BlobRunner - Quickly debugging shellcode extracted during malware analysis.

BlobRunner – Quickly debugging shellcode extracted during malware analysis.

BlobRunner is a simple tool to quickly debug shellcode extracted during malware analysis.
BlobRunner allocates memory for the target file and jumps to the base (or offset) of the allocated memory. This allows an analyst to quickly debug into extracted artifacts with minimal overhead and effort.

Requirements
+ Download and install Microsoft Visual C++ Build Tools or Visual Studio

Build Steps
1. Open Visual Studio Command Prompt
2. Navigate to the directory where BlobRunner is checked out
3. Build the executable by running: cl blobrunner.c

BlobRunner

To debug:
– Open BlobRunner in your favorite debugger.
– Pass the shellcode file as the first parameter.
– Add a breakpoint before the jump into the shellcode
– Step into the shellcode

Usage:

Download Binary: blobrunner-0.0.1.zip
Source: https://github.com/OALabs