EDB Debugger MCP
This MCP server bridges EDB/GDB debugger with AI assistants, exposing 207 AI-callable tools for reverse engineering and exploit development. Key capabilities include:
Program Control
Load, run, pause, continue, restart, and kill processes
Attach/detach from processes, connect to remote GDB servers, send signals
Breakpoints & Watchpoints
Set software/hardware breakpoints, watchpoints, catchpoints, and conditional/trace breakpoints
Enable, disable, remove, list, import, and export breakpoints
Execution Control
Step into/over/out, instruction-level stepping, jump to address, reverse step/continue
Registers & Memory
Read/write CPU, FPU, and SIMD registers
Read/write memory as hex dumps or typed values, fill, search, compare, set permissions, dump to files
Disassembly & Code Analysis
Disassemble functions/ranges, analyze basic blocks, control flow, CFG generation, ROP gadget finding
Stack & Frame Analysis
Dump stack, get backtraces, inspect frames/locals/arguments, push/pop stack values
Symbol & Binary Analysis
Look up symbols, list functions/modules/sections, find string/code references, convert addresses to file offsets
Thread & Process Management
List/switch threads, configure fork-follow behavior
Patching & Annotations
Assemble and patch instructions, NOP ranges, add comments/bookmarks, apply patches to disk
Session Management
Save/load debug sessions, configure environment, toggle ASLR, execute raw GDB commands
Pwntools Integration (50 tools)
Assemble/disassemble (Keystone/Capstone), analyze ELF binaries, generate shellcode, build ROP chains, create format string payloads, generate SROP frames, cyclic patterns, pack/unpack integers, interact with processes/remote services
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@EDB Debugger MCPset a breakpoint at main and run the binary"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
EDB Debugger MCP
About
EDB (Evan's Debugger) is a feature-rich, open-source GUI debugger for Linux (x86/x86-64), known for its intuitive interface, powerful plugin system (22 plugins), and extensive debugging capabilities — breakpoints, memory analysis, ROP tool, heap analyzer, and more. However, EDB has always been limited to manual GUI interaction — until now.
EDB Debugger MCP bridges EDB's debugging engine with modern AI via the Model Context Protocol (MCP). Every EDB feature is exposed as a tool callable by an AI assistant — Claude Desktop, Cursor, or any MCP host — effectively giving AI a debugger's intuition. The server exposes 207 debugging tools (100 Pydantic models, 182 backend methods, ~9000 LOC).
Behind the scenes, it translates AI requests into GDB MI commands via a high-performance async backend, then formats results back as structured data. Combined with pwntools integration (50 tools: ROP, shellcode, cyclic, ELF, pack, enhex, align, bitops, tubes), it becomes a complete AI-powered reverse engineering workstation.
Stat | Value |
Total tools | 207 (157 edb_ + 50 pwntools_) |
Test count | 372 (pytest, 4 Python versions) |
EDB feature coverage | 22/22 plugins · 29/29 actions · 13/13 dialogs · 6/6 views |
Code size | ~9000 LOC · 100 Pydantic models · 182 backend methods |
EDB · GDB · MCP · FastMCP · pwntools · Binary Ninja
Related MCP server: GDB MCP Server
Table of Contents
Quick Start
pip install edb-debugger-mcp
edb-debugger-mcp &Then add to Claude Desktop config and ask: "Load /bin/ls, find ROP gadgets with pop eax, and generate execve shellcode" — the AI handles the rest.
