Just thinking.. anyone ever investigate BOCHS as a cracking tool?! ie. full machine emulation, so you have total control over your target.. and with some coding you could add checkpointing/state logging to it.
Ofcourse it lacks windows internals know-how, so one would have to add that to the code in order to keep your trace target confined to your current windows task (otherwise you would trace task switches et all)

Anyway I don't know if it would even run a protected game, haven't tried that yet...

Not confident the quality ( accurateness) of emulation woud be
good enough ! Don't forget many programming tricks relye on
half documented "lore" ...
Plus , think of the speed ! Imagine emulating the
single-stepping of your target ? A 8088 would easily
outperform that ! And this is assuming that the emulator
correctly emulates the IA32 debugging facilities ( or has
equivalent or superior capabilities built-in )

Just a first thought reaction of course , I never ran Bochs - would
love to learn I was wrong

--
Cz.

Sure.. your thoughts are valid ones, but don't forget that BOCHS runs Win95/NT so it already emulates quite a substantial bit of ia32.
Performance is ofcourse of a concern, but it's not all that bad.. in the newly release 1.3 version there is a disk image of linux included, and it actually boots at a pretty decent speed.. I was surprised.
Anyway it would probably be too much work to get it into a decent shape to even compare it with SICE.