BlobRunner is a simple tool to quickly debug shellcode extracted during malware analysis.
BlobRunner allocates memory for the target file and jumps to the base (or offset) of the allocated memory. This allows an analyst to quickly debug into extracted artifacts with minimal overhead and effort.
+ Download and install Microsoft Visual C++ Build Tools or Visual Studio
1. Open Visual Studio Command Prompt
2. Navigate to the directory where BlobRunner is checked out
3. Build the executable by running: cl blobrunner.c
– Open BlobRunner in your favorite debugger.
– Pass the shellcode file as the first parameter.
– Add a breakpoint before the jump into the shellcode
– Step into the shellcode
git clone https://github.com/OALabs/BlobRunner && cd BlobRunner
blobrunner.exe shellcode.bin --offset 0x0100