From e8af9738aedb388303c5d81561534fa7f675fc6c Mon Sep 17 00:00:00 2001 From: Peter Avalos Date: Tue, 6 May 2014 10:40:32 -0700 Subject: [PATCH] Import file-5.18. See ChangeLog for details. --- contrib/file/ChangeLog | 189 ++++ contrib/file/README | 80 +- contrib/file/README.DELETED | 6 + contrib/file/doc/file.man | 75 +- contrib/file/doc/libmagic.man | 24 +- contrib/file/doc/magic.man | 185 ++- contrib/file/magic/Magdir/adventure | 14 +- contrib/file/magic/Magdir/amigaos | 5 +- contrib/file/magic/Magdir/android | 100 ++ contrib/file/magic/Magdir/animation | 57 +- contrib/file/magic/Magdir/aout | 46 + contrib/file/magic/Magdir/apple | 55 +- contrib/file/magic/Magdir/archive | 178 +-- contrib/file/magic/Magdir/assembler | 16 +- contrib/file/magic/Magdir/audio | 68 +- contrib/file/magic/Magdir/blackberry | 8 + contrib/file/magic/Magdir/bsdi | 16 +- contrib/file/magic/Magdir/c-lang | 30 +- contrib/file/magic/Magdir/cad | 72 +- contrib/file/magic/Magdir/cafebabe | 49 +- contrib/file/magic/Magdir/claris | 10 +- contrib/file/magic/Magdir/commands | 24 +- contrib/file/magic/Magdir/compress | 31 +- contrib/file/magic/Magdir/console | 6 +- contrib/file/magic/Magdir/convex | 4 +- contrib/file/magic/Magdir/ctf | 23 + contrib/file/magic/Magdir/cubemap | 8 + contrib/file/magic/Magdir/cups | 64 +- contrib/file/magic/Magdir/database | 375 ++++-- contrib/file/magic/Magdir/diff | 15 +- contrib/file/magic/Magdir/digital | 30 +- contrib/file/magic/Magdir/dolby | 103 +- contrib/file/magic/Magdir/dump | 106 +- contrib/file/magic/Magdir/elf | 497 ++++---- contrib/file/magic/Magdir/epoc | 11 +- contrib/file/magic/Magdir/filesystems | 1322 +++++++++++++++++----- contrib/file/magic/Magdir/flash | 7 +- contrib/file/magic/Magdir/fonts | 21 +- contrib/file/magic/Magdir/fortran | 3 +- contrib/file/magic/Magdir/fsav | 5 +- contrib/file/magic/Magdir/geo | 14 +- contrib/file/magic/Magdir/gimp | 16 +- contrib/file/magic/Magdir/gnome | 59 + contrib/file/magic/Magdir/gnome-keyring | 26 - contrib/file/magic/Magdir/gnu | 28 +- contrib/file/magic/Magdir/gpt | 241 ++++ contrib/file/magic/Magdir/hitachi-sh | 5 +- contrib/file/magic/Magdir/ibm6000 | 13 +- contrib/file/magic/Magdir/icc | 51 + contrib/file/magic/Magdir/images | 247 +++- contrib/file/magic/Magdir/intel | 4 +- contrib/file/magic/Magdir/java | 11 +- contrib/file/magic/Magdir/javascript | 17 + contrib/file/magic/Magdir/jpeg | 19 +- contrib/file/magic/Magdir/keepass | 20 + contrib/file/magic/Magdir/linux | 74 +- contrib/file/magic/Magdir/llvm | 14 +- contrib/file/magic/Magdir/lua | 3 +- contrib/file/magic/Magdir/mach | 268 +++-- contrib/file/magic/Magdir/macintosh | 5 +- contrib/file/magic/Magdir/macos | 7 + contrib/file/magic/Magdir/mail.news | 7 +- contrib/file/magic/Magdir/maple | 4 +- contrib/file/magic/Magdir/matroska | 16 +- contrib/file/magic/Magdir/mips | 68 +- contrib/file/magic/Magdir/misctools | 17 +- contrib/file/magic/Magdir/msdos | 135 ++- contrib/file/magic/Magdir/msooxml | 37 +- contrib/file/magic/Magdir/msx | 255 +++++ contrib/file/magic/Magdir/natinst | 4 +- contrib/file/magic/Magdir/neko | 12 + contrib/file/magic/Magdir/netbsd | 10 +- contrib/file/magic/Magdir/palm | 74 +- contrib/file/magic/Magdir/pbf | 11 + contrib/file/magic/Magdir/pdf | 3 +- contrib/file/magic/Magdir/pdp | 10 +- contrib/file/magic/Magdir/perl | 18 +- contrib/file/magic/Magdir/pgf | 52 + contrib/file/magic/Magdir/pwsafe | 14 + contrib/file/magic/Magdir/python | 20 +- contrib/file/magic/Magdir/revision | 4 +- contrib/file/magic/Magdir/riff | 69 +- contrib/file/magic/Magdir/rpm | 27 +- contrib/file/magic/Magdir/scientific | 4 +- contrib/file/magic/Magdir/sgi | 73 +- contrib/file/magic/Magdir/sgml | 25 +- contrib/file/magic/Magdir/sniffer | 164 +-- contrib/file/magic/Magdir/sql | 55 +- contrib/file/magic/Magdir/ssh | 3 + contrib/file/magic/Magdir/ssl | 1 + contrib/file/magic/Magdir/sun | 67 +- contrib/file/magic/Magdir/symbos | 42 + contrib/file/magic/Magdir/sysex | 10 +- contrib/file/magic/Magdir/tcl | 2 +- contrib/file/magic/Magdir/tex | 36 +- contrib/file/magic/Magdir/unknown | 47 +- contrib/file/magic/Magdir/uterus | 16 + contrib/file/magic/Magdir/varied.script | 30 +- contrib/file/magic/Magdir/vax | 18 +- contrib/file/magic/Magdir/virtual | 12 +- contrib/file/magic/Magdir/vms | 8 +- contrib/file/magic/Magdir/windows | 226 +++- contrib/file/magic/Magdir/wordprocessors | 13 +- contrib/file/magic/Magdir/wsdl | 4 +- contrib/file/magic/Magdir/xilinx | 51 +- contrib/file/magic/Magdir/xwindows | 4 +- contrib/file/src/apprentice.c | 1141 +++++++++++++------ contrib/file/src/ascmagic.c | 9 +- contrib/file/src/cdf.c | 27 +- contrib/file/src/cdf.h | 5 +- contrib/file/src/cdf_time.c | 19 +- contrib/file/src/compress.c | 46 +- contrib/file/src/elfclass.h | 3 +- contrib/file/src/encoding.c | 14 +- contrib/file/src/file.c | 65 +- contrib/file/src/file.h | 93 +- contrib/file/src/file_opts.h | 4 +- contrib/file/src/fsmagic.c | 134 ++- contrib/file/src/funcs.c | 74 +- contrib/file/src/magic.c | 133 +-- contrib/file/src/magic.h | 4 + contrib/file/src/print.c | 62 +- contrib/file/src/readcdf.c | 212 +++- contrib/file/src/readelf.c | 415 ++++--- contrib/file/src/readelf.h | 48 +- contrib/file/src/softmagic.c | 447 ++++++-- 126 files changed, 7160 insertions(+), 2653 deletions(-) create mode 100644 contrib/file/magic/Magdir/android create mode 100644 contrib/file/magic/Magdir/aout create mode 100644 contrib/file/magic/Magdir/blackberry create mode 100644 contrib/file/magic/Magdir/ctf create mode 100644 contrib/file/magic/Magdir/cubemap create mode 100644 contrib/file/magic/Magdir/gnome delete mode 100644 contrib/file/magic/Magdir/gnome-keyring create mode 100644 contrib/file/magic/Magdir/gpt create mode 100644 contrib/file/magic/Magdir/icc create mode 100644 contrib/file/magic/Magdir/javascript create mode 100644 contrib/file/magic/Magdir/keepass create mode 100644 contrib/file/magic/Magdir/macos create mode 100644 contrib/file/magic/Magdir/msx create mode 100644 contrib/file/magic/Magdir/neko create mode 100644 contrib/file/magic/Magdir/pbf create mode 100644 contrib/file/magic/Magdir/pgf create mode 100644 contrib/file/magic/Magdir/pwsafe create mode 100644 contrib/file/magic/Magdir/symbos create mode 100644 contrib/file/magic/Magdir/uterus diff --git a/contrib/file/ChangeLog b/contrib/file/ChangeLog index 4c19cc6034..dd90401863 100644 --- a/contrib/file/ChangeLog +++ b/contrib/file/ChangeLog @@ -1,3 +1,192 @@ +2014-03-26 11:25 Christos Zoulas + + * release 5.18 + +2014-03-15 17:45 Christos Zoulas + + * add fmtcheck(3) for those who don't have it + +2014-03-14 15:12 Christos Zoulas + + * prevent mime entries from being attached to magic + entries with no descriptions + + * adjust magic strength for regex type + + * remove superfluous ascmagic with encoding test + +2014-03-06 12:01 Christos Zoulas + + * fix regression fix echo -ne "\012\013\014" | file -i - + which printed "binary" instead of "application/octet-stream" + + * add size_t overflow check for magic file size + +2014-02-27 16:01 Christos Zoulas + + * experimental support for matching with CFD CLSID + +2014-02-18 13:04 Kimmo Suominen (kimmo@suominen.com) + + * Cache old LC_CTYPE locale before setting it to "C", so + we can use it to restore LC_CTYPE instead of asking + setlocale() to scan the environment variables. + +2014-02-12 18:21 Christos Zoulas + + * Count recursion levels through indirect magic + +2014-02-11 10:40 Christos Zoulas + + * Prevent infinite recursion on files with indirect offsets of 0 + +2014-01-30 21:00 Christos Zoulas + + * Add -E flag that makes file print filesystem errors to stderr + and exit. + +2014-01-08 17:20 Christos Zoulas + + * mime printing could print results from multiple magic entries + if there were multiple matches. + * in some cases overflow was not detected when computing offsets + in softmagic. + +2013-12-05 12:00 Christos Zoulas + + * use strcasestr() to for cdf strings + * reset to the "C" locale while doing regex operations, or case + insensitive comparisons; this is provisional + +2013-11-19 20:10 Christos Zoulas + + * always leave magic file loaded, don't unload for magic_check, etc. + * fix default encoding to binary instead of unknown which broke recently + * handle empty and one byte files, less specially so that + --mime-encoding does not break completely. + ` +2013-11-06 14:40 Christos Zoulas + + * fix erroneous non-zero exit code from non-existant file and message + +2013-10-29 14:25 Christos Zoulas + + * add CDF MSI file detection (Guy Helmer) + +2013-09-03 11:56 Christos Zoulas + + * Don't mix errors and regular output if there was an error + * in magic_descriptor() don't close the file and try to restore + its position + +2013-05-30 17:25 Christos Zoulas + + * Don't treat magic as an error if offset was past EOF (Christoph Biedl) + +2013-05-28 17:25 Christos Zoulas + + * Fix spacing issues in softmagic and elf (Jan Kaluza) + +2013-05-02 18:00 Christos Zoulas + + * Fix segmentation fault with multiple magic_load commands. + +2013-04-22 11:20 Christos Zoulas + + * The way "default" was implemented was not very useful + because the "if something was printed at that level" + was not easily controlled by the user, and the format + was bound to a string which is too restrictive. Add + a "clear" for that level keyword and make "default" + void. This way one can do: + + >>13 clear x + >>13 lelong 1 foo + >>13 lelong 2 bar + >>13 default x + >>>13 lelong x unknown %x + +2013-03-25 13:20 Christos Zoulas + + * disallow strength setting in "name" entries + +2013-03-06 21:24 Christos Zoulas + + * fix recursive magic separator printing + +2013-02-26 19:28 Christos Zoulas + + * limit recursion level for mget + * fix pread() related breakage in cdf + * handle offsets properly in recursive "use" + +2013-02-18 10:39 Christos Zoulas + + * add elf reading of debug info to determine if file is stripped + (Jan Kaluza) + * use pread() + +2013-01-25 18:05 Christos Zoulas + + * change mime description size from 64 to 80 to accommodate OOXML. + +2013-01-11 14:50 Christos Zoulas + + * Warn about inconsistent continuation levels. + * Change fsmagic to add a space after it prints. + +2013-01-10 21:00 Christos Zoulas + + * Make getline public so that file can link against it. + Perhaps it is better to rename it, or hide it differently. + Fixes builds on platforms that do not provide it. + +2013-01-07 16:30 Christos Zoulas + + * Add SuS d{,1,2,4,8}, u{,1,2,4,8} and document + what long, int, short, etc is (Guy Harris) + +2013-01-06 11:20 Christos Zoulas + + * add magic_version function and constant + * Redo memory allocation and de-allocation. + (prevents double frees on non mmap platforms) + * Fix bug with name/use having to do with passing + found state from the parent to the child and back. + +2012-12-19 8:47 Christos Zoulas + + * Only print elf capabilities for archs we know (Jan Kaluza) + +2012-10-30 19:14 Christos Zoulas + + * Add "name" and "use" file types in order to look + inside mach-o files. + +2012-09-06 10:40 Christos Zoulas + + * make --version exit 0 (Matthew Schultz) + * add string/T (Jan Kaluza) + +2012-08-09 2:15 Christos Zoulas + + * add z and t modifiers for our own vasprintf + * search for $HOME/.magic.mgc if it is there first + * fix reads from a pipe, and preserve errno + +2012-05-15 13:12 Christos Zoulas + + * use ctime_r, asctime_r + +2012-04-06 17:18 Christos Zoulas + + * Fixes for indirect offsets to handle apple disk formats + +2012-04-03 18:26 Christos Zoulas + + * Add windows date field types + * More info for windows shortcuts (incomplete) + 2012-02-20 17:33 Christos Zoulas * Fix CDF parsing issues found by CERT's fuzzing tool (Will Dormann) diff --git a/contrib/file/README b/contrib/file/README index 2b57a70624..cfc530f520 100644 --- a/contrib/file/README +++ b/contrib/file/README @@ -1,10 +1,14 @@ -** README for file(1) Command ** -@(#) $File: README,v 1.44 2011/03/24 13:03:39 rrt Exp $ +## README for file(1) Command ## -Mailing List: file@mx.gw.com -Bug tracker: http://bugs.gw.com/ + @(#) $File: README,v 1.48 2014/03/07 13:55:30 christos Exp $ + +Mailing List: file@mx.gw.com +Mailing List archives: http://mx.gw.com/pipermail/file/ +Bug tracker: http://bugs.gw.com/ E-mail: christos@astron.com +[![Build Status](https://travis-ci.org/file/file.png?branch=master)](https://travis-ci.org/file/file) + Phone: Do not even think of telephoning me about this program. Send cash first! This is Release 5.x of Ian Darwin's (copyright but distributable) @@ -13,13 +17,13 @@ It knows the 'magic number' of several thousands of file types. This version is the standard "file" command for Linux, *BSD, and other systems. (See "patchlevel.h" for the exact release number). -You can download the latest version of file from: +You can download the latest version of the original sources for file from: ftp://ftp.astron.com/pub/file/ -A public read-only git repository is available at: +A public read-only git repository of the same sources is available at: - https://github.com/glensc/file + https://github.com/file/file The major changes for 5.x are CDF file parsing, indirect magic, and overhaul in mime and ascii encoding handling. @@ -28,7 +32,7 @@ The major feature of 4.x is the refactoring of the code into a library, and the re-write of the file command in terms of that library. The library itself, libmagic can be used by 3rd party programs that wish to identify file types without having to fork() and exec() file. The prime contributor -for 4.0 was M\xe5ns Rullg\xe5rd. +for 4.0 was Mans Rullgard. UNIX is a trademark of UNIX System Laboratories. @@ -60,38 +64,42 @@ magic numbers assigned to all sorts of data files that are in reasonable circulation. Send your magic numbers, in magic(5) format please, to the maintainer, Christos Zoulas. -COPYING - read this first. -README - read this second (you are currently reading this file). +COPYING - read this first. +README - read this second (you are currently reading this file). INSTALL - read on how to install -src/apprentice.c - parses /etc/magic to learn magic -src/apptype.c - used for OS/2 specific application type magic -src/asprintf.c - replacement for OS's that don't have it. -src/ascmagic.c - third & last set of tests, based on hardwired assumptions. -src/cdf.c - parser for Microsoft Compound Document Files -src/cdf_time.c - time converter for CDF. -src/compress.c - handles decompressing files to look inside. -src/encoding.c - handles unicode encodings -src/file.c - the main program -src/file.h - header file -src/fsmagic.c - first set of tests the program runs, based on filesystem info -src/funcs.c - utilility functions -src/getopt_long.c - used for OS/2 specific application type magic -src/is_tar.c, tar.h - knows about tarchives (courtesy John Gilmore). -src/names.h - header file for ascmagic.c -src/magic.c - the libmagic api -src/print.c - print results, errors, warnings. -src/readcdf.c - CDF wrapper. -src/readelf.[ch] - Stand-alone elf parsing code. -src/softmagic.c - 2nd set of tests, based on /etc/magic -src/strlcat.c - used for OS/2 specific application type magic -src/strlcpy.c - used for OS/2 specific application type magic -src/vasprintf.c - used for OS/2 specific application type magic -doc/file.1 - man page for the command -doc/magic.4 - man page for the magic file, courtesy Guy Harris. +src/apprentice.c - parses /etc/magic to learn magic +src/apptype.c - used for OS/2 specific application type magic +src/asprintf.c - replacement for OS's that don't have it. +src/ascmagic.c - third & last set of tests, based on hardwired assumptions. +src/asctime_r.c - for systems that don't have it. +src/asprintf.c - for systems that don't have it. +src/cdf.c - parser for Microsoft Compound Document Files +src/cdf_time.c - time converter for CDF. +src/compress.c - handles decompressing files to look inside. +src/ctime_r.c - for systems that don't have it. +src/encoding.c - handles unicode encodings +src/file.c - the main program +src/file.h - header file +src/fsmagic.c - first set of tests the program runs, based on filesystem info +src/funcs.c - utilility functions +src/getopt_long.c - for systems that don't have it. +src/getline.c - for systems that don't have it. +src/is_tar.c, tar.h - knows about tarchives (courtesy John Gilmore). +src/names.h - header file for ascmagic.c +src/magic.c - the libmagic api +src/print.c - print results, errors, warnings. +src/readcdf.c - CDF wrapper. +src/readelf.[ch] - Stand-alone elf parsing code. +src/softmagic.c - 2nd set of tests, based on /etc/magic +src/strlcat.c - for systems that don't have it. +src/strlcpy.c - for systems that don't have it. +src/vasprintf.c - for systems that don't have it. +doc/file.man - man page for the command +doc/magic.man - man page for the magic file, courtesy Guy Harris. Install as magic.4 on USG and magic.5 on V7 or Berkeley; cf Makefile. -Magdir - directory of /etc/magic pieces +Magdir - directory of /etc/magic pieces ------------------------------------------------------------------------------ If you submit a new magic entry please make sure you read the following diff --git a/contrib/file/README.DELETED b/contrib/file/README.DELETED index 5b470097a5..f98400979c 100644 --- a/contrib/file/README.DELETED +++ b/contrib/file/README.DELETED @@ -24,9 +24,15 @@ missing python/ src/Makefile.am src/Makefile.in +src/asctime_r.c src/asprintf.c +src/ctime_r.c +src/fmtcheck.c src/getline.c src/getopt_long.c +src/magic.h.in +src/pread.c +src/strcasestr.c src/strlcat.c src/strlcpy.c src/vasprintf.c diff --git a/contrib/file/doc/file.man b/contrib/file/doc/file.man index fff7730897..361188e139 100644 --- a/contrib/file/doc/file.man +++ b/contrib/file/doc/file.man @@ -1,5 +1,5 @@ -.\" $File: file.man,v 1.98 2011/12/08 12:12:46 rrt Exp $ -.Dd October 17, 2011 +.\" $File: file.man,v 1.106 2014/03/07 23:11:51 christos Exp $ +.Dd January 30, 2014 .Dt FILE __CSECTION__ .Os .Sh NAME @@ -8,7 +8,7 @@ .Sh SYNOPSIS .Nm .Bk -words -.Op Fl bchiklLNnprsvz0 +.Op Fl bcEhiklLNnprsvz0 .Op Fl Fl apple .Op Fl Fl mime-encoding .Op Fl Fl mime-type @@ -164,6 +164,10 @@ in any of the character sets listed above is simply said to be .Dq data . .Sh OPTIONS .Bl -tag -width indent +.It Fl Fl apple +Causes the file command to output the file type and creator code as +used by older MacOS versions. The code consists of eight letters, +the first describing the file type, the latter the creator. .It Fl b , Fl Fl brief Do not prepend filenames to output lines (brief mode). .It Fl C , Fl Fl compile @@ -175,6 +179,10 @@ Cause a checking printout of the parsed form of the magic file. This is usually used in conjunction with the .Fl m flag to debug a new magic file before installing it. +.It Fl E +On filesystem errors (file not found etc), instead of handling the error +as regular output as POSIX mandates and keep going, issue an error message +and exit. .It Fl e , Fl Fl exclude Ar testname Exclude the test named in .Ar testname @@ -259,8 +267,16 @@ prepended. (If you want a newline, see the .Fl r option.) +The magic pattern with the highest strength (see the +.Fl l +option) comes first. .It Fl l , Fl Fl list -Print information about the strength of each magic pattern. +Shows a list of patterns and their strength sorted descending by +.Xr magic 4 +strength +which is used for the matching (see also the +.Fl k +option). .It Fl L , Fl Fl dereference option causes symlinks to be followed, as the like-named option in .Xr ls 1 @@ -268,8 +284,6 @@ option causes symlinks to be followed, as the like-named option in This is the default if the environment variable .Ev POSIXLY_CORRECT is defined. -.It Fl l -Shows sorted patterns list in the order which is used for the matching. .It Fl m , Fl Fl magic-file Ar magicfiles Specify an alternate list of files and directories containing magic. This can be a single item, or a colon-separated list. @@ -325,7 +339,7 @@ after the end of the filename. Nice to .Xr cut 1 the output. -This does not affect the separator which is still printed. +This does not affect the separator, which is still printed. .It Fl -help Print a help message and exit. .El @@ -547,20 +561,27 @@ returns 0 on success, and non-zero on error. Please report bugs and send patches to the bug tracker at .Pa http://bugs.gw.com/ or the mailing list at -.Aq file@mx.gw.com . +.Aq file@mx.gw.com +(visit +.Pa http://mx.gw.com/mailman/listinfo/file +first to subscribe). .Sh TODO .Pp Fix output so that tests for MIME and APPLE flags are not needed all -over the place, and actual output is only done in one place. This -needs a design. Suggestion: push possible outputs on to a list, then -pick the last-pushed (most specific, one hopes) value at the end, or -use a default if the list is empty. This should not slow down evaluation. +over the place, and actual output is only done in one place. +This needs a design. +Suggestion: push possible outputs on to a list, then pick the +last-pushed (most specific, one hopes) value at the end, or +use a default if the list is empty. +This should not slow down evaluation. .Pp -Continue to squash all magic bugs. See Debian BTS for a good source. +Continue to squash all magic bugs. +See Debian BTS for a good source. .Pp Store arbitrarily long strings, for example for %s patterns, so that -they can be printed out. Fixes Debian bug #271672. Would require more -complex store/load code in apprentice. +they can be printed out. +Fixes Debian bug #271672. +Would require more complex store/load code in apprentice. .Pp Add syntax for relative offsets after current level (Debian bug #466037). .Pp @@ -570,6 +591,30 @@ Add a zip library so we can peek inside Office2007 documents to figure out what they are. .Pp Add an option to print URLs for the sources of the file descriptions. +.Pp +Combine script searches and add a way to map executable names to MIME +types (e.g. have a magic value for !:mime which causes the resulting +string to be looked up in a table). +This would avoid adding the same magic repeatedly for each new +hash-bang interpreter. +.Pp +Fix +.Dq name +and +.Dq use +to check for consistency at compile time (duplicate +.Dq name , +.Dq use +pointing to undefined +.Dq name +). +Make +.Dq name +/ +.Dq use +more efficient by keeping a sorted list of names. +Special-case ^ to flip endianness in the parser so that it does not +have to be escaped, and document it. .Sh AVAILABILITY You can obtain the original author's latest version by anonymous FTP on diff --git a/contrib/file/doc/libmagic.man b/contrib/file/doc/libmagic.man index 272b8386a3..ee9cdb284e 100644 --- a/contrib/file/doc/libmagic.man +++ b/contrib/file/doc/libmagic.man @@ -1,4 +1,4 @@ -.\" $File: libmagic.man,v 1.26 2011/12/19 17:49:31 christos Exp $ +.\" $File: libmagic.man,v 1.28 2014/03/02 14:47:16 christos Exp $ .\" .\" Copyright (c) Christos Zoulas 2003. .\" All Rights Reserved. @@ -25,19 +25,22 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd December 19, 2011 +.Dd January 6, 2012 .Dt LIBMAGIC 3 .Os .Sh NAME .Nm magic_open , .Nm magic_close , .Nm magic_error , +.Nm magic_errno , .Nm magic_descriptor , .Nm magic_buffer , .Nm magic_setflags , .Nm magic_check , .Nm magic_compile , -.Nm magic_load +.Nm magic_list , +.Nm magic_load , +.Nm magic_version .Nd Magic number recognition library .Sh LIBRARY .Lb libmagic @@ -67,6 +70,8 @@ .Fn magic_list "magic_t cookie" "const char *filename" .Ft int .Fn magic_load "magic_t cookie" "const char *filename" +.Ft int +.Fn magic_version "void" .Sh DESCRIPTION These functions operate on the magic database file @@ -246,6 +251,16 @@ If that variable is not set, the default database file name is __MAGIC__. adds .Dq .mgc to the database filename as appropriate. +.Pp +The +.Fn magic_version +command returns the version number of this library which is compiled into +the shared library using the constant +.Dv MAGIC_VERSION +from +.In magic.h . +This can be used by client programs to verify that the version they compile +against is the same as the version that they run against. .Sh RETURN VALUES The function .Fn magic_open @@ -276,6 +291,9 @@ function returns a textual description of the errors of the above functions, or .Dv NULL if there was no error. +The +.Fn magic_version +always returns the version number of the library. Finally, .Fn magic_setflags returns \-1 on systems that don't support diff --git a/contrib/file/doc/magic.man b/contrib/file/doc/magic.man index 12045682aa..fab13efb37 100644 --- a/contrib/file/doc/magic.man +++ b/contrib/file/doc/magic.man @@ -1,5 +1,5 @@ -.\" $File: magic.man,v 1.71 2011/12/07 11:58:24 rrt Exp $ -.Dd April 20, 2011 +.\" $File: magic.man,v 1.81 2014/03/08 17:28:08 christos Exp $ +.Dd April 22, 2013 .Dt MAGIC __FSECTION__ .Os .\" install as magic.4 on USG, magic.5 on V7, Berkeley and Linux systems. @@ -51,7 +51,7 @@ A 64-bit double precision IEEE floating point number in this machine's native by .It Dv string A string of bytes. The string type specification can be optionally followed -by /[WwcCtb]*. +by /[WwcCtbT]*. The .Dq W flag compacts whitespace in the target, which must @@ -85,8 +85,12 @@ The flag forces the test to be done for text files, while the .Dq b flag forces the test to be done for binary files. +The +.Dq T +flag causes the string to be trimmed, i.e. leading and trailing whitespace +is deleted before the string is printed. .It Dv pstring -A Pascal-style string where the first byte/short/int is interpreted as the an +A Pascal-style string where the first byte/short/int is interpreted as the unsigned length. The length defaults to byte and can be specified as a modifier. The following modifiers are supported: @@ -121,6 +125,8 @@ local time rather than UTC. .It Dv qldate An eight-byte value interpreted as a UNIX-style date, but interpreted as local time rather than UTC. +.It Dv qwdate +An eight-byte value interpreted as a Windows-style date. .It Dv beid3 A 32-bit ID3 length in big-endian byte order. .It Dv beshort @@ -147,6 +153,9 @@ than UTC. An eight-byte value in big-endian byte order, interpreted as a UNIX-style date, but interpreted as local time rather than UTC. +.It Dv beqwdate +An eight-byte value in big-endian byte order, +interpreted as a Windows-style date. .It Dv bestring16 A two-byte unicode (UCS16) string in big-endian byte order. .It Dv leid3 @@ -175,6 +184,9 @@ than UTC. An eight-byte value in little-endian byte order, interpreted as a UNIX-style date, but interpreted as local time rather than UTC. +.It Dv leqwdate +An eight-byte value in little-endian byte order, +interpreted as a Windows-style date. .It Dv lestring16 A two-byte unicode (UCS16) string in little-endian byte order. .It Dv melong @@ -188,6 +200,27 @@ interpreted as a UNIX-style date, but interpreted as local time rather than UTC. .It Dv indirect Starting at the given offset, consult the magic database again. +.It Dv name +Define a +.Dq named +magic instance that can be called from another +.Dv use +magic entry, like a subroutine call. +Named instance direct magic offsets are relative to the offset of the +previous matched entry, but indirect offsets are relative to the beginning +of the file as usual. +Named magic entries always match. +.It Dv use +Recursively call the named magic starting from the current offset. +If the name of the referenced begins with a +.Dv ^ +then the endianness of the magic is switched; if the magic mentioned +.Dv leshort +for example, +it is treated as +.Dv beshort +and vice versa. +This is useful to avoid duplicating the rules for different endianness. .It Dv regex A regular expression match in extended POSIX regular expression syntax (like egrep). @@ -216,22 +249,91 @@ not beginning and end of file. .It Dv search A literal string search starting at the given offset. The same modifier flags can be used as for string patterns. -The modifier flags (if any) must be followed by -.Dv /number -the range, that is, the number of positions at which the match will be +The search expression must contain the range in the form +.Dv /number, +that is the number of positions at which the match will be attempted, starting from the start offset. This is suitable for searching larger binary expressions with variable offsets, using .Dv \e escapes for special characters. -The offset works as for regex. +The order of modifier and number is not relevant. .It Dv default This is intended to be used with the test .Em x -(which is always true) and a message that is to be used if there are -no other matches. +(which is always true) and it has no type. +It matches when no other test at that continuation level has matched before. +Clearing that matched tests for a continuation level, can be done using the +.Dv clear +test. +.It Dv clear +This test is always true and clears the match flag for that continuation level. +It is intended to be used with the +.Dv default +test. .El .Pp +For compatibility with the Single +.Ux +Standard, the type specifiers +.Dv dC +and +.Dv d1 +are equivalent to +.Dv byte , +the type specifiers +.Dv uC +and +.Dv u1 +are equivalent to +.Dv ubyte , +the type specifiers +.Dv dS +and +.Dv d2 +are equivalent to +.Dv short , +the type specifiers +.Dv uS +and +.Dv u2 +are equivalent to +.Dv ushort , +the type specifiers +.Dv dI , +.Dv dL , +and +.Dv d4 +are equivalent to +.Dv long , +the type specifiers +.Dv uI , +.Dv uL , +and +.Dv u4 +are equivalent to +.Dv ulong , +the type specifier +.Dv d8 +is equivalent to +.Dv quad , +the type specifier +.Dv u8 +is equivalent to +.Dv uquad , +and the type specifier +.Dv s +is equivalent to +.Dv string . +In addition, the type specifier +.Dv dQ +is equivalent to +.Dv quad +and the type specifier +.Dv uQ +is equivalent to +.Dv uquad . +.Pp Each top-level magic pattern (see below for an explanation of levels) is classified as text or binary according to the types used. Types @@ -324,6 +426,9 @@ then print the string), with .Em \*[Gt]\e0 (because all non-empty strings are greater than the empty string). .Pp +Dates are treated as numerical values in the respective internal +representation. +.Pp The special test .Em x always evaluates to true. @@ -511,7 +616,7 @@ Or even both! \*[Gt]\*[Gt]\*[Gt]\*[Am](\*[Am]0x54.l-3) string UNACE \eb, ACE self-extracting archive .Ed .Pp -Finally, if you have to deal with offset/length pairs in your file, even the +If you have to deal with offset/length pairs in your file, even the second value in a parenthesized expression can be taken from the file itself, using another set of parentheses. Note that this additional indirect offset is always relative to the @@ -526,6 +631,18 @@ start of the main indirect offset. # these are located 14 and 10 bytes after the section name \*[Gt]\*[Gt]\*[Gt]\*[Gt](\*[Am]0xe.l+(-4)) string PK\e3\e4 \eb, ZIP self-extracting archive .Ed +.Pp +If you have a list of known avalues at a particular continuation level, +and you want to provide a switch-like default case: +.Bd -literal -offset indent +# clear that continuation level match +\*[Gt]18 clear +\*[Gt]18 lelong 1 one +\*[Gt]18 lelong 2 two +\*[Gt]18 default x +# print default match +\*[Gt]\*[Gt]18 lelong x unmatched 0x%x +.Ed .Sh SEE ALSO .Xr file __CSECTION__ \- the command that reads this file. @@ -537,19 +654,41 @@ The formats .Dv melong , .Dv short , .Dv beshort , -.Dv leshort , -.Dv date , -.Dv bedate , -.Dv medate , -.Dv ledate , -.Dv beldate , -.Dv leldate , and -.Dv meldate -are system-dependent; perhaps they should be specified as a number -of bytes (2B, 4B, etc), -since the files being recognized typically come from -a system on which the lengths are invariant. +.Dv leshort +do not depend on the length of the C data types +.Dv short +and +.Dv long +on the platform, even though the Single +.Ux +Specification implies that they do. However, as OS X Mountain Lion has +passed the Single +.Ux +Specification validation suite, and supplies a version of +.Xr file __CSECTION__ +in which they do not depend on the sizes of the C data types and that is +built for a 64-bit environment in which +.Dv long +is 8 bytes rather than 4 bytes, presumably the validation suite does not +test whether, for example +.Dv long +refers to an item with the same size as the C data type +.Dv long . +There should probably be +.Dv type +names +.Dv int8 , +.Dv uint8 , +.Dv int16 , +.Dv uint16 , +.Dv int32 , +.Dv uint32 , +.Dv int64 , +and +.Dv uint64 , +and specified-byte-order variants of them, +to make it clearer that those types have specified widths. .\" .\" From: guy@sun.uucp (Guy Harris) .\" Newsgroups: net.bugs.usg diff --git a/contrib/file/magic/Magdir/adventure b/contrib/file/magic/Magdir/adventure index febc2077f1..37b4cb3de2 100644 --- a/contrib/file/magic/Magdir/adventure +++ b/contrib/file/magic/Magdir/adventure @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: adventure,v 1.13 2010/12/31 16:32:54 christos Exp $ +# $File: adventure,v 1.14 2012/06/21 01:32:26 christos Exp $ # adventure: file(1) magic for Adventure game files # # from Allen Garvin @@ -33,10 +33,14 @@ # 0 ubyte >0 >0 ubyte <9 ->>16 belong&0xfe00f0f0 0x3030 Infocom game data ->>>0 ubyte x (Z-machine %d, ->>>>2 ubeshort x Release %d / ->>>>18 string >\0 Serial %.6s) +>>16 belong&0xfe00f0f0 0x3030 +>>>0 ubyte < 10 +>>>>2 ubeshort < 10 +>>>>>18 regex [0-9][0-9][0-9][0-9][0-9][0-9] +>>>>>>0 ubyte < 10 Infocom (Z-machine %d, +>>>>>>>2 ubeshort < 10 Release %d / +>>>>>>>>18 string >\0 Serial %.6s) +!:strength + 40 #------------------------------------------------------------------------------ # Glulx: file(1) magic for Glulx binaries. diff --git a/contrib/file/magic/Magdir/amigaos b/contrib/file/magic/Magdir/amigaos index f4c9cf2653..8fdf37662c 100644 --- a/contrib/file/magic/Magdir/amigaos +++ b/contrib/file/magic/Magdir/amigaos @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: amigaos,v 1.14 2009/09/19 16:28:07 christos Exp $ +# $File: amigaos,v 1.15 2012/06/21 01:13:59 christos Exp $ # amigaos: file(1) magic for AmigaOS binary formats: # @@ -63,3 +63,6 @@ # From: Alex Beregszaszi 0 string LZX LZX compressed archive (Amiga) +# From: Przemek Kramarczyk +0 string .KEY AmigaDOS script +0 string .key AmigaDOS script diff --git a/contrib/file/magic/Magdir/android b/contrib/file/magic/Magdir/android new file mode 100644 index 0000000000..cae0cb7d76 --- /dev/null +++ b/contrib/file/magic/Magdir/android @@ -0,0 +1,100 @@ + +#------------------------------------------------------------ +# $File: android,v 1.3 2013/11/08 01:24:22 christos Exp $ +# Various android related magic entries +#------------------------------------------------------------ + +# Dalvik .dex format. http://retrodev.com/android/dexformat.html +# From "Mike Fleming" +# Fixed to avoid regexec 17 errors on some dex files +# From "Tim Strazzere" +0 string dex\n +>0 regex dex\n[0-9]{2}\0 Dalvik dex file +>4 string >000 version %s +0 string dey\n +>0 regex dey\n[0-9]{2}\0 Dalvik dex file (optimized for host) +>4 string >000 version %s + +# http://android.stackexchange.com/questions/23357/\ +# is-there-a-way-to-look-inside-and-modify-an-adb-backup-created-file/\ +# 23608#23608 +0 string ANDROID\040BACKUP\n Android Backup +>15 string 1\n \b, version 1 +>17 string 0\n \b, uncompressed +>17 string 1\n \b, compressed +>19 string none\n \b, unencrypted +>19 string AES-256\n \b, encrypted AES-256 + +# Android bootimg format +# From https://android.googlesource.com/\ +# platform/system/core/+/master/mkbootimg/bootimg.h +0 string ANDROID! Android bootimg +>8 lelong >0 \b, kernel +>>12 lelong >0 \b (0x%x) +>16 lelong >0 \b, ramdisk +>>20 lelong >0 \b (0x%x) +>24 lelong >0 \b, second stage +>>28 lelong >0 \b (0x%x) +>36 lelong >0 \b, page size: %d +>38 string >0 \b, name: %s +>64 string >0 \b, cmdline (%s) +# Dalvik .dex format. http://retrodev.com/android/dexformat.html +# From "Mike Fleming" +# Fixed to avoid regexec 17 errors on some dex files +# From "Tim Strazzere" +0 string dex\n +>0 regex dex\n[0-9]{2}\0 Dalvik dex file +>4 string >000 version %s +0 string dey\n +>0 regex dey\n[0-9]{2}\0 Dalvik dex file (optimized for host) +>4 string >000 version %s + +# http://android.stackexchange.com/questions/23357/\ +# is-there-a-way-to-look-inside-and-modify-an-adb-backup-created-file/\ +# 23608#23608 +0 string ANDROID\040BACKUP\n Android Backup +>15 string 1\n \b, version 1 +>17 string 0\n \b, uncompressed +>17 string 1\n \b, compressed +>19 string none\n \b, unencrypted +>19 string AES-256\n \b, encrypted AES-256 + +# Android bootimg format +# From https://android.googlesource.com/\ +# platform/system/core/+/master/mkbootimg/bootimg.h +0 string ANDROID! Android bootimg +>8 lelong >0 \b, kernel +>>12 lelong >0 \b (0x%x) +>16 lelong >0 \b, ramdisk +>>20 lelong >0 \b (0x%x) +>24 lelong >0 \b, second stage +>>28 lelong >0 \b (0x%x) +>36 lelong >0 \b, page size: %d +>38 string >0 \b, name: %s +>64 string >0 \b, cmdline (%s) + +# Android Backup archive +# From: Ariel Shkedi +# File extension: .ab +# No mime-type defined +# URL: https://github.com/android/platform_frameworks_base/blob/\ +# 0bacfd2ba68d21a68a3df345b830bc2a1e515b5a/services/java/com/\ +# android/server/BackupManagerService.java#L2367 +# After the header comes a tar file +# If compressed, the entire tar file is compressed with JAVA deflate +# +# Include the version number hardcoded with the magic string to avoid +# false positives +0 string/b ANDROID\ BACKUP\n1\n Android Backup +>17 string 0\n \b, Not-Compressed +>17 string 1\n \b, Compressed +# any string as long as it's not the word none (which is matched below) +>>19 regex/1 \^([^n\n]|n[^o]|no[^n]|non[^e]|none.+).* \b, Encrypted (%s) +>>19 string none\n \b, Not-Encrypted +# Commented out because they don't seem useful to print +# (but they are part of the header - the tar file comes after them): +#>>>&1 regex/1 .* \b, Password salt: %s +#>>>>&1 regex/1 .* \b, Master salt: %s +#>>>>>&1 regex/1 .* \b, PBKDF2 rounds: %s +#>>>>>>&1 regex/1 .* \b, IV: %s +#>>>>>>>&1 regex/1 .* \b, Key: %s diff --git a/contrib/file/magic/Magdir/animation b/contrib/file/magic/Magdir/animation index c09a26ac85..198b8c5a23 100644 --- a/contrib/file/magic/Magdir/animation +++ b/contrib/file/magic/Magdir/animation @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: animation,v 1.45 2011/09/06 11:00:06 christos Exp $ +# $File: animation,v 1.51 2014/03/14 18:47:29 christos Exp $ # animation: file(1) magic for animation/movie formats # # animation formats @@ -89,7 +89,10 @@ >>4 byte 77 \b, main >>4 byte 88 \b, extended >>6 byte x \b @ L %u +# GRR too general as it catches also FoxPro Memo example NG.FPT >3 byte 0xB0 MPEG sequence, v4 +# TODO: maybe this extra line exclude FoxPro Memo example NG.FPT starting with 000001b0 00000100 00000000 +#>>4 byte !0 MPEG sequence, v4 !:mime video/mpeg4-generic >>5 belong 0x000001B5 >>>9 byte &0x80 @@ -448,6 +451,7 @@ # MP2, M2A 0 beshort&0xFFFE 0xFFF4 MPEG ADTS, layer II, v2 +!:mime audio/mpeg # rate >2 byte&0xF0 0x10 \b, 8 kbps >2 byte&0xF0 0x20 \b, 16 kbps @@ -688,10 +692,6 @@ # iso 13818 transport stream # # from Oskar Schirmer Feb 3, 2001 (ISO 13818.1) -# (the following is a little bit restrictive and works fine for a stream -# that starts with PAT properly. it won't work for stream data, that is -# cut from an input device data right in the middle, but this shouldn't -# disturb) # syncbyte 8 bit 0x47 # error_ind 1 bit - # payload_start 1 bit 1 @@ -699,9 +699,9 @@ # PID 13 bit 0x0000 # scrambling 2 bit - # adaptfld_ctrl 2 bit 1 or 3 -# conti_count 4 bit 0 -0 belong&0xFF5FFF1F 0x47400010 MPEG transport stream data ->188 byte !0x47 CORRUPTED +# conti_count 4 bit - +0 belong&0xFF5FFF10 0x47400010 +>188 byte 0x47 MPEG transport stream data # DIF digital video file format 0 belong&0xffffff00 0x1f070000 DIF @@ -755,7 +755,7 @@ >0 byte x GameCube movie, >0x34 ubeshort x %d x >0x36 ubeshort x %d, ->0x26 ubeshort x %dµs, +>0x26 ubeshort x %dus, >0x42 ubeshort 0 no audio >0x42 ubeshort >0 %dHz audio @@ -789,25 +789,26 @@ # MPEG file # MPEG sequences -# FIXME: This section is from the old magic.mime file and needs integrating with the rest -0 belong 0x000001BA ->4 byte &0x40 -!:mime video/mp2p ->4 byte ^0x40 -!:mime video/mpeg -0 belong 0x000001BB -!:mime video/mpeg -0 belong 0x000001B0 -!:mime video/mp4v-es -0 belong 0x000001B5 -!:mime video/mp4v-es -0 belong 0x000001B3 -!:mime video/mpv -0 belong&0xFF5FFF1F 0x47400010 -!:mime video/mp2t -0 belong 0x00000001 ->4 byte&0x1F 0x07 -!:mime video/h264 +# FIXME: This section is from the old magic.mime file and needs +# integrating with the rest +#0 belong 0x000001BA +#>4 byte &0x40 +#!:mime video/mp2p +#>4 byte ^0x40 +#!:mime video/mpeg +#0 belong 0x000001BB +#!:mime video/mpeg +#0 belong 0x000001B0 +#!:mime video/mp4v-es +#0 belong 0x000001B5 +#!:mime video/mp4v-es +#0 belong 0x000001B3 +#!:mime video/mpv +#0 belong&0xFF5FFF10 0x47400010 +#!:mime video/mp2t +#0 belong 0x00000001 +#>4 byte&0x1F 0x07 +#!:mime video/h264 # Type: Bink Video # Extension: .bik diff --git a/contrib/file/magic/Magdir/aout b/contrib/file/magic/Magdir/aout new file mode 100644 index 0000000000..69b6ec60d8 --- /dev/null +++ b/contrib/file/magic/Magdir/aout @@ -0,0 +1,46 @@ + +#------------------------------------------------------------------------------ +# $File: aout,v 1.1 2013/01/09 22:37:23 christos Exp $ +# aout: file(1) magic for a.out executable/object/etc entries that +# handle executables on multiple platforms. +# + +# +# Little-endian 32-bit-int a.out, merged from bsdi (for BSD/OS, from +# BSDI), netbsd, and vax (for UNIX/32V and BSD) +# +# XXX - is there anything we can look at to distinguish BSD/OS 386 from +# NetBSD 386 from various VAX binaries? The BSD/OS shared library flag +# works only for binaries using shared libraries. Grabbing the entry +# point from the a.out header, using it to find the first code executed +# in the program, and looking at that might help. +# +0 lelong 0407 a.out little-endian 32-bit executable +>16 lelong >0 not stripped +>32 byte 0x6a (uses BSD/OS shared libs) + +0 lelong 0410 a.out little-endian 32-bit pure executable +>16 lelong >0 not stripped +>32 byte 0x6a (uses BSD/OS shared libs) + +0 lelong 0413 a.out little-endian 32-bit demand paged pure executable +>16 lelong >0 not stripped +>32 byte 0x6a (uses BSD/OS shared libs) + +# +# Big-endian 32-bit-int a.out, merged from sun (for old 68010 SunOS a.out), +# mips (for old 68020(!) SGI a.out), and netbsd (for old big-endian a.out). +# +# XXX - is there anything we can look at to distinguish old SunOS 68010 +# from old 68020 IRIX from old NetBSD? Again, I guess we could look at +# the first instruction or instructions in the program. +# +0 belong 0407 a.out big-endian 32-bit executable +>16 belong >0 not stripped + +0 belong 0410 a.out big-endian 32-bit pure executable +>16 belong >0 not stripped + +0 belong 0413 a.out big-endian 32-bit demand paged executable +>16 belong >0 not stripped + diff --git a/contrib/file/magic/Magdir/apple b/contrib/file/magic/Magdir/apple index dad3eee925..633c01271b 100644 --- a/contrib/file/magic/Magdir/apple +++ b/contrib/file/magic/Magdir/apple @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: apple,v 1.24 2010/11/25 15:00:12 christos Exp $ +# $File: apple,v 1.27 2013/03/09 22:36:00 christos Exp $ # apple: file(1) magic for Apple file formats # 0 search/1/t FiLeStArTfIlEsTaRt binscii (apple ][) text @@ -106,8 +106,13 @@ # This is incredibly sloppy, but will be true if the program was # written at its usual memory location of 2048 and its first line # number is less than 256. Yuck. +# update by Joerg Jenderek at Feb 2013 -0 belong&0xff00ff 0x80000 Applesoft BASIC program data +# GRR: this test is still too general as it catches also Gujin BOOT144.SYS (0xfa080000) +#0 belong&0xff00ff 0x80000 Applesoft BASIC program data +0 belong&0x00ff00ff 0x00080000 +# assuming that line number must be positive +>2 leshort >0 Applesoft BASIC program data, first line number %d #>2 leshort x \b, first line number %d # ORCA/EZ assembler: @@ -249,3 +254,49 @@ # From: "Nelson A. de Oliveira" # .vdi 4 string innotek\ VirtualBox\ Disk\ Image %s + +# Apple disk partition stuff, strengthen the magic using byte 4 +0 beshort 0x4552 +>4 byte 0 Apple Driver Map +>>2 beshort x \b, blocksize %d +>>4 belong x \b, blockcount %d +>>10 beshort x \b, devtype %d +>>12 beshort x \b, devid %d +>>20 beshort x \b, descriptors %d +# Assume 8 partitions each at a multiple of the sector size. +# We could glean this from the partition descriptors, but they are empty!?!? +>>(2.S*1) indirect \b, contains[@0x%x]: +>>(2.S*2) indirect \b, contains[@0x%x]: +>>(2.S*3) indirect \b, contains[@0x%x]: +>>(2.S*4) indirect \b, contains[@0x%x]: +>>(2.S*5) indirect \b, contains[@0x%x]: +>>(2.S*6) indirect \b, contains[@0x%x]: +>>(2.S*7) indirect \b, contains[@0x%x]: +>>(2.S*8) indirect \b, contains[@0x%x]: + +# Yes, the 3rd and 4th bytes are reserved, but we use them to make the +# magic stronger. +0 belong 0x504d0000 Apple Partition Map +>4 belong x \b, map block count %d +>8 belong x \b, start block %d +>12 belong x \b, block count %d +>16 string >0 \b, name %s +>48 string >0 \b, type %s +>124 string >0 \b, processor %s +>140 string >0 \b, boot arguments %s +>92 belong & 1 \b, valid +>92 belong & 2 \b, allocated +>92 belong & 4 \b, in use +>92 belong & 8 \b, has boot info +>92 belong & 16 \b, readable +>92 belong & 32 \b, writable +>92 belong & 64 \b, pic boot code +>92 belong & 128 \b, chain compatible driver +>92 belong & 256 \b, real driver +>92 belong & 512 \b, chain driver +>92 belong & 1024 \b, mount at startup +>92 belong & 2048 \b, is the startup partition + +#http://wiki.mozilla.org/DS_Store_File_Format` +#http://en.wikipedia.org/wiki/.DS_Store +0 string \0\0\0\1Bud1\0 Apple Desktop Services Store diff --git a/contrib/file/magic/Magdir/archive b/contrib/file/magic/Magdir/archive index 2ff3323c40..32f8592f9f 100644 --- a/contrib/file/magic/Magdir/archive +++ b/contrib/file/magic/Magdir/archive @@ -1,5 +1,5 @@ #------------------------------------------------------------------------------ -# $File: archive,v 1.70 2011/10/26 15:44:47 christos Exp $ +# $File: archive,v 1.82 2014/03/14 18:47:29 christos Exp $ # archive: file(1) magic for archive formats (see also "msdos" for self- # extracting compressed archives) # @@ -36,12 +36,66 @@ 0 string 070701 ASCII cpio archive (SVR4 with no CRC) 0 string 070702 ASCII cpio archive (SVR4 with CRC) -# Debian package (needs to go before regular portable archives) +# +# Various archive formats used by various versions of the "ar" +# command. +# + +# +# Original UNIX archive formats. +# They were written with binary values in host byte order, and +# the magic number was a host "int", which might have been 16 bits +# or 32 bits. We don't say "PDP-11" or "VAX", as there might have +# been ports to little-endian 16-bit-int or 32-bit-int platforms +# (x86?) using some of those formats; if none existed, feel free +# to use "PDP-11" for little-endian 16-bit and "VAX" for little-endian +# 32-bit. There might have been big-endian ports of that sort as +# well. +# +0 leshort 0177555 very old 16-bit-int little-endian archive +0 beshort 0177555 very old 16-bit-int big-endian archive +0 lelong 0177555 very old 32-bit-int little-endian archive +0 belong 0177555 very old 32-bit-int big-endian archive + +0 leshort 0177545 old 16-bit-int little-endian archive +>2 string __.SYMDEF random library +0 beshort 0177545 old 16-bit-int big-endian archive +>2 string __.SYMDEF random library +0 lelong 0177545 old 32-bit-int little-endian archive +>4 string __.SYMDEF random library +0 belong 0177545 old 32-bit-int big-endian archive +>4 string __.SYMDEF random library + +# +# From "pdp" (but why a 4-byte quantity?) +# +0 lelong 0x39bed PDP-11 old archive +0 lelong 0x39bee PDP-11 4.0 archive + +# +# XXX - what flavor of APL used this, and was it a variant of +# some ar archive format? It's similar to, but not the same +# as, the APL workspace magic numbers in pdp. +# +0 long 0100554 apl workspace + +# +# System V Release 1 portable(?) archive format. +# +0 string = System V Release 1 ar archive +!:mime application/x-archive + +# +# Debian package; it's in the portable archive format, and needs to go +# before the entry for regular portable archives, as it's recognized as +# a portable archive whose first member has a name beginning with +# "debian". # 0 string =!\ndebian -!:mime application/x-debian-package >8 string debian-split part of multipart Debian package +!:mime application/x-debian-package >8 string debian-binary Debian binary package +!:mime application/x-debian-package >8 string !debian >68 string >\0 (format %s) # These next two lines do not work, because a bzip2 Debian archive @@ -53,18 +107,14 @@ #>84 string gz \b, uses gzip compression #>136 ledate x created: %s -# other archives -0 long 0177555 very old archive -0 short 0177555 very old PDP-11 archive -0 long 0177545 old archive -0 short 0177545 old PDP-11 archive -0 long 0100554 apl workspace -0 string = archive -!:mime application/x-archive - -# MIPS archive (needs to go before regular portable archives) +# +# MIPS archive; they're in the portable archive format, and need to go +# before the entry for regular portable archives, as it's recognized as +# a portable archive whose first member has a name beginning with +# "__________E". # 0 string =!\n__________E MIPS archive +!:mime application/x-archive >20 string U with MIPS Ucode members >21 string L with MIPSEL members >21 string B with MIPSEB members @@ -75,56 +125,20 @@ 0 search/1 -h- Software Tools format archive text # -# XXX - why are there multiple thingies? Note that 0x213c6172 is -# "! current ar archive -# 0 long 0x213c6172 archive file -# -# and for SVR1 archives, we have: -# -# 0 string \ System V Release 1 ar archive -# 0 string = archive -# -# XXX - did Aegis really store shared libraries, breakpointed modules, -# and absolute code program modules in the same format as new-style -# "ar" archives? +# BSD/SVR2-and-later portable archive formats. # 0 string =! current ar archive !:mime application/x-archive >8 string __.SYMDEF random library ->0 belong =65538 - pre SR9.5 ->0 belong =65539 - post SR9.5 ->0 beshort 2 - object archive ->0 beshort 3 - shared library module ->0 beshort 4 - debug break-pointed module ->0 beshort 5 - absolute code program module -0 string \ System V Release 1 ar archive -0 string = archive -# -# XXX - from "vax", which appears to collect a bunch of byte-swapped -# thingies, to help you recognize VAX files on big-endian machines; -# with "leshort", "lelong", and "string", that's no longer necessary.... -# -0 belong 0x65ff0000 VAX 3.0 archive -0 belong 0x3c61723e VAX 5.0 archive -# -0 long 0x213c6172 archive file -0 lelong 0177555 very old VAX archive -0 leshort 0177555 very old PDP-11 archive -# -# XXX - "pdp" claims that 0177545 can have an __.SYMDEF member and thus -# be a random library (it said 0xff65 rather than 0177545). -# -0 lelong 0177545 old VAX archive ->8 string __.SYMDEF random library -0 leshort 0177545 old PDP-11 archive ->8 string __.SYMDEF random library +>68 string __.SYMDEF\ SORTED random library + # -# From "pdp" (but why a 4-byte quantity?) +# "Thin" archive, as can be produced by GNU ar. # -0 lelong 0x39bed PDP-11 old archive -0 lelong 0x39bee PDP-11 4.0 archive +0 string =!\n thin archive with +>68 belong 0 no symbol entries +>68 belong 1 %d symbol entry +>68 belong >1 %d symbol entries # ARC archiver, from Daniel Quinlan (quinlan@yggdrasil.com) # @@ -184,7 +198,10 @@ # SAR 3 string LH5 SAR archive data # BSArc/BS2 -0 string \212\3SB \0 BSArc/BS2 archive data +0 string \212\3SB\020\0 BSArc/BS2 archive data +# Bethesda Softworks Archive (Oblivion) +0 string BSA\0 BSArc archive data +>4 lelong x version %d # MAR 2 string =-ah MAR archive data # ACB @@ -209,7 +226,7 @@ # AMGC 0 string \xad6" AMGC archive data # NuLIB -0 string NõFélÃ¥ NuLIB archive data +0 string N\xc3\xb5F\xc3\xa9lx\xc3\xa5 NuLIB archive data # PakLeo 0 string LEOLZW PAKLeo archive data # ChArc @@ -221,7 +238,7 @@ # Freeze 0 string \x1f\x9f\x4a\x10\x0a Freeze archive data # KBoom -0 string ¨MP¨ KBoom archive data +0 string \xc2\xa8MP\xc2\xa8 KBoom archive data # NSQ, must go after CDC Codec 0 string \x76\xff NSQ archive data # DPA @@ -259,7 +276,7 @@ # MP3 (archiver, not lossy audio compression) 0 string MP3\x1a MP3-Archiver archive data # ZET -0 string OZÝ ZET archive data +0 string OZ\xc3\x9d ZET archive data # TSComp 0 string \x65\x5d\x13\x8c\x08\x01\x03\x00 TSComp archive data # ARQ @@ -290,7 +307,7 @@ # Xtreme 0 string ULEB\0 Xtreme archive data # Pack Magic -0 string @â\1\0 Pack Magic archive data +0 string @\xc3\xa2\1\0 Pack Magic archive data # BTS 0 belong&0xfeffffff 0x1a034465 BTS archive data # ELI 5750 @@ -426,7 +443,7 @@ # XPack Data 0 string xpa XPack archive data # XPack Single Data -0 string Í\ jm XPack single archive data +0 string \xc3\x8d\ jm XPack single archive data # TODO: missing due to unknown magic/magic at end of file: #DWC @@ -571,6 +588,7 @@ !:mime application/zip # Zip archives (Greg Roelofs, c/o zip-bugs@wkuvx1.wku.edu) +0 string PK\005\006 Zip archive data (empty) 0 string PK\003\004 # Specialised zip formats which start with a member named 'mimetype' @@ -660,11 +678,10 @@ !:mime application/vnd.oasis.opendocument.image-template # EPUB (OEBPS) books using OCF (OEBPS Container Format) -# From: Adam Buchbinder # http://www.idpf.org/ocf/ocf1.0/download/ocf10.htm, section 4. -# (mimetype contains "application/epub+zip") ->>50 string epub+zip EPUB ebook data -!:mime application/epub+zip +# From: Ralf Brown +>>50 string epub+zip EPUB document +!:mime application/epub+zip # Catch other ZIP-with-mimetype formats # In a ZIP file, the bytes immediately after a member's contents are @@ -684,16 +701,21 @@ >>>38 regex [!-OQ-~]+ Zip data (MIME type "%s"?) !:mime application/zip +# Java Jar files +>(26.s+30) leshort 0xcafe Java archive data (JAR) +!:mime application/java-archive + # Generic zip archives (Greg Roelofs, c/o zip-bugs@wkuvx1.wku.edu) # Next line excludes specialized formats: ->26 string !\x8\0\0\0mimetype Zip archive data +>(26.s+30) leshort !0xcafe +>>26 string !\x8\0\0\0mimetype Zip archive data !:mime application/zip ->>4 byte 0x09 \b, at least v0.9 to extract ->>4 byte 0x0a \b, at least v1.0 to extract ->>4 byte 0x0b \b, at least v1.1 to extract ->>4 byte 0x14 \b, at least v2.0 to extract ->>4 byte 0x2d \b, at least v3.0 to extract ->>0x161 string WINZIP \b, WinZIP self-extracting +>>>4 byte 0x09 \b, at least v0.9 to extract +>>>4 byte 0x0a \b, at least v1.0 to extract +>>>4 byte 0x0b \b, at least v1.1 to extract +>>>4 byte 0x14 \b, at least v2.0 to extract +>>>4 byte 0x2d \b, at least v3.0 to extract +>>>0x161 string WINZIP \b, WinZIP self-extracting # StarView Metafile # From Pierre Ducroquet @@ -884,14 +906,8 @@ # archive must be an uncompressed file called 'mimetype' with contents # 'application/epub+zip' -# start by checking that this is a ZIP archive, then check for the -# proper mimetype file -# From: Ralf Brown -0 string PK\003\004 ->0x1E string mimetypeapplication/epub+zip EPUB document -!:mime application/epub+zip -# From: "Michał Górny" +# From: "Michael Gorny" # ZPAQ: http://mattmahoney.net/dc/zpaq.html 0 string zPQ ZPAQ stream >3 byte x \b, level %d diff --git a/contrib/file/magic/Magdir/assembler b/contrib/file/magic/Magdir/assembler index 90aa4ca65c..805a326beb 100644 --- a/contrib/file/magic/Magdir/assembler +++ b/contrib/file/magic/Magdir/assembler @@ -1,14 +1,18 @@ #------------------------------------------------------------------------------ -# $File: assembler,v 1.1 2011/12/08 12:12:46 rrt Exp $ +# $File: assembler,v 1.6 2013/12/11 14:14:20 christos Exp $ # make: file(1) magic for assembler source # -0 regex \^\.asciiz\? assembler source text +0 regex \^[\040\t]{0,50}\\.asciiz assembler source text !:mime text/x-asm -0 regex \^\.byte assembler source text +0 regex \^[\040\t]{0,50}\\.byte assembler source text !:mime text/x-asm -0 regex \^\.even assembler source text +0 regex \^[\040\t]{0,50}\\.even assembler source text !:mime text/x-asm -0 regex \^\.globl assembler source text +0 regex \^[\040\t]{0,50}\\.globl assembler source text !:mime text/x-asm -0 regex \^\.text assembler source text +0 regex \^[\040\t]{0,50}\\.text assembler source text +!:mime text/x-asm +0 regex \^[\040\t]{0,50}\\.file assembler source text +!:mime text/x-asm +0 regex \^[\040\t]{0,50}\\.type assembler source text !:mime text/x-asm diff --git a/contrib/file/magic/Magdir/audio b/contrib/file/magic/Magdir/audio index 0cbe259032..ced932480e 100644 --- a/contrib/file/magic/Magdir/audio +++ b/contrib/file/magic/Magdir/audio @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: audio,v 1.64 2012/02/20 16:37:34 christos Exp $ +# $File: audio,v 1.68 2013/12/02 13:32:26 christos Exp $ # audio: file(1) magic for sound formats (see also "iff") # # Jan Nicolai Langfeldt (janl@ifi.uio.no), Dan Quinlan (quinlan@yggdrasil.com), @@ -512,7 +512,7 @@ >>12 ulelong x \b, sample rate %d # adlib sound files -# From Gürkan Sengün , http://www.linuks.mine.nu +# From Gurkan Sengun , http://www.linuks.mine.nu 0 string RAWADATA RdosPlay RAW 1068 string RoR AMUSIC Adlib Tracker @@ -571,6 +571,7 @@ # musepak support From: "Jiri Pejchal" 0 string MP+ Musepack audio +!:mime audio/x-musepack >3 byte 255 \b, SV pre8 >3 byte&0xF 0x6 \b, SV 6 >3 byte&0xF 0x8 \b, SV 8 @@ -636,3 +637,66 @@ # URL: http://wiki.multimedia.cx/index.php?title=WavPack # From: Mike Melanson 0 string wvpk WavPack Lossless Audio + +# From Fábio R. Schmidlin +# VGM music file +0 string Vgm\ +>9 ubyte >0 VGM Video Game Music dump v +>>9 ubyte/16 >0 \b%d +>>9 ubyte&0x0F x \b%d +>>8 ubyte/16 x \b.