About
Articles
Book Store
Distributed RCE
Downloads
Event Calendar
Forums
Live Discussion
Reference Library
RSS Feeds
Search
Users
What's New
Customize Theme
bluegrey
blackgreen
metal
simple
Flag:
Tornado!
Hurricane!
Login:
Password:
Remember Me
Register
Blogs
>>
RolfRolles
's Blog
Created: Wednesday, October 10 2007 14:24.15 CDT
Printer Friendly ...
T2 2006 VM Analysis
Author:
RolfRolles
# Views:
4400
I've been intending to write a blog entry about dynamic approaches towards breaking VMs (as opposed to the pure static solution that I employed in my HyperUnpackMe2 article), but writer's block has kept me from finishing it. I decided to go ahead and release the supplement to that forthcoming entry, which had been collecting dust on my hard drive for sixteen months, so
here's
part of my solution to the T2 challenge from 2006. You still have work to do if you intend to complete that challenge.
The linked package contains an analysis of the VM, the logging DLL that I coded in order to generate a run trace of the VM program, and a sample output from the logger. What's not in the package is any analysis of the VM program nor any of the code that I wrote to break it. This was two days' worth of work, for which I earned ninth place in the contest.
Hopefully the entry explaining this method will be published next week.
Add New Comment
Comment:
There are
29,899
total registered users.
Recently Created Topics
Decompiling raw bina...
May/22
Incorrect bitness wh...
May/20
PaiMei stalker modul...
May/19
Attach to program us...
May/13
IDA PRO how to make ...
May/12
FACT: OpenRCE is dead.
May/08
Int 3 anti debug?
May/05
help needed - Beginn...
May/03
Attaching IDA Pro to...
Apr/27
File type
Apr/21
Recent Forum Posts
Ollydbg 2.0 - Plugin...
openrce...
IDA PRO how to make ...
codeinject
FACT: OpenRCE is dead.
codeinject
IDA Resource Viewer ...
r2x64
FACT: OpenRCE is dead.
djnemo
FACT: OpenRCE is dead.
codeinject
FACT: OpenRCE is dead.
pedram
help needed - Beginn...
araujo
Attaching IDA Pro to...
codeinject
Int 3 anti debug?
codeinject
Recent Blog Entries
lowpriority
Apr/13
OllyMigrate Plugin for Olly...
everdox
Mar/08
2 anti-trace mechanisms spe...
everdox
Mar/07
Advanced debugging techniques
everdox
Mar/06
Branch tracing and LBR acce...
everdox
Mar/05
Using pre-paged in virtual ...
More ...
Recent Blog Comments
clarisonic
on:
Apr/03
New version of Ollydbg!
clarisonic
on:
Apr/03
New version of Ollydbg!
trackerx90
on:
Mar/04
SuppressDebugMsg As Anti-De...
coachfactory
on:
Feb/25
Portable Executable Format ...
coachfactory
on:
Feb/25
A new Anti-Olly trick.
More ...
Imagery
SoySauce Blueprint
Jun 6, 2008
[+] expand
View Gallery
(11) /
Submit
Printer Friendly ...
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}