--- contrib/file/ChangeLog.orig +++ contrib/file/ChangeLog @@ -1,3 +1,157 @@ +2017-09-02 11:53 Christos Zoulas + + * release 5.32 + +2017-08-28 16:37 Christos Zoulas + + * Always reset state in {file,buffer}_apprentice (Krzysztof Wilczynski) + +2017-08-27 03:55 Christos Zoulas + + * Fix always true condition (Thomas Jarosch) + +2017-05-24 17:30 Christos Zoulas + + * pickier parsing of numeric values in magic files. + +2017-05-23 17:55 Christos Zoulas + + * PR/615 add magic_getflags() + +2017-05-23 13:55 Christos Zoulas + + * release 5.31 + +2017-03-17 20:32 Christos Zoulas + + * remove trailing spaces from magic files + * refactor is_tar + * better bounds checks for cdf + +2017-02-10 12:24 Christos Zoulas + + * release 5.30 + +2017-02-07 23:27 Christos Zoulas + + * If we exceeded the offset in a search return no match + (Christoph Biedl) + * Be more lenient on corrupt CDF files (Christoph Biedl) + +2017-02-04 16:46 Christos Zoulas + + * pacify ubsan sign extension (oss-fuzz/524) + +2017-02-01 12:42 Christos Zoulas + + * off by one in cdf parsing (PR/593) + * report debugging sections in elf (PR/591) + +2016-11-06 10:52 Christos Zoulas + + * Allow @@@ in extensions + * Add missing overflow check in der magic (Jonas Wagner) + +2016-10-25 10:40 Christos Zoulas + + * release 5.29 + +2016-10-24 11:20 Christos Zoulas + + * der getlength overflow (Jonas Wagner) + * multiple magic file load failure (Christoph Biedl) + +2016-10-17 11:26 Christos Zoulas + + * CDF parsing improvements (Guy Helmer) + +2016-07-20 7:26 Christos Zoulas + + * Add support for signed indirect offsets + +2016-07-18 7:41 Christos Zoulas + + * cat /dev/null | file - should print empty (Christoph Biedl) + +2016-07-05 15:20 Christos Zoulas + + * Bump string size from 64 to 96. + +2016-06-13 20:20 Christos Zoulas + + * PR/556: Fix separators on annotations. + +2016-06-13 19:40 Christos Zoulas + + * release 5.28 + * fix leak on allocation failure + +2016-06-01 1:20 Christos Zoulas + + * PR/555: Avoid overflow for offset > nbytes + * PR/550: Segv on DER parsing: + - use the correct variable for length + - set offset to 0 on failure. + +2016-05-13 12:00 Christos Zoulas + + * release 5.27 + +2016-04-18 9:35 Christos Zoulas + + * Errors comparing DER entries or computing offsets + are just indications of malformed non-DER files. + Don't print them. + * Offset comparison was off-by-one. + * Fix compression code (Werner Fink) + * Put new bytes constant in the right file (not the generated one) + +2016-04-16 18:34 Christos Zoulas + + * release 5.26 + +2016-03-31 13:50 Christos Zoulas + + * make the number of bytes read from files configurable. + +2016-03-21 13:40 Christos Zoulas + + * Add bounds checks for DER code (discovered by Thomas Jarosch) + * Change indirect recursion limit to indirect use count and + bump from 15 to 50 to prevent abuse. + +2016-03-13 20:39 Christos Zoulas + + * Add -00 which prints filename\0description\0 + +2016-03-01 13:28 Christos Zoulas + + * Fix ID3 indirect parsing + +2016-01-19 10:18 Christos Zoulas + + * add DER parsing capability + +2015-11-13 10:35 Christos Zoulas + + * provide dprintf(3) for the OS's that don't have it. + +2015-11-11 16:25 Christos Zoulas + + * redo the compression code report decompression errors + +2015-11-10 23:25 Christos Zoulas + + * REG_STARTEND code is not working as expected, delete it. + +2015-11-09 16:05 Christos Zoulas + + * Add zlib support if we have it. + +2015-11-05 11:22 Christos Zoulas + + * PR/492: compression forking was broken with magic_buffer. + 2015-09-16 9:50 Christos Zoulas * release 5.25 @@ -287,7 +441,7 @@ ` 2013-11-06 14:40 Christos Zoulas - * fix erroneous non-zero exit code from non-existant file and message + * fix erroneous non-zero exit code from non-existent file and message 2013-10-29 14:25 Christos Zoulas --- contrib/file/README.orig +++ contrib/file/README @@ -1,6 +1,6 @@ ## README for file(1) Command ## - @(#) $File: README,v 1.49 2015/01/02 20:23:04 christos Exp $ + @(#) $File: README,v 1.50 2016/04/16 22:40:54 christos Exp $ Mailing List: file@mx.gw.com Mailing List archives: http://mx.gw.com/pipermail/file/ @@ -67,17 +67,41 @@ COPYING - read this first. README - read this second (you are currently reading this file). INSTALL - read on how to install +src/localtime_r.c +src/magic.c +src/magic.h +src/mygetopt.h +src/newtest2.c +src/newtest3.c +src/pread.c +src/print.c +src/readcdf.c +src/readelf.c +src/readelf.h +src/regex.c +src/regex2.c +src/softmagic.c +src/strcasestr.c +src/strlcat.c +src/strlcpy.c +src/strndup.c +src/tar.h +src/teststrchr.c +src/vasprintf.c +src/x.c src/apprentice.c - parses /etc/magic to learn magic -src/asctime_r.c - replacement for OS's that don't have it. src/apptype.c - used for OS/2 specific application type magic -src/asprintf.c - replacement for OS's that don't have it. src/ascmagic.c - third & last set of tests, based on hardwired assumptions. src/asctime_r.c - replacement for OS's that don't have it. src/asprintf.c - replacement for OS's that don't have it. +src/asctime_r.c - replacement for OS's that don't have it. +src/asprintf.c - replacement for OS's that don't have it. src/cdf.[ch] - parser for Microsoft Compound Document Files src/cdf_time.c - time converter for CDF. src/compress.c - handles decompressing files to look inside. src/ctime_r.c - replacement for OS's that don't have it. +src/der.[ch] - parser for Distinguished Encoding Rules +src/dprintf.c - replacement for OS's that don't have it. src/elfclass.h - common code for elf 32/64. src/encoding.c - handles unicode encodings src/file.c - the main program @@ -88,10 +112,13 @@ src/funcs.c - utilility functions src/getline.c - replacement for OS's that don't have it. src/getopt_long.c - replacement for OS's that don't have it. -src/is_tar.c, tar.h - knows about tarchives (courtesy John Gilmore). -src/names.h - header file for ascmagic.c +src/gmtime_r.c - replacement for OS's that don't have it. +src/is_tar.c, tar.h - knows about Tape ARchive format (courtesy John Gilmore). +src/localtime_r.c - replacement for OS's that don't have it. src/magic.h.in - source file for magic.h +src/mygetopt.h - replacement for OS's that don't have it. src/magic.c - the libmagic api +src/names.h - header file for ascmagic.c src/pread.c - replacement for OS's that don't have it. src/print.c - print results, errors, warnings. src/readcdf.c - CDF wrapper. --- contrib/file/TODO.orig +++ contrib/file/TODO @@ -6,7 +6,6 @@ listed in the BUGS section of the man page had been fixed!) --- - It would be nice to simplify file considerably. For example, reimplement the apprentice and non-pattern magic methods in Python, and compile the magic patterns to a giant regex (or something similar; @@ -15,8 +14,23 @@ required for soft magic, not the more detailed information given by hard-wired routines). In this regard, note that hplip, which is BSD-licensed, has a magic reimplementation in Python. - +--- Read the kerberos magic entry for more ideas. - +--- Write a string merger to make magic entry sizes dynamic. Strings will be converted to offsets from the string table. +--- +Programming language support, we can introduce the concept of a group +of rules where n rules need to match before the rule is positive. This +could require structural changes to the matching code :-( + +0 group 2 # require 2 matches +# rule 1 +>0 .... +... +# rule 2 +>0 .... +... + +christos + --- contrib/file/aclocal.m4.orig +++ contrib/file/aclocal.m4 @@ -21,7 +21,7 @@ To do so, use the procedure documented by the package, typically 'autoreconf'.])]) # visibility.m4 serial 5 (gettext-0.18.2) -dnl Copyright (C) 2005, 2008, 2010-2014 Free Software Foundation, Inc. +dnl Copyright (C) 2005, 2008, 2010-2016 Free Software Foundation, Inc. dnl This file is free software; the Free Software Foundation dnl gives unlimited permission to copy and/or distribute it, dnl with or without modifications, as long as this notice is preserved. --- contrib/file/config.guess.orig +++ contrib/file/config.guess @@ -1,14 +1,12 @@ #! /bin/sh # Attempt to guess a canonical system name. -# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, -# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, -# 2011, 2012 Free Software Foundation, Inc. +# Copyright 1992-2017 Free Software Foundation, Inc. -timestamp='2012-02-10' +timestamp='2017-01-01' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or +# the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, but @@ -22,20 +20,18 @@ # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under -# the same distribution terms that you use for the rest of that program. - - -# Originally written by Per Bothner. Please send patches (context -# diff format) to and include a ChangeLog -# entry. +# the same distribution terms that you use for the rest of that +# program. This Exception is an additional permission under section 7 +# of the GNU General Public License, version 3 ("GPLv3"). # -# This script attempts to guess a canonical system name similar to -# config.sub. If it succeeds, it prints the system name on stdout, and -# exits with 0. Otherwise, it exits with 1. +# Originally written by Per Bothner; maintained since 2000 by Ben Elliston. # # You can get the latest version of this script from: -# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD +# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess +# +# Please send patches to . + me=`echo "$0" | sed -e 's,.*/,,'` usage="\ @@ -54,9 +50,7 @@ GNU config.guess ($timestamp) Originally written by Per Bothner. -Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, -2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012 -Free Software Foundation, Inc. +Copyright 1992-2017 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -138,6 +132,27 @@ UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown +case "${UNAME_SYSTEM}" in +Linux|GNU|GNU/*) + # If the system lacks a compiler, then just pick glibc. + # We could probably try harder. + LIBC=gnu + + eval $set_cc_for_build + cat <<-EOF > $dummy.c + #include + #if defined(__UCLIBC__) + LIBC=uclibc + #elif defined(__dietlibc__) + LIBC=dietlibc + #else + LIBC=gnu + #endif + EOF + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC' | sed 's, ,,g'` + ;; +esac + # Note: order is significant - the case branches are not exclusive. case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in @@ -153,8 +168,10 @@ # Note: NetBSD doesn't particularly care about the vendor # portion of the name. We always set it to "unknown". sysctl="sysctl -n hw.machine_arch" - UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \ - /usr/sbin/$sysctl 2>/dev/null || echo unknown)` + UNAME_MACHINE_ARCH=`(uname -p 2>/dev/null || \ + /sbin/$sysctl 2>/dev/null || \ + /usr/sbin/$sysctl 2>/dev/null || \ + echo unknown)` case "${UNAME_MACHINE_ARCH}" in armeb) machine=armeb-unknown ;; arm*) machine=arm-unknown ;; @@ -161,11 +178,19 @@ sh3el) machine=shl-unknown ;; sh3eb) machine=sh-unknown ;; sh5el) machine=sh5le-unknown ;; + earmv*) + arch=`echo ${UNAME_MACHINE_ARCH} | sed -e 's,^e\(armv[0-9]\).*$,\1,'` + endian=`echo ${UNAME_MACHINE_ARCH} | sed -ne 's,^.*\(eb\)$,\1,p'` + machine=${arch}${endian}-unknown + ;; *) machine=${UNAME_MACHINE_ARCH}-unknown ;; esac # The Operating System including object format, if it has switched - # to ELF recently, or will in the future. + # to ELF recently (or will in the future) and ABI. case "${UNAME_MACHINE_ARCH}" in + earm*) + os=netbsdelf + ;; arm*|i386|m68k|ns32k|sh3*|sparc|vax) eval $set_cc_for_build if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \ @@ -182,6 +207,13 @@ os=netbsd ;; esac + # Determine ABI tags. + case "${UNAME_MACHINE_ARCH}" in + earm*) + expr='s/^earmv[0-9]/-eabi/;s/eb$//' + abi=`echo ${UNAME_MACHINE_ARCH} | sed -e "$expr"` + ;; + esac # The OS release # Debian GNU/NetBSD machines have a different userland, and # thus, need a distinct triplet. However, they do not need @@ -192,18 +224,26 @@ release='-gnu' ;; *) - release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'` + release=`echo ${UNAME_RELEASE} | sed -e 's/[-_].*//' | cut -d. -f1,2` ;; esac # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM: # contains redundant information, the shorter form: # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. - echo "${machine}-${os}${release}" + echo "${machine}-${os}${release}${abi}" exit ;; + *:Bitrig:*:*) + UNAME_MACHINE_ARCH=`arch | sed 's/Bitrig.//'` + echo ${UNAME_MACHINE_ARCH}-unknown-bitrig${UNAME_RELEASE} + exit ;; *:OpenBSD:*:*) UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'` echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE} exit ;; + *:LibertyBSD:*:*) + UNAME_MACHINE_ARCH=`arch | sed 's/^.*BSD\.//'` + echo ${UNAME_MACHINE_ARCH}-unknown-libertybsd${UNAME_RELEASE} + exit ;; *:ekkoBSD:*:*) echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE} exit ;; @@ -216,6 +256,9 @@ *:MirBSD:*:*) echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE} exit ;; + *:Sortix:*:*) + echo ${UNAME_MACHINE}-unknown-sortix + exit ;; alpha:OSF1:*:*) case $UNAME_RELEASE in *4.0) @@ -232,35 +275,35 @@ ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1` case "$ALPHA_CPU_TYPE" in "EV4 (21064)") - UNAME_MACHINE="alpha" ;; + UNAME_MACHINE=alpha ;; "EV4.5 (21064)") - UNAME_MACHINE="alpha" ;; + UNAME_MACHINE=alpha ;; "LCA4 (21066/21068)") - UNAME_MACHINE="alpha" ;; + UNAME_MACHINE=alpha ;; "EV5 (21164)") - UNAME_MACHINE="alphaev5" ;; + UNAME_MACHINE=alphaev5 ;; "EV5.6 (21164A)") - UNAME_MACHINE="alphaev56" ;; + UNAME_MACHINE=alphaev56 ;; "EV5.6 (21164PC)") - UNAME_MACHINE="alphapca56" ;; + UNAME_MACHINE=alphapca56 ;; "EV5.7 (21164PC)") - UNAME_MACHINE="alphapca57" ;; + UNAME_MACHINE=alphapca57 ;; "EV6 (21264)") - UNAME_MACHINE="alphaev6" ;; + UNAME_MACHINE=alphaev6 ;; "EV6.7 (21264A)") - UNAME_MACHINE="alphaev67" ;; + UNAME_MACHINE=alphaev67 ;; "EV6.8CB (21264C)") - UNAME_MACHINE="alphaev68" ;; + UNAME_MACHINE=alphaev68 ;; "EV6.8AL (21264B)") - UNAME_MACHINE="alphaev68" ;; + UNAME_MACHINE=alphaev68 ;; "EV6.8CX (21264D)") - UNAME_MACHINE="alphaev68" ;; + UNAME_MACHINE=alphaev68 ;; "EV6.9A (21264/EV69A)") - UNAME_MACHINE="alphaev69" ;; + UNAME_MACHINE=alphaev69 ;; "EV7 (21364)") - UNAME_MACHINE="alphaev7" ;; + UNAME_MACHINE=alphaev7 ;; "EV7.9 (21364A)") - UNAME_MACHINE="alphaev79" ;; + UNAME_MACHINE=alphaev79 ;; esac # A Pn.n version is a patched version. # A Vn.n version is a released version. @@ -267,7 +310,7 @@ # A Tn.n version is a released field test version. # A Xn.n version is an unreleased experimental baselevel. # 1.2 uses "1.2" for uname -r. - echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` + echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz` # Reset EXIT trap before exiting to avoid spurious non-zero exit code. exitcode=$? trap '' 0 @@ -302,7 +345,7 @@ arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) echo arm-acorn-riscix${UNAME_RELEASE} exit ;; - arm:riscos:*:*|arm:RISCOS:*:*) + arm*:riscos:*:*|arm*:RISCOS:*:*) echo arm-unknown-riscos exit ;; SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*) @@ -340,16 +383,16 @@ exit ;; i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*) eval $set_cc_for_build - SUN_ARCH="i386" + SUN_ARCH=i386 # If there is a compiler, see if it is configured for 64-bit objects. # Note that the Sun cc does not turn __LP64__ into 1 like gcc does. # This test works for both compilers. - if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then + if [ "$CC_FOR_BUILD" != no_compiler_found ]; then if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \ - (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ + (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \ grep IS_64BIT_ARCH >/dev/null then - SUN_ARCH="x86_64" + SUN_ARCH=x86_64 fi fi echo ${SUN_ARCH}-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` @@ -374,7 +417,7 @@ exit ;; sun*:*:4.2BSD:*) UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null` - test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3 + test "x${UNAME_RELEASE}" = x && UNAME_RELEASE=3 case "`/bin/arch`" in sun3) echo m68k-sun-sunos${UNAME_RELEASE} @@ -560,8 +603,9 @@ else IBM_ARCH=powerpc fi - if [ -x /usr/bin/oslevel ] ; then - IBM_REV=`/usr/bin/oslevel` + if [ -x /usr/bin/lslpp ] ; then + IBM_REV=`/usr/bin/lslpp -Lqc bos.rte.libc | + awk -F: '{ print $3 }' | sed s/[0-9]*$/0/` else IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} fi @@ -598,13 +642,13 @@ sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null` sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` case "${sc_cpu_version}" in - 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0 - 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1 + 523) HP_ARCH=hppa1.0 ;; # CPU_PA_RISC1_0 + 528) HP_ARCH=hppa1.1 ;; # CPU_PA_RISC1_1 532) # CPU_PA_RISC2_0 case "${sc_kernel_bits}" in - 32) HP_ARCH="hppa2.0n" ;; - 64) HP_ARCH="hppa2.0w" ;; - '') HP_ARCH="hppa2.0" ;; # HP-UX 10.20 + 32) HP_ARCH=hppa2.0n ;; + 64) HP_ARCH=hppa2.0w ;; + '') HP_ARCH=hppa2.0 ;; # HP-UX 10.20 esac ;; esac fi @@ -643,11 +687,11 @@ exit (0); } EOF - (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy` + (CCOPTS="" $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy` test -z "$HP_ARCH" && HP_ARCH=hppa fi ;; esac - if [ ${HP_ARCH} = "hppa2.0w" ] + if [ ${HP_ARCH} = hppa2.0w ] then eval $set_cc_for_build @@ -660,12 +704,12 @@ # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess # => hppa64-hp-hpux11.23 - if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | + if echo __LP64__ | (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | grep -q __LP64__ then - HP_ARCH="hppa2.0w" + HP_ARCH=hppa2.0w else - HP_ARCH="hppa64" + HP_ARCH=hppa64 fi fi echo ${HP_ARCH}-hp-hpux${HPUX_REV} @@ -770,14 +814,14 @@ echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit ;; F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) - FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` - FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` + FUJITSU_PROC=`uname -m | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz` + FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'` FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" exit ;; 5000:UNIX_System_V:4.*:*) - FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` - FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'` + FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'` + FUJITSU_REL=`echo ${UNAME_RELEASE} | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/ /_/'` echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" exit ;; i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) @@ -801,10 +845,13 @@ i*:CYGWIN*:*) echo ${UNAME_MACHINE}-pc-cygwin exit ;; + *:MINGW64*:*) + echo ${UNAME_MACHINE}-pc-mingw64 + exit ;; *:MINGW*:*) echo ${UNAME_MACHINE}-pc-mingw32 exit ;; - i*:MSYS*:*) + *:MSYS*:*) echo ${UNAME_MACHINE}-pc-msys exit ;; i*:windows32*:*) @@ -852,21 +899,21 @@ exit ;; *:GNU:*:*) # the GNU system - echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` + echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-${LIBC}`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` exit ;; *:GNU/*:*:*) # other systems with GNU libc and userland - echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-gnu + echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr "[:upper:]" "[:lower:]"``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-${LIBC} exit ;; i*86:Minix:*:*) echo ${UNAME_MACHINE}-pc-minix exit ;; aarch64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; aarch64_be:Linux:*:*) UNAME_MACHINE=aarch64_be - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; alpha:Linux:*:*) case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in @@ -879,59 +926,60 @@ EV68*) UNAME_MACHINE=alphaev68 ;; esac objdump --private-headers /bin/sh | grep -q ld.so.1 - if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi - echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} + if test "$?" = 0 ; then LIBC=gnulibc1 ; fi + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; + arc:Linux:*:* | arceb:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; arm*:Linux:*:*) eval $set_cc_for_build if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ARM_EABI__ then - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} else if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ARM_PCS_VFP then - echo ${UNAME_MACHINE}-unknown-linux-gnueabi + echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabi else - echo ${UNAME_MACHINE}-unknown-linux-gnueabihf + echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabihf fi fi exit ;; avr32*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; cris:Linux:*:*) - echo ${UNAME_MACHINE}-axis-linux-gnu + echo ${UNAME_MACHINE}-axis-linux-${LIBC} exit ;; crisv32:Linux:*:*) - echo ${UNAME_MACHINE}-axis-linux-gnu + echo ${UNAME_MACHINE}-axis-linux-${LIBC} exit ;; + e2k:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; frv:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; hexagon:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; i*86:Linux:*:*) - LIBC=gnu - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c - #ifdef __dietlibc__ - LIBC=dietlibc - #endif -EOF - eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC'` - echo "${UNAME_MACHINE}-pc-linux-${LIBC}" + echo ${UNAME_MACHINE}-pc-linux-${LIBC} exit ;; ia64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; + k1om:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; m32r*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; m68*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; mips:Linux:*:* | mips64:Linux:*:*) eval $set_cc_for_build @@ -950,54 +998,69 @@ #endif EOF eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'` - test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } + test x"${CPU}" != x && { echo "${CPU}-unknown-linux-${LIBC}"; exit; } ;; - or32:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + mips64el:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; + openrisc*:Linux:*:*) + echo or1k-unknown-linux-${LIBC} + exit ;; + or32:Linux:*:* | or1k*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; padre:Linux:*:*) - echo sparc-unknown-linux-gnu + echo sparc-unknown-linux-${LIBC} exit ;; parisc64:Linux:*:* | hppa64:Linux:*:*) - echo hppa64-unknown-linux-gnu + echo hppa64-unknown-linux-${LIBC} exit ;; parisc:Linux:*:* | hppa:Linux:*:*) # Look for CPU level case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in - PA7*) echo hppa1.1-unknown-linux-gnu ;; - PA8*) echo hppa2.0-unknown-linux-gnu ;; - *) echo hppa-unknown-linux-gnu ;; + PA7*) echo hppa1.1-unknown-linux-${LIBC} ;; + PA8*) echo hppa2.0-unknown-linux-${LIBC} ;; + *) echo hppa-unknown-linux-${LIBC} ;; esac exit ;; ppc64:Linux:*:*) - echo powerpc64-unknown-linux-gnu + echo powerpc64-unknown-linux-${LIBC} exit ;; ppc:Linux:*:*) - echo powerpc-unknown-linux-gnu + echo powerpc-unknown-linux-${LIBC} exit ;; + ppc64le:Linux:*:*) + echo powerpc64le-unknown-linux-${LIBC} + exit ;; + ppcle:Linux:*:*) + echo powerpcle-unknown-linux-${LIBC} + exit ;; + riscv32:Linux:*:* | riscv64:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; s390:Linux:*:* | s390x:Linux:*:*) - echo ${UNAME_MACHINE}-ibm-linux + echo ${UNAME_MACHINE}-ibm-linux-${LIBC} exit ;; sh64*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; sh*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; sparc:Linux:*:* | sparc64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; tile*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; vax:Linux:*:*) - echo ${UNAME_MACHINE}-dec-linux-gnu + echo ${UNAME_MACHINE}-dec-linux-${LIBC} exit ;; x86_64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-pc-linux-${LIBC} exit ;; xtensa*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; i*86:DYNIX/ptx:4*:*) # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. @@ -1073,7 +1136,7 @@ # uname -m prints for DJGPP always 'pc', but it prints nothing about # the processor, so we play safe by assuming i586. # Note: whatever this is, it MUST be the same as what config.sub - # prints for the "djgpp" host, or else GDB configury will decide that + # prints for the "djgpp" host, or else GDB configure will decide that # this is a cross-build. echo i586-pc-msdosdjgpp exit ;; @@ -1201,6 +1264,9 @@ BePC:Haiku:*:*) # Haiku running on Intel PC compatible. echo i586-pc-haiku exit ;; + x86_64:Haiku:*:*) + echo x86_64-unknown-haiku + exit ;; SX-4:SUPER-UX:*:*) echo sx4-nec-superux${UNAME_RELEASE} exit ;; @@ -1219,6 +1285,9 @@ SX-8R:SUPER-UX:*:*) echo sx8r-nec-superux${UNAME_RELEASE} exit ;; + SX-ACE:SUPER-UX:*:*) + echo sxace-nec-superux${UNAME_RELEASE} + exit ;; Power*:Rhapsody:*:*) echo powerpc-apple-rhapsody${UNAME_RELEASE} exit ;; @@ -1227,24 +1296,36 @@ exit ;; *:Darwin:*:*) UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown - case $UNAME_PROCESSOR in - i386) - eval $set_cc_for_build - if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then - if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ - (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ - grep IS_64BIT_ARCH >/dev/null - then - UNAME_PROCESSOR="x86_64" - fi - fi ;; - unknown) UNAME_PROCESSOR=powerpc ;; - esac + eval $set_cc_for_build + if test "$UNAME_PROCESSOR" = unknown ; then + UNAME_PROCESSOR=powerpc + fi + if test `echo "$UNAME_RELEASE" | sed -e 's/\..*//'` -le 10 ; then + if [ "$CC_FOR_BUILD" != no_compiler_found ]; then + if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ + (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \ + grep IS_64BIT_ARCH >/dev/null + then + case $UNAME_PROCESSOR in + i386) UNAME_PROCESSOR=x86_64 ;; + powerpc) UNAME_PROCESSOR=powerpc64 ;; + esac + fi + fi + elif test "$UNAME_PROCESSOR" = i386 ; then + # Avoid executing cc on OS X 10.9, as it ships with a stub + # that puts up a graphical alert prompting to install + # developer tools. Any system running Mac OS X 10.7 or + # later (Darwin 11 and later) is required to have a 64-bit + # processor. This is not true of the ARM version of Darwin + # that Apple uses in portable devices. + UNAME_PROCESSOR=x86_64 + fi echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE} exit ;; *:procnto*:*:* | *:QNX:[0123456789]*:*) UNAME_PROCESSOR=`uname -p` - if test "$UNAME_PROCESSOR" = "x86"; then + if test "$UNAME_PROCESSOR" = x86; then UNAME_PROCESSOR=i386 UNAME_MACHINE=pc fi @@ -1256,7 +1337,7 @@ NEO-?:NONSTOP_KERNEL:*:*) echo neo-tandem-nsk${UNAME_RELEASE} exit ;; - NSE-?:NONSTOP_KERNEL:*:*) + NSE-*:NONSTOP_KERNEL:*:*) echo nse-tandem-nsk${UNAME_RELEASE} exit ;; NSR-?:NONSTOP_KERNEL:*:*) @@ -1275,7 +1356,7 @@ # "uname -m" is not consistent, so use $cputype instead. 386 # is converted to i386 for consistency with other x86 # operating systems. - if test "$cputype" = "386"; then + if test "$cputype" = 386; then UNAME_MACHINE=i386 else UNAME_MACHINE="$cputype" @@ -1317,7 +1398,7 @@ echo i386-pc-xenix exit ;; i*86:skyos:*:*) - echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//' + echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE} | sed -e 's/ .*$//'` exit ;; i*86:rdos:*:*) echo ${UNAME_MACHINE}-pc-rdos @@ -1328,174 +1409,25 @@ x86_64:VMkernel:*:*) echo ${UNAME_MACHINE}-unknown-esx exit ;; + amd64:Isilon\ OneFS:*:*) + echo x86_64-unknown-onefs + exit ;; esac -#echo '(No uname command or uname output not recognized.)' 1>&2 -#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2 - -eval $set_cc_for_build -cat >$dummy.c < -# include -#endif -main () -{ -#if defined (sony) -#if defined (MIPSEB) - /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed, - I don't know.... */ - printf ("mips-sony-bsd\n"); exit (0); -#else -#include - printf ("m68k-sony-newsos%s\n", -#ifdef NEWSOS4 - "4" -#else - "" -#endif - ); exit (0); -#endif -#endif - -#if defined (__arm) && defined (__acorn) && defined (__unix) - printf ("arm-acorn-riscix\n"); exit (0); -#endif - -#if defined (hp300) && !defined (hpux) - printf ("m68k-hp-bsd\n"); exit (0); -#endif - -#if defined (NeXT) -#if !defined (__ARCHITECTURE__) -#define __ARCHITECTURE__ "m68k" -#endif - int version; - version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`; - if (version < 4) - printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version); - else - printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version); - exit (0); -#endif - -#if defined (MULTIMAX) || defined (n16) -#if defined (UMAXV) - printf ("ns32k-encore-sysv\n"); exit (0); -#else -#if defined (CMU) - printf ("ns32k-encore-mach\n"); exit (0); -#else - printf ("ns32k-encore-bsd\n"); exit (0); -#endif -#endif -#endif - -#if defined (__386BSD__) - printf ("i386-pc-bsd\n"); exit (0); -#endif - -#if defined (sequent) -#if defined (i386) - printf ("i386-sequent-dynix\n"); exit (0); -#endif -#if defined (ns32000) - printf ("ns32k-sequent-dynix\n"); exit (0); -#endif -#endif - -#if defined (_SEQUENT_) - struct utsname un; - - uname(&un); - - if (strncmp(un.version, "V2", 2) == 0) { - printf ("i386-sequent-ptx2\n"); exit (0); - } - if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */ - printf ("i386-sequent-ptx1\n"); exit (0); - } - printf ("i386-sequent-ptx\n"); exit (0); - -#endif - -#if defined (vax) -# if !defined (ultrix) -# include -# if defined (BSD) -# if BSD == 43 - printf ("vax-dec-bsd4.3\n"); exit (0); -# else -# if BSD == 199006 - printf ("vax-dec-bsd4.3reno\n"); exit (0); -# else - printf ("vax-dec-bsd\n"); exit (0); -# endif -# endif -# else - printf ("vax-dec-bsd\n"); exit (0); -# endif -# else - printf ("vax-dec-ultrix\n"); exit (0); -# endif -#endif - -#if defined (alliant) && defined (i860) - printf ("i860-alliant-bsd\n"); exit (0); -#endif - - exit (1); -} -EOF - -$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` && - { echo "$SYSTEM_NAME"; exit; } - -# Apollos put the system type in the environment. - -test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; } - -# Convex versions that predate uname can use getsysinfo(1) - -if [ -x /usr/convex/getsysinfo ] -then - case `getsysinfo -f cpu_type` in - c1*) - echo c1-convex-bsd - exit ;; - c2*) - if getsysinfo -f scalar_acc - then echo c32-convex-bsd - else echo c2-convex-bsd - fi - exit ;; - c34*) - echo c34-convex-bsd - exit ;; - c38*) - echo c38-convex-bsd - exit ;; - c4*) - echo c4-convex-bsd - exit ;; - esac -fi - cat >&2 < in order to provide the needed -information to handle your system. +If $0 has already been updated, send the following data and any +information you think might be pertinent to config-patches@gnu.org to +provide the necessary information to handle your system. config.guess timestamp = $timestamp --- contrib/file/config.h.in.orig +++ contrib/file/config.h.in @@ -32,6 +32,9 @@ /* Define to 1 if you have the header file. */ #undef HAVE_DLFCN_H +/* Define to 1 if you have the `dprintf' function. */ +#undef HAVE_DPRINTF + /* Define to 1 if you have the header file. */ #undef HAVE_ERR_H @@ -325,6 +328,9 @@ # endif #endif +/* Enable zlib compression support */ +#undef ZLIBSUPPORT + /* Enable large inode numbers on Mac OS X 10.5. */ #ifndef _DARWIN_USE_64_BIT_INODE # define _DARWIN_USE_64_BIT_INODE 1 --- contrib/file/config.sub.orig +++ contrib/file/config.sub @@ -1,24 +1,18 @@ #! /bin/sh # Configuration validation subroutine script. -# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, -# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, -# 2011, 2012 Free Software Foundation, Inc. +# Copyright 1992-2017 Free Software Foundation, Inc. -timestamp='2012-04-18' +timestamp='2017-01-01' -# This file is (in principle) common to ALL GNU software. -# The presence of a machine in this file suggests that SOME GNU software -# can handle that machine. It does not imply ALL GNU software can. -# -# This file is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or +# This file is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. # -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, see . @@ -26,11 +20,12 @@ # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under -# the same distribution terms that you use for the rest of that program. +# the same distribution terms that you use for the rest of that +# program. This Exception is an additional permission under section 7 +# of the GNU General Public License, version 3 ("GPLv3"). -# Please send patches to . Submit a context -# diff and a properly formatted GNU ChangeLog entry. +# Please send patches to . # # Configuration subroutine to validate and canonicalize a configuration type. # Supply the specified configuration type as an argument. @@ -38,7 +33,7 @@ # Otherwise, we print the canonical config type on stdout and succeed. # You can get the latest version of this script from: -# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD +# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub # This file is supposed to be the same for all GNU packages # and recognize all the CPU types, system types and aliases @@ -58,8 +53,7 @@ me=`echo "$0" | sed -e 's,.