%d +>>8 ubyte&0x0F >0 \b%d +#Get soundchips +>>8 ubyte x \b, soundchip(s)= +>>0x0C ulelong >0 SN76489, +>>0x10 ulelong >0 YM2413, +>>0x2C ulelong >0 YM2612, +>>0x30 ulelong >0 YM2151, +>>0x38 ulelong >0 Sega PCM, +>>0x34 ulelong >0xC +>>>0x40 ulelong >0 RF5C68, +>>0x34 ulelong >0x10 +>>>0x44 ulelong >0 YM2203, +>>0x34 ulelong >0x14 +>>>0x48 ulelong >0 YM2608, +>>0x34 ulelong >0x18 +>>>0x4C lelong >0 YM2610, +>>>0x4C lelong <0 YM2610B, +>>0x34 ulelong >0x1C +>>>0x50 ulelong >0 YM3812, +>>0x34 ulelong >0x20 +>>>0x54 ulelong >0 YM3526, +>>0x34 ulelong >0x24 +>>>0x58 ulelong >0 Y8950, +>>0x34 ulelong >0x28 +>>>0x5C ulelong >0 YMF262, +>>0x34 ulelong >0x2C +>>>0x60 ulelong >0 YMF278B, +>>0x34 ulelong >0x30 +>>>0x64 ulelong >0 YMF271, +>>0x34 ulelong >0x34 +>>>0x68 ulelong >0 YMZ280B, +>>0x34 ulelong >0x38 +>>>0x6C ulelong >0 RF5C164, +>>0x34 ulelong >0x3C +>>>0x70 ulelong >0 PWM, +>>0x34 ulelong >0x40 +>>>0x74 ulelong >0 +>>>>0x78 ubyte 0x00 AY-3-8910, +>>>>0x78 ubyte 0x01 AY-3-8912, +>>>>0x78 ubyte 0x02 AY-3-8913, +>>>>0x78 ubyte 0x03 AY-3-8930, +>>>>0x78 ubyte 0x10 YM2149, +>>>>0x78 ubyte 0x11 YM3439, + +# GVOX Encore file format +# Since this is a proprietary file format and there is no publicly available +# format specification, this is just based on induction +# +0 string SCOW +>4 byte 0xc4 GVOX Encore music, version 5.0 or above +>4 byte 0xc2 GVOX Encore music, version < 5.0 + +0 string ZBOT +>4 byte 0xc5 GVOX Encore music, version < 5.0 + diff --git a/contrib/file/magic/Magdir/blackberry b/contrib/file/magic/Magdir/blackberry new file mode 100644 index 0000000000..4a61d4e98c --- /dev/null +++ b/contrib/file/magic/Magdir/blackberry @@ -0,0 +1,8 @@ + +#------------------------------------------------------------------------------ +# $File: blackberry,v 1.1 2014/01/31 01:51:32 christos Exp $ +# blackberry: file(1) magic for BlackBerry file formats +# +5 belong 0 +>8 belong 010010010 BlackBerry RIM ETP file +>>22 string x \b for %s diff --git a/contrib/file/magic/Magdir/bsdi b/contrib/file/magic/Magdir/bsdi index be16e3a1a2..e8a6c358cf 100644 --- a/contrib/file/magic/Magdir/bsdi +++ b/contrib/file/magic/Magdir/bsdi @@ -1,25 +1,15 @@ #------------------------------------------------------------------------------ -# $File: bsdi,v 1.5 2009/09/19 16:28:08 christos Exp $ +# $File: bsdi,v 1.6 2013/01/09 22:37:24 christos Exp $ # bsdi: file(1) magic for BSD/OS (from BSDI) objects +# Some object/executable formats use the same magic numbers as are used +# in other OSes; those are handled by entries in aout. # 0 lelong 0314 386 compact demand paged pure executable >16 lelong >0 not stripped >32 byte 0x6a (uses shared libs) -0 lelong 0407 386 executable ->16 lelong >0 not stripped ->32 byte 0x6a (uses shared libs) - -0 lelong 0410 386 pure executable ->16 lelong >0 not stripped ->32 byte 0x6a (uses shared libs) - -0 lelong 0413 386 demand paged pure executable ->16 lelong >0 not stripped ->32 byte 0x6a (uses shared libs) - # same as in SunOS 4.x, except for static shared libraries 0 belong&077777777 0600413 sparc demand paged >0 byte &0x80 diff --git a/contrib/file/magic/Magdir/c-lang b/contrib/file/magic/Magdir/c-lang index 066562760a..cd17648a0e 100644 --- a/contrib/file/magic/Magdir/c-lang +++ b/contrib/file/magic/Magdir/c-lang @@ -1,5 +1,5 @@ #------------------------------------------------------------------------------ -# $File: c-lang,v 1.16 2011/12/09 08:02:16 rrt Exp $ +# $File: c-lang,v 1.18 2013/08/14 13:06:43 christos Exp $ # c-lang: file(1) magic for C and related languages programs # @@ -12,37 +12,37 @@ # C 0 regex \^#include C source text !:mime text/x-c -0 regex \^char C source text +0 regex \^char[\ \t\n]+ C source text !:mime text/x-c -0 regex \^double C source text +0 regex \^double[\ \t\n]+ C source text !:mime text/x-c -0 regex \^extern C source text +0 regex \^extern[\ \t\n]+ C source text !:mime text/x-c -0 regex \^float C source text +0 regex \^float[\ \t\n]+ C source text !:mime text/x-c -0 regex \^struct C source text +0 regex \^struct[\ \t\n]+ C source text !:mime text/x-c -0 regex \^union C source text +0 regex \^union[\ \t\n]+ C source text !:mime text/x-c 0 search/8192 main( C source text !:mime text/x-c # C++ # The strength of these rules is increased so they beat the C rules above -0 regex \^template C++ source text -!:strength + 10 +0 regex \^template[\ \t\n]+ C++ source text +!:strength + 5 !:mime text/x-c++ -0 regex \^virtual C++ source text -!:strength + 10 +0 regex \^virtual[\ \t\n]+ C++ source text +!:strength + 5 !:mime text/x-c++ -0 regex \^class C++ source text -!:strength + 10 +0 regex \^class[\ \t\n]+ C++ source text +!:strength + 5 !:mime text/x-c++ 0 regex \^public: C++ source text -!:strength + 10 +!:strength + 5 !:mime text/x-c++ 0 regex \^private: C++ source text -!:strength + 10 +!:strength + 5 !:mime text/x-c++ # From: Mikhail Teterin diff --git a/contrib/file/magic/Magdir/cad b/contrib/file/magic/Magdir/cad index cc4ef343d8..9b09fd7a19 100644 --- a/contrib/file/magic/Magdir/cad +++ b/contrib/file/magic/Magdir/cad @@ -1,16 +1,9 @@ #------------------------------------------------------------------------------ -# $File: cad,v 1.11 2011/12/08 12:12:46 rrt Exp $ +# $File: cad,v 1.13 2014/03/23 18:05:38 christos Exp $ # autocad: file(1) magic for cad files # -# AutoCAD DWG versions R13/R14 (www.autodesk.com) -# Written December 01, 2003 by Lester Hightower -# Based on the DWG File Format Specifications at http://www.opendwg.org/ -0 string \101\103\061\060\061 AutoCAD ->5 string \062\000\000\000\000 DWG ver. R13 ->5 string \064\000\000\000\000 DWG ver. R14 - # Microstation DGN/CIT Files (www.bentley.com) # Last updated July 29, 2005 by Lester Hightower # DGN is the default file extension of Microstation/Intergraph CAD files. @@ -49,19 +42,62 @@ >4 string \030\000\000 CITFile >4 string \030\000\003 CITFile +# AutoCAD +# Merge of the different contributions and updates from http://en.wikipedia.org/wiki/Dwg +# and http://www.iana.org/assignments/media-types/image/vnd.dwg +0 string MC0.0 DWG AutoDesk AutoCAD Release 1.0 +!:mime image/vnd.dwg +0 string AC1.2 DWG AutoDesk AutoCAD Release 1.2 +!:mime image/vnd.dwg +0 string AC1.3 DWG AutoDesk AutoCAD Release 1.3 +!:mime image/vnd.dwg +0 string AC1.40 DWG AutoDesk AutoCAD Release 1.40 +!:mime image/vnd.dwg +0 string AC1.50 DWG AutoDesk AutoCAD Release 2.05 +!:mime image/vnd.dwg +0 string AC2.10 DWG AutoDesk AutoCAD Release 2.10 +!:mime image/vnd.dwg +0 string AC2.21 DWG AutoDesk AutoCAD Release 2.21 +!:mime image/vnd.dwg +0 string AC2.22 DWG AutoDesk AutoCAD Release 2.22 +!:mime image/vnd.dwg +0 string AC1001 DWG AutoDesk AutoCAD Release 2.22 +!:mime image/vnd.dwg +0 string AC1002 DWG AutoDesk AutoCAD Release 2.50 +!:mime image/vnd.dwg +0 string AC1003 DWG AutoDesk AutoCAD Release 2.60 +!:mime image/vnd.dwg +0 string AC1004 DWG AutoDesk AutoCAD Release 9 +!:mime image/vnd.dwg +0 string AC1006 DWG AutoDesk AutoCAD Release 10 +!:mime image/vnd.dwg +0 string AC1009 DWG AutoDesk AutoCAD Release 11/12 +!:mime image/vnd.dwg +# AutoCAD DWG versions R13/R14 (www.autodesk.com) +# Written December 01, 2003 by Lester Hightower +# Based on the DWG File Format Specifications at http://www.opendwg.org/ # AutoCad, from Nahuel Greco # AutoCAD DWG versions R12/R13/R14 (www.autodesk.com) -0 string AC1012 DWG AutoDesk AutoCad (release 12) -0 string AC1013 DWG AutoDesk AutoCad (release 13) -0 string AC1014 DWG AutoDesk AutoCad (release 14) +0 string AC1012 DWG AutoDesk AutoCAD Release 13 +!:mime image/vnd.dwg +0 string AC1014 DWG AutoDesk AutoCAD Release 14 +!:mime image/vnd.dwg +0 string AC1015 DWG AutoDesk AutoCAD 2000/2002 +!:mime image/vnd.dwg + # A new version of AutoCAD DWG # Sergey Zaykov (mail_of_sergey@mail.ru, sergey_zaikov@rambler.ru, # ICQ 358572321) # From various sources like: # http://autodesk.blogs.com/between_the_lines/autocad-release-history.html -0 string AC1018 DWG AutoDesk AutoCAD 2004/2005/2006 -0 string AC1021 DWG AutoDesk AutoCAD 2007/2008/2009 -0 string AC1024 DWG AutoDesk AutoCAD 2010/2011 +0 string AC1018 DWG AutoDesk AutoCAD 2004/2005/2006 +!:mime image/vnd.dwg +0 string AC1021 DWG AutoDesk AutoCAD 2007/2008/2009 +!:mime image/vnd.dwg +0 string AC1024 DWG AutoDesk AutoCAD 2010/2011/2012 +!:mime image/vnd.dwg +0 string AC1027 DWG AutoDesk AutoCAD 2013/2014 +!:mime image/vnd.dwg # KOMPAS 2D drawing from ASCON # This is KOMPAS 2D drawing or fragment of drawing but is not detailed nor @@ -110,9 +146,11 @@ 0 beshort 0x0809 Bentley/Intergraph MicroStation >0x02 byte 0xfe >>0x04 beshort 0x1800 CIT raster CAD -0 string AC1012 AutoDesk AutoCAD R13 -0 string AC1014 AutoDesk AutoCAD R14 -0 string AC1015 AutoDesk AutoCAD R2000 # 3DS (3d Studio files) Conflicts with diff output 0x3d '=' #16 beshort 0x3d3d image/x-3ds + +# MegaCAD 2D/3D drawing (.prt) +# http://megacad.de/ +# From: Markus Heidelberg +0 string MegaCad23\0 MegaCAD 2D/3D drawing diff --git a/contrib/file/magic/Magdir/cafebabe b/contrib/file/magic/Magdir/cafebabe index 6400e2f3b0..0afcb8dc55 100644 --- a/contrib/file/magic/Magdir/cafebabe +++ b/contrib/file/magic/Magdir/cafebabe @@ -1,22 +1,23 @@ #------------------------------------------------------------------------------ -# $File: cafebabe,v 1.8 2009/09/19 16:28:08 christos Exp $ +# $File: cafebabe,v 1.15 2014/03/14 18:47:29 christos Exp $ # Cafe Babes unite! # -# Since Java bytecode and Mach-O fat-files have the same magic number, the test -# must be performed in the same "magic" sequence to get both right. The long -# at offset 4 in a mach-O fat file tells the number of architectures; the short at -# offset 4 in a Java bytecode file is the JVM minor version and the -# short at offset 6 is the JVM major version. Since there are only +# Since Java bytecode and Mach-O universal binaries have the same magic number, +# the test must be performed in the same "magic" sequence to get both right. +# The long at offset 4 in a Mach-O universal binary tells the number of +# architectures; the short at offset 4 in a Java bytecode file is the JVM minor +# version and the short at offset 6 is the JVM major version. Since there are only # only 18 labeled Mach-O architectures at current, and the first released # Java class format was version 43.0, we can safely choose any number # between 18 and 39 to test the number of architectures against # (and use as a hack). Let's not use 18, because the Mach-O people # might add another one or two as time goes by... # +### JAVA START ### 0 belong 0xcafebabe -!:mime application/x-java-applet >4 belong >30 compiled Java class data, +!:mime application/x-java-applet >>6 beshort x version %d. >>4 beshort x \b%d # Which is which? @@ -28,13 +29,35 @@ >>4 belong 0x0031 (Java 1.5) >>4 belong 0x0032 (Java 1.6) +0 belong 0xcafed00d JAR compressed with pack200, +>5 byte x version %d. +>4 byte x \b%d +!:mime application/x-java-pack200 -0 belong 0xcafebabe ->4 belong 1 Mach-O fat file with 1 architecture ->4 belong >1 ->>4 belong <20 Mach-O fat file with %ld architectures 0 belong 0xcafed00d JAR compressed with pack200, ->>5 byte x version %d. ->>4 byte x \b%d +>5 byte x version %d. +>4 byte x \b%d !:mime application/x-java-pack200 + +### JAVA END ### +### MACH-O START ### + +0 name mach-o \b [ +>0 use mach-o-cpu \b +>&(8.L) indirect \b: +>0 belong x \b] + +0 belong 0xcafebabe +>4 belong 1 Mach-O universal binary with 1 architecture: +>>8 use mach-o \b +>4 belong >1 +>>4 belong <20 Mach-O universal binary with %ld architectures: +>>>8 use mach-o \b +>>>28 use mach-o \b +>>4 belong >2 +>>>48 use mach-o \b +>>4 belong >3 +>>>68 use mach-o \b + +### MACH-O END ### diff --git a/contrib/file/magic/Magdir/claris b/contrib/file/magic/Magdir/claris index a2b120a834..3f447bc22b 100644 --- a/contrib/file/magic/Magdir/claris +++ b/contrib/file/magic/Magdir/claris @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: claris,v 1.5 2009/09/19 16:28:08 christos Exp $ +# $File: claris,v 1.6 2012/06/20 21:19:05 christos Exp $ # claris: file(1) magic for claris # "H. Nanosecond" # Claris Works a word processor, etc. @@ -11,10 +11,10 @@ #* #0001000 #010 250 377 377 377 377 000 213 000 230 000 021 002 377 014 000 #null to byte 1000 octal -514 string \377\377\377\377\000 Claris clip art? ->0 string \0\0\0\0\0\0\0\0\0\0\0\0\0 yes. -514 string \377\377\377\377\001 Claris clip art? ->0 string \0\0\0\0\0\0\0\0\0\0\0\0\0 yes. +514 string \377\377\377\377\000 +>0 string \0\0\0\0\0\0\0\0\0\0\0\0\0 Claris clip art +514 string \377\377\377\377\001 +>0 string \0\0\0\0\0\0\0\0\0\0\0\0\0 Claris clip art # Claris works files # .cwk diff --git a/contrib/file/magic/Magdir/commands b/contrib/file/magic/Magdir/commands index 4fb151f329..670bbe29d4 100644 --- a/contrib/file/magic/Magdir/commands +++ b/contrib/file/magic/Magdir/commands @@ -1,16 +1,23 @@ #------------------------------------------------------------------------------ -# $File: commands,v 1.42 2011/12/05 23:14:02 rrt Exp $ +# $File: commands,v 1.48 2014/03/04 12:20:42 kim Exp $ # commands: file(1) magic for various shells and interpreters # #0 string/w : shell archive or script for antique kernel text 0 string/wt #!\ /bin/sh POSIX shell script text executable !:mime text/x-shellscript +0 string/wb #!\ /bin/sh POSIX shell script executable (binary data) +!:mime text/x-shellscript + 0 string/wt #!\ /bin/csh C shell script text executable !:mime text/x-shellscript + # korn shell magic, sent by George Wu, gwu@clyde.att.com 0 string/wt #!\ /bin/ksh Korn shell script text executable !:mime text/x-shellscript +0 string/wb #!\ /bin/ksh Korn shell script executable (binary data) +!:mime text/x-shellscript + 0 string/wt #!\ /bin/tcsh Tenex C shell script text executable !:mime text/x-shellscript 0 string/wt #!\ /usr/bin/tcsh Tenex C shell script text executable @@ -49,7 +56,7 @@ !:mime text/x-awk 0 string/wt #!\ /usr/bin/awk awk script text executable !:mime text/x-awk -0 regex =^\\s*BEGIN\\s*[{] awk script text +0 regex =^\\s{0,100}BEGIN\\s{0,100}[{] awk script text # AT&T Bell Labs' Plan 9 shell 0 string/wt #!\ /bin/rc Plan 9 rc shell script text executable @@ -57,27 +64,38 @@ # bash shell magic, from Peter Tobias (tobias@server.et-inf.fho-emden.de) 0 string/wt #!\ /bin/bash Bourne-Again shell script text executable !:mime text/x-shellscript +0 string/wb #!\ /bin/bash Bourne-Again shell script executable (binary data) +!:mime text/x-shellscript 0 string/wt #!\ /usr/bin/bash Bourne-Again shell script text executable !:mime text/x-shellscript +0 string/wb #!\ /usr/bin/bash Bourne-Again shell script executable (binary data) +!:mime text/x-shellscript 0 string/wt #!\ /usr/local/bash Bourne-Again shell script text executable !:mime text/x-shellscript +0 string/wb #!\ /usr/local/bash Bourne-Again shell script executable (binary data) +!:mime text/x-shellscript 0 string/wt #!\ /usr/local/bin/bash Bourne-Again shell script text executable !:mime text/x-shellscript +0 string/wb #!\ /usr/local/bin/bash Bourne-Again shell script executable (binary data) +!:mime text/x-shellscript # PHP scripts # Ulf Harnhammar 0 search/1/c = +# Elan Ruusamae 0 string =24 regex [0-9.]+ \b, version %s !:mime text/x-php diff --git a/contrib/file/magic/Magdir/compress b/contrib/file/magic/Magdir/compress index 94c209d761..15602de2ca 100644 --- a/contrib/file/magic/Magdir/compress +++ b/contrib/file/magic/Magdir/compress @@ -1,5 +1,5 @@ #------------------------------------------------------------------------------ -# $File: compress,v 1.49 2011/12/07 22:04:27 christos Exp $ +# $File: compress,v 1.54 2014/03/14 18:47:29 christos Exp $ # compress: file(1) magic for pure-compression formats (no archives) # # compress, gzip, pack, compact, huf, squeeze, crunch, freeze, yabba, etc. @@ -22,6 +22,7 @@ # other than 8 ("deflate", the only method defined in RFC 1952). 0 string \037\213 gzip compressed data !:mime application/x-gzip +!:strength * 2 >2 byte <8 \b, reserved method >2 byte >8 \b, unknown method >3 byte &0x01 \b, ASCII @@ -30,6 +31,10 @@ >3 byte&0xC =0x08 >>10 string x \b, was "%s" >3 byte &0x10 \b, has comment +>3 byte &0x20 \b, encrypted +>4 ledate >0 \b, last modified: %s +>8 byte 2 \b, max compression +>8 byte 4 \b, max speed >9 byte =0x00 \b, from FAT filesystem (MS-DOS, OS/2, NT) >9 byte =0x01 \b, from Amiga >9 byte =0x02 \b, from VMS @@ -44,11 +49,6 @@ >9 byte =0x0B \b, from NTFS filesystem (NT) >9 byte =0x0C \b, from QDOS >9 byte =0x0D \b, from Acorn RISCOS ->3 byte &0x10 \b, comment ->3 byte &0x20 \b, encrypted ->4 ledate >0 \b, last modified: %s ->8 byte 2 \b, max compression ->8 byte 4 \b, max speed # packed data, Huffman (minimum redundancy) codes on a byte-by-byte basis 0 string \037\036 packed data @@ -191,10 +191,13 @@ # Type: LZMA 0 lelong&0xffffff =0x5d ->12 leshort =0xff LZMA compressed data, +>12 leshort 0xff LZMA compressed data, +!:mime application/x-lzma +>>5 lequad =0xffffffffffffffff streamed +>>5 lequad !0xffffffffffffffff non-streamed, size %lld +>12 leshort 0 LZMA compressed data, >>5 lequad =0xffffffffffffffff streamed >>5 lequad !0xffffffffffffffff non-streamed, size %lld -!:mime application/x-lzma # http://tukaani.org/xz/xz-file-format.txt 0 ustring \xFD7zXZ\x00 XZ compressed data @@ -206,6 +209,12 @@ >5 byte x \b.%d !:mime application/x-lrzip +# http://fastcompression.blogspot.fi/2013/04/lz4-streaming-format-final.html +0 lelong 0x184d2204 LZ4 compressed data +!:mime application/x-lz4 +0 lelong 0x184c2102 LZ4 compressed data, legacy format +!:mime application/x-lz4 + # AFX compressed files (Wolfram Kleff) 2 string -afx- AFX compressed file data @@ -229,3 +238,9 @@ >6 byte >-1 %i) >7 long >0 , original size: %i bytes >15 long >30 , block size: %i bytes + +# Valve Pack (VPK) files +0 lelong 0x55aa1234 Valve Pak file +>0x4 lelong x \b, version %u +>0x8 lelong x \b, %u entries + diff --git a/contrib/file/magic/Magdir/console b/contrib/file/magic/Magdir/console index 573dd15fd5..27227a4126 100644 --- a/contrib/file/magic/Magdir/console +++ b/contrib/file/magic/Magdir/console @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: console,v 1.18 2010/09/20 19:19:17 rrt Exp $ +# $File: console,v 1.19 2013/02/06 14:18:52 christos Exp $ # Console game magic # Toby Deshane # ines: file(1) magic for Marat's iNES Nintendo Entertainment System @@ -137,7 +137,7 @@ >113 string x (%s) #------------------------------------------------------------------------------ -# Microsoft Xbox executables .xbe (Esa Hyytiä ) +# Microsoft Xbox executables .xbe (Esa Hyytia ) 0 string XBEH XBE, Microsoft Xbox executable # probabilistic checks whether signed or not >0x0004 ulelong =0x0 @@ -177,7 +177,7 @@ # From: Serge van den Boom 0 string \x01ZZZZZ\x01 3DO "Opera" file system -# From Gürkan Sengün , www.linuks.mine.nu +# From Gurkan Sengun , www.linuks.mine.nu 0 string GBS Nintendo Gameboy Music/Audio Data 12 string GameBoy\ Music\ Module Nintendo Gameboy Music Module diff --git a/contrib/file/magic/Magdir/convex b/contrib/file/magic/Magdir/convex index 6141a82bba..6b28f768cc 100644 --- a/contrib/file/magic/Magdir/convex +++ b/contrib/file/magic/Magdir/convex @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: convex,v 1.7 2009/09/19 16:28:08 christos Exp $ +# $File: convex,v 1.8 2012/10/03 23:44:43 christos Exp $ # convex: file(1) magic for Convex boxes # # Convexes are big-endian. @@ -30,8 +30,6 @@ # The restore program uses these number to determine how the data is # to be extracted. # -24 belong =60011 dump format, 4.1 BSD or earlier -24 belong =60012 dump format, 4.2 or 4.3 BSD without IDC 24 belong =60013 dump format, 4.2 or 4.3 BSD (IDC compatible) 24 belong =60014 dump format, Convex Storage Manager by-reference dump # diff --git a/contrib/file/magic/Magdir/ctf b/contrib/file/magic/Magdir/ctf new file mode 100644 index 0000000000..37fdd1b60d --- /dev/null +++ b/contrib/file/magic/Magdir/ctf @@ -0,0 +1,23 @@ + +#-------------------------------------------------------------- +# ctf: file(1) magic for CTF (Common Trace Format) trace files +# +# Specs. available here: +#-------------------------------------------------------------- + +# CTF trace data +0 lelong 0xc1fc1fc1 Common Trace Format (CTF) trace data (LE) +0 belong 0xc1fc1fc1 Common Trace Format (CTF) trace data (BE) + +# CTF metadata (packetized) +0 lelong 0x75d11d57 Common Trace Format (CTF) packetized metadata (LE) +>35 byte x \b, v%d +>36 byte x \b.%d +0 belong 0x75d11d57 Common Trace Format (CTF) packetized metadata (BE) +>35 byte x \b, v%d +>36 byte x \b.%d + +# CTF metadata (plain text) +0 string /*\x20CTF\x20 Common Trace Format (CTF) plain text metadata +!:strength + 5 # this is to make sure we beat C +>&0 regex [0-9]+\.[0-9]+ \b, v%s diff --git a/contrib/file/magic/Magdir/cubemap b/contrib/file/magic/Magdir/cubemap new file mode 100644 index 0000000000..e2f87d8542 --- /dev/null +++ b/contrib/file/magic/Magdir/cubemap @@ -0,0 +1,8 @@ + +#------------------------------------------------------------------------------ +# $File: cubemap,v 1.1 2012/06/06 13:03:20 christos Exp $ +# file(1) magic(5) data for cubemaps Martin Erik Werner +# +0 string ACMP Map file for the AssaultCube FPS game +0 string CUBE Map file for cube and cube2 engine games +0 string MAPZ) Map file for the Blood Frontier/Red Eclipse FPS games diff --git a/contrib/file/magic/Magdir/cups b/contrib/file/magic/Magdir/cups index da2cc4cce0..54167fc04b 100644 --- a/contrib/file/magic/Magdir/cups +++ b/contrib/file/magic/Magdir/cups @@ -1,55 +1,12 @@ #------------------------------------------------------------------------------ -# $File: cups,v 1.1 2011/11/10 18:59:54 christos Exp $ +# $File: cups,v 1.2 2012/11/02 21:50:29 christos Exp $ # Cups: file(1) magic for the cups raster file format # From: Laurent Martelli # http://www.cups.org/documentation.php/spec-raster.html # -# Cups Raster image format, Big Endian -0 string RaS -!:mime application/vnd.cups-raster ->3 string t Cups Raster version 1, Big Endian ->3 string 2 Cups Raster version 2, Big Endian ->3 string 3 Cups Raster version 3, Big Endian ->280 belong x \b, %d ->284 belong x \bx%d dpi ->376 belong x \b, %dx ->380 belong x \b%d pixels ->388 belong x %d bits/color ->392 belong x %d bits/pixel ->400 belong 0 ColorOrder=Chunky ->400 belong 1 ColorOrder=Banded ->400 belong 2 ColorOrder=Planar ->404 belong 0 ColorSpace=gray ->404 belong 1 ColorSpace=RGB ->404 belong 2 ColorSpace=RGBA ->404 belong 3 ColorSpace=black ->404 belong 4 ColorSpace=CMY ->404 belong 5 ColorSpace=YMC ->404 belong 6 ColorSpace=CMYK ->404 belong 7 ColorSpace=YMCK ->404 belong 8 ColorSpace=KCMY ->404 belong 9 ColorSpace=KCMYcm ->404 belong 10 ColorSpace=GMCK ->404 belong 11 ColorSpace=GMCS ->404 belong 12 ColorSpace=WHITE ->404 belong 13 ColorSpace=GOLD ->404 belong 14 ColorSpace=SILVER ->404 belong 15 ColorSpace=CIE XYZ ->404 belong 16 ColorSpace=CIE Lab ->404 belong 17 ColorSpace=RGBW ->404 belong 18 ColorSpace=sGray ->404 belong 19 ColorSpace=sRGB ->404 belong 20 ColorSpace=AdobeRGB - - -# Cups Raster image format, Little Endian -1 string SaR ->0 string t Cups Raster version 1, Little Endian ->0 string 2 Cups Raster version 2, Little Endian ->0 string 3 Cups Raster version 3, Little Endian -!:mime application/vnd.cups-raster +0 name cups-be >280 lelong x \b, %d >284 lelong x \bx%d dpi >376 lelong x \b, %dx @@ -80,3 +37,20 @@ >404 lelong 18 ColorSpace=sGray >404 lelong 19 ColorSpace=sRGB >404 lelong 20 ColorSpace=AdobeRGB + +# Cups Raster image format, Big Endian +0 string RaS +>3 string t Cups Raster version 1, Big Endian +>3 string 2 Cups Raster version 2, Big Endian +>3 string 3 Cups Raster version 3, Big Endian +!:mime application/vnd.cups-raster +>0 use ^cups-be + + +# Cups Raster image format, Little Endian +1 string SaR +>0 string t Cups Raster version 1, Little Endian +>0 string 2 Cups Raster version 2, Little Endian +>0 string 3 Cups Raster version 3, Little Endian +!:mime application/vnd.cups-raster +>0 use \^cups-be diff --git a/contrib/file/magic/Magdir/database b/contrib/file/magic/Magdir/database index 956a53ba4c..584bbd68ee 100644 --- a/contrib/file/magic/Magdir/database +++ b/contrib/file/magic/Magdir/database @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: database,v 1.28 2011/09/16 19:40:40 christos Exp $ +# $File: database,v 1.37 2014/03/14 18:47:29 christos Exp $ # database: file(1) magic for various databases # # extracted from header/code files by Graeme Wilford (eep2gw@ee.surrey.ac.uk) @@ -84,8 +84,32 @@ # # # Round Robin Database Tool by Tobias Oetiker -0 string RRD RRDTool DB ->4 string x version %s +0 string/b RRD\0 RRDTool DB +>4 string/b x version %s + +>>10 short !0 16bit aligned +>>>10 bedouble 8.642135e+130 big-endian +>>>>18 short x 32bit long (m68k) + +>>10 short 0 +>>>12 long !0 32bit aligned +>>>>12 bedouble 8.642135e+130 big-endian +>>>>>20 long 0 64bit long +>>>>>20 long !0 32bit long +>>>>12 ledouble 8.642135e+130 little-endian +>>>>>24 long 0 64bit long +>>>>>24 long !0 32bit long (i386) +>>>>12 string \x43\x2b\x1f\x5b\x2f\x25\xc0\xc7 middle-endian +>>>>>24 short !0 32bit long (arm) + +>>8 quad 0 64bit aligned +>>>16 bedouble 8.642135e+130 big-endian +>>>>24 long 0 64bit long (s390x) +>>>>24 long !0 32bit long (hppa/mips/ppc/s390/sparc) +>>>16 ledouble 8.642135e+130 little-endian +>>>>28 long 0 64bit long (alpha/amd64/ia64) +>>>>28 long !0 32bit long (armel/mipsel) + #---------------------------------------------------------------------- # ROOT: file(1) magic for ROOT databases # @@ -114,95 +138,271 @@ #>>>0x04 byte 8 incrementing secondary index .XGn file ## XBase database files -#0 byte 0x02 -#>8 leshort >0 -#>>12 leshort 0 FoxBase -#!:mime application/x-dbf -#>>>0x04 lelong 0 (no records) -#>>>0x04 lelong >0 (%ld records) -# -#0 byte 0x03 -#!:mime application/x-dbf -#>8 leshort >0 -#>>12 leshort 0 FoxBase+, FoxPro, dBaseIII+, dBaseIV, no memo -#>>>0x04 lelong 0 (no records) -#>>>0x04 lelong >0 (%ld records) +# updated by Joerg Jenderek at Feb 2013 +# http://www.dbase.com/Knowledgebase/INT/db7_file_fmt.htm +# http://www.clicketyclick.dk/databases/xbase/format/dbf.html +# http://home.f1.htw-berlin.de/scheibl/db/intern/dBase.htm +# inspect VVYYMMDD , where 1<= MM <= 12 and 1<= DD <= 31 +0 ubelong&0x0000FFFF <0x00000C20 +# skip Infocom game Z-machine +>2 ubyte >0 +# skip Androids *.xml +>>3 ubyte >0 +>>>3 ubyte <32 +# 1 < version VV +>>>>0 ubyte >1 +# skip HELP.CA3 by test for reserved byte ( NULL ) +>>>>>27 ubyte 0 +# reserved bytes not always 0 ; also found 0x3901 (T4.DBF) ,0x7101 (T5.DBF,T6.DBF) +#>>>>>30 ubeshort x 30NULL?%x +# possible production flag,tag numbers(<=0x30),tag length(<=0x20), reserved (NULL) +>>>>>>24 ubelong&0xffFFFFff >0x01302000 +# .DBF or .MDX +>>>>>>24 ubelong&0xffFFFFff <0x01302001 +# for Xbase Database file (*.DBF) reserved (NULL) for multi-user +>>>>>>>24 ubelong&0xffFFFFff =0 +# test for 2 reserved NULL bytes,transaction and encryption byte flag +>>>>>>>>12 ubelong&0xFFFFfEfE 0 +# test for MDX flag +>>>>>>>>>28 ubyte x +>>>>>>>>>28 ubyte&0xf8 0 +# header size >= 32 +>>>>>>>>>>8 uleshort >31 +# skip PIC15736.PCX by test for language driver name or field name +>>>>>>>>>>>32 ubyte >0 +#!:mime application/x-dbf; charset=unknown-8bit ?? +#!:mime application/x-dbase +>>>>>>>>>>>>0 use xbase-type +# database file +>>>>>>>>>>>>0 ubyte x \b DBF +>>>>>>>>>>>>4 lelong 0 \b, no records +>>>>>>>>>>>>4 lelong >0 \b, %ld record +# plural s appended +>>>>>>>>>>>>>4 lelong >1 \bs +# http://www.clicketyclick.dk/databases/xbase/format/dbf_check.html#CHECK_DBF +# 1 <= record size <= 4000 (dBase 3,4) or 32 * KB (=0x8000) +>>>>>>>>>>>>10 uleshort x * %d +# file size = records * record size + header size +>>>>>>>>>>>>1 ubyte x \b, update-date +>>>>>>>>>>>>1 use xbase-date +# http://msdn.microsoft.com/de-de/library/cc483186(v=vs.71).aspx +#>>>>>>>>>>>>29 ubyte =0 \b, codepage ID=0x%x +# 2~cp850 , 3~cp1252 , 0x1b~?? ; what code page is 0x1b ? +>>>>>>>>>>>>29 ubyte >0 \b, codepage ID=0x%x +#>>>>>>>>>>>>28 ubyte&0x01 0 \b, no index file +>>>>>>>>>>>>28 ubyte&0x01 1 \b, with index file .MDX +>>>>>>>>>>>>28 ubyte&0x02 2 \b, with memo .FPT +>>>>>>>>>>>>28 ubyte&0x04 4 \b, DataBaseContainer +# 1st record offset + 1 = header size +>>>>>>>>>>>>8 uleshort >0 +>>>>>>>>>>>>(8.s+1) ubyte >0 +>>>>>>>>>>>>>8 uleshort >0 \b, at offset %d +>>>>>>>>>>>>>(8.s+1) ubyte >0 +>>>>>>>>>>>>>>&-1 string >\0 1st record "%s" +# for multiple index files (*.MDX) Production flag,tag numbers(<=0x30),tag length(<=0x20), reserverd (NULL) +>>>>>>>24 ubelong&0x0133f7ff >0 +# test for reserved NULL byte +>>>>>>>>47 ubyte x +# test for valid TAG key format (0x10 or 0) +>>>>>>>>>559 ubyte&0xeF 0 +# test MM <= 12 +>>>>>>>>>45 ubeshort <0x0C20 +>>>>>>>>>>45 ubyte >0 +>>>>>>>>>>>46 ubyte <32 +>>>>>>>>>>>>46 ubyte >0 +#!:mime application/x-mdx +>>>>>>>>>>>>>0 use xbase-type +>>>>>>>>>>>>>0 ubyte x \b MDX +>>>>>>>>>>>>>1 ubyte x \b, creation-date +>>>>>>>>>>>>>1 use xbase-date +>>>>>>>>>>>>>44 ubyte x \b, update-date +>>>>>>>>>>>>>44 use xbase-date +# No.of tags in use (1,2,5,12) +>>>>>>>>>>>>>28 uleshort x \b, %d +# No. of entries in tag (0x30) +>>>>>>>>>>>>>25 ubyte x \b/%d tags +# Length of tag +>>>>>>>>>>>>>26 ubyte x * %d +# 1st tag name_ +>>>>>>>>>>>>>548 string x \b, 1st tag "%.11s" +# 2nd tag name +#>>>>>>>>>>>>(26.b+548) string x \b, 2nd tag "%.11s" # -#0 byte 0x04 +# Print the xBase names of different version variants +0 name xbase-type +>0 ubyte <2 +# 1 < version +>0 ubyte >1 +>>0 ubyte 0x02 FoxBase +# FoxBase+/dBaseIII+, no memo +>>0 ubyte 0x03 FoxBase+/dBase III +!:mime application/x-dbf +# dBASE IV no memo file +>>0 ubyte 0x04 dBase IV +!:mime application/x-dbf +# dBASE V no memo file +>>0 ubyte 0x05 dBase V +!:mime application/x-dbf +>>0 ubyte 0x30 Visual FoxPro +!:mime application/x-dbf +>>0 ubyte 0x31 Visual FoxPro, autoincrement +!:mime application/x-dbf +# Visual FoxPro, with field type Varchar or Varbinary +>>0 ubyte 0x32 Visual FoxPro, with field type Varchar +!:mime application/x-dbf +# dBASE IV SQL, no memo;dbv memo var size (Flagship) +>>0 ubyte 0x43 dBase IV, with SQL table +!:mime application/x-dbf +# http://msdn.microsoft.com/en-US/library/st4a0s68(v=vs.80).aspx +#>>0 ubyte 0x62 dBase IV, with SQL table #!:mime application/x-dbf -#>8 leshort >0 -#>>12 leshort 0 dBASE IV no memo file -#>>>0x04 lelong 0 (no records) -#>>>0x04 lelong >0 (%ld records) -# -#0 byte 0x05 +# dBASE IV, with memo!! +>>0 ubyte 0x7b dBase IV, with memo +!:mime application/x-dbf +# http://msdn.microsoft.com/en-US/library/st4a0s68(v=vs.80).aspx +#>>0 ubyte 0x82 dBase IV, with SQL system #!:mime application/x-dbf -#>8 leshort >0 -#>>12 leshort 0 dBASE V no memo file -#>>>0x04 lelong 0 (no records) -#>>>0x04 lelong >0 (%ld records) -# -#0 byte 0x30 +# FoxBase+/dBaseIII+ with memo .DBT! +>>0 ubyte 0x83 FoxBase+/dBase III, with memo .DBT +!:mime application/x-dbf +# VISUAL OBJECTS (first 1.0 versions) for the Dbase III files (NTX clipper driver); memo file +>>0 ubyte 0x87 VISUAL OBJECTS, with memo file +!:mime application/x-dbf +# http://msdn.microsoft.com/en-US/library/st4a0s68(v=vs.80).aspx +#>>0 ubyte 0x8A FoxBase+/dBase III, with memo .DBT #!:mime application/x-dbf -#>8 leshort >0 -#>>12 leshort 0 Visual FoxPro -#>>>0x04 lelong 0 (no records) -#>>>0x04 lelong >0 (%ld records) -# -#0 byte 0x43 +# dBASE IV with memo! +>>0 ubyte 0x8B dBase IV, with memo .DBT +!:mime application/x-dbf +# dBase IV with SQL Table,no memo? +>>0 ubyte 0x8E dBase IV, with SQL table +!:mime application/x-dbf +# .dbv and .dbt memo (Flagship)? +>>0 ubyte 0xB3 Flagship +# http://msdn.microsoft.com/en-US/library/st4a0s68(v=vs.80).aspx +#>>0 ubyte 0xCA dBase IV with memo .DBT #!:mime application/x-dbf -#>8 leshort >0 -#>>12 leshort 0 FlagShip with memo var size -#>>>0x04 lelong 0 (no records) -#>>>0x04 lelong >0 (%ld records) -# -#0 byte 0x7b +# dBASE IV with SQL table, with memo .DBT +>>0 ubyte 0xCB dBase IV with SQL table, with memo .DBT +!:mime application/x-dbf +# HiPer-Six format;Clipper SIX, with SMT memo file +>>0 ubyte 0xE5 Clipper SIX with memo +!:mime application/x-dbf +# http://msdn.microsoft.com/en-US/library/st4a0s68(v=vs.80).aspx +#>>0 ubyte 0xF4 dBase IV, with SQL table, with memo #!:mime application/x-dbf -#>8 leshort >0 -#>>12 leshort 0 dBASEIV with memo -#>>>0x04 lelong 0 (no records) -#>>>0x04 lelong >0 (%ld records) -# -#0 byte 0x83 -#!:mime application/x-dbf -#>8 leshort >0 -#>>12 leshort 0 FoxBase+, dBaseIII+ with memo -#>>>0x04 lelong 0 (no records) -#>>>0x04 lelong >0 (%ld records) -# -#0 byte 0x8b +>>0 ubyte 0xF5 FoxPro with memo +!:mime application/x-dbf +# http://msdn.microsoft.com/en-US/library/st4a0s68(v=vs.80).aspx +#>>0 ubyte 0xFA FoxPro 2.x, with memo #!:mime application/x-dbf -#>8 leshort >0 -#>>12 leshort 0 dBaseIV with memo -#>>>0x04 lelong 0 (no records) -#>>>0x04 lelong >0 (%ld records) -# -#0 byte 0x8e -#!:mime application/x-dbf -#>8 leshort >0 -#>>12 leshort 0 dBaseIV with SQL Table -#>>>0x04 lelong 0 (no records) -#>>>0x04 lelong >0 (%ld records) -# -#0 byte 0xb3 -#!:mime application/x-dbf -#>8 leshort >0 -#>>12 leshort 0 FlagShip with .dbt memo -#>>>0x04 lelong 0 (no records) -#>>>0x04 lelong >0 (%ld records) -# -#0 byte 0xf5 -#!:mime application/x-dbf -#>8 leshort >0 -#>>12 leshort 0 FoxPro with memo -#>>>0x04 lelong 0 (no records) -#>>>0x04 lelong >0 (%ld records) -# -#0 leshort 0x0006 DBase 3 index file +# unknown version (should not happen) +>>0 default x xBase +!:mime application/x-dbf +>>>0 ubyte x (0x%x) +# flags in version byte +# DBT flag (with dBASE III memo .DBT)!! +# >>0 ubyte&0x80 >0 DBT_FLAG=%x +# memo flag ?? +# >>0 ubyte&0x08 >0 MEMO_FLAG=%x +# SQL flag ?? +# >>0 ubyte&0x70 >0 SQL_FLAG=%x +# test and print the date of xBase .DBF .MDX +0 name xbase-date +# inspect YYMMDD , where 1<= MM <= 12 and 1<= DD <= 31 +>0 ubelong x +>1 ubyte <13 +>>1 ubyte >0 +>>>2 ubyte >0 +>>>>2 ubyte <32 +>>>>>0 ubyte x +# YY is interpreted as 20YY or 19YY +>>>>>>0 ubyte <100 \b %.2d +# YY is interpreted 1900+YY; TODO: display yy or 20yy instead 1YY +>>>>>>0 ubyte >99 \b %d +>>>>>1 ubyte x \b-%d +>>>>>2 ubyte x \b-%d + +# dBase memo files .DBT or .FPT +# http://msdn.microsoft.com/en-us/library/8599s21w(v=vs.80).aspx +16 ubyte <4 +>16 ubyte !2 +>>16 ubyte !1 +# next free block index is positive +>>>0 ulelong >0 +# skip many JPG. ZIP, BZ2 by test for reserved bytes NULL , 0|2 , 0|1 , low byte of block size +>>>>17 ubelong&0xFFfdFE00 0x00000000 +# skip many RAR by test for low byte 0 ,high byte 0|2|even of block size, 0|a|e|d7 , 0|64h +>>>>>20 ubelong&0xFF01209B 0x00000000 +# dBASE III +>>>>>>16 ubyte 3 +# dBASE III DBT +>>>>>>>0 use xbase-memo-print +# dBASE IV DBT , FoxPro FPT or many PNG , ZIP , DBF garbage +>>>>>>16 ubyte 0 +# dBASE IV DBT with DBF name or DBF garbage +>>>>>>>8 ubelong >0x40000000 +# skip DBF and catch dBASE IV DBT with DBF name and with non big index of next free block +>>>>>>>>0 ulelong <0x01010002 +>>>>>>>>>0 use xbase-memo-print +>>>>>>>8 ubelong 0 +# skip MM*DD*.bin by test for for reserved NULL byte +>>>>>>>>508 ubelong 0 +# real memo files should contain text here +>>>>>>>>>520 ubelong >0x20202019 +>>>>>>>>>>520 ubelong <0xFEFEFEFF +>>>>>>>>>>>0 use xbase-memo-print +# garbage PCX , ZIP , JAR , XPI +>>>>>>>8 default x + +# Print the information of dBase DBT or FoxPro FPT memo files +0 name xbase-memo-print +>0 ubyte x +# test version +# memo file +>>16 ubyte 3 dBase III DBT +>>16 ubyte 0 +>>>512 ubelong <0x00000003 FoxPro FPT +# Size of blocks for FoxPro +>>>>6 ubeshort x \b, blocks size %lu +# Number of next available block for appending data for FoxPro +>>>>0 ubelong =0 \b, next free block index %lu +>>>>0 ubelong !0 \b, next free block index %lu +>>>512 default x dBase IV DBT +# DBF file name without extention +>>>>8 string >\0 \b of %-.8s.DBF +# size of blocks ; not reliable 0x2020204C +#>>>>4 ulelong =0 \b, blocks size %lu +>>>>4 ulelong !0 \b, blocks size %lu +# Block length found 0 , 512 +#>>>>20 uleshort =0 \b, block length %u +>>>>20 uleshort !0 \b, block length %u +# Number of next available block for appending data +>>>>0 ulelong =0 \b, next free block index %lu +>>>>0 ulelong !0 \b, next free block index %lu +>>512 ubelong x +>>>512 ubelong =0xFFFF0800 +>>>>520 string >\0 \b, 1st used item "%s" +# FoxPro +>>>512 ubelong <3 +# FoxPro memo +>>>>512 ubelong =1 +>>>>520 string >\0 \b, 1st used item "%s" +>>>512 default x +# may be deleted memo field +>>>>512 string >\0 \b, 1st item "%s" + +# TODO: +# DBASE index file *.NDX +# DBASE Compound Index file *.CDX +# dBASE IV Printer Driver *.PRF +## End of XBase database stuff # MS Access database 4 string Standard\ Jet\ DB Microsoft Access Database !:mime application/x-msaccess +4 string Standard\ ACE\ DB Microsoft Access Database +!:mime application/x-msaccess # TDB database from Samba et al - Martin Pool 0 string TDB\ file TDB database @@ -269,14 +469,6 @@ >48 lequad x \b, rnum=%lld >56 lequad x \b, fsiz=%lld -# G-IR database made by gobject-introspect toolset, -# http://live.gnome.org/GObjectIntrospection -0 string GOBJ\nMETADATA\r\n\032 G-IR binary database ->16 byte x \b, v%d ->17 byte x \b.%d ->20 leshort x \b, %d entries ->22 leshort x \b/%d local - # Type: QDBM Quick Database Manager # From: Benoit Sibaud 0 string \\[depot\\]\n\f Quick Database Manager, little endian @@ -288,8 +480,11 @@ 0 string ToKyO\ CaBiNeT\n TokyoCabinet database >14 string x (version %s) -# From: Stéphane Blondon http://www.yaal.fr +# From: Stephane Blondon http://www.yaal.fr # Database file for Zope (done by FileStorage) 0 string FS21 Zope Object Database File Storage (data) # Cache file for the database of Zope (done by ClientStorage) 0 string ZEC3 Zope Object Database Client Cache File (data) + +# IDA (Interactive Disassembler) database +0 string IDA1 IDA (Interactive Disassembler) database diff --git a/contrib/file/magic/Magdir/diff b/contrib/file/magic/Magdir/diff index 73f0135df8..59243801eb 100644 --- a/contrib/file/magic/Magdir/diff +++ b/contrib/file/magic/Magdir/diff @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: diff,v 1.12 2010/12/07 16:52:52 christos Exp $ +# $File: diff,v 1.14 2012/09/16 23:08:54 christos Exp $ # diff: file(1) magic for diff(1) output # 0 search/1 diff\ diff output text @@ -16,7 +16,7 @@ !:mime text/x-diff # bsdiff: file(1) magic for bsdiff(1) output -0 string/t BSDIFF40 bsdiff(1) patch file +0 string/b BSDIFF40 bsdiff(1) patch file # unified diff @@ -27,3 +27,14 @@ >>>>&0 search/1 @@ unified diff output text !:mime text/x-diff !:strength + 90 + +# librsync -- the library for network deltas +# +# Copyright (C) 2001 by Martin Pool. You may do whatever you want with +# this file. +# +0 belong 0x72730236 rdiff network-delta data + +0 belong 0x72730136 rdiff network-delta signature data +>4 belong x (block length=%d, +>8 belong x signature strength=%d) diff --git a/contrib/file/magic/Magdir/digital b/contrib/file/magic/Magdir/digital index b1b77dd8c7..f66e0bc559 100644 --- a/contrib/file/magic/Magdir/digital +++ b/contrib/file/magic/Magdir/digital @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: digital,v 1.10 2011/05/03 01:44:17 christos Exp $ +# $File: digital,v 1.11 2013/01/11 16:45:23 christos Exp $ # Digital UNIX - Info # 0 string =!\n________64E Alpha archive @@ -8,20 +8,20 @@ # 0 leshort 0603 ->>24 leshort 0410 COFF format alpha pure ->>24 leshort 0413 COFF format alpha demand paged ->>>22 leshort&030000 !020000 executable ->>>22 leshort&020000 !0 dynamically linked ->>>16 lelong !0 not stripped ->>>16 lelong 0 stripped ->>>27 byte x - version %d ->>>26 byte x \b.%d ->>>28 byte x \b-%d ->>24 leshort 0407 COFF format alpha object ->>>22 leshort&030000 020000 shared library ->>>27 byte x - version %d ->>>26 byte x \b.%d ->>>28 byte x \b-%d +>24 leshort 0410 COFF format alpha pure +>24 leshort 0413 COFF format alpha demand paged +>>22 leshort&030000 !020000 executable +>>22 leshort&020000 !0 dynamically linked +>>16 lelong !0 not stripped +>>16 lelong 0 stripped +>>27 byte x - version %d +>>26 byte x \b.%d +>>28 byte x \b-%d +>24 leshort 0407 COFF format alpha object +>>22 leshort&030000 020000 shared library +>>27 byte x - version %d +>>26 byte x \b.%d +>>28 byte x \b-%d # Basic recognition of Digital UNIX core dumps - Mike Bremford # diff --git a/contrib/file/magic/Magdir/dolby b/contrib/file/magic/Magdir/dolby index fee287ccf1..573398f347 100644 --- a/contrib/file/magic/Magdir/dolby +++ b/contrib/file/magic/Magdir/dolby @@ -1,60 +1,69 @@ #------------------------------------------------------------------------------ -# $File: dolby,v 1.5 2009/09/19 16:28:08 christos Exp $ +# $File: dolby,v 1.7 2014/01/08 22:37:23 christos Exp $ # ATSC A/53 aka AC-3 aka Dolby Digital # from http://www.atsc.org/standards/a_52a.pdf # corrections, additions, etc. are always welcome! # # syncword -0 beshort 0x0b77 ATSC A/52 aka AC-3 aka Dolby Digital stream, +0 beshort 0x0b77 ATSC A/52 aka AC-3 aka Dolby Digital stream, +# Proposed audio/ac3 RFC/4184 +!:mime audio/vnd.dolby.dd-raw # fscod ->4 byte&0xc0 0x00 48 kHz, ->4 byte&0xc0 0x40 44.1 kHz, ->4 byte&0xc0 0x80 32 kHz, +>4 byte&0xc0 = 0x00 48 kHz, +>4 byte&0xc0 = 0x40 44.1 kHz, +>4 byte&0xc0 = 0x80 32 kHz, # is this one used for 96 kHz? ->4 byte&0xc0 0xc0 reserved frequency, +>4 byte&0xc0 = 0xc0 reserved frequency, # ->5 byte&7 = 0 \b, complete main (CM) ->5 byte&7 = 1 \b, music and effects (ME) ->5 byte&7 = 2 \b, visually impaired (VI) ->5 byte&7 = 3 \b, hearing impaired (HI) ->5 byte&7 = 4 \b, dialogue (D) ->5 byte&7 = 5 \b, commentary (C) ->5 byte&7 = 6 \b, emergency (E) +>5 byte&0x07 = 0x00 \b, complete main (CM) +>5 byte&0x07 = 0x01 \b, music and effects (ME) +>5 byte&0x07 = 0x02 \b, visually impaired (VI) +>5 byte&0x07 = 0x03 \b, hearing impaired (HI) +>5 byte&0x07 = 0x04 \b, dialogue (D) +>5 byte&0x07 = 0x05 \b, commentary (C) +>5 byte&0x07 = 0x06 \b, emergency (E) +>5 beshort&0x07e0 0x0720 \b, voiceover (VO) +>5 beshort&0x07e0 >0x0720 \b, karaoke # acmod ->6 byte&0xe0 0x00 1+1 front, ->6 byte&0xe0 0x20 1 front/0 rear, ->6 byte&0xe0 0x40 2 front/0 rear, ->6 byte&0xe0 0x60 3 front/0 rear, ->6 byte&0xe0 0x80 2 front/1 rear, ->6 byte&0xe0 0xa0 3 front/1 rear, ->6 byte&0xe0 0xc0 2 front/2 rear, ->6 byte&0xe0 0xe0 3 front/2 rear, -# lfeon (these may be incorrect) ->7 byte&0x40 0x00 LFE off, ->7 byte&0x40 0x40 LFE on, +>6 byte&0xe0 = 0x00 1+1 front, +>>6 byte&0x10 = 0x10 LFE on, +>6 byte&0xe0 = 0x20 1 front/0 rear, +>>6 byte&0x10 = 0x10 LFE on, +>6 byte&0xe0 = 0x40 2 front/0 rear, +# dsurmod (for stereo only) +>>6 byte&0x18 = 0x00 Dolby Surround not indicated +>>6 byte&0x18 = 0x08 not Dolby Surround encoded +>>6 byte&0x18 = 0x10 Dolby Surround encoded +>>6 byte&0x18 = 0x18 reserved Dolby Surround mode +>>6 byte&0x04 = 0x04 LFE on, +>6 byte&0xe0 = 0x60 3 front/0 rear, +>>6 byte&0x04 = 0x04 LFE on, +>6 byte&0xe0 = 0x80 2 front/1 rear, +>>6 byte&0x04 = 0x04 LFE on, +>6 byte&0xe0 = 0xa0 3 front/1 rear, +>>6 byte&0x01 = 0x01 LFE on, +>6 byte&0xe0 = 0xc0 2 front/2 rear, +>>6 byte&0x04 = 0x04 LFE on, +>6 byte&0xe0 = 0xe0 3 front/2 rear, +>>6 byte&0x01 = 0x01 LFE on, # >4 byte&0x3e = 0x00 \b, 32 kbit/s ->4 byte&0x3e = 0x02 \b, 40 kbit/s ->4 byte&0x3e = 0x04 \b, 48 kbit/s ->4 byte&0x3e = 0x06 \b, 56 kbit/s ->4 byte&0x3e = 0x08 \b, 64 kbit/s ->4 byte&0x3e = 0x0a \b, 80 kbit/s ->4 byte&0x3e = 0x0c \b, 96 kbit/s ->4 byte&0x3e = 0x0e \b, 112 kbit/s ->4 byte&0x3e = 0x10 \b, 128 kbit/s ->4 byte&0x3e = 0x12 \b, 160 kbit/s ->4 byte&0x3e = 0x14 \b, 192 kbit/s ->4 byte&0x3e = 0x16 \b, 224 kbit/s ->4 byte&0x3e = 0x18 \b, 256 kbit/s ->4 byte&0x3e = 0x1a \b, 320 kbit/s ->4 byte&0x3e = 0x1c \b, 384 kbit/s ->4 byte&0x3e = 0x1e \b, 448 kbit/s ->4 byte&0x3e = 0x20 \b, 512 kbit/s ->4 byte&0x3e = 0x22 \b, 576 kbit/s ->4 byte&0x3e = 0x24 \b, 640 kbit/s -# dsurmod (these may be incorrect) ->6 beshort&0x0180 0x0000 Dolby Surround not indicated ->6 beshort&0x0180 0x0080 not Dolby Surround encoded ->6 beshort&0x0180 0x0100 Dolby Surround encoded ->6 beshort&0x0180 0x0180 reserved Dolby Surround mode +>4 byte&0x3e = 0x02 \b, 40 kbit/s +>4 byte&0x3e = 0x04 \b, 48 kbit/s +>4 byte&0x3e = 0x06 \b, 56 kbit/s +>4 byte&0x3e = 0x08 \b, 64 kbit/s +>4 byte&0x3e = 0x0a \b, 80 kbit/s +>4 byte&0x3e = 0x0c \b, 96 kbit/s +>4 byte&0x3e = 0x0e \b, 112 kbit/s +>4 byte&0x3e = 0x10 \b, 128 kbit/s +>4 byte&0x3e = 0x12 \b, 160 kbit/s +>4 byte&0x3e = 0x14 \b, 192 kbit/s +>4 byte&0x3e = 0x16 \b, 224 kbit/s +>4 byte&0x3e = 0x18 \b, 256 kbit/s +>4 byte&0x3e = 0x1a \b, 320 kbit/s +>4 byte&0x3e = 0x1c \b, 384 kbit/s +>4 byte&0x3e = 0x1e \b, 448 kbit/s +>4 byte&0x3e = 0x20 \b, 512 kbit/s +>4 byte&0x3e = 0x22 \b, 576 kbit/s +>4 byte&0x3e = 0x24 \b, 640 kbit/s diff --git a/contrib/file/magic/Magdir/dump b/contrib/file/magic/Magdir/dump index 1ac91e2201..b4a7240e55 100644 --- a/contrib/file/magic/Magdir/dump +++ b/contrib/file/magic/Magdir/dump @@ -1,11 +1,11 @@ #------------------------------------------------------------------------------ -# $File: dump,v 1.11 2009/09/19 16:28:09 christos Exp $ +# $File: dump,v 1.12 2012/11/01 04:26:40 christos Exp $ # dump: file(1) magic for dump file format--for new and old dump filesystems # # We specify both byte orders in order to recognize byte-swapped dumps. # -24 belong 60012 new-fs dump file (big endian), +0 name new-dump-be >4 bedate x Previous dump %s, >8 bedate x This dump %s, >12 belong >0 Volume %ld, @@ -24,7 +24,7 @@ >824 string >\0 Host %s, >888 belong >0 Flags %x -24 belong 60011 old-fs dump file (big endian), +0 name old-dump-be #>4 bedate x Previous dump %s, #>8 bedate x This dump %s, >12 belong >0 Volume %ld, @@ -43,57 +43,7 @@ >824 string >\0 Host %s, >888 belong >0 Flags %x -24 lelong 60012 new-fs dump file (little endian), ->4 ledate x This dump %s, ->8 ledate x Previous dump %s, ->12 lelong >0 Volume %ld, ->692 lelong 0 Level zero, type: ->692 lelong >0 Level %d, type: ->0 lelong 1 tape header, ->0 lelong 2 beginning of file record, ->0 lelong 3 map of inodes on tape, ->0 lelong 4 continuation of file record, ->0 lelong 5 end of volume, ->0 lelong 6 map of inodes deleted, ->0 lelong 7 end of medium (for floppy), ->676 string >\0 Label %s, ->696 string >\0 Filesystem %s, ->760 string >\0 Device %s, ->824 string >\0 Host %s, ->888 lelong >0 Flags %x - -24 lelong 60011 old-fs dump file (little endian), -#>4 ledate x Previous dump %s, -#>8 ledate x This dump %s, ->12 lelong >0 Volume %ld, ->692 lelong 0 Level zero, type: ->692 lelong >0 Level %d, type: ->0 lelong 1 tape header, ->0 lelong 2 beginning of file record, ->0 lelong 3 map of inodes on tape, ->0 lelong 4 continuation of file record, ->0 lelong 5 end of volume, ->0 lelong 6 map of inodes deleted, ->0 lelong 7 end of medium (for floppy), ->676 string >\0 Label %s, ->696 string >\0 Filesystem %s, ->760 string >\0 Device %s, ->824 string >\0 Host %s, ->888 lelong >0 Flags %x - -18 leshort 60011 old-fs dump file (16-bit, assuming PDP-11 endianness), ->2 medate x Previous dump %s, ->6 medate x This dump %s, ->10 leshort >0 Volume %ld, ->0 leshort 1 tape header. ->0 leshort 2 beginning of file record. ->0 leshort 3 map of inodes on tape. ->0 leshort 4 continuation of file record. ->0 leshort 5 end of volume. ->0 leshort 6 map of inodes deleted. ->0 leshort 7 end of medium (for floppy). - -24 belong 0x19540119 new-fs dump file (ufs2, big endian), +0 name ufs2-dump-be >896 beqdate x Previous dump %s, >904 beqdate x This dump %s, >12 belong >0 Volume %ld, @@ -112,21 +62,33 @@ >824 string >\0 Host %s, >888 belong >0 Flags %x -24 lelong 0x19540119 new-fs dump file (ufs2, little endian), ->896 leqdate x This dump %s, ->904 leqdate x Previous dump %s, ->12 lelong >0 Volume %ld, ->692 lelong 0 Level zero, type: ->692 lelong >0 Level %d, type: ->0 lelong 1 tape header, ->0 lelong 2 beginning of file record, ->0 lelong 3 map of inodes on tape, ->0 lelong 4 continuation of file record, ->0 lelong 5 end of volume, ->0 lelong 6 map of inodes deleted, ->0 lelong 7 end of medium (for floppy), ->676 string >\0 Label %s, ->696 string >\0 Filesystem %s, ->760 string >\0 Device %s, ->824 string >\0 Host %s, ->888 lelong >0 Flags %x +24 belong 60012 new-fs dump file (big endian), +>0 use new-dump-be + +24 belong 60011 old-fs dump file (big endian), +>0 use old-dump-be + +24 lelong 60012 new-fs dump file (little endian), +>0 use \^new-dump-be + +24 lelong 60011 old-fs dump file (little endian), +>0 use \^old-dump-be + + +24 belong 0x19540119 new-fs dump file (ufs2, big endian), +>0 use ufs2-dump-be + +24 lelong 0x19540119 new-fs dump file (ufs2, little endian), +>0 use \^ufs2-dump-be + +18 leshort 60011 old-fs dump file (16-bit, assuming PDP-11 endianness), +>2 medate x Previous dump %s, +>6 medate x This dump %s, +>10 leshort >0 Volume %ld, +>0 leshort 1 tape header. +>0 leshort 2 beginning of file record. +>0 leshort 3 map of inodes on tape. +>0 leshort 4 continuation of file record. +>0 leshort 5 end of volume. +>0 leshort 6 map of inodes deleted. +>0 leshort 7 end of medium (for floppy). diff --git a/contrib/file/magic/Magdir/elf b/contrib/file/magic/Magdir/elf index 8e3b7bc741..6a23e56dab 100644 --- a/contrib/file/magic/Magdir/elf +++ b/contrib/file/magic/Magdir/elf @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: elf,v 1.54 2011/12/17 17:16:29 christos Exp $ +# $File: elf,v 1.66 2014/03/06 16:37:39 christos Exp $ # elf: file(1) magic for ELF executables # # We have to check the byte order flag to see what byte order all the @@ -14,263 +14,278 @@ # Modified by (3): Christian 'Dr. Disk' Hechelmann (fix of core support) # Modified by (4): (VMS Itanium) # Modified by (5): Matthias Urlichs (Listing of many architectures) -0 string \177ELF ELF ->4 byte 0 invalid class ->4 byte 1 32-bit ->4 byte 2 64-bit ->5 byte 0 invalid byte order ->5 byte 1 LSB ->>16 leshort 0 no file type, -!:strength *2 + +0 name elf-le +>16 leshort 0 no file type, !:mime application/octet-stream ->>16 leshort 1 relocatable, +>16 leshort 1 relocatable, !:mime application/x-object ->>16 leshort 2 executable, +>16 leshort 2 executable, !:mime application/x-executable ->>16 leshort 3 shared object, +>16 leshort 3 shared object, !:mime application/x-sharedlib ->>16 leshort 4 core file +>16 leshort 4 core file !:mime application/x-coredump # Core file detection is not reliable. #>>>(0x38+0xcc) string >\0 of '%s' #>>>(0x38+0x10) lelong >0 (signal %d), ->>16 leshort &0xff00 processor-specific, ->>18 leshort 0 no machine, ->>18 leshort 1 AT&T WE32100 - invalid byte order, ->>18 leshort 2 SPARC - invalid byte order, ->>18 leshort 3 Intel 80386, ->>18 leshort 4 Motorola ->>>36 lelong &0x01000000 68000 - invalid byte order, ->>>36 lelong &0x00810000 CPU32 - invalid byte order, ->>>36 lelong 0 68020 - invalid byte order, ->>18 leshort 5 Motorola 88000 - invalid byte order, ->>18 leshort 6 Intel 80486, ->>18 leshort 7 Intel 80860, +>16 leshort &0xff00 processor-specific, +>18 clear x +>18 leshort 0 no machine, +>18 leshort 1 AT&T WE32100, +>18 leshort 2 SPARC, +>18 leshort 3 Intel 80386, +>18 leshort 4 Motorola m68k, +>>4 byte 1 +>>>36 lelong &0x01000000 68000, +>>>36 lelong &0x00810000 CPU32, +>>>36 lelong 0 68020, +>18 leshort 5 Motorola m88k, +>18 leshort 6 Intel 80486, +>18 leshort 7 Intel 80860, # The official e_machine number for MIPS is now #8, regardless of endianness. # The second number (#10) will be deprecated later. For now, we still # say something if #10 is encountered, but only gory details for #8. ->>18 leshort 8 MIPS, +>18 leshort 8 MIPS, +>>4 byte 1 >>>36 lelong &0x20 N32 ->>18 leshort 10 MIPS, +>18 leshort 10 MIPS, +>>4 byte 1 >>>36 lelong &0x20 N32 ->>18 leshort 8 +>18 leshort 8 # only for 32-bit ->>>4 byte 1 ->>>>36 lelong&0xf0000000 0x00000000 MIPS-I ->>>>36 lelong&0xf0000000 0x10000000 MIPS-II ->>>>36 lelong&0xf0000000 0x20000000 MIPS-III ->>>>36 lelong&0xf0000000 0x30000000 MIPS-IV ->>>>36 lelong&0xf0000000 0x40000000 MIPS-V ->>>>36 lelong&0xf0000000 0x50000000 MIPS32 ->>>>36 lelong&0xf0000000 0x60000000 MIPS64 ->>>>36 lelong&0xf0000000 0x70000000 MIPS32 rel2 ->>>>36 lelong&0xf0000000 0x80000000 MIPS64 rel2 +>>4 byte 1 +>>>36 lelong&0xf0000000 0x00000000 MIPS-I +>>>36 lelong&0xf0000000 0x10000000 MIPS-II +>>>36 lelong&0xf0000000 0x20000000 MIPS-III +>>>36 lelong&0xf0000000 0x30000000 MIPS-IV +>>>36 lelong&0xf0000000 0x40000000 MIPS-V +>>>36 lelong&0xf0000000 0x50000000 MIPS32 +>>>36 lelong&0xf0000000 0x60000000 MIPS64 +>>>36 lelong&0xf0000000 0x70000000 MIPS32 rel2 +>>>36 lelong&0xf0000000 0x80000000 MIPS64 rel2 # only for 64-bit ->>>4 byte 2 ->>>>48 lelong&0xf0000000 0x00000000 MIPS-I ->>>>48 lelong&0xf0000000 0x10000000 MIPS-II ->>>>48 lelong&0xf0000000 0x20000000 MIPS-III ->>>>48 lelong&0xf0000000 0x30000000 MIPS-IV ->>>>48 lelong&0xf0000000 0x40000000 MIPS-V ->>>>48 lelong&0xf0000000 0x50000000 MIPS32 ->>>>48 lelong&0xf0000000 0x60000000 MIPS64 ->>>>48 lelong&0xf0000000 0x70000000 MIPS32 rel2 ->>>>48 lelong&0xf0000000 0x80000000 MIPS64 rel2 ->>18 leshort 9 Amdahl - invalid byte order, ->>18 leshort 10 MIPS (deprecated), ->>18 leshort 11 RS6000 - invalid byte order, ->>18 leshort 15 PA-RISC - invalid byte order, ->>>50 leshort 0x0214 2.0 ->>>48 leshort &0x0008 (LP64), ->>18 leshort 16 nCUBE, ->>18 leshort 17 Fujitsu VPP500, ->>18 leshort 18 SPARC32PLUS - invalid byte order, ->>18 leshort 20 PowerPC, ->>18 leshort 22 IBM S/390, ->>18 leshort 36 NEC V800, ->>18 leshort 37 Fujitsu FR20, ->>18 leshort 38 TRW RH-32, ->>18 leshort 39 Motorola RCE, ->>18 leshort 40 ARM, ->>18 leshort 41 Alpha, ->>18 leshort 0xa390 IBM S/390 (obsolete), ->>18 leshort 42 Renesas SH, ->>18 leshort 43 SPARC V9 - invalid byte order, ->>18 leshort 44 Siemens Tricore Embedded Processor, ->>18 leshort 45 Argonaut RISC Core, Argonaut Technologies Inc., ->>18 leshort 46 Renesas H8/300, ->>18 leshort 47 Renesas H8/300H, ->>18 leshort 48 Renesas H8S, ->>18 leshort 49 Renesas H8/500, ->>18 leshort 50 IA-64, ->>18 leshort 51 Stanford MIPS-X, ->>18 leshort 52 Motorola Coldfire, ->>18 leshort 53 Motorola M68HC12, ->>18 leshort 54 Fujitsu MMA, ->>18 leshort 55 Siemens PCP, ->>18 leshort 56 Sony nCPU, ->>18 leshort 57 Denso NDR1, ->>18 leshort 58 Start*Core, ->>18 leshort 59 Toyota ME16, ->>18 leshort 60 ST100, ->>18 leshort 61 Tinyj emb., ->>18 leshort 62 x86-64, ->>18 leshort 63 Sony DSP, ->>18 leshort 66 FX66, ->>18 leshort 67 ST9+ 8/16 bit, ->>18 leshort 68 ST7 8 bit, ->>18 leshort 69 MC68HC16, ->>18 leshort 70 MC68HC11, ->>18 leshort 71 MC68HC08, ->>18 leshort 72 MC68HC05, ->>18 leshort 73 SGI SVx, ->>18 leshort 74 ST19 8 bit, ->>18 leshort 75 Digital VAX, ->>18 leshort 76 Axis cris, ->>18 leshort 77 Infineon 32-bit embedded, ->>18 leshort 78 Element 14 64-bit DSP, ->>18 leshort 79 LSI Logic 16-bit DSP, ->>18 leshort 80 MMIX, ->>18 leshort 81 Harvard machine-independent, ->>18 leshort 82 SiTera Prism, ->>18 leshort 83 Atmel AVR 8-bit, ->>18 leshort 84 Fujitsu FR30, ->>18 leshort 85 Mitsubishi D10V, ->>18 leshort 86 Mitsubishi D30V, ->>18 leshort 87 NEC v850, ->>18 leshort 88 Renesas M32R, ->>18 leshort 89 Matsushita MN10300, ->>18 leshort 90 Matsushita MN10200, ->>18 leshort 91 picoJava, ->>18 leshort 92 OpenRISC, ->>18 leshort 93 ARC Cores Tangent-A5, ->>18 leshort 94 Tensilica Xtensa, ->>18 leshort 97 NatSemi 32k, ->>18 leshort 106 Analog Devices Blackfin, ->>18 leshort 113 Altera Nios II, ->>18 leshort 0xae META, ->>18 leshort 187 Tilera TILE64, ->>18 leshort 188 Tilera TILEPro, ->>18 leshort 191 Tilera TILE-Gx, ->>18 leshort 0x3426 OpenRISC (obsolete), ->>18 leshort 0x8472 OpenRISC (obsolete), ->>18 leshort 0x9026 Alpha (unofficial), ->>20 lelong 0 invalid version ->>20 lelong 1 version 1 ->>36 lelong 1 MathCoPro/FPU/MAU Required ->5 byte 2 MSB ->>16 beshort 0 no file type, -!:mime application/octet-stream ->>16 beshort 1 relocatable, -!:mime application/x-object ->>16 beshort 2 executable, -!:mime application/x-executable ->>16 beshort 3 shared object, -!:mime application/x-sharedlib ->>16 beshort 4 core file, -!:mime application/x-coredump -#>>>(0x38+0xcc) string >\0 of '%s' -#>>>(0x38+0x10) belong >0 (signal %d), ->>16 beshort &0xff00 processor-specific, ->>18 beshort 0 no machine, ->>18 beshort 1 AT&T WE32100, ->>18 beshort 2 SPARC, ->>18 beshort 3 Intel 80386 - invalid byte order, ->>18 beshort 4 Motorola ->>>36 belong &0x01000000 68000, ->>>36 belong &0x00810000 CPU32, ->>>36 belong 0 68020, ->>18 beshort 5 Motorola 88000, ->>18 beshort 6 Intel 80486 - invalid byte order, ->>18 beshort 7 Intel 80860, -# only for MIPS - see comment in little-endian section above. ->>18 beshort 8 MIPS, ->>>36 belong &0x20 N32 ->>18 beshort 10 MIPS, ->>>36 belong &0x20 N32 ->>18 beshort 8 +>>4 byte 2 +>>>48 lelong&0xf0000000 0x00000000 MIPS-I +>>>48 lelong&0xf0000000 0x10000000 MIPS-II +>>>48 lelong&0xf0000000 0x20000000 MIPS-III +>>>48 lelong&0xf0000000 0x30000000 MIPS-IV +>>>48 lelong&0xf0000000 0x40000000 MIPS-V +>>>48 lelong&0xf0000000 0x50000000 MIPS32 +>>>48 lelong&0xf0000000 0x60000000 MIPS64 +>>>48 lelong&0xf0000000 0x70000000 MIPS32 rel2 +>>>48 lelong&0xf0000000 0x80000000 MIPS64 rel2 +>18 leshort 9 Amdahl, +>18 leshort 10 MIPS (deprecated), +>18 leshort 11 RS6000, +>18 leshort 15 PA-RISC, # only for 32-bit ->>>4 byte 1 ->>>>36 belong&0xf0000000 0x00000000 MIPS-I ->>>>36 belong&0xf0000000 0x10000000 MIPS-II ->>>>36 belong&0xf0000000 0x20000000 MIPS-III ->>>>36 belong&0xf0000000 0x30000000 MIPS-IV ->>>>36 belong&0xf0000000 0x40000000 MIPS-V ->>>>36 belong&0xf0000000 0x50000000 MIPS32 ->>>>36 belong&0xf0000000 0x60000000 MIPS64 ->>>>36 belong&0xf0000000 0x70000000 MIPS32 rel2 ->>>>36 belong&0xf0000000 0x80000000 MIPS64 rel2 +>>4 byte 1 +>>>38 leshort 0x0214 2.0 +>>>36 leshort &0x0008 (LP64) # only for 64-bit ->>>4 byte 2 ->>>>48 belong&0xf0000000 0x00000000 MIPS-I ->>>>48 belong&0xf0000000 0x10000000 MIPS-II ->>>>48 belong&0xf0000000 0x20000000 MIPS-III ->>>>48 belong&0xf0000000 0x30000000 MIPS-IV ->>>>48 belong&0xf0000000 0x40000000 MIPS-V ->>>>48 belong&0xf0000000 0x50000000 MIPS32 ->>>>48 belong&0xf0000000 0x60000000 MIPS64 ->>>>48 belong&0xf0000000 0x70000000 MIPS32 rel2 ->>>>48 belong&0xf0000000 0x80000000 MIPS64 rel2 ->>18 beshort 9 Amdahl, ->>18 beshort 10 MIPS (deprecated), ->>18 beshort 11 RS6000, ->>18 beshort 15 PA-RISC ->>>50 beshort 0x0214 2.0 ->>>48 beshort &0x0008 (LP64) ->>18 beshort 16 nCUBE, ->>18 beshort 17 Fujitsu VPP500, ->>18 beshort 18 SPARC32PLUS, ->>>36 belong&0xffff00 0x000100 V8+ Required, ->>>36 belong&0xffff00 0x000200 Sun UltraSPARC1 Extensions Required, ->>>36 belong&0xffff00 0x000400 HaL R1 Extensions Required, ->>>36 belong&0xffff00 0x000800 Sun UltraSPARC3 Extensions Required, ->>18 beshort 20 PowerPC or cisco 4500, ->>18 beshort 21 64-bit PowerPC or cisco 7500, ->>18 beshort 22 IBM S/390, ->>18 beshort 23 Cell SPU, ->>18 beshort 24 cisco SVIP, ->>18 beshort 25 cisco 7200, ->>18 beshort 36 NEC V800 or cisco 12000, ->>18 beshort 37 Fujitsu FR20, ->>18 beshort 38 TRW RH-32, ->>18 beshort 39 Motorola RCE, ->>18 beshort 40 ARM, ->>18 beshort 41 Alpha, ->>18 beshort 42 Renesas SH, ->>18 beshort 43 SPARC V9, ->>>48 belong&0xffff00 0x000200 Sun UltraSPARC1 Extensions Required, ->>>48 belong&0xffff00 0x000400 HaL R1 Extensions Required, ->>>48 belong&0xffff00 0x000800 Sun UltraSPARC3 Extensions Required, ->>>48 belong&0x3 0 total store ordering, ->>>48 belong&0x3 1 partial store ordering, ->>>48 belong&0x3 2 relaxed memory ordering, ->>18 beshort 44 Siemens Tricore Embedded Processor, ->>18 beshort 45 Argonaut RISC Core, Argonaut Technologies Inc., ->>18 beshort 46 Renesas H8/300, ->>18 beshort 47 Renesas H8/300H, ->>18 beshort 48 Renesas H8S, ->>18 beshort 49 Renesas H8/500, ->>18 beshort 50 IA-64, ->>18 beshort 51 Stanford MIPS-X, ->>18 beshort 52 Motorola Coldfire, ->>18 beshort 53 Motorola M68HC12, ->>18 beshort 73 Cray NV1, ->>18 beshort 75 Digital VAX, ->>18 beshort 88 Renesas M32R, ->>18 leshort 92 OpenRISC, ->>18 leshort 0x3426 OpenRISC (obsolete), ->>18 leshort 0x8472 OpenRISC (obsolete), ->>18 beshort 94 Tensilica Xtensa, ->>18 beshort 97 NatSemi 32k, ->>18 beshort 187 Tilera TILE64, ->>18 beshort 188 Tilera TILEPro, ->>18 beshort 191 Tilera TILE-Gx, ->>18 beshort 0x18ad AVR32 (unofficial), ->>18 beshort 0x9026 Alpha (unofficial), ->>18 beshort 0xa390 IBM S/390 (obsolete), ->>20 belong 0 invalid version ->>20 belong 1 version 1 ->>36 belong 1 MathCoPro/FPU/MAU Required +>>4 byte 2 +>>>50 leshort 0x0214 2.0 +>>>48 leshort &0x0008 (LP64) +>18 leshort 16 nCUBE, +>18 leshort 17 Fujitsu VPP500, +>18 leshort 18 SPARC32PLUS, +# only for 32-bit +>>4 byte 1 +>>>36 lelong&0xffff00 0x000100 V8+ Required, +>>>36 lelong&0xffff00 0x000200 Sun UltraSPARC1 Extensions Required, +>>>36 lelong&0xffff00 0x000400 HaL R1 Extensions Required, +>>>36 lelong&0xffff00 0x000800 Sun UltraSPARC3 Extensions Required, +>18 leshort 19 Intel 80960, +>18 leshort 20 PowerPC or cisco 4500, +>18 leshort 21 64-bit PowerPC or cisco 7500, +>18 leshort 22 IBM S/390, +>18 leshort 23 Cell SPU, +>18 leshort 24 cisco SVIP, +>18 leshort 25 cisco 7200, +>18 leshort 36 NEC V800 or cisco 12000, +>18 leshort 37 Fujitsu FR20, +>18 leshort 38 TRW RH-32, +>18 leshort 39 Motorola RCE, +>18 leshort 40 ARM, +>>4 byte 1 +>>>36 lelong&0xff000000 0x04000000 EABI4 +>>>36 lelong&0xff000000 0x05000000 EABI5 +>>>36 lelong &0x00800000 BE8 +>>>36 lelong &0x00400000 LE8 +>18 leshort 41 Alpha, +>18 leshort 42 Renesas SH, +>18 leshort 43 SPARC V9, +>>4 byte 2 +>>>48 lelong&0xffff00 0x000200 Sun UltraSPARC1 Extensions Required, +>>>48 lelong&0xffff00 0x000400 HaL R1 Extensions Required, +>>>48 lelong&0xffff00 0x000800 Sun UltraSPARC3 Extensions Required, +>>>48 lelong&0x3 0 total store ordering, +>>>48 lelong&0x3 1 partial store ordering, +>>>48 lelong&0x3 2 relaxed memory ordering, +>18 leshort 44 Siemens Tricore Embedded Processor, +>18 leshort 45 Argonaut RISC Core, Argonaut Technologies Inc., +>18 leshort 46 Renesas H8/300, +>18 leshort 47 Renesas H8/300H, +>18 leshort 48 Renesas H8S, +>18 leshort 49 Renesas H8/500, +>18 leshort 50 IA-64, +>18 leshort 51 Stanford MIPS-X, +>18 leshort 52 Motorola Coldfire, +>18 leshort 53 Motorola M68HC12, +>18 leshort 54 Fujitsu MMA, +>18 leshort 55 Siemens PCP, +>18 leshort 56 Sony nCPU, +>18 leshort 57 Denso NDR1, +>18 leshort 58 Start*Core, +>18 leshort 59 Toyota ME16, +>18 leshort 60 ST100, +>18 leshort 61 Tinyj emb., +>18 leshort 62 x86-64, +>18 leshort 63 Sony DSP, +>18 leshort 64 DEC PDP-10, +>18 leshort 65 DEC PDP-11, +>18 leshort 66 FX66, +>18 leshort 67 ST9+ 8/16 bit, +>18 leshort 68 ST7 8 bit, +>18 leshort 69 MC68HC16, +>18 leshort 70 MC68HC11, +>18 leshort 71 MC68HC08, +>18 leshort 72 MC68HC05, +>18 leshort 73 SGI SVx or Cray NV1, +>18 leshort 74 ST19 8 bit, +>18 leshort 75 Digital VAX, +>18 leshort 76 Axis cris, +>18 leshort 77 Infineon 32-bit embedded, +>18 leshort 78 Element 14 64-bit DSP, +>18 leshort 79 LSI Logic 16-bit DSP, +>18 leshort 80 MMIX, +>18 leshort 81 Harvard machine-independent, +>18 leshort 82 SiTera Prism, +>18 leshort 83 Atmel AVR 8-bit, +>18 leshort 84 Fujitsu FR30, +>18 leshort 85 Mitsubishi D10V, +>18 leshort 86 Mitsubishi D30V, +>18 leshort 87 NEC v850, +>18 leshort 88 Renesas M32R, +>18 leshort 89 Matsushita MN10300, +>18 leshort 90 Matsushita MN10200, +>18 leshort 91 picoJava, +>18 leshort 92 OpenRISC, +>18 leshort 93 ARC Cores Tangent-A5, +>18 leshort 94 Tensilica Xtensa, +>18 leshort 95 Alphamosaic VideoCore, +>18 leshort 96 Thompson Multimedia, +>18 leshort 97 NatSemi 32k, +>18 leshort 98 Tenor Network TPC, +>18 leshort 99 Trebia SNP 1000, +>18 leshort 100 STMicroelectronics ST200, +>18 leshort 101 Ubicom IP2022, +>18 leshort 102 MAX Processor, +>18 leshort 103 NatSemi CompactRISC, +>18 leshort 104 Fujitsu F2MC16, +>18 leshort 105 TI msp430, +>18 leshort 106 Analog Devices Blackfin, +>18 leshort 107 S1C33 Family of Seiko Epson, +>18 leshort 108 Sharp embedded, +>18 leshort 109 Arca RISC, +>18 leshort 110 PKU-Unity Ltd., +>18 leshort 111 eXcess: 16/32/64-bit, +>18 leshort 112 Icera Deep Execution Processor, +>18 leshort 113 Altera Nios II, +>18 leshort 114 NatSemi CRX, +>18 leshort 115 Motorola XGATE, +>18 leshort 116 Infineon C16x/XC16x, +>18 leshort 117 Renesas M16C series, +>18 leshort 118 Microchip dsPIC30F, +>18 leshort 119 Freescale RISC core, +>18 leshort 120 Renesas M32C series, +>18 leshort 131 Altium TSK3000 core, +>18 leshort 132 Freescale RS08, +>18 leshort 134 Cyan Technology eCOG2, +>18 leshort 135 Sunplus S+core7 RISC, +>18 leshort 136 New Japan Radio (NJR) 24-bit DSP, +>18 leshort 137 Broadcom VideoCore III, +>18 leshort 138 LatticeMico32, +>18 leshort 139 Seiko Epson C17 family, +>18 leshort 140 TI TMS320C6000 DSP family, +>18 leshort 141 TI TMS320C2000 DSP family, +>18 leshort 142 TI TMS320C55x DSP family, +>18 leshort 160 STMicroelectronics 64bit VLIW DSP, +>18 leshort 161 Cypress M8C, +>18 leshort 162 Renesas R32C series, +>18 leshort 163 NXP TriMedia family, +>18 leshort 164 QUALCOMM DSP6, +>18 leshort 165 Intel 8051 and variants, +>18 leshort 166 STMicroelectronics STxP7x family, +>18 leshort 167 Andes embedded RISC, +>18 leshort 168 Cyan eCOG1X family, +>18 leshort 169 Dallas MAXQ30, +>18 leshort 170 New Japan Radio (NJR) 16-bit DSP, +>18 leshort 171 M2000 Reconfigurable RISC, +>18 leshort 172 Cray NV2 vector architecture, +>18 leshort 173 Renesas RX family, +>18 leshort 174 META, +>18 leshort 175 MCST Elbrus, +>18 leshort 176 Cyan Technology eCOG16 family, +>18 leshort 177 NatSemi CompactRISC, +>18 leshort 178 Freescale Extended Time Processing Unit, +>18 leshort 179 Infineon SLE9X, +>18 leshort 180 Intel L1OM, +>18 leshort 181 Intel K1OM, +>18 leshort 183 ARM aarch64, +>18 leshort 185 Atmel 32-bit family, +>18 leshort 186 STMicroeletronics STM8 8-bit, +>18 leshort 187 Tilera TILE64, +>18 leshort 188 Tilera TILEPro, +>18 leshort 189 Xilinx MicroBlaze 32-bit RISC, +>18 leshort 190 NVIDIA CUDA architecture, +>18 leshort 191 Tilera TILE-Gx, +>18 leshort 197 Renesas RL78 family, +>18 leshort 199 Renesas 78K0R, +>18 leshort 0x1057 AVR (unofficial), +>18 leshort 0x1059 MSP430 (unofficial), +>18 leshort 0x1223 Adapteva Epiphany (unofficial), +>18 leshort 0x2530 Morpho MT (unofficial), +>18 leshort 0x3330 FR30 (unofficial), +>18 leshort 0x3426 OpenRISC (obsolete), +>18 leshort 0x4688 Infineon C166 (unofficial), +>18 leshort 0x5441 Cygnus FRV (unofficial), +>18 leshort 0x5aa5 DLX (unofficial), +>18 leshort 0x7650 Cygnus D10V (unofficial), +>18 leshort 0x7676 Cygnus D30V (unofficial), +>18 leshort 0x8217 Ubicom IP2xxx (unofficial), +>18 leshort 0x8472 OpenRISC (obsolete), +>18 leshort 0x9025 Cygnus PowerPC (unofficial), +>18 leshort 0x9026 Alpha (unofficial), +>18 leshort 0x9041 Cygnus M32R (unofficial), +>18 leshort 0x9080 Cygnus V850 (unofficial), +>18 leshort 0xa390 IBM S/390 (obsolete), +>18 leshort 0xabc7 Old Xtensa (unofficial), +>18 leshort 0xad45 xstormy16 (unofficial), +>18 leshort 0xbaab Old MicroBlaze (unofficial),, +>18 leshort 0xbeef Cygnus MN10300 (unofficial), +>18 leshort 0xdead Cygnus MN10200 (unofficial), +>18 leshort 0xf00d Toshiba MeP (unofficial), +>18 leshort 0xfeb0 Renesas M32C (unofficial), +>18 leshort 0xfeba Vitesse IQ2000 (unofficial), +>18 leshort 0xfebb NIOS (unofficial), +>18 leshort 0xfeed Moxie (unofficial), +>18 default x +>>18 leshort x *unknown arch 0x%x* +>20 lelong 0 invalid version +>20 lelong 1 version 1 + +0 string \177ELF ELF +!:strength *2 +>4 byte 0 invalid class +>4 byte 1 32-bit +>4 byte 2 64-bit +>5 byte 0 invalid byte order +>5 byte 1 LSB +>>0 use elf-le +>5 byte 2 MSB +>>0 use \^elf-le # Up to now only 0, 1 and 2 are defined; I've seen a file with 0x83, it seemed # like proper ELF, but extracting the string had bad results. >4 byte <0x80 diff --git a/contrib/file/magic/Magdir/epoc b/contrib/file/magic/Magdir/epoc index c67a8b66e7..6f4ab5fc38 100644 --- a/contrib/file/magic/Magdir/epoc +++ b/contrib/file/magic/Magdir/epoc @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: epoc,v 1.7 2009/09/19 16:28:09 christos Exp $ +# $File: epoc,v 1.9 2013/12/21 14:28:15 christos Exp $ # EPOC : file(1) magic for EPOC documents [Psion Series 5/Osaris/Geofox 1] # Stefan Praszalowicz and Peter Breitenlohner # Useful information for improving this file can be found at: @@ -21,6 +21,7 @@ !:mime application/x-epoc-word >>8 lelong 0x10000085 OPL program (TextEd) !:mime application/x-epoc-opl +>>8 lelong 0x10000087 Comms settings >>8 lelong 0x10000088 Sheet file !:mime application/x-epoc-sheet >>8 lelong 0x100001C4 EasyFax initialisation file @@ -29,11 +30,19 @@ >4 lelong 0x10000074 OPL application !:mime application/x-epoc-app >4 lelong 0x1000008A exported multi-bitmap image +>4 lelong 0x1000016D +>>8 lelong 0x10000087 Comms names 0 lelong 0x10000041 Psion Series 5 ROM multi-bitmap image 0 lelong 0x10000050 Psion Series 5 >4 lelong 0x1000006D database +>>8 lelong 0x10000084 Agenda file +!:mime application/x-epoc-agenda +>>8 lelong 0x10000086 Data file +!:mime application/x-epoc-data +>>8 lelong 0x10000CEA Jotter file +!:mime application/x-epoc-jotter >4 lelong 0x100000E4 ini file 0 lelong 0x10000079 Psion Series 5 binary: diff --git a/contrib/file/magic/Magdir/filesystems b/contrib/file/magic/Magdir/filesystems index af9695b9a4..b3796f5651 100644 --- a/contrib/file/magic/Magdir/filesystems +++ b/contrib/file/magic/Magdir/filesystems @@ -1,8 +1,189 @@ - #------------------------------------------------------------------------------ -# $File: filesystems,v 1.61 2011/01/10 14:01:10 christos Exp $ +# $File: filesystems,v 1.87 2014/03/01 03:04:06 christos Exp $ # filesystems: file(1) magic for different filesystems # +0 name partid +>0 ubyte 0x00 Unused +>0 ubyte 0x01 12-bit FAT +>0 ubyte 0x02 XENIX / +>0 ubyte 0x03 XENIX /usr +>0 ubyte 0x04 16-bit FAT, less than 32M +>0 ubyte 0x05 extended partition +>0 ubyte 0x06 16-bit FAT, more than 32M +>0 ubyte 0x07 OS/2 HPFS, NTFS, QNX2, Adv. UNIX +>0 ubyte 0x08 AIX or os, or etc. +>0 ubyte 0x09 AIX boot partition or Coherent +>0 ubyte 0x0a O/2 boot manager or Coherent swap +>0 ubyte 0x0b 32-bit FAT +>0 ubyte 0x0c 32-bit FAT, LBA-mapped +>0 ubyte 0x0d 7XXX, LBA-mapped +>0 ubyte 0x0e 16-bit FAT, LBA-mapped +>0 ubyte 0x0f extended partition, LBA-mapped +>0 ubyte 0x10 OPUS +>0 ubyte 0x11 OS/2 DOS 12-bit FAT +>0 ubyte 0x12 Compaq diagnostics +>0 ubyte 0x14 OS/2 DOS 16-bit FAT <32M +>0 ubyte 0x16 OS/2 DOS 16-bit FAT >=32M +>0 ubyte 0x17 OS/2 hidden IFS +>0 ubyte 0x18 AST Windows swapfile +>0 ubyte 0x19 Willowtech Photon coS +>0 ubyte 0x1b hidden win95 fat 32 +>0 ubyte 0x1c hidden win95 fat 32 lba +>0 ubyte 0x1d hidden win95 fat 16 lba +>0 ubyte 0x20 Willowsoft OFS1 +>0 ubyte 0x21 reserved +>0 ubyte 0x23 reserved +>0 ubyte 0x24 NEC DOS +>0 ubyte 0x26 reserved +>0 ubyte 0x31 reserved +>0 ubyte 0x32 Alien Internet Services NOS +>0 ubyte 0x33 reserved +>0 ubyte 0x34 reserved +>0 ubyte 0x35 JFS on OS2 +>0 ubyte 0x36 reserved +>0 ubyte 0x38 Theos +>0 ubyte 0x39 Plan 9, or Theos spanned +>0 ubyte 0x3a Theos ver 4 4gb partition +>0 ubyte 0x3b Theos ve 4 extended partition +>0 ubyte 0x3c PartitionMagic recovery +>0 ubyte 0x3d Hidden Netware +>0 ubyte 0x40 VENIX 286 or LynxOS +>0 ubyte 0x41 PReP +>0 ubyte 0x42 linux swap sharing DRDOS disk +>0 ubyte 0x43 linux sharing DRDOS disk +>0 ubyte 0x44 GoBack change utility +>0 ubyte 0x45 Boot US Boot manager +>0 ubyte 0x46 EUMEL/Elan or Ergos 3 +>0 ubyte 0x47 EUMEL/Elan or Ergos 3 +>0 ubyte 0x48 EUMEL/Elan or Ergos 3 +>0 ubyte 0x4a ALFX/THIN filesystem for DOS +>0 ubyte 0x4c Oberon partition +>0 ubyte 0x4d QNX4.x +>0 ubyte 0x4e QNX4.x 2nd part +>0 ubyte 0x4f QNX4.x 3rd part +>0 ubyte 0x50 DM (disk manager) +>0 ubyte 0x51 DM6 Aux1 (or Novell) +>0 ubyte 0x52 CP/M or Microport SysV/AT +>0 ubyte 0x53 DM6 Aux3 +>0 ubyte 0x54 DM6 DDO +>0 ubyte 0x55 EZ-Drive (disk manager) +>0 ubyte 0x56 Golden Bow (disk manager) +>0 ubyte 0x57 Drive PRO +>0 ubyte 0x5c Priam Edisk (disk manager) +>0 ubyte 0x61 SpeedStor +>0 ubyte 0x63 GNU HURD or Mach or Sys V/386 +>0 ubyte 0x64 Novell Netware 2.xx or Speedstore +>0 ubyte 0x65 Novell Netware 3.xx +>0 ubyte 0x66 Novell 386 Netware +>0 ubyte 0x67 Novell +>0 ubyte 0x68 Novell +>0 ubyte 0x69 Novell +>0 ubyte 0x70 DiskSecure Multi-Boot +>0 ubyte 0x71 reserved +>0 ubyte 0x73 reserved +>0 ubyte 0x74 reserved +>0 ubyte 0x75 PC/IX +>0 ubyte 0x76 reserved +>0 ubyte 0x77 M2FS/M2CS partition +>0 ubyte 0x78 XOSL boot loader filesystem +>0 ubyte 0x80 MINIX until 1.4a +>0 ubyte 0x81 MINIX since 1.4b +>0 ubyte 0x82 Linux swap or Solaris +>0 ubyte 0x83 Linux native +>0 ubyte 0x84 OS/2 hidden C: drive +>0 ubyte 0x85 Linux extended partition +>0 ubyte 0x86 NT FAT volume set +>0 ubyte 0x87 NTFS volume set or HPFS mirrored +>0 ubyte 0x8a Linux Kernel AiR-BOOT partition +>0 ubyte 0x8b Legacy Fault tolerant FAT32 +>0 ubyte 0x8c Legacy Fault tolerant FAT32 ext +>0 ubyte 0x8d Hidden free FDISK FAT12 +>0 ubyte 0x8e Linux Logical Volume Manager +>0 ubyte 0x90 Hidden free FDISK FAT16 +>0 ubyte 0x91 Hidden free FDISK DOS EXT +>0 ubyte 0x92 Hidden free FDISK FAT16 Big +>0 ubyte 0x93 Amoeba filesystem +>0 ubyte 0x94 Amoeba bad block table +>0 ubyte 0x95 MIT EXOPC native partitions +>0 ubyte 0x97 Hidden free FDISK FAT32 +>0 ubyte 0x98 Datalight ROM-DOS Super-Boot +>0 ubyte 0x99 Mylex EISA SCSI +>0 ubyte 0x9a Hidden free FDISK FAT16 LBA +>0 ubyte 0x9b Hidden free FDISK EXT LBA +>0 ubyte 0x9f BSDI? +>0 ubyte 0xa0 IBM Thinkpad hibernation +>0 ubyte 0xa1 HP Volume expansion (SpeedStor) +>0 ubyte 0xa3 HP Volume expansion (SpeedStor) +>0 ubyte 0xa4 HP Volume expansion (SpeedStor) +>0 ubyte 0xa5 386BSD partition type +>0 ubyte 0xa6 OpenBSD partition type +>0 ubyte 0xa7 NeXTSTEP 486 +>0 ubyte 0xa8 Apple UFS +>0 ubyte 0xa9 NetBSD partition type +>0 ubyte 0xaa Olivetty Fat12 1.44MB Service part +>0 ubyte 0xab Apple Boot +>0 ubyte 0xae SHAG OS filesystem +>0 ubyte 0xaf Apple HFS +>0 ubyte 0xb0 BootStar Dummy +>0 ubyte 0xb1 reserved +>0 ubyte 0xb3 reserved +>0 ubyte 0xb4 reserved +>0 ubyte 0xb6 reserved +>0 ubyte 0xb7 BSDI BSD/386 filesystem +>0 ubyte 0xb8 BSDI BSD/386 swap +>0 ubyte 0xbb Boot Wizard Hidden +>0 ubyte 0xbe Solaris 8 partition type +>0 ubyte 0xbf Solaris partition type +>0 ubyte 0xc0 CTOS +>0 ubyte 0xc1 DRDOS/sec (FAT-12) +>0 ubyte 0xc2 Hidden Linux +>0 ubyte 0xc3 Hidden Linux swap +>0 ubyte 0xc4 DRDOS/sec (FAT-16, < 32M) +>0 ubyte 0xc5 DRDOS/sec (EXT) +>0 ubyte 0xc6 DRDOS/sec (FAT-16, >= 32M) +>0 ubyte 0xc7 Syrinx (Cyrnix?) or HPFS disabled +>0 ubyte 0xc8 Reserved for DR-DOS 8.0+ +>0 ubyte 0xc9 Reserved for DR-DOS 8.0+ +>0 ubyte 0xca Reserved for DR-DOS 8.0+ +>0 ubyte 0xcb DR-DOS 7.04+ Secured FAT32 CHS +>0 ubyte 0xcc DR-DOS 7.04+ Secured FAT32 LBA +>0 ubyte 0xcd CTOS Memdump +>0 ubyte 0xce DR-DOS 7.04+ FAT16X LBA +>0 ubyte 0xcf DR-DOS 7.04+ EXT LBA +>0 ubyte 0xd0 REAL/32 secure big partition +>0 ubyte 0xd1 Old Multiuser DOS FAT12 +>0 ubyte 0xd4 Old Multiuser DOS FAT16 Small +>0 ubyte 0xd5 Old Multiuser DOS Extended +>0 ubyte 0xd6 Old Multiuser DOS FAT16 Big +>0 ubyte 0xd8 CP/M 86 +>0 ubyte 0xdb CP/M or Concurrent CP/M +>0 ubyte 0xdd Hidden CTOS Memdump +>0 ubyte 0xde Dell PowerEdge Server utilities +>0 ubyte 0xdf DG/UX virtual disk manager +>0 ubyte 0xe0 STMicroelectronics ST AVFS +>0 ubyte 0xe1 DOS access or SpeedStor 12-bit +>0 ubyte 0xe3 DOS R/O or Storage Dimensions +>0 ubyte 0xe4 SpeedStor 16-bit FAT < 1024 cyl. +>0 ubyte 0xe5 reserved +>0 ubyte 0xe6 reserved +>0 ubyte 0xeb BeOS +>0 ubyte 0xee GPT Protective MBR +>0 ubyte 0xef EFI system partition +>0 ubyte 0xf0 Linux PA-RISC boot loader +>0 ubyte 0xf1 SpeedStor or Storage Dimensions +>0 ubyte 0xf2 DOS 3.3+ Secondary +>0 ubyte 0xf3 reserved +>0 ubyte 0xf4 SpeedStor large partition +>0 ubyte 0xf5 Prologue multi-volumen partition +>0 ubyte 0xf6 reserved +>0 ubyte 0xf9 pCache: ext2/ext3 persistent cache +>0 ubyte 0xfa Bochs x86 emulator +>0 ubyte 0xfb VMware File System +>0 ubyte 0xfc VMware Swap +>0 ubyte 0xfd Linux RAID partition persistent sb +>0 ubyte 0xfe LANstep or IBM PS/2 IML +>0 ubyte 0xff Xenix Bad Block Table + 0 string \366\366\366\366 PC formatted floppy with no filesystem # Sun disk labels # From /usr/include/sun/dklabel.h: @@ -27,7 +208,8 @@ >>0770 long x %ld blocks # Is there a boot block written 1 sector in? >512 belong&077777777 0600407 \b, boot block present -# Joerg Jenderek: Smart Boot Manager backup file is 41 byte header + first sectors of disc + +# Joerg Jenderek: Smart Boot Manager backup file is 25 (MSDOS) or 41 (LINUX) byte header + first sectors of disk # (http://btmgr.sourceforge.net/docs/user-guide-3.html) 0 string SBMBAKUP_ Smart Boot Manager backup file >9 string x \b, version %-5.5s @@ -41,8 +223,10 @@ >>>>21 ubyte x \b, from drive 0x%x >>>22 ubyte >0 >>>>21 string x \b, from drive %s +>>>535 search/17 \x55\xAA +>>>>&-512 indirect x \b; contains -# Joerg Jenderek +# updated by Joerg Jenderek at Nov 2012 # DOS Emulator image is 128 byte, null right padded header + harddisc image 0 string DOSEMU\0 >0x27E leshort 0xAA55 @@ -52,17 +236,186 @@ >>>>7 ulelong >0 \b, %u heads >>>>11 ulelong >0 \b, %d sectors/track >>>>15 ulelong >0 \b, %d cylinders +>>>>128 indirect x \b; contains -# updated by Joerg Jenderek at Sep 2007 +# added by Joerg Jenderek at Nov 2012 +# http://www.thenakedpc.com/articles/v04/08/0408-05.html +# Symantec (Peter Norton) Image.dat file consists of variable header, bootrecord, part of FAT and root directory data +0 string PNCIHISK\0 Norton Utilities disc image data +# real x86 boot sector with jump instruction +>509 search/1026 \x55\xAA\xeb +>>&-1 indirect x \b; contains +# http://file-extension.net/seeker/file_extension_dat +0 string PNCIUNDO Norton Disk Doctor UnDo file +# + +# DOS/MBR boot sector updated by Joerg Jenderek at Sep 2007,May 2011 +# for any allowed sector sizes +30 search/481 \x55\xAA +# to display DOS/MBR boot sector (40) before old one (strength=50+21),Syslinux bootloader (71),SYSLINUX MBR (37+36),NetBSD mbr (110),AdvanceMAME mbr (111) +# DOS BPB information (70) and after DOS floppy (120) like in previous file version +!:strength +72 +# for sector sizes < 512 Bytes +>11 uleshort <512 +>>(11.s-2) uleshort 0xAA55 DOS/MBR boot sector +# for sector sizes with 512 or more Bytes +>0x1FE leshort 0xAA55 DOS/MBR boot sector +# keep old DOS/MBR boot sector as dummy for mbr and bootloader displaying # only for sector sizes with 512 or more Bytes -0x1FE leshort 0xAA55 x86 boot sector -# to do also for sectors < than 512 Bytes and some other files, GRR -#30 search/481 \x55\xAA x86 boot sector -# not for BeOS floppy 1440k, MBRs -#(11.s-2) uleshort 0xAA55 x86 boot sector +0x1FE leshort 0xAA55 DOS/MBR boot sector +!:strength +72 +# to display information (50) before DOS BPB (strength=70) and after DOS floppy (120) like in old file version +#!:strength +21 >2 string OSBS \b, OS/BS MBR -# J\xf6rg Jenderek ->0x8C string Invalid\ partition\ table \b, MS-DOS MBR +# added by Joerg Jenderek at Feb 2013 according to http://thestarman.pcministry.com/asm/mbr/ +# and http://en.wikipedia.org/wiki/Master_Boot_Record +# test for nearly all MS-DOS Master Boot Record initial program loader (IPL) is now done by +# characteristic assembler instructions: xor ax,ax;mov ss,ax;mov sp,7c00 +>0 search/2 \x33\xc0\x8e\xd0\xbc\x00\x7c MS-MBR +# Microsoft Windows 95A and early ( http://thestarman.pcministry.com/asm/mbr/STDMBR.htm ) +# assembler instructions: mov si,sp;push ax;pop es;push ax;pop ds;sti;cld +>>8 ubequad 0x8bf45007501ffbfc +# http://thestarman.pcministry.com/asm/mbr/200MBR.htm +>>>0x16 ubyte 0xF3 \b,DOS 2 +>>>>219 regex Author\ -\ Author: +# found "David Litton" , "A Pehrsson " +>>>>>&0 string x "%s" +>>>0x16 ubyte 0xF2 +# NEC MS-DOS 3.30 Rev. 3 . See http://thestarman.pcministry.com/asm/mbr/DOS33MBR.htm +# assembler instructions: mov di,077c;cmp word ptrl[di],a55a;jnz +>>>>0x22 ubequad 0xbf7c07813d5aa575 \b,NEC 3.3 +# version MS-DOS 3.30 til MS-Windows 95A (WinVer=4.00.1111) +>>>>0x22 default x \b,D0S version 3.3-7.0 +# error messages are printed by assembler instructions: mov si,06nn;...;int 10 (0xBEnn06;...) +# where nn is string offset varying for different languages +# "Invalid partition table" nn=0x8b for english version +>>>>>(0x49.b) string Invalid\ partition\ table english +>>>>>(0x49.b) string Ung\201ltige\ Partitionstabelle german +>>>>>(0x49.b) string Table\ de\ partition\ invalide french +>>>>>(0x49.b) string Tabela\ de\ parti\207ao\ inv\240lida portuguese +>>>>>(0x49.b) string Tabla\ de\ partici\242n\ no\ v\240lida spanish +>>>>>(0x49.b) string Tavola\ delle\ partizioni\ non\ valida italian +>>>>>0x49 ubyte >0 at offset 0x%x +>>>>>>(0x49.b) string >\0 "%s" +# "Error loading operating system" nn=0xa3 for english version +# "Fehler beim Laden des Betriebssystems" nn=0xa7 for german version +# "Erreur en chargeant syst\212me d'exploitation" nn=0xa7 for french version +# "Erro na inicializa\207ao do sistema operacional" nn=0xa7 for portuguese Brazilian version +# "Error al cargar sistema operativo" nn=0xa8 for spanish version +# "Errore durante il caricamento del sistema operativo" nn=0xae for italian version +>>>>>0x74 ubyte >0 at offset 0x%x +>>>>>>(0x74.b) string >\0 "%s" +# "Missing operating system" nn=0xc2 for english version +# "Betriebssystem fehlt" nn=0xcd for german version +# "Syst\212me d'exploitation absent" nn=0xd2 for french version +# "Sistema operacional nao encontrado" nn=0xd4 for portuguese Brazilian version +# "Falta sistema operativo" nn=0xca for spanish version +# "Sistema operativo mancante" nn=0xe2 for italian version +>>>>>0x79 ubyte >0 at offset 0x%x +>>>>>>(0x79.b) string >\0 "%s" +# Microsoft Windows 95B to XP (http://thestarman.pcministry.com/asm/mbr/95BMEMBR.htm) +# assembler instructions: push ax;pop es;push ax;pop ds;cld;mov si,7c1b +>>8 ubequad 0x5007501ffcbe1b7c +# assembler instructions: rep;movsb;retf;mov si,07be;mov cl,04 +>>>24 ubequad 0xf3a4cbbebe07b104 9M +# "Invalid partition table" nn=0x10F for english version +# "Ungültige Partitionstabelle" nn=0x10F for german version +# "Table de partition erronée" nn=0x10F for french version +# "\216\257\245\340\240\346\250\256\255\255\240\357 \341\250\341\342\245\254\240 \255\245 \255\240\251\244\245\255\240" nn=0x10F for russian version +>>>>(0x3C.b+0x0FF) string Invalid\ partition\ table english +>>>>(0x3C.b+0x0FF) string Ung\201ltige\ Partitionstabelle german +>>>>(0x3C.b+0x0FF) string Table\ de\ partition\ erron\202e french +>>>>(0x3C.b+0x0FF) string \215\245\257\340\240\242\250\253\354\255\240\357\ \342\240\241\253\250\346\240 russian +>>>>0x3C ubyte x at offset 0x%x+0xFF +>>>>(0x3C.b+0x0FF) string >\0 "%s" +# "Error loading operating system" nn=0x127 for english version +# "Fehler beim Laden des Betriebssystems" nn=0x12b for german version +# "Erreur lors du chargement du système d'exploitation" nn=0x12a for french version +# "\216\350\250\241\252\240 \257\340\250 \247\240\243\340\343\247\252\245 \256\257\245\340\240\346\250\256\255\255\256\251 \341\250\341\342\245\254\353" nn=0x12d for russian version +>>>>0xBD ubyte x at offset 0x1%x +>>>>(0xBD.b+0x100) string >\0 "%s" +# "Missing operating system" nn=0x146 for english version +# "Betriebssystem fehlt" nn=0x151 for german version +# "Système d'exploitation manquant" nn=0x15e for french version +# "\216\257\245\340\240\346\250\256\255\255\240\357 \341\250\341\342\245\254\240 \255\245 \255\240\251\244\245\255\240" nn=0x156 for russian version +>>>>0xA9 ubyte x at offset 0x1%x +>>>>(0xA9.b+0x100) string >\0 "%s" +# http://thestarman.pcministry.com/asm/mbr/Win2kmbr.htm +# assembler instructions: rep;movsb;retf;mov BP,07be;mov cl,04 +>>>24 ubequad 0xf3a4cbbdbe07b104 XP +# where xxyyzz are lower bits from offsets of error messages varying for different languages +>>>>0x1B4 ubelong&0x00FFFFFF 0x002c4463 english +>>>>0x1B4 ubelong&0x00FFFFFF 0x002c486e german +# "Invalid partition table" xx=0x12C for english version +# "Ungültige Partitionstabelle" xx=0x12C for german version +>>>>0x1b5 ubyte >0 at offset 0x1%x +>>>>(0x1b5.b+0x100) string >\0 "%s" +# "Error loading operating system" yy=0x144 for english version +# "Fehler beim Laden des Betriebssystems" yy=0x148 for german version +>>>>0x1b6 ubyte >0 at offset 0x1%x +>>>>(0x1b6.b+0x100) string >\0 "%s" +# "Missing operating system" zz=0x163 for english version +# "Betriebssystem nicht vorhanden" zz=0x16e for german version +>>>>0x1b7 ubyte >0 at offset 0x1%x +>>>>(0x1b7.b+0x100) string >\0 "%s" +# Microsoft Windows Vista or 7 +# assembler instructions: ..;mov ds,ax;mov si,7c00;mov di,..00 +>>8 ubequad 0xc08ed8be007cbf00 +# Microsoft Windows Vista (http://thestarman.pcministry.com/asm/mbr/VistaMBR.htm) +# assembler instructions: jnz 0729;cmp ebx,"TCPA" +>>>0xEC ubequad 0x753b6681fb544350 Vista +# where xxyyzz are lower bits from offsets of error messages varying for different languages +>>>>0x1B4 ubelong&0x00FFFFFF 0x00627a99 english +#>>>>0x1B4 ubelong&0x00FFFFFF ? german +# "Invalid partition table" xx=0x162 for english version +# "Ungültige Partitionstabelle" xx=0x1?? for german version +>>>>0x1b5 ubyte >0 at offset 0x1%x +>>>>(0x1b5.b+0x100) string >\0 "%s" +# "Error loading operating system" yy=0x17a for english version +# "Fehler beim Laden des Betriebssystems" yy= 0x1?? for german version +>>>>0x1b6 ubyte >0 at offset 0x1%x +>>>>(0x1b6.b+0x100) string >\0 "%s" +# "Missing operating system" zz=0x199 for english version +# "Betriebssystem nicht vorhanden" zz=0x1?? for german version +>>>>0x1b7 ubyte >0 at offset 0x1%x +>>>>(0x1b7.b+0x100) string >\0 "%s" +# Microsoft Windows 7 (http://thestarman.pcministry.com/asm/mbr/W7MBR.htm) +# assembler instructions: cmp ebx,"TCPA";cmp +>>>0xEC ubequad 0x6681fb5443504175 Windows 7 +# where xxyyzz are lower bits from offsets of error messages varying for different languages +>>>>0x1B4 ubelong&0x00FFFFFF 0x00637b9a english +#>>>>0x1B4 ubelong&0x00FFFFFF ? german +# "Invalid partition table" xx=0x163 for english version +# "Ungültige Partitionstabelle" xx=0x1?? for german version +>>>>0x1b5 ubyte >0 at offset 0x1%x +>>>>(0x1b5.b+0x100) string >\0 "%s" +# "Error loading operating system" yy=0x17b for english version +# "Fehler beim Laden des Betriebssystems" yy=0x1?? for german version +>>>>0x1b6 ubyte >0 at offset 0x1%x +>>>>(0x1b6.b+0x100) string >\0 "%s" +# "Missing operating system" zz=0x19a for english version +# "Betriebssystem nicht vorhanden" zz=0x1?? for german version +>>>>0x1b7 ubyte >0 at offset 0x1%x +>>>>(0x1b7.b+0x100) string >\0 "%s" +# http://thestarman.pcministry.com/asm/mbr/Win2kmbr.htm#DiskSigs +# http://en.wikipedia.org/wiki/MBR_disk_signature#ID +>>0x1b8 ulelong >0 \b, disk signature 0x%-.4x +# driveID/timestamp for Win 95B,98,98SE and ME. See http://thestarman.pcministry.com/asm/mbr/mystery.htm +>>0xDA uleshort 0 +>>>0xDC ulelong >0 \b, created +# physical drive number (0x80-0xFF) when the Windows wrote that byte to the drive +>>>>0xDC ubyte x with driveID 0x%x +# hours, minutes and seconds +>>>>0xDf ubyte x at %x +>>>>0xDe ubyte x \b:%x +>>>>0xDd ubyte x \b:%x +# special case for Microsoft MS-DOS 3.21 spanish +# assembler instructions: cli;mov $0x30,%ax;mov %ax,%ss;mov +>0 ubequad 0xfab830008ed0bc00 +# assembler instructions: $0x1f00,%sp;mov $0x80cb,%di;add %cl,(%bx,%si);in (%dx),%ax;mov +>>8 ubequad 0x1fbfcb800008ed8 MS-MBR,D0S version 3.21 spanish +# Microsoft MBR IPL end + # dr-dos with some upper-, lowercase variants >0x9D string Invalid\ partition\ table$ >>181 string No\ Operating\ System$ @@ -81,30 +434,9 @@ >>>>>>358 string Press\ any\ key\ to\ continue.\n\r$ >>>>>>>387 string Copyright\ (c)\ 1984,1998 >>>>>>>>411 string Caldera\ Inc.\0 \b, DR-DOS MBR (IBMBIO.LDR) ->0x10F string Ung\201ltige\ Partitionstabelle \b, MS-DOS MBR, german version 4.10.1998, 4.10.2222 ->>0x1B8 ubelong >0 \b, Serial 0x%-.4x ->0x8B string Ung\201ltige\ Partitionstabelle \b, MS-DOS MBR, german version 5.00 to 4.00.950 ->271 string Invalid\ partition\ table\0 ->>295 string Error\ loading\ operating\ system\0 ->>>326 string Missing\ operating\ system\0 \b, mbr # ->139 string Invalid\ partition\ table\0 ->>163 string Error\ loading\ operating\ system\0 ->>>194 string Missing\ operating\ system\0 \b, Microsoft Windows XP mbr -# http://www.heise.de/ct/05/09/006/ page 184 -#HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices\DosDevices\?:=Serial4Bytes+8Bytes ->>>>0x1B8 ulelong >0 \b,Serial 0x%-.4x ->300 string Invalid\ partition\ table\0 ->>324 string Error\ loading\ operating\ system\0 ->>>355 string Missing\ operating\ system\0 \b, Microsoft Windows XP MBR -#??>>>389 string Invalid\ system\ disk ->>>>0x1B8 ulelong >0 \b, Serial 0x%-.4x ->300 string Ung\201ltige\ Partitionstabelle -#split string to avoid error: String too long ->>328 string Fehler\ beim\ Laden\ ->>>346 string des\ Betriebssystems ->>>>366 string Betriebssystem\ nicht\ vorhanden \b, Microsoft Windows XP MBR (german) ->>>>>0x1B8 ulelong >0 \b, Serial 0x%-.4x +# tests for different MS-DOS Master Boot Records (MBR) moved and merged +# #>0x145 string Default:\ F \b, FREE-DOS MBR #>0x14B string Default:\ F \b, FREE-DOS 1.0 MBR >0x145 search/7 Default:\ F \b, FREE-DOS MBR @@ -131,8 +463,7 @@ >>>>>>>420 ubyte&0x0F 0Xf \b ask >>>>>420 ubyte x \b) # ->271 string Operating\ system\ loading ->>296 string error\r \b, SYSLINUX MBR (2.10) +# SYSLINUX MBR moved # http://www.acronis.de/ >362 string MBR\ Error\ \0\r >>376 string ress\ any\ key\ to\ @@ -193,81 +524,56 @@ >>>>321 string Loading\ stage1.5 \b, GRUB version x.y >>>380 string Geom\0Hard\ Disk\0Read\0\ Error\0 >>>>374 string GRUB\ \0 \b, GRUB version n.m -# http://syslinux.zytor.com/ ->478 string Boot\ failed\r ->>495 string LDLINUX\ SYS \b, SYSLINUX bootloader (1.62) ->480 string Boot\ failed\r ->>495 string LDLINUX\ SYS \b, SYSLINUX bootloader (2.06 or 2.11) ->484 string Boot\ error\r \b, SYSLINUX bootloader (3.11) +# SYSLINUX bootloader moved >395 string chksum\0\ ERROR!\0 \b, Gujin bootloader # http://www.bcdwb.de/bcdw/index_e.htm >3 string BCDL >>498 string BCDL\ \ \ \ BIN \b, Bootable CD Loader (1.50Z) -# mbr partition table entries -# OEM-ID does not contain MicroSoft,NEWLDR,DOS,SYSLINUX,or MTOOLs ->3 string !MS ->>3 string !SYSLINUX ->>>3 string !MTOOL ->>>>3 string !NEWLDR ->>>>>5 string !DOS -# not FAT (32 bit) ->>>>>>82 string !FAT32 -#not Linux kernel ->>>>>>>514 string !HdrS -#not BeOS ->>>>>>>>422 string !Be\ Boot\ Loader -# active flag 0 or 0x80 and type > 0 ->>>>>>>>>446 ubyte <0x81 ->>>>>>>>>>446 ubyte&0x7F 0 ->>>>>>>>>>>450 ubyte >0 \b; partition 1: ID=0x%x ->>>>>>>>>>>>446 ubyte 0x80 \b, active ->>>>>>>>>>>>447 ubyte x \b, starthead %u -#>>>>>>>>>>>>448 ubyte x \b, start C_S: 0x%x -#>>>>>>>>>>>>448 ubeshort&1023 x \b, startcylinder? %d ->>>>>>>>>>>>454 ulelong x \b, startsector %u ->>>>>>>>>>>>458 ulelong x \b, %u sectors -# ->>>>>>>>>462 ubyte <0x81 ->>>>>>>>>>462 ubyte&0x7F 0 ->>>>>>>>>>>466 ubyte >0 \b; partition 2: ID=0x%x ->>>>>>>>>>>>462 ubyte 0x80 \b, active ->>>>>>>>>>>>463 ubyte x \b, starthead %u -#>>>>>>>>>>>>464 ubyte x \b, start C_S: 0x%x -#>>>>>>>>>>>>464 ubeshort&1023 x \b, startcylinder? %d ->>>>>>>>>>>>470 ulelong x \b, startsector %u ->>>>>>>>>>>>474 ulelong x \b, %u sectors -# ->>>>>>>>>478 ubyte <0x81 ->>>>>>>>>>478 ubyte&0x7F 0 ->>>>>>>>>>>482 ubyte >0 \b; partition 3: ID=0x%x ->>>>>>>>>>>>478 ubyte 0x80 \b, active ->>>>>>>>>>>>479 ubyte x \b, starthead %u -#>>>>>>>>>>>>480 ubyte x \b, start C_S: 0x%x -#>>>>>>>>>>>>481 ubyte x \b, start C2S: 0x%x -#>>>>>>>>>>>>480 ubeshort&1023 x \b, startcylinder? %d ->>>>>>>>>>>>486 ulelong x \b, startsector %u ->>>>>>>>>>>>490 ulelong x \b, %u sectors -# ->>>>>>>>>494 ubyte <0x81 ->>>>>>>>>>494 ubyte&0x7F 0 ->>>>>>>>>>>498 ubyte >0 \b; partition 4: ID=0x%x ->>>>>>>>>>>>494 ubyte 0x80 \b, active ->>>>>>>>>>>>495 ubyte x \b, starthead %u -#>>>>>>>>>>>>496 ubyte x \b, start C_S: 0x%x -#>>>>>>>>>>>>496 ubeshort&1023 x \b, startcylinder? %d ->>>>>>>>>>>>502 ulelong x \b, startsector %u ->>>>>>>>>>>>506 ulelong x \b, %u sectors +# mbr partition table entries updated by Joerg Jenderek at Sep 2013 +# skip Norton Utilities disc image data +>3 string !IHISK +# skip Linux style boot sector starting with assember instructions mov 0x7c0,ax; +>>0 belong !0xb8c0078e +# not Linux kernel +>>>514 string !HdrS +# not BeOS +>>>>422 string !Be\ Boot\ Loader +# jump over BPB instruction implies DOS bootsector or AdvanceMAME mbr +>>>>>0 ubelong&0xFD000000 =0xE9000000 +# AdvanceMAME mbr +>>>>>>(1.b+2) ubequad 0xfa31c08ed88ec08e +>>>>>>>446 use partition-table +# mbr, Norton Utilities disc image data, or 2nd,etc. sector of x86 bootloader +>>>>>0 ubelong&0xFD000000 !0xE9000000 +# skip FSInfosector +>>>>>>0 string !RRaA +# skip 3rd sector of MS x86 bootloader with assember instructions cli;MOVZX EAX,BYTE PTR [BP+10];MOV ECX, +# http://thestarman.pcministry.com/asm/mbr/MSWIN41.htm +>>>>>>>0 ubequad !0xfa660fb64610668b +# skip 13rd sector of MS x86 bootloader +>>>>>>>>0 ubequad !0x660fb64610668b4e +# skip sector starting with DOS new line +>>>>>>>>>0 string !\r\n +# allowed active flag 0,80h-FFh +>>>>>>>>>>446 ubyte 0 +>>>>>>>>>>>446 use partition-table +>>>>>>>>>>446 ubyte >0x7F +>>>>>>>>>>>446 use partition-table +# TODO: test for extended bootrecord (ebr) moved and merged with mbr partition table entries # mbr partition table entries end # http://www.acronis.de/ #FAT label=ACRONIS\ SZ #OEM-ID=BOOTWIZ0 >442 string Non-system\ disk,\ >>459 string press\ any\ key...\x7\0 \b, Acronis Startup Recovery Loader -# DOS names like F11.SYS are 8 right space padded bytes+3 bytes +# updated by Joerg Jenderek at Nov 2012 +# DOS names like F11.SYS or BOOTWIZ.SYS are 8 right space padded bytes+3 bytes >>>477 ubyte&0xDF >0 >>>>477 string x \b %-.3s >>>>>480 ubyte&0xDF >0 ->>>>>>480 string x \b%-.5s +>>>>>>480 string x \b%-.4s +>>>>>>>484 ubyte&0xDF >0 +>>>>>>>>484 string x \b%-.1s >>>>485 ubyte&0xDF >0 >>>>>485 string x \b.%-.3s # @@ -279,24 +585,39 @@ >>>>>291 string and\ press\ any\ key.\n\r \b, FDBOOT harddisk Bootloader >>>>>>200 string >\0 \b, version %-3s >242 string Bootsector\ from\ C.H.\ Hochst\204 ->>278 string No\ Systemdisk.\ ->>>293 string Booting\ from\ harddisk.\n\r ->>>441 string Cannot\ load\ from\ harddisk.\n\r ->>>>469 string Insert\ Systemdisk\ ->>>>>487 string and\ press\ any\ key.\n\r \b, WinImage harddisk Bootloader ->>>>>>209 string >\0 \b, version %-4.4s +# http://freecode.com/projects/dosfstools dosfstools-n.m/src/mkdosfs.c +# updated by Joerg Jenderek at Nov 2012. Use search directive with offset instead of string +# skip name "C.H. Hochstaetter" partly because it is sometimes written without umlaut +>242 search/127 Bootsector\ from\ C.H.\ Hochst +>>278 search/127 No\ Systemdisk.\ Booting\ from\ harddisk +# followed by variants with point,CR-NL or NL-CR +>>>208 search/261 Cannot\ load\ from\ harddisk. +# followed by variants CR-NL or NL-CR +>>>>236 search/235 Insert\ Systemdisk\ and\ press\ any\ key. +# followed by variants with point,CR-NL or NL-CR +>>>>>180 search/96 Disk\ formatted\ with\ WinImage\ \b, WinImage harddisk Bootloader +# followed by string like "6.50 (c) 1993-2004 Gilles Vollant" +>>>>>>&0 string x \b, version %-4.4s >(1.b+2) ubyte 0xe >>(1.b+3) ubyte 0x1f >>>(1.b+4) ubyte 0xbe ->>>>(1.b+5) ubyte 0x77 ->>>>(1.b+6) ubyte 0x7c ->>>>>(1.b+7) ubyte 0xac ->>>>>>(1.b+8) ubyte 0x22 ->>>>>>>(1.b+9) ubyte 0xc0 ->>>>>>>>(1.b+10) ubyte 0x74 ->>>>>>>>>(1.b+11) ubyte 0xb ->>>>>>>>>>(1.b+12) ubyte 0x56 ->>>>>>>>>>(1.b+13) ubyte 0xb4 \b, mkdosfs boot message display +# message offset found at (1.b+5) is 0x77 for FAT32 or 0x5b for others +>>>>(1.b+5) ubyte&0xd3 0x53 +>>>>>(1.b+6) ubyte 0x7c +# assembler instructions: lodsb;and al,al;jz 0xb;push si;mov ah, +>>>>>>(1.b+7) ubyte 0xac +>>>>>>>(1.b+8) ubyte 0x22 +>>>>>>>>(1.b+9) ubyte 0xc0 +>>>>>>>>>(1.b+10) ubyte 0x74 +>>>>>>>>>>(1.b+11) ubyte 0x0b +>>>>>>>>>>>(1.b+12) ubyte 0x56 +>>>>>>>>>>>>(1.b+13) ubyte 0xb4 \b, mkdosfs boot message display +# FAT1X version +>>>>>>>>>>>>>(1.b+5) ubyte 0x5b +>>>>>>>>>>>>>>0x5b string >\0 "%-s" +# FAT32 version +>>>>>>>>>>>>>(1.b+5) ubyte 0x77 +>>>>>>>>>>>>>>0x77 string >\0 "%-s" >214 string Please\ try\ to\ install\ FreeDOS\ \b, DOS Emulator boot message display #>>244 string from\ dosemu-freedos-*-bin.tgz\r #>>>170 string Sorry,\ could\ not\ load\ an\ @@ -762,6 +1083,52 @@ >>>>>492 string RENF \b, FAT (12 bit) >>>>>495 string RENF \b, FAT (16 bit) # x86 bootloader end + +# by Joerg Jenderek at Apr 2013 +# Print the DOS filenames from directory entry form with 8 right space padded bytes + 3 bytes for extension +# like IO.SYS. MSDOS.SYS , KERNEL.SYS , DRBIO.SYS +0 name DOS-filename +# space=0x20 (00100000b) means empty +>0 ubyte&0xDF >0 +>>0 ubyte x \b%c +>>>1 ubyte&0xDF >0 +>>>>1 ubyte x \b%c +>>>>>2 ubyte&0xDF >0 +>>>>>>2 ubyte x \b%c +>>>>>>>3 ubyte&0xDF >0 +>>>>>>>>3 ubyte x \b%c +>>>>>>>>>4 ubyte&0xDF >0 +>>>>>>>>>>4 ubyte x \b%c +>>>>>>>>>>>5 ubyte&0xDF >0 +>>>>>>>>>>>>5 ubyte x \b%c +>>>>>>>>>>>>>6 ubyte&0xDF >0 +>>>>>>>>>>>>>>6 ubyte x \b%c +>>>>>>>>>>>>>>>7 ubyte&0xDF >0 +>>>>>>>>>>>>>>>>7 ubyte x \b%c +# DOS filename extension +>>8 ubyte&0xDF >0 \b. +>>>8 ubyte x \b%c +>>>>9 ubyte&0xDF >0 +>>>>>9 ubyte x \b%c +>>>>>>10 ubyte&0xDF >0 +>>>>>>>10 ubyte x \b%c +# Print 2 following DOS filenames from directory entry form +# like IO.SYS+MSDOS.SYS or ibmbio.com+ibmdos.com +0 name 2xDOS-filename +# display 1 space +>0 ubyte x \b +>0 use DOS-filename +>11 ubyte x \b+ +>11 use DOS-filename + +# added by Joerg Jenderek at Feb 2013 according to http://thestarman.pcministry.com/asm/mbr/MSWIN41.htm#FSINFO +# and http://en.wikipedia.org/wiki/File_Allocation_Table#FS_Information_Sector +>0 string RRaA +>>0x1E4 string rrAa \b, FSInfosector +#>>0x1FC uleshort =0 SHOULD BE ZERO +>>>0x1E8 ulelong <0xffffffff \b, %u free clusters +>>>0x1EC ulelong <0xffffffff \b, last allocated cluster %u + # updated by Joerg Jenderek at Sep 2007 >3 ubyte 0 #no active flag @@ -776,148 +1143,62 @@ >>>>>>>466 ubyte 0x05 \b, extended partition table >>>>>>>466 ubyte 0x0F \b, extended partition table (LBA) >>>>>>>466 ubyte 0x0 \b, extended partition table (last) -# JuMP short bootcodeoffset NOP assembler instructions will usually be EB xx 90 -# http://mirror.href.com/thestarman/asm/2bytejumps.htmm#FWD -# older drives may use Near JuMP instruction E9 xx xx ->0 lelong&0x009000EB 0x009000EB ->0 lelong&0x000000E9 0x000000E9 -# minimal short forward jump found 03cx?? -# maximal short forward jump is 07fx ->1 ubyte <0xff \b, code offset 0x%x -# mtools-3.9.8/msdos.h -# usual values are marked with comments to get only informations of strange FAT systems -# valid sectorsize must be a power of 2 from 32 to 32768 ->>11 uleshort&0x000f x ->>>11 uleshort <32769 ->>>>11 uleshort >31 ->>>>>21 ubyte&0xf0 0xF0 ->>>>>>3 string >\0 \b, OEM-ID "%8.8s" -#http://mirror.href.com/thestarman/asm/debug/debug2.htm#IHC ->>>>>>>8 string IHC \b cached by Windows 9M ->>>>>>11 uleshort >512 \b, Bytes/sector %u -#>>>>>>11 uleshort =512 \b, Bytes/sector %u=512 (usual) ->>>>>>11 uleshort <512 \b, Bytes/sector %u ->>>>>>13 ubyte >1 \b, sectors/cluster %u -#>>>>>>13 ubyte =1 \b, sectors/cluster %u (usual on Floppies) ->>>>>>14 uleshort >32 \b, reserved sectors %u -#>>>>>>14 uleshort =32 \b, reserved sectors %u (usual Fat32) -#>>>>>>14 uleshort >1 \b, reserved sectors %u -#>>>>>>14 uleshort =1 \b, reserved sectors %u (usual FAT12,FAT16) ->>>>>>14 uleshort <1 \b, reserved sectors %u ->>>>>>16 ubyte >2 \b, FATs %u -#>>>>>>16 ubyte =2 \b, FATs %u (usual) ->>>>>>16 ubyte =1 \b, FAT %u ->>>>>>16 ubyte >0 ->>>>>>17 uleshort >0 \b, root entries %u -#>>>>>>17 uleshort =0 \b, root entries %u=0 (usual Fat32) ->>>>>>19 uleshort >0 \b, sectors %u (volumes <=32 MB) -#>>>>>>19 uleshort =0 \b, sectors %u=0 (usual Fat32) ->>>>>>21 ubyte >0xF0 \b, Media descriptor 0x%x -#>>>>>>21 ubyte =0xF0 \b, Media descriptor 0x%x (usual floppy) ->>>>>>21 ubyte <0xF0 \b, Media descriptor 0x%x ->>>>>>22 uleshort >0 \b, sectors/FAT %u -#>>>>>>22 uleshort =0 \b, sectors/FAT %u=0 (usual Fat32) ->>>>>>26 ubyte >2 \b, heads %u -#>>>>>>26 ubyte =2 \b, heads %u (usual floppy) ->>>>>>26 ubyte =1 \b, heads %u -#skip for Digital Research DOS (version 3.41) 1440 kB Bootdisk ->>>>>>38 ubyte !0x70 ->>>>>>>28 ulelong >0 \b, hidden sectors %u -#>>>>>>>28 ulelong =0 \b, hidden sectors %u (usual floppy) ->>>>>>>32 ulelong >0 \b, sectors %u (volumes > 32 MB) -#>>>>>>>32 ulelong =0 \b, sectors %u (volumes > 32 MB) -# FAT<32 specific ->>>>>>82 string !FAT32 -#>>>>>>>36 ubyte 0x80 \b, physical drive 0x%x=0x80 (usual harddisk) -#>>>>>>>36 ubyte 0 \b, physical drive 0x%x=0 (usual floppy) ->>>>>>>36 ubyte !0x80 ->>>>>>>>36 ubyte !0 \b, physical drive 0x%x ->>>>>>>37 ubyte >0 \b, reserved 0x%x -#>>>>>>>37 ubyte =0 \b, reserved 0x%x ->>>>>>>38 ubyte >0x29 \b, dos < 4.0 BootSector (0x%x) ->>>>>>>38 ubyte <0x29 \b, dos < 4.0 BootSector (0x%x) ->>>>>>>38 ubyte =0x29 ->>>>>>>>39 ulelong x \b, serial number 0x%x ->>>>>>>>43 string >>>>>>>43 string >NO\ NAME \b, label: "%11.11s" ->>>>>>>>43 string =NO\ NAME \b, unlabeled ->>>>>>>54 string FAT \b, FAT ->>>>>>>>54 string FAT12 \b (12 bit) ->>>>>>>>54 string FAT16 \b (16 bit) -# FAT32 specific ->>>>>>82 string FAT32 \b, FAT (32 bit) ->>>>>>>36 ulelong x \b, sectors/FAT %u ->>>>>>>40 uleshort >0 \b, extension flags %u -#>>>>>>>40 uleshort =0 \b, extension flags %u ->>>>>>>42 uleshort >0 \b, fsVersion %u -#>>>>>>>42 uleshort =0 \b, fsVersion %u (usual) ->>>>>>>44 ulelong >2 \b, rootdir cluster %u -#>>>>>>>44 ulelong =2 \b, rootdir cluster %u -#>>>>>>>44 ulelong =1 \b, rootdir cluster %u ->>>>>>>48 uleshort >1 \b, infoSector %u -#>>>>>>>48 uleshort =1 \b, infoSector %u (usual) ->>>>>>>48 uleshort <1 \b, infoSector %u ->>>>>>>50 uleshort >6 \b, Backup boot sector %u -#>>>>>>>50 uleshort =6 \b, Backup boot sector %u (usual) ->>>>>>>50 uleshort <6 \b, Backup boot sector %u ->>>>>>>54 ulelong >0 \b, reserved1 0x%x ->>>>>>>58 ulelong >0 \b, reserved2 0x%x ->>>>>>>62 ulelong >0 \b, reserved3 0x%x -# same structure as FAT1X ->>>>>>>64 ubyte >0x80 \b, physical drive 0x%x -#>>>>>>>64 ubyte =0x80 \b, physical drive 0x%x=80 (usual harddisk) ->>>>>>>64 ubyte&0x7F >0 \b, physical drive 0x%x -#>>>>>>>64 ubyte =0 \b, physical drive 0x%x=0 (usual floppy) ->>>>>>>65 ubyte >0 \b, reserved 0x%x ->>>>>>>66 ubyte >0x29 \b, dos < 4.0 BootSector (0x%x) ->>>>>>>66 ubyte <0x29 \b, dos < 4.0 BootSector (0x%x) ->>>>>>>66 ubyte =0x29 ->>>>>>>>67 ulelong x \b, serial number 0x%x ->>>>>>>>71 string >>>>>>71 string >NO\ NAME \b, label: "%11.11s" ->>>>>>>71 string =NO\ NAME \b, unlabeled -### FATs end ->0x200 lelong 0x82564557 \b, BSD disklabel -# FATX -0 string FATX FATX filesystem data +# DOS x86 sector separated and moved from "DOS/MBR boot sector" by Joerg Jenderek at May 2011 -# Minix filesystems - Juan Cespedes -0x410 leshort 0x137f -!:strength / 2 ->0x402 beshort < 100 Minix filesystem, V1, %d zones ->0x1e string minix \b, bootable -0x410 beshort 0x137f -!:strength / 2 ->0x402 beshort < 100 Minix filesystem, V1 (big endian), %d zones ->0x1e string minix \b, bootable -0x410 leshort 0x138f -!:strength / 2 ->0x402 beshort < 100 Minix filesystem, V1, 30 char names, %d zones ->0x1e string minix \b, bootable -0x410 beshort 0x138f -!:strength / 2 ->0x402 beshort < 100 Minix filesystem, V1, 30 char names (big endian), %d zones ->0x1e string minix \b, bootable -0x410 leshort 0x2468 ->0x402 beshort < 100 Minix filesystem, V2, %d zones ->0x1e string minix \b, bootable -0x410 beshort 0x2468 ->0x402 beshort < 100 Minix filesystem, V2 (big endian), %d zones ->0x1e string minix \b, bootable +>0x200 lelong 0x82564557 \b, BSD disklabel -0x410 leshort 0x2478 ->0x402 beshort < 100 Minix filesystem, V2, 30 char names, %d zones ->0x1e string minix \b, bootable -0x410 leshort 0x2478 ->0x402 beshort < 100 Minix filesystem, V2, 30 char names, %d zones ->0x1e string minix \b, bootable -0x410 beshort 0x2478 ->0x402 beshort !0 Minix filesystem, V2, 30 char names (big endian), %d zones ->0x1e string minix \b, bootable -0x410 leshort 0x4d5a ->0x402 beshort !0 Minix filesystem, V3, %d zones ->0x1e string minix \b, bootable +# http://en.wikipedia.org/wiki/Master_boot_record#PTE +# display standard partition table +0 name partition-table +#>0 ubyte x PARTITION-TABLE +# test and display 1st til 4th partition table entry +>0 use partition-entry-test +>16 use partition-entry-test +>32 use partition-entry-test +>48 use partition-entry-test +# test for entry of partition table +0 name partition-entry-test +# partition type ID > 0 +>4 ubyte >0 +# active flag 0 +>>0 ubyte 0 +>>>0 use partition-entry +# active flag 0x80, 0x81, ... +>>0 ubyte >0x7F +>>>0 use partition-entry +# Print entry of partition table +0 name partition-entry +# partition type ID > 0 +>4 ubyte >0 \b; partition +>>64 leshort 0xAA55 1 +>>48 leshort 0xAA55 2 +>>32 leshort 0xAA55 3 +>>16 leshort 0xAA55 4 +>>4 ubyte x : ID=0x%x +>>0 ubyte&0x80 0x80 \b, active +>>0 ubyte >0x80 0x%x +>>1 ubyte x \b, start-CHS ( +>>1 use partition-chs +>>5 ubyte x \b), end-CHS ( +>>5 use partition-chs +>>8 ulelong x \b), startsector %u +>>12 ulelong x \b, %u sectors +# Print cylinder,head,sector (CHS) of partition entry +0 name partition-chs +# cylinder +>1 ubyte x \b0x +>1 ubyte&0xC0 0x40 \b1 +>1 ubyte&0xC0 0x80 \b2 +>1 ubyte&0xC0 0xC0 \b3 +>2 ubyte x \b%x +# head +>0 ubyte x \b,%u +# sector +>1 ubyte&0x3F x \b,%u + +# FATX +0 string FATX FATX filesystem data # romfs filesystems - Juan Cespedes 0 string -rom1fs- romfs filesystem, version 1 @@ -933,12 +1214,143 @@ 0x18b string OS/2 OS/2 Boot Manager -# updated by Joerg Jenderek at Oct 2008!! +# updated by Joerg Jenderek at Oct 2008 and Sep 2012 # http://syslinux.zytor.com/iso.php -0 ulelong 0x7c40eafa isolinux Loader +# tested with versions 1.47,1.48,1.49,1.50,1.62,1.76,2.00,2.10;3.00,3.11,3.31,;3.70,3.71,3.73,3.75,3.80,3.82,3.84,3.86,4.01,4.03 and 4.05 +# assembler instructions: cli;jmp 0:7Cyy (yy=0x40,0x5e,0x6c,0x6e,0x77);nop;nop +0 ulequad&0x909000007cc0eafa 0x909000007c40eafa +>631 search/689 ISOLINUX\ isolinux Loader +>>&0 string x (version %-4.4s) # http://syslinux.zytor.com/pxe.php -0 ulelong 0x007c05ea pxelinux Loader -0 ulelong 0x60669c66 pxelinux Loader +# assembler instructions: jmp 7C05 +0 ulelong 0x007c05ea pxelinux loader (version 2.13 or older) +# assembler instructions: pushfd;pushad +0 ulelong 0x60669c66 pxelinux loader +# assembler instructions: jmp 05 +0 ulelong 0xc00005ea pxelinux loader (version 3.70 or newer) +# http://syslinux.zytor.com/wiki/index.php/SYSLINUX +0 string LDLINUX\ SYS\ SYSLINUX loader +>12 string x (older version %-4.4s) +0 string \r\nSYSLINUX\ SYSLINUX loader +>11 string x (version %-4.4s) +# syslinux updated and separated from "DOS/MBR boot sector" by Joerg Jenderek at Sep 2012 +# assembler instructions: jmp yy (yy=0x3c,0x58);nop;"SYSLINUX" +0 ulelong&0x80909bEB 0x009018EB +# OEM-ID not always "SYSLINUX" +>434 search/47 Boot\ failed +# followed by \r\n\0 or :\ +>>482 search/132 \0LDLINUX\ SYS Syslinux bootloader (version 2.13 or older) +>>1 ubyte 0x58 Syslinux bootloader (version 3.0-3.9) +>459 search/30 Boot\ error\r\n\0 +>>1 ubyte 0x58 Syslinux bootloader (version 3.10 or newer) +# SYSLINUX MBR updated and separated from "DOS/MBR boot sector" by Joerg Jenderek at Sep 2012 +# assembler instructions: mov di,0600h;mov cx,0100h +16 search/4 \xbf\x00\x06\xb9\x00\x01 +# to display SYSLINUX MBR (36) before old DOS/MBR boot sector one with partition table (strength=50+21) +!:strength +36 +>94 search/249 Missing\ operating\ system +# followed by \r for versions older 3.35 , .\r for versions newer 3.52 and point for other +# skip Ranish MBR +>>408 search/4 HD1/\0 +>>408 default x +>>>250 search/118 \0Operating\ system\ load SYSLINUX MBR +# followed by "ing " or space +>>>>292 search/98 error +>>>>>&0 string \r (version 3.35 or older) +>>>>>&0 string .\r (version 3.52 or newer) +>>>>>&0 default x (version 3.36-3.51 ) +>368 search/106 \0Disk\ error\ on\ boot\r\n SYSLINUX GPT-MBR +>>156 search/10 \0Boot\ partition\ not\ found\r\n +>>>270 search/10 \0OS\ not\ bootable\r\n (version 3.86 or older) +>>174 search/10 \0Missing\ OS\r\n +>>>189 search/10 \0Multiple\ active\ partitions\r\n (version 4.00 or newer) +# SYSLINUX END + +# NetBSD mbr variants (master-boot-code version 1.22) added by Joerg Jenderek at Nov 2012 +# assembler instructions: xor ax,ax;mov ax,ss;mov sp,0x7c00;mov ax, +0 ubequad 0x31c08ed0bc007c8e +# mbr_bootsel magic before partition table not reliable with small ipl fragments +#>444 uleshort 0xb5e1 +>0004 uleshort x +# ERRorTeXT +>>181 search/166 Error\ \0\r\n NetBSD mbr +# NT Drive Serial Number http://thestarman.pcministry.com/asm/mbr/Win2kmbr.htm#DS +>>>0x1B8 ubelong >0 \b,Serial 0x%-.8x +# BOOTSEL definitions contains assembler instructions: int 0x13;pop dx;push dx;push dx +>>>0xbb search/71 \xcd\x13\x5a\x52\x52 \b,bootselector +# BOOT_EXTENDED definitions contains assembler instructions: +# xchg ecx,edx;addl ecx,edx;movw lba_info,si;movb 0x42,ah;pop dx;push dx;int 0x13 +>>>0x96 search/1 \x66\x87\xca\x66\x01\xca\x66\x89\x16\x3a\x07\xbe\x32\x07\xb4\x42\x5a\x52\xcd\x13 \b,boot extended +# COM_PORT_VAL definitions contains assembler instructions: outb al,dx;add 5,dl;inb %dx;test 0x40,al +>>>0x130 search/55 \xee\x80\xc2\x05\xec\xa8\x40 \b,serial IO +# not TERSE_ERROR +>>>196 search/106 No\ active\ partition\0 +>>>>&0 string Disk\ read\ error\0 +>>>>>&0 string No\ operating\ system\0 \b,verbose +# not NO_CHS definitions contains assembler instructions: pop dx;push dx;movb $8,ah;int0x13 +>>>0x7d search/7 \x5a\x52\xb4\x08\xcd\x13 \b,CHS +# not NO_LBA_CHECK definitions contains assembler instructions: movw 0x55aa,bx;movb 0x41,ah;pop dx;push dx;int 0x13 +>>>0xa4 search/84 \xbb\xaa\x55\xb4\x41\x5a\x52\xcd\x13 \b,LBA-check +# assembler instructions: movw nametab,bx +>>>0x26 search/21 \xBB\x94\x07 +# not NO_BANNER definitions contains assembler instructions: mov banner,si;call message_crlf +>>>>&-9 ubequad&0xBE00f0E800febb94 0xBE0000E80000bb94 +>>>>>181 search/166 Error\ \0 +# "a: disk" , "Fn: diskn" or "NetBSD MBR boot" +>>>>>>&3 string x \b,"%s" +# Andrea Mazzoleni AdvanceCD mbr loader of http://advancemame.sourceforge.net/boot-readme.html +# added by Joerg Jenderek at Nov 2012 for versions 1.3 - 1.4 +# assembler instructions: jmp short 0x58;nop;ASCII +0 ubequad&0xeb58908000000000 0xeb58900000000000 +# assembler instructions: cli;xor ax,ax;mov ds,ax;mov es,ax;mov ss, +>(1.b+2) ubequad 0xfa31c08ed88ec08e +# Error messages at end of code +>>376 string No\ operating\ system\r\n\0 +>>>398 string Disk\ error\r\n\0FDD\0HDD\0 +>>>>419 string \ EBIOS\r\n\0 AdvanceMAME mbr + +# Neil Turton mbr loader variant of http://www.chiark.greenend.org.uk/~neilt/mbr/ +# added by Joerg Jenderek at Mar 2011 for versions 1.0.0 - 1.1.11 +# for 1st version assembler instructions: cld;xor ax,ax;mov DS,ax;MOV ES,AX;mov SI, +# or cld;xor ax,ax;mov SS,ax;XOR SP,SP;mov DS, +0 ulequad&0xcE1b40D48EC031FC 0x8E0000D08EC031FC +# pointer to the data starting with Neil Turton signature string +>(0x1BC.s) string NDTmbr +>>&-14 string 1234F\0 Turton mbr ( +# parameters also viewed by install-mbr --list +>>>(0x1BC.s+7) ubyte x \b%u<= +>>>(0x1BC.s+9) ubyte x \bVersion<=%u +#>>>(0x1BC.s+8) ubyte x asm_flag_%x +>>>(0x1BC.s+8) ubyte&1 1 \b,Y2K-Fix +# variant used by testdisk of http://www.cgsecurity.org/wiki/Menu_MBRCode +>>>(0x1BC.s+8) ubyte&2 2 \b,TestDisk +#0x1~1,..,0x8~4,0x10~F,0x80~A enabled +#>>>(0x1BC.s+10) ubyte x \b,flags 0x%x +#0x0~1,0x1~2,...,0x3~4,0x4~F,0x7~D default boot +#>>>(0x1BC.s+11) ubyte x \b,cfg_def 0x%x +# for older versions +>>>(0x1BC.s+9) ubyte <2 +#>>>>(0x1BC.s+12) ubyte 18 \b,%u/18 seconds +>>>>(0x1BC.s+12) ubyte !18 \b,%u/18 seconds +# floppy A: or B: +>>>>(0x1BC.s+13) ubyte <2 \b,floppy 0x%x +>>>>(0x1BC.s+13) ubyte >1 +# 1st hard disc +#>>>>>(0x1BC.s+13) ubyte 0x80 \b,drive 0x%x +# not 1st hard disc +>>>>>(0x1BC.s+13) ubyte !0x80 \b,drive 0x%x +# for version >= 2 maximal timeout can be 65534 +>>>(0x1BC.s+9) ubyte >1 +#>>>>(0x1BC.s+12) uleshort 18 \b,%u/18 seconds +>>>>(0x1BC.s+12) uleshort !18 \b,%u/18 seconds +# floppy A: or B: +>>>>(0x1BC.s+14) ubyte <2 \b,floppy 0x%x +>>>>(0x1BC.s+14) ubyte >1 +# 1st hard disc +#>>>>>(0x1BC.s+14) ubyte 0x80 \b,drive 0x%x +# not 1st hard disc +>>>>>(0x1BC.s+14) ubyte !0x80 \b,drive 0x%x +>>>0 ubyte x \b) # added by Joerg Jenderek # In the second sector (+0x200) are variables according to grub-0.97/stage2/asm.S or @@ -995,6 +1407,178 @@ >>>>>0x217 ulong !0xffffffff >>>>>>0x217 string >\0 \b, configuration file %-s +# DOS x86 sector updated and separated from "DOS/MBR boot sector" by Joerg Jenderek at May 2011 +# JuMP short bootcodeoffset NOP assembler instructions will usually be EB xx 90 +# over BIOS parameter block (BPB) +# http://thestarman.pcministry.com/asm/2bytejumps.htm#FWD +# older drives may use Near JuMP instruction E9 xx xx +# minimal short forward jump found 0x29 for bootloaders or 0x0 +# maximal short forward jump is 0x7f +# OEM-ID is empty or contain readable bytes +0 ulelong&0x804000E9 0x000000E9 +# mtools-3.9.8/msdos.h +# usual values are marked with comments to get only informations of strange FAT systems +# valid sectorsize must be a power of 2 from 32 to 32768 +>11 uleshort&0xf001f 0 +>>11 uleshort <32769 +>>>11 uleshort >31 +>>>>21 ubyte&0xf0 0xF0 +>>>>>0 ubyte 0xEB +>>>>>>1 ubyte x \b, code offset 0x%x+2 +>>>>>0 ubyte 0xE9 +>>>>>>1 uleshort x \b, code offset 0x%x+2 +>>>>>3 string >\0 \b, OEM-ID "%-.8s" +#http://mirror.href.com/thestarman/asm/debug/debug2.htm#IHC +>>>>>>8 string IHC \b cached by Windows 9M +>>>>>11 uleshort >512 \b, Bytes/sector %u +#>>>>>11 uleshort =512 \b, Bytes/sector %u=512 (usual) +>>>>>11 uleshort <512 \b, Bytes/sector %u +>>>>>13 ubyte >1 \b, sectors/cluster %u +#>>>>>13 ubyte =1 \b, sectors/cluster %u (usual on Floppies) +>>>>>82 string FAT32 +>>>>>>14 uleshort !32 \b, reserved sectors %u +#>>>>>>14 uleshort =32 \b, reserved sectors %u (usual Fat32) +>>>>>82 string !FAT32 +>>>>>>14 uleshort >1 \b, reserved sectors %u +#>>>>>>14 uleshort =1 \b, reserved sectors %u (usual FAT12,FAT16) +#>>>>>>14 uleshort 0 \b, reserved sectors %u (usual NTFS) +>>>>>16 ubyte >2 \b, FATs %u +#>>>>>16 ubyte =2 \b, FATs %u (usual) +>>>>>16 ubyte =1 \b, FAT %u +>>>>>16 ubyte >0 +>>>>>17 uleshort >0 \b, root entries %u +#>>>>>17 uleshort =0 \b, root entries %u=0 (usual Fat32) +>>>>>19 uleshort >0 \b, sectors %u (volumes <=32 MB) +#>>>>>19 uleshort =0 \b, sectors %u=0 (usual Fat32) +>>>>>21 ubyte >0xF0 \b, Media descriptor 0x%x +#>>>>>21 ubyte =0xF0 \b, Media descriptor 0x%x (usual floppy) +>>>>>21 ubyte <0xF0 \b, Media descriptor 0x%x +>>>>>22 uleshort >0 \b, sectors/FAT %u +#>>>>>22 uleshort =0 \b, sectors/FAT %u=0 (usual Fat32) +>>>>>24 uleshort x \b, sectors/track %u +>>>>>26 ubyte >2 \b, heads %u +#>>>>>26 ubyte =2 \b, heads %u (usual floppy) +>>>>>26 ubyte =1 \b, heads %u +# valid only for sector sizes with more then 32 Bytes +>>>>>11 uleshort >32 +# skip for Digital Research DOS (version 3.41) 1440 kB Bootdisk +>>>>>>38 ubyte !0x70 +>>>>>>>28 ulelong >0 \b, hidden sectors %u +#>>>>>>>28 ulelong =0 \b, hidden sectors %u (usual floppy) +>>>>>>>32 ulelong >0 \b, sectors %u (volumes > 32 MB) +#>>>>>>>32 ulelong =0 \b, sectors %u (volumes > 32 MB) +# FAT<32 bit specific +>>>>>>>82 string !FAT32 +#>>>>>>>>36 ubyte 0x80 \b, physical drive 0x%x=0x80 (usual harddisk) +#>>>>>>>>36 ubyte 0 \b, physical drive 0x%x=0 (usual floppy) +>>>>>>>>36 ubyte !0x80 +>>>>>>>>>36 ubyte !0 \b, physical drive 0x%x +>>>>>>>>37 ubyte >0 \b, reserved 0x%x +#>>>>>>>>37 ubyte =0 \b, reserved 0x%x +# value is 0x80 for NTFS +>>>>>>>>38 ubyte !0x29 \b, dos < 4.0 BootSector (0x%x) +>>>>>>>>38 ubyte =0x29 +>>>>>>>>>39 ulelong x \b, serial number 0x%x +>>>>>>>>>43 string >>>>>>>>43 string >NO\ NAME \b, label: "%11.11s" +>>>>>>>>>43 string =NO\ NAME \b, unlabeled +# there exist some old floppies without word FAT at offset 54 +# a word like "FATnm " is only a hint for a FAT size on nm-bits +# Normally the number of clusters is calculated by the values of BPP. +# if it is small enough FAT is 12 bit, if it is too big enough FAT is 32 bit, +# otherwise FAT is 16 bit. +# http://homepage.ntlworld.com/jonathan.deboynepollard/FGA/determining-fat-widths.html +>>>>>>54 string FAT \b, FAT +>>>>>>>54 string FAT12 \b (12 bit) +>>>>>>>54 string FAT16 \b (16 bit) +# FAT32 bit specific +>>>>>82 string FAT32 \b, FAT (32 bit) +>>>>>>36 ulelong x \b, sectors/FAT %u +# http://technet.microsoft.com/en-us/library/cc977221.aspx +>>>>>>40 uleshort >0 \b, extension flags 0x%x +#>>>>>>40 uleshort =0 \b, extension flags %u +>>>>>>42 uleshort >0 \b, fsVersion %u +#>>>>>>42 uleshort =0 \b, fsVersion %u (usual) +>>>>>>44 ulelong >2 \b, rootdir cluster %u +#>>>>>>44 ulelong =2 \b, rootdir cluster %u +#>>>>>>44 ulelong =1 \b, rootdir cluster %u +>>>>>>48 uleshort >1 \b, infoSector %u +#>>>>>>48 uleshort =1 \b, infoSector %u (usual) +>>>>>>48 uleshort <1 \b, infoSector %u +>>>>>>50 uleshort >6 \b, Backup boot sector %u +#>>>>>>50 uleshort =6 \b, Backup boot sector %u (usual) +>>>>>>50 uleshort <6 \b, Backup boot sector %u +# corrected by Joerg Jenderek at Feb 2011 according to http://thestarman.pcministry.com/asm/mbr/MSWIN41.htm#FSINFO +>>>>>>52 ulelong >0 \b, reserved1 0x%x +>>>>>>56 ulelong >0 \b, reserved2 0x%x +>>>>>>60 ulelong >0 \b, reserved3 0x%x +# same structure as FAT1X +#>>>>>>64 ubyte =0x80 \b, physical drive 0x%x=80 (usual harddisk) +#>>>>>>64 ubyte =0 \b, physical drive 0x%x=0 (usual floppy) +>>>>>>64 ubyte !0x80 +>>>>>>>64 ubyte >0 \b, physical drive 0x%x +# in Windows NT bit 0 is a dirty flag to request chkdsk at boot time. bit 1 requests surface scan too +>>>>>>65 ubyte >0 \b, reserved 0x%x +>>>>>>66 ubyte !0x29 \b, dos < 4.0 BootSector (0x%x) +>>>>>>66 ubyte =0x29 +>>>>>>>67 ulelong x \b, serial number 0x%x +>>>>>>>71 string >>>>>>71 string >NO\ NAME \b, label: "%11.11s" +>>>>>>>71 string =NO\ NAME \b, unlabeled +# additional tests for floppy image added by Joerg Jenderek +# no fixed disk +>>>>>21 ubyte !0xF8 +# floppy media with 12 bit FAT +>>>>>>54 string !FAT16 +# test for FAT after bootsector +>>>>>>>(11.s) ulelong&0x00ffffF0 0x00ffffF0 \b, followed by FAT +# floppy image +!:mime application/x-ima +# NTFS specific added by Joerg Jenderek at Mar 2011 according to http://thestarman.pcministry.com/asm/mbr/NTFSBR.htm +# and http://homepage.ntlworld.com/jonathan.deboynepollard/FGA/bios-parameter-block.html +# 0 FATs +>>>>>16 ubyte =0 +# 0 root entries +>>>>>>17 uleshort =0 +# 0 DOS sectors +>>>>>>>19 uleshort =0 +# 0 sectors/FAT +# dos < 4.0 BootSector value found is 0x80 +#38 ubyte =0x80 \b, dos < 4.0 BootSector (0x%x) +>>>>>>>>22 uleshort =0 \b; NTFS +>>>>>>>>>24 uleshort >0 \b, sectors/track %u +>>>>>>>>>36 ulelong !0x800080 \b, physical drive 0x%x +>>>>>>>>>40 ulequad >0 \b, sectors %lld +>>>>>>>>>48 ulequad >0 \b, $MFT start cluster %lld +>>>>>>>>>56 ulequad >0 \b, $MFTMirror start cluster %lld +# Values 0 to 127 represent MFT record sizes of 0 to 127 clusters. +# Values 128 to 255 represent MFT record sizes of 2^(256-N) bytes. +>>>>>>>>>64 lelong <256 +>>>>>>>>>>64 lelong <128 \b, clusters/RecordSegment %d +>>>>>>>>>>64 ubyte >127 \b, bytes/RecordSegment 2^(-1*%hhi) +# Values 0 to 127 represent index block sizes of 0 to 127 clusters. +# Values 128 to 255 represent index block sizes of 2^(256-N) byte +>>>>>>>>>68 ulelong <256 +>>>>>>>>>>68 ulelong <128 \b, clusters/index block %d +#>>>>>>>>>>68 ulelong >127 \b, bytes/index block 2^(256-%d) +>>>>>>>>>>68 ubyte >127 \b, bytes/index block 2^(-1*%hhi) +>>>>>>>>>72 ulequad x \b, serial number 0%llx +>>>>>>>>>80 ulelong >0 \b, checksum 0x%x +#>>>>>>>>>80 ulelong =0 \b, checksum 0x%x=0 (usual) +>>>>>>>>>0x258 ulelong&0x00009090 =0x00009090 +>>>>>>>>>>&-92 indirect x \b; contains +# For 2nd NTFS sector added by Joerg Jenderek at Jan 2013 +# http://thestarman.pcministry.com/asm/mbr/NTFSbrHexEd.htm +# unused assembler instructions JMP y2;NOP;NOP +0x056 ulelong&0xFFFF0FFF 0x909002EB +# unicode loadername terminated by CTRL-D +>(0.s*2) ulelong&0xFFFFFF00 0x00040000 +# loadernames are NTLDR,CMLDR,PELDR,$LDR$ or BOOTMGR +>>0x002 lestring16 x Microsoft Windows XP/VISTA bootloader %-5.5s +>>0x12 string $ +>>>0x0c lestring16 x \b%-2.2s +### DOS,NTFS boot sectors end + 9564 lelong 0x00011954 Unix Fast File system [v1] (little-endian), >8404 string x last mounted on %s, #>9504 ledate x last checked at %s, @@ -1157,6 +1741,51 @@ #>0x464 lelong &0x0000020 (many subdirs) #>0x463 lelong &0x0000040 (extra isize) +# Minix filesystems - Juan Cespedes +0x410 leshort 0x137f +!:strength / 2 +>0x402 beshort < 100 +>0x402 beshort > -1 Minix filesystem, V1, %d zones +>0x1e string minix \b, bootable +0x410 beshort 0x137f +!:strength / 2 +>0x402 beshort < 100 +>0x402 beshort > -1 Minix filesystem, V1 (big endian), %d zones +>0x1e string minix \b, bootable +0x410 leshort 0x138f +!:strength / 2 +>0x402 beshort < 100 +>0x402 beshort > -1 Minix filesystem, V1, 30 char names, %d zones +>0x1e string minix \b, bootable +0x410 beshort 0x138f +!:strength / 2 +>0x402 beshort < 100 +>0x402 beshort > -1 Minix filesystem, V1, 30 char names (big endian), %d zones +>0x1e string minix \b, bootable +0x410 leshort 0x2468 +>0x402 beshort < 100 +>>0x402 beshort > -1 Minix filesystem, V2, %d zones +>0x1e string minix \b, bootable +0x410 beshort 0x2468 +>0x402 beshort < 100 +>0x402 beshort > -1 Minix filesystem, V2 (big endian), %d zones +>0x1e string minix \b, bootable + +0x410 leshort 0x2478 +>0x402 beshort < 100 +>0x402 beshort > -1 Minix filesystem, V2, 30 char names, %d zones +>0x1e string minix \b, bootable +0x410 leshort 0x2478 +>0x402 beshort < 100 +>0x402 beshort > -1 Minix filesystem, V2, 30 char names, %d zones +>0x1e string minix \b, bootable +0x410 beshort 0x2478 +>0x402 beshort !0 Minix filesystem, V2, 30 char names (big endian), %d zones +>0x1e string minix \b, bootable +0x410 leshort 0x4d5a +>0x402 beshort !0 Minix filesystem, V3, %d zones +>0x1e string minix \b, bootable + # SGI disk labels - Nathan Scott 0 belong 0x0BE5A941 SGI disk label (volume header) @@ -1170,25 +1799,33 @@ ############################################################################ # Minix-ST kernel floppy 0x800 belong 0x46fc2700 Atari-ST Minix kernel image ->19 string \240\5\371\5\0\011\0\2\0 \b, 720k floppy ->19 string \320\2\370\5\0\011\0\1\0 \b, 360k floppy +# http://en.wikipedia.org/wiki/BIOS_parameter_block +# floppies with valid BPB and any instruction at beginning +>19 string \240\005\371\005\0\011\0\2\0 \b, 720k floppy +>19 string \320\002\370\005\0\011\0\1\0 \b, 360k floppy ############################################################################ # Hmmm, is this a better way of detecting _standard_ floppy images ? -19 string \320\2\360\3\0\011\0\1\0 DOS floppy 360k ->0x1FE leshort 0xAA55 \b, x86 hard disk boot sector -19 string \240\5\371\3\0\011\0\2\0 DOS floppy 720k ->0x1FE leshort 0xAA55 \b, x86 hard disk boot sector +19 string \320\002\360\003\0\011\0\1\0 DOS floppy 360k +>0x1FE leshort 0xAA55 \b, DOS/MBR hard disk boot sector +19 string \240\005\371\003\0\011\0\2\0 DOS floppy 720k +>0x1FE leshort 0xAA55 \b, DOS/MBR hard disk boot sector 19 string \100\013\360\011\0\022\0\2\0 DOS floppy 1440k ->0x1FE leshort 0xAA55 \b, x86 hard disk boot sector +>0x1FE leshort 0xAA55 \b, DOS/MBR hard disk boot sector -19 string \240\5\371\5\0\011\0\2\0 DOS floppy 720k, IBM ->0x1FE leshort 0xAA55 \b, x86 hard disk boot sector -19 string \100\013\371\5\0\011\0\2\0 DOS floppy 1440k, mkdosfs ->0x1FE leshort 0xAA55 \b, x86 hard disk boot sector +19 string \240\005\371\005\0\011\0\2\0 DOS floppy 720k, IBM +>0x1FE leshort 0xAA55 \b, DOS/MBR hard disk boot sector +19 string \100\013\371\005\0\011\0\2\0 DOS floppy 1440k, mkdosfs +>0x1FE leshort 0xAA55 \b, DOS/MBR hard disk boot sector -19 string \320\2\370\5\0\011\0\1\0 Atari-ST floppy 360k -19 string \240\5\371\5\0\011\0\2\0 Atari-ST floppy 720k +19 string \320\002\370\005\0\011\0\1\0 Atari-ST floppy 360k +19 string \240\005\371\005\0\011\0\2\0 Atari-ST floppy 720k +# | | | | | +# | | | | heads +# | | | sectors/track +# | | sectors/FAT +# | media descriptor +# BPB: sectors # Valid media descriptor bytes for MS-DOS: # @@ -1226,11 +1863,85 @@ # 10 SS, 8 SPT # 11 DS, 8 SPT # -# 11111001 Double density 3½ floppy disk, high density 5¼ -# 11110000 High density 3½ floppy disk +# 11111001 Double density 3 1/2 floppy disk, high density 5 1/4 +# 11110000 High density 3 1/2 floppy disk # 11111000 Hard disk any format # +# all FAT12 (strength=70) floppies with sectorsize 512 added by Joerg Jenderek at Jun 2013 +# http://en.wikipedia.org/wiki/File_Allocation_Table#Exceptions +# Too Weak. +#512 ubelong&0xE0ffff00 0xE0ffff00 +# without valid Media descriptor in place of BPB, cases with are done at other places +#>21 ubyte <0xE5 floppy with old FAT filesystem +# but valid Media descriptor at begin of FAT +#>>512 ubyte =0xed 720k +#>>512 ubyte =0xf0 1440k +#>>512 ubyte =0xf8 720k +#>>512 ubyte =0xf9 1220k +#>>512 ubyte =0xfa 320k +#>>512 ubyte =0xfb 640k +#>>512 ubyte =0xfc 180k +# look like an an old DOS directory entry +#>>>0xA0E ubequad 0 +#>>>>0xA00 ubequad !0 +#!:mime application/x-ima +#>>512 ubyte =0xfd +# look for 2nd FAT at different location to distinguish between 360k and 500k +#>>>0x600 ubelong&0xE0ffff00 0xE0ffff00 360k +#>>>0x500 ubelong&0xE0ffff00 0xE0ffff00 500k +#>>>0xA0E ubequad 0 +#!:mime application/x-ima +#>>512 ubyte =0xfe +#>>>0x400 ubelong&0xE0ffff00 0xE0ffff00 160k +#>>>>0x60E ubequad 0 +#>>>>>0x600 ubequad !0 +#!:mime application/x-ima +#>>>0xC00 ubelong&0xE0ffff00 0xE0ffff00 1200k +#>>512 ubyte =0xff 320k +#>>>0x60E ubequad 0 +#>>>>0x600 ubequad !0 +#!:mime application/x-ima +#>>512 ubyte x \b, Media descriptor 0x%x +# without x86 jump instruction +#>>0 ulelong&0x804000E9 !0x000000E9 +# assembler instructions: CLI;MOV SP,1E7;MOV AX;07c0;MOV +#>>>0 ubequad 0xfabce701b8c0078e \b, MS-DOS 1.12 bootloader +# IOSYS.COM+MSDOS.COM +#>>>>0xc4 use 2xDOS-filename +#>>0 ulelong&0x804000E9 =0x000000E9 +# only x86 short jump instruction found +#>>>0 ubyte =0xEB +#>>>>1 ubyte x \b, code offset 0x%x+2 +# http://thestarman.pcministry.com/DOS/ibm100/Boot.htm +# assembler instructions: CLI;MOV AX,CS;MOV DS,AX;MOV DX,0 +#>>>>(1.b+2) ubequad 0xfa8cc88ed8ba0000 \b, PC-DOS 1.0 bootloader +# ibmbio.com+ibmdos.com +#>>>>>0x176 use DOS-filename +#>>>>>0x181 ubyte x \b+ +#>>>>>0x182 use DOS-filename +# http://thestarman.pcministry.com/DOS/ibm110/Boot.htm +# assembler instructions: CLI;MOV AX,CS;MOV DS,AX;XOR DX,DX;MOV +#>>>>(1.b+2) ubequad 0xfa8cc88ed833d28e \b, PC-DOS 1.1 bootloader +# ibmbio.com+ibmdos.com +#>>>>>0x18b use DOS-filename +#>>>>>0x196 ubyte x \b+ +#>>>>>0x197 use DOS-filename +# http://en.wikipedia.org/wiki/Zenith_Data_Systems +# assembler instructions: MOV BX,07c0;MOV SS,BX;MOV SP,01c6 +#>>>>(1.b+2) ubequad 0xbbc0078ed3bcc601 \b, Zenith Data Systems MS-DOS 1.25 bootloader +# IO.SYS+MSDOS.SYS +#>>>>>0x20 use 2xDOS-filename +# http://en.wikipedia.org/wiki/Corona_Data_Systems +# assembler instructions: MOV AX,CS;MOV DS,AX;CLI;MOV SS,AX; +#>>>>(1.b+2) ubequad 0x8cc88ed8fa8ed0bc \b, MS-DOS 1.25 bootloader +# IO.SYS+MSDOS.SYS +#>>>>>0x69 use 2xDOS-filename +# assembler instructions: CLI;PUSH CS;POP SS;MOV SP,7c00; +#>>>>(1.b+2) ubequad 0xfa0e17bc007cb860 \b, MS-DOS 2.11 bootloader +# defect IO.SYS+MSDOS.SYS ? +#>>>>>0x162 use 2xDOS-filename + # CDROM Filesystems # Modified for UDF by gerardo.cacciari@gmail.com 32769 string CD001 # @@ -1243,11 +1954,11 @@ >>38917 byte >0x33 (unknown version, ID 0x%X) >>38917 byte <0x31 (unknown version, ID 0x%X) # "application id" which appears to be used as a volume label ->32808 string >\0 '%s' +>32808 string/T >\0 '%s' >34816 string \000CD001\001EL\ TORITO\ SPECIFICATION (bootable) 37633 string CD001 ISO 9660 CD-ROM filesystem data (raw 2352 byte sectors) !:mime application/x-iso9660-image -32776 string CDROM High Sierra CD-ROM filesystem data +32777 string CDROM High Sierra CD-ROM filesystem data # .cso files 0 string CISO Compressed ISO CD image @@ -1414,8 +2125,6 @@ >28 leshort >3 >>8 ledate x created: %s -0 string td\000 floppy image data (TeleDisk) - # AFS Dump Magic # From: Ty Sarna 0 string \x01\xb3\xa1\x13\x22 AFS Dump @@ -1569,3 +2278,64 @@ >>&8 lelong x \b, blocksize %d >>&32 lelong&0x00000006 >0 (dirty) >>&36 lelong >0 (compressed) + +# LFS +0 lelong 0x070162 LFS filesystem image +>4 lelong 1 version 1, +>>8 lelong x \b blocks %u, +>>12 lelong x \b blocks per segment %u, +>4 lelong 2 version 2, +>>8 lelong x \b fragments %u, +>>12 lelong x \b bytes per segment %u, +>16 lelong x \b disk blocks %u, +>20 lelong x \b block size %u, +>24 lelong x \b fragment size %u, +>28 lelong x \b fragments per block %u, +>32 lelong x \b start for free list %u, +>36 lelong x \b number of free blocks %d, +>40 lelong x \b number of files %u, +>44 lelong x \b blocks available for writing %d, +>48 lelong x \b inodes in cache %d, +>52 lelong x \b inode file disk address 0x%x, +>56 lelong x \b inode file inode number %u, +>60 lelong x \b address of last segment written 0x%x, +>64 lelong x \b address of next segment to write 0x%x, +>68 lelong x \b address of current segment written 0x%x + +0 string td\000 floppy image data (TeleDisk, compressed) +0 string TD\000 floppy image data (TeleDisk) + +0 string CQ\024 floppy image data (CopyQM, +>16 leshort x %d sectors, +>18 leshort x %d heads.) + +0 string ACT\020Apricot\020disk\020image\032\004 floppy image data (ApriDisk) + +0 beshort 0xAA58 floppy image data (IBM SaveDskF, old) +0 beshort 0xAA59 floppy image data (IBM SaveDskF) +0 beshort 0xAA5A floppy image data (IBM SaveDskF, compressed) + +0 string \074CPM_Disk\076 disk image data (YAZE) + +# ReFS +# Richard W.M. Jones +0 string \0\0\0ReFS\0 ReFS filesystem image + +# EFW encase image file format: +# Gregoire Passault +# http://www.forensicswiki.org/wiki/Encase_image_file_format +0 string EVF\x09\x0d\x0a\xff\x00 EWF/Expert Witness/EnCase image file format + +# UBIfs +# Linux kernel sources: fs/ubifs/ubifs-media.h +0 belong 0x31181006 +>0x16 short 0 UBIfs image +>0x08 lequad x \b, sequence number %llu +>0x10 leshort x \b, length %u +>0x04 lelong x \b, CRC 0x%08x + +0 belong 0x55424923 +>0x04 short <2 +>0x05 string \0\0\0 +>0x1c string \0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0 +>0x04 short x UBI image, version %u diff --git a/contrib/file/magic/Magdir/flash b/contrib/file/magic/Magdir/flash index dea35aed0b..fa22562c5d 100644 --- a/contrib/file/magic/Magdir/flash +++ b/contrib/file/magic/Magdir/flash @@ -1,11 +1,13 @@ #------------------------------------------------------------------------------ -# $File: flash,v 1.9 2009/11/08 01:30:01 christos Exp $ +# $File: flash,v 1.10 2014/03/06 16:07:24 christos Exp $ # flash: file(1) magic for Macromedia Flash file format # # See # # http://www.macromedia.com/software/flash/open/ +# http://wwwimages.adobe.com/www.adobe.com/content/dam/Adobe/\ +# en/devnet/swf/pdf/swf-file-format-spec.pdf page 27 # 0 string FWS Macromedia Flash data, >3 byte x version %d @@ -13,6 +15,9 @@ 0 string CWS Macromedia Flash data (compressed), !:mime application/x-shockwave-flash >3 byte x version %d +0 string ZWS Macromedia Flash data (lzma compressed), +!:mime application/x-shockwave-flash +>3 byte x version %d # From: Cal Peake 0 string FLV Macromedia Flash Video !:mime video/x-flv diff --git a/contrib/file/magic/Magdir/fonts b/contrib/file/magic/Magdir/fonts index 917d372e6e..a702a175a8 100644 --- a/contrib/file/magic/Magdir/fonts +++ b/contrib/file/magic/Magdir/fonts @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: fonts,v 1.23 2010/09/20 18:55:20 rrt Exp $ +# $File: fonts,v 1.26 2013/03/09 22:36:00 christos Exp $ # fonts: file(1) magic for font data # 0 search/1 FONT ASCII vfont text @@ -16,8 +16,15 @@ 0 string %!PS-Adobe-3.0\ Resource-Font PostScript Type 1 font text # X11 font files in SNF (Server Natural Format) format +# updated by Joerg Jenderek at Feb 2013 +# http://computer-programming-forum.com/51-perl/8f22fb96d2e34bab.htm 0 belong 00000004 X11 SNF font data, MSB first -0 lelong 00000004 X11 SNF font data, LSB first +#>104 belong 00000004 X11 SNF font data, MSB first +!:mime application/x-font-sfn +# GRR: line below too general as it catches also Xbase index file t3-CHAR.NDX +0 lelong 00000004 +>104 lelong 00000004 X11 SNF font data, LSB first +!:mime application/x-font-sfn # X11 Bitmap Distribution Format, from Daniel Quinlan (quinlan@yggdrasil.com) 0 search/1 STARTFONT\ X11 BDF font text @@ -75,7 +82,7 @@ 0 string OTTO OpenType font data !:mime application/vnd.ms-opentype -# Gürkan Sengün , www.linuks.mine.nu +# Gurkan Sengun , www.linuks.mine.nu 0 string SplineFontDB: Spline Font Database !:mime application/vnd.font-fontforge-sfd >14 string x version %s @@ -83,3 +90,11 @@ # EOT 34 string LP Embedded OpenType (EOT) !:mime application/vnd.ms-fontobject + +# Web Open Font Format (.woff) +# http://www.w3.org/TR/WOFF/ +0 string wOFF Web Open Font Format +>4 belong x \b, flavor %d +>8 belong x \b, length %d +>20 beshort x \b, version %hd +>22 beshort x \b.%hd diff --git a/contrib/file/magic/Magdir/fortran b/contrib/file/magic/Magdir/fortran index e2ef0cdb75..0604c25930 100644 --- a/contrib/file/magic/Magdir/fortran +++ b/contrib/file/magic/Magdir/fortran @@ -1,6 +1,7 @@ #------------------------------------------------------------------------------ -# $File: fortran,v 1.6 2009/09/19 16:28:09 christos Exp $ +# $File: fortran,v 1.7 2012/06/21 01:55:02 christos Exp $ # FORTRAN source 0 regex/100 \^[Cc][\ \t] FORTRAN program !:mime text/x-fortran +!:strength - 5 diff --git a/contrib/file/magic/Magdir/fsav b/contrib/file/magic/Magdir/fsav index 0a7a7f8020..ecdc4f654b 100644 --- a/contrib/file/magic/Magdir/fsav +++ b/contrib/file/magic/Magdir/fsav @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: fsav,v 1.11 2009/09/19 16:28:09 christos Exp $ +# $File: fsav,v 1.13 2013/03/25 17:18:47 christos Exp $ # fsav: file(1) magic for datafellows fsav virus definition files # Anthon van der Neut (anthon@mnt.org) @@ -61,3 +61,6 @@ # Type: Grisoft AVG AntiVirus # From: David Newgas 0 string AVG7_ANTIVIRUS_VAULT_FILE AVG 7 Antivirus vault file data + +0 string X5O!P%@AP[4\\PZX54(P^)7CC)7}$EICAR +>33 string -STANDARD-ANTIVIRUS-TEST-FILE!$H+H* EICAR virus test files diff --git a/contrib/file/magic/Magdir/geo b/contrib/file/magic/Magdir/geo index 924c71e935..9a765fed0c 100644 --- a/contrib/file/magic/Magdir/geo +++ b/contrib/file/magic/Magdir/geo @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: geo,v 1.1 2010/02/23 23:40:07 christos Exp $ +# $File: geo,v 1.3 2013/01/04 00:47:02 christos Exp $ # Geo- files from Kurt Schwehr ###################################################################### @@ -103,3 +103,15 @@ # https://midas.psi.ch/elog/ 0 string $@MID@$ elog journal entry + +# Geospatial Designs http://www.geospatialdesigns.com/surfer6_format.htm +0 string DSBB Surfer 6 binary grid file +>4 leshort x \b, %d +>6 leshort x \bx%d +>8 ledouble x \b, minx=%g +>16 ledouble x \b, maxx=%g +>24 ledouble x \b, miny=%g +>32 ledouble x \b, maxy=%g +>40 ledouble x \b, minz=%g +>48 ledouble x \b, maxz=%g + diff --git a/contrib/file/magic/Magdir/gimp b/contrib/file/magic/Magdir/gimp index a360bd8e12..ba0727f7b6 100644 --- a/contrib/file/magic/Magdir/gimp +++ b/contrib/file/magic/Magdir/gimp @@ -1,13 +1,17 @@ #------------------------------------------------------------------------------ -# $File: gimp,v 1.7 2010/09/20 18:55:20 rrt Exp $ -# GIMP Gradient: file(1) magic for the GIMP's gradient data files +# $File: gimp,v 1.8 2013/12/21 14:29:45 christos Exp $ +# GIMP Gradient: file(1) magic for the GIMP's gradient data files (.ggr) # by Federico Mena -0 string GIMP\ Gradient GIMP gradient data +0 string/t GIMP\ Gradient GIMP gradient data + +# GIMP palette (.gpl) +# From: Markus Heidelberg +0 string/t GIMP\ Palette GIMP palette data #------------------------------------------------------------------------------ -# XCF: file(1) magic for the XCF image format used in the GIMP developed +# XCF: file(1) magic for the XCF image format used in the GIMP (.xcf) developed # by Spencer Kimball and Peter Mattis # ('Bucky' LaDieu, nega@vt.edu) @@ -24,7 +28,7 @@ >22 belong >2 Unknown Image Type. #------------------------------------------------------------------------------ -# XCF: file(1) magic for the patterns used in the GIMP, developed +# XCF: file(1) magic for the patterns used in the GIMP (.pat), developed # by Spencer Kimball and Peter Mattis # ('Bucky' LaDieu, nega@vt.edu) @@ -32,7 +36,7 @@ >24 string x %s #------------------------------------------------------------------------------ -# XCF: file(1) magic for the brushes used in the GIMP, developed +# XCF: file(1) magic for the brushes used in the GIMP (.gbr), developed # by Spencer Kimball and Peter Mattis # ('Bucky' LaDieu, nega@vt.edu) diff --git a/contrib/file/magic/Magdir/gnome b/contrib/file/magic/Magdir/gnome new file mode 100644 index 0000000000..14d5aeb32d --- /dev/null +++ b/contrib/file/magic/Magdir/gnome @@ -0,0 +1,59 @@ + +#------------------------------------------------------------------------------ +# $File: gnome,v 1.3 2013/02/05 15:20:47 christos Exp $ +# GNOME related files + +# Contributed by Josh Triplett +# FIXME: Could be simplified if pstring supported two-byte counts +0 string GnomeKeyring\n\r\0\n GNOME keyring +>&0 ubyte 0 \b, major version 0 +>>&0 ubyte 0 \b, minor version 0 +>>>&0 ubyte 0 \b, crypto type 0 (AES) +>>>&0 ubyte >0 \b, crypto type %hhu (unknown) +>>>&1 ubyte 0 \b, hash type 0 (MD5) +>>>&1 ubyte >0 \b, hash type %hhu (unknown) +>>>&2 ubelong 0xFFFFFFFF \b, name NULL +>>>&2 ubelong !0xFFFFFFFF +>>>>&-4 ubelong >255 \b, name too long for file's pstring type +>>>>&-4 ubelong <256 +>>>>>&-1 pstring x \b, name "%s" +>>>>>>&0 ubeqdate x \b, last modified %s +>>>>>>&8 ubeqdate x \b, created %s +>>>>>>&16 ubelong &1 +>>>>>>>&0 ubelong x \b, locked if idle for %u seconds +>>>>>>&16 ubelong ^1 \b, not locked if idle +>>>>>>&24 ubelong x \b, hash iterations %u +>>>>>>&28 ubequad x \b, salt %llu +>>>>>>&52 ubelong x \b, %u item(s) + +# From: Alex Beregszaszi +4 string gtktalog GNOME Catalogue (gtktalog) +>13 string >\0 version %s + +# Summary: GStreamer binary registry +# Extension: .bin +# Submitted by: Josh Triplett +0 belong 0xc0def00d GStreamer binary registry +>4 string x \b, version %s + +# GVariant Database file +# By Elan Ruusamae +# https://github.com/GNOME/gvdb/blob/master/gvdb-format.h +# It's always "GVariant", it's byte swapped on incompatible archs +# See https://github.com/GNOME/gvdb/blob/master/gvdb-builder.c +# file_builder_serialise() +# http://developer.gnome.org/glib/2.34/glib-GVariant.html#GVariant +0 string GVariant GVariant Database file, +# version is never filled. probably future extension +>8 lelong x version %d +# not sure are these usable, so commented out +#>>16 lelong x start %d, +#>>>20 lelong x end %d + +# G-IR database made by gobject-introspect toolset, +# http://live.gnome.org/GObjectIntrospection +0 string GOBJ\nMETADATA\r\n\032 G-IR binary database +>16 byte x \b, v%d +>17 byte x \b.%d +>20 leshort x \b, %d entries +>22 leshort x \b/%d local diff --git a/contrib/file/magic/Magdir/gnome-keyring b/contrib/file/magic/Magdir/gnome-keyring deleted file mode 100644 index 463688fe7d..0000000000 --- a/contrib/file/magic/Magdir/gnome-keyring +++ /dev/null @@ -1,26 +0,0 @@ - -#------------------------------------------------------------------------------ -# $File: gnome-keyring,v 1.2 2009/09/19 16:28:09 christos Exp $ -# GNOME keyring -# Contributed by Josh Triplett -# FIXME: Could be simplified if pstring supported two-byte counts -0 string GnomeKeyring\n\r\0\n GNOME keyring ->&0 ubyte 0 \b, major version 0 ->>&0 ubyte 0 \b, minor version 0 ->>>&0 ubyte 0 \b, crypto type 0 (AEL) ->>>&0 ubyte >0 \b, crypto type %hhu (unknown) ->>>&1 ubyte 0 \b, hash type 0 (MD5) ->>>&1 ubyte >0 \b, hash type %hhu (unknown) ->>>&2 ubelong 0xFFFFFFFF \b, name NULL ->>>&2 ubelong !0xFFFFFFFF ->>>>&-4 ubelong >255 \b, name too long for file's pstring type ->>>>&-4 ubelong <256 ->>>>>&-1 pstring x \b, name "%s" ->>>>>>&0 ubeqdate x \b, last modified %s ->>>>>>&8 ubeqdate x \b, created %s ->>>>>>&16 ubelong &1 ->>>>>>>&0 ubelong x \b, locked if idle for %u seconds ->>>>>>&16 ubelong ^1 \b, not locked if idle ->>>>>>&24 ubelong x \b, hash iterations %u ->>>>>>&28 ubequad x \b, salt %llu ->>>>>>&52 ubelong x \b, %u item(s) diff --git a/contrib/file/magic/Magdir/gnu b/contrib/file/magic/Magdir/gnu index 4789c0a2a6..e4a0a16aa4 100644 --- a/contrib/file/magic/Magdir/gnu +++ b/contrib/file/magic/Magdir/gnu @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: gnu,v 1.13 2012/01/03 17:16:54 christos Exp $ +# $File: gnu,v 1.15 2014/02/06 14:21:02 christos Exp $ # gnu: file(1) magic for various GNU tools # # GNU nlsutils message catalog file format @@ -37,6 +37,32 @@ 0 beshort 0x9901 GPG key public ring !:mime application/x-gnupg-keyring +# Symmetric encryption +0 leshort 0x0d8c +>4 leshort 0x0203 +>>2 leshort 0x0204 GPG symmetrically encrypted data (3DES cipher) +>>2 leshort 0x0304 GPG symmetrically encrypted data (CAST5 cipher) +>>2 leshort 0x0404 GPG symmetrically encrypted data (BLOWFISH cipher) +>>2 leshort 0x0704 GPG symmetrically encrypted data (AES cipher) +>>2 leshort 0x0804 GPG symmetrically encrypted data (AES192 cipher) +>>2 leshort 0x0904 GPG symmetrically encrypted data (AES256 cipher) +>>2 leshort 0x0a04 GPG symmetrically encrypted data (TWOFISH cipher) +>>2 leshort 0x0b04 GPG symmetrically encrypted data (CAMELLIA128 cipher) +>>2 leshort 0x0c04 GPG symmetrically encrypted data (CAMELLIA192 cipher) +>>2 leshort 0x0d04 GPG symmetrically encrypted data (CAMELLIA256 cipher) + + +# GnuPG Keybox file +# +# From: Philipp Hahn +0 belong 32 +>4 byte 1 +>>8 string KBXf GPG keybox database +>>>5 byte 1 version %d +>>>16 bedate x \b, created-at %s +>>>20 bedate x \b, last-maintained %s + + # Gnumeric spreadsheet # This entry is only semi-helpful, as Gnumeric compresses its files, so # they will ordinarily reported as "compressed", but at least -z helps diff --git a/contrib/file/magic/Magdir/gpt b/contrib/file/magic/Magdir/gpt new file mode 100644 index 0000000000..74aaaf7bfb --- /dev/null +++ b/contrib/file/magic/Magdir/gpt @@ -0,0 +1,241 @@ + +#------------------------------------------------------------------------------ +# $File: gpt,v 1.1 2013/02/18 18:31:09 christos Exp $ +# +# GPT Partition table patterns. +# Author: Rogier Goossens (goossens.rogier@gmail.com) +# Note that a GPT-formatted disk must contain an MBR as well. +# + +# The initial segment (up to >>>>>>>>422) was copied from the X86 +# partition table code (aka MBR). +# This is kept separate, so that MBR partitions are not reported as well. +# (use -k if you do want them as well) + +# First, detect the MBR partiton table +# If more than one GPT protective MBR partition exists, don't print anything +# (the other MBR detection code will then just print the MBR partition table) +0x1FE leshort 0xAA55 +>3 string !MS +>>3 string !SYSLINUX +>>>3 string !MTOOL +>>>>3 string !NEWLDR +>>>>>5 string !DOS +# not FAT (32 bit) +>>>>>>82 string !FAT32 +#not Linux kernel +>>>>>>>514 string !HdrS +#not BeOS +>>>>>>>>422 string !Be\ Boot\ Loader +# GPT with protective MBR entry in partition 1 (only) +>>>>>>>>>450 ubyte 0xee +>>>>>>>>>>466 ubyte !0xee +>>>>>>>>>>>482 ubyte !0xee +>>>>>>>>>>>>498 ubyte !0xee +#>>>>>>>>>>>>>446 use gpt-mbr-partition +>>>>>>>>>>>>>(454.l*8192) string EFI\ PART GPT partition table +>>>>>>>>>>>>>>0 use gpt-mbr-type +>>>>>>>>>>>>>>&-8 use gpt-table +>>>>>>>>>>>>>>0 ubyte x of 8192 bytes +>>>>>>>>>>>>>(454.l*8192) string !EFI\ PART +>>>>>>>>>>>>>>(454.l*4096) string EFI\ PART GPT partition table +>>>>>>>>>>>>>>>0 use gpt-mbr-type +>>>>>>>>>>>>>>>&-8 use gpt-table +>>>>>>>>>>>>>>>0 ubyte x of 4096 bytes +>>>>>>>>>>>>>>(454.l*4096) string !EFI\ PART +>>>>>>>>>>>>>>>(454.l*2048) string EFI\ PART GPT partition table +>>>>>>>>>>>>>>>>0 use gpt-mbr-type +>>>>>>>>>>>>>>>>&-8 use gpt-table +>>>>>>>>>>>>>>>>0 ubyte x of 2048 bytes +>>>>>>>>>>>>>>>(454.l*2048) string !EFI\ PART +>>>>>>>>>>>>>>>>(454.l*1024) string EFI\ PART GPT partition table +>>>>>>>>>>>>>>>>>0 use gpt-mbr-type +>>>>>>>>>>>>>>>>>&-8 use gpt-table +>>>>>>>>>>>>>>>>>0 ubyte x of 1024 bytes +>>>>>>>>>>>>>>>>(454.l*1024) string !EFI\ PART +>>>>>>>>>>>>>>>>>(454.l*512) string EFI\ PART GPT partition table +>>>>>>>>>>>>>>>>>>0 use gpt-mbr-type +>>>>>>>>>>>>>>>>>>&-8 use gpt-table +>>>>>>>>>>>>>>>>>>0 ubyte x of 512 bytes +# GPT with protective MBR entry in partition 2 (only) +>>>>>>>>>450 ubyte !0xee +>>>>>>>>>>466 ubyte 0xee +>>>>>>>>>>>482 ubyte !0xee +>>>>>>>>>>>>498 ubyte !0xee +#>>>>>>>>>>>>>462 use gpt-mbr-partition +>>>>>>>>>>>>>(470.l*8192) string EFI\ PART GPT partition table +>>>>>>>>>>>>>>0 use gpt-mbr-type +>>>>>>>>>>>>>>&-8 use gpt-table +>>>>>>>>>>>>>>0 ubyte x of 8192 bytes +>>>>>>>>>>>>>(470.l*8192) string !EFI\ PART +>>>>>>>>>>>>>>(470.l*4096) string EFI\ PART GPT partition table +>>>>>>>>>>>>>>>0 use gpt-mbr-type +>>>>>>>>>>>>>>>&-8 use gpt-table +>>>>>>>>>>>>>>>0 ubyte x of 4096 bytes +>>>>>>>>>>>>>>(470.l*4096) string !EFI\ PART +>>>>>>>>>>>>>>>(470.l*2048) string EFI\ PART GPT partition table +>>>>>>>>>>>>>>>>0 use gpt-mbr-type +>>>>>>>>>>>>>>>>&-8 use gpt-table +>>>>>>>>>>>>>>>>0 ubyte x of 2048 bytes +>>>>>>>>>>>>>>>(470.l*2048) string !EFI\ PART +>>>>>>>>>>>>>>>>(470.l*1024) string EFI\ PART GPT partition table +>>>>>>>>>>>>>>>>>0 use gpt-mbr-type +>>>>>>>>>>>>>>>>>&-8 use gpt-table +>>>>>>>>>>>>>>>>>0 ubyte x of 1024 bytes +>>>>>>>>>>>>>>>>(470.l*1024) string !EFI\ PART +>>>>>>>>>>>>>>>>>(470.l*512) string EFI\ PART GPT partition table +>>>>>>>>>>>>>>>>>>0 use gpt-mbr-type +>>>>>>>>>>>>>>>>>>&-8 use gpt-table +>>>>>>>>>>>>>>>>>>0 ubyte x of 512 bytes +# GPT with protective MBR entry in partition 3 (only) +>>>>>>>>>450 ubyte !0xee +>>>>>>>>>>466 ubyte !0xee +>>>>>>>>>>>482 ubyte 0xee +>>>>>>>>>>>>498 ubyte !0xee +#>>>>>>>>>>>>>478 use gpt-mbr-partition +>>>>>>>>>>>>>(486.l*8192) string EFI\ PART GPT partition table +>>>>>>>>>>>>>>0 use gpt-mbr-type +>>>>>>>>>>>>>>&-8 use gpt-table +>>>>>>>>>>>>>>0 ubyte x of 8192 bytes +>>>>>>>>>>>>>(486.l*8192) string !EFI\ PART +>>>>>>>>>>>>>>(486.l*4096) string EFI\ PART GPT partition table +>>>>>>>>>>>>>>>0 use gpt-mbr-type +>>>>>>>>>>>>>>>&-8 use gpt-table +>>>>>>>>>>>>>>>0 ubyte x of 4096 bytes +>>>>>>>>>>>>>>(486.l*4096) string !EFI\ PART +>>>>>>>>>>>>>>>(486.l*2048) string EFI\ PART GPT partition table +>>>>>>>>>>>>>>>>0 use gpt-mbr-type +>>>>>>>>>>>>>>>>&-8 use gpt-table +>>>>>>>>>>>>>>>>0 ubyte x of 2048 bytes +>>>>>>>>>>>>>>>(486.l*2048) string !EFI\ PART +>>>>>>>>>>>>>>>>(486.l*1024) string EFI\ PART GPT partition table +>>>>>>>>>>>>>>>>>0 use gpt-mbr-type +>>>>>>>>>>>>>>>>>&-8 use gpt-table +>>>>>>>>>>>>>>>>>0 ubyte x of 1024 bytes +>>>>>>>>>>>>>>>>(486.l*1024) string !EFI\ PART +>>>>>>>>>>>>>>>>>(486.l*512) string EFI\ PART GPT partition table +>>>>>>>>>>>>>>>>>>0 use gpt-mbr-type +>>>>>>>>>>>>>>>>>>&-8 use gpt-table +>>>>>>>>>>>>>>>>>>0 ubyte x of 512 bytes +# GPT with protective MBR entry in partition 4 (only) +>>>>>>>>>450 ubyte !0xee +>>>>>>>>>>466 ubyte !0xee +>>>>>>>>>>>482 ubyte !0xee +>>>>>>>>>>>>498 ubyte 0xee +#>>>>>>>>>>>>>494 use gpt-mbr-partition +>>>>>>>>>>>>>(502.l*8192) string EFI\ PART GPT partition table +>>>>>>>>>>>>>>0 use gpt-mbr-type +>>>>>>>>>>>>>>&-8 use gpt-table +>>>>>>>>>>>>>>0 ubyte x of 8192 bytes +>>>>>>>>>>>>>(502.l*8192) string !EFI\ PART +>>>>>>>>>>>>>>(502.l*4096) string EFI\ PART GPT partition table +>>>>>>>>>>>>>>>0 use gpt-mbr-type +>>>>>>>>>>>>>>>&-8 use gpt-table +>>>>>>>>>>>>>>>0 ubyte x of 4096 bytes +>>>>>>>>>>>>>>(502.l*4096) string !EFI\ PART +>>>>>>>>>>>>>>>(502.l*2048) string EFI\ PART GPT partition table +>>>>>>>>>>>>>>>>0 use gpt-mbr-type +>>>>>>>>>>>>>>>>&-8 use gpt-table +>>>>>>>>>>>>>>>>0 ubyte x of 2048 bytes +>>>>>>>>>>>>>>>(502.l*2048) string !EFI\ PART +>>>>>>>>>>>>>>>>(502.l*1024) string EFI\ PART GPT partition table +>>>>>>>>>>>>>>>>>0 use gpt-mbr-type +>>>>>>>>>>>>>>>>>&-8 use gpt-table +>>>>>>>>>>>>>>>>>0 ubyte x of 1024 bytes +>>>>>>>>>>>>>>>>(502.l*1024) string !EFI\ PART +>>>>>>>>>>>>>>>>>(502.l*512) string EFI\ PART GPT partition table +>>>>>>>>>>>>>>>>>>0 use gpt-mbr-type +>>>>>>>>>>>>>>>>>>&-8 use gpt-table +>>>>>>>>>>>>>>>>>>0 ubyte x of 512 bytes + +# The following code does GPT detection and processing, including +# sector size detection. +# It has to be duplicated above because the top-level pattern +# (i.e. not called using 'use') must print *something* for file +# to count it as a match. Text only printed in named patterns is +# not counted, and causes file to continue, and try and match +# other patterns. +# +# Unfortunately, when assuming sector sizes >=16k, if the sector size +# happens to be 512 instead, we may find confusing data after the GPT +# table... If the GPT table has less than 128 entries, this may even +# happen for assumed sector sizes as small as 4k +# This could be solved by checking for the presence of the backup GPT +# header as well, but that makes the logic extremely complex +##0 name gpt-mbr-partition +##>(8.l*8192) string EFI\ PART +##>>(8.l*8192) use gpt-mbr-type +##>>&-8 use gpt-table +##>>0 ubyte x of 8192 bytes +##>(8.l*8192) string !EFI\ PART +##>>(8.l*4096) string EFI\ PART GPT partition table +##>>>0 use gpt-mbr-type +##>>>&-8 use gpt-table +##>>>0 ubyte x of 4096 bytes +##>>(8.l*4096) string !EFI\ PART +##>>>(8.l*2048) string EFI\ PART GPT partition table +##>>>>0 use gpt-mbr-type +##>>>>&-8 use gpt-table +##>>>>0 ubyte x of 2048 bytes +##>>>(8.l*2048) string !EFI\ PART +##>>>>(8.l*1024) string EFI\ PART GPT partition table +##>>>>>0 use gpt-mbr-type +##>>>>>&-8 use gpt-table +##>>>>>0 ubyte x of 1024 bytes +##>>>>(8.l*1024) string !EFI\ PART +##>>>>>(8.l*512) string EFI\ PART GPT partition table +##>>>>>>0 use gpt-mbr-type +##>>>>>>&-8 use gpt-table +##>>>>>>0 ubyte x of 512 bytes + +# Print details of MBR type for a GPT-disk +# Calling code ensures that there is only one 0xee partition. +0 name gpt-mbr-type +# GPT with protective MBR entry in partition 1 +>450 ubyte 0xee +>>454 ulelong 1 +>>>462 string !\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0 \b (with hybrid MBR) +>>454 ulelong !1 \b (nonstandard: not at LBA 1) +# GPT with protective MBR entry in partition 2 +>466 ubyte 0xee +>>470 ulelong 1 +>>>478 string \0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0 +>>>>446 string !\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0 \b (with hybrid MBR) +>>>478 string !\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0 \b (with hybrid MBR) +>>470 ulelong !1 \b (nonstandard: not at LBA 1) +# GPT with protective MBR entry in partition 3 +>482 ubyte 0xee +>>486 ulelong 1 +>>>494 string \0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0 +>>>>446 string !\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0 \b (with hybrid MBR) +>>>494 string !\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0 \b (with hybrid MBR) +>>486 ulelong !1 \b (nonstandard: not at LBA 1) +# GPT with protective MBR entry in partition 4 +>498 ubyte 0xee +>>502 ulelong 1 +>>>446 string !\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0 \b (with hybrid MBR) +>>502 ulelong !1 \b (nonstandard: not at LBA 1) + +# Print the information from a GPT partition table structure +0 name gpt-table +>10 uleshort x \b, version %u +>8 uleshort x \b.%u +# a GUID is just like a UUID, except it's displayed mixed-endian. +>56 ulelong x \b, GUID: %08x +>60 uleshort x \b-%04x +>62 uleshort x \b-%04x +>64 ubeshort x \b-%04x +>66 ubeshort x \b-%04x +>68 ubelong x \b%08x +#>80 uleshort x \b, %d partition entries +>32 ulequad+1 x \b, disk size: %lld sectors + +# In case a GPT data-structure is at LBA 0, report it as well +# This covers systems which are not GPT-aware, and which show +# and allow access to the protective partition. This code will +# detect the contents of such a partition. +0 string EFI\ PART GPT data structure (nonstandard: at LBA 0) +>0 use gpt-table +>0 ubyte x (sector size unknown) + + diff --git a/contrib/file/magic/Magdir/hitachi-sh b/contrib/file/magic/Magdir/hitachi-sh index 96067e9ba5..213d2d69c4 100644 --- a/contrib/file/magic/Magdir/hitachi-sh +++ b/contrib/file/magic/Magdir/hitachi-sh @@ -1,11 +1,14 @@ #------------------------------------------------------------------------------ -# $File: hitachi-sh,v 1.5 2009/09/19 16:28:09 christos Exp $ +# $File: hitachi-sh,v 1.6 2013/01/29 19:31:33 christos Exp $ # hitach-sh: file(1) magic for Hitachi Super-H # # Super-H COFF # +# below test line conflicts with 2nd NTFS filesystem sector 0 beshort 0x0500 Hitachi SH big-endian COFF +# 2nd NTFS filesystem sector often starts with 0x05004e00 for unicode string 5 NTLDR +#0 ubelong&0xFFFFNMPQ 0x0500NMPQ Hitachi SH big-endian COFF >18 beshort&0x0002 =0x0000 object >18 beshort&0x0002 =0x0002 executable >18 beshort&0x0008 =0x0008 \b, stripped diff --git a/contrib/file/magic/Magdir/ibm6000 b/contrib/file/magic/Magdir/ibm6000 index 72755fafc4..7f45072a18 100644 --- a/contrib/file/magic/Magdir/ibm6000 +++ b/contrib/file/magic/Magdir/ibm6000 @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: ibm6000,v 1.9 2009/09/19 16:28:09 christos Exp $ +# $File: ibm6000,v 1.12 2013/09/16 15:12:42 christos Exp $ # ibm6000: file(1) magic for RS/6000 and the RT PC. # 0 beshort 0x01df executable (RISC System/6000 V3.1) or obj module @@ -18,3 +18,14 @@ 0 string \ archive 0 string \ archive (big format) +0 beshort 0x01f7 64-bit XCOFF executable or object module +>20 belong 0 not stripped +# GRR: this test is still too general as it catches also many FATs of DOS filesystems +4 belong &0x0feeddb0 +# real core dump could not be 32-bit and 64-bit together +>7 byte&0x03 !3 AIX core file +>>1 byte &0x01 fulldump +>>7 byte &0x01 32-bit +>>>0x6e0 string >\0 \b, %s +>>7 byte &0x02 64-bit +>>>0x524 string >\0 \b, %s diff --git a/contrib/file/magic/Magdir/icc b/contrib/file/magic/Magdir/icc new file mode 100644 index 0000000000..37fa30e8cb --- /dev/null +++ b/contrib/file/magic/Magdir/icc @@ -0,0 +1,51 @@ + +#------------------------------------------------------------------------------ +# $File: icc,v 1.1 2013/01/08 01:43:18 christos Exp $ +# icc: file(1) magic for International Color Consortium file formats + +# +# Color profiles as per the ICC's "Image technology colour management - +# Architecture, profile format, and data structure" specification. +# See +# +# http://www.color.org/specification/ICC1v43_2010-12.pdf +# +# for Specification ICC.1:2010 (Profile version 4.3.0.0). +# +# Bytes 36 to 39 contain a generic profile file signature of "acsp"; +# bytes 40 to 43 "may be used to identify the primary platform/operating +# system framework for which the profile was created". +# +# There are other fields that might be worth dumping as well. +# + +# This appears to be what's used for Apple ColorSync profiles. +# Instead of adding that, Apple just changed the generic "acsp" entry +# to be for "ColorSync ICC Color Profile" rather than "Kodak Color +# Management System, ICC Profile". +# Yes, it's "APPL", not "AAPL"; see the spec. +36 string acspAPPL ColorSync ICC Profile +!:mime application/vnd.iccprofile + +# Microsoft ICM color profile +36 string acspMSFT Microsoft ICM Color Profile +!:mime application/vnd.iccprofile + +# Yes, that's a blank after "SGI". +36 string acspSGI\ SGI ICC Profile +!:mime application/vnd.iccprofile + +# XXX - is this what's used for the Sun KCMS or not? The standard file +# uses just "acsp" for that, but Apple's file uses it for "ColorSync", +# and there *is* an identified "primary platform" value of SUNW. +36 string acspSUNW Sun KCMS ICC Profile +!:mime application/vnd.iccprofile + +# Any other profile. +# XXX - should we use "acsp\0\0\0\0" for "no primary platform" profiles, +# and use "acsp" for everything else and dump the "primary platform" +# string in those cases? +36 string acsp ICC Profile +!:mime application/vnd.iccprofile + + diff --git a/contrib/file/magic/Magdir/images b/contrib/file/magic/Magdir/images index 1d4a0232a9..6497e593cf 100644 --- a/contrib/file/magic/Magdir/images +++ b/contrib/file/magic/Magdir/images @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: images,v 1.72 2011/12/08 12:12:46 rrt Exp $ +# $File: images,v 1.87 2013/12/11 14:14:20 christos Exp $ # images: file(1) magic for image formats (see also "iff", and "c-lang" for # XPM bitmaps) # @@ -32,17 +32,42 @@ # PBMPLUS images # The next byte following the magic is always whitespace. -0 search/1 P1 Netpbm PBM image text +# strength is changed to try these patterns before "x86 boot sector" +0 search/1 P1 +>3 regex =[0-9]{0,50}\ [0-9]{0,50} Netpbm PBM image text +>3 regex =[0-9]{1,50}\ \b, size = %sx +>>3 regex =\ [0-9]{1,50} \b%s +!:strength + 45 !:mime image/x-portable-bitmap -0 search/1b P2 Netpbm PGM image text +0 search/1 P2 +>3 regex =[0-9]{0,50}\ [0-9]{0,50} Netpbm PGM image text +>3 regex =[0-9]{1,50}\ \b, size = %sx +>>3 regex =\ [0-9]{1,50} \b%s +!:strength + 45 !:mime image/x-portable-greymap -0 search/1 P3 Netpbm PPM image text +0 search/1 P3 +>3 regex =[0-9]{0,50}\ [0-9]{0,50} Netpbm PPM image text +>3 regex =[0-9]{1,50}\ \b, size = %sx +>>3 regex =\ [0-9]{1,50} \b%s +!:strength + 45 !:mime image/x-portable-pixmap -0 string P4 Netpbm PBM "rawbits" image data +0 string P4 +>3 regex =[0-9]{0,50}\ [0-9]{0,50} Netpbm PBM "rawbits" image data +>3 regex =[0-9]{1,50}\ \b, size = %sx +>>3 regex =\ [0-9]{1,50} \b%s +!:strength + 45 !:mime image/x-portable-bitmap -0 string P5 Netpbm PGM "rawbits" image data +0 string P5 +>3 regex =[0-9]{0,50}\ [0-9]{0,50} Netpbm PGM "rawbits" image data +>3 regex =[0-9]{1,50}\ \b, size = %sx +>>3 regex =\ [0-9]{1,50} \b%s +!:strength + 45 !:mime image/x-portable-greymap -0 string P6 Netpbm PPM "rawbits" image data +0 string P6 +>3 regex =[0-9]{0,50}\ [0-9]{0,50} Netpbm PPM "rawbits" image data +>3 regex =[0-9]{1,50}\ \b, size = %sx +>>3 regex =\ [0-9]{1,50} \b%s +!:strength + 45 !:mime image/x-portable-pixmap 0 string P7 Netpbm PAM image file !:mime image/x-portable-pixmap @@ -203,8 +228,36 @@ # From: Herbert Rosmanith 0 string Sfff structured fax file +# From: Joerg Jenderek +# most files with the extension .EPA and some with .BMP +0 string \x11\x06 Award BIOS Logo, 136 x 84 +!:mime image/x-award-bioslogo +0 string \x11\x09 Award BIOS Logo, 136 x 126 +!:mime image/x-award-bioslogo +#0 string \x07\x1f BIOS Logo corrupted? +# http://www.blackfiveservices.co.uk/awbmtools.shtml +# http://biosgfx.narod.ru/v3/ +# http://biosgfx.narod.ru/abr-2/ +0 string AWBM +>4 leshort <1981 Award BIOS bitmap +!:mime image/x-award-bmp +# image width is a multiple of 4 +>>4 leshort&0x0003 0 +>>>4 leshort x \b, %d +>>>6 leshort x x %d +>>4 leshort&0x0003 >0 \b, +>>>4 leshort&0x0003 =1 +>>>>4 leshort x %d+3 +>>>4 leshort&0x0003 =2 +>>>>4 leshort x %d+2 +>>>4 leshort&0x0003 =3 +>>>>4 leshort x %d+1 +>>>6 leshort x x %d +# at offset 8 starts imagedata followed by "RGB " marker # PC bitmaps (OS/2, Windows BMP files) (Greg Roelofs, newt@uchicago.edu) +# http://en.wikipedia.org/wiki/BMP_file_format#DIB_header_.\ +# 28bitmap_information_header.29 0 string BM >14 leshort 12 PC bitmap, OS/2 1.x format !:mime image/x-ms-bmp @@ -219,6 +272,16 @@ >>18 lelong x \b, %d x >>22 lelong x %d x >>28 leshort x %d +>14 leshort 124 PC bitmap, Windows 98/2000 and newer format +!:mime image/x-ms-bmp +>>18 lelong x \b, %d x +>>22 lelong x %d x +>>28 leshort x %d +>14 leshort 108 PC bitmap, Windows 95/NT4 and newer format +!:mime image/x-ms-bmp +>>18 lelong x \b, %d x +>>22 lelong x %d x +>>28 leshort x %d >14 leshort 128 PC bitmap, Windows NT/2000 format !:mime image/x-ms-bmp >>18 lelong x \b, %d x @@ -376,7 +439,7 @@ >5 byte 0x00 (white background) >5 byte 0xFF (black background) -# Gürkan Sengün , www.linuks.mine.nu +# Gurkan Sengun , www.linuks.mine.nu # http://www.atarimax.com/jindroush.atari.org/afmtatr.html 0 leshort 0x0296 Atari ATR image @@ -401,38 +464,39 @@ #>12 beshort 3 RP175 #>12 beshort 4 YUV -#------------------------------------------------------------------------------ -# -# Marco Schmidt (marcoschmidt@users.sourceforge.net) -- an image file format -# for the EPOC operating system, which is used with PDAs like those from Psion -# -# see http://huizen.dds.nl/~frodol/psiconv/html/Index.html for a description -# of various EPOC file formats - -0 string \x37\x00\x00\x10\x42\x00\x00\x10\x00\x00\x00\x00\x39\x64\x39\x47 EPOC MBM image file - # PCX image files # From: Dan Fandrich -0 beshort 0x0a00 PCX ver. 2.5 image data -0 beshort 0x0a02 PCX ver. 2.8 image data, with palette -0 beshort 0x0a03 PCX ver. 2.8 image data, without palette -0 beshort 0x0a04 PCX for Windows image data -0 beshort 0x0a05 PCX ver. 3.0 image data ->4 leshort x bounding box [%hd, ->6 leshort x %hd] - ->8 leshort x [%hd, ->10 leshort x %hd], ->65 byte >1 %d planes each of ->3 byte x %hhd-bit ->68 byte 0 image, ->68 byte 1 colour, ->68 byte 2 grayscale, ->68 byte >2 image, ->68 byte <0 image, ->12 leshort >0 %hd x ->>14 leshort x %hd dpi, ->2 byte 0 uncompressed ->2 byte 1 RLE compressed +# updated by Joerg Jenderek at Feb 2013 by http://de.wikipedia.org/wiki/PCX +# http://web.archive.org/web/20100206055706/http://www.qzx.com/pc-gpe/pcx.txt +# GRR: original test was still too general as it catches xbase examples T5.DBT,T6.DBT with 0xa000000 +# test for bytes 0x0a,version byte (0,2,3,4,5),compression byte flag(0,1), bit depth (>0) of PCX or T5.DBT,T6.DBT +0 ubelong&0xffF8fe00 0x0a000000 +# for PCX bit depth > 0 +>3 ubyte >0 +# test for valid versions +>>1 ubyte <6 +>>>1 ubyte !1 PCX +!:mime image/x-pcx +#!:mime image/pcx +>>>>1 ubyte 0 ver. 2.5 image data +>>>>1 ubyte 2 ver. 2.8 image data, with palette +>>>>1 ubyte 3 ver. 2.8 image data, without palette +>>>>1 ubyte 4 for Windows image data +>>>>1 ubyte 5 ver. 3.0 image data +>>>>4 uleshort x bounding box [%hd, +>>>>6 uleshort x %d] - +>>>>8 uleshort x [%d, +>>>>10 uleshort x %d], +>>>>65 ubyte >1 %d planes each of +>>>>3 ubyte x %d-bit +>>>>68 byte 1 colour, +>>>>68 byte 2 grayscale, +# this should not happen +>>>>68 default x image, +>>>>12 leshort >0 %d x +>>>>>14 uleshort x %d dpi, +>>>>2 byte 0 uncompressed +>>>>2 byte 1 RLE compressed # Adobe Photoshop # From: Asbjoern Sloth Toennesen @@ -615,9 +679,61 @@ >12 string THUM DjVu page thumbnails !:mime image/vnd.djvu - -# From Marc Espie -0 lelong 20000630 OpenEXR image data +# Originally by Marc Espie +# Modified by Robert Minsk +# http://www.openexr.com/openexrfilelayout.pdf +0 lelong 20000630 OpenEXR image data, +!:mime image/x-exr +>4 lelong&0x000000ff x version %d, +>4 lelong ^0x00000200 storage: scanline +>4 lelong &0x00000200 storage: tiled +>8 search/0x1000 compression\0 \b, compression: +>>&16 byte 0 none +>>&16 byte 1 rle +>>&16 byte 2 zips +>>&16 byte 3 zip +>>&16 byte 4 piz +>>&16 byte 5 pxr24 +>>&16 byte 6 b44 +>>&16 byte 7 b44a +>>&16 byte >7 unknown +>8 search/0x1000 dataWindow\0 \b, dataWindow: +>>&10 lelong x (%d +>>&14 lelong x %d)- +>>&18 lelong x \b(%d +>>&22 lelong x %d) +>8 search/0x1000 displayWindow\0 \b, displayWindow: +>>&10 lelong x (%d +>>&14 lelong x %d)- +>>&18 lelong x \b(%d +>>&22 lelong x %d) +>8 search/0x1000 lineOrder\0 \b, lineOrder: +>>&14 byte 0 increasing y +>>&14 byte 1 decreasing y +>>&14 byte 2 random y +>>&14 byte >2 unknown + +# SMPTE Digital Picture Exchange Format, SMPTE DPX +# +# ANSI/SMPTE 268M-1994, SMPTE Standard for File Format for Digital +# Moving-Picture Exchange (DPX), v1.0, 18 February 1994 +# Robert Minsk +0 string SDPX DPX image data, big-endian, +!:mime image/x-dpx +>768 beshort <4 +>>772 belong x %dx +>>776 belong x \b%d, +>768 beshort >3 +>>776 belong x %dx +>>772 belong x \b%d, +>768 beshort 0 left to right/top to bottom +>768 beshort 1 right to left/top to bottom +>768 beshort 2 left to right/bottom to top +>768 beshort 3 right to left/bottom to top +>768 beshort 4 top to bottom/left to right +>768 beshort 5 top to bottom/right to left +>768 leshort 6 bottom to top/left to right +>768 leshort 7 bottom to top/right to left # From: Tom Hilinski # http://www.unidata.ucar.edu/packages/netcdf/ @@ -630,6 +746,15 @@ !:mime application/x-hdf 0 string \211HDF\r\n\032\n Hierarchical Data Format (version 5) data !:mime application/x-hdf +512 string \211HDF\r\n\032\n Hierarchical Data Format (version 5) with 512 bytes user block +!:mime application/x-hdf +1024 string \211HDF\r\n\032\n Hierarchical Data Format (version 5) with 1k user block +!:mime application/x-hdf +2048 string \211HDF\r\n\032\n Hierarchical Data Format (version 5) with 2k user block +!:mime application/x-hdf +4096 string \211HDF\r\n\032\n Hierarchical Data Format (version 5) with 4k user block +!:mime application/x-hdf + # From: Tobias Burnus # Xara (for a while: Corel Xara) is a graphic package, see @@ -665,9 +790,38 @@ # From Tano M Fotang 0 string \xff\xa0\xff\xa8\x00 Wavelet Scalar Quantization image data -# JPEG 2000 Code Stream Bitmap -# From Petr Splichal -0 string \xFF\x4F\xFF\x51\x00 JPEG-2000 Code Stream Bitmap data +# Type: PCO B16 image files +# URL: http://www.pco.de/fileadmin/user_upload/db/download/MA_CWDCOPIE_0412b.pdf +# From: Florian Philipp +# Extension: .b16 +# Description: Pixel image format produced by PCO Camware, typically used +# together with PCO cameras. +# Note: Different versions exist for e.g. 8 bit and 16 bit images. +# Documentation is incomplete. +0 string/b PCO- PCO B16 image data +>12 lelong x \b, %dx +>16 lelong x \b%d +>20 lelong 0 \b, short header +>20 lelong -1 \b, extended header +>>24 lelong 0 \b, grayscale +>>>36 lelong 0 linear LUT +>>>36 lelong 1 logarithmic LUT +>>>28 lelong x [%d +>>>32 lelong x \b,%d] +>>24 lelong 1 \b, color +>>>64 lelong 0 linear LUT +>>>64 lelong 1 logarithmic LUT +>>>40 lelong x r[%d +>>>44 lelong x \b,%d] +>>>48 lelong x g[%d +>>>52 lelong x \b,%d] +>>>56 lelong x b[%d +>>>60 lelong x \b,%d] + +# Polar Monitor Bitmap (.pmb) used as logo for Polar Electro watches +# From: Markus Heidelberg +0 string/t [BitmapInfo2] Polar Monitor Bitmap text +!:mime image/x-polar-monitor-bitmap # From: Rick Richardson 0 string GARMIN\ BITMAP\ 01 Garmin Bitmap file @@ -733,3 +887,8 @@ # Not really an image. # From: "Tano M. Fotang" 0 string \x46\x4d\x52\x00 ISO/IEC 19794-2 Format Minutiae Record (FMR) + +# WEBP https://developers.google.com/speed/webp/docs/riff_container +0 string RIFF +>8 string WEBP Web/P image data +>>4 lelong x \b, %d bytes diff --git a/contrib/file/magic/Magdir/intel b/contrib/file/magic/Magdir/intel index 47812a0ea3..c3657f0533 100644 --- a/contrib/file/magic/Magdir/intel +++ b/contrib/file/magic/Magdir/intel @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: intel,v 1.10 2011/03/30 19:51:00 christos Exp $ +# $File: intel,v 1.11 2013/02/06 14:18:52 christos Exp $ # intel: file(1) magic for x86 Unix # # Various flavors of x86 UNIX executable/object (other than Xenix, which @@ -37,7 +37,7 @@ # rom: file(1) magic for BIOS ROM Extensions found in intel machines # mapped into memory between 0xC0000 and 0xFFFFF -# From Gürkan Sengün , www.linuks.mine.nu +# From Gurkan Sengun , www.linuks.mine.nu 0 beshort 0x55AA BIOS (ia32) ROM Ext. >5 string USB USB >7 string LDR UNDI image diff --git a/contrib/file/magic/Magdir/java b/contrib/file/magic/Magdir/java index 0aca86a5e1..b09302ee65 100644 --- a/contrib/file/magic/Magdir/java +++ b/contrib/file/magic/Magdir/java @@ -1,6 +1,6 @@ #------------------------------------------------------------ -# $File: java,v 1.13 2011/12/08 12:12:46 rrt Exp $ +# $File: java,v 1.16 2013/09/24 20:22:03 christos Exp $ # Java ByteCode and Mach-O binaries (e.g., Mac OS X) use the # same magic number, 0xcafebabe, so they are both handled # in the entry called "cafebabe". @@ -15,15 +15,6 @@ 0 belong 0xcececece Java JCE KeyStore !:mime application/x-java-jce-keystore -# Dalvik .dex format. http://retrodev.com/android/dexformat.html -# From "Mike Fleming" -0 string dex\n ->0 regex dex\n[0-9][0-9][0-9]\0 Dalvik dex file ->4 string >000 version %s -0 string dey\n ->0 regex dey\n[0-9][0-9][0-9]\0 Dalvik dex file (optimized for host) ->4 string >000 version %s - # Java source 0 regex ^import.*;$ Java source !:mime text/x-java diff --git a/contrib/file/magic/Magdir/javascript b/contrib/file/magic/Magdir/javascript new file mode 100644 index 0000000000..8f664533a1 --- /dev/null +++ b/contrib/file/magic/Magdir/javascript @@ -0,0 +1,17 @@ + +#------------------------------------------------------------------------------ +# $File: javascript,v 1.1 2012/06/16 13:30:36 christos Exp $ +# javascript: magic for javascript and node.js scripts. +# +0 search/1/w #!/bin/node Node.js script text executable +!:mime application/javascript +0 search/1/w #!/usr/bin/node Node.js script text executable +!:mime application/javascript +0 search/1/w #!/bin/nodejs Node.js script text executable +!:mime application/javascript +0 search/1/w #!/usr/bin/nodejs Node.js script text executable +!:mime application/javascript +0 search/1 #!/usr/bin/env\ node Node.js script text executable +!:mime application/javascript +0 search/1 #!/usr/bin/env\ nodejs Node.js script text executable +!:mime application/javascript diff --git a/contrib/file/magic/Magdir/jpeg b/contrib/file/magic/Magdir/jpeg index 7814245add..bc8b342664 100644 --- a/contrib/file/magic/Magdir/jpeg +++ b/contrib/file/magic/Magdir/jpeg @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: jpeg,v 1.16 2011/01/04 19:29:32 rrt Exp $ +# $File: jpeg,v 1.19 2013/02/04 15:50:03 christos Exp $ # JPEG images # SunOS 5.5.1 had # @@ -12,7 +12,7 @@ 0 beshort 0xffd8 JPEG image data !:mime image/jpeg !:apple 8BIMJPEG -!:strength +1 +!:strength +2 >6 string JFIF \b, JFIF standard # The following added by Erik Rossen 1999-09-06 # in a vain attempt to add image size reporting for JFIF. Note that these @@ -153,7 +153,20 @@ 0 string hsi1 JPEG image data, HSI proprietary # From: David Santinoli -0 string \x00\x00\x00\x0C\x6A\x50\x20\x20\x0D\x0A\x87\x0A JPEG 2000 image data +0 string \x00\x00\x00\x0C\x6A\x50\x20\x20\x0D\x0A\x87\x0A JPEG 2000 +# From: Johan van der Knijff +# Added sub-entries for JP2, JPX, JPM and MJ2 formats; added mimetypes +# https://github.com/bitsgalore/jp2kMagic +# +# Now read value of 'Brand' field, which yields a few possibilities: +>20 string \x6a\x70\x32\x20 Part 1 (JP2) +!:mime image/jp2 +>20 string \x6a\x70\x78\x20 Part 2 (JPX) +!:mime image/jpx +>20 string \x6a\x70\x6d\x20 Part 6 (JPM) +!:mime image/jpm +>20 string \x6d\x6a\x70\x32 Part 3 (MJ2) +!:mime video/mj2 # Type: JPEG 2000 codesream # From: Mathieu Malaterre diff --git a/contrib/file/magic/Magdir/keepass b/contrib/file/magic/Magdir/keepass new file mode 100644 index 0000000000..ba132d57de --- /dev/null +++ b/contrib/file/magic/Magdir/keepass @@ -0,0 +1,20 @@ + +#------------------------------------------------------------------------------ +# $File: keepass,v 1.1 2012/12/24 22:14:56 christos Exp $ +# keepass: file(1) magic for KeePass file +# +# Keepass Password Safe: +# * original one: http://keepass.info/ +# * *nix port: http://www.keepassx.org/ +# * android port: http://code.google.com/p/keepassdroid/ + +0 lelong 0x9AA2D903 Keepass password database +>4 lelong 0xB54BFB65 1.x KDB +>>48 lelong >0 \b, %d groups +>>52 lelong >0 \b, %d entries +>>8 lelong&0x0f 1 \b, SHA-256 +>>8 lelong&0x0f 2 \b, AES +>>8 lelong&0x0f 4 \b, RC4 +>>8 lelong&0x0f 8 \b, Twofish +>>120 lelong >0 \b, %d key transformation rounds +>4 lelong 0xB54BFB67 2.x KDBX diff --git a/contrib/file/magic/Magdir/linux b/contrib/file/magic/Magdir/linux index 8d4c60adfd..4360f2dcf4 100644 --- a/contrib/file/magic/Magdir/linux +++ b/contrib/file/magic/Magdir/linux @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: linux,v 1.42 2012/02/07 21:35:03 christos Exp $ +# $File: linux,v 1.54 2014/03/02 00:01:29 christos Exp $ # linux: file(1) magic for Linux files # # Values for Linux/i386 binaries, from Daniel Quinlan @@ -36,8 +36,11 @@ >28 long !0 not stripped 0 string \01\03\040\20 Minix-386 executable >28 long !0 not stripped +0 string \01\03\04\20 Minix-386 NSYM/GNU executable +>28 long !0 not stripped # core dump file, from Bill Reynolds 216 lelong 0421 Linux/i386 core file +!:strength / 2 >220 string >\0 of '%s' >200 lelong >0 (signal %d) # @@ -46,7 +49,10 @@ 2 string LILO Linux/i386 LILO boot/chain loader # # Linux make config build file, from Ole Aamot -28 string make\ config Linux make config build file +# Updated by Ken Sharp +28 string make\ config Linux make config build file (old) +49 search/70 Kernel\ Configuration Linux make config build file + # # PSF fonts, from H. Peter Anvin # Updated by Adam Buchbinder @@ -88,18 +94,21 @@ # From Daniel Novotny # swap file for PowerPC 65526 string SWAPSPACE2 Linux/ppc swap file +16374 string SWAPSPACE2 Linux/ia64 swap file # # Linux kernel boot images, from Albert Cahalan # and others such as Axel Kohlmeyer -# and Nicolás Lichtmaier +# and Nicolas Lichtmaier # All known start with: b8 c0 07 8e d8 b8 00 90 8e c0 b9 00 01 29 f6 29 # Linux kernel boot images (i386 arch) (Wolfram Kleff) 514 string HdrS Linux kernel +!:strength + 55 >510 leshort 0xAA55 x86 boot executable >>518 leshort >0x1ff >>>529 byte 0 zImage, >>>529 byte 1 bzImage, ->>>(526.s+0x200) string >\0 version %s, +>>>526 lelong >0 +>>>>(526.s+0x200) string >\0 version %s, >>498 leshort 1 RO-rootFS, >>498 leshort 0 RW-rootFS, >>508 leshort >0 root_dev 0x%X, @@ -114,10 +123,10 @@ >0x1e3 string Loading version 1.3.79 or older >0x1e9 string Loading from prehistoric times -# System.map files - Nicolás Lichtmaier +# System.map files - Nicolas Lichtmaier 8 search/1 \ A\ _text Linux kernel symbol map text -# LSM entries - Nicolás Lichtmaier +# LSM entries - Nicolas Lichtmaier 0 search/1 Begin3 Linux Software Map entry text 0 search/1 Begin4 Linux Software Map entry text (new format) @@ -213,9 +222,11 @@ # 0 lelong&0xFF00FFFF 0x17000301 ld86 SPARC executable # SYSLINUX boot logo files (from 'ppmtolss16' sources) -# http://syslinux.zytor.com/ -# +# http://www.syslinux.org/wiki/index.php/SYSLINUX#Display_graphic_from_filename: +# file extension .lss .16 0 lelong =0x1413f33d SYSLINUX' LSS16 image data +# syslinux-4.05/mime/image/x-lss16.xml +!:mime image/x-lss16 >4 leshort x \b, width %d >6 leshort x \b, height %d @@ -338,3 +349,50 @@ #>2 regex \(name\ [^)]*\) %s >20 search/256 (name (name >>&1 string x %s...) + +# Systemd journald files +# See http://www.freedesktop.org/wiki/Software/systemd/journal-files/. +# From: Zbigniew Jedrzejewski-Szmek + +# check magic +0 string LPKSHHRH +# check that state is one of known values +>16 ubyte&252 0 +# check that each half of three unique id128s is non-zero +>>24 ubequad >0 +>>>32 ubequad >0 +>>>>40 ubequad >0 +>>>>>48 ubequad >0 +>>>>>>56 ubequad >0 +>>>>>>>64 ubequad >0 Journal file +!:mime application/octet-stream +# provide more info +>>>>>>>>184 leqdate 0 empty +>>>>>>>>16 ubyte 0 \b, offline +>>>>>>>>16 ubyte 1 \b, online +>>>>>>>>16 ubyte 2 \b, archived +>>>>>>>>8 ulelong&1 1 \b, sealed +>>>>>>>>12 ulelong&1 1 \b, compressed + +# BCache backing and cache devices +# From: Gabriel de Perthuis +0x1008 lequad 8 +>0x1018 string \xc6\x85\x73\xf6\x4e\x1a\x45\xca\x82\x65\xf5\x7f\x48\xba\x6d\x81 BCache +>>0x1010 ulequad 0 cache device +>>0x1010 ulequad 1 backing device +>>0x1010 ulequad 3 cache device +>>0x1010 ulequad 4 backing device +>>0x1048 string >0 \b, label "%.32s" +>>0x1028 ubelong x \b, uuid %08x +>>0x102c ubeshort x \b-%04x +>>0x102e ubeshort x \b-%04x +>>0x1030 ubeshort x \b-%04x +>>0x1032 ubelong x \b-%08x +>>0x1036 ubeshort x \b%04x +>>0x1038 ubelong x \b, set uuid %08x +>>0x103c ubeshort x \b-%04x +>>0x103e ubeshort x \b-%04x +>>0x1040 ubeshort x \b-%04x +>>0x1042 ubelong x \b-%08x +>>0x1046 ubeshort x \b%04x + diff --git a/contrib/file/magic/Magdir/llvm b/contrib/file/magic/Magdir/llvm index 44a4009403..1f15eac7b5 100644 --- a/contrib/file/magic/Magdir/llvm +++ b/contrib/file/magic/Magdir/llvm @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: llvm,v 1.5 2010/09/20 18:55:20 rrt Exp $ +# $File: llvm,v 1.8 2013/01/12 03:09:51 christos Exp $ # llvm: file(1) magic for LLVM byte-codes # URL: http://llvm.org/docs/BitCodeFormat.html # From: Al Stone @@ -9,5 +9,13 @@ 0 string llvc0 LLVM byte-codes, null compression 0 string llvc1 LLVM byte-codes, gzip compression 0 string llvc2 LLVM byte-codes, bzip2 compression -0 string \xde\xc0\x17\x0b LLVM bitcode, wrapper -0 string BC\xc0\xde LLVM bitcode + +0 lelong 0x0b17c0de LLVM bitcode, wrapper +# Are these Mach-O ABI values? They appear to be. +>16 lelong 0x01000007 x86_64 +>16 lelong 0x00000007 i386 +>16 lelong 0x00000012 ppc +>16 lelong 0x01000012 ppc64 +>16 lelong 0x0000000c arm + +0 string BC\xc0\xde LLVM IR bitcode diff --git a/contrib/file/magic/Magdir/lua b/contrib/file/magic/Magdir/lua index 61e69a63b5..4c578be60f 100644 --- a/contrib/file/magic/Magdir/lua +++ b/contrib/file/magic/Magdir/lua @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: lua,v 1.5 2009/09/19 16:28:10 christos Exp $ +# $File: lua,v 1.6 2013/01/09 16:23:17 christos Exp $ # lua: file(1) magic for Lua scripting language # URL: http://www.lua.org/ # From: Reuben Thomas , Seo Sanghyeon @@ -19,3 +19,4 @@ 0 string \033Lua Lua bytecode, >4 byte 0x50 version 5.0 >4 byte 0x51 version 5.1 +>4 byte 0x52 version 5.2 diff --git a/contrib/file/magic/Magdir/mach b/contrib/file/magic/Magdir/mach index 8d03f1ae4a..fccb17b7cb 100644 --- a/contrib/file/magic/Magdir/mach +++ b/contrib/file/magic/Magdir/mach @@ -1,86 +1,214 @@ #------------------------------------------------------------ -# $File: mach,v 1.9 2009/09/19 16:28:10 christos Exp $ +# $File: mach,v 1.17 2013/03/07 02:22:52 christos Exp $ # Mach has two magic numbers, 0xcafebabe and 0xfeedface. # Unfortunately the first, cafebabe, is shared with # Java ByteCode, so they are both handled in the file "cafebabe". # The "feedface" ones are handled herein. #------------------------------------------------------------ -0 lelong&0xfffffffe 0xfeedface Mach-O ->0 byte 0xcf 64-bit ->12 lelong 1 object ->12 lelong 2 executable ->12 lelong 3 fixed virtual memory shared library ->12 lelong 4 core ->12 lelong 5 preload executable ->12 lelong 6 dynamically linked shared library ->12 lelong 7 dynamic linker ->12 lelong 8 bundle ->12 lelong 9 dynamically linked shared library stub ->12 lelong >9 ->>12 lelong x filetype=%ld ->4 lelong <0 ->>4 lelong x architecture=%ld ->4 lelong 1 vax ->4 lelong 2 romp ->4 lelong 3 architecture=3 ->4 lelong 4 ns32032 ->4 lelong 5 ns32332 ->4 lelong 6 m68k ->4 lelong 7 i386 ->4 lelong 8 mips ->4 lelong 9 ns32532 ->4 lelong 10 architecture=10 ->4 lelong 11 hppa ->4 lelong 12 acorn ->4 lelong 13 m88k ->4 lelong 14 sparc ->4 lelong 15 i860-big ->4 lelong 16 i860 ->4 lelong 17 rs6000 ->4 lelong 18 ppc ->4 lelong 16777234 ppc64 ->4 lelong >16777234 ->>4 lelong x architecture=%ld +# if set, it's for the 64-bit version of the architecture +# yes, this is separate from the low-order magic number bit +# it's also separate from the "64-bit libraries" bit in the +# upper 8 bits of the CPU subtype + +0 name mach-o-cpu +>0 belong&0x01000000 0 # -0 belong&0xfffffffe 0xfeedface Mach-O ->3 byte 0xcf 64-bit +# 32-bit ABIs. +# +# 1 vax +>>0 belong&0x00ffffff 1 +>>>4 belong&0x00ffffff 0 vax +>>>4 belong&0x00ffffff 1 vax11/780 +>>>4 belong&0x00ffffff 2 vax11/785 +>>>4 belong&0x00ffffff 3 vax11/750 +>>>4 belong&0x00ffffff 4 vax11/730 +>>>4 belong&0x00ffffff 5 uvaxI +>>>4 belong&0x00ffffff 6 uvaxII +>>>4 belong&0x00ffffff 7 vax8200 +>>>4 belong&0x00ffffff 8 vax8500 +>>>4 belong&0x00ffffff 9 vax8600 +>>>4 belong&0x00ffffff 10 vax8650 +>>>4 belong&0x00ffffff 11 vax8800 +>>>4 belong&0x00ffffff 12 uvaxIII +>>>4 belong&0x00ffffff >12 vax subarchitecture=%ld +>>0 belong&0x00ffffff 2 romp +>>0 belong&0x00ffffff 3 architecture=3 +>>0 belong&0x00ffffff 4 ns32032 +>>0 belong&0x00ffffff 5 ns32332 +>>0 belong&0x00ffffff 6 m68k +# 7 x86 +>>0 belong&0x00ffffff 7 +>>>4 belong&0x0000000f 3 i386 +>>>4 belong&0x0000000f 4 i486 +>>>>4 belong&0x00fffff0 0 +>>>>4 belong&0x00fffff0 0x80 \bsx +>>>4 belong&0x0000000f 5 i586 +>>>4 belong&0x0000000f 6 +>>>>4 belong&0x00fffff0 0 p6 +>>>>4 belong&0x00fffff0 0x10 pentium_pro +>>>>4 belong&0x00fffff0 0x20 pentium_2_m0x20 +>>>>4 belong&0x00fffff0 0x30 pentium_2_m3 +>>>>4 belong&0x00fffff0 0x40 pentium_2_m0x40 +>>>>4 belong&0x00fffff0 0x50 pentium_2_m5 +>>>>4 belong&0x00fffff0 >0x50 pentium_2_m0x%lx +>>>4 belong&0x0000000f 7 celeron +>>>>4 belong&0x00fffff0 0x00 \b_m0x%lx +>>>>4 belong&0x00fffff0 0x10 \b_m0x%lx +>>>>4 belong&0x00fffff0 0x20 \b_m0x%lx +>>>>4 belong&0x00fffff0 0x30 \b_m0x%lx +>>>>4 belong&0x00fffff0 0x40 \b_m0x%lx +>>>>4 belong&0x00fffff0 0x50 \b_m0x%lx +>>>>4 belong&0x00fffff0 0x60 +>>>>4 belong&0x00fffff0 0x70 \b_mobile +>>>>4 belong&0x00fffff0 >0x70 \b_m0x%lx +>>>4 belong&0x0000000f 8 pentium_3 +>>>>4 belong&0x00fffff0 0x00 +>>>>4 belong&0x00fffff0 0x10 \b_m +>>>>4 belong&0x00fffff0 0x20 \b_xeon +>>>>4 belong&0x00fffff0 >0x20 \b_m0x%lx +>>>4 belong&0x0000000f 9 pentiumM +>>>>4 belong&0x00fffff0 0x00 +>>>>4 belong&0x00fffff0 >0x00 \b_m0x%lx +>>>4 belong&0x0000000f 10 pentium_4 +>>>>4 belong&0x00fffff0 0x00 +>>>>4 belong&0x00fffff0 0x10 \b_m +>>>>4 belong&0x00fffff0 >0x10 \b_m0x%lx +>>>4 belong&0x0000000f 11 itanium +>>>>4 belong&0x00fffff0 0x00 +>>>>4 belong&0x00fffff0 0x10 \b_2 +>>>>4 belong&0x00fffff0 >0x10 \b_m0x%lx +>>>4 belong&0x0000000f 12 xeon +>>>>4 belong&0x00fffff0 0x00 +>>>>4 belong&0x00fffff0 0x10 \b_mp +>>>>4 belong&0x00fffff0 >0x10 \b_m0x%lx +>>>4 belong&0x0000000f >12 ia32 family=%ld +>>>>4 belong&0x00fffff0 0x00 +>>>>4 belong&0x00fffff0 >0x00 model=%lx +>>0 belong&0x00ffffff 8 mips +>>>4 belong&0x00ffffff 1 R2300 +>>>4 belong&0x00ffffff 2 R2600 +>>>4 belong&0x00ffffff 3 R2800 +>>>4 belong&0x00ffffff 4 R2000a +>>>4 belong&0x00ffffff 5 R2000 +>>>4 belong&0x00ffffff 6 R3000a +>>>4 belong&0x00ffffff 7 R3000 +>>>4 belong&0x00ffffff >7 subarchitecture=%ld +>>0 belong&0x00ffffff 9 ns32532 +>>0 belong&0x00ffffff 10 mc98000 +>>0 belong&0x00ffffff 11 hppa +>>>4 belong&0x00ffffff 0 7100 +>>>4 belong&0x00ffffff 1 7100LC +>>>4 belong&0x00ffffff >1 subarchitecture=%ld +>>0 belong&0x00ffffff 12 arm +>>>4 belong&0x00ffffff 0 +>>>4 belong&0x00ffffff 1 subarchitecture=%ld +>>>4 belong&0x00ffffff 2 subarchitecture=%ld +>>>4 belong&0x00ffffff 3 subarchitecture=%ld +>>>4 belong&0x00ffffff 4 subarchitecture=%ld +>>>4 belong&0x00ffffff 5 \b_v4t +>>>4 belong&0x00ffffff 6 \b_v6 +>>>4 belong&0x00ffffff 7 \b_v5tej +>>>4 belong&0x00ffffff 8 \b_xscale +>>>4 belong&0x00ffffff 9 \b_v7 +>>>4 belong&0x00ffffff 10 \b_v7f +>>>4 belong&0x00ffffff 11 subarchitecture=%ld +>>>4 belong&0x00ffffff 12 \b_v7k +>>>4 belong&0x00ffffff >12 subarchitecture=%ld +# 13 m88k +>>0 belong&0x00ffffff 13 +>>>4 belong&0x00ffffff 0 mc88000 +>>>4 belong&0x00ffffff 1 mc88100 +>>>4 belong&0x00ffffff 2 mc88110 +>>>4 belong&0x00ffffff >2 mc88000 subarchitecture=%ld +>>0 belong&0x00ffffff 14 sparc +>>0 belong&0x00ffffff 15 i860g +>>0 belong&0x00ffffff 16 alpha +>>0 belong&0x00ffffff 17 rs6000 +>>0 belong&0x00ffffff 18 ppc +>>>4 belong&0x00ffffff 0 +>>>4 belong&0x00ffffff 1 \b_601 +>>>4 belong&0x00ffffff 2 \b_602 +>>>4 belong&0x00ffffff 3 \b_603 +>>>4 belong&0x00ffffff 4 \b_603e +>>>4 belong&0x00ffffff 5 \b_603ev +>>>4 belong&0x00ffffff 6 \b_604 +>>>4 belong&0x00ffffff 7 \b_604e +>>>4 belong&0x00ffffff 8 \b_620 +>>>4 belong&0x00ffffff 9 \b_650 +>>>4 belong&0x00ffffff 10 \b_7400 +>>>4 belong&0x00ffffff 11 \b_7450 +>>>4 belong&0x00ffffff 100 \b_970 +>>>4 belong&0x00ffffff >100 subarchitecture=%ld +>>0 belong&0x00ffffff >18 architecture=%ld +>0 belong&0x01000000 0x01000000 +# +# 64-bit ABIs. +# +>>0 belong&0x00ffffff 0 64-bit architecture=%ld +>>0 belong&0x00ffffff 1 64-bit architecture=%ld +>>0 belong&0x00ffffff 2 64-bit architecture=%ld +>>0 belong&0x00ffffff 3 64-bit architecture=%ld +>>0 belong&0x00ffffff 4 64-bit architecture=%ld +>>0 belong&0x00ffffff 5 64-bit architecture=%ld +>>0 belong&0x00ffffff 6 64-bit architecture=%ld +>>0 belong&0x00ffffff 7 x86_64 +>>>4 belong&0x00ffffff 0 subarchitecture=%ld +>>>4 belong&0x00ffffff 1 subarchitecture=%ld +>>>4 belong&0x00ffffff 2 subarchitecture=%ld +>>>4 belong&0x00ffffff 3 +>>>4 belong&0x00ffffff 4 \b_arch1 +>>>4 belong&0x00ffffff >4 subarchitecture=%ld +>>0 belong&0x00ffffff 8 64-bit architecture=%ld +>>0 belong&0x00ffffff 9 64-bit architecture=%ld +>>0 belong&0x00ffffff 10 64-bit architecture=%ld +>>0 belong&0x00ffffff 11 64-bit architecture=%ld +>>0 belong&0x00ffffff 12 64-bit architecture=%ld +>>0 belong&0x00ffffff 13 64-bit architecture=%ld +>>0 belong&0x00ffffff 14 64-bit architecture=%ld +>>0 belong&0x00ffffff 15 64-bit architecture=%ld +>>0 belong&0x00ffffff 16 64-bit architecture=%ld +>>0 belong&0x00ffffff 17 64-bit architecture=%ld +>>0 belong&0x00ffffff 18 ppc64 +>>>4 belong&0x00ffffff 0 +>>>4 belong&0x00ffffff 1 \b_601 +>>>4 belong&0x00ffffff 2 \b_602 +>>>4 belong&0x00ffffff 3 \b_603 +>>>4 belong&0x00ffffff 4 \b_603e +>>>4 belong&0x00ffffff 5 \b_603ev +>>>4 belong&0x00ffffff 6 \b_604 +>>>4 belong&0x00ffffff 7 \b_604e +>>>4 belong&0x00ffffff 8 \b_620 +>>>4 belong&0x00ffffff 9 \b_650 +>>>4 belong&0x00ffffff 10 \b_7400 +>>>4 belong&0x00ffffff 11 \b_7450 +>>>4 belong&0x00ffffff 100 \b_970 +>>>4 belong&0x00ffffff >100 subarchitecture=%ld +>>0 belong&0x00ffffff >18 64-bit architecture=%ld + + +0 name mach-o-be +>0 byte 0xcf 64-bit +>4 use mach-o-cpu >12 belong 1 object >12 belong 2 executable >12 belong 3 fixed virtual memory shared library >12 belong 4 core >12 belong 5 preload executable ->12 belong 6 dynamically linked shared library ->12 belong 7 dynamic linker +>12 belong 6 dynamically linked shared library +>12 belong 7 dynamic linker >12 belong 8 bundle >12 belong 9 dynamically linked shared library stub ->12 belong >9 +>12 belong 10 dSYM companion file +>12 belong 11 kext bundle +>12 belong >11 >>12 belong x filetype=%ld ->4 belong <0 ->>4 belong x architecture=%ld ->4 belong 1 vax ->4 belong 2 romp ->4 belong 3 architecture=3 ->4 belong 4 ns32032 ->4 belong 5 ns32332 ->4 belong 6 for m68k architecture -# from NeXTstep 3.0 -# i.e. mc680x0_all, ignore -# >>8 belong 1 (mc68030) ->>8 belong 2 (mc68040) ->>8 belong 3 (mc68030 only) ->4 belong 7 i386 ->4 belong 8 mips ->4 belong 9 ns32532 ->4 belong 10 architecture=10 ->4 belong 11 hppa ->4 belong 12 acorn ->4 belong 13 m88k ->4 belong 14 sparc ->4 belong 15 i860-big ->4 belong 16 i860 ->4 belong 17 rs6000 ->4 belong 18 ppc ->4 belong 16777234 ppc64 ->4 belong >16777234 ->>4 belong x architecture=%ld + +# +0 lelong&0xfffffffe 0xfeedface Mach-O +!:strength +1 +>0 use \^mach-o-be + +0 belong&0xfffffffe 0xfeedface Mach-O +!:strength +1 +>0 use mach-o-be diff --git a/contrib/file/magic/Magdir/macintosh b/contrib/file/magic/Magdir/macintosh index b9933b1b49..d86fd8f4fd 100644 --- a/contrib/file/magic/Magdir/macintosh +++ b/contrib/file/magic/Magdir/macintosh @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: macintosh,v 1.22 2011/05/17 17:40:31 rrt Exp $ +# $File: macintosh,v 1.23 2013/11/19 18:47:58 christos Exp $ # macintosh description # # BinHex is the Macintosh ASCII-encoded file format (see also "apple") @@ -263,6 +263,9 @@ 0 string $FL2 SPSS System File >24 string x %s +0 string $FL3 SPSS System File +>24 string x %s + # Macintosh filesystem data # From "Tom N Harris" # Fixed HFS+ and Partition map magic: Ethan Benson diff --git a/contrib/file/magic/Magdir/macos b/contrib/file/magic/Magdir/macos new file mode 100644 index 0000000000..0bacc13a48 --- /dev/null +++ b/contrib/file/magic/Magdir/macos @@ -0,0 +1,7 @@ + +#------------------------------------------------------------------------------ +# $File: macos,v 1.1 2012/12/21 16:41:07 christos Exp $ +# MacOS files +# + +0 string book\0\0\0\0mark\0\0\0\0 MacOS Alias file diff --git a/contrib/file/magic/Magdir/mail.news b/contrib/file/magic/Magdir/mail.news index f4bb1f55e9..7a8123af14 100644 --- a/contrib/file/magic/Magdir/mail.news +++ b/contrib/file/magic/Magdir/mail.news @@ -1,5 +1,5 @@ #------------------------------------------------------------------------------ -# $File: mail.news,v 1.20 2011/12/08 12:12:46 rrt Exp $ +# $File: mail.news,v 1.22 2013/01/04 14:22:07 christos Exp $ # mail.news: file(1) magic for mail and news # # Unfortunately, saved netnews also has From line added in some news software. @@ -14,9 +14,9 @@ !:mime message/rfc822 0 string/t Pipe\ to mail piping text !:mime message/rfc822 -0 string/t Delivered-To: SMTP mail text +0 string/tc delivered-to: SMTP mail text !:mime message/rfc822 -0 string/t Return-Path: SMTP mail text +0 string/tc return-path: SMTP mail text !:mime message/rfc822 0 string/t Path: news text !:mime message/news @@ -34,6 +34,7 @@ # TNEF files... 0 lelong 0x223E9F78 Transport Neutral Encapsulation Format +!:mime application/vnd.ms-tnef # From: Kevin Sullivan 0 string *mbx* MBX mail folder diff --git a/contrib/file/magic/Magdir/maple b/contrib/file/magic/Magdir/maple index 4a263e0846..05a8eaf298 100644 --- a/contrib/file/magic/Magdir/maple +++ b/contrib/file/magic/Magdir/maple @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: maple,v 1.6 2009/09/19 16:28:10 christos Exp $ +# $File: maple,v 1.7 2013/01/11 16:45:23 christos Exp $ # maple: file(1) magic for maple files # "H. Nanosecond" # Maple V release 4, a multi-purpose math program @@ -33,7 +33,7 @@ # that is {VERSION major_version miunor_version computer_type version_string} 0 string {VERSION\ Maple worksheet >9 string >\0 version %.1s. ->>>11 string >\0 %.1s +>>11 string >\0 %.1s # .mps 0 string \0\0\001$ Maple something diff --git a/contrib/file/magic/Magdir/matroska b/contrib/file/magic/Magdir/matroska index 62299d21f9..0c0e29985f 100644 --- a/contrib/file/magic/Magdir/matroska +++ b/contrib/file/magic/Magdir/matroska @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: matroska,v 1.6 2010/09/20 21:11:35 rrt Exp $ +# $File: matroska,v 1.8 2013/02/08 17:25:16 christos Exp $ # matroska: file(1) magic for Matroska files # # See http://www.matroska.org/ @@ -9,15 +9,9 @@ # EBML id: 0 belong 0x1a45dfa3 # DocType id: ->5 beshort 0x4282 +>4 search/4096 \x42\x82 # DocType contents: ->>8 string matroska Matroska data -!:mime video/x-matroska - -# EBML id: -0 belong 0x1a45dfa3 -# DocType id: ->0 search/4096 \x42\x82 -# DocType contents: ->>&1 string webm WebM +>>&1 string webm WebM !:mime video/webm +>>&1 string matroska Matroska data +!:mime video/x-matroska diff --git a/contrib/file/magic/Magdir/mips b/contrib/file/magic/Magdir/mips index b49fecd24e..8ed3567b23 100644 --- a/contrib/file/magic/Magdir/mips +++ b/contrib/file/magic/Magdir/mips @@ -1,32 +1,8 @@ #------------------------------------------------------------------------------ -# $File: mips,v 1.7 2011/05/03 01:44:17 christos Exp $ -# mips: file(1) magic for Silicon Graphics (MIPS, IRIS, IRIX, etc.) -# Dec Ultrix (MIPS) -# all of SGI's *current* machines and OSes run in big-endian mode on the -# MIPS machines, as far as I know. -# -# XXX - what is the blank "-" line? -# -# kbd file definitions -0 string kbd!map kbd map file ->8 byte >0 Ver %d: ->10 short >0 with %d table(s) -0 belong 0407 old SGI 68020 executable -0 belong 0410 old SGI 68020 pure executable -0 beshort 0x8765 disk quotas file -0 beshort 0x0506 IRIS Showcase file ->2 byte 0x49 - ->3 byte x - version %ld -0 beshort 0x0226 IRIS Showcase template ->2 byte 0x63 - ->3 byte x - version %ld -0 belong 0x5343464d IRIS Showcase file ->4 byte x - version %ld -0 belong 0x5443464d IRIS Showcase template ->4 byte x - version %ld -0 belong 0xdeadbabe IRIX Parallel Arena ->8 belong >0 - version %ld +# $File: mips,v 1.9 2013/01/12 03:09:51 christos Exp $ +# mips: file(1) magic for MIPS ECOFF and Ucode, as used in SGI IRIX +# and DEC Ultrix # 0 beshort 0x0160 MIPSEB ECOFF executable >20 beshort 0407 (impure) @@ -142,41 +118,3 @@ # 0 beshort 0x180 MIPSEB Ucode 0 beshort 0x182 MIPSEL-BE Ucode -# 32bit core file -0 belong 0xdeadadb0 IRIX core dump ->4 belong 1 of ->16 string >\0 '%s' -# 64bit core file -0 belong 0xdeadad40 IRIX 64-bit core dump ->4 belong 1 of ->16 string >\0 '%s' -# N32bit core file -0 belong 0xbabec0bb IRIX N32 core dump ->4 belong 1 of ->16 string >\0 '%s' -# New style crash dump file -0 string \x43\x72\x73\x68\x44\x75\x6d\x70 IRIX vmcore dump of ->36 string >\0 '%s' -# Trusted IRIX info -0 string SGIAUDIT SGI Audit file ->8 byte x - version %d ->9 byte x \b.%ld -# -0 string WNGZWZSC Wingz compiled script -0 string WNGZWZSS Wingz spreadsheet -0 string WNGZWZHP Wingz help file -# -0 string #Inventor V IRIS Inventor 1.0 file -0 string #Inventor V2 Open Inventor 2.0 file -# GLF is OpenGL stream encoding -0 string glfHeadMagic(); GLF_TEXT -4 belong 0x7d000000 GLF_BINARY_LSB_FIRST -!:strength -30 -4 belong 0x0000007d GLF_BINARY_MSB_FIRST -!:strength -30 -# GLS is OpenGL stream encoding; GLS is the successor of GLF -0 string glsBeginGLS( GLS_TEXT -4 belong 0x10000000 GLS_BINARY_LSB_FIRST -!:strength -30 -4 belong 0x00000010 GLS_BINARY_MSB_FIRST -!:strength -30 diff --git a/contrib/file/magic/Magdir/misctools b/contrib/file/magic/Magdir/misctools index 394706564e..0367ec06f2 100644 --- a/contrib/file/magic/Magdir/misctools +++ b/contrib/file/magic/Magdir/misctools @@ -1,6 +1,6 @@ #----------------------------------------------------------------------------- -# $File: misctools,v 1.12 2010/09/29 18:36:49 rrt Exp $ +# $File: misctools,v 1.14 2014/03/06 16:08:58 christos Exp $ # misctools: file(1) magic for miscellaneous UNIX tools. # 0 search/1 %%!! X-Post-It-Note text @@ -9,16 +9,6 @@ 0 string/c BEGIN:VCARD vCard visiting card !:mime text/x-vcard -# From: Alex Beregszaszi -4 string gtktalog GNOME Catalogue (gtktalog) ->13 string >\0 version %s - -# Summary: GStreamer binary registry -# Extension: .bin -# Submitted by: Josh Triplett -0 belong 0xc0def00d GStreamer binary registry ->4 string x \b, version %s - # Summary: Libtool library file # Extension: .la # Submitted by: Tomasz Trojanowski @@ -31,3 +21,8 @@ # From: Daniel Novotny 0 string MDMP\x93\xA7 MDMP crash report data + +# Summary: abook addressbook file +# Submitted by: Mark Schreiber +0 string #\x20abook\x20addressbook\x20file abook address book +!:mime application/x-abook-addressbook diff --git a/contrib/file/magic/Magdir/msdos b/contrib/file/magic/Magdir/msdos index fe505e83f8..18b29c4d24 100644 --- a/contrib/file/magic/Magdir/msdos +++ b/contrib/file/magic/Magdir/msdos @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: msdos,v 1.77 2011/12/07 22:05:05 christos Exp $ +# $File: msdos,v 1.92 2014/03/14 18:47:29 christos Exp $ # msdos: file(1) magic for MS-DOS files # @@ -42,9 +42,9 @@ # Many of the compressed formats were extraced from IDARC 1.23 source code. # 0 string/b MZ -!:mime application/x-dosexec # All non-DOS EXE extensions have the relocation table more than 0x40 bytes into the file. >0x18 leshort <0x40 MS-DOS executable +!:mime application/x-dosexec # These traditional tests usually work but not always. When test quality support is # implemented these can be turned on. #>>0x18 leshort 0x1c (Borland compiler) @@ -83,6 +83,7 @@ >>>(0x3c.l+4) leshort 0x1a6 Hitachi SH4 >>>(0x3c.l+4) leshort 0x1c0 ARM >>>(0x3c.l+4) leshort 0x1c2 ARM Thumb +>>>(0x3c.l+4) leshort 0x1c4 ARMv7 Thumb >>>(0x3c.l+4) leshort 0x1f0 PowerPC >>>(0x3c.l+4) leshort 0x200 Intel Itanium >>>(0x3c.l+4) leshort 0x266 MIPS16 @@ -208,8 +209,8 @@ # calculations (next embedded executable would be at &(&2*512+&0-2) # I suspect there are only LE executables in these multi-exe files >>>>&(2.s-514) string BW ->>>>>0x240 search/0x100 DOS/4G ,\b LE for MS-DOS, DOS4GW DOS extender (embedded) ->>>>>0x240 search/0x100 !DOS/4G ,\b BW collection for MS-DOS +>>>>>0x240 search/0x100 DOS/4G \b, LE for MS-DOS, DOS4GW DOS extender (embedded) +>>>>>0x240 search/0x100 !DOS/4G \b, BW collection for MS-DOS # This sequence skips to the first COFF segment, usually .text >(4.s*512) leshort 0x014c \b, COFF @@ -312,7 +313,7 @@ >5 ubyte >0 >>8 string x \b, name=%-.2s 0 string \xffKEYB\ \ \ \0\0\0\0 ->12 string \0\0\0\0`\360 MS-DOS KEYBoard Layout file +>12 string \0\0\0\0`\004\360 MS-DOS KEYBoard Layout file # .COM formats (Daniel Quinlan, quinlan@yggdrasil.com) # Uncommenting only the first two lines will cover about 2/3 of COM files, @@ -498,11 +499,18 @@ !:mime application/msword 0 string/b \333\245-\0\0\0 Microsoft Office Document !:mime application/msword -512 string/b \354\245\301 Microsoft Word Document +512 string/b \354\245\301 Microsoft Word Document !:mime application/msword + +# +0 string/b \xDB\xA5\x2D\x00 Microsoft WinWord 2.0 Document +!:mime application/msword # 2080 string Microsoft\ Excel\ 5.0\ Worksheet %s !:mime application/vnd.ms-excel +# +0 string/b \xDB\xA5\x2D\x00 Microsoft WinWord 2.0 Document +!:mime application/msword 2080 string Foglio\ di\ lavoro\ Microsoft\ Exce %s !:mime application/vnd.ms-excel @@ -570,16 +578,49 @@ #ico files 0 string/b \102\101\050\000\000\000\056\000\000\000\000\000\000\000 Icon for MS Windows -# Windows icons (Ian Springer ) -0 string/b \000\000\001\000 MS Windows icon resource +# Windows icons +0 name ico-dir +# not entirely accurate, the number of icons is part of the header +>0 byte 1 - 1 icon +>0 ubyte >1 - %d icons +>2 byte 0 \b, 256x +>2 byte !0 \b, %dx +>3 byte 0 \b256 +>3 byte !0 \b%d +>4 ubyte !0 \b, %d colors + +0 belong 0x00000100 + +>9 byte 0 +>>0 byte x MS Windows icon resource !:mime image/x-icon ->4 byte 1 - 1 icon ->4 byte >1 - %d icons ->>6 byte >0 \b, %dx ->>>7 byte >0 \b%d ->>8 byte 0 \b, 256-colors ->>8 byte >0 \b, %d-colors - +>>4 use ico-dir +>9 ubyte 0xff +>>0 byte x MS Windows icon resource +!:mime image/x-icon +>>4 use ico-dir + +# Windows non-animated cursors +0 name cur-dir +# not entirely accurate, the number of icons is part of the header +>0 byte 1 - 1 icon +>0 ubyte >1 - %d icons +>2 byte 0 \b, 256x +>2 byte !0 \b, %dx +>3 byte 0 \b256 +>3 byte !0 \b%d +>6 uleshort x \b, hotspot @%dx +>8 uleshort x \b%d + +0 belong 0x00000200 +>9 byte 0 +>>0 byte x MS Windows cursor resource +!:mime image/x-cur +>>4 use cur-dir +>9 ubyte 0xff +>>0 byte x MS Windows cursor resource +!:mime image/x-cur +>>4 use cur-dir # .chr files 0 string/b PK\010\010BGI Borland font @@ -637,16 +678,14 @@ 0 lelong 0x08086b70 TurboC BGI file 0 lelong 0x08084b50 TurboC Font file -# WARNING: below line conflicts with Infocom game data Z-machine 3 -0 byte 0x03 ->0x02 byte <0x13 DBase 3 data file ->>0x04 lelong 0 (no records) ->>0x04 lelong >0 (%ld records) -0 byte 0x83 ->0x02 byte <0x13 DBase 3 data file with memo(s) ->>0x04 lelong 0 (no records) ->>0x04 lelong >0 (%ld records) -0 leshort 0x0006 DBase 3 index file +# Debian#712046: The magic below identifies "Delphi compiled form data". +# An additional source of information is available at: +# http://www.woodmann.com/fravia/dafix_t1.htm +0 string TPF0 +>4 pstring >\0 Delphi compiled form '%s' + +# tests for DBase files moved, updated and merged to database + 0 string PMCC Windows 3.x .GRP file 1 string RDC-meg MegaDots >8 byte >0x2F version %c @@ -702,6 +741,15 @@ 0 leshort 0x223e9f78 TNEF !:mime application/vnd.ms-tnef +# 4DOS help (.HLP) files added by Joerg Jenderek from source TPHELP.PAS +# of http://www.4dos.info/ +# pointer,HelpID[8]=4DHnnnmm +0 ulelong 0x48443408 4DOS help file +>4 string x \b, version %-4.4s + +# old binary Microsoft (.HLP) files added by Joerg Jenderek from http://file-extension.net/seeker/file_extension_hlp +0 ulequad 0x3a000000024e4c MS Advisor help file + # HtmlHelp files (.chm) 0 string/b ITSF\003\000\000\000\x60\000\000\000\001\000\000\000 MS Windows HtmlHelp Data @@ -811,10 +859,35 @@ >>24 bequad x \b, %lld bytes >>32 belong 1 \b, AES-encrypted +>4 belong 3 (v3) +# Using the existence of the Backing File Offset to determine whether +# to read Backing File Information +>>8 bequad >0 \b, has backing file +# Note that this isn't a null-terminated string; the length is actually +# (16.L). Assuming a null-terminated string happens to work usually, but it +# may spew junk until it reaches a \0 in some cases. Also, since there's no +# .Q modifier, we just use the bottom four bytes as an offset. Note that if +# the file is over 4G, and the backing file path is stored after the first 4G, +# the wrong filename will be printed. (This should be (8.Q), when that syntax +# is introduced.) +>>>(12.L) string >\0 (path %s) +>>24 bequad x \b, %lld bytes +>>32 belong 1 \b, AES-encrypted + >4 default x (unknown version) 0 string/b QEVM QEMU suspend to disk image +# QEMU QED Image +# http://wiki.qemu.org/Features/QED/Specification +0 string/b QED\0 QEMU QED Image + +# VDI Image +64 string/b \x7f\x10\xda\xbe VDI Image +>68 string/b \x01\x00\x01\x00 version 1.1 +>0 string >\0 (%s) +>368 lequad x \b, %lld bytes + 0 string/b Bochs\ Virtual\ HD\ Image Bochs disk image, >32 string x type %s, >48 string x subtype %s @@ -874,3 +947,15 @@ # Windows Imaging (WIM) Image 0 string/b MSWIM\000\000\000 Windows imaging (WIM) image + +# The second byte of these signatures is a file version; I don't know what, +# if anything, produced files with version numbers 0-2. +# From: John Elliott +0 string \xfc\x03\x00 Mallard BASIC program data (v1.11) +0 string \xfc\x04\x00 Mallard BASIC program data (v1.29+) +0 string \xfc\x03\x01 Mallard BASIC protected program data (v1.11) +0 string \xfc\x04\x01 Mallard BASIC protected program data (v1.29+) + +0 string MIOPEN Mallard BASIC Jetsam data +0 string Jetsam0 Mallard BASIC Jetsam index data + diff --git a/contrib/file/magic/Magdir/msooxml b/contrib/file/magic/Magdir/msooxml index 6ccebf641b..e5be5b37db 100644 --- a/contrib/file/magic/Magdir/msooxml +++ b/contrib/file/magic/Magdir/msooxml @@ -1,33 +1,36 @@ #------------------------------------------------------------------------------ -# $File: msooxml,v 1.1 2011/01/25 18:36:19 christos Exp $ +# $File: msooxml,v 1.4 2014/01/06 18:16:24 rrt Exp $ # msooxml: file(1) magic for Microsoft Office XML # From: Ralf Brown # .docx, .pptx, and .xlsx are XML plus other files inside a ZIP # archive. The first member file is normally "[Content_Types].xml". +# but some libreoffice generated files put this later. Perhaps skip +# the "[Content_Types].xml" test? # Since MSOOXML doesn't have anything like the uncompressed "mimetype" # file of ePub or OpenDocument, we'll have to scan for a filename # which can distinguish between the three types # start by checking for ZIP local file header signature -0 string PK\003\004 +0 string PK\003\004 +!:strength +10 # make sure the first file is correct ->0x1E string [Content_Types].xml +>0x1E regex \[Content_Types\]\.xml|_rels/\.rels # skip to the second local file header -# since some documents include a 520-byte extra field following the file -# header, we need to scan for the next header ->>(18.l+49) search/2000 PK\003\004 +# since some documents include a 520-byte extra field following the file +# header, we need to scan for the next header +>>(18.l+49) search/2000 PK\003\004 # now skip to the *third* local file header; again, we need to scan due to a -# 520-byte extra field following the file header ->>>&26 search/1000 PK\003\004 +# 520-byte extra field following the file header +>>>&26 search/1000 PK\003\004 # and check the subdirectory name to determine which type of OOXML -# file we have ->>>>&26 string word/ Microsoft Word 2007+ -!:mime application/msword ->>>>&26 string ppt/ Microsoft PowerPoint 2007+ -!:mime application/vnd.ms-powerpoint ->>>>&26 string xl/ Microsoft Excel 2007+ -!:mime application/vnd.ms-excel ->>>>&26 default x Microsoft OOXML -!:strength +10 +# file we have. Correct the mimetype with the registered ones: +# http://technet.microsoft.com/en-us/library/cc179224.aspx +>>>>&26 string word/ Microsoft Word 2007+ +!:mime application/vnd.openxmlformats-officedocument.wordprocessingml.document +>>>>&26 string ppt/ Microsoft PowerPoint 2007+ +!:mime application/vnd.openxmlformats-officedocument.presentationml.presentation +>>>>&26 string xl/ Microsoft Excel 2007+ +!:mime application/vnd.openxmlformats-officedocument.spreadsheetml.sheet +>>>>&26 default x Microsoft OOXML diff --git a/contrib/file/magic/Magdir/msx b/contrib/file/magic/Magdir/msx new file mode 100644 index 0000000000..e0c5ae5cbc --- /dev/null +++ b/contrib/file/magic/Magdir/msx @@ -0,0 +1,255 @@ + +#------------------------------------------------------------------------------ +# msx: file(1) magic for the MSX Home Computer +# v1.1 +# Fábio R. Schmidlin + +############## MSX Music file formats ############## + +# Gigamix MGSDRV music file +0 string MGS MSX Gigamix MGSDRV3 music file, +>6 ubeshort 0x0D0A +>>3 byte x \bv%c +>>4 byte x \b.%c +>>5 byte x \b%c +>>8 string >\0 \b, title: %s + +1 string mgs2\ MSX Gigamix MGSDRV2 music file +>6 uleshort 0x80 +>>0x2E uleshort 0 +>>>0x30 string >\0 \b, title: %s + +# KSS music file +0 string KSCC KSS music file v1.03 +>0xE byte 0 +>>0xF byte&0x02 0 \b, soundchips: AY-3-8910, SCC(+) +>>0xF byte&0x02 2 \b, soundchip(s): SN76489 +>>>0xF byte&0x04 4 stereo +>>0xF byte&0x01 1 \b, YM2413 +>>0xF byte&0x08 8 \b, Y8950 + +0 string KSSX KSS music file v1.20 +>0xE byte&0xEF 0 +>>0xF byte&0x40 0x00 \b, 60Hz +>>0xF byte&0x40 0x40 \b, 50Hz +>>0xF byte&0x02 0 \b, soundchips: AY-3-8910, SCC(+) +>>0xF byte&0x02 0x02 \b, soundchips: SN76489 +>>>0xF byte&0x04 0x04 stereo +>>0xF byte&0x01 0x01 \b, +>>>0xF byte&0x18 0x00 \bYM2413 +>>>0xF byte&0x18 0x08 \bYM2413, Y8950 +>>>0xF byte&0x18 0x18 \bYM2413+Y8950 pseudostereo +>>0xF byte&0x18 0x10 \b, Majyutsushi DAC + +# Moonblaster for Moonsound +0 string MBMS +>4 byte 0x10 MSX Moonblaster for MoonSound music + +# Music Player K-kaz +0 string MPK MSX Music Player K-kaz song +>6 ubeshort 0x0D0A +>>3 byte x v%c +>>4 byte x \b.%c +>>5 byte x \b%c + +# I don't know why these don't work +#0 search/0xFFFF \r\n.FM9 +#>0 search/0xFFFF \r\n#FORMAT MSX Music Player K-kaz source MML file +#0 search/0xFFFF \r\nFM1\ \= +#>0 search/0xFFFF \r\nPSG1\= +#>>0 search/0xFFFF \r\nSCC1\= MSX MuSiCa MML source file + +# OPX Music file +0x35 beshort 0x0d0a +>0x7B beshort 0x0d0a +>>0x7D byte 0x1a +>>>0x87 uleshort 0 MSX OPX Music file +>>>>0x86 byte 0 v1.5 +>>>>>0 string >\32 \b, title: %s +>>>>0x86 byte 1 v2.4 +>>>>>0 string >\32 \b, title: %s + +# SCMD music file +0x8B string SCMD +>0xCE uleshort 0 MSX SCMD Music file +#>>-2 uleshort 0x6a71 ; The file must end with this value. How to code this here? +>>0x8F string >\0 \b, title: %s + +0 search/0xFFFF \r\n@title +>&0 search/0xFFFF \r\n@m=[ MSX SCMD source MML file + + +############## MSX image file formats ############## + +# MSX raw VRAM dump +0 ubyte 0xFE +>1 uleshort 0 +>>5 uleshort 0 +>>>3 uleshort 0x37FF MSX SC2/GRP raw image +>>>3 uleshort 0x6A00 MSX Graph Saurus SR5 raw image +>>>3 uleshort >0x769E +>>>>3 uleshort <0x8000 MSX GE5/GE6 raw image +>>>>>3 uleshort 0x7FFF \b, with sprite patterns +>>>3 uleshort 0xD3FF MSX screen 7-12 raw image +>>>3 uleshort 0xD400 MSX Graph Saurus SR7/SR8/SRS raw image + +# Graph Saurus compressed images +0 ubyte 0xFD +>1 uleshort 0 +>>5 uleshort 0 +>>>3 uleshort >0x013D MSX Graph Saurus compressed image + +# Maki-chan Graphic format +0 string MAKI02\ \ Maki-chan image, +>8 byte x system ID: %c +>9 byte x \b%c +>10 byte x \b%c +>11 byte x \b%c, +>13 search/0x200 \x1A +# >>&3 ubyte 0 , video mode: PC-98 400 lines, 16 analog colors +# >>&3 ubyte 1 , video mode: MSX SC7, 16 analog colors +# >>&3 ubyte 2 , video mode: VM-98 400 lines, 8 analog colors +# >>&3 ubyte 3 , video mode: PC-88 analog, 200 lines, 8 analog colors +# >>&3 ubyte 4 , video mode: 400 lines, 16 digital colors +# >>&3 ubyte 5 , video mode: 200 lines, 16 digital colors +# >>&3 ubyte 6 , video mode: old PC-98 digital 400 lines, 8 colors +# >>&3 ubyte 7 , video mode: PC-88 400 lines, 8 digital colors +>>&8 uleshort+1 x %dx +>>&10 uleshort+1 x \b%d, +>>&3 ubyte&0x82 0x80 256 colors +>>&3 ubyte&0x82 0x00 16 colors +>>&3 ubyte&0x82 0x01 8 colors +>>&3 ubyte&0x04 4 digital +>>&3 ubyte&0x04 0 analog +>>&3 ubyte&0x01 1 \b, 2:1 dot aspect ratio + +# Japanese PIC file +0 string PIC\x1A +>4 lelong 0 Japanese PIC image file + +# MSX G9B image file +0 string G9B +>1 uleshort 11 +>>3 uleshort >10 +>>>5 ubyte >0 MSX G9B image, depth=%d +>>>>8 uleshort x \b, %dx +>>>>10 uleshort x \b%d +>>>>5 ubyte <9 +>>>>>6 ubyte 0 +>>>>>>7 ubyte x \b, codec=%d RGB color palettes +>>>>>6 ubyte 64 \b, codec=RGB fixed color +>>>>>6 ubyte 128 \b, codec=YJK +>>>>>6 ubyte 192 \b, codec=YUV +>>>>5 ubyte >8 codec=RGB fixed color +>>>>12 ubyte 0 \b, raw +>>>>12 ubyte 1 \b, bitbuster compression + +############## Other MSX file formats ############## + +# MSX ROMs +0 string AB +>2 uleshort 0x0010 MSX ROM +>>2 uleshort x \b, init=0x%4x +>>4 uleshort >0 \b, stat=0x%4x +>>6 uleshort >0 \b, dev=0x%4x +>>8 uleshort >0 \b, bas=0x%4x +>2 uleshort 0x4010 MSX ROM +>>2 uleshort x \b, init=0x%04x +>>4 uleshort >0 \b, stat=0x%04x +>>6 uleshort >0 \b, dev=0x%04x +>>8 uleshort >0 \b, bas=0x%04x +>2 uleshort 0x8010 MSX ROM +>>2 uleshort x \b, init=0x%04x +>>4 uleshort >0 \b, stat=0x%04x +>>6 uleshort >0 \b, dev=0x%04x +>>8 uleshort >0 \b, bas=0x%04x + +0 string AB +#>2 string 5JSuperLAYDOCK MSX Super Laydock ROM +#>3 string @HYDLIDE3MSX MSX Hydlide-3 ROM +#>3 string @3\x80IA862 Golvellius MSX1 ROM +>2 uleshort >10 +>>10 string \0\0\0\0\0\0 MSX ROM +>>>0x10 string YZ\0\0\0\0 Konami Game Master 2 MSX ROM +>>>0x10 string CD \b, Konami RC- +>>>>0x12 ubyte x \b%d +>>>>0x13 ubyte/16 x \b%d +>>>>0x13 ubyte&0xF x \b%d +>>>0x10 string EF \b, Konami RC- +>>>>0x12 ubyte x \b%d +>>>>0x13 ubyte/16 x \b%d +>>>>0x13 ubyte&0xF x \b%d +>>>2 uleshort x \b, init=0x%04x +>>>4 uleshort >0 \b, stat=0x%04x +>>>6 uleshort >0 \b, dev=0x%04x +>>>8 uleshort >0 \b, bas=0x%04x +>2 uleshort 0 +>>4 uleshort 0 +>>>6 uleshort 0 +>>>>8 uleshort >0 MSX BASIC program in ROM, bas=0x%04x + +0x4000 string AB +>0x4002 uleshort >0x4010 +>>0x400A string \0\0\0\0\0\0 MSX MegaROM with nonstandard page order +>>0x4002 uleshort x \b, init=0x%04x +>>0x4004 uleshort >0 \b, stat=0x%04x +>>0x4006 uleshort >0 \b, dev=0x%04x +>>0x4008 uleshort >0 \b, bas=0x%04x + +0x8000 string AB +>0x8002 uleshort >0x4010 +>>0x800A string \0\0\0\0\0\0 MSX MegaROM with nonstandard page order +>>0x8002 uleshort x \b, init=0x%04x +>>0x8004 uleshort >0 \b, stat=0x%04x +>>0x8006 uleshort >0 \b, dev=0x%04x +>>0x8008 uleshort >0 \b, bas=0x%04x + + +0x3C000 string AB +>0x3C008 string \0\0\0\0\0\0\0\0 MSX MegaROM with nonstandard page order +>>0x3C002 uleshort x \b, init=0x%04x +>>0x3C004 uleshort >0 \b, stat=0x%04x +>>0x3C006 uleshort >0 \b, dev=0x%04x +>>0x3C008 uleshort >0 \b, bas=0x%04x + +# MSX BIN file +#0 byte 0xFE +#>1 uleshort >0x8000 +#>>3 uleshort >0x8004 +#>>>5 uleshort >0x8000 MSX BIN file + +# MSX-BASIC file +0 byte 0xFF +>3 uleshort 0x000A +>>1 uleshort >0x8000 MSX-BASIC program + +# MSX .CAS file +0 string \x1F\xA6\xDE\xBA\xCC\x13\x7D\x74 MSX cassette archive + +# Mega-Assembler file +0 byte 0xFE +>1 uleshort 0x0001 +>>5 uleshort 0xffff +>>>6 byte 0x0A MSX Mega-Assembler source + +# Execrom Patchfile +0 string ExecROM\ patchfile\x1A MSX ExecROM patchfile +>0x12 ubyte/16 x v%d +>0x12 ubyte&0xF x \b.%d +>0x13 ubyte x \b, contains %d patches + +# Konami's King's Valley-2 custom stage (ELG file) +4 uleshort 0x0900 +>0xF byte 1 +>>0x14 byte 0 +>>>0x1E string \ \ \ +>>>>0x23 byte 1 +>>>>>0x25 byte 0 +>>>>>>0x15 string >\x30 +>>>>>>>0x15 string <\x5A Konami King's Valley-2 custom stage, title: "%-8.8s" +>>>>>>>>0x1D byte <32 \b, theme: %d + +# Metal Gear 1 savegame +#0x4F string \x00\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF +#>>0x60 string \xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF +#>>>0x7B string \0x00\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\x00 Metal Gear 1 savegame diff --git a/contrib/file/magic/Magdir/natinst b/contrib/file/magic/Magdir/natinst index 7c31980126..0a936c576e 100644 --- a/contrib/file/magic/Magdir/natinst +++ b/contrib/file/magic/Magdir/natinst @@ -1,10 +1,10 @@ #----------------------------------------------------------------------------- -# $File: natinst,v 1.4 2009/09/19 16:28:11 christos Exp $ +# $File: natinst,v 1.5 2013/02/06 14:18:52 christos Exp $ # natinst: file(1) magic for National Instruments Code Files # -# From Enrique Gámez-Flores +# From Enrique Gamez-Flores # version 1 # Many formats still missing, we use, for the moment LabVIEW # We guess VXI format file. VISA, LabWindowsCVI, BridgeVIEW, etc, are missing diff --git a/contrib/file/magic/Magdir/neko b/contrib/file/magic/Magdir/neko new file mode 100644 index 0000000000..ac5ff354ec --- /dev/null +++ b/contrib/file/magic/Magdir/neko @@ -0,0 +1,12 @@ + +#------------------------------------------------------------ +# $File: neko,v 1.1 2009/11/10 20:36:10 christos Exp $ + +# From: Mikhail Gusarov +# NekoVM (http://nekovm.org/) bytecode +0 string NEKO NekoVM bytecode +>4 lelong x (%d global symbols, +>8 lelong x %d global fields, +>12 lelong x %d bytecode ops) +!:mime application/x-nekovm-bytecode + diff --git a/contrib/file/magic/Magdir/netbsd b/contrib/file/magic/Magdir/netbsd index 927acedf31..fd0eed3030 100644 --- a/contrib/file/magic/Magdir/netbsd +++ b/contrib/file/magic/Magdir/netbsd @@ -1,16 +1,14 @@ #------------------------------------------------------------------------------ -# $File: netbsd,v 1.19 2011/10/31 17:23:34 christos Exp $ +# $File: netbsd,v 1.20 2013/01/09 22:37:24 christos Exp $ # netbsd: file(1) magic for NetBSD objects # # All new-style magic numbers are in network byte order. +# The old-style magic numbers are indistinguishable from the same magic +# numbers used in other systems, and are handled, for all those systems, +# in aout. # -0 lelong 000000407 a.out NetBSD little-endian object file ->16 lelong >0 not stripped -0 belong 000000407 a.out NetBSD big-endian object file ->16 belong >0 not stripped - 0 belong&0377777777 041400413 a.out NetBSD/i386 demand paged >0 byte &0x80 >>20 lelong <4096 shared library diff --git a/contrib/file/magic/Magdir/palm b/contrib/file/magic/Magdir/palm index 536f384a29..bee4f49fb4 100644 --- a/contrib/file/magic/Magdir/palm +++ b/contrib/file/magic/Magdir/palm @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: palm,v 1.9 2012/01/16 15:16:43 christos Exp $ +# $File: palm,v 1.11 2013/12/31 19:18:02 christos Exp $ # palm: file(1) magic for PalmOS {.prc,.pdb}: applications, docfiles, and hacks # # Brian Lalor @@ -9,18 +9,70 @@ # 8 character identifiers at byte 60, one I found for appl is BIGb. # What are the possibilities and where is this documented? +# The common header format for PalmOS .pdb/.prc files is +# { +# char name[ 32 ]; +# Word attributes; +# Word version; +# DWord creationDate; +# DWord modificationDate; +# DWord lastBackupDate; +# DWord modificationNumber; +# DWord appInfoID; +# DWord sortInfoID; +# char type[4]; +# char creator[4]; +# DWord uniqueIDSeed; +# RecordListType recordList; +# }; +# +# Datestamps are unsigned seconds since the MacOS epoch (Jan 1, 1904), +# or Unix/POSIX time + 2082844800. + +0 name aportisdoc +# date is supposed to be big-endian seconds since 1 Jan 1904, but many +# files contain the timestamp in little-endian or a completely +# nonsensical value... +#>36 bedate-2082844800 >0 \b, created %s +# compression: 1=uncomp, 2=orig, 0x4448=HuffDic +>(78.L) beshort =1 \b, uncompressed +# compressed +>(78.L) beshort >1 +>>(78.L+4) belong x \b, %d bytes uncompressed + # appl -#59 byte \0 -#>60 string appl PalmOS application -#>0 string >\0 "%s" -# TEXt -#59 byte \0 -#>60 belong TEXt AportisDoc file -#>0 string >\0 "%s" +#60 string appl PalmOS application +#>0 string >\0 "%s" + # HACK -#59 byte \0 -#>60 string HACK HackMaster hack -#>0 string >\0 "%s" +#60 string HACK HackMaster hack +#>0 string >\0 "%s" + +# iSiloX e-book +60 string SDocSilX iSiloX E-book +>0 string >\0 "%s" + +# Mobipocket (www.mobipocket.com), donated by Carl Witty +# expanded by Ralf Brown +60 string BOOKMOBI Mobipocket E-book +# MobiPocket stores a full title, pointed at by the belong at offset +# 0x54 in its header at (78.L), with length given by the belong at +# offset 0x58. +# there's no guarantee that the title string is null-terminated, but +# we currently can't specify a variable-length string where the length +# field is not at the start of the string; in practice, the data +# following the string always seems to start with a zero byte +>(78.L) belong x +>>&(&0x50.L-4) string >\0 "%s" +>0 use aportisdoc +>>(78.L+0x68) belong >0 \b, version %d +>>(78.L+0x1C) belong !0 \b, codepage %d +>>(78.L+0x0C) beshort >0 \b, encrypted (type %d) + +# AportisDoc/PalmDOC +60 string TEXtREAd AportisDoc/PalmDOC E-book +>0 string >\0 "%s" +>0 use aportisdoc # Variety of PalmOS document types # Michael-John Turner diff --git a/contrib/file/magic/Magdir/pbf b/contrib/file/magic/Magdir/pbf new file mode 100644 index 0000000000..d133d12bf6 --- /dev/null +++ b/contrib/file/magic/Magdir/pbf @@ -0,0 +1,11 @@ + +#------------------------------------------------------------------------------ +# $File: pbf,v 1.1 2013/12/21 14:27:24 christos Exp $ +# file(1) magic(5) data for OpenStreetMap + +# OpenStreetMap Protocolbuffer Binary Format (.osm.pbf) +# http://wiki.openstreetmap.org/wiki/PBF_Format +# From: Markus Heidelberg +0 belong 0x0000000D +>4 beshort 0x0A09 +>>6 string OSMHeader OpenStreetMap Protocolbuffer Binary Format diff --git a/contrib/file/magic/Magdir/pdf b/contrib/file/magic/Magdir/pdf index ccde22f2c1..dc2f7992d1 100644 --- a/contrib/file/magic/Magdir/pdf +++ b/contrib/file/magic/Magdir/pdf @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: pdf,v 1.6 2009/09/19 16:28:11 christos Exp $ +# $File: pdf,v 1.7 2013/08/22 07:47:26 christos Exp $ # pdf: file(1) magic for Portable Document Format # @@ -12,5 +12,6 @@ # From: Nick Schmalenberger # Forms Data Format 0 string %FDF- FDF document +!:mime application/vnd.fdf >5 byte x \b, version %c >7 byte x \b.%c diff --git a/contrib/file/magic/Magdir/pdp b/contrib/file/magic/Magdir/pdp index fa4b82b6a8..536dd1b4eb 100644 --- a/contrib/file/magic/Magdir/pdp +++ b/contrib/file/magic/Magdir/pdp @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: pdp,v 1.8 2009/09/19 16:28:11 christos Exp $ +# $File: pdp,v 1.9 2013/04/19 20:11:43 christos Exp $ # pdp: file(1) magic for PDP-11 executable/object and APL workspace # 0 lelong 0101555 PDP-11 single precision APL workspace @@ -12,7 +12,13 @@ >8 leshort >0 not stripped >15 byte >0 - version %ld -0 leshort 0401 PDP-11 UNIX/RT ldp +# updated by Joerg Jenderek at Mar 2013 +# GRR: line below too general as it catches also Windows precompiled setup information *.PNF +0 leshort 0401 +# skip *.PNF with WinDirPathOffset 58h +>68 ulelong !0x00000058 PDP-11 UNIX/RT ldp +# skip *.PNF with high byte of InfVersionDatumCount zero +#>>15 byte !0 PDP-11 UNIX/RT ldp 0 leshort 0405 PDP-11 old overlay 0 leshort 0410 PDP-11 pure executable diff --git a/contrib/file/magic/Magdir/perl b/contrib/file/magic/Magdir/perl index e11f2ab587..cb82960ddc 100644 --- a/contrib/file/magic/Magdir/perl +++ b/contrib/file/magic/Magdir/perl @@ -1,20 +1,14 @@ #------------------------------------------------------------------------------ -# $File: perl,v 1.17 2011/12/16 16:24:40 rrt Exp $ +# $File: perl,v 1.21 2013/12/08 23:33:18 christos Exp $ # perl: file(1) magic for Larry Wall's perl language. # # The `eval' lines recognizes an outrageously clever hack. # Keith Waclena # Send additions to -0 search/1/w #!\ /bin/perl Perl script text executable -!:mime text/x-perl 0 search/1 eval\ "exec\ /bin/perl Perl script text !:mime text/x-perl -0 search/1/w #!\ /usr/bin/perl Perl script text executable -!:mime text/x-perl 0 search/1 eval\ "exec\ /usr/bin/perl Perl script text !:mime text/x-perl -0 search/1/w #!\ /usr/local/bin/perl Perl script text executable -!:mime text/x-perl 0 search/1 eval\ "exec\ /usr/local/bin/perl Perl script text !:mime text/x-perl 0 search/1 eval\ '(exit\ $?0)'\ &&\ eval\ 'exec Perl script text @@ -23,17 +17,20 @@ !:mime text/x-perl 0 search/1 #!\ /usr/bin/env\ perl Perl script text executable !:mime text/x-perl +0 search/1 #! +>0 regex \^#!.*/bin/perl$ Perl script text executable +!:mime text/x-perl # by Dmitry V. Levin and Alexey Tourbin # check the first line 0 search/1 package >0 regex \^package[\ \t]+[0-9A-Za-z_:]+\ *; Perl5 module source text +!:strength + 10 # not 'p', check other lines 0 search/1 !p >0 regex \^package[\ \t]+[0-9A-Za-z_:]+\ *; >>0 regex \^1\ *;|\^(use|sub|my)\ .*[(;{=] Perl5 module source text - - +!:strength + 10 # Perl POD documents # From: Tom Hukins @@ -43,6 +40,9 @@ 0 search/1/W \n\=head1\ Perl POD document text 0 search/1/W \=head2\ Perl POD document text 0 search/1/W \n\=head2\ Perl POD document text +0 search/1/W \=encoding\ Perl POD document text +0 search/1/W \n\=encoding\ Perl POD document text + # Perl Storable data files. 0 string perl-store perl Storable (v0.6) data diff --git a/contrib/file/magic/Magdir/pgf b/contrib/file/magic/Magdir/pgf new file mode 100644 index 0000000000..825f5f6856 --- /dev/null +++ b/contrib/file/magic/Magdir/pgf @@ -0,0 +1,52 @@ + +#------------------------------------------------------------------------------ +# $File: pgf,v 1.1 2013/04/22 15:19:49 christos Exp $ +# pgf: file(1) magic for Progressive Graphics File (PGF) +# +# +# 2013 by Philipp Hahn +0 string PGF Progressive Graphics image data, +!:mime image/x-pgf +>3 string 2 version %s, +>3 string 4 version %s, +>3 string 5 version %s, +>3 string 6 version %s, +# PGFPreHeader +#>>4 lelong x header size %d, +# PGFHeader +>>8 lelong x %d x +>>12 lelong x %d, +>>16 byte x %d levels, +>>17 byte x compression level %d, +>>18 byte x %d bpp, +>>19 byte x %d channels, +>>20 clear x +>>20 byte 0 bitmap, +>>20 byte 1 gray scale, +>>20 byte 2 indexed color, +>>20 byte 3 RGB color, +>>20 byte 4 CYMK color, +>>20 byte 5 HSL color, +>>20 byte 6 HSB color, +>>20 byte 7 multi-channel, +>>20 byte 8 duo tone, +>>20 byte 9 LAB color, +>>20 byte 10 gray scale 16, +>>20 byte 11 RGB color 48, +>>20 byte 12 LAB color 48, +>>20 byte 13 CYMK color 64, +>>20 byte 14 deep multi-channel, +>>20 byte 15 duo tone 16, +>>20 byte 17 RGBA color, +>>20 byte 18 gray scale 32, +>>20 byte 19 RGB color 12, +>>20 byte 20 RGB color 16, +>>20 byte 255 unknown format, +>>20 default x format +>>>20 byte x \b %d, +>>21 byte x %d bpc +# PGFPostHeader +# Level-Sizes +#>>(4.l+4) lelong x level 0 size: %d +#>>(4.l+8) lelong x level 1 size: %d +#>>(4.l+12) lelong x level 2 size: %d diff --git a/contrib/file/magic/Magdir/pwsafe b/contrib/file/magic/Magdir/pwsafe new file mode 100644 index 0000000000..93dcfb1234 --- /dev/null +++ b/contrib/file/magic/Magdir/pwsafe @@ -0,0 +1,14 @@ + +#------------------------------------------------------------------------------ +# $File: pwsafe,v 1.1 2012/10/25 00:12:19 christos Exp $ +# pwsafe: file(1) magic for passwordsafe file +# +# Password Safe +# http://passwordsafe.sourceforge.net/ +# file format specs +# http://passwordsafe.svn.sourceforge.net/viewvc/passwordsafe/trunk/pwsafe/pwsafe/docs/formatV3.txt +# V2 http://passwordsafe.svn.sourceforge.net/viewvc/passwordsafe/trunk/pwsafe/pwsafe/docs/formatV2.txt +# V1 http://passwordsafe.svn.sourceforge.net/viewvc/passwordsafe/trunk/pwsafe/pwsafe/docs/notes.txt +# V2 and V1 have no easy identifier that I can find +# .psafe3 +0 string PWS3 Password Safe V3 database diff --git a/contrib/file/magic/Magdir/python b/contrib/file/magic/Magdir/python index e339014e9c..238fe6a464 100644 --- a/contrib/file/magic/Magdir/python +++ b/contrib/file/magic/Magdir/python @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: python,v 1.20 2011/12/13 13:53:14 christos Exp $ +# $File: python,v 1.24 2014/02/15 01:30:52 christos Exp $ # python: file(1) magic for python # # Outlook puts """ too for urgent messages @@ -22,6 +22,7 @@ 0 belong 0x3b0c0d0a python 3.0 byte-compiled 0 belong 0x4f0c0d0a python 3.1 byte-compiled 0 belong 0x6c0c0d0a python 3.2 byte-compiled +0 belong 0x9e0c0d0a python 3.3 byte-compiled 0 search/1/w #!\ /usr/bin/python Python script text executable !:mime text/x-python @@ -43,13 +44,13 @@ !:mime text/x-python # comments -0 search/4096 ''' ->&0 regex .*'''$ Python script text executable -!:mime text/x-python +#0 search/4096 ''' +#>&0 regex .*'''$ Python script text executable +#!:mime text/x-python -0 search/4096 """ ->&0 regex .*"""$ Python script text executable -!:mime text/x-python +#0 search/4096 """ +#>&0 regex .*"""$ Python script text executable +#!:mime text/x-python # try: # except: or finally: @@ -59,3 +60,8 @@ !:mime text/x-python >&0 search/4096 finally: Python script text executable !:mime text/x-python + +# def name(args, args): +0 regex \^(\ |\\t){0,50}def\ {1,50}[a-zA-Z]{1,100} +>&0 regex \ {0,50}\\(([a-zA-Z]|,|\ ){1,500}\\):$ Python script text executable +!:mime text/x-python diff --git a/contrib/file/magic/Magdir/revision b/contrib/file/magic/Magdir/revision index b337ee3b2d..e4e4de1059 100644 --- a/contrib/file/magic/Magdir/revision +++ b/contrib/file/magic/Magdir/revision @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: revision,v 1.8 2010/11/25 15:00:12 christos Exp $ +# $File: revision,v 1.9 2013/02/06 14:18:52 christos Exp $ # file(1) magic for revision control files # From Hendrik Scholz 0 string/t /1\ :pserver: cvs password text file @@ -29,7 +29,7 @@ >4 belong =2 \b, version 2 # Type: Git index file -# From: Frédéric Brière +# From: Frederic Briare 0 string DIRC Git index >4 belong >0 \b, version %d >>8 belong >0 \b, %d entries diff --git a/contrib/file/magic/Magdir/riff b/contrib/file/magic/Magdir/riff index 4fffafacf3..524fbd3c89 100644 --- a/contrib/file/magic/Magdir/riff +++ b/contrib/file/magic/Magdir/riff @@ -1,12 +1,52 @@ #------------------------------------------------------------------------------ -# $File: riff,v 1.22 2011/09/06 11:00:06 christos Exp $ +# $File: riff,v 1.26 2014/03/06 18:55:09 christos Exp $ # riff: file(1) magic for RIFF format # See # # http://www.seanet.com/users/matts/riffmci/riffmci.htm # -# AVI section extended by Patrik Rådman + +# audio format tag. Assume limits: max 1024 bit, 128 channels, 1 MHz +0 name riff-wave +>0 leshort 1 \b, Microsoft PCM +>>14 leshort >0 +>>>14 leshort <1024 \b, %d bit +>0 leshort 2 \b, Microsoft ADPCM +>0 leshort 6 \b, ITU G.711 A-law +>0 leshort 7 \b, ITU G.711 mu-law +>0 leshort 8 \b, Microsoft DTS +>0 leshort 17 \b, IMA ADPCM +>0 leshort 20 \b, ITU G.723 ADPCM (Yamaha) +>0 leshort 49 \b, GSM 6.10 +>0 leshort 64 \b, ITU G.721 ADPCM +>0 leshort 80 \b, MPEG +>0 leshort 85 \b, MPEG Layer 3 +>0 leshort 0x2001 \b, DTS +>2 leshort =1 \b, mono +>2 leshort =2 \b, stereo +>2 leshort >2 +>>2 leshort <128 \b, %d channels +>4 lelong >0 +>>4 lelong <1000000 %d Hz + +# try to find "fmt " +0 name riff-walk +>0 string fmt\x20 +>>4 lelong <0x80 +>>>8 use riff-wave +>0 string LIST +>>&(4.l+4) use riff-walk +>0 string DISP +>>&(4.l+4) use riff-walk +>0 string bext +>>&(4.l+4) use riff-walk +>0 string Fake +>>&(4.l+4) use riff-walk +>0 string fact +>>&(4.l+4) use riff-walk + +# AVI section extended by Patrik Radman # 0 string RIFF RIFF (little-endian) data # RIFF Palette format @@ -35,26 +75,14 @@ # Microsoft WAVE format (*.wav) >8 string WAVE \b, WAVE audio !:mime audio/x-wav ->>20 leshort 1 \b, Microsoft PCM ->>>34 leshort >0 \b, %d bit ->>20 leshort 2 \b, Microsoft ADPCM ->>20 leshort 6 \b, ITU G.711 A-law ->>20 leshort 7 \b, ITU G.711 mu-law ->>20 leshort 8 \b, Microsoft DTS ->>20 leshort 17 \b, IMA ADPCM ->>20 leshort 20 \b, ITU G.723 ADPCM (Yamaha) ->>20 leshort 49 \b, GSM 6.10 ->>20 leshort 64 \b, ITU G.721 ADPCM ->>20 leshort 80 \b, MPEG ->>20 leshort 85 \b, MPEG Layer 3 ->>20 leshort 0x2001 \b, DTS ->>22 leshort =1 \b, mono ->>22 leshort =2 \b, stereo ->>22 leshort >2 \b, %d channels ->>24 lelong >0 %d Hz +>>12 string >\0 +>>>12 use riff-walk # Corel Draw Picture >8 string CDRA \b, Corel Draw Picture !:mime image/x-coreldraw +>8 string CDR6 \b, Corel Draw Picture, version 6 +!:mime image/x-coreldraw +>8 string NUNDROOT \b, Steinberg CuBase # AVI == Audio Video Interleave >8 string AVI\040 \b, AVI !:mime video/x-msvideo @@ -220,6 +248,7 @@ >>24 belong >0 %d Hz # Corel Draw Picture >8 string CDRA \b, Corel Draw Picture +>8 string CDR6 \b, Corel Draw Picture, version 6 # AVI == Audio Video Interleave >8 string AVI\040 \b, AVI # Animated Cursor format @@ -247,7 +276,7 @@ #------------------------------------------------------------------------------ # MBWF/RF64 -# see EBU – TECH 3306 http://tech.ebu.ch/docs/tech/tech3306-2009.pdf +# see EBU TECH 3306 http://tech.ebu.ch/docs/tech/tech3306-2009.pdf 0 string RF64\xff\xff\xff\xffWAVEds64 MBWF/RF64 audio !:mime audio/x-wav >40 search/256 fmt\x20 \b diff --git a/contrib/file/magic/Magdir/rpm b/contrib/file/magic/Magdir/rpm index 85232c6cd1..9a795f841a 100644 --- a/contrib/file/magic/Magdir/rpm +++ b/contrib/file/magic/Magdir/rpm @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: rpm,v 1.11 2011/06/14 12:47:41 christos Exp $ +# $File: rpm,v 1.12 2013/01/11 16:45:23 christos Exp $ # # RPM: file(1) magic for Red Hat Packages Erik Troan (ewt@redhat.com) # @@ -31,22 +31,15 @@ >>8 beshort 255 noarch #delta RPM Daniel Novotny (dnovotny@redhat.com) -0 string drpm Delta RPM +0 string drpm Delta RPM !:mime application/x-rpm >12 string x %s - ->>>8 beshort 11 MIPSel ->>>8 beshort 12 ARM ->>>8 beshort 13 MiNT ->>>8 beshort 14 S/390 ->>>8 beshort 15 S/390x ->>>8 beshort 16 PowerPC64 ->>>8 beshort 17 SuperH ->>>8 beshort 18 Xtensa +>>8 beshort 11 MIPSel +>>8 beshort 12 ARM +>>8 beshort 13 MiNT +>>8 beshort 14 S/390 +>>8 beshort 15 S/390x +>>8 beshort 16 PowerPC64 +>>8 beshort 17 SuperH +>>8 beshort 18 Xtensa >>10 string x %s - -# Type: Delta RPM -# From: Daniel Novotny (dnovotny@redhat.com) -0 string drpm Delta RPM -!:mime application/x-rpm ->12 string x %s diff --git a/contrib/file/magic/Magdir/scientific b/contrib/file/magic/Magdir/scientific index 7418f1ba54..66d3c598ca 100644 --- a/contrib/file/magic/Magdir/scientific +++ b/contrib/file/magic/Magdir/scientific @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: scientific,v 1.7 2010/09/20 19:19:17 rrt Exp $ +# $File: scientific,v 1.8 2014/01/06 17:46:23 rrt Exp $ # scientific: file(1) magic for scientific formats # # From: Joe Krahn @@ -65,7 +65,7 @@ 0 search/1/c 0\ HEAD GEDCOM genealogy text >&0 search 1\ GEDC >>&0 search 2\ VERS version ->>>&1 search/1 >\0 %s +>>>&1 string >\0 %s # From: Phil Endecott 0 string \000\060\000\040\000\110\000\105\000\101\000\104 GEDCOM data 0 string \060\000\040\000\110\000\105\000\101\000\104\000 GEDCOM data diff --git a/contrib/file/magic/Magdir/sgi b/contrib/file/magic/Magdir/sgi index 2a8af1faf1..913e3b8aac 100644 --- a/contrib/file/magic/Magdir/sgi +++ b/contrib/file/magic/Magdir/sgi @@ -1,7 +1,74 @@ #------------------------------------------------------------------------------ -# $File: sgi,v 1.18 2010/11/25 15:00:12 christos Exp $ -# sgi: file(1) magic for Silicon Graphics applications +# $File: sgi,v 1.20 2014/03/10 00:53:38 christos Exp $ +# sgi: file(1) magic for Silicon Graphics operating systems and applications +# +# Executable images are handled either in aout (for old-style a.out +# files for 68K; they are indistinguishable from other big-endian 32-bit +# a.out files) or in mips (for MIPS ECOFF and Ucode files) +# + +# kbd file definitions +0 string kbd!map kbd map file +>8 byte >0 Ver %d: +>10 short >0 with %d table(s) + +0 beshort 0x8765 disk quotas file + +0 beshort 0x0506 IRIS Showcase file +>2 byte 0x49 - +>3 byte x - version %ld +0 beshort 0x0226 IRIS Showcase template +>2 byte 0x63 - +>3 byte x - version %ld +0 belong 0x5343464d IRIS Showcase file +>4 byte x - version %ld +0 belong 0x5443464d IRIS Showcase template +>4 byte x - version %ld +0 belong 0xdeadbabe IRIX Parallel Arena +>8 belong >0 - version %ld + +# core files +# +# 32bit core file +0 belong 0xdeadadb0 IRIX core dump +>4 belong 1 of +>16 string >\0 '%s' +# 64bit core file +0 belong 0xdeadad40 IRIX 64-bit core dump +>4 belong 1 of +>16 string >\0 '%s' +# N32bit core file +0 belong 0xbabec0bb IRIX N32 core dump +>4 belong 1 of +>16 string >\0 '%s' +# New style crash dump file +0 string \x43\x72\x73\x68\x44\x75\x6d\x70 IRIX vmcore dump of +>36 string >\0 '%s' + +# Trusted IRIX info +0 string SGIAUDIT SGI Audit file +>8 byte x - version %d +>9 byte x \b.%ld +# +0 string WNGZWZSC Wingz compiled script +0 string WNGZWZSS Wingz spreadsheet +0 string WNGZWZHP Wingz help file +# +0 string #Inventor V IRIS Inventor 1.0 file +0 string #Inventor V2 Open Inventor 2.0 file +# GLF is OpenGL stream encoding +0 string glfHeadMagic(); GLF_TEXT +4 belong 0x7d000000 GLF_BINARY_LSB_FIRST +!:strength -30 +4 belong 0x0000007d GLF_BINARY_MSB_FIRST +!:strength -30 +# GLS is OpenGL stream encoding; GLS is the successor of GLF +0 string glsBeginGLS( GLS_TEXT +4 belong 0x10000000 GLS_BINARY_LSB_FIRST +!:strength -30 +4 belong 0x00000010 GLS_BINARY_MSB_FIRST +!:strength -30 # # @@ -61,7 +128,7 @@ >11 byte x dataformat %d # Alias Maya files -0 string/t //Maya ASCII Alias Maya Ascii File, +0 string/t //Maya\040ASCII Alias Maya Ascii File, >13 string >\0 version %s 8 string MAYAFOR4 Alias Maya Binary File, >32 string >\0 version %s scene diff --git a/contrib/file/magic/Magdir/sgml b/contrib/file/magic/Magdir/sgml index 3f78c2f4d5..f9cab08165 100644 --- a/contrib/file/magic/Magdir/sgml +++ b/contrib/file/magic/Magdir/sgml @@ -1,5 +1,5 @@ #------------------------------------------------------------------------------ -# $File: sgml,v 1.27 2011/12/07 12:01:24 rrt Exp $ +# $File: sgml,v 1.30 2013/12/21 14:27:24 christos Exp $ # Type: SVG Vectorial Graphics # From: Noel Torres 0 string \>19 search/4096 \ +0 string \15 string >\0 +>>19 search/4096 \4 string >\0 - version %s @@ -73,8 +81,7 @@ # the main program that uses that format, but there are other programs # that use "libpcap", or that use the same capture file format.) # -0 ubelong 0xa1b2c3d4 tcpdump capture file (big-endian) -!:mime application/vnd.tcpdump.pcap +0 name pcap-be >4 beshort x - version %d >6 beshort x \b.%d >20 belong 0 (No link-layer encapsulation @@ -116,8 +123,10 @@ >20 belong 127 (802.11 with radiotap header >20 belong 129 (Linux ARCNET >20 belong 138 (Apple IP over IEEE 1394 +>20 belong 139 (MTP2 with pseudo-header >20 belong 140 (MTP2 >20 belong 141 (MTP3 +>20 belong 142 (SCCP >20 belong 143 (DOCSIS >20 belong 144 (IrDA >20 belong 147 (Private use 0 @@ -137,72 +146,53 @@ >20 belong 161 (Private use 14 >20 belong 162 (Private use 15 >20 belong 163 (802.11 with AVS header +>20 belong 165 (BACnet MS/TP +>20 belong 166 (PPPD +>20 belong 169 (GPRS LLC +>20 belong 177 (Linux LAPD +>20 belong 187 (Bluetooth HCI H4 +>20 belong 189 (Linux USB +>20 belong 192 (PPI +>20 belong 195 (802.15.4 +>20 belong 196 (SITA +>20 belong 197 (Endace ERF +>20 belong 201 (Bluetooth HCI H4 with pseudo-header +>20 belong 202 (AX.25 with KISS header +>20 belong 203 (LAPD +>20 belong 204 (PPP with direction pseudo-header +>20 belong 205 (Cisco HDLC with direction pseudo-header +>20 belong 206 (Frame Relay with direction pseudo-header +>20 belong 209 (Linux IPMB +>20 belong 215 (802.15.4 with non-ASK PHY header +>20 belong 220 (Memory-mapped Linux USB +>20 belong 224 (Fibre Channel FC-2 +>20 belong 225 (Fibre Channel FC-2 with frame delimiters +>20 belong 226 (Solaris IPNET +>20 belong 227 (SocketCAN +>20 belong 228 (Raw IPv4 +>20 belong 229 (Raw IPv6 +>20 belong 230 (802.15.4 without FCS +>20 belong 231 (D-Bus messages +>20 belong 235 (DVB-CI +>20 belong 236 (MUX27010 +>20 belong 237 (STANAG 5066 D_PDUs +>20 belong 239 (Linux netlink NFLOG messages +>20 belong 240 (Hilscher netAnalyzer +>20 belong 241 (Hilscher netAnalyzer with delimiters +>20 belong 242 (IP-over-Infiniband +>20 belong 243 (MPEG-2 Transport Stream packets +>20 belong 244 (ng4t ng40 +>20 belong 245 (NFC LLCP +>20 belong 247 (Infiniband +>20 belong 248 (SCTP >16 belong x \b, capture length %d) + +0 ubelong 0xa1b2c3d4 tcpdump capture file (big-endian) +!:mime application/vnd.tcpdump.pcap +>0 use pcap-be 0 ulelong 0xa1b2c3d4 tcpdump capture file (little-endian) !:mime application/vnd.tcpdump.pcap ->4 leshort x - version %d ->6 leshort x \b.%d ->20 lelong 0 (No link-layer encapsulation ->20 lelong 1 (Ethernet ->20 lelong 2 (3Mb Ethernet ->20 lelong 3 (AX.25 ->20 lelong 4 (ProNET ->20 lelong 5 (CHAOS ->20 lelong 6 (Token Ring ->20 lelong 7 (ARCNET ->20 lelong 8 (SLIP ->20 lelong 9 (PPP ->20 lelong 10 (FDDI ->20 lelong 11 (RFC 1483 ATM ->20 lelong 12 (raw IP ->20 lelong 13 (BSD/OS SLIP ->20 lelong 14 (BSD/OS PPP ->20 lelong 19 (Linux ATM Classical IP ->20 lelong 50 (PPP or Cisco HDLC ->20 lelong 51 (PPP-over-Ethernet ->20 lelong 99 (Symantec Enterprise Firewall ->20 lelong 100 (RFC 1483 ATM ->20 lelong 101 (raw IP ->20 lelong 102 (BSD/OS SLIP ->20 lelong 103 (BSD/OS PPP ->20 lelong 104 (BSD/OS Cisco HDLC ->20 lelong 105 (802.11 ->20 lelong 106 (Linux Classical IP over ATM ->20 lelong 107 (Frame Relay ->20 lelong 108 (OpenBSD loopback ->20 lelong 109 (OpenBSD IPsec encrypted ->20 lelong 112 (Cisco HDLC ->20 lelong 113 (Linux "cooked" ->20 lelong 114 (LocalTalk ->20 lelong 117 (OpenBSD PFLOG ->20 lelong 119 (802.11 with Prism header ->20 lelong 122 (RFC 2625 IP over Fibre Channel ->20 lelong 123 (SunATM ->20 lelong 127 (802.11 with radiotap header ->20 lelong 129 (Linux ARCNET ->20 lelong 138 (Apple IP over IEEE 1394 ->20 lelong 140 (MTP2 ->20 lelong 141 (MTP3 ->20 lelong 143 (DOCSIS ->20 lelong 144 (IrDA ->20 lelong 147 (Private use 0 ->20 lelong 148 (Private use 1 ->20 lelong 149 (Private use 2 ->20 lelong 150 (Private use 3 ->20 lelong 151 (Private use 4 ->20 lelong 152 (Private use 5 ->20 lelong 153 (Private use 6 ->20 lelong 154 (Private use 7 ->20 lelong 155 (Private use 8 ->20 lelong 156 (Private use 9 ->20 lelong 157 (Private use 10 ->20 lelong 158 (Private use 11 ->20 lelong 159 (Private use 12 ->20 lelong 160 (Private use 13 ->20 lelong 161 (Private use 14 ->20 lelong 162 (Private use 15 ->20 lelong 163 (802.11 with AVS header ->16 lelong x \b, capture length %d) +>0 use \^pcap-be # # "libpcap"-with-Alexey-Kuznetsov's-patches capture files. @@ -211,43 +201,9 @@ # that use "libpcap", or that use the same capture file format.) # 0 ubelong 0xa1b2cd34 extended tcpdump capture file (big-endian) ->4 beshort x - version %d ->6 beshort x \b.%d ->20 belong 0 (No link-layer encapsulation ->20 belong 1 (Ethernet ->20 belong 2 (3Mb Ethernet ->20 belong 3 (AX.25 ->20 belong 4 (ProNET ->20 belong 5 (CHAOS ->20 belong 6 (Token Ring ->20 belong 7 (ARCNET ->20 belong 8 (SLIP ->20 belong 9 (PPP ->20 belong 10 (FDDI ->20 belong 11 (RFC 1483 ATM ->20 belong 12 (raw IP ->20 belong 13 (BSD/OS SLIP ->20 belong 14 (BSD/OS PPP ->16 belong x \b, capture length %d) +>0 use pcap-be 0 ulelong 0xa1b2cd34 extended tcpdump capture file (little-endian) ->4 leshort x - version %d ->6 leshort x \b.