Add an official MCP server

Author: dariushoule

.claude/settings.local.json

@@ -0,0 +1,22 @@
+{
+  "permissions": {
+    "allow": [
+      "Bash(dir:*)",
+      "Bash(find:*)",
+      "Bash(pip install:*)",
+      "Bash(python -m pytest:*)",
+      "mcp__x64dbg__get_all_registers",
+      "mcp__x64dbg__step_into",
+      "mcp__x64dbg__get_register",
+      "mcp__x64dbg__disassemble",
+      "mcp__x64dbg__start_session",
+      "mcp__x64dbg__get_debugger_status",
+      "mcp__x64dbg__get_symbol",
+      "mcp__x64dbg__read_memory"
+    ]
+  },
+  "enableAllProjectMcpServers": true,
+  "enabledMcpjsonServers": [
+    "x64dbg"
+  ]
+}

.mcp.json

@@ -0,0 +1,9 @@
+{
+  "mcpServers": {
+    "x64dbg": {
+      "command": "poetry",
+      "args": ["run", "x64dbg-automate-mcp"],
+      "cwd": "."
+    }
+  }
+}

CLAUDE.md

@@ -0,0 +1,29 @@
+# CLAUDE.md
+
+## Project
+Python client library for x64dbg Automate — RPC-based automation of x64dbg debugger via ZMQ/msgpack.
+
+## Commands
+```powershell
+poetry install              # install deps
+python -m pytest            # run tests (requires running x64dbg with plugin)
+python -m mkdocs serve      # docs dev server
+```
+
+## Test env vars
+- `TEST_BITNESS` — 32 or 64 (default: 64)
+- `X64DBG_PATH` — path to x64dbg executable
+
+## Architecture
+Mixin chain: `XAutoClientBase` → `XAutoCommandsMixin` (low-level RPC) → `XAutoHighLevelCommandAbstractionMixin` (convenience methods) → `X64DbgClient` (also mixes in `DebugEventQueueMixin`).
+
+ZMQ REQ/REP for sync commands, PUB/SUB for async events. Msgpack serialization. Thread-safe via `_req_lock`.
+
+## Conventions
+- Type hints everywhere, modern union syntax (`X | None` not `Optional[X]`)
+- Pydantic models for data structures (`models.py`)
+- Google-style docstrings (Args/Returns/Raises)
+- snake_case functions, PascalCase classes, UPPER_CASE constants
+- Private methods prefixed with `_`
+- Enums use `StrEnum`/`IntEnum`
+- No unnecessary abstractions — keep it direct

docs/index.md

@@ -15,6 +15,7 @@ The heart of the project is the native plugin that externalizes the bridge and s
 - **Maintained/Modern Plugin and Client**: Automate aims to target both the latest x64dbg and Python versions.
 - **Clear Documentation**: The features of Automate are easy to understand and well documented.
 - **Extensible**: Build on top of Automate to extend its capabilities even further.
+- **Agent Friendly**: Supports the MCP protocol for agentic access.
 
