Scan a state snapshot's memory dumps with YARA signatures to detect packers, crypto constants, malware, and more
Capture a full debuggee state snapshot (all committed memory regions + processor state) to disk for offline analysis
Smart trace-based OEP finder for packed/protected PE executables. Traces through packer stubs using intelligent stepping, anti-debug evasion, and heuristic OEP detection, then captures a state snapshot at the original entry point.
Hunt for vulnerabilities in a running debuggee by analyzing imports/exports, triaging attack surface, and iteratively testing for bugs with PoC generation.
Load, unpack, and analyze shellcode in x64dbg. Use this skill when the user wants to analyze shellcode, load a shellcode blob into a debugger, unpack encoded/encrypted shellcode, or perform static/dynamic analysis of shellcode payloads.
Decompile a function to C-like pseudocode using angr
Compare two state snapshots to identify register and memory changes between two points in time
Trace execution (into or over calls) for N steps or until a condition, then analyze the recorded instruction log