*/,,'` usage="\ -Usage: $0 [OPTION] CPU-MFR-OPSYS - $0 [OPTION] ALIAS +Usage: $0 [OPTION] CPU-MFR-OPSYS or ALIAS Canonicalize a configuration name. @@ -73,9 +67,7 @@ version="\ GNU config.sub ($timestamp) -Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, -2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012 -Free Software Foundation, Inc. +Copyright 1992-2017 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -123,9 +115,9 @@ maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` case $maybe_os in nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \ - linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \ - knetbsd*-gnu* | netbsd*-gnu* | \ - kopensolaris*-gnu* | \ + linux-musl* | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \ + knetbsd*-gnu* | netbsd*-gnu* | netbsd*-eabi* | \ + kopensolaris*-gnu* | cloudabi*-eabi* | \ storm-chaos* | os2-emx* | rtmk-nova*) os=-$maybe_os basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` @@ -156,7 +148,7 @@ -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ - -apple | -axis | -knuth | -cray | -microblaze) + -apple | -axis | -knuth | -cray | -microblaze*) os= basic_machine=$1 ;; @@ -259,21 +251,25 @@ | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ | am33_2.0 \ - | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \ - | be32 | be64 \ + | arc | arceb \ + | arm | arm[bl]e | arme[lb] | armv[2-8] | armv[3-8][lb] | armv7[arm] \ + | avr | avr32 \ + | ba \ + | be32 | be64 \ | bfin \ - | c4x | clipper \ + | c4x | c8051 | clipper \ | d10v | d30v | dlx | dsp16xx \ - | epiphany \ - | fido | fr30 | frv \ + | e2k | epiphany \ + | fido | fr30 | frv | ft32 \ | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ | hexagon \ | i370 | i860 | i960 | ia64 \ | ip2k | iq2000 \ + | k1om \ | le32 | le64 \ | lm32 \ | m32c | m32r | m32rle | m68000 | m68k | m88k \ - | maxq | mb | microblaze | mcore | mep | metag \ + | maxq | mb | microblaze | microblazeel | mcore | mep | metag \ | mips | mipsbe | mipseb | mipsel | mipsle \ | mips16 \ | mips64 | mips64el \ @@ -287,10 +283,13 @@ | mips64vr5900 | mips64vr5900el \ | mipsisa32 | mipsisa32el \ | mipsisa32r2 | mipsisa32r2el \ + | mipsisa32r6 | mipsisa32r6el \ | mipsisa64 | mipsisa64el \ | mipsisa64r2 | mipsisa64r2el \ + | mipsisa64r6 | mipsisa64r6el \ | mipsisa64sb1 | mipsisa64sb1el \ | mipsisa64sr71k | mipsisa64sr71kel \ + | mipsr5900 | mipsr5900el \ | mipstx39 | mipstx39el \ | mn10200 | mn10300 \ | moxie \ @@ -297,16 +296,17 @@ | mt \ | msp430 \ | nds32 | nds32le | nds32be \ - | nios | nios2 \ + | nios | nios2 | nios2eb | nios2el \ | ns16k | ns32k \ - | open8 \ - | or32 \ + | open8 | or1k | or1knd | or32 \ | pdp10 | pdp11 | pj | pjl \ | powerpc | powerpc64 | powerpc64le | powerpcle \ + | pru \ | pyramid \ + | riscv32 | riscv64 \ | rl78 | rx \ | score \ - | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ + | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[234]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ | sh64 | sh64le \ | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \ | sparcv8 | sparcv9 | sparcv9b | sparcv9v \ @@ -314,6 +314,7 @@ | tahoe | tic4x | tic54x | tic55x | tic6x | tic80 | tron \ | ubicom32 \ | v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \ + | visium \ | we32k \ | x86 | xc16x | xstormy16 | xtensa \ | z8k | z80) @@ -328,7 +329,10 @@ c6x) basic_machine=tic6x-unknown ;; - m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | picochip) + leon|leon[3-9]) + basic_machine=sparc-$basic_machine + ;; + m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | nvptx | picochip) basic_machine=$basic_machine-unknown os=-none ;; @@ -370,15 +374,16 @@ | aarch64-* | aarch64_be-* \ | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \ | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ - | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \ + | alphapca5[67]-* | alpha64pca5[67]-* | arc-* | arceb-* \ | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ | avr-* | avr32-* \ + | ba-* \ | be32-* | be64-* \ | bfin-* | bs2000-* \ | c[123]* | c30-* | [cjt]90-* | c4x-* \ - | clipper-* | craynv-* | cydra-* \ + | c8051-* | clipper-* | craynv-* | cydra-* \ | d10v-* | d30v-* | dlx-* \ - | elxsi-* \ + | e2k-* | elxsi-* \ | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \ | h8300-* | h8500-* \ | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ @@ -385,11 +390,13 @@ | hexagon-* \ | i*86-* | i860-* | i960-* | ia64-* \ | ip2k-* | iq2000-* \ + | k1om-* \ | le32-* | le64-* \ | lm32-* \ | m32c-* | m32r-* | m32rle-* \ | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ - | m88110-* | m88k-* | maxq-* | mcore-* | metag-* | microblaze-* \ + | m88110-* | m88k-* | maxq-* | mcore-* | metag-* \ + | microblaze-* | microblazeel-* \ | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ | mips16-* \ | mips64-* | mips64el-* \ @@ -403,28 +410,34 @@ | mips64vr5900-* | mips64vr5900el-* \ | mipsisa32-* | mipsisa32el-* \ | mipsisa32r2-* | mipsisa32r2el-* \ + | mipsisa32r6-* | mipsisa32r6el-* \ | mipsisa64-* | mipsisa64el-* \ | mipsisa64r2-* | mipsisa64r2el-* \ + | mipsisa64r6-* | mipsisa64r6el-* \ | mipsisa64sb1-* | mipsisa64sb1el-* \ | mipsisa64sr71k-* | mipsisa64sr71kel-* \ + | mipsr5900-* | mipsr5900el-* \ | mipstx39-* | mipstx39el-* \ | mmix-* \ | mt-* \ | msp430-* \ | nds32-* | nds32le-* | nds32be-* \ - | nios-* | nios2-* \ + | nios-* | nios2-* | nios2eb-* | nios2el-* \ | none-* | np1-* | ns16k-* | ns32k-* \ | open8-* \ + | or1k*-* \ | orion-* \ | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \ + | pru-* \ | pyramid-* \ + | riscv32-* | riscv64-* \ | rl78-* | romp-* | rs6000-* | rx-* \ | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \ | sparclite-* \ - | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx?-* \ + | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx*-* \ | tahoe-* \ | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ | tile*-* \ @@ -432,6 +445,7 @@ | ubicom32-* \ | v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \ | vax-* \ + | visium-* \ | we32k-* \ | x86-* | x86_64-* | xc16x-* | xps100-* \ | xstormy16-* | xtensa*-* \ @@ -508,6 +522,9 @@ basic_machine=i386-pc os=-aros ;; + asmjs) + basic_machine=asmjs-unknown + ;; aux) basic_machine=m68k-apple os=-aux @@ -628,6 +645,14 @@ basic_machine=m68k-bull os=-sysv3 ;; + e500v[12]) + basic_machine=powerpc-unknown + os=$os"spe" + ;; + e500v[12]-*) + basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` + os=$os"spe" + ;; ebmon29k) basic_machine=a29k-amd os=-ebmon @@ -769,6 +794,9 @@ basic_machine=m68k-isi os=-sysv ;; + leon-*|leon[3-9]-*) + basic_machine=sparc-`echo $basic_machine | sed 's/-.*//'` + ;; m68knommu) basic_machine=m68k-unknown os=-linux @@ -788,11 +816,15 @@ basic_machine=ns32k-utek os=-sysv ;; - microblaze) + microblaze*) basic_machine=microblaze-xilinx ;; + mingw64) + basic_machine=x86_64-pc + os=-mingw64 + ;; mingw32) - basic_machine=i386-pc + basic_machine=i686-pc os=-mingw32 ;; mingw32ce) @@ -820,6 +852,10 @@ basic_machine=powerpc-unknown os=-morphos ;; + moxiebox) + basic_machine=moxie-unknown + os=-moxiebox + ;; msdos) basic_machine=i386-pc os=-msdos @@ -828,7 +864,7 @@ basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'` ;; msys) - basic_machine=i386-pc + basic_machine=i686-pc os=-msys ;; mvs) @@ -996,7 +1032,7 @@ ppc-* | ppcbe-*) basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` ;; - ppcle | powerpclittle | ppc-le | powerpc-little) + ppcle | powerpclittle) basic_machine=powerpcle-unknown ;; ppcle-* | powerpclittle-*) @@ -1006,7 +1042,7 @@ ;; ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'` ;; - ppc64le | powerpc64little | ppc64-le | powerpc64-little) + ppc64le | powerpc64little) basic_machine=powerpc64le-unknown ;; ppc64le-* | powerpc64little-*) @@ -1019,7 +1055,11 @@ basic_machine=i586-unknown os=-pw32 ;; - rdos) + rdos | rdos64) + basic_machine=x86_64-pc + os=-rdos + ;; + rdos32) basic_machine=i386-pc os=-rdos ;; @@ -1346,22 +1386,22 @@ -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\ | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \ - | -sym* | -kopensolaris* \ + | -sym* | -kopensolaris* | -plan9* \ | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ - | -aos* | -aros* \ + | -aos* | -aros* | -cloudabi* | -sortix* \ | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \ - | -openbsd* | -solidbsd* \ + | -bitrig* | -openbsd* | -solidbsd* | -libertybsd* \ | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \ | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ - | -chorusos* | -chorusrdb* | -cegcc* \ + | -chorusos* | -chorusrdb* | -cegcc* | -glidix* \ | -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ - | -mingw32* | -linux-gnu* | -linux-android* \ - | -linux-newlib* | -linux-uclibc* \ - | -uxpv* | -beos* | -mpeix* | -udk* \ + | -midipix* | -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \ + | -linux-newlib* | -linux-musl* | -linux-uclibc* \ + | -uxpv* | -beos* | -mpeix* | -udk* | -moxiebox* \ | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \ @@ -1368,7 +1408,8 @@ | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \ - | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es*) + | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es* \ + | -onefs* | -tirtos* | -phoenix* | -fuchsia* | -redox*) # Remember, each alternative MUST END IN *, to match a version number. ;; -qnx*) @@ -1492,9 +1533,6 @@ -aros*) os=-aros ;; - -kaos*) - os=-kaos - ;; -zvmoe) os=-zvmoe ;; @@ -1503,6 +1541,8 @@ ;; -nacl*) ;; + -ios) + ;; -none) ;; *) @@ -1543,6 +1583,12 @@ c4x-* | tic4x-*) os=-coff ;; + c8051-*) + os=-elf + ;; + hexagon-*) + os=-elf + ;; tic54x-*) os=-coff ;; @@ -1592,6 +1638,9 @@ sparc-* | *-sun) os=-sunos4.1.1 ;; + pru-*) + os=-elf + ;; *-be) os=-beos ;; --- contrib/file/configure.orig +++ contrib/file/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for file 5.25. +# Generated by GNU Autoconf 2.69 for file 5.32. # # Report bugs to . # @@ -590,8 +590,8 @@ # Identity of this package. PACKAGE_NAME='file' PACKAGE_TARNAME='file' -PACKAGE_VERSION='5.25' -PACKAGE_STRING='file 5.25' +PACKAGE_VERSION='5.32' +PACKAGE_STRING='file 5.32' PACKAGE_BUGREPORT='christos@astron.com' PACKAGE_URL='' @@ -766,6 +766,7 @@ enable_silent_rules enable_elf enable_elf_core +enable_zlib enable_fsect_man5 enable_dependency_tracking enable_static @@ -1327,7 +1328,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures file 5.25 to adapt to many kinds of systems. +\`configure' configures file 5.32 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1397,7 +1398,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of file 5.25:";; + short | recursive ) echo "Configuration of file 5.32:";; esac cat <<\_ACEOF @@ -1409,6 +1410,7 @@ --disable-silent-rules verbose build output (undo: "make V=0") --disable-elf disable builtin ELF support --disable-elf-core disable ELF core file support + --disable-zlib disable zlib compression support [default=auto] --enable-fsect-man5 enable file formats in man section 5 --enable-dependency-tracking do not reject slow dependency extractors @@ -1507,7 +1509,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -file configure 5.25 +file configure 5.32 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2163,7 +2165,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by file $as_me 5.25, which was +It was created by file $as_me 5.32, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -3029,7 +3031,7 @@ # Define the identity of the package. PACKAGE='file' - VERSION='5.25' + VERSION='5.32' cat >>confdefs.h <<_ACEOF @@ -3218,6 +3220,16 @@ fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for zlib support" >&5 +$as_echo_n "checking for zlib support... " >&6; } +# Check whether --enable-zlib was given. +if test "${enable_zlib+set}" = set; then : + enableval=$enable_zlib; +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_zlib" >&5 +$as_echo "$enable_zlib" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for file formats in man section 5" >&5 $as_echo_n "checking for file formats in man section 5... " >&6; } # Check whether --enable-fsect-man5 was given. @@ -12812,7 +12824,8 @@ done -for ac_header in zlib.h +if test "$enable_zlib" != "no"; then + for ac_header in zlib.h do : ac_fn_c_check_header_mongrel "$LINENO" "zlib.h" "ac_cv_header_zlib_h" "$ac_includes_default" if test "x$ac_cv_header_zlib_h" = xyes; then : @@ -12824,6 +12837,7 @@ done +fi ac_fn_c_check_type "$LINENO" "sig_t" "ac_cv_type_sig_t" " #ifdef HAVE_SIGNAL_H #include @@ -14385,9 +14399,23 @@ fi +ac_fn_c_check_func "$LINENO" "dprintf" "ac_cv_func_dprintf" +if test "x$ac_cv_func_dprintf" = xyes; then : + $as_echo "#define HAVE_DPRINTF 1" >>confdefs.h +else + case " $LIBOBJS " in + *" dprintf.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS dprintf.$ac_objext" + ;; +esac -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for gzopen in -lz" >&5 +fi + + + +if test "$enable_zlib" != "no"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gzopen in -lz" >&5 $as_echo_n "checking for gzopen in -lz... " >&6; } if ${ac_cv_lib_z_gzopen+:} false; then : $as_echo_n "(cached) " >&6 @@ -14432,6 +14460,7 @@ fi +fi if test "$MINGW" = 1; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for regexec in -lgnurx" >&5 $as_echo_n "checking for regexec in -lgnurx... " >&6; } @@ -14491,6 +14520,16 @@ fi +if test "$enable_zlib" = "yes"; then + if test "$ac_cv_header_zlib_h$ac_cv_lib_z_gzopen" != "yesyes"; then + as_fn_error $? "zlib support requested but not found" "$LINENO" 5 + fi +elif test "$ac_cv_header_zlib_h$ac_cv_lib_z_gzopen" = "yesyes"; then + +$as_echo "#define ZLIBSUPPORT 1" >>confdefs.h + +fi + ac_config_files="$ac_config_files Makefile src/Makefile magic/Makefile tests/Makefile doc/Makefile python/Makefile" cat >confcache <<\_ACEOF @@ -15036,7 +15075,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by file $as_me 5.25, which was +This file was extended by file $as_me 5.32, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -15102,7 +15141,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -file config.status 5.25 +file config.status 5.32 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" --- contrib/file/configure.ac.orig +++ contrib/file/configure.ac @@ -1,5 +1,5 @@ dnl Process this file with autoconf to produce a configure script. -AC_INIT([file],[5.25],[christos@astron.com]) +AC_INIT([file],[5.32],[christos@astron.com]) AM_INIT_AUTOMAKE([subdir-objects foreign]) m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])]) @@ -34,6 +34,11 @@ AC_DEFINE([ELFCORE], 1, [Define for ELF core file support]) ]) +AC_MSG_CHECKING(for zlib support) +AC_ARG_ENABLE(zlib, +[AS_HELP_STRING([--disable-zlib], [disable zlib compression support @<:@default=auto@:>@])]) +AC_MSG_RESULT($enable_zlib) + AC_MSG_CHECKING(for file formats in man section 5) AC_ARG_ENABLE(fsect-man5, [ --enable-fsect-man5 enable file formats in man section 5], @@ -84,7 +89,9 @@ AC_CHECK_HEADERS(stddef.h utime.h wchar.h wctype.h limits.h) AC_CHECK_HEADERS(getopt.h err.h xlocale.h signal.h) AC_CHECK_HEADERS(sys/mman.h sys/stat.h sys/types.h sys/utime.h sys/time.h) -AC_CHECK_HEADERS(zlib.h) +if test "$enable_zlib" != "no"; then + AC_CHECK_HEADERS(zlib.h) +fi AC_CHECK_TYPE([sig_t],[AC_DEFINE([HAVE_SIG_T],1,[Have sig_t type])],,[ #ifdef HAVE_SIGNAL_H #include @@ -145,10 +152,12 @@ AC_CHECK_FUNCS(strerror strndup strtoul mkstemp mkostemp utimes utime wcwidth strtof newlocale uselocale freelocale setlocale) dnl Provide implementation of some required functions if necessary -AC_REPLACE_FUNCS(getopt_long asprintf vasprintf strlcpy strlcat getline ctime_r asctime_r localtime_r gmtime_r pread strcasestr fmtcheck) +AC_REPLACE_FUNCS(getopt_long asprintf vasprintf strlcpy strlcat getline ctime_r asctime_r localtime_r gmtime_r pread strcasestr fmtcheck dprintf) dnl Checks for libraries -AC_CHECK_LIB(z,gzopen) +if test "$enable_zlib" != "no"; then + AC_CHECK_LIB(z, gzopen) +fi if test "$MINGW" = 1; then AC_CHECK_LIB(gnurx,regexec,,AC_MSG_ERROR([libgnurx is required to build file(1) with MinGW])) fi @@ -156,5 +165,14 @@ dnl See if we are cross-compiling AM_CONDITIONAL(IS_CROSS_COMPILE, test "$cross_compiling" = yes) +dnl Final sanity checks +if test "$enable_zlib" = "yes"; then + if test "$ac_cv_header_zlib_h$ac_cv_lib_z_gzopen" != "yesyes"; then + AC_MSG_ERROR([zlib support requested but not found]) + fi +elif test "$ac_cv_header_zlib_h$ac_cv_lib_z_gzopen" = "yesyes"; then + AC_DEFINE([ZLIBSUPPORT], 1, [Enable zlib compression support]) +fi + AC_CONFIG_FILES([Makefile src/Makefile magic/Makefile tests/Makefile doc/Makefile python/Makefile]) AC_OUTPUT --- contrib/file/doc/file.man.orig +++ contrib/file/doc/file.man @@ -1,5 +1,5 @@ -.\" $File: file.man,v 1.118 2015/09/11 17:24:09 christos Exp $ -.Dd September 11, 2015 +.\" $File: file.man,v 1.125 2017/01/03 11:24:46 christos Exp $ +.Dd October 19, 2016 .Dt FILE __CSECTION__ .Os .Sh NAME @@ -8,7 +8,7 @@ .Sh SYNOPSIS .Nm .Bk -words -.Op Fl bcEhiklLNnprsvzZ0 +.Op Fl bcdEhiklLNnprsvzZ0 .Op Fl Fl apple .Op Fl Fl extension .Op Fl Fl mime-encoding @@ -181,6 +181,8 @@ This is usually used in conjunction with the .Fl m flag to debug a new magic file before installing it. +.It Fl d +Prints internal debugging information to stderr. .It Fl E On filesystem errors (file not found etc), instead of handling the error as regular output as POSIX mandates and keep going, issue an error message @@ -208,11 +210,15 @@ .It compress Checks for, and looks inside, compressed files. .It elf -Prints ELF file details. +Prints ELF file details, provided soft magic tests are enabled and the +elf magic is found. .It soft Consults magic files. .It tar Examines tar files. +.It text +A synonym for +.Sq ascii . .El .It Fl Fl extension Print a slash-separated list of valid extensions for the file type found. @@ -232,8 +238,8 @@ to test the standard input, use .Sq - as a filename argument. -Please note that -.Ar namefile +Please note that +.Ar namefile is unwrapped and the enclosed filenames are processed when this option is encountered and before any further options processing is done. This allows one to process multiple lists of files with different command line @@ -309,7 +315,7 @@ never read them. .It Fl P , Fl Fl parameter Ar name=value Set various parameter limits. -.Bl -column "elf_phnum" "Default" "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" -offset indent +.Bl -column "elf_phnum" "Default" "XXXXXXXXXXXXXXXXXXXXXXXXXXX" -offset indent .It Sy "Name" Ta Sy "Default" Ta Sy "Explanation" .It Li indir Ta 15 Ta recursion limit for indirect magic .It Li name Ta 30 Ta use count limit for name/use magic @@ -317,6 +323,7 @@ .It Li elf_phnum Ta 128 Ta max ELF program sections processed .It Li elf_shnum Ta 32768 Ta max ELF sections processed .It Li regex Ta 8192 Ta length limit for regex searches +.It Li bytes Ta 1048576 Ta max number of bytes to read from file .El .It Fl r , Fl Fl raw Don't translate unprintable characters to \eooo. @@ -358,6 +365,11 @@ .Xr cut 1 the output. This does not affect the separator, which is still printed. +.Pp +If this option is repeated more than once, then +.Nm +prints just the filename followed by a NUL followed by the description +(or ERROR: text) followed by a second NUL for each entry. .It Fl -help Print a help message and exit. .El @@ -399,10 +411,10 @@ .Fl h options. .Sh SEE ALSO -.Xr magic __FSECTION__ , .Xr hexdump 1 , .Xr od 1 , .Xr strings 1 , +.Xr magic __FSECTION__ , .Xr fstyp 8 .Sh STANDARDS CONFORMANCE This program is believed to exceed the System V Interface Definition @@ -519,16 +531,15 @@ the first version. Geoff Collyer found several inadequacies and provided some magic file entries. -Contributions by the +Contributions of the .Sq \*[Am] operator by Rob McMahon, .Aq cudcv@warwick.ac.uk , 1989. .Pp -Guy Harris, +Guy Harris, .Aq guy@netapp.com , made many changes from 1993 to the present. -1989. .Pp Primary development and maintenance from 1990 to the present by Christos Zoulas @@ -576,7 +587,6 @@ .Nm returns 0 on success, and non-zero on error. .Sh BUGS -.Pp Please report bugs and send patches to the bug tracker at .Pa http://bugs.gw.com/ or the mailing list at @@ -585,7 +595,6 @@ .Pa http://mx.gw.com/mailman/listinfo/file first to subscribe). .Sh TODO -.Pp Fix output so that tests for MIME and APPLE flags are not needed all over the place, and actual output is only done in one place. This needs a design. @@ -634,16 +643,16 @@ .Dq name and .Dq use -to check for consistency at compile time (duplicate +to check for consistency at compile time (duplicate .Dq name , .Dq use pointing to undefined .Dq name ). -Make +Make .Dq name / -.Dq use +.Dq use more efficient by keeping a sorted list of names. Special-case ^ to flip endianness in the parser so that it does not have to be escaped, and document it. --- contrib/file/doc/libmagic.man.orig +++ contrib/file/doc/libmagic.man @@ -1,4 +1,4 @@ -.\" $File: libmagic.man,v 1.38 2015/09/11 17:24:09 christos Exp $ +.\" $File: libmagic.man,v 1.41 2017/05/23 21:54:07 christos Exp $ .\" .\" Copyright (c) Christos Zoulas 2003. .\" All Rights Reserved. @@ -25,7 +25,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd September 11, 2015 +.Dd May 23, 2017 .Dt LIBMAGIC 3 .Os .Sh NAME @@ -35,6 +35,7 @@ .Nm magic_errno , .Nm magic_descriptor , .Nm magic_buffer , +.Nm magic_getflags , .Nm magic_setflags , .Nm magic_check , .Nm magic_compile , @@ -64,6 +65,8 @@ .Ft const char * .Fn magic_buffer "magic_t cookie" "const void *buffer" "size_t length" .Ft int +.Fn magic_getflags "magic_t cookie" +.Ft int .Fn magic_setflags "magic_t cookie" "int flags" .Ft int .Fn magic_check "magic_t cookie" "const char *filename" @@ -206,6 +209,12 @@ bytes size. .Pp The +.Fn magic_getflags +functions returns a value representing current +.Ar flags +set. +.Pp +The .Fn magic_setflags function sets the .Ar flags @@ -225,7 +234,7 @@ .Pp The .Fn magic_compile -function can be used to compile the the colon +function can be used to compile the colon separated list of database files passed in as .Ar filename , or @@ -251,7 +260,7 @@ .Pp The .Fn magic_load -function must be used to load the the colon +function must be used to load the colon separated list of database files passed in as .Ar filename , or @@ -282,7 +291,7 @@ .Fn magic_getparam and .Fn magic_setparam -allow getting and setting various limits related to the the magic +allow getting and setting various limits related to the magic library. .Bl -column "MAGIC_PARAM_ELF_PHNUM_MAX" "size_t" "Default" -offset indent .It Sy "Parameter" Ta Sy "Type" Ta Sy "Default" @@ -292,6 +301,7 @@ .It Li MAGIC_PARAM_ELF_PHNUM_MAX Ta size_t Ta 128 .It Li MAGIC_PARAM_ELF_SHNUM_MAX Ta size_t Ta 32768 .It Li MAGIC_PARAM_REGEX_MAX Ta size_t Ta 8192 +.It Li MAGIC_PARAM_BYTES_MAX Ta size_t Ta 1048576 .El .Pp The --- contrib/file/doc/magic.man.orig +++ contrib/file/doc/magic.man @@ -1,5 +1,5 @@ -.\" $File: magic.man,v 1.86 2015/09/08 13:48:44 christos Exp $ -.Dd January 1, 2015 +.\" $File: magic.man,v 1.91 2017/02/12 15:30:08 christos Exp $ +.Dd February 12, 2017 .Dt MAGIC __FSECTION__ .Os .\" install as magic.4 on USG, magic.5 on V7, Berkeley and Linux systems. @@ -7,7 +7,7 @@ .Nm magic .Nd file command's magic pattern file .Sh DESCRIPTION -This manual page documents the format of the magic file as +This manual page documents the format of magic files as used by the .Xr file __CSECTION__ command, version __VERSION__. @@ -17,13 +17,19 @@ among other tests, a test for whether the file contains certain .Dq "magic patterns" . -The file -.Pa __MAGIC__ -specifies what patterns are to be tested for, what message or +The database of these +.Dq "magic patterns" +is usually located in a binary file in +.Pa __MAGIC__.mgc +or a directory of source text magic pattern fragment files in +.Pa __MAGIC__ . +The database specifies what patterns are to be tested for, what message or MIME type to print if a particular pattern is found, and additional information to extract from the file. .Pp -Each line of the file specifies a test to be performed. +The format of the source fragment files that are used to build this database +is as follows: +Each line of a fragment file specifies a test to be performed. A test compares the data starting at a particular offset in the file with a byte value, a string or a numeric value. If the test succeeds, a message is printed. @@ -98,13 +104,13 @@ .It B A byte length (default). .It H +A 4 byte big endian length. +.It h A 2 byte big endian length. -.It h -A 2 byte big little length. .It L -A 4 byte big endian length. +A 4 byte little endian length. .It l -A 4 byte big little length. +A 2 byte little endian length. .It J The length includes itself in its count. .El @@ -535,7 +541,7 @@ The value at that offset is read, and is used again as an offset in the file. Indirect offsets are of the form: -.Em (( x [.[bislBISL]][+\-][ y ]) . +.Em (( x [[.,][bislBISL]][+\-][ y ]) . The value of .Em x is used as an offset in the file. @@ -542,6 +548,11 @@ A byte, id3 length, short or long is read at that offset depending on the .Em [bislBISLm] type specifier. +The value is treated as signed if +.Dq , +is specified or unsigned if +.Dq . +is specified. The capitalized types interpret the number as a big endian value, whereas the small letter versions interpret the number as a little endian value; @@ -564,9 +575,9 @@ \*[Gt]\*[Gt](0x3c.l) string LX\e0\e0 LX executable (OS/2) .Ed .Pp -This strategy of examining has a drawback: You must make sure that -you eventually print something, or users may get empty output (like, when -there is neither PE\e0\e0 nor LE\e0\e0 in the above example) +This strategy of examining has a drawback: you must make sure that you +eventually print something, or users may get empty output (such as when +there is neither PE\e0\e0 nor LE\e0\e0 in the above example). .Pp If this indirect offset cannot be used directly, simple calculations are possible: appending @@ -646,7 +657,7 @@ \*[Gt]\*[Gt]\*[Gt]\*[Gt](\*[Am]0xe.l+(-4)) string PK\e3\e4 \eb, ZIP self-extracting archive .Ed .Pp -If you have a list of known avalues at a particular continuation level, +If you have a list of known values at a particular continuation level, and you want to provide a switch-like default case: .Bd -literal -offset indent # clear that continuation level match --- contrib/file/ltmain.sh.orig +++ contrib/file/ltmain.sh @@ -9432,7 +9432,8 @@ # Directory that this library needs to be installed in: libdir='$install_libdir'" - if test "$installed" = no && test "$need_relink" = yes; then + if test "$installed" = no && test "$need_relink" = yes && \ + test -n "$relink_command"; then $ECHO >> $output "\ relink_command=\"$relink_command\"" fi --- contrib/file/magic/Localstuff.orig +++ contrib/file/magic/Localstuff @@ -2,6 +2,6 @@ #------------------------------------------------------------------------------ # Localstuff: file(1) magic for locally observed files # -# $File: Localstuff,v 1.4 2003/03/23 04:17:27 christos Exp $ +# $File: Localstuff,v 1.5 2007/01/12 17:38:27 christos Exp $ # Add any locally observed files here. Remember: # text if readable, executable if runnable binary, data if unreadable. --- contrib/file/magic/Magdir/adventure.orig +++ contrib/file/magic/Magdir/adventure @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: adventure,v 1.15 2015/09/07 10:03:21 christos Exp $ +# $File: adventure,v 1.17 2017/07/03 16:03:40 christos Exp $ # adventure: file(1) magic for Adventure game files # # from Allen Garvin @@ -36,11 +36,12 @@ >0 ubyte <9 >>16 belong&0xfe00f0f0 0x3030 >>>0 ubyte < 10 ->>>>2 ubeshort < 10 +>>>>2 ubeshort x >>>>>18 regex [0-9][0-9][0-9][0-9][0-9][0-9] ->>>>>>0 ubyte < 10 Infocom (Z-machine %d, ->>>>>>>2 ubeshort < 10 Release %d / ->>>>>>>>18 string >\0 Serial %.6s) +>>>>>>0 ubyte < 10 Infocom (Z-machine %d +>>>>>>>2 ubeshort x \b, Release %d +>>>>>>>>18 string >\0 \b, Serial %.6s +>>>>>>>>18 string x \b) !:strength + 40 !:mime application/x-zmachine @@ -78,7 +79,7 @@ !:mime application/x-tads # Some saved game files start with "TADS2 save/g\n\r\032\0", a little-endian # 2-byte length N, the N-char name of the game file *without* a NUL (darn!), -# "TADS2 save\n\r\032\0" and the interpreter version. +# "TADS2 save\n\r\032\0" and the interpreter version. 0 string TADS2\ save/g TADS >12 belong !0x0A0D1A00 saved game data, CORRUPTED >12 belong 0x0A0D1A00 @@ -109,7 +110,7 @@ # edited by David Griffith # Danny Milosavljevic # These are ADRIFT (adventure game standard) game files, extension .taf -# Checked from source at (http://www.adrift.co/) and various taf files +# Checked from source at (http://www.adrift.co/) and various taf files # found at the Interactive Fiction Archive (http://ifarchive.org/) 0 belong 0x3C423FC9 >4 belong 0x6A87C2CF Adrift game file version --- contrib/file/magic/Magdir/algol68.orig +++ contrib/file/magic/Magdir/algol68 @@ -0,0 +1,19 @@ + +#------------------------------------------------------------------------------ +# $File: algol68,v 1.2 2016/10/17 14:17:48 christos Exp $ +# algol68: file(1) magic for Algol 68 source +# +0 search/8192 (input, Algol 68 source text +!:mime text/x-Algol68 +0 regex \^PROC Algol 68 source text +!:mime text/x-Algol68 +0 regex MODE[\t\ ] Algol 68 source text +!:mime text/x-Algol68 +0 regex REF[\t\ ] Algol 68 source text +!:mime text/x-Algol68 +0 regex FLEX[\t\ ]\*\\[ Algol 68 source text +!:mime text/x-Algol68 +#0 regex [\t\ ]OD Algol 68 source text +#!:mime text/x-Algol68 +#0 regex [\t\ ]FI Algol 68 source text +#!:mime text/x-Algol68 --- contrib/file/magic/Magdir/amanda.orig +++ contrib/file/magic/Magdir/amanda @@ -1,9 +1,9 @@ #------------------------------------------------------------------------------ -# $File: amanda,v 1.5 2009/09/19 16:28:07 christos Exp $ +# $File: amanda,v 1.6 2017/03/17 21:35:28 christos Exp $ # amanda: file(1) magic for amanda file format # -0 string AMANDA:\ AMANDA +0 string AMANDA:\ AMANDA >8 string TAPESTART\ DATE tape header file, >>23 string X >>>25 string >\ Unused %s --- contrib/file/magic/Magdir/amigaos.orig +++ contrib/file/magic/Magdir/amigaos @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: amigaos,v 1.15 2012/06/21 01:13:59 christos Exp $ +# $File: amigaos,v 1.16 2017/03/17 21:35:28 christos Exp $ # amigaos: file(1) magic for AmigaOS binary formats: # @@ -11,7 +11,7 @@ 0 belong 0x000003e7 AmigaOS object/library data # 0 beshort 0xe310 Amiga Workbench ->2 beshort 1 +>2 beshort 1 >>48 byte 1 disk icon >>48 byte 2 drawer icon >>48 byte 3 tool icon @@ -49,7 +49,7 @@ 0 string/c @database AmigaGuide file # Amiga disk types -# +# 0 string RDSK Rigid Disk Block >160 string x on %.24s 0 string DOS\0 Amiga DOS disk --- contrib/file/magic/Magdir/android.orig +++ contrib/file/magic/Magdir/android @@ -1,6 +1,6 @@ #------------------------------------------------------------ -# $File: android,v 1.8 2015/03/19 18:04:37 christos Exp $ +# $File: android,v 1.10 2017/03/17 21:35:28 christos Exp $ # Various android related magic entries #------------------------------------------------------------ @@ -61,9 +61,9 @@ # http://forum.xda-developers.com/showthread.php?t=816449 # Partition Information Table for Samsung's smartphone with Android # used by flash software Odin -0 ulelong 0x12349876 +0 ulelong 0x12349876 # 1st pit entry marker ->0x01C ulequad&0xFFFFFFFCFFFFFFFC =0x0000000000000000 +>0x01C ulequad&0xFFFFFFFCFFFFFFFC =0x0000000000000000 # minimal 13 and maximal 18 PIT entries found >>4 ulelong <128 Partition Information Table for Samsung smartphone >>>4 ulelong x \b, %d entries @@ -109,9 +109,9 @@ 0 name PIT-entry # garbage value implies end of pit entries ->0x00 ulequad&0xFFFFFFFCFFFFFFFC =0x0000000000000000 +>0x00 ulequad&0xFFFFFFFCFFFFFFFC =0x0000000000000000 # skip empty partition name ->>0x24 ubyte !0 +>>0x24 ubyte !0 # partition name >>>0x24 string >\0 %-.32s # flags @@ -122,13 +122,13 @@ >>>0x08 ulelong x (0x%x) # filename >>>0x44 string >\0 "%-.64s" -#>>>0x18 ulelong >0 +#>>>0x18 ulelong >0 # blocksize in 512 byte units ? #>>>>0x18 ulelong x \b, %db # partition size in blocks ? #>>>>0x22 ulelong x \b*%d -# Android bootimg format +# Android sparse img format # From https://android.googlesource.com/\ # platform/system/core/+/master/libsparse/sparse_format.h 0 lelong 0xed26ff3a Android sparse image --- contrib/file/magic/Magdir/animation.orig +++ contrib/file/magic/Magdir/animation @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: animation,v 1.56 2014/10/23 23:12:51 christos Exp $ +# $File: animation,v 1.63 2017/05/26 14:33:07 christos Exp $ # animation: file(1) magic for animation/movie formats # # animation formats @@ -34,14 +34,23 @@ !:mime image/jp2 # http://www.ftyps.com/ with local additions 4 string ftyp ISO Media +# http://aeroquartet.com/wordpress/2016/03/05/3-xavc-s/ +>8 string XAVC \b, MPEG v4 system, Sony XAVC Codec +>>96 string x \b, Audio "%.4s" +>>118 beshort x at %dHz +>>140 string x \b, Video "%.4s" +>>168 beshort x %d +>>170 beshort x \bx%d >8 string 3g2 \b, MPEG v4 system, 3GPP2 !:mime video/3gpp2 >>11 byte 4 \b v4 (H.263/AMR GSM 6.10) >>11 byte 5 \b v5 (H.263/AMR GSM 6.10) >>11 byte 6 \b v6 (ITU H.264/AMR GSM 6.10) ->>11 byte a \b C.S0050-0 V1.0 ->>11 byte b \b C.S0050-0-A V1.0.0 ->>11 byte c \b C.S0050-0-B V1.0 +# http://www.3gpp2.org/Public_html/Specs/C.S0050-B_v1.0_070521.pdf +# Section 8.1.1, corresponds to a, b, c +>>11 byte 0x61 \b C.S0050-0 V1.0 +>>11 byte 0x62 \b C.S0050-0-A V1.0.0 +>>11 byte 0x63 \b C.S0050-0-B V1.0 >8 string 3ge \b, MPEG v4 system, 3GPP !:mime video/3gpp >>11 byte 6 \b, Release 6 MBMS Extended Presentations @@ -76,6 +85,8 @@ >8 string da2b \b, DMB MAF, ext da2a, with 3GPP timed text, DID, TVA, REL, IPMP >8 string da3a \b, DMB MAF aud with HE-AAC aud, JPG/PNG/MNG images >8 string da3b \b, DMB MAF, ext da3a w/ BIFS, 3GPP, DID, TVA, REL, IPMP +>8 string dash \b, MPEG v4 system, Dynamic Adaptive Streaming over HTTP +!:mime video/mp4 >8 string dmb1 \b, DMB MAF supporting all the components defined in the spec >8 string dmpf \b, Digital Media Project >8 string drc1 \b, Dirac (wavelet compression), encap in ISO base media (MP4) @@ -184,13 +195,13 @@ # MPEG sequences # Scans for all common MPEG header start codes -0 belong 0x00000001 +0 belong 0x00000001 >4 byte&0x1F 0x07 JVT NAL sequence, H.264 video >>5 byte 66 \b, baseline >>5 byte 77 \b, main >>5 byte 88 \b, extended >>7 byte x \b @ L %u -0 belong&0xFFFFFF00 0x00000100 +0 belong&0xFFFFFF00 0x00000100 >3 byte 0xBA MPEG sequence !:mime video/mpeg >>4 byte &0x40 \b, v2, program multiplex @@ -491,8 +502,8 @@ # GRR the original test are too common for many DOS files, so test 32 <= kbits <= 448 # GRR this test is still too general as it catches a BOM of UTF-16 files (0xFFFE) # FIXME: Almost all little endian UTF-16 text with BOM are clobbered by these entries -#0 beshort&0xFFFE 0xFFFE -#>2 ubyte&0xF0 >0x0F +#0 beshort&0xFFFE 0xFFFE +#>2 ubyte&0xF0 >0x0F #>>2 ubyte&0xF0 <0xE1 MPEG ADTS, layer I, v1 ## rate #>>>2 byte&0xF0 0x10 \b, 32 kbps @@ -564,9 +575,9 @@ # MP2, M2A 0 beshort&0xFFFE 0xFFF4 MPEG ADTS, layer II, v2 !:mime audio/mpeg -# rate +# rate >2 byte&0xF0 0x10 \b, 8 kbps ->2 byte&0xF0 0x20 \b, 16 kbps +>2 byte&0xF0 0x20 \b, 16 kbps >2 byte&0xF0 0x30 \b, 24 kbps >2 byte&0xF0 0x40 \b, 32 kbps >2 byte&0xF0 0x50 \b, 40 kbps @@ -634,7 +645,7 @@ # MP3, M25A 0 beshort&0xFFFE 0xFFE2 MPEG ADTS, layer III, v2.5 !:mime audio/mpeg -# rate +# rate >2 byte&0xF0 0x10 \b, 8 kbps >2 byte&0xF0 0x20 \b, 16 kbps >2 byte&0xF0 0x30 \b, 24 kbps @@ -853,10 +864,12 @@ # X3D (Extensible 3D) [http://www.web3d.org/specifications/x3d-3.0.dtd] # From Michel Briand -0 string/t \20 search/1000/cw \20 search/1000/w \4 lelong x %d x >8 lelong x %d, >12 lelong x %d frames + +# Material Exchange Format +# More information: +# https://en.wikipedia.org/wiki/Material_Exchange_Format +# http://www.freemxf.org/ +0 string \x06\x0e\x2b\x34\x02\x05\x01\x01\x0d\x01\x02\x01\x01\x02 Material exchange container format +!:ext mxf +!:mime application/mxf --- contrib/file/magic/Magdir/apache.orig +++ contrib/file/magic/Magdir/apache @@ -0,0 +1,28 @@ + +#------------------------------------------------------------------------------ +# $File: apache,v 1.1 2017/04/11 14:52:15 christos Exp $ +# apache: file(1) magic for Apache Big Data formats + +# Avro files +0 string Obj Apache Avro +>3 byte x version %d + +# ORC files +# Important information is in file footer, which we can't index to :( +0 string ORC Apache ORC + +# Parquet files +0 string PAR1 Apache Parquet + +# Hive RC files +0 string RCF Apache Hive RC file +>3 byte x version %d + +# Sequence files (and the careless first version of RC file) + +0 string SEQ +>3 byte <6 Apache Hadoop Sequence file version %d +>3 byte >6 Apache Hadoop Sequence file version %d +>3 byte =6 +>>5 string org.apache.hadoop.hive.ql.io.RCFile$KeyBuffer Apache Hive RC file version 0 +>>3 default x Apache Hadoop Sequence file version 6 --- contrib/file/magic/Magdir/apple.orig +++ contrib/file/magic/Magdir/apple @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: apple,v 1.31 2015/08/29 07:10:35 christos Exp $ +# $File: apple,v 1.36 2017/03/17 21:35:28 christos Exp $ # apple: file(1) magic for Apple file formats # 0 search/1/t FiLeStArTfIlEsTaRt binscii (apple ][) text @@ -65,19 +65,49 @@ # Eric Fischer # AppleWorks word processor: -# -# This matches the standard tab stops for an AppleWorks file, but if -# a file has a tab stop set in the first four columns this will fail. -# +# URL: https://en.wikipedia.org/wiki/AppleWorks +# Reference: http://www.gno.org/pub/apple2/doc/apple/filetypes/ftn.1a.xxxx +# Update: Joerg Jenderek +# NOTE: # The "O" is really the magic number, but that's so common that it's # necessary to check the tab stops that follow it to avoid false positives. +# and/or look for unused bits of booleans bytes like zoom, paginated, mail merge +# the newer AppleWorks is from claris with extension CWK +4 string O +# test for unused bits of zoom- , paginated-boolean bytes +>84 ubequad ^0x00Fe00000000Fe00 +# look for tabstop definitions "=" no tab, "|" no tab +# "<" left tab,"^" center tab,">" right tab, "." decimal tab, +# unofficial "!" other , "\x8a" other +# official only if SFMinVers is nonzero +>>5 regex/s [=.