Features
Program Control — Load, run, pause, continue, restart, attach/detach, kill
Breakpoints — Software/hardware breakpoints, watchpoints (read/write/access), conditional, ignore count, commands, catchpoints, export/import
Step Operations — Step into/over/out, step instruction, step-over instruction, reverse step/continue
Register Management — Read/write all CPU/FPU/SIMD registers, formatted dump, flag analysis, changed registers
Memory Operations — Hex dump, write memory/bytes, fill pattern, search, compare regions, set permissions
Disassembly — Full/range disassembly, current instruction, assembly patching, NOP fill
Stack Analysis — Stack dump, push/pop/modify, frame info, backtrace, arguments, locals
Symbol Resolution — Symbol lookup, modules, sections, entry point, symbol map, binary info
Thread Support — List/switch threads, process info, thread info
Expression Evaluation — C expression, variable get/set, string reading, type info (ptype/whatis)
Code Analysis — Source listing, function info/bounds, references, ROP gadgets, basic blocks, CFG
Code Patching — Assemble instruction, NOP range, fill zero, label address, comments/annotations
Session Management — Save/load sessions, bookmark addresses, export/import breakpoints
Remote Debugging — Connect to remote GDB server, generate core dumps
Environment — Get/set/unset env vars, set working directory, TTY, signal handling
Configuration — ASLR toggle, lazy binding toggle, debug output, session logging, signal ignore list
Utility — Binary string convert (hex↔ascii↔utf-16), file↔VA offset convert, font config
Pwntools Integration — Assembly/disassembly (Keystone/Capstone), ELF analysis, ROP gadget search, shellcode generation, cyclic pattern, format string payloads, pack/unpack
Use Cases
CTF Exploit Development —
pwntools_cyclic→ offset →edb_find_rop_gadgets→pwntools_shellcraft→pwntools_asmMalware Analysis —
edb_attach_process→edb_set_breakpoint→edb_read_memory→edb_generate_core_dumpBug Hunting —
edb_disable_aslr→edb_run→edb_search_memory→edb_analyze_heapVulnerability Research —
edb_evaluate_expression→edb_get_stack→edb_instruction_detail→edb_call_functionReverse Engineering —
edb_disassemble_range→edb_generate_cfg→edb_find_strings→edb_lookup_symbol
Requirements
Python >= 3.10
GDB (GNU Debugger) installed on the system
Linux (x86-64 recommended)
Installation
# Clone the repository
git clone https://github.com/oakkaya/edb-debugger-mcp.git
cd edb-debugger-mcp
# Install dependencies
pip install -r requirements.txt
# (Optional) Install with pip
pip install -e .Usage
Standalone
python edb_debugger_mcp.pyThis starts the MCP server on stdio, ready to accept MCP protocol messages.
Testing
# Compile a test binary
gcc -g -o /tmp/test_bin /path/to/test.c
# Then run the server manually or use an MCP clientClaude Desktop Integration
If installed via pip:
{
"mcpServers": {
"edb-debugger-mcp": {
"command": "edb-debugger-mcp"
}
}
}If installed from source:
{
"mcpServers": {
"edb-debugger-mcp": {
"command": "python",
"args": ["/path/to/edb_debugger_mcp/edb_debugger_mcp.py"]
}
}
}Config file location:
macOS:
~/Library/Application Support/Claude/claude_desktop_config.jsonLinux:
~/.config/Claude/claude_desktop_config.jsonWindows:
%APPDATA%\Claude\claude_desktop_config.json
Other MCP Hosts
The same server works with any MCP-compatible host. Example configurations:
opencode (~/.config/opencode/config.json):
{
"mcpServers": {
"edb-debugger-mcp": {
"command": "edb-debugger-mcp"
}
}
}Cursor (Project Settings → MCP Servers):
{
"mcpServers": {
"edb-debugger-mcp": {
"command": "edb-debugger-mcp"
}
}
}Continue.dev (~/.continue/config.json):
{
"experimental": {
"mcpServers": {
"edb-debugger-mcp": {
"command": "edb-debugger-mcp"
}
}
}
}Docker Usage
A pre-built Docker image is available on GitHub Container Registry.
# Pull the latest image
docker pull ghcr.io/oakkaya/edb-debugger-mcp:latest
# Run the MCP server (stdio mode, for MCP hosts)
docker run -i ghcr.io/oakkaya/edb-debugger-mcp
# Run with a specific version tag
docker run -i ghcr.io/oakkaya/edb-debugger-mcp:v1.2.2
# Run interactively with a shell for debugging
docker run --rm -it \
--security-opt seccomp=unconfined \
--cap-add=SYS_PTRACE \
ghcr.io/oakkaya/edb-debugger-mcp /bin/bashThe image is built from python:3.13-slim with GDB pre-installed. It
is automatically rebuilt and published on every GitHub release (v* tag).
