diff --git a/BurnOutSharp/ProtectionType/JoWooDXProt.cs b/BurnOutSharp/ProtectionType/JoWooDXProt.cs
deleted file mode 100644
index 9f0c45e0..00000000
--- a/BurnOutSharp/ProtectionType/JoWooDXProt.cs
+++ /dev/null
@@ -1,53 +0,0 @@
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using BurnOutSharp.Matching;
-
-namespace BurnOutSharp.ProtectionType
-{
- public class JoWooDXProt : IContentCheck
- {
- ///
- public List GetContentMatchSets()
- {
- return new List
- {
- // @HC09
- new ContentMatchSet(new byte?[] { 0x40, 0x48, 0x43, 0x30, 0x39, 0x20, 0x20, 0x20, 0x20 }, "JoWooD X-Prot v2"),
-
- new ContentMatchSet(new List
- {
- // .ext
- new byte?[] { 0x2E, 0x65, 0x78, 0x74, 0x20, 0x20, 0x20, 0x20 },
-
- // kernel32.dll + (char)0x00 + (char)0x00 + (char)0x00 + VirtualProtect
- new byte?[]
- {
- 0x6B, 0x65, 0x72, 0x6E, 0x65, 0x6C, 0x33, 0x32,
- 0x2E, 0x64, 0x6C, 0x6C, 0x00, 0x00, 0x00, 0x56,
- 0x69, 0x72, 0x74, 0x75, 0x61, 0x6C, 0x50, 0x72,
- 0x6F, 0x74, 0x65, 0x63, 0x74
- },
- }, GetVersion, "JoWooD X-Prot"),
-
- // TODO: This is likely a section header name. When converting, check this
- // It also likely goes along with the above. Not sure how yet
-
- // .ext
- new ContentMatchSet(
- new ContentMatch(new byte?[] { 0x2E, 0x65, 0x78, 0x74, 0x20, 0x20, 0x20, 0x20 }, end: 2048),
- "JoWooD X-Prot v1"),
- };
- }
-
- ///
- public string CheckContents(string file, byte[] fileContent, bool includeDebug = false) => null;
-
- public static string GetVersion(string file, byte[] fileContent, List positions)
- {
- int position = positions[1]--; // TODO: Verify this subtract
- char[] version = new ArraySegment(fileContent, position + 67, 8).Select(b => (char)b).ToArray();
- return $"{version[0]}.{version[2]}.{version[4]}.{version[6]}{version[7]}";
- }
- }
-}
diff --git a/BurnOutSharp/ProtectionType/JoWood.cs b/BurnOutSharp/ProtectionType/JoWood.cs
new file mode 100644
index 00000000..bc4368e8
--- /dev/null
+++ b/BurnOutSharp/ProtectionType/JoWood.cs
@@ -0,0 +1,79 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using BurnOutSharp.ExecutableType.Microsoft;
+using BurnOutSharp.Matching;
+
+namespace BurnOutSharp.ProtectionType
+{
+ // Interesting note: the former protection "Xtreme-Protector" was found to be a
+ // subset of the JoWood X-Prot checks, more specifically the XPROT section check
+ // that now outputs a version of v1.4+.
+ public class JoWood : IContentCheck
+ {
+ ///
+ public List GetContentMatchSets() => null;
+
+ ///
+ public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
+ {
+ // Get the sections from the executable, if possible
+ PortableExecutable pex = PortableExecutable.Deserialize(fileContent, 0);
+ var sections = pex?.SectionTable;
+ if (sections == null)
+ return null;
+
+ // Get the .ext section, if it exists
+ var extSection = sections.FirstOrDefault(s => Encoding.ASCII.GetString(s.Name).Equals(".ext "));
+ if (extSection != null)
+ {
+ // Get the .dcrtext section, if it exists
+ var dcrtextSection = sections.FirstOrDefault(s => Encoding.ASCII.GetString(s.Name).Equals(".dcrtext"));
+ if (dcrtextSection != null)
+ {
+ int sectionAddr = (int)dcrtextSection.PointerToRawData;
+ int sectionEnd = sectionAddr + (int)dcrtextSection.VirtualSize;
+ var matchers = new List
+ {
+ // kernel32.dll + (char)0x00 + (char)0x00 + (char)0x00 + VirtualProtect
+ new ContentMatchSet(
+ new ContentMatch(new byte?[]
+ {
+ 0x6B, 0x65, 0x72, 0x6E, 0x65, 0x6C, 0x33, 0x32,
+ 0x2E, 0x64, 0x6C, 0x6C, 0x00, 0x00, 0x00, 0x56,
+ 0x69, 0x72, 0x74, 0x75, 0x61, 0x6C, 0x50, 0x72,
+ 0x6F, 0x74, 0x65, 0x63, 0x74
+ }, start: sectionAddr, end: sectionEnd),
+ GetVersion, "JoWood X-Prot"),
+ };
+
+ string match = MatchUtil.GetFirstMatch(file, fileContent, matchers, includeDebug);
+ if (!string.IsNullOrWhiteSpace(match))
+ return match;
+ }
+
+ return "JoWood X-Prot v1.0-v1.3";
+ }
+
+ // Get the HC09 section, if it exists
+ var hc09Section = sections.FirstOrDefault(s => Encoding.ASCII.GetString(s.Name).Equals("HC09 "));
+ if (hc09Section != null)
+ return "JoWood X-Prot v2"; // TODO: Can we get more granular with the version?
+
+ // Get the XPROT section, if it exists
+ var xprotSection = sections.FirstOrDefault(s => Encoding.ASCII.GetString(s.Name).Equals("XPROT "));
+ if (xprotSection != null)
+ return "JoWood X-Prot v1.4+"; // TODO: Can we get more granular with the version?
+
+ return null;
+ }
+
+ public static string GetVersion(string file, byte[] fileContent, List positions)
+ {
+ int position = positions[0];
+ char[] version = new ArraySegment(fileContent, position + 67, 8).Select(b => (char)b).ToArray();
+ return new string(version);
+ }
+ }
+}
diff --git a/BurnOutSharp/ProtectionType/XtremeProtector.cs b/BurnOutSharp/ProtectionType/XtremeProtector.cs
deleted file mode 100644
index fe6fe0bb..00000000
--- a/BurnOutSharp/ProtectionType/XtremeProtector.cs
+++ /dev/null
@@ -1,21 +0,0 @@
-using System.Collections.Generic;
-using BurnOutSharp.Matching;
-
-namespace BurnOutSharp.ProtectionType
-{
- public class XtremeProtector : IContentCheck
- {
- ///
- public List GetContentMatchSets()
- {
- return new List
- {
- // XPROT
- new ContentMatchSet(new byte?[] { 0x58, 0x50, 0x52, 0x4F, 0x54, 0x20, 0x20, 0x20 }, "Xtreme-Protector"),
- };
- }
-
- ///
- public string CheckContents(string file, byte[] fileContent, bool includeDebug = false) => null;
- }
-}