<>|!^\x8a]{79} AppleWorks Word Processor +# AppleWorks Word Processor File (Apple II) +# ./apple (version 5.25) labeled the entry as "AppleWorks word processor data" +# application/x-appleworks is mime type for claris version with cwk extension +!:mime application/x-appleworks3 +# http://home.earthlink.net/~hughhood/appleiiworksenvoy/ +# ('p' + 1-byte ProDOS File Type + 2-byte ProDOS Aux Type') +# $70 $1A $F8 $FF is this the apple type ? +#:apple pdospøÿ +!:ext awp +# minimum version needed to read this files. SFMinVers (0 , 30~3.0 ) +>>>183 ubyte 30 3.0 +>>>183 ubyte !30 +>>>>183 ubyte !0 0x%x +# usual tabstop start sequence "=====<" +>>>5 string x \b, tabstop ruler "%6.6s" +# tabstop ruler +#>>>5 string >\0 \b, tabstops "%-79s" +# zoom switch +>>>85 byte&0x01 >0 \b, zoomed +# whether paginated +>>>90 byte&0x01 >0 \b, paginated +# contains any mail-merge commands +>>>92 byte&0x01 >0 \b, with mail merge +# left margin in 1/10 inches ( normally 0 or 10 ) +>>>91 ubyte >0 +>>>>91 ubyte x \b, %d/10 inch left margin -4 string O==== AppleWorks word processor data ->85 byte&0x01 >0 \b, zoomed ->90 byte&0x01 >0 \b, paginated ->92 byte&0x01 >0 \b, with mail merge -#>91 byte x \b, left margin %d - # AppleWorks database: # # This isn't really a magic number, but it's the closest thing to one @@ -110,13 +140,13 @@ # GRR: this test is still too general as it catches also Gujin BOOT144.SYS (0xfa080000) #0 belong&0xff00ff 0x80000 Applesoft BASIC program data -0 belong&0x00ff00ff 0x00080000 +0 belong&0x00ff00ff 0x00080000 # assuming that line number must be positive >2 leshort >0 Applesoft BASIC program data, first line number %d #>2 leshort x \b, first line number %d # ORCA/EZ assembler: -# +# # This will not identify ORCA/M source files, since those have # some sort of date code instead of the two zero bytes at 6 and 7 # XXX Conflicts with ELF @@ -156,11 +186,11 @@ # From Johan Gade. # These entries are disabled for now until we fix the following issues. # -# Note there might be some problems with the "VAX COFF executable" -# entry. Note this entry should be placed before the mac filesystem section, +# Note there might be some problems with the "VAX COFF executable" +# entry. Note this entry should be placed before the mac filesystem section, # particularly the "Apple Partition data" entry. # -# The intended meaning of these tests is, that the file is only of the +# The intended meaning of these tests is, that the file is only of the # specified type if both of the lines are correct - i.e. if the first # line matches and the second doesn't then it is not of that type. # @@ -167,7 +197,7 @@ #0 long 0x7801730d #>4 long 0x62626060 UDIF read-only zlib-compressed image (UDZO) # -# Note that this entry is recognized correctly by the "Apple Partition +# Note that this entry is recognized correctly by the "Apple Partition # data" entry - however since this entry is more specific - this # information seems to be more useful. #0 long 0x45520200 @@ -255,49 +285,118 @@ # .vdi 4 string innotek\ VirtualBox\ Disk\ Image %s -# Apple disk partition stuff, strengthen the magic using byte 4 +# Apple disk partition stuff +# URL: https://en.wikipedia.org/wiki/Apple_Partition_Map +# Reference: https://ftp.netbsd.org/pub/NetBSD/NetBSD-current/src/sys/sys/bootblock.h +# Update: Joerg Jenderek +# "ER" is APPLE_DRVR_MAP_MAGIC signature 0 beshort 0x4552 ->4 byte 0 Apple Driver Map +# display Apple Driver Map (strength=50) after Syslinux bootloader (71) +#!:strength +0 +# strengthen the magic by looking for used blocksizes 512 2048 +>2 ubeshort&0xf1FF 0 Apple Driver Map +# last 6 bytes for padding found are 0 or end with 55AAh marker for MBR hybrid +#>>504 ubequad&0x0000FFffFFff0000 0 +!:mime application/x-apple-diskimage +!:apple ????devr +# https://en.wikipedia.org/wiki/Apple_Disk_Image +!:ext dmg/iso +# sbBlkSize for driver descriptor map 512 2048 >>2 beshort x \b, blocksize %d ->>4 belong x \b, blockcount %d ->>10 beshort x \b, devtype %d ->>12 beshort x \b, devid %d ->>20 beshort x \b, descriptors %d -# Assume 8 partitions each at a multiple of the sector size. -# We could glean this from the partition descriptors, but they are empty!?!? ->>(2.S*1) indirect x \b, contains[@0x%x]: ->>(2.S*2) indirect x \b, contains[@0x%x]: ->>(2.S*3) indirect x \b, contains[@0x%x]: ->>(2.S*4) indirect x \b, contains[@0x%x]: ->>(2.S*5) indirect x \b, contains[@0x%x]: ->>(2.S*6) indirect x \b, contains[@0x%x]: ->>(2.S*7) indirect x \b, contains[@0x%x]: ->>(2.S*8) indirect x \b, contains[@0x%x]: +# sbBlkCount sometimes garbish like +# 0xb0200000 for unzlibed install_flash_player_19.0.0.245_osx.dmg +# 0xf2720100 for bunziped Firefox 48.0-2.dmg +# 0xeb02ffff for super_grub2_disk_hybrid_2.02s3.iso +# 0x00009090 by syslinux-6.03/utils/isohybrid.c +>>4 ubelong x \b, blockcount %u +# following device/driver information not very useful +# device type 0 1 (37008 garbage for super_grub2_disk_hybrid_2.02s3.iso) +>>8 ubeshort x \b, devtype %u +# device id 0 1 (37008 garbage for super_grub2_disk_hybrid_2.02s3.iso) +>>10 ubeshort x \b, devid %u +# driver data 0 (2425393296 garbage for super_grub2_disk_hybrid_2.02s3.iso) +>>12 ubelong >0 +>>>12 ubelong x \b, driver data %u +# number of driver descriptors sbDrvrCount <= 61 +# (37008 garbage for super_grub2_disk_hybrid_2.02s3.iso) +>>16 ubeshort x \b, driver count %u +# 61 * apple_drvr_descriptor[8]. information not very useful or same as in partition map +# >>18 use apple-driver-map +# >>26 use apple-driver-map +# # ... +# >>500 use apple-driver-map +# number of partitions is always same in every partition (map block count) +#>>0x0204 ubelong x \b, %u partitions +>>0x0204 ubelong >0 \b, contains[@0x200]: +>>>0x0200 use apple-apm +>>0x0204 ubelong >1 \b, contains[@0x400]: +>>>0x0400 use apple-apm +>>0x0204 ubelong >2 \b, contains[@0x600]: +>>>0x0600 use apple-apm +>>0x0204 ubelong >3 \b, contains[@0x800]: +>>>0x0800 use apple-apm +>>0x0204 ubelong >4 \b, contains[@0xA00]: +>>>0x0A00 use apple-apm +>>0x0204 ubelong >5 \b, contains[@0xC00]: +>>>0x0C00 use apple-apm +>>0x0204 ubelong >6 \b, contains[@0xE00]: +>>>0x0E00 use apple-apm +>>0x0204 ubelong >7 \b, contains[@0x1000]: +>>>0x1000 use apple-apm +# display apple driver descriptor map (start-block, # blocks in sbBlkSize sizes, type) +0 name apple-driver-map +>0 ubequad !0 +# descBlock first block of driver +>>0 ubelong x \b, driver start block %u +# descSize driver size in blocks +>>4 ubeshort x \b, size %u +# descType driver system type 1 701h F8FFh FFFFh +>>6 ubeshort x \b, type 0x%x -# Yes, the 3rd and 4th bytes are reserved, but we use them to make the +# URL: https://en.wikipedia.org/wiki/Apple_Partition_Map +# Reference: http://opensource.apple.com/source/IOStorageFamily/IOStorageFamily-116/IOApplePartitionScheme.h +# Update: Joerg Jenderek +# Yes, the 3rd and 4th bytes pmSigPad are reserved, but we use them to make the # magic stronger. -0 belong 0x504d0000 Apple Partition Map ->4 belong x \b, map block count %d ->8 belong x \b, start block %d ->12 belong x \b, block count %d ->16 string >0 \b, name %s ->48 string >0 \b, type %s ->124 string >0 \b, processor %s ->140 string >0 \b, boot arguments %s ->92 belong & 1 \b, valid ->92 belong & 2 \b, allocated ->92 belong & 4 \b, in use ->92 belong & 8 \b, has boot info ->92 belong & 16 \b, readable ->92 belong & 32 \b, writable ->92 belong & 64 \b, pic boot code ->92 belong & 128 \b, chain compatible driver ->92 belong & 256 \b, real driver ->92 belong & 512 \b, chain driver ->92 belong & 1024 \b, mount at startup ->92 belong & 2048 \b, is the startup partition +# for apple partition map stored as a single file +0 belong 0x504d0000 +# to display Apple Partition Map (strength=70) after Syslinux bootloader (71) +#!:strength +0 +>0 use apple-apm +# magic/Magdir/apple14.test, 365: Warning: Current entry does not yet have a description for adding a EXTENSION type +# file: could not find any valid magic files! +#!:ext bin +# display apple partition map. Normally called after Apple driver map +0 name apple-apm +>0 belong 0x504d0000 Apple Partition Map +# number of partitions +>>4 ubelong x \b, map block count %u +# logical block (512 bytes) start of partition +>>8 ubelong x \b, start block %u +>>12 ubelong x \b, block count %u +>>16 string >0 \b, name %s +>>48 string >0 \b, type %s +# processor type dpme_process_id[16] e.g. "68000" "68020" +>>120 string >0 \b, processor %s +# A/UX boot arguments BootArgs[128] +>>136 string >0 \b, boot arguments %s +# status of partition dpme_flags +>>88 belong & 1 \b, valid +>>88 belong & 2 \b, allocated +>>88 belong & 4 \b, in use +>>88 belong & 8 \b, has boot info +>>88 belong & 16 \b, readable +>>88 belong & 32 \b, writable +>>88 belong & 64 \b, pic boot code +>>88 belong & 128 \b, chain compatible driver +>>88 belong & 256 \b, real driver +>>88 belong & 512 \b, chain driver +# mount automatically at startup APPLE_PS_AUTO_MOUNT +>>88 ubelong &0x40000000 \b, mount at startup +# is the startup partition APPLE_PS_STARTUP +>>88 ubelong &0x80000000 \b, is the startup partition -#http://wiki.mozilla.org/DS_Store_File_Format` +#http://wiki.mozilla.org/DS_Store_File_Format #http://en.wikipedia.org/wiki/.DS_Store 0 string \0\0\0\1Bud1\0 Apple Desktop Services Store @@ -307,5 +406,28 @@ # extensions rsr/rsrc 0 string \000\000\001\000 >4 leshort 0 ->>16 lelong 0 Apple HFS/HFS+ resource fork +>>16 lelong 0 Apple HFS/HFS+ resource fork +#https://en.wikipedia.org/wiki/AppleScript +0 string FasdUAS AppleScript compiled + +# AppleWorks/ClarisWorks +# https://github.com/joshenders/appleworks_format +# http://fileformats.archiveteam.org/wiki/AppleWorks +0 name appleworks +>0 belong&0x00ffffff 0x07e100 AppleWorks CWK Document +>0 belong&0x00ffffff 0x008803 ClarisWorks CWK Document +>0 default x +>>0 belong x AppleWorks/ClarisWorks CWK Document +>0 byte x \b, version %d +>30 beshort x \b, %d +>32 beshort x \bx%d +!:ext cwk + +4 string BOBO +>0 byte >4 +>>12 belong 0 +>>>26 belong 0 +>>>>0 use appleworks +>0 belong 0x0481ad00 +>>0 use appleworks --- contrib/file/magic/Magdir/application.orig +++ contrib/file/magic/Magdir/application @@ -0,0 +1,7 @@ + +#------------------------------------------------------------------------------ +# $File: application,v 1.1 2016/10/17 12:13:01 christos Exp $ +# application: file(1) magic for applications on small devices +# +# Pebble Application +0 string PBLAPP\000\000 Pebble application --- contrib/file/magic/Magdir/apt.orig +++ contrib/file/magic/Magdir/apt @@ -0,0 +1,52 @@ + +#------------------------------------------------------------------------------ +# $File: apt,v 1.1 2016/10/17 19:51:57 christos Exp $ +# apt: file(1) magic for APT Cache files +# +# + +# before version 10 ("old format"), data was in arch-specific long/short + +# old format 64 bit +0 name apt-cache-64bit-be +>12 beshort 1 \b, dirty +>40 bequad x \b, %llu packages +>48 bequad x \b, %llu versions + +# old format 32 bit +0 name apt-cache-32bit-be +>8 beshort 1 \b, dirty +>40 belong x \b, %u packages +>44 belong x \b, %u versions + +# new format +0 name apt-cache-be +>6 byte 1 \b, dirty +>24 belong x \b, %u packages +>28 belong x \b, %u versions + +0 bequad 0x98FE76DC +>8 ubeshort <10 APT cache data, version %u +>>10 beshort x \b.%u, 64 bit big-endian +>>0 use apt-cache-64bit-be + +0 lequad 0x98FE76DC +>8 uleshort <10 APT cache data, version %u +>>10 leshort x \b.%u, 64 bit little-endian +>>0 use \^apt-cache-64bit-be + +0 belong 0x98FE76DC +>4 ubeshort <10 APT cache data, version %u +>>6 ubeshort x \b.%u, 32 bit big-endian +>>0 use apt-cache-32bit-be +>4 ubyte >9 APT cache data, version %u +>>5 ubyte x \b.%u, big-endian +>>0 use apt-cache-be + +0 lelong 0x98FE76DC +>4 uleshort <10 APT cache data, version %u +>>6 uleshort x \b.%u, 32 bit little-endian +>>0 use \^apt-cache-32bit-be +>4 ubyte >9 APT cache data, version %u +>>5 ubyte x \b.%u, little-endian +>>0 use \^apt-cache-be --- contrib/file/magic/Magdir/archive.orig +++ contrib/file/magic/Magdir/archive @@ -1,5 +1,5 @@ #------------------------------------------------------------------------------ -# $File: archive,v 1.91 2015/09/16 13:49:33 christos Exp $ +# $File: archive,v 1.108 2017/08/30 13:45:10 christos Exp $ # archive: file(1) magic for archive formats (see also "msdos" for self- # extracting compressed archives) # @@ -246,7 +246,15 @@ # BA # TODO: idarc says "bytes 0-2 == bytes 3-5" # TTComp -0 string \0\6 TTComp archive data +# URL: http://fileformats.archiveteam.org/wiki/TTComp_archive +# Update: Joerg Jenderek +# GRR: line below is too general as it matches also Panorama database "TCDB 2003-10 demo.pan", others +0 string \0\6 +# look for first keyword of Panorama database *.pan +>12 search/261 DESIGN +# skip keyword with low entropy +>12 default x TTComp archive, binary, 4K dictionary +# (version 5.25) labeled the above entry as "TTComp archive data" # ESP, could this conflict with Easy Software Products' (e.g.ESP ghostscript) documentation? 0 string ESP ESP archive data # ZPack @@ -439,9 +447,9 @@ 0 string SZ\x0a\4 SZip archive data # XPack DiskImage # *.XDI updated by Joerg Jenderek Sep 2015 -# ftp://ftp.sac.sk/pub/sac/pack/0index.txt +# ftp://ftp.sac.sk/pub/sac/pack/0index.txt # GRR: this test is still too general as it catches also text files starting with jm -0 string jm +0 string jm # only found examples with this additional characteristic 2 bytes >2 string \x2\x4 Xpack DiskImage archive data #!:ext xdi @@ -454,7 +462,7 @@ # ftp://ftp.elf.stuba.sk/pub/pc/pack/xpa32.zip # created by XPA32.EXE version 1.0.2 for Windows >0 string xpa\0\1 \b32 archive data -# created by XPACK.COM version 1.67m or 1.67r with short 0x1800 +# created by XPACK.COM version 1.67m or 1.67r with short 0x1800 >3 ubeshort !0x0001 \bck archive data # XPack Single Data # changed by Joerg Jenderek Sep 2015 back to like in version 5.12 @@ -544,56 +552,213 @@ >>0x36 string >\0 fstype %.8s # LHARC/LHA archiver (Greg Roelofs, newt@uchicago.edu) -2 string -lh0- LHarc 1.x/ARX archive data [lh0] -!:mime application/x-lharc -2 string -lh1- LHarc 1.x/ARX archive data [lh1] -!:mime application/x-lharc -2 string -lz4- LHarc 1.x archive data [lz4] -!:mime application/x-lharc -2 string -lz5- LHarc 1.x archive data [lz5] -!:mime application/x-lharc +# Update: Joerg Jenderek +# URL: https://en.wikipedia.org/wiki/LHA_(file_format) +# Reference: http://web.archive.org/web/20021005080911/http://www.osirusoft.com/joejared/lzhformat.html +# +# check and display information of lharc (LHa,PMarc) file +0 name lharc-file +# check 1st character of method id like -lz4- -lh5- or -pm2- +>2 string - +# check 5th character of method id +>>6 string - +# check header level 0 1 2 3 +>>>20 ubyte <4 +# check 2nd, 3th and 4th character of method id +>>>>3 regex \^(lh[0-9a-ex]|lz[s2-8]|pm[012]|pc1) \b +!:mime application/x-lzh-compressed +# creator type "LHA " +!:apple ????LHA +# display archive type name like "LHa/LZS archive data" or "LArc archive" +>>>>>2 string -lz \b +!:ext lzs +# already known -lzs- -lz4- -lz5- with old names +>>>>>>2 string -lzs LHa/LZS archive data +>>>>>>3 regex \^lz[45] LHarc 1.x archive data +# missing -lz?- with wikipedia names +>>>>>>3 regex \^lz[2378] LArc archive +# display archive type name like "LHa (2.x) archive data" +>>>>>2 string -lh \b +# already known -lh0- -lh1- -lh2- -lh3- -lh4- -lh5- -lh6- -lh7- -lhd- variants with old names +>>>>>>3 regex \^lh[01] LHarc 1.x/ARX archive data +# LHice archiver use ".ICE" as name extension instead usual one ".lzh" +# FOOBAR archiver use ".foo" as name extension instead usual one +# "Florain Orjanov's and Olga Bachetska's ARchiver" not found at the moment +>>>>>>>2 string -lh1 \b +!:ext lha/lzh/ice +>>>>>>3 regex \^lh[23d] LHa 2.x? archive data +>>>>>>3 regex \^lh[7] LHa (2.x)/LHark archive data +>>>>>>3 regex \^lh[456] LHa (2.x) archive data +>>>>>>>2 string -lh5 \b +# https://en.wikipedia.org/wiki/BIOS +# Some mainboard BIOS like Award use LHa compression. So archives with unusal extension are found like +# bios.rom , kd7_v14.bin, 1010.004, ... +!:ext lha/lzh/rom/bin +# missing -lh?- variants (Joe Jared) +>>>>>>3 regex \^lh[89a-ce] LHa (Joe Jared) archive +# UNLHA32 2.67a +>>>>>>2 string -lhx LHa (UNLHA32) archive +# lha archives with standard file name extensions ".lha" ".lzh" +>>>>>>3 regex !\^(lh1|lh5) \b +!:ext lha/lzh +# this should not happen if all -lh variants are described +>>>>>>2 default x LHa (unknown) archive +#!:ext lha +# PMarc +>>>>>3 regex \^pm[012] PMarc archive data +!:ext pma +# append method id without leading and trailing minus character +>>>>>3 string x [%3.3s] +>>>>>>0 use lharc-header +# +# check and display information of lharc header +0 name lharc-header +# header size 0x4 , 0x1b-0x61 +>0 ubyte x +# compressed data size != compressed file size +#>7 ulelong x \b, data size %d +# attribute: 0x2~?? 0x10~symlink|target 0x20~normal +#>19 ubyte x \b, 19_0x%x +# level identifier 0 1 2 3 +#>20 ubyte x \b, level %d +# time stamp +#>15 ubelong x DATE 0x%8.8x +# OS ID for level 1 +>20 ubyte 1 +# 0x20 types find for *.rom files +>>(21.b+24) ubyte <0x21 \b, 0x%x OS +# ascii type like M for MSDOS +>>(21.b+24) ubyte >0x20 \b, '%c' OS +# OS ID for level 2 +>20 ubyte 2 +#>>23 ubyte x \b, OS ID 0x%x +>>23 ubyte <0x21 \b, 0x%x OS +>>23 ubyte >0x20 \b, '%c' OS +# filename only for level 0 and 1 +>20 ubyte <2 +# length of filename +>>21 ubyte >0 \b, with +# filename +>>>21 pstring x "%s" +# +#2 string -lh0- LHarc 1.x/ARX archive data [lh0] +#!:mime application/x-lharc +2 string -lh0- +>0 use lharc-file +#2 string -lh1- LHarc 1.x/ARX archive data [lh1] +#!:mime application/x-lharc +2 string -lh1- +>0 use lharc-file +# NEW -lz2- ... -lz8- +2 string -lz2- +>0 use lharc-file +2 string -lz3- +>0 use lharc-file +2 string -lz4- +>0 use lharc-file +2 string -lz5- +>0 use lharc-file +2 string -lz7- +>0 use lharc-file +2 string -lz8- +>0 use lharc-file # [never seen any but the last; -lh4- reported in comp.compression:] -2 string -lzs- LHa/LZS archive data [lzs] -!:mime application/x-lha -2 string -lh\40- LHa 2.x? archive data [lh ] -!:mime application/x-lha -2 string -lhd- LHa 2.x? archive data [lhd] -!:mime application/x-lha -2 string -lh2- LHa 2.x? archive data [lh2] -!:mime application/x-lha -2 string -lh3- LHa 2.x? archive data [lh3] -!:mime application/x-lha -2 string -lh4- LHa (2.x) archive data [lh4] -!:mime application/x-lha -2 string -lh5- LHa (2.x) archive data [lh5] -!:mime application/x-lha -2 string -lh6- LHa (2.x) archive data [lh6] -!:mime application/x-lha -2 string -lh7- LHa (2.x)/LHark archive data [lh7] -!:mime application/x-lha ->20 byte x - header level %d +#2 string -lzs- LHa/LZS archive data [lzs] +2 string -lzs- +>0 use lharc-file +# According to wikipedia and others such a version does not exist +#2 string -lh\40- LHa 2.x? archive data [lh ] +#2 string -lhd- LHa 2.x? archive data [lhd] +2 string -lhd- +>0 use lharc-file +#2 string -lh2- LHa 2.x? archive data [lh2] +2 string -lh2- +>0 use lharc-file +#2 string -lh3- LHa 2.x? archive data [lh3] +2 string -lh3- +>0 use lharc-file +#2 string -lh4- LHa (2.x) archive data [lh4] +2 string -lh4- +>0 use lharc-file +#2 string -lh5- LHa (2.x) archive data [lh5] +2 string -lh5- +>0 use lharc-file +#2 string -lh6- LHa (2.x) archive data [lh6] +2 string -lh6- +>0 use lharc-file +#2 string -lh7- LHa (2.x)/LHark archive data [lh7] +2 string -lh7- +# !:mime application/x-lha +# >20 byte x - header level %d +>0 use lharc-file +# NEW -lh8- ... -lhe- , -lhx- +2 string -lh8- +>0 use lharc-file +2 string -lh9- +>0 use lharc-file +2 string -lha- +>0 use lharc-file +2 string -lhb- +>0 use lharc-file +2 string -lhc- +>0 use lharc-file +2 string -lhe- +>0 use lharc-file +2 string -lhx- +>0 use lharc-file # taken from idarc [JW] 2 string -lZ PUT archive data -2 string -lz LZS archive data +# already done by LHarc magics +# this should never happen if all sub types of LZS archive are identified +#2 string -lz LZS archive data 2 string -sw1- Swag archive data -# RAR archiver (Greg Roelofs, newt@uchicago.edu) -0 string Rar! RAR archive data, +0 name rar-file-header +>24 byte 15 \b, v1.5 +>24 byte 20 \b, v2.0 +>24 byte 29 \b, v4 +>15 byte 0 \b, os: MS-DOS +>15 byte 1 \b, os: OS/2 +>15 byte 2 \b, os: Win32 +>15 byte 3 \b, os: Unix +>15 byte 4 \b, os: Mac OS +>15 byte 5 \b, os: BeOS + +0 name rar-archive-header +>3 leshort&0x1ff >0 \b, flags: +>>3 leshort &0x01 ArchiveVolume +>>3 leshort &0x02 Commented +>>3 leshort &0x04 Locked +>>3 leshort &0x10 NewVolumeNaming +>>3 leshort &0x08 Solid +>>3 leshort &0x20 Authenticated +>>3 leshort &0x40 RecoveryRecordPresent +>>3 leshort &0x80 EncryptedBlockHeader +>>3 leshort &0x100 FirstVolume + +# RAR (Roshal Archive) archive +0 string Rar!\x1a\7\0 RAR archive data !:mime application/x-rar ->44 byte x v%0x, ->10 byte >0 flags: ->>10 byte &0x01 Archive volume, ->>10 byte &0x02 Commented, ->>10 byte &0x04 Locked, ->>10 byte &0x08 Solid, ->>10 byte &0x20 Authenticated, ->35 byte 0 os: MS-DOS ->35 byte 1 os: OS/2 ->35 byte 2 os: Win32 ->35 byte 3 os: Unix -# some old version? idarc says: -0 string RE\x7e\x5e RAR archive data +!:ext rar/cbr +# file header +>(0xc.l+9) byte 0x74 +>>(0xc.l+7) use rar-file-header +# subblock seems to share information with file header +>(0xc.l+9) byte 0x7a +>>(0xc.l+7) use rar-file-header +>9 byte 0x73 +>>7 use rar-archive-header +0 string Rar!\x1a\7\1\0 RAR archive data, v5 +!:mime application/x-rar +!:ext rar + +# Very old RAR archive +# http://jasonblanks.com/wp-includes/images/papers/KnowyourarchiveRAR.pdf +0 string RE\x7e\x5e RAR archive data ((26.s+30) leshort 0xcafe Java archive data (JAR) !:mime application/java-archive +# iOS App +>(26.s+30) leshort !0xcafe +>>26 string !\x8\0\0\0mimetype +>>>30 string Payload/ +>>>>38 search/64 .app/ iOS App +!:mime application/x-ios-app + + # Generic zip archives (Greg Roelofs, c/o zip-bugs@wkuvx1.wku.edu) # Next line excludes specialized formats: >(26.s+30) leshort !0xcafe @@ -732,7 +908,17 @@ >>>4 byte 0x0a \b, at least v1.0 to extract >>>4 byte 0x0b \b, at least v1.1 to extract >>>4 byte 0x14 \b, at least v2.0 to extract +>>>4 byte 0x15 \b, at least v2.1 to extract +>>>4 byte 0x19 \b, at least v2.5 to extract +>>>4 byte 0x1b \b, at least v2.7 to extract >>>4 byte 0x2d \b, at least v4.5 to extract +>>>4 byte 0x2e \b, at least v4.6 to extract +>>>4 byte 0x32 \b, at least v5.0 to extract +>>>4 byte 0x33 \b, at least v5.1 to extract +>>>4 byte 0x34 \b, at least v5.2 to extract +>>>4 byte 0x3d \b, at least v6.1 to extract +>>>4 byte 0x3e \b, at least v6.2 to extract +>>>4 byte 0x3f \b, at least v6.3 to extract >>>0x161 string WINZIP \b, WinZIP self-extracting # StarView Metafile @@ -764,12 +950,24 @@ 0 string \0\ \ \ \ \ \ \ \ \ \ \ \0\0 LBR archive data # # PMA (CP/M derivative of LHA) +# Update: Joerg Jenderek +# URL: https://en.wikipedia.org/wiki/LHA_(file_format) # -2 string -pm0- PMarc archive data [pm0] -2 string -pm1- PMarc archive data [pm1] -2 string -pm2- PMarc archive data [pm2] +#2 string -pm0- PMarc archive data [pm0] +2 string -pm0- +>0 use lharc-file +#2 string -pm1- PMarc archive data [pm1] +2 string -pm1- +>0 use lharc-file +#2 string -pm2- PMarc archive data [pm2] +2 string -pm2- +>0 use lharc-file 2 string -pms- PMarc SFX archive (CP/M, DOS) +#!:mime application/x-foobar-exec +!:ext com 5 string -pc1- PopCom compressed executable (CP/M) +#!:mime application/x- +#!:ext com # From Rafael Laboissiere # The Project Revision Control System (see @@ -802,6 +1000,9 @@ # Felix von Leitner 0 string d8:announce BitTorrent file !:mime application/x-bittorrent +# Durval Menezes, +0 string d13:announce-list BitTorrent file +!:mime application/x-bittorrent # Atari MSA archive - Teemu Hukkanen 0 beshort 0x0e0f Atari MSA archive data @@ -889,11 +1090,6 @@ # From "Nelson A. de Oliveira" 0 string MPQ\032 MoPaQ (MPQ) archive -# From: Dirk Jagdmann -# xar archive format: http://code.google.com/p/xar/ -0 string xar! xar archive ->6 beshort x - version %d - # From: "Nelson A. de Oliveira" # .kgb 0 string KGB_arch KGB Archiver file @@ -900,8 +1096,10 @@ >10 string x with compression level %.1s # xar (eXtensible ARchiver) archive +# xar archive format: http://code.google.com/p/xar/ # From: "David Remahl" 0 string xar! xar archive +!:mime application/x-xar #>4 beshort x header size %d >6 beshort x version %d, #>8 quad x compressed TOC: %d, @@ -957,12 +1155,12 @@ >3 ubyte 0 \b, no compression >3 ubyte 2 \b, fast compression (Z1) >3 ubyte 3 \b, medium compression (Z2) ->3 ubyte >3 +>3 ubyte >3 >>3 ubyte <11 \b, compression (Z%d-1) ->2 ubyte&0x08 0x00 +>2 ubyte&0x08 0x00 # ~ 30 byte password field only for *.gho >>12 ubequad !0 \b, password protected ->>44 ubyte !1 +>>44 ubyte !1 # 1~Image All, sector-by-sector only for *.gho >>>10 ubyte 1 \b, sector copy # 1~Image Boot track only for *.gho @@ -972,6 +1170,19 @@ # optional image description only *.gho >>0xff string >\0 "%-.254s" # look for DOS sector end sequence ->0xE08 search/7776 \x55\xAA ->>&-512 indirect x \b; contains +>0xE08 search/7776 \x55\xAA +>>&-512 indirect x \b; contains +# Google Chrome extensions +# https://developer.chrome.com/extensions/crx +# https://developer.chrome.com/extensions/hosting +0 string Cr24 Google Chrome extension +!:mime application/x-chrome-extension +>4 ulong x \b, version %u + +# SeqBox - Sequenced container +# ext: sbx, seqbox +# Marco Pontello marcopon@gmail.com +# reference: https://github.com/MarcoPon/SeqBox +0 string SBx SeqBox, +>3 byte x version %d --- contrib/file/magic/Magdir/att3b.orig +++ contrib/file/magic/Magdir/att3b @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: att3b,v 1.9 2014/04/30 21:41:02 christos Exp $ +# $File: att3b,v 1.10 2017/03/17 21:35:28 christos Exp $ # att3b: file(1) magic for AT&T 3B machines # # The `versions' should be un-commented if they work for you. @@ -36,6 +36,6 @@ #>18 beshort &00040000 and MAU hardware required #>22 beshort >0 - version %d # -# core file for 3b2 +# core file for 3b2 0 string \000\004\036\212\200 3b2 core file >364 string >\0 of '%s' --- contrib/file/magic/Magdir/audio.orig +++ contrib/file/magic/Magdir/audio @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: audio,v 1.73 2015/03/15 23:21:42 christos Exp $ +# $File: audio,v 1.80 2017/08/13 00:21:47 christos Exp $ # audio: file(1) magic for sound formats (see also "iff") # # Jan Nicolai Langfeldt (janl@ifi.uio.no), Dan Quinlan (quinlan@yggdrasil.com), @@ -300,7 +300,7 @@ >>5 byte &0x40 \b, extended header >>5 byte &0x20 \b, experimental >>5 byte &0x10 \b, footer present ->(6.I+10) indirect x \b, contains: +>(6.I+10) indirect x \b, contains: # NSF (NES sound file) magic 0 string NESM\x1a NES Sound File @@ -314,7 +314,7 @@ >122 byte&0x1 =0 NTSC # NSFE (Extended NES sound file) magic -# http://slickproductions.org/docs/NSF/nsfespec.txt +# http://slickproductions.org/docs/NSF/nsfespec.txt # From: David Pflug 0 string NSFE Extended NES Sound File >48 search/0x1000 auth @@ -469,6 +469,8 @@ >>20 byte&0xe 0xc \b, 7 channels >>20 byte&0xe 0xe \b, 8 channels # some common sample rates +>>17 belong&0xfffff0 0x2ee000 \b, 192 kHz +>>17 belong&0xfffff0 0x158880 \b, 88.2 kHz >>17 belong&0xfffff0 0x0ac440 \b, 44.1 kHz >>17 belong&0xfffff0 0x0bb800 \b, 48 kHz >>17 belong&0xfffff0 0x07d000 \b, 32 kHz @@ -585,7 +587,7 @@ 0 string SC68\ Music-file\ /\ (c)\ (BeN)jami sc68 Atari ST music # musepak support From: "Jiri Pejchal" -0 string MP+ Musepack audio +0 string MP+ Musepack audio (MP+) !:mime audio/x-musepack >3 byte 255 \b, SV pre8 >3 byte&0xF 0x6 \b, SV 6 @@ -619,6 +621,9 @@ >>27 byte 114 \b, Beta 1.14 >>27 byte 115 \b, Alpha 1.15 +0 string MPCK Musepack audio (MPCK) +!:mime audio/x-musepack + # IMY # from http://filext.com/detaillist.php?extdetail=IMY # http://cellphones.about.com/od/cellularfaqs/f/rf_imelody.htm @@ -655,7 +660,7 @@ # From Fabio R. Schmidlin # VGM music file -0 string Vgm\ +0 string Vgm\040 >9 ubyte >0 VGM Video Game Music dump v >>9 ubyte/16 >0 \b%d >>9 ubyte&0x0F x \b%d @@ -715,3 +720,93 @@ 0 string ZBOT >4 byte 0xc5 GVOX Encore music, version < 5.0 +# Summary: Garmin Voice Processing Module (WAVE audios) +# From: Joerg Jenderek +# URL: http://www.garmin.com/ +# Reference: http://turboccc.wikispaces.com/share/view/28622555 +# NOTE: there exist 2 other Garmin VPM formats +0 string AUDIMG +# skip text files starting with string "AUDIMG" +>13 ubyte <13 Garmin Voice Processing Module +!:mime audio/x-vpm-wav-garmin +!:ext vpm +# 3 bytes indicating the voice version (200,220) +>>6 string x \b, version %3.3s +# day of release (01-31) +>>12 ubyte x \b, %.2d +# month of release (01-12) +>>13 ubyte x \b.%.2d +# year of release (like 2006, 2007, 2008) +>>14 uleshort x \b.%.4d +# hour of release (0-23) +>>11 ubyte x %.2d +# minute of release (0-59) +>>10 ubyte x \b:%.2d +# second of release (0-59) +>>9 ubyte x \b:%.2d +# if you select a language like german on your garmin device +# you can only select voice modules with corresponding language byte ID like 1 +>>18 ubyte x \b, language ID %d +# pointer to 1st audio WAV sample +>>16 uleshort >0 +>>>(16.s) ulelong >0 \b, at offset 0x%x +# WAV length +>>>>(16.s+4) ulelong >0 %d Bytes +# look for magic +>>>>>(&-8.l) string RIFF +# determine type by ./riff +>>>>>>&-4 indirect x \b +# 2 - ~ 131 WAV samples following same way + +# From Martin Mueller Skarbiniks Pedersen +0 string GDM +>0x3 byte 0xFE General Digital Music. +>0x4 string >\0 title: "%s" +>0x24 string >\0 musician: "%s" +>>0x44 beshort 0x0D0A +>>>0x46 byte 0x1A +>>>>0x47 string GMFS Version +>>>>0x4B byte x %d. +>>>>0x4C byte x \b%02d +>>>>0x4D beshort 0x000 (2GDM v +>>>>0x4F byte x \b%d. +>>>>>0x50 byte x \b%d) + +0 string MTM Multitracker +>0x3 byte/16 x Version %d. +>0x3 byte&0x0F x \b%02d +>>0x4 string >\0 title: "%s" + +0 string HVL +>3 byte <2 Hively Tracker Song +>3 byte 0 1 module data +>3 byte 1 2 module data + +0 string MO3 +>3 ubyte <6 MOdule with MP3 +>>3 byte 0 Version 0 (With MP3 and lossless) +>>3 byte 1 Version 1 (With ogg and lossless) +>>3 byte 3 Version 2.2 +>>3 byte 4 (With no LAME header) +>>3 byte 5 Version 2.4 + +0 string ADRVPACK AProSys module + +# ftp://ftp.modland.com/pub/documents/format_documentation/\ +# Art%20Of%20Noise%20(.aon).txt +0 string AON +>4 string "ArtOfNoise by Bastian Spiegel(twice/lego)" +>0x2e string NAME Art of Noise Tracker Song +>3 string <9 +>3 string 4 (4 voices) +>3 string 8 (8 voices) +>>0x36 string >\0 Title: "%s" + +0 string FAR +>0x2c byte 0x0d +>0x2d byte 0x0a +>0x2e byte 0x1a +>>0x3 byte 0xFE Farandole Tracker Song +>>>0x31 byte/16 x Version %d. +>>>0x31 byte&0x0F x \b%02d +>>>>0x4 string >\0 \b, title: "%s" --- contrib/file/magic/Magdir/ber.orig +++ contrib/file/magic/Magdir/ber @@ -0,0 +1,65 @@ + +#------------------------------------------------------------------------------ +# $File: ber,v 1.1 2016/06/05 00:21:30 christos Exp $ +# ber: file(1) magic for several BER formats used in the mobile +# telecommunications industry (Georg Sauthoff) + +# The file formats are standardized by the GSMA (GSM association). +# They are specified via ASN.1 schemas and some prose. Basic encoding +# rules (BER) is the used encoding. The formats are used for exchanging +# call data records (CDRs) between mobile operators and associated +# parties for roaming clearing purposes and fraud detection. + +# The magic file covers: + +# - TAP files (TD.57) - CDR batches and notifications +# - RAP files (TD.32) - return batches and acknowledgements +# - NRT files (TD.35) - CDR batches for 'near real time' processing + +# +# TAP 3 Files +# TAP -> Transferred Account Procedure +# cf. http://www.gsma.com/newsroom/wp-content/uploads/TD.57-v32.31.pdf +# TransferBatch short tag +0 byte 0x61 +# BatchControlInfo short tag +>&1 search/b5 \x64 +# Sender long tag #TAP 3.x (BER encoded) +>>&1 search/b8 \x5f\x81\x44 +# 3 block +>>>&64 search/b64 \x5f\x81\x49\x01\x03\x5f\x81\x3d\x01 +>>>>&0 byte x TAP 3.