X86/X64DBG

x64dbg and x86dbg are open-source Windows debuggers designed for binary exploitation, reverse engineering and malware analysis. They provide powerful, user-friendly interfaces for analyzing both 64-bit (x64dbg) and 32-bit (x86dbg) applications. Built on the same framework, they support features such as dynamic debugging, memory and stack inspection, breakpoint management, and plugin extensibility. x64dbg focuses on modern 64-bit applications, while x86dbg ensures compatibility with legacy 32-bit software, giving analysts a flexible toolkit for investigating binaries across architectures.

LogoGitHub - x64dbg/x64dbg: An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.GitHub
LogoWelcome to x64dbg’s documentation! — x64dbg documentationhelp.x64dbg.com

INSTALLATION

PS C:\> Invoke-WebRequest -Uri "https://github.com/x64dbg/x64dbg/releases/download/2025.08.19/snapshot_2025-08-19_19-40.zip" -OutFile "$env:TEMP\snapshot_2025-08-19_19-40.zip"

 * Must use env:TEMP as PS doesn't expand %TEMP% like in cmd 

PS C:\> Expand-Archive -Path $env:TEMP\snapshot_2025-08-19_19-40.zip -DestinationPath "C:\Program Files\x64dbg\"
PS C:\> Rename-Item -Path "C:\Program Files\x64dbg\release" -NewName "x64dbg"

 * double-clicking on C:\Program Files\x64dbg\x64dbg.exe will register the shell extension 
   and add a shortcut to the Desktop
    - the version that gets registered will be dependent on the Windows VM architecture 32/64 bit

CUSTOMIZATION: DARK MODE

PS C:\> .\x64dbg
x64DBG > Options > Theme
 Theme: Dark

CUSTOMIZATION: ERC.XDBG PLUGIN

This is a binary-exploitation-oriented plugin for the x64/x86dbg family that streamlines common tasks used during buffer-overflow discovery and analysis. Typical capabilities (plugin-dependent) include:

  • rapid generation of patterned payloads and locating overwrite offsets,

  • automated crash harvesting and classification,

  • memory/stack snapshot comparisons to find control-flow diversion,

  • integrated helpers for identifying bad characters and validating payload encoding, and

  • extensible hooks for integrating custom scripts or toolchains.

LogoGitHub - Andy53/ERC.Xdbg: An Xdbg Plugin of the ERC Library.GitHub

MANUAL

PS C:\> Invoke-WebRequest -Uri "https://github.com/Andy53/ERC.Xdbg/releases/download/64/ERC.Xdbg_64-2.0.3.zip" -OutFile $env:TEMP\ERC.Xdbg_64-2.0.3.zip
PS C:\> Expand-Archive -Path $env:TEMP\ERC.Xdbg_64-2.0.3.zip -DestinationPath "C:\Program Files\x64dbg\x64\plugins"

 * the plugin should be ready to use once complete
 
PS C:\> .\x64dbg
x64DBG> 
 Command: ERC --help

 * switch to the log tab either by clicking on it or Alt+L to view the ERC's output
 
// set a default working directory for saved output files
x64DBG> 
 Command: ERC --config SetWorkingDirectory C:\Users\defender\Desktop

FLARE-VM

On flare-vm, copy the ERC plugin to C:\Tools\x64dbg\release\x64\plugins. Additionally, a process MUST be attached to the x32/x64DBG debugger IOF ERC plugin to work.

PS C:\> Invoke-WebRequest -Uri "https://github.com/Andy53/ERC.Xdbg/releases/download/64/ERC.Xdbg_64-2.0.3.zip" -OutFile $env:TEMP\ERC.Xdbg_64-2.0.3.zip
PS C:\> Expand-Archive -Path $env:TEMP\ERC.Xdbg_64-2.0.3.zip -DestinationPath "C:\Tools\x64dbg\release\x64\plugins"

 * the plugin should be ready to use once complete
 
PS C:\> .\x64dbg
x64DBG> File > Attach > {processName}
x64DBG> Log Tab
 Command: ERC --help

 * switch to the log tab either by clicking on it or Alt+L to view the ERC's output
 
// set a default working directory for saved output files
x64DBG> Log Tab
 Command: ERC --config SetWorkingDirectory C:\Users\defender\Desktop
PreviousRADARE2NextDEBUGGING

Last updated