d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Virgin import of Christos Zoulas's FILE 4.17.

Browse Source
This commit is contained in:
David E. O'Brien 2006-06-19 07:52:15 +00:00
parent a2e8fb4c99
commit 88a5e5ac7b
75 changed files with 27603 additions and 9289 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

99
contrib/file/ChangeLog
View File

@ -1,3 +1,102 @@
2006-03-02 16:06 Christos Zoulas <christos@zoulas.com>
* Print empty if the file is (Mike Frysinger)
* Don't try to read past the end of the buffer (Mike Frysinger)
* Sort magic entries by strength [experimental]
2005-11-29 13:26 Christos Zoulas <christos@zoulas.com>
* Use iswprint() to convert the output string.
(Bastien Nocera)
2005-10-31 8:54 Christos Zoulas <christos@zoulas.com>
* Fix regression where the core info was not completely processed
(Radek Vokál)
2005-10-20 11:15 Christos Zoulas <christos@zoulas.com>
* Middle Endian magic (Diomidis Spinellis)
2005-10-17 11:15 Christos Zoulas <christos@zoulas.com>
* Open with O_BINARY for CYGWIN (Corinna Vinschen)
* Don't close stdin (Arkadiusz Miskiewicz)
* Look for note sections in non executables.
2005-09-20 13:33 Christos Zoulas <christos@zoulas.com>
* Don't print SVR4 Style in core files multiple times
(Radek Vokál)
2005-08-27 04:09 Christos Zoulas <christos@zoulas.com>
* Cygwin changes Corinna Vinschen
2005-08-18 09:53 Christos Zoulas <christos@zoulas.com>
* Remove erroreous mention of /etc/magic in the file man page
This is gentoo bug 101639. (Mike Frysinger)
* Cross-compile support and detection (Mike Frysinger)
2005-08-12 10:17 Christos Zoulas <christos@zoulas.com>
* Add -h flag and dereference symlinks if POSIXLY_CORRECT
is set.
2005-07-29 13:57 Christos Zoulas <christos@zoulas.com>
* Avoid search and regex buffer overflows (Kelledin)
2005-07-12 11:48 Christos Zoulas <christos@zoulas.com>
* Provide stub implementations for {v,}nsprintf() for older
OS's that don't have them.
* Change mbstate_t autoconf detection macro from AC_MBSTATE_T
to AC_TYPE_MBSTATE_T.
2005-06-25 11:48 Christos Zoulas <christos@zoulas.com>
* Dynamically allocate the string buffers and make the
default read size 256K.
2005-06-01 00:00 Joerg Sonnenberger <joerg@britannica.bec.de>
* Dragonfly ELF note support
2005-03-14 00:00 Giuliano Bertoletti <gb@symbolic.it>
* Avoid NULL pointer dereference in time conversion.
2005-03-06 00:00 Joerg Walter <jwalt@mail.garni.ch>
* Add indirect magic offset support, and search mode.
2005-01-12 00:00 Stepan Kasal <kasal@ucw.cz>
* src/ascmagic.c (file_ascmagic): Fix three bugs about text files:
If a CRLF text file happens to have CR at offset HOWMANY - 1
(currently 0xffff), it should not be counted as CR line
terminator.
If a line has length exactly MAXLINELEN, it should not yet be
treated as a ``very long line'', as MAXLINELEN is ``longest sane
line length''.
With CRLF, the line length was not computed correctly, and even
lines of length MAXLINELEN - 1 were treated as ``very long''.
2004-12-07 14:15 Christos Zoulas <christos@zoulas.com>
* bzip2 needs a lot of input buffer space on some files
before it can begin uncompressing. This makes file -z
fail on some bz2 files. Fix it by giving it a copy of
the file descriptor to read as much as it wants if we
have access to it. <christos@zoulas.com>
2004-11-24 12:39 Christos Zoulas <christos@zoulas.com>
* Stack smash fix, and ELF more conservative reading.

54
contrib/file/Magdir/adventure
View File

@ -12,27 +12,38 @@
0 beshort 0x0206 ALAN game data
>2 byte <10 version 2.6%d
# Conflicts with too much other stuff!
# Infocom
# (Note: to avoid false matches Z-machine version 1 and 2 are not
# recognized since only the oldest Zork I and II used them. Similarly
# there are 4 Infocom games that use version 4 that are not recognized.)
#0 byte 3 Infocom game data (Z-machine 3,
#>2 beshort <0x7fff Release %3d,
#>26 beshort >0 Size %d*2
#>18 string >\0 Serial %.6s)
#0 byte 5 Infocom game data (Z-machine 5,
#>2 beshort <0x7fff Release %3d,
#>26 beshort >0 Size %d*4
#>18 string >\0 Serial %.6s)
#0 byte 6 Infocom game data (Z-machine 6,
#>2 beshort <0x7fff Release %3d,
#>26 beshort >0 Size %d*8
#>18 string >\0 Serial %.6s)
#0 byte 8 Infocom game data (Z-machine 8,
#>2 beshort <0x7fff Release %3d,
#>26 beshort >0 Size %d*8
#>18 string >\0 Serial %.6s)
# Infocom (see z-machine)
#------------------------------------------------------------------------------
# Z-machine: file(1) magic for Z-machine binaries.
#
# This will match ${TEX_BASE}/texmf/omega/ocp/char2uni/inbig5.ocp which
# appears to be a version-0 Z-machine binary.
#
# The (false match) message is to correct that behavior. Perhaps it is
# not needed.
#
16 belong&0xfe00f0f0 0x3030 Infocom game data
>0 ubyte 0 (false match)
>0 ubyte >0 (Z-machine %d,
>>2 ubeshort x Release %d /
>>18 string >\0 Serial %.6s)
#------------------------------------------------------------------------------
# Glulx: file(1) magic for Glulx binaries.
#
# I haven't checked for false matches yet.
#
0 string Glul Glulx game data
>4 beshort x (Version %d
>>6 byte x \b.%d
>>8 byte x \b.%d)
>36 string Info Compiled by Inform
# For Quetzal and blorb magic see iff
# TADS (Text Adventure Development System)
# All files are machine-independent (games compile to byte-code) and are tagged
@ -61,3 +72,4 @@
>10 belong !0x0A0D1A00 saved game data, CORRUPTED
>10 belong 0x0A0D1A00
>>14 string >\0 %s saved game data

7
contrib/file/Magdir/amigaos
View File

@ -42,6 +42,9 @@
0 beshort 0x0f03 AmigaOS outline font
0 belong 0x80001001 AmigaOS outline tag
0 string ##\ version catalog translation
0 string EMOD\0 Amiga E module
8 string ECXM\0 ECX module
0 string/c @database AmigaGuide file
# Amiga disk types
#
@ -54,3 +57,7 @@
0 string DOS\4 Amiga Fastdir DOS disk
0 string DOS\5 Amiga Fastdir FFS disk
0 string KICK Kickstart disk
# From: Alex Beregszaszi <alex@fsn.hu>
0 string LZX LZX compressed archive (Amiga)

290
contrib/file/Magdir/animation
View File

@ -6,13 +6,58 @@
# MPEG, FLI, DL originally from vax@ccwf.cc.utexas.edu (VaX#n8)
# FLC, SGI, Apple originally from Daniel Quinlan (quinlan@yggdrasil.com)
# SGI and Apple formats
0 string MOVI Silicon Graphics movie file
4 string moov Apple QuickTime
>12 string mvhd \b movie (fast start)
>12 string mdra \b URL
>12 string cmov \b movie (fast start, compressed header)
>12 string rmra \b multiple URLs
4 string mdat Apple QuickTime movie (unoptimized)
4 string wide Apple QuickTime movie (unoptimized)
4 string skip Apple QuickTime movie (modified)
4 string free Apple QuickTime movie (modified)
4 string idsc Apple QuickTime image (fast start)
4 string idat Apple QuickTime image (unoptimized)
4 string pckg Apple QuickTime compressed archive
4 string/B jP JPEG 2000 image
4 string ftyp ISO Media
>8 string isom \b, MPEG v4 system, version 1
>8 string iso2 \b, MPEG v4 system, part 12 revision
>8 string mp41 \b, MPEG v4 system, version 1
>8 string mp42 \b, MPEG v4 system, version 2
>8 string mp7t \b, MPEG v4 system, MPEG v7 XML
>8 string mp7b \b, MPEG v4 system, MPEG v7 binary XML
>8 string/B jp2 \b, JPEG 2000
>8 string 3gp \b, MPEG v4 system, 3GPP
>>11 byte 4 \b v4 (H.263/AMR GSM 6.10)
>>11 byte 5 \b v5 (H.263/AMR GSM 6.10)
>>11 byte 6 \b v6 (ITU H.264/AMR GSM 6.10)
>8 string mmp4 \b, MPEG v4 system, 3GPP Mobile
>8 string avc1 \b, MPEG v4 system, 3GPP JVT AVC
>8 string/B M4A \b, MPEG v4 system, iTunes AAC-LC
>8 string/B M4P \b, MPEG v4 system, iTunes AES encrypted
>8 string/B M4B \b, MPEG v4 system, iTunes bookmarked
>8 string/B qt \b, Apple QuickTime movie
# MPEG sequences
# Scans for all common MPEG header start codes
0 belong 0x00000001 JVT NAL sequence
>4 byte&0x1F 0x07 \b, H.264 video
>>5 byte 66 \b, baseline
>>5 byte 77 \b, main
>>5 byte 88 \b, extended
>>7 byte x \b @ L %u
0 belong&0xFFFFFF00 0x00000100 MPEG sequence
>3 byte 0xBA
>>4 byte &0x40 \b, v2, program multiplex
>>4 byte ^0x40 \b, v1, system multiplex
>3 byte 0xBB \b, v1/2, multiplex (missing pack header)
>3 byte&0x1F 0x07 \b, H.264 video
>>4 byte 66 \b, baseline
>>4 byte 77 \b, main
>>4 byte 88 \b, extended
>>6 byte x \b @ L %u
>3 byte 0xB0 \b, v4
>>5 belong 0x000001B5
>>>9 byte &0x80
@ -20,11 +65,10 @@
>>>>10 byte&0xF0 32 \b, still texture
>>>>10 byte&0xF0 48 \b, mesh
>>>>10 byte&0xF0 64 \b, face
>>>9 byte ^0x80
>>>>9 byte&0xF8 8 \b, video
>>>>9 byte&0xF8 16 \b, still texture
>>>>9 byte&0xF8 24 \b, mesh
>>>>9 byte&0xF8 32 \b, face
>>>9 byte&0xF8 8 \b, video
>>>9 byte&0xF8 16 \b, still texture
>>>9 byte&0xF8 24 \b, mesh
>>>9 byte&0xF8 32 \b, face
>>4 byte 1 \b, simple @ L1
>>4 byte 2 \b, simple @ L2
>>4 byte 3 \b, simple @ L3
@ -89,11 +133,10 @@
>>>5 byte&0xF0 32 \b, still texture (missing profile header)
>>>5 byte&0xF0 48 \b, mesh (missing profile header)
>>>5 byte&0xF0 64 \b, face (missing profile header)
>>4 byte ^0x80
>>>4 byte&0xF8 8 \b, video (missing profile header)
>>>4 byte&0xF8 16 \b, still texture (missing profile header)
>>>4 byte&0xF8 24 \b, mesh (missing profile header)
>>>4 byte&0xF8 32 \b, face (missing profile header)
>>4 byte&0xF8 8 \b, video (missing profile header)
>>4 byte&0xF8 16 \b, still texture (missing profile header)
>>4 byte&0xF8 24 \b, mesh (missing profile header)
>>4 byte&0xF8 32 \b, face (missing profile header)
>3 byte 0xB3
>>12 belong 0x000001B8 \b, v1, progressive Y'CbCr 4:2:0 video
>>12 belong 0x000001B2 \b, v1, progressive Y'CbCr 4:2:0 video
@ -131,23 +174,23 @@
>>>>>145 byte&0x06 2 \b Y'CbCr 4:2:0 video
>>>>>145 byte&0x06 4 \b Y'CbCr 4:2:2 video
>>>>>145 byte&0x06 6 \b Y'CbCr 4:4:4 video
>>>76 belong 0x000001B8 \b, v1, progressive Y'CbCr 4:2:0 video
>>>76 belong 0x000001B2 \b, v1, progressive Y'CbCr 4:2:0 video
>>>76 belong 0x000001B5 \b, v2,
>>>80 byte&0x0F 1 \b HP
>>>80 byte&0x0F 2 \b Spt
>>>80 byte&0x0F 3 \b SNR
>>>80 byte&0x0F 4 \b MP
>>>80 byte&0x0F 5 \b SP
>>>81 byte&0xF0 64 \b@HL
>>>81 byte&0xF0 96 \b@H-14
>>>81 byte&0xF0 128 \b@ML
>>>81 byte&0xF0 160 \b@LL
>>>81 byte &0x08 \b progressive
>>>81 byte ^0x08 \b interlaced
>>>81 byte&0x06 2 \b Y'CbCr 4:2:0 video
>>>81 byte&0x06 4 \b Y'CbCr 4:2:2 video
>>>81 byte&0x06 6 \b Y'CbCr 4:4:4 video
>>76 belong 0x000001B8 \b, v1, progressive Y'CbCr 4:2:0 video
>>76 belong 0x000001B2 \b, v1, progressive Y'CbCr 4:2:0 video
>>76 belong 0x000001B5 \b, v2,
>>>80 byte&0x0F 1 \b HP
>>>80 byte&0x0F 2 \b Spt
>>>80 byte&0x0F 3 \b SNR
>>>80 byte&0x0F 4 \b MP
>>>80 byte&0x0F 5 \b SP
>>>81 byte&0xF0 64 \b@HL
>>>81 byte&0xF0 96 \b@H-14
>>>81 byte&0xF0 128 \b@ML
>>>81 byte&0xF0 160 \b@LL
>>>81 byte &0x08 \b progressive
>>>81 byte ^0x08 \b interlaced
>>>81 byte&0x06 2 \b Y'CbCr 4:2:0 video
>>>81 byte&0x06 4 \b Y'CbCr 4:2:2 video
>>>81 byte&0x06 6 \b Y'CbCr 4:4:4 video
>>4 belong&0xFFFFFF00 0x78043800 \b, HD-TV 1920P
>>>7 byte&0xF0 0x10 \b, 16:9
>>4 belong&0xFFFFFF00 0x50002D00 \b, SD-TV 1280I
@ -234,13 +277,13 @@
>3 byte&0xC0 0x40 \b, JntStereo
>3 byte&0xC0 0x80 \b, 2x Monaural
>3 byte&0xC0 0xC0 \b, Monaural
#>1 byte ^0x01 \b, Data Verify
#>2 byte &0x02 \b, Packet Pad
#>2 byte &0x01 \b, Custom Flag
#>3 byte &0x08 \b, Copyrighted
#>3 byte &0x04 \b, Original Source
#>3 byte&0x03 1 \b, NR: 50/15 ms
#>3 byte&0x03 3 \b, NR: CCIT J.17
#>1 byte ^0x01 \b, Data Verify
#>2 byte &0x02 \b, Packet Pad
#>2 byte &0x01 \b, Custom Flag
#>3 byte &0x08 \b, Copyrighted
#>3 byte &0x04 \b, Original Source
#>3 byte&0x03 1 \b, NR: 50/15 ms
#>3 byte&0x03 3 \b, NR: CCIT J.17
# MP2, M1A
0 beshort&0xFFFE 0xFFFC MPEG ADTS, layer II, v1
@ -268,47 +311,51 @@
>3 byte&0xC0 0x40 \b, JntStereo
>3 byte&0xC0 0x80 \b, 2x Monaural
>3 byte&0xC0 0xC0 \b, Monaural
#>1 byte ^0x01 \b, Data Verify
#>2 byte &0x02 \b, Packet Pad
#>2 byte &0x01 \b, Custom Flag
#>3 byte &0x08 \b, Copyrighted
#>3 byte &0x04 \b, Original Source
#>3 byte&0x03 1 \b, NR: 50/15 ms
#>3 byte&0x03 3 \b, NR: CCIT J.17
#>1 byte ^0x01 \b, Data Verify
#>2 byte &0x02 \b, Packet Pad
#>2 byte &0x01 \b, Custom Flag
#>3 byte &0x08 \b, Copyrighted
#>3 byte &0x04 \b, Original Source
#>3 byte&0x03 1 \b, NR: 50/15 ms
#>3 byte&0x03 3 \b, NR: CCIT J.17
# MPA, M1A
0 beshort&0xFFFE 0xFFFE MPEG ADTS, layer I, v1
# modified by Joerg Jenderek
# GRR the original test are too common for many DOS files, so test 32 <= kbits <= 448
0 beshort&0xFFFE 0xFFFE
>2 byte&0xF0 >0x0F
>>2 byte&0xF0 <0xE1 MPEG ADTS, layer I, v1
# rate
>2 byte&0xF0 0x10 \b, 32 kBits
>2 byte&0xF0 0x20 \b, 64 kBits
>2 byte&0xF0 0x30 \b, 96 kBits
>2 byte&0xF0 0x40 \b, 128 kBits
>2 byte&0xF0 0x50 \b, 160 kBits
>2 byte&0xF0 0x60 \b, 192 kBits
>2 byte&0xF0 0x70 \b, 224 kBits
>2 byte&0xF0 0x80 \b, 256 kBits
>2 byte&0xF0 0x90 \b, 288 kBits
>2 byte&0xF0 0xA0 \b, 320 kBits
>2 byte&0xF0 0xB0 \b, 352 kBits
>2 byte&0xF0 0xC0 \b, 384 kBits
>2 byte&0xF0 0xD0 \b, 416 kBits
>2 byte&0xF0 0xE0 \b, 448 kBits
>>>2 byte&0xF0 0x10 \b, 32 kBits
>>>2 byte&0xF0 0x20 \b, 64 kBits
>>>2 byte&0xF0 0x30 \b, 96 kBits
>>>2 byte&0xF0 0x40 \b, 128 kBits
>>>2 byte&0xF0 0x50 \b, 160 kBits
>>>2 byte&0xF0 0x60 \b, 192 kBits
>>>2 byte&0xF0 0x70 \b, 224 kBits
>>>2 byte&0xF0 0x80 \b, 256 kBits
>>>2 byte&0xF0 0x90 \b, 288 kBits
>>>2 byte&0xF0 0xA0 \b, 320 kBits
>>>2 byte&0xF0 0xB0 \b, 352 kBits
>>>2 byte&0xF0 0xC0 \b, 384 kBits
>>>2 byte&0xF0 0xD0 \b, 416 kBits
>>>2 byte&0xF0 0xE0 \b, 448 kBits
# timing
>2 byte&0x0C 0x00 \b, 44.1 kHz
>2 byte&0x0C 0x04 \b, 48 kHz
>2 byte&0x0C 0x08 \b, 32 kHz
>>>2 byte&0x0C 0x00 \b, 44.1 kHz
>>>2 byte&0x0C 0x04 \b, 48 kHz
>>>2 byte&0x0C 0x08 \b, 32 kHz
# channels/options
>3 byte&0xC0 0x00 \b, Stereo
>3 byte&0xC0 0x40 \b, JntStereo
>3 byte&0xC0 0x80 \b, 2x Monaural
>3 byte&0xC0 0xC0 \b, Monaural
#>1 byte ^0x01 \b, Data Verify
#>2 byte &0x02 \b, Packet Pad
#>2 byte &0x01 \b, Custom Flag
#>3 byte &0x08 \b, Copyrighted
#>3 byte &0x04 \b, Original Source
#>3 byte&0x03 1 \b, NR: 50/15 ms
#>3 byte&0x03 3 \b, NR: CCIT J.17
>>>3 byte&0xC0 0x00 \b, Stereo
>>>3 byte&0xC0 0x40 \b, JntStereo
>>>3 byte&0xC0 0x80 \b, 2x Monaural
>>>3 byte&0xC0 0xC0 \b, Monaural
#>1 byte ^0x01 \b, Data Verify
#>2 byte &0x02 \b, Packet Pad
#>2 byte &0x01 \b, Custom Flag
#>3 byte &0x08 \b, Copyrighted
#>3 byte &0x04 \b, Original Source
#>3 byte&0x03 1 \b, NR: 50/15 ms
#>3 byte&0x03 3 \b, NR: CCIT J.17
# MP3, M2A
0 beshort&0xFFFE 0xFFF2 MPEG ADTS, layer III, v2
@ -336,13 +383,13 @@
>3 byte&0xC0 0x40 \b, JntStereo
>3 byte&0xC0 0x80 \b, 2x Monaural
>3 byte&0xC0 0xC0 \b, Monaural
#>1 byte ^0x01 \b, Data Verify
#>2 byte &0x02 \b, Packet Pad
#>2 byte &0x01 \b, Custom Flag
#>3 byte &0x08 \b, Copyrighted
#>3 byte &0x04 \b, Original Source
#>3 byte&0x03 1 \b, NR: 50/15 ms
#>3 byte&0x03 3 \b, NR: CCIT J.17
#>1 byte ^0x01 \b, Data Verify
#>2 byte &0x02 \b, Packet Pad
#>2 byte &0x01 \b, Custom Flag
#>3 byte &0x08 \b, Copyrighted
#>3 byte &0x04 \b, Original Source
#>3 byte&0x03 1 \b, NR: 50/15 ms
#>3 byte&0x03 3 \b, NR: CCIT J.17
# MP2, M2A
0 beshort&0xFFFE 0xFFF4 MPEG ADTS, layer II, v2
@ -370,13 +417,13 @@
>3 byte&0xC0 0x40 \b, JntStereo
>3 byte&0xC0 0x80 \b, 2x Monaural
>3 byte&0xC0 0xC0 \b, Monaural
#>1 byte ^0x01 \b, Data Verify
#>2 byte &0x02 \b, Packet Pad
#>2 byte &0x01 \b, Custom Flag
#>3 byte &0x08 \b, Copyrighted
#>3 byte &0x04 \b, Original Source
#>3 byte&0x03 1 \b, NR: 50/15 ms
#>3 byte&0x03 3 \b, NR: CCIT J.17
#>1 byte ^0x01 \b, Data Verify
#>2 byte &0x02 \b, Packet Pad
#>2 byte &0x01 \b, Custom Flag
#>3 byte &0x08 \b, Copyrighted
#>3 byte &0x04 \b, Original Source
#>3 byte&0x03 1 \b, NR: 50/15 ms
#>3 byte&0x03 3 \b, NR: CCIT J.17
# MPA, M2A
0 beshort&0xFFFE 0xFFF6 MPEG ADTS, layer I, v2
@ -404,13 +451,13 @@
>3 byte&0xC0 0x40 \b, JntStereo
>3 byte&0xC0 0x80 \b, 2x Monaural
>3 byte&0xC0 0xC0 \b, Monaural
#>1 byte ^0x01 \b, Data Verify
#>2 byte &0x02 \b, Packet Pad
#>2 byte &0x01 \b, Custom Flag
#>3 byte &0x08 \b, Copyrighted
#>3 byte &0x04 \b, Original Source
#>3 byte&0x03 1 \b, NR: 50/15 ms
#>3 byte&0x03 3 \b, NR: CCIT J.17
#>1 byte ^0x01 \b, Data Verify
#>2 byte &0x02 \b, Packet Pad
#>2 byte &0x01 \b, Custom Flag
#>3 byte &0x08 \b, Copyrighted
#>3 byte &0x04 \b, Original Source
#>3 byte&0x03 1 \b, NR: 50/15 ms
#>3 byte&0x03 3 \b, NR: CCIT J.17
# MP3, M25A
0 beshort&0xFFFE 0xFFE2 MPEG ADTS, layer III, v2.5
@ -438,13 +485,13 @@
>3 byte&0xC0 0x40 \b, JntStereo
>3 byte&0xC0 0x80 \b, 2x Monaural
>3 byte&0xC0 0xC0 \b, Monaural
#>1 byte ^0x01 \b, Data Verify
#>2 byte &0x02 \b, Packet Pad
#>2 byte &0x01 \b, Custom Flag
#>3 byte &0x08 \b, Copyrighted
#>3 byte &0x04 \b, Original Source
#>3 byte&0x03 1 \b, NR: 50/15 ms
#>3 byte&0x03 3 \b, NR: CCIT J.17
#>1 byte ^0x01 \b, Data Verify
#>2 byte &0x02 \b, Packet Pad
#>2 byte &0x01 \b, Custom Flag
#>3 byte &0x08 \b, Copyrighted
#>3 byte &0x04 \b, Original Source
#>3 byte&0x03 1 \b, NR: 50/15 ms
#>3 byte&0x03 3 \b, NR: CCIT J.17
# AAC (aka MPEG-2 NBC audio) and MPEG-4 audio
@ -474,13 +521,13 @@
# Live or stored single AAC stream (used with MPEG-2 systems)
0 beshort&0xFFF6 0xFFF0 MPEG ADTS, AAC
>1 byte ^0x08 \b, v2
>1 byte &0x08 \b, v4
>1 byte &0x08 \b, v2
>1 byte ^0x08 \b, v4
# profile
>>2 byte &0xC0 \b LTP
>2 byte&0xc0 0x00 \b, Main
>2 byte&0xc0 0x40 \b, LC
>2 byte&0xc0 0x80 \b, SSR
>2 byte&0xc0 0x00 \b Main
>2 byte&0xc0 0x40 \b LC
>2 byte&0xc0 0x80 \b SSR
# timing
>2 byte&0x3c 0x00 \b, 96 kHz
>2 byte&0x3c 0x04 \b, 88.2 kHz
@ -494,7 +541,7 @@
>2 byte&0x3c 0x24 \b, 12 kHz
>2 byte&0x3c 0x28 \b, 11.025 kHz
>2 byte&0x3c 0x2c \b, 8 kHz
# channels/options
# channels
>2 beshort&0x01c0 0x0040 \b, monaural
>2 beshort&0x01c0 0x0080 \b, stereo
>2 beshort&0x01c0 0x00c0 \b, stereo + center
@ -564,35 +611,6 @@
# \003. Most of them start with non-null values at hex offset 0x34 or so.
#0 string \3\0\0\0\0\0\0\0\0\0\0\0 DL version 3
# SGI formats
0 string MOVI Silicon Graphics movie file
# Apple Quicktime and ISO types
4 string moov Apple QuickTime
>12 string mvhd \b movie (fast start)
>12 string mdra \b URL
>12 string cmov \b movie (fast start, compressed header)
>12 string rmra \b multiple URLs
4 string mdat Apple QuickTime movie (unoptimized)
4 string wide Apple QuickTime movie (unoptimized)
4 string skip Apple QuickTime movie (modified)
4 string free Apple QuickTime movie (modified)
4 string idsc Apple QuickTime image (fast start)
4 string idat Apple QuickTime image (unoptimized)
4 string pckg Apple QuickTime compressed archive
4 string/B jP JPEG 2000 image
4 string ftyp ISO Media
>8 string isom \b, MPEG v4 system
>8 string mp41 \b, MPEG v4 system, version 1
>8 string mp42 \b, MPEG v4 system, version 2
>8 string/B jp2 \b, JPEG 2000 image
>8 string 3gp \b, MPEG v4 system, 3GPP (H.263/AMR)
>8 string mmp4 \b, MPEG v4 system, Mobile
>8 string/B M4A \b, MPEG v4 system, iTunes AAC-LC
>8 string/B M4P \b, MPEG v4 system, ISMA encrypted AAC-LC
>8 string/B M4B \b, MPEG v4 system, iTunes AAC-LC/AMR
>8 string/B qt \b, Apple QuickTime movie
# iso 13818 transport stream
#
# from Oskar Schirmer <schirmer@scara.com> Feb 3, 2001 (ISO 13818.1)
@ -654,3 +672,9 @@
>0x26 ubeshort x %dµs,
>0x42 ubeshort 0 no audio
>0x42 ubeshort >0 %dHz audio
# From: "Stefan A. Haubenthal" <polluks@web.de>
0 string DVDVIDEO-VTS Video title set,
>0x21 byte x v%x
0 string DVDVIDEO-VMG Video manager,
>0x21 byte x v%x

41
contrib/file/Magdir/apple
View File

@ -148,3 +148,44 @@
# information seems to be more useful.
#0 long 0x45520200
#>0x410 string disk\ image UDIF read/write image (UDRW)
# From: Toby Peterson <toby@apple.com>
0 string bplist00 Apple binary property list
# Apple binary property list (bplist)
# Assumes version bytes are hex.
# Provides content hints for version 0 files. Assumes that the root
# object is the first object (true for CoreFoundation implementation).
# From: David Remahl <dremahl@apple.com>
0 string bplist
>6 byte x \bCoreFoundation binary property list data, version 0x%c
>>7 byte x \b%c
>6 string 00 \b
>>8 byte&0xF0 0x00 \b
>>>8 byte&0x0F 0x00 \b, root type: null
>>>8 byte&0x0F 0x08 \b, root type: false boolean
>>>8 byte&0x0F 0x09 \b, root type: true boolean
>>8 byte&0xF0 0x10 \b, root type: integer
>>8 byte&0xF0 0x20 \b, root type: real
>>8 byte&0xF0 0x30 \b, root type: date
>>8 byte&0xF0 0x40 \b, root type: data
>>8 byte&0xF0 0x50 \b, root type: ascii string
>>8 byte&0xF0 0x60 \b, root type: unicode string
>>8 byte&0xF0 0x80 \b, root type: uid (CORRUPT)
>>8 byte&0xF0 0xa0 \b, root type: array
>>8 byte&0xF0 0xd0 \b, root type: dictionary
# Apple/NeXT typedstream data
# Serialization format used by NeXT and Apple for various
# purposes in YellowStep/Cocoa, including some nib files.
# From: David Remahl <dremahl@apple.com>
2 string typedstream NeXT/Apple typedstream data, big endian
>0 byte x \b, version %hhd
>0 byte <5 \b
>>13 byte 0x81 \b
>>>14 ubeshort x \b, system %hd
2 string streamtyped NeXT/Apple typedstream data, little endian
>0 byte x \b, version %hhd
>0 byte <5 \b
>>13 byte 0x81 \b
>>>14 uleshort x \b, system %hd