Architecture
┌─────────────────────┐ MCP Protocol ┌──────────────────────┐
│ MCP Client │ ◄──────────────────► │ FastMCP Server │
│ (Claude, Cursor) │ stdio JSON-RPC │ edb_debugger_mcp.py│
└─────────────────────┘ └──────────┬───────────┘
│
GDB MI
(--interpreter=mi2)
│
┌────────┴───────────┐
│ GDB Backend │
│ gdb_backend.py │
│ (async subprocess)│
│ MI parser + 123 │
│ public methods │
└────────────────────┘The server uses GDB's MI (Machine Interface) protocol (--interpreter=mi2) to communicate with GDB as a subprocess. The backend:
Sends MI/CLI commands via stdin, parses structured MI responses
Handles
*stoppedasync events for breakpoint hitsManages process lifecycle (start, kill, detach)
Provides
readelf-based file offset ↔ VA conversion
Note: The EDB action/dialog/view counts listed in this README cover all of EDB's UI elements. Since this project is an MCP server, UI-only features (About dialog, font selector, Reset UI, window layout) cannot be mapped. All functional debugging capabilities (breakpoint, register, memory, stack, thread, expression, patching, analysis, ROP, session) are 100% covered.
pwntools Tools
The server integrates pwntools — the CTF/exploit development framework — as 50 MCP tools callable alongside the EDB debugger tools.
Tool | Description |
| Full ELF binary analysis (headers, sections, symbols, security, strings) |
| Assemble assembly instructions to bytes (Keystone) |
| Build a ROP chain with ordered gadgets |
| Check ELF binary security properties (RELRO, Canary, NX, PIE) |
| Search pwntools/ELF constants by name or value |
| Generate De Bruijn cyclic pattern for offset discovery |
| Find offset of a value in cyclic pattern |
| Disassemble raw bytes with pwntools (architecture-aware) |
| Show shared library dependencies and interpreter |
| Patch bytes in ELF binary at file offset (creates .bak) |
| Read bytes from ELF binary at section or address |
| List all sections with type, flags, address, size |
| Search ELF binary for byte pattern grouped by section |
| Extract printable strings from ELF (by section or all) |
| Search symbols by regex with address table |
| Encode shellcode (alphanumeric, null_free, xor) |
| Shannon entropy analysis of file or region |
| Search ROP gadgets grouped by type (syscall, stack_pivot, call, jump) |
| Search for ROP gadgets by regex |
| Pack values/addresses into flat payload bytes |
| Generate format string write payload |
| Hex dump with ASCII side (colored, offset-labeled) |
| Compile assembly code into ELF binary |
| Pack integer to bytes (little/big endian, 8/16/32/64-bit) |
| Generate shellcode for a given arch/OS (execve, bind/rev shell, etc.) |
| Generate SROP (Sigreturn-Oriented Programming) frame |
| Unpack bytes to integer |
Usage: ask the AI "Find ROP gadgets with pop rdi" or "Generate x64 execve shellcode" — no separate setup needed.
EDB Plugin Mapping
Plugin | MCP Coverage |
DebuggerCore | Execution, stepping, breakpoints, registers, memory, state |
BreakpointManager | edb_set_breakpoint, edb_list_breakpoints, edb_export/import |
HardwareBreakpoints | edb_set_hardware_breakpoint, edb_set_watchpoint |
InstructionInspector | edb_instruction_detail |
Assembler | edb_assemble (Keystone optional) |
BinaryInfo | edb_get_binary_info |
BinarySearcher | edb_search_memory |
Backtrace | edb_get_backtrace |
FasLoader | edb_load_symbol_file |
DumpState | edb_dump_state |
FunctionFinder | edb_list_functions |
OpcodeSearcher | edb_search_instructions |
References | edb_find_references, edb_string_references |
ROPTool | edb_find_rop_gadgets |
HeapAnalyzer | edb_analyze_heap |
Analyzer | edb_analyze_region, edb_analyze_basic_blocks |
SymbolViewer | edb_lookup_symbol |
ProcessProperties | edb_get_process_properties |
ODbgRegisterView | edb_get_registers, edb_get_fpu_state, edb_get_simd_state |
Bookmarks | edb_add_bookmark, edb_list_bookmarks, edb_remove_bookmark |
CheckVersion | Automatically handled |
DebuggerErrorConsole | edb_set_debug_output |
Binary Ninja Integration
⚠ Experimental / untested — Binary Ninja is a commercial product (not available in this environment). The plugin code is structurally complete and follows the BN plugin API, but has not been verified at runtime. PRs welcome.