%d Batch (TD.57, Transferred Account) + +# Notification short tag +0 byte 0x62 +# Sender long tag +>2 search/b8 \x5f\x81\x44 +# 3 block +>>&64 search/b64 \x5f\x81\x49\x01\x03\x5f\x81\x3d\x01 +>>>&0 byte x TAP 3.%d Notification (TD.57, Transferred Account) + + +# NRT Files +# NRT a.k.a. NRTRDE +0 byte 0x61 +# 2 block +>&1 search/b8 \x5f\x29\x01\x02\x5f\x25\x01 +>>&0 byte x NRT 2.%d (TD.35, Near Real Time Roaming Data Exchange) + +# RAP Files +# cf. http://www.gsma.com/newsroom/wp-content/uploads/TD.32-v6.11.pdf +# Long ReturnBatch tag +0 string \x7f\x84\x16 +# Long RapBatchControlInfo tag +>&1 search/b8 \x7f\x84\x19 +# 3 block +>>&64 search/b64 \x5f\x81\x49\x01\x03\x5f\x81\x3d\x01 +# 1 block +>>>&1 string/b \x5f\x84\x20\x01\x01\x5f\x84\x1f\x01 +>>>>&0 byte x RAP 1.%d Batch (TD.32, Returned Account Procedure), +>>>&0 byte x TAP 3.%d + +# Long Acknowledgement tag +0 string \x7f\x84\x17 +# Long Sender tag +>&1 search/b5 \x5f\x81\x44 RAP Acknowledgement (TD.32, Returned Account Procedure) --- contrib/file/magic/Magdir/bhl.orig +++ contrib/file/magic/Magdir/bhl @@ -0,0 +1,10 @@ + +#------------------------------------------------------------------------------ +# $File: bhl,v 1.1 2017/06/11 22:20:02 christos Exp $ +# BlockHashLoc +# ext: bhl +# Marco Pontello marcopon@gmail.com +# reference: https://github.com/MarcoPon/BlockHashLoc +0 string BlockHashLoc\x1a BlockHashLoc recovery info, +>13 byte x version %d +!:ext bhl --- contrib/file/magic/Magdir/bioinformatics.orig +++ contrib/file/magic/Magdir/bioinformatics @@ -0,0 +1,178 @@ + +#------------------------------------------------------------------------------ +# $File: bioinformatics,v 1.4 2016/06/20 16:13:46 christos Exp $ +# bioinfomatics: file(1) magic for Bioinfomatics file formats + +############################################################################### +# BGZF (Blocked GNU Zip Format) - gzip compatible, but also indexable +# used by SAMtools bgzip/tabix (http://samtools.sourceforge.net/tabix.shtml) +############################################################################### +0 string \037\213 +>3 byte &0x04 +>>12 string BC +>>>14 leshort &0x02 Blocked GNU Zip Format (BGZF; gzip compatible) +>>>>16 leshort x \b, block length %d +!:mime application/x-gzip + + +############################################################################### +# Tabix index file +# used by SAMtools bgzip/tabix (http://samtools.sourceforge.net/tabix.shtml) +############################################################################### +0 string TBI\1 SAMtools TBI (Tabix index format) +>0x04 lelong =1 \b, with %d reference sequence +>0x04 lelong >1 \b, with %d reference sequences +>0x08 lelong &0x10000 \b, using half-closed-half-open coordinates (BED style) +>0x08 lelong ^0x10000 +>>0x08 lelong =0 \b, using closed and one based coordinates (GFF style) +>>0x08 lelong =1 \b, using SAM format +>>0x08 lelong =2 \b, using VCF format +>0x0c lelong x \b, sequence name column: %d +>0x10 lelong x \b, region start column: %d +>0x08 lelong =0 +>>0x14 lelong x \b, region end column: %d +>0x18 byte x \b, comment character: %c +>0x1c lelong x \b, skip line count: %d + + +############################################################################### +# BAM (Binary Sequence Alignment/Map format) +# used by SAMtools (http://samtools.sourceforge.net/SAM1.pdf) +# data is normally present only within compressed BGZF blocks (CDATA), so use file -z to examine it +############################################################################### +0 string BAM\1 SAMtools BAM (Binary Sequence Alignment/Map) +>0x04 lelong >0 +>>&0x00 regex =^[@]HD\t.*VN: \b, with SAM header +>>>&0 regex =[0-9.]+ \b version %s +>>&(0x04) lelong >0 \b, with %d reference sequences + + +############################################################################### +# BAI (BAM indexing format) +# used by SAMtools (http://samtools.sourceforge.net/SAM1.pdf) +############################################################################### +0 string BAI\1 SAMtools BAI (BAM indexing format) +>0x04 lelong >0 \b, with %d reference sequences + + +############################################################################### +# CRAM (Binary Sequence Alignment/Map format) +############################################################################### +0 string CRAM CRAM +>0x04 byte >-1 version %d. +>0x05 byte >-1 \b%d +>0x06 string >\0 (identified as %s) + + +############################################################################### +# BCF (Binary Call Format), version 1 +# used by SAMtools & VCFtools (http://vcftools.sourceforge.net/bcf.pdf) +# data is normally present only within compressed BGZF blocks (CDATA), so use file -z to examine it +############################################################################### +0 string BCF\4 +# length of seqnm data in bytes is positive +>&0x00 lelong >0 +# length of smpl data in bytes is positive +>>&(&-0x04) lelong >0 SAMtools BCF (Binary Call Format) +# length of meta in bytes +>>>&(&-0x04) lelong >0 +# have meta text string +>>>>&0x00 search ##samtoolsVersion= +>>>>>&0x00 string x \b, generated by SAMtools version %s + + +############################################################################### +# BCF (Binary Call Format), version 2.1 +# used by SAMtools (http://samtools.github.io/hts-specs/BCFv2_qref.pdf) +# data is normally present only within compressed BGZF blocks (CDATA), so use file -z to examine it +############################################################################### +0 string BCF\2\1 Binary Call Format (BCF) version 2.1 +# length of header text +>&0x00 lelong >0 +# have header string +>>&0x00 search ##samtoolsVersion= +>>>&0x00 string x \b, generated by SAMtools version %s + + +############################################################################### +# BCF (Binary Call Format), version 2.2 +# used by SAMtools (http://samtools.github.io/hts-specs/BCFv2_qref.pdf) +# data is normally present only within compressed BGZF blocks (CDATA), so use file -z to examine it +############################################################################### +0 string BCF\2\2 Binary Call Format (BCF) version 2.2 +# length of header text +>&0x00 lelong >0 +# have header string +>>&0x00 search ##samtoolsVersion= +>>>&0x00 string x \b, generated by SAMtools version %s + +############################################################################### +# VCF (Variant Call Format) +# used by VCFtools (http://vcftools.sourceforge.net/) +############################################################################### +0 search ##fileformat=VCFv Variant Call Format (VCF) +>&0 string x \b version %s + +############################################################################### +# FASTQ +# used by MAQ (http://maq.sourceforge.net/fastq.shtml) +############################################################################### +# XXX Broken? +# @ +#0 regex =^@[A-Za-z0-9_.:-]+\?\n +# +#>&1 regex =^[A-Za-z\n.~]++ +# +[] +#>>&1 regex =^[A-Za-z0-9_.:-]*\?\n +# +#>>>&1 regex =^[!-~\n]+\n FASTQ + +############################################################################### +# FASTA +# used by FASTA (http://fasta.bioch.virginia.edu/fasta_www2/fasta_guide.pdf) +############################################################################### +#0 byte 0x3e +# q>0 regex =^[>][!-~\t\ ]+$ +# Amino Acid codes: [A-IK-Z*-]+ +#>>1 regex !=[!-'Jj;:=?@^`|~\\] FASTA +# IUPAC codes/gaps: [ACGTURYKMSWBDHVNX-]+ +# not in IUPAC codes/gaps: [EFIJLOPQZ] +#>>>1 regex !=[EFIJLOPQZefijlopqz] \b, with IUPAC nucleotide codes +#>>>1 regex =^[EFIJLOPQZefijlopqz]+$ \b, with Amino Acid codes + +############################################################################### +# SAM (Sequence Alignment/Map format) +# used by SAMtools (http://samtools.sourceforge.net/SAM1.pdf) +############################################################################### +# Short-cut version to recognise SAM files with (optional) header at beginning +############################################################################### +0 string @HD\t +>4 search VN: Sequence Alignment/Map (SAM), with header +>>&0 regex [0-9.]+ \b version %s +############################################################################### +# Longer version to recognise SAM alignment lines using (many) regexes +############################################################################### +# SAM Alignment QNAME +0 regex =^[!-?A-~]{1,255}(\t[^\t]+){11} +# SAM Alignment FLAG +>0 regex =^([^\t]+\t){1}[0-9]{1,5}\t +# SAM Alignment RNAME +>>0 regex =^([^\t]+\t){2}\\*|[^*=]*\t +# SAM Alignment POS +>>>0 regex =^([^\t]+\t){3}[0-9]{1,9}\t +# SAM Alignment MAPQ +>>>>0 regex =^([^\t]+\t){4}[0-9]{1,3}\t +# SAM Alignment CIGAR +>>>>>0 regex =\t(\\*|([0-9]+[MIDNSHPX=])+)\t +# SAM Alignment RNEXT +>>>>>>0 regex =\t(\\*|=|[!-()+->?-~][!-~]*)\t +# SAM Alignment PNEXT +>>>>>>>0 regex =^([^\t]+\t){7}[0-9]{1,9}\t +# SAM Alignment TLEN +>>>>>>>>0 regex =\t[+-]{0,1}[0-9]{1,9}\t.*\t +# SAM Alignment SEQ +>>>>>>>>>0 regex =^([^\t]+\t){9}(\\*|[A-Za-z=.]+)\t +# SAM Alignment QUAL +>>>>>>>>>>0 regex =^([^\t]+\t){10}[!-~]+ Sequence Alignment/Map (SAM) +>>>>>>>>>>>0 regex =^[@]HD\t.*VN: \b, with header +>>>>>>>>>>>>&0 regex =[0-9.]+ \b version %s --- contrib/file/magic/Magdir/blackberry.orig +++ contrib/file/magic/Magdir/blackberry @@ -1,8 +1,8 @@ #------------------------------------------------------------------------------ -# $File: blackberry,v 1.1 2014/01/31 01:51:32 christos Exp $ +# $File: blackberry,v 1.2 2017/03/17 21:35:28 christos Exp $ # blackberry: file(1) magic for BlackBerry file formats # -5 belong 0 +5 belong 0 >8 belong 010010010 BlackBerry RIM ETP file >>22 string x \b for %s --- contrib/file/magic/Magdir/blender.orig +++ contrib/file/magic/Magdir/blender @@ -1,11 +1,11 @@ #------------------------------------------------------------------------------ -# $File: blender,v 1.6 2014/08/30 08:34:17 christos Exp $ +# $File: blender,v 1.7 2017/03/17 21:35:28 christos Exp $ # blender: file(1) magic for Blender 3D related files # -# Native format rule v1.2. For questions use the developers list +# Native format rule v1.2. For questions use the developers list # http://lists.blender.org/mailman/listinfo/bf-committers -# GLOB chunk was moved near start and provides subversion info since 2.42 +# GLOB chunk was moved near start and provides subversion info since 2.42 0 string =BLENDER Blender3D, >7 string =_ saved as 32-bits --- contrib/file/magic/Magdir/c-lang.orig +++ contrib/file/magic/Magdir/c-lang @@ -1,7 +1,8 @@ #------------------------------------------------------------------------------ -# $File: c-lang,v 1.20 2015/07/27 14:33:10 christos Exp $ +# $File: c-lang,v 1.26 2017/08/14 07:40:38 christos Exp $ # c-lang: file(1) magic for C and related languages programs # +# The strength is to beat standard HTML # BCPL 0 search/8192 "libhdr" BCPL source text @@ -10,42 +11,72 @@ !:mime text/x-bcpl # C -0 regex \^#include C source text +# Check for class if include is found, otherwise class is beaten by include becouse of lowered strength +0 regex \^#include C +>0 regex \^class[[:space:]]+ +>>&0 regex \\{[\.\*]\\}(;)?$ \b++ +>&0 clear x source text +!:strength + 13 !:mime text/x-c -0 regex \^char[\ \t\n]+ C source text +0 regex \^#[[:space:]]*pragma C source text !:mime text/x-c -0 regex \^double[\ \t\n]+ C source text +0 regex \^#[[:space:]]*(if\|ifn)def +>&0 regex \^#[[:space:]]*endif$ C source text !:mime text/x-c -0 regex \^extern[\ \t\n]+ C source text +0 regex \^#[[:space:]]*(if\|ifn)def +>&0 regex \^#[[:space:]]*define C source text !:mime text/x-c -0 regex \^float[\ \t\n]+ C source text +0 regex \^[[:space:]]*char(\ \\*|\\*)(.+)(=.*)?;[[:space:]]*$ C source text !:mime text/x-c -0 regex \^struct[\ \t\n]+ C source text +0 regex \^[[:space:]]*double(\ \\*|\\*)(.+)(=.*)?;[[:space:]]*$ C source text !:mime text/x-c -0 regex \^union[\ \t\n]+ C source text +0 regex \^[[:space:]]*extern[[:space:]]+ C source text !:mime text/x-c -0 search/8192 main( C source text +0 regex \^[[:space:]]*float(\ \\*|\\*)(.+)(=.*)?;[[:space:]]*$ C source text !:mime text/x-c +0 regex \^struct[[:space:]]+ C source text +!:mime text/x-c +0 regex \^union[[:space:]]+ C source text +!:mime text/x-c +0 search/8192 main( +>&0 regex \\)[[:space:]]*\\{ C source text +!:mime text/x-c # C++ # The strength of these rules is increased so they beat the C rules above -0 regex \^template[\ \t]+<.*>[\ \t\n]+ C++ source text -!:strength + 5 +0 regex \^namespace[[:space:]]+[_[:alpha:]]{1,30}[[:space:]]*\\{ C++ source text +!:strength + 30 !:mime text/x-c++ -0 regex \^virtual[\ \t\n]+ C++ source text -!:strength + 5 +# using namespace [namespace] or using std::[lib] +0 regex \^using[[:space:]]+(namespace\ )?std(::)?[[:alpha:]]*[[:space:]]*; C++ source text +!:strength + 30 !:mime text/x-c++ -0 regex \^class[\ \t\n]+ C++ source text -!:strength + 5 +0 regex \^[[:space:]]*template[[:space:]]*<.*>[[:space:]]*$ C++ source text +!:strength + 30 !:mime text/x-c++ -0 regex \^public: C++ source text -!:strength + 5 +0 regex \^[[:space:]]*virtual[[:space:]]+.*[};][[:space:]]*$ C++ source text +!:strength + 30 !:mime text/x-c++ -0 regex \^private: C++ source text -!:strength + 5 +# But class alone is reduced to avoid beating php (Jens Schleusener) +0 regex \^[[:space:]]*class[[:space:]]+[[:digit:][:alpha:]:_]+[[:space:]]*\\{(.*[\n]*)*\\}(;)?$ C++ source text +!:strength + 13 !:mime text/x-c++ +0 regex \^[[:space:]]*public: C++ source text +!:strength + 30 +!:mime text/x-c++ +0 regex \^[[:space:]]*private: C++ source text +!:strength + 30 +!:mime text/x-c++ +0 regex \^[[:space:]]*protected: C++ source text +!:strength + 30 +!:mime text/x-c++ -# From: Mikhail Teterin +# Objective-C +0 regex \^#import Objective-C source text +!:strength + 25 +!:mime text/x-objective-c + +# From: Mikhail Teterin 0 string cscope cscope reference data >7 string x version %.2s # We skip the path here, because it is often long (so file will --- contrib/file/magic/Magdir/cad.orig +++ contrib/file/magic/Magdir/cad @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: cad,v 1.13 2014/03/23 18:05:38 christos Exp $ +# $File: cad,v 1.15 2017/06/24 15:24:56 christos Exp $ # autocad: file(1) magic for cad files # @@ -9,7 +9,7 @@ # DGN is the default file extension of Microstation/Intergraph CAD files. # CIT is the proprietary raster format (similar to TIFF) used to attach # raster underlays to Microstation DGN (vector) drawings. -# +# # http://www.wotsit.org/search.asp # http://filext.com/detaillist.php?extdetail=DGN # http://filext.com/detaillist.php?extdetail=CIT @@ -42,7 +42,7 @@ >4 string \030\000\000 CITFile >4 string \030\000\003 CITFile -# AutoCAD +# AutoCAD # Merge of the different contributions and updates from http://en.wikipedia.org/wiki/Dwg # and http://www.iana.org/assignments/media-types/image/vnd.dwg 0 string MC0.0 DWG AutoDesk AutoCAD Release 1.0 @@ -99,12 +99,12 @@ 0 string AC1027 DWG AutoDesk AutoCAD 2013/2014 !:mime image/vnd.dwg -# KOMPAS 2D drawing from ASCON +# KOMPAS 2D drawing from ASCON # This is KOMPAS 2D drawing or fragment of drawing but is not detailed nor # gathered nor specification # ASCON http://ascon.net/main/ in English, # http://ascon.ru/ main site in Russian -# Extension is CDW for drawing and FRW for fragment of drawing +# Extension is CDW for drawing and FRW for fragment of drawing # Sergey Zaykov (mail_of_sergey@mail.ru, sergey_zaikov@rambler.ru, # ICQ 358572321, http://vkontakte.ru/id16076543) # From: @@ -111,30 +111,30 @@ # http://sd.ascon.ru/otrs/customer.pl?Action=CustomerFAQ&CategoryID=4&ItemID=292 # (in russian) and my experiments 0 string KF ->2 belong 0x4E00000C Kompas drawing 12.0 SP1 ->2 belong 0x4D00000C Kompas drawing 12.0 ->2 belong 0x3200000B Kompas drawing 11.0 SP1 ->2 belong 0x3100000B Kompas drawing 11.0 ->2 belong 0x2310000A Kompas drawing 10.0 SP1 ->2 belong 0x2110000A Kompas drawing 10.0 ->2 belong 0x08000009 Kompas drawing 9.0 SP1 ->2 belong 0x05000009 Kompas drawing 9.0 ->2 belong 0x33010008 Kompas drawing 8+ ->2 belong 0x1A000008 Kompas drawing 8.0 ->2 belong 0x2C010107 Kompas drawing 7+ ->2 belong 0x05000007 Kompas drawing 7.0 ->2 belong 0x32000006 Kompas drawing 6+ ->2 belong 0x09000006 Kompas drawing 6.0 ->2 belong 0x5C009005 Kompas drawing 5.11R03 ->2 belong 0x54009005 Kompas drawing 5.11R02 ->2 belong 0x51009005 Kompas drawing 5.11R01 ->2 belong 0x22009005 Kompas drawing 5.10R03 ->2 belong 0x22009005 Kompas drawing 5.10R02 mar ->2 belong 0x21009005 Kompas drawing 5.10R02 febr ->2 belong 0x19009005 Kompas drawing 5.10R01 ->2 belong 0xF4008005 Kompas drawing 5.9R01.003 ->2 belong 0x1C008005 Kompas drawing 5.9R01.002 ->2 belong 0x11008005 Kompas drawing 5.8R01.003 +>2 belong 0x4E00000C Kompas drawing 12.0 SP1 +>2 belong 0x4D00000C Kompas drawing 12.0 +>2 belong 0x3200000B Kompas drawing 11.0 SP1 +>2 belong 0x3100000B Kompas drawing 11.0 +>2 belong 0x2310000A Kompas drawing 10.0 SP1 +>2 belong 0x2110000A Kompas drawing 10.0 +>2 belong 0x08000009 Kompas drawing 9.0 SP1 +>2 belong 0x05000009 Kompas drawing 9.0 +>2 belong 0x33010008 Kompas drawing 8+ +>2 belong 0x1A000008 Kompas drawing 8.0 +>2 belong 0x2C010107 Kompas drawing 7+ +>2 belong 0x05000007 Kompas drawing 7.0 +>2 belong 0x32000006 Kompas drawing 6+ +>2 belong 0x09000006 Kompas drawing 6.0 +>2 belong 0x5C009005 Kompas drawing 5.11R03 +>2 belong 0x54009005 Kompas drawing 5.11R02 +>2 belong 0x51009005 Kompas drawing 5.11R01 +>2 belong 0x22009005 Kompas drawing 5.10R03 +>2 belong 0x22009005 Kompas drawing 5.10R02 mar +>2 belong 0x21009005 Kompas drawing 5.10R02 febr +>2 belong 0x19009005 Kompas drawing 5.10R01 +>2 belong 0xF4008005 Kompas drawing 5.9R01.003 +>2 belong 0x1C008005 Kompas drawing 5.9R01.002 +>2 belong 0x11008005 Kompas drawing 5.8R01.003 # CAD: file(1) magic for computer aided design files # Phillip Griffith @@ -147,8 +147,13 @@ >0x02 byte 0xfe >>0x04 beshort 0x1800 CIT raster CAD -# 3DS (3d Studio files) Conflicts with diff output 0x3d '=' -#16 beshort 0x3d3d image/x-3ds +# 3DS (3d Studio files) +0 leshort 0x4d4d +>6 leshort 0x2 +>>8 lelong 0xa +>>>16 leshort 0x3d3d 3D Studio model +!:mime image/x-3ds +!:extension 3ds # MegaCAD 2D/3D drawing (.prt) # http://megacad.de/ --- contrib/file/magic/Magdir/cafebabe.orig +++ contrib/file/magic/Magdir/cafebabe @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: cafebabe,v 1.20 2015/05/29 14:21:58 christos Exp $ +# $File: cafebabe,v 1.23 2017/05/25 20:07:23 christos Exp $ # Cafe Babes unite! # # Since Java bytecode and Mach-O universal binaries have the same magic number, @@ -7,8 +7,8 @@ # the test must be performed in the same "magic" sequence to get both right. # The long at offset 4 in a Mach-O universal binary tells the number of # architectures; the short at offset 4 in a Java bytecode file is the JVM minor -# version and the short at offset 6 is the JVM major version. Since there are only -# only 18 labeled Mach-O architectures at current, and the first released +# version and the short at offset 6 is the JVM major version. Since there are only +# only 18 labeled Mach-O architectures at current, and the first released # Java class format was version 43.0, we can safely choose any number # between 18 and 39 to test the number of architectures against # (and use as a hack). Let's not use 18, because the Mach-O people @@ -47,7 +47,7 @@ 0 name mach-o \b [ >0 use mach-o-cpu \b ->(8.L) indirect \b: +>(8.L) indirect x \b: >0 belong x \b] 0 belong 0xcafebabe @@ -58,12 +58,15 @@ >>4 belong <20 Mach-O universal binary with %d architectures: !:mime application/x-mach-binary >>>8 use mach-o \b +>>4 belong 2 >>>28 use mach-o \b ->>4 belong 2 +>>4 belong 3 >>>48 use mach-o \b ->>4 belong 3 +>>4 belong 4 >>>68 use mach-o \b ->>4 belong 4 +>>4 belong 5 >>>88 use mach-o \b +>>4 belong 6 +>>>108 use mach-o \b ### MACH-O END ### --- contrib/file/magic/Magdir/claris.orig +++ contrib/file/magic/Magdir/claris @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: claris,v 1.7 2014/06/03 19:17:27 christos Exp $ +# $File: claris,v 1.8 2016/07/18 19:23:38 christos Exp $ # claris: file(1) magic for claris # "H. Nanosecond" # Claris Works a word processor, etc. @@ -18,7 +18,8 @@ # Claris works files # .cwk -0 string \002\000\210\003\102\117\102\117\000\001\206 Claris works document +# Moved to Apple AppleWorks document +#0 string \002\000\210\003\102\117\102\117\000\001\206 Claris works document # .plt 0 string \020\341\000\000\010\010 Claris Works palette files .plt --- contrib/file/magic/Magdir/clipper.orig +++ contrib/file/magic/Magdir/clipper @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: clipper,v 1.7 2014/04/30 21:41:02 christos Exp $ +# $File: clipper,v 1.8 2017/03/17 21:35:28 christos Exp $ # clipper: file(1) magic for Intergraph (formerly Fairchild) Clipper. # # XXX - what byte order does the Clipper use? @@ -7,7 +7,7 @@ # # XXX - what's the "!" stuff: # -# >18 short !074000,000000 C1 R1 +# >18 short !074000,000000 C1 R1 # >18 short !074000,004000 C2 R1 # >18 short !074000,010000 C3 R1 # >18 short !074000,074000 TEST @@ -15,7 +15,7 @@ # I shall assume it's ANDing the field with the first value and # comparing it with the second, and rewrite it as: # -# >18 short&074000 000000 C1 R1 +# >18 short&074000 000000 C1 R1 # >18 short&074000 004000 C2 R1 # >18 short&074000 010000 C3 R1 # >18 short&074000 074000 TEST @@ -37,7 +37,7 @@ >12 long >0 not stripped >22 short >0 - version %d 0 short 0577 CLIPPER COFF executable ->18 short&074000 000000 C1 R1 +>18 short&074000 000000 C1 R1 >18 short&074000 004000 C2 R1 >18 short&074000 010000 C3 R1 >18 short&074000 074000 TEST --- contrib/file/magic/Magdir/coff.orig +++ contrib/file/magic/Magdir/coff @@ -0,0 +1,77 @@ + +#------------------------------------------------------------------------------ +# $File: coff,v 1.2 2017/03/17 21:35:28 christos Exp $ +# coff: file(1) magic for Common Object Files not specific to known cpu types or manufactures +# +# COFF +# +# by Joerg Jenderek at Oct 2015 +# https://en.wikipedia.org/wiki/COFF +# https://de.wikipedia.org/wiki/Common_Object_File_Format +# http://www.delorie.com/djgpp/doc/coff/filhdr.html + +# display name+variables+flags of Common Object Files Format (32bit) +# Maybe used also in adi,att3b,clipper,hitachi-sh,hp,ibm6000,intel, +# mips,motorola,msdos,osf1,sharc,varied.out,vax +0 name display-coff +# test for unused flag bits (0x8000,0x0800,0x0400,0x0200,x0080) in f_flags +>18 uleshort&0x8E80 0 +>>0 clear x +# f_magic - magic number +# DJGPP, 80386 COFF executable, MS Windows COFF Intel 80386 object file (./intel) +>>0 uleshort 0x014C Intel 80386 +# Hitachi SH big-endian COFF (./hitachi-sh) +>>0 uleshort 0x0500 Hitachi SH big-endian +# Hitachi SH little-endian COFF (./hitachi-sh) +>>0 uleshort 0x0550 Hitachi SH little-endian +# executable (RISC System/6000 V3.1) or obj module (./ibm6000) +#>>0 uleshort 0x01DF +# TODO for other COFFs +#>>0 uleshort 0xABCD COFF_TEMPLATE +>>0 default x +>>>0 uleshort x type 0x%04x +>>0 uleshort x COFF +# F_EXEC flag bit +>>18 leshort ^0x0002 object file +#!:mime application/x-coff +#!:ext cof/o/obj/lib +>>18 leshort &0x0002 executable +#!:mime application/x-coffexec +# F_RELFLG flag bit,static object +>>18 leshort &0x0001 \b, no relocation info +# F_LNNO flag bit +>>18 leshort &0x0004 \b, no line number info +# F_LSYMS flag bit +>>18 leshort &0x0008 \b, stripped +>>18 leshort ^0x0008 \b, not stripped +# flags in other COFF versions +#0x0010 F_FDPR_PROF +#0x0020 F_FDPR_OPTI +#0x0040 F_DSA +# F_AR32WR flag bit +#>>>18 leshort &0x0100 \b, 32 bit little endian +#0x1000 F_DYNLOAD +#0x2000 F_SHROBJ +#0x4000 F_LOADONLY +# f_nscns - number of sections +>>2 uleshort <2 \b, %d section +>>2 uleshort >1 \b, %d sections +# f_timdat - file time & date stamp only for little endian +#>>4 date x \b, %s +# f_symptr - symbol table pointer, only for not stripped +>>8 ulelong >0 \b, symbol offset=0x%x +# f_nsyms - number of symbols, only for not stripped +>>12 ulelong >0 \b, %d symbols +# f_opthdr - optional header size +>>16 uleshort >0 \b, optional header size %d +# at offset 20 can be optional header, extra bytes FILHSZ-20 because +# do not rely on sizeof(FILHDR) to give the correct size for header. +# or first section header +# additional variables for other COFF files +# >20 beshort 0407 (impure) +# >20 beshort 0410 (pure) +# >20 beshort 0413 (demand paged) +# >20 beshort 0421 (standalone) +# >22 leshort >0 - version %d +# >168 string .lowmem Apple toolbox + --- contrib/file/magic/Magdir/commands.orig +++ contrib/file/magic/Magdir/commands @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: commands,v 1.52 2015/06/04 19:16:55 christos Exp $ +# $File: commands,v 1.59 2017/08/14 07:40:38 christos Exp $ # commands: file(1) magic for various shells and interpreters # #0 string/w : shell archive or script for antique kernel text @@ -56,7 +56,7 @@ !:mime text/x-awk 0 string/wt #!\ /usr/bin/awk awk script text executable !:mime text/x-awk -0 regex/4096 =^\\s{0,100}BEGIN\\s{0,100}[{] awk or perl script text +0 regex/4096 =^[\040\t\f\r\n]{0,100}BEGIN[\040\t\f\r\n]{0,100}[{] awk or perl script text # AT&T Bell Labs' Plan 9 shell 0 string/wt #!\ /bin/rc Plan 9 rc shell script text executable @@ -84,7 +84,7 @@ # PHP scripts # Ulf Harnhammar 0 search/1/c = -0 string =24 regex [0-9.]+ \b, version %s +0 string =5 regex [\ \n] +>>6 string /*\ Smarty\ version Smarty compiled template +>>>24 regex [0-9.]+ \b, version %s !:mime text/x-php 0 string Zend\x00 PHP script Zend Optimizer data @@ -110,3 +112,7 @@ # URL: http://packages.debian.org/pdmenu # From: Edward Betts 0 string #!/usr/bin/pdmenu Pdmenu configuration file text + +# From Danny Weldon +0 string \x0b\x13\x08\x00 +>0x04 uleshort <4 ksh byte-code version %d --- contrib/file/magic/Magdir/compress.orig +++ contrib/file/magic/Magdir/compress @@ -1,5 +1,5 @@ #------------------------------------------------------------------------------ -# $File: compress,v 1.64 2015/07/27 15:41:09 christos Exp $ +# $File: compress,v 1.68 2017/05/25 20:07:23 christos Exp $ # compress: file(1) magic for pure-compression formats (no archives) # # compress, gzip, pack, compact, huf, squeeze, crunch, freeze, yabba, etc. @@ -188,6 +188,7 @@ >6 byte x version %d >7 byte x \b.%d !:mime application/x-7z-compressed +!:ext 7z/cb7 # Type: LZMA 0 lelong&0xffffff =0x5d @@ -219,6 +220,56 @@ 0 lelong 0x184c2102 LZ4 compressed data (v0.1-v0.9) !:mime application/x-lz4 +# Zstandard/LZ4 skippable frames +# https://github.com/facebook/zstd/blob/dev/zstd_compression_format.md +0 lelong&0xFFFFFFF0 0x184D2A50 +>(4.l+8) indirect x + +# Zstandard Dictionary ID subroutine +0 name zstd-dictionary-id +# Single Segment = True +>0 byte &0x20 \b, Dictionary ID: +>>0 byte&0x03 0 None +>>0 byte&0x03 1 +>>>1 byte x %u +>>0 byte&0x03 2 +>>>1 leshort x %u +>>0 byte&0x03 3 +>>>1 lelong x %u +# Single Segment = False +>0 byte ^0x20 \b, Dictionary ID: +>>0 byte&0x03 0 None +>>0 byte&0x03 1 +>>>2 byte x %u +>>0 byte&0x03 2 +>>>2 leshort x %u +>>0 byte&0x03 3 +>>>2 lelong x %u + +# Zstandard compressed data +# https://github.com/facebook/zstd/blob/dev/zstd_compression_format.md +0 lelong 0xFD2FB522 Zstandard compressed data (v0.2) +!:mime application/x-zstd +0 lelong 0xFD2FB523 Zstandard compressed data (v0.3) +!:mime application/x-zstd +0 lelong 0xFD2FB524 Zstandard compressed data (v0.4) +!:mime application/x-zstd +0 lelong 0xFD2FB525 Zstandard compressed data (v0.5) +!:mime application/x-zstd +0 lelong 0xFD2FB526 Zstandard compressed data (v0.6) +!:mime application/x-zstd +0 lelong 0xFD2FB527 Zstandard compressed data (v0.7) +!:mime application/x-zstd +>4 use zstd-dictionary-id +0 lelong 0xFD2FB528 Zstandard compressed data (v0.8+) +!:mime application/x-zstd +>4 use zstd-dictionary-id + +# https://github.com/facebook/zstd/blob/dev/zstd_compression_format.md +0 lelong 0xEC30A437 Zstandard dictionary +!:mime application/x-zstd-dictionary +>4 lelong x (ID %u) + # AFX compressed files (Wolfram Kleff) 2 string -afx- AFX compressed file data @@ -259,7 +310,7 @@ # Zlib https://www.ietf.org/rfc/rfc6713.txt 0 string/b x ->0 beshort%31 =0 +>0 beshort%31 =0 >>0 byte&0xf =8 >>>0 byte&0x80 =0 zlib compressed data !:mime application/zlib --- contrib/file/magic/Magdir/console.orig +++ contrib/file/magic/Magdir/console @@ -1,53 +1,159 @@ #------------------------------------------------------------------------------ -# $File: console,v 1.20 2015/03/15 23:21:42 christos Exp $ +# $File: console,v 1.32 2017/08/13 00:21:47 christos Exp $ # Console game magic # Toby Deshane -# ines: file(1) magic for Marat's iNES Nintendo Entertainment System -# ROM dump format -0 string NES\032 iNES ROM dump, ->4 byte x %dx16k PRG ->5 byte x \b, %dx8k CHR ->6 byte&0x01 =0x1 \b, [Vert.] ->6 byte&0x01 =0x0 \b, [Horiz.] ->6 byte&0x02 =0x2 \b, [SRAM] ->6 byte&0x04 =0x4 \b, [Trainer] ->6 byte&0x04 =0x8 \b, [4-Scr] +# ines: file(1) magic for Marat's iNES Nintendo Entertainment System ROM dump format +# Updated by David Korth +# References: +# - http://wiki.nesdev.com/w/index.php/INES +# - http://wiki.nesdev.com/w/index.php/NES_2.0 +# Common header for iNES, NES 2.0, and Wii U iNES. +0 name nes-rom-image-ines +>7 byte&0x0C =0x8 (NES 2.0) +>4 byte x \b: %ux16k PRG +>5 byte x \b, %ux8k CHR +>6 byte&0x08 =0x8 [4-Scr] +>6 byte&0x09 =0x0 [H-mirror] +>6 byte&0x09 =0x1 [V-mirror] +>6 byte&0x02 =0x2 [SRAM] +>6 byte&0x04 =0x4 [Trainer] +>7 byte&0x03 =0x2 [PC10] +>7 byte&0x03 =0x1 [VS] +>>7 byte&0x0C =0x8 +# NES 2.0: VS PPU +>>>13 byte&0x0F =0x0 \b, RP2C03B +>>>13 byte&0x0F =0x1 \b, RP2C03G +>>>13 byte&0x0F =0x2 \b, RP2C04-0001 +>>>13 byte&0x0F =0x3 \b, RP2C04-0002 +>>>13 byte&0x0F =0x4 \b, RP2C04-0003 +>>>13 byte&0x0F =0x5 \b, RP2C04-0004 +>>>13 byte&0x0F =0x6 \b, RP2C03B +>>>13 byte&0x0F =0x7 \b, RP2C03C +>>>13 byte&0x0F =0x8 \b, RP2C05-01 +>>>13 byte&0x0F =0x9 \b, RP2C05-02 +>>>13 byte&0x0F =0xA \b, RP2C05-03 +>>>13 byte&0x0F =0xB \b, RP2C05-04 +>>>13 byte&0x0F =0xC \b, RP2C05-05 +# TODO: VS protection hardware? +>>7 byte x \b] +# NES 2.0-specific flags. +>7 byte&0x0C =0x8 +>>12 byte&0x03 =0x0 [NTSC] +>>12 byte&0x03 =0x1 [PAL] +>>12 byte&0x02 =0x2 [NTSC+PAL] + +# Standard iNES ROM header. +0 string NES\x1A NES ROM image (iNES) +>0 use nes-rom-image-ines + +# Wii U Virtual Console iNES ROM header. +0 belong 0x4E455300 NES ROM image (Wii U Virtual Console) +>0 use nes-rom-image-ines + #------------------------------------------------------------------------------ -# gameboy: file(1) magic for the Nintendo (Color) Gameboy raw ROM format +# unif: file(1) magic for UNIF-format Nintendo Entertainment System ROM images +# Reference: http://wiki.nesdev.com/w/index.php/UNIF +# From: David Korth # -0x104 belong 0xCEED6666 Gameboy ROM: ->0x134 string >\0 "%.16s" ->0x146 byte 0x03 \b,[SGB] ->0x147 byte 0x00 \b, [ROM ONLY] ->0x147 byte 0x01 \b, [ROM+MBC1] ->0x147 byte 0x02 \b, [ROM+MBC1+RAM] ->0x147 byte 0x03 \b, [ROM+MBC1+RAM+BATT] ->0x147 byte 0x05 \b, [ROM+MBC2] ->0x147 byte 0x06 \b, [ROM+MBC2+BATTERY] ->0x147 byte 0x08 \b, [ROM+RAM] ->0x147 byte 0x09 \b, [ROM+RAM+BATTERY] ->0x147 byte 0x0B \b, [ROM+MMM01] ->0x147 byte 0x0C \b, [ROM+MMM01+SRAM] ->0x147 byte 0x0D \b, [ROM+MMM01+SRAM+BATT] ->0x147 byte 0x0F \b, [ROM+MBC3+TIMER+BATT] ->0x147 byte 0x10 \b, [ROM+MBC3+TIMER+RAM+BATT] ->0x147 byte 0x11 \b, [ROM+MBC3] ->0x147 byte 0x12 \b, [ROM+MBC3+RAM] ->0x147 byte 0x13 \b, [ROM+MBC3+RAM+BATT] ->0x147 byte 0x19 \b, [ROM+MBC5] ->0x147 byte 0x1A \b, [ROM+MBC5+RAM] ->0x147 byte 0x1B \b, [ROM+MBC5+RAM+BATT] ->0x147 byte 0x1C \b, [ROM+MBC5+RUMBLE] ->0x147 byte 0x1D \b, [ROM+MBC5+RUMBLE+SRAM] ->0x147 byte 0x1E \b, [ROM+MBC5+RUMBLE+SRAM+BATT] ->0x147 byte 0x1F \b, [Pocket Camera] ->0x147 byte 0xFD \b, [Bandai TAMA5] ->0x147 byte 0xFE \b, [Hudson HuC-3] ->0x147 byte 0xFF \b, [Hudson HuC-1] +# NOTE: The UNIF format uses chunks instead of a fixed header, +# so most of the data isn't easily parseable. +# +0 string UNIF +>4 lelong <16 NES ROM image (UNIF v%d format) +#------------------------------------------------------------------------------ +# fds: file(1) magic for Famciom Disk System disk images +# Reference: http://wiki.nesdev.com/w/index.php/Family_Computer_Disk_System#.FDS_format +# From: David Korth +# TODO: Check "Disk info block" and get info from that in addition to the optional header. + +# Disk info block. (block 1) +0 name nintendo-fds-disk-info-block +>23 byte !1 FMC- +>23 byte 1 FSC- +>16 string x \b%.3s +>15 byte x \b, mfr %02X +>20 byte x (Rev.