dnSpy

dnSpy MCP server exposes decompilation, IL disassembly, metadata inspection, and protection analysis for static .NET assemblies via the MCP stdio protocol. It leverages the ICSharpCode.Decompiler (dnSpyEx) engine to analyze assemblies without executing them, providing a safe analysis surface for software inspection and vulnerability assessment. After starting the server, clients can invoke a suite of tools by passing appropriate commands and parameters through the MCP transport, enabling you to inspect PE metadata, decompile types, view IL, search for strings, and run anti-tamper/anti-debug analyses. The included tools cover common inspection and reverse-engineering workflows, such as decompiling an entire assembly, inspecting specific types or methods, resolving tokens, and generating protection reports. This makes it suitable for static analysis, auditing, and tooling integration with MCP-enabled clients like Claude Desktop, Cursor, or other MCP-compliant applications.

Prerequisites:

• .NET 8 SDK or later installed on your system
• Git installed
• A client capable of MCP stdio transport (e.g., Claude Desktop or Cursor)

Installation steps:

1. Clone the repository git clone https://github.com/ZeraTS/dnSpy-MCP.git
2. Build the project cd dnSpy-MCP dotnet build src/DnSpyMcp/DnSpyMcp.csproj -c Release
3. Run the MCP server (example) dotnet src/DnSpyMcp/bin/Release/net8.0/DnSpyMcp.dll

Configuration for Claude Desktop (example):

• Add to claude_desktop_config.json: { "mcpServers": { "dnspy-mcp": { "command": "dotnet", "args": ["/path/to/src/DnSpyMcp/bin/Release/net8.0/DnSpyMcp.dll"] } } }

Note: The server exposes tools via MCP over stdio; point clients to the running process and use the available tool commands as documented in the README.

Tips and notes:

• The server never executes target assemblies; analysis is static and relies on the decompiler/type system for information.
• Ensure .NET 8 SDK compatibility on the client machine when integrating with MCP clients.
• If dependencies are missing for a target assembly, some decompilation or analysis results may be partial or skipped; PE-level operations remain unaffected.
• The tool suite includes: get_pe_info, get_resources, resolve_token, list_pinvokes, find_attributes, get_methods_for_type, decompile_assembly, decompile_type, decompile_method, dump_il, inspect_type, inspect_method, list_types, find_methods, search_strings, search_members, set_breakpoint, list_breakpoints, inspect_breakpoint, clear_breakpoints, detect_anti_debug, detect_anti_tamper, get_protection_report.
• Use the protection analysis tools (detect_anti_debug, detect_anti_tamper, get_protection_report) to obtain a risk assessment of anti-debug and anti-tamper measures in the target assembly.