x64dbg-skills

Name: x64dbg-skills
Author: dariushoule

Verified

Claude Code plugin providing skills for x64dbg debugger automation

176stars

14forks

Python

Installation

# Add to your Claude Code skills
git clone https://github.com/dariushoule/x64dbg-skills

Getting Started

Guides for using mcp servers skills like x64dbg-skills.

Best MCP Servers in 2026
Category-by-category picks: databases, dev tools, productivity, browser automation.
What is an AI Skills Marketplace?
Definitions, how marketplaces work, and how to choose between them in 2026.
Getting Started with AI Skills
First-time install walkthrough for Claude Code, Codex CLI, and ChatGPT.

Security ReportVerified

Last scanned: 5/30/2026

{
  "issues": [],
  "status": "PASSED",
  "scannedAt": "2026-05-30T15:49:33.164Z",
  "npmAuditRan": true,
  "pipAuditRan": true
}

README.md

Frequently Asked Questions

What is x64dbg-skills?

x64dbg-skills is an open-source mcp servers skill for AI coding assistants such as Claude Code, Codex CLI, and ChatGPT, built by dariushoule. Claude Code plugin providing skills for x64dbg debugger automation. It has 176 GitHub stars.

Is x64dbg-skills safe to use?

Yes. x64dbg-skills passed SkillsLLM's automated security scan — a dependency vulnerability audit plus prompt-injection heuristics — with no high-severity issues. You can read the full report in the Security Report section on this page.

How do I install x64dbg-skills?

Clone the repository with "git clone https://github.com/dariushoule/x64dbg-skills" and add it to your Claude Code skills directory (see the Installation section above).

What programming language is x64dbg-skills written in?

x64dbg-skills is primarily written in Python. It is open-source under dariushoule on GitHub, so you can review or fork the full source.

Are there alternatives to x64dbg-skills?

Yes. SkillsLLM lists many other MCP Servers skills you can browse and compare side by side. Open the MCP Servers category from the badge at the top of this page, or use the Related Skills and comparison links further down to weigh x64dbg-skills against similar tools.

MCP for Beginners

Build MCP servers that give AI assistants real capabilities

36 minBeginner

Comments (0)

to leave a comment.

No comments yet. Be the first to share your thoughts!

Related Skills

superpowers

by obra

An agentic skills framework & software development methodology that works.

234,966

Popular in MCP Servers

Top skills in this category by stars

Scrapling

by D4Vinci

🕷️ An adaptive Web Scraping framework that handles everything from a single request to a full-scale crawl!

66,539

awesome-claude-dxt claude-mermaid

x64dbg-skills

Claude Code plugin providing skills for x64dbg debugger automation.

Skills

`/state-snapshot`

Captures a full debuggee state snapshot to disk for offline analysis:

All committed memory regions as raw binary files
Complete processor state (registers) as JSON

`/state-diff`

Compares two state snapshots to identify what changed between two points in time:

Register changes (instruction pointer advancement, stack movement, flags, etc.)
Memory region modifications (stack writes, heap mutations, code changes)
Synthesized narrative explaining what the program did between snapshots

`/decompile`

Decompiles a function to C-like pseudocode using angr:

Decompiles the function at the current instruction pointer if no address is specified
Accepts a specific address or symbol as an argument
Tries multiple decompiler strategies for best results
Suggests nearby functions if the specified address isn't a function entry

`/yara-sigs`

Scans snapshot memory dumps with YARA signatures from the x64dbg yarasigs database:

Automatically clones the yarasigs repo (including Yara-Rules and citizenlab submodules) on first use
Scan categories: packers & compilers, crypto constants, anti-debug / anti-VM, or all signatures
Builds on /state-snapshot — uses an existing snapshot or takes a fresh one
Reports matches grouped by rule with memory region addresses and metadata

`/tracealyzer`

Traces execution (into or over calls) for N steps or until a condition is met, then analyzes the recorded instruction log:

Configurable trace mode: step into calls or step over calls
Stop on a max instruction count, an x64dbg expression (e.g. cip == 0x401000), or both
Captures a full instruction log to traces/ with addresses, disassembly, labels, and comments
Summarizes execution flow, hot spots, API calls, loops, and notable patterns
Follow-up actions: annotate key addresses in x64dbg, deeper sub-region analysis, deobfuscation

`/shellcode-analyzer`

Loads, unpacks, and analyzes raw shellcode blobs in x64dbg:

Launches x64dbg with timeout.exe as a sacrificial process (supports 32-bit and 64-bit)
Allocates memory, writes shellcode, and redirects execution with optional NOP sled
Unpacking — identifies and executes decoder stubs (XOR loops, decompression routines, self-modifying code)
Static analysis — disassembly, YARA scanning (/yara-sigs), annotates key addresses with comments and labels
Dynamic analysis — steps through import resolvers, inspects decoded payloads/strings/C2 configs
Produces annotated shellcode in x64dbg and optional markdown reports

`/find-oep`

Smart trace-based OEP finder for packed/protected PE executables:

Traces through packer stubs using intelligent stepping, anti-debug evasion, and heuristic detection (section transitions, stack restoration, compiler entry patterns, IAT population)
Handles common packers (UPX, ASPack, MPRESS, PECompact, Themida, VMProtect, Enigma) and unknown/custom packers
Detects and evades anti-debug techniques: PEB flags, timing checks, hardware BP detection, exception tricks, self-checksums
Leverages /yara-sigs for packer identification and /state-snapshot for memory capture at OEP
Leaves the debugger paused at the OEP with a state snapshot for downstream analysis or PE reconstruction

`/vuln-hunter`

Hunts for vulnerabilities in a running debuggee through systematic analysis:

Reconnaissance — enumerates imports/exports, categorizes I/O functions by attack context (network, file, registry, etc.), and finds cross-references to dangerous sinks
Triage — ranks code paths by attacker reachability and sink severity, presents a prioritized attack surface map
Bug hunting — iteratively analyzes target functions for buffer overflows, integer wraps, format strings, logic flaws; generates test inputs and observes behavior under the debugger
PoC development — builds proof-of-concept Python scripts that demonstrate impact (crash, info leak, code execution)
Leverages /decompile for complex functions and /tracealyzer for execution tracing
Produces annotated targets in x64dbg and optional markdown vulnerability reports

Prerequisites

x64dbg and x64dbg Automate installed
x64dbg MCP server configured in Claude Code
Python 3 with the x64dbg_automate pip package installed:
```
pip install x64dbg_automate[mcp] --upgrade
```
For the /decompile skill: angr (Python >= 3.10):
```
pip install angr
```
For the /yara-sigs skill: yara-python and Git:
```
pip install yara-python
```
For the /vuln-hunter skill: LIEF for static PE analysis:
```
pip install lief
```

Installation

Add the marketplace and install the plugin:

/plugin marketplace add dariushoule/x64dbg-skills
/plugin install x64dbg-skills

Updating

To update to the latest version:

/plugin install x64dbg-skills

Usage

A decent guide that gives good ideas on how to use these skills: Cooking with x64dbg and MCP

License

MIT