Analysing "Trigger-based" Malware with S2E

This code accompanies my Analysing "Trigger-based" Malware blog post and slides.

Both directories should be copied into the windows directory of the guest-tools repo in your S2E environment, located at $S2EDIR/source/s2e/guest/windows.

Open the s2e.sln solution in Visual Studio and add the malware-inject, GetLocalTime-hook and wannacry-hook projects to the s2e solution.

The GetLocalTime-test project can be used to test symbolic execution of GetLocalTime. GetLocalTime-test is a stand-alone project and does not have to be added to the s2e solution.