Windows x64 debugger written in C++. Includes both a CLI (rip) and a GUI (tombstone).
- Launch, attach, and debug Windows executables
- Software breakpoints (INT3) and hardware breakpoints (DR0-DR3)
- Step into, step over, step out (instruction and source-level)
- Symbol resolution via PDB files
- Source code display when debug info available
- x64 disassembly (Zydis)
- Crash dump (.dmp) analysis
- Thread inspection and switching
- Memory viewing
- Local variable inspection
- Register editing
- Conditional breakpoints
- Script execution
| Component | Description |
|---|---|
rip |
CLI debugger with interactive command prompt |
tombstone |
Qt6-based GUI debugger |
rip_core |
Shared library containing the debugger engine |
Requires Windows, MSVC, and CMake.
cmake -B build
cmake --build buildOutputs:
build/bin/rip.exebuild/bin/tombstone.exe
# Debug an executable
rip.exe program.exe [args...]
# Attach to a running process
rip.exe -p <pid>
# Open a crash dump
rip.exe crash.dmp
# Run a script before debugging
rip.exe -x script.txt program.exe| Command | Shortcut | Description |
|---|---|---|
| run | r | Start target |
| continue | c | Continue execution |
| quit | q | Quit debugger |
| kill | Terminate process | |
| breakonstart | bos | Toggle break on start |
| step | s | Step into |
| next | n | Step over |
| finish | fin | Step out |
| breakpoint | b | Set breakpoint |
| breakpoints | bl | List breakpoints |
| delete | d | Delete breakpoint |
| enable | be | Enable breakpoint |
| disable | bd | Disable breakpoint |
| hbreak | hb | Set hardware breakpoint |
| hbreakpoints | hbl | List hardware breakpoints |
| hdelete | hd | Delete hardware breakpoint |
| registers | regs | Show registers |
| backtrace | bt | Stack trace |
| frame | f | Inspect a stack frame |
| thread | t | List/switch threads |
| locals | lv | Show local variables |
| memory | m | Read memory |
| mwrite | mw | Write memory |
| disassemble | dis | Disassemble at address |
| list | l | Show source code |
| vmmap | vm | Show memory map |
| symbols | sym | Search symbols |
| modules | mod | List loaded modules |
| sympath | Set symbol search path | |
| pe | Show PE header info | |
| exports | Show module exports | |
| imports | Show module imports | |
| sections | sec | Show PE sections |
| p | Evaluate expression | |
| setregister | setreg | Set register value |
| source | src | Execute script file |
| history | hist | Show command history |
| ps | List running processes | |
| attach | Attach to process | |
| detach | Detach from process | |
| dump | Create memory dump | |
| help | h | Show help |
The tombstone GUI provides a visual debugging interface with dockable windows:
| Window | Description |
|---|---|
| Disassembly | Central view showing disassembled instructions |
| Source | Source code display with line highlighting |
| Registers | CPU register values with inline editing (GPR, XMM, RFLAGS, MXCSR) |
| Stack | Call stack with click-to-navigate |
| Breakpoints | List of active and pending breakpoints |
| Threads | Thread list with switching |
| Memory | Memory viewer |
| Watch | Expression watch window |
| Commands | Command input for CLI commands |
Toolbar actions: Open, Run, Attach, Continue, Pause, Step Over, Step Into, Step Out, Break on Start
All dependencies are included in ThirdParty/.