I've been intending to write a blog entry about dynamic approaches towards breaking VMs (as opposed to the pure static solution that I employed in my HyperUnpackMe2 article), but writer's block has kept me from finishing it. I decided to go ahead and release the supplement to that forthcoming entry, which had been collecting dust on my hard drive for sixteen months, so here's part of my solution to the T2 challenge from 2006. You still have work to do if you intend to complete that challenge.

The linked package contains an analysis of the VM, the logging DLL that I coded in order to generate a run trace of the VM program, and a sample output from the logger. What's not in the package is any analysis of the VM program nor any of the code that I wrote to break it. This was two days' worth of work, for which I earned ninth place in the contest.

Hopefully the entry explaining this method will be published next week.

https://www.openrce.org/blog/view/913/T2_2006_VM_Analysis