🔎 Bad Char Analyzer WIP

What is it?

A WinDbg automation script that eliminates the most tedious part of shellcode development: finding bad characters. Bad characters are byte values that get corrupted, stripped, or transformed when they pass through a vulnerable function — 0x00 terminates strings, 0x0a newlines trip line-based parsers, and so on. You have to find all of them before your shellcode will work.

Normally this is done manually: include all 255 bytes in your payload, crash the target, inspect memory, note which bytes are wrong, remove them, repeat. This script automates that entire loop inside WinDbg using PyKD.

How it Works

• Parses your PoC exploit script to extract payload structure and ROP buffer size
• Connects to the debugged process via PyKD (WinDbg's Python scripting interface)
• Iteratively reruns the exploit, inspecting memory at crash time
• Detects which bytes were corrupted by comparing expected vs. actual memory content
• Accumulates confirmed bad characters and re-generates a clean test payload without them
• Run as !py BadcharAnalyzer.py exploit.py from the WinDbg console

Requirements

• WinDbg with PyKD installed (.load pykd.pyd)
• A Python PoC exploit file with a parseable ROP buffer structure