%02u) + +# Headered version. +0 string FDS\x1A +>0x11 string *NINTENDO-HVC* Famicom Disk System disk image: +>>0x10 use nintendo-fds-disk-info-block +>4 byte 1 (%u side) +>4 byte !1 (%u sides) + +# Unheadered version. +1 string *NINTENDO-HVC* Famicom Disk System disk image: +>0 use nintendo-fds-disk-info-block + +#------------------------------------------------------------------------------ +# tnes: file(1) magic for TNES-format Nintendo Entertainment System ROM images +# Used by Nintendo 3DS NES Virtual Console games. +# From: David Korth +# +0 string TNES NES ROM image (Nintendo 3DS Virtual Console) +>4 byte 100 \b: FDS, +>>0x2010 use nintendo-fds-disk-info-block +>4 byte !100 \b: TNES mapper %u +>>5 byte x \b, %ux8k PRG +>>6 byte x \b, %ux8k CHR +>>7 byte&0x08 =1 [WRAM] +>>8 byte&0x09 =1 [H-mirror] +>>8 byte&0x09 =2 [V-mirror] +>>8 byte&0x02 =3 [VRAM] + +#------------------------------------------------------------------------------ +# gameboy: file(1) magic for the Nintendo (Color) Gameboy raw ROM format +# Reference: http://gbdev.gg8.se/wiki/articles/The_Cartridge_Header +# +0x104 bequad 0xCEED6666CC0D000B Game Boy ROM image +>0x143 byte&0x80 0x80 +>>0x134 string >\0 \b: "%.15s" +>0x143 byte&0x80 !0x80 +>>0x134 string >\0 \b: "%.16s" +>0x14c byte x (Rev.%02u) + +# Machine type. (SGB, CGB, SGB+CGB) +>0x14b byte 0x33 +>>0x146 byte 0x03 +>>>0x143 byte&0x80 0x80 [SGB+CGB] +>>>0x143 byte&0x80 !0x80 [SGB] +>>0x146 byte !0x03 +>>>0x143 byte&0xC0 0x80 [CGB] +>>>0x143 byte&0xC0 0xC0 [CGB ONLY] + +# Mapper. +>0x147 byte 0x00 [ROM ONLY] +>0x147 byte 0x01 [MBC1] +>0x147 byte 0x02 [MBC1+RAM] +>0x147 byte 0x03 [MBC1+RAM+BATT] +>0x147 byte 0x05 [MBC2] +>0x147 byte 0x06 [MBC2+BATTERY] +>0x147 byte 0x08 [ROM+RAM] +>0x147 byte 0x09 [ROM+RAM+BATTERY] +>0x147 byte 0x0B [MMM01] +>0x147 byte 0x0C [MMM01+SRAM] +>0x147 byte 0x0D [MMM01+SRAM+BATT] +>0x147 byte 0x0F [MBC3+TIMER+BATT] +>0x147 byte 0x10 [MBC3+TIMER+RAM+BATT] +>0x147 byte 0x11 [MBC3] +>0x147 byte 0x12 [MBC3+RAM] +>0x147 byte 0x13 [MBC3+RAM+BATT] +>0x147 byte 0x19 [MBC5] +>0x147 byte 0x1A [MBC5+RAM] +>0x147 byte 0x1B [MBC5+RAM+BATT] +>0x147 byte 0x1C [MBC5+RUMBLE] +>0x147 byte 0x1D [MBC5+RUMBLE+SRAM] +>0x147 byte 0x1E [MBC5+RUMBLE+SRAM+BATT] +>0x147 byte 0xFC [Pocket Camera] +>0x147 byte 0xFD [Bandai TAMA5] +>0x147 byte 0xFE [Hudson HuC-3] +>0x147 byte 0xFF [Hudson HuC-1] + +# ROM size. >0x148 byte 0 \b, ROM: 256Kbit >0x148 byte 1 \b, ROM: 512Kbit >0x148 byte 2 \b, ROM: 1Mbit @@ -55,59 +161,199 @@ >0x148 byte 4 \b, ROM: 4Mbit >0x148 byte 5 \b, ROM: 8Mbit >0x148 byte 6 \b, ROM: 16Mbit +>0x148 byte 7 \b, ROM: 32Mbit >0x148 byte 0x52 \b, ROM: 9Mbit >0x148 byte 0x53 \b, ROM: 10Mbit >0x148 byte 0x54 \b, ROM: 12Mbit +# RAM size. >0x149 byte 1 \b, RAM: 16Kbit >0x149 byte 2 \b, RAM: 64Kbit >0x149 byte 3 \b, RAM: 128Kbit >0x149 byte 4 \b, RAM: 1Mbit +>0x149 byte 5 \b, RAM: 512Kbit -#>0x14e long x \b, CRC: %x +#------------------------------------------------------------------------------ +# genesis: file(1) magic for various Sega Mega Drive / Genesis ROM image and disc formats +# Updated by David Korth +# References: +# - http://www.retrodev.com/segacd.html +# - http://devster.monkeeh.com/sega/32xguide1.txt +# +# Common Sega Mega Drive header format. +# FIXME: Name fields are 48 bytes, but have spaces for padding instead of 00s. +0 name sega-mega-drive-header +# ROM title. (Use domestic if present; if not, use international.) +>0x120 byte >0x20 +>>0x120 string >\0 \b: "%.16s" +>0x120 byte <0x21 +>>0x150 string >\0 \b: "%.16s" +# Other information. +>0x180 string >\0 (%.14s +>>0x110 string >\0 \b, %.16s +>0x180 byte 0 +>>0x110 string >\0 (%.16s +>0 byte x \b) + +# TODO: Check for 32X CD? +# Sega Mega CD disc images: 2048-byte sectors. +0 string SEGADISCSYSTEM\ \ Sega Mega CD disc image +>0 use sega-mega-drive-header +>0 byte x \b, 2048-byte sectors +0 string SEGABOOTDISC\ \ \ \ Sega Mega CD disc image +>0 use sega-mega-drive-header +>0 byte x \b, 2048-byte sectors +# Sega Mega CD disc images: 2352-byte sectors. +0x10 string SEGADISCSYSTEM\ \ Sega Mega CD disc image +>0x10 use sega-mega-drive-header +>0 byte x \b, 2352-byte sectors +0x10 string SEGABOOTDISC\ \ \ \ Sega Mega CD disc image +>0x10 use sega-mega-drive-header +>0 byte x \b, 2352-byte sectors + +# Sega Mega Drive, 32X, Pico, and Mega CD Boot ROM images. +0x100 string SEGA +>0x3C0 bequad 0x4D41525320434845 Sega 32X ROM image +>>0 use sega-mega-drive-header +>0x3C0 bequad !0x4D41525320434845 +>>0x105 belong 0x5049434F Sega Pico ROM image +>>>0 use sega-mega-drive-header +>>0x105 belong !0x5049434F +>>>0x180 beshort 0x4252 Sega Mega CD Boot ROM image +>>>0x180 beshort !0x4252 Sega Mega Drive / Genesis ROM image +>>>0 use sega-mega-drive-header + #------------------------------------------------------------------------------ -# genesis: file(1) magic for the Sega MegaDrive/Genesis raw ROM format +# genesis: file(1) magic for the Super MegaDrive ROM dump format # -0x100 string SEGA Sega MegaDrive/Genesis raw ROM dump ->0x120 string >\0 Name: "%.16s" ->0x110 string >\0 %.16s ->0x1B0 string RA with SRAM +# NOTE: Due to interleaving, we can't display anything +# other than the copier header information. +0 name sega-genesis-smd-header +>0 byte x %dx16k blocks +>2 byte 0 \b, last in series or standalone +>2 byte >0 \b, split ROM + +# "Sega Genesis" header. +0x280 string EAGN +>8 beshort 0xAABB Sega Mega Drive / Genesis ROM image (SMD format): +>>0 use sega-genesis-smd-header + +# "Sega Mega Drive" header. +0x280 string EAMG +>8 beshort 0xAABB Sega Mega Drive / Genesis ROM image (SMD format): +>>0 use sega-genesis-smd-header + #------------------------------------------------------------------------------ -# genesis: file(1) magic for the Super MegaDrive ROM dump format +# smsgg: file(1) magic for Sega Master System and Game Gear ROM images +# Detects all Game Gear and export Sega Master System ROM images, +# and some Japanese Sega Master System ROM images. +# From: David Korth +# Reference: http://www.smspower.org/Development/ROMHeader # -0x280 string EAGN Super MagicDrive ROM dump ->0 byte x %dx16k blocks ->2 byte 0 \b, last in series or standalone ->2 byte >0 \b, split ROM ->8 byte 0xAA ->9 byte 0xBB +# General SMS header rule. +# The SMS boot ROM checks the header at three locations. +0 name sega-master-system-rom-header +# Machine type. +>0x0F byte&0xF0 0x30 Sega Master System +>0x0F byte&0xF0 0x40 Sega Master System +>0x0F byte&0xF0 0x50 Sega Game Gear +>0x0F byte&0xF0 0x60 Sega Game Gear +>0x0F byte&0xF0 0x70 Sega Game Gear +>0x0F byte&0xF0 <0x30 Sega Master System / Game Gear +>0x0F byte&0xF0 >0x70 Sega Master System / Game Gear +>0 byte x ROM image: +# Product code. +>0x0E byte&0xF0 0x10 1 +>0x0E byte&0xF0 0x20 2 +>0x0E byte&0xF0 0x30 3 +>0x0E byte&0xF0 0x40 4 +>0x0E byte&0xF0 0x50 5 +>0x0E byte&0xF0 0x60 6 +>0x0E byte&0xF0 0x70 7 +>0x0E byte&0xF0 0x80 8 +>0x0E byte&0xF0 0x90 9 +>0x0E byte&0xF0 0xA0 10 +>0x0E byte&0xF0 0xB0 11 +>0x0E byte&0xF0 0xC0 12 +>0x0E byte&0xF0 0xD0 13 +>0x0E byte&0xF0 0xE0 14 +>0x0E byte&0xF0 0xF0 15 +# If the product code is 5 digits, we'll need to backspace here. +>0x0E byte&0xF0 !0 +>>0x0C leshort x \b%04x +>0x0E byte&0xF0 0 +>>0x0C leshort x %04x +# Revision. +>0x0E byte&0x0F x (Rev.%02d) +# ROM size. (Used for the boot ROM checksum routine.) +>0x0F byte&0x0F 0x0A (8 KB) +>0x0F byte&0x0F 0x0B (16 KB) +>0x0F byte&0x0F 0x0C (32 KB) +>0x0F byte&0x0F 0x0D (48 KB) +>0x0F byte&0x0F 0x0E (64 KB) +>0x0F byte&0x0F 0x0F (128 KB) +>0x0F byte&0x0F 0x00 (256 KB) +>0x0F byte&0x0F 0x01 (512 KB) +>0x0F byte&0x0F 0x02 (1 MB) + +# SMS/GG header locations. +0x7FF0 string TMR\ SEGA +>0x7FF0 use sega-master-system-rom-header +0x3FF0 string TMR\ SEGA +>0x3FF0 use sega-master-system-rom-header +0x1FF0 string TMR\ SEGA +>0x1FF0 use sega-master-system-rom-header + #------------------------------------------------------------------------------ -# genesis: file(1) alternate magic for the Super MegaDrive ROM dump format +# saturn: file(1) magic for the Sega Saturn disc image format. +# From: David Korth # -0x280 string EAMG Super MagicDrive ROM dump ->0 byte x %dx16k blocks ->2 byte x \b, last in series or standalone ->8 byte 0xAA ->9 byte 0xBB +# Common Sega Saturn disc header format. +# NOTE: Title is 112 bytes, but we're only showing 32 due to space padding. +# TODO: Release date, device information, region code, others? +0 name sega-saturn-disc-header +>0x60 string >\0 \b: "%.32s" +>0x20 string >\0 (%.10s +>>0x2A string >\0 \b, %.6s) +>>0x2A byte 0 \b) + +# 2048-byte sector version. +0 string SEGA\ SEGASATURN\ Sega Saturn disc image +>0 use sega-saturn-disc-header +>0 byte x (2048-byte sectors) +# 2352-byte sector version. +0x10 string SEGA\ SEGASATURN\ Sega Saturn disc image +>0x10 use sega-saturn-disc-header +>0 byte x (2352-byte sectors) + #------------------------------------------------------------------------------ -# smsgg: file(1) magic for Sega Master System and Game Gear ROM dumps +# dreamcast: file(1) magic for the Sega Dreamcast disc image format. +# From: David Korth +# Reference: http://mc.pp.se/dc/ip0000.bin.html # -# Does not detect all images. Very preliminary guesswork. Need more data -# on format. -# -# FIXME: need a little more info...;P -# -#0 byte 0xF3 -#>1 byte 0xED Sega Master System/Game Gear ROM dump -#>1 byte 0x31 Sega Master System/Game Gear ROM dump -#>1 byte 0xDB Sega Master System/Game Gear ROM dump -#>1 byte 0xAF Sega Master System/Game Gear ROM dump -#>1 byte 0xC3 Sega Master System/Game Gear ROM dump +# Common Sega Dreamcast disc header format. +# NOTE: Title is 128 bytes, but we're only showing 32 due to space padding. +# TODO: Release date, device information, region code, others? +0 name sega-dreamcast-disc-header +>0x80 string >\0 \b: "%.32s" +>0x40 string >\0 (%.10s +>>0x4A string >\0 \b, %.6s) +>>0x4A byte 0 \b) + +# 2048-byte sector version. +0 string SEGA\ SEGAKATANA\ Sega Dreamcast disc image +>0 use sega-dreamcast-disc-header +>0 byte x (2048-byte sectors) +# 2352-byte sector version. +0x10 string SEGA\ SEGAKATANA\ Sega Dreamcast disc image +>0x10 use sega-dreamcast-disc-header +>0 byte x (2352-byte sectors) + #------------------------------------------------------------------------------ # dreamcast: file(1) uncertain magic for the Sega Dreamcast VMU image format # @@ -115,27 +361,114 @@ 0 string LCDi Dream Animator file #------------------------------------------------------------------------------ -# v64: file(1) uncertain magic for the V64 format N64 ROM dumps +# z64: file(1) magic for the Z64 format N64 ROM dumps +# Reference: http://forum.pj64-emu.com/showthread.php?t=2239 +# From: David Korth # -0 belong 0x37804012 V64 Nintendo 64 ROM dump +0 bequad 0x803712400000000F Nintendo 64 ROM image +>0x20 string >\0 \b: "%.20s" +>0x3B string x (%.4s +>0x3F byte x \b, Rev.%02u) -# From: "Nelson A. de Oliveira" -# Nintendo .nds -192 string \044\377\256Qi\232 Nintendo DS Game ROM Image -# Nintendo .gba -0 string \056\000\000\352$\377\256Qi Nintendo Game Boy Advance ROM Image +#------------------------------------------------------------------------------ +# v64: file(1) magic for the V64 format N64 ROM dumps +# Same as z64 format, but with 16-bit byteswapping. +# +0 bequad 0x3780401200000F00 Nintendo 64 ROM image (V64) #------------------------------------------------------------------------------ +# n64-swap2: file(1) magic for the swap2 format N64 ROM dumps +# Same as z64 format, but with swapped 16-bit words. +# +0 bequad 0x12408037000F0000 Nintendo 64 ROM image (wordswapped) + +#------------------------------------------------------------------------------ +# n64-le32: file(1) magic for the 32-bit byteswapped format N64 ROM dumps +# Same as z64 format, but with 32-bit byteswapping. +# +0 bequad 0x401237800F000000 Nintendo 64 ROM image (32-bit byteswapped) + +#------------------------------------------------------------------------------ +# gba: file(1) magic for the Nintendo Game Boy Advance raw ROM format +# Reference: http://problemkaputt.de/gbatek.htm#gbacartridgeheader +# +# Original version from: "Nelson A. de Oliveira" +# Updated version from: David Korth +# +4 bequad 0x24FFAE51699AA221 Game Boy Advance ROM image +>0xA0 string >\0 \b: "%.12s" +>0xAC string x (%.6s +>0xBC byte x \b, Rev.%02u) + +#------------------------------------------------------------------------------ +# nds: file(1) magic for the Nintendo DS(i) raw ROM format +# Reference: http://problemkaputt.de/gbatek.htm#dscartridgeheader +# +# Original version from: "Nelson A. de Oliveira" +# Updated version from: David Korth +# +0xC0 bequad 0x24FFAE51699AA221 Nintendo DS ROM image +>0x00 string >\0 \b: "%.12s" +>0x0C string x (%.6s +>0x1E byte x \b, Rev.%02u) +>0x12 byte 2 (DSi enhanced) +>0x12 byte 3 (DSi only) +# Secure Area check. +>0x20 lelong <0x4000 (homebrew) +>0x20 lelong >0x3FFF +>>0x4000 lequad 0x0000000000000000 (multiboot) +>>0x4000 lequad !0x0000000000000000 +>>>0x4000 lequad 0xE7FFDEFFE7FFDEFF (decrypted) +>>>0x4000 lequad !0xE7FFDEFFE7FFDEFF +>>>>0x1000 lequad 0x0000000000000000 (encrypted) +>>>>0x1000 lequad !0x0000000000000000 (mask ROM) + +#------------------------------------------------------------------------------ +# nds_passme: file(1) magic for Nintendo DS ROM images for GBA cartridge boot. +# This is also used for loading .nds files using the MSET exploit on 3DS. +# Reference: https://github.com/devkitPro/ndstool/blob/master/source/ndscreate.cpp +0xC0 bequad 0xC8604FE201708FE2 Nintendo DS Slot-2 ROM image (PassMe) + +#------------------------------------------------------------------------------ +# ngp: file(1) magic for the Neo Geo Pocket (Color) raw ROM format. +# From: David Korth +# References: +# - https://neogpc.googlecode.com/svn-history/r10/trunk/src/core/neogpc.cpp +# - http://www.devrs.com/ngp/files/ngpctech.txt +# +0x0A string BY\ SNK\ CORPORATION Neo Geo Pocket +>0x23 byte 0x10 Color +>0 byte x ROM image +>0x24 string >\0 \b: "%.12s" +>0x1F byte 0xFF (debug mode enabled) + +#------------------------------------------------------------------------------ # msx: file(1) magic for MSX game cartridge dumps # Too simple - MPi -#0 beshort 0x4142 MSX game cartridge dump +#0 beshort 0x4142 MSX game cartridge dump #------------------------------------------------------------------------------ # Sony Playstation executables (Adam Sjoegren ) : 0 string PS-X\ EXE Sony Playstation executable +>16 lelong x PC=0x%08x, +>20 lelong !0 GP=0x%08x, +>24 lelong !0 .text=[0x%08x, +>>28 lelong x \b0x%x], +>32 lelong !0 .data=[0x%08x, +>>36 lelong x \b0x%x], +>40 lelong !0 .bss=[0x%08x, +>>44 lelong x \b0x%x], +>48 lelong !0 Stack=0x%08x, +>48 lelong =0 No Stack!, +>52 lelong !0 StackSize=0x%x, +#>76 string >\0 (%s) # Area: >113 string x (%s) +# CPE executables +0 string CPE CPE executable +>3 byte x (version %d) + #------------------------------------------------------------------------------ # Microsoft Xbox executables .xbe (Esa Hyytia ) 0 string XBEH XBE, Microsoft Xbox executable @@ -167,7 +500,7 @@ # Double-check that the image type matches too, 0x8008 conflicts with # 8 character OMF-86 object file headers. -0 beshort 0x8008 +0 beshort 0x8008 >6 string BS93 Lynx homebrew cartridge >>2 beshort x \b, RAM start $%04x >6 string LYNX Lynx cartridge @@ -182,7 +515,7 @@ # is the offset 12 or the offset 16 correct? # GBS (Game Boy Sound) magic # ftp://ftp.modland.com/pub/documents/format_documentation/\ -# Gameboy%20Sound%20System%20(.gbs).txt +# Gameboy%20Sound%20System%20(.gbs).txt 0 string GBS Nintendo Gameboy Music/Audio Data #12 string GameBoy\ Music\ Module Nintendo Gameboy Music Module >16 string >\0 ("%s" by @@ -191,6 +524,10 @@ >3 byte x version %d, >4 byte x %d tracks +# IPS Patch Files from: From: Thomas Klausner +# see http://zerosoft.zophar.net/ips.php +0 string PATCH IPS patch file + # Playstations Patch Files from: From: Thomas Klausner 0 string PPF30 Playstation Patch File version 3.0 >5 byte 0 \b, PPF 1.0 patch @@ -218,7 +555,7 @@ # SNES9x .smv "movie" file format. 0 string SMV\x1A SNES9x input recording >0x4 lelong x \b, version %d -# version 4 is latest so far +# version 4 is latest so far >0x4 lelong <5 >>0x8 ledate x \b, recorded at %s >>0xc lelong >0 \b, rerecorded %d times @@ -272,3 +609,241 @@ # From: Sven Hartge 0 string SCVM ScummVM savegame >12 string >\0 "%s" + +#------------------------------------------------------------------------------ +# Nintendo GameCube / Wii file formats. +# + +# Type: Nintendo GameCube/Wii common disc header data. +# From: David Korth +# Reference: http://wiibrew.org/wiki/Wii_Disc +0 name nintendo-gcn-disc-common +>0x20 string x "%.64s" +>0x00 string x (%.6s +>0x06 byte >0 +>>0x06 byte 1 \b, Disc 2 +>>0x06 byte 2 \b, Disc 3 +>>0x06 byte 3 \b, Disc 4 +>0x07 byte x \b, Rev.%02u) + +# Type: Nintendo GameCube disc image +# From: David Korth +# Reference: http://wiibrew.org/wiki/Wii_Disc +0x1C belong 0xC2339F3D Nintendo GameCube disc image: +>0 use nintendo-gcn-disc-common + +# Type: Nintendo GameCube embedded disc image +# Commonly found on demo discs. +# From: David Korth +# Reference: http://hitmen.c02.at/files/yagcd/yagcd/index.html#idx14.8 +0 belong 0xAE0F38A2 +>0x0C belong 0x00100000 +>>(8.L+0x1C) belong 0xC2339F3D Nintendo GameCube embedded disc image: +>>>(8.L) use nintendo-gcn-disc-common + +# Type: Nintendo Wii disc image +# From: David Korth +# Reference: http://wiibrew.org/wiki/Wii_Disc +0x18 belong 0x5D1C9EA3 Nintendo Wii disc image: +>0 use nintendo-gcn-disc-common + +# Type: Nintendo Wii disc image (WBFS format) +# From: David Korth +# Reference: http://wiibrew.org/wiki/Wii_Disc +0 string WBFS +>0x218 belong 0x5D1C9EA3 Nintendo Wii disc image (WBFS format): +>>0x200 use nintendo-gcn-disc-common + +# Type: Nintendo GameCube/Wii disc image (CISO format) +# NOTE: This is NOT the same as Compact ISO or PSP CISO, +# though it has the same magic number. +0 string CISO +# Other fields are used to determine what type of CISO this is: +# - 0x04 == 0x00200000: GameCube/Wii CISO (block_size) +# - 0x10 == 0x00000800: PSP CISO (ISO-9660 sector size) +# - None of the above: Compact ISO. +>4 lelong 0x200000 +>>8 byte 1 +>>>0x801C belong 0xC2339F3D Nintendo GameCube disc image (CISO format): +>>>>0x8000 use nintendo-gcn-disc-common +>>>0x8018 belong 0x5D1C9EA3 Nintendo Wii disc image (CISO format): +>>>>0x8000 use nintendo-gcn-disc-common + +# Type: Nintendo GameCube/Wii disc image (GCZ format) +# Due to zlib compression, we can't get the actual disc information. +0 lelong 0xB10BC001 +>4 lelong 0 Nintendo GameCube disc image (GCZ format) +>4 lelong 1 Nintendo Wii disc image (GCZ format) +>4 lelong >1 Nintendo GameCube/Wii disc image (GCZ format) + +# Type: Nintendo GameCube/Wii disc image (WDF format) +0 string WII\001DISC +>8 belong 1 +# WDFv1 +>>0x54 belong 0xC2339F3D Nintendo GameCube disc image (WDFv1 format): +>>>0x38 use nintendo-gcn-disc-common +>>0x58 belong 0x5D1C9EA3 Nintendo Wii disc image (WDFv1 format): +>>>0x38 use nintendo-gcn-disc-common +>8 belong 2 +# WDFv2 +>>(12.L+0x1C) belong 0xC2339F3D Nintendo GameCube disc image (WDFv2 format): +>>>(12.L) use nintendo-gcn-disc-common +>>(12.L+0x18) belong 0x5D1C9EA3 Nintendo Wii disc image (WDFv2 format): +>>>(12.L) use nintendo-gcn-disc-common + +# Type: Nintendo GameCube/Wii disc image (WIA format) +0 string WIA\001 Nintendo +>0x48 belong 0 GameCube/Wii +>0x48 belong 1 GameCube +>0x48 belong 2 Wii +>0x48 belong >2 GameCube/Wii +>0x48 belong x disc image (WIA format): +>>0x58 use nintendo-gcn-disc-common + +#------------------------------------------------------------------------------ +# Nintendo 3DS file formats. +# + +# Type: Nintendo 3DS "NCSD" image. (game cards and eMMC) +# From: David Korth +# Reference: https://www.3dbrew.org/wiki/NCSD +0x100 string NCSD +>0x118 lequad 0 Nintendo 3DS Game Card image +# NCCH header for partition 0. (game data) +>>0x1150 string >\0 \b: "%.16s" +>>0x312 byte x (Rev.%02u) +>>0x118C byte 2 (New3DS only) +>>0x18D byte 0 (inner device) +>>0x18D byte 1 (Card1) +>>0x18D byte 2 (Card2) +>>0x18D byte 3 (extended device) +>0x118 bequad 0x0102020202000000 Nintendo 3DS eMMC dump (Old3DS) +>0x118 bequad 0x0102020203000000 Nintendo 3DS eMMC dump (New3DS) + +# Nintendo 3DS version code. +# Reference: https://www.3dbrew.org/wiki/Titles +# Format: leshort containing three fields: +# - 6-bit: Major +# - 6-bit: Minor +# - 4-bit: Revision +# NOTE: Only supporting major/minor versions from 0-15 right now. +# NOTE: Should be prefixed with "v". +0 name nintendo-3ds-version-code +# Raw version. +>0 leshort x \b%u, +# Major version. +>0 leshort&0xFC00 0x0000 0 +>0 leshort&0xFC00 0x0400 1 +>0 leshort&0xFC00 0x0800 2 +>0 leshort&0xFC00 0x0C00 3 +>0 leshort&0xFC00 0x1000 4 +>0 leshort&0xFC00 0x1400 5 +>0 leshort&0xFC00 0x1800 6 +>0 leshort&0xFC00 0x1C00 7 +>0 leshort&0xFC00 0x2000 8 +>0 leshort&0xFC00 0x2400 9 +>0 leshort&0xFC00 0x2800 10 +>0 leshort&0xFC00 0x2C00 11 +>0 leshort&0xFC00 0x3000 12 +>0 leshort&0xFC00 0x3400 13 +>0 leshort&0xFC00 0x3800 14 +>0 leshort&0xFC00 0x3C00 15 +# Minor version. +>0 leshort&0x03F0 0x0000 \b.0 +>0 leshort&0x03F0 0x0010 \b.1 +>0 leshort&0x03F0 0x0020 \b.2 +>0 leshort&0x03F0 0x0030 \b.3 +>0 leshort&0x03F0 0x0040 \b.4 +>0 leshort&0x03F0 0x0050 \b.5 +>0 leshort&0x03F0 0x0060 \b.6 +>0 leshort&0x03F0 0x0070 \b.7 +>0 leshort&0x03F0 0x0080 \b.8 +>0 leshort&0x03F0 0x0090 \b.9 +>0 leshort&0x03F0 0x00A0 \b.10 +>0 leshort&0x03F0 0x00B0 \b.11 +>0 leshort&0x03F0 0x00C0 \b.12 +>0 leshort&0x03F0 0x00D0 \b.13 +>0 leshort&0x03F0 0x00E0 \b.14 +>0 leshort&0x03F0 0x00F0 \b.15 +# Revision. +>0 leshort&0x000F x \b.%u + +# Type: Nintendo 3DS "NCCH" container. +# https://www.3dbrew.org/wiki/NCCH +0x100 string NCCH Nintendo 3DS +>0x18D byte&2 0 File Archive (CFA) +>0x18D byte&2 2 Executable Image (CXI) +>0x150 string >\0 \b: "%.16s" +>0x18D byte 0x05 +>>0x10E leshort x (Old3DS System Update v +>>0x10E use nintendo-3ds-version-code +>>0x10E leshort x \b) +>0x18D byte 0x15 +>>0x10E leshort x (New3DS System Update v +>>0x10E use nintendo-3ds-version-code +>>0x10E leshort x \b) +>0x18D byte !0x05 +>>0x18D byte !0x15 +>>>0x112 byte x (v +>>>0x112 use nintendo-3ds-version-code +>>>0x112 byte x \b) +>0x18C byte 2 (New3DS only) + +# Type: Nintendo 3DS "SMDH" file. (application description) +# From: David Korth +# Reference: https://3dbrew.org/wiki/SMDH +0 string SMDH Nintendo 3DS SMDH file +>0x208 leshort !0 +>>0x208 lestring16 x \b: "%.128s" +>>0x388 leshort !0 +>>>0x388 lestring16 x by %.128s +>0x208 leshort 0 +>>0x008 leshort !0 +>>>0x008 lestring16 x \b: "%.128s" +>>>0x188 leshort !0 +>>>>0x188 lestring16 x by %.128s + +# Type: Nintendo 3DS Homebrew Application. +# From: David Korth +# Reference: https://3dbrew.org/wiki/3DSX_Format +0 string 3DSX Nintendo 3DS Homebrew Application (3DSX) + +#------------------------------------------------------------------------------ +# a7800: file(1) magic for the Atari 7800 raw ROM format. +# From: David Korth +# Reference: https://sites.google.com/site/atari7800wiki/a78-header + +0 byte >0 +>0 byte <3 +>>1 string ATARI7800 Atari 7800 ROM image +>>>0x11 string >\0 \b: "%.32s" +# Display type. +>>>0x39 byte 0 (NTSC) +>>>0x39 byte 1 (PAL) +>>>0x36 byte&1 1 (POKEY) + +#------------------------------------------------------------------------------ +# vectrex: file(1) magic for the GCE Vectrex raw ROM format. +# From: David Korth +# Reference: http://www.playvectrex.com/designit/chrissalo/hello1.htm +# +# NOTE: Title is terminated with 0x80, not 0. +# The header is terminated with a 0, so that will +# terminate the title as well. +# +0 string g\ GCE Vectrex ROM image +>0x11 string >\0 \b: "%.16s" + +#------------------------------------------------------------------------------ +# amiibo: file(1) magic for Nintendo amiibo NFC dumps. +# From: David Korth +# Reference: https://www.3dbrew.org/wiki/Amiibo +0x00 byte 0x04 +>0x0A beshort 0x0FE0 +>>0x0C belong 0xF110FFEE +>>>0x208 beshort 0x0100 +>>>>0x020A byte 0x0F +>>>>>0x020C bequad 0x000000045F000000 +>>>>>>0x5B byte 0x02 +>>>>>>>0x54 belong x Nintendo amiibo NFC dump - amiibo ID: %08X- +>>>>>>>0x58 belong x \b%08X --- contrib/file/magic/Magdir/coverage.orig +++ contrib/file/magic/Magdir/coverage @@ -0,0 +1,91 @@ + +#------------------------------------------------------------------------------ +# $File: coverage,v 1.1 2016/06/05 00:26:32 christos Exp $ +# xoverage: file(1) magic for test coverage data + +# File formats used to store test coverage data +# 2016-05-21, Georg Sauthoff + + +# - GCC gcno - written by GCC at compile time when compiling with +# gcc -ftest-coverage +# - GCC gcda - written by a program that was compiled with +# gcc -fprofile-arcs +# - LLVM raw profiles - generated by a program compiled with +# clang -fprofile-instr-generate -fcoverage-mapping ... +# - LLVM indexed profiles - generated by +# llvm-profdata +# - GCOV reports, i.e. the annotated source code +# - LCOV trace files, i.e. aggregated GCC profiles +# +# GCC coverage tracefiles +# .gcno file are created during compile time, +# while data collected during runtime is stored in .gcda files +# cf. gcov-io.h +# https://gcc.gnu.org/onlinedocs/gcc-5.3.0/gcc/Gcov-Data-Files.html +# Examples: +# Fedora 23/x86-64/gcc-5.3.1: 6f 6e 63 67 52 33 30 35 +# Debian 8 PPC64/gcc-4.9.2 : 67 63 6e 6f 34 30 39 2a +0 lelong 0x67636e6f GCC gcno coverage (-ftest-coverage), +>&3 byte x version %c. +>&1 byte x \b%c + +# big endian +0 belong 0x67636e6f GCC gcno coverage (-ftest-coverage), +>&0 byte x version %c. +>&2 byte x \b%c (big-endian) + +# Examples: +# Fedora 23/x86-64/gcc-5.3.1: 61 64 63 67 52 33 30 35 +# Debian 8 PPC64/gcc-4.9.2 : 67 63 64 61 34 30 39 2a +0 lelong 0x67636461 GCC gcda coverage (-fprofile-arcs), +>&3 byte x version %c. +>&1 byte x \b%c + +# big endian +0 belong 0x67636461 GCC gcda coverage (-fprofile-arcs), +>&0 byte x version %c. +>&2 byte x \b%c (big-endian) + + +# LCOV tracefiles +# cf. http://ltp.sourceforge.net/coverage/lcov/geninfo.1.php +0 string TN: +>&0 search/64 \nSF:/ LCOV coverage tracefile + + +# Coverage reports generated by gcov +# i.e. source code annoted with coverage information +0 string \x20\x20\x20\x20\x20\x20\x20\x20-:\x20\x20\x20\ 0:Source: +>&0 search/128 \x20\x20\x20\x20\x20\x20\x20\x20-:\x20\x20\x20\ 0:Graph: +>>&0 search/128 \x20\x20\x20\x20\x20\x20\x20\x20-:\x20\x20\x20\ 0:Data: GCOV coverage report + + +# LLVM coverage files + +# raw data after running a program compiled with: +# `clang -fprofile-instr-generate -fcoverage-mapping ...` +# default name: default.profraw +# magic is: \xFF lprofr \x81 +# cf. http://llvm.org/docs/doxygen/html/InstrProfData_8inc_source.html +0 lequad 0xff6c70726f667281 LLVM raw profile data, +>&0 byte x version %d + +# big endian +0 bequad 0xff6c70726f667281 LLVM raw profile data, +>&7 byte x version %d (big-endian) + + +# LLVM indexed instruction profile (as generated by llvm-profdata) +# magic is: reverse(\xFF lprofi \x81) +# cf. http://llvm.org/docs/CoverageMappingFormat.html +# http://llvm.org/docs/doxygen/html/namespacellvm_1_1IndexedInstrProf.html +# http://llvm.org/docs/CommandGuide/llvm-cov.html +# http://llvm.org/docs/CommandGuide/llvm-profdata.html +0 lequad 0x8169666f72706cff LLVM indexed profile data, +>&0 byte x version %d + +# big endian +0 bequad 0x8169666f72706cff LLVM indexed profile data, +>&7 byte x version %d (big-endian) + --- contrib/file/magic/Magdir/cups.orig +++ contrib/file/magic/Magdir/cups @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: cups,v 1.3 2014/05/28 19:50:41 christos Exp $ +# $File: cups,v 1.5 2017/03/17 21:35:28 christos Exp $ # Cups: file(1) magic for the cups raster file format # From: Laurent Martelli # http://www.cups.org/documentation.php/spec-raster.html @@ -39,16 +39,16 @@ >404 lelong 20 ColorSpace=AdobeRGB # Cups Raster image format, Big Endian -0 string RaS +0 string RaS >3 string t Cups Raster version 1, Big Endian >3 string 2 Cups Raster version 2, Big Endian >3 string 3 Cups Raster version 3, Big Endian !:mime application/vnd.cups-raster ->0 use ^cups-le +>0 use \^cups-le # Cups Raster image format, Little Endian -1 string SaR +1 string SaR >0 string t Cups Raster version 1, Little Endian >0 string 2 Cups Raster version 2, Little Endian >0 string 3 Cups Raster version 3, Little Endian --- contrib/file/magic/Magdir/database.orig +++ contrib/file/magic/Magdir/database @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: database,v 1.45 2015/09/09 16:25:29 christos Exp $ +# $File: database,v 1.52 2017/08/13 00:21:47 christos Exp $ # database: file(1) magic for various databases # # extracted from header/code files by Graeme Wilford (eep2gw@ee.surrey.ac.uk) @@ -84,7 +84,7 @@ # From Max Bowsher. 12 long 0x00040988 Berkeley DB >16 long >0 (Log, version %d, native byte-order) -12 belong 0x00040988 Berkeley DB +12 belong 0x00040988 Berkeley DB >16 belong >0 (Log, version %d, big-endian) 12 lelong 0x00040988 Berkeley DB >16 lelong >0 (Log, version %d, little-endian) @@ -103,7 +103,7 @@ >>>12 long !0 32bit aligned >>>>12 bedouble 8.642135e+130 big-endian >>>>>20 long 0 64bit long ->>>>>20 long !0 32bit long +>>>>>20 long !0 32bit long >>>>12 ledouble 8.642135e+130 little-endian >>>>>24 long 0 64bit long >>>>>24 long !0 32bit long (i386) @@ -128,22 +128,22 @@ # XXX: Weak magic. # Alex Ott ## Paradox file formats -#2 leshort 0x0800 Paradox -#>0x39 byte 3 v. 3.0 -#>0x39 byte 4 v. 3.5 -#>0x39 byte 9 v. 4.x -#>0x39 byte 10 v. 5.x -#>0x39 byte 11 v. 5.x -#>0x39 byte 12 v. 7.x -#>>0x04 byte 0 indexed .DB data file -#>>0x04 byte 1 primary index .PX file -#>>0x04 byte 2 non-indexed .DB data file -#>>0x04 byte 3 non-incrementing secondary index .Xnn file -#>>0x04 byte 4 secondary index .Ynn file -#>>0x04 byte 5 incrementing secondary index .Xnn file -#>>0x04 byte 6 non-incrementing secondary index .XGn file -#>>0x04 byte 7 secondary index .YGn file -#>>>0x04 byte 8 incrementing secondary index .XGn file +#2 leshort 0x0800 Paradox +#>0x39 byte 3 v. 3.0 +#>0x39 byte 4 v. 3.5 +#>0x39 byte 9 v. 4.x +#>0x39 byte 10 v. 5.x +#>0x39 byte 11 v. 5.x +#>0x39 byte 12 v. 7.x +#>>0x04 byte 0 indexed .DB data file +#>>0x04 byte 1 primary index .PX file +#>>0x04 byte 2 non-indexed .DB data file +#>>0x04 byte 3 non-incrementing secondary index .Xnn file +#>>0x04 byte 4 secondary index .Ynn file +#>>0x04 byte 5 incrementing secondary index .Xnn file +#>>0x04 byte 6 non-incrementing secondary index .XGn file +#>>0x04 byte 7 secondary index .YGn file +#>>>0x04 byte 8 incrementing secondary index .XGn file ## XBase database files # updated by Joerg Jenderek at Feb 2013 @@ -151,33 +151,33 @@ # http://www.clicketyclick.dk/databases/xbase/format/dbf.html # http://home.f1.htw-berlin.de/scheibl/db/intern/dBase.htm # inspect VVYYMMDD , where 1<= MM <= 12 and 1<= DD <= 31 -0 ubelong&0x0000FFFF <0x00000C20 +0 ubelong&0x0000FFFF <0x00000C20 # skip Infocom game Z-machine ->2 ubyte >0 +>2 ubyte >0 # skip Androids *.xml ->>3 ubyte >0 ->>>3 ubyte <32 +>>3 ubyte >0 +>>>3 ubyte <32 # 1 < version VV ->>>>0 ubyte >1 +>>>>0 ubyte >1 # skip HELP.CA3 by test for reserved byte ( NULL ) ->>>>>27 ubyte 0 +>>>>>27 ubyte 0 # reserved bytes not always 0 ; also found 0x3901 (T4.DBF) ,0x7101 (T5.DBF,T6.DBF) #>>>>>30 ubeshort x 30NULL?