x64dbg/x64dbg
x64dbg
/
x64dbg
1
0
Fork 0
Code Releases 5 Activity

5 Releases 33 Tags

  • 2025.08.19 85e0ff8579

    2025.08.19 Stable

    mrexodia released this 2025-08-20 03:36:23 +08:00 | 0 commits to development since this release

    August 2025: Bug fixes and stability

    This release has mostly been focused on fixing bugs and improving stability over the long term.

    🐛 Bugs

    The migration to Visual Studio 2022 unfortunately caused some serious issues to slip through. The following bugs were fixed:

    • Systems with older versions of the Visual C++ Redistributable would crash when you started debugging.
    • Pattern finding was completely broken.
    • Systems with AVX-512 would crash when using x32dbg.
    • CPUs AVX support would always show 0 for XMM registers (thanks to @CXVUSER).

    To prevent critical issues like this from slipping through we are working on an automated test system. The headless version of x64dbg introduced in the previous release was a first step in this direction, but much more work is required. This release also introduced support for AddressSanitizer, which helps prevent memory safety issues.

    Documentation

    The documentation has now been moved to the docs folder in the x64dbg repository. This streamlines development, but also makes the project much more LLM-friendly. Practically-speaking this means you can now ask questions about x64dbg in DeepWiki and expect reasonably-useful results!

    Ask DeepWiki

    Some example questions:

    Obviously this is no replacement for reading the documentation, but it might at least point you to some concepts to research!

    🔎 Tracing

    There have been quite a lot of updates to the trace recording feature over the past few months by @torusrxxx. For those not familiar, trace recording allows you to capture the registers and memory accesses for every step of the program. Think Time Travel Debugging, but on a much smaller scale. This feature can be helpful trying to understand the data flow or figuring out where a specific value first pops up when executing a function.

    To start a trace recording, use Help -> Trace into... and then enable the Record trace checkbox:

    image

    You can see a reconstruction of the memory/stack (best effort, might be slow on larger traces):

    image

    This version introduces support to search for intermodular calls in the trace, which can be useful to understand where APIs get called. A blog post with more details will follow!

    🤖 Scripting

    You might want to check out Analysis at Scale with x64dbg Automate, which introduces a Python library to automate x64dbg. There is also an MCP Server built on top of it, which allows LLMs to interact with x64dbg.

    The builtin scripting feature has always been a bit lackluster, but the need for testing automation has pushed things forward. Improved command line handling was introduced by @peace-maker and you can now specify a script to execute on debuggee startup:

      x64dbg {OPTIONS} [filename] -- [extra arguments]

    x64dbg

  OPTIONS:

    -workingDir  Current working directory of new process.
    Defaults to current working directory if not specified. (optional)
    -pid         Process ID to attach to. (optional)
    -tid         Thread Identifier (TID) of the thread to resume
    after attaching (PLMDebug). (optional)
    -event       Handle to an Event Object to signal (JIT). (optional)
    -c           Command to execute Specifies the initial
    debugger command to run at start-up. (optional)
    -cf          Specifies the path and name of a script file.
    This script file is executed immediately on startup. (optional)
    -p           Alias for -pid. (optional)
    -a           Alias for -pid. (optional)
    -e           Alias for -event (optional)
    -help        Show this message. (optional)

    The scripting system has been rewritten from scratch to execute all of the script commands on an event loop, which ensures everything executes in a deterministic order. A lot of bugs have been fixed too, which enables more complex scripting scenarios:

    fn = RtlEnterCriticalSection
bp fn
SetBreakpointCommand fn, "scriptcmd call analyze"
ret

analyze:
  SpinCount = ReadPtr(rcx + 0x20)
  log "SpinCount: {u:SpinCount}"
  ret

    The script above sets a breakpoint on RtlEnterCriticalSection. It uses a breakpoint command to execute the analyze function in the script every time the breakpoint hits, and performs some logging. For testing we can use the headless command line tool with test executables and scripts to make sure everything works as expected.

    🐧 Cross Platform

    Thanks to @eldarkg you can now build x64dbg in Wine with a custom CMake toolchain. Additionally the first iteration of the cross-platform branch has been merged. Slowly the GUI components will be ported to an x64dbg::widgets library that can be reused for other projects.

    🤝 Community

    x64dbg is a community-driven project, and this release would not have been possible without the incredible work of our contributors. A huge thank you to everyone who contributed code, reported bugs, and helped shape this release ❤️

    We recently revamped the Discord community, which you can join below:

    Other platforms are synchronized with the #general channel:

    Slack Gitter Matrix IRC

    ❤️ Sponsors

    This project is also made possible by the generous support of sponsors. We would like to give a special shout out to the following sponsors:

    Also many thanks to my active sponsors: @LabGuy94, @grant-h, @MorpheusH3x, @re-jevi, @adam-the, @verdeckt, @emesare, @daaximus, @stevemk14ebr, @as0ni, @sedrakpc, @Dan0xE, @Invoke-RE, @leandrofroes, @shu-tom, @buzzer-re, @expend20, @crudd, @clayne, @fr0zenbag, @dzzie

    If you find x64dbg valuable in your work, please consider becoming a sponsor. Your support directly funds development and helps us continue to build the future of debugging. For companies we also offer custom services depending on the level of sponsorship, please reach out for more details!

    📜 Changelog

    • InitializeSignatureCheck now loads msvcp140.dll
    • Always load VC runtime from application directory #3616
    • Move https://github.com/x64dbg/docs into this repo
    • Fix snapshot timestamp format
    • Fix AVX-512 crash on 32-bit
    • Exclude unnecessary OpenGL libraries from snapshot
    • Fix bug with string formatting
    • Fix ambiguous operand size when hiding pointer sizes by @kalhotky in #3620
    • Display style values refactor and MASM style by @kalhotky in #3617
    • Revert "Fixed inverted logic" by @mrexodia in #3622
    • Improve developer experience when forking
    • Improve CONTRIBUTING guide
    • Another attempt to fix msvcp140 loading #3624
    • Unbreak x32dbg after last commit
    • Fixed pattern search by @OldGamesCracking in #3628
    • Add back -DX64DBG, closes #3634
    • Update resources translations by @torusrxxx in #3562
    • Faster disasmgetstringatwrapper by @d2k2-git in #3625
    • Fix deleting breakpoint at module base address by @kalhotky in #3629
    • Fix symbolic name help URL encoding by @kalhotky in #3630
    • Fix fastresume hiding other summary text by @kalhotky in #3631
    • Disasm value notation by @kalhotky in #3640
    • Fix incorrect "None" label for disabled trace coverage in shortcuts by @adityaxa in #3638
    • Refactor QZydis instance in Bridge class by @mrexodia in #3641
    • Automatically cancel previous workflow runs on the same branch
    • align char buffer sizes with defined limit in GuiGetDisassembly by @d2k2-git in #3627
    • Fix autocomment precedence by @kalhotky in #3632
    • Fix mnemonic brief column #3510, #3509
    • MSVC build under linux wine by @eldarkg in #3657
    • Use library for command line parsing by @peace-maker in #3516
    • Fix headless initialization and thread model
    • msvc-wine: Fix: LINK : fatal error LNK1158: cannot run 'rc.exe' by @eldarkg in #3660
    • Do not produce an import library for exe target #3663
    • Add clang-tidy configuration
    • Show struct widget in DisplayTypeDialog
    • Misc improvements
    • Fix bug where disabling and reenabling GUI updates didn't update the GUI properly
    • Make breakpoint silent if breakpoint command execution fails
    • JobQueue.await now recursively calls job function when called on worker thread
    • Greatly improve script state handling
    • Export table to tab-separated values by @torusrxxx in #3666
    • Support adjusting font size via ctrl+wheel in RegistersView by @torusrxxx in #3665
    • Intermodular calls: add column for module name (#3664)
    • Properly synchronize breakpoint commands and script state
    • Allow using VirtualQueryEx in MemIsCodePage and enable it everywhere
    • Msvc wine build x64 architecture (#3669)
    • Patch file: fix wine usage by @eldarkg in #3679
    • Unity build by @mrexodia in #3674
    • Follow in stack in trace registers view; fix shortcuts in registers view by @torusrxxx in #3670
    • Search for intermodular calls in trace by @torusrxxx in #3672
    • Goto dialog: add completion for labels by @dabeibao in #3681
    • Upgrade _WIN32_WINNT to Windows 7 by @torusrxxx in #3668
    • Fix code formatting
    • Remove dbghelp/DeviceNameResolver/TitanEngine from pluginsdk #3412
    • Add some cross platform example projects by @mrexodia in #3224
    • Simplify licenses sections of the docs to use links instead
    • Fix struct view refreshing and add error message when connection fails
    • Add support for sanitizers and fix a crash
    • Update debug engines to 2025.08.18
    • Release notes dialog by @mrexodia in #3686
    Downloads
  • 2025.06.30 9683bb38d0