%d ->20 lelong 0 (No link-layer encapsulation ->20 lelong 1 (Ethernet ->20 lelong 2 (3Mb Ethernet ->20 lelong 3 (AX.25 ->20 lelong 4 (ProNET ->20 lelong 5 (CHAOS ->20 lelong 6 (Token Ring ->20 lelong 7 (ARCNET ->20 lelong 8 (SLIP ->20 lelong 9 (PPP ->20 lelong 10 (FDDI ->20 lelong 11 (RFC 1483 ATM ->20 lelong 12 (raw IP ->20 lelong 13 (BSD/OS SLIP ->20 lelong 14 (BSD/OS PPP ->16 lelong x \b, capture length %d) +>0 use \^pcap-be # # "pcap-ng" capture files. @@ -295,9 +251,9 @@ >8 lelong x \b, %d stations found # -# EtherPeek/AiroPeek "version 9" capture files. +# *Peek tagged capture files. # -0 string \177ver EtherPeek/AiroPeek capture file +0 string \177ver EtherPeek/AiroPeek/OmniPeek capture file # # Visual Networks traffic capture files. diff --git a/contrib/file/magic/Magdir/sql b/contrib/file/magic/Magdir/sql index cce5550fef..5b8c3e3acb 100644 --- a/contrib/file/magic/Magdir/sql +++ b/contrib/file/magic/Magdir/sql @@ -1,22 +1,34 @@ #------------------------------------------------------------------------------ -# $File: sql,v 1.6 2009/09/19 16:28:12 christos Exp $ +# $File: sql,v 1.13 2013/08/27 04:02:33 christos Exp $ # sql: file(1) magic for SQL files # # From: "Marty Leisner" # Recognize some MySQL files. +# Elan Ruusamae , added MariaDB signatures +# from https://bazaar.launchpad.net/~maria-captains/maria/5.5/view/head:/support-files/magic # 0 beshort 0xfe01 MySQL table definition file >2 byte x Version %d -0 belong&0xffffff00 0xfefe0300 MySQL MISAM index file +0 belong&0xffffff00 0xfefe0700 MySQL MyISAM index file >3 byte x Version %d -0 belong&0xffffff00 0xfefe0700 MySQL MISAM compressed data file +0 belong&0xffffff00 0xfefe0800 MySQL MyISAM compressed data file +>3 byte x Version %d +0 belong&0xffffff00 0xfefe0900 MySQL Maria index file +>3 byte x Version %d +0 belong&0xffffff00 0xfefe0A00 MySQL Maria compressed data file >3 byte x Version %d 0 belong&0xffffff00 0xfefe0500 MySQL ISAM index file >3 byte x Version %d 0 belong&0xffffff00 0xfefe0600 MySQL ISAM compressed data file >3 byte x Version %d -0 string \376bin MySQL replication log +0 string \376bin MySQL replication log +0 belong&0xffffff00 0xfefe0b00 +>4 string MARIALOG MySQL Maria transaction log file +>>3 byte x Version %d +0 belong&0xffffff00 0xfefe0c00 +>4 string MACF MySQL Maria control file +>>3 byte x Version %d #------------------------------------------------------------------------------ # iRiver H Series database file @@ -38,9 +50,34 @@ 0 string **\ This\ file\ contains\ an\ SQLite SQLite 2.x database # Version 3 of SQLite allows applications to embed their own "user version" -# number in the database. Detect this and distinguish those files. - +# number in the database at offset 60. Later, SQLite added an "application id" +# at offset 68 that is preferred over "user version" for indicating the +# associated application. +# 0 string SQLite\ format\ 3 ->60 string _MTN Monotone source repository ->60 belong !0 SQLite 3.x database, user version %u ->60 belong 0 SQLite 3.x database +>60 belong =0x5f4d544e Monotone source repository - SQLite3 database +>68 belong =0x0f055112 Fossil checkout - SQLite3 database +>68 belong =0x0f055113 Fossil global configuration - SQLite3 database +>68 belong =0x0f055111 Fossil repository - SQLite3 database +>68 belong =0x42654462 Bentley Systems BeSQLite Database - SQLite3 database +>68 belong =0x42654c6e Bentley Systems Localization File - SQLite3 database +>68 belong =0x47504b47 OGC GeoPackage file - SQLite3 database +>68 default x SQLite 3.x database +>>68 belong !0 \b, application id %u +>>60 belong !0 \b, user version %d + +# SQLite Write-Ahead Log from SQLite version >= 3.7.0 +# http://www.sqlite.org/fileformat.html#walformat +0 belong&0xfffffffe 0x377f0682 SQLite Write-Ahead Log, +>4 belong x version %ld + +# SQLite Rollback Journal +# http://www.sqlite.org/fileformat.html#rollbackjournal +0 string \xd9\xd5\x05\xf9\x20\xa1\x63\xd7 SQLite Rollback Journal + +# Panasonic channel list database svl.bin or svl.db added by Joerg Jenderek +# http://www.ullrich.es/job/service-menue/panasonic/panasonic-sendersortierung-sat-am-pc/ +# pceditor_V2003.jar +0 string PSDB\0 Panasonic channel list database +>126 string SQLite\ format\ 3 +>>&-15 indirect x \b; contains diff --git a/contrib/file/magic/Magdir/ssh b/contrib/file/magic/Magdir/ssh index c87f388303..d867af0d7a 100644 --- a/contrib/file/magic/Magdir/ssh +++ b/contrib/file/magic/Magdir/ssh @@ -6,3 +6,6 @@ 0 string ssh-dss\ OpenSSH DSA public key 0 string ssh-rsa\ OpenSSH RSA public key +0 string ecdsa-sha2-nistp256 OpenSSH ECDSA public key +0 string ecdsa-sha2-nistp384 OpenSSH ECDSA public key +0 string ecdsa-sha2-nistp521 OpenSSH ECDSA public key diff --git a/contrib/file/magic/Magdir/ssl b/contrib/file/magic/Magdir/ssl index 4d8706e2b8..5d5daeeaf3 100644 --- a/contrib/file/magic/Magdir/ssl +++ b/contrib/file/magic/Magdir/ssl @@ -5,3 +5,4 @@ 0 string -----BEGIN\ CERTIFICATE\ REQ PEM certificate request 0 string -----BEGIN\ RSA\ PRIVATE PEM RSA private key 0 string -----BEGIN\ DSA\ PRIVATE PEM DSA private key +0 string -----BEGIN\ EC\ PRIVATE PEM EC private key diff --git a/contrib/file/magic/Magdir/sun b/contrib/file/magic/Magdir/sun index 1fd37ede65..86ffad2f15 100644 --- a/contrib/file/magic/Magdir/sun +++ b/contrib/file/magic/Magdir/sun @@ -1,12 +1,15 @@ #------------------------------------------------------------------------------ -# $File: sun,v 1.22 2011/02/10 01:52:51 christos Exp $ +# $File: sun,v 1.25 2013/01/09 22:37:24 christos Exp $ # sun: file(1) magic for Sun machines # # Values for big-endian Sun (MC680x0, SPARC) binaries on pre-5.x -# releases. (5.x uses ELF.) +# releases. (5.x uses ELF.) Entries for executables without an +# architecture type, used before the 68020-based Sun-3's came out, +# are in aout, as they're indistinguishable from other big-endian +# 32-bit a.out files. # -0 belong&077777777 0600413 sparc demand paged +0 belong&077777777 0600413 a.out SunOS sparc demand paged >0 byte &0x80 >>20 belong <4096 shared library >>20 belong =4096 dynamically linked executable @@ -14,17 +17,17 @@ >0 byte ^0x80 executable >16 belong >0 not stripped -0 belong&077777777 0600410 sparc pure +0 belong&077777777 0600410 a.out SunOS sparc pure >0 byte &0x80 dynamically linked executable >0 byte ^0x80 executable >16 belong >0 not stripped -0 belong&077777777 0600407 sparc +0 belong&077777777 0600407 a.out SunOS sparc >0 byte &0x80 dynamically linked executable >0 byte ^0x80 executable >16 belong >0 not stripped -0 belong&077777777 0400413 mc68020 demand paged +0 belong&077777777 0400413 a.out SunOS mc68020 demand paged >0 byte &0x80 >>20 belong <4096 shared library >>20 belong =4096 dynamically linked executable @@ -32,17 +35,17 @@ >0 byte ^0x80 executable >16 belong >0 not stripped -0 belong&077777777 0400410 mc68020 pure +0 belong&077777777 0400410 a.out SunOS mc68020 pure >0 byte &0x80 dynamically linked executable >0 byte ^0x80 executable >16 belong >0 not stripped -0 belong&077777777 0400407 mc68020 +0 belong&077777777 0400407 a.out SunOS mc68020 >0 byte &0x80 dynamically linked executable >0 byte ^0x80 executable >16 belong >0 not stripped -0 belong&077777777 0200413 mc68010 demand paged +0 belong&077777777 0200413 a.out SunOS mc68010 demand paged >0 byte &0x80 >>20 belong <4096 shared library >>20 belong =4096 dynamically linked executable @@ -50,24 +53,16 @@ >0 byte ^0x80 executable >16 belong >0 not stripped -0 belong&077777777 0200410 mc68010 pure +0 belong&077777777 0200410 a.out SunOS mc68010 pure >0 byte &0x80 dynamically linked executable >0 byte ^0x80 executable >16 belong >0 not stripped -0 belong&077777777 0200407 mc68010 +0 belong&077777777 0200407 a.out SunOS mc68010 >0 byte &0x80 dynamically linked executable >0 byte ^0x80 executable >16 belong >0 not stripped -# reworked these to avoid anything beginning with zero becoming "old sun-2" -0 belong 0407 old sun-2 executable ->16 belong >0 not stripped -0 belong 0410 old sun-2 pure executable ->16 belong >0 not stripped -0 belong 0413 old sun-2 demand paged executable ->16 belong >0 not stripped - # # Core files. "SPARC 4.x BCP" means "core file from a SunOS 4.x SPARC # binary executed in compatibility mode under SunOS 5.x". @@ -96,7 +91,10 @@ # Sun SunPC 0 long 0xfa33c08e SunPC 4.0 Hard Disk 0 string #SUNPC_CONFIG SunPC 4.0 Properties Values -# Sun snoop (see RFC 1761, which describes the capture file format). +# Sun snoop (see RFC 1761, which describes the capture file format, +# RFC 3827, which describes some additional datalink types, and +# http://www.iana.org/assignments/snoop-datalink-types/snoop-datalink-types.xml, +# which is the IANA registry of Snoop datalink types) # 0 string snoop Snoop capture file >8 belong >0 - version %ld @@ -109,14 +107,25 @@ >12 belong 6 (Character synchronous) >12 belong 7 (IBM channel-to-channel adapter) >12 belong 8 (FDDI) ->12 belong 9 (Unknown) - -# Microsoft ICM color profile -36 string acspMSFT Microsoft ICM Color Profile -!:mime application/vnd.iccprofile -# Sun KCMS -36 string acsp Kodak Color Management System, ICC Profile -!:mime application/vnd.iccprofile +>12 belong 9 (Other) +>12 belong 10 (type %ld) +>12 belong 11 (type %ld) +>12 belong 12 (type %ld) +>12 belong 13 (type %ld) +>12 belong 14 (type %ld) +>12 belong 15 (type %ld) +>12 belong 16 (Fibre Channel) +>12 belong 17 (ATM) +>12 belong 18 (ATM Classical IP) +>12 belong 19 (type %ld) +>12 belong 20 (type %ld) +>12 belong 21 (type %ld) +>12 belong 22 (type %ld) +>12 belong 23 (type %ld) +>12 belong 24 (type %ld) +>12 belong 25 (type %ld) +>12 belong 26 (IP over Infiniband) +>12 belong >26 (type %ld) #--------------------------------------------------------------------------- # The following entries have been tested by Duncan Laurie (a @@ -130,5 +139,3 @@ # New format for Sun/Cobalt boot ROMs is annoying, it stores the version code # at the very end where file(1) can't get it. 0 string CRfs COBALT boot rom data (Flat boot rom or file system) - - diff --git a/contrib/file/magic/Magdir/symbos b/contrib/file/magic/Magdir/symbos new file mode 100644 index 0000000000..c6a4480e8b --- /dev/null +++ b/contrib/file/magic/Magdir/symbos @@ -0,0 +1,42 @@ + +#------------------------------------------------------------------------------ +# msx: file(1) magic for the SymbOS operating system +# http://www.symbos.de +# Fábio R. Schmidlin + +# SymbOS EXE file +0x30 string SymExe SymbOS executable +>0x36 ubyte x v%c +>0x37 ubyte x \b.%c +>0xF string x \b, name: %s + +# SymbOS DOX document +0 string INFOq\0 SymbOS DOX document + +# Symbos driver +0 string SMD1 SymbOS driver +>19 byte x \b, name: %c +>20 byte x \b%c +>21 byte x \b%c +>22 byte x \b%c +>23 byte x \b%c +>24 byte x \b%c +>25 byte x \b%c +>26 byte x \b%c +>27 byte x \b%c +>28 byte x \b%c +>29 byte x \b%c +>30 byte x \b%c +>31 byte x \b%c + +# Symbos video +0 string SymVid SymbOS video +>6 ubyte x v%c +>7 ubyte x \b.%c + +# Soundtrakker 128 ST2 music +0 byte 0 +>0xC string \x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x40\x00 Soundtrakker 128 ST2 music, +>>1 string x name: %s + + diff --git a/contrib/file/magic/Magdir/sysex b/contrib/file/magic/Magdir/sysex index 70b5b1cf24..c6f78cde28 100644 --- a/contrib/file/magic/Magdir/sysex +++ b/contrib/file/magic/Magdir/sysex @@ -1,10 +1,12 @@ #------------------------------------------------------------------------ -# $File: sysex,v 1.6 2009/09/19 16:28:12 christos Exp $ +# $File: sysex,v 1.7 2013/09/16 15:12:42 christos Exp $ # sysex: file(1) magic for MIDI sysex files # -# -0 byte 0xF0 SysEx File - +# GRR: orginal 1 byte test at offset was too general as it catches also many FATs of DOS filesystems +# where real SYStem EXclusive messages at offset 1 are limited to seven bits +# http://en.wikipedia.org/wiki/MIDI +0 ubeshort&0xFF80 0xF000 SysEx File - # North American Group >1 byte 0x01 Sequential @@ -210,7 +212,7 @@ >1 byte 0x52 Zoom >1 byte 0x54 Matsushita >1 byte 0x57 Acoustic tech. lab. - +# http://www.midi.org/techspecs/manid.php >1 belong&0xffffff00 0x00007400 Ta Horng >1 belong&0xffffff00 0x00007500 e-Tek >1 belong&0xffffff00 0x00007600 E-Voice diff --git a/contrib/file/magic/Magdir/tcl b/contrib/file/magic/Magdir/tcl index 223f93b58c..515fa8dbb9 100644 --- a/contrib/file/magic/Magdir/tcl +++ b/contrib/file/magic/Magdir/tcl @@ -5,7 +5,7 @@ # Tcl scripts 0 search/1/w #!\ /usr/bin/tcl Tcl script text executable -!:mime text/x-lua +!:mime text/x-tcl 0 search/1/w #!\ /usr/local/bin/tcl Tcl script text executable !:mime text/x-tcl 0 search/1 #!/usr/bin/env\ tcl Tcl script text executable diff --git a/contrib/file/magic/Magdir/tex b/contrib/file/magic/Magdir/tex index e8d2e8762a..1737ea95c1 100644 --- a/contrib/file/magic/Magdir/tex +++ b/contrib/file/magic/Magdir/tex @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: tex,v 1.18 2011/02/08 13:45:15 christos Exp $ +# $File: tex,v 1.20 2014/03/16 02:53:03 christos Exp $ # tex: file(1) magic for TeX files # # XXX - needs byte-endian stuff (big-endian and little-endian DVI?) @@ -40,6 +40,9 @@ 0 search/4096 \\input TeX document text !:mime text/x-tex !:strength + 15 +0 search/4096 \\begin LaTeX document text +!:mime text/x-tex +!:strength + 15 0 search/4096 \\section LaTeX document text !:mime text/x-tex !:strength + 18 @@ -103,3 +106,34 @@ 0 search/1 @c\ @mapfile{ TeX font aliases text file 0 string #LyX LyX document text + +# ConTeXt documents +# http://wiki.contextgarden.net/ +0 search/4096 \\setupcolors[ ConTeXt document text +!:strength + 15 +0 search/4096 \\definecolor[ ConTeXt document text +!:strength + 15 +0 search/4096 \\setupinteraction[ ConTeXt document text +!:strength + 15 +0 search/4096 \\useURL[ ConTeXt document text +!:strength + 15 +0 search/4096 \\setuppapersize[ ConTeXt document text +!:strength + 15 +0 search/4096 \\setuplayout[ ConTeXt document text +!:strength + 15 +0 search/4096 \\setupfooter[ ConTeXt document text +!:strength + 15 +0 search/4096 \\setupfootertexts[ ConTeXt document text +!:strength + 15 +0 search/4096 \\setuppagenumbering[ ConTeXt document text +!:strength + 15 +0 search/4096 \\setupbodyfont[ ConTeXt document text +!:strength + 15 +0 search/4096 \\setuphead[ ConTeXt document text +!:strength + 15 +0 search/4096 \\setupitemize[ ConTeXt document text +!:strength + 15 +0 search/4096 \\setupwhitespace[ ConTeXt document text +!:strength + 15 +0 search/4096 \\setupindenting[ ConTeXt document text +!:strength + 15 diff --git a/contrib/file/magic/Magdir/unknown b/contrib/file/magic/Magdir/unknown index 82ac2ad164..578a8ea06d 100644 --- a/contrib/file/magic/Magdir/unknown +++ b/contrib/file/magic/Magdir/unknown @@ -1,35 +1,34 @@ #------------------------------------------------------------------------------ -# $File: unknown,v 1.7 2009/09/19 16:28:13 christos Exp $ +# $File: unknown,v 1.8 2013/01/09 22:37:24 christos Exp $ # unknown: file(1) magic for unknown machines # -# XXX - this probably should be pruned, as it'll match PDP-11 and -# VAX image formats. -# -# 0x107 is 0407; 0x108 is 0410; both are PDP-11 (executable and pure, -# respectively). -# -# 0x109 is 0411; that's PDP-11 split I&D, but the PDP-11 version doesn't -# have the "version %ld", which may be a bogus COFFism (I don't think -# there ever was COFF for the PDP-11). +# 0x107 is 0407, 0x108 is 0410, and 0x109 is 0411; those are all PDP-11 +# (executable, pure, and split I&D, respectively), but the PDP-11 version +# doesn't have the "version %ld", which may be a bogus COFFism (I don't +# think there was ever COFF for the PDP-11). # # 0x10B is 0413; that's VAX demand-paged, but this is a short, not a -# long, as it would be on a VAX. +# long, as it would be on a VAX. In any case, that could collide with +# VAX demand-paged files, as the magic number is little-endian on those +# binaries, so the first 16 bits of the file would contain 0x10B. +# +# Therefore, those entries are commented out. # -# 0x10C is 0414 and 0x10E is 416; those *are* unknown. +# 0x10C is 0414 and 0x10E is 0416; those *are* unknown. # -0 short 0x107 unknown machine executable ->8 short >0 not stripped ->15 byte >0 - version %ld -0 short 0x108 unknown pure executable ->8 short >0 not stripped ->15 byte >0 - version %ld -0 short 0x109 PDP-11 separate I&D ->8 short >0 not stripped ->15 byte >0 - version %ld -0 short 0x10b unknown pure executable ->8 short >0 not stripped ->15 byte >0 - version %ld +#0 short 0x107 unknown machine executable +#>8 short >0 not stripped +#>15 byte >0 - version %ld +#0 short 0x108 unknown pure executable +#>8 short >0 not stripped +#>15 byte >0 - version %ld +#0 short 0x109 PDP-11 separate I&D +#>8 short >0 not stripped +#>15 byte >0 - version %ld +#0 short 0x10b unknown pure executable +#>8 short >0 not stripped +#>15 byte >0 - version %ld 0 long 0x10c unknown demand paged pure executable >16 long >0 not stripped 0 long 0x10e unknown readable demand paged pure executable diff --git a/contrib/file/magic/Magdir/uterus b/contrib/file/magic/Magdir/uterus new file mode 100644 index 0000000000..c5a139b5fa --- /dev/null +++ b/contrib/file/magic/Magdir/uterus @@ -0,0 +1,16 @@ + +#------------------------------------------------------------------------------ +# $File: uterus,v 1.1 2012/12/18 18:53:32 christos Exp $ +# file(1) magic for uterus files +# http://freecode.com/projects/uterus +# +0 string UTE+ uterus file +>4 string v \b, version +>5 byte x %c +>6 string . \b. +>7 byte x \b%c +>8 string \<\> \b, big-endian +>>16 belong >0 \b, slut size %u +>8 string \>\< \b, litte-endian +>>16 lelong >0 \b, slut size %u +>10 byte &8 \b, compressed diff --git a/contrib/file/magic/Magdir/varied.script b/contrib/file/magic/Magdir/varied.script index 50259d3ed9..eb71b2f577 100644 --- a/contrib/file/magic/Magdir/varied.script +++ b/contrib/file/magic/Magdir/varied.script @@ -1,28 +1,56 @@ #------------------------------------------------------------------------------ -# $File: varied.script,v 1.9 2011/12/16 16:32:48 rrt Exp $ +# $File: varied.script,v 1.10 2014/03/01 22:32:39 christos Exp $ # varied.script: file(1) magic for various interpreter scripts 0 string/t #!\ / a >3 string >\0 %s script text executable !:strength / 2 + +0 string/b #!\ / a +>3 string >\0 %s script executable (binary data) +!:strength / 2 + 0 string/t #!\t/ a >3 string >\0 %s script text executable !:strength / 2 + +0 string/b #!\t/ a +>3 string >\0 %s script executable (binary data) +!:strength / 2 + 0 string/t #!/ a >2 string >\0 %s script text executable !:strength / 2 + +0 string/b #!/ a +>2 string >\0 %s script executable (binary data) +!:strength / 2 + 0 string/t #!\ script text executable >3 string >\0 for %s !:strength / 3 +0 string/b #!\ script executable +>3 string >\0 for %s (binary data) +!:strength / 3 + # using env 0 string/t #!/usr/bin/env a >15 string/t >\0 %s script text executable !:strength / 10 + +0 string/b #!/usr/bin/env a +>15 string/b >\0 %s script executable (binary data) +!:strength / 10 + 0 string/t #!\ /usr/bin/env a >16 string/t >\0 %s script text executable !:strength / 10 +0 string/b #!\ /usr/bin/env a +>16 string/b >\0 %s script executable (binary data) +!:strength / 10 + # From: arno # mozilla xpconnect typelib # see http://www.mozilla.org/scriptable/typelib_file.html diff --git a/contrib/file/magic/Magdir/vax b/contrib/file/magic/Magdir/vax index 31a35123dd..5a096e8650 100644 --- a/contrib/file/magic/Magdir/vax +++ b/contrib/file/magic/Magdir/vax @@ -1,30 +1,22 @@ #------------------------------------------------------------------------------ -# $File: vax,v 1.7 2009/09/19 16:28:13 christos Exp $ +# $File: vax,v 1.8 2013/01/09 22:37:24 christos Exp $ # vax: file(1) magic for VAX executable/object and APL workspace # 0 lelong 0101557 VAX single precision APL workspace 0 lelong 0101556 VAX double precision APL workspace # -# VAX a.out (32V, BSD) +# VAX a.out (BSD; others collide with 386 and other 32-bit little-endian +# executables, and are handled in aout) # -0 lelong 0407 VAX executable ->16 lelong >0 not stripped - -0 lelong 0410 VAX pure executable ->16 lelong >0 not stripped - -0 lelong 0413 VAX demand paged pure executable ->16 lelong >0 not stripped - -0 lelong 0420 VAX demand paged (first page unmapped) pure executable +0 lelong 0420 a.out VAX demand paged (first page unmapped) pure executable >16 lelong >0 not stripped # # VAX COFF # -# The `versions' should be un-commented if they work for you. +# The `versions' were commented out, but have been un-commented out. # (Was the problem just one of endianness?) # 0 leshort 0570 VAX COFF executable diff --git a/contrib/file/magic/Magdir/virtual b/contrib/file/magic/Magdir/virtual index 7b729d4035..17ef44d209 100644 --- a/contrib/file/magic/Magdir/virtual +++ b/contrib/file/magic/Magdir/virtual @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: virtual,v 1.2 2011/11/22 13:30:05 christos Exp $ +# $File: virtual,v 1.3 2014/03/03 14:19:46 christos Exp $ # From: James Nobis # Microsoft hard disk images for: # Virtual Server @@ -15,3 +15,13 @@ 0x40 ulelong 0xbeda107f VirtualBox Disk Image >0x44 uleshort >0 \b, major %u >0x46 uleshort >0 \b, minor %u + +# libvirt +# From: Philipp Hahn +0 string LibvirtQemudSave Libvirt QEMU Suspend Image +>0x10 lelong x \b, version %u +>0x14 lelong x \b, XML length %u +>0x18 lelong 1 \b, running +>0x1c lelong 1 \b, compressed + +0 string LibvirtQemudPart Libvirt QEMU partial Suspend Image diff --git a/contrib/file/magic/Magdir/vms b/contrib/file/magic/Magdir/vms index d114dfd79e..be716b38e3 100644 --- a/contrib/file/magic/Magdir/vms +++ b/contrib/file/magic/Magdir/vms @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: vms,v 1.6 2009/09/19 16:28:13 christos Exp $ +# $File: vms,v 1.7 2013/03/09 22:36:00 christos Exp $ # vms: file(1) magic for VMS executables (experimental) # # VMS .exe formats, both VAX and AXP (Greg Roelofs, newt@uchicago.edu) @@ -24,5 +24,7 @@ # 00030 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ................ # 00040 00 00 00 00 ff ff ff ff ff ff ff ff 02 00 00 00 ................ # -0 belong 0x03000000 VMS Alpha executable ->75264 string PK\003\004 \b, Info-ZIP SFX archive v5.12 w/decryption +# GRR this test is still too general as it catches example adressen.dbt +0 belong 0x03000000 +>8 ubelong 0xec020000 VMS Alpha executable +>>75264 string PK\003\004 \b, Info-ZIP SFX archive v5.12 w/decryption diff --git a/contrib/file/magic/Magdir/windows b/contrib/file/magic/Magdir/windows index cd760ec767..6c70e02a2f 100644 --- a/contrib/file/magic/Magdir/windows +++ b/contrib/file/magic/Magdir/windows @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: windows,v 1.4 2009/09/19 16:28:13 christos Exp $ +# $File: windows,v 1.6 2013/04/19 20:12:29 christos Exp $ # windows: file(1) magic for Microsoft Windows # # This file is mainly reserved for files where programs @@ -75,12 +75,55 @@ 0 string HyperTerminal\ >15 string 1.0\ --\ HyperTerminal\ data\ file MS Windows HyperTerminal profile - +# http://ithreats.files.wordpress.com/2009/05/\ +# lnk_the_windows_shortcut_file_format.pdf # Summary: Windows shortcut # Extension: .lnk # Created by: unknown +# 'L' + GUUID 0 string \114\0\0\0\001\024\002\0\0\0\0\0\300\0\0\0\0\0\0\106 MS Windows shortcut - +>20 lelong&1 1 \b, Item id list present +>20 lelong&2 2 \b, Points to a file or directory +>20 lelong&4 4 \b, Has Description string +>20 lelong&8 8 \b, Has Relative path +>20 lelong&16 16 \b, Has Working directory +>20 lelong&32 32 \b, Has command line arguments +>20 lelong&64 64 \b, Icon +>>56 lelong \b number=%d +>24 lelong&1 1 \b, Read-Only +>24 lelong&2 2 \b, Hidden +>24 lelong&4 4 \b, System +>24 lelong&8 8 \b, Volume Label +>24 lelong&16 16 \b, Directory +>24 lelong&32 32 \b, Archive +>24 lelong&64 64 \b, Encrypted +>24 lelong&128 128 \b, Normal +>24 lelong&256 256 \b, Temporary +>24 lelong&512 512 \b, Sparse +>24 lelong&1024 1024 \b, Reparse point +>24 lelong&2048 2048 \b, Compressed +>24 lelong&4096 4096 \b, Offline +>28 leqwdate x \b, ctime=%s +>36 leqwdate x \b, mtime=%s +>44 leqwdate x \b, atime=%s +>52 lelong x \b, length=%u, window= +>60 lelong&1 1 \bhide +>60 lelong&2 2 \bnormal +>60 lelong&4 4 \bshowminimized +>60 lelong&8 8 \bshowmaximized +>60 lelong&16 16 \bshownoactivate +>60 lelong&32 32 \bminimize +>60 lelong&64 64 \bshowminnoactive +>60 lelong&128 128 \bshowna +>60 lelong&256 256 \brestore +>60 lelong&512 512 \bshowdefault +#>20 lelong&1 0 +#>>20 lelong&2 2 +#>>>(72.l-64) pstring/h x \b [%s] +#>20 lelong&1 1 +#>>20 lelong&2 2 +#>>>(72.s) leshort x +#>>>&75 pstring/h x \b [%s] # Summary: Outlook Personal Folders # Created by: unknown @@ -115,8 +158,179 @@ 0 string Windows\ Registry\ Editor\ >&0 string Version\ 5.00\r\n\r\n Windows Registry text (Win2K or above) - +# Windows *.INF *.INI files updated by Joerg Jenderek at Apr 2013 +# emtpy ,comment , section , unicode line +0 regex/s \\`(\r\n|;|[[]|\xFF\xFE) +# left bracket in section line +>&0 search/8192 [ +# http://en.wikipedia.org/wiki/Autorun.inf +# http://msdn.microsoft.com/en-us/library/windows/desktop/cc144200.aspx +>>&0 regex/c \^(autorun)]\r\n +>>>&0 ubyte =0x5b INItialization configuration +!:mime application/x-wine-extension-ini # From: Pal Tamas # Autorun File -0 string/c [autorun]\r\n Microsoft Windows Autorun file. -!:mime application/x-setupscript. +>>>&0 ubyte !0x5b Microsoft Windows Autorun file +!:mime application/x-setupscript +# http://msdn.microsoft.com/en-us/library/windows/hardware/ff549520(v=vs.85).aspx +# version strings ASCII coded case-independent for Windows setup information script file +>>&0 regex/c \^(version|strings)] Windows setup INFormation +!:mime application/x-setupscript +#!:mime application/inf +#!:mime application/x-wine-extension-inf +>>&0 regex/c \^(WinsockCRCList|OEMCPL)] Windows setup INFormation +!:mime text/inf +# http://www.winfaq.de/faq_html/Content/tip2500/onlinefaq.php?h=tip2653.htm +# http://msdn.microsoft.com/en-us/library/windows/desktop/cc144102.aspx +# .ShellClassInfo DeleteOnCopy LocalizedFileNames ASCII coded case-independent +>>&0 regex/c \^(\.ShellClassInfo|DeleteOnCopy|LocalizedFileNames)] Windows desktop.ini +!:mime application/x-wine-extension-ini +#!:mime text/plain +# http://support.microsoft.com/kb/84709/ +>>&0 regex/c \^(don't\ load)] Windows CONTROL.INI +!:mime application/x-wine-extension-ini +>>&0 regex/c \^(ndishlp\\$|protman\\$|NETBEUI\\$)] Windows PROTOCOL.INI +!:mime application/x-wine-extension-ini +# http://technet.microsoft.com/en-us/library/cc722567.aspx +# http://www.winfaq.de/faq_html/Content/tip0000/onlinefaq.php?h=tip0137.htm +>>&0 regex/c \^(windows|Compatibility|embedding)] Windows WIN.INI +!:mime application/x-wine-extension-ini +# http://en.wikipedia.org/wiki/SYSTEM.INI +>>&0 regex/c \^(boot|386enh|drivers)] Windows SYSTEM.INI +!:mime application/x-wine-extension-ini +# http://www.mdgx.com/newtip6.htm +>>&0 regex/c \^(SafeList)] Windows IOS.INI +!:mime application/x-wine-extension-ini +# http://en.wikipedia.org/wiki/NTLDR Windows Boot Loader information +>>&0 regex/c \^(boot\x20loader)] Windows boot.ini +!:mime application/x-wine-extension-ini +>>>&0 ubyte x +# http://en.wikipedia.org/wiki/CONFIG.SYS +>>&0 regex/c \^(menu)]\r\n MS-DOS CONFIG.SYS +# http://support.microsoft.com/kb/118579/ +>>&0 regex/c \^(Paths)]\r\n MS-DOS MSDOS.SYS +# VERS string unicoded case-independent +>>&0 ubequad&0xFFdfFFdfFFdfFFdf 0x0056004500520053 +# ION] string unicoded case-independent +>>>&0 ubequad&0xFFdfFFdfFFdfFFff 0x0049004f004e005d Windows setup INFormation +!:mime application/x-setupscript +# STRI string unicoded case-independent +>>&0 ubequad&0xFFdfFFdfFFdfFFdf 0x0053005400520049 +# NGS] string unicoded case-independent +>>>&0 ubequad&0xFFdfFFdfFFdfFFff 0x004e00470053005D Windows setup INFormation +!:mime application/x-setupscript +# unknown keyword after opening bracket +>>&0 default x +>>>&0 search/8192 [ +# version Strings FileIdentification +>>>>&0 string/c version Windows setup INFormation +!:mime application/x-setupscript +# VERS string unicoded case-independent +>>>>&0 ubequad&0xFFdfFFdfFFdfFFdf 0x0056004500520053 +# ION] string unicoded case-independent +>>>>>&0 ubequad&0xFFdfFFdfFFdfFFff 0x0049004f004e005d Windows setup INFormation +!:mime application/x-setupscript +# http://en.wikipedia.org/wiki/Initialization_file Windows Initialization File or other +#>>>>&0 default x Generic INItialization configuration +#!:mime application/x-wine-extension-ini + +# Windows Precompiled INF files *.PNF added by Joerg Jenderek at Mar 2013 of _PNF_HEADER inf.h +# http://read.pudn.com/downloads3/sourcecode/windows/248345/win2k/private/windows/setup/setupapi/inf.h__.htm +# GRR: line below too general as it catches also PDP-11 UNIX/RT ldp +0 leshort&0xFeFe 0x0000 +# test for unused null bits in PNF_FLAGs +>4 ulelong&0xFCffFe00 0x00000000 +# only found 58h for Offset of WinDirPath immediately after _PNF_HEADER structure +>>68 ulelong >0x57 +# test for zero high byte of InfValueBlockSize, followed by WinDirPath like +# C:\WINDOWS (ASCII 0x433a5c.. , unicode 0x43003a005c..) or X:\MININT +>>>(68.l-1) ubelong&0xffE0C519 =0x00400018 Windows Precompiled iNF +!:mime application/x-pnf +# currently only found Major Version=1 and Minor Version=1 +#>>>>0 uleshort =0x0101 +#>>>>>1 ubyte x \b, version %u +#>>>>>0 ubyte x \b.%u +>>>>0 uleshort !0x0101 +>>>>>1 ubyte x \b, version %u +>>>>>0 ubyte x \b.%u +# 1 ,2 (windows 98 SE) +#>>>>2 uleshort =2 \b, InfStyle %u +>>>>2 uleshort !2 \b, InfStyle %u +# PNF_FLAG_IS_UNICODE 0x00000001 +# PNF_FLAG_HAS_STRINGS 0x00000002 +# PNF_FLAG_SRCPATH_IS_URL 0x00000004 +# PNF_FLAG_HAS_VOLATILE_DIRIDS 0x00000008 +# PNF_FLAG_INF_VERIFIED 0x00000010 +# PNF_FLAG_INF_DIGITALLY_SIGNED 0x00000020 +# ?? 0x00000100 +# ?? 0x01000000 +# ?? 0x02000000 +>>>>4 ulelong&0x00000001 0x00000001 \b, unicoded +>>>>4 ulelong&0x00000020 0x00000020 \b, digitally signed +#>>>>8 ulelong x \b, InfSubstValueListOffset 0x%x +# many 0, 1 lmouusb.PNF, 2 linkfx10.PNF , f webfdr16.PNF +#>>>>12 uleshort x \b, InfSubstValueCount 0x%x +# only < 9 found +#>>>>14 uleshort x \b, InfVersionDatumCount 0x%x +# only found values lower 0x0000ffff +#>>>>16 ulelong x \b, InfVersionDataSize 0x%x +# only found positive values lower 0x00ffFFff for InfVersionDataOffset +>>>>20 ulelong x \b, at 0x%x +>>>>4 ulelong&0x00000001 =0x00000001 +# case independent: CatalogFile Class DriverVer layoutfile LayoutFile SetupClass signature Signature +>>>>>(20.l) lestring16 x "%s" +>>>>4 ulelong&0x00000001 !0x00000001 +>>>>>(20.l) string x "%s" +# FILETIME is number of 100-nanosecond intervals since 1 January 1601 +#>>>>24 ulequad x \b, InfVersionLastWriteTime %16.16llx +# only found values lower 0x00ffFFff +#>>>>32 ulelong x \b, StringTableBlockOffset 0x%x +#>>>>36 ulelong x \b, StringTableBlockSize 0x%x +#>>>>40 ulelong x \b, InfSectionCount 0x%x +#>>>>44 ulelong x \b, InfSectionBlockOffset 0x%x +#>>>>48 ulelong x \b, InfSectionBlockSize 0x%x +#>>>>52 ulelong x \b, InfLineBlockOffset 0x%x +#>>>>56 ulelong x \b, InfLineBlockSize 0x%x +#>>>>60 ulelong x \b, InfValueBlockOffset 0x%x +#>>>>64 ulelong x \b, InfValueBlockSize 0x%x +# WinDirPathOffset +#>>>>68 ulelong x \b, at 0x%x +>>>>68 ulelong >0x57 +>>>>>4 ulelong&0x00000001 =0x00000001 +>>>>>>(68.l) ubequad =0x43003a005c005700 +# normally unicoded C:\Windows +#>>>>>>>(68.l) lestring16 x \b, WinDirPath "%s" +>>>>>>(68.l) ubequad !0x43003a005c005700 +>>>>>>>(68.l) lestring16 x \b, WinDirPath "%s" +>>>>>4 ulelong&0x00000001 !0x00000001 +# normally ASCII C:\WINDOWS +#>>>>>>(68.l) string =C:\\WINDOWS \b, WinDirPath "%s" +>>>>>>(68.l) string !C:\\WINDOWS \b, WinDirPath "%s" +# found OsLoaderPathOffset values often 0 , once 70h corelist.PNF, once 68h ASCII machine.PNF +#>>>>72 ulelong >0 \b, at 0x%x +>>>>72 ulelong >0 \b, +>>>>>4 ulelong&0x00000001 =0x00000001 +>>>>>>(72.l) lestring16 x OsLoaderPath "%s" +>>>>>4 ulelong&0x00000001 !0x00000001 +# seldom C:\ instead empty +>>>>>>(72.l) string x OsLoaderPath "%s" +# 1fdh +#>>>>76 uleshort x \b, StringTableHashBucketCount 0x%x +>>>>78 uleshort !0x407 \b, LanguageId %x +# only 407h found +#>>>>78 uleshort =0x407 \b, LanguageId %x +# InfSourcePathOffset often 0 +#>>>>80 ulelong >0 \b, at 0x%x +>>>>80 ulelong >0 \b, +>>>>>4 ulelong&0x00000001 =0x00000001 +>>>>>>(80.l) lestring16 x SourcePath "%s" +>>>>>4 ulelong&0x00000001 !0x00000001 +>>>>>>(80.l) string >\0 SourcePath "%s" +# OriginalInfNameOffset often 0 +#>>>>84 ulelong >0 \b, at 0x%x +>>>>84 ulelong >0 \b, +>>>>>4 ulelong&0x00000001 =0x00000001 +>>>>>>(84.l) lestring16 x InfName "%s" +>>>>>4 ulelong&0x00000001 !0x00000001 +>>>>>>(84.l) string >\0 InfName "%s" + diff --git a/contrib/file/magic/Magdir/wordprocessors b/contrib/file/magic/Magdir/wordprocessors index 0ee4723a42..951f6035d9 100644 --- a/contrib/file/magic/Magdir/wordprocessors +++ b/contrib/file/magic/Magdir/wordprocessors @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: wordprocessors,v 1.15 2010/09/20 19:19:17 rrt Exp $ +# $File: wordprocessors,v 1.18 2013/06/03 19:07:29 christos Exp $ # wordprocessors: file(1) magic fo word processors. # ####### PWP file format used on Smith Corona Personal Word Processors: @@ -110,7 +110,7 @@ 512 string R\0o\0o\0t\0 Hangul (Korean) Word Processor File 2000 !:mime application/x-hwp -# CosmicBook, from Benoît Rouits +# CosmicBook, from Benoit Rouits 0 string CSBK Ted Neslson's CosmicBook hypertext file 2 string EYWR AmigaWriter file @@ -156,8 +156,17 @@ 0 string/w \ +0 string/w \= 5.05, see http://mx.gw.com/pipermail/file/2010/000683.html -# By Elan Ruusamäe , Patryk Zawadzki , 2010-2011 +# By Elan Ruusamae , Patryk Zawadzki , 2010-2011 0 string wsdl PHP WSDL cache, >4 byte x version 0x%02x >6 ledate x \b, created %s diff --git a/contrib/file/magic/Magdir/xilinx b/contrib/file/magic/Magdir/xilinx index 26efb1baeb..2c97d11dde 100644 --- a/contrib/file/magic/Magdir/xilinx +++ b/contrib/file/magic/Magdir/xilinx @@ -1,35 +1,40 @@ #------------------------------------------------------------------------------ -# $File: xilinx,v 1.4 2009/09/19 16:28:13 christos Exp $ +# $File: xilinx,v 1.6 2013/11/19 23:15:13 christos Exp $ # This is Aaron's attempt at a MAGIC file for Xilinx .bit files. # Xilinx-Magic@RevRagnarok.com # Got the info from FPGA-FAQ 0026 # +# Rewritten to use pstring/H instead of hardcoded lengths by O. Freyermuth, +# fixes at least reading of bitfiles from Spartan 2, 3, 6. +# http://www.fpga-faq.com/FAQ_Pages/0026_Tell_me_about_bit_files.htm +# # First there is the sync header and its length 0 beshort 0x0009 >2 belong =0x0ff00ff0 >>&0 belong =0x0ff00ff0 ->>>&0 beshort =0x0000 ->>>>&0 pstring a Xilinx BIT data +>>>&0 byte =0x00 +>>>&1 beshort =0x0001 +>>>&3 string a Xilinx BIT data # Next is a Pascal-style string with the NCD name. We want to capture that. ->>>>0x0F pstring x - from %s -# It is followed by a NUL ->>>>>&1 byte 0x00 +>>>>&0 pstring/H x - from %s # And then 'b' ->>>>>&2 string b -# With the part number: -#>>>>>&5 string 4v (Virtex4) -#>>>>>&5 string 2v (Virtex II -#>>>>>>&0 string !p \b) -#>>>>>>&0 string p Pro) ->>>>>&4 pstring x - for %s -# And then NUL / 'c' / Build Data / NUL / 'd' / Date / NUL / 'e' / Data Length ->>>>>>&1 byte 0x00 ->>>>>>&2 string c ->>>>>>&4 pstring x - built %s ->>>>>>>&1 byte 0x00 ->>>>>>>&2 string d ->>>>>>>&4 pstring x \b(%s) ->>>>>>>>&1 byte 0x00 ->>>>>>>>&2 string e ->>>>>>>>&4 belong x - data length 0x%lx +>>>>>&1 string b +# Then the model / part number: +>>>>>>&0 pstring/H x - for %s +# Then 'c' +>>>>>>>&1 string c +# Then the build-date +>>>>>>>>&0 pstring/H x - built %s +# Then 'd' +>>>>>>>>>&1 string d +# Then the build-time +>>>>>>>>>>&0 pstring/H x \b(%s) +# Then 'e' +>>>>>>>>>>>&1 string e +# And length of data +>>>>>>>>>>>>&0 belong x - data length 0x%lx + +# Raw bitstream files +0 long 0xffffffff +>&0 belong 0xaa995566 Xilinx RAW bitstream (.BIN) diff --git a/contrib/file/magic/Magdir/xwindows b/contrib/file/magic/Magdir/xwindows index 93126fbaa8..6ebe676238 100644 --- a/contrib/file/magic/Magdir/xwindows +++ b/contrib/file/magic/Magdir/xwindows @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: xwindows,v 1.7 2011/05/03 01:44:17 christos Exp $ +# $File: xwindows,v 1.8 2013/02/08 17:25:57 christos Exp $ # xwindows: file(1) magic for various X/Window system file formats. # Compiled X Keymap @@ -10,7 +10,7 @@ >0 byte =0 obsolete 0 string xkm Compiled XKB Keymap: msb, >3 byte >0 version %d ->0 byte =0 obsolete +>3 byte =0 obsolete # xfsdump archive 0 string xFSdump0 xfsdump archive diff --git a/contrib/file/src/apprentice.c b/contrib/file/src/apprentice.c index b33066933a..7400c57185 100644 --- a/contrib/file/src/apprentice.c +++ b/contrib/file/src/apprentice.c @@ -32,7 +32,7 @@ #include "file.h" #ifndef lint -FILE_RCSID("@(#)$File: apprentice.c,v 1.173 2011/12/08 12:38:24 rrt Exp $") +FILE_RCSID("@(#)$File: apprentice.c,v 1.202 2014/03/14 18:48:11 christos Exp $") #endif /* lint */ #include "magic.h" @@ -40,6 +40,9 @@ FILE_RCSID("@(#)$File: apprentice.c,v 1.173 2011/12/08 12:38:24 rrt Exp $") #ifdef HAVE_UNISTD_H #include #endif +#ifdef HAVE_STDDEF_H +#include +#endif #include #include #include @@ -48,6 +51,15 @@ FILE_RCSID("@(#)$File: apprentice.c,v 1.173 2011/12/08 12:38:24 rrt Exp $") #include #endif #include +#if defined(HAVE_LIMITS_H) +#include +#endif + +#ifndef SSIZE_MAX +#define MAXMAGIC_SIZE ((ssize_t)0x7fffffff) +#else +#define MAXMAGIC_SIZE SSIZE_MAX +#endif #define EATAB {while (isascii((unsigned char) *l) && \ isspace((unsigned char) *l)) ++l;} @@ -71,12 +83,28 @@ FILE_RCSID("@(#)$File: apprentice.c,v 1.173 2011/12/08 12:38:24 rrt Exp $") #define MAP_FILE 0 #endif +#define ALLOC_CHUNK (size_t)10 +#define ALLOC_INCR (size_t)200 + struct magic_entry { struct magic *mp; uint32_t cont_count; uint32_t max_count; }; +struct magic_entry_set { + struct magic_entry *me; + uint32_t count; + uint32_t max; +}; + +struct magic_map { + void *p; + size_t len; + struct magic *magic[MAGIC_SETS]; + uint32_t nmagic[MAGIC_SETS]; +}; + int file_formats[FILE_NAMES_SIZE]; const size_t file_nformats = FILE_NAMES_SIZE; const char *file_names[FILE_NAMES_SIZE]; @@ -86,24 +114,26 @@ private int getvalue(struct magic_set *ms, struct magic *, const char **, int); private int hextoint(int); private const char *getstr(struct magic_set *, struct magic *, const char *, int); -private int parse(struct magic_set *, struct magic_entry **, uint32_t *, - const char *, size_t, int); +private int parse(struct magic_set *, struct magic_entry *, const char *, + size_t, int); private void eatsize(const char **); -private int apprentice_1(struct magic_set *, const char *, int, struct mlist *); +private int apprentice_1(struct magic_set *, const char *, int); private size_t apprentice_magic_strength(const struct magic *); private int apprentice_sort(const void *, const void *); private void apprentice_list(struct mlist *, int ); -private int apprentice_load(struct magic_set *, struct magic **, uint32_t *, +private struct magic_map *apprentice_load(struct magic_set *, const char *, int); +private struct mlist *mlist_alloc(void); +private void mlist_free(struct mlist *); private void byteswap(struct magic *, uint32_t); private void bs1(struct magic *); private uint16_t swap2(uint16_t); private uint32_t swap4(uint32_t); private uint64_t swap8(uint64_t); private char *mkdbname(struct magic_set *, const char *, int); -private int apprentice_map(struct magic_set *, struct magic **, uint32_t *, - const char *); -private int apprentice_compile(struct magic_set *, struct magic **, uint32_t *, +private struct magic_map *apprentice_map(struct magic_set *, const char *); +private void apprentice_unmap(struct magic_map *); +private int apprentice_compile(struct magic_set *, struct magic_map *, const char *); private int check_format_type(const char *, int); private int check_format(struct magic_set *, struct magic *); @@ -113,7 +143,6 @@ private int parse_strength(struct magic_set *, struct magic_entry *, const char private int parse_apple(struct magic_set *, struct magic_entry *, const char *); -private size_t maxmagic = 0; private size_t magicsize = sizeof(struct magic); private const char usg_hdr[] = "cont\toffset\ttype\topcode\tmask\tvalue\tdesc"; @@ -164,17 +193,27 @@ main(int argc, char *argv[]) } #endif /* COMPILE_ONLY */ -static const struct type_tbl_s { +struct type_tbl_s { const char name[16]; const size_t len; const int type; const int format; -} type_tbl[] = { +}; + +/* + * XXX - the actual Single UNIX Specification says that "long" means "long", + * as in the C data type, but we treat it as meaning "4-byte integer". + * Given that the OS X version of file 5.04 did the same, I guess that passes + * the actual test; having "long" be dependent on how big a "long" is on + * the machine running "file" is silly. + */ +static const struct type_tbl_s type_tbl[] = { # define XX(s) s, (sizeof(s) - 1) # define XX_NULL "", 0 + { XX("invalid"), FILE_INVALID, FILE_FMT_NONE }, { XX("byte"), FILE_BYTE, FILE_FMT_NUM }, { XX("short"), FILE_SHORT, FILE_FMT_NUM }, - { XX("default"), FILE_DEFAULT, FILE_FMT_STR }, + { XX("default"), FILE_DEFAULT, FILE_FMT_NONE }, { XX("long"), FILE_LONG, FILE_FMT_NUM }, { XX("string"), FILE_STRING, FILE_FMT_STR }, { XX("date"), FILE_DATE, FILE_FMT_STR }, @@ -212,18 +251,34 @@ static const struct type_tbl_s { { XX("ledouble"), FILE_LEDOUBLE, FILE_FMT_DOUBLE }, { XX("leid3"), FILE_LEID3, FILE_FMT_NUM }, { XX("beid3"), FILE_BEID3, FILE_FMT_NUM }, - { XX("indirect"), FILE_INDIRECT, FILE_FMT_NONE }, + { XX("indirect"), FILE_INDIRECT, FILE_FMT_NUM }, + { XX("qwdate"), FILE_QWDATE, FILE_FMT_STR }, + { XX("leqwdate"), FILE_LEQWDATE, FILE_FMT_STR }, + { XX("beqwdate"), FILE_BEQWDATE, FILE_FMT_STR }, + { XX("name"), FILE_NAME, FILE_FMT_NONE }, + { XX("use"), FILE_USE, FILE_FMT_NONE }, + { XX("clear"), FILE_CLEAR, FILE_FMT_NONE }, + { XX_NULL, FILE_INVALID, FILE_FMT_NONE }, +}; + +/* + * These are not types, and cannot be preceded by "u" to make them + * unsigned. + */ +static const struct type_tbl_s special_tbl[] = { + { XX("name"), FILE_NAME, FILE_FMT_STR }, + { XX("use"), FILE_USE, FILE_FMT_STR }, { XX_NULL, FILE_INVALID, FILE_FMT_NONE }, +}; # undef XX # undef XX_NULL -}; private int -get_type(const char *l, const char **t) +get_type(const struct type_tbl_s *tbl, const char *l, const char **t) { const struct type_tbl_s *p; - for (p = type_tbl; p->len; p++) { + for (p = tbl; p->len; p++) { if (strncmp(l, p->name, p->len) == 0) { if (t) *t = l + p->len; @@ -233,6 +288,91 @@ get_type(const char *l, const char **t) return p->type; } +private int +get_standard_integer_type(const char *l, const char **t) +{ + int type; + + if (isalpha((unsigned char)l[1])) { + switch (l[1]) { + case 'C': + /* "dC" and "uC" */ + type = FILE_BYTE; + break; + case 'S': + /* "dS" and "uS" */ + type = FILE_SHORT; + break; + case 'I': + case 'L': + /* + * "dI", "dL", "uI", and "uL". + * + * XXX - the actual Single UNIX Specification says + * that "L" means "long", as in the C data type, + * but we treat it as meaning "4-byte integer". + * Given that the OS X version of file 5.04 did + * the same, I guess that passes the actual SUS + * validation suite; having "dL" be dependent on + * how big a "long" is on the machine running + * "file" is silly. + */ + type = FILE_LONG; + break; + case 'Q': + /* "dQ" and "uQ" */ + type = FILE_QUAD; + break; + default: + /* "d{anything else}", "u{anything else}" */ + return FILE_INVALID; + } + l += 2; + } else if (isdigit((unsigned char)l[1])) { + /* + * "d{num}" and "u{num}"; we only support {num} values + * of 1, 2, 4, and 8 - the Single UNIX Specification + * doesn't say anything about whether arbitrary + * values should be supported, but both the Solaris 10 + * and OS X Mountain Lion versions of file passed the + * Single UNIX Specification validation suite, and + * neither of them support values bigger than 8 or + * non-power-of-2 values. + */ + if (isdigit((unsigned char)l[2])) { + /* Multi-digit, so > 9 */ + return FILE_INVALID; + } + switch (l[1]) { + case '1': + type = FILE_BYTE; + break; + case '2': + type = FILE_SHORT; + break; + case '4': + type = FILE_LONG; + break; + case '8': + type = FILE_QUAD; + break; + default: + /* XXX - what about 3, 5, 6, or 7? */ + return FILE_INVALID; + } + l += 2; + } else { + /* + * "d" or "u" by itself. + */ + type = FILE_LONG; + ++l; + } + if (t) + *t = l; + return type; +} + private void init_file_tables(void) { @@ -248,73 +388,77 @@ init_file_tables(void) file_names[p->type] = p->name; file_formats[p->type] = p->format; } + assert(p - type_tbl == FILE_NAMES_SIZE); +} + +private int +add_mlist(struct mlist *mlp, struct magic_map *map, size_t idx) +{ + struct mlist *ml; + + if ((ml = CAST(struct mlist *, malloc(sizeof(*ml)))) == NULL) + return -1; + + ml->map = idx == 0 ? map : NULL; + ml->magic = map->magic[idx]; + ml->nmagic = map->nmagic[idx]; + + mlp->prev->next = ml; + ml->prev = mlp->prev; + ml->next = mlp; + mlp->prev = ml; + return 0; } /* * Handle one file or directory. */ private int -apprentice_1(struct magic_set *ms, const char *fn, int action, - struct mlist *mlist) +apprentice_1(struct magic_set *ms, const char *fn, int action) { - struct magic *magic = NULL; - uint32_t nmagic = 0; struct mlist *ml; - int rv = -1; - int mapped; + struct magic_map *map; + size_t i; if (magicsize != FILE_MAGICSIZE) { file_error(ms, 0, "magic element size %lu != %lu", - (unsigned long)sizeof(*magic), + (unsigned long)sizeof(*map->magic[0]), (unsigned long)FILE_MAGICSIZE); return -1; } if (action == FILE_COMPILE) { - rv = apprentice_load(ms, &magic, &nmagic, fn, action); - if (rv != 0) + map = apprentice_load(ms, fn, action); + if (map == NULL) return -1; - rv = apprentice_compile(ms, &magic, &nmagic, fn); - free(magic); - return rv; + return apprentice_compile(ms, map, fn); } #ifndef COMPILE_ONLY - if ((rv = apprentice_map(ms, &magic, &nmagic, fn)) == -1) { + map = apprentice_map(ms, fn); + if (map == NULL) { if (ms->flags & MAGIC_CHECK) file_magwarn(ms, "using regular magic file `%s'", fn); - rv = apprentice_load(ms, &magic, &nmagic, fn, action); - if (rv != 0) + map = apprentice_load(ms, fn, action); + if (map == NULL) return -1; } - mapped = rv; - - if (magic == NULL) { - file_delmagic(magic, mapped, nmagic); - return -1; - } - - if ((ml = CAST(struct mlist *, malloc(sizeof(*ml)))) == NULL) { - file_delmagic(magic, mapped, nmagic); - file_oomem(ms, sizeof(*ml)); - return -1; + for (i = 0; i < MAGIC_SETS; i++) { + if (add_mlist(ms->mlist[i], map, i) == -1) { + file_oomem(ms, sizeof(*ml)); + apprentice_unmap(map); + return -1; + } } - ml->magic = magic; - ml->nmagic = nmagic; - ml->mapped = mapped; - - mlist->prev->next = ml; - ml->prev = mlist->prev; - ml->next = mlist; - mlist->prev = ml; - if (action == FILE_LIST) { - printf("Binary patterns:\n"); - apprentice_list(mlist, BINTEST); - printf("Text patterns:\n"); - apprentice_list(mlist, TEXTTEST); + for (i = 0; i < MAGIC_SETS; i++) { + printf("Set %zu:\nBinary patterns:\n", i); + apprentice_list(ms->mlist[i], BINTEST); + printf("Text patterns:\n"); + apprentice_list(ms->mlist[i], TEXTTEST); + } } return 0; @@ -322,57 +466,133 @@ apprentice_1(struct magic_set *ms, const char *fn, int action, } protected void -file_delmagic(struct magic *p, int type, size_t entries) +file_ms_free(struct magic_set *ms) { - if (p == NULL) + size_t i; + if (ms == NULL) + return; + for (i = 0; i < MAGIC_SETS; i++) + mlist_free(ms->mlist[i]); + free(ms->o.pbuf); + free(ms->o.buf); + free(ms->c.li); + free(ms); +} + +protected struct magic_set * +file_ms_alloc(int flags) +{ + struct magic_set *ms; + size_t i, len; + + if ((ms = CAST(struct magic_set *, calloc((size_t)1, + sizeof(struct magic_set)))) == NULL) + return NULL; + + if (magic_setflags(ms, flags) == -1) { + errno = EINVAL; + goto free; + } + + ms->o.buf = ms->o.pbuf = NULL; + len = (ms->c.len = 10) * sizeof(*ms->c.li); + + if ((ms->c.li = CAST(struct level_info *, malloc(len))) == NULL) + goto free; + + ms->event_flags = 0; + ms->error = -1; + for (i = 0; i < MAGIC_SETS; i++) + ms->mlist[i] = NULL; + ms->file = "unknown"; + ms->line = 0; + return ms; +free: + free(ms); + return NULL; +} + +private void +apprentice_unmap(struct magic_map *map) +{ + if (map == NULL) + return; + if (map->p == NULL) return; - switch (type) { - case 2: #ifdef QUICK - p--; - (void)munmap((void *)p, sizeof(*p) * (entries + 1)); - break; -#else - (void)&entries; - abort(); - /*NOTREACHED*/ + if (map->len) + (void)munmap(map->p, map->len); + else #endif - case 1: - p--; - /*FALLTHROUGH*/ - case 0: - free(p); - break; - default: - abort(); + free(map->p); + free(map); +} + +private struct mlist * +mlist_alloc(void) +{ + struct mlist *mlist; + if ((mlist = CAST(struct mlist *, calloc(1, sizeof(*mlist)))) == NULL) { + return NULL; + } + mlist->next = mlist->prev = mlist; + return mlist; +} + +private void +mlist_free(struct mlist *mlist) +{ + struct mlist *ml; + + if (mlist == NULL) + return; + + for (ml = mlist->next; ml != mlist;) { + struct mlist *next = ml->next; + if (ml->map) + apprentice_unmap(ml->map); + free(ml); + ml = next; } + free(ml); } /* const char *fn: list of magic files and directories */ -protected struct mlist * +protected int file_apprentice(struct magic_set *ms, const char *fn, int action) { char *p, *mfn; int file_err, errs = -1; - struct mlist *mlist; + size_t i; + + if (ms->mlist[0] != NULL) + file_reset(ms); if ((fn = magic_getpath(fn, action)) == NULL) - return NULL; + return -1; init_file_tables(); if ((mfn = strdup(fn)) == NULL) { file_oomem(ms, strlen(fn)); - return NULL; + return -1; } - fn = mfn; - if ((mlist = CAST(struct mlist *, malloc(sizeof(*mlist)))) == NULL) { - free(mfn); - file_oomem(ms, sizeof(*mlist)); - return NULL; + for (i = 0; i < MAGIC_SETS; i++) { + mlist_free(ms->mlist[i]); + if ((ms->mlist[i] = mlist_alloc()) == NULL) { + file_oomem(ms, sizeof(*ms->mlist[i])); + if (i != 0) { + --i; + do + mlist_free(ms->mlist[i]); + while (i != 0); + } + free(mfn); + return -1; + } } - mlist->next = mlist->prev = mlist; + fn = mfn; while (fn) { p = strchr(fn, PATHSEP); @@ -380,19 +600,94 @@ file_apprentice(struct magic_set *ms, const char *fn, int action) *p++ = '\0'; if (*fn == '\0') break; - file_err = apprentice_1(ms, fn, action, mlist); + file_err = apprentice_1(ms, fn, action); errs = MAX(errs, file_err); fn = p; } + + free(mfn); + if (errs == -1) { - free(mfn); - free(mlist); - mlist = NULL; - file_error(ms, 0, "could not find any magic files!"); - return NULL; + for (i = 0; i < MAGIC_SETS; i++) { + mlist_free(ms->mlist[i]); + ms->mlist[i] = NULL; + } + file_error(ms, 0, "could not find any valid magic files!"); + return -1; } - free(mfn); - return mlist; + +#if 0 + /* + * Always leave the database loaded + */ + if (action == FILE_LOAD) + return 0; + + for (i = 0; i < MAGIC_SETS; i++) { + mlist_free(ms->mlist[i]); + ms->mlist[i] = NULL; + } +#endif + + switch (action) { + case FILE_LOAD: + case FILE_COMPILE: + case FILE_CHECK: + case FILE_LIST: + return 0; + default: + file_error(ms, 0, "Invalid action %d", action); + return -1; + } +} + +/* + * Compute the real length of a magic expression, for the purposes + * of determining how "strong" a magic expression is (approximating + * how specific its matches are): + * - magic characters count 0 unless escaped. + * - [] expressions count 1 + * - {} expressions count 0 + * - regular characters or escaped magic characters count 1 + * - 0 length expressions count as one + */ +private size_t +nonmagic(const char *str) +{ + const char *p; + size_t rv = 0; + + for (p = str; *p; p++) + switch (*p) { + case '\\': /* Escaped anything counts 1 */ + if (!*++p) + p--; + rv++; + continue; + case '?': /* Magic characters count 0 */ + case '*': + case '.': + case '+': + case '^': + case '$': + continue; + case '[': /* Bracketed expressions count 1 the ']' */ + while (*p && *p != ']') + p++; + p--; + continue; + case '{': /* Braced expressions count 0 */ + while (*p && *p != '}') + p++; + if (!*p) + p--; + continue; + default: /* Anything else counts 1 */ + rv++; + continue; + } + + return rv == 0 ? 1 : rv; /* Return at least 1 */ } /* @@ -402,7 +697,7 @@ private size_t apprentice_magic_strength(const struct magic *m) { #define MULT 10 - size_t val = 2 * MULT; /* baseline strength */ + size_t v, val = 2 * MULT; /* baseline strength */ switch (m->type) { case FILE_DEFAULT: /* make sure this sorts last */ @@ -438,10 +733,14 @@ apprentice_magic_strength(const struct magic *m) break; case FILE_SEARCH: - case FILE_REGEX: val += m->vallen * MAX(MULT / m->vallen, 1); break; + case FILE_REGEX: + v = nonmagic(m->value.s); + val += v * MAX(MULT / v, 1); + break; + case FILE_DATE: case FILE_LEDATE: case FILE_BEDATE: @@ -465,12 +764,20 @@ apprentice_magic_strength(const struct magic *m) case FILE_QLDATE: case FILE_LEQLDATE: case FILE_BEQLDATE: + case FILE_QWDATE: + case FILE_LEQWDATE: + case FILE_BEQWDATE: case FILE_DOUBLE: case FILE_BEDOUBLE: case FILE_LEDOUBLE: val += 8 * MULT; break; + case FILE_INDIRECT: + case FILE_NAME: + case FILE_USE: + break; + default: val = 0; (void)fprintf(stderr, "Bad type %d\n", m->type); @@ -617,6 +924,9 @@ set_test_type(struct magic *mstart, struct magic *m) case FILE_QLDATE: case FILE_LEQLDATE: case FILE_BEQLDATE: + case FILE_QWDATE: + case FILE_LEQWDATE: + case FILE_BEQWDATE: case FILE_FLOAT: case FILE_BEFLOAT: case FILE_LEFLOAT: @@ -664,16 +974,41 @@ set_test_type(struct magic *mstart, struct magic *m) } } +private int +addentry(struct magic_set *ms, struct magic_entry *me, + struct magic_entry_set *mset) +{ + size_t i = me->mp->type == FILE_NAME ? 1 : 0; + if (mset[i].count == mset[i].max) { + struct magic_entry *mp; + + mset[i].max += ALLOC_INCR; + if ((mp = CAST(struct magic_entry *, + realloc(mset[i].me, sizeof(*mp) * mset[i].max))) == + NULL) { + file_oomem(ms, sizeof(*mp) * mset[i].max); + return -1; + } + (void)memset(&mp[mset[i].count], 0, sizeof(*mp) * + ALLOC_INCR); + mset[i].me = mp; + } + mset[i].me[mset[i].count++] = *me; + memset(me, 0, sizeof(*me)); + return 0; +} + /* * Load and parse one file. */ private void load_1(struct magic_set *ms, int action, const char *fn, int *errs, - struct magic_entry **marray, uint32_t *marraycount) + struct magic_entry_set *mset) { size_t lineno = 0, llen = 0; char *line = NULL; ssize_t len; + struct magic_entry me; FILE *f = fopen(ms->file = fn, "r"); if (f == NULL) { @@ -684,6 +1019,7 @@ load_1(struct magic_set *ms, int action, const char *fn, int *errs, return; } + memset(&me, 0, sizeof(me)); /* read and parse this file */ for (ms->line = 1; (len = getline(&line, &llen, f)) != -1; ms->line++) { @@ -713,15 +1049,14 @@ load_1(struct magic_set *ms, int action, const char *fn, int *errs, (*errs)++; continue; } - if (*marraycount == 0) { + if (me.mp == NULL) { file_error(ms, 0, "No current entry for :!%s type", bang[i].name); (*errs)++; continue; } - if ((*bang[i].fun)(ms, - &(*marray)[*marraycount - 1], + if ((*bang[i].fun)(ms, &me, line + bang[i].len + 2) != 0) { (*errs)++; continue; @@ -730,12 +1065,21 @@ load_1(struct magic_set *ms, int action, const char *fn, int *errs, } /*FALLTHROUGH*/ default: - if (parse(ms, marray, marraycount, line, lineno, - action) != 0) + again: + switch (parse(ms, &me, line, lineno, action)) { + case 0: + continue; + case 1: + (void)addentry(ms, &me, mset); + goto again; + default: (*errs)++; - break; + break; + } } } + if (me.mp) + (void)addentry(ms, &me, mset); free(line); (void)fclose(f); } @@ -750,28 +1094,120 @@ cmpstrp(const void *p1, const void *p2) return strcmp(*(char *const *)p1, *(char *const *)p2); } + +private uint32_t +set_text_binary(struct magic_set *ms, struct magic_entry *me, uint32_t nme, + uint32_t starttest) +{ + static const char text[] = "text"; + static const char binary[] = "binary"; + static const size_t len = sizeof(text); + + uint32_t i = starttest; + + do { + set_test_type(me[starttest].mp, me[i].mp); + if ((ms->flags & MAGIC_DEBUG) == 0) + continue; + (void)fprintf(stderr, "%s%s%s: %s\n", + me[i].mp->mimetype, + me[i].mp->mimetype[0] == '\0' ? "" : "; ", + me[i].mp->desc[0] ? me[i].mp->desc : "(no description)", + me[i].mp->flag & BINTEST ? binary : text); + if (me[i].mp->flag & BINTEST) { + char *p = strstr(me[i].mp->desc, text); + if (p && (p == me[i].mp->desc || + isspace((unsigned char)p[-1])) && + (p + len - me[i].mp->desc == MAXstring + || (p[len] == '\0' || + isspace((unsigned char)p[len])))) + (void)fprintf(stderr, "*** Possible " + "binary test for text type\n"); + } + } while (++i < nme && me[i].mp->cont_level != 0); + return i; +} + +private void +set_last_default(struct magic_set *ms, struct magic_entry *me, uint32_t nme) +{ + uint32_t i; + for (i = 0; i < nme; i++) { + if (me[i].mp->cont_level == 0 && + me[i].mp->type == FILE_DEFAULT) { + while (++i < nme) + if (me[i].mp->cont_level == 0) + break; + if (i != nme) { + /* XXX - Ugh! */ + ms->line = me[i].mp->lineno; + file_magwarn(ms, + "level 0 \"default\" did not sort last"); + } + return; + } + } +} + private int -apprentice_load(struct magic_set *ms, struct magic **magicp, uint32_t *nmagicp, - const char *fn, int action) +coalesce_entries(struct magic_set *ms, struct magic_entry *me, uint32_t nme, + struct magic **ma, uint32_t *nma) +{ + uint32_t i, mentrycount = 0; + size_t slen; + + for (i = 0; i < nme; i++) + mentrycount += me[i].cont_count; + + slen = sizeof(**ma) * mentrycount; + if ((*ma = CAST(struct magic *, malloc(slen))) == NULL) { + file_oomem(ms, slen); + return -1; + } + + mentrycount = 0; + for (i = 0; i < nme; i++) { + (void)memcpy(*ma + mentrycount, me[i].mp, + me[i].cont_count * sizeof(**ma)); + mentrycount += me[i].cont_count; + } + *nma = mentrycount; + return 0; +} + +private void +magic_entry_free(struct magic_entry *me, uint32_t nme) +{ + uint32_t i; + if (me == NULL) + return; + for (i = 0; i < nme; i++) + free(me[i].mp); + free(me); +} + +private struct magic_map * +apprentice_load(struct magic_set *ms, const char *fn, int action) { int errs = 0; - struct magic_entry *marray; - uint32_t marraycount, i, mentrycount = 0, starttest; - size_t slen, files = 0, maxfiles = 0; + uint32_t i, j; + size_t files = 0, maxfiles = 0; char **filearr = NULL, *mfn; struct stat st; + struct magic_map *map; + struct magic_entry_set mset[MAGIC_SETS]; DIR *dir; struct dirent *d; + memset(mset, 0, sizeof(mset)); ms->flags |= MAGIC_CHECK; /* Enable checks for parsed files */ - maxmagic = MAXMAGIS; - if ((marray = CAST(struct magic_entry *, calloc(maxmagic, - sizeof(*marray)))) == NULL) { - file_oomem(ms, maxmagic * sizeof(*marray)); - return -1; + + if ((map = CAST(struct magic_map *, calloc(1, sizeof(*map)))) == NULL) + { + file_oomem(ms, sizeof(*map)); + return NULL; } - marraycount = 0; /* print silly verbose header for USG compat. */ if (action == FILE_CHECK) @@ -814,100 +1250,54 @@ apprentice_load(struct magic_set *ms, struct magic **magicp, uint32_t *nmagicp, closedir(dir); qsort(filearr, files, sizeof(*filearr), cmpstrp); for (i = 0; i < files; i++) { - load_1(ms, action, filearr[i], &errs, &marray, - &marraycount); + load_1(ms, action, filearr[i], &errs, mset); free(filearr[i]); } free(filearr); } else - load_1(ms, action, fn, &errs, &marray, &marraycount); + load_1(ms, action, fn, &errs, mset); if (errs) goto out; - /* Set types of tests */ - for (i = 0; i < marraycount; ) { - if (marray[i].mp->cont_level != 0) { - i++; - continue; - } - - starttest = i; - do { - static const char text[] = "text"; - static const char binary[] = "binary"; - static const size_t len = sizeof(text); - set_test_type(marray[starttest].mp, marray[i].mp); - if ((ms->flags & MAGIC_DEBUG) == 0) + for (j = 0; j < MAGIC_SETS; j++) { + /* Set types of tests */ + for (i = 0; i < mset[j].count; ) { + if (mset[j].me[i].mp->cont_level != 0) { + i++; continue; - (void)fprintf(stderr, "%s%s%s: %s\n", - marray[i].mp->mimetype, - marray[i].mp->mimetype[0] == '\0' ? "" : "; ", - marray[i].mp->desc[0] ? marray[i].mp->desc : - "(no description)", - marray[i].mp->flag & BINTEST ? binary : text); - if (marray[i].mp->flag & BINTEST) { - char *p = strstr(marray[i].mp->desc, text); - if (p && (p == marray[i].mp->desc || - isspace((unsigned char)p[-1])) && - (p + len - marray[i].mp->desc == - MAXstring || (p[len] == '\0' || - isspace((unsigned char)p[len])))) - (void)fprintf(stderr, "*** Possible " - "binary test for text type\n"); } - } while (++i < marraycount && marray[i].mp->cont_level != 0); - } - - qsort(marray, marraycount, sizeof(*marray), apprentice_sort); - - /* - * Make sure that any level 0 "default" line is last (if one exists). - */ - for (i = 0; i < marraycount; i++) { - if (marray[i].mp->cont_level == 0 && - marray[i].mp->type == FILE_DEFAULT) { - while (++i < marraycount) - if (marray[i].mp->cont_level == 0) - break; - if (i != marraycount) { - /* XXX - Ugh! */ - ms->line = marray[i].mp->lineno; - file_magwarn(ms, - "level 0 \"default\" did not sort last"); - } - break; + i = set_text_binary(ms, mset[j].me, mset[j].count, i); } - } + qsort(mset[j].me, mset[j].count, sizeof(*mset[j].me), + apprentice_sort); - for (i = 0; i < marraycount; i++) - mentrycount += marray[i].cont_count; + /* + * Make sure that any level 0 "default" line is last + * (if one exists). + */ + set_last_default(ms, mset[j].me, mset[j].count); - slen = sizeof(**magicp) * mentrycount; - if ((*magicp = CAST(struct magic *, malloc(slen))) == NULL) { - file_oomem(ms, slen); - errs++; - goto out; + /* coalesce per file arrays into a single one */ + if (coalesce_entries(ms, mset[j].me, mset[j].count, + &map->magic[j], &map->nmagic[j]) == -1) { + errs++; + goto out; + } } - mentrycount = 0; - for (i = 0; i < marraycount; i++) { - (void)memcpy(*magicp + mentrycount, marray[i].mp, - marray[i].cont_count * sizeof(**magicp)); - mentrycount += marray[i].cont_count; - } out: - for (i = 0; i < marraycount; i++) - free(marray[i].mp); - free(marray); + for (j = 0; j < MAGIC_SETS; j++) + magic_entry_free(mset[j].me, mset[j].count); + if (errs) { - *magicp = NULL; - *nmagicp = 0; - return errs; - } else { - *nmagicp = mentrycount; - return 0; + for (j = 0; j < MAGIC_SETS; j++) { + if (map->magic[j]) + free(map->magic[j]); + } + free(map); + return NULL; } - + return map; } /* @@ -953,10 +1343,13 @@ file_signextend(struct magic_set *ms, struct magic *m, uint64_t v) case FILE_LEQUAD: case FILE_QDATE: case FILE_QLDATE: + case FILE_QWDATE: case FILE_BEQDATE: case FILE_BEQLDATE: + case FILE_BEQWDATE: case FILE_LEQDATE: case FILE_LEQLDATE: + case FILE_LEQWDATE: case FILE_DOUBLE: case FILE_BEDOUBLE: case FILE_LEDOUBLE: @@ -970,6 +1363,9 @@ file_signextend(struct magic_set *ms, struct magic *m, uint64_t v) case FILE_SEARCH: case FILE_DEFAULT: case FILE_INDIRECT: + case FILE_NAME: + case FILE_USE: + case FILE_CLEAR: break; default: if (ms->flags & MAGIC_CHECK) @@ -1139,22 +1535,25 @@ check_cond(struct magic_set *ms, int cond, uint32_t cont_level) * parse one line from magic file, put into magic[index++] if valid */ private int -parse(struct magic_set *ms, struct magic_entry **mentryp, uint32_t *nmentryp, - const char *line, size_t lineno, int action) +parse(struct magic_set *ms, struct magic_entry *me, const char *line, + size_t lineno, int action) { #ifdef ENABLE_CONDITIONALS static uint32_t last_cont_level = 0; #endif size_t i; - struct magic_entry *me; struct magic *m; const char *l = line; char *t; int op; uint32_t cont_level; + int32_t diff; cont_level = 0; + /* + * Parse the offset. + */ while (*l == '>') { ++l; /* step over */ cont_level++; @@ -1165,16 +1564,21 @@ parse(struct magic_set *ms, struct magic_entry **mentryp, uint32_t *nmentryp, return -1; last_cont_level = cont_level; #endif - -#define ALLOC_CHUNK (size_t)10 -#define ALLOC_INCR (size_t)200 - if (cont_level != 0) { - if (*nmentryp == 0) { - file_error(ms, 0, "No current entry for continuation"); + if (me->mp == NULL) { + file_magerror(ms, "No current entry for continuation"); + return -1; + } + if (me->cont_count == 0) { + file_magerror(ms, "Continuations present with 0 count"); return -1; } - me = &(*mentryp)[*nmentryp - 1]; + m = &me->mp[me->cont_count - 1]; + diff = (int32_t)cont_level - (int32_t)m->cont_level; + if (diff > 1) + file_magwarn(ms, "New continuation level %u is more " + "than one larger than current level %u", cont_level, + m->cont_level); if (me->cont_count == me->max_count) { struct magic *nm; size_t cnt = me->max_count + ALLOC_CHUNK; @@ -1190,31 +1594,15 @@ parse(struct magic_set *ms, struct magic_entry **mentryp, uint32_t *nmentryp, (void)memset(m, 0, sizeof(*m)); m->cont_level = cont_level; } else { - if (*nmentryp == maxmagic) { - struct magic_entry *mp; - - maxmagic += ALLOC_INCR; - if ((mp = CAST(struct magic_entry *, - realloc(*mentryp, sizeof(*mp) * maxmagic))) == - NULL) { - file_oomem(ms, sizeof(*mp) * maxmagic); - return -1; - } - (void)memset(&mp[*nmentryp], 0, sizeof(*mp) * - ALLOC_INCR); - *mentryp = mp; + static const size_t len = sizeof(*m) * ALLOC_CHUNK; + if (me->mp != NULL) + return 1; + if ((m = CAST(struct magic *, malloc(len))) == NULL) { + file_oomem(ms, len); + return -1; } - me = &(*mentryp)[*nmentryp]; - if (me->mp == NULL) { - size_t len = sizeof(*m) * ALLOC_CHUNK; - if ((m = CAST(struct magic *, malloc(len))) == NULL) { - file_oomem(ms, len); - return -1; - } - me->mp = m; - me->max_count = ALLOC_CHUNK; - } else - m = me->mp; + me->mp = m; + me->max_count = ALLOC_CHUNK; (void)memset(m, 0, sizeof(*m)); m->factor_op = FILE_FACTOR_OP_NONE; m->cont_level = 0; @@ -1344,12 +1732,54 @@ parse(struct magic_set *ms, struct magic_entry **mentryp, uint32_t *nmentryp, EATAB; #endif + /* + * Parse the type. + */ if (*l == 'u') { - ++l; - m->flag |= UNSIGNED; + /* + * Try it as a keyword type prefixed by "u"; match what + * follows the "u". If that fails, try it as an SUS + * integer type. + */ + m->type = get_type(type_tbl, l + 1, &l); + if (m->type == FILE_INVALID) { + /* + * Not a keyword type; parse it as an SUS type, + * 'u' possibly followed by a number or C/S/L. + */ + m->type = get_standard_integer_type(l, &l); + } + // It's unsigned. + if (m->type != FILE_INVALID) + m->flag |= UNSIGNED; + } else { + /* + * Try it as a keyword type. If that fails, try it as + * an SUS integer type if it begins with "d" or as an + * SUS string type if it begins with "s". In any case, + * it's not unsigned. + */ + m->type = get_type(type_tbl, l, &l); + if (m->type == FILE_INVALID) { + /* + * Not a keyword type; parse it as an SUS type, + * either 'd' possibly followed by a number or + * C/S/L, or just 's'. + */ + if (*l == 'd') + m->type = get_standard_integer_type(l, &l); + else if (*l == 's' && !isalpha((unsigned char)l[1])) { + m->type = FILE_STRING; + ++l; + } + } } - m->type = get_type(l, &l); + if (m->type == FILE_INVALID) { + /* Not found - try it as a special keyword. */ + m->type = get_type(special_tbl, l, &l); + } + if (m->type == FILE_INVALID) { if (ms->flags & MAGIC_CHECK) file_magwarn(ms, "type `%s' invalid", l); @@ -1422,6 +1852,9 @@ parse(struct magic_set *ms, struct magic_entry **mentryp, uint32_t *nmentryp, case CHAR_TEXTTEST: m->str_flags |= STRING_TEXTTEST; break; + case CHAR_TRIM: + m->str_flags |= STRING_TRIM; + break; case CHAR_PSTRING_1_LE: if (m->type != FILE_PSTRING) goto bad; @@ -1564,8 +1997,6 @@ parse(struct magic_set *ms, struct magic_entry **mentryp, uint32_t *nmentryp, } #endif m->mimetype[0] = '\0'; /* initialise MIME type to none */ - if (m->cont_level == 0) - ++(*nmentryp); /* make room for next */ return 0; } @@ -1587,6 +2018,11 @@ parse_strength(struct magic_set *ms, struct magic_entry *me, const char *line) m->factor_op, m->factor); return -1; } + if (m->type == FILE_NAME) { + file_magwarn(ms, "%s: Strength setting is not supported in " + "\"name\" magic entries", m->value.s); + return -1; + } EATAB; switch (*l) { case FILE_FACTOR_OP_NONE: @@ -1623,33 +2059,43 @@ out: return -1; } -/* - * Parse an Apple CREATOR/TYPE annotation from magic file and put it into - * magic[index - 1] - */ private int -parse_apple(struct magic_set *ms, struct magic_entry *me, const char *line) +parse_extra(struct magic_set *ms, struct magic_entry *me, const char *line, + off_t off, size_t len, const char *name, int nt) { size_t i; const char *l = line; struct magic *m = &me->mp[me->cont_count == 0 ? 