%x -# possible production flag,tag numbers(<=0x30),tag length(<=0x20), reserved (NULL) ->>>>>>24 ubelong&0xffFFFFff >0x01302000 +# possible production flag,tag numbers(<=0x30),tag length(<=0x20), reserved (NULL) +>>>>>>24 ubelong&0xffFFFFff >0x01302000 # .DBF or .MDX ->>>>>>24 ubelong&0xffFFFFff <0x01302001 +>>>>>>24 ubelong&0xffFFFFff <0x01302001 # for Xbase Database file (*.DBF) reserved (NULL) for multi-user ->>>>>>>24 ubelong&0xffFFFFff =0 +>>>>>>>24 ubelong&0xffFFFFff =0 # test for 2 reserved NULL bytes,transaction and encryption byte flag ->>>>>>>>12 ubelong&0xFFFFfEfE 0 +>>>>>>>>12 ubelong&0xFFFFfEfE 0 # test for MDX flag ->>>>>>>>>28 ubyte x ->>>>>>>>>28 ubyte&0xf8 0 +>>>>>>>>>28 ubyte x +>>>>>>>>>28 ubyte&0xf8 0 # header size >= 32 ->>>>>>>>>>8 uleshort >31 +>>>>>>>>>>8 uleshort >31 # skip PIC15736.PCX by test for language driver name or field name ->>>>>>>>>>>32 ubyte >0 +>>>>>>>>>>>32 ubyte >0 #!:mime application/x-dbf; charset=unknown-8bit ?? #!:mime application/x-dbase >>>>>>>>>>>>0 use xbase-type @@ -202,22 +202,22 @@ >>>>>>>>>>>>28 ubyte&0x02 2 \b, with memo .FPT >>>>>>>>>>>>28 ubyte&0x04 4 \b, DataBaseContainer # 1st record offset + 1 = header size ->>>>>>>>>>>>8 uleshort >0 ->>>>>>>>>>>>(8.s+1) ubyte >0 +>>>>>>>>>>>>8 uleshort >0 +>>>>>>>>>>>>(8.s+1) ubyte >0 >>>>>>>>>>>>>8 uleshort >0 \b, at offset %d ->>>>>>>>>>>>>(8.s+1) ubyte >0 +>>>>>>>>>>>>>(8.s+1) ubyte >0 >>>>>>>>>>>>>>&-1 string >\0 1st record "%s" -# for multiple index files (*.MDX) Production flag,tag numbers(<=0x30),tag length(<=0x20), reserverd (NULL) ->>>>>>>24 ubelong&0x0133f7ff >0 +# for multiple index files (*.MDX) Production flag,tag numbers(<=0x30),tag length(<=0x20), reserved (NULL) +>>>>>>>24 ubelong&0x0133f7ff >0 # test for reserved NULL byte ->>>>>>>>47 ubyte 0 +>>>>>>>>47 ubyte 0 # test for valid TAG key format (0x10 or 0) ->>>>>>>>>559 ubyte&0xeF 0 +>>>>>>>>>559 ubyte&0xeF 0 # test MM <= 12 ->>>>>>>>>>45 ubeshort <0x0C20 ->>>>>>>>>>>45 ubyte >0 ->>>>>>>>>>>>46 ubyte <32 ->>>>>>>>>>>>>46 ubyte >0 +>>>>>>>>>>45 ubeshort <0x0C20 +>>>>>>>>>>>45 ubyte >0 +>>>>>>>>>>>>46 ubyte <32 +>>>>>>>>>>>>>46 ubyte >0 #!:mime application/x-mdx >>>>>>>>>>>>>>0 use xbase-type >>>>>>>>>>>>>>0 ubyte x \b MDX @@ -236,11 +236,11 @@ # 2nd tag name #>>>>>>>>>>>>(26.b+548) string x \b, 2nd tag "%.11s" # -# Print the xBase names of different version variants +# Print the xBase names of different version variants 0 name xbase-type ->0 ubyte <2 +>0 ubyte <2 # 1 < version ->0 ubyte >1 +>0 ubyte >1 >>0 ubyte 0x02 FoxBase # FoxBase+/dBaseIII+, no memo >>0 ubyte 0x03 FoxBase+/dBase III @@ -293,7 +293,7 @@ # dBASE IV with SQL table, with memo .DBT >>0 ubyte 0xCB dBase IV with SQL table, with memo .DBT !:mime application/x-dbf -# HiPer-Six format;Clipper SIX, with SMT memo file +# HiPer-Six format;Clipper SIX, with SMT memo file >>0 ubyte 0xE5 Clipper SIX with memo !:mime application/x-dbf # http://msdn.microsoft.com/en-US/library/st4a0s68(v=vs.80).aspx @@ -318,12 +318,12 @@ # test and print the date of xBase .DBF .MDX 0 name xbase-date # inspect YYMMDD , where 1<= MM <= 12 and 1<= DD <= 31 ->0 ubelong x ->1 ubyte <13 ->>1 ubyte >0 ->>>2 ubyte >0 ->>>>2 ubyte <32 ->>>>>0 ubyte x +>0 ubelong x +>1 ubyte <13 +>>1 ubyte >0 +>>>2 ubyte >0 +>>>>2 ubyte <32 +>>>>>0 ubyte x # YY is interpreted as 20YY or 19YY >>>>>>0 ubyte <100 \b %.2d # YY is interpreted 1900+YY; TODO: display yy or 20yy instead 1YY @@ -333,53 +333,56 @@ # dBase memo files .DBT or .FPT # http://msdn.microsoft.com/en-us/library/8599s21w(v=vs.80).aspx -16 ubyte <4 ->16 ubyte !2 ->>16 ubyte !1 +16 ubyte <4 +>16 ubyte !2 +>>16 ubyte !1 # next free block index is positive ->>>0 ulelong >0 +>>>0 ulelong >0 # skip many JPG. ZIP, BZ2 by test for reserved bytes NULL , 0|2 , 0|1 , low byte of block size ->>>>17 ubelong&0xFFfdFE00 0x00000000 +>>>>17 ubelong&0xFFfdFE00 0x00000000 # skip many RAR by test for low byte 0 ,high byte 0|2|even of block size, 0|a|e|d7 , 0|64h ->>>>>20 ubelong&0xFF01209B 0x00000000 +>>>>>20 ubelong&0xFF01209B 0x00000000 # dBASE III ->>>>>>16 ubyte 3 +>>>>>>16 ubyte 3 # dBASE III DBT >>>>>>>0 use dbase3-memo-print # dBASE III DBT without version, dBASE IV DBT , FoxPro FPT , or many ZIP , DBF garbage ->>>>>>16 ubyte 0 +>>>>>>16 ubyte 0 # unusual dBASE III DBT like angest.dbt, dBASE IV DBT with block size 0 , FoxPro FPT , or garbage PCX DBF ->>>>>>>20 uleshort 0 +>>>>>>>20 uleshort 0 # FoxPro FPT , unusual dBASE III DBT like biblio.dbt or garbage ->>>>>>>>8 ulong =0 ->>>>>>>>>6 ubeshort >0 +>>>>>>>>8 ulong =0 +>>>>>>>>>6 ubeshort >0 # skip emacs.PIF ->>>>>>>>>>4 ushort 0 +>>>>>>>>>>4 ushort 0 >>>>>>>>>>>0 use foxpro-memo-print # dBASE III DBT , garbage ->>>>>>>>>6 ubeshort 0 +>>>>>>>>>6 ubeshort 0 # skip MM*DD*.bin by test for for reserved NULL byte ->>>>>>>>>>510 ubeshort 0 +>>>>>>>>>>510 ubeshort 0 # skip TK-DOS11.img image by looking for memo text ->>>>>>>>>>>512 ubelong <0xfeffff03 +>>>>>>>>>>>512 ubelong <0xfeffff03 # skip EFI executables by looking for memo text ->>>>>>>>>>>>512 ubelong >0x1F202020 ->>>>>>>>>>>>>513 ubyte >0 +>>>>>>>>>>>>512 ubelong >0x1F202020 +>>>>>>>>>>>>>513 ubyte >0 # unusual dBASE III DBT like adressen.dbt >>>>>>>>>>>>>>0 use dbase3-memo-print # dBASE III DBT like angest.dbt, or garbage PCX DBF ->>>>>>>>8 ubelong !0 +>>>>>>>>8 ubelong !0 # skip PCX and some DBF by test for for reserved NULL bytes ->>>>>>>>>510 ubeshort 0 +>>>>>>>>>510 ubeshort 0 # skip some DBF by test of invalid version ->>>>>>>>>>0 ubyte >5 ->>>>>>>>>>>0 ubyte <48 +>>>>>>>>>>0 ubyte >5 +>>>>>>>>>>>0 ubyte <48 >>>>>>>>>>>>0 use dbase3-memo-print # dBASE IV DBT with positive block size ->>>>>>>20 uleshort >0 ->>>>>>>>0 use dbase4-memo-print +>>>>>>>20 uleshort >0 +# dBASE IV DBT with valid block length like 512, 1024 +# multiple of 2 in between 16 and 16 K ,implies upper and lower bits are zero +>>>>>>>>20 uleshort&0x800f 0 +>>>>>>>>>0 use dbase4-memo-print -# Print the information of dBase III DBT memo file +# Print the information of dBase III DBT memo file 0 name dbase3-memo-print >0 ubyte x dBase III DBT # instead 3 as version number 0 for unusual examples like biblio.dbt @@ -392,18 +395,20 @@ >20 uleshort !0 \b, block length %u # dBase III memo field terminated by \032\032 >512 string >\0 \b, 1st item "%s" -# Print the information of dBase IV DBT memo file +# Print the information of dBase IV DBT memo file 0 name dbase4-memo-print >0 lelong x dBase IV DBT +!:mime application/x-dbt +!:ext dbt # 8 character shorted main name of coresponding dBASE IV DBF file ->8 ubelong >0x20000000 +>8 ubelong >0x20000000 # skip unusual like for angest.dbt ->>20 uleshort >0 +>>20 uleshort >0 >>>8 string >\0 \b of %-.8s.DBF # value 0 implies 512 as size #>4 ulelong =0 \b, blocks size %u # size of blocks not reliable like 0x2020204C in angest.dbt ->4 ulelong !0 +>4 ulelong !0 >>4 ulelong&0x0000003f 0 \b, blocks size %u # dBase IV DBT with positive block length (found 512 , 1024) >20 uleshort >0 \b, block length %u @@ -410,25 +415,25 @@ # next available block #>0 lelong =0 \b, next free block index %u >0 lelong !0 \b, next free block index %u ->20 uleshort >0 ->>(20.s) ubelong x +>20 uleshort >0 +>>(20.s) ubelong x >>>&-4 use dbase4-memofield-print # unusual dBase IV DBT without block length (implies 512 as length) ->20 uleshort =0 ->>512 ubelong x +>20 uleshort =0 +>>512 ubelong x >>>&-4 use dbase4-memofield-print -# Print the information of dBase IV memo field +# Print the information of dBase IV memo field 0 name dbase4-memofield-print # free dBase IV memo field ->0 ubelong !0xFFFF0800 +>0 ubelong !0xFFFF0800 >>0 lelong x \b, next free block %u >>4 lelong x \b, next used block %u # used dBase IV memo field ->0 ubelong =0xFFFF0800 +>0 ubelong =0xFFFF0800 # length of memo field >>4 lelong x \b, field length %d >>>8 string >\0 \b, 1st used item "%s" -# Print the information of FoxPro FPT memo file +# Print the information of FoxPro FPT memo file 0 name foxpro-memo-print >0 belong x FoxPro FPT # Size of blocks for FoxPro ( 64,256 ) @@ -436,14 +441,14 @@ # next available block #>0 belong =0 \b, next free block index %u >0 belong !0 \b, next free block index %u -# field type ( 0~picture, 1~memo, 2~object ) +# field type ( 0~picture, 1~memo, 2~object ) >512 ubelong <3 \b, field type %u # length of memo field ->512 ubelong 1 +>512 ubelong 1 >>516 belong >0 \b, field length %d >>>520 string >\0 \b, 1st item "%s" -# TODO: +# TODO: # DBASE index file *.NDX # DBASE Compound Index file *.CDX # dBASE IV Printer Driver *.PRF @@ -455,6 +460,52 @@ 4 string Standard\ ACE\ DB Microsoft Access Database !:mime application/x-msaccess +# From: Joerg Jenderek +# URL: http://fileformats.archiveteam.org/wiki/Extensible_Storage_Engine +# Reference: https://github.com/libyal/libesedb/archive/master.zip +# libesedb-master/documentation/ +# Extensible Storage Engine (ESE) Database File (EDB) format.asciidoc +# Note: also known as "JET Blue". Used by numerous Windows components such as +# Windows Search, Mail, Exchange and Active Directory. +4 ubelong 0xefcdab89 +# unknown1 +>132 ubelong 0 Extensible storage engine +!:mime application/x-ms-ese +# file_type 0~database 1~stream +>>12 ulelong 0 DataBase +# Security DataBase (sdb) +!:ext edb/sdb +>>12 ulelong 1 STreaMing +!:ext stm +# format_version 620h +>>8 uleshort x \b, version 0x%x +>>10 uleshort >0 revision 0x%4.4x +>>0 ubelong x \b, checksum 0x%8.8x +# Page size 4096 8192 32768 +>>236 ulequad x \b, page size %lld +# database_state +>>52 ulelong 1 \b, JustCreated +>>52 ulelong 2 \b, DirtyShutdown +#>>52 ulelong 3 \b, CleanShutdown +>>52 ulelong 4 \b, BeingConverted +>>52 ulelong 5 \b, ForceDetach +# Windows NT major version when the databases indexes were updated. +>>216 ulelong x \b, Windows version %d +# Windows NT minor version +>>220 ulelong x \b.%d + +# From: Joerg Jenderek +# URL: http://forensicswiki.org/wiki/Windows_Application_Compatibility +# Note: files contain application compatibility fixes, application compatibility modes and application help messages. +8 string sdbf +>7 ubyte 0 +# TAG_TYPE_LIST+TAG_INDEXES +>>12 uleshort 0x7802 Windows application compatibility Shim DataBase +# version? 2 3 +#>>>0 ulelong x \b, version %d +!:mime application/x-ms-sdb +!:ext sdb + # TDB database from Samba et al - Martin Pool 0 string TDB\ file TDB database >32 lelong 0x2601196D version 6, little-endian @@ -545,3 +596,39 @@ # Hopper (reverse engineering tool) http://www.hopperapp.com/ 0 string hopperdb Hopper database +# URL: https://en.wikipedia.org/wiki/Panorama_(database_engine) +# Reference: http://www.provue.com/Panorama/ +# From: Joerg Jenderek +# NOTE: test only versions 4 and 6.0 with Windows +# length of Panorama database name +5 ubyte >0 +# look after database name for "some" null bits +>(5.B+7) ubelong&0xF3ffF000 0 +# look for first keyword +>>&1 search/2 DESIGN Panorama database +#!:mime application/x-panorama-database +!:apple KASXZEPD +!:ext pan +# database name +>>>5 pstring x \b, "%s" + +# +# +# askSam Database by Stefan A. Haubenthal +0 string askw40\0 askSam DB + +# +# +# MUIbase Database Tool by Stefan A. Haubenthal +0 string MBSTV\040 MUIbase DB +>6 string x version %s + +# +# CDB database +0 string NBCDB\012 NetBSD Constant Database +>7 byte x \b, version %d +>8 string x \b, for '%s' +>24 lelong x \b, datasize %d +>28 lelong x \b, entries %d +>32 lelong x \b, index %d +>36 lelong x \b, seed %#x --- contrib/file/magic/Magdir/der.orig +++ contrib/file/magic/Magdir/der @@ -0,0 +1,116 @@ +#------------------------------------------------------------------------------ +# $File: der,v 1.2 2017/03/17 21:35:28 christos Exp $ +# der: file(1) magic for DER encoded files +# + +# Certificate information piece +0 name certinfo +>0 der seq +>>&0 der set +>>>&0 der seq +>>>>&0 der obj_id3=550406 +>>>>&0 der prt_str=x \b, countryName=%s +>>&0 der set +>>>&0 der seq +>>>>&0 der obj_id3=550408 +>>>>&0 der utf8_str=x \b, stateOrProvinceName=%s +>>&0 der set +>>>&0 der seq +>>>>&0 der obj_id3=55040a +>>>>&0 der utf8_str=x \b, organizationName=%s +>>&0 der set +>>>&0 der seq +>>>>&0 der obj_id3=550403 +>>>>&0 der utf8_str=x \b, commonName=%s +>>&0 der seq + +# Certificate requests +0 der seq +>&0 der seq +>>&0 der int1=00 DER Encoded Certificate request +>>&0 use certinfo + +# Key Pairs +0 der seq +>&0 der int1=00 +>&0 der int65=x +>&0 der int3=010001 DER Encoded Key Pair, 512 bits + +0 der seq +>&0 der int1=00 +>&0 der int129=x +>&0 der int3=010001 DER Encoded Key Pair, 1024 bits + +0 der seq +>&0 der int1=00 +>&0 der int257=x +>&0 der int3=010001 DER Encoded Key Pair, 2048 bits + +0 der seq +>&0 der int1=00 +>&0 der int513=x +>&0 der int3=010001 DER Encoded Key Pair, 4096 bits + +0 der seq +>&0 der int1=00 +>&0 der int1025=x +>&0 der int3=010001 DER Encoded Key Pair, 8192 bits + +0 der seq +>&0 der int1=00 +>&0 der int2049=x +>&0 der int3=010001 DER Encoded Key Pair, 16k bits + +0 der seq +>&0 der int1=00 +>&0 der int4097=x +>&0 der int3=010001 DER Encoded Key Pair, 32k bits + +# Certificates +0 der seq +>&0 der seq +>>&0 der int2=0dfa DER Encoded Certificate, 512 bits +>>&0 der int2=0dfb DER Encoded Certificate, 1024 bits +>>&0 der int2=0dfc DER Encoded Certificate, 2048 bits +>>&0 der int2=0dfd DER Encoded Certificate, 4096 bits +>>&0 der int2=0dfe DER Encoded Certificate, 8192 bits +>>&0 der int2=0dff DER Encoded Certificate, 16k bits +>>&0 der int2=0e04 DER Encoded Certificate, 32k bits +>>&0 der int2=x DER Encoded Certificate, ? bits (%s) +>>&0 der seq +>>>&0 der obj_id9=2a864886f70d010105 \b, sha1WithRSAEncryption +>>>&0 der obj_id9=x \b, ? Encryption (%s) +>>>&0 der null +>>&0 der seq +>>>&0 der set +>>>>&0 der seq +>>>>>&0 der obj_id3=550406 +>>>>>&0 der prt_str=x \b, countryName=%s +>>>&0 der set +>>>>&0 der seq +>>>>>&0 der obj_id3=550408 +>>>>>&0 der prt_str=x \b, stateOrProvinceName=%s +>>>&0 der set +>>>>&0 der seq +>>>>>&0 der obj_id3=550407 +>>>>>&0 der prt_str=x \b, localityName=%s +>>>&0 der set +>>>>&0 der seq +>>>>>&0 der obj_id3=55040a +>>>>>&0 der prt_str=x \b, organizationName=%s +>>>&0 der set +>>>>&0 der seq +>>>>>&0 der obj_id3=55040b +>>>>>&0 der prt_str=x \b, organizationUnitName=%s +>>>&0 der set +>>>>&0 der seq +>>>>>&0 der obj_id3=550403 +>>>>>&0 der prt_str=x \b, commonName=%s +>>>&0 der set +>>>>&0 der seq +>>>>>&0 der obj_id9=2a864886f70d010901 +>>>>>&0 der ia5_str=x \b, emailAddress=%s +>>&0 der seq +>>>&0 der utc_time=x \b, utcTime=%s +>>>&0 der utc_time=x \b, utcTime=%s +>>&0 use certinfo --- contrib/file/magic/Magdir/diff.orig +++ contrib/file/magic/Magdir/diff @@ -1,15 +1,15 @@ #------------------------------------------------------------------------------ -# $File: diff,v 1.14 2012/09/16 23:08:54 christos Exp $ +# $File: diff,v 1.16 2017/03/17 22:20:22 christos Exp $ # diff: file(1) magic for diff(1) output # -0 search/1 diff\ diff output text +0 search/1 diff\040 diff output text !:mime text/x-diff -0 search/1 ***\ diff output text +0 search/1 ***\040 diff output text !:mime text/x-diff -0 search/1 Only\ in\ diff output text +0 search/1 Only\040in\040 diff output text !:mime text/x-diff -0 search/1 Common\ subdirectories:\ diff output text +0 search/1 Common\040subdirectories:\040 diff output text !:mime text/x-diff 0 search/1 Index: RCS/CVS diff output text @@ -20,9 +20,9 @@ # unified diff -0 search/4096 ---\ +0 search/4096 ---\040 >&0 search/1024 \n ->>&0 search/1 +++\ +>>&0 search/1 +++\040 >>>&0 search/1024 \n >>>>&0 search/1 @@ unified diff output text !:mime text/x-diff --- contrib/file/magic/Magdir/dolby.orig +++ contrib/file/magic/Magdir/dolby @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: dolby,v 1.7 2014/01/08 22:37:23 christos Exp $ +# $File: dolby,v 1.8 2017/03/17 21:35:28 christos Exp $ # ATSC A/53 aka AC-3 aka Dolby Digital # from http://www.atsc.org/standards/a_52a.pdf # corrections, additions, etc. are always welcome! @@ -23,7 +23,7 @@ >5 byte&0x07 = 0x04 \b, dialogue (D) >5 byte&0x07 = 0x05 \b, commentary (C) >5 byte&0x07 = 0x06 \b, emergency (E) ->5 beshort&0x07e0 0x0720 \b, voiceover (VO) +>5 beshort&0x07e0 0x0720 \b, voiceover (VO) >5 beshort&0x07e0 >0x0720 \b, karaoke # acmod >6 byte&0xe0 = 0x00 1+1 front, --- contrib/file/magic/Magdir/dump.orig +++ contrib/file/magic/Magdir/dump @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: dump,v 1.13 2014/04/30 21:41:02 christos Exp $ +# $File: dump,v 1.16 2017/07/22 19:21:02 christos Exp $ # dump: file(1) magic for dump file format--for new and old dump filesystems # # We specify both byte orders in order to recognize byte-swapped dumps. @@ -62,23 +62,25 @@ >824 string >\0 Host %s, >888 belong >0 Flags %x -24 belong 60012 new-fs dump file (big endian), +24 belong 60012 new-fs dump file (big endian), >0 use new-dump-be -24 belong 60011 old-fs dump file (big endian), +24 belong 60011 old-fs dump file (big endian), >0 use old-dump-be -24 lelong 60012 new-fs dump file (little endian), +24 lelong 60012 new-fs dump file (little endian), +# to correctly recognize '*.mo' GNU message catalog (little endian) +!:strength - 15 >0 use \^new-dump-be -24 lelong 60011 old-fs dump file (little endian), +24 lelong 60011 old-fs dump file (little endian), >0 use \^old-dump-be -24 belong 0x19540119 new-fs dump file (ufs2, big endian), +24 belong 0x19540119 new-fs dump file (ufs2, big endian), >0 use ufs2-dump-be -24 lelong 0x19540119 new-fs dump file (ufs2, little endian), +24 lelong 0x19540119 new-fs dump file (ufs2, little endian), >0 use \^ufs2-dump-be 18 leshort 60011 old-fs dump file (16-bit, assuming PDP-11 endianness), --- contrib/file/magic/Magdir/dyadic.orig +++ contrib/file/magic/Magdir/dyadic @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: dyadic,v 1.7 2015/05/27 18:02:48 christos Exp $ +# $File: dyadic,v 1.8 2017/03/17 21:35:28 christos Exp $ # Dyadic: file(1) magic for Dyalog APL. # # updated by Joerg Jenderek at Oct 2013 @@ -10,9 +10,9 @@ # .DIN Dyalog APL Input Table # .DOT Dyalog APL Output Table # .DFT Dyalog APL Format File -0 ubeshort&0xFF60 0xaa00 +0 ubeshort&0xFF60 0xaa00 # skip biblio.dbt ->1 byte !4 +>1 byte !4 # real Dyalog APL have non zero version numbers like 7.3 or 13.4 >>2 ubeshort >0x0000 Dyalog APL >>>1 byte 0x00 aplcore --- contrib/file/magic/Magdir/editors.orig +++ contrib/file/magic/Magdir/editors @@ -1,7 +1,7 @@ #------------------------------------------------------------------------------ -# $File: editors,v 1.8 2009/09/19 16:28:09 christos Exp $ -# T602 editor documents +# $File: editors,v 1.11 2017/03/17 21:35:28 christos Exp $ +# T602 editor documents # by David Necas 0 string @CT\ T602 document data, >4 string 0 Kamenicky @@ -9,10 +9,31 @@ >4 string 2 KOI8-CS >4 string >2 unknown encoding -# Vi IMproved Encrypted file +# Vi IMproved Encrypted file # by David Necas 0 string VimCrypt~ Vim encrypted file data + +0 name vimnanoswap +>67 byte 0 +>>107 byte 0 +#>>>2 string x %s swap file +>>>24 ulelong x \b, pid %d +>>>28 string >\0 \b, user %s +>>>68 string >\0 \b, host %s +>>>108 string >\0 \b, file %s +>>>1007 byte 0x55 \b, modified + # Vi IMproved Swap file # by Sven Wegener -0 string b0VIM\ Vim swap file ->&0 string >\0 \b, version %s +0 string b0VIM\ Vim swap file +>&0 string >\0 \b, version %s +>0 use vimnanoswap + + +# Lock/swap file for several editors, at least +# Vi IMproved and nano +0 string b0nano Nano swap file +>0 use vimnanoswap + +# kate (K Advanced Text Editor) +0 string \x00\x00\x00\x12Kate\ Swap\ File\ 2.0\x00 Kate swap file --- contrib/file/magic/Magdir/elf.orig +++ contrib/file/magic/Magdir/elf @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: elf,v 1.69 2015/06/16 17:23:08 christos Exp $ +# $File: elf,v 1.70 2016/06/02 12:36:30 christos Exp $ # elf: file(1) magic for ELF executables # # We have to check the byte order flag to see what byte order all the @@ -301,25 +301,23 @@ >>0 use elf-le >5 byte 2 MSB >>0 use \^elf-le -# Up to now only 0, 1 and 2 are defined; I've seen a file with 0x83, it seemed -# like proper ELF, but extracting the string had bad results. ->4 byte <0x80 ->>8 string >\0 (%s) ->8 string \0 ->>7 byte 0 (SYSV) ->>7 byte 1 (HP-UX) ->>7 byte 2 (NetBSD) ->>7 byte 3 (GNU/Linux) ->>7 byte 4 (GNU/Hurd) ->>7 byte 5 (86Open) ->>7 byte 6 (Solaris) ->>7 byte 7 (Monterey) ->>7 byte 8 (IRIX) ->>7 byte 9 (FreeBSD) ->>7 byte 10 (Tru64) ->>7 byte 11 (Novell Modesto) ->>7 byte 12 (OpenBSD) ->8 string \2 ->>7 byte 13 (OpenVMS) ->>7 byte 97 (ARM) ->>7 byte 255 (embedded) +>7 byte 0 (SYSV) +>7 byte 1 (HP-UX) +>7 byte 2 (NetBSD) +>7 byte 3 (GNU/Linux) +>7 byte 4 (GNU/Hurd) +>7 byte 5 (86Open) +>7 byte 6 (Solaris) +>7 byte 7 (Monterey) +>7 byte 8 (IRIX) +>7 byte 9 (FreeBSD) +>7 byte 10 (Tru64) +>7 byte 11 (Novell Modesto) +>7 byte 12 (OpenBSD) +>7 byte 13 (OpenVMS) +>7 byte 14 (HP NonStop Kernel) +>7 byte 15 (AROS Research Operating System) +>7 byte 16 (FenixOS) +>7 byte 17 (Nuxi CloudABI) +>7 byte 97 (ARM) +>7 byte 255 (embedded) --- contrib/file/magic/Magdir/filesystems.orig +++ contrib/file/magic/Magdir/filesystems @@ -1,8 +1,8 @@ #------------------------------------------------------------------------------ -# $File: filesystems,v 1.111 2015/09/09 16:26:54 christos Exp $ +# $File: filesystems,v 1.122 2017/07/21 10:34:41 christos Exp $ # filesystems: file(1) magic for different filesystems # -0 name partid +0 name partid >0 ubyte 0x00 Unused >0 ubyte 0x01 12-bit FAT >0 ubyte 0x02 XENIX / @@ -187,7 +187,7 @@ 0 string \366\366\366\366 PC formatted floppy with no filesystem # Sun disk labels # From /usr/include/sun/dklabel.h: -0774 beshort 0xdabe +0774 beshort 0xdabe # modified by Joerg Jenderek, because original test # succeeds for Cabinet archive dao360.dl_ with negative blocks >0770 long >0 Sun disk label @@ -213,30 +213,30 @@ # (http://btmgr.sourceforge.net/docs/user-guide-3.html) 0 string SBMBAKUP_ Smart Boot Manager backup file >9 string x \b, version %-5.5s ->>14 string =_ +>>14 string =_ >>>15 string x %-.1s >>>>16 string =_ \b. >>>>>17 string x \b%-.1s >>>>>>18 string =_ \b. >>>>>>>19 string x \b%-.1s ->>>22 ubyte 0 +>>>22 ubyte 0 >>>>21 ubyte x \b, from drive 0x%x ->>>22 ubyte >0 +>>>22 ubyte >0 >>>>21 string x \b, from drive %s ->>>535 search/17 \x55\xAA ->>>>&-512 indirect x \b; contains +>>>535 search/17 \x55\xAA +>>>>&-512 indirect x \b; contains # updated by Joerg Jenderek at Nov 2012 # DOS Emulator image is 128 byte, null right padded header + harddisc image -0 string DOSEMU\0 ->0x27E leshort 0xAA55 +0 string DOSEMU\0 +>0x27E leshort 0xAA55 #offset is 128 ->>19 ubyte 128 +>>19 ubyte 128 >>>(19.b-1) ubyte 0x0 DOS Emulator image >>>>7 ulelong >0 \b, %u heads >>>>11 ulelong >0 \b, %d sectors/track >>>>15 ulelong >0 \b, %d cylinders ->>>>128 indirect x \b; contains +>>>>128 indirect x \b; contains # added by Joerg Jenderek at Nov 2012 # http://www.thenakedpc.com/articles/v04/08/0408-05.html @@ -243,8 +243,8 @@ # Symantec (Peter Norton) Image.dat file consists of variable header, bootrecord, part of FAT and root directory data 0 string PNCIHISK\0 Norton Utilities disc image data # real x86 boot sector with jump instruction ->509 search/1026 \x55\xAA\xeb ->>&-1 indirect x \b; contains +>509 search/1026 \x55\xAA\xeb +>>&-1 indirect x \b; contains # http://file-extension.net/seeker/file_extension_dat 0 string PNCIUNDO Norton Disk Doctor UnDo file # @@ -251,12 +251,12 @@ # DOS/MBR boot sector updated by Joerg Jenderek at Sep 2007,May 2011,2013 # for any allowed sector sizes -30 search/481 \x55\xAA +30 search/481 \x55\xAA # to display DOS/MBR boot sector (40) before old one (strength=50+21),Syslinux bootloader (71),SYSLINUX MBR (37+36),NetBSD mbr (110),AdvanceMAME mbr (111) # DOS BPB information (70) and after DOS floppy (120) like in previous file version !:strength +65 # for sector sizes < 512 Bytes ->11 uleshort <512 +>11 uleshort <512 >>(11.s-2) uleshort 0xAA55 DOS/MBR boot sector # for sector sizes with 512 or more Bytes >0x1FE leshort 0xAA55 DOS/MBR boot sector @@ -270,18 +270,18 @@ >2 string OSBS OS/BS MBR # added by Joerg Jenderek at Feb 2013 according to http://thestarman.pcministry.com/asm/mbr/ # and http://en.wikipedia.org/wiki/Master_Boot_Record -# test for nearly all MS-DOS Master Boot Record initial program loader (IPL) is now done by +# test for nearly all MS-DOS Master Boot Record initial program loader (IPL) is now done by # characteristic assembler instructions: xor ax,ax;mov ss,ax;mov sp,7c00 >0 search/2 \x33\xc0\x8e\xd0\xbc\x00\x7c MS-MBR # Microsoft Windows 95A and early ( http://thestarman.pcministry.com/asm/mbr/STDMBR.htm ) # assembler instructions: mov si,sp;push ax;pop es;push ax;pop ds;sti;cld ->>8 ubequad 0x8bf45007501ffbfc +>>8 ubequad 0x8bf45007501ffbfc # http://thestarman.pcministry.com/asm/mbr/200MBR.htm >>>0x16 ubyte 0xF3 \b,DOS 2 >>>>219 regex Author\ -\ Author: # found "David Litton" , "A Pehrsson " >>>>>&0 string x "%s" ->>>0x16 ubyte 0xF2 +>>>0x16 ubyte 0xF2 # NEC MS-DOS 3.30 Rev. 3 . See http://thestarman.pcministry.com/asm/mbr/DOS33MBR.htm # assembler instructions: mov di,077c;cmp word ptrl[di],a55a;jnz >>>>0x22 ubequad 0xbf7c07813d5aa575 \b,NEC 3.3 @@ -316,7 +316,7 @@ >>>>>>(0x79.b) string >\0 "%s" # Microsoft Windows 95B to XP (http://thestarman.pcministry.com/asm/mbr/95BMEMBR.htm) # assembler instructions: push ax;pop es;push ax;pop ds;cld;mov si,7c1b ->>8 ubequad 0x5007501ffcbe1b7c +>>8 ubequad 0x5007501ffcbe1b7c # assembler instructions: rep;movsb;retf;mov si,07be;mov cl,04 >>>24 ubequad 0xf3a4cbbebe07b104 9M # "Invalid partition table" nn=0x10F for english version @@ -361,7 +361,7 @@ >>>>(0x1b7.b+0x100) string >\0 "%s" # Microsoft Windows Vista or 7 # assembler instructions: ..;mov ds,ax;mov si,7c00;mov di,..00 ->>8 ubequad 0xc08ed8be007cbf00 +>>8 ubequad 0xc08ed8be007cbf00 # Microsoft Windows Vista (http://thestarman.pcministry.com/asm/mbr/VistaMBR.htm) # assembler instructions: jnz 0729;cmp ebx,"TCPA" >>>0xEC ubequad 0x753b6681fb544350 Vista @@ -402,38 +402,38 @@ # http://en.wikipedia.org/wiki/MBR_disk_signature#ID >>0x1b8 ulelong >0 \b, disk signature 0x%-.4x # driveID/timestamp for Win 95B,98,98SE and ME. See http://thestarman.pcministry.com/asm/mbr/mystery.htm ->>0xDA uleshort 0 +>>0xDA uleshort 0 >>>0xDC ulelong >0 \b, created # physical drive number (0x80-0xFF) when the Windows wrote that byte to the drive >>>>0xDC ubyte x with driveID 0x%x -# hours, minutes and seconds +# hours, minutes and seconds >>>>0xDf ubyte x at %x >>>>0xDe ubyte x \b:%x >>>>0xDd ubyte x \b:%x # special case for Microsoft MS-DOS 3.21 spanish -# assembler instructions: cli;mov $0x30,%ax;mov %ax,%ss;mov ->0 ubequad 0xfab830008ed0bc00 -# assembler instructions: $0x1f00,%sp;mov $0x80cb,%di;add %cl,(%bx,%si);in (%dx),%ax;mov +# assembler instructions: cli;mov $0x30,%ax;mov %ax,%ss;mov +>0 ubequad 0xfab830008ed0bc00 +# assembler instructions: $0x1f00,%sp;mov $0x80cb,%di;add %cl,(%bx,%si);in (%dx),%ax;mov >>8 ubequad 0x1fbfcb800008ed8 MS-MBR,D0S version 3.21 spanish # Microsoft MBR IPL end # dr-dos with some upper-, lowercase variants ->0x9D string Invalid\ partition\ table$ ->>181 string No\ Operating\ System$ +>0x9D string Invalid\ partition\ table$ +>>181 string No\ Operating\ System$ >>>201 string Operating\ System\ load\ error$ \b, DR-DOS MBR, Version 7.01 to 7.03 ->0x9D string Invalid\ partition\ table$ ->>181 string No\ operating\ system$ +>0x9D string Invalid\ partition\ table$ +>>181 string No\ operating\ system$ >>>201 string Operating\ system\ load\ error$ \b, DR-DOS MBR, Version 7.01 to 7.03 ->342 string Invalid\ partition\ table$ ->>366 string No\ operating\ system$ +>342 string Invalid\ partition\ table$ +>>366 string No\ operating\ system$ >>>386 string Operating\ system\ load\ error$ \b, DR-DOS MBR, version 7.01 to 7.03 ->295 string NEWLDR\0 ->>302 string Bad\ PT\ $ ->>>310 string No\ OS\ $ ->>>>317 string OS\ load\ err$ ->>>>>329 string Moved\ or\ missing\ IBMBIO.LDR\n\r ->>>>>>358 string Press\ any\ key\ to\ continue.\n\r$ ->>>>>>>387 string Copyright\ (c)\ 1984,1998 +>295 string NEWLDR\0 +>>302 string Bad\ PT\ $ +>>>310 string No\ OS\ $ +>>>>317 string OS\ load\ err$ +>>>>>329 string Moved\ or\ missing\ IBMBIO.LDR\n\r +>>>>>>358 string Press\ any\ key\ to\ continue.\n\r$ +>>>>>>>387 string Copyright\ (c)\ 1984,1998 >>>>>>>>411 string Caldera\ Inc.\0 \b, DR-DOS MBR (IBMBIO.LDR) # # tests for different MS-DOS Master Boot Records (MBR) moved and merged @@ -441,15 +441,15 @@ #>0x145 string Default:\ F \b, FREE-DOS MBR #>0x14B string Default:\ F \b, FREE-DOS 1.0 MBR >0x145 search/7 Default:\ F \b, FREE-DOS MBR -#>>313 string F0\ .\ .\ . -#>>>322 string disk\ 1 -#>>>>382 string FAT3 ->64 string no\ active\ partition\ found +#>>313 string F0\ .\ .\ . +#>>>322 string disk\ 1 +#>>>>382 string FAT3 +>64 string no\ active\ partition\ found >>96 string read\ error\ while\ reading\ drive \b, FREE-DOS Beta 0.9 MBR # Ranish Partition Manager http://www.ranish.com/part/ ->387 search/4 \0\ Error!\r ->>378 search/7 Virus! ->>>397 search/4 Booting\ +>387 search/4 \0\ Error!\r +>>378 search/7 Virus! +>>>397 search/4 Booting\040 >>>>408 search/4 HD1/\0 \b, Ranish MBR ( >>>>>416 string Writing\ changes... \b2.37 >>>>>>438 ubyte x \b,0x%x dots @@ -466,23 +466,23 @@ # # SYSLINUX MBR moved # http://www.acronis.de/ ->362 string MBR\ Error\ \0\r ->>376 string ress\ any\ key\ to\ +>362 string MBR\ Error\ \0\r +>>376 string ress\ any\ key\ to\040 >>>392 string boot\ from\ floppy...\0 \b, Acronis MBR # added by Joerg Jenderek # http://www.visopsys.org/ # http://partitionlogic.org.uk/ ->309 string No\ bootable\ partition\ found\r +>309 string No\ bootable\ partition\ found\r >>339 string I/O\ Error\ reading\ boot\ sector\r \b, Visopsys MBR ->349 string No\ bootable\ partition\ found\r +>349 string No\ bootable\ partition\ found\r >>379 string I/O\ Error\ reading\ boot\ sector\r \b, simple Visopsys MBR # bootloader, bootmanager ->0x40 string SBML +>0x40 string SBML # label with 11 characters of FAT 12 bit filesystem ->>43 string SMART\ BTMGR +>>43 string SMART\ BTMGR >>>430 string SBMK\ Bad!\r \b, Smart Boot Manager # OEM-ID not always "SBM" -#>>>>3 strings SBM +#>>>>3 strings SBM >>>>6 string >\0 \b, version %s >382 string XOSLLOADXCF \b, eXtended Operating System Loader >6 string LILO \b, LInux i386 boot LOader @@ -492,11 +492,11 @@ # variables according to grub-0.97/stage1/stage1.S or # http://www.gnu.org/software/grub/manual/grub.html#Embedded-data # usual values are marked with comments to get only informations of strange GRUB loaders ->342 search/60 \0Geom\0 +>342 search/60 \0Geom\0 #>0 ulelong x %x=0x009048EB , 0x2a9048EB 0 ->>0x41 ubyte <2 +>>0x41 ubyte <2 >>>0x3E ubyte >2 \b; GRand Unified Bootloader -# 0x3 for 0.5.95,0.93,0.94,0.96 0x4 for 1.90 +# 0x3 for 0.5.95,0.93,0.94,0.96 0x4 for 1.90 >>>>0x3E ubyte x \b, stage1 version 0x%x #If it is 0xFF, use a drive passed by BIOS >>>>0x40 ubyte <0xFF \b, boot drive 0x%x @@ -521,7 +521,7 @@ >>>>391 string Geom\0Hard\ Disk\0Read\0\ Error\0 >>>>>385 string GRUB\ \0 \b, GRUB version 0.97 # unknown version ->>>343 string Geom\0Read\0\ Error\0 +>>>343 string Geom\0Read\0\ Error\0 >>>>321 string Loading\ stage1.5 \b, GRUB version x.y >>>380 string Geom\0Hard\ Disk\0Read\0\ Error\0 >>>>374 string GRUB\ \0 \b, GRUB version n.m @@ -528,39 +528,37 @@ # SYSLINUX bootloader moved >395 string chksum\0\ ERROR!\0 \b, Gujin bootloader # http://www.bcdwb.de/bcdw/index_e.htm ->3 string BCDL +>3 string BCDL >>498 string BCDL\ \ \ \ BIN \b, Bootable CD Loader (1.50Z) # mbr partition table entries updated by Joerg Jenderek at Sep 2013 # skip Norton Utilities disc image data ->3 string !IHISK +>3 string !IHISK # skip Linux style boot sector starting with assember instructions mov 0x7c0,ax; ->>0 belong !0xb8c0078e -# not Linux kernel ->>>514 string !HdrS +>>0 belong !0xb8c0078e +# not Linux kernel +>>>514 string !HdrS # not BeOS ->>>>422 string !Be\ Boot\ Loader ->>>>>32769 string CD001 ->>>>>>0 use cdrom -# jump over BPB instruction implies DOS bootsector or AdvanceMAME mbr ->>>>>0 ubelong&0xFD000000 =0xE9000000 +>>>>422 string !Be\ Boot\ Loader +# jump over BPB instruction implies DOS bootsector or AdvanceMAME mbr +>>>>>0 ubelong&0xFD000000 =0xE9000000 # AdvanceMAME mbr ->>>>>>(1.b+2) ubequad 0xfa31c08ed88ec08e +>>>>>>(1.b+2) ubequad 0xfa31c08ed88ec08e >>>>>>>446 use partition-table # mbr, Norton Utilities disc image data, or 2nd,etc. sector of x86 bootloader ->>>>>0 ubelong&0xFD000000 !0xE9000000 +>>>>>0 ubelong&0xFD000000 !0xE9000000 # skip FSInfosector ->>>>>>0 string !RRaA +>>>>>>0 string !RRaA # skip 3rd sector of MS x86 bootloader with assember instructions cli;MOVZX EAX,BYTE PTR [BP+10];MOV ECX, # http://thestarman.pcministry.com/asm/mbr/MSWIN41.htm ->>>>>>>0 ubequad !0xfa660fb64610668b +>>>>>>>0 ubequad !0xfa660fb64610668b # skip 13rd sector of MS x86 bootloader ->>>>>>>>0 ubequad !0x660fb64610668b4e +>>>>>>>>0 ubequad !0x660fb64610668b4e # skip sector starting with DOS new line ->>>>>>>>>0 string !\r\n +>>>>>>>>>0 string !\r\n # allowed active flag 0,80h-FFh ->>>>>>>>>>446 ubyte 0 +>>>>>>>>>>446 ubyte 0 >>>>>>>>>>>446 use partition-table ->>>>>>>>>>446 ubyte >0x7F +>>>>>>>>>>446 ubyte >0x7F >>>>>>>>>>>446 use partition-table # TODO: test for extended bootrecord (ebr) moved and merged with mbr partition table entries # mbr partition table entries end @@ -567,328 +565,328 @@ # http://www.acronis.de/ #FAT label=ACRONIS\ SZ #OEM-ID=BOOTWIZ0 ->442 string Non-system\ disk,\ +>442 string Non-system\ disk,\040 >>459 string press\ any\ key...\x7\0 \b, Acronis Startup Recovery Loader # updated by Joerg Jenderek at Nov 2012, Sep 2013 # DOS names like F11.SYS or BOOTWIZ.SYS are 8 right space padded bytes+3 bytes # display 1 space ->>>447 ubyte x \b +>>>447 ubyte x \b >>>477 use DOS-filename # ->185 string FDBOOT\ Version\ ->>204 string \rNo\ Systemdisk.\ ->>>220 string Booting\ from\ harddisk.\n\r ->>>245 string Cannot\ load\ from\ harddisk.\n\r ->>>>273 string Insert\ Systemdisk\ +>185 string FDBOOT\ Version\040 +>>204 string \rNo\ Systemdisk.\040 +>>>220 string Booting\ from\ harddisk.\n\r +>>>245 string Cannot\ load\ from\ harddisk.\n\r +>>>>273 string Insert\ Systemdisk\040 >>>>>291 string and\ press\ any\ key.\n\r \b, FDBOOT harddisk Bootloader >>>>>>200 string >\0 \b, version %-3s ->242 string Bootsector\ from\ C.H.\ Hochst\204 +>242 string Bootsector\ from\ C.H.\ Hochst\204 # http://freecode.com/projects/dosfstools dosfstools-n.m/src/mkdosfs.c # updated by Joerg Jenderek at Nov 2012. Use search directive with offset instead of string # skip name "C.H. Hochstaetter" partly because it is sometimes written without umlaut ->242 search/127 Bootsector\ from\ C.H.\ Hochst ->>278 search/127 No\ Systemdisk.\ Booting\ from\ harddisk +>242 search/127 Bootsector\ from\ C.H.\ Hochst +>>278 search/127 No\ Systemdisk.\ Booting\ from\ harddisk # followed by variants with point,CR-NL or NL-CR ->>>208 search/261 Cannot\ load\ from\ harddisk. +>>>208 search/261 Cannot\ load\ from\ harddisk. # followed by variants CR-NL or NL-CR ->>>>236 search/235 Insert\ Systemdisk\ and\ press\ any\ key. +>>>>236 search/235 Insert\ Systemdisk\ and\ press\ any\ key. # followed by variants with point,CR-NL or NL-CR >>>>>180 search/96 Disk\ formatted\ with\ WinImage\ \b, WinImage harddisk Bootloader # followed by string like "6.50 (c) 1993-2004 Gilles Vollant" >>>>>>&0 string x \b, version %-4.4s ->(1.b+2) ubyte 0xe ->>(1.b+3) ubyte 0x1f ->>>(1.b+4) ubyte 0xbe +>(1.b+2) ubyte 0xe +>>(1.b+3) ubyte 0x1f +>>>(1.b+4) ubyte 0xbe # message offset found at (1.b+5) is 0x77 for FAT32 or 0x5b for others ->>>>(1.b+5) ubyte&0xd3 0x53 ->>>>>(1.b+6) ubyte 0x7c +>>>>(1.b+5) ubyte&0xd3 0x53 +>>>>>(1.b+6) ubyte 0x7c # assembler instructions: lodsb;and al,al;jz 0xb;push si;mov ah, ->>>>>>(1.b+7) ubyte 0xac ->>>>>>>(1.b+8) ubyte 0x22 ->>>>>>>>(1.b+9) ubyte 0xc0 ->>>>>>>>>(1.b+10) ubyte 0x74 ->>>>>>>>>>(1.b+11) ubyte 0x0b ->>>>>>>>>>>(1.b+12) ubyte 0x56 +>>>>>>(1.b+7) ubyte 0xac +>>>>>>>(1.b+8) ubyte 0x22 +>>>>>>>>(1.b+9) ubyte 0xc0 +>>>>>>>>>(1.b+10) ubyte 0x74 +>>>>>>>>>>(1.b+11) ubyte 0x0b +>>>>>>>>>>>(1.b+12) ubyte 0x56 >>>>>>>>>>>>(1.b+13) ubyte 0xb4 \b, mkdosfs boot message display # FAT1X version ->>>>>>>>>>>>>(1.b+5) ubyte 0x5b +>>>>>>>>>>>>>(1.b+5) ubyte 0x5b >>>>>>>>>>>>>>0x5b string >\0 "%-s" # FAT32 version ->>>>>>>>>>>>>(1.b+5) ubyte 0x77 +>>>>>>>>>>>>>(1.b+5) ubyte 0x77 >>>>>>>>>>>>>>0x77 string >\0 "%-s" >214 string Please\ try\ to\ install\ FreeDOS\ \b, DOS Emulator boot message display -#>>244 string from\ dosemu-freedos-*-bin.tgz\r -#>>>170 string Sorry,\ could\ not\ load\ an\ -#>>>>195 string operating\ system.\r\n +#>>244 string from\ dosemu-freedos-*-bin.tgz\r +#>>>170 string Sorry,\ could\ not\ load\ an\040 +#>>>>195 string operating\ system.\r\n # ->103 string This\ is\ not\ a\ bootable\ disk.\ ->>132 string Please\ insert\ a\ bootable\ ->>>157 string floppy\ and\r\n +>103 string This\ is\ not\ a\ bootable\ disk.\040 +>>132 string Please\ insert\ a\ bootable\040 +>>>157 string floppy\ and\r\n >>>>169 string press\ any\ key\ to\ try\ again...\r \b, FREE-DOS message display # ->66 string Solaris\ Boot\ Sector ->>99 string Incomplete\ MDBoot\ load. +>66 string Solaris\ Boot\ Sector +>>99 string Incomplete\ MDBoot\ load. >>>89 string Version \b, Sun Solaris Bootloader >>>>97 byte x version %c # ->408 string OS/2\ !!\ SYS01475\r\0 ->>429 string OS/2\ !!\ SYS02025\r\0 ->>>450 string OS/2\ !!