424
contrib/file/Magdir/archive
View File

@ -29,12 +29,17 @@
# Debian package (needs to go before regular portable archives)
#
0 string !<arch>\ndebian
0 string =!<arch>\ndebian
>8 string debian-split part of multipart Debian package
>8 string debian-binary Debian binary package
>68 string >\0 (format %s)
>81 string bz2 \b, uses bzip2 compression
>84 string gz \b, uses gzip compression
# These next two lines do not work, because a bzip2 Debian archive
# still uses gzip for the control.tar (first in the archive). Only
# data.tar varies, and the location of its filename varies too.
# file/libmagic does not current have support for ascii-string based
# (offsets) as of 2005-09-15.
#>81 string bz2 \b, uses bzip2 compression
#>84 string gz \b, uses gzip compression
#>136 ledate x created: %s
# other archives
@ -47,7 +52,7 @@
# MIPS archive (needs to go before regular portable archives)
#
0 string !<arch>\n__________E MIPS archive
0 string =!<arch>\n__________E MIPS archive
>20 string U with MIPS Ucode members
>21 string L with MIPSEL members
>21 string B with MIPSEB members
@ -61,7 +66,7 @@
# XXX - why are there multiple <ar> thingies? Note that 0x213c6172 is
# "!<ar", so, for new-style (4.xBSD/SVR2andup) archives, we have:
#
# 0 string !<arch> current ar archive
# 0 string =!<arch> current ar archive
# 0 long 0x213c6172 archive file
#
# and for SVR1 archives, we have:
@ -73,7 +78,7 @@
# and absolute code program modules in the same format as new-style
# "ar" archives?
#
0 string !<arch> current ar archive
0 string =!<arch> current ar archive
>8 string __.SYMDEF random library
>0 belong =65538 - pre SR9.5
>0 belong =65539 - post SR9.5
@ -121,17 +126,313 @@
0 lelong&0x8080ffff 0x0000031a ARC archive data, packed
0 lelong&0x8080ffff 0x0000041a ARC archive data, squeezed
0 lelong&0x8080ffff 0x0000061a ARC archive data, crunched
# [JW] stuff taken from idarc, obviously ARC successors:
0 lelong&0x8080ffff 0x00000a1a PAK archive data
0 lelong&0x8080ffff 0x0000141a ARC+ archive data
0 lelong&0x8080ffff 0x0000481a HYP archive data
# Acorn archive formats (Disaster prone simpleton, m91dps@ecs.ox.ac.uk)
# I can't create either SPARK or ArcFS archives so I have not tested this stuff
# [GRR: the original entries collide with ARC, above; replaced with combined
# version (not tested)]
#0 byte 0x1a RISC OS archive
#>1 string archive (ArcFS format)
#0 string \032archive RISC OS archive (ArcFS format)
0 string \032 RISC OS archive (spark format)
#0 byte 0x1a RISC OS archive (spark format)
0 string \032archive RISC OS archive (ArcFS format)
0 string Archive\000 RISC OS archive (ArcFS format)
# All these were taken from idarc, many could not be verified. Unfortunately,
# there were many low-quality sigs, i.e. easy to trigger false positives.
# Please notify me of any real-world fishy/ambiguous signatures and I'll try
# to get my hands on the actual archiver and see if I find something better. [JW]
# probably many can be enhanced by finding some 0-byte or control char near the start
# idarc calls this Crush/Uncompressed... *shrug*
0 string CRUSH Crush archive data
# Squeeze It (.sqz)
0 string HLSQZ Squeeze It archive data
# SQWEZ
0 string SQWEZ SQWEZ archive data
# HPack (.hpk)
0 string HPAK HPack archive data
# HAP
0 string \x91\x33HF HAP archive data
# MD/MDCD
0 string MDmd MDCD archive data
# LIM
0 string LIM\x1a LIM archive data
# SAR
3 string LH5 SAR archive data
# BSArc/BS2
0 string \212\3SB \0 BSArc/BS2 archive data
# MAR
2 string =-ah MAR archive data
# ACB
0 belong&0x00f800ff 0x00800000 ACB archive data
# CPZ
# TODO, this is what idarc says: 0 string \0\0\0 CPZ archive data
# JRC
0 string JRchive JRC archive data
# Quantum
0 string DS\0 Quantum archive data
# ReSOF
0 string PK\3\6 ReSOF archive data
# QuArk
0 string 7\4 QuArk archive data
# YAC
14 string YC YAC archive data
# X1
0 string X1 X1 archive data
0 string XhDr X1 archive data
# CDC Codec (.dqt)
0 belong&0xffffe000 0x76ff2000 CDC Codec archive data
# AMGC
0 string \xad6" AMGC archive data
# NuLIB
0 string NõFélå NuLIB archive data
# PakLeo
0 string LEOLZW PAKLeo archive data
# ChArc
0 string SChF ChArc archive data
# PSA
0 string PSA PSA archive data
# CrossePAC
0 string DSIGDCC CrossePAC archive data
# Freeze
0 string \x1f\x9f\x4a\x10\x0a Freeze archive data
# KBoom
0 string ¨MP¨ KBoom archive data
# NSQ, must go after CDC Codec
0 string \x76\xff NSQ archive data
# DPA
0 string Dirk\ Paehl DPA archive data
# BA
# TODO: idarc says "bytes 0-2 == bytes 3-5"
# TTComp
0 string \0\6 TTComp archive data
# ESP, could this conflict with Easy Software Products' (e.g.ESP ghostscript) documentation?
0 string ESP ESP archive data
# ZPack
0 string \1ZPK\1 ZPack archive data
# Sky
0 string \xbc\x40 Sky archive data
# UFA
0 string UFA UFA archive data
# Dry
0 string =-H2O DRY archive data
# FoxSQZ
0 string FOXSQZ FoxSQZ archive data
# AR7
0 string ,AR7 AR7 archive data
# PPMZ
0 string PPMZ PPMZ archive data
# MS Compress
4 string \x88\xf0\x27 MS Compress archive data
# updated by Joerg Jenderek
>9 string \0
>>0 string KWAJ
>>>7 string \321\003 MS Compress archive data
>>>>14 ulong >0 \b, original size: %ld bytes
>>>>18 ubyte >0x65
>>>>>18 string x \b, was %.8s
>>>>>(10.b-4) string x \b.%.3s
# MP3 (archiver, not lossy audio compression)
0 string MP3\x1a MP3-Archiver archive data
# ZET
0 string OZÝ ZET archive data
# TSComp
0 string \x65\x5d\x13\x8c\x08\x01\x03\x00 TSComp archive data
# ARQ
0 string gW\4\1 ARQ archive data
# Squash
3 string OctSqu Squash archive data
# Terse
0 string \5\1\1\0 Terse archive data
# PUCrunch
0 string \x01\x08\x0b\x08\xef\x00\x9e\x32\x30\x36\x31 PUCrunch archive data
# UHarc
0 string UHA UHarc archive data
# ABComp
0 string \2AB ABComp archive data
0 string \3AB2 ABComp archive data
# CMP
0 string CO\0 CMP archive data
# Splint
0 string \x93\xb9\x06 Splint archive data
# InstallShield
0 string \x13\x5d\x65\x8c InstallShield Z archive Data
# Gather
1 string GTH Gather archive data
# BOA
0 string BOA BOA archive data
# RAX
0 string ULEB\xa RAX archive data
# Xtreme
0 string ULEB\0 Xtreme archive data
# Pack Magic
0 string @â\1\0 Pack Magic archive data
# BTS
0 belong&0xfeffffff 0x1a034465 BTS archive data
# ELI 5750
0 string Ora\ ELI 5750 archive data
# QFC
0 string \x1aFC\x1a QFC archive data
0 string \x1aQF\x1a QFC archive data
# PRO-PACK
0 string RNC PRO-PACK archive data
# 777
0 string 777 777 archive data
# LZS221
0 string sTaC LZS221 archive data
# HPA
0 string HPA HPA archive data
# Arhangel
0 string LG Arhangel archive data
# EXP1, uses bzip2
0 string 0123456789012345BZh EXP1 archive data
# IMP
0 string IMP\xa IMP archive data
# NRV
0 string \x00\x9E\x6E\x72\x76\xFF NRV archive data
# Squish
0 string \x73\xb2\x90\xf4 Squish archive data
# Par
0 string PHILIPP Par archive data
0 string PAR Par archive data
# HIT
0 string UB HIT archive data
# SBX
0 belong&0xfffff000 0x53423000 SBX archive data
# NaShrink
0 string NSK NaShrink archive data
# SAPCAR
0 string #\ CAR\ archive\ header SAPCAR archive data
0 string CAR\ 2.00RG SAPCAR archive data
# Disintegrator
0 string DST Disintegrator archive data
# ASD
0 string ASD ASD archive data
# InstallShield CAB
0 string ISc( InstallShield CAB
# TOP4
0 string T4\x1a TOP4 archive data
# BatComp left out: sig looks like COM executable
# so TODO: get real 4dos batcomp file and find sig
# BlakHole
0 string BH\5\7 BlakHole archive data
# BIX
0 string BIX0 BIX archive data
# ChiefLZA
0 string ChfLZ ChiefLZA archive data
# Blink
0 string Blink Blink archive data
# Logitech Compress
0 string \xda\xfa Logitech Compress archive data
# ARS-Sfx (FIXME: really a SFX? then goto COM/EXE)
1 string (C)\ STEPANYUK ARS-Sfx archive data
# AKT/AKT32
0 string AKT32 AKT32 archive data
0 string AKT AKT archive data
# NPack
0 string MSTSM NPack archive data
# PFT
0 string \0\x50\0\x14 PFT archive data
# SemOne
0 string SEM SemOne archive data
# PPMD
0 string \x8f\xaf\xac\x84 PPMD archive data
# FIZ
0 string FIZ FIZ archive data
# MSXiE
0 belong&0xfffff0f0 0x4d530000 MSXiE archive data
# DeepFreezer
0 belong&0xfffffff0 0x797a3030 DeepFreezer archive data
# DC
0 string =<DC- DC archive data
# TPac
0 string \4TPAC\3 TPac archive data
# Ai
0 string Ai\1\1\0 Ai archive data
0 string Ai\1\0\0 Ai archive data
# Ai32
0 string Ai\2\0 Ai32 archive data
0 string Ai\2\1 Ai32 archive data
# SBC
0 string SBC SBC archive data
# Ybs
0 string YBS Ybs archive data
# DitPack
0 string \x9e\0\0 DitPack archive data
# DMS
0 string DMS! DMS archive data
# EPC
0 string \x8f\xaf\xac\x8c EPC archive data
# VSARC
0 string VS\x1a VSARC archive data
# PDZ
0 string PDZ PDZ archive data
# ReDuq
0 string rdqx ReDuq archive data
# GCA
0 string GCAX GCA archive data
# PPMN
0 string pN PPMN archive data
# WinImage
3 string WINIMAGE WinImage archive data
# Compressia
0 string CMP0CMP Compressia archive data
# UHBC
0 string UHB UHBC archive data
# WinHKI
0 string \x61\x5C\x04\x05 WinHKI archive data
# WWPack data file
0 string WWP WWPack archive data
# BSN (BSA, PTS-DOS)
0 string \xffBSG BSN archive data
1 string \xffBSG BSN archive data
3 string \xffBSG BSN archive data
1 string \0\xae\2 BSN archive data
1 string \0\xae\3 BSN archive data
1 string \0\xae\7 BSN archive data
# AIN
0 string \x33\x18 AIN archive data
0 string \x33\x17 AIN archive data
# XPA32
0 string xpa\0\1 XPA32 archive data
# SZip (TODO: doesn't catch all versions)
0 string SZ\x0a\4 SZip archive data
# XPack DiskImage
0 string jm XPack DiskImage archive data
# XPack Data
0 string xpa XPack archive data
# XPack Single Data
0 string Í\ jm XPack single archive data
# TODO: missing due to unknown magic/magic at end of file:
#DWC
#ARG
#ZAR
#PC/3270
#InstallIt
#RKive
#RK
#XPack Diskimage
# These were inspired by idarc, but actually verified
# Dzip archiver (.dz)
0 string DZ Dzip archive data
>2 byte x \b, version %i
>3 byte x \b.%i
# ZZip archiver (.zz)
0 string ZZ\ \0\0 ZZip archive data
0 string ZZ0 ZZip archive data
# PAQ archiver (.paq)
0 string \xaa\x40\x5f\x77\x1f\xe5\x82\x0d PAQ archive data
0 string PAQ PAQ archive data
>3 byte&0xf0 0x30
>>3 byte x (v%c)
# JAR archiver (.j), this is the successor to ARJ, not Java's JAR (which is essentially ZIP)
0xe string \x1aJar\x1b JAR (ARJ Software, Inc.) archive data
0 string JARCS JAR (ARJ Software, Inc.) archive data
# ARJ archiver (jason@jarthur.Claremont.EDU)
0 leshort 0xea60 ARJ archive data
>5 byte x \b, v%d,
@ -150,6 +451,8 @@
>7 byte 8 os: NeXT
>7 byte 9 os: VAX/VMS
>3 byte >0 %d]
# [JW] idarc says this is also possible
2 leshort 0xea60 ARJ archive data
# HA archiver (Greg Roelofs, newt@uchicago.edu)
# This is a really bad format. A file containing HAWAII will match this...
@ -161,6 +464,15 @@
#>4 byte&0x0f =2 first is type HSC
#>4 byte&0x0f =0x0e first is type DIR
#>4 byte&0x0f =0x0f first is type SPECIAL
# suggestion: at least identify small archives (<1024 files)
0 belong&0xffff00fc 0x48410000 HA archive data
>2 leshort =1 1 file,
>2 leshort >1 %u files,
>4 byte&0x0f =0 first is type CPY
>4 byte&0x0f =1 first is type ASC
>4 byte&0x0f =2 first is type HSC
>4 byte&0x0f =0x0e first is type DIR
>4 byte&0x0f =0x0f first is type SPECIAL
# HPACK archiver (Peter Gutmann, pgut1@cs.aukuni.ac.nz)
0 string HPAK HPACK archive data
@ -174,12 +486,12 @@
>>0x36 string >\0 fstype %.8s
# LHARC/LHA archiver (Greg Roelofs, newt@uchicago.edu)
2 string -lh0- LHarc 1.x archive data [lh0]
2 string -lh1- LHarc 1.x archive data [lh1]
2 string -lh0- LHarc 1.x/ARX archive data [lh0]
2 string -lh1- LHarc 1.x/ARX archive data [lh1]
2 string -lz4- LHarc 1.x archive data [lz4]
2 string -lz5- LHarc 1.x archive data [lz5]
# [never seen any but the last; -lh4- reported in comp.compression:]
2 string -lzs- LHa 2.x? archive data [lzs]
2 string -lzs- LHa/LZS archive data [lzs]
2 string -lh\40- LHa 2.x? archive data [lh ]
2 string -lhd- LHa 2.x? archive data [lhd]
2 string -lh2- LHa 2.x? archive data [lh2]
@ -187,8 +499,12 @@
2 string -lh4- LHa (2.x) archive data [lh4]
2 string -lh5- LHa (2.x) archive data [lh5]
2 string -lh6- LHa (2.x) archive data [lh6]
2 string -lh7- LHa (2.x) archive data [lh7]
2 string -lh7- LHa (2.x)/LHark archive data [lh7]
>20 byte x - header level %d
# taken from idarc [JW]
2 string -lZ PUT archive data
2 string -lz LZS archive data
2 string -sw1- Swag archive data
# RAR archiver (Greg Roelofs, newt@uchicago.edu)
0 string Rar! RAR archive data,
@ -197,20 +513,77 @@
>35 byte 1 os: OS/2
>35 byte 2 os: Win32
>35 byte 3 os: Unix
# some old version? idarc says:
0 string RE\x7e\x5e RAR archive data
# SQUISH archiver (Greg Roelofs, newt@uchicago.edu)
0 string SQSH squished archive data (Acorn RISCOS)
# UC2 archiver (Greg Roelofs, newt@uchicago.edu)
# I can't figure out the self-extracting form of these buggers...
# [JW] see exe section for self-extracting version
0 string UC2\x1a UC2 archive data
# ZIP archives (Greg Roelofs, c/o zip-bugs@wkuvx1.wku.edu)
0 string PK\003\004 Zip archive data
>4 byte 0x09 \b, at least v0.9 to extract
>4 byte 0x0a \b, at least v1.0 to extract
>4 byte 0x0b \b, at least v1.1 to extract
>4 byte 0x14 \b, at least v2.0 to extract
0 string PK\003\004
>4 byte 0x09 Zip archive data, at least v0.9 to extract
>4 byte 0x0a Zip archive data, at least v1.0 to extract
>4 byte 0x0b Zip archive data, at least v1.1 to extract
>4 byte 0x14
>>30 ubelong !0x6d696d65 Zip archive data, at least v2.0 to extract
# OpenOffice.org / KOffice / StarOffice documents
# From: Abel Cheung <abel@oaka.org>
# Listed here because they are basically zip files
>>30 string mimetype
# KOffice (1.2 or above) formats
>>>50 string vnd.kde. KOffice (>=1.2)
>>>>58 string karbon Karbon document
>>>>58 string kchart KChart document
>>>>58 string kformula KFormula document
>>>>58 string kivio Kivio document
>>>>58 string kontour Kontour document
>>>>58 string kpresenter KPresenter document
>>>>58 string kspread KSpread document
>>>>58 string kword KWord document
# OpenOffice formats (for OpenOffice 1.x / StarOffice 6/7)
>>>50 string vnd.sun.xml. OpenOffice.org 1.x
>>>>62 string writer Writer
>>>>>68 byte !0x2e document
>>>>>68 string .template template
>>>>>68 string .global global document
>>>>62 string calc Calc
>>>>>66 byte !0x2e spreadsheet
>>>>>66 string .template template
>>>>62 string draw Draw
>>>>>66 byte !0x2e document
>>>>>66 string .template template
>>>>62 string impress Impress
>>>>>69 byte !0x2e presentation
>>>>>69 string .template template
>>>>62 string math Math document
# OpenDocument formats (for OpenOffice 2.x / StarOffice >= 8)
# http://lists.oasis-open.org/archives/office/200505/msg00006.html
>>>50 string vnd.oasis.opendocument. OpenDocument
>>>>73 string text
>>>>>77 byte !0x2d Text
>>>>>77 string -template Text Template
>>>>>77 string -web HTML Document Template
>>>>>77 string -master Master Document
>>>>73 string graphics Drawing
>>>>>81 string -template Template
>>>>73 string presentation Presentation
>>>>>85 string -template Template
>>>>73 string spreadsheet Spreadsheet
>>>>>84 string -template Template
>>>>73 string chart Chart
>>>>>78 string -template Template
>>>>73 string formula Formula
>>>>>80 string -template Template
>>>>73 string database Database
>>>>73 string image Image
# Zoo archiver
20 lelong 0xfdc4a7dc Zoo archive data
@ -284,7 +657,7 @@
# ACE archive (from http://www.wotsit.org/download.asp?f=ace)
# by Stefan `Sec` Zehl <sec@42.org>
7 string **ACE** ACE compressed archive
7 string **ACE** ACE archive data
>15 byte >0 version %d
>16 byte =0x00 \b, from MS-DOS
>16 byte =0x01 \b, from OS/2
@ -306,7 +679,7 @@
>5 leshort &0x0400 \b, small dictionary
>5 leshort &0x0800 \b, multi-volume
>5 leshort &0x1000 \b, contains AV-String
>>30 string\x16*UNREGISTERED\x20VERSION* (unregistered)
>>30 string \x16*UNREGISTERED\x20VERSION* (unregistered)
>5 leshort &0x2000 \b, with recovery record
>5 leshort &0x4000 \b, locked
>5 leshort &0x8000 \b, solid
@ -320,3 +693,10 @@
>>0x1 string >\0 Version %s
>>0x2A string >\0 : %s
# DR-DOS 7.03 Packed File *.??_
0 string Packed\ File\ Personal NetWare Packed File
>12 string x \b, was "%.12s"
# EET archive
# From: Tilman Sauerbeck <tilman@code-monkey.de>
0 belong 0x1ee7ff00 EET archive

90
contrib/file/Magdir/audio
View File

@ -131,7 +131,7 @@
0 string Extended\ Module: Fasttracker II module sound data
>17 string >\0 Title: "%s"
21 string/c !SCREAM! Screamtracker 2 module sound data
21 string/c =!SCREAM! Screamtracker 2 module sound data
21 string BMOD2STM Screamtracker 2 module sound data
1080 string M.K. 4-channel Protracker module sound data
>0 string >\0 Title: "%s"
@ -236,7 +236,7 @@
>122 byte&0x1 =1 PAL
>122 byte&0x1 =0 NTSC
# Impuse tracker module (audio/x-it)
# Impulse tracker module (audio/x-it)
0 string IMPM Impulse Tracker module sound data -
>4 string >\0 "%s"
>40 leshort !0 compatible w/ITv%x
@ -399,13 +399,83 @@
# From "Simon Hosie
0 string TFMX-SONG TFMX module sound data
# Monkey's Audio compressed audio format (.ape)
# From danny.milo@gmx.net (Danny Milosavljevic)
# monkeysaudio for magic.mime
0 string MAC\ X/Monkey audio,
>4 leshort >0 version %d,
>6 leshort >0 compression level %d,
>8 leshort >0 flags %x,
>10 leshort >0 channels %d,
>12 lelong >0 samplerate %d,
>24 lelong >0 frames %d
# New version from Abel Cheung <abel (@) oaka.org>
0 string MAC\040 Monkey's Audio compressed format
>4 uleshort >0x0F8B version %d
>>(0x08.l) uleshort =1000 with fast compression
>>(0x08.l) uleshort =2000 with normal compression
>>(0x08.l) uleshort =3000 with high compression
>>(0x08.l) uleshort =4000 with extra high compression
>>(0x08.l) uleshort =5000 with insane compression
>>(0x08.l+18) uleshort =1 \b, mono
>>(0x08.l+18) uleshort =2 \b, stereo
>>(0x08.l+20) ulelong x \b, sample rate %d
>4 uleshort <0x0F8C version %d
>>6 uleshort =1000 with fast compression
>>6 uleshort =2000 with normal compression
>>6 uleshort =3000 with high compression
>>6 uleshort =4000 with extra high compression
>>6 uleshort =5000 with insane compression
>>10 uleshort =1 \b, mono
>>10 uleshort =2 \b, stereo
>>12 ulelong x \b, sample rate %d
# adlib sound files
# From Gürkan Sengün <gurkan@linuks.mine.nu>, http://www.linuks.mine.nu
0 string RAWADATA RdosPlay RAW
1068 string RoR AMUSIC Adlib Tracker
0 string JCH EdLib
0 string mpu401tr MPU-401 Trakker
0 string SAdT Surprise! Adlib Tracker
>4 byte x Version %d
0 string XAD! eXotic ADlib
0 string ofTAZ! eXtra Simple Music
# Spectrum 128 tunes (.ay files).
# From: Emanuel Haupt <ehaupt@critical.ch>
0 string ZXAYEMUL Spectrum 128 tune
# From: Alex Beregszaszi <alex@fsn.hu>
0 string MP+ Musepack
>3 byte&0x0f x SV%d
0 string \0BONK BONK,
#>5 byte x version %d
>14 byte x %d channel(s),
>15 byte =1 lossless,
>15 byte =0 lossy,
>16 byte x mid-side
384 string LockStream LockStream Embedded file (mostly MP3 on old Nokia phones)
# format VQF (proprietary codec for sound)
# some infos on the header file available at :
# http://www.twinvq.org/english/technology_format.html
0 string TWIN97012000 VQF data
>27 short 0 \b, Mono
>27 short 1 \b, Stereo
>31 short >0 \b, %d kbit/s
>35 short >0 \b, %d kHz
# Nelson A. de Oliveira (naoliv@gmail.com)
# .eqf
0 string Winamp\ EQ\ library\ file %s
# it will match only versions like v<digit>.<digit>
# Since I saw only eqf files with version v1.1 I think that it's OK
>23 string x \b%.4s
# .preset
0 string \[Equalizer\ preset\] XMMS equalizer preset
# .m3u
0 string \#EXTM3U M3U playlist
# .pls
0 string \[playlist\] PLS playlist
# licq.conf
1 string \[licq\] LICQ configuration file

16
contrib/file/Magdir/basis Normal file
View File

@ -0,0 +1,16 @@
#----------------------------------------------------------------
# basis: file(1) magic for BBx/Pro5-files
# Oliver Dammer <dammer@olida.de> 2005/11/07
# http://www.basis.com business-basic-files.
#
0 string \074\074bbx\076\076 BBx
>7 string \000 indexed file
>7 string \001 serial file
>7 string \002 keyed file
>>13 short 0 (sort)
>7 string \004 program
>>18 byte x (LEVEL %d)
>>>23 string >\000 psaved
>7 string \006 mkeyed file
>>13 short 0 (sort)
>>8 string \000 (mkey)

12
contrib/file/Magdir/bflt Normal file
View File

@ -0,0 +1,12 @@
#------------------------------------------------------------------------------
# bFLT: file(1) magic for BFLT uclinux binary files
#
# From Philippe De Muyter <phdm@macqel.be>
#
0 string bFLT BFLT executable
>4 belong x - version %ld
>4 belong 4
>>36 belong&0x1 0x1 ram
>>36 belong&0x2 0x2 gotpic
>>36 belong&0x4 0x4 gzip
>>36 belong&0x8 0x8 gzdata

2
contrib/file/Magdir/bout
View File

@ -5,5 +5,5 @@
>16 long >0 not stripped
#
# b.out archive (hp-rt on i960)
0 string !<bout> b.out archive
0 string =!<bout> b.out archive
>8 string __.SYMDEF random library

11
contrib/file/Magdir/btsnoop Normal file
View File

@ -0,0 +1,11 @@
#------------------------------------------------------------------------------
# BTSnoop: file(1) magic for BTSnoop files
#
# From <marcel@holtmann.org>
0 string btsnoop\0 BTSnoop
>8 belong x version %d,
>12 belong 1001 Unencapsulated HCI
>12 belong 1002 HCI UART (H4)
>12 belong 1003 HCI BCSP
>12 belong 1004 HCI Serial (H5)
>>12 belong x type %d

19
contrib/file/Magdir/c64
View File

@ -2,7 +2,7 @@
#------------------------------------------------------------------------------
# c64: file(1) magic for various commodore 64 related files
#
# From <doj@cubic.org>
# From: Dirk Jagdmann <doj@cubic.org>
0x16500 belong 0x12014100 D64 Image
0x16500 belong 0x12014180 D71 Image
@ -11,7 +11,7 @@
0 belong 0x43154164 X64 Image
0 string GCR-1541 GCR Image
>8 byte x version: $i
>8 byte x version: %i
>9 byte x tracks: %i
9 string PSUR ARC archive (c64)
@ -25,3 +25,18 @@
0 string CBM\144\0\0 Power 64 C64 Emulator Snapshot
0 belong 0xFF424CFF WRAptor packer (c64)
0 string C64S\x20tape\x20file T64 tape Image
>32 leshort x Version:0x%x
>36 leshort !0 Entries:%i
>40 string x Name:%.24s
0 string C64\x20tape\x20image\x20file\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0 T64 tape Image
>32 leshort x Version:0x%x
>36 leshort !0 Entries:%i
>40 string x Name:%.24s
0 string C64S\x20tape\x20image\x20file\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0 T64 tape Image
>32 leshort x Version:0x%x
>36 leshort !0 Entries:%i
>40 string x Name:%.24s

32
contrib/file/Magdir/cad
View File

@ -11,7 +11,7 @@
>5 string \064\000\000\000\000 DWG ver. R14
# Microstation DGN/CIT Files (www.bentley.com)
# Written October 30, 2003 by Lester Hightower
# Last updated July 29, 2005 by Lester Hightower
# DGN is the default file extension of Microstation/Intergraph CAD files.
# CIT is the proprietary raster format (similar to TIFF) used to attach
# raster underlays to Microstation DGN (vector) drawings.
@ -24,13 +24,31 @@
# 3F86C928&method=display&p_objectid=97F351F5-9C35-4E5E-89C280A93F86C928
# http://www.bentley.com/products/default.cfm?objectid=A5C2FD43-3AC9-4C71-B682
# 721C479F&method=display&p_objectid=A5C2FD43-3AC9-4C71-B682C7BE721C479F
0 string \010\011\376 Microstation
>3 string \002
>>30 string \372\104 DGN File
>>30 string \172\104 DGN File
>>30 string \026\105 DGN File
>4 string \030\000\000 CIT File
0 string \010\011\376 Microstation
>3 string \002
>>30 string \026\105 DGNFile
>>30 string \034\105 DGNFile
>>30 string \073\107 DGNFile
>>30 string \073\110 DGNFile
>>30 string \106\107 DGNFile
>>30 string \110\103 DGNFile
>>30 string \120\104 DGNFile
>>30 string \172\104 DGNFile
>>30 string \172\105 DGNFile
>>30 string \234\106 DGNFile
>>30 string \273\105 DGNFile
>>30 string \306\106 DGNFile
>>30 string \310\104 DGNFile
>>30 string \341\104 DGNFile
>>30 string \372\103 DGNFile
>>30 string \372\104 DGNFile
>>30 string \372\106 DGNFile
>>30 string \376\103 DGNFile
>4 string \030\000\000 CITFile
>4 string \030\000\003 CITFile
# AutoCad, from Nahuel Greco
# AutoCAD DWG versions R12/R13/R14 (www.autodesk.com)
0 string AC1012 AutoCad (release 12)
0 string AC1013 AutoCad (release 13)
0 string AC1014 AutoCad (release 14)

3
contrib/file/Magdir/commands
View File

@ -27,7 +27,8 @@
#
0 string/b #!\ /bin/awk awk script text executable
0 string/b #!\ /usr/bin/awk awk script text executable
0 string BEGIN awk script text
# update to distinguish from *.vcf files
0 regex BEGIN[[:space:]]*[{] awk script text
# AT&T Bell Labs' Plan 9 shell
0 string/b #!\ /bin/rc Plan 9 rc shell script text executable

33
contrib/file/Magdir/compress
View File

@ -22,22 +22,28 @@
>2 byte <8 \b, reserved method
>2 byte >8 \b, unknown method
>3 byte &0x01 \b, ASCII
>3 byte &0x02 \b, continuation
>3 byte &0x02 \b, has CRC
>3 byte &0x04 \b, extra field
>3 byte&0xC =0x08
>>10 string x \b, was "%s"
>9 byte =0x00 \b, from MS-DOS
>3 byte &0x10 \b, has comment
>9 byte =0x00 \b, from FAT filesystem (MS-DOS, OS/2, NT)
>9 byte =0x01 \b, from Amiga
>9 byte =0x02 \b, from VMS
>9 byte =0x03 \b, from Unix
>9 byte =0x04 \b, from VM/CMS
>9 byte =0x05 \b, from Atari
>9 byte =0x06 \b, from OS/2
>9 byte =0x06 \b, from HPFS filesystem (OS/2, NT)
>9 byte =0x07 \b, from MacOS
>9 byte =0x0A \b, from Tops/20
>9 byte =0x0B \b, from Win/32
>9 byte =0x08 \b, from Z-System
>9 byte =0x09 \b, from CP/M
>9 byte =0x0A \b, from TOPS/20
>9 byte =0x0B \b, from NTFS filesystem (NT)
>9 byte =0x0C \b, from QDOS
>9 byte =0x0D \b, from Acorn RISCOS
>3 byte &0x10 \b, comment
>3 byte &0x20 \b, encrypted
### >4 ledate x last modified: %s,
>4 ledate >0 \b, last modified: %s
>8 byte 2 \b, max compression
>8 byte 4 \b, max speed
@ -161,12 +167,23 @@
>4 belong 0x090A0C0C very good compression
>4 belong 0x090A0C0D best compression
# 7z archiver, from Thomas Klausner (wiz@danbala.tuwien.ac.at)
# 7-zip archiver, from Thomas Klausner (wiz@danbala.tuwien.ac.at)
# http://www.7-zip.org or DOC/7zFormat.txt
#
0 string 7z\274\257\047\034 7z archive data,
0 string 7z\274\257\047\034 7-zip archive data,
>6 byte x version %d
>7 byte x \b.%d
# AFX compressed files (Wolfram Kleff)
2 string -afx- AFX compressed file data
# Supplementary magic data for the file(1) command to support
# rzip(1). The format is described in magic(5).
#
# Copyright (C) 2003 by Andrew Tridgell. You may do whatever you want with
# this file.
#
0 string RZIP rzip compressed data
>4 byte x - version %d
>5 byte x \b.%d
>6 belong x (%d bytes)

36
contrib/file/Magdir/console
View File

@ -161,37 +161,7 @@
>2 beshort x RAM start $%04x
>6 string BS93
#------------------------------------------------------------------------------
# Z-machine: file(1) magic for Z-machine binaries.
#
# This will match ${TEX_BASE}/texmf/omega/ocp/char2uni/inbig5.ocp which
# appears to be a version-0 Z-machine binary.
#
# The (false match) message is to correct that behavior. Perhaps it is
# not needed.
#
>16 belong&0xfe00f0f0 0x3030 Infocom game data
>0 ubyte 0 (false match)
>0 ubyte >0 (Z-machine %d,
>>2 ubeshort x Release %d /
>>18 string >\0 Serial %.6s)
#------------------------------------------------------------------------------
# Glulx: file(1) magic for Glulx binaries.
#
# I haven't checked for false matches yet.
#
0 string Glul Glulx game data
# These go at the end of the iff rules
#
# I don't see why these might collide with anything else.
#
# Interactive Fiction related formats
#
>8 string IFRS \b, Blorb Interactive Fiction
>>24 string Exec with executable chunk
>8 string IFZS \b, Z-machine or Glulx saved game file (Quetzal)
# Opera file system that is used on the 3DO console
# From: Serge van den Boom <svdb@stack.nl>
0 string \x01ZZZZZ\x01 3DO "Opera" file system

13
contrib/file/Magdir/cracklib Normal file
View File

@ -0,0 +1,13 @@
#------------------------------------------------------------------------------
# cracklib: file (1) magic for cracklib v2.7
0 lelong 0x70775631 Cracklib password index, little endian
>4 long >0 (%i words)
>4 long 0 ("64-bit")
>>8 long >-1 (%i words)
0 belong 0x70775631 Cracklib password index, big endian
>4 belong >-1 (%i words)
# really bellong 0x0000000070775631
4 belong 0x70775631 Cracklib password index, big endian ("64-bit")
>12 belong >0 (%i words)

2
contrib/file/Magdir/ctags
View File

@ -2,4 +2,4 @@
# ----------------------------------------------------------------------------
# ctags: file (1) magic for Exuberant Ctags files
# From: Alexander Mai <mai@migdal.ikp.physik.tu-darmstadt.de>
0 string !_TAG Exuberant Ctags tag file text
0 string =!_TAG Exuberant Ctags tag file text

13
contrib/file/Magdir/database
View File

@ -67,6 +67,15 @@
>16 belong >0 (Queue, version %d, big-endian)
12 lelong 0x00042253 Berkeley DB
>16 lelong >0 (Queue, version %d, little-endian)
# From Max Bowsher.
12 long 0x00040988 Berkeley DB
>16 long >0 (Log, version %d, native byte-order)
12 belong 0x00040988 Berkeley DB
>16 belong >0 (Log, version %d, big-endian)
12 lelong 0x00040988 Berkeley DB
>16 lelong >0 (Log, version %d, little-endian)
#
#
# Round Robin Database Tool by Tobias Oetiker <oetiker@ee.ethz.ch>
@ -201,3 +210,7 @@
16 string MIT-MAGIC-COOKIE-1 X11 Xauthority data
17 string MIT-MAGIC-COOKIE-1 X11 Xauthority data
18 string MIT-MAGIC-COOKIE-1 X11 Xauthority data
# SQLite (Ty Sarna)
0 string **\ This\ file\ contains\ an\ SQLite SQLite Database
>&1 regex [^\ ]+ Version %s

2
contrib/file/Magdir/diff
View File

@ -6,3 +6,5 @@
0 string ***\ 'diff' output text
0 string Only\ in\ 'diff' output text
0 string Common\ subdirectories:\ 'diff' output text
0 string Index: RCS/CVS diff output text

4
contrib/file/Magdir/digital
View File

@ -1,6 +1,6 @@
# Digital UNIX - Info
#
0 string !<arch>\n________64E Alpha archive
0 string =!<arch>\n________64E Alpha archive
>22 string X -- out of date
#
# Alpha COFF Based Executables
@ -32,7 +32,7 @@
0 string \033c\033 LN03 output
0 long 04553207 X image
#
0 string !<PDF>!\n profiling data file
0 string =!<PDF>!\n profiling data file
#
# Locale data tables (MIPS and Alpha).
#

12
contrib/file/Magdir/dump
View File

@ -79,3 +79,15 @@
>760 string >\0 Device %s,
>824 string >\0 Host %s,
>888 lelong >0 Flags %x
18 leshort 60011 old-fs dump file (16-bit, assuming PDP-11 endianness),
>2 medate x Previous dump %s,
>6 medate x This dump %s,
>10 leshort >0 Volume %ld,
>0 leshort 1 tape header.
>0 leshort 2 beginning of file record.
>0 leshort 3 map of inodes on tape.
>0 leshort 4 continuation of file record.
>0 leshort 5 end of volume.
>0 leshort 6 map of inodes deleted.
>0 leshort 7 end of medium (for floppy).

