x64dbg is an open-source binary debugger for Windows, designed for malware analysis and reverse engineering of executables without access to the source code. It offers a wide range of features and a plugin system, allowing you to customize and extend its capabilities to suit your needs.
“Probably the reason people like x64dbg is that it has a UI that makes it easy to jump around and automatically displays context for what’s happening in the process. You can follow pointers, and the UI shows dynamic comments for possible strings, labels, etc.,” Duncan Ogilvie, creator of x64dbg, told Help Net Security.
Features:
- C-like expression parser
- Full-featured debugging of DLL and EXE files (TitanEngine)
- IDA-like sidebar with jump arrows
- IDA-like instruction token highlighter (highlight registers, etc.)
- Memory map
- Symbol view
- Thread view
- Source code view
- Graph view
- Content-sensitive register view
- Fully customizable color scheme
- Dynamically recognize modules and strings
- Import reconstructor integrated (Scylla)
- Fast disassembler (Zydis)
- User database (JSON) for comments, labels, bookmarks, etc.
- Plugin support with growing API
- Extendable, debuggable scripting language for automation
- Multi-datatype memory dump
- Basic debug symbol (PDB) support
- Dynamic stack view
- Built-in assembler
- Executable patching
x64dbg is available for free on GitHub.
Must read: