From b647b59fadb9cd567a012091e26b8a59be2b9982 Mon Sep 17 00:00:00 2001
From: de4dot <de4dot@gmail.com>
Date: Fri, 10 Aug 2012 21:28:08 +0200
Subject: [PATCH] Detect Confuser 1.3 r55346 proxy methods creator

---
 de4dot.code/deobfuscators/Confuser/ProxyCallFixer.cs | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/de4dot.code/deobfuscators/Confuser/ProxyCallFixer.cs b/de4dot.code/deobfuscators/Confuser/ProxyCallFixer.cs
index 8fddafd4..249f7180 100644
--- a/de4dot.code/deobfuscators/Confuser/ProxyCallFixer.cs
+++ b/de4dot.code/deobfuscators/Confuser/ProxyCallFixer.cs
@@ -43,6 +43,7 @@ namespace de4dot.code.deobfuscators.Confuser {
 			v10_r48717,
 			v11_r50378,
 			v12_r54564,
+			v13_r55346,
 			v14_r58564,
 			v14_r58857,
 			v17_r73740_normal,
@@ -201,6 +202,7 @@ namespace de4dot.code.deobfuscators.Confuser {
 			case ConfuserVersion.v10_r48717:
 			case ConfuserVersion.v11_r50378:
 			case ConfuserVersion.v12_r54564:
+			case ConfuserVersion.v13_r55346:
 			case ConfuserVersion.v14_r58564:
 				getCallInfo_v10_r48717(info, creatorInfo, out calledMethod, out callOpcode);
 				break;
@@ -520,6 +522,8 @@ namespace de4dot.code.deobfuscators.Confuser {
 						int numCalls = countCalls(method, "System.Byte[] System.Text.Encoding::GetBytes(System.Char[],System.Int32,System.Int32)");
 						if (numCalls == 2)
 							theVersion = ConfuserVersion.v12_r54564;
+						if (!DotNetUtils.callsMethod(method, "System.Reflection.Assembly System.Reflection.Assembly::Load(System.Reflection.AssemblyName)"))
+							theVersion = ConfuserVersion.v13_r55346;
 					}
 				}
 				else if (is_v17_r73740(method)) {
@@ -1008,6 +1012,11 @@ namespace de4dot.code.deobfuscators.Confuser {
 
 			case ConfuserVersion.v12_r54564:
 				minRev = 54564;
+				maxRev = 54574;
+				return true;
+
+			case ConfuserVersion.v13_r55346:
+				minRev = 55346;
 				maxRev = 58446;
 				return true;