Strange Behaviour in DeArmadilled File

[TmC]

Hi All,
I am facing a strange behaviour in a Dearmadilled target.
The program is a Game by Oberon Media and is called Drean Day Wedding.
[INFO: hxxp://www.oberongames.com/DreamDayWedding.asp]
[URL: hxxp://gamecenter.oberon-media.com/exe/Dream_Day_Wedding-setup.exe]

I succesfully unpacked it but try to do this:

1) Click on Menu -> Profiles
2) Click on Menu -> Exit and Confirm
3) Click on Play -> Try to Play the Game

In both three cases you get a "floating point 602 runtime error"

I tried unpacking it 3 times in 3 different ways and with 2 different unpackers. All five times it failed there.

Can someone help? Do you know what is happening? I tried studying it, but no Environment Variables calls are beeing made, no errors trapped by debugger, only that error when clicking.

If i unpack it and run it from olly (after reaching oep) the program goes ok. Maybe a IAT problem? ImpREC seems to resolve good all pointers.

Thanks

RS: My Unpacked File
rs://rapidshare.com/files/17661630/DreamDayWedding.rar.html

[evlncrn8]

grab another copy of the game from www.gamehouse.com or www.reflexivearcade.com, crack those then compare your other crack...

diff prots used (pretty simple ones), should show your problem via comparison

[Jay]

I may be off base but it sounds similar to the problem Human had.

Code:

http://www.tuts4you.com/forum/index.php?showtopic=8407

Quote:

****ty ms**** and their vc++
i had problems with it, first media player classic cant be packed with nspack or we get this error, only pecompact can pack it.
now i try to unpack burnintest pro new.
dumped fixed iat, its debug blocker and nanos.
arminline 0.93 can do them because it doesnt grey out repair button:P
so we need to use 0.71

we run it and we get float not loaded
what the hell is that, do we live in 1990 and everybody have 386, because since 486 fpu is in cpu. so what is that crap. due that we cant run unpacked app. when we patch it every float to string will give hash, and insted of 0.1 we will have 4 ascii chars. thats really ****ing me off.

does someone knows how to fix it. why it executes fpu instructions but crashes on convert of float, maybe someone knows solutions for it

Quote:

thx to upx 2.0 src i find out it why it doesnt run.
if (use_dep_hack)
{
// This works around a "protection" introduced in MSVCRT80, which
// works like this:
// When the compiler detects that it would link in some code from its
// C runtime library which references some data in a read only
// section then it compiles in a runtime check whether that data is
// still in a read only section by looking at the pe header of the
// file. If this check fails the runtime does "interesting" things
// like not running the floating point initialization code - the result
// is an R6002 runtime error.
// These supposed to be read only addresses are covered by the sections
// UPX0 & UPX1 in the compressed files, so we have to patch the PE header
// in the memory. And the page on which the PE header is stored is read
// only so we must make it rw, fix the flags (i.e. clear
// PEFL_WRITE of osection[x].flags), and make it ro again.

simple way i just used cfe to change rdata from rw c0000040 to r only 40000040 and dump works, burnintest and performancetest

[TmC]

Quote:

Originally Posted by Jay

I may be off base but it sounds similar to the problem Human had.

Code:

http://www.tuts4you.com/forum/index.php?showtopic=8407

Thanks Jay, it was exactly as this. Now everything works