 ## Getting Started
 

docs/installation.md

@@ -23,6 +23,12 @@ Extract the entire contents of the archive's `Release` directory into your debug
 pip install x64dbg_automate --upgrade
 ```
 
+To also install the MCP server for use with Claude Code or other MCP-compatible clients:
+
+```sh
+pip install x64dbg_automate[mcp] --upgrade
+```
+
 🔔 Important: The Microsoft Store builds of Python are restricted such that the client library may not function well. Use them at your own risk.
 
 

docs/mcp-server.md

@@ -0,0 +1,126 @@
+# MCP Server
+
+### What is the MCP Server?
+
+The x64dbg Automate MCP server exposes the debugger's capabilities as [Model Context Protocol](https://modelcontextprotocol.io/) tools. This allows LLM clients like Claude Code to directly control x64dbg for reverse engineering, malware analysis, and debugging tasks.
+
+The MCP server wraps the same Python API documented in the Client Reference sections, so all the same functionality is available.
+
+### Installation
+
+Install the client library with the `mcp` extra:
+
+```sh
+pip install x64dbg_automate[mcp] --upgrade
+```
+
+### Claude Code Configuration
+
+Add the following to your Claude Code MCP settings. You can do this via the CLI:
+
+```sh
+claude mcp add x64dbg -- x64dbg-automate-mcp
+```
+
+Or manually create/edit `.mcp.json` in your project root:
+
+```json
+{
+  "mcpServers": {
+    "x64dbg": {
+      "command": "x64dbg-automate-mcp"
+    }
+  }
+}
+```
+
+Restart Claude Code after adding the configuration. You will be prompted to approve the MCP server on first use.
+
+### Available Tools
+
+The MCP server provides ~40 tools organized into the following groups:
+
+| Group | Tools | Description |
+|-------|-------|-------------|
+| Session | `list_sessions`, `start_session`, `connect_to_session`, `disconnect`, `terminate_session` | Manage debugger instances |
+| Debug Control | `go`, `pause`, `step_into`, `step_over`, `skip_instruction`, `run_to_return`, `get_debugger_status` | Control execution |
+| Memory | `read_memory`, `write_memory`, `allocate_memory`, `free_memory`, `get_memory_map` | Read/write debuggee memory |
+| Registers | `get_register`, `set_register`, `get_all_registers` | Register access |
+| Expressions | `eval_expression`, `execute_command` | x64dbg expression evaluator and raw commands |
+| Breakpoints | `set_breakpoint`, `clear_breakpoint`, `toggle_breakpoint`, `list_breakpoints` | Software, hardware, and memory breakpoints |
+| Assembly | `disassemble`, `assemble` | Disassemble and assemble instructions |
+| Annotations | `set_label`, `get_label`, `set_comment`, `get_comment`, `get_symbol` | Labels, comments, and symbol lookup |
+| Threads | `create_thread`, `terminate_thread`, `pause_resume_thread`, `switch_thread` | Thread management |
+| Events | `get_latest_event`, `wait_for_event` | Debug event queue |
+| Settings | `get_setting`, `set_setting` | x64dbg configuration |
+| GUI | `log_message`, `refresh_gui` | Debugger UI interaction |
+
+### Walkthrough: Debugging with Claude
+
+This walkthrough demonstrates a typical analysis session using the MCP server from Claude Code. The x64dbg plugin must be installed and the MCP server configured as described above.
+
+**Step 1: Start a session**
+
+Ask Claude to start a debug session:
+
+```
+Launch x64dbg from C:\x64dbg\release and debug C:\targets\to_analyze.exe
+```
+
+Claude will call `start_session` with your x64dbg path and target executable. 
+
+**Step 2: Explore the target**
+
+Ask Claude to look around:
+
+```
+Disassemble the first 20 instructions at the entry point
+```
+
+Claude will call `disassemble` with `RIP` as the address (resolved via x64dbg's expression evaluator), giving you annotated disassembly output.
+
+```
+Show me the memory map and read 256 bytes at RSP
+```
+
+Claude will call `get_memory_map` and `read_memory`, returning a hex dump with ASCII sidebar.
+
+**Step 3: Set breakpoints and run**
+
+```
+Set a breakpoint on MessageBoxA and resume execution
+```
+
+Claude will call `set_breakpoint` with the symbol name and then `go` to resume.
+
+**Step 4: Inspect state at a breakpoint**
+
+```
+Show me all registers and disassemble 10 instructions at the current position
+```
+
+Claude will call `get_all_registers` and `disassemble` with `RIP`, giving you a full picture of the current state.
+
+**Step 5: Modify and continue**
+
+```
+Write 0x90 0x90 (NOPs) at 0x401032 and step over 5 instructions
+```
+
+Claude will call `write_memory` to patch the bytes and `step_over` to advance.
+
+**Step 6: Clean up**
+
+```
+Disconnect from the debugger
+```
+
+Claude will call `disconnect`, leaving x64dbg running for manual inspection, or `terminate_session` to close it entirely.
+
+### Tips
+
+- **Let Claude drive**: Describe your analysis goal in plain language. Claude can chain multiple tools together to investigate, set breakpoints, read memory, and modify state.
+- **Expressions work everywhere**: Any tool that takes an address also accepts registers, symbols, and arithmetic expressions — just like the x64dbg command bar.
+- **Memory reads are capped**: `read_memory` is limited to 4096 bytes per call and `disassemble` to 100 instructions. Ask for multiple reads if you need more.
+- **Events for synchronization**: Use `wait_for_event` to wait for breakpoints, DLL loads, or other debug events before inspecting state.
+- **Raw commands**: If a feature isn't exposed as a dedicated tool, `execute_command` passes any command directly to x64dbg's command interpreter. See the [x64dbg command reference](https://help.x64dbg.com/en/latest/commands/).

mkdocs.yml

@@ -5,6 +5,7 @@ nav:
   - "Home": index.md
   - "Installation": installation.md
   - "Quickstart": quickstart.md
+  - "MCP Server": mcp-server.md
   - "Client Reference":
     - "Session Control": api/session-control.md
     - "Debug Control": api/debug-control.md