WslinkVMAnalyzer is a tool primarily developed to facilitate analysis of Wslink, which is a unique loader running as a server and executing received modules in-memory. This tool uses Miasm, an open source framework that provides us with a symbolic execution engine.
The tool and structure of the virtual machine is described in our blogpost.
% pip3 install /~
In the examples
directory, you will find a dump of the virtual machine and
two Python scripts. The scripts output Graphviz DOT files (
) which
can by converted to SVG or any other format supported by Graphviz.
(./examples) % python3
(./examples) % dot -Tsvg -o vma.svg