-
May 25th, 2004, 07:44 AM
#1
what does this error mean?: "The application failed to initialize properly (0xc000000
Hello guys,
I have develope a small packer program, which packs&unpacks PE files by examing/altering import tables of the PE files.
Now I have a problem:after i do the packing to the PE file, the packed PE file will be corrupted and if i clicked on it, an error message will be shown: "The application failed to initialize properly (0xc0000005)."
What does this error message mean? Generally, what can be the cause of this error?
thanks in advance
-
May 25th, 2004, 07:54 AM
#2
Re: what does this error mean?: "The application failed to initialize properly (0xc000000
[QUOTE]Originally posted by FredLiu
Hello guys,
I have develope a small packer program, which packs&unpacks PE files by examing/altering import tables of the PE files.
Now I have a problem:after i do the packing to the PE file, the packed PE file will be corrupted and if i clicked on it, an error message will be shown:
"The application failed to initialize properly (0xc0000005)."
What does this error message mean?
0xC00000005 is an Access Violation...your attempting a memory operation for which you are not allowed.
Generally, what can be the cause of this error?
There are a number of different reasons. Run your code under a debugger and examine the call stack.
-
May 25th, 2004, 08:16 AM
#3
"The application failed to initialize properly (0xc0000005)."
This means the program is crashing with an access violation sometime during the run-up of the exe, before the exe's code actually runs.
You have been messing around with the import tables of this image, it is likely that you messed something up; it is quite tricky to properly handle all the different variations that can go on in the import tables and the image headers, and get everything put back the way it belongs, and still have the program run correctly.
It's also possible that the entry code you injected to unpack the exe and restore the imports has a problem and is causing a crash, although I would not expect the "application failed to initialize properly" if it is getting far enough to run your code.
This stuff is really painful to debug, because none of your code actually ever runs. All I can recommend is, become very familiar with the portable exe spec, and get a good image dumping tool and binary editing tool.
If you are attempting to do exe compression, there are numerous freeware, shareware, and commercial programs that do this, you might want to check some of them out. If you are trying to do some sort of licensing/copy protection scheme, I wish you luck - I've done this, and it's a pain in the a**.
-
May 25th, 2004, 08:37 AM
#4
Originally posted by wayside
It's also possible that the entry code you injected to unpack the exe and restore the imports has a problem and is causing a crash, although I would not expect the "application failed to initialize properly" if it is getting far enough to run your code.
probably should write a small bit of code to walk through PE format ie: ImageNtHeader(...) or just grab the source to dumpbin or one of hte PE format dump programs (as you indicated) that have source avail and walk through the load, such as the pwalk sample.
The reason he should use a debugger first IMHO is to determine where in the Ldr routines this is occruing...if it is a trashed executable than that should be evident, of course the same thing could be said if a dumpbin program determines the file format is invalid
Last edited by Mick; May 25th, 2004 at 08:47 AM.
-
May 25th, 2004, 09:27 AM
#5
thank both Mick and wayside !
actually i have solved the problem, however not by using a debugger. I'm using a user mode debugger, and it just won't help, since, just as wayside said, the problem occured before the debugger get to my program's entry point. what I've done is just open the packed exe file with a Hex editor, and check the import table directly to see if i had messed something up, and there I found the problem (and it was really not so straight forward to figure the problem out of raw hex data,hehe~~)
Mick's suggestion of using some code going through the PE structure to find the problem is a good one, next time if i have similar problem i'll try this way first
and to wayside:
"If you are trying to do some sort of licensing/copy protection scheme, I wish you luck - I've done this, and it's a pain in the a**."
ha, i'm just doing it, and i understand what you mean~ thank you for your wish
-
May 25th, 2004, 09:31 AM
#6
Last edited by Mick; May 25th, 2004 at 09:35 AM.
-
May 25th, 2004, 09:57 AM
#7
thank you !
-
May 25th, 2004, 10:17 AM
#8
There's a PE viewer posted on this very site:
http://www.codeguru.com/Cpp/misc/misc/article.php/c315/
"ha, i'm just doing it, and i understand what you mean~ thank you for your wish"
BTW - munging on the import table is a pretty good trick, but there are hacker tools which can examine a program that is running in memory (after you've restored the exe), and analyze and reconstruct the exe on disk. Even if you wipe out the import data, these tools can look at the jump table, figure out what the function is just from the address, and add an import reference.
There have been several commercial programs which used techniques such as these, all were ultimately hacked.
So you are going to have to be much more clever if you want serious protection...
-
May 25th, 2004, 11:33 AM
#9
thank you for your advise and the tool suggested,
I know that "ultimate protection" is really not so easy (or even possible?) I'll try to be as clever as I can, although there will always be someone more cleverer out there~~~
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|