Indeed, there is . This is fairly easy using LordPE. Basically, just get the offset of the section immediately following the resource section (in this case .data, offset being 2EA000). Next, go into Directories and click the ... next to Resource. For every item you click on, you can see the Selected Item RVA. Just expand all the nodes in the tree, then you can just scroll through very quickly (just holding the down arrow key basically), and look for any items with RVA of 2EA000 or higher. Most are much lower, so ones nearing or above 2EA000 tend to jump out at you. In this case, there are all the icons (including the group icons), the version information, and "24" which is really a constant representing RT_MANIFEST (typically seen in Delphi and C++Builder apps).

So, easy as this is, there is still better news: every ASProtected app I have ever seen, relocates only these exact items: Icons, Version Info, and RT_MANIFEST (if it exists). So, though I always double check to see that there aren't any others that have been relocated, I have never seen any other than these three types.

Of course, writing a small app to identify these for you (or even relocate them for you) would also be another good learning process, and maybe more fun .

I'd recommend a Guinness, but you live in Europe I think, and all the beers there are good . Here in the USA we have to buy imported beer to get anything that doesn't taste like piss..

Regards,
Satyric0n