Summary: x64dbg is an open-source binary debugger for Windows, tailored for malware analysis and reverse engineering of executables without source code access. It features a user-friendly interface and extensive customization options through plugins.
Threat Actor: N/A | x64dbg
Victim: N/A | x64dbg
Key Point :
- Offers a C-like expression parser and full debugging capabilities for DLL and EXE files.
- Includes an IDA-like sidebar, memory map, and customizable color schemes for enhanced usability.
- Supports a variety of features such as dynamic stack view, built-in assembler, and executable patching.
- Provides extensive plugin support and an extendable scripting language for automation.
- Available for free on GitHub, making it accessible for developers and security researchers.
x64dbg is an open-source binary debugger for Windows, designed for malware analysis and reverse engineering of executables without access to the source code. It offers a wide range of features and a plugin system, allowing you to customize and extend its capabilities to suit your needs.
βProbably the reason people like x64dbg is that it has a UI that makes it easy to jump around and automatically displays context for whatβs happening in the process. You can follow pointers, and the UI shows dynamic comments for possible strings, labels, etc.,β Duncan Ogilvie, creator of x64dbg, told Help Net Security.
Features:
- C-like expression parser
- Full-featured debugging of DLL and EXE files (TitanEngine)
- IDA-like sidebar with jump arrows
- IDA-like instruction token highlighter (highlight registers, etc.)
- Memory map
- Symbol view
- Thread view
- Source code view
- Graph view
- Content-sensitive register view
- Fully customizable color scheme
- Dynamically recognize modules and strings
- Import reconstructor integrated (Scylla)
- Fast disassembler (Zydis)
- User database (JSON) for comments, labels, bookmarks, etc.
- Plugin support with growing API
- Extendable, debuggable scripting language for automation
- Multi-datatype memory dump
- Basic debug symbol (PDB) support
- Dynamic stack view
- Built-in assembler
- Executable patching
x64dbg is available for free on GitHub.
Must read:
Source: https://www.helpnetsecurity.com/2024/08/19/x64dbg-open-source-binary-debugger-windows