private Object DeserializeObject(int typeIndex)
{
Type type = FindType(typeIndex);
// Ensure that the object we deserialized is exactly the same
// type of object we thought we should be deserializing. This
// will help prevent hacked .resources files from using our
// serialization permission assert to deserialize anything
// via a hacked type ID.
Object graph;
graph = _objFormatter.Deserialize(_store.BaseStream);
// This check is about correctness, not security at this point.
if (graph.GetType() != type)
throw new BadImageFormatException(Environment.GetResourceString("BadImageFormat_ResType&SerBlobMismatch", type.FullName, graph.GetType().FullName));
return graph;
}