The binaryninja_mcp/ directory contains a full Binary Ninja plugin that bridges the decompiler with the live debugger. Features:
Register overlay — HLIL comments with live register values
Single-click breakpoints — Right-click to toggle software/hardware breakpoints
In-place patching — NOP, assemble, range-NOP from the disassembly context menu
Step control — Step into/over/out, run, pause via Plugins menu
Sidebar widget — Live register summary in the "EDB Debugger" tab
Install: ln -s $(pwd)/binaryninja_mcp ~/.binaryninja/plugins/edb-debugger-bridge
Ghidra Integration
⚠ Experimental / untested — Requires pyhidra. Plugin is structurally complete but not verified at runtime. PRs welcome.
The ghidra_mcp/ directory contains a Ghidra Python bridge that follows the same pattern as BN. Features:
Start/Stop Bridge — Connect/disconnect from the MCP server
Toggle Breakpoint — Set/clear breakpoints at the cursor address
In-place patching — NOP, assemble instructions
Step/run control — Step into/over, run, pause
Register & memory inspection — Live register values, memory hex dump
Install: in Ghidra with pyhidra, run ghidra_mcp/ghidra_bridge.py via the Python interpreter, then use the newly registered actions from the right-click menu.
Web UI
⚠ Experimental
The web_ui/ directory provides a browser-based debugger frontend (FastAPI + vanilla JS). No JS framework required.
cd web_ui
pip install -r requirements.txt
python server.py
# → http://localhost:8000Features:
Categorized tool sidebar — Program, Breakpoints, Run/Step, Registers/Memory, Analysis, Pwntools
Dynamic parameter forms — Tools with arguments show input fields auto-generated from the tool schema
Dark theme — Clean, readable interface
Live results — Output streams into the result panel with auto-scroll
REST API
The Web UI exposes a REST API used by the frontend. All endpoints return JSON unless noted.
Endpoint | Method | Description |
| GET | Serve the main HTML page (static) |
| GET | Quick action buttons metadata (name, tool, icon) |
| GET | All tools with category and input fields |
| GET | Single tool definition by name |
| POST | Execute a tool with JSON |
| GET | Debugger state snapshot (registers, stack, disasm, backtrace, status) |
| GET | Enhanced state with register diff highlighting |
| POST | Set a register value |
| GET | Read memory as parsed hex dump |
| GET | Disassemble at address |
| GET | List all functions in the binary |
| GET | Tool call history (in-memory, ordered) |
| POST | Clear tool call history |
| GET | List saved debugger sessions |
| POST | Save session |
| POST | Load a saved session |
| DELETE | Delete a saved session |
| GET | HTML fragment for a tab (history, sessions, state) |
x64dbg Integration
⚠ Experimental / untested — Windows-only. Requires x64dbg with x64dbgpy. No test environment available.
The x64dbg_mcp/ directory contains an x64dbgpy plugin. Features:
Start/Stop Bridge — Connect to the MCP server
Breakpoint control — Toggle, clear all
Patching — NOP, assemble at cursor
Step/run — Step into/over, run, pause
Inspection — Registers, memory at selection
Install: copy x64dbg_mcp/ to x64dbg's py-plugins/ directory. The "EDB Bridge" submenu appears under Plugins.
Quick Start
# Install
pip install edb-debugger-mcp
# Start the MCP server (standalone)
edb-debugger-mcp
# Or with Web UI
pip install "edb-debugger-mcp[web]"
python3 -m web_ui.server3-step CTF solve with AI:
User: Load /challenge/bof and analyze it
AI: → edb_load_program(path="/challenge/bof")
→ edb_disassemble("main") → finds gets() call
→ edb_list_functions() → finds win() at 0x4011b6
User: Build exploit
AI: → pwntools_cyclic(200) → generates pattern
→ pwntools_cyclic_find("0x6161616c") → offset = 136
→ pwntools_flat([0xdeadbeef]*34 + [0x4011b6]) → payload
User: Test it
AI: → edb_run(args=$(python3 -c "print('A'*136 + '\xb6\x11\x40')"))
→ edb_set_breakpoint("win")
→ edb_continue() → breaks at win → flag printed!IDA Pro Integration
✅ Tested with IDA Pro 9.3 — IDAPython imports (ida_pro, idaapi, idc, idautils), all 13 actions register under Edit -> EDB Debugger, MCP subprocess bridge connects with 207 tools, step/run/breakpoint/patch actions work, headless mode works with
ida -c -A -S<script>under xvfb.
