x64dbg
🧬 Reverse Engineering · C++
x64dbg is an open-source binary debugger for Windows, designed for malware analysis and reverse engineering of executables when source code is not available. It supports both x64 and x32 applications and provides features comparable to commercial debuggers like IDA Pro's debugger. Key capabilities include a full-featured disassembler, graph view for control flow visualization, conditional breakpoints with scripting support, a built-in assembler for live patching, memory map visualization, and an extensive plugin ecosystem. x64dbg includes IDAPython-style scripting, supports TLS callbacks and anti-debug bypass, and can handle packed/obfuscated binaries. Its active community maintains plugins for everything from API monitoring to de-obfuscation, making it the go-to free debugger for Windows binary analysis.
Installation
Download
$ Download latest snapshot from https://x64dbg.comChocolatey
$ choco install x64dbg.portableUse Cases
- Dynamic analysis of Windows malware with breakpoints and memory inspection
- Unpacking packed or obfuscated executables using hardware breakpoints
- Patching binary behavior in real-time with the built-in assembler
- Tracing API calls and system interactions of suspicious executables
- Bypassing anti-debug protections during reverse engineering sessions
Tags
Details
- Category
- 🧬 Reverse Engineering
- Language
- C++
- Repository
- x64dbg/x64dbg
- Platforms
- 🪟windows
Links
Alternatives & Comparisons
Ghidra
JavaNSA's reverse engineering framework. Disassembly, decompilation, graphing, and scripting for binary analysis.
Compare x64dbg vs GhidraRadare2
CPortable reversing framework. Disassembly, debugging, analysis, patching, and scripting in a single CLI.
Compare x64dbg vs Radare2Cutter
C++GUI for Radare2. Makes reverse engineering accessible with graphs, decompiler, and hex editor built in.
Compare x64dbg vs CutterdnSpy
C#.NET debugger, decompiler, and assembly editor. Inspect and modify .NET and Unity assemblies without source code.
Compare x64dbg vs dnSpyILSpy
C#Open-source .NET decompiler and assembly browser. Produces clean C# from compiled binaries with cross-platform support.
Compare x64dbg vs ILSpyDetect It Easy
C++/QtBinary packer and compiler detection. Identifies compilers, linkers, packers, and protectors used to build PE, ELF, and Mach-O files.
Compare x64dbg vs Detect It Easyangr
PythonBinary analysis framework. Symbolic execution, CFG recovery, and vulnerability discovery for compiled binaries in Python.
Compare x64dbg vs angrRetDec
C++Retargetable decompiler by Avast. Converts machine code back to C from x86, ARM, MIPS, and PowerPC binaries.
Compare x64dbg vs RetDecRizin
CReverse engineering framework forked from radare2. Modernized API, improved UX, with Cutter as its official GUI.
Compare x64dbg vs RizinMore in Reverse Engineering
dnSpy
C#.NET debugger, decompiler, and assembly editor. Inspect and modify .NET and Unity assemblies without source code.
ILSpy
C#Open-source .NET decompiler and assembly browser. Produces clean C# from compiled binaries with cross-platform support.
Detect It Easy
C++/QtBinary packer and compiler detection. Identifies compilers, linkers, packers, and protectors used to build PE, ELF, and Mach-O files.
angr
PythonBinary analysis framework. Symbolic execution, CFG recovery, and vulnerability discovery for compiled binaries in Python.
RetDec
C++Retargetable decompiler by Avast. Converts machine code back to C from x86, ARM, MIPS, and PowerPC binaries.
Rizin
CReverse engineering framework forked from radare2. Modernized API, improved UX, with Cutter as its official GUI.