    2025.06.30 Stable

    mrexodia released this 2025-06-30 23:03:37 +08:00 | 172 commits to development since this release

    June 2025: Type System and Modernization

    We're excited to announce a major new release of x64dbg, the open-source user mode debugger for Windows. For those new to the project, x64dbg is designed to make reverse engineering and malware analysis faster and more intuitive. This release marks a significant step forward, overhauling our core type system and modernizing our entire toolchain to bring you a more powerful and stable debugging experience.

    NOTE: There were some minor issues that made the 2025.06.30 snapshot unusable (signing issue causing a Windows Defender false positive, AVX-512 support crashed in x32dbg and the VC runtime was not loaded correctly). Because of this that snapshot has been deleted and a fixed one has been put here.

    Revamped Type System

    In previous versions, analyzing data structures was a tedious, manual process and many features were not supported. This release adds support for bitfields, enums and anonymous types, which allows all types in the Windows SDK to be represented and displayed.

    The ManyTypes plugin by notpidgey (who also drove this revamp) allows you to import C header files and see the results directly in x64dbg. While we plan to streamline this workflow even further in future updates, this is a huge leap in making data inspection easier.

    This isn't just about convenience; it's about speed. We've introduced drastic performance improvements to the struct widget, so you can now browse deeply nested pointers and large data structures without the lag.

    image

    We’ve also added a host of quality-of-life improvements:

    • Interactive type selection: While selecting the type you will instantly see what the data looks like, enabling a more interactive workflow.
    • Smarter Displays: Character arrays are now automatically rendered as strings, saving you an extra step.
    • Better Integration: You can now invoke the "Display type" action directly from the register and stack views, making it easier than ever to inspect data on the fly.

    💻 AVX-512 and Half-Float Support

    This release introduces support for the latest CPU instruction sets, ensuring you can analyze even the most modern applications.

    • AVX-512 Support: You now have the power to debug and analyze code that leverages the AVX-512 instruction set, a critical feature for high-performance computing and complex malware.
    • Half-Float Support: We've added support for 16-bit half-precision floating-point numbers in the dump, a feature especially useful when reversing graphics applications or machine learning models.

    Small Changes, Big Impact

    Sometimes it’s the little things that count. Based on your feedback, we've added several small but mighty workflow enhancements:

    • Copy Graph Image: You can now copy the function graph directly to your clipboard, making it effortless to share your findings or add visuals to your reports.
    • Copy Calling Convention Arguments: A new context menu option lets you quickly copy function arguments, streamlining the process of reconstructing code or documenting function calls.
    • Focus on Window in Handles View: You can now bring a target window to the foreground directly from the handles view, which is incredibly useful for UI-heavy debugging.
    • Revamped Launcher: The launcher now has checkboxes and an uninstall option.

    image image

    🚀 Modern Tooling and a New Release Cycle

    We've completed a monumental migration of our entire build system to Visual Studio 2022 and CMake. This massive undertaking provides a more stable foundation, makes it easier for new developers to contribute, and accelerates the pace of future improvements. The compilation instructions were cut down from 13 steps to a single one.

    There has also been movement on a headless version of x64dbg. The main focus for now is automated testing, but eventually it will be expanded to allow headless automations.

    Starting with this release, we will be using CalVer (Calendar Versioning) with proper releases and tags. This will keep our releases more organized and allow package managers and users to reference specific versions more easily. Additionally Windows XP is no longer supported and for Windows 7/8.1 you will get an unskippable deprecation warning:

    image

    🔮 Looking Ahead: A Cross-Platform Future

    We're excited to share a glimpse into our experimental cross-platform branch. This is our testbed for separating core GUI widgets into a reusable library, with the goal of bringing x64dbg's powerful tools to all major platforms (Windows, macOS, and Linux).