The ida_mcp/ directory contains an IDAPython plugin that connects IDA Pro to the MCP server. Features:
Start/Stop Bridge — Launch and terminate the MCP subprocess
Toggle Breakpoint (F2) — Set/remove software breakpoint at cursor
Clear All Breakpoints — Remove all breakpoints
Patching — NOP or assemble instruction at current address
Step/run control — Step into (F11), step over (F10), step out (Shift+F11), run (F5), pause
Inspection — Show register values, read memory at cursor
Install: copy ida_mcp/ to IDA's plugin directory:
cp -r ida_mcp ~/.idapro/plugins/edb_debugger_bridgeAfter starting the bridge (Edit -> EDB Debugger -> Start Bridge), all actions are available from the Edit -> EDB Debugger menu.
VS Code Extension
⚠ Experimental
The vscode-edb-mcp/ directory contains a VS Code extension that provides a debugger frontend inside VS Code. Features:
Start/Stop Bridge — Spawn and kill the MCP subprocess
Debugger Panel — WebView panel for debugging commands
Execution control — Run/continue (F5), pause, step into (F11), step over (F10)
Breakpoint management — Set/clear breakpoints
Register/Memory inspection — View register state and memory
Status bar indicator — Shows bridge connection state (connected/disconnected)
Build and install:
cd vscode-edb-mcp
npm install
npm run compile
code --install-extension edb-debugger-mcp-1.0.0.vsixThe extension registers commands under the EDB: prefix and shows a status bar item.
Project Structure
edb-debugger-mcp/
├── edb_debugger_mcp/ # Package: FastMCP server (147 edb_ tools)
│ ├── __init__.py # Entry point + main()
│ ├── _mcp.py # FastMCP instance + GDB backend init
│ └── tools.py # All 147 @mcp.tool function definitions
├── gdb_backend.py # GDB MI backend (172 public methods, MI parser, session mgmt)
├── edb_models.py # 93+ Pydantic models for tool parameters
├── pwntools_mcp.py # Pwntools integration (50 pwntools_ tools: ROP, shellcode, ELF, asm, fmtstr, pack, tubes, enhex, elf_diff, bits, context)
├── web_ui/ # Web debugger frontend (FastAPI + htmx, browser-based)
│ ├── server.py # FastAPI app, tool categories, multi-page routing
│ └── templates/ # Static HTML + JavaScript frontend
├── binaryninja_mcp/ # Binary Ninja plugin (register overlay, right-click BP/patch, step)
├── ghidra_mcp/ # Ghidra bridge (pyhidra-based, same MCP client)
├── ida_mcp/ # IDA Pro plugin (IDAPython bridge with breakpoint/patch/step)
├── x64dbg_mcp/ # x64dbgpy plugin (Windows debugger bridge)
├── vscode-edb-mcp/ # VS Code extension (debugger panel, commands, status bar)
├── scripts/ # Utility scripts
│ └── generate_tool_table.py # Auto-generates markdown tool table
├── examples/ # 10 CTF challenges
│ ├── ret2win/ # Buffer overflow → call win function
│ ├── format-string/ # Format string → GOT overwrite
│ ├── crackme/ # Static password analysis
│ ├── rop-chain/ # ROP chain ret2libc (NX enabled)
│ ├── shellcode-injection/ # Shellcode on executable stack
│ ├── off-by-one/ # Off-by-one overwrites adjacent variable
│ ├── heap-uaf/ # Use-after-free → function pointer overwrite
│ ├── integer-overflow/ # Signed check bypass → OOB write
│ ├── nx-bypass/ # ROP mprotect + shellcode
│ └── canary-leak/ # Format string leak + BOF with canary
├── tests/ # 372 tests (pytest + pytest-asyncio)
├── CHANGELOG.md # Version history
├── requirements.txt # Python dependencies
├── README.md # This file
├── LICENSE # MIT License
└── .gitignore # Git ignore rulesCTF Examples
The examples/ directory contains 10 CTF-style challenges that showcase different exploitation techniques and the corresponding EDB MCP tools used to solve them.