\ SYS02027\r\0 +>408 string OS/2\ !!\ SYS01475\r\0 +>>429 string OS/2\ !!\ SYS02025\r\0 +>>>450 string OS/2\ !!\ SYS02027\r\0 >>>469 string OS2BOOT\ \ \ \ \b, IBM OS/2 Warp bootloader # ->409 string OS/2\ !!\ SYS01475\r\0 ->>430 string OS/2\ !!\ SYS02025\r\0 ->>>451 string OS/2\ !!\ SYS02027\r\0 +>409 string OS/2\ !!\ SYS01475\r\0 +>>430 string OS/2\ !!\ SYS02025\r\0 +>>>451 string OS/2\ !!\ SYS02027\r\0 >>>470 string OS2BOOT\ \ \ \ \b, IBM OS/2 Warp Bootloader ->112 string This\ disk\ is\ not\ bootable\r ->>142 string If\ you\ wish\ to\ make\ it\ bootable ->>>176 string run\ the\ DOS\ program\ SYS\ ->>>200 string after\ the\r ->>>>216 string system\ has\ been\ loaded\r\n ->>>>>242 string Please\ insert\ a\ DOS\ diskette\ ->>>>>271 string into\r\n\ the\ drive\ and\ +>112 string This\ disk\ is\ not\ bootable\r +>>142 string If\ you\ wish\ to\ make\ it\ bootable +>>>176 string run\ the\ DOS\ program\ SYS\040 +>>>200 string after\ the\r +>>>>216 string system\ has\ been\ loaded\r\n +>>>>>242 string Please\ insert\ a\ DOS\ diskette\040 +>>>>>271 string into\r\n\ the\ drive\ and\040 >>>>>>292 string strike\ any\ key...\0 \b, IBM OS/2 Warp message display # XP ->430 string NTLDR\ is\ missing\xFF\r\n ->>449 string Disk\ error\xFF\r\n +>430 string NTLDR\ is\ missing\xFF\r\n +>>449 string Disk\ error\xFF\r\n >>>462 string Press\ any\ key\ to\ restart\r \b, Microsoft Windows XP Bootloader # DOS names like NTLDR,CMLDR,$LDR$ are 8 right space padded bytes+3 bytes ->>>>417 ubyte&0xDF >0 +>>>>417 ubyte&0xDF >0 >>>>>417 string x %-.5s ->>>>>>422 ubyte&0xDF >0 +>>>>>>422 ubyte&0xDF >0 >>>>>>>422 string x \b%-.3s ->>>>>425 ubyte&0xDF >0 +>>>>>425 ubyte&0xDF >0 >>>>>>425 string >\ \b.%-.3s # ->>>>371 ubyte >0x20 ->>>>>368 ubyte&0xDF >0 +>>>>371 ubyte >0x20 +>>>>>368 ubyte&0xDF >0 >>>>>>368 string x %-.5s ->>>>>>>373 ubyte&0xDF >0 +>>>>>>>373 ubyte&0xDF >0 >>>>>>>>373 string x \b%-.3s ->>>>>>376 ubyte&0xDF >0 +>>>>>>376 ubyte&0xDF >0 >>>>>>>376 string x \b.%-.3s # ->430 string NTLDR\ nicht\ gefunden\xFF\r\n ->>453 string Datentr\204gerfehler\xFF\r\n +>430 string NTLDR\ nicht\ gefunden\xFF\r\n +>>453 string Datentr\204gerfehler\xFF\r\n >>>473 string Neustart\ mit\ beliebiger\ Taste\r \b, Microsoft Windows XP Bootloader (german) ->>>>417 ubyte&0xDF >0 +>>>>417 ubyte&0xDF >0 >>>>>417 string x %-.5s ->>>>>>422 ubyte&0xDF >0 +>>>>>>422 ubyte&0xDF >0 >>>>>>>422 string x \b%-.3s ->>>>>425 ubyte&0xDF >0 +>>>>>425 ubyte&0xDF >0 >>>>>>425 string >\ \b.%-.3s # offset variant ->>>>379 string \0 ->>>>>368 ubyte&0xDF >0 +>>>>379 string \0 +>>>>>368 ubyte&0xDF >0 >>>>>>368 string x %-.5s ->>>>>>>373 ubyte&0xDF >0 +>>>>>>>373 ubyte&0xDF >0 >>>>>>>>373 string x \b%-.3s # ->430 string NTLDR\ fehlt\xFF\r\n ->>444 string Datentr\204gerfehler\xFF\r\n +>430 string NTLDR\ fehlt\xFF\r\n +>>444 string Datentr\204gerfehler\xFF\r\n >>>464 string Neustart\ mit\ beliebiger\ Taste\r \b, Microsoft Windows XP Bootloader (2.german) ->>>>417 ubyte&0xDF >0 +>>>>417 ubyte&0xDF >0 >>>>>417 string x %-.5s ->>>>>>422 ubyte&0xDF >0 +>>>>>>422 ubyte&0xDF >0 >>>>>>>422 string x \b%-.3s ->>>>>425 ubyte&0xDF >0 +>>>>>425 ubyte&0xDF >0 >>>>>>425 string >\ \b.%-.3s # variant ->>>>371 ubyte >0x20 ->>>>>368 ubyte&0xDF >0 +>>>>371 ubyte >0x20 +>>>>>368 ubyte&0xDF >0 >>>>>>368 string x %-.5s ->>>>>>>373 ubyte&0xDF >0 +>>>>>>>373 ubyte&0xDF >0 >>>>>>>>373 string x \b%-.3s ->>>>>>376 ubyte&0xDF >0 +>>>>>>376 ubyte&0xDF >0 >>>>>>>376 string x \b.%-.3s # ->430 string NTLDR\ fehlt\xFF\r\n ->>444 string Medienfehler\xFF\r\n +>430 string NTLDR\ fehlt\xFF\r\n +>>444 string Medienfehler\xFF\r\n >>>459 string Neustart:\ Taste\ dr\201cken\r \b, Microsoft Windows XP Bootloader (3.german) ->>>>371 ubyte >0x20 ->>>>>368 ubyte&0xDF >0 +>>>>371 ubyte >0x20 +>>>>>368 ubyte&0xDF >0 >>>>>>368 string x %-.5s ->>>>>>>373 ubyte&0xDF >0 +>>>>>>>373 ubyte&0xDF >0 >>>>>>>>373 string x \b%-.3s ->>>>>>376 ubyte&0xDF >0 +>>>>>>376 ubyte&0xDF >0 >>>>>>>376 string x \b.%-.3s # variant ->>>>417 ubyte&0xDF >0 +>>>>417 ubyte&0xDF >0 >>>>>417 string x %-.5s ->>>>>>422 ubyte&0xDF >0 +>>>>>>422 ubyte&0xDF >0 >>>>>>>422 string x \b%-.3s ->>>>>425 ubyte&0xDF >0 +>>>>>425 ubyte&0xDF >0 >>>>>>425 string >\ \b.%-.3s # ->430 string Datentr\204ger\ entfernen\xFF\r\n ->>454 string Medienfehler\xFF\r\n +>430 string Datentr\204ger\ entfernen\xFF\r\n +>>454 string Medienfehler\xFF\r\n >>>469 string Neustart:\ Taste\ dr\201cken\r \b, Microsoft Windows XP Bootloader (4.german) ->>>>379 string \0 ->>>>>368 ubyte&0xDF >0 +>>>>379 string \0 +>>>>>368 ubyte&0xDF >0 >>>>>>368 string x %-.5s ->>>>>>>373 ubyte&0xDF >0 +>>>>>>>373 ubyte&0xDF >0 >>>>>>>>373 string x \b%-.3s ->>>>>>376 ubyte&0xDF >0 +>>>>>>376 ubyte&0xDF >0 >>>>>>>376 string x \b.%-.3s # variant ->>>>417 ubyte&0xDF >0 +>>>>417 ubyte&0xDF >0 >>>>>417 string x %-.5s ->>>>>>422 ubyte&0xDF >0 +>>>>>>422 ubyte&0xDF >0 >>>>>>>422 string x \b%-.3s ->>>>>425 ubyte&0xDF >0 +>>>>>425 ubyte&0xDF >0 >>>>>>425 string >\ \b.%-.3s # -#>3 string NTFS\ \ \ \ ->389 string Fehler\ beim\ Lesen\ +#>3 string NTFS\ \ \ \040 +>389 string Fehler\ beim\ Lesen\040 >>407 string des\ Datentr\204gers ->>>426 string NTLDR\ fehlt +>>>426 string NTLDR\ fehlt >>>>440 string NTLDR\ ist\ komprimiert >>>>>464 string Neustart\ mit\ Strg+Alt+Entf\r \b, Microsoft Windows XP Bootloader NTFS (german) -#>3 string NTFS\ \ \ \ +#>3 string NTFS\ \ \ \040 >313 string A\ disk\ read\ error\ occurred.\r ->>345 string A\ kernel\ file\ is\ missing\ ->>>370 string from\ the\ disk.\r ->>>>484 string NTLDR\ is\ compressed ->>>>>429 string Insert\ a\ system\ diskette\ +>>345 string A\ kernel\ file\ is\ missing\040 +>>>370 string from\ the\ disk.\r +>>>>484 string NTLDR\ is\ compressed +>>>>>429 string Insert\ a\ system\ diskette\040 >>>>>>454 string and\ restart\r\nthe\ system.\r \b, Microsoft Windows XP Bootloader NTFS # DOS loader variants different languages,offsets >472 ubyte&0xDF >0 ->>389 string Invalid\ system\ disk\xFF\r\n ->>>411 string Disk\ I/O\ error ->>>>428 string Replace\ the\ disk,\ and\ +>>389 string Invalid\ system\ disk\xFF\r\n +>>>411 string Disk\ I/O\ error +>>>>428 string Replace\ the\ disk,\ and\040 >>>>>455 string press\ any\ key \b, Microsoft Windows 98 Bootloader #IO.SYS ->>>>>>472 ubyte&0xDF >0 +>>>>>>472 ubyte&0xDF >0 >>>>>>>472 string x \b %-.2s ->>>>>>>>474 ubyte&0xDF >0 +>>>>>>>>474 ubyte&0xDF >0 >>>>>>>>>474 string x \b%-.5s ->>>>>>>>>>479 ubyte&0xDF >0 +>>>>>>>>>>479 ubyte&0xDF >0 >>>>>>>>>>>479 string x \b%-.1s ->>>>>>>480 ubyte&0xDF >0 +>>>>>>>480 ubyte&0xDF >0 >>>>>>>>480 string x \b.%-.3s #MSDOS.SYS >>>>>>>483 ubyte&0xDF >0 \b+ >>>>>>>>483 string x \b%-.5s ->>>>>>>>>488 ubyte&0xDF >0 +>>>>>>>>>488 ubyte&0xDF >0 >>>>>>>>>>488 string x \b%-.3s ->>>>>>>>491 ubyte&0xDF >0 +>>>>>>>>491 ubyte&0xDF >0 >>>>>>>>>491 string x \b.%-.3s # ->>390 string Invalid\ system\ disk\xFF\r\n ->>>412 string Disk\ I/O\ error\xFF\r\n ->>>>429 string Replace\ the\ disk,\ and\ +>>390 string Invalid\ system\ disk\xFF\r\n +>>>412 string Disk\ I/O\ error\xFF\r\n +>>>>429 string Replace\ the\ disk,\ and\040 >>>>>451 string then\ press\ any\ key\r \b, Microsoft Windows 98 Bootloader ->>388 string Ungueltiges\ System\ \xFF\r\n ->>>410 string E/A-Fehler\ \ \ \ \xFF\r\n ->>>>427 string Datentraeger\ wechseln\ und\ +>>388 string Ungueltiges\ System\ \xFF\r\n +>>>410 string E/A-Fehler\ \ \ \ \xFF\r\n +>>>>427 string Datentraeger\ wechseln\ und\040 >>>>>453 string Taste\ druecken\r \b, Microsoft Windows 95/98/ME Bootloader (german) #WINBOOT.SYS only not spaces (0xDF) ->>>>>>497 ubyte&0xDF >0 +>>>>>>497 ubyte&0xDF >0 >>>>>>>497 string x %-.5s ->>>>>>>>502 ubyte&0xDF >0 +>>>>>>>>502 ubyte&0xDF >0 >>>>>>>>>502 string x \b%-.1s ->>>>>>>>>>503 ubyte&0xDF >0 +>>>>>>>>>>503 ubyte&0xDF >0 >>>>>>>>>>>503 string x \b%-.1s ->>>>>>>>>>>>504 ubyte&0xDF >0 +>>>>>>>>>>>>504 ubyte&0xDF >0 >>>>>>>>>>>>>504 string x \b%-.1s ->>>>>>505 ubyte&0xDF >0 +>>>>>>505 ubyte&0xDF >0 >>>>>>>505 string x \b.%-.3s #IO.SYS >>>>>>472 ubyte&0xDF >0 or >>>>>>>472 string x \b %-.2s ->>>>>>>>474 ubyte&0xDF >0 +>>>>>>>>474 ubyte&0xDF >0 >>>>>>>>>474 string x \b%-.5s ->>>>>>>>>>479 ubyte&0xDF >0 +>>>>>>>>>>479 ubyte&0xDF >0 >>>>>>>>>>>479 string x \b%-.1s ->>>>>>>480 ubyte&0xDF >0 +>>>>>>>480 ubyte&0xDF >0 >>>>>>>>480 string x \b.%-.3s #MSDOS.SYS >>>>>>>483 ubyte&0xDF >0 \b+ >>>>>>>>483 string x \b%-.5s ->>>>>>>>>488 ubyte&0xDF >0 +>>>>>>>>>488 ubyte&0xDF >0 >>>>>>>>>>488 string x \b%-.3s ->>>>>>>>491 ubyte&0xDF >0 +>>>>>>>>491 ubyte&0xDF >0 >>>>>>>>>491 string x \b.%-.3s # ->>390 string Ungueltiges\ System\ \xFF\r\n ->>>412 string E/A-Fehler\ \ \ \ \xFF\r\n ->>>>429 string Datentraeger\ wechseln\ und\ +>>390 string Ungueltiges\ System\ \xFF\r\n +>>>412 string E/A-Fehler\ \ \ \ \xFF\r\n +>>>>429 string Datentraeger\ wechseln\ und\040 >>>>>455 string Taste\ druecken\r \b, Microsoft Windows 95/98/ME Bootloader (German) #WINBOOT.SYS only not spaces (0xDF) ->>>>>>497 ubyte&0xDF >0 +>>>>>>497 ubyte&0xDF >0 >>>>>>>497 string x %-.7s ->>>>>>>>504 ubyte&0xDF >0 +>>>>>>>>504 ubyte&0xDF >0 >>>>>>>>>504 string x \b%-.1s ->>>>>>505 ubyte&0xDF >0 +>>>>>>505 ubyte&0xDF >0 >>>>>>>505 string x \b.%-.3s #IO.SYS >>>>>>472 ubyte&0xDF >0 or >>>>>>>472 string x \b %-.2s ->>>>>>>>474 ubyte&0xDF >0 +>>>>>>>>474 ubyte&0xDF >0 >>>>>>>>>474 string x \b%-.6s ->>>>>>>480 ubyte&0xDF >0 +>>>>>>>480 ubyte&0xDF >0 >>>>>>>>480 string x \b.%-.3s #MSDOS.SYS >>>>>>>483 ubyte&0xDF >0 \b+ >>>>>>>>483 string x \b%-.5s ->>>>>>>>>488 ubyte&0xDF >0 +>>>>>>>>>488 ubyte&0xDF >0 >>>>>>>>>>488 string x \b%-.3s ->>>>>>>>491 ubyte&0xDF >0 +>>>>>>>>491 ubyte&0xDF >0 >>>>>>>>>491 string x \b.%-.3s # ->>389 string Ungueltiges\ System\ \xFF\r\n ->>>411 string E/A-Fehler\ \ \ \ \xFF\r\n ->>>>428 string Datentraeger\ wechseln\ und\ +>>389 string Ungueltiges\ System\ \xFF\r\n +>>>411 string E/A-Fehler\ \ \ \ \xFF\r\n +>>>>428 string Datentraeger\ wechseln\ und\040 >>>>>454 string Taste\ druecken\r \b, Microsoft Windows 95/98/ME Bootloader (GERMAN) # DOS names like IO.SYS,WINBOOT.SYS,MSDOS.SYS,WINBOOT.INI are 8 right space padded bytes+3 bytes >>>>>>472 string x %-.2s ->>>>>>>474 ubyte&0xDF >0 +>>>>>>>474 ubyte&0xDF >0 >>>>>>>>474 string x \b%-.5s ->>>>>>>>479 ubyte&0xDF >0 +>>>>>>>>479 ubyte&0xDF >0 >>>>>>>>>479 string x \b%-.1s ->>>>>>480 ubyte&0xDF >0 +>>>>>>480 ubyte&0xDF >0 >>>>>>>480 string x \b.%-.3s >>>>>>483 ubyte&0xDF >0 \b+ >>>>>>>483 string x \b%-.5s ->>>>>>>488 ubyte&0xDF >0 +>>>>>>>488 ubyte&0xDF >0 >>>>>>>>488 string x \b%-.2s ->>>>>>>>490 ubyte&0xDF >0 +>>>>>>>>490 ubyte&0xDF >0 >>>>>>>>>490 string x \b%-.1s ->>>>>>>491 ubyte&0xDF >0 +>>>>>>>491 ubyte&0xDF >0 >>>>>>>>491 string x \b.%-.3s >479 ubyte&0xDF >0 ->>416 string Kein\ System\ oder\ ->>>433 string Laufwerksfehler +>>416 string Kein\ System\ oder\040 +>>>433 string Laufwerksfehler >>>>450 string Wechseln\ und\ Taste\ dr\201cken \b, Microsoft DOS Bootloader (german) #IO.SYS >>>>>479 string x \b %-.2s ->>>>>>481 ubyte&0xDF >0 +>>>>>>481 ubyte&0xDF >0 >>>>>>>481 string x \b%-.6s ->>>>>487 ubyte&0xDF >0 +>>>>>487 ubyte&0xDF >0 >>>>>>487 string x \b.%-.3s #MSDOS.SYS >>>>>>490 ubyte&0xDF >0 \b+ >>>>>>>490 string x \b%-.5s ->>>>>>>>495 ubyte&0xDF >0 +>>>>>>>>495 ubyte&0xDF >0 >>>>>>>>>495 string x \b%-.3s ->>>>>>>498 ubyte&0xDF >0 +>>>>>>>498 ubyte&0xDF >0 >>>>>>>>498 string x \b.%-.3s # ->376 search/41 Non-System\ disk\ or\ ->>395 search/41 disk\ error\r ->>>407 search/41 Replace\ and\ +>376 search/41 Non-System\ disk\ or\040 +>>395 search/41 disk\ error\r +>>>407 search/41 Replace\ and\040 >>>>419 search/41 press\ \b, >>>>419 search/41 strike\ \b, old >>>>426 search/41 any\ key\ when\ ready\r MS or PC-DOS bootloader #449 Disk\ Boot\ failure\r MS 3.21 #466 Boot\ Failure\r MS 3.30 ->>>>>468 search/18 \0 +>>>>>468 search/18 \0 #IO.SYS,IBMBIO.COM >>>>>>&0 string x \b %-.2s ->>>>>>>&-20 ubyte&0xDF >0 +>>>>>>>&-20 ubyte&0xDF >0 >>>>>>>>&-1 string x \b%-.4s ->>>>>>>>>&-16 ubyte&0xDF >0 +>>>>>>>>>&-16 ubyte&0xDF >0 >>>>>>>>>>&-1 string x \b%-.2s >>>>>>&8 ubyte&0xDF >0 \b. >>>>>>>&-1 string x \b%-.3s @@ -895,125 +893,125 @@ #MSDOS.SYS,IBMDOS.COM >>>>>>&11 ubyte&0xDF >0 \b+ >>>>>>>&-1 string x \b%-.5s ->>>>>>>>&-6 ubyte&0xDF >0 +>>>>>>>>&-6 ubyte&0xDF >0 >>>>>>>>>&-1 string x \b%-.1s ->>>>>>>>>>&-5 ubyte&0xDF >0 +>>>>>>>>>>&-5 ubyte&0xDF >0 >>>>>>>>>>>&-1 string x \b%-.2s >>>>>>>&7 ubyte&0xDF >0 \b. >>>>>>>>&-1 string x \b%-.3s >441 string Cannot\ load\ from\ harddisk.\n\r ->>469 string Insert\ Systemdisk\ +>>469 string Insert\ Systemdisk\040 >>>487 string and\ press\ any\ key.\n\r \b, MS (2.11) DOS bootloader -#>43 string \224R-LOADER\ \ SYS =label +#>43 string \224R-LOADER\ \ SYS =label >54 string SYS >>324 string VASKK >>>495 string NEWLDR\0 \b, DR-DOS Bootloader (LOADER.SYS) # ->98 string Press\ a\ key\ to\ retry\0\r ->>120 string Cannot\ find\ file\ \0\r ->>>139 string Disk\ read\ error\0\r +>98 string Press\ a\ key\ to\ retry\0\r +>>120 string Cannot\ find\ file\ \0\r +>>>139 string Disk\ read\ error\0\r >>>>156 string Loading\ ...\0 \b, DR-DOS (3.41) Bootloader #DRBIOS.SYS ->>>>>44 ubyte&0xDF >0 +>>>>>44 ubyte&0xDF >0 >>>>>>44 string x \b %-.6s ->>>>>>>50 ubyte&0xDF >0 +>>>>>>>50 ubyte&0xDF >0 >>>>>>>>50 string x \b%-.2s ->>>>>>52 ubyte&0xDF >0 +>>>>>>52 ubyte&0xDF >0 >>>>>>>52 string x \b.%-.3s # ->70 string IBMBIO\ \ COM ->>472 string Cannot\ load\ DOS!\ +>70 string IBMBIO\ \ COM +>>472 string Cannot\ load\ DOS!\040 >>>489 string Any\ key\ to\ retry \b, DR-DOS Bootloader ->>471 string Cannot\ load\ DOS\ +>>471 string Cannot\ load\ DOS\040 >>487 string press\ key\ to\ retry \b, Open-DOS Bootloader #?? ->444 string KERNEL\ \ SYS +>444 string KERNEL\ \ SYS >>314 string BOOT\ error! \b, FREE-DOS Bootloader ->499 string KERNEL\ \ SYS +>499 string KERNEL\ \ SYS >>305 string BOOT\ err!\0 \b, Free-DOS Bootloader ->449 string KERNEL\ \ SYS +>449 string KERNEL\ \ SYS >>319 string BOOT\ error! \b, FREE-DOS 0.5 Bootloader # ->449 string Loading\ FreeDOS +>449 string Loading\ FreeDOS >>0x1AF ulelong >0 \b, FREE-DOS 0.95,1.0 Bootloader ->>>497 ubyte&0xDF >0 +>>>497 ubyte&0xDF >0 >>>>497 string x \b %-.6s ->>>>>503 ubyte&0xDF >0 +>>>>>503 ubyte&0xDF >0 >>>>>>503 string x \b%-.1s ->>>>>>>504 ubyte&0xDF >0 +>>>>>>>504 ubyte&0xDF >0 >>>>>>>>504 string x \b%-.1s ->>>>505 ubyte&0xDF >0 +>>>>505 ubyte&0xDF >0 >>>>>505 string x \b.%-.3s # >331 string Error!.0 \b, FREE-DOS 1.0 bootloader # ->125 string Loading\ FreeDOS...\r +>125 string Loading\ FreeDOS...\r >>311 string BOOT\ error!\r \b, FREE-DOS bootloader ->>>441 ubyte&0xDF >0 +>>>441 ubyte&0xDF >0 >>>>441 string x \b %-.6s ->>>>>447 ubyte&0xDF >0 +>>>>>447 ubyte&0xDF >0 >>>>>>447 string x \b%-.1s ->>>>>>>448 ubyte&0xDF >0 +>>>>>>>448 ubyte&0xDF >0 >>>>>>>>448 string x \b%-.1s ->>>>449 ubyte&0xDF >0 +>>>>449 ubyte&0xDF >0 >>>>>449 string x \b.%-.3s ->124 string FreeDOS\0 +>124 string FreeDOS\0 >>331 string \ err\0 \b, FREE-DOS BETa 0.9 Bootloader # DOS names like KERNEL.SYS,KERNEL16.SYS,KERNEL32.SYS,METAKERN.SYS are 8 right space padded bytes+3 bytes ->>>497 ubyte&0xDF >0 +>>>497 ubyte&0xDF >0 >>>>497 string x \b %-.6s ->>>>>503 ubyte&0xDF >0 +>>>>>503 ubyte&0xDF >0 >>>>>>503 string x \b%-.1s ->>>>>>>504 ubyte&0xDF >0 +>>>>>>>504 ubyte&0xDF >0 >>>>>>>>504 string x \b%-.1s ->>>>505 ubyte&0xDF >0 +>>>>505 ubyte&0xDF >0 >>>>>505 string x \b.%-.3s >>333 string \ err\0 \b, FREE-DOS BEta 0.9 Bootloader ->>>497 ubyte&0xDF >0 +>>>497 ubyte&0xDF >0 >>>>497 string x \b %-.6s ->>>>>503 ubyte&0xDF >0 +>>>>>503 ubyte&0xDF >0 >>>>>>503 string x \b%-.1s ->>>>>>>504 ubyte&0xDF >0 +>>>>>>>504 ubyte&0xDF >0 >>>>>>>>504 string x \b%-.1s ->>>>505 ubyte&0xDF >0 +>>>>505 ubyte&0xDF >0 >>>>>505 string x \b.%-.3s >>334 string \ err\0 \b, FREE-DOS Beta 0.9 Bootloader ->>>497 ubyte&0xDF >0 +>>>497 ubyte&0xDF >0 >>>>497 string x \b %-.6s ->>>>>503 ubyte&0xDF >0 +>>>>>503 ubyte&0xDF >0 >>>>>>503 string x \b%-.1s ->>>>>>>504 ubyte&0xDF >0 +>>>>>>>504 ubyte&0xDF >0 >>>>>>>>504 string x \b%-.1s ->>>>505 ubyte&0xDF >0 +>>>>505 ubyte&0xDF >0 >>>>>505 string x \b.%-.3s ->336 string Error!\ +>336 string Error!\040 >>343 string Hit\ a\ key\ to\ reboot. \b, FREE-DOS Beta 0.9sr1 Bootloader ->>>497 ubyte&0xDF >0 +>>>497 ubyte&0xDF >0 >>>>497 string x \b %-.6s ->>>>>503 ubyte&0xDF >0 +>>>>>503 ubyte&0xDF >0 >>>>>>503 string x \b%-.1s ->>>>>>>504 ubyte&0xDF >0 +>>>>>>>504 ubyte&0xDF >0 >>>>>>>>504 string x \b%-.1s ->>>>505 ubyte&0xDF >0 +>>>>505 ubyte&0xDF >0 >>>>>505 string x \b.%-.3s # added by Joerg Jenderek # http://www.visopsys.org/ # http://partitionlogic.org.uk/ # OEM-ID=Visopsys ->478 ulelong 0 ->>(1.b+326) string I/O\ Error\ reading\ ->>>(1.b+344) string Visopsys\ loader\r +>478 ulelong 0 +>>(1.b+326) string I/O\ Error\ reading\040 +>>>(1.b+344) string Visopsys\ loader\r >>>>(1.b+361) string Press\ any\ key\ to\ continue.\r \b, Visopsys loader # http://alexfru.chat.ru/epm.html#bootprog ->494 ubyte >0x4D ->>495 string >E ->>>495 string 494 ubyte >0x4D +>>495 string >E +>>>495 string >>>3 string BootProg +>>>>3 string BootProg # It just looks for a program file name at the root directory # and loads corresponding file with following execution. # DOS names like STARTUP.BIN,STARTUPC.COM,STARTUPE.EXE are 8 right space padded bytes+3 bytes ->>>>499 ubyte&0xDF >0 \b, COM/EXE Bootloader +>>>>499 ubyte&0xDF >0 \b, COM/EXE Bootloader >>>>>499 use DOS-filename #If the boot sector fails to read any other sector, #it prints a very short message ("RE") to the screen and hangs the computer. @@ -1027,7 +1025,7 @@ # added by Joerg Jenderek at Feb 2013 according to http://thestarman.pcministry.com/asm/mbr/MSWIN41.htm#FSINFO # and http://en.wikipedia.org/wiki/File_Allocation_Table#FS_Information_Sector ->0 string RRaA +>0 string RRaA >>0x1E4 string rrAa \b, FSInfosector #>>0x1FC uleshort =0 SHOULD BE ZERO >>>0x1E8 ulelong <0xffffffff \b, %u free clusters @@ -1034,16 +1032,16 @@ >>>0x1EC ulelong <0xffffffff \b, last allocated cluster %u # updated by Joerg Jenderek at Sep 2007 ->3 ubyte 0 +>3 ubyte 0 #no active flag ->>446 ubyte 0 +>>446 ubyte 0 # partition 1 not empty ->>>450 ubyte >0 +>>>450 ubyte >0 # partitions 3,4 empty ->>>>482 ubyte 0 ->>>>>498 ubyte 0 +>>>>482 ubyte 0 +>>>>>498 ubyte 0 # partition 2 ID=0,5,15 ->>>>>>466 ubyte <0x10 +>>>>>>466 ubyte <0x10 >>>>>>>466 ubyte 0x05 \b, extended partition table >>>>>>>466 ubyte 0x0F \b, extended partition table (LBA) >>>>>>>466 ubyte 0x0 \b, extended partition table (last) @@ -1056,35 +1054,35 @@ # Print the DOS filenames from directory entry form with 8 right space padded bytes + 3 bytes for extension # like IO.SYS. MSDOS.SYS , KERNEL.SYS , DRBIO.SYS 0 name DOS-filename -# space=0x20 (00100000b) means empty ->0 ubyte&0xDF >0 +# space=0x20 (00100000b) means empty +>0 ubyte&0xDF >0 >>0 ubyte x \b%c ->>>1 ubyte&0xDF >0 +>>>1 ubyte&0xDF >0 >>>>1 ubyte x \b%c ->>>>>2 ubyte&0xDF >0 +>>>>>2 ubyte&0xDF >0 >>>>>>2 ubyte x \b%c ->>>>>>>3 ubyte&0xDF >0 +>>>>>>>3 ubyte&0xDF >0 >>>>>>>>3 ubyte x \b%c ->>>>>>>>>4 ubyte&0xDF >0 +>>>>>>>>>4 ubyte&0xDF >0 >>>>>>>>>>4 ubyte x \b%c ->>>>>>>>>>>5 ubyte&0xDF >0 +>>>>>>>>>>>5 ubyte&0xDF >0 >>>>>>>>>>>>5 ubyte x \b%c ->>>>>>>>>>>>>6 ubyte&0xDF >0 +>>>>>>>>>>>>>6 ubyte&0xDF >0 >>>>>>>>>>>>>>6 ubyte x \b%c ->>>>>>>>>>>>>>>7 ubyte&0xDF >0 +>>>>>>>>>>>>>>>7 ubyte&0xDF >0 >>>>>>>>>>>>>>>>7 ubyte x \b%c # DOS filename extension >>8 ubyte&0xDF >0 \b. >>>8 ubyte x \b%c ->>>>9 ubyte&0xDF >0 +>>>>9 ubyte&0xDF >0 >>>>>9 ubyte x \b%c ->>>>>>10 ubyte&0xDF >0 +>>>>>>10 ubyte&0xDF >0 >>>>>>>10 ubyte x \b%c # Print 2 following DOS filenames from directory entry form # like IO.SYS+MSDOS.SYS or ibmbio.com+ibmdos.com 0 name 2xDOS-filename # display 1 space ->0 ubyte x \b +>0 ubyte x \b >0 use DOS-filename >11 ubyte x \b+ >11 use DOS-filename @@ -1103,10 +1101,10 @@ # partition type ID > 0 >4 ubyte >0 # active flag 0 ->>0 ubyte 0 +>>0 ubyte 0 >>>0 use partition-entry -# active flag 0x80, 0x81, ... ->>0 ubyte >0x7F +# active flag 0x80, 0x81, ... +>>0 ubyte >0x7F >>>0 use partition-entry # Print entry of partition table 0 name partition-entry @@ -1138,7 +1136,7 @@ # sector >1 ubyte&0x3F x \b,%u -# FATX +# FATX 0 string FATX FATX filesystem data # romfs filesystems - Juan Cespedes @@ -1159,7 +1157,7 @@ # http://syslinux.zytor.com/iso.php # tested with versions 1.47,1.48,1.49,1.50,1.62,1.76,2.00,2.10;3.00,3.11,3.31,;3.70,3.71,3.73,3.75,3.80,3.82,3.84,3.86,4.01,4.03 and 4.05 # assembler instructions: cli;jmp 0:7Cyy (yy=0x40,0x5e,0x6c,0x6e,0x77);nop;nop -0 ulequad&0x909000007cc0eafa 0x909000007c40eafa +0 ulequad&0x909000007cc0eafa 0x909000007c40eafa >631 search/689 ISOLINUX\ isolinux Loader >>&0 string x (version %-4.4s) # http://syslinux.zytor.com/pxe.php @@ -1176,43 +1174,43 @@ >11 string x (version %-4.4s) # syslinux updated and separated from "DOS/MBR boot sector" by Joerg Jenderek at Sep 2012 # assembler instructions: jmp yy (yy=0x3c,0x58);nop;"SYSLINUX" -0 ulelong&0x80909bEB 0x009018EB +0 ulelong&0x80909bEB 0x009018EB # OEM-ID not always "SYSLINUX" ->434 search/47 Boot\ failed -# followed by \r\n\0 or :\ +>434 search/47 Boot\ failed +# followed by \r\n\0 or :\ >>482 search/132 \0LDLINUX\ SYS Syslinux bootloader (version 2.13 or older) >>1 ubyte 0x58 Syslinux bootloader (version 3.0-3.9) ->459 search/30 Boot\ error\r\n\0 +>459 search/30 Boot\ error\r\n\0 >>1 ubyte 0x58 Syslinux bootloader (version 3.10 or newer) # SYSLINUX MBR updated and separated from "DOS/MBR boot sector" by Joerg Jenderek at Sep 2012 # assembler instructions: mov di,0600h;mov cx,0100h -16 search/4 \xbf\x00\x06\xb9\x00\x01 +16 search/4 \xbf\x00\x06\xb9\x00\x01 # to display SYSLINUX MBR (36) before old DOS/MBR boot sector one with partition table (strength=50+21) !:strength +36 ->94 search/249 Missing\ operating\ system +>94 search/249 Missing\ operating\ system # followed by \r for versions older 3.35 , .\r for versions newer 3.52 and point for other # skip Ranish MBR ->>408 search/4 HD1/\0 ->>408 default x +>>408 search/4 HD1/\0 +>>408 default x >>>250 search/118 \0Operating\ system\ load SYSLINUX MBR # followed by "ing " or space ->>>>292 search/98 error +>>>>292 search/98 error >>>>>&0 string \r (version 3.35 or older) >>>>>&0 string .\r (version 3.52 or newer) >>>>>&0 default x (version 3.36-3.51 ) >368 search/106 \0Disk\ error\ on\ boot\r\n SYSLINUX GPT-MBR ->>156 search/10 \0Boot\ partition\ not\ found\r\n +>>156 search/10 \0Boot\ partition\ not\ found\r\n >>>270 search/10 \0OS\ not\ bootable\r\n (version 3.86 or older) ->>174 search/10 \0Missing\ OS\r\n +>>174 search/10 \0Missing\ OS\r\n >>>189 search/10 \0Multiple\ active\ partitions\r\n (version 4.00 or newer) # SYSLINUX END # NetBSD mbr variants (master-boot-code version 1.22) added by Joerg Jenderek at Nov 2012 # assembler instructions: xor ax,ax;mov ax,ss;mov sp,0x7c00;mov ax, -0 ubequad 0x31c08ed0bc007c8e +0 ubequad 0x31c08ed0bc007c8e # mbr_bootsel magic before partition table not reliable with small ipl fragments -#>444 uleshort 0xb5e1 ->0004 uleshort x +#>444 uleshort 0xb5e1 +>0004 uleshort x # ERRorTeXT >>181 search/166 Error\ \0\r\n NetBSD mbr # NT Drive Serial Number http://thestarman.pcministry.com/asm/mbr/Win2kmbr.htm#DS @@ -1219,14 +1217,14 @@ >>>0x1B8 ubelong >0 \b,Serial 0x%-.8x # BOOTSEL definitions contains assembler instructions: int 0x13;pop dx;push dx;push dx >>>0xbb search/71 \xcd\x13\x5a\x52\x52 \b,bootselector -# BOOT_EXTENDED definitions contains assembler instructions: +# BOOT_EXTENDED definitions contains assembler instructions: # xchg ecx,edx;addl ecx,edx;movw lba_info,si;movb 0x42,ah;pop dx;push dx;int 0x13 >>>0x96 search/1 \x66\x87\xca\x66\x01\xca\x66\x89\x16\x3a\x07\xbe\x32\x07\xb4\x42\x5a\x52\xcd\x13 \b,boot extended # COM_PORT_VAL definitions contains assembler instructions: outb al,dx;add 5,dl;inb %dx;test 0x40,al >>>0x130 search/55 \xee\x80\xc2\x05\xec\xa8\x40 \b,serial IO # not TERSE_ERROR ->>>196 search/106 No\ active\ partition\0 ->>>>&0 string Disk\ read\ error\0 +>>>196 search/106 No\ active\ partition\0 +>>>>&0 string Disk\ read\ error\0 >>>>>&0 string No\ operating\ system\0 \b,verbose # not NO_CHS definitions contains assembler instructions: pop dx;push dx;movb $8,ah;int0x13 >>>0x7d search/7 \x5a\x52\xb4\x08\xcd\x13 \b,CHS @@ -1233,10 +1231,10 @@ # not NO_LBA_CHECK definitions contains assembler instructions: movw 0x55aa,bx;movb 0x41,ah;pop dx;push dx;int 0x13 >>>0xa4 search/84 \xbb\xaa\x55\xb4\x41\x5a\x52\xcd\x13 \b,LBA-check # assembler instructions: movw nametab,bx ->>>0x26 search/21 \xBB\x94\x07 +>>>0x26 search/21 \xBB\x94\x07 # not NO_BANNER definitions contains assembler instructions: mov banner,si;call message_crlf ->>>>&-9 ubequad&0xBE00f0E800febb94 0xBE0000E80000bb94 ->>>>>181 search/166 Error\ \0 +>>>>&-9 ubequad&0xBE00f0E800febb94 0xBE0000E80000bb94 +>>>>>181 search/166 Error\ \0 # "a: disk" , "Fn: diskn" or "NetBSD MBR boot" >>>>>>&3 string x \b,"%s" >>>446 use partition-table @@ -1243,21 +1241,21 @@ # Andrea Mazzoleni AdvanceCD mbr loader of http://advancemame.sourceforge.net/boot-readme.html # added by Joerg Jenderek at Nov 2012 for versions 1.3 - 1.4 # assembler instructions: jmp short 0x58;nop;ASCII -0 ubequad&0xeb58908000000000 0xeb58900000000000 +0 ubequad&0xeb58908000000000 0xeb58900000000000 # assembler instructions: cli;xor ax,ax;mov ds,ax;mov es,ax;mov ss, ->(1.b+2) ubequad 0xfa31c08ed88ec08e +>(1.b+2) ubequad 0xfa31c08ed88ec08e # Error messages at end of code ->>376 string No\ operating\ system\r\n\0 ->>>398 string Disk\ error\r\n\0FDD\0HDD\0 +>>376 string No\ operating\ system\r\n\0 +>>>398 string Disk\ error\r\n\0FDD\0HDD\0 >>>>419 string \ EBIOS\r\n\0 AdvanceMAME mbr -# Neil Turton mbr loader variant of http://www.chiark.greenend.org.uk/~neilt/mbr/ +# Neil Turton mbr loader variant of http://www.chiark.greenend.org.uk/~neilt/mbr/ # added by Joerg Jenderek at Mar 2011 for versions 1.0.0 - 1.1.11 # for 1st version assembler instructions: cld;xor ax,ax;mov DS,ax;MOV ES,AX;mov SI, # or cld;xor ax,ax;mov SS,ax;XOR SP,SP;mov DS, -0 ulequad&0xcE1b40D48EC031FC 0x8E0000D08EC031FC +0 ulequad&0xcE1b40D48EC031FC 0x8E0000D08EC031FC # pointer to the data starting with Neil Turton signature string ->(0x1BC.s) string NDTmbr +>(0x1BC.s) string NDTmbr >>&-14 string 1234F\0 Turton mbr ( # parameters also viewed by install-mbr --list >>>(0x1BC.s+7) ubyte x \b%u<= @@ -1271,23 +1269,23 @@ #0x0~1,0x1~2,...,0x3~4,0x4~F,0x7~D default boot #>>>(0x1BC.s+11) ubyte x \b,cfg_def 0x%x # for older versions ->>>(0x1BC.s+9) ubyte <2 +>>>(0x1BC.s+9) ubyte <2 #>>>>(0x1BC.s+12) ubyte 18 \b,%hhu/18 seconds >>>>(0x1BC.s+12) ubyte !18 \b,%u/18 seconds # floppy A: or B: >>>>(0x1BC.s+13) ubyte <2 \b,floppy 0x%x ->>>>(0x1BC.s+13) ubyte >1 +>>>>(0x1BC.s+13) ubyte >1 # 1st hard disc #>>>>>(0x1BC.s+13) ubyte 0x80 \b,drive 0x%x # not 1st hard disc >>>>>(0x1BC.s+13) ubyte !0x80 \b,drive 0x%x # for version >= 2 maximal timeout can be 65534 ->>>(0x1BC.s+9) ubyte >1 +>>>(0x1BC.s+9) ubyte >1 #>>>>(0x1BC.s+12) uleshort 18 \b,%u/18 seconds >>>>(0x1BC.s+12) uleshort !18 \b,%u/18 seconds # floppy A: or B: >>>>(0x1BC.s+14) ubyte <2 \b,floppy 0x%x ->>>>(0x1BC.s+14) ubyte >1 +>>>>(0x1BC.s+14) ubyte >1 # 1st hard disc #>>>>>(0x1BC.s+14) ubyte 0x80 \b,drive 0x%x # not 1st hard disc @@ -1299,14 +1297,14 @@ # grub-1.94/kern/i386/pc/startup.S # http://www.gnu.org/software/grub/manual/grub.html#Embedded-data # usual values are marked with comments to get only informations of strange GRUB loaders -0x200 uleshort 0x70EA +0x200 uleshort 0x70EA # found only version 3.{1,2} ->0x206 ubeshort >0x0300 +>0x206 ubeshort >0x0300 # GRUB version (0.5.)95,0.93,0.94,0.96,0.97 > "00" ->>0x212 ubyte >0x29 ->>>0x213 ubyte >0x29 +>>0x212 ubyte >0x29 +>>>0x213 ubyte >0x29 # not iso9660_stage1_5 -#>>>0 ulelong&0x00BE5652 0x00BE5652 +#>>>0 ulelong&0x00BE5652 0x00BE5652 >>>>0x213 ubyte >0x29 GRand Unified Bootloader # config_file for stage1_5 is 0xffffffff + default "/boot/grub/stage2" >>>>0x217 ubyte 0xFF stage1_5 @@ -1318,7 +1316,7 @@ #>>>>0x208 ulelong =0xffffff \b, %lu (default) >>>>0x208 ulelong >0xffffff \b, installed partition %u # GRUB 0.5.95 unofficial ->>>>0x20C ulelong&0x2E300000 0x2E300000 +>>>>0x20C ulelong&0x2E300000 0x2E300000 # 0=stage2 1=ffs 2=e2fs 3=fat 4=minix 5=reiserfs >>>>>0x20C ubyte x \b, identifier 0x%x #>>>>>0x20D ubyte =0 \b, LBA flag 0x%x (default) @@ -1326,17 +1324,17 @@ # GRUB version as string >>>>>0x20E string >\0 \b, GRUB version %-s # for stage1_5 is 0xffffffff + config_file "/boot/grub/stage2" default ->>>>>>0x215 ulong 0xffffffff +>>>>>>0x215 ulong 0xffffffff >>>>>>>0x219 string >\0 \b, configuration file %-s ->>>>>>0x215 ulong !0xffffffff +>>>>>>0x215 ulong !0xffffffff >>>>>>>0x215 string >\0 \b, configuration file %-s # newer GRUB versions ->>>>0x20C ulelong&0x2E300000 !0x2E300000 +>>>>0x20C ulelong&0x2E300000 !0x2E300000 ##>>>>>0x20C ulelong =0 \b, saved entry %d (usual) >>>>>0x20C ulelong >0 \b, saved entry %d # for 1.94 contains kernel image size # for 0.93,0.94,0.96,0.97 -# 0=stage2 1=ffs 2=e2fs 3=fat 4=minix 5=reiserfs 6=vstafs 7=jfs 8=xfs 9=iso9660 a=ufs2 +# 0=stage2 1=ffs 2=e2fs 3=fat 4=minix 5=reiserfs 6=vstafs 7=jfs 8=xfs 9=iso9660 a=ufs2 >>>>>0x210 ubyte x \b, identifier 0x%x # The flag for LBA forcing is in most cases 0 #>>>>>0x211 ubyte =0 \b, LBA flag 0x%x (default) @@ -1344,9 +1342,9 @@ # GRUB version as string >>>>>0x212 string >\0 \b, GRUB version %-s # for stage1_5 is 0xffffffff + config_file "/boot/grub/stage2" default ->>>>>0x217 ulong 0xffffffff +>>>>>0x217 ulong 0xffffffff >>>>>>0x21b string >\0 \b, configuration file %-s ->>>>>0x217 ulong !0xffffffff +>>>>>0x217 ulong !0xffffffff >>>>>>0x217 string >\0 \b, configuration file %-s # DOS x86 sector updated and separated from "DOS/MBR boot sector" by Joerg Jenderek at May 2011 @@ -1362,13 +1360,13 @@ # mtools-3.9.8/msdos.h # usual values are marked with comments to get only informations of strange FAT systems # valid sectorsize must be a power of 2 from 32 to 32768 ->11 uleshort&0x001f 0 ->>11 uleshort <32769 ->>>11 uleshort >31 ->>>>21 ubyte&0xf0 0xF0 +>11 uleshort&0x001f 0 +>>11 uleshort <32769 +>>>11 uleshort >31 +>>>>21 ubyte&0xf0 0xF0 >>>>>0 ubyte 0xEB DOS/MBR boot sector >>>>>>1 ubyte x \b, code offset 0x%x+2 ->>>>>0 ubyte 0xE9 +>>>>>0 ubyte 0xE9 >>>>>>1 uleshort x \b, code offset 0x%x+3 >>>>>3 string >\0 \b, OEM-ID "%-.8s" #http://mirror.href.com/thestarman/asm/debug/debug2.htm#IHC @@ -1379,10 +1377,10 @@ >>>>>13 ubyte >1 \b, sectors/cluster %u #>>>>>13 ubyte =1 \b, sectors/cluster %u (usual on Floppies) # for lazy FAT32 implementation like Transcend digital photo frame PF830 ->>>>>82 string/c fat32 +>>>>>82 string/c fat32 >>>>>>14 uleshort !32 \b, reserved sectors %u #>>>>>>14 uleshort =32 \b, reserved sectors %u (usual Fat32) ->>>>>82 string/c !fat32 +>>>>>82 string/c !fat32 >>>>>>14 uleshort >1 \b, reserved sectors %u #>>>>>>14 uleshort =1 \b, reserved sectors %u (usual FAT12,FAT16) #>>>>>>14 uleshort 0 \b, reserved sectors %u (usual NTFS) @@ -1392,7 +1390,7 @@ >>>>>16 ubyte >0 >>>>>17 uleshort >0 \b, root entries %u #>>>>>17 uleshort =0 \b, root entries %hu=0 (usual Fat32) ->>>>>19 uleshort >0 \b, sectors %u (volumes <=32 MB) +>>>>>19 uleshort >0 \b, sectors %u (volumes <=32 MB) #>>>>>19 uleshort =0 \b, sectors %hu=0 (usual Fat32) >>>>>21 ubyte >0xF0 \b, Media descriptor 0x%x #>>>>>21 ubyte =0xF0 \b, Media descriptor 0x%x (usual floppy) @@ -1404,20 +1402,20 @@ #>>>>>26 ubyte =2 \b, heads %u (usual floppy) >>>>>26 ubyte =1 \b, heads %u # valid only for sector sizes with more then 32 Bytes ->>>>>11 uleshort >32 +>>>>>11 uleshort >32 # http://en.wikipedia.org/wiki/Design_of_the_FAT_file_system#Extended_BIOS_Parameter_Block # skip for values 2,2Ah,70h,73h,DFh # and continue for extended boot signature values 0,28h,29h,80h ->>>>>>38 ubyte&0x56 =0 +>>>>>>38 ubyte&0x56 =0 >>>>>>>28 ulelong >0 \b, hidden sectors %u #>>>>>>>28 ulelong =0 \b, hidden sectors %u (usual floppy) ->>>>>>>32 ulelong >0 \b, sectors %u (volumes > 32 MB) +>>>>>>>32 ulelong >0 \b, sectors %u (volumes > 32 MB) #>>>>>>>32 ulelong =0 \b, sectors %u (volumes > 32 MB) -# FAT<32 bit specific ->>>>>>>82 string/c !fat32 +# FAT<32 bit specific +>>>>>>>82 string/c !fat32 #>>>>>>>>36 ubyte 0x80 \b, physical drive 0x%x=0x80 (usual harddisk) #>>>>>>>>36 ubyte 0 \b, physical drive 0x%x=0 (usual floppy) ->>>>>>>>36 ubyte !0x80 +>>>>>>>>36 ubyte !0x80 >>>>>>>>>36 ubyte !0 \b, physical drive 0x%x # VGA-copy CRC or # in Windows NT bit 0 is a dirty flag to request chkdsk at boot time. bit 1 requests surface scan too @@ -1437,27 +1435,27 @@ # if it is small enough FAT is 12 bit, if it is too big enough FAT is 32 bit, # otherwise FAT is 16 bit. # http://homepage.ntlworld.com/jonathan.deboynepollard/FGA/determining-fat-widths.html ->>>>>82 string/c !fat32 +>>>>>82 string/c !fat32 >>>>>>54 string FAT12 \b, FAT (12 bit) >>>>>>54 string FAT16 \b, FAT (16 bit) ->>>>>>54 default x +>>>>>>54 default x # determinate FAT bit size by media descriptor # small floppies implies FAT12 >>>>>>>21 ubyte <0xF0 \b, FAT (12 bit by descriptor) # with media descriptor F0h floppy or maybe superfloppy with FAT16 ->>>>>>>21 ubyte =0xF0 +>>>>>>>21 ubyte =0xF0 # superfloppy (many sectors) implies FAT16 >>>>>>>>32 ulelong >0xFFFF \b, FAT (16 bit by descriptor+sectors) # no superfloppy with media descriptor F0h implies FAT12 >>>>>>>>32 default x \b, FAT (12 bit by descriptor+sectors) # with media descriptor F8h floppy or hard disc with FAT12 or FAT16 ->>>>>>>21 ubyte =0xF8 +>>>>>>>21 ubyte =0xF8 # 360 KiB with media descriptor F8h, 9 sectors per track ,single sided floppy implies FAT12 >>>>>>>>19 ubequad 0xd002f80300090001 \b, FAT (12 bit by descriptor+geometry) # hard disc with FAT12 or FAT16 >>>>>>>>19 default x \b, FAT (1Y bit by descriptor) # with media descriptor FAh floppy, RAM disc with FAT12 or FAT16 or Tandy hard disc ->>>>>>>21 ubyte =0xFA +>>>>>>>21 ubyte =0xFA # 320 KiB with media descriptor FAh, 8 sectors per track ,single sided floppy implies FAT12 >>>>>>>>19 ubequad 0x8002fa0200080001 \b, FAT (12 bit by descriptor+geometry) # RAM disc with FAT12 or FAT16 or Tandy hard disc @@ -1481,17 +1479,17 @@ # 0 or 0xFFFF instead of usual 