Thread: Runtime Error R6002 - Floating point not loaded after unpacking
View Single Post
  #6  
Old 10-29-2013, 23:05
TempoMat TempoMat is offline
Friend
  
Join Date: Jan 2006
Posts: 87
Rept. Given: 10
Rept. Rcvd 6 Times in 6 Posts
Thanks Given: 4
Thanks Rcvd at 28 Times in 21 Posts
TempoMat Reputation: 6
Quote:
Originally Posted by giv View Post
Other solution.
Compress the unpacked file with UPX and it will work.
Tried this as well but UPX could not compress the unpacked exe.
Quote:
Originally Posted by RedBlkJck View Post
Maybe you are only at fake oep where the resource section is repaired/remapped after fake oep. Try editing the resources on your manually unpacked file.
No the OEP in both files are the same.

Quote:
Originally Posted by giv View Post
]
Search this patter #C1E81FF7D083E001#
--------------------------
MOV EAX,DWORD PTR DS:[EAX+24] ; Section char of codesec to eax
SHR EAX,1F
NOT EAX
AND EAX,1
The breakpoint at the location 00541C17 (with the quoted pattern) is hit continuously.
If I set EAX=1 after the AND EAX,1 instruction at the first hit, the unpacked file runs without the error. All other hits will trigger the R6002 error and some other SEHs with EAX modified to 1. So patching here will have to be thoroughly thought of.

Maybe trying to rebuild the peHeader first before dumping might be the most elegant way even though it could be the most time consuming option.
Reply With Quote