dnSpy-MCP
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@dnSpy-MCPdecompile the Main method in Program from app.dll"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
dnSpy-MCP
A Model Context Protocol server for static .NET assembly analysis powered by ICSharpCode.Decompiler (dnSpyEx engine). Exposes decompilation, IL disassembly, metadata inspection, and protection analysis as MCP tools over stdio. Never executes target assemblies.
Requirements
.NET 8 SDK or later
Compatible MCP client (Claude Desktop, Cursor, or any client supporting MCP stdio transport)
Installation
git clone https://github.com/ZeraTS/dnSpy-MCP.git
cd dnSpy-MCP
dotnet build src/DnSpyMcp/DnSpyMcp.csproj -c ReleaseClaude Desktop Configuration
Add to claude_desktop_config.json:
{
"mcpServers": {
"dnspy-mcp": {
"command": "dotnet",
"args": ["/path/to/src/DnSpyMcp/bin/Release/net8.0/DnSpyMcp.dll"]
}
}
}Tools
Tool | Description | Key Parameters |
| Get PE/COFF header information, assembly metadata, and target framework |
|
| List all manifest resources embedded in the assembly |
|
| Resolve a metadata token (hex, e.g. |
|
| List all P/Invoke (DllImport) declarations in the assembly |
|
| Find all types and methods decorated with a specific attribute |
|
| Get all methods defined on a specific type |
|
| Decompile the entire assembly to C# source code |
|
| Decompile a specific type to C# source code |
|
| Decompile a specific method to C# source code |
|
| Dump IL (CIL) disassembly for the whole assembly, a type, or a specific method |
|
| Inspect a type's structure: fields, methods, properties, interfaces, optionally with source |
|
| Inspect a specific method: signature, parameters, decompiled source, optionally IL |
|
| List all type definitions in the assembly |
|
| Find methods in the assembly, optionally filtered by name pattern |
|
| Search for string literals in the assembly's decompiled source |
|
| Search for types, methods, fields, and properties by name pattern |
|
| Set a virtual breakpoint on a method at a specific IL offset |
|
| List all active virtual breakpoints | |
| Show IL at a breakpoint offset, infer stack types, and find all callers of the method |
|
| Remove all virtual breakpoints or a specific one by id |
|
| Static analysis to detect anti-debug techniques across 7 categories |
|
| Static analysis to detect obfuscation and anti-tamper protections |
|
| Aggregate anti-debug and anti-tamper analysis into a report with risk score (0-10) and bypass recommendations |
|
Protection Analysis
detect_anti_debug, detect_anti_tamper, and get_protection_report perform static analysis only. The target assembly is never loaded as a .NET type, never JIT-compiled, and never executed. Analysis uses ICSharpCode.Decompiler's type system and PE reader exclusively.
Anti-Debug Detection Categories
P/Invoke declarations targeting known anti-debug APIs (IsDebuggerPresent, NtQueryInformationProcess, etc.)
Managed API usage (System.Diagnostics.Debugger.IsAttached, etc.)
Timing-based checks (Stopwatch, GetTickCount, QueryPerformanceCounter patterns)
Thread hiding (NtSetInformationThread with ThreadHideFromDebugger)
TLS callback presence (executes before Main entry point)
Hardware breakpoint detection (CONTEXT Dr0-Dr3 reads)
Exception-based anti-debug patterns
Anti-Tamper Detection Categories
Obfuscator fingerprinting (ConfuserEx, Dotfuscator, Eazfuscator, .NET Reactor, SmartAssembly, KoiVM, and 10+ more)
Name obfuscation heuristics (control characters, zero-width characters, saturation)
String encryption stubs (cctor array init patterns, int-to-string decrypt method signatures)
Control flow obfuscation (switch proxies, high goto density)
Integrity checks (self-hash, File.ReadAllBytes on own assembly, termination after hash comparison)
VM/virtualisation (large switch dispatchers, encrypted IL stubs)
Packing (PE section names: UPX, MPRESS, .vmp0, Themida, etc.)
Risk Score
get_protection_report computes a risk score (0-10):
High severity/confidence finding: +1.5 points
Medium: +0.75 points
Low: +0.25 points
Capped at 10
Project Structure
src/DnSpyMcp/
├── Program.cs
├── Core/
│ ├── AssemblyCache.cs Thread-safe decompiler cache (keyed by path + mtime)
│ └── BreakpointRegistry.cs In-memory virtual breakpoint store
├── Models/
│ └── Results.cs All result record types
└── Tools/
├── Analysis/
│ ├── AnalysisTools.cs PE info, resources, token resolution, P/Invokes, attributes
│ ├── BreakpointTools.cs Virtual breakpoints: set, list, inspect, clear
│ ├── DecompileTools.cs C# decompilation, IL disassembly
│ ├── InspectTools.cs Type and method inspection
│ └── SearchTools.cs Type/method/member/string search
└── Security/
├── AntiDebugTools.cs Anti-debug pattern detection
├── AntiTamperTools.cs Obfuscation and anti-tamper detection
└── ProtectionReportTools.cs Aggregated protection reportKnown Issues
The name obfuscation detector flags members with single-letter names or compiler-generated names (containing < >). Standard .NET compiler-generated types (lambda closures, async state machines) will contribute to the obfuscated-name ratio. The threshold is set at 30% to reduce noise, but assemblies making heavy use of generics or LINQ may still trigger it.
The string decryption method detector only fires when the method name itself is obfuscated (contains control characters or is a single letter). If a protector uses readable method names for its string decrypt routines, this check will not detect them. The cctor array initialisation pattern is unaffected.
ICSharpCode.Decompiler attempts to resolve referenced assemblies from the same directory as the target. If dependencies are missing, decompilation of affected methods will fall back to partial output or skip. PE-level operations (get_pe_info, get_resources, resolve_token, list_pinvokes) are not affected. ThrowOnAssemblyResolveErrors is set to false by default to suppress resolver errors.
The list_pinvokes and anti-debug P/Invoke scanner only detect methods decorated with [DllImport]. Dynamic P/Invoke patterns using NativeLibrary.Load + GetExport, GetProcAddress via Marshal, or manually built delegate function pointers will not be detected.
Credits
Detect It Easy (DIE)
The protection detection logic in Tools/Security/ draws directly from the detection approach used by Detect It Easy by horsicq.
DIE's core insight — that protector fingerprinting should operate on raw binary byte patterns, PE section metadata, and metadata string heap searches rather than decompiled source — is the foundation of the sub-millisecond detection performance in this project. Several obfuscator signatures (ConfuserEx, Eazfuscator, KoiVM, .NET Reactor, VMProtect, Dotfuscator, MPRESS, Themida, and others) are adapted from DIE's PE signature scripts under db/PE/. DIE is maintained by horsicq and contributors and is available under the MIT license.
Anti-Debug Research
The anti-debug detection categories and API coverage are informed by:
bengabay1994, Anti-Debugging with .NET in Windows Environment — PEB field checks (BeingDebugged, NtGlobalFlag, heap Flags/ForceFlags), StartupInfo.lpDesktop, NtCreateThreadEx thread hiding
hsheric0210, AntiDebug.NET — comprehensive .NET anti-debug and anti-VM technique reference covering dynamic IAT resolution, manual module mapping, and hook bypass patterns
Check Point Research, Anti-Debug Tricks — referenced via AntiDebug.NET
This server cannot be installed
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/notgate/dnSpy-MCP'
If you have feedback or need assistance with the MCP directory API, please join our Discord server