# x64dbg — Open-Source Windows Debugger for Reverse Engineering

> An open-source user-mode debugger for Windows optimized for reverse engineering and malware analysis, supporting both x86 and x64 executables.

## Install

Save in your project root:

# x64dbg — Open-Source Windows Debugger for Reverse Engineering

## Quick Use
```bash
# Download the latest snapshot from GitHub Releases
# https://github.com/x64dbg/x64dbg/releases

# Extract and run
x96dbg.exe   # launcher that picks x32dbg or x64dbg
x64dbg.exe   # 64-bit debugger directly
x32dbg.exe   # 32-bit debugger directly
```

## Introduction
x64dbg is a free, open-source debugger for Windows that focuses on binary analysis and reverse engineering. It provides a familiar Ollydbg-style interface with modern features for analyzing both 32-bit and 64-bit executables, making it a go-to tool for malware analysts and security researchers.

## What x64dbg Does
- Debugs 32-bit and 64-bit Windows executables with full breakpoint support
- Provides a disassembly view with syntax highlighting and control flow graph
- Includes a built-in assembler and binary patcher for live modifications
- Offers advanced tracing with conditional logging and recording
- Supports scripting and automation for repetitive analysis tasks

## Architecture Overview
x64dbg is built in C++ with a Qt-based GUI. The core debugging engine wraps the Windows Debug API and provides an abstraction layer for breakpoints, memory operations, and thread management. A plugin SDK exposes the full internal API, allowing third-party extensions to add custom views, commands, and analysis passes.

## Self-Hosting & Configuration
- Runs as a portable Windows application with no installation required
- Settings are stored alongside the executable in INI and JSON files
- Plugins are placed in the plugins directory and loaded automatically at startup
- Database files (.dd32/.dd64) persist analysis state per target binary
- Color schemes and layout can be customized through the settings dialog

## Key Features
- Full conditional breakpoint system with expression evaluation
- Built-in decompiler view via Snowman integration
- Import reconstruction and module relocation tools
- Yara rule scanning and pattern search across memory regions
- Active plugin ecosystem with community-maintained extensions

## Comparison with Similar Tools
- **OllyDbg** — classic 32-bit-only debugger; x64dbg adds 64-bit support and active development
- **WinDbg** — Microsoft's kernel and user-mode debugger; more powerful for kernel work but less intuitive for RE
- **Ghidra** — focused on static analysis and decompilation rather than live debugging
- **IDA Pro** — industry-standard commercial disassembler; x64dbg is free and more debugging-focused
- **Radare2/Cutter** — cross-platform RE framework; x64dbg offers a more polished Windows debugging experience

## FAQ
**Q: Does x64dbg support 32-bit and 64-bit debugging?**
A: Yes. The x32dbg component handles 32-bit targets and x64dbg handles 64-bit targets, both sharing the same interface.

**Q: Can I write plugins for x64dbg?**
A: Yes. The plugin SDK provides C/C++ headers for extending the debugger with custom commands, views, and analysis modules.

**Q: Is x64dbg suitable for malware analysis?**
A: It is widely used for malware analysis. Features like conditional tracing, YARA scanning, and process snapshotting make it effective for dynamic analysis.

**Q: How does it compare to IDA Pro?**
A: IDA Pro excels at static disassembly and decompilation. x64dbg focuses on live debugging and is free. Many analysts use both together.

## Sources
- https://github.com/x64dbg/x64dbg
- https://x64dbg.com/

---
Source: https://tokrepo.com/en/workflows/asset-6721e581
Author: AI Open Source