EmuDbg is a lightweight, high-speed Emulator + Debugger designed for reverse engineering Windows executables.
- Run any .exe in debug mode
- Disassemble instructions using Zydis
- Directly emulate assembly instructions
- Skip Windows API calls via debugger stepping without emulating syscalls
- Much faster than traditional emulators that simulate the entire OS environment
- Ideal for reverse engineering, malware analysis, and low-level research
Unlike heavy full-system emulators, EmuDbg focuses on fast instruction emulation.
Windows API functions are skipped through debugger stepping, allowing seamless execution flow without the need for syscall emulation or complex kernel hooks.
-
Clone the repository
git clone https://github.com/yourusername/EmuDbg.git cd EmuDbg cmake .
-
Or download the latest prebuilt
EmuDbg.exefrom the Releases page -
Configure runtime modes (optional):
You can customize EmuDbg’s behavior by editing the
cpu.hppfile.
There are three main flags controlling logging and CPU mode://------------------------------------------ // LOG analyze #define analyze_ENABLED 1 // LOG everything #define LOG_ENABLED 0 // Test with real CPU #define DB_ENABLED 0 //------------------------------------------
Setting all flags to
0will run the emulator in pure emulation mode without extra logging or real CPU testing.
EmuDbg.exe <exe_path> [-m target.dll] [-b software|hardware]| Argument | Required | Description |
|---|---|---|
<exe_path> |
✅ | Path to the target executable you want to debug |
-m <target.dll> |
❌ | Wait for a specific DLL to load before setting breakpoints |
-b <type> |
❌ | Breakpoint type: software (default) or hardware |
EmuDbg.exe C:\Samples\MyApp.exe -b softwareEmuDbg.exe C:\Samples\MyApp.exe -m target.dll -b hardwareEmuDbg.exe C:\Malware\packed.exe