From bb9e4cbf2667d296bdd21002d7444644b610f19c Mon Sep 17 00:00:00 2001
From: de4dot <de4dot@gmail.com>
Date: Tue, 31 Jul 2012 10:41:20 +0200
Subject: [PATCH] Remove resources with an invalid RVA

---
 de4dot.code/deobfuscators/Confuser/Deobfuscator.cs | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/de4dot.code/deobfuscators/Confuser/Deobfuscator.cs b/de4dot.code/deobfuscators/Confuser/Deobfuscator.cs
index 493cc3a9..15194b7d 100644
--- a/de4dot.code/deobfuscators/Confuser/Deobfuscator.cs
+++ b/de4dot.code/deobfuscators/Confuser/Deobfuscator.cs
@@ -276,9 +276,22 @@ namespace de4dot.code.deobfuscators.Confuser {
 			if (proxyCallFixerV1 != null)
 				proxyCallFixerV1.find();
 
+			removeInvalidResources();
+
 			startedDeobfuscating = true;
 		}
 
+		void removeInvalidResources() {
+			foreach (var rsrc in module.Resources) {
+				var resource = rsrc as EmbeddedResource;
+				if (resource == null)
+					continue;
+				if (resource.Offset != 0xFFFFFFFF)
+					continue;
+				addResourceToBeRemoved(resource, "Invalid resource");
+			}
+		}
+
 		bool hasInitializedStringDecrypter = false;
 		void initializeStringDecrypter() {
 			if (hasInitializedStringDecrypter)