}

To fetch the next page, pass the nextCursor value as the cursor argument in the next call. When nextCursor is absent, you have reached the last page.

Usage Examples

Workflow: explore an unknown assembly

1. list_assemblies                           → find "UnityEngine.CoreModule"
2. get_assembly_info  assembly=UnityEngine…  → see namespaces
3. list_types  assembly=…  namespace=UnityEngine  name_pattern="*Manager"
4. get_type_info  assembly=…  type=UnityEngine.NetworkManager
5. decompile_method  …  method=Awake

Search with regex across all assemblies

{ "tool": "search_types", "arguments": { "query": "^I[A-Z].*Repository$" } }

Dump a Unity game module from memory

{ "tool": "list_runtime_modules", "arguments": { "name_filter": "Assembly-CSharp*" } }

{ "tool": "dump_module_from_memory", "arguments": {
    "module_name": "Assembly-CSharp.dll",
    "output_path": "C:\\dump\\Assembly-CSharp_dump.dll"
}}

Set a breakpoint and inspect the call stack

{ "tool": "set_breakpoint", "arguments": {
    "assembly_name": "Assembly-CSharp",
    "type_full_name": "PlayerController",
    "method_name": "TakeDamage"
}}

{ "tool": "get_call_stack" }

Change a private method to public and save

{ "tool": "change_member_visibility", "arguments": {
    "assembly_name": "MyAssembly",
    "type_full_name": "MyNamespace.MyClass",
    "member_kind": "method",
    "member_name": "InternalHelper",
    "new_visibility": "public"
}}

{ "tool": "save_assembly", "arguments": {
    "assembly_name": "MyAssembly",
    "output_path": "C:\\patched\\MyAssembly.dll"
}}

Read process memory at a known address

{ "tool": "read_process_memory", "arguments": {
    "address": "0x7FFE00001000",
    "size": 256
}}

Unpack a ConfuserEx-protected EXE and deobfuscate it

1. scan_pe_strings  assembly_name=MyApp  → confirm it's packed (few readable strings)
2. unpack_from_memory  exe_path=C:\MyApp.exe  output_path=C:\MyApp_unpacked.exe
3. detect_obfuscator  file_path=C:\MyApp_unpacked.exe  → identify remaining obfuscation
4. deobfuscate_assembly  file_path=C:\MyApp_unpacked.exe  output_path=C:\MyApp_clean.dll

Patch anti-debug stubs and save a clean binary

1. list_pinvoke_methods  assembly=MyApp  type=AntiDebugClass
   → finds "CheckRemoteDebuggerPresent" → kernel32.dll
2. patch_method_to_ret  assembly=MyApp  type=AntiDebugClass  method=CheckRemoteDebuggerPresent
3. save_assembly  assembly=MyApp  output_path=C:\MyApp_patched.exe

Load an assembly from disk or from a running process

// Load a .NET DLL from disk
{ "tool": "load_assembly", "arguments": {
    "file_path": "C:\\dump\\MyApp_unpacked.dll"
}}

// Load a raw memory-layout dump (VAs instead of file offsets)
{ "tool": "load_assembly", "arguments": {
    "file_path": "C:\\dump\\MyApp_memdump.bin",
    "memory_layout": true
}}

// Dump from a running process and load directly into dnSpy
{ "tool": "load_assembly", "arguments": {
    "pid": 1234,
    "module_name": "MyPlugin.dll"
}}

Dismiss a dialog that is blocking a debug session

{ "tool": "list_dialogs" }
// → [1] Title: "Error de depuración"
//       Hwnd: 1A2B3C  |  Type: Win32 (#32770)
//       Message: "No se puede continuar la operación."
//       Buttons: Aceptar, Cancelar

{ "tool": "close_dialog", "arguments": { "hwnd": "1A2B3C", "button": "aceptar" } }
// → Clicked 'Aceptar' in dialog 'Error de depuración'.

Find all callers and usages of a suspicious type

{ "tool": "find_who_uses_type", "arguments": {
    "assembly_name": "MyAssembly",
    "type_full_name": "MyNamespace.ObfuscatedLicenseChecker"
}}

{ "tool": "find_who_writes_field", "arguments": {
    "assembly_name": "MyAssembly",
    "type_full_name": "MyNamespace.ObfuscatedLicenseChecker",
    "field_name": "isValid"
}}

Architecture

Project Structure

dnSpy.MCP.Server/
├── dnSpy.MCP.Server.csproj   # Multi-target: net48 + net10.0-windows
├── CHANGELOG.md
├── README.md
├── RELEASE_NOTES.md
└── src/
    ├── Application/
    │   ├── AssemblyTools.cs         # Assembly & type listing
    │   ├── TypeTools.cs             # Type internals + IL
    │   ├── EditTools.cs             # Metadata editing, method patching
    │   ├── DebugTools.cs            # Debugger integration
    │   ├── DumpTools.cs             # Memory dump & PE tools
    │   ├── MemoryInspectTools.cs    # Local variable inspection
    │   ├── UsageFindingCommandTools.cs  # IL usage analysis
    │   ├── CodeAnalysisHelpers.cs   # Call-graph & dependency analysis
    │   ├── De4dotTools.cs           # de4dot deobfuscation (all builds)
    │   ├── SkillsTools.cs           # Skills knowledge base (MD + JSON)
    │   ├── ScriptTools.cs           # Roslyn C# scripting
    │   ├── WindowTools.cs           # Win32/WPF dialog management
    │   └── McpTools.cs              # Tool registry & routing
    ├── Communication/
    │   └── McpServer.cs             # HTTP/SSE server
    ├── Contracts/
    │   └── McpProtocol.cs           # DTO types
    ├── Helper/
    │   └── McpLogger.cs
    └── Presentation/
        ├── TheExtension.cs          # MEF export / entry point
        ├── ToolbarCommands.cs
        ├── McpSettings.cs
        └── McpSettingsPage.cs

Configuration

mcp-config.json

A mcp-config.json file is created automatically next to the MCP Server DLL on first run. Edit it to change network or de4dot settings — no rebuild required.

{
  "host": "localhost",
  "port": 3100,
  "requireApiKey": false,
  "apiKey": "",
  "enableRunScript": false,
  "de4dotExePath": "",
  "de4dotSearchPaths": [],
  "de4dotMaxSearchDepth": 6
}

Remote access — when host is "0.0.0.0" or "*", the HttpListener binds with the wildcard +. This requires a one-time URL ACL reservation (run as Administrator):

netsh http add urlacl url=http://+:3100/ user=Everyone

Then point your MCP client at http://<dnspy-machine-ip>:3100/sse.

After editing mcp-config.json, call reload_mcp_config or restart dnSpy to apply the changes.

Verify the server is running

# Windows (PowerShell)
Invoke-RestMethod http://localhost:3100

# Windows (cmd)
curl http://localhost:3100

# Check port is listening
netstat -ano | findstr :3100

Troubleshooting

Contributing

1. Fork or branch from master
2. Implement your changes under src/Application/ or src/Communication/
3. Register new tools in McpTools.cs (GetAvailableTools + ExecuteTool switch)
4. Build with dotnet build … --nologo — must produce 0 errors, 0 warnings
5. Manually test via any MCP client (list_tools to verify registration)
6. Submit a PR with a description of the new tool(s) and their parameters

License

GNU General Public License v3.0 — see for details.