    Current experimental tools include:

    • A simple hex viewer that uses the ImHex Pattern Language to visualize data structures.
    • A minidump viewer to browse .dmp files on any platform.
    • A remote table tool that showcases fetching data over a high-latency network.

    image

    These tools are still in early development and not part of the release, but they represent a critical step toward a more versatile and platform-independent future for our components.

    📜 Changelog

    • Fix translation errors
    • Split ModuleStdTable into header and sources to fix Q_OBJECT error
    • Build with GitHub Actions by @mrexodia in #3538
    • Ignore clangd cache
    • Fix buffer overflow by @torusrxxx in #3541
    • Add dump support for half float by @torusrxxx in #3544
    • Add support for AVX512 by @torusrxxx in #3536
    • Fix compilation on MinGW (clang) by @mrexodia in #3539
    • Fix wrong icon for ActionTreatSelectionAsXXX by @torusrxxx in #3546
    • Always update the Example text's background color by @G3ph4z in #3537
    • Show launcher on first launch after installing by @whindsaks in #3521
    • New x96dbg configuration dialog by @G3ph4z in #3532
    • Make a rebuild copy the dependencies again
    • Add headless mode POC #3516
    • Fix compilation with clang-cl
    • Add some more state for the headless mode
    • Automatically download submodules when necessary
    • Updated Type Database Handling by @notpidgey in #3552
    • Fix structure packing in TitanEngine.h #3563
    • Update badges
    • Improve plugin loading error messages
    • Fix errors with simple header parsing
    • Improved error reporting in DisplayType command
    • Allow configuring default max pointer depth in DisplayType
    • Small UX improvements in struct widget
    • Move "Display type" to CommonActions and add to registers/stack
    • Fix missing stdint types when building with vs2022 v120_xp toolset by @WindowsAPI in #3593
    • Fix error handling in ParseTypes
    • Added Copy Menu for Call Conv Arguments by @notpidgey in #3595
    • Draw jump lines under register label; Focus on window in handles view by @torusrxxx in #3585
    • Copy graph image by @torusrxxx in #3578
    • Add IRC link to README
    • Added Type Reload Functionality in Struct View by @notpidgey in #3597
    • Update AStyleHelper to only format changed files
    • Mark padding as bitfield
    • Fix a bug with GotoDialog::setInitialExpression not working twice in a row
    • Performance improvements for StructWidget
    • Remove Visual Studio projects
    • Static MSVC runtime for launcher and loaddll
    • Prefix commands with $ to format the command itself
    • Add a few string expression functions
    • Update breakpoint dialog tooltip match reality
    • Add test for #3599
    • Add back missing /DELAYLOAD options #3412
    • Add selectionChanged signal to SearchListView
    • Implement DisplayTypeDialog for better UX
    • Change StructWidget to inherit from TypeWidget
    • Make type visiting expansion depth configurable
    • Add GuiTypeListUpdated for better UX
    • Hide __anonymous types
    • Improve pretty printing in NodeVisitor
    • Print string values of character arrays
    • Get rid of Qt5Network dependency
    • Match snapshot format to previous releases
    • Update dependencies
    • Upload snapshot ZIP files as artifacts directly
    • Fix: Trim trailing whitespace in script labels #3589 by @oxqnd in #3610
    • Fix Handles->Message Breakpoint: wnd proc or handle is unavailable (wine) by @eldarkg in #3607
    • Fixed inverted logic by @OldGamesCracking in #3588
    Downloads
  • 2025.03.15 1d3aa9b407

    2025.03.15 Stable

    mrexodia released this 2025-03-15 22:52:15 +08:00 | 306 commits to development since this release

    Last version with VS2013 (XP support).

    Downloads
  • snapshot 81377dd4b0

    snapshot_2023-10-05_13-38 Stable

    mrexodia released this 2015-10-30 06:47:07 +08:00 | 4224 commits to development since this release

    Downloads
  • snapshot-pdb 81377dd4b0

    snapshot_2023-10-05_13-38-pdb Pre-Release

    mrexodia released this 2015-10-30 06:47:07 +08:00 | 4224 commits to development since this release

    Downloads