0 : me->cont_count - 1]; + char *buf = (char *)m + off; - if (m->apple[0] != '\0') { - file_magwarn(ms, "Current entry already has a APPLE type " - "`%.8s', new type `%s'", m->mimetype, l); + if (buf[0] != '\0') { + len = nt ? strlen(buf) : len; + file_magwarn(ms, "Current entry already has a %s type " + "`%.*s', new type `%s'", name, (int)len, buf, l); return -1; } + if (*m->desc == '\0') { + file_magwarn(ms, "Current entry does not yet have a " + "description for adding a %s type", name); + return -1; + } + EATAB; for (i = 0; *l && ((isascii((unsigned char)*l) && isalnum((unsigned char)*l)) || strchr("-+/.", *l)) && - i < sizeof(m->apple); m->apple[i++] = *l++) + i < len; buf[i++] = *l++) continue; - if (i == sizeof(m->apple) && *l) { - /* We don't need to NUL terminate here, printing handles it */ + + if (i == len && *l) { + if (nt) + buf[len - 1] = '\0'; if (ms->flags & MAGIC_CHECK) - file_magwarn(ms, "APPLE type `%s' truncated %" - SIZE_T_FORMAT "u", line, i); + file_magwarn(ms, "%s type `%s' truncated %" + SIZE_T_FORMAT "u", name, line, i); + } else { + if (nt) + buf[i] = '\0'; } if (i > 0) @@ -1658,6 +2104,19 @@ parse_apple(struct magic_set *ms, struct magic_entry *me, const char *line) return -1; } +/* + * Parse an Apple CREATOR/TYPE annotation from magic file and put it into + * magic[index - 1] + */ +private int +parse_apple(struct magic_set *ms, struct magic_entry *me, const char *line) +{ + struct magic *m = &me->mp[0]; + + return parse_extra(ms, me, line, offsetof(struct magic, apple), + sizeof(m->apple), "APPLE", 0); +} + /* * parse a MIME annotation line from magic file, put into magic[index - 1] * if valid @@ -1665,33 +2124,10 @@ parse_apple(struct magic_set *ms, struct magic_entry *me, const char *line) private int parse_mime(struct magic_set *ms, struct magic_entry *me, const char *line) { - size_t i; - const char *l = line; - struct magic *m = &me->mp[me->cont_count == 0 ? 0 : me->cont_count - 1]; - - if (m->mimetype[0] != '\0') { - file_magwarn(ms, "Current entry already has a MIME type `%s'," - " new type `%s'", m->mimetype, l); - return -1; - } - - EATAB; - for (i = 0; *l && ((isascii((unsigned char)*l) && - isalnum((unsigned char)*l)) || strchr("-+/.", *l)) && - i < sizeof(m->mimetype); m->mimetype[i++] = *l++) - continue; - if (i == sizeof(m->mimetype)) { - m->mimetype[sizeof(m->mimetype) - 1] = '\0'; - if (ms->flags & MAGIC_CHECK) - file_magwarn(ms, "MIME type `%s' truncated %" - SIZE_T_FORMAT "u", m->mimetype, i); - } else - m->mimetype[i] = '\0'; + struct magic *m = &me->mp[0]; - if (i > 0) - return 0; - else - return -1; + return parse_extra(ms, me, line, offsetof(struct magic, mimetype), + sizeof(m->mimetype), "MIME", 1); } private int @@ -1729,6 +2165,7 @@ check_format_type(const char *ptr, int type) case 'i': case 'd': case 'u': + case 'o': case 'x': case 'X': return 0; @@ -1743,6 +2180,7 @@ check_format_type(const char *ptr, int type) case 'i': case 'd': case 'u': + case 'o': case 'x': case 'X': return 0; @@ -1759,6 +2197,7 @@ check_format_type(const char *ptr, int type) case 'c': case 'd': case 'u': + case 'o': case 'x': case 'X': return 0; @@ -1887,6 +2326,8 @@ getvalue(struct magic_set *ms, struct magic *m, const char **p, int action) case FILE_PSTRING: case FILE_REGEX: case FILE_SEARCH: + case FILE_NAME: + case FILE_USE: *p = getstr(ms, m, *p, action == FILE_COMPILE); if (*p == NULL) { if (ms->flags & MAGIC_CHECK) @@ -2196,60 +2637,68 @@ eatsize(const char **p) /* * handle a compiled file. */ -private int -apprentice_map(struct magic_set *ms, struct magic **magicp, uint32_t *nmagicp, - const char *fn) + +private struct magic_map * +apprentice_map(struct magic_set *ms, const char *fn) { int fd; struct stat st; uint32_t *ptr; - uint32_t version; + uint32_t version, entries, nentries; int needsbyteswap; char *dbname = NULL; - void *mm = NULL; + struct magic_map *map; + size_t i; + + fd = -1; + if ((map = CAST(struct magic_map *, calloc(1, sizeof(*map)))) == NULL) { + file_oomem(ms, sizeof(*map)); + goto error; + } dbname = mkdbname(ms, fn, 0); if (dbname == NULL) - goto error2; + goto error; if ((fd = open(dbname, O_RDONLY|O_BINARY)) == -1) - goto error2; + goto error; if (fstat(fd, &st) == -1) { file_error(ms, errno, "cannot stat `%s'", dbname); - goto error1; + goto error; } - if (st.st_size < 8) { - file_error(ms, 0, "file `%s' is too small", dbname); - goto error1; + if (st.st_size < 8 || st.st_size > MAXMAGIC_SIZE) { + file_error(ms, 0, "file `%s' is too %s", dbname, + st.st_size < 8 ? "small" : "large"); + goto error; } + map->len = (size_t)st.st_size; #ifdef QUICK - if ((mm = mmap(0, (size_t)st.st_size, PROT_READ|PROT_WRITE, + if ((map->p = mmap(0, (size_t)st.st_size, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FILE, fd, (off_t)0)) == MAP_FAILED) { file_error(ms, errno, "cannot map `%s'", dbname); - goto error1; + goto error; } -#define RET 2 #else - if ((mm = CAST(void *, malloc((size_t)st.st_size))) == NULL) { - file_oomem(ms, (size_t)st.st_size); - goto error1; + if ((map->p = CAST(void *, malloc(map->len))) == NULL) { + file_oomem(ms, map->len); + goto error; } - if (read(fd, mm, (size_t)st.st_size) != (ssize_t)st.st_size) { + if (read(fd, map->p, map->len) != (ssize_t)map->len) { file_badread(ms); - goto error1; + goto error; } + map->len = 0; #define RET 1 #endif - *magicp = CAST(struct magic *, mm); (void)close(fd); fd = -1; - ptr = (uint32_t *)(void *)*magicp; + ptr = CAST(uint32_t *, map->p); if (*ptr != MAGICNO) { if (swap4(*ptr) != MAGICNO) { file_error(ms, 0, "bad magic in `%s'", dbname); - goto error1; + goto error; } needsbyteswap = 1; } else @@ -2262,55 +2711,70 @@ apprentice_map(struct magic_set *ms, struct magic **magicp, uint32_t *nmagicp, file_error(ms, 0, "File %s supports only version %d magic " "files. `%s' is version %d", VERSION, VERSIONNO, dbname, version); - goto error1; + goto error; + } + entries = (uint32_t)(st.st_size / sizeof(struct magic)); + if ((off_t)(entries * sizeof(struct magic)) != st.st_size) { + file_error(ms, 0, "Size of `%s' %llu is not a multiple of %zu", + dbname, (unsigned long long)st.st_size, + sizeof(struct magic)); + goto error; + } + map->magic[0] = CAST(struct magic *, map->p) + 1; + nentries = 0; + for (i = 0; i < MAGIC_SETS; i++) { + if (needsbyteswap) + map->nmagic[i] = swap4(ptr[i + 2]); + else + map->nmagic[i] = ptr[i + 2]; + if (i != MAGIC_SETS - 1) + map->magic[i + 1] = map->magic[i] + map->nmagic[i]; + nentries += map->nmagic[i]; + } + if (entries != nentries + 1) { + file_error(ms, 0, "Inconsistent entries in `%s' %u != %u", + dbname, entries, nentries + 1); + goto error; } - *nmagicp = (uint32_t)(st.st_size / sizeof(struct magic)); - if (*nmagicp > 0) - (*nmagicp)--; - (*magicp)++; if (needsbyteswap) - byteswap(*magicp, *nmagicp); + for (i = 0; i < MAGIC_SETS; i++) + byteswap(map->magic[i], map->nmagic[i]); free(dbname); - return RET; + return map; -error1: +error: if (fd != -1) (void)close(fd); - if (mm) { -#ifdef QUICK - (void)munmap((void *)mm, (size_t)st.st_size); -#else - free(mm); -#endif - } else { - *magicp = NULL; - *nmagicp = 0; - } -error2: + apprentice_unmap(map); free(dbname); - return -1; + return NULL; } private const uint32_t ar[] = { MAGICNO, VERSIONNO }; + /* * handle an mmaped file. */ private int -apprentice_compile(struct magic_set *ms, struct magic **magicp, - uint32_t *nmagicp, const char *fn) +apprentice_compile(struct magic_set *ms, struct magic_map *map, const char *fn) { + static const size_t nm = sizeof(*map->nmagic) * MAGIC_SETS; + static const size_t m = sizeof(**map->magic); int fd = -1; + size_t len; char *dbname; int rv = -1; + uint32_t i; dbname = mkdbname(ms, fn, 1); if (dbname == NULL) goto out; - if ((fd = open(dbname, O_WRONLY|O_CREAT|O_TRUNC|O_BINARY, 0644)) == -1) { + if ((fd = open(dbname, O_WRONLY|O_CREAT|O_TRUNC|O_BINARY, 0644)) == -1) + { file_error(ms, errno, "cannot open `%s'", dbname); goto out; } @@ -2320,18 +2784,26 @@ apprentice_compile(struct magic_set *ms, struct magic **magicp, goto out; } - if (lseek(fd, (off_t)sizeof(struct magic), SEEK_SET) - != sizeof(struct magic)) { - file_error(ms, errno, "error seeking `%s'", dbname); + if (write(fd, map->nmagic, nm) != (ssize_t)nm) { + file_error(ms, errno, "error writing `%s'", dbname); goto out; } - if (write(fd, *magicp, (sizeof(struct magic) * *nmagicp)) - != (ssize_t)(sizeof(struct magic) * *nmagicp)) { - file_error(ms, errno, "error writing `%s'", dbname); + assert(nm + sizeof(ar) < m); + + if (lseek(fd, (off_t)m, SEEK_SET) != (off_t)m) { + file_error(ms, errno, "error seeking `%s'", dbname); goto out; } + for (i = 0; i < MAGIC_SETS; i++) { + len = m * map->nmagic[i]; + if (write(fd, map->magic[i], len) != (ssize_t)len) { + file_error(ms, errno, "error writing `%s'", dbname); + goto out; + } + } + if (fd != -1) (void)close(fd); rv = 0; @@ -2370,14 +2842,16 @@ mkdbname(struct magic_set *ms, const char *fn, int strip) q++; /* Compatibility with old code that looked in .mime */ if (ms->flags & MAGIC_MIME) { - asprintf(&buf, "%.*s.mime%s", (int)(q - fn), fn, ext); + if (asprintf(&buf, "%.*s.mime%s", (int)(q - fn), fn, ext) < 0) + return NULL; if (access(buf, R_OK) != -1) { ms->flags &= MAGIC_MIME_TYPE; return buf; } free(buf); } - asprintf(&buf, "%.*s%s", (int)(q - fn), fn, ext); + if (asprintf(&buf, "%.*s%s", (int)(q - fn), fn, ext) < 0) + return NULL; /* Compatibility with old code that looked in .mime */ if (strstr(p, ".mime") != NULL) @@ -2524,3 +2998,30 @@ file_pstring_get_length(const struct magic *m, const char *s) return len; } + +protected int +file_magicfind(struct magic_set *ms, const char *name, struct mlist *v) +{ + uint32_t i, j; + struct mlist *mlist, *ml; + + mlist = ms->mlist[1]; + + for (ml = mlist->next; ml != mlist; ml = ml->next) { + struct magic *ma = ml->magic; + uint32_t nma = ml->nmagic; + for (i = 0; i < nma; i++) { + if (ma[i].type != FILE_NAME) + continue; + if (strcmp(ma[i].value.s, name) == 0) { + v->magic = &ma[i]; + for (j = i + 1; j < nma; j++) + if (ma[j].cont_level == 0) + break; + v->nmagic = j - i; + return 0; + } + } + } + return -1; +} diff --git a/contrib/file/src/ascmagic.c b/contrib/file/src/ascmagic.c index 5a1caacb5a..ca26665568 100644 --- a/contrib/file/src/ascmagic.c +++ b/contrib/file/src/ascmagic.c @@ -35,7 +35,7 @@ #include "file.h" #ifndef lint -FILE_RCSID("@(#)$File: ascmagic.c,v 1.84 2011/12/08 12:38:24 rrt Exp $") +FILE_RCSID("@(#)$File: ascmagic.c,v 1.88 2014/02/12 23:20:53 christos Exp $") #endif /* lint */ #include "magic.h" @@ -72,7 +72,7 @@ file_ascmagic(struct magic_set *ms, const unsigned char *buf, size_t nbytes, int text) { unichar *ubuf = NULL; - size_t ulen; + size_t ulen = 0; int rv = 1; const char *code = NULL; @@ -134,7 +134,7 @@ file_ascmagic_with_encoding(struct magic_set *ms, const unsigned char *buf, goto done; } - if ((ms->flags & MAGIC_NO_CHECK_SOFT) == 0) { + if (ulen > 0 && (ms->flags & MAGIC_NO_CHECK_SOFT) == 0) { /* Convert ubuf to UTF-8 and try text soft magic */ /* malloc size is a conservative overestimate; could be improved, or at least realloced after conversion. */ @@ -147,7 +147,7 @@ file_ascmagic_with_encoding(struct magic_set *ms, const unsigned char *buf, == NULL) goto done; if ((rv = file_softmagic(ms, utf8_buf, - (size_t)(utf8_end - utf8_buf), TEXTTEST, text)) == 0) + (size_t)(utf8_end - utf8_buf), 0, TEXTTEST, text)) == 0) rv = -1; } @@ -211,6 +211,7 @@ file_ascmagic_with_encoding(struct magic_set *ms, const unsigned char *buf, case 0: if (file_printf(ms, ", ") == -1) goto done; + break; case -1: goto done; default: diff --git a/contrib/file/src/cdf.c b/contrib/file/src/cdf.c index d05d279e53..a50e84232e 100644 --- a/contrib/file/src/cdf.c +++ b/contrib/file/src/cdf.c @@ -35,7 +35,7 @@ #include "file.h" #ifndef lint -FILE_RCSID("@(#)$File: cdf.c,v 1.50 2012/02/20 22:35:29 christos Exp $") +FILE_RCSID("@(#)$File: cdf.c,v 1.55 2014/02/27 23:26:17 christos Exp $") #endif #include @@ -268,10 +268,10 @@ cdf_check_stream_offset(const cdf_stream_t *sst, const cdf_header_t *h, const char *b = (const char *)sst->sst_tab; const char *e = ((const char *)p) + tail; (void)&line; - if (e >= b && (size_t)(e - b) < CDF_SEC_SIZE(h) * sst->sst_len) + if (e >= b && (size_t)(e - b) <= CDF_SEC_SIZE(h) * sst->sst_len) return 0; - DPRINTF(("%d: offset begin %p end %p %" SIZE_T_FORMAT "u" - " >= %" SIZE_T_FORMAT "u [%" SIZE_T_FORMAT "u %" + DPRINTF(("%d: offset begin %p < end %p || %" SIZE_T_FORMAT "u" + " > %" SIZE_T_FORMAT "u [%" SIZE_T_FORMAT "u %" SIZE_T_FORMAT "u]\n", line, b, e, (size_t)(e - b), CDF_SEC_SIZE(h) * sst->sst_len, CDF_SEC_SIZE(h), sst->sst_len)); errno = EFTYPE; @@ -296,10 +296,7 @@ cdf_read(const cdf_info_t *info, off_t off, void *buf, size_t len) if (info->i_fd == -1) return -1; - if (lseek(info->i_fd, off, SEEK_SET) == (off_t)-1) - return -1; - - if (read(info->i_fd, buf, len) != (ssize_t)len) + if (pread(info->i_fd, buf, len, off) != (ssize_t)len) return -1; return (ssize_t)len; @@ -678,11 +675,13 @@ out: int cdf_read_short_stream(const cdf_info_t *info, const cdf_header_t *h, - const cdf_sat_t *sat, const cdf_dir_t *dir, cdf_stream_t *scn) + const cdf_sat_t *sat, const cdf_dir_t *dir, cdf_stream_t *scn, + const cdf_directory_t **root) { size_t i; const cdf_directory_t *d; + *root = NULL; for (i = 0; i < dir->dir_len; i++) if (dir->dir_tab[i].d_type == CDF_DIR_TYPE_ROOT_STORAGE) break; @@ -691,6 +690,7 @@ cdf_read_short_stream(const cdf_info_t *info, const cdf_header_t *h, if (i == dir->dir_len) goto out; d = &dir->dir_tab[i]; + *root = d; /* If the it is not there, just fake it; some docs don't have it */ if (d->d_stream_first_sector < 0) @@ -1141,6 +1141,7 @@ cdf_dump_dir(const cdf_info_t *info, const cdf_header_t *h, "user stream", "lockbytes", "property", "root storage" }; for (i = 0; i < dir->dir_len; i++) { + char buf[26]; d = &dir->dir_tab[i]; for (j = 0; j < sizeof(name); j++) name[j] = (char)CDF_TOLE2(d->d_name[j]); @@ -1156,9 +1157,10 @@ cdf_dump_dir(const cdf_info_t *info, const cdf_header_t *h, (void)fprintf(stderr, "Right child: %d\n", d->d_right_child); (void)fprintf(stderr, "Flags: 0x%x\n", d->d_flags); cdf_timestamp_to_timespec(&ts, d->d_created); - (void)fprintf(stderr, "Created %s", cdf_ctime(&ts.tv_sec)); + (void)fprintf(stderr, "Created %s", cdf_ctime(&ts.tv_sec, buf)); cdf_timestamp_to_timespec(&ts, d->d_modified); - (void)fprintf(stderr, "Modified %s", cdf_ctime(&ts.tv_sec)); + (void)fprintf(stderr, "Modified %s", + cdf_ctime(&ts.tv_sec, buf)); (void)fprintf(stderr, "Stream %d\n", d->d_stream_first_sector); (void)fprintf(stderr, "Size %d\n", d->d_size); switch (d->d_type) { @@ -1236,9 +1238,10 @@ cdf_dump_property_info(const cdf_property_info_t *info, size_t count) cdf_print_elapsed_time(buf, sizeof(buf), tp); (void)fprintf(stderr, "timestamp %s\n", buf); } else { + char buf[26]; cdf_timestamp_to_timespec(&ts, tp); (void)fprintf(stderr, "timestamp %s", - cdf_ctime(&ts.tv_sec)); + cdf_ctime(&ts.tv_sec, buf)); } break; case CDF_CLIPBOARD: diff --git a/contrib/file/src/cdf.h b/contrib/file/src/cdf.h index 6fe2646e93..177868eb55 100644 --- a/contrib/file/src/cdf.h +++ b/contrib/file/src/cdf.h @@ -294,7 +294,8 @@ int cdf_read_dir(const cdf_info_t *, const cdf_header_t *, const cdf_sat_t *, int cdf_read_ssat(const cdf_info_t *, const cdf_header_t *, const cdf_sat_t *, cdf_sat_t *); int cdf_read_short_stream(const cdf_info_t *, const cdf_header_t *, - const cdf_sat_t *, const cdf_dir_t *, cdf_stream_t *); + const cdf_sat_t *, const cdf_dir_t *, cdf_stream_t *, + const cdf_directory_t **); int cdf_read_property_info(const cdf_stream_t *, const cdf_header_t *, uint32_t, cdf_property_info_t **, size_t *, size_t *); int cdf_read_summary_info(const cdf_info_t *, const cdf_header_t *, @@ -308,7 +309,7 @@ int cdf_print_elapsed_time(char *, size_t, cdf_timestamp_t); uint16_t cdf_tole2(uint16_t); uint32_t cdf_tole4(uint32_t); uint64_t cdf_tole8(uint64_t); -char *cdf_ctime(const time_t *); +char *cdf_ctime(const time_t *, char *); #ifdef CDF_DEBUG void cdf_dump_header(const cdf_header_t *); diff --git a/contrib/file/src/cdf_time.c b/contrib/file/src/cdf_time.c index 5061b46cd3..e18bc9c610 100644 --- a/contrib/file/src/cdf_time.c +++ b/contrib/file/src/cdf_time.c @@ -27,7 +27,7 @@ #include "file.h" #ifndef lint -FILE_RCSID("@(#)$File: cdf_time.c,v 1.11 2011/12/13 13:48:41 christos Exp $") +FILE_RCSID("@(#)$File: cdf_time.c,v 1.13 2014/02/25 20:52:02 christos Exp $") #endif #include @@ -166,29 +166,28 @@ cdf_timespec_to_timestamp(cdf_timestamp_t *t, const struct timespec *ts) } char * -cdf_ctime(const time_t *sec) +cdf_ctime(const time_t *sec, char *buf) { - static char ctbuf[26]; - char *ptr = ctime(sec); + char *ptr = ctime_r(sec, buf); if (ptr != NULL) - return ptr; - (void)snprintf(ctbuf, sizeof(ctbuf), "*Bad* 0x%16.16llx\n", - (long long)*sec); - return ctbuf; + return buf; + (void)snprintf(buf, 26, "*Bad* 0x%16.16llx\n", (long long)*sec); + return buf; } -#ifdef TEST +#ifdef TEST_TIME int main(int argc, char *argv[]) { struct timespec ts; + char buf[25]; static const cdf_timestamp_t tst = 0x01A5E403C2D59C00ULL; static const char *ref = "Sat Apr 23 01:30:00 1977"; char *p, *q; cdf_timestamp_to_timespec(&ts, tst); - p = cdf_ctime(&ts.tv_sec); + p = cdf_ctime(&ts.tv_sec, buf); if ((q = strchr(p, '\n')) != NULL) *q = '\0'; if (strcmp(ref, p) != 0) diff --git a/contrib/file/src/compress.c b/contrib/file/src/compress.c index 4308abfaa3..45251b1d40 100644 --- a/contrib/file/src/compress.c +++ b/contrib/file/src/compress.c @@ -35,7 +35,7 @@ #include "file.h" #ifndef lint -FILE_RCSID("@(#)$File: compress.c,v 1.68 2011/12/08 12:38:24 rrt Exp $") +FILE_RCSID("@(#)$File: compress.c,v 1.73 2014/01/05 15:55:21 christos Exp $") #endif #include "magic.h" @@ -80,6 +80,7 @@ private const struct { { "LZIP", 4, { "lzip", "-cdq", NULL }, 1 }, { "\3757zXZ\0",6,{ "xz", "-cd", NULL }, 1 }, /* XZ Utils */ { "LRZI", 4, { "lrzip", "-dqo-", NULL }, 1 }, /* LRZIP */ + { "\004\"M\030", 4, { "lz4", "-cd", NULL }, 1 }, /* LZ4 */ }; #define NODATA ((size_t)~0) @@ -121,14 +122,12 @@ file_zmagic(struct magic_set *ms, int fd, const char *name, if (file_printf(ms, mime ? " compressed-encoding=" : " (") == -1) goto error; + if (file_buffer(ms, -1, NULL, buf, nbytes) == -1) + goto error; + if (!mime && file_printf(ms, ")") == -1) + goto error; } - if ((mime == 0 || mime & MAGIC_MIME_ENCODING) && - file_buffer(ms, -1, NULL, buf, nbytes) == -1) - goto error; - - if (!mime && file_printf(ms, ")") == -1) - goto error; rv = 1; break; } @@ -168,12 +167,9 @@ swrite(int fd, const void *buf, size_t n) * `safe' read for sockets and pipes. */ protected ssize_t -sread(int fd, void *buf, size_t n, int canbepipe __attribute__ ((unused))) +sread(int fd, void *buf, size_t n, int canbepipe __attribute__((__unused__))) { ssize_t rv; -#ifdef FD_ZERO - ssize_t cnt; -#endif #ifdef FIONREAD int t = 0; #endif @@ -183,8 +179,9 @@ sread(int fd, void *buf, size_t n, int canbepipe __attribute__ ((unused))) goto nocheck; #ifdef FIONREAD - if ((canbepipe && (ioctl(fd, FIONREAD, &t) == -1)) || (t == 0)) { + if (canbepipe && (ioctl(fd, FIONREAD, &t) == -1 || t == 0)) { #ifdef FD_ZERO + ssize_t cnt; for (cnt = 0;; cnt++) { fd_set check; struct timeval tout = {0, 100 * 1000}; @@ -241,9 +238,6 @@ file_pipe2file(struct magic_set *ms, int fd, const void *startbuf, char buf[4096]; ssize_t r; int tfd; -#ifdef HAVE_MKSTEMP - int te; -#endif (void)strlcpy(buf, "/tmp/file.XXXXXX", sizeof buf); #ifndef HAVE_MKSTEMP @@ -255,10 +249,13 @@ file_pipe2file(struct magic_set *ms, int fd, const void *startbuf, errno = r; } #else - tfd = mkstemp(buf); - te = errno; - (void)unlink(buf); - errno = te; + { + int te; + tfd = mkstemp(buf); + te = errno; + (void)unlink(buf); + errno = te; + } #endif if (tfd == -1) { file_error(ms, errno, @@ -399,16 +396,19 @@ uncompressbuf(struct magic_set *ms, int fd, size_t method, case 0: /* child */ (void) close(0); if (fd != -1) { - (void) dup(fd); + if (dup(fd) == -1) + _exit(1); (void) lseek(0, (off_t)0, SEEK_SET); } else { - (void) dup(fdin[0]); + if (dup(fdin[0]) == -1) + _exit(1); (void) close(fdin[0]); (void) close(fdin[1]); } (void) close(1); - (void) dup(fdout[1]); + if (dup(fdout[1]) == -1) + _exit(1); (void) close(fdout[0]); (void) close(fdout[1]); #ifndef DEBUG @@ -480,7 +480,7 @@ uncompressbuf(struct magic_set *ms, int fd, size_t method, #endif free(*newch); n = 0; - newch[0] = '\0'; + *newch = NULL; goto err; } else { n = r; diff --git a/contrib/file/src/elfclass.h b/contrib/file/src/elfclass.h index 2e7741b3fc..010958a429 100644 --- a/contrib/file/src/elfclass.h +++ b/contrib/file/src/elfclass.h @@ -59,7 +59,8 @@ (off_t)elf_getu(swap, elfhdr.e_shoff), elf_getu16(swap, elfhdr.e_shnum), (size_t)elf_getu16(swap, elfhdr.e_shentsize), - fsize, &flags, elf_getu16(swap, elfhdr.e_machine)) == -1) + fsize, &flags, elf_getu16(swap, elfhdr.e_machine), + (int)elf_getu16(swap, elfhdr.e_shstrndx)) == -1) return -1; break; diff --git a/contrib/file/src/encoding.c b/contrib/file/src/encoding.c index dee57a6e8f..b75e0ccb7f 100644 --- a/contrib/file/src/encoding.c +++ b/contrib/file/src/encoding.c @@ -35,7 +35,7 @@ #include "file.h" #ifndef lint -FILE_RCSID("@(#)$File: encoding.c,v 1.7 2012/01/24 19:02:02 christos Exp $") +FILE_RCSID("@(#)$File: encoding.c,v 1.9 2013/11/19 20:45:50 christos Exp $") #endif /* lint */ #include "magic.h" @@ -72,13 +72,17 @@ file_encoding(struct magic_set *ms, const unsigned char *buf, size_t nbytes, uni unsigned char *nbuf = NULL; *type = "text"; - mlen = (nbytes + 1) * sizeof(nbuf[0]); - if ((nbuf = CAST(unsigned char *, calloc((size_t)1, mlen))) == NULL) { + *ulen = 0; + *code = "unknown"; + *code_mime = "binary"; + + mlen = (nbytes + 1) * sizeof((*ubuf)[0]); + if ((*ubuf = CAST(unichar *, calloc((size_t)1, mlen))) == NULL) { file_oomem(ms, mlen); goto done; } - mlen = (nbytes + 1) * sizeof((*ubuf)[0]); - if ((*ubuf = CAST(unichar *, calloc((size_t)1, mlen))) == NULL) { + mlen = (nbytes + 1) * sizeof(nbuf[0]); + if ((nbuf = CAST(unsigned char *, calloc((size_t)1, mlen))) == NULL) { file_oomem(ms, mlen); goto done; } diff --git a/contrib/file/src/file.c b/contrib/file/src/file.c index 408ec6389a..370da91462 100644 --- a/contrib/file/src/file.c +++ b/contrib/file/src/file.c @@ -32,7 +32,7 @@ #include "file.h" #ifndef lint -FILE_RCSID("@(#)$File: file.c,v 1.145 2011/12/08 12:12:46 rrt Exp $") +FILE_RCSID("@(#)$File: file.c,v 1.153 2014/02/11 15:41:04 christos Exp $") #endif /* lint */ #include "magic.h" @@ -71,9 +71,9 @@ int getopt_long(int argc, char * const *argv, const char *optstring, const struc #endif #ifdef S_IFLNK -#define FILE_FLAGS "-bchikLlNnprsvz0" +#define FILE_FLAGS "-bcEhikLlNnprsvz0" #else -#define FILE_FLAGS "-bciklNnprsvz0" +#define FILE_FLAGS "-bcEiklNnprsvz0" #endif # define USAGE \ @@ -101,7 +101,7 @@ private const struct option long_options[] = { #undef OPT_LONGONLY {0, 0, NULL, 0} }; -#define OPTSTRING "bcCde:f:F:hiklLm:nNprsvz0" +#define OPTSTRING "bcCde:Ef:F:hiklLm:nNprsvz0" private const struct { const char *name; @@ -122,8 +122,8 @@ private const struct { private char *progname; /* used throughout */ private void usage(void); +private void docprint(const char *); private void help(void); -int main(int, char *[]); private int unwrap(struct magic_set *, const char *); private int process(struct magic_set *ms, const char *, int); @@ -194,6 +194,9 @@ main(int argc, char *argv[]) case 'd': flags |= MAGIC_DEBUG|MAGIC_CHECK; break; + case 'E': + flags |= MAGIC_ERROR; + break; case 'e': for (i = 0; i < sizeof(nv) / sizeof(nv[0]); i++) if (strcmp(nv[i].name, optarg) == 0) @@ -252,7 +255,7 @@ main(int argc, char *argv[]) (void)fprintf(stdout, "%s-%s\n", progname, VERSION); (void)fprintf(stdout, "magic file from %s\n", magicfile); - return 1; + return 0; case 'z': flags |= MAGIC_COMPRESS; break; @@ -276,6 +279,11 @@ main(int argc, char *argv[]) if (e) return e; + if (MAGIC_VERSION != magic_version()) + (void)fprintf(stderr, "%s: compiled magic version [%d] " + "does not match with shared library magic version [%d]\n", + progname, MAGIC_VERSION, magic_version()); + switch(action) { case FILE_CHECK: case FILE_COMPILE: @@ -437,7 +445,7 @@ process(struct magic_set *ms, const char *inname, int wid) } } -size_t +protected size_t file_mbswidth(const char *s) { #if defined(HAVE_WCHAR_H) && defined(HAVE_MBRTOWC) && defined(HAVE_WCWIDTH) @@ -460,8 +468,11 @@ file_mbswidth(const char *s) * is always right */ width++; - } else - width += wcwidth(nextchar); + } else { + int w = wcwidth(nextchar); + if (w > 0) + width += w; + } s += bytesconsumed, n -= bytesconsumed; } @@ -478,6 +489,36 @@ usage(void) exit(1); } +private void +docprint(const char *opts) +{ + size_t i; + int comma; + char *sp, *p; + + p = strstr(opts, "%o"); + if (p == NULL) { + fprintf(stdout, "%s", opts); + return; + } + + for (sp = p - 1; sp > opts && *sp == ' '; sp--) + continue; + + fprintf(stdout, "%.*s", (int)(p - opts), opts); + + comma = 0; + for (i = 0; i < __arraycount(nv); i++) { + fprintf(stdout, "%s%s", comma++ ? ", " : "", nv[i].name); + if (i && i % 5 == 0) { + fprintf(stdout, ",\n%*s", (int)(p - sp - 1), ""); + comma = 0; + } + } + + fprintf(stdout, "%s", opts + (p - opts) + 2); +} + private void help(void) { @@ -486,9 +527,11 @@ help(void) "Determine type of FILEs.\n" "\n", stdout); #define OPT(shortname, longname, opt, doc) \ - fprintf(stdout, " -%c, --" longname doc, shortname); + fprintf(stdout, " -%c, --" longname, shortname), \ + docprint(doc); #define OPT_LONGONLY(longname, opt, doc) \ - fprintf(stdout, " --" longname doc); + fprintf(stdout, " --" longname), \ + docprint(doc); #include "file_opts.h" #undef OPT #undef OPT_LONGONLY diff --git a/contrib/file/src/file.h b/contrib/file/src/file.h index 175f659664..5c67ddd78a 100644 --- a/contrib/file/src/file.h +++ b/contrib/file/src/file.h @@ -27,7 +27,7 @@ */ /* * file.h - definitions for file(1) program - * @(#)$File: file.h,v 1.135 2011/09/20 15:30:14 christos Exp $ + * @(#)$File: file.h,v 1.149 2014/03/15 21:47:40 christos Exp $ */ #ifndef __file_h__ @@ -62,6 +62,7 @@ #include #endif #include +#include #include #include /* Do this here and now, because struct stat gets re-defined on solaris */ @@ -81,10 +82,18 @@ #endif #define private static + +#if HAVE_VISIBILITY +#define public __attribute__ ((__visibility__("default"))) #ifndef protected -#define protected +#define protected __attribute__ ((__visibility__("hidden"))) #endif +#else #define public +#ifndef protected +#define protected +#endif +#endif #ifndef __arraycount #define __arraycount(a) (sizeof(a) / sizeof(a[0])) @@ -119,12 +128,13 @@ #endif #define MAXMAGIS 8192 /* max entries in any one magic file or directory */ -#define MAXDESC 64 /* max leng of text description/MIME type */ -#define MAXstring 64 /* max leng of "string" types */ +#define MAXDESC 64 /* max len of text description/MIME type */ +#define MAXMIME 80 /* max len of text MIME type */ +#define MAXstring 64 /* max len of "string" types */ #define MAGICNO 0xF11E041C -#define VERSIONNO 8 -#define FILE_MAGICSIZE 232 +#define VERSIONNO 11 +#define FILE_MAGICSIZE 248 #define FILE_LOAD 0 #define FILE_CHECK 1 @@ -207,7 +217,13 @@ struct magic { #define FILE_BEID3 39 #define FILE_LEID3 40 #define FILE_INDIRECT 41 -#define FILE_NAMES_SIZE 42/* size of array to contain all names */ +#define FILE_QWDATE 42 +#define FILE_LEQWDATE 43 +#define FILE_BEQWDATE 44 +#define FILE_NAME 45 +#define FILE_USE 46 +#define FILE_CLEAR 47 +#define FILE_NAMES_SIZE 48 /* size of array to contain all names */ #define IS_STRING(t) \ ((t) == FILE_STRING || \ @@ -216,7 +232,8 @@ struct magic { (t) == FILE_LESTRING16 || \ (t) == FILE_REGEX || \ (t) == FILE_SEARCH || \ - (t) == FILE_DEFAULT) + (t) == FILE_NAME || \ + (t) == FILE_USE) #define FILE_FMT_NONE 0 #define FILE_FMT_NUM 1 /* "cduxXi" */ @@ -284,9 +301,9 @@ struct magic { union VALUETYPE value; /* either number or string */ /* Words 17-32 */ char desc[MAXDESC]; /* description */ - /* Words 33-48 */ - char mimetype[MAXDESC]; /* MIME type */ - /* Words 49-50 */ + /* Words 33-52 */ + char mimetype[MAXMIME]; /* MIME type */ + /* Words 53-54 */ char apple[8]; }; @@ -307,12 +324,14 @@ struct magic { #define PSTRING_LEN \ (PSTRING_1_BE|PSTRING_2_LE|PSTRING_2_BE|PSTRING_4_LE|PSTRING_4_BE) #define PSTRING_LENGTH_INCLUDES_ITSELF BIT(12) +#define STRING_TRIM BIT(13) #define CHAR_COMPACT_WHITESPACE 'W' #define CHAR_COMPACT_OPTIONAL_WHITESPACE 'w' #define CHAR_IGNORE_LOWERCASE 'c' #define CHAR_IGNORE_UPPERCASE 'C' #define CHAR_REGEX_OFFSET_START 's' #define CHAR_TEXTTEST 't' +#define CHAR_TRIM 'T' #define CHAR_BINTEST 'b' #define CHAR_PSTRING_1_BE 'B' #define CHAR_PSTRING_1_LE 'B' @@ -328,10 +347,8 @@ struct magic { /* list of magic entries */ struct mlist { struct magic *magic; /* array of magic entries */ - uint32_t nmagic; /* number of entries in array */ - int mapped; /* allocation type: 0 => apprentice_file - * 1 => apprentice_map + malloc - * 2 => apprentice_map + mmap */ + uint32_t nmagic; /* number of entries in array */ + void *map; /* internal resources used by entry */ struct mlist *next, *prev; }; @@ -351,8 +368,11 @@ struct level_info { int last_cond; /* used for error checking by parse() */ #endif }; + +#define MAGIC_SETS 2 + struct magic_set { - struct mlist *mlist; + struct mlist *mlist[MAGIC_SETS]; /* list of regular entries */ struct cont { size_t len; struct level_info *li; @@ -386,12 +406,17 @@ struct magic_set { typedef unsigned long unichar; struct stat; -protected const char *file_fmttime(uint32_t, int); +#define FILE_T_LOCAL 1 +#define FILE_T_WINDOWS 2 +protected const char *file_fmttime(uint64_t, int, char *); +protected struct magic_set *file_ms_alloc(int); +protected void file_ms_free(struct magic_set *); protected int file_buffer(struct magic_set *, int, const char *, const void *, size_t); protected int file_fsmagic(struct magic_set *, const char *, struct stat *); protected int file_pipe2file(struct magic_set *, int, const void *, size_t); -protected int file_vprintf(struct magic_set *, const char *, va_list); +protected int file_vprintf(struct magic_set *, const char *, va_list) + __attribute__((__format__(__printf__, 2, 0))); protected size_t file_printedlen(const struct magic_set *); protected int file_replace(struct magic_set *, const char *, const char *); protected int file_printf(struct magic_set *, const char *, ...) @@ -414,11 +439,11 @@ protected int file_encoding(struct magic_set *, const unsigned char *, size_t, unichar **, size_t *, const char **, const char **, const char **); protected int file_is_tar(struct magic_set *, const unsigned char *, size_t); protected int file_softmagic(struct magic_set *, const unsigned char *, size_t, - int, int); -protected struct mlist *file_apprentice(struct magic_set *, const char *, int); + size_t, int, int); +protected int file_apprentice(struct magic_set *, const char *, int); +protected int file_magicfind(struct magic_set *, const char *, struct mlist *); protected uint64_t file_signextend(struct magic_set *, struct magic *, uint64_t); -protected void file_delmagic(struct magic *, int type, size_t entries); protected void file_badread(struct magic_set *); protected void file_badseek(struct magic_set *); protected void file_oomem(struct magic_set *, size_t); @@ -460,22 +485,38 @@ extern char *sys_errlist[]; #define strtoul(a, b, c) strtol(a, b, c) #endif +#ifndef HAVE_PREAD +ssize_t pread(int, void *, size_t, off_t); +#endif #ifndef HAVE_VASPRINTF int vasprintf(char **, const char *, va_list); #endif #ifndef HAVE_ASPRINTF -int asprintf(char **ptr, const char *format_string, ...); +int asprintf(char **, const char *, ...); #endif #ifndef HAVE_STRLCPY -size_t strlcpy(char *dst, const char *src, size_t siz); +size_t strlcpy(char *, const char *, size_t); #endif #ifndef HAVE_STRLCAT -size_t strlcat(char *dst, const char *src, size_t siz); +size_t strlcat(char *, const char *, size_t); +#endif +#ifndef HAVE_STRCASESTR +char *strcasestr(const char *, const char *); #endif #ifndef HAVE_GETLINE -ssize_t getline(char **dst, size_t *len, FILE *fp); -ssize_t getdelim(char **dst, size_t *len, int delimiter, FILE *fp); +ssize_t getline(char **, size_t *, FILE *); +ssize_t getdelim(char **, size_t *, int, FILE *); +#endif +#ifndef HAVE_CTIME_R +char *ctime_r(const time_t *, char *); +#endif +#ifndef HAVE_ASCTIME_R +char *asctime_r(const struct tm *, char *); +#endif +#ifndef HAVE_FMTCHECK +const char *fmtcheck(const char *, const char *) + __attribute__((__format_arg__(2))); #endif #if defined(HAVE_MMAP) && defined(HAVE_SYS_MMAN_H) && !defined(QUICK) diff --git a/contrib/file/src/file_opts.h b/contrib/file/src/file_opts.h index 8a176721f6..db34eb732b 100644 --- a/contrib/file/src/file_opts.h +++ b/contrib/file/src/file_opts.h @@ -23,7 +23,7 @@ OPT('c', "checking-printout", 0, " print the parsed form of the magic file, u " before installing it\n") OPT('e', "exclude", 1, " TEST exclude TEST from the list of test to be\n" " performed for file. Valid tests are:\n" - " ascii, apptype, compress, elf, soft, tar, tokens, troff\n") + " %o\n") OPT('f', "files-from", 1, " FILE read the filenames to be examined from FILE\n") OPT('F', "separator", 1, " STRING use string as separator instead of `:'\n") OPT('i', "mime", 0, " output MIME type strings (--mime-type and\n" @@ -32,8 +32,8 @@ OPT_LONGONLY("apple", 0, " output the Apple CREATOR/TYPE\n") OPT_LONGONLY("mime-type", 0, " output the MIME type\n") OPT_LONGONLY("mime-encoding", 0, " output the MIME encoding\n") OPT('k', "keep-going", 0, " don't stop at the first match\n") -#ifdef S_IFLNK OPT('l', "list", 0, " list magic strength\n") +#ifdef S_IFLNK OPT('L', "dereference", 0, " follow symlinks (default)\n") OPT('h', "no-dereference", 0, " don't follow symlinks\n") #endif diff --git a/contrib/file/src/fsmagic.c b/contrib/file/src/fsmagic.c index 7200271fc6..72d035599a 100644 --- a/contrib/file/src/fsmagic.c +++ b/contrib/file/src/fsmagic.c @@ -32,7 +32,7 @@ #include "file.h" #ifndef lint -FILE_RCSID("@(#)$File: fsmagic.c,v 1.64 2011/08/14 09:03:12 christos Exp $") +FILE_RCSID("@(#)$File: fsmagic.c,v 1.71 2013/12/01 18:01:07 christos Exp $") #endif /* lint */ #include "magic.h" @@ -98,7 +98,7 @@ handle_mime(struct magic_set *ms, int mime, const char *str) protected int file_fsmagic(struct magic_set *ms, const char *fn, struct stat *sb) { - int ret = 0; + int ret, did = 0; int mime = ms->flags & MAGIC_MIME; #ifdef S_IFLNK char buf[BUFSIZ+4]; @@ -111,6 +111,7 @@ file_fsmagic(struct magic_set *ms, const char *fn, struct stat *sb) if (fn == NULL) return 0; +#define COMMA (did++ ? ", " : "") /* * Fstat is cheaper but fails for files you don't have read perms on. * On 4.2BSD and similar systems, use lstat() to identify symlinks. @@ -130,24 +131,24 @@ file_fsmagic(struct magic_set *ms, const char *fn, struct stat *sb) if (file_printf(ms, "cannot open `%s' (%s)", fn, strerror(errno)) == -1) return -1; - ms->event_flags |= EVENT_HAD_ERR; - return -1; + return 0; } + ret = 1; if (!mime) { #ifdef S_ISUID - if (sb->st_mode & S_ISUID) - if (file_printf(ms, "setuid ") == -1) + if (sb->st_mode & S_ISUID) + if (file_printf(ms, "%ssetuid", COMMA) == -1) return -1; #endif #ifdef S_ISGID if (sb->st_mode & S_ISGID) - if (file_printf(ms, "setgid ") == -1) + if (file_printf(ms, "%ssetgid", COMMA) == -1) return -1; #endif #ifdef S_ISVTX if (sb->st_mode & S_ISVTX) - if (file_printf(ms, "sticky ") == -1) + if (file_printf(ms, "%ssticky", COMMA) == -1) return -1; #endif } @@ -157,9 +158,9 @@ file_fsmagic(struct magic_set *ms, const char *fn, struct stat *sb) if (mime) { if (handle_mime(ms, mime, "directory") == -1) return -1; - } else if (file_printf(ms, "directory") == -1) + } else if (file_printf(ms, "%sdirectory", COMMA) == -1) return -1; - return 1; + break; #ifdef S_IFCHR case S_IFCHR: /* @@ -167,30 +168,32 @@ file_fsmagic(struct magic_set *ms, const char *fn, struct stat *sb) * like ordinary files. Otherwise, just report that they * are block special files and go on to the next file. */ - if ((ms->flags & MAGIC_DEVICES) != 0) + if ((ms->flags & MAGIC_DEVICES) != 0) { + ret = 0; break; + } if (mime) { if (handle_mime(ms, mime, "chardevice") == -1) return -1; } else { #ifdef HAVE_STAT_ST_RDEV # ifdef dv_unit - if (file_printf(ms, "character special (%d/%d/%d)", - major(sb->st_rdev), dv_unit(sb->st_rdev), + if (file_printf(ms, "%scharacter special (%d/%d/%d)", + COMMA, major(sb->st_rdev), dv_unit(sb->st_rdev), dv_subunit(sb->st_rdev)) == -1) return -1; # else - if (file_printf(ms, "character special (%ld/%ld)", - (long)major(sb->st_rdev), (long)minor(sb->st_rdev)) - == -1) + if (file_printf(ms, "%scharacter special (%ld/%ld)", + COMMA, (long)major(sb->st_rdev), + (long)minor(sb->st_rdev)) == -1) return -1; # endif #else - if (file_printf(ms, "character special") == -1) + if (file_printf(ms, "%scharacter special", COMMA) == -1) return -1; #endif } - return 1; + break; #endif #ifdef S_IFBLK case S_IFBLK: @@ -199,29 +202,32 @@ file_fsmagic(struct magic_set *ms, const char *fn, struct stat *sb) * like ordinary files. Otherwise, just report that they * are block special files and go on to the next file. */ - if ((ms->flags & MAGIC_DEVICES) != 0) + if ((ms->flags & MAGIC_DEVICES) != 0) { + ret = 0; break; + } if (mime) { if (handle_mime(ms, mime, "blockdevice") == -1) return -1; } else { #ifdef HAVE_STAT_ST_RDEV # ifdef dv_unit - if (file_printf(ms, "block special (%d/%d/%d)", - major(sb->st_rdev), dv_unit(sb->st_rdev), - dv_subunit(sb->st_rdev)) == -1) + if (file_printf(ms, "%sblock special (%d/%d/%d)", + COMMA, major(sb->st_rdev), dv_unit(sb->st_rdev), + dv_subunit(sb->st_rdev)) == -1) return -1; # else - if (file_printf(ms, "block special (%ld/%ld)", - (long)major(sb->st_rdev), (long)minor(sb->st_rdev)) == -1) + if (file_printf(ms, "%sblock special (%ld/%ld)", + COMMA, (long)major(sb->st_rdev), + (long)minor(sb->st_rdev)) == -1) return -1; # endif #else - if (file_printf(ms, "block special") == -1) + if (file_printf(ms, "%sblock special", COMMA) == -1) return -1; #endif } - return 1; + break; #endif /* TODO add code to handle V7 MUX and Blit MUX files */ #ifdef S_IFIFO @@ -231,18 +237,18 @@ file_fsmagic(struct magic_set *ms, const char *fn, struct stat *sb) if (mime) { if (handle_mime(ms, mime, "fifo") == -1) return -1; - } else if (file_printf(ms, "fifo (named pipe)") == -1) + } else if (file_printf(ms, "%sfifo (named pipe)", COMMA) == -1) return -1; - return 1; + break; #endif #ifdef S_IFDOOR case S_IFDOOR: if (mime) { if (handle_mime(ms, mime, "door") == -1) return -1; - } else if (file_printf(ms, "door") == -1) + } else if (file_printf(ms, "%sdoor", COMMA) == -1) return -1; - return 1; + break; #endif #ifdef S_IFLNK case S_IFLNK: @@ -256,10 +262,10 @@ file_fsmagic(struct magic_set *ms, const char *fn, struct stat *sb) if (handle_mime(ms, mime, "symlink") == -1) return -1; } else if (file_printf(ms, - "unreadable symlink `%s' (%s)", fn, + "%sunreadable symlink `%s' (%s)", COMMA, fn, strerror(errno)) == -1) return -1; - return 1; + break; } buf[nch] = '\0'; /* readlink(2) does not do this */ @@ -285,9 +291,10 @@ file_fsmagic(struct magic_set *ms, const char *fn, struct stat *sb) "x-path-too-long") == -1) return -1; } else if (file_printf(ms, - "path too long: `%s'", fn) == -1) + "%spath too long: `%s'", COMMA, + fn) == -1) return -1; - return 1; + break; } /* take dir part */ (void)strlcpy(buf2, fn, sizeof buf2); @@ -306,16 +313,17 @@ file_fsmagic(struct magic_set *ms, const char *fn, struct stat *sb) ms->flags &= MAGIC_SYMLINK; p = magic_file(ms, buf); ms->flags |= MAGIC_SYMLINK; - return p != NULL ? 1 : -1; + if (p == NULL) + return -1; } else { /* just print what it points to */ if (mime) { if (handle_mime(ms, mime, "symlink") == -1) return -1; - } else if (file_printf(ms, "symbolic link to `%s'", - buf) == -1) + } else if (file_printf(ms, "%ssymbolic link to `%s'", + COMMA, buf) == -1) return -1; } - return 1; + break; #endif #ifdef S_IFSOCK #ifndef __COHERENT__ @@ -323,38 +331,44 @@ file_fsmagic(struct magic_set *ms, const char *fn, struct stat *sb) if (mime) { if (handle_mime(ms, mime, "socket") == -1) return -1; - } else if (file_printf(ms, "socket") == -1) + } else if (file_printf(ms, "%ssocket", COMMA) == -1) return -1; - return 1; + break; #endif #endif case S_IFREG: + /* + * regular file, check next possibility + * + * If stat() tells us the file has zero length, report here that + * the file is empty, so we can skip all the work of opening and + * reading the file. + * But if the -s option has been given, we skip this + * optimization, since on some systems, stat() reports zero + * size for raw disk partitions. (If the block special device + * really has zero length, the fact that it is empty will be + * detected and reported correctly when we read the file.) + */ + if ((ms->flags & MAGIC_DEVICES) == 0 && sb->st_size == 0) { + if (mime) { + if (handle_mime(ms, mime, "x-empty") == -1) + return -1; + } else if (file_printf(ms, "%sempty", COMMA) == -1) + return -1; + break; + } + ret = 0; break; + default: file_error(ms, 0, "invalid mode 0%o", sb->st_mode); return -1; /*NOTREACHED*/ } - /* - * regular file, check next possibility - * - * If stat() tells us the file has zero length, report here that - * the file is empty, so we can skip all the work of opening and - * reading the file. - * But if the -s option has been given, we skip this optimization, - * since on some systems, stat() reports zero size for raw disk - * partitions. (If the block special device really has zero length, - * the fact that it is empty will be detected and reported correctly - * when we read the file.) - */ - if ((ms->flags & MAGIC_DEVICES) == 0 && sb->st_size == 0) { - if (mime) { - if (handle_mime(ms, mime, "x-empty") == -1) - return -1; - } else if (file_printf(ms, "empty") == -1) - return -1; - return 1; + if (!mime && did && ret == 0) { + if (file_printf(ms, " ") == -1) + return -1; } - return 0; + return ret; } diff --git a/contrib/file/src/funcs.c b/contrib/file/src/funcs.c index 0b2a3d0ca3..a9624a28b9 100644 --- a/contrib/file/src/funcs.c +++ b/contrib/file/src/funcs.c @@ -27,10 +27,11 @@ #include "file.h" #ifndef lint -FILE_RCSID("@(#)$File: funcs.c,v 1.60 2011/12/08 12:38:24 rrt Exp $") +FILE_RCSID("@(#)$File: funcs.c,v 1.70 2014/03/14 19:02:37 christos Exp $") #endif /* lint */ #include "magic.h" +#include #include #include #include @@ -44,6 +45,9 @@ FILE_RCSID("@(#)$File: funcs.c,v 1.60 2011/12/08 12:38:24 rrt Exp $") #if defined(HAVE_LIMITS_H) #include #endif +#if defined(HAVE_LOCALE_H) +#include +#endif #ifndef SIZE_MAX #define SIZE_MAX ((size_t)~0) @@ -58,6 +62,8 @@ file_vprintf(struct magic_set *ms, const char *fmt, va_list ap) int len; char *buf, *newstr; + if (ms->event_flags & EVENT_HAD_ERR) + return 0; len = vasprintf(&buf, fmt, ap); if (len < 0) goto out; @@ -93,6 +99,7 @@ file_printf(struct magic_set *ms, const char *fmt, ...) * error - print best error message possible */ /*VARARGS*/ +__attribute__((__format__(__printf__, 3, 0))) private void file_error_core(struct magic_set *ms, int error, const char *f, va_list va, size_t lineno) @@ -166,27 +173,22 @@ file_buffer(struct magic_set *ms, int fd, const char *inname __attribute__ ((unu size_t ulen; const char *code = NULL; const char *code_mime = "binary"; - const char *type = NULL; - - + const char *type = "application/octet-stream"; + const char *def = "data"; + const char *ftype = NULL; if (nb == 0) { - if ((!mime || (mime & MAGIC_MIME_TYPE)) && - file_printf(ms, mime ? "application/x-empty" : - "empty") == -1) - return -1; - return 1; + def = "empty"; + type = "application/x-empty"; + goto simple; } else if (nb == 1) { - if ((!mime || (mime & MAGIC_MIME_TYPE)) && - file_printf(ms, mime ? "application/octet-stream" : - "very short file (no magic)") == -1) - return -1; - return 1; + def = "very short file (no magic)"; + goto simple; } if ((ms->flags & MAGIC_NO_CHECK_ENCODING) == 0) { looks_text = file_encoding(ms, ubuf, nb, &u8buf, &ulen, - &code, &code_mime, &type); + &code, &code_mime, &ftype); } #ifdef __EMX__ @@ -207,7 +209,7 @@ file_buffer(struct magic_set *ms, int fd, const char *inname __attribute__ ((unu if ((m = file_zmagic(ms, fd, inname, ubuf, nb)) != 0) { if ((ms->flags & MAGIC_DEBUG) != 0) (void)fprintf(stderr, "zmagic %d\n", m); - goto done; + goto done_encoding; } #endif /* Check if we have a tar file */ @@ -228,7 +230,7 @@ file_buffer(struct magic_set *ms, int fd, const char *inname __attribute__ ((unu /* try soft magic tests */ if ((ms->flags & MAGIC_NO_CHECK_SOFT) == 0) - if ((m = file_softmagic(ms, ubuf, nb, BINTEST, + if ((m = file_softmagic(ms, ubuf, nb, 0, BINTEST, looks_text)) != 0) { if ((ms->flags & MAGIC_DEBUG) != 0) (void)fprintf(stderr, "softmagic %d\n", m); @@ -261,25 +263,13 @@ file_buffer(struct magic_set *ms, int fd, const char *inname __attribute__ ((unu (void)fprintf(stderr, "ascmagic %d\n", m); goto done; } - - /* try to discover text encoding */ - if ((ms->flags & MAGIC_NO_CHECK_ENCODING) == 0) { - if (looks_text == 0) - if ((m = file_ascmagic_with_encoding( ms, ubuf, - nb, u8buf, ulen, code, type, looks_text)) - != 0) { - if ((ms->flags & MAGIC_DEBUG) != 0) - (void)fprintf(stderr, - "ascmagic/enc %d\n", m); - goto done; - } - } } +simple: /* give up */ m = 1; if ((!mime || (mime & MAGIC_MIME_TYPE)) && - file_printf(ms, mime ? "application/octet-stream" : "data") == -1) { + file_printf(ms, "%s", mime ? type : def) == -1) { rv = -1; } done: @@ -290,6 +280,7 @@ file_buffer(struct magic_set *ms, int fd, const char *inname __attribute__ ((unu if (file_printf(ms, "%s", code_mime) == -1) rv = -1; } + done_encoding: free(u8buf); if (rv) return rv; @@ -301,7 +292,7 @@ file_buffer(struct magic_set *ms, int fd, const char *inname __attribute__ ((unu protected int file_reset(struct magic_set *ms) { - if (ms->mlist == NULL) { + if (ms->mlist[0] == NULL) { file_error(ms, 0, "no magic files loaded"); return -1; } @@ -437,14 +428,19 @@ protected int file_replace(struct magic_set *ms, const char *pat, const char *rep) { regex_t rx; - int rc; - + int rc, rv = -1; + char *old_lc_ctype; + + old_lc_ctype = setlocale(LC_CTYPE, NULL); + assert(old_lc_ctype != NULL); + old_lc_ctype = strdup(old_lc_ctype); + assert(old_lc_ctype != NULL); + (void)setlocale(LC_CTYPE, "C"); rc = regcomp(&rx, pat, REG_EXTENDED); if (rc) { char errmsg[512]; (void)regerror(rc, &rx, errmsg, sizeof(errmsg)); file_magerror(ms, "regex error %d, (%s)", rc, errmsg); - return -1; } else { regmatch_t rm; int nm = 0; @@ -452,10 +448,14 @@ file_replace(struct magic_set *ms, const char *pat, const char *rep) ms->o.buf[rm.rm_so] = '\0'; if (file_printf(ms, "%s%s", rep, rm.rm_eo != 0 ? ms->o.buf + rm.rm_eo : "") == -1) - return -1; + goto out; nm++; } regfree(&rx); - return nm; + rv = nm; } +out: + (void)setlocale(LC_CTYPE, old_lc_ctype); + free(old_lc_ctype); + return rv; } diff --git a/contrib/file/src/magic.c b/contrib/file/src/magic.c index 540395114f..22174b8f52 100644 --- a/contrib/file/src/magic.c +++ b/contrib/file/src/magic.c @@ -33,7 +33,7 @@ #include "file.h" #ifndef lint -FILE_RCSID("@(#)$File: magic.c,v 1.74 2011/05/26 01:27:59 christos Exp $") +FILE_RCSID("@(#)$File: magic.c,v 1.81 2013/11/29 15:42:51 christos Exp $") #endif /* lint */ #include "magic.h" @@ -71,7 +71,6 @@ FILE_RCSID("@(#)$File: magic.c,v 1.74 2011/05/26 01:27:59 christos Exp $") #endif #endif -private void free_mlist(struct mlist *); private void close_and_restore(const struct magic_set *, const char *, int, const struct stat *); private int unreadable_info(struct magic_set *, mode_t, const char *); @@ -101,16 +100,21 @@ get_default_magic(void) if ((home = getenv("HOME")) == NULL) return MAGIC; - if (asprintf(&hmagicpath, "%s/.magic", home) < 0) + if (asprintf(&hmagicpath, "%s/.magic.mgc", home) < 0) return MAGIC; - if (stat(hmagicpath, &st) == -1) - goto out; - if (S_ISDIR(st.st_mode)) { + if (stat(hmagicpath, &st) == -1) { free(hmagicpath); - if (asprintf(&hmagicpath, "%s/%s", home, hmagic) < 0) + if (asprintf(&hmagicpath, "%s/.magic", home) < 0) return MAGIC; - if (access(hmagicpath, R_OK) == -1) + if (stat(hmagicpath, &st) == -1) goto out; + if (S_ISDIR(st.st_mode)) { + free(hmagicpath); + if (asprintf(&hmagicpath, "%s/%s", home, hmagic) < 0) + return MAGIC; + if (access(hmagicpath, R_OK) == -1) + goto out; + } } if (asprintf(&default_magic, "%s:%s", hmagicpath, MAGIC) < 0) @@ -210,51 +214,7 @@ magic_getpath(const char *magicfile, int action) public struct magic_set * magic_open(int flags) { - struct magic_set *ms; - size_t len; - - if ((ms = CAST(struct magic_set *, calloc((size_t)1, - sizeof(struct magic_set)))) == NULL) - return NULL; - - if (magic_setflags(ms, flags) == -1) { - errno = EINVAL; - goto free; - } - - ms->o.buf = ms->o.pbuf = NULL; - len = (ms->c.len = 10) * sizeof(*ms->c.li); - - if ((ms->c.li = CAST(struct level_info *, malloc(len))) == NULL) - goto free; - - ms->event_flags = 0; - ms->error = -1; - ms->mlist = NULL; - ms->file = "unknown"; - ms->line = 0; - return ms; -free: - free(ms); - return NULL; -} - -private void -free_mlist(struct mlist *mlist) -{ - struct mlist *ml; - - if (mlist == NULL) - return; - - for (ml = mlist->next; ml != mlist;) { - struct mlist *next = ml->next; - struct magic *mg = ml->magic; - file_delmagic(mg, ml->mapped, ml->nmagic); - free(ml); - ml = next; - } - free(ml); + return file_ms_alloc(flags); } private int @@ -278,11 +238,9 @@ unreadable_info(struct magic_set *ms, mode_t md, const char *file) public void magic_close(struct magic_set *ms) { - free_mlist(ms->mlist); - free(ms->o.pbuf); - free(ms->o.buf); - free(ms->c.li); - free(ms); + if (ms == NULL) + return; + file_ms_free(ms); } /* @@ -291,44 +249,40 @@ magic_close(struct magic_set *ms) public int magic_load(struct magic_set *ms, const char *magicfile) { - struct mlist *ml = file_apprentice(ms, magicfile, FILE_LOAD); - if (ml) { - free_mlist(ms->mlist); - ms->mlist = ml; - return 0; - } - return -1; + if (ms == NULL) + return -1; + return file_apprentice(ms, magicfile, FILE_LOAD); } public int magic_compile(struct magic_set *ms, const char *magicfile) { - struct mlist *ml = file_apprentice(ms, magicfile, FILE_COMPILE); - free_mlist(ml); - return ml ? 0 : -1; + if (ms == NULL) + return -1; + return file_apprentice(ms, magicfile, FILE_COMPILE); } public int magic_check(struct magic_set *ms, const char *magicfile) { - struct mlist *ml = file_apprentice(ms, magicfile, FILE_CHECK); - free_mlist(ml); - return ml ? 0 : -1; + if (ms == NULL) + return -1; + return file_apprentice(ms, magicfile, FILE_CHECK); } public int magic_list(struct magic_set *ms, const char *magicfile) { - struct mlist *ml = file_apprentice(ms, magicfile, FILE_LIST); - free_mlist(ml); - return ml ? 0 : -1; + if (ms == NULL) + return -1; + return file_apprentice(ms, magicfile, FILE_LIST); } private void close_and_restore(const struct magic_set *ms, const char *name, int fd, const struct stat *sb) { - if (fd == STDIN_FILENO) + if (fd == STDIN_FILENO || name == NULL) return; (void) close(fd); @@ -365,6 +319,8 @@ close_and_restore(const struct magic_set *ms, const char *name, int fd, public const char * magic_descriptor(struct magic_set *ms, int fd) { + if (ms == NULL) + return NULL; return file_or_fd(ms, NULL, fd); } @@ -374,6 +330,8 @@ magic_descriptor(struct magic_set *ms, int fd) public const char * magic_file(struct magic_set *ms, const char *inname) { + if (ms == NULL) + return NULL; return file_or_fd(ms, inname, STDIN_FILENO); } @@ -385,6 +343,7 @@ file_or_fd(struct magic_set *ms, const char *inname, int fd) struct stat sb; ssize_t nbytes = 0; /* number of bytes read from a datafile */ int ispipe = 0; + off_t pos = (off_t)-1; /* * one extra for terminating '\0', and @@ -410,10 +369,13 @@ file_or_fd(struct magic_set *ms, const char *inname, int fd) if (inname == NULL) { if (fstat(fd, &sb) == 0 && S_ISFIFO(sb.st_mode)) ispipe = 1; + else + pos = lseek(fd, (off_t)0, SEEK_CUR); } else { int flags = O_RDONLY|O_BINARY; + int okstat = stat(inname, &sb) == 0; - if (stat(inname, &sb) == 0 && S_ISFIFO(sb.st_mode)) { + if (okstat && S_ISFIFO(sb.st_mode)) { #ifdef O_NONBLOCK flags |= O_NONBLOCK; #endif @@ -422,7 +384,8 @@ file_or_fd(struct magic_set *ms, const char *inname, int fd) errno = 0; if ((fd = open(inname, flags)) < 0) { - if (unreadable_info(ms, sb.st_mode, inname) == -1) + if (okstat && + unreadable_info(ms, sb.st_mode, inname) == -1) goto done; rv = 0; goto done; @@ -468,6 +431,8 @@ file_or_fd(struct magic_set *ms, const char *inname, int fd) rv = 0; done: free(buf); + if (pos != (off_t)-1) + (void)lseek(fd, pos, SEEK_SET); close_and_restore(ms, inname, fd, &sb); return rv == 0 ? file_getbuffer(ms) : NULL; } @@ -476,6 +441,8 @@ done: public const char * magic_buffer(struct magic_set *ms, const void *buf, size_t nb) { + if (ms == NULL) + return NULL; if (file_reset(ms) == -1) return NULL; /* @@ -492,18 +459,24 @@ magic_buffer(struct magic_set *ms, const void *buf, size_t nb) public const char * magic_error(struct magic_set *ms) { + if (ms == NULL) + return "Magic database is not open"; return (ms->event_flags & EVENT_HAD_ERR) ? ms->o.buf : NULL; } public int magic_errno(struct magic_set *ms) { + if (ms == NULL) + return EINVAL; return (ms->event_flags & EVENT_HAD_ERR) ? ms->error : 0; } public int magic_setflags(struct magic_set *ms, int flags) { + if (ms == NULL) + return -1; #if !defined(HAVE_UTIME) && !defined(HAVE_UTIMES) if (flags & MAGIC_PRESERVE_ATIME) return -1; @@ -511,3 +484,9 @@ magic_setflags(struct magic_set *ms, int flags) ms->flags = flags; return 0; } + +public int +magic_version(void) +{ + return MAGIC_VERSION; +} diff --git a/contrib/file/src/magic.h b/contrib/file/src/magic.h index 2bbed764d2..535a177b88 100644 --- a/contrib/file/src/magic.h +++ b/contrib/file/src/magic.h @@ -65,6 +65,7 @@ MAGIC_NO_CHECK_CDF | \ MAGIC_NO_CHECK_TOKENS | \ MAGIC_NO_CHECK_ENCODING | \ + 0 \ ) /* Defined for backwards compatibility (renamed) */ @@ -74,6 +75,8 @@ #define MAGIC_NO_CHECK_FORTRAN 0x000000 /* Don't check ascii/fortran */ #define MAGIC_NO_CHECK_TROFF 0x000000 /* Don't check ascii/troff */ +#define MAGIC_VERSION 517 /* This implementation */ + #ifdef __cplusplus extern "C" { @@ -91,6 +94,7 @@ const char *magic_buffer(magic_t, const void *, size_t); const char *magic_error(magic_t); int magic_setflags(magic_t, int); +int magic_version(void); int magic_load(magic_t, const char *); int magic_compile(magic_t, const char *); int magic_check(magic_t, const char *); diff --git a/contrib/file/src/print.c b/contrib/file/src/print.c index 4187a2ee0d..fa81798674 100644 --- a/contrib/file/src/print.c +++ b/contrib/file/src/print.c @@ -32,7 +32,7 @@ #include "file.h" #ifndef lint -FILE_RCSID("@(#)$File: print.c,v 1.71 2011/09/20 15:28:09 christos Exp $") +FILE_RCSID("@(#)$File: print.c,v 1.76 2013/02/26 18:25:00 christos Exp $") #endif /* lint */ #include @@ -45,31 +45,33 @@ FILE_RCSID("@(#)$File: print.c,v 1.71 2011/09/20 15:28:09 christos Exp $") #define SZOF(a) (sizeof(a) / sizeof(a[0])) +#include "cdf.h" + #ifndef COMPILE_ONLY protected void file_mdump(struct magic *m) { - private const char optyp[] = { FILE_OPS }; + static const char optyp[] = { FILE_OPS }; + char tbuf[26]; (void) fprintf(stderr, "%u: %.