113
contrib/file/Magdir/elf
View File

@ -11,44 +11,9 @@
0 string \177ELF ELF
>4 byte 0 invalid class
>4 byte 1 32-bit
# only for MIPS - in the future, the ABI field of e_flags should be used.
>>18 leshort 8
>>>36 lelong &0x20 N32
>>18 leshort 10
>>>36 lelong &0x20 N32
>>18 beshort 8
>>>36 belong &0x20 N32
>>18 beshort 10
>>>36 belong &0x20 N32
>4 byte 2 64-bit
>5 byte 0 invalid byte order
>5 byte 1 LSB
# The official e_machine number for MIPS is now #8, regardless of endianness.
# The second number (#10) will be deprecated later. For now, we still
# say something if #10 is encountered, but only gory details for #8.
>>18 leshort 8
# only for 32-bit
>>>4 byte 1
>>>>36 lelong&0xf0000000 0x00000000 MIPS-I
>>>>36 lelong&0xf0000000 0x10000000 MIPS-II
>>>>36 lelong&0xf0000000 0x20000000 MIPS-III
>>>>36 lelong&0xf0000000 0x30000000 MIPS-IV
>>>>36 lelong&0xf0000000 0x40000000 MIPS-V
>>>>36 lelong&0xf0000000 0x60000000 MIPS32
>>>>36 lelong&0xf0000000 0x70000000 MIPS64
>>>>36 lelong&0xf0000000 0x80000000 MIPS32 rel2
>>>>36 lelong&0xf0000000 0x90000000 MIPS64 rel2
# only for 64-bit
>>>4 byte 2
>>>>48 lelong&0xf0000000 0x00000000 MIPS-I
>>>>48 lelong&0xf0000000 0x10000000 MIPS-II
>>>>48 lelong&0xf0000000 0x20000000 MIPS-III
>>>>48 lelong&0xf0000000 0x30000000 MIPS-IV
>>>>48 lelong&0xf0000000 0x40000000 MIPS-V
>>>>48 lelong&0xf0000000 0x60000000 MIPS32
>>>>48 lelong&0xf0000000 0x70000000 MIPS64
>>>>48 lelong&0xf0000000 0x80000000 MIPS32 rel2
>>>>48 lelong&0xf0000000 0x90000000 MIPS64 rel2
>>16 leshort 0 no file type,
>>16 leshort 1 relocatable,
>>16 leshort 2 executable,
@ -71,7 +36,36 @@
>>18 leshort 5 Motorola 88000 - invalid byte order,
>>18 leshort 6 Intel 80486,
>>18 leshort 7 Intel 80860,
# The official e_machine number for MIPS is now #8, regardless of endianness.
# The second number (#10) will be deprecated later. For now, we still
# say something if #10 is encountered, but only gory details for #8.
>>18 leshort 8 MIPS,
>>>36 lelong &0x20 N32
>>18 leshort 10 MIPS,
>>>36 lelong &0x20 N32
>>18 leshort 8
# only for 32-bit
>>>4 byte 1
>>>>36 lelong&0xf0000000 0x00000000 MIPS-I
>>>>36 lelong&0xf0000000 0x10000000 MIPS-II
>>>>36 lelong&0xf0000000 0x20000000 MIPS-III
>>>>36 lelong&0xf0000000 0x30000000 MIPS-IV
>>>>36 lelong&0xf0000000 0x40000000 MIPS-V
>>>>36 lelong&0xf0000000 0x60000000 MIPS32
>>>>36 lelong&0xf0000000 0x70000000 MIPS64
>>>>36 lelong&0xf0000000 0x80000000 MIPS32 rel2
>>>>36 lelong&0xf0000000 0x90000000 MIPS64 rel2
# only for 64-bit
>>>4 byte 2
>>>>48 lelong&0xf0000000 0x00000000 MIPS-I
>>>>48 lelong&0xf0000000 0x10000000 MIPS-II
>>>>48 lelong&0xf0000000 0x20000000 MIPS-III
>>>>48 lelong&0xf0000000 0x30000000 MIPS-IV
>>>>48 lelong&0xf0000000 0x40000000 MIPS-V
>>>>48 lelong&0xf0000000 0x60000000 MIPS32
>>>>48 lelong&0xf0000000 0x70000000 MIPS64
>>>>48 lelong&0xf0000000 0x80000000 MIPS32 rel2
>>>>48 lelong&0xf0000000 0x90000000 MIPS64 rel2
>>18 leshort 9 Amdahl - invalid byte order,
>>18 leshort 10 MIPS (deprecated),
>>18 leshort 11 RS6000 - invalid byte order,
@ -98,7 +92,7 @@
>>18 leshort 47 Hitachi H8/300H,
>>18 leshort 48 Hitachi H8S,
>>18 leshort 49 Hitachi H8/500,
>>18 leshort 50 IA-64 (Intel 64 bit architecture)
>>18 leshort 50 IA-64,
>>18 leshort 51 Stanford MIPS-X,
>>18 leshort 52 Motorola Coldfire,
>>18 leshort 53 Motorola M68HC12,
@ -111,8 +105,31 @@
>>20 lelong 1 version 1
>>36 lelong 1 MathCoPro/FPU/MAU Required
>5 byte 2 MSB
>>16 beshort 0 no file type,
>>16 beshort 1 relocatable,
>>16 beshort 2 executable,
>>16 beshort 3 shared object,
>>16 beshort 4 core file,
#>>>(0x38+0xcc) string >\0 of '%s'
#>>>(0x38+0x10) belong >0 (signal %d),
>>16 beshort &0xff00 processor-specific,
>>18 beshort 0 no machine,
>>18 beshort 1 AT&T WE32100,
>>18 beshort 2 SPARC,
>>18 beshort 3 Intel 80386 - invalid byte order,
>>18 beshort 4 Motorola
>>>36 belong &0x01000000 68000,
>>>36 belong &0x00810000 CPU32,
>>>36 belong 0 68020,
>>18 beshort 5 Motorola 88000,
>>18 beshort 6 Intel 80486 - invalid byte order,
>>18 beshort 7 Intel 80860,
# only for MIPS - see comment in little-endian section above.
>>18 beshort 8
>>18 beshort 8 MIPS,
>>>36 belong &0x20 N32
>>18 beshort 10 MIPS,
>>>36 belong &0x20 N32
>>18 beshort 8
# only for 32-bit
>>>4 byte 1
>>>>36 belong&0xf0000000 0x00000000 MIPS-I
@ -135,26 +152,6 @@
>>>>48 belong&0xf0000000 0x70000000 MIPS64
>>>>48 belong&0xf0000000 0x80000000 MIPS32 rel2
>>>>48 belong&0xf0000000 0x90000000 MIPS64 rel2
>>16 beshort 0 no file type,
>>16 beshort 1 relocatable,
>>16 beshort 2 executable,
>>16 beshort 3 shared object,
>>16 beshort 4 core file,
#>>>(0x38+0xcc) string >\0 of '%s'
#>>>(0x38+0x10) belong >0 (signal %d),
>>16 beshort &0xff00 processor-specific,
>>18 beshort 0 no machine,
>>18 beshort 1 AT&T WE32100,
>>18 beshort 2 SPARC,
>>18 beshort 3 Intel 80386 - invalid byte order,
>>18 beshort 4 Motorola
>>>36 belong &0x01000000 68000,
>>>36 belong &0x00810000 CPU32,
>>>36 belong 0 68020,
>>18 beshort 5 Motorola 88000,
>>18 beshort 6 Intel 80486 - invalid byte order,
>>18 beshort 7 Intel 80860,
>>18 beshort 8 MIPS,
>>18 beshort 9 Amdahl,
>>18 beshort 10 MIPS (deprecated),
>>18 beshort 11 RS6000,
@ -187,7 +184,7 @@
>>18 beshort 47 Hitachi H8/300H,
>>18 beshort 48 Hitachi H8S,
>>18 beshort 49 Hitachi H8/500,
>>18 beshort 50 Intel Merced Processor,
>>18 beshort 50 IA-64,
>>18 beshort 51 Stanford MIPS-X,
>>18 beshort 52 Motorola Coldfire,
>>18 beshort 53 Motorola M68HC12,

551
contrib/file/Magdir/filesystems
View File

@ -23,15 +23,520 @@
>0770 long x %ld blocks
# Is there a boot block written 1 sector in?
>512 belong&077777777 0600407 \b, boot block present
# Joerg Jenderek: Smart Boot Manager backup file is 41 byte header + first sectors of disc
# (http://btmgr.sourceforge.net/docs/user-guide-3.html)
0 string SBMBAKUP_ Smart Boot Manager backup file
>9 string x \b, version %-5.5s
>>14 string =_
>>>15 string x %-.1s
>>>>16 string =_ \b.
>>>>>17 string x \b%-.1s
>>>>>>18 string =_ \b.
>>>>>>>19 string x \b%-.1s
>>>22 ubyte 0
>>>>21 ubyte x \b, from drive 0x%x
>>>22 ubyte >0
>>>>21 string x \b, from drive %s
# Joerg Jenderek
# DOS Emulator image is 128 byte, null right padded header + harddisc image
0 string DOSEMU\0
>0x27E leshort 0xAA55
#offset is 128
>>19 ubyte 128
>>>(19.b-1) ubyte 0x0 DOS Emulator image
>>>>7 ulelong >0 \b, %u heads
>>>>11 ulelong >0 \b, %d sectors/track
>>>>15 ulelong >0 \b, %d cylinders
0x1FE leshort 0xAA55 x86 boot sector
>2 string OSBS \b, OS/BS MBR
# J\xf6rg Jenderek <joerg.jenderek@gmx.net>
# J\xf6rg Jenderek <joerg dot jenderek at web dot de>
>0x8C string Invalid\ partition\ table \b, MS-DOS MBR
>0x9D string Invalid\ partition\ table \b, DR-DOS MBR, version 7.01 to 7.03
# dr-dos with some upper-, lowercase variants
>0x9D string Invalid\ partition\ table$
>>181 string No\ Operating\ System$
>>>201 string Operating\ System\ load\ error$ \b, DR-DOS MBR, Version 7.01 to 7.03
>0x9D string Invalid\ partition\ table$
>>181 string No\ operating\ system$
>>>201 string Operating\ system\ load\ error$ \b, DR-DOS MBR, Version 7.01 to 7.03
>342 string Invalid\ partition\ table$
>>366 string No\ operating\ system$
>>>386 string Operating\ system\ load\ error$ \b, DR-DOS MBR, version 7.01 to 7.03
>295 string NEWLDR\0
>>302 string Bad\ PT\ $
>>>310 string No\ OS\ $
>>>>317 string OS\ load\ err$
>>>>>329 string Moved\ or\ missing\ IBMBIO.LDR\n\r
>>>>>>358 string Press\ any\ key\ to\ continue.\n\r$
>>>>>>>387 string Copyright\ (c)\ 1984,1998
>>>>>>>>411 string Caldera\ Inc.\0 \b, DR-DOS MBR (IBMBIO.LDR)
>0x10F string Ung\201ltige\ Partitionstabelle \b, MS-DOS MBR, german version 4.10.1998, 4.10.2222
>>0x1B8 ubelong >0 \b, Serial 0x%-.4x
>0x8B string Ung\201ltige\ Partitionstabelle \b, MS-DOS MBR, german version 5.00 to 4.00.950
>0x145 string Default:\ F \b, FREE-DOS MBR
>0 string \0\0\0\0 \b, extended partition table
>271 string Invalid\ partition\ table\0
>>295 string Error\ loading\ operating\ system\0
>>>326 string Missing\ operating\ system\0 \b, mbr
#
>139 string Invalid\ partition\ table\0
>>163 string Error\ loading\ operating\ system\0
>>>194 string Missing\ operating\ system\0 \b, Microsoft Windows XP mbr
# http://www.heise.de/ct/05/09/006/ page 184
#HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices\DosDevices\?:=Serial4Bytes+8Bytes
>>>>0x1B8 ulelong >0 \b,Serial 0x%-.4x
>300 string Invalid\ partition\ table\0
>>324 string Error\ loading\ operating\ system\0
>>>355 string Missing\ operating\ system\0 \b, Microsoft Windows XP MBR
#??>>>389 string Invalid\ system\ disk
>>>>0x1B8 ulelong >0 \b, Serial 0x%-.4x
>300 string Ung\201ltige\ Partitionstabelle
#split string to avoid error: String too long
>>328 string Fehler\ beim\ Laden\
>>>346 string des\ Betriebssystems
>>>>366 string Betriebssystem\ nicht\ vorhanden \b, Microsoft Windows XP MBR (german)
>>>>>0x1B8 ulelong >0 \b, Serial 0x%-.4x
>0x145 string Default:\ F \b, FREE-DOS MBR
>64 string no\ active\ partition\ found
>>96 string read\ error\ while\ reading\ drive \b, FREE-DOS Beta 0.9 MBR
>271 string Operating\ system\ loading
>>296 string error\r \b, SYSLINUX MBR (2.10)
# bootloader, bootmanager
>43 string SMART\ BTMGRFAT12\ \ \
>>430 string SBMK\ Bad!\r
>>>3 string SBM \b, Smart Boot Manager
>>>>6 string >\0 \b, version %s
>382 string XOSLLOADXCF \b, eXtended Operating System Loader
>6 string LILO \b, LInux i386 boot LOader
>>120 string LILO \b, version 22.3.4 SuSe
>>172 string LILO \b, version 22.5.8 Debian
>402 string Geom\0Hard\ Disk\0Read\0\ Error\0
>>394 string stage1 \b, GRand Unified Bootloader (0.5.95)
>343 string Geom\0Read\0\ Error\0
>>321 string Loading\ stage1.5 \b, Grand Unified Bootloader
>380 string Geom\0Hard\ Disk\0Read\0\ Error\0
>>374 string GRUB\ \0 \b, GRand Unified Bootloader
>382 string Geom\0Hard\ Disk\0Read\0\ Error\0
>>376 string GRUB\ \0 \b, GRand Unified Bootloader (0.93)
>383 string Geom\0Hard\ Disk\0Read\0\ Error\0
>>377 string GRUB\ \0 \b, GRand Unified Bootloader (0.94)
>385 string Geom\0Hard\ Disk\0Read\0\ Error\0
>>379 string GRUB\ \0 \b, GRand Unified Bootloader (0.95)
>480 string Boot\ failed\r
>>495 string LDLINUX\ SYS \b, SYSLINUX bootloader (2.06)
>395 string chksum\0\ ERROR!\0 \b, Gujin bootloader
# mbr partion table entries, if not fat boot secor, activ flag 0 or 0x80 and type > 0
>3 string !MS
>>3 string !SYSLINUX
>>>82 string !FAT32
>>>>446 ubyte <0x81
>>>>>446 ubyte&0x7F 0
>>>>>>450 ubyte >0 \b; partition 1: ID=0x%x
>>>>>>>446 ubyte 0x80 \b, active
>>>>>>>447 ubyte x \b, starthead %u
#>>>>>>>448 ubyte x \b, start C_S: 0x%x
#>>>>>>448 ubeshort&1023 x \b, startcylinder? %d
>>>>>>>454 ulelong x \b, startsector %u
>>>>>>>458 ulelong x \b, %u sectors
#
>>>>462 ubyte <0x81
>>>>>462 ubyte&0x7F 0
>>>>>>466 ubyte >0 \b; partition 2: ID=0x%x
>>>>>>>462 ubyte 0x80 \b, active
>>>>>>>463 ubyte x \b, starthead %u
#>>>>>>>464 ubyte x \b, start C_S: 0x%x
#>>>>>>>464 ubeshort&1023 x \b, startcylinder? %d
>>>>>>>470 ulelong x \b, startsector %u
>>>>>>>474 ulelong x \b, %u sectors
#
>>>>478 ubyte <0x81
>>>>>478 ubyte&0x7F 0
>>>>>>482 ubyte >0 \b; partition 3: ID=0x%x
>>>>>>>478 ubyte 0x80 \b, active
>>>>>>>479 ubyte x \b, starthead %u
#>>>>>>>480 ubyte x \b, start C_S: 0x%x
#>>>>>>>481 ubyte x \b, start C2S: 0x%x
#>>>>>>>480 ubeshort&1023 x \b, startcylinder? %d
>>>>>>>486 ulelong x \b, startsector %u
>>>>>>>490 ulelong x \b, %u sectors
#
>>>>494 ubyte <0x81
>>>>>494 ubyte&0x7F 0
>>>>>>498 ubyte >0 \b; partition 4: ID=0x%x
>>>>>>>494 ubyte 0x80 \b, active
>>>>>>>495 ubyte x \b, starthead %u
#>>>>>>>496 ubyte x \b, start C_S: 0x%x
#>>>>>>>496 ubeshort&1023 x \b, startcylinder? %d
>>>>>>>502 ulelong x \b, startsector %u
>>>>>>>506 ulelong x \b, %u sectors
# mbr partion table entries end
>185 string FDBOOT\ Version\
>>204 string \rNo\ Systemdisk.\
>>>220 string Booting\ from\ harddisk.\n\r
>>>245 string Cannot\ load\ from\ harddisk.\n\r
>>>>273 string Insert\ Systemdisk\
>>>>>291 string and\ press\ any\ key.\n\r \b, FDBOOT harddisk Bootloader
>>>>>>200 string >\0 \b, version %-3s
>242 string Bootsector\ from\ C.H.\ Hochst\204
>>278 string No\ Systemdisk.\
>>>293 string Booting\ from\ harddisk.\n\r
>>>441 string Cannot\ load\ from\ harddisk.\n\r
>>>>469 string Insert\ Systemdisk\
>>>>>487 string and\ press\ any\ key.\n\r \b, WinImage harddisk Bootloader
>>>>>>209 string >\0 \b, version %-4.4s
>(1.b+2) ubyte 0xe
>>(1.b+3) ubyte 0x1f
>>>(1.b+4) ubyte 0xbe
>>>>(1.b+5) ubyte 0x77
>>>>(1.b+6) ubyte 0x7c
>>>>>(1.b+7) ubyte 0xac
>>>>>>(1.b+8) ubyte 0x22
>>>>>>>(1.b+9) ubyte 0xc0
>>>>>>>>(1.b+10) ubyte 0x74
>>>>>>>>>(1.b+11) ubyte 0xb
>>>>>>>>>>(1.b+12) ubyte 0x56
>>>>>>>>>>(1.b+13) ubyte 0xb4 \b, mkdosfs boot message display
>103 string This\ is\ not\ a\ bootable\ disk.\
>>132 string Please\ insert\ a\ bootable\
>>>157 string floppy\ and\r\n
>>>>169 string press\ any\ key\ to\ try\ again...\r \b, FREE-DOS message display
#
>66 string Solaris\ Boot\ Sector
>>99 string Incomplete\ MDBoot\ load.
>>>89 string Version \b, Sun Solaris Bootloader
>>>>97 byte x version %c
#
>408 string OS/2\ !!\ SYS01475\r\0
>>429 string OS/2\ !!\ SYS02025\r\0
>>>450 string OS/2\ !!\ SYS02027\r\0
>>>469 string OS2BOOT\ \ \ \ \b, IBM OS/2 Warp bootloader
#
>409 string OS/2\ !!\ SYS01475\r\0
>>430 string OS/2\ !!\ SYS02025\r\0
>>>451 string OS/2\ !!\ SYS02027\r\0
>>>470 string OS2BOOT\ \ \ \ \b, IBM OS/2 Warp Bootloader
>112 string This\ disk\ is\ not\ bootable\r
>>142 string If\ you\ wish\ to\ make\ it\ bootable
>>>176 string run\ the\ DOS\ program\ SYS\
>>>200 string after\ the\r
>>>>216 string system\ has\ been\ loaded\r\n
>>>>>242 string Please\ insert\ a\ DOS\ diskette\
>>>>>271 string into\r\n\ the\ drive\ and\
>>>>>>292 string strike\ any\ key...\0 \b, IBM OS/2 Warp message display
# XP
>430 string NTLDR\ is\ missing\xFF\r\n
>>449 string Disk\ error\xFF\r\n
>>>462 string Press\ any\ key\ to\ restart\r \b, Microsoft Windows XP Bootloader
# DOS names like NTLDR,CMLDR,$LDR$ are 8 right space padded bytes+3 bytes
>>>>417 ubyte&0xDF >0
>>>>>417 string x %-.5s
>>>>>>422 ubyte&0xDF >0
>>>>>>>422 string x \b%-.3s
>>>>>425 ubyte&0xDF >0
>>>>>>425 string >\ \b.%-.3s
#
>>>>371 ubyte >0x20
>>>>>368 ubyte&0xDF >0
>>>>>>368 string x %-.5s
>>>>>>>373 ubyte&0xDF >0
>>>>>>>>373 string x \b%-.3s
>>>>>>376 ubyte&0xDF >0
>>>>>>>376 string x \b.%-.3s
#
>430 string NTLDR\ nicht\ gefunden\xFF\r\n
>>453 string Datentr\204gerfehler\xFF\r\n
>>>473 string Neustart\ mit\ beliebiger\ Taste\r \b, Microsoft Windows XP Bootloader (german)
>>>>417 ubyte&0xDF >0
>>>>>417 string x %-.5s
>>>>>>422 ubyte&0xDF >0
>>>>>>>422 string x \b%-.3s
>>>>>425 ubyte&0xDF >0
>>>>>>425 string >\ \b.%-.3s
#
>>>>368 ubyte&0xDF >0
>>>>>368 string x %-.5s
>>>>>>373 ubyte&0xDF >0
>>>>>>>373 string x \b%-.3s
>>>>>376 ubyte&0xDF >0
>>>>>>376 string x \b.%-.3s
#
>430 string NTLDR\ fehlt\xFF\r\n
>>444 string Datentr\204gerfehler\xFF\r\n
>>>464 string Neustart\ mit\ beliebiger\ Taste\r \b, Microsoft Windows XP Bootloader (2.german)
>>>>417 ubyte&0xDF >0
>>>>>417 string x %-.5s
>>>>>>422 ubyte&0xDF >0
>>>>>>>422 string x \b%-.3s
>>>>>425 ubyte&0xDF >0
>>>>>>425 string >\ \b.%-.3s
# variant
>>>>371 ubyte >0x20
>>>>>368 ubyte&0xDF >0
>>>>>>368 string x %-.5s
>>>>>>>373 ubyte&0xDF >0
>>>>>>>>373 string x \b%-.3s
>>>>>>376 ubyte&0xDF >0
>>>>>>>376 string x \b.%-.3s
#
>430 string NTLDR\ fehlt\xFF\r\n
>>444 string Medienfehler\xFF\r\n
>>>459 string Neustart:\ Taste\ dr\201cken\r \b, Microsoft Windows XP Bootloader (3.german)
>>>>371 ubyte >0x20
>>>>>368 ubyte&0xDF >0
>>>>>>368 string x %-.5s
>>>>>>>373 ubyte&0xDF >0
>>>>>>>>373 string x \b%-.3s
>>>>>>376 ubyte&0xDF >0
>>>>>>>376 string x \b.%-.3s
# variant
>>>>417 ubyte&0xDF >0
>>>>>417 string x %-.5s
>>>>>>422 ubyte&0xDF >0
>>>>>>>422 string x \b%-.3s
>>>>>425 ubyte&0xDF >0
>>>>>>425 string >\ \b.%-.3s
#
>430 string Datentr\204ger\ entfernen\xFF\r\n
>>454 string Medienfehler\xFF\r\n
>>>469 string Neustart:\ Taste\ dr\201cken\r \b, Microsoft Windows XP Bootloader (4.german)
>>>>368 ubyte&0xDF >0
>>>>>368 string x %-.5s
>>>>>>373 ubyte&0xDF >0
>>>>>>>373 string x \b%-.3s
>>>>>376 ubyte&0xDF >0
>>>>>>376 string x \b.%-.3s
#>3 string NTFS\ \ \ \
>389 string Fehler\ beim\ Lesen\
>>407 string des\ Datentr\204gers
>>>426 string NTLDR\ fehlt
>>>>440 string NTLDR\ ist\ komprimiert
>>>>>464 string Neustart\ mit\ Strg+Alt+Entf\r \b, Microsoft Windows XP Bootloader NTFS (german)
#>3 string NTFS\ \ \ \
>313 string A\ disk\ read\ error\ occurred.\r
>>345 string A\ kernel\ file\ is\ missing\
>>>370 string from\ the\ disk.\r
>>>>484 string NTLDR\ is\ compressed
>>>>>429 string Insert\ a\ system\ diskette\
>>>>>>454 string and\ restart\r\nthe\ system.\r \b, Microsoft Windows XP Bootloader NTFS
# DOS loader variants different languages,offsets
>472 ubyte&0xDF >0
>>389 string Invalid\ system\ disk\xFF\r\n
>>>411 string Disk\ I/O\ error
>>>>428 string Replace\ the\ disk,\ and\
>>>>>455 string press\ any\ key \b, Microsoft Windows 98 Bootloader
#IO.SYS
>>>>>>472 ubyte&0xDF >0
>>>>>>>472 string x \b %-.2s
>>>>>>>>474 ubyte&0xDF >0
>>>>>>>>>474 string x \b%-.5s
>>>>>>>>>>479 ubyte&0xDF >0
>>>>>>>>>>>479 string x \b%-.1s
>>>>>>>480 ubyte&0xDF >0
>>>>>>>>480 string x \b.%-.3s
#MSDOS.SYS
>>>>>>>483 ubyte&0xDF >0 \b+
>>>>>>>>483 string x \b%-.5s
>>>>>>>>>488 ubyte&0xDF >0
>>>>>>>>>>488 string x \b%-.3s
>>>>>>>>491 ubyte&0xDF >0
>>>>>>>>>491 string x \b.%-.3s
#
>>390 string Invalid\ system\ disk\xFF\r\n
>>>412 string Disk\ I/O\ error\xFF\r\n
>>>>429 string Replace\ the\ disk,\ and\
>>>>>451 string then\ press\ any\ key\r \b, Microsoft Windows 98 Bootloader
>>388 string Ungueltiges\ System\ \xFF\r\n
>>>410 string E/A-Fehler\ \ \ \ \xFF\r\n
>>>>427 string Datentraeger\ wechseln\ und\
>>>>>453 string Taste\ druecken\r \b, Microsoft Windows 95/98/ME Bootloader (german)
#WINBOOT.SYS only not spaces (0xDF)
>>>>>>497 ubyte&0xDF >0
>>>>>>>497 string x %-.5s
>>>>>>>>502 ubyte&0xDF >0
>>>>>>>>>502 string x \b%-.1s
>>>>>>>>>>503 ubyte&0xDF >0
>>>>>>>>>>>503 string x \b%-.1s
>>>>>>>>>>>>504 ubyte&0xDF >0
>>>>>>>>>>>>>504 string x \b%-.1s
>>>>>>505 ubyte&0xDF >0
>>>>>>>505 string x \b.%-.3s
#IO.SYS
>>>>>>472 ubyte&0xDF >0 or
>>>>>>>472 string x \b %-.2s
>>>>>>>>474 ubyte&0xDF >0
>>>>>>>>>474 string x \b%-.5s
>>>>>>>>>>479 ubyte&0xDF >0
>>>>>>>>>>>479 string x \b%-.1s
>>>>>>>480 ubyte&0xDF >0
>>>>>>>>480 string x \b.%-.3s
#MSDOS.SYS
>>>>>>>483 ubyte&0xDF >0 \b+
>>>>>>>>483 string x \b%-.5s
>>>>>>>>>488 ubyte&0xDF >0
>>>>>>>>>>488 string x \b%-.3s
>>>>>>>>491 ubyte&0xDF >0
>>>>>>>>>491 string x \b.%-.3s
#
>>390 string Ungueltiges\ System\ \xFF\r\n
>>>412 string E/A-Fehler\ \ \ \ \xFF\r\n
>>>>429 string Datentraeger\ wechseln\ und\
>>>>>455 string Taste\ druecken\r \b, Microsoft Windows 95/98/ME Bootloader (German)
#WINBOOT.SYS only not spaces (0xDF)
>>>>>>497 ubyte&0xDF >0
>>>>>>>497 string x %-.7s
>>>>>>>>504 ubyte&0xDF >0
>>>>>>>>>504 string x \b%-.1s
>>>>>>505 ubyte&0xDF >0
>>>>>>>505 string x \b.%-.3s
#IO.SYS
>>>>>>472 ubyte&0xDF >0 or
>>>>>>>472 string x \b %-.2s
>>>>>>>>474 ubyte&0xDF >0
>>>>>>>>>474 string x \b%-.6s
>>>>>>>480 ubyte&0xDF >0
>>>>>>>>480 string x \b.%-.3s
#MSDOS.SYS
>>>>>>>483 ubyte&0xDF >0 \b+
>>>>>>>>483 string x \b%-.5s
>>>>>>>>>488 ubyte&0xDF >0
>>>>>>>>>>488 string x \b%-.3s
>>>>>>>>491 ubyte&0xDF >0
>>>>>>>>>491 string x \b.%-.3s
#
>>389 string Ungueltiges\ System\ \xFF\r\n
>>>411 string E/A-Fehler\ \ \ \ \xFF\r\n
>>>>428 string Datentraeger\ wechseln\ und\
>>>>>454 string Taste\ druecken\r \b, Microsoft Windows 95/98/ME Bootloader (GERMAN)
# DOS names like IO.SYS,WINBOOT.SYS,MSDOS.SYS,WINBOOT.INI are 8 right space padded bytes+3 bytes
>>>>>>472 string x %-.2s
>>>>>>>474 ubyte&0xDF >0
>>>>>>>>474 string x \b%-.5s
>>>>>>>>479 ubyte&0xDF >0
>>>>>>>>>479 string x \b%-.1s
>>>>>>480 ubyte&0xDF >0
>>>>>>>480 string x \b.%-.3s
>>>>>>483 ubyte&0xDF >0 \b+
>>>>>>>483 string x \b%-.5s
>>>>>>>488 ubyte&0xDF >0
>>>>>>>>488 string x \b%-.2s
>>>>>>>>490 ubyte&0xDF >0
>>>>>>>>>490 string x \b%-.1s
>>>>>>>491 ubyte&0xDF >0
>>>>>>>>491 string x \b.%-.3s
>479 ubyte&0xDF >0
>>416 string Kein\ System\ oder\
>>>433 string Laufwerksfehler
>>>>450 string Wechseln\ und\ Taste\ dr\201cken \b, Microsoft DOS Bootloader (german)
#IO.SYS
>>>>>479 string x \b %-.2s
>>>>>>481 ubyte&0xDF >0
>>>>>>>481 string x \b%-.6s
>>>>>487 ubyte&0xDF >0
>>>>>>487 string x \b.%-.3s
#MSDOS.SYS
>>>>>>490 ubyte&0xDF >0 \b+
>>>>>>>490 string x \b%-.5s
>>>>>>>>495 ubyte&0xDF >0
>>>>>>>>>495 string x \b%-.3s
>>>>>>>498 ubyte&0xDF >0
>>>>>>>>498 string x \b.%-.3s
#
>486 ubyte&0xDF >0
>>416 string Non-System\ disk\ or\
>>>435 string disk\ error\r
>>>>447 string Replace\ and\ press\ any\ key\
>>>>>473 string when\ ready\r \b, Microsoft DOS Bootloader
>480 ubyte&0xDF >0
>>393 string Non-System\ disk\ or\
>>>412 string disk\ error\r
>>>>424 string Replace\ and\ press\ any\ key\
>>>>>450 string when\ ready\r \b, Microsoft DOS bootloader
#IO.SYS
>>>>>480 string x \b %-.2s
>>>>>>482 ubyte&0xDF >0
>>>>>>>48 string x \b%-.6s
>>>>>488 ubyte&0xDF >0
>>>>>>488 string x \b.%-.3s
#MSDOS.SYS
>>>>>>491 ubyte&0xDF >0 \b+
>>>>>>>491 string x \b%-.5s
>>>>>>>>496 ubyte&0xDF >0
>>>>>>>>>496 string x \b%-.3s
>>>>>>>499 ubyte&0xDF >0
>>>>>>>>499 string x \b.%-.3s
#>43 string \224R-LOADER\ \ SYS =label
>54 string SYS
>>324 string VASKK
>>>495 string NEWLDR\0 \b, DR-DOS Bootloader (LOADER.SYS)
#
>70 string IBMBIO\ \ COM
>>472 string Cannot\ load\ DOS!\
>>>489 string Any\ key\ to\ retry \b, DR-DOS Bootloader
>>471 string Cannot\ load\ DOS\
>>487 string press\ key\ to\ retry \b, Open-DOS Bootloader
>444 string KERNEL\ \ SYS
>>314 string BOOT\ error! \b, FREE-DOS Bootloader
>499 string KERNEL\ \ SYS
>>305 string BOOT\ err!\0 \b, Free-DOS Bootloader
>449 string KERNEL\ \ SYS
>>319 string BOOT\ error! \b, FREE-DOS 0.5 Bootloader
>125 string Loading\ FreeDOS...\r
>>311 string BOOT\ error!\r \b, FREE-DOS bootloader
>>>441 ubyte&0xDF >0
>>>>441 string x \b %-.6s
>>>>>447 ubyte&0xDF >0
>>>>>>447 string x \b%-.1s
>>>>>>>448 ubyte&0xDF >0
>>>>>>>>448 string x \b%-.1s
>>>>449 ubyte&0xDF >0
>>>>>449 string x \b.%-.3s
>124 string FreeDOS\0
>>331 string \ err\0 \b, FREE-DOS BETa 0.9 Bootloader
# DOS names like KERNEL.SYS,KERNEL16.SYS,KERNEL32.SYS,METAKERN.SYS are 8 right space padded bytes+3 bytes
>>>497 ubyte&0xDF >0
>>>>497 string x \b %-.6s
>>>>>503 ubyte&0xDF >0
>>>>>>503 string x \b%-.1s
>>>>>>>504 ubyte&0xDF >0
>>>>>>>>504 string x \b%-.1s
>>>>505 ubyte&0xDF >0
>>>>>505 string x \b.%-.3s
>>333 string \ err\0 \b, FREE-DOS BEta 0.9 Bootloader
>>>497 ubyte&0xDF >0
>>>>497 string x \b %-.6s
>>>>>503 ubyte&0xDF >0
>>>>>>503 string x \b%-.1s
>>>>>>>504 ubyte&0xDF >0
>>>>>>>>504 string x \b%-.1s
>>>>505 ubyte&0xDF >0
>>>>>505 string x \b.%-.3s
>>334 string \ err\0 \b, FREE-DOS Beta 0.9 Bootloader
>>>497 ubyte&0xDF >0
>>>>497 string x \b %-.6s
>>>>>503 ubyte&0xDF >0
>>>>>>503 string x \b%-.1s
>>>>>>>504 ubyte&0xDF >0
>>>>>>>>504 string x \b%-.1s
>>>>505 ubyte&0xDF >0
>>>>>505 string x \b.%-.3s
>336 string Error!\
>>343 string Hit\ a\ key\ to\ reboot. \b, FREE-DOS Beta 0.9sr1 Bootloader
>>>497 ubyte&0xDF >0
>>>>497 string x \b %-.6s
>>>>>503 ubyte&0xDF >0
>>>>>>503 string x \b%-.1s
>>>>>>>504 ubyte&0xDF >0
>>>>>>>>504 string x \b%-.1s
>>>>505 ubyte&0xDF >0
>>>>>505 string x \b.%-.3s
# loader end
# Joerg Jenderek
>446 ubyte 0
>>450 ubyte >0
>>>482 ubyte 0
>>>>498 ubyte 0
>>>>466 ubyte 0x05 \b, extended partition table
>>>>466 ubyte 0x0F \b, extended partition table (LBA)
>>>>466 ubyte 0x0 \b, extended partition table (last)
# JuMP short bootcodeoffset NOP assembler instructions will usually be EB xx 90
# older drives may use E9 xx xx
>0 lelong&0x009000EB 0x009000EB
@ -89,7 +594,7 @@
>>>>>>>43 string <NO\ NAME \b, label: "%11.11s"
>>>>>>>43 string >NO\ NAME \b, label: "%11.11s"
>>>>>>>43 string =NO\ NAME \b, unlabeled
>>>>>>54 string FAT1 \b, FAT
>>>>>>54 string FAT \b, FAT
>>>>>>>54 string FAT12 \b (12 bit)
>>>>>>>54 string FAT16 \b (16 bit)
# FAT32 specific
@ -338,3 +843,39 @@
# JFFS2 file system
0 leshort 0x1984 Linux old jffs2 filesystem data little endian
0 lelong 0xe0011985 Linux jffs2 filesystem data little endian
# Squashfs
0 string sqsh Squashfs filesystem, big endian,
>28 beshort x version %d.
>30 beshort x \b%d,
>8 belong x %d bytes,
>4 belong x %d inodes,
>28 beshort <2
>>32 beshort x blocksize: %d bytes,
>28 beshort >1
>>51 belong x blocksize: %d bytes,
>39 bedate x created: %s
0 string hsqs Squashfs filesystem, little endian,
>28 leshort x version %d.
>30 leshort x \b%d,
>8 lelong x %d bytes,
>4 lelong x %d inodes,
>28 leshort <2
>>32 leshort x blocksize: %d bytes,
>28 leshort >1
>>51 lelong x blocksize: %d bytes,
>39 ledate x created: %s
# AFS Dump Magic
# From: Ty Sarna <tsarna@sarna.org>
0 string \x01\xb3\xa1\x13\x22 AFS Dump
>&0 belong x (v%d)
>>&0 byte 0x76
>>>&0 belong x Vol %d,
>>>>&0 byte 0x6e
>>>>>&0 string x %s
>>>>>>&1 byte 0x74
>>>>>>>&0 beshort 2
>>>>>>>>&4 bedate x on: %s
>>>>>>>>&0 bedate =0 full dump
>>>>>>>>&0 bedate !0 incremental since: %s

