Asnpack and Opera?

Hi,
I had been practising unpacking on all packed files I could find on my system. I tried on Opera 8.00 Build 7401. The original packed exe is 7kB in size and packed with AsPack 2.12.I unpacked it like a piece of cake and got an exe of 168kB. Now I wanted to make it smaller. The following sections were there in the exe:
.text .rdata .data .rsrc .aspack .adata .mackt

Now the rsrc and aspack sections were 12000 in size. So I deleted the aspack and adata sections and rebuilt the exe. Now I have a working Executable of .... get this, 6kB. BUT the resources are missing. The PE directory lists the base of resources as 4000 (.rsrc). But the exe has no icon and its resrouces cannot be accessed with any res editor. The exe size is not surprising as it loads the main things from opera.dll. I think there is some problem with the rebuild function. There seems to be some prob with the attachment function in this board.
I get the error:
Warning: mkdir() has been disabled for security reasons in \includes\functions_file.php on line 112
followed by some junk .
Thomas Antony

firstly you need learn unpack aspack without IMPREC;
just dump in debugger @ good moment & locate original IT;
(btw, also there are dumpers for aspack..)

then,
join last 3 section (.rsrc .aspack .adata) under .rsrc section,
open in PExplorer & save as new file;

PExplorer will optimize joined .rsrc section..
(but sometimes bad~`)

Quote:

Originally Posted by evaluator

firstly you need learn unpack aspack without IMPREC;
just dump in debugger @ good moment & locate original IT;
(btw, also there are dumpers for aspack..)

Well I can find the OEP. I don't want to use any dumper as I want to learn unpacking. Its was only when I read a very badly translated softwrap tut of Morales did I understand how much I have to learn more. I know program pretty well in win32asm, and also plain ASM(OS Dev). But I have never really looked at what all that unpacking code actually do. So can you give me some pointers to finding the IAT? Only Direct DWORD pointers allowed

Thomas Antony

Code:

resolve_import:
                mov     esi, 2054h     [bold] ;; import tbl rva[/bold]
                mov     edx, ss:(h_instance - unk_406013)[ebp]
                add     esi, edx

process_library:
                mov     eax, [esi+_IMAGE_IMPORT_DESCRIPTOR.Name]
                test    eax, eax
                jz      imp_tbl_done
                add     eax, edx

Here You can dump unpacked program before aspack's loader fill original import table with functions.

Well, to complement your knoledge you can take a look at pe structure, is always useful to understand how the code is structured and also how is determined the IAT.

here you have a link:
http://www.yates2k.net/peinfo.html

good luck

well, that is NEW question~:)

but main question about optimizing dump done..