Detect Confuser 1.3 r55346 proxy methods creator

2012-08-10 21:28:08 +02:00 · 2012-08-10 21:28:08 +02:00 · b647b59fad
commit b647b59fad
parent b3b3f222cf
1 changed files with 9 additions and 0 deletions
--- a/de4dot.code/deobfuscators/Confuser/ProxyCallFixer.cs
+++ b/de4dot.code/deobfuscators/Confuser/ProxyCallFixer.cs
@ -43,6 +43,7 @@ namespace de4dot.code.deobfuscators.Confuser {
 			v10_r48717,
 			v11_r50378,
 			v12_r54564,
+			v13_r55346,
 			v14_r58564,
 			v14_r58857,
 			v17_r73740_normal,
@ -201,6 +202,7 @@ namespace de4dot.code.deobfuscators.Confuser {
 			case ConfuserVersion.v10_r48717:
 			case ConfuserVersion.v11_r50378:
 			case ConfuserVersion.v12_r54564:
+			case ConfuserVersion.v13_r55346:
 			case ConfuserVersion.v14_r58564:
 				getCallInfo_v10_r48717(info, creatorInfo, out calledMethod, out callOpcode);
 				break;
@ -520,6 +522,8 @@ namespace de4dot.code.deobfuscators.Confuser {
 						int numCalls = countCalls(method, "System.Byte[] System.Text.Encoding::GetBytes(System.Char[],System.Int32,System.Int32)");
 						if (numCalls == 2)
 							theVersion = ConfuserVersion.v12_r54564;
+						if (!DotNetUtils.callsMethod(method, "System.Reflection.Assembly System.Reflection.Assembly::Load(System.Reflection.AssemblyName)"))
+							theVersion = ConfuserVersion.v13_r55346;
 					}
 				}
 				else if (is_v17_r73740(method)) {
@ -1008,6 +1012,11 @@ namespace de4dot.code.deobfuscators.Confuser {

 			case ConfuserVersion.v12_r54564:
 				minRev = 54564;
+				maxRev = 54574;
+				return true;
+
+			case ConfuserVersion.v13_r55346:
+				minRev = 55346;
 				maxRev = 58446;
 				return true;