From 7bcf5b471050e6e4e8af2c54566390283a5dfc88 Mon Sep 17 00:00:00 2001
From: de4dot <de4dot@gmail.com>
Date: Thu, 13 Dec 2012 16:19:34 +0100
Subject: [PATCH] Make sure lastOffset <= fileData.Length (could be a bad dump)

---
 de4dot.code/deobfuscators/CodeVeil/MethodsDecrypter.cs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/de4dot.code/deobfuscators/CodeVeil/MethodsDecrypter.cs b/de4dot.code/deobfuscators/CodeVeil/MethodsDecrypter.cs
index 07513cf1..d2c90e8f 100644
--- a/de4dot.code/deobfuscators/CodeVeil/MethodsDecrypter.cs
+++ b/de4dot.code/deobfuscators/CodeVeil/MethodsDecrypter.cs
@@ -199,7 +199,7 @@ namespace de4dot.code.deobfuscators.CodeVeil {
 
 			const int RVA_EXECUTIVE_OFFSET = 1 * 4;
 			const int ENC_CODE_OFFSET = 6 * 4;
-			int lastOffset = (int)(section.PointerToRawData + section.SizeOfRawData);
+			int lastOffset = Math.Min(fileData.Length, (int)(section.PointerToRawData + section.SizeOfRawData));
 			for (int offset = getStartOffset(peImage); offset < lastOffset; ) {
 				offset = findSig(fileData, offset, lastOffset, initializeMethodEnd);
 				if (offset < 0)