Challenge | Technique | Tools Demonstrated |
| Buffer overflow overwrites return address to call a hidden win function |
|
| Format string vulnerability used to overwrite GOT entries |
|
| Static password analysis by examining the binary |
|
| Return-Oriented Programming chain to bypass NX (ret2libc) |
|
| Shellcode injection and execution on an executable stack |
|
| Single-byte heap overflow corrupts adjacent variable |
|
| Use-after-free corrupts a function pointer to gain control |
|
| Integer overflow bypasses a bounds check leading to OOB write |
|
| ROP chain calls mprotect then executes shellcode |
|
| Format string leaks stack canary, then BOF overwrites return address |
|
Each challenge includes source code, a compiled binary, and a solve script. Run from the challenge directory:
cd examples/ret2win
python solve.pyTool Reference (207 tools)
Program Control (12 tools)
Tool | Description |
| Load an executable binary for debugging. Resolves symbols and prepares for execu |
| Start execution of the loaded program from the beginning. |
| Continue execution after a breakpoint or pause. |
| Continue execution until a specific address is reached. |
| Pause (interrupt) the running program. |
| Kill and restart the debugged program. Reloads the binary, preserves breakpoints |
| Attach the debugger to an already-running process by PID. |
| Detach from the debugged process. The process continues running independently. |
| Kill the debugged process immediately. |
| Connect to a remote gdbserver for remote debugging. |
| Send a signal to the debugged process. |
| Call a function in the context of the debugged process. |
Step Operations (8 tools)
Tool | Description |
| Step a single instruction (assembly-level), not a source line. |
| Execute one machine instruction, stepping into function calls. |
| Execute one machine instruction, treating calls as atomic. |
| Execute until the current function returns to its caller. |
| Step over a single instruction (assembly-level), skipping calls. |
| Step backward in the program execution (reverse debugging). |
| Continue execution backward to the previous breakpoint or event. |
| Jump to a specific address, setting the instruction pointer. |
Breakpoints (18 tools)
Tool | Description |
| Set a breakpoint at a function, address, or source location. |
| Set a hardware-assisted breakpoint using CPU debug registers. |
| Set a watchpoint to monitor memory access. Three modes: |
| Set a catchpoint for exceptions, syscalls, signals, or process events. |
| Set a trace point (logging breakpoint) that prints a message and continues |
| Set or remove a condition on an existing breakpoint. |
| Set the number of times a breakpoint should be ignored before stopping. |
| Set commands to execute when a breakpoint is hit. |
| Re-activate a disabled breakpoint. |
| Disable a breakpoint without removing it. It can be re-enabled later. |
| Permanently remove a breakpoint or watchpoint by number. |
| List all breakpoints, watchpoints, and their status (number, type, enable/disabl |
| Export all breakpoints to a JSON file on disk. |
| Import breakpoints from a JSON file previously exported with |
| Start an execution trace at an address/function. Records every instruction execu |
| Stop the current execution trace session. |
| Show execution trace status, frames, and collected data. |
| List supported breakpoint types (software, hardware, watchpoint, catchpoint). |
Register Operations (10 tools)
Tool | Description |
| Get all CPU register values as JSON. Includes general-purpose registers, |
| Get the value of a specific CPU register. |
| Modify a CPU register value. Useful for patching execution flow or testing condi |
| Get a human-readable register dump in markdown table format. |
| Get all register values (shows current state, EDB-style). |
| Get the FPU (Floating Point Unit) register state. |
| Get the SIMD (SSE/AVX) register state. |
| Get architecture information about the debugged process and binary. |
| Show the EFLAGS/RFLAGS CPU status register with individual flag states. |
| List available CPU registers by category (GPR, SIMD, FPU, flag). |
Memory Operations (12 tools)
Tool | Description |
| Read and display memory contents at an address as a hex dump. |
| Read memory at an address interpreted as a specific data type. |
| Write a value to a memory address. Use for patching code or data. |
| Write raw hex bytes to memory starting at an address. |
| Fill a memory region with a repeating byte value. |
| Search memory for a byte pattern. Finds all occurrences in the specified region. |
| Compare two memory regions byte-by-byte and show differences. |
| Compare loaded memory sections with the original binary on disk. |
| Get the process memory map (like /proc/pid/maps). |
| Get information about defined memory regions and their permissions. |
| Set memory permissions for a region (read/write/execute). |
| Dump a memory region to a binary file on disk. |
Disassembly (7 tools)
Tool | Description |