3
contrib/file/Magdir/flash
View File

@ -10,6 +10,9 @@
>3 byte x version %d
0 string CWS Macromedia Flash data (compressed),
>3 byte x version %d
# From: Cal Peake <cp@absolutedigital.net>
0 string FLV Macromedia Flash Video
#
# From Dave Wilson
0 string AGD4\xbe\xb8\xbb\xcb\x00 Macromedia Freehand 9 Document

71
contrib/file/Magdir/fsav
View File

@ -2,26 +2,59 @@
#------------------------------------------------------------------------------
# fsav: file(1) magic for datafellows fsav virus definition files
# Anthon van der Neut (anthon@mnt.org)
0 beshort 0x1575 fsav (linux) macro virus
# ftp://ftp.f-prot.com/pub/{macrdef2.zip,nomacro.def}
0 beshort 0x1575 fsav macro virus signatures
>8 leshort >0 (%d-
>11 byte >0 \b%02d-
>10 byte >0 \b%02d)
# ftp://ftp.f-prot.com/pub/sign.zip
#10 ubyte <12
#>9 ubyte <32
#>>8 ubyte 0x0a
#>>>12 ubyte 0x07
#>>>>11 uleshort >0 fsav DOS/Windows virus signatures (%d-
#>>>>10 byte 0 \b01-
#>>>>10 byte 1 \b02-
#>>>>10 byte 2 \b03-
#>>>>10 byte 3 \b04-
#>>>>10 byte 4 \b05-
#>>>>10 byte 5 \b06-
#>>>>10 byte 6 \b07-
#>>>>10 byte 7 \b08-
#>>>>10 byte 8 \b09-
#>>>>10 byte 9 \b10-
#>>>>10 byte 10 \b11-
#>>>>10 byte 11 \b12-
#>>>>9 ubyte >0 \b%02d)
# ftp://ftp.f-prot.com/pub/sign2.zip
#0 ubyte 0x62
#>1 ubyte 0xF5
#>>2 ubyte 0x1
#>>>3 ubyte 0x1
#>>>>4 ubyte 0x0e
#>>>>>13 ubyte >0 fsav virus signatures
#>>>>>>11 ubyte x size 0x%02x
#>>>>>>12 ubyte x \b%02x
#>>>>>>13 ubyte x \b%02x bytes
# comment this out for now because it regognizes every file where
# the eighth character is \n
#8 byte 0x0a
#>12 byte 0x07
#>11 leshort >0 fsav (linux) virus (%d-
#>10 byte 0 \b01-
#>10 byte 1 \b02-
#>10 byte 2 \b03-
#>10 byte 3 \b04-
#>10 byte 4 \b05-
#>10 byte 5 \b06-
#>10 byte 6 \b07-
#>10 byte 7 \b08-
#>10 byte 8 \b08-
#>10 byte 9 \b10-
#>10 byte 10 \b11-
#>10 byte 11 \b12-
#>9 byte >0 \b%02d)
# Joerg Jenderek: joerg dot jenderek at web dot de
# http://www.clamav.net/doc/latest/html/node45.html
# .cvd files start with a 512 bytes colon separated header
# ClamAV-VDB:buildDate:version:signaturesNumbers:functionalityLevelRequired:MD5:Signature:builder:buildTime
# + gzipped tarball files
0 string ClamAV-VDB:
>11 string >\0 Clam AntiVirus database %-.23s
>>34 string :
>>>35 regex [^:]+ \b, version
>>>>35 string x \b%-.1s
>>>>>36 string !:
>>>>>>36 string x \b%-.1s
>>>>>>>37 string !:
>>>>>>>>37 string x \b%-.1s
>>>>>>>>>38 string !:
>>>>>>>>>>38 string x \b%-.1s
>>>>512 string \037\213 \b, gzipped
>>>>769 string ustar\0 \b, tared
>512 string \037\213 \b, gzipped
>769 string ustar\0 \b, tared

12
contrib/file/Magdir/gnu
View File

@ -1,3 +1,5 @@
#------------------------------------------------------------------------------
# gnu: file(1) magic for various GNU tools
#
# GNU nlsutils message catalog file format
#
@ -10,15 +12,23 @@
# message catalogs, from Mitchum DSouza <m.dsouza@mrc-apu.cam.ac.uk>
0 string *nazgul* Nazgul style compiled message catalog
>8 lelong >0 \b, version %ld
# GnuPG
# The format is very similar to pgp
0 string \001gpg GPG key trust database
>4 byte x version %d
0 beshort 0x9901 GPG key public ring
0 beshort 0x8502 GPG encrypted data
# This magic is not particularly good, as the keyrings don't have true
# magic. Nevertheless, it covers many keyrings.
0 beshort 0x9901 GPG key public ring
# Gnumeric spreadsheet
# This entry is only semi-helpful, as Gnumeric compresses its files, so
# they will ordinarily reported as "compressed", but at least -z helps
39 string =<gmr:Workbook Gnumeric spreadsheet
# From: James Youngman <jay@gnu.org>
# gnu find magic
0 string \0LOCATE GNU findutils locate database data
>7 string >\0 \b, format %s
>7 string 02 \b (frcode)

32
contrib/file/Magdir/iff
View File

@ -15,18 +15,46 @@
>8 string AIFF \b, AIFF audio
>8 string AIFC \b, AIFF-C compressed audio
>8 string 8SVX \b, 8SVX 8-bit sampled sound voice
>8 string 16SV \b, 16SV 16-bit sampled sound voice
>8 string SAMP \b, SAMP sampled audio
>8 string DTYP \b, DTYP datatype description
>8 string PTCH \b, PTCH binary patch
>8 string MAUD \b, MAUD MacroSystem audio
>8 string SMUS \b, SMUS simple music
>8 string CMUS \b, CMUS complex music
# image formats
>8 string ILBMBMHD \b, ILBM interleaved image
>>20 beshort x \b, %d x
>>22 beshort x %d
>8 string RGBN \b, RGBN 12-bit RGB image
>8 string RGB8 \b, RGB8 24-bit RGB image
>8 string DEEP \b, DEEP TVPaint/XiPaint image
>8 string DR2D \b, DR2D 2-D object
>8 string TDDD \b, TDDD 3-D rendering
>8 string LWOB \b, LWOB 3-D object
>8 string LWO2 \b, LWO2 3-D object, v2
>8 string LWLO \b, LWLO 3-D layered object
>8 string REAL \b, REAL Real3D rendering
>8 string MC4D \b, MC4D MaxonCinema4D rendering
>8 string ANIM \b, ANIM animation
>8 string YAFA \b, YAFA animation
>8 string SSA\ \b, SSA super smooth animation
>8 string ACBM \b, ACBM continuous image
>8 string FAXX \b, FAXX fax image
# other formats
>8 string FTXT \b, FTXT formatted text
>8 string CTLG \b, CTLG message catalog
>8 string PREF \b, PREF preferences
>8 string DTYP \b, DTYP datatype description
>8 string PTCH \b, PTCH binary patch
>8 string AMFF \b, AMFF AmigaMetaFile format
>8 string WZRD \b, WZRD StormWIZARD resource
>8 string DOC\ \b, DOC desktop publishing document
# These go at the end of the iff rules
#
# I don't see why these might collide with anything else.
#
# Interactive Fiction related formats
#
>8 string IFRS \b, Blorb Interactive Fiction
>>24 string Exec with executable chunk
>8 string IFZS \b, Z-machine or Glulx saved game file (Quetzal)

13
contrib/file/Magdir/images
View File

@ -260,7 +260,7 @@
# other images
0 string This\ is\ a\ BitMap\ file Lisp Machine bit-array-file
0 string !! Bennet Yee's "face" format
0 string =!! Bennet Yee's "face" format
# From SunOS 5.5.1 "/etc/magic" - appeared right before Sun raster image
# stuff.
@ -514,8 +514,15 @@
# From: Jason Bacon <bacon@smithers.neuro.mcw.edu>
0 beshort 0x3020 character Computer Graphics Metafile
# From Marc Espie
0 lelong 20000630 OpenEXR image data
# From: Tom Hilinski <tom.hilinski@comcast.net>
# http://www.unidata.ucar.edu/packages/netcdf/
0 string CDF\001 netcdf file
0 string CDF\001 NetCDF Data Format data
#-----------------------------------------------------------------------
# Hierarchical Data Format, used to facilitate scientific data exchange
# specifications at http://hdf.ncsa.uiuc.edu/
0 belong 0x0e031301 Hierarchical Data Format (version 4) data
0 string \211HDF\r\n\032 Hierarchical Data Format (version 5) data

7
contrib/file/Magdir/java
View File

@ -1,9 +1,10 @@
#------------------------------------------------------------
# Java ByteCode
# From Larry Schwimmer (schwim@cs.stanford.edu)
0 belong 0xcafebabe compiled Java class data,
>6 beshort x version %d.
>4 beshort x \b%d
# Handled in Mach now
#0 belong 0xcafebabe compiled Java class data,
#>6 beshort x version %d.
#>4 beshort x \b%d
#------------------------------------------------------------
# Java serialization
# From Martin Pool (m.pool@pharos.com.au)

53
contrib/file/Magdir/linux
View File

@ -53,10 +53,15 @@
>3 byte >0 8x%d
# Linux swap file, from Daniel Quinlan <quinlan@yggdrasil.com>
4086 string SWAP-SPACE Linux/i386 swap file
# From: Jeff Bailey <jbailey@ubuntu.com>
# Linux swap file with swsusp1 image, from Jeff Bailey <jbailey@ubuntu.com>
4076 string SWAPSPACE2S1SUSPEND Linux/i386 swap file (new style) with SWSUSP1 image
# according to man page of mkswap (8) March 1999
4086 string SWAPSPACE2 Linux/i386 swap file (new style)
>0x400 long x %d (4K pages)
>0x404 long x size %d pages
>>4086 string SWAPSPACE2
>>>1052 string >\0 Label %s
# ECOFF magic for OSF/1 and Linux (only tested under Linux though)
#
# from Erik Troan (ewt@redhat.com) examining od dumps, so this
@ -79,7 +84,7 @@
# Linux kernel boot images (i386 arch) (Wolfram Kleff)
514 string HdrS Linux kernel
>510 leshort 0xAA55 x86 boot executable
>>518 leshort >=3D0x200
>>518 leshort >=0x200
>>529 byte 0 zImage,
>>>529 byte 1 bzImage,
>>>(526.s+0x200) string >\0 version %s,
@ -178,3 +183,49 @@
0 lelong =0x1413f33d SYSLINUX' LSS16 image data
>4 leshort x \b, width %d
>6 leshort x \b, height %d
0 string OOOM User-Mode-Linux's Copy-On-Write disk image
>4 belong x version %d
# SE Linux policy database
# From: Mike Frysinger <vapier@gentoo.org>
0 lelong 0xf97cff8c SE Linux policy
>16 lelong x v%d
>20 lelong 1 MLS
>24 lelong x %d symbols
>28 lelong x %d ocons
# Linux Logical Volume Manager (LVM)
# Emmanuel VARAGNAT <emmanuel.varagnat@guzu.net>
#
# System ID, UUID and volume group name are 128 bytes long
# but they should never be full and initialized with zeros...
#
# LVM1
#
0x0 string HM\001 LVM1 (Linux Logical Volume Manager), version 1
>0x12c string >\0 , System ID: %s
0x0 string HM\002 LVM1 (Linux Logical Volume Manager), version 2
>0x12c string >\0 , System ID: %s
# LVM2
#
# It seems that the label header can be in one the four first sector
# of the disk... (from _find_labeller in lib/label/label.c of LVM2)
#
# 0x200 seems to be the common case
0x218 string LVM2\ 001 LVM2 (Linux Logical Volume Manager)
# read the offset to add to the start of the header, and the header
# start in 0x200
>(0x214.l+0x200) string >\0 , UUID: %s
0x018 string LVM2\ 001 LVM2 (Linux Logical Volume Manager)
>(0x014.l) string >\0 , UUID: %s
0x418 string LVM2\ 001 LVM2 (Linux Logical Volume Manager)
>(0x414.l+0x400) string >\0 , UUID: %s
0x618 string LVM2\ 001 LVM2 (Linux Logical Volume Manager)
>(0x614.l+0x600) string >\0 , UUID: %s

14
contrib/file/Magdir/lisp
View File

@ -4,8 +4,18 @@
#
# various lisp types, from Daniel Quinlan (quinlan@yggdrasil.com)
# This is a guess, but a good one.
0 string ;; Lisp/Scheme program text
# updated by Joerg Jenderek
0 string ;;
# windows INF files often begin with semicolon and use CRLF as line end
# lisp files are mainly created on unix system with LF as line end
>2 search/2048 !\r Lisp/Scheme program text
>2 search/2048 \r Windows INF file
0 string (
>1 string if\ Lisp/Scheme program text
>1 string setq\ Lisp/Scheme program text
>1 string defvar\ Lisp/Scheme program text
>1 string autoload\ Lisp/Scheme program text
>1 string custom-set-variables Lisp/Scheme program text
# Emacs 18 - this is always correct, but not very magical.
0 string \012( Emacs v18 byte-compiled Lisp data

73
contrib/file/Magdir/mach
View File

@ -1,21 +1,75 @@
#------------------------------------------------------------------------------
# mach file description
#
0 belong 0xcafebabe Mach-O fat file
>4 belong 1 with 1 architecture
>4 belong >1
>>4 belong x with %ld architectures
# Since Java bytecode and Mach-O fat-files have the same magic number the test
# must be preformed in the same "magic" sequence to get both right. The long
# at offset 4 in a fat file tells the number of architectures. The short at
# offset 4 in a Java bytecode file is the compiler minor version and the
# short at offset 6 is the compiler major version. Since there are only
# only 18 labeled Mach-O architectures at current, and the first released
# Java class format was version 43.0, we can safely choose any number
# between 18 and 39 to test the number of architectures against
# (and use as a hack).
#
0 belong 0xfeedface Mach-O
0 belong 0xcafebabe
>4 belong >19 compiled Java class data,
>>6 beshort x version %d.
>>4 beshort x \b%d
>4 belong 1 Mach-O fat file with 1 architecture
>4 belong >1
# The following is necessary to support java class files.
>>4 belong <20 Mach-O fat file with %ld architectures
#>>4 belong <0xffff Mach-O fat file with %ld architectures
#
0 lelong&0xfeffffff 0xfeedface Mach-O
>0 byte 0xcf 64-bit
>12 lelong 1 object
>12 lelong 2 executable
>12 lelong 3 fixed virtual memory shared library
>12 lelong 4 core
>12 lelong 5 preload executable
>12 lelong 6 dynamically linked shared library
>12 lelong 7 dynamic linker
>12 lelong 8 bundle
>12 lelong 9 dynamically linked shared library stub
>12 lelong >9
>>12 lelong x filetype=%ld
>4 lelong <0
>>4 lelong x architecture=%ld
>4 lelong 1 vax
>4 lelong 2 romp
>4 lelong 3 architecture=3
>4 lelong 4 ns32032
>4 lelong 5 ns32332
>4 lelong 6 m68k
>4 lelong 7 i386
>4 lelong 8 mips
>4 lelong 9 ns32532
>4 lelong 10 architecture=10
>4 lelong 11 hppa
>4 lelong 12 acorn
>4 lelong 13 m88k
>4 lelong 14 sparc
>4 lelong 15 i860-big
>4 lelong 16 i860
>4 lelong 17 rs6000
>4 lelong 18 ppc
>4 lelong 16777234 ppc64
>4 lelong >16777234
>>4 lelong x architecture=%ld
#
0 belong&0xfffffffe 0xfeedface Mach-O
>3 byte 0xcf 64-bit
>12 belong 1 object
>12 belong 2 executable
>12 belong 3 shared library
>12 belong 3 fixed virtual memory shared library
>12 belong 4 core
>12 belong 5 preload executable
>12 belong 6 dynamically linked shared library
>12 belong 7 dynamic linker
>12 belong 8 bundle
>12 belong >8
>12 belong 9 dynamically linked shared library stub
>12 belong >9
>>12 belong x filetype=%ld
>4 belong <0
>>4 belong x architecture=%ld
@ -34,7 +88,7 @@
>4 belong 8 mips
>4 belong 9 ns32532
>4 belong 10 architecture=10
>4 belong 11 hp pa-risc
>4 belong 11 hppa
>4 belong 12 acorn
>4 belong 13 m88k
>4 belong 14 sparc
@ -42,5 +96,6 @@
>4 belong 16 i860
>4 belong 17 rs6000
>4 belong 18 ppc
>4 belong >18
>4 belong 16777234 ppc64
>4 belong >16777234
>>4 belong x architecture=%ld

2
contrib/file/Magdir/macintosh
View File

@ -18,7 +18,7 @@
# Newer StuffIt archives (grant@netbsd.org)
0 string StuffIt StuffIt Archive
>162 string >0 : %s
#>162 string >0 : %s
# Macintosh Applications and Installation binaries (franklsm@tuns.ca)
0 string APPL Macintosh Application (data)

5
contrib/file/Magdir/mail.news
View File

@ -36,5 +36,6 @@
# Squish Fidonet message area databases
# SQD file (requires at least one message in the area)
256 leshort 0xAFAE4453 Squish message area data file
>4 leshort >0 (%d messages)
# XXX: Weak magic
#256 leshort 0xAFAE4453 Squish message area data file
#>4 leshort >0 (%d messages)

1
contrib/file/Magdir/maple
View File

@ -32,7 +32,6 @@
# that is {VERSION major_version miunor_version computer_type version_string}
0 string {VERSION\ Maple worksheet
>9 string >\0 version %.1s.
>>10 string
>>>11 string >\0 %.1s
# .mps

9
contrib/file/Magdir/misctools
View File

@ -1,5 +1,10 @@
#-----------------------------------------------------------------------------
# misctools: file(1) magic for miscelanous UNIX tools.
#
0 string %%!! X-Post-It-Note text
0 string BEGIN:VCALENDAR vCalendar calendar file
0 string %%!! X-Post-It-Note text
0 string BEGIN:VCALENDAR vCalendar calendar file
0 string BEGIN:VCARD vCard visiting card
# From: Alex Beregszaszi <alex@fsn.hu>
4 string gtktalog GNOME Catalogue (gtktalog)
>13 string >\0 version %s

475
contrib/file/Magdir/msdos
View File

@ -4,7 +4,31 @@
#
# .BAT files (Daniel Quinlan, quinlan@yggdrasil.com)
0 string/c @echo\ off MS-DOS batch file text
# updated by Joerg Jenderek
0 string @
>1 string/cB \ echo\ off MS-DOS batch file text
>1 string/cB echo\ off MS-DOS batch file text
>1 string/cB rem\ MS-DOS batch file text
>1 string/cB set\ MS-DOS batch file text
# OS/2 batch files are REXX. the second regex is a bit generic, oh well
# the matched commands seem to be common in REXX and uncommon elsewhere
100 regex/c =^\\s*call\s+rxfuncadd.*sysloadfu OS/2 REXX batch file text
100 regex/c =^\\s*say\ ['"] OS/2 REXX batch file text
0 leshort 0x14c MS Windows COFF Intel 80386 object file
#>4 ledate x stamp %s
0 leshort 0x166 MS Windows COFF MIPS R4000 object file
#>4 ledate x stamp %s
0 leshort 0x184 MS Windows COFF Alpha object file
#>4 ledate x stamp %s
0 leshort 0x268 MS Windows COFF Motorola 68000 object file
#>4 ledate x stamp %s
0 leshort 0x1f0 MS Windows COFF PowerPC object file
#>4 ledate x stamp %s
0 leshort 0x290 MS Windows COFF PA-RISC object file
#>4 ledate x stamp %s
# XXX - according to Microsoft's spec, at an offset of 0x3c in a
# PE-format executable is the offset in the file of the PE header;
@ -19,109 +43,215 @@
# probably some linker directive to set it. The linker version was
# 3.0, except for one ".exe" which had it as 4.20 (same damn linker!).
#
128 string PE\0\0 MS Windows PE
>150 leshort&0x0100 >0 32-bit
>132 leshort 0x0 unknown processor
>132 leshort 0x14c Intel 80386
>132 leshort 0x166 MIPS R4000
>132 leshort 0x184 Alpha
>132 leshort 0x268 Motorola 68000
>132 leshort 0x1f0 PowerPC
>132 leshort 0x290 PA-RISC
>148 leshort >27
>>220 leshort 0 unknown subsystem
>>220 leshort 1 native
>>220 leshort 2 GUI
>>220 leshort 3 console
>>220 leshort 7 POSIX
>150 leshort&0x2000 =0 executable
#>>136 ledate x stamp %s,
>>150 leshort&0x0001 >0 not relocatable
#>>150 leshort&0x0004 =0 with line numbers,
#>>150 leshort&0x0008 =0 with local symbols,
#>>150 leshort&0x0200 =0 with debug symbols,
>>150 leshort&0x1000 >0 system file
#>>148 leshort >0
#>>>154 byte x linker %d
#>>>155 byte x \b.%d,
#>>148 leshort >27
#>>>192 leshort x requires OS %d
#>>>194 leshort x \b.%d,
#>>>196 leshort x user version %d
#>>>198 leshort x \b.%d,
#>>>200 leshort x subsystem version %d
#>>>202 leshort x \b.%d,
>150 leshort&0x2000 >0 DLL
#>>136 ledate x stamp %s,
>>150 leshort&0x0001 >0 not relocatable
#>>150 leshort&0x0004 =0 with line numbers,
#>>150 leshort&0x0008 =0 with local symbols,
#>>150 leshort&0x0200 =0 with debug symbols,
>>150 leshort&0x1000 >0 system file
#>>148 leshort >0
#>>>154 byte x linker %d
#>>>155 byte x \b.%d,
#>>148 leshort >27
#>>>192 leshort x requires OS %d
#>>>194 leshort x \b.%d,
#>>>196 leshort x user version %d
#>>>198 leshort x \b.%d,
#>>>200 leshort x subsystem version %d
#>>>202 leshort x \b.%d,
0 leshort 0x14c MS Windows COFF Intel 80386 object file
#>4 ledate x stamp %s
0 leshort 0x166 MS Windows COFF MIPS R4000 object file
#>4 ledate x stamp %s
0 leshort 0x184 MS Windows COFF Alpha object file
#>4 ledate x stamp %s
0 leshort 0x268 MS Windows COFF Motorola 68000 object file
#>4 ledate x stamp %s
0 leshort 0x1f0 MS Windows COFF PowerPC object file
#>4 ledate x stamp %s
0 leshort 0x290 MS Windows COFF PA-RISC object file
#>4 ledate x stamp %s
# many of the compressed formats were extraced from IDARC 1.23 source code
#
0 string MZ MS-DOS executable
>0 string MZ\0\0\0\0\0\0\0\0\0\0PE\0\0 \b, PE for MS Windows
>>&18 leshort&0x2000 >0 (DLL)
>>&88 leshort 0 (unknown subsystem)
>>&88 leshort 1 (native)
>>&88 leshort 2 (GUI)
>>&88 leshort 3 (console)
>>&88 leshort 7 (POSIX)
>>&0 leshort 0x0 unknown processor
>>&0 leshort 0x14c Intel 80386
>>&0 leshort 0x166 MIPS R4000
>>&0 leshort 0x184 Alpha
>>&0 leshort 0x268 Motorola 68000
>>&0 leshort 0x1f0 PowerPC
>>&0 leshort 0x290 PA-RISC
>>&18 leshort&0x0100 >0 32-bit
>>&18 leshort&0x1000 >0 system file
>>&0xf4 search/0x140 \x0\x40\x1\x0
>>>(&0.l+(4)) string MSCF \b, WinHKI CAB self-extracting archive
>0x18 leshort >0x3f
>>(0x3c.l) string PE\0\0 PE
# hooray, there's a DOS extender using the PE format, with a valid PE
# executable inside (which just prints a message and exits if run in win)
>>>(8.s*16) string 32STUB for MS-DOS, 32rtm DOS extender
>>>(8.s*16) string !32STUB for MS Windows
>>>>(0x3c.l+22) leshort&0x2000 >0 (DLL)
>>>>(0x3c.l+92) leshort 0 (unknown subsystem)
>>>>(0x3c.l+92) leshort 1 (native)
>>>>(0x3c.l+92) leshort 2 (GUI)
>>>>(0x3c.l+92) leshort 3 (console)
>>>>(0x3c.l+92) leshort 7 (POSIX)
>>>>(0x3c.l+4) leshort 0x0 unknown processor
>>>>(0x3c.l+4) leshort 0x14c Intel 80386
>>>>(0x3c.l+4) leshort 0x166 MIPS R4000
>>>>(0x3c.l+4) leshort 0x184 Alpha
>>>>(0x3c.l+4) leshort 0x268 Motorola 68000
>>>>(0x3c.l+4) leshort 0x1f0 PowerPC
>>>>(0x3c.l+4) leshort 0x290 PA-RISC
>>>>(0x3c.l+22) leshort&0x0100 >0 32-bit
>>>>(0x3c.l+22) leshort&0x1000 >0 system file
>>>>(0x3c.l+0xf8) string UPX0 \b, UPX compressed
>>>>(0x3c.l+0xf8) search/0x140 PEC2 \b, PECompact2 compressed
>>>>(0x3c.l+0xf8) search/0x140 UPX2
>>>>>(&0x10.l+(-4)) string PK\3\4 \b, ZIP self-extracting archive (Info-Zip)
>>>>(0x3c.l+0xf8) search/0x140 .idata
>>>>>(&0xe.l+(-4)) string PK\3\4 \b, ZIP self-extracting archive (Info-Zip)
>>>>>(&0xe.l+(-4)) string ZZ0 \b, ZZip self-extracting archive
>>>>>(&0xe.l+(-4)) string ZZ1 \b, ZZip self-extracting archive
>>>>(0x3c.l+0xf8) search/0x140 .rsrc
>>>>>(&0x0f.l+(-4)) string a\\\4\5 \b, WinHKI self-extracting archive
>>>>>(&0x0f.l+(-4)) string Rar! \b, RAR self-extracting archive
>>>>>(&0x0f.l+(-4)) search/0x3000 MSCF \b, InstallShield self-extracting archive
>>>>>(&0x0f.l+(-4)) search/32 Nullsoft \b, Nullsoft Installer self-extracting archive
>>>>(0x3c.l+0xf8) search/0x140 .data
>>>>>(&0x0f.l) string WEXTRACT \b, MS CAB-Installer self-extracting archive
>>>>(0x3c.l+0xf8) search/0x140 .petite\0 \b, Petite compressed
>>>>>(0x3c.l+0xf7) byte x
>>>>>>(&0x104.l+(-4)) string =!sfx! \b, ACE self-extracting archive
>>>>(0x3c.l+0xf8) search/0x140 .WISE \b, WISE installer self-extracting archive
>>>>(0x3c.l+0xf8) search/0x140 .dz\0\0\0 \b, Dzip self-extracting archive
>>>>(0x3c.l+0xf8) search/0x140 .reloc
>>>>>(&0xe.l+(-4)) search/0x180 PK\3\4 \b, ZIP self-extracting archive (WinZip)
>>>>&(0x3c.l+0xf8) search/0x100 _winzip_ \b, ZIP self-extracting archive (WinZip)
>>>>&(0x3c.l+0xf8) search/0x100 SharedD \b, Microsoft Installer self-extracting archive
>>>>0x30 string Inno \b, InnoSetup self-extracting archive
>>(0x3c.l) string NE \b, NE
>>>(0x3c.l+0x36) byte 0 (unknown OS)
>>>(0x3c.l+0x36) byte 1 for OS/2 1.x
>>>(0x3c.l+0x36) byte 2 for MS Windows 3.x
>>>(0x3c.l+0x36) byte 3 for MS-DOS
>>>(0x3c.l+0x36) byte >3 (unknown OS)
>>>(0x3c.l+0x36) byte 0x81 for MS-DOS, Phar Lap DOS extender
>>>(0x3c.l+0x0c) leshort&0x8003 0x8002 (DLL)
>>>(0x3c.l+0x0c) leshort&0x8003 0x8001 (driver)
>>>&(&0x24.s-1) string ARJSFX \b, ARJ self-extracting archive
>>>(0x3c.l+0x70) search/0x80 WinZip(R)\ Self-Extractor \b, ZIP self-extracting archive (WinZip)
>>(0x3c.l) string LX\0\0 \b, LX
>>>(0x3c.l+0x0a) leshort <1 (unknown OS)
>>>(0x3c.l+0x0a) leshort 1 for OS/2
>>>(0x3c.l+0x0a) leshort 2 for MS Windows
>>>(0x3c.l+0x0a) leshort 3 for DOS
>>>(0x3c.l+0x0a) leshort >3 (unknown OS)
>>>(0x3c.l+0x10) lelong&0x28000 =0x8000 (DLL)
>>>(0x3c.l+0x10) lelong&0x20000 >0 (device driver)
>>>(0x3c.l+0x10) lelong&0x300 0x300 (GUI)
>>>(0x3c.l+0x10) lelong&0x28300 <0x300 (console)
>>>(0x3c.l+0x08) leshort 1 i80286
>>>(0x3c.l+0x08) leshort 2 i80386
>>>(0x3c.l+0x08) leshort 3 i80486
>>>(8.s*16) string emx \b, emx
>>>>&1 string x %s
>>>&(&0x54.l-3) string arjsfx \b, ARJ self-extracting archive
# MS Windows system file, supposedly a collection of LE executables
>>(0x3c.l) string W3 \b, W3 for MS Windows
>>(0x3c.l) string LE\0\0 \b, LE executable
>>>(0x3c.l+0x0a) leshort 1
# some DOS extenders use LE files with OS/2 header
>>>>0x240 search/0x100 DOS/4G for MS-DOS, DOS4GW DOS extender
>>>>0x240 search/0x200 WATCOM\ C/C++ for MS-DOS, DOS4GW DOS extender
>>>>0x440 search/0x100 CauseWay\ DOS\ Extender for MS-DOS, CauseWay DOS extender
>>>>0x40 search/0x40 PMODE/W for MS-DOS, PMODE/W DOS extender
>>>>0x40 search/0x40 STUB/32A for MS-DOS, DOS/32A DOS extender (stub)
>>>>0x40 search/0x80 STUB/32C for MS-DOS, DOS/32A DOS extender (configurable stub)
>>>>0x40 search/0x80 DOS/32A for MS-DOS, DOS/32A DOS extender (embedded)
# this is a wild guess; hopefully it is a specific signature
>>>>&0x24 lelong <0x50
>>>>>(&0x4c.l) string \xfc\xb8WATCOM
>>>>>>&0 search/8 3\xdbf\xb9 \b, 32Lite compressed
# another wild guess: if real OS/2 LE executables exist, they probably have higher start EIP
#>>>>(0x3c.l+0x1c) lelong >0x10000 for OS/2
# fails with DOS-Extenders.
>>>(0x3c.l+0x0a) leshort 2 for MS Windows
>>>(0x3c.l+0x0a) leshort 3 for DOS
>>>(0x3c.l+0x0a) leshort 4 for MS Windows (VxD)
>>>(&0x7c.l+0x26) string UPX \b, UPX compressed
>>>&(&0x54.l-3) string UNACE \b, ACE self-extracting archive
# looks like ASCII, probably some embedded copyright message.
# and definitely not NE/LE/LX/PE
>>0x3c lelong >0x20000000
>>>(4.s*512) leshort !0x014c \b, MZ for MS-DOS
# header data too small for extended executable
>2 long !0
>>0x18 leshort <0x40
>>>(4.s*512) leshort !0x014c
>>>>&(2.s-514) string !LE
>>>>>&-2 string !BW \b, MZ for MS-DOS
>>>>&(2.s-514) string LE \b, LE
>>>>>0x240 search/0x100 DOS/4G for MS-DOS, DOS4GW DOS extender
# educated guess since indirection is still not capable enough for complex offset
# calculations (next embedded executable would be at &(&2*512+&0-2)
# I suspect there are only LE executables in these multi-exe files
>>>>&(2.s-514) string BW
>>>>>0x240 search/0x100 DOS/4G ,\b LE for MS-DOS, DOS4GW DOS extender (embedded)
>>>>>0x240 search/0x100 !DOS/4G ,\b BW collection for MS-DOS
# This sequence skips to the first COFF segment, usually .text
>(4.s*512) leshort 0x014c \b, COFF
>>(8.s*16) string go32stub for MS-DOS, DJGPP go32 DOS extender
>>(8.s*16) string emx
>>>&1 string x for DOS, Win or OS/2, emx %s
>>&(&0x42.l-3) byte x
>>>&0x26 string UPX \b, UPX compressed
# and yet another guess: small .text, and after large .data is unusal, could be 32lite
>>&0x2c search/0xa0 .text
>>>&0x0b lelong <0x2000
>>>>&0 lelong >0x6000 \b, 32lite compressed
>(8.s*16) string $WdX \b, WDos/X DOS extender
# .EXE formats (Greg Roelofs, newt@uchicago.edu)
#
0 string MZ MS-DOS executable (EXE)
>24 string @ \b, OS/2 or MS Windows
>>0xe7 string LH/2\ Self-Extract \b, %s
>>0xe9 string PKSFX2 \b, %s
>>122 string Windows\ self-extracting\ ZIP \b, %s
>0x1c string RJSX\xff\xff \b, ARJ SFX
>0x1c string diet\xf9\x9c \b, diet compressed
>0x1c string LZ09 \b, LZEXE v0.90 compressed
>0x1c string LZ91 \b, LZEXE v0.91 compressed
>0x1e string Copyright\ 1989-1990\ PKWARE\ Inc. \b, PKSFX
# JM: 0x1e "PKLITE Copr. 1990-92 PKWARE Inc. All Rights Reserved\7\0\0\0"
>0x1e string PKLITE\ Copr. \b, %.6s compressed
>0x24 string LHa's\ SFX \b, %.15s
>0x24 string LHA's\ SFX \b, %.15s
>1638 string -lh5- \b, LHa SFX archive v2.13S
>7195 string Rar! \b, RAR self-extracting archive
#
# [GRR 950118: file 3.15 has a buffer-size limitation; offsets bigger than
# 8161 bytes are ignored. To make the following entries work, increase
# HOWMANY in file.h to 32K at least, and maybe to 70K or more for OS/2,
# NT/Win32 and VMS.]
# [GRR: some company sells a self-extractor/displayer for image data(!)]
#
>11696 string PK\003\004 \b, PKZIP SFX archive v1.1
>13297 string PK\003\004 \b, PKZIP SFX archive v1.93a
>15588 string PK\003\004 \b, PKZIP2 SFX archive v1.09
>15770 string PK\003\004 \b, PKZIP SFX archive v2.04g
>28374 string PK\003\004 \b, PKZIP2 SFX archive v1.02
#
# Info-ZIP self-extractors
# these are the DOS versions:
>25115 string PK\003\004 \b, Info-ZIP SFX archive v5.12
>26331 string PK\003\004 \b, Info-ZIP SFX archive v5.12 w/decryption
# these are the OS/2 versions (OS/2 is flagged above):
>47031 string PK\003\004 \b, Info-ZIP SFX archive v5.12
>49845 string PK\003\004 \b, Info-ZIP SFX archive v5.12 w/decryption
# this is the NT/Win32 version:
>69120 string PK\003\004 \b, Info-ZIP NT SFX archive v5.12 w/decryption
>0x35 string \x8e\xc0\xb9\x08\x00\xf3\xa5\x4a\x75\xeb\x8e\xc3\x8e\xd8\x33\xff\xbe\x30\x00\x05 \b, aPack compressed
>0xe7 string LH/2\ Self-Extract \b, %s
>0x1c string diet \b, diet compressed
>0x1c string LZ09 \b, LZEXE v0.90 compressed
>0x1c string LZ91 \b, LZEXE v0.91 compressed
>0x1c string tz \b, TinyProg compressed
>0x1e string PKLITE \b, %s compressed
>0x64 string W\ Collis\0\0 \b, Compack compressed
>0x24 string LHa's\ SFX \b, LHa self-extracting archive
>0x24 string LHA's\ SFX \b, LHa self-extracting archive
>0x24 string \ $ARX \b, ARX self-extracting archive
>0x24 string \ $LHarc \b, LHarc self-extracting archive
>0x20 string SFX\ by\ LARC \b, LARC self-extracting archive
>1638 string -lh5- \b, LHa self-extracting archive v2.13S
>0x17888 string Rar! \b, RAR self-extracting archive
>0x40 string aPKG \b, aPackage self-extracting archive
>32 string AIN
>>35 string 2 \b, AIN 2.x compressed
>>35 string <2 \b, AIN 1.x compressed
>>35 string >2 \b, AIN 1.x compressed
>28 string UC2X \b, UCEXE compressed
>28 string WWP\ \b, WWPACK compressed
# skip to the end of the exe
>(4.s*512) long x
>>&(2.s-517) byte x
>>>&0 string PK\3\4 \b, ZIP self-extracting archive
>>>&0 string Rar! \b, RAR self-extracting archive
>>>&0 string =!\x11 \b, AIN 2.x self-extracting archive
>>>&0 string =!\x12 \b, AIN 2.x self-extracting archive
>>>&0 string =!\x17 \b, AIN 1.x self-extracting archive
>>>&0 string =!\x18 \b, AIN 1.x self-extracting archive
>>>&7 search/400 **ACE** \b, ACE self-extracting archive
>>>&0 search/0x480 UC2SFX\ Header \b, UC2 self-extracting archive
>0x1c string RJSX \b, ARJ self-extracting archive
# winarj stores a message in the stub instead of the sig in the MZ header
>0x20 search/0xe0 aRJsfX \b, ARJ self-extracting archive
# a few unknown ZIP sfxes, no idea if they are needed or if they are
# already captured by the generic patterns above
>122 string Windows\ self-extracting\ ZIP \b, ZIP self-extracting archive
>(8.s*16) search/0x20 PKSFX \b, ZIP self-extracting archive (PKZIP)
# TODO: how to add this? >FileSize-34 string Windows\ Self-Installing\ Executable \b, ZIP self-extracting archive
#
# TELVOX Teleinformatica CODEC self-extractor for OS/2:
>49801 string \x79\xff\x80\xff\x76\xff \b, CODEC archive v3.21
>>49824 leshort =1 \b, 1 file
@ -131,12 +261,79 @@
# Uncommenting only the first two lines will cover about 2/3 of COM files,
# but it isn't feasible to match all COM files since there must be at least
# two dozen different one-byte "magics".
#0 byte 0xe9 MS-DOS executable (COM)
#>6 string SFX\ of\ LHarc (%s)
#0 byte 0x8c MS-DOS executable (COM)
0 byte 0xe9 DOS executable (COM)
>0x1FE leshort 0xAA55 \b, boot code
>6 string SFX\ of\ LHarc (%s)
0 belong 0xffffffff DOS executable (device driver)
#CMD640X2.SYS
>10 string >\x23
>>10 string !\x2e
>>>17 string <\x5B
>>>>10 string x \b, name: %.8s
#UDMA.SYS KEYB.SYS CMD640X2.SYS
>10 string <\x41
>>12 string >\x40
>>>10 string !$
>>>>12 string x \b, name: %.8s
#BTCDROM.SYS ASPICD.SYS
>22 string >\x40
>>22 string <\x5B
>>>23 string <\x5B
>>>>22 string x \b, name: %.8s
#ATAPICD.SYS
>76 string \0
>>77 string >\x40
>>>77 string <\x5B
>>>>77 string x \b, name: %.8s
0 byte 0x8c DOS executable (COM)
# 0xeb conflicts with "sequent" magic
#0 byte 0xeb MS-DOS executable (COM)
#0 byte 0xb8 MS-DOS executable (COM)
0 byte 0xeb DOS executable (COM)
>0x1FE leshort 0xAA55 \b, boot code
>85 string UPX \b, UPX compressed
>4 string \ $ARX \b, ARX self-extracting archive
>4 string \ $LHarc \b, LHarc self-extracting archive
>0x20e string SFX\ by\ LARC \b, LARC self-extracting archive
0 byte 0xb8 COM executable
# modified by Joerg Jenderek
>1 lelong !0x21cd4cff for DOS
# http://syslinux.zytor.com/comboot.php
# (32-bit COMBOOT) programs *.C32 contain 32-bit code and run in flat-memory 32-bit protected mode
# start with assembler instructions mov eax,21cd4cffh
>1 lelong 0x21cd4cff (32-bit COMBOOT)
0 string \x81\xfc
>4 string \x77\x02\xcd\x20\xb9
>>36 string UPX! FREE-DOS executable (COM), UPX compressed
252 string Must\ have\ DOS\ version DR-DOS executable (COM)
# GRR search is not working
#2 search/28 \xcd\x21 COM executable for MS-DOS
#WHICHFAT.cOM
2 string \xcd\x21 COM executable for DOS
#DELTREE.cOM DELTREE2.cOM
4 string \xcd\x21 COM executable for DOS
#IFMEMDSK.cOM ASSIGN.cOM COMP.cOM
5 string \xcd\x21 COM executable for DOS
#DELTMP.COm HASFAT32.cOM
7 string \xcd\x21
>0 byte !0xb8 COM executable for DOS
#COMP.cOM MORE.COm
10 string \xcd\x21
>5 string !\xcd\x21 COM executable for DOS
#comecho.com
13 string \xcd\x21 COM executable for DOS
#HELP.COm EDIT.coM
18 string \xcd\x21 COM executable for MS-DOS
#NWRPLTRM.COm
23 string \xcd\x21 COM executable for MS-DOS
#LOADFIX.cOm LOADFIX.cOm
30 string \xcd\x21 COM executable for MS-DOS
#syslinux.com 3.11
70 string \xcd\x21 COM executable for DOS
# many compressed/converted COMs start with a copy loop instead of a jump
0x6 search/0xa \xfc\x57\xf3\xa5\xc3 COM executable for MS-DOS
0x6 search/0xa \xfc\x57\xf3\xa4\xc3 COM executable for DOS
>0x18 search/0x10 \x50\xa4\xff\xd5\x73 \b, aPack compressed
0x3c string W\ Collis\0\0 COM executable for MS-DOS, Compack compressed
# FIXME: missing diet .com compression
# miscellaneous formats
0 string LZ MS-DOS executable (built-in)
@ -145,9 +342,10 @@
#
# Windows Registry files.
#
0 string regf Windows NT registry file
0 string CREG Windows 95 registry file
# updated by Joerg Jenderek
0 string regf Windows NT/XP registry file
0 string CREG Windows 95/98/ME registry file
0 string SHCC3 Windows 3.1 registry file
# AAF files:
@ -207,7 +405,9 @@
>15 string 1.0\ --\ HyperTerminal\ data\ file MS-windows Hyperterminal
# Windows Metafont .WMF
0 string \327\315\306\232\000\000\000\000\000\000 ms-windows metafont .wmf
0 string \327\315\306\232 ms-windows metafont .wmf
0 string \002\000\011\000 ms-windows metafont .wmf
0 string \001\000\011\000 ms-windows metafont .wmf
#tz3 files whatever that is (MS Works files)
0 string \003\001\001\004\070\001\000\000 tz3 ms-works file
@ -224,24 +424,24 @@
0 string \211\000\225\003\005\000\062\122\207\304\100\345\042 PGP sig
# windows zips files .dmf
0 string MDIF\032\000\010\000\000\000\372\046\100\175\001\000\001\036\001\000 Ms-windows special zipped file
0 string MDIF\032\000\010\000\000\000\372\046\100\175\001\000\001\036\001\000 MS Windows special zipped file
# Windows help file FTG FTS
0 string \164\146\115\122\012\000\000\000\001\000\000\000 ms-windows help cache
0 string \164\146\115\122\012\000\000\000\001\000\000\000 MS Windows help cache
# grp old windows 3.1 group files
0 string \120\115\103\103 Ms-windows 3.1 group files
0 string \120\115\103\103 MS Windows 3.1 group files
# lnk files windows symlinks
0 string \114\000\000\000\001\024\002\000\000\000\000\000\300\000\000\000\000\000\000\106 ms-Windows shortcut
0 string \114\000\000\000\001\024\002\000\000\000\000\000\300\000\000\000\000\000\000\106 MS Windows shortcut
#ico files
0 string \102\101\050\000\000\000\056\000\000\000\000\000\000\000 Icon for ms-windows
0 string \102\101\050\000\000\000\056\000\000\000\000\000\000\000 Icon for MS Windows
# Windows icons (Ian Springer <ips@fpk.hp.com>)
0 string \000\000\001\000 ms-windows icon resource
0 string \000\000\001\000 MS Windows icon resource
>4 byte 1 - 1 icon
>4 byte >1 - %d icons
>>6 byte >0 \b, %dx
@ -263,7 +463,7 @@
# recycled/info the windows trash bin index
9 string \000\000\000\030\001\000\000\000 ms-windows recycled bin info
9 string \000\000\000\030\001\000\000\000 MS Windows recycled bin info
##### put in Either Magic/font or Magic/news
@ -283,8 +483,8 @@
0 string GERBIL First Choice device file
9 string RABBITGRAPH RabbitGraph file
0 string DCU1 Borland Delphi .DCU file
0 string !<spell> MKS Spell hash list (old format)
0 string !<spell2> MKS Spell hash list
0 string =!<spell> MKS Spell hash list (old format)
0 string =!<spell2> MKS Spell hash list
# Too simple - MPi
#0 string AH Halo(TM) bitmapped font file
0 lelong 0x08086b70 TurboC BGI file
@ -324,32 +524,16 @@
# GFA-BASIC (Wolfram Kleff)
2 string GFA-BASIC3 GFA-BASIC 3 data
# DJGPP compiled files
# v >2, uses DPMI & small(2k) stub (Robert vd Boon, rjvdboon@europe.com)
0x200 string go32stub DOS-executable compiled w/DJGPP
>0x20c string >0 (stub v%.4s)
>>0x8b2 string djp [compressed w/%s
>>>&1 string >\0 %.4s]
>>0x8ad string UPX [compressed w/%s
>>>&1 string >\0 %.4s]
>>0x1c string pmodedj stubbed with %s
# QDOS
4 belong 0x4AFB QDOS executable
>9 pstring x '%s'
0 beshort 0xFB01 QDOS object
>2 pstring x '%s'
#------------------------------------------------------------------------------
# From Stuart Caie <kyzer@4u.net> (developer of cabextract)
# Microsoft Cabinet files
0 string MSCF\0\0\0\0 Microsoft Cabinet file
0 string MSCF\0\0\0\0 Microsoft Cabinet archive data
>8 lelong x \b, %u bytes
>28 leshort 1 \b, 1 file
>28 leshort >1 \b, %u files
# InstallShield Cabinet files
0 string ISc( InstallShield Cabinet file
0 string ISc( InstallShield Cabinet archive data
>5 byte&0xf0 =0x60 version 6,
>5 byte&0xf0 !0x60 version 4/5,
>(12.l+40) lelong x %u files
@ -404,3 +588,22 @@
# of characters instead of all the "description length"
# number of characters -- indicated by the ulelong at offset 60.
>>(64.l) lestring16 >0 Description: %15.15s
# From: Alex Beregszaszi <alex@fsn.hu>
0 string COWD VMWare3 disk image
>12 belong x %d bytes
0 string VMDK VMware4 disk image
0 belong 0x514649fb QEMU Copy-On-Write disk image
>4 belong x version %d,
>24 belong x size %d +
>28 belong x %d
0 string QEVM QEMU's suspend to disk image
0 string Bochs\ Virtual\ HD\ Image Bochs disk image,
>32 string x type %s,
>48 string x subtype %s
0 lelong 0x02468ace Bochs Sparse disk image

