From 965bf1f2e60e2e4030e18e72a4ae92bd9663839a Mon Sep 17 00:00:00 2001
From: de4dot <de4dot@gmail.com>
Date: Fri, 10 Aug 2012 23:18:44 +0200
Subject: [PATCH] Detect Confuser 1.8 r75369 proxy methods creator

---
 .../deobfuscators/Confuser/ProxyCallFixer.cs       | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/de4dot.code/deobfuscators/Confuser/ProxyCallFixer.cs b/de4dot.code/deobfuscators/Confuser/ProxyCallFixer.cs
index ea5a2717..af04e8ed 100644
--- a/de4dot.code/deobfuscators/Confuser/ProxyCallFixer.cs
+++ b/de4dot.code/deobfuscators/Confuser/ProxyCallFixer.cs
@@ -57,6 +57,8 @@ namespace de4dot.code.deobfuscators.Confuser {
 			v17_r74708_native,
 			v18_r75367_normal,
 			v18_r75367_native,
+			v18_r75369_normal,
+			v18_r75369_native,
 			v19_r76101_normal,
 			v19_r76101_native,
 		}
@@ -232,11 +234,13 @@ namespace de4dot.code.deobfuscators.Confuser {
 				break;
 
 			case ConfuserVersion.v18_r75367_normal:
+			case ConfuserVersion.v18_r75369_normal:
 			case ConfuserVersion.v19_r76101_normal:
 				getCallInfo_v18_r75367_normal(info, creatorInfo, out calledMethod, out callOpcode);
 				break;
 
 			case ConfuserVersion.v18_r75367_native:
+			case ConfuserVersion.v18_r75369_native:
 			case ConfuserVersion.v19_r76101_native:
 				getCallInfo_v18_r75367_native(info, creatorInfo, out calledMethod, out callOpcode);
 				break;
@@ -504,9 +508,9 @@ namespace de4dot.code.deobfuscators.Confuser {
 					if (proxyType == ProxyCreatorType.CallOrCallvirt && !findCallvirtChar(method, out callvirtChar))
 						continue;
 					if ((nativeMethod = findNativeMethod_v18_r75367(method)) != null)
-						theVersion = ConfuserVersion.v18_r75367_native;
+						theVersion = proxyType != ProxyCreatorType.CallOrCallvirt || callvirtChar == 9 ? ConfuserVersion.v18_r75367_native : ConfuserVersion.v18_r75369_native;
 					else if (findMagic_v18_r75367(method, out magic))
-						theVersion = ConfuserVersion.v18_r75367_normal;
+						theVersion = proxyType != ProxyCreatorType.CallOrCallvirt || callvirtChar == 9 ? ConfuserVersion.v18_r75367_normal : ConfuserVersion.v18_r75369_normal;
 					else if (findMagic_v19_r76101(method, out magic))
 						theVersion = ConfuserVersion.v19_r76101_normal;
 					else if ((nativeMethod = findNativeMethod_v19_r76101(method)) != null)
@@ -1123,6 +1127,12 @@ namespace de4dot.code.deobfuscators.Confuser {
 				maxRev = 75926;
 				return true;
 
+			case ConfuserVersion.v18_r75369_normal:
+			case ConfuserVersion.v18_r75369_native:
+				minRev = 75369;
+				maxRev = 75926;
+				return true;
+
 			case ConfuserVersion.v19_r76101_normal:
 			case ConfuserVersion.v19_r76101_native:
 				minRev = 76101;