MS / GCC standard libraries incompatibility when using .exe loader?


There is a console application that was compiled on a Microsoft compiler (using WINAPI functions, of course), C ++. There is no source code and analogues of this program either. Disassembling shows about 3500 functions, so full reverse engineering will take a very long time.

I set myself the task of writing a universal bootloader that supports multiple operating systems (the code is selected at compile time). So far I work only on Windows.

Loading is done according to the principle "put the original segments in the right places, process the import table, call the entry point". Gcc (MinGW) was chosen for implementation, as it supports modified linker scripts, C language.

The segments were positioned correctly, the import table was processed correctly, the entry point was called, the arguments were processed correctly. The problem is that sooner or later error R6002 appears (as a side effect), but I'm sure that the problem is precisely in the linking of the program (runtime libraries are incompatible and somewhere was initialized, but somewhere not?), and not in any specific errors. Debugging is done with Qt creator, but it is difficult since there is only an assembly listing.

The question is: will you have to patch the calls of standard functions to get the bootloader to work, or can you think of something?


Since the program was printing

runtime error R6002
- floating point support not loaded

I decided to find out what is causing this error. And I found this ("call stack"):

_amsg_exit(2) <= 2 - код ошибки (соответствует R6002)

The _fptrap function was _fptrap used as a stub 10 times in an array of 10 functors. The interesting thing is that this function could not be called, since before such a call, these functors were unconditionally rewritten to others:

void __cdecl _cfltcvt_init_0()
  off_519200 = _cfltcvt;      // Все эти off_* были инициализированы
  off_519204 = sub_4B91DF;    // функтором _fptrap.
  off_519208 = _fassign;
  off_51920C = _forcdecpt;
  off_519210 = _positive;
  off_519214 = _cfltcvt;
  off_519218 = _cfltcvt_l;
  off_51921C = _fassign_l;
  off_519220 = _cropzeros_l;
  off_519224 = _forcdecpt_l;

I changed this stub to normal nullsub , the flight is normal. However, the feeling remains that somewhere I am being deceived.

Scroll to Top