Skill

state-snapshot

Captures full x64dbg debuggee state snapshot—all committed memory regions as binaries + processor state as JSON—to disk for offline analysis.

Python

Bash

developer-tools

npx claudepluginhub dariushoule/x64dbg-skills

Tool Access

This skill is limited to using the following tools:

mcp__x64dbg__get_debugger_statusmcp__x64dbg__pausemcp__x64dbg__disconnectmcp__x64dbg__connect_to_sessionmcp__x64dbg__goBash

Preview

Capture a full debuggee state snapshot — all committed memory regions as raw binary files plus the complete processor state as JSON.

Supporting Assets

state_snapshot.py

SKILL.md

Similar Skills

find-oep

Finds OEP in packed/protected PE executables using x64dbg: traces packer stubs with anti-debug evasion, heuristic detection, captures state snapshot.

36 tools

x64dbg-skills

debugger

Manages IDA Pro debugger operations: CRUD breakpoints with conditions, patch/revert bytes, maintain patch inventories for binary analysis.

1 file4 tools

idasql

gdb-cli

36.4k

GDB debugging assistant for AI agents - analyze core dumps, debug live processes, investigate crashes and deadlocks with source code correlation

antigravity-awesome-skills

Stats

Stars76

Forks9

Last CommitFeb 12, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

state-snapshot

Capture a full debuggee state snapshot — all committed memory regions as raw binary files plus the complete processor state as JSON.

Instructions

Follow these steps exactly:

1. Verify debugger connection

Call mcp__x64dbg__get_debugger_status to confirm the debugger is connected and a debuggee is loaded. Note the session PID and x64dbg path from the current MCP connection — you will need these to reconnect later.

If no debuggee is loaded, tell the user and stop.

2. Pause the debuggee if running

If the debugger status shows the debuggee is running (not paused), call mcp__x64dbg__pause to pause it. Remember that you auto-paused so you can resume later.

3. Disconnect the MCP client

Call mcp__x64dbg__disconnect to release the ZMQ connection. This is required because only one client can be connected to an x64dbg session at a time, and the Python script needs its own connection.

4. Run the snapshot script

Execute the snapshot script:

python "${CLAUDE_PLUGIN_ROOT}\skills\state-snapshot\state_snapshot.py" --x64dbg-path "<x64dbg_path>" --pid <session_pid>

Where:

<x64dbg_path> is the path to the x64dbg executable noted in step 1
<session_pid> is the debugger process PID noted in step 1

The script defaults output to ./snapshots/<timestamp>/. If the user specified a custom output directory, pass --output-dir <path>.

5. Reconnect the MCP client

Call mcp__x64dbg__connect_to_session with the x64dbg path and session PID saved from step 1 to restore the MCP connection.

6. Report results

Summarize what was captured:

Output directory path
Number of memory region files saved and total size
Whether registers were captured successfully
Any regions that failed to read