22
contrib/file/Magdir/mup Normal file
View File

@ -0,0 +1,22 @@
# ------------------------------------------------------------------------
# mup: file(1) magic for Mup (Music Publisher) input file.
#
# From: Abel Cheung <abel (@) oaka.org>
#
# NOTE: This header is mainly proposed in the Arkkra mailing list,
# and is not a mandatory header because of old mup input file
# compatibility. Noteedit also use mup format, but is not forcing
# user to use any header as well.
#
0 string //!Mup Mup music publication program input text
>6 string -Arkkra (Arkkra)
>>13 string -
>>>16 string .
>>>>14 string x \b, need V%.4s
>>>15 string .
>>>>14 string x \b, need V%.3s
>6 string -
>>9 string .
>>>7 string x \b, need V%.4s
>>8 string .
>>>7 string x \b, need V%.3s

4
contrib/file/Magdir/ncr
View File

@ -34,14 +34,14 @@
0 beshort 000640 Tower32/800 68020
>18 beshort &020000 w/68881 object
>18 beshort &040000 compatible object
>18 beshort &~060000 object
>18 beshort &060000 object
>20 beshort 0407 executable
>20 beshort 0413 pure executable
>12 belong >0 not stripped
>22 beshort >0 - version %ld
0 beshort 000645 Tower32/800 68010
>18 beshort &040000 compatible object
>18 beshort &~060000 object
>18 beshort &060000 object
>20 beshort 0407 executable
>20 beshort 0413 pure executable
>12 belong >0 not stripped

9
contrib/file/Magdir/perl
View File

@ -18,6 +18,15 @@
#0 regex package Perl5 module source text (via regex)
0 string package Perl5 module source text
# Perl POD documents
# From: Tom Hukins <tom@eborcom.com>
0 string/B \=pod\n Perl POD document
0 string/B \n\=pod\n Perl POD document
0 string/B \=head1\ Perl POD document
0 string/B \n\=head1\ Perl POD document
0 string/B \=head2\ Perl POD document
0 string/B \n\=head2\ Perl POD document
# Perl Storable data files.
0 string perl-store perl Storable(v0.6) data
>4 byte >0 (net-order %d)

4
contrib/file/Magdir/printer
View File

@ -114,3 +114,7 @@
#------------------------------------------------------------------------------
# HP LaserJet 1000 series downloadable firmware file
0 string \xbe\xefABCDEFGH HP LaserJet 1000 series downloadable firmware
# From: Paolo <oopla@users.sf.net>
# Epson ESC/Page, ESC/PageColor
0 string \x1b\x01@EJL Epson ESC/Page language printer data

6
contrib/file/Magdir/psion
View File

@ -8,7 +8,7 @@
>4 lelong 0x1000003A printer driver
>4 lelong 0x1000003B clipboard
>4 lelong 0x10000042 multi-bitmap image
>4 lelong 0x1000006A application infomation file
>4 lelong 0x1000006A application information file
>4 lelong 0x1000006D
>>8 lelong 0x1000007D sketch image
>>8 lelong 0x1000007E voice note
@ -37,7 +37,7 @@
>4 lelong 0x100000AD physical device driver
>4 lelong 0x100000E5 file transfer protocol
>4 lelong 0x100000E5 file transfer protocol
>4 lelong 0x10000140 printer defintion
>4 lelong 0x10000141 printer defintion
>4 lelong 0x10000140 printer definition
>4 lelong 0x10000141 printer definition
0 lelong 0x1000007A Psion Series 5 executable

4
contrib/file/Magdir/python
View File

@ -12,3 +12,7 @@
0 belong 0x2aeb0d0a python 2.1 byte-compiled
0 belong 0x2ded0d0a python 2.2 byte-compiled
0 belong 0x3bf20d0a python 2.3 byte-compiled
0 belong 0x6df20d0a python 2.4 byte-compiled
0 string/b #!\ /usr/bin/python python script text executable

1
contrib/file/Magdir/riff
View File

@ -127,6 +127,7 @@
>>>>>>>(104.l+132) string/c divx DivX 4
>>>>>>>(104.l+132) string/c dx50 DivX 5
>>>>>>>(104.l+132) string/c xvid XviD
>>>>>>>(104.l+132) string/c h264 X.264
>>>>>>>(104.l+132) lelong 0
##>>>>>>>(104.l+132) string x (%.4s)
# skip past first (video) LIST

60
contrib/file/Magdir/scientific Normal file
View File

@ -0,0 +1,60 @@
#------------------------------------------------------------------------------
# scientific: file(1) magic for scientific formats
#
# From: Joe Krahn <krahn@niehs.nih.gov>
########################################################
# CCP4 data and plot files:
0 string MTZ\040 MTZ reflection file
92 string PLOT%%84 Plot84 plotting file
>52 byte 1 , Little-endian
>55 byte 1 , Big-endian
########################################################
# Electron density MAP/MASK formats
0 string EZD_MAP NEWEZD Electron Density Map
109 string MAP\040( Old EZD Electron Density Map
0 string/c :-)\040Origin BRIX Electron Density Map
>170 string >0 , Sigma:%.12s
#>4 string >0 %.178s
#>4 addr x %.178s
7 string 18\040!NTITLE XPLOR ASCII Electron Density Map
9 string \040!NTITLE\012\040REMARK CNS ASCII electron density map
208 string MAP\040 CCP4 Electron Density Map
# Assumes same stamp for float and double (normal case)
>212 byte 17 \b, Big-endian
>212 byte 34 \b, VAX format
>212 byte 68 \b, Little-endian
>212 byte 85 \b, Convex native
############################################################
# X-Ray Area Detector images
0 string R-AXIS4\ \ \ R-Axis Area Detector Image:
>796 lelong <20 Little-endian, IP #%d,
>>768 lelong >0 Size=%dx
>>772 lelong >0 \b%d
>796 belong <20 Big-endian, IP #%d,
>>768 belong >0 Size=%dx
>>772 belong >0 \b%d
0 string RAXIS\ \ \ \ \ R-Axis Area Detector Image, Win32:
>796 lelong <20 Little-endian, IP #%d,
>>768 lelong >0 Size=%dx
>>772 lelong >0 \b%d
>796 belong <20 Big-endian, IP #%d,
>>768 belong >0 Size=%dx
>>772 belong >0 \b%d
1028 string MMX\000\000\000\000\000\000\000\000\000\000\000\000\000 MAR Area Detector Image,
>1072 ulong >1 Compressed(%d),
>1100 ulong >1 %d headers,
>1104 ulong >0 %d x
>1108 ulong >0 %d,
>1120 ulong >0 %d bits/pixel

12
contrib/file/Magdir/sgi
View File

@ -48,12 +48,12 @@
>17 byte x hash %d,
>11 byte x dataformat %d
# Alias|Wavefront Maya files
0 string //Maya ASCII Alias|Wavefront Maya Ascii File,
# Alias Maya files
0 string //Maya ASCII Alias Maya Ascii File,
>13 string >\0 version %s
8 string MAYAFOR4 Alias|Wavefront Maya Binary File,
8 string MAYAFOR4 Alias Maya Binary File,
>32 string >\0 version %s scene
8 string MayaFOR4 Alias|Wavefront Maya Binary File,
8 string MayaFOR4 Alias Maya Binary File,
>32 string >\0 version %s scene
8 string CIMG Alias|Wavefront Maya Image File
8 string DEEP Alias|Wavefront Maya Image File
8 string CIMG Alias Maya Image File
8 string DEEP Alias Maya Image File

2
contrib/file/Magdir/sharc
View File

@ -12,7 +12,7 @@
#------------------------------------------------------------------------
# SHARC DSP stuff (based on the FGM SHARC DSP SDK)
0 string ! Assembler source
0 string =! Assembler source
0 string Analog ADi asm listing file
0 string .SYSTEM SHARC architecture file
0 string .system SHARC architecture file

16
contrib/file/Magdir/sql
View File

@ -16,3 +16,19 @@
0 belong&0xffffff00 0xfefe0600 MySQL ISAM compressed data file
>3 byte x Version %d
0 string \376bin MySQL replication log
#------------------------------------------------------------------------------
# iRiver H Series database file
# From Ken Guest <ken@linux.ie>
# As observed from iRivNavi.iDB and unencoded firmware
#
0 string iRivDB iRiver Database file
>11 string >\0 Version %s
>39 string iHP-100 [H Series]
#------------------------------------------------------------------------------
# SQLite database file
# From Ken Guest <ken@linux.ie>
#
0 string SQLite SQLite database
>14 string >\0 (Version %s)

5
contrib/file/Magdir/varied.out
View File

@ -31,5 +31,6 @@
0 string \xc0HRB Harbour HRB file
>4 short x version %d
# From: "Stefan A. Haubenthal" <polluks@web.de>
0 belong 0x000001EB Plan 9 executable
# From: Alex Beregszaszi <alex@fsn.hu>
# 0 string exec BugOS executable
# 0 string pack BugOS archive

8
contrib/file/Magdir/wordprocessors
View File

@ -106,6 +106,12 @@
# Hangul (Korean) Word Processor File
0 string HWP\ Document\ File Hangul (Korean) Word Processor File
# CosmicBook, from Benoît Rouits
# CosmicBook, from Benoît Rouits
0 string CSBK Ted Neslson's CosmicBook hypertext file
2 string EYWR AmigaWriter file
# chi: file(1) magic for ChiWriter files
0 string \\1cw\ ChiWriter file
>5 string >\0 version %s
0 string \\1cw ChiWriter file

19
contrib/file/Makefile.am
View File

@ -15,11 +15,17 @@ magic: Header Localstuff $(magic_FRAGMENTS)
cat $$f; \
done >> $@
if IS_CROSS_COMPILE
FILE_COMPILE = file
else
FILE_COMPILE = $(top_builddir)/src/file
endif
magic.mgc: magic
$(top_builddir)/src/file -C -m magic
$(FILE_COMPILE) -C -m magic
magic.mime.mgc: magic.mime
$(top_builddir)/src/file -C -m $(srcdir)/magic.mime
$(FILE_COMPILE) -C -m $(srcdir)/magic.mime
magic_FRAGMENTS = \
Magdir/acorn \
@ -38,21 +44,23 @@ Magdir/archive \
Magdir/asterix \
Magdir/att3b \
Magdir/audio \
Magdir/bFLT \
Magdir/basis \
Magdir/bflt \
Magdir/blender \
Magdir/blit \
Magdir/bout \
Magdir/bsdi \
Magdir/btsnoop \
Magdir/cad \
Magdir/c-lang \
Magdir/c64 \
Magdir/cddb \
Magdir/chi \
Magdir/chord \
Magdir/cisco \
Magdir/citrus \
Magdir/claris \
Magdir/clipper \
Magdir/cracklib \
Magdir/spec \
Magdir/commands \
Magdir/communications \
@ -86,7 +94,6 @@ Magdir/gimp \
Magdir/gnu \
Magdir/grace \
Magdir/gringotts \
Magdir/hdf \
Magdir/hitachi-sh \
Magdir/hp \
Magdir/human68k \
@ -125,6 +132,7 @@ Magdir/modem \
Magdir/motorola \
Magdir/msdos \
Magdir/msvc \
Magdir/mup \
Magdir/natinst \
Magdir/ncr \
Magdir/netbsd \
@ -170,6 +178,7 @@ Magdir/sketch \
Magdir/smalltalk \
Magdir/sniffer \
Magdir/dyadic \
Magdir/scientific \
Magdir/softquad \
Magdir/spectrum \
Magdir/sql \

278
contrib/file/Makefile.in
View File

@ -1,8 +1,8 @@
# Makefile.in generated by automake 1.6.3 from Makefile.am.
# Makefile.in generated by automake 1.9.6 from Makefile.am.
# @configure_input@
# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
# Free Software Foundation, Inc.
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
# 2003, 2004, 2005 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
@ -13,83 +13,160 @@
# PARTICULAR PURPOSE.
@SET_MAKE@
SHELL = @SHELL@
srcdir = @srcdir@
top_srcdir = @top_srcdir@
VPATH = @srcdir@
prefix = @prefix@
exec_prefix = @exec_prefix@
bindir = @bindir@
sbindir = @sbindir@
libexecdir = @libexecdir@
datadir = @datadir@
sysconfdir = @sysconfdir@
sharedstatedir = @sharedstatedir@
localstatedir = @localstatedir@
libdir = @libdir@
infodir = @infodir@
mandir = @mandir@
includedir = @includedir@
oldincludedir = /usr/include
pkgdatadir = $(datadir)/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
top_builddir = ..
ACLOCAL = @ACLOCAL@
AUTOCONF = @AUTOCONF@
AUTOMAKE = @AUTOMAKE@
AUTOHEADER = @AUTOHEADER@
am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
INSTALL = @INSTALL@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_DATA = @INSTALL_DATA@
install_sh_DATA = $(install_sh) -c -m 644
install_sh_PROGRAM = $(install_sh) -c
install_sh_SCRIPT = $(install_sh) -c
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_HEADER = $(INSTALL_DATA)
transform = @program_transform_name@
transform = $(program_transform_name)
NORMAL_INSTALL = :
PRE_INSTALL = :
POST_INSTALL = :
NORMAL_UNINSTALL = :
PRE_UNINSTALL = :
POST_UNINSTALL = :
host_alias = @host_alias@
build_triplet = @build@
host_triplet = @host@
EXEEXT = @EXEEXT@
OBJEXT = @OBJEXT@
PATH_SEPARATOR = @PATH_SEPARATOR@
subdir = magic
DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/acinclude.m4 \
$(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
SOURCES =
DIST_SOURCES =
am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
am__vpath_adj = case $$p in \
$(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
*) f=$$p;; \
esac;
am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
am__installdirs = "$(DESTDIR)$(pkgdatadir)"
pkgdataDATA_INSTALL = $(INSTALL_DATA)
DATA = $(pkgdata_DATA)
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
AMDEP_FALSE = @AMDEP_FALSE@
AMDEP_TRUE = @AMDEP_TRUE@
AMTAR = @AMTAR@
AS = @AS@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
CPP = @CPP@
CPPFLAGS = @CPPFLAGS@
CXX = @CXX@
CXXCPP = @CXXCPP@
CXXDEPMODE = @CXXDEPMODE@
CXXFLAGS = @CXXFLAGS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
DLLTOOL = @DLLTOOL@
ECHO = @ECHO@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
F77 = @F77@
FFLAGS = @FFLAGS@
FSECT5_FALSE = @FSECT5_FALSE@
FSECT5_TRUE = @FSECT5_TRUE@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
IS_CROSS_COMPILE_FALSE = @IS_CROSS_COMPILE_FALSE@
IS_CROSS_COMPILE_TRUE = @IS_CROSS_COMPILE_TRUE@
LDFLAGS = @LDFLAGS@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LIBTOOL = @LIBTOOL@
LN_S = @LN_S@
OBJDUMP = @OBJDUMP@
LTLIBOBJS = @LTLIBOBJS@
MAINT = @MAINT@
MAINTAINER_MODE_FALSE = @MAINTAINER_MODE_FALSE@
MAINTAINER_MODE_TRUE = @MAINTAINER_MODE_TRUE@
MAKEINFO = @MAKEINFO@
OBJEXT = @OBJEXT@
PACKAGE = @PACKAGE@
PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
PACKAGE_NAME = @PACKAGE_NAME@
PACKAGE_STRING = @PACKAGE_STRING@
PACKAGE_TARNAME = @PACKAGE_TARNAME@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
RANLIB = @RANLIB@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
STRIP = @STRIP@
VERSION = @VERSION@
ac_ct_AR = @ac_ct_AR@
ac_ct_CC = @ac_ct_CC@
ac_ct_CXX = @ac_ct_CXX@
ac_ct_F77 = @ac_ct_F77@
ac_ct_RANLIB = @ac_ct_RANLIB@
ac_ct_STRIP = @ac_ct_STRIP@
am__fastdepCC_FALSE = @am__fastdepCC_FALSE@
am__fastdepCC_TRUE = @am__fastdepCC_TRUE@
am__fastdepCXX_FALSE = @am__fastdepCXX_FALSE@
am__fastdepCXX_TRUE = @am__fastdepCXX_TRUE@
am__include = @am__include@
am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
datadir = @datadir@
exec_prefix = @exec_prefix@
fsect = @fsect@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
libdir = @libdir@
libexecdir = @libexecdir@
localstatedir = @localstatedir@
mandir = @mandir@
mkdir_p = @mkdir_p@
oldincludedir = @oldincludedir@
prefix = @prefix@
program_transform_name = @program_transform_name@
sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
pkgdata_DATA = magic magic.mime magic.mgc magic.mime.mgc
EXTRA_DIST = magic2mime Localstuff Header magic.mime $(magic_FRAGMENTS)
CLEANFILES = magic magic.mgc magic.mime.mgc
@IS_CROSS_COMPILE_FALSE@FILE_COMPILE = $(top_builddir)/src/file
@IS_CROSS_COMPILE_TRUE@FILE_COMPILE = file
magic_FRAGMENTS = \
Magdir/acorn \
Magdir/adi \
@ -107,21 +184,23 @@ Magdir/archive \
Magdir/asterix \
Magdir/att3b \
Magdir/audio \
Magdir/bFLT \
Magdir/basis \
Magdir/bflt \
Magdir/blender \
Magdir/blit \
Magdir/bout \
Magdir/bsdi \
Magdir/btsnoop \
Magdir/cad \
Magdir/c-lang \
Magdir/c64 \
Magdir/cddb \
Magdir/chi \
Magdir/chord \
Magdir/cisco \
Magdir/citrus \
Magdir/claris \
Magdir/clipper \
Magdir/cracklib \
Magdir/spec \
Magdir/commands \
Magdir/communications \
@ -155,7 +234,6 @@ Magdir/gimp \
Magdir/gnu \
Magdir/grace \
Magdir/gringotts \
Magdir/hdf \
Magdir/hitachi-sh \
Magdir/hp \
Magdir/human68k \
@ -194,6 +272,7 @@ Magdir/modem \
Magdir/motorola \
Magdir/msdos \
Magdir/msvc \
Magdir/mup \
Magdir/natinst \
Magdir/ncr \
Magdir/netbsd \
@ -239,6 +318,7 @@ Magdir/sketch \
Magdir/smalltalk \
Magdir/sniffer \
Magdir/dyadic \
Magdir/scientific \
Magdir/softquad \
Magdir/spectrum \
Magdir/sql \
@ -273,22 +353,38 @@ Magdir/xwindows \
Magdir/zilog \
Magdir/zyxel
subdir = magic
mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
DIST_SOURCES =
DATA = $(pkgdata_DATA)
DIST_COMMON = Makefile.am Makefile.in
all: all-am
.SUFFIXES:
$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4)
$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
*$$dep*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
&& exit 0; \
exit 1;; \
esac; \
done; \
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu magic/Makefile'; \
cd $(top_srcdir) && \
$(AUTOMAKE) --gnu magic/Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
*) \
echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
esac;
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
mostlyclean-libtool:
-rm -f *.lo
@ -299,40 +395,44 @@ clean-libtool:
distclean-libtool:
-rm -f libtool
uninstall-info-am:
pkgdataDATA_INSTALL = $(INSTALL_DATA)
install-pkgdataDATA: $(pkgdata_DATA)
@$(NORMAL_INSTALL)
$(mkinstalldirs) $(DESTDIR)$(pkgdatadir)
test -z "$(pkgdatadir)" || $(mkdir_p) "$(DESTDIR)$(pkgdatadir)"
@list='$(pkgdata_DATA)'; for p in $$list; do \
if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
f="`echo $$p | sed -e 's|^.*/||'`"; \
echo " $(pkgdataDATA_INSTALL) $$d$$p $(DESTDIR)$(pkgdatadir)/$$f"; \
$(pkgdataDATA_INSTALL) $$d$$p $(DESTDIR)$(pkgdatadir)/$$f; \
f=$(am__strip_dir) \
echo " $(pkgdataDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(pkgdatadir)/$$f'"; \
$(pkgdataDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(pkgdatadir)/$$f"; \
done
uninstall-pkgdataDATA:
@$(NORMAL_UNINSTALL)
@list='$(pkgdata_DATA)'; for p in $$list; do \
f="`echo $$p | sed -e 's|^.*/||'`"; \
echo " rm -f $(DESTDIR)$(pkgdatadir)/$$f"; \
rm -f $(DESTDIR)$(pkgdatadir)/$$f; \
f=$(am__strip_dir) \
echo " rm -f '$(DESTDIR)$(pkgdatadir)/$$f'"; \
rm -f "$(DESTDIR)$(pkgdatadir)/$$f"; \
done
tags: TAGS
TAGS:
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ctags: CTAGS
CTAGS:
top_distdir = ..
distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
distdir: $(DISTFILES)
$(mkinstalldirs) $(distdir)/Magdir
@list='$(DISTFILES)'; for file in $$list; do \
$(mkdir_p) $(distdir)/Magdir
@srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's|.|.|g'`; \
list='$(DISTFILES)'; for file in $$list; do \
case $$file in \
$(srcdir)/*) file=`echo "$$file" | sed "s|^$$srcdirstrip/||"`;; \
$(top_srcdir)/*) file=`echo "$$file" | sed "s|^$$topsrcdirstrip/|$(top_builddir)/|"`;; \
esac; \
if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
if test "$$dir" != "$$file" && test "$$dir" != "."; then \
dir="/$$dir"; \
$(mkinstalldirs) "$(distdir)$$dir"; \
$(mkdir_p) "$(distdir)$$dir"; \
else \
dir=''; \
fi; \
@ -350,10 +450,10 @@ distdir: $(DISTFILES)
check-am: all-am
check: check-am
all-am: Makefile $(DATA)
installdirs:
$(mkinstalldirs) $(DESTDIR)$(pkgdatadir)
for dir in "$(DESTDIR)$(pkgdatadir)"; do \
test -z "$$dir" || $(mkdir_p) "$$dir"; \
done
install: install-am
install-exec: install-exec-am
install-data: install-data-am
@ -365,7 +465,7 @@ install-am: all-am
installcheck: installcheck-am
install-strip:
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
INSTALL_STRIP_FLAG=-s \
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
`test -z '$(STRIP)' || \
echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
mostlyclean-generic:
@ -374,7 +474,7 @@ clean-generic:
-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
distclean-generic:
-rm -f Makefile $(CONFIG_CLEAN_FILES)
-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@ -384,13 +484,15 @@ clean: clean-am
clean-am: clean-generic clean-libtool mostlyclean-am
distclean: distclean-am
-rm -f Makefile
distclean-am: clean-am distclean-generic distclean-libtool
dvi: dvi-am
dvi-am:
html: html-am
info: info-am
info-am:
@ -406,24 +508,32 @@ install-man:
installcheck-am:
maintainer-clean: maintainer-clean-am
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
mostlyclean: mostlyclean-am
mostlyclean-am: mostlyclean-generic mostlyclean-libtool
pdf: pdf-am
pdf-am:
ps: ps-am
ps-am:
uninstall-am: uninstall-info-am uninstall-pkgdataDATA
.PHONY: all all-am check check-am clean clean-generic clean-libtool \
distclean distclean-generic distclean-libtool distdir dvi \
dvi-am info info-am install install-am install-data \
install-data-am install-exec install-exec-am install-info \
install-info-am install-man install-pkgdataDATA install-strip \
installcheck installcheck-am installdirs maintainer-clean \
maintainer-clean-generic mostlyclean mostlyclean-generic \
mostlyclean-libtool uninstall uninstall-am uninstall-info-am \
uninstall-pkgdataDATA
dvi-am html html-am info info-am install install-am \
install-data install-data-am install-exec install-exec-am \
install-info install-info-am install-man install-pkgdataDATA \
install-strip installcheck installcheck-am installdirs \
maintainer-clean maintainer-clean-generic mostlyclean \
mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
uninstall uninstall-am uninstall-info-am uninstall-pkgdataDATA
magic: Header Localstuff $(magic_FRAGMENTS)
@ -438,10 +548,10 @@ magic: Header Localstuff $(magic_FRAGMENTS)
done >> $@
magic.mgc: magic
$(top_builddir)/src/file -C -m magic
$(FILE_COMPILE) -C -m magic
magic.mime.mgc: magic.mime
$(top_builddir)/src/file -C -m $(srcdir)/magic.mime
$(FILE_COMPILE) -C -m $(srcdir)/magic.mime
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:

9483
contrib/file/aclocal.m4 vendored
View File

File diff suppressed because it is too large Load Diff

307
contrib/file/apprentice.c
View File

@ -45,7 +45,7 @@
#endif
#ifndef lint
FILE_RCSID("@(#)$Id: apprentice.c,v 1.82 2004/11/24 18:56:04 christos Exp $")
FILE_RCSID("@(#)$Id: apprentice.c,v 1.87 2006/03/02 22:08:57 christos Exp $")
#endif /* lint */
#define EATAB {while (isascii((unsigned char) *l) && \
@ -74,15 +74,28 @@ FILE_RCSID("@(#)$Id: apprentice.c,v 1.82 2004/11/24 18:56:04 christos Exp $")
#define MAXPATHLEN 1024
#endif
#define IS_STRING(t) ((t) == FILE_STRING || (t) == FILE_PSTRING || \
#define IS_PLAINSTRING(t) ((t) == FILE_STRING || (t) == FILE_PSTRING || \
(t) == FILE_BESTRING16 || (t) == FILE_LESTRING16)
#define IS_STRING(t) (IS_PLAINSTRING(t) || (t) == FILE_REGEX || \
(t) == FILE_SEARCH)
private int getvalue(struct magic_set *ms, struct magic *, char **);
struct magic_entry {
struct magic *mp;
uint32_t cont_count;
uint32_t max_count;
};
private int getvalue(struct magic_set *ms, struct magic *, const char **);
private int hextoint(int);
private char *getstr(struct magic_set *, char *, char *, int, int *);
private int parse(struct magic_set *, struct magic **, uint32_t *, char *, int);
private void eatsize(char **);
private const char *getstr(struct magic_set *, const char *, char *, int,
int *);
private int parse(struct magic_set *, struct magic_entry **, uint32_t *,
const char *, int);
private void eatsize(const char **);
private int apprentice_1(struct magic_set *, const char *, int, struct mlist *);
private size_t apprentice_magic_strength(const struct magic *);
private int apprentice_sort(const void *, const void *);
private int apprentice_file(struct magic_set *, struct magic **, uint32_t *,
const char *, int);
private void byteswap(struct magic *, uint32_t);
@ -99,6 +112,7 @@ private int check_format(struct magic_set *, struct magic *);
private size_t maxmagic = 0;
private size_t magicsize = sizeof(struct magic);
#ifdef COMPILE_ONLY
int main(int, char *[]);
@ -161,6 +175,7 @@ apprentice_1(struct magic_set *ms, const char *fn, int action,
free(magic);
return rv;
}
#ifndef COMPILE_ONLY
if ((rv = apprentice_map(ms, &magic, &nmagic, fn)) == -1) {
if (ms->flags & MAGIC_CHECK)
@ -283,6 +298,64 @@ file_apprentice(struct magic_set *ms, const char *fn, int action)
return mlist;
}
private size_t
apprentice_magic_strength(const struct magic *m)
{
switch (m->type) {
case FILE_BYTE:
return 1;
case FILE_SHORT:
case FILE_LESHORT:
case FILE_BESHORT:
return 2;
case FILE_LONG:
case FILE_LELONG:
case FILE_BELONG:
case FILE_MELONG:
return 4;
case FILE_PSTRING:
case FILE_STRING:
case FILE_REGEX:
case FILE_BESTRING16:
case FILE_LESTRING16:
case FILE_SEARCH:
return m->vallen;
case FILE_DATE:
case FILE_LEDATE:
case FILE_BEDATE:
case FILE_MEDATE:
return 4;
case FILE_LDATE:
case FILE_LELDATE:
case FILE_BELDATE:
case FILE_MELDATE:
return 8;
default:
return 0;
}
}
private int
apprentice_sort(const void *a, const void *b)
{
const struct magic_entry *ma = a;
const struct magic_entry *mb = b;
size_t sa = apprentice_magic_strength(ma->mp);
size_t sb = apprentice_magic_strength(mb->mp);
if (sa == sb)
return 0;
else if (sa > sb)
return -1;
else
return 1;
}
/*
* parse from a file
* const char *fn: name of magic file
@ -296,6 +369,8 @@ apprentice_file(struct magic_set *ms, struct magic **magicp, uint32_t *nmagicp,
FILE *f;
char line[BUFSIZ+1];
int errs = 0;
struct magic_entry *marray;
uint32_t marraycount, i, mentrycount;
f = fopen(ms->file = fn, "r");
if (f == NULL) {
@ -306,12 +381,12 @@ apprentice_file(struct magic_set *ms, struct magic **magicp, uint32_t *nmagicp,
}
maxmagic = MAXMAGIS;
*magicp = (struct magic *) calloc(maxmagic, sizeof(struct magic));
if (*magicp == NULL) {
if ((marray = malloc(maxmagic * sizeof(*marray))) == NULL) {
(void)fclose(f);
file_oomem(ms);
return -1;
}
marraycount = 0;
/* print silly verbose header for USG compat. */
if (action == FILE_CHECK)
@ -320,23 +395,53 @@ apprentice_file(struct magic_set *ms, struct magic **magicp, uint32_t *nmagicp,
/* parse it */
for (ms->line = 1; fgets(line, BUFSIZ, f) != NULL; ms->line++) {
size_t len;
if (line[0]=='#') /* comment, do not parse */
if (line[0] == '#') /* comment, do not parse */
continue;
len = strlen(line);
if (len < 2) /* null line, garbage, etc */
continue;
line[len - 1] = '\0'; /* delete newline */
if (parse(ms, magicp, nmagicp, line, action) != 0)
errs = 1;
if (line[len - 1] == '\n')
line[len - 1] = '\0'; /* delete newline */
if (parse(ms, &marray, &marraycount, line, action) != 0)
errs++;
}
(void)fclose(f);
if (errs)
goto out;
#ifndef NOORDER
qsort(marray, marraycount, sizeof(*marray), apprentice_sort);
#endif
for (i = 0, mentrycount = 0; i < marraycount; i++)
mentrycount += marray[i].cont_count;
if ((*magicp = malloc(sizeof(**magicp) * mentrycount)) == NULL) {
file_oomem(ms);
errs++;
goto out;
}
mentrycount = 0;
for (i = 0; i < marraycount; i++) {
(void)memcpy(*magicp + mentrycount, marray[i].mp,
marray[i].cont_count * sizeof(**magicp));
mentrycount += marray[i].cont_count;
}
out:
for (i = 0; i < marraycount; i++)
free(marray[i].mp);
free(marray);
if (errs) {
free(*magicp);
*magicp = NULL;
*nmagicp = 0;
return errs;
} else {
*nmagicp = mentrycount;
return 0;
}
return errs;
}
/*
@ -363,20 +468,23 @@ file_signextend(struct magic_set *ms, struct magic *m, uint32_t v)
case FILE_DATE:
case FILE_BEDATE:
case FILE_LEDATE:
case FILE_MEDATE:
case FILE_LDATE:
case FILE_BELDATE:
case FILE_LELDATE:
case FILE_MELDATE:
case FILE_LONG:
case FILE_BELONG:
case FILE_LELONG:
case FILE_MELONG:
v = (int32_t) v;
break;
case FILE_STRING:
case FILE_PSTRING:
case FILE_BESTRING16:
case FILE_LESTRING16:
break;
case FILE_REGEX:
case FILE_SEARCH:
break;
default:
if (ms->flags & MAGIC_CHECK)
@ -391,41 +499,85 @@ file_signextend(struct magic_set *ms, struct magic *m, uint32_t v)
* parse one line from magic file, put into magic[index++] if valid
*/
private int
parse(struct magic_set *ms, struct magic **magicp, uint32_t *nmagicp, char *l,
int action)
parse(struct magic_set *ms, struct magic_entry **mentryp, uint32_t *nmentryp,
const char *line, int action)
{
int i = 0;
struct magic_entry *me;
struct magic *m;
const char *l = line;
char *t;
private const char *fops = FILE_OPS;
uint32_t val;
uint32_t cont_level, cont_count;
#define ALLOC_INCR 200
if (*nmagicp + 1 >= maxmagic){
maxmagic += ALLOC_INCR;
if ((m = (struct magic *) realloc(*magicp,
sizeof(struct magic) * maxmagic)) == NULL) {
file_oomem(ms);
if (*magicp)
free(*magicp);
return -1;
}
*magicp = m;
memset(&(*magicp)[*nmagicp], 0, sizeof(struct magic)
* ALLOC_INCR);
}
m = &(*magicp)[*nmagicp];
m->flag = 0;
m->cont_level = 0;
cont_level = 0;
while (*l == '>') {
++l; /* step over */
m->cont_level++;
cont_level++;
}
#define ALLOC_CHUNK (size_t)10
#define ALLOC_INCR (size_t)200
if (cont_level != 0) {
if (*nmentryp == 0) {
file_error(ms, 0, "No current entry for continuation");
return -1;
}
me = &(*mentryp)[*nmentryp - 1];
if (me->cont_count == me->max_count) {
struct magic *nm;
size_t cnt = me->max_count + ALLOC_CHUNK;
if ((nm = realloc(me->mp, sizeof(*nm) * cnt)) == NULL) {
file_oomem(ms);
return -1;
}
me->mp = m = nm;
me->max_count = cnt;
}
m = &me->mp[me->cont_count++];
memset(m, 0, sizeof(*m));
m->cont_level = cont_level;
} else {
if (*nmentryp == maxmagic) {
struct magic_entry *mp;
maxmagic += ALLOC_INCR;
if ((mp = realloc(*mentryp, sizeof(*mp) * maxmagic)) ==
NULL) {
file_oomem(ms);
return -1;
}
(void)memset(&mp[*nmentryp], 0, sizeof(*mp) *
ALLOC_INCR);
*mentryp = mp;
}
me = &(*mentryp)[*nmentryp];
if (me->mp == NULL) {
if ((m = malloc(sizeof(*m) * ALLOC_CHUNK)) == NULL) {
file_oomem(ms);
return -1;
}
me->mp = m;
me->max_count = ALLOC_CHUNK;
} else
m = me->mp;
memset(m, 0, sizeof(*m));
m->cont_level = 0;
me->cont_count = 1;
}
if (m->cont_level != 0 && *l == '&') {
++l; /* step over */
m->flag |= OFFADD;
}
if (m->cont_level != 0 && *l == '(') {
++l; /* step over */
m->flag |= INDIR;
if (m->flag & OFFADD)
m->flag = (m->flag & ~OFFADD) | INDIROFFADD;
}
if (m->cont_level != 0 && *l == '&') {
++l; /* step over */
@ -454,6 +606,9 @@ parse(struct magic_set *ms, struct magic **magicp, uint32_t *nmagicp, char *l,
case 'L':
m->in_type = FILE_BELONG;
break;
case 'm':
m->in_type = FILE_MELONG;
break;
case 'h':
case 's':
m->in_type = FILE_LESHORT;
@ -478,7 +633,7 @@ parse(struct magic_set *ms, struct magic **magicp, uint32_t *nmagicp, char *l,
l++;
}
if (*l == '~') {
m->in_op = FILE_OPINVERSE;
m->in_op |= FILE_OPINVERSE;
l++;
}
switch (*l) {
@ -515,15 +670,19 @@ parse(struct magic_set *ms, struct magic **magicp, uint32_t *nmagicp, char *l,
l++;
break;
}
if (isdigit((unsigned char)*l))
m->in_offset = (uint32_t)strtoul(l, &t, 0);
else
t = l;
if (*t++ != ')')
if (*l == '(') {
m->in_op |= FILE_OPINDIRECT;
l++;
}
if (isdigit((unsigned char)*l) || *l == '-') {
m->in_offset = (int32_t)strtol(l, &t, 0);
l = t;
}
if (*l++ != ')' ||
((m->in_op & FILE_OPINDIRECT) && *l++ != ')'))
if (ms->flags & MAGIC_CHECK)
file_magwarn(ms,
"missing ')' in indirect offset");
l = t;
}
@ -541,14 +700,18 @@ parse(struct magic_set *ms, struct magic **magicp, uint32_t *nmagicp, char *l,
#define NBEDATE 6
#define NLESHORT 7
#define NLELONG 6
#define NMELONG 6
#define NLEDATE 6
#define NMEDATE 6
#define NPSTRING 7
#define NLDATE 5
#define NBELDATE 7
#define NLELDATE 7
#define NMELDATE 7
#define NREGEX 5
#define NBESTRING16 10
#define NLESTRING16 10
#define NSEARCH 6
if (*l == 'u') {
++l;
@ -589,9 +752,15 @@ parse(struct magic_set *ms, struct magic **magicp, uint32_t *nmagicp, char *l,
} else if (strncmp(l, "lelong", NLELONG)==0) {
m->type = FILE_LELONG;
l += NLELONG;
} else if (strncmp(l, "melong", NMELONG)==0) {
m->type = FILE_MELONG;
l += NMELONG;
} else if (strncmp(l, "ledate", NLEDATE)==0) {
m->type = FILE_LEDATE;
l += NLEDATE;
} else if (strncmp(l, "medate", NMEDATE)==0) {
m->type = FILE_MEDATE;
l += NMEDATE;
} else if (strncmp(l, "pstring", NPSTRING)==0) {
m->type = FILE_PSTRING;
l += NPSTRING;
@ -604,6 +773,9 @@ parse(struct magic_set *ms, struct magic **magicp, uint32_t *nmagicp, char *l,
} else if (strncmp(l, "leldate", NLELDATE)==0) {
m->type = FILE_LELDATE;
l += NLELDATE;
} else if (strncmp(l, "meldate", NMELDATE)==0) {
m->type = FILE_MELDATE;
l += NMELDATE;
} else if (strncmp(l, "regex", NREGEX)==0) {
m->type = FILE_REGEX;
l += NREGEX;
@ -613,6 +785,9 @@ parse(struct magic_set *ms, struct magic **magicp, uint32_t *nmagicp, char *l,
} else if (strncmp(l, "lestring16", NLESTRING16)==0) {
m->type = FILE_LESTRING16;
l += NLESTRING16;
} else if (strncmp(l, "search", NSEARCH)==0) {
m->type = FILE_SEARCH;
l += NSEARCH;
} else {
if (ms->flags & MAGIC_CHECK)
file_magwarn(ms, "type `%s' invalid", l);
@ -622,15 +797,16 @@ parse(struct magic_set *ms, struct magic **magicp, uint32_t *nmagicp, char *l,
/* New and improved: ~ & | ^ + - * / % -- exciting, isn't it? */
if (*l == '~') {
if (!IS_STRING(m->type))
m->mask_op = FILE_OPINVERSE;
m->mask_op |= FILE_OPINVERSE;
++l;
}
if ((t = strchr(fops, *l)) != NULL) {
uint32_t op = (uint32_t)(t - fops);
if (op != FILE_OPDIVIDE || !IS_STRING(m->type)) {
if (op != FILE_OPDIVIDE || !IS_PLAINSTRING(m->type)) {
++l;
m->mask_op |= op;
val = (uint32_t)strtoul(l, &l, 0);
val = (uint32_t)strtoul(l, &t, 0);
l = t;
m->mask = file_signextend(ms, m, val);
eatsize(&l);
} else {
@ -655,6 +831,7 @@ parse(struct magic_set *ms, struct magic **magicp, uint32_t *nmagicp, char *l,
return -1;
}
}
++l;
}
}
/*
@ -678,15 +855,12 @@ parse(struct magic_set *ms, struct magic **magicp, uint32_t *nmagicp, char *l,
}
break;
case '!':
if (!IS_STRING(m->type)) {
m->reln = *l;
++l;
break;
}
/*FALLTHROUGH*/
m->reln = *l;
++l;
break;
default:
if (*l == 'x' && isascii((unsigned char)l[1]) &&
isspace((unsigned char)l[1])) {
if (*l == 'x' && ((isascii((unsigned char)l[1]) &&
isspace((unsigned char)l[1])) || !l[1])) {
m->reln = *l;
++l;
goto GetDesc; /* Bill The Cat */
@ -730,7 +904,8 @@ parse(struct magic_set *ms, struct magic **magicp, uint32_t *nmagicp, char *l,
file_mdump(m);
}
#endif
++(*nmagicp); /* make room for next */
if (m->cont_level == 0)
++(*nmentryp); /* make room for next */
return 0;
}
@ -791,7 +966,7 @@ check_format(struct magic_set *ms, struct magic *m)
* just after the number read. Return 0 for success, non-zero for failure.
*/
private int
getvalue(struct magic_set *ms, struct magic *m, char **p)
getvalue(struct magic_set *ms, struct magic *m, const char **p)
{
int slen;
@ -801,6 +976,7 @@ getvalue(struct magic_set *ms, struct magic *m, char **p)
case FILE_STRING:
case FILE_PSTRING:
case FILE_REGEX:
case FILE_SEARCH:
*p = getstr(ms, *p, m->value.s, sizeof(m->value.s), &slen);
if (*p == NULL) {
if (ms->flags & MAGIC_CHECK)
@ -812,8 +988,10 @@ getvalue(struct magic_set *ms, struct magic *m, char **p)
return 0;
default:
if (m->reln != 'x') {
char *ep;
m->value.l = file_signextend(ms, m,
(uint32_t)strtoul(*p, p, 0));
(uint32_t)strtoul(*p, &ep, 0));
*p = ep;
eatsize(p);
}
return 0;
@ -826,10 +1004,11 @@ getvalue(struct magic_set *ms, struct magic *m, char **p)
* Copy the converted version to "p", returning its length in *slen.
* Return updated scan pointer as function result.
*/
private char *
getstr(struct magic_set *ms, char *s, char *p, int plen, int *slen)
private const char *
getstr(struct magic_set *ms, const char *s, char *p, int plen, int *slen)
{
char *origs = s, *origp = p;
const char *origs = s;
char *origp = p;
char *pmax = p + plen - 1;
int c;
int val;
@ -1001,9 +1180,9 @@ file_showstr(FILE *fp, const char *s, size_t len)
* eatsize(): Eat the size spec from a number [eg. 10UL]
*/
private void
eatsize(char **p)
eatsize(const char **p)
{
char *l = *p;
const char *l = *p;
if (LOWCASE(*l) == 'u')
l++;
@ -1042,7 +1221,7 @@ apprentice_map(struct magic_set *ms, struct magic **magicp, uint32_t *nmagicp,
if (dbname == NULL)
return -1;
if ((fd = open(dbname, O_RDONLY)) == -1)
if ((fd = open(dbname, O_RDONLY|O_BINARY)) == -1)
return -1;
if (fstat(fd, &st) == -1) {
@ -1132,7 +1311,7 @@ apprentice_compile(struct magic_set *ms, struct magic **magicp,
if (dbname == NULL)
return -1;
if ((fd = open(dbname, O_WRONLY|O_CREAT|O_TRUNC, 0644)) == -1) {
if ((fd = open(dbname, O_WRONLY|O_CREAT|O_TRUNC|O_BINARY, 0644)) == -1) {
file_error(ms, errno, "cannot open `%s'", dbname);
return -1;
}
@ -1225,7 +1404,7 @@ bs1(struct magic *m)
m->cont_level = swap2(m->cont_level);
m->offset = swap4((uint32_t)m->offset);
m->in_offset = swap4((uint32_t)m->in_offset);
if (IS_STRING(m->type))
if (!IS_STRING(m->type))
m->value.l = swap4(m->value.l);
m->mask = swap4(m->mask);
}

119
contrib/file/ascmagic.c
View File

@ -49,7 +49,7 @@
#include "names.h"
#ifndef lint
FILE_RCSID("@(#)$Id: ascmagic.c,v 1.41 2004/09/11 19:15:57 christos Exp $")
FILE_RCSID("@(#)$Id: ascmagic.c,v 1.45 2006/03/12 22:09:33 christos Exp $")
#endif /* lint */
typedef unsigned long unichar;
@ -71,10 +71,11 @@ protected int
file_ascmagic(struct magic_set *ms, const unsigned char *buf, size_t nbytes)
{
size_t i;
unsigned char nbuf[HOWMANY+1]; /* one extra for terminating '\0' */
unichar ubuf[HOWMANY+1]; /* one extra for terminating '\0' */
unsigned char *nbuf = NULL;
unichar *ubuf = NULL;
size_t ulen;
struct names *p;
int rv = -1;
const char *code = NULL;
const char *code_mime = NULL;
@ -84,6 +85,7 @@ file_ascmagic(struct magic_set *ms, const unsigned char *buf, size_t nbytes)
int has_escapes = 0;
int has_backspace = 0;
int seen_cr = 0;
int n_crlf = 0;
int n_lf = 0;
@ -97,13 +99,13 @@ file_ascmagic(struct magic_set *ms, const unsigned char *buf, size_t nbytes)
* Undo the NUL-termination kindly provided by process()
* but leave at least one byte to look at
*/
while (nbytes > 1 && buf[nbytes - 1] == '\0')
nbytes--;
/* nbuf and ubuf relies on this */
if (nbytes > HOWMANY)
nbytes = HOWMANY;
if ((nbuf = malloc((nbytes + 1) * sizeof(nbuf[0]))) == NULL)
goto done;
if ((ubuf = malloc((nbytes + 1) * sizeof(ubuf[0]))) == NULL)
goto done;
/*
* Then try to determine whether it's any character code we can
@ -147,10 +149,16 @@ file_ascmagic(struct magic_set *ms, const unsigned char *buf, size_t nbytes)
type = "character data";
code_mime = "ebcdic";
} else {
return 0; /* doesn't look like text at all */
rv = 0;
goto done; /* doesn't look like text at all */
}
}
if (nbytes <= 1) {
rv = 0;
goto done;
}
/*
* for troff, look for . + letter + letter or .\";
* this must be done to disambiguate tar archives' ./file
@ -224,6 +232,25 @@ file_ascmagic(struct magic_set *ms, const unsigned char *buf, size_t nbytes)
* Now try to discover other details about the file.
*/
for (i = 0; i < ulen; i++) {
if (ubuf[i] == '\n') {
if (seen_cr)
n_crlf++;
else
n_lf++;
last_line_end = i;
} else if (seen_cr)
n_cr++;
seen_cr = (ubuf[i] == '\r');
if (seen_cr)
last_line_end = i;
if (ubuf[i] == 0x85) { /* X3.64/ECMA-43 "next line" character */
n_nel++;
last_line_end = i;
}
/* If this line is _longer_ than MAXLINELEN, remember it. */
if (i > last_line_end + MAXLINELEN)
has_long_lines = 1;
@ -231,59 +258,49 @@ file_ascmagic(struct magic_set *ms, const unsigned char *buf, size_t nbytes)
has_escapes = 1;
if (ubuf[i] == '\b')
has_backspace = 1;
if (ubuf[i] == '\r' && (i + 1 < ulen && ubuf[i + 1] == '\n')) {
n_crlf++;
last_line_end = i;
}
if (ubuf[i] == '\r' && (i + 1 >= ulen || ubuf[i + 1] != '\n')) {
n_cr++;
last_line_end = i;
}
if (ubuf[i] == '\n' && ((int)i - 1 < 0 || ubuf[i - 1] != '\r')){
n_lf++;
last_line_end = i;
}
if (ubuf[i] == 0x85) { /* X3.64/ECMA-43 "next line" character */
n_nel++;
last_line_end = i;
}
}
/* Beware, if the data has been truncated, the final CR could have
been followed by a LF. If we have HOWMANY bytes, it indicates
that the data might have been truncated, probably even before
this function was called. */
if (seen_cr && nbytes < HOWMANY)
n_cr++;
if ((ms->flags & MAGIC_MIME)) {
if (subtype_mime) {
if (file_printf(ms, subtype_mime) == -1)
return -1;
goto done;
} else {
if (file_printf(ms, "text/plain") == -1)
return -1;
goto done;
}
if (code_mime) {
if (file_printf(ms, "; charset=") == -1)
return -1;
goto done;
if (file_printf(ms, code_mime) == -1)
return -1;
goto done;
}
} else {
if (file_printf(ms, code) == -1)
return -1;
goto done;
if (subtype) {
if (file_printf(ms, " ") == -1)
return -1;
goto done;
if (file_printf(ms, subtype) == -1)
return -1;
goto done;
}
if (file_printf(ms, " ") == -1)
return -1;
goto done;
if (file_printf(ms, type) == -1)
return -1;
goto done;
if (has_long_lines)
if (file_printf(ms, ", with very long lines") == -1)
return -1;
goto done;
/*
* Only report line terminators if we find one other than LF,
@ -292,51 +309,57 @@ file_ascmagic(struct magic_set *ms, const unsigned char *buf, size_t nbytes)
if ((n_crlf == 0 && n_cr == 0 && n_nel == 0 && n_lf == 0) ||
(n_crlf != 0 || n_cr != 0 || n_nel != 0)) {
if (file_printf(ms, ", with") == -1)
return -1;
goto done;
if (n_crlf == 0 && n_cr == 0 && n_nel == 0 && n_lf == 0) {
if (file_printf(ms, " no") == -1)
return -1;
goto done;
} else {
if (n_crlf) {
if (file_printf(ms, " CRLF") == -1)
return -1;
goto done;
if (n_cr || n_lf || n_nel)
if (file_printf(ms, ",") == -1)
return -1;
goto done;
}
if (n_cr) {
if (file_printf(ms, " CR") == -1)
return -1;
goto done;
if (n_lf || n_nel)
if (file_printf(ms, ",") == -1)
return -1;
goto done;
}
if (n_lf) {
if (file_printf(ms, " LF") == -1)
return -1;
goto done;
if (n_nel)
if (file_printf(ms, ",") == -1)
return -1;
goto done;
}
if (n_nel)
if (file_printf(ms, " NEL") == -1)
return -1;
goto done;
}
if (file_printf(ms, " line terminators") == -1)
return -1;
goto done;
}
if (has_escapes)
if (file_printf(ms, ", with escape sequences") == -1)
return -1;
goto done;
if (has_backspace)
if (file_printf(ms, ", with overstriking") == -1)
return -1;
goto done;
}
rv = 1;
done:
if (nbuf)
free(nbuf);
if (ubuf)
free(ubuf);
return 1;
return rv;
}
private int

106
contrib/file/compress.c
View File

@ -50,7 +50,7 @@
#endif
#ifndef lint
FILE_RCSID("@(#)$Id: compress.c,v 1.38 2004/09/11 19:15:57 christos Exp $")
FILE_RCSID("@(#)$Id: compress.c,v 1.42 2005/03/06 05:58:22 christos Exp $")
#endif
@ -69,6 +69,8 @@ private struct {
{ "\037\240", 2, { "gzip", "-cdq", NULL }, 1 }, /* SCO LZH */
/* the standard pack utilities do not accept standard input */
{ "\037\036", 2, { "gzip", "-cdq", NULL }, 0 }, /* packed */
{ "PK\3\4", 4, { "gzip", "-cdq", NULL }, 1 }, /* pkzipped, */
/* ...only first file examined */
{ "BZh", 3, { "bzip2", "-cd", NULL }, 1 }, /* bzip2-ed */
};
@ -77,15 +79,16 @@ private int ncompr = sizeof(compr) / sizeof(compr[0]);
private ssize_t swrite(int, const void *, size_t);
private ssize_t sread(int, void *, size_t);
private size_t uncompressbuf(struct magic_set *, size_t, const unsigned char *,
unsigned char **, size_t);
private size_t uncompressbuf(struct magic_set *, int, size_t,
const unsigned char *, unsigned char **, size_t);
#ifdef HAVE_LIBZ
private size_t uncompressgzipped(struct magic_set *, const unsigned char *,
unsigned char **, size_t);
#endif
protected int
file_zmagic(struct magic_set *ms, const unsigned char *buf, size_t nbytes)
file_zmagic(struct magic_set *ms, int fd, const unsigned char *buf,
size_t nbytes)
{
unsigned char *newbuf = NULL;
size_t i, nsz;
@ -98,14 +101,15 @@ file_zmagic(struct magic_set *ms, const unsigned char *buf, size_t nbytes)
if (nbytes < compr[i].maglen)
continue;
if (memcmp(buf, compr[i].magic, compr[i].maglen) == 0 &&
(nsz = uncompressbuf(ms, i, buf, &newbuf, nbytes)) != 0) {
(nsz = uncompressbuf(ms, fd, i, buf, &newbuf,
nbytes)) != 0) {
ms->flags &= ~MAGIC_COMPRESS;
rv = -1;
if (file_buffer(ms, newbuf, nsz) == -1)
if (file_buffer(ms, -1, newbuf, nsz) == -1)
goto error;
if (file_printf(ms, " (") == -1)
goto error;
if (file_buffer(ms, buf, nbytes) == -1)
if (file_buffer(ms, -1, buf, nbytes) == -1)
goto error;
if (file_printf(ms, ")") == -1)
goto error;
@ -308,40 +312,50 @@ uncompressgzipped(struct magic_set *ms, const unsigned char *old,
#endif
private size_t
uncompressbuf(struct magic_set *ms, size_t method, const unsigned char *old,
unsigned char **newch, size_t n)
uncompressbuf(struct magic_set *ms, int fd, size_t method,
const unsigned char *old, unsigned char **newch, size_t n)
{
int fdin[2], fdout[2];
int r;
/* The buffer is NUL terminated, and we don't need that. */
n--;
#ifdef HAVE_LIBZ
if (method == 2)
return uncompressgzipped(ms, old, newch, n);
#endif
(void)fflush(stdout);
(void)fflush(stderr);
if (pipe(fdin) == -1 || pipe(fdout) == -1) {
if ((fd != -1 && pipe(fdin) == -1) || pipe(fdout) == -1) {
file_error(ms, errno, "cannot create pipe");
return 0;
}
switch (fork()) {
case 0: /* child */
(void) close(0);
(void) dup(fdin[0]);
(void) close(fdin[0]);
(void) close(fdin[1]);
if (fd != -1) {
(void) dup(fd);
(void) lseek(0, (off_t)0, SEEK_SET);
} else {
(void) dup(fdin[0]);
(void) close(fdin[0]);
(void) close(fdin[1]);
}
(void) close(1);
(void) dup(fdout[1]);
(void) close(fdout[0]);
(void) close(fdout[1]);
#ifndef DEBUG
if (compr[method].silent)
(void) close(2);
(void)close(2);
#endif
execvp(compr[method].argv[0],
(char *const *)compr[method].argv);
(char *const *)(intptr_t)compr[method].argv);
#ifdef DEBUG
(void)fprintf(stderr, "exec `%s' failed (%s)\n",
compr[method].argv[0], strerror(errno));
#endif
exit(1);
/*NOTREACHED*/
case -1:
@ -349,31 +363,55 @@ uncompressbuf(struct magic_set *ms, size_t method, const unsigned char *old,
return 0;
default: /* parent */
(void) close(fdin[0]);
(void) close(fdout[1]);
/* fork again, to avoid blocking because both pipes filled */
switch (fork()) {
case 0: /* child */
(void)close(fdout[0]);
if (swrite(fdin[1], old, n) != n)
if (fd == -1) {
(void) close(fdin[0]);
/*
* fork again, to avoid blocking because both
* pipes filled
*/
switch (fork()) {
case 0: /* child */
(void)close(fdout[0]);
if (swrite(fdin[1], old, n) != n) {
#ifdef DEBUG
(void)fprintf(stderr,
"Write failed (%s)\n",
strerror(errno));
#endif
exit(1);
}
exit(0);
/*NOTREACHED*/
case -1:
#ifdef DEBUG
(void)fprintf(stderr, "Fork failed (%s)\n",
strerror(errno));
#endif
exit(1);
exit(0);
/*NOTREACHED*/
/*NOTREACHED*/
case -1:
exit(1);
/*NOTREACHED*/
default: /* parent */
break;
default: /* parent */
break;
}
(void) close(fdin[1]);
fdin[1] = -1;
}
(void) close(fdin[1]);
fdin[1] = -1;
if ((*newch = (unsigned char *) malloc(HOWMANY + 1)) == NULL) {
#ifdef DEBUG
(void)fprintf(stderr, "Malloc failed (%s)\n",
strerror(errno));
#endif
n = 0;
goto err;
}
if ((r = sread(fdout[0], *newch, HOWMANY)) <= 0) {
#ifdef DEBUG
(void)fprintf(stderr, "Read failed (%s)\n",
strerror(errno));
#endif
free(*newch);
n = 0;
newch[0] = '\0';

