#1
|
|||
|
|||
Runtime Error R6002 - Floating point not loaded
Hello,
I just arrived and thought I'd start by sharing the a little discovery I made that REALLY helped a lot. If a program uses any floating point operations and has been packed and then unpacked, this error might arise. If a compiler links a C runtime library that references a read only section, the compiler will add a check to make sure that the referenced section is still read only. If it's not readonly, it produces this error and proceeds to crash. This has happened on a few apps of mine which required the use of FP numbers. I did some searching and found a couple of suggestions. One possible fix is to change the referenced section to readonly using a pe editor, but this can lead to results worse than a crash at certain points. Another "solution" I found would patch the exception, but that caused the program to fail on the FP call but not crash (in the program I tested it with anyway). But I found that recompressing the pe with UPX did the trick! The floating point operations run flawlessly as does everything else. So right now you may be saying "But I JUST unpacked the thing!", and you're right. However, Floating Point operations are seldomly used in programming, and I rarely see a serial verification algorithm that uses them. So you could leave the PE unpacked while you're reversing it, then pack the fixed file in UPX to fix any errors that may occur in other areas of the program. This worked with PECompact 2.x and Armadillo 3.x |
#2
|
|||
|
|||
It is important that you understand the PE file structure and how various compilers PE headers are constructed.
This problem ONLY arises with MSVC compiled programs. And yes, setting .rdata section permissions to 40000040 (read only) is the proper fix for it. When using upx to unpack, you see it rebuilds the original PE header. Well some common sense tells you that the header must be stored in the packed file somewhere, and in fact it is. Almost always at the end of UPX1 section (search .text or CODE). Armadillo does not really trash the sections too bad, just the names in newer builds (if the option is checked) and is quite easy to tell by the amount of section and looking at the code a bit weather it's MSVC, VB, Delphi, Watcom etc... After knowing PE file format and looking on enough headers, you can rebuild the proper header structure and permissions within minutes. =] I recommend Goppit's PE file format tutorial if you have not read it. You can rebuild the PE header even from tough things, like Themida protected apps with a little knowledge and being able to identify regions of memory by either looking at them in memory window of your debugger , or just looking with your favorite hex editor. It's a nice skill to have and recommend everyone spend some time learning how to properly rebuild a PE. It will make your dumps smaller and cleaner, as well function properly if things like floating point are used. =] Cheers |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
WinCE Floating-Point operators - HELP | leader | General Discussion | 0 | 01-31-2018 03:18 |
Runtime Error R6002 - Floating point not loaded after unpacking | TempoMat | General Discussion | 14 | 11-02-2013 14:05 |
reverse engineering floating point code | jonwil | General Discussion | 3 | 11-04-2008 09:08 |