From 612aeec0abe64d9ebefd628338eee00040ae6a33 Mon Sep 17 00:00:00 2001
From: de4dot <de4dot@gmail.com>
Date: Fri, 10 Aug 2012 17:47:59 +0200
Subject: [PATCH] Detect Confuser 1.7 r73566 compressor

---
 de4dot.code/deobfuscators/Confuser/Unpacker.cs | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/de4dot.code/deobfuscators/Confuser/Unpacker.cs b/de4dot.code/deobfuscators/Confuser/Unpacker.cs
index 4fdfff5a..e11fd23d 100644
--- a/de4dot.code/deobfuscators/Confuser/Unpacker.cs
+++ b/de4dot.code/deobfuscators/Confuser/Unpacker.cs
@@ -83,6 +83,7 @@ namespace de4dot.code.deobfuscators.Confuser {
 			v15_r60785,
 			v17_r73404,
 			v17_r73477,
+			v17_r73566,
 			v17_r75076,
 			v18_r75184,
 			v18_r75367,
@@ -184,8 +185,12 @@ namespace de4dot.code.deobfuscators.Confuser {
 			simpleDeobfuscator.deobfuscate(cctor);
 			simpleDeobfuscator.decryptStrings(cctor, deob);
 
-			if (findEntryPointToken(simpleDeobfuscator, cctor, entryPoint, out entryPointToken) && !use7zip)
-				version = ConfuserVersion.v17_r73477;
+			if (findEntryPointToken(simpleDeobfuscator, cctor, entryPoint, out entryPointToken) && !use7zip) {
+				if (DotNetUtils.callsMethod(asmResolverMethod, "System.Void", "(System.String)"))
+					version = ConfuserVersion.v17_r73477;
+				else
+					version = ConfuserVersion.v17_r73566;
+			}
 
 			mainAsmResource = findResource(cctor);
 			if (mainAsmResource == null)
@@ -461,6 +466,7 @@ namespace de4dot.code.deobfuscators.Confuser {
 			case ConfuserVersion.v15_r60785: return decrypt_v15_r60785(data);
 			case ConfuserVersion.v17_r73404: return decrypt_v17_r73404(data);
 			case ConfuserVersion.v17_r73477: return decrypt_v17_r73404(data);
+			case ConfuserVersion.v17_r73566: return decrypt_v17_r73404(data);
 			case ConfuserVersion.v17_r75076: return decrypt_v17_r75076(data);
 			case ConfuserVersion.v18_r75184: return decrypt_v17_r75076(data);
 			case ConfuserVersion.v18_r75367: return decrypt_v17_r75076(data);
@@ -598,6 +604,11 @@ namespace de4dot.code.deobfuscators.Confuser {
 
 			case ConfuserVersion.v17_r73477:
 				minRev = 73477;
+				maxRev = 73479;
+				return true;
+
+			case ConfuserVersion.v17_r73566:
+				minRev = 73566;
 				maxRev = 75056;
 				return true;