9
contrib/file/config.h.in
View File

@ -36,6 +36,9 @@
/* Define to 1 if you have the `mbrtowc' function. */
#undef HAVE_MBRTOWC
/* Define to 1 if <wchar.h> declares mbstate_t. */
#undef HAVE_MBSTATE_T
/* Define to 1 if you have the <memory.h> header file. */
#undef HAVE_MEMORY_H
@ -45,6 +48,9 @@
/* Define to 1 if you have the `mmap' function. */
#undef HAVE_MMAP
/* Define to 1 if you have the `snprintf' function. */
#undef HAVE_SNPRINTF
/* Define to 1 if you have the <stdint.h> header file. */
#undef HAVE_STDINT_H
@ -106,6 +112,9 @@
/* Define to 1 if you have the <utime.h> header file. */
#undef HAVE_UTIME_H
/* Define to 1 if you have the `vsnprintf' function. */
#undef HAVE_VSNPRINTF
/* Define to 1 if you have the <wchar.h> header file. */
#undef HAVE_WCHAR_H

21687
contrib/file/configure vendored
View File

File diff suppressed because it is too large Load Diff

11
contrib/file/configure.in
View File

@ -1,9 +1,9 @@
dnl Process this file with autoconf to produce a configure script.
AC_INIT
AC_CONFIG_SRCDIR([src/file.c])
AM_INIT_AUTOMAKE(file, 4.12)
AM_INIT_AUTOMAKE(file, 4.17)
AM_CONFIG_HEADER([config.h])
dnl AM_MAINTAINER_MODE
AM_MAINTAINER_MODE
AC_MSG_CHECKING(for builtin ELF support)
AC_ARG_ENABLE(elf,
@ -104,7 +104,7 @@ AC_CHECK_MEMBERS([struct stat.st_rdev],[AC_DEFINE(HAVE_ST_RDEV, 1,
AC_STRUCT_TIMEZONE_DAYLIGHT
AC_SYS_LARGEFILE
AC_MBSTATE_T
AC_TYPE_MBSTATE_T
AC_CHECK_TYPE_STDC(uint8_t, unsigned char)
AC_CHECK_TYPE_STDC(uint16_t, unsigned short)
@ -125,10 +125,13 @@ AC_CHECK_SIZEOF_STDC_HEADERS(uint32_t, 0)
AC_CHECK_SIZEOF_STDC_HEADERS(uint64_t, 0)
dnl Checks for functions
AC_CHECK_FUNCS(mmap strerror strtoul mbrtowc mkstemp getopt_long utimes utime wcwidth)
AC_CHECK_FUNCS(mmap strerror strtoul mbrtowc mkstemp getopt_long utimes utime wcwidth snprintf vsnprintf)
dnl Checks for libraries
AC_CHECK_LIB(z,gzopen)
dnl See if we are cross-compiling
AM_CONDITIONAL(IS_CROSS_COMPILE, test "$cross_compiling" = yes)
AC_CONFIG_FILES([Makefile src/Makefile magic/Makefile doc/Makefile python/Makefile])
AC_OUTPUT

46
contrib/file/file.c
View File

@ -39,7 +39,6 @@
#include <sys/types.h>
#include <sys/param.h> /* for MAXPATHLEN */
#include <sys/stat.h>
#include <fcntl.h> /* for open() */
#ifdef RESTORE_TIME
# if (__COHERENT__ >= 0x420)
# include <sys/utime.h>
@ -72,12 +71,12 @@
#include "patchlevel.h"
#ifndef lint
FILE_RCSID("@(#)$Id: file.c,v 1.95 2004/09/27 15:28:37 christos Exp $")
FILE_RCSID("@(#)$Id: file.c,v 1.100 2005/10/17 18:41:44 christos Exp $")
#endif /* lint */
#ifdef S_IFLNK
#define SYMLINKFLAG "L"
#define SYMLINKFLAG "Lh"
#else
#define SYMLINKFLAG ""
#endif
@ -95,7 +94,7 @@ private int /* Global command-line options */
private const char *magicfile = 0; /* where the magic is */
private const char *default_magicfile = MAGIC;
private char *separator = ":"; /* Default field separator */
private const char *separator = ":"; /* Default field separator */
private char *progname; /* used throughout */
@ -127,7 +126,7 @@ main(int argc, char *argv[])
int flags = 0;
char *home, *usermagic;
struct stat sb;
#define OPTSTRING "bcCdf:F:ikLm:nNprsvz"
#define OPTSTRING "bcCdf:F:hikLm:nNprsvz"
#ifdef HAVE_GETOPT_LONG
int longindex;
private struct option long_options[] =
@ -143,6 +142,7 @@ main(int argc, char *argv[])
{"keep-going", 0, 0, 'k'},
#ifdef S_IFLNK
{"dereference", 0, 0, 'L'},
{"no-dereference", 0, 0, 'h'},
#endif
{"magic-file", 1, 0, 'm'},
#if defined(HAVE_UTIME) || defined(HAVE_UTIMES)
@ -159,7 +159,8 @@ main(int argc, char *argv[])
#endif
#ifdef LC_CTYPE
setlocale(LC_CTYPE, ""); /* makes islower etc work for other langs */
/* makes islower etc work for other langs */
(void)setlocale(LC_CTYPE, "");
#endif
#ifdef __EMX__
@ -187,6 +188,9 @@ main(int argc, char *argv[])
}
}
#ifdef S_IFLNK
flags |= getenv("POSIXLY_CORRECT") ? MAGIC_SYMLINK : 0;
#endif
#ifndef HAVE_GETOPT_LONG
while ((c = getopt(argc, argv, OPTSTRING)) != -1)
#else
@ -249,9 +253,9 @@ main(int argc, char *argv[])
flags |= MAGIC_DEVICES;
break;
case 'v':
(void) fprintf(stdout, "%s-%d.%.2d\n", progname,
(void)fprintf(stdout, "%s-%d.%.2d\n", progname,
FILE_VERSION_MAJOR, patchlevel);
(void) fprintf(stdout, "magic file from %s\n",
(void)fprintf(stdout, "magic file from %s\n",
magicfile);
return 1;
case 'z':
@ -261,6 +265,9 @@ main(int argc, char *argv[])
case 'L':
flags |= MAGIC_SYMLINK;
break;
case 'h':
flags &= ~MAGIC_SYMLINK;
break;
#endif
case '?':
default:
@ -316,6 +323,7 @@ main(int argc, char *argv[])
private void
/*ARGSUSED*/
load(const char *m, int flags)
{
if (magic)
@ -341,6 +349,7 @@ unwrap(char *fn)
char buf[MAXPATHLEN];
FILE *f;
int wid = 0, cwid;
size_t len;
if (strcmp("-", fn) == 0) {
f = stdin;
@ -353,7 +362,10 @@ unwrap(char *fn)
}
while (fgets(buf, MAXPATHLEN, f) != NULL) {
cwid = file_mbswidth(buf) - 1;
len = strlen(buf);
if (len > 0 && buf[len - 1] == '\n')
buf[len - 1] = '\0';
cwid = file_mbswidth(buf);
if (cwid > wid)
wid = cwid;
}
@ -362,13 +374,15 @@ unwrap(char *fn)
}
while (fgets(buf, MAXPATHLEN, f) != NULL) {
buf[file_mbswidth(buf)-1] = '\0';
len = strlen(buf);
if (len > 0 && buf[len - 1] == '\n')
buf[len - 1] = '\0';
process(buf, wid);
if(nobuffer)
(void) fflush(stdout);
(void)fflush(stdout);
}
(void) fclose(f);
(void)fclose(f);
}
private void
@ -378,14 +392,14 @@ process(const char *inname, int wid)
int std_in = strcmp(inname, "-") == 0;
if (wid > 0 && !bflag)
(void) printf("%s%s%*s ", std_in ? "/dev/stdin" : inname,
(void)printf("%s%s%*s ", std_in ? "/dev/stdin" : inname,
separator, (int) (nopad ? 0 : (wid - file_mbswidth(inname))), "");
type = magic_file(magic, std_in ? NULL : inname);
if (type == NULL)
printf("ERROR: %s\n", magic_error(magic));
(void)printf("ERROR: %s\n", magic_error(magic));
else
printf("%s\n", type);
(void)printf("%s\n", type);
}
@ -494,7 +508,7 @@ usage(void)
private void
help(void)
{
puts(
(void)puts(
"Usage: file [OPTION]... [FILE]...\n"
"Determine file type of FILEs.\n"
"\n"

50
contrib/file/file.h
View File

@ -27,7 +27,7 @@
*/
/*
* file.h - definitions for file(1) program
* @(#)$Id: file.h,v 1.64 2004/11/20 23:50:12 christos Exp $
* @(#)$Id: file.h,v 1.73 2005/10/20 14:59:01 christos Exp $
*/
#ifndef __file_h__
@ -39,6 +39,7 @@
#include <stdio.h> /* Include that here, to make sure __P gets defined */
#include <errno.h>
#include <fcntl.h> /* For open and flags */
#ifdef HAVE_STDINT_H
#include <stdint.h>
#endif
@ -65,9 +66,9 @@
#define public
#ifndef HOWMANY
# define HOWMANY 65536 /* how much of the file to look at */
# define HOWMANY (256 * 1024) /* how much of the file to look at */
#endif
#define MAXMAGIS 4096 /* max entries in /etc/magic */
#define MAXMAGIS 8192 /* max entries in /etc/magic */
#define MAXDESC 64 /* max leng of text description */
#define MAXstring 32 /* max leng of "string" types */
@ -87,6 +88,7 @@ struct magic {
#define INDIR 1 /* if '>(...)' appears, */
#define UNSIGNED 2 /* comparison is unsigned */
#define OFFADD 4 /* if '>&' appears, */
#define INDIROFFADD 8 /* if '>&(' appears, */
/* Word 2 */
uint8_t reln; /* relation (0=eq, '>'=gt, etc) */
uint8_t vallen; /* length of string value, if any */
@ -110,6 +112,10 @@ struct magic {
#define FILE_REGEX 17
#define FILE_BESTRING16 18
#define FILE_LESTRING16 19
#define FILE_SEARCH 20
#define FILE_MEDATE 21
#define FILE_MELDATE 22
#define FILE_MELONG 23
#define FILE_FORMAT_NAME \
/* 0 */ "invalid 0", \
@ -121,7 +127,7 @@ struct magic {
/* 6 */ "date", \
/* 7 */ "beshort", \
/* 8 */ "belong", \
/* 9 */ "bedate" \
/* 9 */ "bedate", \
/* 10 */ "leshort", \
/* 11 */ "lelong", \
/* 12 */ "ledate", \
@ -131,7 +137,11 @@ struct magic {
/* 16 */ "leldate", \
/* 17 */ "regex", \
/* 18 */ "bestring16", \
/* 19 */ "lestring16",
/* 19 */ "lestring16", \
/* 20 */ "search", \
/* 21 */ "medate", \
/* 22 */ "meldate", \
/* 23 */ "melong",
#define FILE_FMT_NUM "cduxXi"
#define FILE_FMT_STR "s"
@ -156,7 +166,11 @@ struct magic {
/* 16 */ FILE_FMT_STR, \
/* 17 */ FILE_FMT_STR, \
/* 18 */ FILE_FMT_STR, \
/* 19 */ FILE_FMT_STR,
/* 19 */ FILE_FMT_STR, \
/* 20 */ FILE_FMT_STR, \
/* 21 */ FILE_FMT_STR, \
/* 22 */ FILE_FMT_STR, \
/* 23 */ FILE_FMT_NUM,
/* Word 3 */
uint8_t in_op; /* operator for indirection */
@ -172,11 +186,12 @@ struct magic {
#define FILE_OPMULTIPLY 5
#define FILE_OPDIVIDE 6
#define FILE_OPMODULO 7
#define FILE_OPINVERSE 0x80
#define FILE_OPINVERSE 0x40
#define FILE_OPINDIRECT 0x80
/* Word 4 */
uint32_t offset; /* offset to magic number */
/* Word 5 */
uint32_t in_offset; /* offset from indirection */
int32_t in_offset; /* offset from indirection */
/* Word 6 */
uint32_t mask; /* mask before comparison with value */
/* Word 7 */
@ -189,7 +204,10 @@ struct magic {
uint16_t h;
uint32_t l;
char s[MAXstring];
char *buf;
struct {
char *buf;
size_t buflen;
} search;
uint8_t hs[2]; /* 2 bytes of a fixed-endian "short" */
uint8_t hl[4]; /* 4 bytes of a fixed-endian "long" */
} value; /* either number or string */
@ -240,14 +258,14 @@ struct magic_set {
};
struct stat;
protected char *file_fmttime(uint32_t, int);
protected int file_buffer(struct magic_set *, const void *, size_t);
protected const char *file_fmttime(uint32_t, int);
protected int file_buffer(struct magic_set *, int, const void *, size_t);
protected int file_fsmagic(struct magic_set *, const char *, struct stat *);
protected int file_pipe2file(struct magic_set *, int, const void *, size_t);
protected int file_printf(struct magic_set *, const char *, ...);
protected int file_reset(struct magic_set *);
protected int file_tryelf(struct magic_set *, int, const unsigned char *, size_t);
protected int file_zmagic(struct magic_set *, const unsigned char *, size_t);
protected int file_zmagic(struct magic_set *, int, const unsigned char *, size_t);
protected int file_ascmagic(struct magic_set *, const unsigned char *, size_t);
protected int file_is_tar(struct magic_set *, const unsigned char *, size_t);
protected int file_softmagic(struct magic_set *, const unsigned char *, size_t);
@ -275,10 +293,18 @@ extern char *sys_errlist[];
#define strtoul(a, b, c) strtol(a, b, c)
#endif
#ifndef HAVE_SNPRINTF
int snprintf(char *, size_t, const char *, ...);
#endif
#if defined(HAVE_MMAP) && defined(HAVE_SYS_MMAN_H) && !defined(QUICK)
#define QUICK
#endif
#ifndef O_BINARY
#define O_BINARY 0
#endif
#define FILE_RCSID(id) \
static const char *rcsid(const char *p) { \
return rcsid(p = id); \

45
contrib/file/file.man
View File

@ -1,12 +1,12 @@
.TH FILE __CSECTION__ "Copyright but distributable"
.\" $Id: file.man,v 1.54 2003/10/27 18:09:08 christos Exp $
.\" $Id: file.man,v 1.57 2005/08/18 15:18:22 christos Exp $
.SH NAME
file
\- determine file type
.SH SYNOPSIS
.B file
[
.B \-bcikLnNprsvz
.B \-bchikLnNprsvz
]
[
.B \-f
@ -103,7 +103,13 @@ magic file
.I __MAGIC__.mgc ,
or
.I __MAGIC__
if the compile file does not exist.
if the compile file does not exist. In addition
.B file
will look in
.I $HOME/.magic.mgc ,
or
.I $HOME/.magic
for magic entries.
.PP
If a file does not match any of the entries in the magic file,
it is examined to see if it seems to be a text file.
@ -180,6 +186,13 @@ to test the standard input, use ``\-'' as a filename argument.
Use the specified string as the separator between the filename and the
file result returned. Defaults to ``:''.
.TP 8
.B "\-h, \-\-no-dereference"
option causes symlinks not to be followed
(on systems that support symbolic links). This is the default if the
environment variable
.I POSIXLY_CORRECT
is not defined.
.TP 8
.B "\-i, \-\-mime"
Causes the file command to output mime type strings rather than the more
traditional human readable ones. Thus it may say
@ -197,8 +210,11 @@ Don't stop at the first match, keep going.
.TP 8
.B "\-L, \-\-dereference"
option causes symlinks to be followed, as the like-named option in
.BR ls (1).
.BR ls (1)
(on systems that support symbolic links).
This is the default if the environment variable
.I POSIXLY_CORRECT
is defined.
.TP 8
.BI "\-m, \-\-magic\-file" " list"
Specify an alternate list of files containing magic numbers.
@ -273,16 +289,29 @@ the -i option is specified.
.I __MAGIC__.mime
Default list of magic numbers, used to output mime types when the -i option
is specified.
.TP
.I /etc/magic
Local additions to magic wisdom.
.SH ENVIRONMENT
The environment variable
.B MAGIC
can be used to set the default magic number file name.
If that variable is set, then
.B file
will not attempt to open
.B $HOME/.magic .
.B file
adds ".mime" and/or ".mgc" to the value of this variable as appropriate.
The environment variable
.B POSIXLY_CORRECT
controls (on systems that support symbolic links), if
.B file
will attempt to follow symlinks or not. If set, then
.B file
follows symlink, otherwise it does not. This is also controlled
by the
.B L
and
.B h
options.
.SH SEE ALSO
.BR magic (__FSECTION__)
\- description of magic file format.
@ -410,7 +439,7 @@ to identify character codes and attempt to identify the languages
of non-ASCII files.
.PP
The list of contributors to the "Magdir" directory (source for the
/etc/magic
.I __MAGIC__
file) is too long to include here.
You know who you are; thank you.
.SH LEGAL NOTICE

4
contrib/file/fsmagic.c
View File

@ -57,7 +57,7 @@
#undef HAVE_MAJOR
#ifndef lint
FILE_RCSID("@(#)$Id: fsmagic.c,v 1.45 2004/11/13 10:19:48 christos Exp $")
FILE_RCSID("@(#)$Id: fsmagic.c,v 1.46 2005/06/25 15:52:14 christos Exp $")
#endif /* lint */
protected int
@ -181,6 +181,8 @@ file_fsmagic(struct magic_set *ms, const char *fn, struct stat *sb)
/* TODO add code to handle V7 MUX and Blit MUX files */
#ifdef S_IFIFO
case S_IFIFO:
if((ms->flags & MAGIC_DEVICES) != 0)
break;
if (file_printf(ms, "fifo (named pipe)") == -1)
return -1;
return 1;

96
contrib/file/funcs.c
View File

@ -30,10 +30,18 @@
#include <stdlib.h>
#include <string.h>
#include <ctype.h>
#if defined(HAVE_WCHAR_H)
#include <wchar.h>
#endif
#ifndef lint
FILE_RCSID("@(#)$Id: funcs.c,v 1.13 2004/09/11 19:15:57 christos Exp $")
FILE_RCSID("@(#)$Id: funcs.c,v 1.19 2006/03/02 22:10:26 christos Exp $")
#endif /* lint */
#ifndef HAVE_VSNPRINTF
int vsnprintf(char *, size_t, const char *, va_list);
#endif
/*
* Like printf, only we print to a buffer and advance it.
*/
@ -110,11 +118,11 @@ file_badread(struct magic_set *ms)
#ifndef COMPILE_ONLY
protected int
file_buffer(struct magic_set *ms, const void *buf, size_t nb)
file_buffer(struct magic_set *ms, int fd, const void *buf, size_t nb)
{
int m;
/* try compression stuff */
if ((m = file_zmagic(ms, buf, nb)) == 0) {
if ((m = file_zmagic(ms, fd, buf, nb)) == 0) {
/* Check if we have a tar file */
if ((m = file_is_tar(ms, buf, nb)) == 0) {
/* try tests in /etc/magic (or surrogate magic file) */
@ -123,7 +131,10 @@ file_buffer(struct magic_set *ms, const void *buf, size_t nb)
if ((m = file_ascmagic(ms, buf, nb)) == 0) {
/* abandon hope, all ye who remain here */
if (file_printf(ms, ms->flags & MAGIC_MIME ?
"application/octet-stream" : "data") == -1)
(nb ? "application/octet-stream" :
"application/empty") :
(nb ? "data" :
"empty")) == -1)
return -1;
m = 1;
}
@ -147,6 +158,13 @@ file_reset(struct magic_set *ms)
return 0;
}
#define OCTALIFY(n, o) \
*(n)++ = '\\', \
*(n)++ = (((uint32_t)*(o) >> 6) & 3) + '0', \
*(n)++ = (((uint32_t)*(o) >> 3) & 7) + '0', \
*(n)++ = (((uint32_t)*(o) >> 0) & 7) + '0', \
(o)++
protected const char *
file_getbuffer(struct magic_set *ms)
{
@ -169,16 +187,78 @@ file_getbuffer(struct magic_set *ms)
ms->o.pbuf = nbuf;
}
#if defined(HAVE_WCHAR_H) && defined(HAVE_MBRTOWC) && defined(HAVE_WCWIDTH)
{
mbstate_t state;
wchar_t nextchar;
int mb_conv = 1;
size_t bytesconsumed;
char *eop;
(void)memset(&state, 0, sizeof(mbstate_t));
np = ms->o.pbuf;
op = ms->o.buf;
eop = op + strlen(ms->o.buf);
while (op < eop) {
bytesconsumed = mbrtowc(&nextchar, op, eop - op,
&state);
if (bytesconsumed == (size_t)(-1) ||
bytesconsumed == (size_t)(-2)) {
mb_conv = 0;
break;
}
if (iswprint(nextchar) ) {
(void)memcpy(np, op, bytesconsumed);
op += bytesconsumed;
np += bytesconsumed;
} else {
while (bytesconsumed-- > 0)
OCTALIFY(np, op);
}
}
*np = '\0';
/* Parsing succeeded as a multi-byte sequence */
if (mb_conv != 0)
return ms->o.pbuf;
}
#endif
for (np = ms->o.pbuf, op = ms->o.buf; *op; op++) {
if (isprint((unsigned char)*op)) {
*np++ = *op;
} else {
*np++ = '\\';
*np++ = ((*op >> 6) & 3) + '0';
*np++ = ((*op >> 3) & 7) + '0';
*np++ = ((*op >> 0) & 7) + '0';
OCTALIFY(np, op);
}
}
*np = '\0';
return ms->o.pbuf;
}
/*
* Yes these suffer from buffer overflows, but if your OS does not have
* these functions, then maybe you should consider replacing your OS?
*/
#ifndef HAVE_VSNPRINTF
int
vsnprintf(char *buf, size_t len, const char *fmt, va_list ap)
{
return vsprintf(buf, fmt, ap);
}
#endif
#ifndef HAVE_SNPRINTF
/*ARGSUSED*/
int
snprintf(char *buf, size_t len, const char *fmt, ...)
{
int rv;
va_list ap;
va_start(ap, fmt);
rv = vsprintf(buf, fmt, ap);
va_end(ap);
return rv;
}
#endif

2
contrib/file/libmagic.man
View File

@ -11,8 +11,6 @@
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\" 3. The name of the author may not be used to endorse or promote products
.\" derived from this software without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

72
contrib/file/magic.c
View File

@ -35,7 +35,6 @@
#include <sys/types.h>
#include <sys/param.h> /* for MAXPATHLEN */
#include <sys/stat.h>
#include <fcntl.h> /* for open() */
#ifdef QUICK
#include <sys/mman.h>
#endif
@ -63,7 +62,7 @@
#include "patchlevel.h"
#ifndef lint
FILE_RCSID("@(#)$Id: magic.c,v 1.24 2004/09/27 15:28:37 christos Exp $")
FILE_RCSID("@(#)$Id: magic.c,v 1.32 2005/10/17 15:31:10 christos Exp $")
#endif /* lint */
#ifdef __EMX__
@ -76,6 +75,10 @@ private void free_mlist(struct mlist *);
private void close_and_restore(const struct magic_set *, const char *, int,
const struct stat *);
#ifndef STDIN_FILENO
#define STDIN_FILENO 0
#endif
public struct magic_set *
magic_open(int flags)
{
@ -179,8 +182,11 @@ private void
close_and_restore(const struct magic_set *ms, const char *name, int fd,
const struct stat *sb)
{
if (fd == STDIN_FILENO)
return;
(void) close(fd);
if (fd != STDIN_FILENO && (ms->flags & MAGIC_PRESERVE_ATIME) != 0) {
if ((ms->flags & MAGIC_PRESERVE_ATIME) != 0) {
/*
* Try to restore access, modification times if read it.
* This is really *bad* because it will modify the status
@ -211,41 +217,57 @@ public const char *
magic_file(struct magic_set *ms, const char *inname)
{
int fd = 0;
unsigned char buf[HOWMANY+1]; /* one extra for terminating '\0' */
int rv = -1;
unsigned char *buf;
struct stat sb;
ssize_t nbytes = 0; /* number of bytes read from a datafile */
if (file_reset(ms) == -1)
/*
* one extra for terminating '\0', and
* some overlapping space for matches near EOF
*/
#define SLOP (1 + sizeof(union VALUETYPE))
if ((buf = malloc(HOWMANY + SLOP)) == NULL)
return NULL;
if (file_reset(ms) == -1)
goto done;
switch (file_fsmagic(ms, inname, &sb)) {
case -1:
return NULL;
goto done;
case 0:
break;
default:
return file_getbuffer(ms);
rv = 0;
goto done;
}
#ifndef STDIN_FILENO
#define STDIN_FILENO 0
#endif
if (inname == NULL)
fd = STDIN_FILENO;
else if ((fd = open(inname, O_RDONLY)) < 0) {
else if ((fd = open(inname, O_RDONLY|O_BINARY)) < 0) {
#ifdef __CYGWIN__
char *tmp = alloca(strlen(inname) + 5);
(void)strcat(strcpy(tmp, inname), ".exe");
if ((fd = open(tmp, O_RDONLY|O_BINARY)) < 0) {
#endif
/* We cannot open it, but we were able to stat it. */
if (sb.st_mode & 0222)
if (file_printf(ms, "writable, ") == -1)
return NULL;
goto done;
if (sb.st_mode & 0111)
if (file_printf(ms, "executable, ") == -1)
return NULL;
goto done;
if (S_ISREG(sb.st_mode))
if (file_printf(ms, "regular file, ") == -1)
return NULL;
goto done;
if (file_printf(ms, "no read permission") == -1)
return NULL;
return file_getbuffer(ms);
goto done;
rv = 0;
goto done;
#ifdef __CYGWIN__
}
#endif
}
/*
@ -260,13 +282,11 @@ magic_file(struct magic_set *ms, const char *inname)
if (file_printf(ms, (ms->flags & MAGIC_MIME) ?
"application/x-empty" : "empty") == -1)
goto done;
goto gotit;
} else if (nbytes == 1) {
if (file_printf(ms, "very short file (no magic)") == -1)
goto done;
goto gotit;
} else {
buf[nbytes] = '\0'; /* null-terminate it */
(void)memset(buf + nbytes, 0, SLOP); /* NUL terminate */
#ifdef __EMX__
switch (file_os2_apptype(ms, inname, buf, nbytes)) {
case -1:
@ -274,10 +294,11 @@ magic_file(struct magic_set *ms, const char *inname)
case 0:
break;
default:
goto gotit;
rv = 0;
goto done;
}
#endif
if (file_buffer(ms, buf, (size_t)nbytes) == -1)
if (file_buffer(ms, fd, buf, (size_t)nbytes) == -1)
goto done;
#ifdef BUILTIN_ELF
if (nbytes > 5) {
@ -293,12 +314,11 @@ magic_file(struct magic_set *ms, const char *inname)
}
#endif
}
gotit:
close_and_restore(ms, inname, fd, &sb);
return file_getbuffer(ms);
rv = 0;
done:
free(buf);
close_and_restore(ms, inname, fd, &sb);
return NULL;
return rv == 0 ? file_getbuffer(ms) : NULL;
}
@ -311,7 +331,7 @@ magic_buffer(struct magic_set *ms, const void *buf, size_t nb)
* The main work is done here!
* We have the file name and/or the data buffer to be identified.
*/
if (file_buffer(ms, buf, nb) == -1) {
if (file_buffer(ms, -1, buf, nb) == -1) {
return NULL;
}
return file_getbuffer(ms);

237
contrib/file/magic.man
View File

@ -54,6 +54,9 @@ Finally the ``c'' flag, specifies case insensitive matching: lowercase
characters in the magic match both lower and upper case characters in the
targer, whereas upper case characters in the magic, only much uppercase
characters in the target.
.IP pstring
A pascal style string where the first byte is interpreted as the an
unsigned length. The string is not NUL terminated.
.IP date
A four-byte value interpreted as a UNIX date.
.IP ldate
@ -66,6 +69,12 @@ A four-byte value (on most systems) in big-endian byte order.
.IP bedate
A four-byte value (on most systems) in big-endian byte order,
interpreted as a Unix date.
.IP beldate
A four-byte value (on most systems) in big-endian byte order,
interpreted as a UNIX-style date, but interpreted as local time rather
than UTC.
.IP bestring16
A two-byte unicode (UCS16) string in big-endian byte order.
.IP leshort
A two-byte value (on most systems) in little-endian byte order.
.IP lelong
@ -77,6 +86,43 @@ interpreted as a UNIX date.
A four-byte value (on most systems) in little-endian byte order,
interpreted as a UNIX-style date, but interpreted as local time rather
than UTC.
.IP lestring16
A two-byte unicode (UCS16) string in little-endian byte order.
.IP melong
A four-byte value (on most systems) in middle-endian (PDP-11) byte order.
.IP medate
A four-byte value (on most systems) in middle-endian (PDP-11) byte order,
interpreted as a UNIX date.
.IP meldate
A four-byte value (on most systems) in middle-endian (PDP-11) byte order,
interpreted as a UNIX-style date, but interpreted as local time rather
than UTC.
.IP regex
A regular expression match in extended POSIX regular expression syntax
(much like egrep).
The type specification can be optionally followed by
.B /c
for case-insensitive matches.
The regular expression is always
tested against the first
.B N
lines, where
.B N
is the given offset, thus it
is only useful for (single-byte encoded) text.
.B ^
and
.B $
will match the beginning and end of individual lines, respectively,
not beginning and end of file.
.IP search
A literal string search starting at the given offset. It must be followed by
.B /<number>
which specifies how many matches shall be attempted (the range).
This is suitable for searching larger binary expressions with variable
offsets, using
.B \e
escapes for special characters.
.RE
.PP
The numeric types may optionally be followed by
@ -106,15 +152,26 @@ value,
to specify that the value from the file must be greater than the specified
value,
.BR & ,
to specify that the value from the file must have set all of the bits
to specify that the value from the file must have set all of the bits
that are set in the specified value,
.BR ^ ,
to specify that the value from the file must have clear any of the bits
to specify that the value from the file must have clear any of the bits
that are set in the specified value, or
.BR ~ ,
the value specified after is negated before tested.
.BR x ,
to specify that any value will match.
If the character is omitted, it is assumed to be
.BR = .
For all tests except
.B string
and
.B regex,
operation
.BR !
specifies that the line matches if the test does
.B not
succeed.
.IP
Numeric values are specified in C form; e.g.
.B 13
@ -125,7 +182,7 @@ is octal, and
is hexadecimal.
.IP
For string values, the byte string from the
file must match the specified byte string.
file must match the specified byte string.
The operators
.BR = ,
.B <
@ -148,28 +205,36 @@ format specification, the value from the file (with any specified masking
performed) is printed using the message as the format string.
.PP
Some file formats contain additional information which is to be printed
along with the file type.
A line which begins with the character
along with the file type or need additional tests to determine the true
file type.
These additional tests are introduced by one or more
.B >
indicates additional tests and messages to be printed.
characters preceding the offset.
The number of
.B >
on the line indicates the level of the test; a line with no
.B >
at the beginning is considered to be at level 0.
Each line at level
.IB n \(pl1
is under the control of the line at level
Tests are arranged in a tree-like hierarchy:
If a the test on a line at level
.IB n
most closely preceding it in the magic file.
If the test on a line at level
.I n
succeeds, the tests specified in all the subsequent lines at level
.IB n \(pl1
are performed, and the messages printed if the tests succeed.
The next line at level
.I n
terminates this.
succeeds, all following tests at level
.IB n+1
are performed, and the messages printed if the tests succeed, untile a line
with level
.IB n
(or less) appears.
For more complex files, one can use empty messages to get just the
"if/then" effect, in the following way:
.sp
.nf
0 string MZ
>0x18 leshort <0x40 MS-DOS executable
>0x18 leshort >0x3f extended PC executable (e.g., MS Windows)
.fi
.PP
Offsets do not need to be constant, but can also be read from the file
being examined.
If the first character following the last
.B >
is a
@ -181,49 +246,141 @@ The value at that offset is read, and is used again as an offset
in the file.
Indirect offsets are of the form:
.BI (( x [.[bslBSL]][+\-][ y ]).
The value of
The value of
.I x
is used as an offset in the file. A byte, short or long is read at that offset
depending on the
.B [bslBSL]
depending on the
.B [bslBSLm]
type specifier.
The capitalized types interpret the number as a big endian
value, whereas the small letter versions interpret the number as a little
endian value.
endian value;
the
.B m
type interprets the number as a middle endian (PDP-11) value.
To that number the value of
.I y
is added and the result is used as an offset in the file.
The default type if one is not specified is long.
.PP
Sometimes you do not know the exact offset as this depends on the length of
preceding fields.
You can specify an offset relative to the end of the
last uplevel field (of course this may only be done for sublevel tests, i.e.
test beginning with
.B >
).
Such a relative offset is specified using
.B &
as a prefix to the offset.
That way variable length structures can be examined:
.sp
.nf
# MS Windows executables are also valid MS-DOS executables
0 string MZ
>0x18 leshort <0x40 MZ executable (MS-DOS)
# skip the whole block below if it is not an extended executable
>0x18 leshort >0x3f
>>(0x3c.l) string PE\e0\e0 PE executable (MS-Windows)
>>(0x3c.l) string LX\e0\e0 LX executable (OS/2)
.fi
.PP
This strategy of examining has one drawback: You must make sure that
you eventually print something, or users may get empty output (like, when
there is neither PE\e0\e0 nor LE\e0\e0 in the above example)
.PP
If this indirect offset cannot be used as-is, there are simple calculations
possible: appending
.BI [+-*/%&|^]<number>
inside parentheses allows one to modify
the value read from the file before it is used as an offset:
.sp
.nf
# MS Windows executables are also valid MS-DOS executables
0 string MZ
# sometimes, the value at 0x18 is less that 0x40 but there's still an
# extended executable, simply appended to the file
>0x18 leshort <0x40
>>(4.s*512) leshort 0x014c COFF executable (MS-DOS, DJGPP)
>>(4.s*512) leshort !0x014c MZ executable (MS-DOS)
.fi
.PP
Sometimes you do not know the exact offset as this depends on the length or
position (when indirection was used before) of preceding fields. You can
specify an offset relative to the end of the last uplevel field using
.BI &
as a prefix to the offset:
.sp
.nf
0 string MZ
>0x18 leshort >0x3f
>>(0x3c.l) string PE\e0\e0 PE executable (MS-Windows)
# immediately following the PE signature is the CPU type
>>>&0 leshort 0x14c for Intel 80386
>>>&0 leshort 0x184 for DEC Alpha
.fi
.PP
Indirect and relative offsets can be combined:
.sp
.nf
0 string MZ
>0x18 leshort <0x40
>>(4.s*512) leshort !0x014c MZ executable (MS-DOS)
# if it's not COFF, go back 512 bytes and add the offset taken
# from byte 2/3, which is yet another way of finding the start
# of the extended executable
>>>&(2.s-514) string LE LE executable (MS Windows VxD driver)
.fi
.PP
Or the other way around:
.sp
.nf
0 string MZ
>0x18 leshort >0x3f
>>(0x3c.l) string LE\e0\e0 LE executable (MS-Windows)
# at offset 0x80 (-4, since relative offsets start at the end
# of the uplevel match) inside the LE header, we find the absolute
# offset to the code area, where we look for a specific signature
>>>(&0x7c.l+0x26) string UPX \eb, UPX compressed
.fi
.PP
Or even both!
.sp
.nf
0 string MZ
>0x18 leshort >0x3f
>>(0x3c.l) string LE\e0\e0 LE executable (MS-Windows)
# at offset 0x58 inside the LE header, we find the relative offset
# to a data area where we look for a specific signature
>>>&(&0x54.l-3) string UNACE \eb, ACE self-extracting archive
.fi
.PP
Finally, if you have to deal with offset/length pairs in your file, even the
second value in a parenthesed expression can be taken from the file itself,
using another set of parentheses. Note that this additional indirect offset
is always relative to the start of the main indirect offset.
.sp
.nf
0 string MZ
>0x18 leshort >0x3f
>>(0x3c.l) string PE\e0\e0 PE executable (MS-Windows)
# search for the PE section called ".idata"...
>>>&0xf4 search/0x140 .idata
# ...and go to the end of it, calculated from start+length;
# these are located 14 and 10 bytes after the section name
>>>>(&0xe.l+(-4)) string PK\e3\e4 \eb, ZIP self-extracting archive
.fi
.SH BUGS
The formats
The formats
.IR long ,
.IR belong ,
.IR lelong ,
.IR melong ,
.IR short ,
.IR beshort ,
.IR leshort ,
.IR date ,
.IR bedate ,
.IR medate ,
.IR ledate ,
.IR beldate ,
.IR leldate ,
and
.I ledate
.I meldate
are system-dependent; perhaps they should be specified as a number
of bytes (2B, 4B, etc),
of bytes (2B, 4B, etc),
since the files being recognized typically come from
a system on which the lengths are invariant.
.PP
There is (currently) no support for specified-endian data to be used in
indirect offsets.
.SH SEE ALSO
.BR file (__CSECTION__)
\- the command that reads this file.
@ -235,9 +392,9 @@ indirect offsets.
.\" Date: 3 Sep 85 08:19:07 GMT
.\" Organization: Sun Microsystems, Inc.
.\" Lines: 136
.\"
.\"
.\" Here's a manual page for the format accepted by the "file" made by adding
.\" the changes I posted to the S5R2 version.
.\"
.\" Modified for Ian Darwin's version of the file command.
.\" @(#)$Id: magic.man,v 1.27 2003/09/12 19:43:30 christos Exp $
.\" @(#)$Id: magic.man,v 1.30 2006/02/19 18:16:03 christos Exp $

