x64dbg
by x64dbg
x64dbg is an open-source Windows debugger optimized for reverse engineering and malware analysis of executables without source code.
An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.
Primary Use Case
This tool is primarily used by malware analysts, reverse engineers, and security researchers to debug and analyze 32-bit and 64-bit Windows executables. It facilitates deep inspection of binary behavior, memory, and execution flow to understand malware or software internals. The debugger supports plugin extensions, making it adaptable for various forensic and exploitation tasks.
- Supports debugging of both 32-bit and 64-bit Windows executables
- Open-source with a comprehensive plugin system for extensibility
- Graphical user interface with light and dark themes
- Memory map visualization and graph view of code execution
- Integration with multiple chat platforms for community support
- Ability to register shell extensions for quick access
- Powered by TitanEngine core and Zydis disassembler
- Supports import reconstruction and JSON data handling
Installation
- Download a snapshot from GitHub, SourceForge, or OSDN
- Extract the downloaded archive to a location with user write access
- Optionally run x96dbg.exe to register shell extensions and add desktop shortcuts
- Run x32\x32dbg.exe to debug 32-bit executables
- Run x64\x64dbg.exe to debug 64-bit executables
- Alternatively, run x96dbg.exe to choose the architecture interactively
- Optionally compile the project yourself following the provided compiling guide
Usage
>_ x32\x32dbg.exeLaunches the debugger for 32-bit Windows executables
>_ x64\x64dbg.exeLaunches the debugger for 64-bit Windows executables
>_ x96dbg.exeRegisters shell extensions and allows architecture selection for debugging
- Integrate x64dbg with a sandbox environment for dynamic malware analysis, allowing for safe execution and behavior observation.
- Use x64dbg's scripting capabilities to automate tasks like unpacking malware, identifying malicious code injection techniques, and extracting IOCs.
- Combine x64dbg with Volatility for advanced memory forensics, enabling in-depth analysis of system snapshots and identifying malware artifacts.
- Leverage x64dbg's plugin ecosystem to extend its functionality, such as integrating with YARA rules for automated malware signature matching.
- Utilize x64dbg during incident response to analyze compromised systems, identify malware persistence mechanisms, and understand the extent of the attack.
Docs Take 2 Hours. AI Takes 10 Seconds.
Ask anything about x64dbg. Installation? Config? Troubleshooting? Get answers trained on real docs and GitHub issues—not generic ChatGPT fluff.
3 free chats per tool • Instant responses • No credit card
Related Tools
theZoo
ytisf/theZoo
A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.
flare-vm
mandiant/flare-vm
A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.
capa
mandiant/capa
The FLARE team's open-source tool to identify capabilities in executable files.
retoolkit
mentebinaria/retoolkit
Reverse Engineer's Toolkit
awesome-yara
InQuest/awesome-yara
A curated list of awesome YARA rules, tools, and people.
flare-floss
mandiant/flare-floss
FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.