| Disassemble machine code at an address or function. |
| Disassemble a range of memory from start to end address. |
| Get the instruction at the current program counter (RIP/EIP). |
| Get detailed information about an instruction at a given address. |
| Search memory for byte patterns (case-insensitive). |
| Analyze a code region and identify basic blocks. |
| Disassemble at an address and identify call/jump targets. |
Stack & Frames (11 tools)
Tool | Description |
| Dump the current stack (stack pointer to higher addresses). |
| Get the full call stack backtrace. Frame #0 is the current function. |
| Get detailed information about a stack frame: address, function, |
| Get all local variables in the current function scope. |
| Get the arguments passed to the current function. |
| List arguments for stack frames. |
| Push a value onto the program stack (decrements RSP, writes value). |
| Pop a value from the program stack (reads value, increments RSP). |
| Modify the value at the top of the stack without changing RSP. |
| Get detailed information about a specific stack frame level. |
| Scan the stack for potential return addresses (values in valid text ranges). Use |
Symbol Analysis (11 tools)
Tool | Description |
| Look up a symbol's address and type. Supports functions and variables. |
| List all functions in the binary, optionally filtered by name. |
| Get detailed info about a function: address, prototype, source location. |
| Get the start address, end address, and size of a function. |
| List all shared libraries / modules loaded by the process. |
| Get detailed section information for loaded modules. |
| Get the program entry point address. The entry point is the first code |
| Find all code references to a given address or symbol. |
| Find printable ASCII strings in the current code region. |
| Show cross-references to a given address or function. |
| Find the function start address containing a given address. |
Thread & Process (6 tools)
Tool | Description |
| List all threads in the debugged process with IDs, names, and states. |
| Get info about the currently active thread. |
| Switch the debugger context to a different thread. |
| Get comprehensive properties of the debugged process. |
| Get information about all inferiors (processes) being debugged. |
| Set whether the debugger follows the parent or child process after a fork. |
Expression & Data (8 tools)
Tool | Description |
| Evaluate a C expression in the debug context. |
| Print the type of a variable, function, or expression. |
| Print the type of an expression (short form). |
| Read the value of a local or global variable in the current scope. |
| Modify a variable's value in the current scope. |
| Read a null-terminated string from a memory address. |
| Find all code and data references to a string or address in the binary. |
| Add an expression to the auto-display list. Evaluated and shown on every stop. |
Code Analysis (8 tools)
Tool | Description |
| Analyze a code region for call instructions, branch instructions, |
| Analyze the heap memory region of the debugged process. |
| Generate a Control Flow Graph in Graphviz DOT format. |
| Generate a symbol map for a binary file using EDB's symbol generator. |
| Display source code with line numbers. Current line is marked with '->'. |
| List all source files used by the debugged program. |
| Convert between hex, ASCII, and UTF-16 representations. |
| Scan process memory for readable ASCII strings. |
Patching & Annotations (9 tools)
Tool | Description |
| Replace a range of instructions with NOP (0x90) bytes. |
| Assemble an assembly instruction and write it to memory. |
| Save a named bookmark pointing to an address for quick navigation. |
| List all saved bookmarks with names and addresses. |
| Remove a bookmark by name. |
| Add a text annotation to an address. Comments are stored in-memory |
| List all address annotations added via edb_add_comment. |
| Remove an annotation previously added with edb_add_comment. |
| Write runtime memory modifications back to the binary file on disk. |
Session & Environment (12 tools)
Tool | Description |
| Save the complete debugging session to a JSON file. |
| Load a debugging session from a JSON file. |
| Set an environment variable for the debugged process. |
| Show all environment variables configured for the debugged process. |
| Remove an environment variable from the debugged process. |
| Set the working directory for the debugger and debugged process. |
| Set the terminal device for the debugged program's I/O. |
| Enable or disable GDB internal debug output. |
| Log all GDB input/output to a file for debugging or record-keeping. |
| Configure how GDB handles signals (stop, print, pass to program). |
| List all signals and how GDB handles them. |
| Determine why the process stopped (breakpoint, signal, step, etc.). |
Debugger Control (23 tools)
Tool | Description |
| Configure GDB debugger settings. Equivalent to EDB's Configure Debugger |
