Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 09-11-2009, 10:02
MrGneissGuy's
 
Posts: n/a
Runtime Error R6002 - Floating point not loaded

Hello,

I just arrived and thought I'd start by sharing the a little discovery I made that REALLY helped a lot.

If a program uses any floating point operations and has been packed and then unpacked, this error might arise.

If a compiler links a C runtime library that references a read only section, the compiler will add a check to make
sure that the referenced section is still read only. If it's not readonly, it produces this error and proceeds to crash.

This has happened on a few apps of mine which required the use of FP numbers.

I did some searching and found a couple of suggestions.

One possible fix is to change the referenced section to readonly using a pe editor, but this can lead to results worse
than a crash at certain points.

Another "solution" I found would patch the exception, but that caused the program to fail on the FP call but not crash
(in the program I tested it with anyway).

But I found that recompressing the pe with UPX did the trick! The floating point operations run flawlessly as does everything else.

So right now you may be saying "But I JUST unpacked the thing!", and you're right. However, Floating Point operations
are seldomly used in programming, and I rarely see a serial verification algorithm that uses them. So you could leave the
PE unpacked while you're reversing it, then pack the fixed file in UPX to fix any errors that may occur in other areas of the program.

This worked with PECompact 2.x and Armadillo 3.x
Reply With Quote
  #2  
Old 09-14-2009, 03:08
Nexus6
 
Posts: n/a
It is important that you understand the PE file structure and how various compilers PE headers are constructed.

This problem ONLY arises with MSVC compiled programs. And yes, setting .rdata section permissions to 40000040 (read only) is the proper fix for it.

When using upx to unpack, you see it rebuilds the original PE header. Well some common sense tells you that the header must be stored in the packed file somewhere, and in fact it is. Almost always at the end of UPX1 section (search .text or CODE).

Armadillo does not really trash the sections too bad, just the names in newer builds (if the option is checked) and is quite easy to tell by the amount of section and looking at the code a bit weather it's MSVC, VB, Delphi, Watcom etc...

After knowing PE file format and looking on enough headers, you can rebuild the proper header structure and permissions within minutes. =] I recommend Goppit's PE file format tutorial if you have not read it.

You can rebuild the PE header even from tough things, like Themida protected apps with a little knowledge and being able to identify regions of memory by either looking at them in memory window of your debugger , or just looking with your favorite hex editor. It's a nice skill to have and recommend everyone spend some time learning how to properly rebuild a PE. It will make your dumps smaller and cleaner, as well function properly if things like floating point are used. =]

Cheers
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
WinCE Floating-Point operators - HELP leader General Discussion 0 01-31-2018 03:18
Runtime Error R6002 - Floating point not loaded after unpacking TempoMat General Discussion 14 11-02-2013 14:05
reverse engineering floating point code jonwil General Discussion 3 11-04-2008 09:08


All times are GMT +8. The time now is 09:24.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )