diff --git a/de4dot.code/de4dot.code.csproj b/de4dot.code/de4dot.code.csproj
index 6518312c..a2950b05 100644
--- a/de4dot.code/de4dot.code.csproj
+++ b/de4dot.code/de4dot.code.csproj
@@ -75,6 +75,7 @@
     <Compile Include="deobfuscators\dotNET_Reactor\Deobfuscator.cs" />
     <Compile Include="deobfuscators\dotNET_Reactor\EncryptedResource.cs" />
     <Compile Include="deobfuscators\dotNET_Reactor\LocalTypes.cs" />
+    <Compile Include="deobfuscators\dotNET_Reactor\MetadataTokenObfuscator.cs" />
     <Compile Include="deobfuscators\dotNET_Reactor\MethodsDecrypter.cs" />
     <Compile Include="deobfuscators\dotNET_Reactor\StringDecrypter.cs" />
     <Compile Include="deobfuscators\Eazfuscator\Deobfuscator.cs" />
diff --git a/de4dot.code/deobfuscators/dotNET_Reactor/Deobfuscator.cs b/de4dot.code/deobfuscators/dotNET_Reactor/Deobfuscator.cs
index a61cac7f..29621135 100644
--- a/de4dot.code/deobfuscators/dotNET_Reactor/Deobfuscator.cs
+++ b/de4dot.code/deobfuscators/dotNET_Reactor/Deobfuscator.cs
@@ -81,6 +81,7 @@ namespace de4dot.deobfuscators.dotNET_Reactor {
 		StringDecrypter stringDecrypter;
 		BooleanDecrypter booleanDecrypter;
 		BoolValueInliner boolValueInliner;
+		MetadataTokenObfuscator metadataTokenObfuscator;
 
 		bool canRemoveDecrypterType = true;
 		bool startedDeobfuscating = false;
@@ -313,6 +314,8 @@ namespace de4dot.deobfuscators.dotNET_Reactor {
 			}
 			DeobfuscatedFile.stringDecryptersAdded();
 
+			metadataTokenObfuscator = new MetadataTokenObfuscator(module);
+
 			if (Operations.DecryptStrings != OpDecryptString.None)
 				addResourceToBeRemoved(stringDecrypter.StringsResource, "Encrypted strings");
 			if (options.DecryptMethods) {
@@ -341,6 +344,7 @@ namespace de4dot.deobfuscators.dotNET_Reactor {
 		}
 
 		public override void deobfuscateMethodEnd(Blocks blocks) {
+			metadataTokenObfuscator.deobfuscate(blocks);
 			base.deobfuscateMethodEnd(blocks);
 		}
 
@@ -348,8 +352,10 @@ namespace de4dot.deobfuscators.dotNET_Reactor {
 			removeInlinedMethods();
 			if (options.RestoreTypes)
 				new TypesRestorer(module).deobfuscate();
-			if (canRemoveDecrypterType && methodsDecrypter.MethodsDecrypterMethod != null)
+			if (canRemoveDecrypterType && methodsDecrypter.MethodsDecrypterMethod != null) {
 				addTypeToBeRemoved(methodsDecrypter.MethodsDecrypterMethod.DeclaringType, "Decrypter type");
+				addTypeToBeRemoved(metadataTokenObfuscator.Type, "Metadata token obfuscator");
+			}
 			base.deobfuscateEnd();
 		}
 
diff --git a/de4dot.code/deobfuscators/dotNET_Reactor/MetadataTokenObfuscator.cs b/de4dot.code/deobfuscators/dotNET_Reactor/MetadataTokenObfuscator.cs
new file mode 100644
index 00000000..24bb7c98
--- /dev/null
+++ b/de4dot.code/deobfuscators/dotNET_Reactor/MetadataTokenObfuscator.cs
@@ -0,0 +1,99 @@
+/*
+    Copyright (C) 2011 de4dot@gmail.com
+
+    This file is part of de4dot.
+
+    de4dot is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    de4dot is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with de4dot.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+using Mono.Cecil;
+using Mono.Cecil.Cil;
+using de4dot.blocks;
+
+namespace de4dot.deobfuscators.dotNET_Reactor {
+	// Find the class that returns a RuntimeTypeHandle/RuntimeFieldHandle. The value passed to
+	// its methods is the original metadata token, which will be different when we save the file.
+	class MetadataTokenObfuscator {
+		ModuleDefinition module;
+		TypeDefinition type;
+		MethodDefinition typeMethod;
+		MethodDefinition fieldMethod;
+
+		public TypeDefinition Type {
+			get { return type; }
+		}
+
+		public MetadataTokenObfuscator(ModuleDefinition module) {
+			this.module = module;
+			find();
+		}
+
+		void find() {
+			foreach (var type in module.Types) {
+				var fields = type.Fields;
+				if (fields.Count != 1)
+					continue;
+				if (fields[0].FieldType.FullName != "System.ModuleHandle")
+					continue;
+				if (type.HasProperties || type.HasEvents)
+					continue;
+
+				MethodDefinition fieldMethod = null, typeMethod = null;
+				foreach (var method in type.Methods) {
+					if (DotNetUtils.isMethod(method, "System.RuntimeTypeHandle", "(System.Int32)"))
+						typeMethod = method;
+					else if (DotNetUtils.isMethod(method, "System.RuntimeFieldHandle", "(System.Int32)"))
+						fieldMethod = method;
+				}
+
+				if (typeMethod == null || fieldMethod == null)
+					continue;
+
+				this.type = type;
+				this.typeMethod = typeMethod;
+				this.fieldMethod = fieldMethod;
+				return;
+			}
+		}
+
+		public void deobfuscate(Blocks blocks) {
+			if (type == null)
+				return;
+
+			foreach (var block in blocks.MethodBlocks.getAllBlocks()) {
+				var instrs = block.Instructions;
+				for (int i = 0; i < instrs.Count - 1; i++) {
+					var instr = instrs[i];
+					if (instr.OpCode.Code != Code.Ldc_I4)
+						continue;
+					var call = instrs[i + 1];
+					if (call.OpCode.Code != Code.Call)
+						continue;
+					var method = call.Operand as MethodReference;
+					if (!MemberReferenceHelper.compareTypes(type, method.DeclaringType))
+						continue;
+					var methodDef = DotNetUtils.getMethod(module, method);
+					if (methodDef == null)
+						continue;
+					if (methodDef != typeMethod && methodDef != fieldMethod)
+						continue;
+
+					int token = (int)instrs[i].Operand;
+					instrs[i] = new Instr(Instruction.Create(OpCodes.Nop));
+					instrs[i + 1] = new Instr(new Instruction(OpCodes.Ldtoken, module.LookupToken(token) as MemberReference));
+				}
+			}
+		}
+	}
+}