From 42f66c3948eba024bc7b67d5d24b70ab0da6ce5f Mon Sep 17 00:00:00 2001
From: de4dot <de4dot@gmail.com>
Date: Sun, 12 Feb 2012 12:03:55 +0100
Subject: [PATCH] Fix detection; 3.2 doesn't have those extra fields

---
 de4dot.code/deobfuscators/CodeVeil/MethodsDecrypter.cs | 8 +-------
 1 file changed, 1 insertion(+), 7 deletions(-)

diff --git a/de4dot.code/deobfuscators/CodeVeil/MethodsDecrypter.cs b/de4dot.code/deobfuscators/CodeVeil/MethodsDecrypter.cs
index 4c977ca4..c1249b54 100644
--- a/de4dot.code/deobfuscators/CodeVeil/MethodsDecrypter.cs
+++ b/de4dot.code/deobfuscators/CodeVeil/MethodsDecrypter.cs
@@ -246,8 +246,6 @@ namespace de4dot.code.deobfuscators.CodeVeil {
 
 			const int RVA_EXECUTIVE_OFFSET = 1 * 4;
 			const int ENC_CODE_OFFSET = 6 * 4;
-			const int MAGIC1_OFFSET = 7 * 4;
-			const int MAGIC2_OFFSET = 8 * 4;
 			int lastOffset = (int)(section.pointerToRawData + section.sizeOfRawData);
 			for (int offset = getStartOffset(peImage); offset < lastOffset; ) {
 				offset = findSig(fileData, offset, lastOffset, initializeMethodEnd);
@@ -259,17 +257,13 @@ namespace de4dot.code.deobfuscators.CodeVeil {
 				if (retImm16 != 0x0C && retImm16 != 0x10)
 					continue;
 				offset += 2;
-				if (offset + MAGIC2_OFFSET + 4 > lastOffset)
+				if (offset + ENC_CODE_OFFSET + 4 > lastOffset)
 					return null;
 
 				// rva is 0 when the assembly has been embedded
 				int rva = BitConverter.ToInt32(fileData, offset + RVA_EXECUTIVE_OFFSET);
 				if (rva != 0 && mainType.Rvas.IndexOf(rva) < 0)
 					continue;
-				if (BitConverter.ToInt32(fileData, offset + MAGIC1_OFFSET) != -1)
-					continue;
-				if (BitConverter.ToInt32(fileData, offset + MAGIC2_OFFSET) != -1)
-					continue;
 
 				int relOffs = BitConverter.ToInt32(fileData, offset + ENC_CODE_OFFSET);
 				if (relOffs <= 0 || relOffs >= section.sizeOfRawData)