Adding support for x64 debugging. Minor updates.

README.md

@@ -18,7 +18,21 @@ __Build Steps__
 
  - Open Visual Studio Command Prompt 
  - Navigate to the directory where BlobRunner is checked out
- - Build the executable by running: cl blobrunner.c
+ - Build the executable by running: 
+ ```
+ cl blobrunner.c
+ ```
+
+### Building BlobRunner x64 
+
+Building the x64 version is virtually the same as above, but simply uses the x64 tooling. 
+ - Open x64 Visual Studio Command Prompt 
+ - Navigate to the directory where BlobRunner is checked out
+ - Build the executable by running: 
+  ```
+   cl /Feblobrunner64.exe /Foblobrunner64.out blobrunner.c
+  ```
+
 
 ## Usage
 
@@ -45,6 +59,11 @@ Debug into file and don't pause before the jump. __Warning:__ Ensure you have a
 BlobRunner.exe shellcode.bin --nopause
 ```
 
+##### Debugging x64 Shellcode
+
+Inline assembly [isn't supported](https://msdn.microsoft.com/en-us/library/wbk4z78b.aspx) by the x64 compiler, so to support debugging into x64 shellcode the loader 
+creates a suspended thread which allows you to place a breakpoint at the thread entry, before the thread is resumed.
+
 ##### Remote Debugging Shell Blobs (IDAPro)
 
 The process is virtually identical to debugging shellcode locally - with the exception that the you need to copy the shellcode file

blobrunner.c

@@ -3,12 +3,16 @@
 #include <tchar.h>
 #include <stdlib.h>
 
+#ifdef _WIN64
+    #include <WinBase.h>
+#endif
+
 // Define bool
 typedef int bool;
 #define true 1
 #define false 0
 
-char *_version = "0.0.1";
+char *_version = "0.0.2";
 
 void banner(){
     system("cls");
@@ -62,19 +66,45 @@ LPVOID process_file(char* inputfile_name){
 void execute(LPVOID base, int offset, bool nopause, bool debug)
 {
 	LPVOID entry;
-
+	#ifdef _WIN64
+	    DWORD   thread_id;
+	    HANDLE  thread_handle;
+	#endif
+
 	entry = (LPVOID)((int)base + offset);
-    printf(" [*] Entry: 0x%08x\n",entry);
 
-    if(nopause == false){
-	    printf("--- Press a key to jump into shellcode! ---\n");
-	    getchar();
-	}
-	else{
-	    printf(" [*] Jumping to shellcode\n");
-	}
 
-    __asm jmp entry;
+	#ifdef _WIN64
+
+	    printf(" [*] Creating Suspended Thread...\n");
+        thread_handle = CreateThread(
+            NULL,          // Attributes
+            0,             // Stack size (Default)
+            entry,         // Thread EP
+            NULL,          // Arguments
+            0x4,           // Create Suspended
+            &thread_id);   // Thread identifier
+
+        if(thread_handle == NULL){
+            printf(" [!] Error Creating thread...");
+            return;
+        }
+        printf(" [*] Created Thread: [%d]\n", thread_id);
+        printf(" [*] Thread Entry: 0x%016x\n",entry);
+        printf(" [*] Navigate to the Thread Entry and set a breakpoint. Then press any key to resume the thread.\n",entry);
+        getchar();
+        ResumeThread(thread_handle);
+    #else
+        printf(" [*] Entry: 0x%08x\n",entry);
+        if(nopause == false){
+	        printf(" [*] Navigate to the EP and set a breakpoint. Then press any key to jump to the shellcode.\n");
+	        getchar();
+	    }
+	    else{
+	        printf(" [*] Jumping to shellcode\n");
+	    }
+        __asm jmp entry;
+    #endif
 }
 
 int main(int argc, char* argv[])

changelog.txt

@@ -0,0 +1,6 @@
+0.0.2
+ - Added support for x64 debugging by using CreateThread and ResumeThread
+ - Minor updates
+
+0.0.1
+ - Initial Version