x64dbg-mcp  by SetsunaYukiOvO

AI-driven debugger control via JSON-RPC

Created 7 months ago
273 stars

Top 94.3% on SourcePulse

GitHubView on GitHub
Project Summary

Summary

This project provides a Model Context Protocol (MCP) server plugin for x64dbg and x32dbg, enabling AI agents and external tools to control debugging sessions programmatically via JSON-RPC 2.0. It offers a standardized, extensible interface for automated reverse engineering and analysis tasks, significantly enhancing the debugger's utility for advanced users and automated workflows.

How It Works

The plugin implements the MCP specification, exposing debugger functionality through a JSON-RPC 2.0 API over HTTP/SSE. It features a layered architecture encompassing communication (HTTP/SSE server), protocol handling (JSON-RPC, MCP), business logic (debugger operations), and x64dbg integration. This approach provides a language-agnostic, streamable interface for remote debugger control, facilitating integration with various client applications and AI models.

Quick Start & Requirements

  • Installation: Build from source using the provided .\build.bat script for both x64 and x86 architectures.
  • Prerequisites: Windows 10/11 (x64), CMake 3.15+, Visual Studio 2022 (with C++ Desktop Development workload), vcpkg, Git.
  • Output: Compiled plugins (x64dbg_mcp.dp64, x32dbg_mcp.dp32) are placed in the dist/ directory.
  • Usage: Start the server via the x64dbg plugin menu ("MCP Server" -> "Start MCP HTTP Server").
  • Docs: API details are available via the system.methods call; complete version history is in CHANGELOG.md.

Highlighted Details

  • MCP Compliance: Implements 79 AI-invokable tools, 7 direct + 8 template resources, and 10 workflow prompts for comprehensive control.
  • API Coverage: Extensive control over execution, memory, registers, breakpoints, disassembly, symbols, threads, and stack operations.
  • Transport: Supports streamable HTTP (/mcp) and legacy HTTP+SSE (/sse) endpoints for flexible client integration.
  • Security (v1.0.8): Enhanced with CORS/Host header validation, rate limiting, SSE buffer caps, and protection against path traversal/command injection.
  • Opt-in Features: Memory/register writes and script execution are disabled by default for security, requiring explicit opt-in via config.json.

Maintenance & Community

The project shows active development with recent security hardening and feature additions. Contributions are welcomed via pull requests. Bug reports and feature requests can be submitted via GitHub Issues.

Licensing & Compatibility

  • License: MIT License, permitting commercial use, modification, and distribution.
  • Compatibility: Requires x64dbg build 2023+.

Limitations & Caveats

This is experimental software; use at your own risk. Most operations necessitate the debugger being in a paused state. Sensitive write operations (memory, registers, scripts) are opt-in via configuration due to security considerations.

Health Check
Last Commit

1 month ago

Responsiveness

Inactive

Pull Requests (30d)
0
Issues (30d)
2
Star History
80 stars in the last 30 days

Explore Similar Projects

Feedback? Help us improve.