*s %u", m->lineno, (m->cont_level & 7) + 1, ">>>>>>>>", m->offset); if (m->flag & INDIR) { (void) fprintf(stderr, "(%s,", - /* Note: type is unsigned */ - (m->in_type < file_nnames) ? - file_names[m->in_type] : "*bad*"); + /* Note: type is unsigned */ + (m->in_type < file_nnames) ? file_names[m->in_type] : + "*bad in_type*"); if (m->in_op & FILE_OPINVERSE) (void) fputc('~', stderr); (void) fprintf(stderr, "%c%u),", - ((size_t)(m->in_op & FILE_OPS_MASK) < - SZOF(optyp)) ? - optyp[m->in_op & FILE_OPS_MASK] : '?', - m->in_offset); + ((size_t)(m->in_op & FILE_OPS_MASK) < + SZOF(optyp)) ? optyp[m->in_op & FILE_OPS_MASK] : '?', + m->in_offset); } (void) fprintf(stderr, " %s%s", (m->flag & UNSIGNED) ? "u" : "", - /* Note: type is unsigned */ - (m->type < file_nnames) ? file_names[m->type] : "*bad*"); + /* Note: type is unsigned */ + (m->type < file_nnames) ? file_names[m->type] : "*bad type"); if (m->mask_op & FILE_OPINVERSE) (void) fputc('~', stderr); @@ -132,6 +134,7 @@ file_mdump(struct magic *m) case FILE_MELONG: case FILE_BESHORT: case FILE_BELONG: + case FILE_INDIRECT: (void) fprintf(stderr, "%d", m->value.l); break; case FILE_BEQUAD: @@ -153,26 +156,31 @@ file_mdump(struct magic *m) case FILE_BEDATE: case FILE_MEDATE: (void)fprintf(stderr, "%s,", - file_fmttime(m->value.l, 1)); + file_fmttime(m->value.l, FILE_T_LOCAL, tbuf)); break; case FILE_LDATE: case FILE_LELDATE: case FILE_BELDATE: case FILE_MELDATE: (void)fprintf(stderr, "%s,", - file_fmttime(m->value.l, 0)); - break; + file_fmttime(m->value.l, 0, tbuf)); case FILE_QDATE: case FILE_LEQDATE: case FILE_BEQDATE: (void)fprintf(stderr, "%s,", - file_fmttime((uint32_t)m->value.q, 1)); + file_fmttime(m->value.q, FILE_T_LOCAL, tbuf)); break; case FILE_QLDATE: case FILE_LEQLDATE: case FILE_BEQLDATE: (void)fprintf(stderr, "%s,", - file_fmttime((uint32_t)m->value.q, 0)); + file_fmttime(m->value.q, 0, tbuf)); + break; + case FILE_QWDATE: + case FILE_LEQWDATE: + case FILE_BEQWDATE: + (void)fprintf(stderr, "%s,", + file_fmttime(m->value.q, FILE_T_WINDOWS, tbuf)); break; case FILE_FLOAT: case FILE_BEFLOAT: @@ -187,8 +195,12 @@ file_mdump(struct magic *m) case FILE_DEFAULT: /* XXX - do anything here? */ break; + case FILE_USE: + case FILE_NAME: + (void) fprintf(stderr, "'%s'", m->value.s); + break; default: - (void) fputs("*bad*", stderr); + (void) fprintf(stderr, "*bad type %d*", m->type); break; } } @@ -216,14 +228,20 @@ file_magwarn(struct magic_set *ms, const char *f, ...) } protected const char * -file_fmttime(uint32_t v, int local) +file_fmttime(uint64_t v, int flags, char *buf) { char *pp; time_t t = (time_t)v; struct tm *tm; - if (local) { - pp = ctime(&t); + if (flags & FILE_T_WINDOWS) { + struct timespec ts; + cdf_timestamp_to_timespec(&ts, t); + t = ts.tv_sec; + } + + if (flags & FILE_T_LOCAL) { + pp = ctime_r(&t, buf); } else { #ifndef HAVE_DAYLIGHT private int daylight = 0; @@ -245,7 +263,7 @@ file_fmttime(uint32_t v, int local) tm = gmtime(&t); if (tm == NULL) goto out; - pp = asctime(tm); + pp = asctime_r(tm, buf); } if (pp == NULL) @@ -253,5 +271,5 @@ file_fmttime(uint32_t v, int local) pp[strcspn(pp, "\n")] = '\0'; return pp; out: - return "*Invalid time*"; + return strcpy(buf, "*Invalid time*"); } diff --git a/contrib/file/src/readcdf.c b/contrib/file/src/readcdf.c index 9cd0ceb0de..2367b8a21e 100644 --- a/contrib/file/src/readcdf.c +++ b/contrib/file/src/readcdf.c @@ -26,23 +26,101 @@ #include "file.h" #ifndef lint -FILE_RCSID("@(#)$File: readcdf.c,v 1.29 2012/02/20 20:04:58 christos Exp $") +FILE_RCSID("@(#)$File: readcdf.c,v 1.40 2014/03/06 15:23:33 christos Exp $") #endif +#include #include #include #include #include #include +#if defined(HAVE_LOCALE_H) +#include +#endif #include "cdf.h" #include "magic.h" #define NOTMIME(ms) (((ms)->flags & MAGIC_MIME) == 0) +static const struct nv { + const char *pattern; + const char *mime; +} app2mime[] = { + { "Word", "msword", }, + { "Excel", "vnd.ms-excel", }, + { "Powerpoint", "vnd.ms-powerpoint", }, + { "Crystal Reports", "x-rpt", }, + { "Advanced Installer", "vnd.ms-msi", }, + { "InstallShield", "vnd.ms-msi", }, + { "Microsoft Patch Compiler", "vnd.ms-msi", }, + { "NAnt", "vnd.ms-msi", }, + { "Windows Installer", "vnd.ms-msi", }, + { NULL, NULL, }, +}, name2mime[] = { + { "WordDocument", "msword", }, + { "PowerPoint", "vnd.ms-powerpoint", }, + { "DigitalSignature", "vnd.ms-msi", }, + { NULL, NULL, }, +}, name2desc[] = { + { "WordDocument", "Microsoft Office Word",}, + { "PowerPoint", "Microsoft PowerPoint", }, + { "DigitalSignature", "Microsoft Installer", }, + { NULL, NULL, }, +}; + +static const struct cv { + uint64_t clsid[2]; + const char *mime; +} clsid2mime[] = { + { + { 0x00000000000c1084LLU, 0x46000000000000c0LLU }, + "x-msi", + } +}, clsid2desc[] = { + { + { 0x00000000000c1084LLU, 0x46000000000000c0LLU }, + "MSI Installer", + }, +}; + +private const char * +cdf_clsid_to_mime(const uint64_t clsid[2], const struct cv *cv) +{ + size_t i; + for (i = 0; cv[i].mime != NULL; i++) { + if (clsid[0] == cv[i].clsid[0] && clsid[1] == cv[i].clsid[1]) + return cv[i].mime; + } + return NULL; +} + +private const char * +cdf_app_to_mime(const char *vbuf, const struct nv *nv) +{ + size_t i; + const char *rv = NULL; + char *old_lc_ctype; + + old_lc_ctype = setlocale(LC_CTYPE, NULL); + assert(old_lc_ctype != NULL); + old_lc_ctype = strdup(old_lc_ctype); + assert(old_lc_ctype != NULL); + (void)setlocale(LC_CTYPE, "C"); + for (i = 0; nv[i].pattern != NULL; i++) + if (strcasestr(vbuf, nv[i].pattern) != NULL) { + rv = nv[i].mime; + break; + } + (void)setlocale(LC_CTYPE, old_lc_ctype); + free(old_lc_ctype); + return rv; +} + private int cdf_file_property_info(struct magic_set *ms, const cdf_property_info_t *info, - size_t count) + size_t count, const uint64_t clsid[2]) { size_t i; cdf_timestamp_t tp; @@ -52,6 +130,9 @@ cdf_file_property_info(struct magic_set *ms, const cdf_property_info_t *info, const char *s; int len; + if (!NOTMIME(ms)) + str = cdf_clsid_to_mime(clsid, clsid2mime); + for (i = 0; i < count; i++) { cdf_print_property_name(buf, sizeof(buf), info[i].pi_id); switch (info[i].pi_type) { @@ -108,25 +189,17 @@ cdf_file_property_info(struct magic_set *ms, const cdf_property_info_t *info, buf, vbuf) == -1) return -1; } - } else if (info[i].pi_id == - CDF_PROPERTY_NAME_OF_APPLICATION) { - if (strstr(vbuf, "Word")) - str = "msword"; - else if (strstr(vbuf, "Excel")) - str = "vnd.ms-excel"; - else if (strstr(vbuf, "Powerpoint")) - str = "vnd.ms-powerpoint"; - else if (strstr(vbuf, - "Crystal Reports")) - str = "x-rpt"; - } - } + } else if (str == NULL && info[i].pi_id == + CDF_PROPERTY_NAME_OF_APPLICATION) { + str = cdf_app_to_mime(vbuf, app2mime); + } + } break; case CDF_FILETIME: tp = info[i].pi_tp; if (tp != 0) { + char tbuf[64]; if (tp < 1000000000000000LL) { - char tbuf[64]; cdf_print_elapsed_time(tbuf, sizeof(tbuf), tp); if (NOTMIME(ms) && file_printf(ms, @@ -135,9 +208,10 @@ cdf_file_property_info(struct magic_set *ms, const cdf_property_info_t *info, } else { char *c, *ec; cdf_timestamp_to_timespec(&ts, tp); - c = cdf_ctime(&ts.tv_sec); - if ((ec = strchr(c, '\n')) != NULL) - *ec = '\0'; + c = cdf_ctime(&ts.tv_sec, tbuf); + if (c != NULL && + (ec = strchr(c, '\n')) != NULL) + *ec = '\0'; if (NOTMIME(ms) && file_printf(ms, ", %s: %s", buf, c) == -1) @@ -162,7 +236,7 @@ cdf_file_property_info(struct magic_set *ms, const cdf_property_info_t *info, private int cdf_file_summary_info(struct magic_set *ms, const cdf_header_t *h, - const cdf_stream_t *sst) + const cdf_stream_t *sst, const uint64_t clsid[2]) { cdf_summary_info_header_t si; cdf_property_info_t *info; @@ -173,6 +247,8 @@ cdf_file_summary_info(struct magic_set *ms, const cdf_header_t *h, return -1; if (NOTMIME(ms)) { + const char *str; + if (file_printf(ms, "Composite Document File V2 Document") == -1) return -1; @@ -200,14 +276,32 @@ cdf_file_summary_info(struct magic_set *ms, const cdf_header_t *h, return -2; break; } + str = cdf_clsid_to_mime(clsid, clsid2desc); + if (str) + if (file_printf(ms, ", %s", str) == -1) + return -2; } - m = cdf_file_property_info(ms, info, count); + m = cdf_file_property_info(ms, info, count, clsid); free(info); return m == -1 ? -2 : m; } +#ifdef notdef +private char * +format_clsid(char *buf, size_t len, const uint64_t uuid[2]) { + snprintf(buf, len, "%.8" PRIx64 "-%.4" PRIx64 "-%.4" PRIx64 "-%.4" + PRIx64 "-%.12" PRIx64, + (uuid[0] >> 32) & (uint64_t)0x000000000ffffffffLLU, + (uuid[0] >> 16) & (uint64_t)0x0000000000000ffffLLU, + (uuid[0] >> 0) & (uint64_t)0x0000000000000ffffLLU, + (uuid[1] >> 48) & (uint64_t)0x0000000000000ffffLLU, + (uuid[1] >> 0) & (uint64_t)0x0000fffffffffffffLLU); + return buf; +} +#endif + protected int file_trycdf(struct magic_set *ms, int fd, const unsigned char *buf, size_t nbytes) @@ -253,13 +347,26 @@ file_trycdf(struct magic_set *ms, int fd, const unsigned char *buf, goto out2; } - if ((i = cdf_read_short_stream(&info, &h, &sat, &dir, &sst)) == -1) { + const cdf_directory_t *root_storage; + if ((i = cdf_read_short_stream(&info, &h, &sat, &dir, &sst, + &root_storage)) == -1) { expn = "Cannot read short stream"; goto out3; } #ifdef CDF_DEBUG cdf_dump_dir(&info, &h, &sat, &ssat, &sst, &dir); #endif +#ifdef notdef + if (root_storage) { + if (NOTMIME(ms)) { + char clsbuf[128]; + if (file_printf(ms, "CLSID %s, ", + format_clsid(clsbuf, sizeof(clsbuf), + root_storage->d_storage_uuid)) == -1) + return -1; + } + } +#endif if ((i = cdf_read_summary_info(&info, &h, &sat, &ssat, &sst, &dir, &scn)) == -1) { @@ -274,25 +381,36 @@ file_trycdf(struct magic_set *ms, int fd, const unsigned char *buf, #ifdef CDF_DEBUG cdf_dump_summary_info(&h, &scn); #endif - if ((i = cdf_file_summary_info(ms, &h, &scn)) < 0) + if ((i = cdf_file_summary_info(ms, &h, &scn, + root_storage->d_storage_uuid)) < 0) expn = "Can't expand summary_info"; + if (i == 0) { - const char *str = "vnd.ms-office"; + const char *str = NULL; cdf_directory_t *d; char name[__arraycount(d->d_name)]; size_t j, k; - for (j = 0; j < dir.dir_len; j++) { - d = &dir.dir_tab[j]; - for (k = 0; k < sizeof(name); k++) - name[k] = (char)cdf_tole2(d->d_name[k]); - if (strstr(name, "WordDocument") == 0) { - str = "msword"; - break; - } + + for (j = 0; str == NULL && j < dir.dir_len; j++) { + d = &dir.dir_tab[j]; + for (k = 0; k < sizeof(name); k++) + name[k] = (char)cdf_tole2(d->d_name[k]); + str = cdf_app_to_mime(name, + NOTMIME(ms) ? name2desc : name2mime); + } + if (NOTMIME(ms)) { + if (str != NULL) { + if (file_printf(ms, "%s", str) == -1) + return -1; + i = 1; + } + } else { + if (str == NULL) + str = "vnd.ms-office"; + if (file_printf(ms, "application/%s", str) == -1) + return -1; + i = 1; } - if (file_printf(ms, "application/%s", str) == -1) - return -1; - i = 1; } free(scn.sst_tab); out4: @@ -304,15 +422,19 @@ out2: out1: free(sat.sat_tab); out0: - if (i != 1) { - if (i == -1) - if (file_printf(ms, "Composite Document File V2 Document") - == -1) - return -1; - if (*expn) - if (file_printf(ms, ", %s%s", corrupt, expn) == -1) - return -1; - i = 1; - } + if (i == -1) { + if (NOTMIME(ms)) { + if (file_printf(ms, + "Composite Document File V2 Document") == -1) + return -1; + if (*expn) + if (file_printf(ms, ", %s%s", corrupt, expn) == -1) + return -1; + } else { + if (file_printf(ms, "application/CDFV2-corrupt") == -1) + return -1; + } + i = 1; + } return i; } diff --git a/contrib/file/src/readelf.c b/contrib/file/src/readelf.c index 8b141e12d4..cbed12920c 100644 --- a/contrib/file/src/readelf.c +++ b/contrib/file/src/readelf.c @@ -27,7 +27,7 @@ #include "file.h" #ifndef lint -FILE_RCSID("@(#)$File: readelf.c,v 1.90 2011/08/23 08:01:12 christos Exp $") +FILE_RCSID("@(#)$File: readelf.c,v 1.102 2014/03/11 21:00:13 christos Exp $") #endif #ifdef BUILTIN_ELF @@ -48,7 +48,7 @@ private int dophn_core(struct magic_set *, int, int, int, off_t, int, size_t, private int dophn_exec(struct magic_set *, int, int, int, off_t, int, size_t, off_t, int *, int); private int doshn(struct magic_set *, int, int, int, off_t, int, size_t, - off_t, int *, int); + off_t, int *, int, int); private size_t donote(struct magic_set *, void *, size_t, size_t, int, int, size_t, int *); @@ -127,21 +127,15 @@ getu64(int swap, uint64_t value) #define elf_getu16(swap, value) getu16(swap, value) #define elf_getu32(swap, value) getu32(swap, value) -#ifdef USE_ARRAY_FOR_64BIT_TYPES -# define elf_getu64(swap, array) \ - ((swap ? ((uint64_t)elf_getu32(swap, array[0])) << 32 : elf_getu32(swap, array[0])) + \ - (swap ? elf_getu32(swap, array[1]) : ((uint64_t)elf_getu32(swap, array[1]) << 32))) -#else -# define elf_getu64(swap, value) getu64(swap, value) -#endif +#define elf_getu64(swap, value) getu64(swap, value) #define xsh_addr (clazz == ELFCLASS32 \ - ? (void *) &sh32 \ - : (void *) &sh64) + ? (void *)&sh32 \ + : (void *)&sh64) #define xsh_sizeof (clazz == ELFCLASS32 \ - ? sizeof sh32 \ - : sizeof sh64) -#define xsh_size (clazz == ELFCLASS32 \ + ? sizeof(sh32) \ + : sizeof(sh64)) +#define xsh_size (size_t)(clazz == ELFCLASS32 \ ? elf_getu32(swap, sh32.sh_size) \ : elf_getu64(swap, sh64.sh_size)) #define xsh_offset (off_t)(clazz == ELFCLASS32 \ @@ -150,12 +144,15 @@ getu64(int swap, uint64_t value) #define xsh_type (clazz == ELFCLASS32 \ ? elf_getu32(swap, sh32.sh_type) \ : elf_getu32(swap, sh64.sh_type)) +#define xsh_name (clazz == ELFCLASS32 \ + ? elf_getu32(swap, sh32.sh_name) \ + : elf_getu32(swap, sh64.sh_name)) #define xph_addr (clazz == ELFCLASS32 \ ? (void *) &ph32 \ : (void *) &ph64) #define xph_sizeof (clazz == ELFCLASS32 \ - ? sizeof ph32 \ - : sizeof ph64) + ? sizeof(ph32) \ + : sizeof(ph64)) #define xph_type (clazz == ELFCLASS32 \ ? elf_getu32(swap, ph32.p_type) \ : elf_getu32(swap, ph64.p_type)) @@ -171,8 +168,8 @@ getu64(int swap, uint64_t value) ? elf_getu32(swap, ph32.p_filesz) \ : elf_getu64(swap, ph64.p_filesz))) #define xnh_addr (clazz == ELFCLASS32 \ - ? (void *) &nh32 \ - : (void *) &nh64) + ? (void *)&nh32 \ + : (void *)&nh64) #define xph_memsz (size_t)((clazz == ELFCLASS32 \ ? elf_getu32(swap, ph32.p_memsz) \ : elf_getu64(swap, ph64.p_memsz))) @@ -192,8 +189,8 @@ getu64(int swap, uint64_t value) ? prpsoffsets32[i] \ : prpsoffsets64[i]) #define xcap_addr (clazz == ELFCLASS32 \ - ? (void *) &cap32 \ - : (void *) &cap64) + ? (void *)&cap32 \ + : (void *)&cap64) #define xcap_sizeof (clazz == ELFCLASS32 \ ? sizeof cap32 \ : sizeof cap64) @@ -295,7 +292,7 @@ dophn_core(struct magic_set *ms, int clazz, int swap, int fd, off_t off, { Elf32_Phdr ph32; Elf64_Phdr ph64; - size_t offset; + size_t offset, len; unsigned char nbuf[BUFSIZ]; ssize_t bufsize; @@ -309,11 +306,7 @@ dophn_core(struct magic_set *ms, int clazz, int swap, int fd, off_t off, * Loop through all the program headers. */ for ( ; num; num--) { - if (lseek(fd, off, SEEK_SET) == (off_t)-1) { - file_badseek(ms); - return -1; - } - if (read(fd, xph_addr, xph_sizeof) == -1) { + if (pread(fd, xph_addr, xph_sizeof, off) == -1) { file_badread(ms); return -1; } @@ -331,13 +324,8 @@ dophn_core(struct magic_set *ms, int clazz, int swap, int fd, off_t off, * This is a PT_NOTE section; loop through all the notes * in the section. */ - if (lseek(fd, xph_offset, SEEK_SET) == (off_t)-1) { - file_badseek(ms); - return -1; - } - bufsize = read(fd, nbuf, - ((xph_filesz < sizeof(nbuf)) ? xph_filesz : sizeof(nbuf))); - if (bufsize == -1) { + len = xph_filesz < sizeof(nbuf) ? xph_filesz : sizeof(nbuf); + if ((bufsize = pread(fd, nbuf, len, xph_offset)) == -1) { file_badread(ms); return -1; } @@ -356,6 +344,126 @@ dophn_core(struct magic_set *ms, int clazz, int swap, int fd, off_t off, } #endif +static void +do_note_netbsd_version(struct magic_set *ms, int swap, void *v) +{ + uint32_t desc; + (void)memcpy(&desc, v, sizeof(desc)); + desc = elf_getu32(swap, desc); + + if (file_printf(ms, ", for NetBSD") == -1) + return; + /* + * The version number used to be stuck as 199905, and was thus + * basically content-free. Newer versions of NetBSD have fixed + * this and now use the encoding of __NetBSD_Version__: + * + * MMmmrrpp00 + * + * M = major version + * m = minor version + * r = release ["",A-Z,Z[A-Z] but numeric] + * p = patchlevel + */ + if (desc > 100000000U) { + uint32_t ver_patch = (desc / 100) % 100; + uint32_t ver_rel = (desc / 10000) % 100; + uint32_t ver_min = (desc / 1000000) % 100; + uint32_t ver_maj = desc / 100000000; + + if (file_printf(ms, " %u.%u", ver_maj, ver_min) == -1) + return; + if (ver_rel == 0 && ver_patch != 0) { + if (file_printf(ms, ".%u", ver_patch) == -1) + return; + } else if (ver_rel != 0) { + while (ver_rel > 26) { + if (file_printf(ms, "Z") == -1) + return; + ver_rel -= 26; + } + if (file_printf(ms, "%c", 'A' + ver_rel - 1) + == -1) + return; + } + } +} + +static void +do_note_freebsd_version(struct magic_set *ms, int swap, void *v) +{ + uint32_t desc; + + (void)memcpy(&desc, v, sizeof(desc)); + desc = elf_getu32(swap, desc); + if (file_printf(ms, ", for FreeBSD") == -1) + return; + + /* + * Contents is __FreeBSD_version, whose relation to OS + * versions is defined by a huge table in the Porter's + * Handbook. This is the general scheme: + * + * Releases: + * Mmp000 (before 4.10) + * Mmi0p0 (before 5.0) + * Mmm0p0 + * + * Development branches: + * Mmpxxx (before 4.6) + * Mmp1xx (before 4.10) + * Mmi1xx (before 5.0) + * M000xx (pre-M.0) + * Mmm1xx + * + * M = major version + * m = minor version + * i = minor version increment (491000 -> 4.10) + * p = patchlevel + * x = revision + * + * The first release of FreeBSD to use ELF by default + * was version 3.0. + */ + if (desc == 460002) { + if (file_printf(ms, " 4.6.2") == -1) + return; + } else if (desc < 460100) { + if (file_printf(ms, " %d.%d", desc / 100000, + desc / 10000 % 10) == -1) + return; + if (desc / 1000 % 10 > 0) + if (file_printf(ms, ".%d", desc / 1000 % 10) == -1) + return; + if ((desc % 1000 > 0) || (desc % 100000 == 0)) + if (file_printf(ms, " (%d)", desc) == -1) + return; + } else if (desc < 500000) { + if (file_printf(ms, " %d.%d", desc / 100000, + desc / 10000 % 10 + desc / 1000 % 10) == -1) + return; + if (desc / 100 % 10 > 0) { + if (file_printf(ms, " (%d)", desc) == -1) + return; + } else if (desc / 10 % 10 > 0) { + if (file_printf(ms, ".%d", desc / 10 % 10) == -1) + return; + } + } else { + if (file_printf(ms, " %d.%d", desc / 100000, + desc / 1000 % 100) == -1) + return; + if ((desc / 100 % 10 > 0) || + (desc % 100000 / 100 == 0)) { + if (file_printf(ms, " (%d)", desc) == -1) + return; + } else if (desc / 10 % 10 > 0) { + if (file_printf(ms, ".%d", desc / 10 % 10) == -1) + return; + } + } +} + private size_t donote(struct magic_set *ms, void *vbuf, size_t offset, size_t size, int clazz, int swap, size_t align, int *flags) @@ -416,6 +524,10 @@ donote(struct magic_set *ms, void *vbuf, size_t offset, size_t size, (FLAGS_DID_NOTE|FLAGS_DID_BUILD_ID)) goto core; + if (namesz == 5 && strcmp((char *)&nbuf[noff], "SuSE") == 0 && + xnh_type == NT_GNU_VERSION && descsz == 2) { + file_printf(ms, ", for SuSE %d.%d", nbuf[doff], nbuf[doff + 1]); + } if (namesz == 4 && strcmp((char *)&nbuf[noff], "GNU") == 0 && xnh_type == NT_GNU_VERSION && descsz == 16) { uint32_t desc[4]; @@ -457,141 +569,82 @@ donote(struct magic_set *ms, void *vbuf, size_t offset, size_t size, if (namesz == 4 && strcmp((char *)&nbuf[noff], "GNU") == 0 && xnh_type == NT_GNU_BUILD_ID && (descsz == 16 || descsz == 20)) { - uint32_t desc[5], i; - if (file_printf(ms, ", BuildID[%s]=0x", descsz == 16 ? "md5/uuid" : + uint8_t desc[20]; + uint32_t i; + if (file_printf(ms, ", BuildID[%s]=", descsz == 16 ? "md5/uuid" : "sha1") == -1) return size; (void)memcpy(desc, &nbuf[doff], descsz); - for (i = 0; i < descsz >> 2; i++) - if (file_printf(ms, "%.8x", desc[i]) == -1) + for (i = 0; i < descsz; i++) + if (file_printf(ms, "%02x", desc[i]) == -1) return size; *flags |= FLAGS_DID_BUILD_ID; } - if (namesz == 7 && strcmp((char *)&nbuf[noff], "NetBSD") == 0 && - xnh_type == NT_NETBSD_VERSION && descsz == 4) { + if (namesz == 4 && strcmp((char *)&nbuf[noff], "PaX") == 0 && + xnh_type == NT_NETBSD_PAX && descsz == 4) { + static const char *pax[] = { + "+mprotect", + "-mprotect", + "+segvguard", + "-segvguard", + "+ASLR", + "-ASLR", + }; uint32_t desc; + size_t i; + int did = 0; + (void)memcpy(&desc, &nbuf[doff], sizeof(desc)); desc = elf_getu32(swap, desc); - if (file_printf(ms, ", for NetBSD") == -1) + if (desc && file_printf(ms, ", PaX: ") == -1) return size; - /* - * The version number used to be stuck as 199905, and was thus - * basically content-free. Newer versions of NetBSD have fixed - * this and now use the encoding of __NetBSD_Version__: - * - * MMmmrrpp00 - * - * M = major version - * m = minor version - * r = release ["",A-Z,Z[A-Z] but numeric] - * p = patchlevel - */ - if (desc > 100000000U) { - uint32_t ver_patch = (desc / 100) % 100; - uint32_t ver_rel = (desc / 10000) % 100; - uint32_t ver_min = (desc / 1000000) % 100; - uint32_t ver_maj = desc / 100000000; - if (file_printf(ms, " %u.%u", ver_maj, ver_min) == -1) + for (i = 0; i < __arraycount(pax); i++) { + if (((1 << i) & desc) == 0) + continue; + if (file_printf(ms, "%s%s", did++ ? "," : "", + pax[i]) == -1) return size; - if (ver_rel == 0 && ver_patch != 0) { - if (file_printf(ms, ".%u", ver_patch) == -1) - return size; - } else if (ver_rel != 0) { - while (ver_rel > 26) { - if (file_printf(ms, "Z") == -1) - return size; - ver_rel -= 26; - } - if (file_printf(ms, "%c", 'A' + ver_rel - 1) - == -1) - return size; - } } - *flags |= FLAGS_DID_NOTE; - return size; } - if (namesz == 8 && strcmp((char *)&nbuf[noff], "FreeBSD") == 0 && - xnh_type == NT_FREEBSD_VERSION && descsz == 4) { - uint32_t desc; - (void)memcpy(&desc, &nbuf[doff], sizeof(desc)); - desc = elf_getu32(swap, desc); - if (file_printf(ms, ", for FreeBSD") == -1) - return size; - - /* - * Contents is __FreeBSD_version, whose relation to OS - * versions is defined by a huge table in the Porter's - * Handbook. This is the general scheme: - * - * Releases: - * Mmp000 (before 4.10) - * Mmi0p0 (before 5.0) - * Mmm0p0 - * - * Development branches: - * Mmpxxx (before 4.6) - * Mmp1xx (before 4.10) - * Mmi1xx (before 5.0) - * M000xx (pre-M.0) - * Mmm1xx - * - * M = major version - * m = minor version - * i = minor version increment (491000 -> 4.10) - * p = patchlevel - * x = revision - * - * The first release of FreeBSD to use ELF by default - * was version 3.0. - */ - if (desc == 460002) { - if (file_printf(ms, " 4.6.2") == -1) + if (namesz == 7 && strcmp((char *)&nbuf[noff], "NetBSD") == 0) { + switch (xnh_type) { + case NT_NETBSD_VERSION: + if (descsz == 4) { + do_note_netbsd_version(ms, swap, &nbuf[doff]); + *flags |= FLAGS_DID_NOTE; return size; - } else if (desc < 460100) { - if (file_printf(ms, " %d.%d", desc / 100000, - desc / 10000 % 10) == -1) + } + break; + case NT_NETBSD_MARCH: + if (file_printf(ms, ", compiled for: %.*s", (int)descsz, + (const char *)&nbuf[doff]) == -1) return size; - if (desc / 1000 % 10 > 0) - if (file_printf(ms, ".%d", desc / 1000 % 10) - == -1) - return size; - if ((desc % 1000 > 0) || (desc % 100000 == 0)) - if (file_printf(ms, " (%d)", desc) == -1) - return size; - } else if (desc < 500000) { - if (file_printf(ms, " %d.%d", desc / 100000, - desc / 10000 % 10 + desc / 1000 % 10) == -1) + break; + case NT_NETBSD_CMODEL: + if (file_printf(ms, ", compiler model: %.*s", + (int)descsz, (const char *)&nbuf[doff]) == -1) return size; - if (desc / 100 % 10 > 0) { - if (file_printf(ms, " (%d)", desc) == -1) - return size; - } else if (desc / 10 % 10 > 0) { - if (file_printf(ms, ".%d", desc / 10 % 10) - == -1) - return size; - } - } else { - if (file_printf(ms, " %d.%d", desc / 100000, - desc / 1000 % 100) == -1) + break; + default: + if (file_printf(ms, ", note=%u", xnh_type) == -1) return size; - if ((desc / 100 % 10 > 0) || - (desc % 100000 / 100 == 0)) { - if (file_printf(ms, " (%d)", desc) == -1) - return size; - } else if (desc / 10 % 10 > 0) { - if (file_printf(ms, ".%d", desc / 10 % 10) - == -1) - return size; - } + break; } - *flags |= FLAGS_DID_NOTE; return size; } + if (namesz == 8 && strcmp((char *)&nbuf[noff], "FreeBSD") == 0) { + if (xnh_type == NT_FREEBSD_VERSION && descsz == 4) { + do_note_freebsd_version(ms, swap, &nbuf[doff]); + *flags |= FLAGS_DID_NOTE; + return size; + } + } + if (namesz == 8 && strcmp((char *)&nbuf[noff], "OpenBSD") == 0 && xnh_type == NT_OPENBSD_VERSION && descsz == 4) { if (file_printf(ms, ", for OpenBSD") == -1) @@ -842,15 +895,16 @@ static const cap_desc_t cap_desc_386[] = { private int doshn(struct magic_set *ms, int clazz, int swap, int fd, off_t off, int num, - size_t size, off_t fsize, int *flags, int mach) + size_t size, off_t fsize, int *flags, int mach, int strtab) { Elf32_Shdr sh32; Elf64_Shdr sh64; int stripped = 1; void *nbuf; - off_t noff, coff; + off_t noff, coff, name_off; uint64_t cap_hw1 = 0; /* SunOS 5.x hardware capabilites */ uint64_t cap_sf1 = 0; /* SunOS 5.x software capabilites */ + char name[50]; if (size != xsh_sizeof) { if (file_printf(ms, ", corrupted section header size") == -1) @@ -858,12 +912,24 @@ doshn(struct magic_set *ms, int clazz, int swap, int fd, off_t off, int num, return 0; } + /* Read offset of name section to be able to read section names later */ + if (pread(fd, xsh_addr, xsh_sizeof, off + size * strtab) == -1) { + file_badread(ms); + return -1; + } + name_off = xsh_offset; + for ( ; num; num--) { - if (lseek(fd, off, SEEK_SET) == (off_t)-1) { - file_badseek(ms); + /* Read the name of this section. */ + if (pread(fd, name, sizeof(name), name_off + xsh_name) == -1) { + file_badread(ms); return -1; } - if (read(fd, xsh_addr, xsh_sizeof) == -1) { + name[sizeof(name) - 1] = '\0'; + if (strcmp(name, ".debug_info") == 0) + stripped = 0; + + if (pread(fd, xsh_addr, xsh_sizeof, off) == -1) { file_badread(ms); return -1; } @@ -888,39 +954,41 @@ doshn(struct magic_set *ms, int clazz, int swap, int fd, off_t off, int num, /* Things we can determine when we seek */ switch (xsh_type) { case SHT_NOTE: - if ((nbuf = malloc((size_t)xsh_size)) == NULL) { + if ((nbuf = malloc(xsh_size)) == NULL) { file_error(ms, errno, "Cannot allocate memory" " for note"); return -1; } - if ((noff = lseek(fd, (off_t)xsh_offset, SEEK_SET)) == - (off_t)-1) { + if (pread(fd, nbuf, xsh_size, xsh_offset) == -1) { file_badread(ms); free(nbuf); return -1; } - if (read(fd, nbuf, (size_t)xsh_size) != - (ssize_t)xsh_size) { - free(nbuf); - file_badread(ms); - return -1; - } noff = 0; for (;;) { if (noff >= (off_t)xsh_size) break; noff = donote(ms, nbuf, (size_t)noff, - (size_t)xsh_size, clazz, swap, 4, - flags); + xsh_size, clazz, swap, 4, flags); if (noff == 0) break; } free(nbuf); break; case SHT_SUNW_cap: - if (lseek(fd, (off_t)xsh_offset, SEEK_SET) == - (off_t)-1) { + switch (mach) { + case EM_SPARC: + case EM_SPARCV9: + case EM_IA_64: + case EM_386: + case EM_AMD64: + break; + default: + goto skip; + } + + if (lseek(fd, xsh_offset, SEEK_SET) == (off_t)-1) { file_badseek(ms); return -1; } @@ -958,12 +1026,13 @@ doshn(struct magic_set *ms, int clazz, int swap, int fd, off_t off, int num, break; } } - break; - + /*FALLTHROUGH*/ + skip: default: break; } } + if (file_printf(ms, ", %sstripped", stripped ? "" : "not ") == -1) return -1; if (cap_hw1) { @@ -1042,7 +1111,7 @@ dophn_exec(struct magic_set *ms, int clazz, int swap, int fd, off_t off, const char *shared_libraries = ""; unsigned char nbuf[BUFSIZ]; ssize_t bufsize; - size_t offset, align; + size_t offset, align, len; if (size != xph_sizeof) { if (file_printf(ms, ", corrupted program header size") == -1) @@ -1051,13 +1120,8 @@ dophn_exec(struct magic_set *ms, int clazz, int swap, int fd, off_t off, } for ( ; num; num--) { - if (lseek(fd, off, SEEK_SET) == (off_t)-1) { - file_badseek(ms); - return -1; - } - - if (read(fd, xph_addr, xph_sizeof) == -1) { - file_badread(ms); + if (pread(fd, xph_addr, xph_sizeof, off) == -1) { + file_badread(ms); return -1; } @@ -1095,12 +1159,9 @@ dophn_exec(struct magic_set *ms, int clazz, int swap, int fd, off_t off, * This is a PT_NOTE section; loop through all the notes * in the section. */ - if (lseek(fd, xph_offset, SEEK_SET) == (off_t)-1) { - file_badseek(ms); - return -1; - } - bufsize = read(fd, nbuf, ((xph_filesz < sizeof(nbuf)) ? - xph_filesz : sizeof(nbuf))); + len = xph_filesz < sizeof(nbuf) ? xph_filesz + : sizeof(nbuf); + bufsize = pread(fd, nbuf, len, xph_offset); if (bufsize == -1) { file_badread(ms); return -1; diff --git a/contrib/file/src/readelf.h b/contrib/file/src/readelf.h index 4308e6ac4d..732b20c88e 100644 --- a/contrib/file/src/readelf.h +++ b/contrib/file/src/readelf.h @@ -44,17 +44,9 @@ typedef uint16_t Elf32_Half; typedef uint32_t Elf32_Word; typedef uint8_t Elf32_Char; -#if SIZEOF_LONG_LONG != 8 -#define USE_ARRAY_FOR_64BIT_TYPES -typedef uint32_t Elf64_Addr[2]; -typedef uint32_t Elf64_Off[2]; -typedef uint32_t Elf64_Xword[2]; -#else -#undef USE_ARRAY_FOR_64BIT_TYPES typedef uint64_t Elf64_Addr; typedef uint64_t Elf64_Off; typedef uint64_t Elf64_Xword; -#endif typedef uint16_t Elf64_Half; typedef uint32_t Elf64_Word; typedef uint8_t Elf64_Char; @@ -263,6 +255,46 @@ typedef struct { */ #define NT_GNU_BUILD_ID 3 +/* + * NetBSD-specific note type: PaX. + * There should be 1 NOTE per executable. + * name: PaX\0 + * namesz: 4 + * desc: + * word[0]: capability bitmask + * descsz: 4 + */ +#define NT_NETBSD_PAX 3 +#define NT_NETBSD_PAX_MPROTECT 0x01 /* Force enable Mprotect */ +#define NT_NETBSD_PAX_NOMPROTECT 0x02 /* Force disable Mprotect */ +#define NT_NETBSD_PAX_GUARD 0x04 /* Force enable Segvguard */ +#define NT_NETBSD_PAX_NOGUARD 0x08 /* Force disable Servguard */ +#define NT_NETBSD_PAX_ASLR 0x10 /* Force enable ASLR */ +#define NT_NETBSD_PAX_NOASLR 0x20 /* Force disable ASLR */ + +/* + * NetBSD-specific note type: MACHINE_ARCH. + * There should be 1 NOTE per executable. + * name: NetBSD\0 + * namesz: 7 + * desc: string + * descsz: variable + */ +#define NT_NETBSD_MARCH 5 + +/* + * NetBSD-specific note type: COMPILER MODEL. + * There should be 1 NOTE per executable. + * name: NetBSD\0 + * namesz: 7 + * desc: string + * descsz: variable + */ +#define NT_NETBSD_CMODEL 6 + +#if !defined(ELFSIZE) && defined(ARCH_ELFSIZE) +#define ELFSIZE ARCH_ELFSIZE +#endif /* SunOS 5.x hardware/software capabilities */ typedef struct { Elf32_Word c_tag; diff --git a/contrib/file/src/softmagic.c b/contrib/file/src/softmagic.c index 22e1190af8..eaa0f6b612 100644 --- a/contrib/file/src/softmagic.c +++ b/contrib/file/src/softmagic.c @@ -32,27 +32,34 @@ #include "file.h" #ifndef lint -FILE_RCSID("@(#)$File: softmagic.c,v 1.147 2011/11/05 15:44:22 rrt Exp $") +FILE_RCSID("@(#)$File: softmagic.c,v 1.180 2014/03/15 21:47:40 christos Exp $") #endif /* lint */ #include "magic.h" +#define F(a, b) fmtcheck((a), (b)) +#include #include #include #include #include +#if defined(HAVE_LOCALE_H) +#include +#endif private int match(struct magic_set *, struct magic *, uint32_t, - const unsigned char *, size_t, int, int); + const unsigned char *, size_t, size_t, int, int, int, int, int *, int *, + int *); private int mget(struct magic_set *, const unsigned char *, - struct magic *, size_t, unsigned int, int); + struct magic *, size_t, size_t, unsigned int, int, int, int, int, int *, + int *, int *); private int magiccheck(struct magic_set *, struct magic *); private int32_t mprint(struct magic_set *, struct magic *); private int32_t moffset(struct magic_set *, struct magic *); private void mdebug(uint32_t, const char *, size_t); private int mcopy(struct magic_set *, union VALUETYPE *, int, int, const unsigned char *, uint32_t, size_t, size_t); -private int mconvert(struct magic_set *, struct magic *); +private int mconvert(struct magic_set *, struct magic *, int); private int print_sep(struct magic_set *, int); private int handle_annotation(struct magic_set *, struct magic *); private void cvt_8(union VALUETYPE *, const struct magic *); @@ -60,6 +67,7 @@ private void cvt_16(union VALUETYPE *, const struct magic *); private void cvt_32(union VALUETYPE *, const struct magic *); private void cvt_64(union VALUETYPE *, const struct magic *); +#define OFFSET_OOB(n, o, i) ((n) < (o) || (i) > ((n) - (o))) /* * softmagic - lookup one file in parsed, in-memory copy of database * Passed the name and FILE * of one file to be typed. @@ -67,13 +75,14 @@ private void cvt_64(union VALUETYPE *, const struct magic *); /*ARGSUSED1*/ /* nbytes passed for regularity, maybe need later */ protected int file_softmagic(struct magic_set *ms, const unsigned char *buf, size_t nbytes, - int mode, int text) + size_t level, int mode, int text) { struct mlist *ml; - int rv; - for (ml = ms->mlist->next; ml != ms->mlist; ml = ml->next) - if ((rv = match(ms, ml->magic, ml->nmagic, buf, nbytes, mode, - text)) != 0) + int rv, printed_something = 0, need_separator = 0; + for (ml = ms->mlist[0]->next; ml != ms->mlist[0]; ml = ml->next) + if ((rv = match(ms, ml->magic, ml->nmagic, buf, nbytes, 0, mode, + text, 0, level, &printed_something, &need_separator, + NULL)) != 0) return rv; return 0; @@ -108,16 +117,19 @@ file_softmagic(struct magic_set *ms, const unsigned char *buf, size_t nbytes, */ private int match(struct magic_set *ms, struct magic *magic, uint32_t nmagic, - const unsigned char *s, size_t nbytes, int mode, int text) + const unsigned char *s, size_t nbytes, size_t offset, int mode, int text, + int flip, int recursion_level, int *printed_something, int *need_separator, + int *returnval) { uint32_t magindex = 0; unsigned int cont_level = 0; - int need_separator = 0; - int returnval = 0, e; /* if a match is found it is set to 1*/ + int returnvalv = 0, e; /* if a match is found it is set to 1*/ int firstline = 1; /* a flag to print X\n X\n- X */ - int printed_something = 0; int print = (ms->flags & (MAGIC_MIME|MAGIC_APPLE)) == 0; + if (returnval == NULL) + returnval = &returnvalv; + if (file_check_mem(ms, cont_level) == -1) return -1; @@ -125,13 +137,16 @@ match(struct magic_set *ms, struct magic *magic, uint32_t nmagic, int flush = 0; struct magic *m = &magic[magindex]; + if (m->type != FILE_NAME) if ((IS_STRING(m->type) && - ((text && (m->str_flags & (STRING_BINTEST | STRING_TEXTTEST)) == STRING_BINTEST) || - (!text && (m->str_flags & (STRING_TEXTTEST | STRING_BINTEST)) == STRING_TEXTTEST))) || +#define FLT (STRING_BINTEST | STRING_TEXTTEST) + ((text && (m->str_flags & FLT) == STRING_BINTEST) || + (!text && (m->str_flags & FLT) == STRING_TEXTTEST))) || (m->flag & mode) != mode) { /* Skip sub-tests */ - while (magic[magindex + 1].cont_level != 0 && - ++magindex < nmagic) + while (magindex + 1 < nmagic && + magic[magindex + 1].cont_level != 0 && + ++magindex) continue; continue; /* Skip to next top-level test*/ } @@ -140,7 +155,9 @@ match(struct magic_set *ms, struct magic *magic, uint32_t nmagic, ms->line = m->lineno; /* if main entry matches, print it... */ - switch (mget(ms, s, m, nbytes, cont_level, text)) { + switch (mget(ms, s, m, nbytes, offset, cont_level, mode, text, + flip, recursion_level + 1, printed_something, + need_separator, returnval)) { case -1: return -1; case 0: @@ -148,7 +165,7 @@ match(struct magic_set *ms, struct magic *magic, uint32_t nmagic, break; default: if (m->type == FILE_INDIRECT) - returnval = 1; + *returnval = 1; switch (magiccheck(ms, m)) { case -1: @@ -173,15 +190,19 @@ match(struct magic_set *ms, struct magic *magic, uint32_t nmagic, continue; } - if ((e = handle_annotation(ms, m)) != 0) + if ((e = handle_annotation(ms, m)) != 0) { + *need_separator = 1; + *printed_something = 1; + *returnval = 1; return e; + } /* * If we are going to print something, we'll need to print * a blank before we print something else. */ if (*m->desc) { - need_separator = 1; - printed_something = 1; + *need_separator = 1; + *printed_something = 1; if (print_sep(ms, firstline) == -1) return -1; } @@ -223,7 +244,9 @@ match(struct magic_set *ms, struct magic *magic, uint32_t nmagic, continue; } #endif - switch (mget(ms, s, m, nbytes, cont_level, text)) { + switch (mget(ms, s, m, nbytes, offset, cont_level, mode, + text, flip, recursion_level + 1, printed_something, + need_separator, returnval)) { case -1: return -1; case 0: @@ -233,7 +256,7 @@ match(struct magic_set *ms, struct magic *magic, uint32_t nmagic, break; default: if (m->type == FILE_INDIRECT) - returnval = 1; + *returnval = 1; flush = 0; break; } @@ -250,21 +273,26 @@ match(struct magic_set *ms, struct magic *magic, uint32_t nmagic, #ifdef ENABLE_CONDITIONALS ms->c.li[cont_level].last_match = 1; #endif - if (m->type != FILE_DEFAULT) - ms->c.li[cont_level].got_match = 1; - else if (ms->c.li[cont_level].got_match) { + if (m->type == FILE_CLEAR) ms->c.li[cont_level].got_match = 0; - break; - } - if ((e = handle_annotation(ms, m)) != 0) + else if (ms->c.li[cont_level].got_match) { + if (m->type == FILE_DEFAULT) + break; + } else + ms->c.li[cont_level].got_match = 1; + if ((e = handle_annotation(ms, m)) != 0) { + *need_separator = 1; + *printed_something = 1; + *returnval = 1; return e; + } /* * If we are going to print something, * make sure that we have a separator first. */ if (*m->desc) { - if (!printed_something) { - printed_something = 1; + if (!*printed_something) { + *printed_something = 1; if (print_sep(ms, firstline) == -1) return -1; @@ -277,13 +305,13 @@ match(struct magic_set *ms, struct magic *magic, uint32_t nmagic, * this item isn't empty. */ /* space if previous printed */ - if (need_separator + if (*need_separator && ((m->flag & NOSPACE) == 0) && *m->desc) { if (print && file_printf(ms, " ") == -1) return -1; - need_separator = 0; + *need_separator = 0; } if (print && mprint(ms, m) == -1) return -1; @@ -291,7 +319,7 @@ match(struct magic_set *ms, struct magic *magic, uint32_t nmagic, ms->c.li[cont_level].off = moffset(ms, m); if (*m->desc) - need_separator = 1; + *need_separator = 1; /* * If we see any continuations @@ -303,38 +331,46 @@ match(struct magic_set *ms, struct magic *magic, uint32_t nmagic, break; } } - if (printed_something) { + if (*printed_something) { firstline = 0; if (print) - returnval = 1; + *returnval = 1; } - if ((ms->flags & MAGIC_CONTINUE) == 0 && printed_something) { - return returnval; /* don't keep searching */ + if ((ms->flags & MAGIC_CONTINUE) == 0 && *printed_something) { + return *returnval; /* don't keep searching */ } } - return returnval; /* This is hit if -k is set or there is no match */ + return *returnval; /* This is hit if -k is set or there is no match */ } private int check_fmt(struct magic_set *ms, struct magic *m) { regex_t rx; - int rc; + int rc, rv = -1; + char *old_lc_ctype; if (strchr(m->desc, '%') == NULL) return 0; + old_lc_ctype = setlocale(LC_CTYPE, NULL); + assert(old_lc_ctype != NULL); + old_lc_ctype = strdup(old_lc_ctype); + assert(old_lc_ctype != NULL); + (void)setlocale(LC_CTYPE, "C"); rc = regcomp(&rx, "%[-0-9\\.]*s", REG_EXTENDED|REG_NOSUB); if (rc) { char errmsg[512]; (void)regerror(rc, &rx, errmsg, sizeof(errmsg)); file_magerror(ms, "regex error %d, (%s)", rc, errmsg); - return -1; } else { rc = regexec(&rx, m->desc, 0, 0, 0); regfree(&rx); - return !rc; + rv = !rc; } + (void)setlocale(LC_CTYPE, old_lc_ctype); + free(old_lc_ctype); + return rv; } #ifndef HAVE_STRNDUP @@ -363,7 +399,7 @@ mprint(struct magic_set *ms, struct magic *m) float vf; double vd; int64_t t = 0; - char buf[128]; + char buf[128], tbuf[26]; union VALUETYPE *p = &ms->ms_value; switch (m->type) { @@ -375,11 +411,12 @@ mprint(struct magic_set *ms, struct magic *m) case 1: (void)snprintf(buf, sizeof(buf), "%c", (unsigned char)v); - if (file_printf(ms, m->desc, buf) == -1) + if (file_printf(ms, F(m->desc, "%s"), buf) == -1) return -1; break; default: - if (file_printf(ms, m->desc, (unsigned char) v) == -1) + if (file_printf(ms, F(m->desc, "%c"), + (unsigned char) v) == -1) return -1; break; } @@ -396,12 +433,12 @@ mprint(struct magic_set *ms, struct magic *m) case 1: (void)snprintf(buf, sizeof(buf), "%hu", (unsigned short)v); - if (file_printf(ms, m->desc, buf) == -1) + if (file_printf(ms, F(m->desc, "%s"), buf) == -1) return -1; break; default: - if ( - file_printf(ms, m->desc, (unsigned short) v) == -1) + if (file_printf(ms, F(m->desc, "%hu"), + (unsigned short) v) == -1) return -1; break; } @@ -418,11 +455,12 @@ mprint(struct magic_set *ms, struct magic *m) return -1; case 1: (void)snprintf(buf, sizeof(buf), "%u", (uint32_t)v); - if (file_printf(ms, m->desc, buf) == -1) + if (file_printf(ms, F(m->desc, "%s"), buf) == -1) return -1; break; default: - if (file_printf(ms, m->desc, (uint32_t) v) == -1) + if (file_printf(ms, F(m->desc, "%u"), + (uint32_t) v) == -1) return -1; break; } @@ -433,8 +471,21 @@ mprint(struct magic_set *ms, struct magic *m) case FILE_BEQUAD: case FILE_LEQUAD: v = file_signextend(ms, m, p->q); - if (file_printf(ms, m->desc, (uint64_t) v) == -1) + switch (check_fmt(ms, m)) { + case -1: return -1; + case 1: + (void)snprintf(buf, sizeof(buf), "%llu", + (unsigned long long)v); + if (file_printf(ms, F(m->desc, "%s"), buf) == -1) + return -1; + break; + default: + if (file_printf(ms, F(m->desc, "%llu"), + (unsigned long long) v) == -1) + return -1; + break; + } t = ms->offset + sizeof(int64_t); break; @@ -443,16 +494,35 @@ mprint(struct magic_set *ms, struct magic *m) case FILE_BESTRING16: case FILE_LESTRING16: if (m->reln == '=' || m->reln == '!') { - if (file_printf(ms, m->desc, m->value.s) == -1) + if (file_printf(ms, F(m->desc, "%s"), m->value.s) == -1) return -1; t = ms->offset + m->vallen; } else { + char *str = p->s; + + /* compute t before we mangle the string? */ + t = ms->offset + strlen(str); + if (*m->value.s == '\0') - p->s[strcspn(p->s, "\n")] = '\0'; - if (file_printf(ms, m->desc, p->s) == -1) + str[strcspn(str, "\n")] = '\0'; + + if (m->str_flags & STRING_TRIM) { + char *last; + while (isspace((unsigned char)*str)) + str++; + last = str; + while (*last) + last++; + --last; + while (isspace((unsigned char)*last)) + last--; + *++last = '\0'; + } + + if (file_printf(ms, F(m->desc, "%s"), str) == -1) return -1; - t = ms->offset + strlen(p->s); + if (m->type == FILE_PSTRING) t += file_pstring_length_size(m); } @@ -462,25 +532,27 @@ mprint(struct magic_set *ms, struct magic *m) case FILE_BEDATE: case FILE_LEDATE: case FILE_MEDATE: - if (file_printf(ms, m->desc, file_fmttime(p->l, 1)) == -1) + if (file_printf(ms, F(m->desc, "%s"), + file_fmttime(p->l, FILE_T_LOCAL, tbuf)) == -1) return -1; - t = ms->offset + sizeof(time_t); + t = ms->offset + sizeof(uint32_t); break; case FILE_LDATE: case FILE_BELDATE: case FILE_LELDATE: case FILE_MELDATE: - if (file_printf(ms, m->desc, file_fmttime(p->l, 0)) == -1) + if (file_printf(ms, F(m->desc, "%s"), + file_fmttime(p->l, 0, tbuf)) == -1) return -1; - t = ms->offset + sizeof(time_t); + t = ms->offset + sizeof(uint32_t); break; case FILE_QDATE: case FILE_BEQDATE: case FILE_LEQDATE: - if (file_printf(ms, m->desc, file_fmttime((uint32_t)p->q, - 1)) == -1) + if (file_printf(ms, F(m->desc, "%s"), + file_fmttime(p->q, FILE_T_LOCAL, tbuf)) == -1) return -1; t = ms->offset + sizeof(uint64_t); break; @@ -488,8 +560,17 @@ mprint(struct magic_set *ms, struct magic *m) case FILE_QLDATE: case FILE_BEQLDATE: case FILE_LEQLDATE: - if (file_printf(ms, m->desc, file_fmttime((uint32_t)p->q, - 0)) == -1) + if (file_printf(ms, F(m->desc, "%s"), + file_fmttime(p->q, 0, tbuf)) == -1) + return -1; + t = ms->offset + sizeof(uint64_t); + break; + + case FILE_QWDATE: + case FILE_BEQWDATE: + case FILE_LEQWDATE: + if (file_printf(ms, F(m->desc, "%s"), + file_fmttime(p->q, FILE_T_WINDOWS, tbuf)) == -1) return -1; t = ms->offset + sizeof(uint64_t); break; @@ -503,11 +584,11 @@ mprint(struct magic_set *ms, struct magic *m) return -1; case 1: (void)snprintf(buf, sizeof(buf), "%g", vf); - if (file_printf(ms, m->desc, buf) == -1) + if (file_printf(ms, F(m->desc, "%s"), buf) == -1) return -1; break; default: - if (file_printf(ms, m->desc, vf) == -1) + if (file_printf(ms, F(m->desc, "%g"), vf) == -1) return -1; break; } @@ -523,11 +604,11 @@ mprint(struct magic_set *ms, struct magic *m) return -1; case 1: (void)snprintf(buf, sizeof(buf), "%g", vd); - if (file_printf(ms, m->desc, buf) == -1) + if (file_printf(ms, F(m->desc, "%s"), buf) == -1) return -1; break; default: - if (file_printf(ms, m->desc, vd) == -1) + if (file_printf(ms, F(m->desc, "%g"), vd) == -1) return -1; break; } @@ -543,7 +624,7 @@ mprint(struct magic_set *ms, struct magic *m) file_oomem(ms, ms->search.rm_len); return -1; } - rval = file_printf(ms, m->desc, cp); + rval = file_printf(ms, F(m->desc, "%s"), cp); free(cp); if (rval == -1) @@ -557,7 +638,7 @@ mprint(struct magic_set *ms, struct magic *m) } case FILE_SEARCH: - if (file_printf(ms, m->desc, m->value.s) == -1) + if (file_printf(ms, F(m->desc, "%s"), m->value.s) == -1) return -1; if ((m->str_flags & REGEX_OFFSET_START)) t = ms->search.offset; @@ -566,12 +647,15 @@ mprint(struct magic_set *ms, struct magic *m) break; case FILE_DEFAULT: - if (file_printf(ms, m->desc, m->value.s) == -1) + case FILE_CLEAR: + if (file_printf(ms, "%s", m->desc) == -1) return -1; t = ms->offset; break; case FILE_INDIRECT: + case FILE_USE: + case FILE_NAME: t = ms->offset; break; @@ -619,7 +703,7 @@ moffset(struct magic_set *ms, struct magic *m) p->s[strcspn(p->s, "\n")] = '\0'; t = CAST(uint32_t, (ms->offset + strlen(p->s))); if (m->type == FILE_PSTRING) - t += file_pstring_length_size(m); + t += (uint32_t)file_pstring_length_size(m); return t; } @@ -627,13 +711,13 @@ moffset(struct magic_set *ms, struct magic *m) case FILE_BEDATE: case FILE_LEDATE: case FILE_MEDATE: - return CAST(int32_t, (ms->offset + sizeof(time_t))); + return CAST(int32_t, (ms->offset + sizeof(uint32_t))); case FILE_LDATE: case FILE_BELDATE: case FILE_LELDATE: case FILE_MELDATE: - return CAST(int32_t, (ms->offset + sizeof(time_t))); + return CAST(int32_t, (ms->offset + sizeof(uint32_t))); case FILE_QDATE: case FILE_BEQDATE: @@ -668,9 +752,8 @@ moffset(struct magic_set *ms, struct magic *m) else return CAST(int32_t, (ms->search.offset + m->vallen)); + case FILE_CLEAR: case FILE_DEFAULT: - return ms->offset; - case FILE_INDIRECT: return ms->offset; @@ -679,6 +762,56 @@ moffset(struct magic_set *ms, struct magic *m) } } +private int +cvt_flip(int type, int flip) +{ + if (flip == 0) + return type; + switch (type) { + case FILE_BESHORT: + return FILE_LESHORT; + case FILE_BELONG: + return FILE_LELONG; + case FILE_BEDATE: + return FILE_LEDATE; + case FILE_BELDATE: + return FILE_LELDATE; + case FILE_BEQUAD: + return FILE_LEQUAD; + case FILE_BEQDATE: + return FILE_LEQDATE; + case FILE_BEQLDATE: + return FILE_LEQLDATE; + case FILE_BEQWDATE: + return FILE_LEQWDATE; + case FILE_LESHORT: + return FILE_BESHORT; + case FILE_LELONG: + return FILE_BELONG; + case FILE_LEDATE: + return FILE_BEDATE; + case FILE_LELDATE: + return FILE_BELDATE; + case FILE_LEQUAD: + return FILE_BEQUAD; + case FILE_LEQDATE: + return FILE_BEQDATE; + case FILE_LEQLDATE: + return FILE_BEQLDATE; + case FILE_LEQWDATE: + return FILE_BEQWDATE; + case FILE_BEFLOAT: + return FILE_LEFLOAT; + case FILE_LEFLOAT: + return FILE_BEFLOAT; + case FILE_BEDOUBLE: + return FILE_LEDOUBLE; + case FILE_LEDOUBLE: + return FILE_BEDOUBLE; + default: + return type; + } +} #define DO_CVT(fld, cast) \ if (m->num_mask) \ switch (m->mask_op & FILE_OPS_MASK) { \ @@ -769,11 +902,11 @@ cvt_double(union VALUETYPE *p, const struct magic *m) * (unless you have a better idea) */ private int -mconvert(struct magic_set *ms, struct magic *m) +mconvert(struct magic_set *ms, struct magic *m, int flip) { union VALUETYPE *p = &ms->ms_value; - switch (m->type) { + switch (cvt_flip(m->type, flip)) { case FILE_BYTE: cvt_8(p, m); return 1; @@ -788,6 +921,7 @@ mconvert(struct magic_set *ms, struct magic *m) case FILE_QUAD: case FILE_QDATE: case FILE_QLDATE: + case FILE_QWDATE: cvt_64(p, m); return 1; case FILE_STRING: @@ -821,6 +955,7 @@ mconvert(struct magic_set *ms, struct magic *m) case FILE_BEQUAD: case FILE_BEQDATE: case FILE_BEQLDATE: + case FILE_BEQWDATE: p->q = (uint64_t) (((uint64_t)p->hq[0]<<56)|((uint64_t)p->hq[1]<<48)| ((uint64_t)p->hq[2]<<40)|((uint64_t)p->hq[3]<<32)| @@ -842,6 +977,7 @@ mconvert(struct magic_set *ms, struct magic *m) case FILE_LEQUAD: case FILE_LEQDATE: case FILE_LEQLDATE: + case FILE_LEQWDATE: p->q = (uint64_t) (((uint64_t)p->hq[7]<<56)|((uint64_t)p->hq[6]<<48)| ((uint64_t)p->hq[5]<<40)|((uint64_t)p->hq[4]<<32)| @@ -889,6 +1025,9 @@ mconvert(struct magic_set *ms, struct magic *m) case FILE_REGEX: case FILE_SEARCH: case FILE_DEFAULT: + case FILE_CLEAR: + case FILE_NAME: + case FILE_USE: return 1; default: file_magerror(ms, "invalid type %d in mconvert()", m->type); @@ -900,7 +1039,7 @@ mconvert(struct magic_set *ms, struct magic *m) private void mdebug(uint32_t offset, const char *str, size_t len) { - (void) fprintf(stderr, "mget @%d: ", offset); + (void) fprintf(stderr, "mget/%zu @%d: ", len, offset); file_showstr(stderr, str, len); (void) fputc('\n', stderr); (void) fputc('\n', stderr); @@ -967,12 +1106,9 @@ mcopy(struct magic_set *ms, union VALUETYPE *p, int type, int indir, if (type == FILE_BESTRING16) src++; - /* check for pointer overflow */ - if (src < s) { - file_magerror(ms, "invalid offset %u in mcopy()", - offset); - return -1; - } + /* check that offset is within range */ + if (offset >= nbytes) + break; for (/*EMPTY*/; src < esrc; src += 2, dst++) { if (dst < edst) *dst = *src; @@ -1017,17 +1153,31 @@ mcopy(struct magic_set *ms, union VALUETYPE *p, int type, int indir, } private int -mget(struct magic_set *ms, const unsigned char *s, - struct magic *m, size_t nbytes, unsigned int cont_level, int text) +mget(struct magic_set *ms, const unsigned char *s, struct magic *m, + size_t nbytes, size_t o, unsigned int cont_level, int mode, int text, + int flip, int recursion_level, int *printed_something, + int *need_separator, int *returnval) { - uint32_t offset = ms->offset; + uint32_t soffset, offset = ms->offset; uint32_t count = m->str_range; + int rv, oneed_separator, in_type; + char *sbuf, *rbuf; union VALUETYPE *p = &ms->ms_value; + struct mlist ml; - if (mcopy(ms, p, m->type, m->flag & INDIR, s, offset, nbytes, count) == -1) + if (recursion_level >= 20) { + file_error(ms, 0, "recursion nesting exceeded"); + return -1; + } + + if (mcopy(ms, p, m->type, m->flag & INDIR, s, (uint32_t)(offset + o), + (uint32_t)nbytes, count) == -1) return -1; if ((ms->flags & MAGIC_DEBUG) != 0) { + fprintf(stderr, "mget(type=%d, flag=%x, offset=%u, o=%zu, " + "nbytes=%zu, count=%u)\n", m->type, m->flag, offset, o, + nbytes, count); mdebug(offset, (char *)(void *)p, sizeof(union VALUETYPE)); #ifndef COMPILE_ONLY file_mdump(m); @@ -1039,7 +1189,7 @@ mget(struct magic_set *ms, const unsigned char *s, if (m->in_op & FILE_OPINDIRECT) { const union VALUETYPE *q = CAST(const union VALUETYPE *, ((const void *)(s + offset + off))); - switch (m->in_type) { + switch (cvt_flip(m->in_type, flip)) { case FILE_BYTE: off = q->b; break; @@ -1070,10 +1220,12 @@ mget(struct magic_set *ms, const unsigned char *s, (q->hl[3]<<8)|(q->hl[2])); break; } + if ((ms->flags & MAGIC_DEBUG) != 0) + fprintf(stderr, "indirect offs=%u\n", off); } - switch (m->in_type) { + switch (in_type = cvt_flip(m->in_type, flip)) { case FILE_BYTE: - if (nbytes < (offset + 1)) + if (OFFSET_OOB(nbytes, offset, 1)) return 0; if (off) { switch (m->in_op & FILE_OPS_MASK) { @@ -1108,7 +1260,7 @@ mget(struct magic_set *ms, const unsigned char *s, offset = ~offset; break; case FILE_BESHORT: - if (nbytes < (offset + 2)) + if (OFFSET_OOB(nbytes, offset, 2)) return 0; if (off) { switch (m->in_op & FILE_OPS_MASK) { @@ -1160,7 +1312,7 @@ mget(struct magic_set *ms, const unsigned char *s, offset = ~offset; break; case FILE_LESHORT: - if (nbytes < (offset + 2)) + if (OFFSET_OOB(nbytes, offset, 2)) return 0; if (off) { switch (m->in_op & FILE_OPS_MASK) { @@ -1212,7 +1364,7 @@ mget(struct magic_set *ms, const unsigned char *s, offset = ~offset; break; case FILE_SHORT: - if (nbytes < (offset + 2)) + if (OFFSET_OOB(nbytes, offset, 2)) return 0; if (off) { switch (m->in_op & FILE_OPS_MASK) { @@ -1249,7 +1401,7 @@ mget(struct magic_set *ms, const unsigned char *s, break; case FILE_BELONG: case FILE_BEID3: - if (nbytes < (offset + 4)) + if (OFFSET_OOB(nbytes, offset, 4)) return 0; if (off) { switch (m->in_op & FILE_OPS_MASK) { @@ -1320,7 +1472,7 @@ mget(struct magic_set *ms, const unsigned char *s, break; case FILE_LELONG: case FILE_LEID3: - if (nbytes < (offset + 4)) + if (OFFSET_OOB(nbytes, offset, 4)) return 0; if (off) { switch (m->in_op & FILE_OPS_MASK) { @@ -1390,7 +1542,7 @@ mget(struct magic_set *ms, const unsigned char *s, offset = ~offset; break; case FILE_MELONG: - if (nbytes < (offset + 4)) + if (OFFSET_OOB(nbytes, offset, 4)) return 0; if (off) { switch (m->in_op & FILE_OPS_MASK) { @@ -1460,7 +1612,7 @@ mget(struct magic_set *ms, const unsigned char *s, offset = ~offset; break; case FILE_LONG: - if (nbytes < (offset + 4)) + if (OFFSET_OOB(nbytes, offset, 4)) return 0; if (off) { switch (m->in_op & FILE_OPS_MASK) { @@ -1494,9 +1646,11 @@ mget(struct magic_set *ms, const unsigned char *s, if (m->in_op & FILE_OPINVERSE) offset = ~offset; break; + default: + break; } - switch (m->in_type) { + switch (in_type) { case FILE_LEID3: case FILE_BEID3: offset = ((((offset >> 0) & 0x7f) << 0) | @@ -1510,6 +1664,14 @@ mget(struct magic_set *ms, const unsigned char *s, if (m->flag & INDIROFFADD) { offset += ms->c.li[cont_level-1].off; + if (offset == 0) { + if ((ms->flags & MAGIC_DEBUG) != 0) + fprintf(stderr, + "indirect *zero* offset\n"); + return 0; + } + if ((ms->flags & MAGIC_DEBUG) != 0) + fprintf(stderr, "indirect +offs=%u\n", offset); } if (mcopy(ms, p, m->type, 0, s, offset, nbytes, count) == -1) return -1; @@ -1527,14 +1689,14 @@ mget(struct magic_set *ms, const unsigned char *s, /* Verify we have enough data to match magic type */ switch (m->type) { case FILE_BYTE: - if (nbytes < (offset + 1)) /* should alway be true */ + if (OFFSET_OOB(nbytes, offset, 1)) return 0; break; case FILE_SHORT: case FILE_BESHORT: case FILE_LESHORT: - if (nbytes < (offset + 2)) + if (OFFSET_OOB(nbytes, offset, 2)) return 0; break; @@ -1553,21 +1715,21 @@ mget(struct magic_set *ms, const unsigned char *s, case FILE_FLOAT: case FILE_BEFLOAT: case FILE_LEFLOAT: - if (nbytes < (offset + 4)) + if (OFFSET_OOB(nbytes, offset, 4)) return 0; break; case FILE_DOUBLE: case FILE_BEDOUBLE: case FILE_LEDOUBLE: - if (nbytes < (offset + 8)) + if (OFFSET_OOB(nbytes, offset, 8)) return 0; break; case FILE_STRING: case FILE_PSTRING: case FILE_SEARCH: - if (nbytes < (offset + m->vallen)) + if (OFFSET_OOB(nbytes, offset, m->vallen)) return 0; break; @@ -1577,19 +1739,68 @@ mget(struct magic_set *ms, const unsigned char *s, break; case FILE_INDIRECT: - if ((ms->flags & (MAGIC_MIME|MAGIC_APPLE)) == 0 && - file_printf(ms, "%s", m->desc) == -1) - return -1; + if (offset == 0) + return 0; if (nbytes < offset) return 0; - return file_softmagic(ms, s + offset, nbytes - offset, - BINTEST, text); + sbuf = ms->o.buf; + soffset = ms->offset; + ms->o.buf = NULL; + ms->offset = 0; + rv = file_softmagic(ms, s + offset, nbytes - offset, + recursion_level, BINTEST, text); + if ((ms->flags & MAGIC_DEBUG) != 0) + fprintf(stderr, "indirect @offs=%u[%d]\n", offset, rv); + rbuf = ms->o.buf; + ms->o.buf = sbuf; + ms->offset = soffset; + if (rv == 1) { + if ((ms->flags & (MAGIC_MIME|MAGIC_APPLE)) == 0 && + file_printf(ms, F(m->desc, "%u"), offset) == -1) { + free(rbuf); + return -1; + } + if (file_printf(ms, "%s", rbuf) == -1) { + free(rbuf); + return -1; + } + } + free(rbuf); + return rv; + + case FILE_USE: + if (nbytes < offset) + return 0; + sbuf = m->value.s; + if (*sbuf == '^') { + sbuf++; + flip = !flip; + } + if (file_magicfind(ms, sbuf, &ml) == -1) { + file_error(ms, 0, "cannot find entry `%s'", sbuf); + return -1; + } + oneed_separator = *need_separator; + if (m->flag & NOSPACE) + *need_separator = 0; + rv = match(ms, ml.magic, ml.nmagic, s, nbytes, offset + o, + mode, text, flip, recursion_level, printed_something, + need_separator, returnval); + if (rv != 1) + *need_separator = oneed_separator; + return rv; + + case FILE_NAME: + if (file_printf(ms, "%s", m->desc) == -1) + return -1; + return 1; case FILE_DEFAULT: /* nothing to check */ + case FILE_CLEAR: default: break; } - if (!mconvert(ms, m)) + if (!mconvert(ms, m, flip)) return 0; return 1; } @@ -1678,6 +1889,7 @@ magiccheck(struct magic_set *ms, struct magic *m) double dl, dv; int matched; union VALUETYPE *p = &ms->ms_value; + char *old_lc_ctype; switch (m->type) { case FILE_BYTE: @@ -1714,6 +1926,9 @@ magiccheck(struct magic_set *ms, struct magic *m) case FILE_QLDATE: case FILE_BEQLDATE: case FILE_LEQLDATE: + case FILE_QWDATE: + case FILE_BEQWDATE: + case FILE_LEQWDATE: v = p->q; break; @@ -1785,6 +2000,7 @@ magiccheck(struct magic_set *ms, struct magic *m) return matched; case FILE_DEFAULT: + case FILE_CLEAR: l = 0; v = 0; break; @@ -1832,6 +2048,11 @@ magiccheck(struct magic_set *ms, struct magic *m) if (ms->search.s == NULL) return 0; + old_lc_ctype = setlocale(LC_CTYPE, NULL); + assert(old_lc_ctype != NULL); + old_lc_ctype = strdup(old_lc_ctype); + assert(old_lc_ctype != NULL); + (void)setlocale(LC_CTYPE, "C"); l = 0; rc = regcomp(&rx, m->value.s, REG_EXTENDED|REG_NEWLINE| @@ -1880,11 +2101,15 @@ magiccheck(struct magic_set *ms, struct magic *m) } regfree(&rx); } + (void)setlocale(LC_CTYPE, old_lc_ctype); + free(old_lc_ctype); if (v == (uint64_t)-1) return -1; break; } case FILE_INDIRECT: + case FILE_USE: + case FILE_NAME: return 1; default: file_magerror(ms, "invalid type %d in magiccheck()", m->type); -- 2.41.0