| Display current debugger configuration settings. |
| Disable or enable ASLR for debugee. |
| Disable or enable lazy binding for debugee. |
| Get the current debugger and process status. |
| Get detailed information about the loaded binary file. |
| List GDB debugger features and capabilities. |
| List all available debugger plugins and capabilities. |
| Load a symbol file for the debugged program. |
| Navigate to and inspect an address across all views. |
| Search for ROP gadgets (instructions ending with 'ret') in memory. |
| Set a label/annotation at an address in the disassembly view. |
| Dump complete debugger state: all registers, current instruction, |
| Generate a core dump of the current process for post-mortem analysis. |
| Execute any raw GDB command directly. Full access to GDB's CLI. Powerful for adv |
| Save a full debugger snapshot (registers + memory) for later comparison. |
| Load a binary, set breakpoint, run, and dump state in one call. |
| Export the complete debugger state as structured JSON. |
| Compare the current loaded binary with its original on disk. |
| Generate a buffer-overflow exploit payload: offset + ROP chain + shellcode. |
| Show all memory patches made this session, or clear the history. |
| Detect the architecture of a connected remote GDB target. |
| Show detailed information about the remote debugging target. |
File Utils (2 tools)
Tool | Description |
| Convert a virtual address in the loaded process to the corresponding |
| Convert a file offset from the binary on disk to the corresponding |
pwntools (50 tools)
Tool | Description |
| Calculate aligned value (up/down) for a given alignment boundary. |
| Analyze an ELF binary using pwntools — entry point, PIE/NX/RELRO/Canary, section |
| Assemble assembly instructions into hex bytes using pwntools + keystone. |
| Get or set a specific bit in an integer. |
| Build a ROP chain to call a target function with arguments using pwntools ROP. |
| Check security properties of an ELF binary: RELRO, Canary, NX, PIE, RPATH/RUNPAT |
| Search pwntools/ELF constants by name or value. |
| View or modify pwntools global context (arch, os, endian, log_level). |
| Generate a cyclic pattern for buffer overflow offset discovery. |
| Find the offset of a value within a cyclic pattern. |
| Disassemble raw hex bytes into assembly instructions using pwntools + capstone. |
| List shared library dependencies of an ELF binary (DT_NEEDED entries). |
| Compare two ELF binaries: sections, segments, symbols. |
| Parse Global Offset Table (GOT) entries from an ELF binary. |
| Show ELF notes: build ID, ABI tag, property notes. |
| Patch bytes in an ELF binary at a given file offset. Creates a backup. |
| Parse Procedure Linkage Table (PLT) entries from an ELF binary. |
| Read bytes from an ELF binary at a section or address, with hex dump output. |
| Show ELF relocation entries (GOT/PLT fixups and absolute relocations). |
| Search for a byte pattern in an ELF binary. |
| List all ELF sections with detailed info: type, flags, address, offset, size, al |
| List ELF program headers (segments): type, flags, offset, vaddr, filesz, memsz. |
| Extract printable strings from an ELF binary, optionally filtered by section. |
| Search symbols in an ELF binary by regex pattern and type. |
| Encode shellcode using pwntools encoders (alphanumeric, null_free, xor). |
| Encode raw bytes to hexadecimal string. Supports \x escapes. |
| Calculate byte entropy (Shannon) of a file or memory region. Useful for detectin |
| Search ROP gadgets grouped by type: syscall, stack_pivot, call, jump. |
| Search for ROP gadgets in an ELF binary using pwntools ROP engine. |
| Pack a list of values/addresses into flat bytes using pwntools flat(). |
| Generate a format string exploit payload for arbitrary writes. |
| Display a formatted hex dump using pwntools hexdump styling. |
| Set pwntools log verbosity. Levels: debug, info, warning, error. |
| Compile assembly code into an ELF binary using pwntools make_elf. |
| Pack an integer into bytes (e.g., p64, p32, p16). |
| Start a local process for interaction (pwntools tube). |
| Connect to a remote TCP service (pwntools tube). |
| Rotate an integer value left by N bits. |
| Rotate an integer value right by N bits. |
| Generate shellcode using pwntools shellcraft module. |
| Generate a Sigreturn-Oriented Programming (SROP) frame using pwntools SigreturnF |
| Close an active tube connection. |
| List all active tube connections. |
| Receive data from an active tube. |
| Receive a single line from an active tube. |
| Receive data from a tube until a pattern is found. |
| Send raw data to an active tube (process or remote). |
| Send a line (with newline) to an active tube. |
| Decode hexadecimal string back to raw bytes. |
| Unpack bytes into an integer (e.g., u64, u32, u16). |
License
MIT License — see LICENSE for details.
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/oakkaya/edb-debugger-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server