42
contrib/file/magic.mime
View File

@ -44,7 +44,7 @@
#audio/x-tracker-module
##>17 string >\0 Title: "%s"
21 string/c !SCREAM! audio/x-mod
21 string/c \!SCREAM! audio/x-mod
#audio/x-screamtracker-module
21 string BMOD2STM audio/x-mod
#audio/x-screamtracker-module
@ -188,6 +188,11 @@
#
>8 string CDRA image/x-coreldraw
# AAC (aka MPEG-2 NBC)
0 beshort&0xfff6 0xfff0 audio/X-HX-AAC-ADTS
0 string ADIF audio/X-HX-AAC-ADIF
0 beshort&0xffe0 0x56e0 audio/MP4A-LATM
0 beshort 0x4De1 audio/MP4A-LATM
# MPEG Layer 3 sound files
0 beshort &0xffe0 audio/mpeg
@ -202,7 +207,7 @@
# XPM icons (Greg Roelofs, newt@uchicago.edu)
# ideally should go into "images", but entries below would tag XPM as C source
0 string /*\ XPM image/x-xpm 7bit
0 string /*\ XPM image/x-xpmi 7bit
# 3DS (3d Studio files)
16 beshort 0x3d3d image/x-3ds
@ -264,7 +269,8 @@
0 string #!\ /bin/awk application/x-awk
0 string #!/usr/bin/awk application/x-awk
0 string #!\ /usr/bin/awk application/x-awk
0 string BEGIN application/x-awk
# update to distinguish from *.vcf files by Joerg Jenderek: joerg dot jenderek at web dot de
0 regex BEGIN[[:space:]]*[{] application/x-awk
# For Larry Wall's perl language. The ``eval'' line recognizes an
# outrageously clever hack for USG systems.
@ -337,7 +343,7 @@
0 short 0143561 application/x-cpio swapped
0 string =<ar> application/x-archive
0 string !<arch> application/x-archive
0 string \!<arch> application/x-archive
>8 string debian application/x-debian-package
#------------------------------------------------------------------------------
@ -588,12 +594,17 @@
# animation formats, originally from vax@ccwf.cc.utexas.edu (VaX#n8)
# MPEG file
# MPEG sequences
0 belong 0x000001BA video/mpeg
0 belong 0x000001BB video/mpeg
0 belong 0x000001B0 video/mp4v-es
0 belong 0x000001B5 video/mp4v-es
0 belong 0x000001B3 video/mpv
0 belong&0xFF5FFF1F 0x47400010 video/mp2t
0 belong 0x000001BA
>4 byte &0x40 video/mp2p
>4 byte ^0x40 video/mpeg
0 belong 0x000001BB video/mpeg
0 belong 0x000001B0 video/mp4v-es
0 belong 0x000001B5 video/mp4v-es
0 belong 0x000001B3 video/mpv
0 belong&0xFF5FFF1F 0x47400010 video/mp2t
0 belong 0x00000001
>4 byte&1F 0x07 video/h264
# FLI animation format
0 leshort 0xAF11 video/fli
# FLC animation format
@ -601,7 +612,6 @@
#
# SGI and Apple formats
# Added ISO mimes
# Added ISO mimes
0 string MOVI video/sgi
4 string moov video/quicktime
4 string mdat video/quicktime
@ -612,12 +622,13 @@
4 string idat image/x-quicktime
4 string pckg application/x-quicktime
4 string/B jP image/jp2
4 string ftyp application/octet-stream
4 string ftyp
>8 string isom video/mp4
>8 string mp41 video/mp4
>8 string mp42 video/mp4
>8 string/B jp2 image/jp2
>8 string 3gp video/3gpp
>8 string avc1 video/3gpp
>8 string mmp4 video/mp4
>8 string/B M4A audio/mp4
>8 string/B qt video/quicktime
@ -906,3 +917,10 @@
# (made the mimetype up)
0 string \0\0MMXPR3\0 application/x-quark-xpress-3
# EET archive
# From: Tilman Sauerbeck <tilman@code-monkey.de>
0 belong 0x1ee7ff00 application/x-eet
# From: Denis Knauf, via gentoo.
0 string fLaC audio/x-flac
0 string CWS application/x-shockwave-flash

4
contrib/file/magic2mime
View File

@ -1,6 +1,6 @@
#! /usr/local/bin/perl
#! /usr/bin/env perl
# -*- PERL -*-
# $Id: magic2mime,v 1.2 2003/03/23 04:17:27 christos Exp $
# $Id: magic2mime,v 1.3 2006/03/02 22:10:26 christos Exp $
# Copyright (c) 1996, 1997 vax@linkdead.paranoia.com (VaX#n8)
#
# Usage: echo 'your-file-output-here' | file_to_ctype.pl

19
contrib/file/patchlevel.h
View File

@ -1,11 +1,26 @@
#define FILE_VERSION_MAJOR 4
#define patchlevel 12
#define patchlevel 17
/*
* Patchlevel file for Ian Darwin's MAGIC command.
* $Id: patchlevel.h,v 1.55 2004/11/24 18:57:47 christos Exp $
* $Id: patchlevel.h,v 1.60 2006/03/02 22:15:12 christos Exp $
*
* $Log: patchlevel.h,v $
* Revision 1.60 2006/03/02 22:15:12 christos
* welcome to 4.17
*
* Revision 1.59 2005/10/17 17:15:21 christos
* welcome to 4.16
*
* Revision 1.58 2005/08/18 15:52:56 christos
* welcome to 4.15
*
* Revision 1.57 2005/06/25 15:52:14 christos
* Welcome to 4.14
*
* Revision 1.56 2005/02/09 19:25:13 christos
* Welcome to 4.13
*
* Revision 1.55 2004/11/24 18:57:47 christos
* Re-do the autoconf stuff once more; passes make dist now.
*

30
contrib/file/print.c
View File

@ -41,7 +41,7 @@
#include <time.h>
#ifndef lint
FILE_RCSID("@(#)$Id: print.c,v 1.46 2004/11/13 08:11:39 christos Exp $")
FILE_RCSID("@(#)$Id: print.c,v 1.50 2006/03/02 22:07:53 christos Exp $")
#endif /* lint */
#define SZOF(a) (sizeof(a) / sizeof(a[0]))
@ -50,13 +50,9 @@ FILE_RCSID("@(#)$Id: print.c,v 1.46 2004/11/13 08:11:39 christos Exp $")
protected void
file_mdump(struct magic *m)
{
private const char *typ[] = { "invalid", "byte", "short", "invalid",
"long", "string", "date", "beshort",
"belong", "bedate", "leshort", "lelong",
"ledate", "pstring", "ldate", "beldate",
"leldate", "regex" };
private const char optyp[] = { '@', '&', '|', '^', '+', '-',
'*', '/', '%' };
private const char *typ[] = { FILE_FORMAT_NAME };
private const char optyp[] = { FILE_OPS };
(void) fputc('[', stderr);
(void) fprintf(stderr, ">>>>>>>> %d" + 8 - (m->cont_level & 7),
m->offset);
@ -83,7 +79,7 @@ file_mdump(struct magic *m)
fputc(optyp[m->mask_op&0x7F], stderr);
else
fputc('?', stderr);
if(FILE_STRING != m->type || FILE_PSTRING != m->type)
if (FILE_STRING != m->type || FILE_PSTRING != m->type)
(void) fprintf(stderr, "%.8x", m->mask);
else {
if (m->mask & STRING_IGNORE_LOWERCASE)
@ -105,24 +101,30 @@ file_mdump(struct magic *m)
case FILE_LONG:
case FILE_LESHORT:
case FILE_LELONG:
case FILE_MELONG:
case FILE_BESHORT:
case FILE_BELONG:
(void) fprintf(stderr, "%d", m->value.l);
break;
case FILE_STRING:
case FILE_PSTRING:
case FILE_STRING:
case FILE_REGEX:
file_showstr(stderr, m->value.s, ~0U);
case FILE_BESTRING16:
case FILE_LESTRING16:
case FILE_SEARCH:
file_showstr(stderr, m->value.s, m->vallen);
break;
case FILE_DATE:
case FILE_LEDATE:
case FILE_BEDATE:
case FILE_MEDATE:
(void)fprintf(stderr, "%s,",
file_fmttime(m->value.l, 1));
break;
case FILE_LDATE:
case FILE_LELDATE:
case FILE_BELDATE:
case FILE_MELDATE:
(void)fprintf(stderr, "%s,",
file_fmttime(m->value.l, 0));
break;
@ -152,7 +154,7 @@ file_magwarn(struct magic_set *ms, const char *f, ...)
fputc('\n', stderr);
}
protected char *
protected const char *
file_fmttime(uint32_t v, int local)
{
char *pp, *rt;
@ -171,6 +173,8 @@ file_fmttime(uint32_t v, int local)
struct tm *tm1;
(void)time(&now);
tm1 = localtime(&now);
if (tm1 == NULL)
return "*Invalid time*";
daylight = tm1->tm_isdst;
}
#endif /* HAVE_TM_ISDST */
@ -178,6 +182,8 @@ file_fmttime(uint32_t v, int local)
if (daylight)
t += 3600;
tm = gmtime(&t);
if (tm == NULL)
return "*Invalid time*";
pp = asctime(tm);
}

388
contrib/file/readelf.c
View File

@ -37,7 +37,7 @@
#include "readelf.h"
#ifndef lint
FILE_RCSID("@(#)$Id: readelf.c,v 1.45 2004/11/24 17:38:24 christos Exp $")
FILE_RCSID("@(#)$Id: readelf.c,v 1.54 2006/01/13 00:45:21 christos Exp $")
#endif
#ifdef ELFCORE
@ -46,10 +46,12 @@ private int dophn_core(struct magic_set *, int, int, int, off_t, int, size_t);
private int dophn_exec(struct magic_set *, int, int, int, off_t, int, size_t);
private int doshn(struct magic_set *, int, int, int, off_t, int, size_t);
private size_t donote(struct magic_set *, unsigned char *, size_t, size_t, int,
int, size_t);
int, size_t, int *);
#define ELF_ALIGN(a) ((((a) + align - 1) / align) * align)
#define isquote(c) (strchr("'\"`", (c)) != NULL)
private uint16_t getu16(int, uint16_t);
private uint32_t getu32(int, uint32_t);
private uint64_t getu64(int, uint64_t);
@ -119,48 +121,65 @@ getu64(int swap, uint64_t value)
return value;
}
#define sh_addr (class == ELFCLASS32 \
#ifdef USE_ARRAY_FOR_64BIT_TYPES
# define elf_getu64(swap, array) \
((swap ? ((uint64_t)getu32(swap, array[0])) << 32 : getu32(swap, array[0])) + \
(swap ? getu32(swap, array[1]) : ((uint64_t)getu32(swap, array[1]) << 32)))
#else
# define elf_getu64(swap, value) getu64(swap, value)
#endif
#define xsh_addr (class == ELFCLASS32 \
? (void *) &sh32 \
: (void *) &sh64)
#define sh_size (class == ELFCLASS32 \
#define xsh_sizeof (class == ELFCLASS32 \
? sizeof sh32 \
: sizeof sh64)
#define shs_type (class == ELFCLASS32 \
#define xsh_size (class == ELFCLASS32 \
? getu32(swap, sh32.sh_size) \
: getu64(swap, sh64.sh_size))
#define xsh_offset (class == ELFCLASS32 \
? getu32(swap, sh32.sh_offset) \
: getu64(swap, sh64.sh_offset))
#define xsh_type (class == ELFCLASS32 \
? getu32(swap, sh32.sh_type) \
: getu32(swap, sh64.sh_type))
#define ph_addr (class == ELFCLASS32 \
#define xph_addr (class == ELFCLASS32 \
? (void *) &ph32 \
: (void *) &ph64)
#define ph_size (class == ELFCLASS32 \
#define xph_sizeof (class == ELFCLASS32 \
? sizeof ph32 \
: sizeof ph64)
#define ph_type (class == ELFCLASS32 \
#define xph_type (class == ELFCLASS32 \
? getu32(swap, ph32.p_type) \
: getu32(swap, ph64.p_type))
#define ph_offset (class == ELFCLASS32 \
#define xph_offset (class == ELFCLASS32 \
? getu32(swap, ph32.p_offset) \
: getu64(swap, ph64.p_offset))
#define ph_align (size_t)((class == ELFCLASS32 \
#define xph_align (size_t)((class == ELFCLASS32 \
? (off_t) (ph32.p_align ? \
getu32(swap, ph32.p_align) : 4) \
: (off_t) (ph64.p_align ? \
getu64(swap, ph64.p_align) : 4)))
#define ph_filesz (size_t)((class == ELFCLASS32 \
#define xph_filesz (size_t)((class == ELFCLASS32 \
? getu32(swap, ph32.p_filesz) \
: getu64(swap, ph64.p_filesz)))
#define ph_memsz (size_t)((class == ELFCLASS32 \
#define xnh_addr (class == ELFCLASS32 \
? (void *) &nh32 \
: (void *) &nh64)
#define xph_memsz (size_t)((class == ELFCLASS32 \
? getu32(swap, ph32.p_memsz) \
: getu64(swap, ph64.p_memsz)))
#define nh_size (class == ELFCLASS32 \
#define xnh_sizeof (class == ELFCLASS32 \
? sizeof nh32 \
: sizeof nh64)
#define nh_type (class == ELFCLASS32 \
#define xnh_type (class == ELFCLASS32 \
? getu32(swap, nh32.n_type) \
: getu32(swap, nh64.n_type))
#define nh_namesz (class == ELFCLASS32 \
#define xnh_namesz (class == ELFCLASS32 \
? getu32(swap, nh32.n_namesz) \
: getu32(swap, nh64.n_namesz))
#define nh_descsz (class == ELFCLASS32 \
#define xnh_descsz (class == ELFCLASS32 \
? getu32(swap, nh32.n_descsz) \
: getu32(swap, nh64.n_descsz))
#define prpsoffsets(i) (class == ELFCLASS32 \
@ -176,6 +195,8 @@ size_t prpsoffsets32[] = {
};
size_t prpsoffsets64[] = {
16, /* FreeBSD, 64-bit */
40, /* Linux (tested on core from 2.4.x) */
120, /* SunOS 5.x, 64-bit */
};
@ -215,6 +236,8 @@ private const char *os_style_names[] = {
"NetBSD",
};
#define FLAGS_DID_CORE 1
private int
dophn_core(struct magic_set *ms, int class, int swap, int fd, off_t off,
int num, size_t size)
@ -224,12 +247,14 @@ dophn_core(struct magic_set *ms, int class, int swap, int fd, off_t off,
size_t offset;
unsigned char nbuf[BUFSIZ];
ssize_t bufsize;
int flags = 0;
if (size != ph_size) {
if (size != xph_sizeof) {
if (file_printf(ms, ", corrupted program header size") == -1)
return -1;
return 0;
}
/*
* Loop through all the program headers.
*/
@ -238,24 +263,24 @@ dophn_core(struct magic_set *ms, int class, int swap, int fd, off_t off,
file_badseek(ms);
return -1;
}
if (read(fd, ph_addr, ph_size) == -1) {
if (read(fd, xph_addr, xph_sizeof) == -1) {
file_badread(ms);
return -1;
}
off += size;
if (ph_type != PT_NOTE)
if (xph_type != PT_NOTE)
continue;
/*
* This is a PT_NOTE section; loop through all the notes
* in the section.
*/
if (lseek(fd, (off_t) ph_offset, SEEK_SET) == (off_t)-1) {
if (lseek(fd, (off_t)xph_offset, SEEK_SET) == (off_t)-1) {
file_badseek(ms);
return -1;
}
bufsize = read(fd, nbuf,
((ph_filesz < sizeof(nbuf)) ? ph_filesz : sizeof(nbuf)));
((xph_filesz < sizeof(nbuf)) ? xph_filesz : sizeof(nbuf)));
if (bufsize == -1) {
file_badread(ms);
return -1;
@ -265,7 +290,7 @@ dophn_core(struct magic_set *ms, int class, int swap, int fd, off_t off,
if (offset >= (size_t)bufsize)
break;
offset = donote(ms, nbuf, offset, (size_t)bufsize,
class, swap, 4);
class, swap, 4, &flags);
if (offset == 0)
break;
@ -277,7 +302,7 @@ dophn_core(struct magic_set *ms, int class, int swap, int fd, off_t off,
private size_t
donote(struct magic_set *ms, unsigned char *nbuf, size_t offset, size_t size,
int class, int swap, size_t align)
int class, int swap, size_t align, int *flags)
{
Elf32_Nhdr nh32;
Elf64_Nhdr nh64;
@ -287,14 +312,11 @@ donote(struct magic_set *ms, unsigned char *nbuf, size_t offset, size_t size,
#endif
uint32_t namesz, descsz;
if (class == ELFCLASS32)
memcpy(&nh32, &nbuf[offset], sizeof(nh32));
else
memcpy(&nh64, &nbuf[offset], sizeof(nh64));
offset += nh_size;
(void)memcpy(xnh_addr, &nbuf[offset], xnh_sizeof);
offset += xnh_sizeof;
namesz = nh_namesz;
descsz = nh_descsz;
namesz = xnh_namesz;
descsz = xnh_descsz;
if ((namesz == 0) && (descsz == 0)) {
/*
* We're out of note headers.
@ -331,7 +353,7 @@ donote(struct magic_set *ms, unsigned char *nbuf, size_t offset, size_t size,
}
if (namesz == 4 && strcmp((char *)&nbuf[noff], "GNU") == 0 &&
nh_type == NT_GNU_VERSION && descsz == 16) {
xnh_type == NT_GNU_VERSION && descsz == 16) {
uint32_t desc[4];
(void)memcpy(desc, &nbuf[doff], sizeof(desc));
@ -361,7 +383,7 @@ donote(struct magic_set *ms, unsigned char *nbuf, size_t offset, size_t size,
}
if (namesz == 7 && strcmp((char *)&nbuf[noff], "NetBSD") == 0 &&
nh_type == NT_NETBSD_VERSION && descsz == 4) {
xnh_type == NT_NETBSD_VERSION && descsz == 4) {
uint32_t desc;
(void)memcpy(&desc, &nbuf[doff], sizeof(desc));
desc = getu32(swap, desc);
@ -403,7 +425,7 @@ donote(struct magic_set *ms, unsigned char *nbuf, size_t offset, size_t size,
}
if (namesz == 8 && strcmp((char *)&nbuf[noff], "FreeBSD") == 0 &&
nh_type == NT_FREEBSD_VERSION && descsz == 4) {
xnh_type == NT_FREEBSD_VERSION && descsz == 4) {
uint32_t desc;
(void)memcpy(&desc, &nbuf[doff], sizeof(desc));
desc = getu32(swap, desc);
@ -480,13 +502,26 @@ donote(struct magic_set *ms, unsigned char *nbuf, size_t offset, size_t size,
}
if (namesz == 8 && strcmp((char *)&nbuf[noff], "OpenBSD") == 0 &&
nh_type == NT_OPENBSD_VERSION && descsz == 4) {
xnh_type == NT_OPENBSD_VERSION && descsz == 4) {
if (file_printf(ms, ", for OpenBSD") == -1)
return size;
/* Content of note is always 0 */
return size;
}
if (namesz == 10 && strcmp((char *)&nbuf[noff], "DragonFly") == 0 &&
xnh_type == NT_DRAGONFLY_VERSION && descsz == 4) {
uint32_t desc;
if (file_printf(ms, ", for DragonFly") == -1)
return size;
(void)memcpy(&desc, &nbuf[doff], sizeof(desc));
desc = getu32(swap, desc);
if (file_printf(ms, " %d.%d.%d", desc / 100000,
desc / 10000 % 10, desc % 10000) == -1)
return size;
return size;
}
/*
* Sigh. The 2.0.36 kernel in Debian 2.1, at
* least, doesn't correctly implement name
@ -516,100 +551,113 @@ donote(struct magic_set *ms, unsigned char *nbuf, size_t offset, size_t size,
}
#ifdef ELFCORE
if (os_style != -1)
if (file_printf(ms, ", %s-style", os_style_names[os_style]) == -1)
return size;
if (os_style == OS_STYLE_NETBSD && nh_type == NT_NETBSD_CORE_PROCINFO) {
uint32_t signo;
/*
* Extract the program name. It is at
* offset 0x7c, and is up to 32-bytes,
* including the terminating NUL.
*/
if (file_printf(ms, ", from '%.31s'", &nbuf[doff + 0x7c]) == -1)
return size;
/*
* Extract the signal number. It is at
* offset 0x08.
*/
memcpy(&signo, &nbuf[doff + 0x08],
sizeof(signo));
if (file_printf(ms, " (signal %u)", getu32(swap, signo)) == -1)
return size;
return size;
} else if (os_style != OS_STYLE_NETBSD && nh_type == NT_PRPSINFO) {
size_t i, j;
unsigned char c;
/*
* Extract the program name. We assume
* it to be 16 characters (that's what it
* is in SunOS 5.x and Linux).
*
* Unfortunately, it's at a different offset
* in varous OSes, so try multiple offsets.
* If the characters aren't all printable,
* reject it.
*/
for (i = 0; i < NOFFSETS; i++) {
size_t reloffset = prpsoffsets(i);
size_t noffset = doff + reloffset;
for (j = 0; j < 16; j++, noffset++, reloffset++) {
/*
* Make sure we're not past
* the end of the buffer; if
* we are, just give up.
*/
if (noffset >= size)
goto tryanother;
/*
* Make sure we're not past
* the end of the contents;
* if we are, this obviously
* isn't the right offset.
*/
if (reloffset >= descsz)
goto tryanother;
c = nbuf[noffset];
if (c == '\0') {
/*
* A '\0' at the
* beginning is
* obviously wrong.
* Any other '\0'
* means we're done.
*/
if (j == 0)
goto tryanother;
else
break;
} else {
/*
* A nonprintable
* character is also
* wrong.
*/
#define isquote(c) (strchr("'\"`", (c)) != NULL)
if (!isprint(c) || isquote(c))
goto tryanother;
}
}
if (os_style != -1) {
if ((*flags & FLAGS_DID_CORE) == 0) {
if (file_printf(ms, ", %s-style",
os_style_names[os_style]) == -1)
return size;
*flags |= FLAGS_DID_CORE;
}
}
switch (os_style) {
case OS_STYLE_NETBSD:
if (xnh_type == NT_NETBSD_CORE_PROCINFO) {
uint32_t signo;
/*
* Well, that worked.
* Extract the program name. It is at
* offset 0x7c, and is up to 32-bytes,
* including the terminating NUL.
*/
if (file_printf(ms, ", from '%.16s'",
&nbuf[doff + prpsoffsets(i)]) == -1)
if (file_printf(ms, ", from '%.31s'",
&nbuf[doff + 0x7c]) == -1)
return size;
/*
* Extract the signal number. It is at
* offset 0x08.
*/
(void)memcpy(&signo, &nbuf[doff + 0x08],
sizeof(signo));
if (file_printf(ms, " (signal %u)",
getu32(swap, signo)) == -1)
return size;
return size;
tryanother:
;
}
return offset;
break;
default:
if (xnh_type == NT_PRPSINFO) {
size_t i, j;
unsigned char c;
/*
* Extract the program name. We assume
* it to be 16 characters (that's what it
* is in SunOS 5.x and Linux).
*
* Unfortunately, it's at a different offset
* in varous OSes, so try multiple offsets.
* If the characters aren't all printable,
* reject it.
*/
for (i = 0; i < NOFFSETS; i++) {
size_t reloffset = prpsoffsets(i);
size_t noffset = doff + reloffset;
for (j = 0; j < 16; j++, noffset++,
reloffset++) {
/*
* Make sure we're not past
* the end of the buffer; if
* we are, just give up.
*/
if (noffset >= size)
goto tryanother;
/*
* Make sure we're not past
* the end of the contents;
* if we are, this obviously
* isn't the right offset.
*/
if (reloffset >= descsz)
goto tryanother;
c = nbuf[noffset];
if (c == '\0') {
/*
* A '\0' at the
* beginning is
* obviously wrong.
* Any other '\0'
* means we're done.
*/
if (j == 0)
goto tryanother;
else
break;
} else {
/*
* A nonprintable
* character is also
* wrong.
*/
if (!isprint(c) || isquote(c))
goto tryanother;
}
}
/*
* Well, that worked.
*/
if (file_printf(ms, ", from '%.16s'",
&nbuf[doff + prpsoffsets(i)]) == -1)
return size;
return size;
tryanother:
;
}
}
break;
}
#endif
return offset;
@ -621,8 +669,12 @@ doshn(struct magic_set *ms, int class, int swap, int fd, off_t off, int num,
{
Elf32_Shdr sh32;
Elf64_Shdr sh64;
int stripped = 1;
int flags = 0;
void *nbuf;
off_t noff;
if (size != sh_size) {
if (size != xsh_sizeof) {
if (file_printf(ms, ", corrupted section header size") == -1)
return -1;
return 0;
@ -634,17 +686,61 @@ doshn(struct magic_set *ms, int class, int swap, int fd, off_t off, int num,
}
for ( ; num; num--) {
if (read(fd, sh_addr, sh_size) == -1) {
if (read(fd, xsh_addr, xsh_sizeof) == -1) {
file_badread(ms);
return -1;
}
if (shs_type == SHT_SYMTAB /* || shs_type == SHT_DYNSYM */) {
if (file_printf(ms, ", not stripped") == -1)
switch (xsh_type) {
case SHT_SYMTAB:
#if 0
case SHT_DYNSYM:
#endif
stripped = 0;
break;
case SHT_NOTE:
if ((off = lseek(fd, (off_t)0, SEEK_CUR)) ==
(off_t)-1) {
file_badread(ms);
return -1;
return 0;
}
if ((nbuf = malloc((size_t)xsh_size)) == NULL) {
file_error(ms, errno, "Cannot allocate memory"
" for note");
return -1;
}
if ((noff = lseek(fd, (off_t)xsh_offset, SEEK_SET)) ==
(off_t)-1) {
file_badread(ms);
free(nbuf);
return -1;
}
if (read(fd, nbuf, (size_t)xsh_size) !=
(ssize_t)xsh_size) {
free(nbuf);
file_badread(ms);
return -1;
}
noff = 0;
for (;;) {
if (noff >= (size_t)xsh_size)
break;
noff = donote(ms, nbuf, (size_t)noff,
(size_t)xsh_size, class, swap, 4,
&flags);
if (noff == 0)
break;
}
if ((lseek(fd, off, SEEK_SET)) == (off_t)-1) {
free(nbuf);
file_badread(ms);
return -1;
}
free(nbuf);
break;
}
}
if (file_printf(ms, ", stripped") == -1)
if (file_printf(ms, ", %sstripped", stripped ? "" : "not ") == -1)
return -1;
return 0;
}
@ -666,8 +762,9 @@ dophn_exec(struct magic_set *ms, int class, int swap, int fd, off_t off,
int bufsize;
size_t offset, align;
off_t savedoffset;
int flags = 0;
if (size != ph_size) {
if (size != xph_sizeof) {
if (file_printf(ms, ", corrupted program header size") == -1)
return -1;
return 0;
@ -678,7 +775,7 @@ dophn_exec(struct magic_set *ms, int class, int swap, int fd, off_t off,
}
for ( ; num; num--) {
if (read(fd, ph_addr, ph_size) == -1) {
if (read(fd, xph_addr, xph_sizeof) == -1) {
file_badread(ms);
return -1;
}
@ -687,7 +784,7 @@ dophn_exec(struct magic_set *ms, int class, int swap, int fd, off_t off,
return -1;
}
switch (ph_type) {
switch (xph_type) {
case PT_DYNAMIC:
linking_style = "dynamically";
break;
@ -695,7 +792,7 @@ dophn_exec(struct magic_set *ms, int class, int swap, int fd, off_t off,
shared_libraries = " (uses shared libs)";
break;
case PT_NOTE:
if ((align = ph_align) & 0x80000000) {
if ((align = xph_align) & 0x80000000) {
if (file_printf(ms,
", invalid note alignment 0x%lx",
(unsigned long)align) == -1)
@ -706,13 +803,13 @@ dophn_exec(struct magic_set *ms, int class, int swap, int fd, off_t off,
* This is a PT_NOTE section; loop through all the notes
* in the section.
*/
if (lseek(fd, (off_t) ph_offset, SEEK_SET)
if (lseek(fd, (off_t)xph_offset, SEEK_SET)
== (off_t)-1) {
file_badseek(ms);
return -1;
}
bufsize = read(fd, nbuf, ((ph_filesz < sizeof(nbuf)) ?
ph_filesz : sizeof(nbuf)));
bufsize = read(fd, nbuf, ((xph_filesz < sizeof(nbuf)) ?
xph_filesz : sizeof(nbuf)));
if (bufsize == -1) {
file_badread(ms);
return -1;
@ -722,7 +819,8 @@ dophn_exec(struct magic_set *ms, int class, int swap, int fd, off_t off,
if (offset >= (size_t)bufsize)
break;
offset = donote(ms, nbuf, offset,
(size_t)bufsize, class, swap, align);
(size_t)bufsize, class, swap, align,
&flags);
if (offset == 0)
break;
}
@ -822,11 +920,7 @@ file_tryelf(struct magic_set *ms, int fd, const unsigned char *buf,
if (getu16(swap, elfhdr.e_type) == ET_CORE) {
#ifdef ELFCORE
if (dophn_core(ms, class, swap, fd,
#ifdef USE_ARRAY_FOR_64BIT_TYPES
(off_t)getu32(swap, elfhdr.e_phoff[1]),
#else
(off_t)getu64(swap, elfhdr.e_phoff),
#endif
(off_t)elf_getu64(swap, elfhdr.e_phoff),
getu16(swap, elfhdr.e_phnum),
(size_t)getu16(swap, elfhdr.e_phentsize)) == -1)
return -1;
@ -836,22 +930,14 @@ file_tryelf(struct magic_set *ms, int fd, const unsigned char *buf,
} else {
if (getu16(swap, elfhdr.e_type) == ET_EXEC) {
if (dophn_exec(ms, class, swap, fd,
#ifdef USE_ARRAY_FOR_64BIT_TYPES
(off_t)getu32(swap, elfhdr.e_phoff[1]),
#else
(off_t)getu64(swap, elfhdr.e_phoff),
#endif
(off_t)elf_getu64(swap, elfhdr.e_phoff),
getu16(swap, elfhdr.e_phnum),
(size_t)getu16(swap, elfhdr.e_phentsize))
== -1)
return -1;
}
if (doshn(ms, class, swap, fd,
#ifdef USE_ARRAY_FOR_64BIT_TYPES
(off_t)getu32(swap, elfhdr.e_shoff[1]),
#else
(off_t)getu64(swap, elfhdr.e_shoff),
#endif
(off_t)elf_getu64(swap, elfhdr.e_shoff),
getu16(swap, elfhdr.e_shnum),
(size_t)getu16(swap, elfhdr.e_shentsize)) == -1)
return -1;

2
contrib/file/readelf.h
View File

@ -50,6 +50,7 @@ typedef uint32_t Elf64_Addr[2];
typedef uint32_t Elf64_Off[2];
typedef uint32_t Elf64_Xword[2];
#else
#undef USE_ARRAY_FOR_64BIT_TYPES
typedef uint64_t Elf64_Addr;
typedef uint64_t Elf64_Off;
typedef uint64_t Elf64_Xword;
@ -223,6 +224,7 @@ typedef struct {
#define NT_NETBSD_EMULATION 2
#define NT_FREEBSD_VERSION 1
#define NT_OPENBSD_VERSION 1
#define NT_DRAGONFLY_VERSION 1
/* GNU executables (name = "GNU") */
#define NT_GNU_VERSION 1

1034
contrib/file/softmagic.c
View File

File diff suppressed because it is too large Load Diff