Remove most calls to main CV type

de4dot.code/deobfuscators/CodeVeil/Deobfuscator.cs

@@ -176,6 +176,11 @@ namespace de4dot.code.deobfuscators.CodeVeil {
 			base.deobfuscateBegin();
 
 			mainType.initialize();
+			if (mainType.Version >= ObfuscatorVersion.V5_0) {
+				//TODO: addTypeToBeRemoved(mainType.Type, "Main CV type");
+			}
+			foreach (var initMethod in mainType.OtherInitMethods)
+				addCctorInitCallToBeRemoved(initMethod);
 
 			if (Operations.DecryptStrings != OpDecryptString.None) {
 				stringDecrypter.initialize();
@@ -218,6 +223,11 @@ namespace de4dot.code.deobfuscators.CodeVeil {
 			base.deobfuscateMethodBegin(blocks);
 		}
 
+		public override void deobfuscateMethodEnd(blocks.Blocks blocks) {
+			mainType.removeInitCall(blocks);
+			base.deobfuscateMethodEnd(blocks);
+		}
+
 		public override void deobfuscateEnd() {
 			removeProxyDelegates(proxyDelegateFinder, false);	//TODO: Should be 'true'
 			base.deobfuscateEnd();

de4dot.code/deobfuscators/CodeVeil/MainType.cs

@@ -32,6 +32,7 @@ namespace de4dot.code.deobfuscators.CodeVeil {
 		MethodDefinition tamperCheckMethod;
 		ObfuscatorVersion obfuscatorVersion = ObfuscatorVersion.Unknown;
 		List<int> rvas = new List<int>();	// _stub and _executive
+		List<MethodDefinition> otherInitMethods = new List<MethodDefinition>();
 
 		public bool Detected {
 			get { return theType != null; }
@@ -49,6 +50,10 @@ namespace de4dot.code.deobfuscators.CodeVeil {
 			get { return initMethod; }
 		}
 
+		public List<MethodDefinition> OtherInitMethods {
+			get { return otherInitMethods; }
+		}
+
 		public MethodDefinition TamperCheckMethod {
 			get { return tamperCheckMethod; }
 		}
@@ -174,7 +179,11 @@ namespace de4dot.code.deobfuscators.CodeVeil {
 		}
 
 		public void initialize() {
+			if (theType == null)
+				return;
+
 			tamperCheckMethod = findTamperCheckMethod();
+			otherInitMethods = findOtherInitMethods();
 		}
 
 		MethodDefinition findTamperCheckMethod() {
@@ -190,6 +199,21 @@ namespace de4dot.code.deobfuscators.CodeVeil {
 			return null;
 		}
 
+		List<MethodDefinition> findOtherInitMethods() {
+			var list = new List<MethodDefinition>();
+			foreach (var method in theType.Methods) {
+				if (!method.IsStatic)
+					continue;
+				if (method.Name == ".cctor")
+					continue;
+				if (!DotNetUtils.isMethod(method, "System.Void", "()"))
+					continue;
+
+				list.Add(method);
+			}
+			return list;
+		}
+
 		public MethodDefinition getInitStringDecrypterMethod(MethodDefinition stringDecrypterInitMethod) {
 			if (stringDecrypterInitMethod == null)
 				return null;
@@ -212,5 +236,32 @@ namespace de4dot.code.deobfuscators.CodeVeil {
 			}
 			return false;
 		}
+
+		public void removeInitCall(Blocks blocks) {
+			if (initMethod == null || theType == null)
+				return;
+			if (blocks.Method.Name != ".cctor")
+				return;
+			if (blocks.Method.DeclaringType != DotNetUtils.getModuleType(module))
+				return;
+
+			foreach (var block in blocks.MethodBlocks.getAllBlocks()) {
+				var instrs = block.Instructions;
+				for (int i = 0; i < instrs.Count - 2; i++) {
+					if (!instrs[i].isLdcI4())
+						continue;
+					if (!instrs[i + 1].isLdcI4())
+						continue;
+					var call = instrs[i + 2];
+					if (call.OpCode.Code != Code.Call)
+						continue;
+					if (call.Operand != initMethod)
+						continue;
+
+					block.remove(i, 3);
+					return;
+				}
+			}
+		}
 	}
 }