6 means no backup sector >>>>>>50 uleshort =0xFFFF \b, no Backup boot sector >>>>>>50 uleshort =0 \b, no Backup boot sector -#>>>>>>50 uleshort =6 \b, Backup boot sector %u (usual) ->>>>>>50 default x +#>>>>>>50 uleshort =6 \b, Backup boot sector %u (usual) +>>>>>>50 default x >>>>>>>50 uleshort x \b, Backup boot sector %u # corrected by Joerg Jenderek at Feb 2011 according to http://thestarman.pcministry.com/asm/mbr/MSWIN41.htm#FSINFO >>>>>>52 ulelong >0 \b, reserved1 0x%x >>>>>>56 ulelong >0 \b, reserved2 0x%x >>>>>>60 ulelong >0 \b, reserved3 0x%x -# same structure as FAT1X +# same structure as FAT1X #>>>>>>64 ubyte =0x80 \b, physical drive 0x%x=80 (usual harddisk) #>>>>>>64 ubyte =0 \b, physical drive 0x%x=0 (usual floppy) ->>>>>>64 ubyte !0x80 +>>>>>>64 ubyte !0x80 >>>>>>>64 ubyte >0 \b, physical drive 0x%x # in Windows NT bit 0 is a dirty flag to request chkdsk at boot time. bit 1 requests surface scan too >>>>>>65 ubyte >0 \b, reserved 0x%x @@ -1502,10 +1500,10 @@ >>>>>>>71 string >NO\ NAME \b, label: "%11.11s" >>>>>>>71 string =NO\ NAME \b, unlabeled # additional tests for floppy image added by Joerg Jenderek -# no fixed disk ->>>>>21 ubyte !0xF8 +# no fixed disk +>>>>>21 ubyte !0xF8 # floppy media with 12 bit FAT ->>>>>>54 string !FAT16 +>>>>>>54 string !FAT16 # test for FAT after bootsector >>>>>>>(11.s) ulelong&0x00ffffF0 0x00ffffF0 \b, followed by FAT # floppy image @@ -1513,11 +1511,11 @@ # NTFS specific added by Joerg Jenderek at Mar 2011 according to http://thestarman.pcministry.com/asm/mbr/NTFSBR.htm # and http://homepage.ntlworld.com/jonathan.deboynepollard/FGA/bios-parameter-block.html # 0 FATs ->>>>>16 ubyte =0 +>>>>>16 ubyte =0 # 0 root entries ->>>>>>17 uleshort =0 +>>>>>>17 uleshort =0 # 0 DOS sectors ->>>>>>>19 uleshort =0 +>>>>>>>19 uleshort =0 # 0 sectors/FAT # dos < 4.0 BootSector value found is 0x80 #38 ubyte =0x80 \b, dos < 4.0 BootSector (0x%x) @@ -1528,13 +1526,13 @@ >>>>>>>>>48 ulequad >0 \b, $MFT start cluster %lld >>>>>>>>>56 ulequad >0 \b, $MFTMirror start cluster %lld # Values 0 to 127 represent MFT record sizes of 0 to 127 clusters. -# Values 128 to 255 represent MFT record sizes of 2^(256-N) bytes. ->>>>>>>>>64 lelong <256 +# Values 128 to 255 represent MFT record sizes of 2^(256-N) bytes. +>>>>>>>>>64 lelong <256 >>>>>>>>>>64 lelong <128 \b, clusters/RecordSegment %d >>>>>>>>>>64 ubyte >127 \b, bytes/RecordSegment 2^(-1*%i) # Values 0 to 127 represent index block sizes of 0 to 127 clusters. # Values 128 to 255 represent index block sizes of 2^(256-N) byte ->>>>>>>>>68 ulelong <256 +>>>>>>>>>68 ulelong <256 >>>>>>>>>>68 ulelong <128 \b, clusters/index block %d #>>>>>>>>>>68 ulelong >127 \b, bytes/index block 2^(256-%d) >>>>>>>>>>68 ubyte >127 \b, bytes/index block 2^(-1*%i) @@ -1541,20 +1539,30 @@ >>>>>>>>>72 ulequad x \b, serial number 0%llx >>>>>>>>>80 ulelong >0 \b, checksum 0x%x #>>>>>>>>>80 ulelong =0 \b, checksum 0x%x=0 (usual) ->>>>>>>>>0x258 ulelong&0x00009090 =0x00009090 ->>>>>>>>>>&-92 indirect x \b; contains +>>>>>>>>>0x258 ulelong&0x00009090 =0x00009090 +>>>>>>>>>>&-92 indirect x \b; contains # For 2nd NTFS sector added by Joerg Jenderek at Jan 2013 # http://thestarman.pcministry.com/asm/mbr/NTFSbrHexEd.htm # unused assembler instructions JMP y2;NOP;NOP -0x056 ulelong&0xFFFF0FFF 0x909002EB +0x056 ulelong&0xFFFF0FFF 0x909002EB # unicode loadername terminated by CTRL-D ->(0.s*2) ulelong&0xFFFFFF00 0x00040000 +>(0.s*2) ulelong&0xFFFFFF00 0x00040000 # loadernames are NTLDR,CMLDR,PELDR,$LDR$ or BOOTMGR >>0x002 lestring16 x Microsoft Windows XP/VISTA bootloader %-5.5s ->>0x12 string $ +>>0x12 string $ >>>0x0c lestring16 x \b%-2.2s ### DOS,NTFS boot sectors end +# ntfsclone-image is a special save format for NTFS volumes, +# created and restored by the ntfsclone program +0 string \0ntfsclone-image ntfsclone image, +>0x10 byte x version %d. +>0x11 byte x \b%d, +>0x12 lelong x cluster size %d, +>0x16 lequad x device size %lld, +>0x1e lequad x %lld total clusters, +>0x26 lequad x %lld clusters in use + 9564 lelong 0x00011954 Unix Fast File system [v1] (little-endian), >8404 string x last mounted on %s, #>9504 ledate x last checked at %s, @@ -1671,6 +1679,13 @@ >&-1248 belong 0 TIME optimization >&-1248 belong 1 SPACE optimization +0 ulequad 0xc8414d4dc5523031 HAMMER filesystem (little-endian), +>0x90 lelong+1 x volume %d +>0x94 lelong x (of %d), +>0x50 string x name %s, +>0x98 ulelong x version %u, +>0xa0 ulelong x flags 0x%x + # ext2/ext3 filesystems - Andreas Dilger # ext4 filesystem - Eric Sandeen # volume label and UUID Russell Coker @@ -1738,28 +1753,30 @@ >0x402 beshort < 100 >0x402 beshort > -1 Minix filesystem, V1, 30 char names (big endian), %d zones >0x1e string minix \b, bootable -0x410 leshort 0x2468 ->0x402 beshort < 100 ->>0x402 beshort > -1 Minix filesystem, V2, 14 char names ->0x1e string minix \b, bootable -0x410 beshort 0x2468 ->0x402 beshort < 100 ->0x402 beshort > -1 Minix filesystem, V2 (big endian) ->0x1e string minix \b, bootable -0x410 leshort 0x2478 ->0x402 beshort < 100 ->0x402 beshort > -1 Minix filesystem, V2, 30 char names ->0x1e string minix \b, bootable -0x410 leshort 0x2478 ->0x402 beshort < 100 ->0x402 beshort > -1 Minix filesystem, V2, 30 char names ->0x1e string minix \b, bootable -0x410 beshort 0x2478 ->0x402 beshort !0 Minix filesystem, V2, 30 char names (big endian) ->0x1e string minix \b, bootable -0x418 leshort 0x4d5a ->0x402 beshort <100 ->>0x402 beshort > -1 Minix filesystem, V3, 60 char names +# Weak Magic: this is $x +#0x410 leshort 0x2468 +#>0x402 beshort < 100 +#>>0x402 beshort > -1 Minix filesystem, V2, 14 char names +#>0x1e string minix \b, bootable +#0x410 beshort 0x2468 +#>0x402 beshort < 100 +#>0x402 beshort > -1 Minix filesystem, V2 (big endian) +#>0x1e string minix \b, bootable +#0x410 leshort 0x2478 +#>0x402 beshort < 100 +#>0x402 beshort > -1 Minix filesystem, V2, 30 char names +#>0x1e string minix \b, bootable +#0x410 leshort 0x2478 +#>0x402 beshort < 100 +#>0x402 beshort > -1 Minix filesystem, V2, 30 char names +#>0x1e string minix \b, bootable +#0x410 beshort 0x2478 +#>0x402 beshort !0 Minix filesystem, V2, 30 char names (big endian) +#>0x1e string minix \b, bootable +# Weak Magic! this is MD +#0x418 leshort 0x4d5a +#>0x402 beshort <100 +#>>0x402 beshort > -1 Minix filesystem, V3, 60 char names # SGI disk labels - Nathan Scott 0 belong 0x0BE5A941 SGI disk label (volume header) @@ -1818,7 +1835,7 @@ # FE 250K 8-inch, 1-sided, single-density # FD 500K 8-inch, 2-sided, single-density # FE 1.2 MB 8-inch, 2-sided, double-density -# F8 ----- Fixed disk +# F8 ----- Fixed disk # # FC xxxK Apricot 70x1x9 boot disk. # @@ -1846,7 +1863,7 @@ # all FAT12 (strength=70) floppies with sectorsize 512 added by Joerg Jenderek at Jun 2013 # http://en.wikipedia.org/wiki/File_Allocation_Table#Exceptions # Too Weak. -#512 ubelong&0xE0ffff00 0xE0ffff00 +#512 ubelong&0xE0ffff00 0xE0ffff00 # without valid Media descriptor in place of BPB, cases with are done at other places #>21 ubyte <0xE5 floppy with old FAT filesystem # but valid Media descriptor at begin of FAT @@ -1858,61 +1875,61 @@ #>>512 ubyte =0xfb 640k #>>512 ubyte =0xfc 180k # look like an an old DOS directory entry -#>>>0xA0E ubequad 0 -#>>>>0xA00 ubequad !0 +#>>>0xA0E ubequad 0 +#>>>>0xA00 ubequad !0 #!:mime application/x-ima -#>>512 ubyte =0xfd +#>>512 ubyte =0xfd # look for 2nd FAT at different location to distinguish between 360k and 500k #>>>0x600 ubelong&0xE0ffff00 0xE0ffff00 360k #>>>0x500 ubelong&0xE0ffff00 0xE0ffff00 500k -#>>>0xA0E ubequad 0 +#>>>0xA0E ubequad 0 #!:mime application/x-ima -#>>512 ubyte =0xfe +#>>512 ubyte =0xfe #>>>0x400 ubelong&0xE0ffff00 0xE0ffff00 160k -#>>>>0x60E ubequad 0 -#>>>>>0x600 ubequad !0 +#>>>>0x60E ubequad 0 +#>>>>>0x600 ubequad !0 #!:mime application/x-ima #>>>0xC00 ubelong&0xE0ffff00 0xE0ffff00 1200k #>>512 ubyte =0xff 320k -#>>>0x60E ubequad 0 -#>>>>0x600 ubequad !0 +#>>>0x60E ubequad 0 +#>>>>0x600 ubequad !0 #!:mime application/x-ima #>>512 ubyte x \b, Media descriptor 0x%x # without x86 jump instruction -#>>0 ulelong&0x804000E9 !0x000000E9 -# assembler instructions: CLI;MOV SP,1E7;MOV AX;07c0;MOV +#>>0 ulelong&0x804000E9 !0x000000E9 +# assembler instructions: CLI;MOV SP,1E7;MOV AX;07c0;MOV #>>>0 ubequad 0xfabce701b8c0078e \b, MS-DOS 1.12 bootloader # IOSYS.COM+MSDOS.COM #>>>>0xc4 use 2xDOS-filename -#>>0 ulelong&0x804000E9 =0x000000E9 +#>>0 ulelong&0x804000E9 =0x000000E9 # only x86 short jump instruction found #>>>0 ubyte =0xEB #>>>>1 ubyte x \b, code offset 0x%x+2 # http://thestarman.pcministry.com/DOS/ibm100/Boot.htm -# assembler instructions: CLI;MOV AX,CS;MOV DS,AX;MOV DX,0 -#>>>>(1.b+2) ubequad 0xfa8cc88ed8ba0000 \b, PC-DOS 1.0 bootloader +# assembler instructions: CLI;MOV AX,CS;MOV DS,AX;MOV DX,0 +#>>>>(1.b+2) ubequad 0xfa8cc88ed8ba0000 \b, PC-DOS 1.0 bootloader # ibmbio.com+ibmdos.com #>>>>>0x176 use DOS-filename #>>>>>0x181 ubyte x \b+ #>>>>>0x182 use DOS-filename # http://thestarman.pcministry.com/DOS/ibm110/Boot.htm -# assembler instructions: CLI;MOV AX,CS;MOV DS,AX;XOR DX,DX;MOV -#>>>>(1.b+2) ubequad 0xfa8cc88ed833d28e \b, PC-DOS 1.1 bootloader +# assembler instructions: CLI;MOV AX,CS;MOV DS,AX;XOR DX,DX;MOV +#>>>>(1.b+2) ubequad 0xfa8cc88ed833d28e \b, PC-DOS 1.1 bootloader # ibmbio.com+ibmdos.com #>>>>>0x18b use DOS-filename #>>>>>0x196 ubyte x \b+ #>>>>>0x197 use DOS-filename # http://en.wikipedia.org/wiki/Zenith_Data_Systems -# assembler instructions: MOV BX,07c0;MOV SS,BX;MOV SP,01c6 +# assembler instructions: MOV BX,07c0;MOV SS,BX;MOV SP,01c6 #>>>>(1.b+2) ubequad 0xbbc0078ed3bcc601 \b, Zenith Data Systems MS-DOS 1.25 bootloader # IO.SYS+MSDOS.SYS #>>>>>0x20 use 2xDOS-filename # http://en.wikipedia.org/wiki/Corona_Data_Systems -# assembler instructions: MOV AX,CS;MOV DS,AX;CLI;MOV SS,AX; +# assembler instructions: MOV AX,CS;MOV DS,AX;CLI;MOV SS,AX; #>>>>(1.b+2) ubequad 0x8cc88ed8fa8ed0bc \b, MS-DOS 1.25 bootloader # IO.SYS+MSDOS.SYS #>>>>>0x69 use 2xDOS-filename -# assembler instructions: CLI;PUSH CS;POP SS;MOV SP,7c00; +# assembler instructions: CLI;PUSH CS;POP SS;MOV SP,7c00; #>>>>(1.b+2) ubequad 0xfa0e17bc007cb860 \b, MS-DOS 2.11 bootloader # defect IO.SYS+MSDOS.SYS ? #>>>>>0x162 use 2xDOS-filename @@ -1927,6 +1944,7 @@ >>38917 string 3 (version 2.0) >>38917 byte >0x33 (unknown version, ID 0x%X) >>38917 byte <0x31 (unknown version, ID 0x%X) +# The next line is not necessary because the MBR staff is done looking for boot signature >0x1FE leshort 0xAA55 (DOS/MBR boot sector) # "application id" which appears to be used as a volume label >32808 string/T >\0 '%s' @@ -1941,14 +1959,25 @@ 32769 string CD001 # mime line at that position does not work # to display CD-ROM (70=81-11) after MBR (113=40+72+1), partition-table (71=50+21) and before Apple Driver Map (51) -!:strength -11 +#!:strength -11 # to display CD-ROM (114=81+33) before MBR (113=40+72+1), partition-table (71=50+21) and Apple Driver Map (51) -# does not work -#!:strength +33 ->0 use cdrom +!:strength +34 +>0 use cdrom # .cso files -0 string CISO Compressed ISO CD image +# Reference: http://pismotec.com/ciso/ciso.h +# NOTE: There are two other formats with the same magic but +# completely incompatible specifications: +# - GameCube/Wii CISO: https://github.com/dolphin-emu/dolphin/blob/master/Source/Core/DiscIO/CISOBlob.h +# - PSP CISO: https://github.com/jamie/ciso/blob/master/ciso.h +0 string CISO +# Other fields are used to determine what type of CISO this is: +# - 0x04 == 0x00200000: GameCube/Wii CISO (block_size) +# - 0x10 == 0x00000800: PSP CISO (ISO-9660 sector size) +# - None of the above: Compact ISO. +>4 lelong !0 +>>4 lelong !0x200000 +>>>0x10 lelong !0x800 Compressed ISO CD image # cramfs filesystem - russell@coker.com.au 0 lelong 0x28cd3d45 Linux Compressed ROM File System data, little endian @@ -2040,6 +2069,13 @@ >29 byte 16 \bBlackfin, >29 byte 17 \bAVR32, >29 byte 18 \bSTMicroelectronics ST200, +>29 byte 19 \bSandbox architecture, +>29 byte 20 \bANDES Technology NDS32, +>29 byte 21 \bOpenRISC 1000, +>29 byte 22 \bARM 64-bit, +>29 byte 23 \bDesignWare ARC, +>29 byte 24 \bx86_64, +>29 byte 25 \bXtensa, >30 byte 0 Invalid Image >30 byte 1 Standalone Program >30 byte 2 OS Kernel Image @@ -2113,7 +2149,7 @@ >>8 ledate x created: %s # AFS Dump Magic -# From: Ty Sarna +# From: Ty Sarna 0 string \x01\xb3\xa1\x13\x22 AFS Dump >&0 belong x (v%d) >>&0 byte 0x76 @@ -2214,12 +2250,12 @@ >0x10090 lelong x sectorsize %d, >0x10094 lelong x nodesize %d, >0x10098 lelong x leafsize %d, ->0x10020 belong x UUID=%8x- ->0x10024 beshort x \b%4x- ->0x10026 beshort x \b%4x- ->0x10028 beshort x \b%4x- ->0x1002a beshort x \b%4x ->0x1002c belong x \b%8x, +>0x10020 belong x UUID=%08x- +>0x10024 beshort x \b%04x- +>0x10026 beshort x \b%04x- +>0x10028 beshort x \b%04x- +>0x1002a beshort x \b%04x +>0x1002c belong x \b%08x, >0x10078 lequad x %lld/ >0x10070 lequad x \b%lld bytes used, >0x10088 lequad x %lld devices @@ -2228,7 +2264,7 @@ # From: "Nelson A. de Oliveira" 0 string *dvdisaster* dvdisaster error correction file -# xfs metadump image +# xfs metadump image # mb_magic XFSM at 0; superblock magic XFSB at 1 << mb_blocklog # but can we do the << ? For now it's always 512 (0x200) anyway. 0 string XFSM @@ -2300,8 +2336,8 @@ 0 string td\000 floppy image data (TeleDisk, compressed) 0 string TD\000 floppy image data (TeleDisk) -0 string CQ\024 floppy image data (CopyQM, ->16 leshort x %d sectors, +0 string CQ\024 floppy image data (CopyQM, +>16 leshort x %d sectors, >18 leshort x %d heads.) 0 string ACT\020Apricot\020disk\020image\032\004 floppy image data (ApriDisk) @@ -2351,3 +2387,13 @@ >>>>>>>>0x1B ubyte 0x30 \b, media=1D >>>>>>>>0x1B ubyte 0x40 \b, media=1DD >>>>>>>>0x1A ubyte 0x10 \b, write-protected + +# HDD Raw Copy Tool disk image, file extension: .imgc +# From Benjamin Vanheuverzwijn +0 pstring HDD\ Raw\ Copy\ Tool %s +>0x100 pstring x %s +>0x200 pstring x - HD model: %s +#>0x300 pstring x unknown %s +>0x400 pstring x serial: %s +#>0x500 pstring x unknown: %s +!:ext imgc --- contrib/file/magic/Magdir/finger.orig +++ contrib/file/magic/Magdir/finger @@ -0,0 +1,16 @@ + +#------------------------------------------------------------------------------ +# $File: finger,v 1.2 2015/10/07 02:37:57 christos Exp $ +# fingerprint: file(1) magic for fingerprint data +# XPM bitmaps) +# + +# http://cgit.freedesktop.org/libfprint/libfprint/tree/libfprint/data.c + +0 string FP1 libfprint fingerprint data V1 +>3 beshort x \b, driver_id %x +>5 belong x \b, devtype %x + +0 string FP2 libfprint fingerprint data V2 +>3 beshort x \b, driver_id %x +>5 belong x \b, devtype %x --- contrib/file/magic/Magdir/flash.orig +++ contrib/file/magic/Magdir/flash @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: flash,v 1.11 2014/05/02 00:26:49 christos Exp $ +# $File: flash,v 1.14 2017/05/25 20:09:55 christos Exp $ # flash: file(1) magic for Macromedia Flash file format # # See @@ -10,24 +10,46 @@ # en/devnet/swf/pdf/swf-file-format-spec.pdf page 27 # -0 name swf-details ->0 string F Macromedia Flash data +0 name swf-details + +>0 string F +>>8 byte&0xfd 0x08 Macromedia Flash data !:mime application/x-shockwave-flash ->0 string C Macromedia Flash data (compressed) +>>>3 byte x \b, version %d +>>8 byte&0xfe 0x10 Macromedia Flash data !:mime application/x-shockwave-flash ->0 string Z Macromedia Flash data (lzma compressed) +>>>3 byte x \b, version %d +>>8 byte 0x18 Macromedia Flash data !:mime application/x-shockwave-flash ->3 byte x \b, version %d +>>>3 byte x \b, version %d +>>8 beshort&0xff87 0x2000 Macromedia Flash data +!:mime application/x-shockwave-flash +>>>3 byte x \b, version %d +>>8 beshort&0xffe0 0x3000 Macromedia Flash data +!:mime application/x-shockwave-flash +>>>3 byte x \b, version %d +>>8 byte&0x7 0 +>>>8 ubyte >0x2f +>>>>9 ubyte <0x20 Macromedia Flash data +!:mime application/x-shockwave-flash +>>>>>3 byte x \b, version %d -1 string WS ->4 lelong !0 ->>3 byte 255 Suspicious ->>>0 use swf-details +>0 string C +>>8 byte 0x78 Macromedia Flash data (compressed) +!:mime application/x-shockwave-flash +>>>3 byte x \b, version %d ->>3 ubyte <32 ->>>3 ubyte !0 ->>>>0 use swf-details +>0 string Z +>>8 byte 0x5d Macromedia Flash data (lzma compressed) +!:mime application/x-shockwave-flash +>>>3 byte x \b, version %d + +1 string WS +>4 ulelong >14 +>>3 ubyte !0 +>>>0 use swf-details + # From: Cal Peake 0 string FLV\x01 Macromedia Flash Video !:mime video/x-flv @@ -34,7 +56,7 @@ # # Yosu Gomez -0 string AGD2\xbe\xb8\xbb\xcd\x00 Macromedia Freehand 7 Document -0 string AGD3\xbe\xb8\xbb\xcc\x00 Macromedia Freehand 8 Document +0 string AGD2\xbe\xb8\xbb\xcd\x00 Macromedia Freehand 7 Document +0 string AGD3\xbe\xb8\xbb\xcc\x00 Macromedia Freehand 8 Document # From Dave Wilson -0 string AGD4\xbe\xb8\xbb\xcb\x00 Macromedia Freehand 9 Document +0 string AGD4\xbe\xb8\xbb\xcb\x00 Macromedia Freehand 9 Document --- contrib/file/magic/Magdir/flif.orig +++ contrib/file/magic/Magdir/flif @@ -0,0 +1,36 @@ + +#------------------------------------------------------------------------------ +# $File: flif,v 1.1 2015/11/23 22:04:36 christos Exp $ +# flif: Magic data for file(1) command. +# FLIF (Free Lossless Image Format) + +0 string FLIF FLIF +>4 string >6 beshort x \b, %u +>>8 beshort x \bx%u +>>5 string 1 \b, 8-bit/color, +>>5 string 2 \b, 16-bit/color, +>>4 string 1 \b, grayscale, non-interlaced +>>4 string 3 \b, RGB, non-interlaced +>>4 string 4 \b, RGBA, non-interlaced +>>4 string A \b, grayscale +>>4 string C \b, RGB, interlaced +>>4 string D \b, RGBA, interlaced +>4 string >H \b, animation data +>>5 ubyte <255 \b, %i frames +>>>7 beshort x \b, %u +>>>9 beshort x \bx%u +>>>6 string =1 \b, 8-bit/color +>>>6 string =2 \b, 16-bit/color +>>5 ubyte 0xFF +>>>6 beshort x \b, %i frames, +>>>9 beshort x \b, %u +>>>11 beshort x \bx%u +>>>8 string =1 \b, 8-bit/color +>>>8 string =2 \b, 16-bit/color +>>4 string =Q \b, grayscale, non-interlaced +>>4 string =S \b, RGB, non-interlaced +>>4 string =T \b, RGBA, non-interlaced +>>4 string =a \b, grayscale +>>4 string =c \b, RGB, interlaced +>>4 string =d \b, RGBA, interlaced --- contrib/file/magic/Magdir/fonts.orig +++ contrib/file/magic/Magdir/fonts @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: fonts,v 1.27 2014/04/30 21:41:02 christos Exp $ +# $File: fonts,v 1.37 2017/06/24 00:39:00 christos Exp $ # fonts: file(1) magic for font data # 0 search/1 FONT ASCII vfont text @@ -15,6 +15,56 @@ 6 string %!FontType1 PostScript Type 1 font program data 0 string %!PS-Adobe-3.0\ Resource-Font PostScript Type 1 font text +# Summary: PostScript Type 1 Printer Font Metrics +# URL: https://en.wikipedia.org/wiki/PostScript_fonts +# Reference: http://partners.adobe.com/public/developer/en/font/5178.PFM.pdf +# Modified by: Joerg Jenderek +# Note: moved from ./msdos magic +# dfVersion 256=0100h +0 uleshort 0x0100 +# GRR: line above is too general as it catches also TrueType font, +# raw G3 data FAX, WhatsApp encrypted and Panorama database +# dfType 129=0081h +>66 uleshort 0x0081 +# dfVertRes 300=012Ch not needed as additional test +#>>70 uleshort 0x012c +# dfHorizRes 300=012Ch +#>>>72 uleshort 0x012c +# dfDriverInfo points to postscript information section +>>(101.l) string/c Postscript Printer Font Metrics +# above labeled "PFM data" by ./msdos (version 5.28) or "Adobe Printer Font Metrics" by TrID +!:mime application/x-font-pfm +# AppleShare Print Server +#!:apple ASPS???? +!:ext pfm +# dfCopyright 60 byte null padded Copyright string. uncomment it to get old looking +#>>>6 string >\060 - %-.60s +# dfDriverInfo +>>>139 ulelong >0 +# often abbreviated and same as filename +>>>>(139.l) string x %s +# dfSize +>>>2 ulelong x \b, %d bytes +# dfFace 210=D2h 9Eh +>>>105 ulelong >0 +# Windows font name +>>>>(105.l) string x \b, %s +# dfItalic +>>>80 ubyte 1 italic +# dfUnderline +>>>81 ubyte 1 underline +# dfStrikeOut +>>>82 ubyte 1 strikeout +# dfWeight 400=0x0190 300=0x012c 500=0x01f4 600=0x0258 700=0x02bc +>>>83 uleshort >699 bold +# dfPitchAndFamily 16 17 48 49 64 65 +>>>90 ubyte 16 serif +>>>90 ubyte 17 serif proportional +#>>>90 ubyte 48 other +>>>90 ubyte 49 proportional +>>>90 ubyte 64 script +>>>90 ubyte 65 script proportional + # X11 font files in SNF (Server Natural Format) format # updated by Joerg Jenderek at Feb 2013 # http://computer-programming-forum.com/51-perl/8f22fb96d2e34bab.htm @@ -22,7 +72,7 @@ #>104 belong 00000004 X11 SNF font data, MSB first !:mime application/x-font-sfn # GRR: line below too general as it catches also Xbase index file t3-CHAR.NDX -0 lelong 00000004 +0 lelong 00000004 >104 lelong 00000004 X11 SNF font data, LSB first !:mime application/x-font-sfn @@ -29,11 +79,32 @@ # X11 Bitmap Distribution Format, from Daniel Quinlan (quinlan@yggdrasil.com) 0 search/1 STARTFONT\ X11 BDF font text +# From: Joerg Jenderek +# URL: http://grub.gibibit.com/New_font_format +# Reference: util/grub-mkfont.c +# include/grub/fontformat.h +# FONT_FORMAT_SECTION_NAMES_FILE +0 string FILE +# FONT_FORMAT_PFF2_MAGIC +>8 string PFF2 +# leng 4 only at the moment +>>4 ubelong 4 +# FONT_FORMAT_SECTION_NAMES_FONT_NAME +>>>12 string NAME GRUB2 font +!:mime application/x-font-pf2 +!:ext pf2 +# length of font_name +>>>>16 ubelong >0 +# font_name +>>>>>20 string >\0 "%-s" + # X11 fonts, from Daniel Quinlan (quinlan@yggdrasil.com) # PCF must come before SGI additions ("MIPSEL MIPS-II COFF" collides) -0 string \001fcp X11 Portable Compiled Font data ->12 byte 0x02 \b, LSB first ->12 byte 0x0a \b, MSB first +0 string \001fcp X11 Portable Compiled Font data, +>12 lelong ^0x08 bit: LSB, +>12 lelong &0x08 bit: MSB, +>12 lelong ^0x04 byte: LSB first +>12 lelong &0x04 byte: MSB first 0 string D1.0\015 X11 Speedo font data #------------------------------------------------------------------------------ @@ -58,43 +129,205 @@ 4098 string DOSFONT DOSFONT2 encrypted font data # downloadable fonts for browser (prints type) anthon@mnt.org -0 string PFR1 PFR1 font +# https://tools.ietf.org/html/rfc3073 +0 string PFR1 Portable Font Resource font data (new) >102 string >0 \b: %s +0 string PFR0 Portable Font Resource font data (old) +>4 beshort >0 version %d # True Type fonts -0 string \000\001\000\000\000 TrueType font data -!:mime application/x-font-ttf +# Modified by: Joerg Jenderek +# URL: https://en.wikipedia.org/wiki/TrueType +# Reference: https://developer.apple.com/fonts/TrueType-Reference-Manual/ +# +# sfnt version "typ1" used by some Apple, but no example found +0 string typ1 +>0 use sfnt-font +>0 use sfnt-names +# sfnt version "true" used by some Apple +0 string true +>0 use sfnt-font +>0 use sfnt-names +# GRR: below test is too general +# sfnt version often 0x00010000 +0 string \000\001\000\000 +>0 use sfnt-font +>0 use sfnt-names +# validate and display sfnt font data like number of tables +0 name sfnt-font +# file 5.30 version assumes 00FFh as maximal number of tables +#>4 ubeshort <0x0100 +# maximal 27 tables found like in Skia.ttf +# 46 different table names mentioned on Apple specification +# skip 1st sequence of DOS 2 backup with path separator (\~92 or /~47) misinterpreted as table number +>4 ubeshort <47 +# skip bad examples with garbage table names like in a5.show HYPERC MAC +# tag names consist of up to four characters padded with spaces at end like +# BASE DSIG OS/2 Zapf acnt glyf cvt vmtx xref ... +>>12 regex/4l \^[A-Za-z][A-Za-z][A-Za-z/][A-Za-z2\ ] +#>>>0 ubelong x \b, sfnt version 0x%x +>>>0 ubelong !0x4f54544f TrueType +!:mime application/font-sfnt +#!:mime font/ttf +!:apple ????tfil +# .ttf for TrueType font +# EUDC.tte created by privat character editor %WINDIR%\system32\eudcedit.exe +!:ext ttf/tte +# sfnt version 4F54544Fh~OTTO +>>>0 ubelong =0x4f54544f OpenType +!:mime application/font-sfnt +#!:mime font/otf +!:apple ????OTTO +!:ext otf +>>>0 ubelong x Font data +# DSIG=44454947h table name implies a digitally signed font +# search range = number of tables * 16 =< maximal number of tables * 16 = 27 * 16 = 432 +>>>12 search/432 DSIG \b, digitally signed +>>>4 ubeshort x \b, %d tables +# minimal 9 tables found like in NISC18030.ttf +#>>>4 ubeshort <10 TMIN +#>>>4 ubeshort >24 TBIG +# table directory entries +>>>12 string x \b, 1st "%4.4s" +# search and display 1st name in sfnt font which is often copyright text +# does not work inside font collections +0 name sfnt-names +# search for naming table +>12 search/432/s name +# biggest offset 0x0100bd28 like Windows10 Fonts\simsunb.ttf +#>>>>&8 ubelong >0x0100bd27 BIGGEST OFFSET +>>&8 ubelong >0x00100000 +# offset of name table +>>>&-4 ubelong x \b, name offset 0x%x +# GRR: pointer to name table only works if offset ~< FILE_BYTES_MAX = 100000h defined in src\file.h +>>&8 ubelong <0x00100000 +>>>&-16 ubelong x +# name table +>>>>(&8.L) ubequad x +# invalid format selector +#>>>>>&-8 ubeshort !0 \b, invalid selector %x +# minimal 3 name records found like in c:\Program Files (x86)\Tesseract-OCR\tessdata\pdf.ttf +# maximal 1227 name records found like in Apple Chancery.ttf +#>>>>>&-6 ubeshort <0x4 mincount +#>>>>>&-6 ubeshort >130 maxcount +>>>>>&-6 ubeshort x \b, %d names +# offset to start of string storage from start of table +#>>>>>&-4 ubeshort x \b, record offset %d +# 1st name record +# string offset from start of storage area +#>>>>>&8 ubeshort x \b, string offset %d +# string length +#>>>>>&6 ubeshort x \b, string length %d +# minimal name string 7 like in c:\Program Files (x86)\Kodi\addons\webinterface.default\lib\video-js\font\VideoJS.ttf +# also found 0 like in SWZCONLN.TTF +#>>>>>&6 ubeshort <8 MIN STRING +# maximal name string 806 like in c:\Windows\Fonts\palabi.ttf +#>>>>>&6 ubeshort >805 MAX STRING +# platform identifier: 0~Apple Unicode, 1~Macintosh, 3~Microsoft +#>>>>>&-2 ubeshort >3 BAD PLATFORM +>>>>>&-2 ubeshort 0 \b, Unicode +>>>>>&-2 ubeshort 1 \b, Macintosh +>>>>>&-2 ubeshort 3 \b, Microsoft +# languageID (0~english Macintosh, 0409h~english Microsoft, ...) +>>>>>&2 ubeshort >0 \b, language 0x%x +# name identifiers +# often 0~copyright, 1~font, 2~font subfamily, 5~version, 13~license, 19~sample, ... +>>>>>&4 ubeshort >0 \b, type %d string +# platform specific encoding: +# 0~undefined character set, 1~UGL set with Unicode, 3~Unicode 2.0 BMP only, 4~Unicode 2.0 +#>>>>>&0 ubeshort x \b, %d encoding +>>>>>&0 ubeshort 0 +# handle only name string offset 0 because do not know how to add 2 relative offsets +>>>>>>&6 ubeshort 0 +>>>>>>>&(&-14.S-18) ubyte !0 +# GRR: instead 806 only first MAXstring = 96 characters are displayed as defined in src\file.h +# often copyright string that starts like \251 2006 The Monotype Corporation +>>>>>>>>&-1 string x \b, %-11.96s +# test for unicode string +>>>>>>>&(&-14.S-18) ubyte 0 +>>>>>>>>&0 lestring16 x \b, %-11.96s +# unicode encoding +>>>>>&0 ubeshort >0 +>>>>>>&6 ubeshort 0 +>>>>>>>&(&-14.S-17) lestring16 x \b, %-11.96s + 0 string \007\001\001\000Copyright\ (c)\ 199 Adobe Multiple Master font 0 string \012\001\001\000Copyright\ (c)\ 199 Adobe Multiple Master font # TrueType/OpenType font collections (.ttc) +# URL: https://en.wikipedia.org/wiki/OpenType # http://www.microsoft.com/typography/otspec/otff.htm -0 string ttcf TrueType font collection data ->4 belong 0x00010000 \b, 1.0 ->>8 belong >0 \b, %d fonts ->4 belong 0x00020000 \b, 2.0 ->>8 belong >0 \b, %d fonts +# Modified by: Joerg Jenderek +# Note: container for TrueType, OpenType font +0 string ttcf +# skip ASCII text +>4 ubyte 0 +# sfnt version often 0x00010000 of 1st table is TrueType +>>(12.L) ubelong !0x4f54544f TrueType +#!:mime font/ttf +!:apple ????tfil +!:ext ttc +# sfnt version 4F54544Fh~OTTO of 1st table is OpenType font +>>(12.L) ubelong =0x4f54544f OpenType +#!:mime font/otf +!:apple ????OTTO +# no example found for otc +!:ext ttc/otc +>>4 ubyte x font collection data +!:mime application/font-sfnt +#!:mime font/collection +# TCC version +>>4 belong 0x00010000 \b, 1.0 +>>4 belong 0x00020000 \b, 2.0 +>>8 ubelong >0 \b, %d fonts +# array offset size = fonts * offsetsize = fonts * 4 +>>(8.L*4) ubequad x # 0x44454947 = 'DSIG' ->>>16 belong 0x44534947 \b, digitally signed +>>>&4 belong 0x44534947 \b, digitally signed +# offset to 1st font +>>12 ubelong x \b, at 0x%x +# point to 1st font that starts with sfnt version +>>(12.L) use sfnt-font # Opentype font data from Avi Bercovich 0 string OTTO OpenType font data !:mime application/vnd.ms-opentype -# Gurkan Sengun , www.linuks.mine.nu -0 string SplineFontDB: Spline Font Database +# Gurkan Sengun , www.linuks.mine.nu +0 string SplineFontDB: Spline Font Database !:mime application/vnd.font-fontforge-sfd >14 string x version %s # EOT -34 string LP Embedded OpenType (EOT) +0x40 string \0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0 +>0x22 string LP Embedded OpenType (EOT) +# workaround until there's lepstring16 +# >>0x52 lepstring16/h >\0 \b, %s family +>>0x52 short !0 +>>>0x54 lestring16 x \b, %s family !:mime application/vnd.ms-fontobject # Web Open Font Format (.woff) +0 name woff +>4 belong 0x00010000 \b, TrueType +>4 belong 0x4F54544F \b, CFF +>4 belong 0x74727565 \b, TrueType +>4 default x +>>4 belong x \b, flavor %d +>8 belong x \b, length %d +#>12 beshort x \b, numTables %d +#>14 beshort x \b, reserved %d +#>16 belong x \b, totalSfntSize %d + # http://www.w3.org/TR/WOFF/ 0 string wOFF Web Open Font Format ->4 belong x \b, flavor %d ->8 belong x \b, length %d +>0 use woff >20 beshort x \b, version %d >22 beshort x \b.%d +# http://www.w3.org/TR/WOFF2/ +0 string wOF2 Web Open Font Format (Version 2) +>0 use woff +#>20 belong x \b, totalCompressedSize %d +>24 beshort x \b, version %d +>26 beshort x \b.%d --- contrib/file/magic/Magdir/fortran.orig +++ contrib/file/magic/Magdir/fortran @@ -1,7 +1,9 @@ #------------------------------------------------------------------------------ -# $File: fortran,v 1.9 2015/06/17 19:55:27 christos Exp $ +# $File: fortran,v 1.10 2015/11/05 18:47:16 christos Exp $ # FORTRAN source -0 regex/100l \^[Cc][\ \t] FORTRAN program text +# Check that the first 100 lines start with C or whitespace first. +0 regex/100l !\^[^Cc\ \t].*$ +>0 regex/100l \^[Cc][\ \t] FORTRAN program text !:mime text/x-fortran !:strength - 5 --- contrib/file/magic/Magdir/fsav.orig +++ contrib/file/magic/Magdir/fsav @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: fsav,v 1.13 2013/03/25 17:18:47 christos Exp $ +# $File: fsav,v 1.14 2017/03/17 21:35:28 christos Exp $ # fsav: file(1) magic for datafellows fsav virus definition files # Anthon van der Neut (anthon@mnt.org) @@ -29,11 +29,11 @@ #>>>>10 byte 11 \b12- #>>>>9 ubyte >0 \b%02d) # ftp://ftp.f-prot.com/pub/sign2.zip -#0 ubyte 0x62 -#>1 ubyte 0xF5 -#>>2 ubyte 0x1 -#>>>3 ubyte 0x1 -#>>>>4 ubyte 0x0e +#0 ubyte 0x62 +#>1 ubyte 0xF5 +#>>2 ubyte 0x1 +#>>>3 ubyte 0x1 +#>>>>4 ubyte 0x0e #>>>>>13 ubyte >0 fsav virus signatures #>>>>>>11 ubyte x size 0x%02x #>>>>>>12 ubyte x \b%02x @@ -44,16 +44,16 @@ # .cvd files start with a 512 bytes colon separated header # ClamAV-VDB:buildDate:version:signaturesNumbers:functionalityLevelRequired:MD5:Signature:builder:buildTime # + gzipped tarball files -0 string ClamAV-VDB: +0 string ClamAV-VDB: >11 string >\0 Clam AntiVirus database %-.23s ->>34 string : ->>>35 string !: \b, version +>>34 string : +>>>35 string !: \b, version >>>>35 string x \b%-.1s ->>>>>36 string !: +>>>>>36 string !: >>>>>>36 string x \b%-.1s ->>>>>>>37 string !: +>>>>>>>37 string !: >>>>>>>>37 string x \b%-.1s ->>>>>>>>>38 string !: +>>>>>>>>>38 string !: >>>>>>>>>>38 string x \b%-.1s >512 string \037\213 \b, gzipped >769 string ustar\0 \b, tarred --- contrib/file/magic/Magdir/games.orig +++ contrib/file/magic/Magdir/games @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: games,v 1.14 2014/04/30 21:41:02 christos Exp $ +# $File: games,v 1.15 2017/03/17 21:35:28 christos Exp $ # games: file(1) for games # Fabio Bonelli @@ -39,7 +39,7 @@ #0 string -1\x0a Quake I demo #>30 string x version %.4s -#>61 string x level %s +#>61 string x level %s #0 string 5\x0a Quake I save @@ -240,7 +240,7 @@ # Summary: NetImmerse game engine file # Extension .nif # Created by: Abel Cheung -0 string NetImmerse\ File\ Format,\ Versio +0 string NetImmerse\ File\ Format,\ Versio >&0 string n\ NetImmerse game engine file >>&0 regex [0-9a-z.]+ \b, version %s --- contrib/file/magic/Magdir/gcc.orig +++ contrib/file/magic/Magdir/gcc @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: gcc,v 1.4 2009/09/19 16:28:09 christos Exp $ +# $File: gcc,v 1.5 2016/07/01 23:31:13 christos Exp $ # gcc: file(1) magic for GCC special files # 0 string gpch GCC precompiled header @@ -12,6 +12,6 @@ # 67 = 'C', 111 = 'o', 43 = '+', 79 = 'O' >4 byte 67 for C ->4 byte 111 for Objective C +>4 byte 111 for Objective-C >4 byte 43 for C++ ->4 byte 79 for Objective C++ +>4 byte 79 for Objective-C++ --- contrib/file/magic/Magdir/gconv.orig +++ contrib/file/magic/Magdir/gconv @@ -0,0 +1,10 @@ + +#------------------------------------------------------------------------------ +# $File: gconv +# gconv: file(1) magic for iconv/gconv module configuration cache +# +# Magic number defined in glibc/iconv/iconvconfig.h as GCONVCACHE_MAGIC +# +# From: Marek Cermak +# +0 lelong 0x20010324 gconv module configuration cache data --- contrib/file/magic/Magdir/geo.orig +++ contrib/file/magic/Magdir/geo @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: geo,v 1.3 2013/01/04 00:47:02 christos Exp $ +# $File: geo,v 1.4 2017/03/17 21:35:28 christos Exp $ # Geo- files from Kurt Schwehr ###################################################################### @@ -57,7 +57,7 @@ 4 beshort 0x2002 GeoSwath RDF 0 string Start:- GeoSwatch auf text file -# Seabeam 2100 +# Seabeam 2100 # mbsystem code mb41 0 string SB2100 SeaBeam 2100 multibeam sonar 0 string SB2100DR SeaBeam 2100 DR multibeam sonar --- contrib/file/magic/Magdir/gnu.orig +++ contrib/file/magic/Magdir/gnu @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: gnu,v 1.16 2015/04/19 22:59:25 christos Exp $ +# $File: gnu,v 1.18 2017/03/17 21:35:28 christos Exp $ # gnu: file(1) magic for various GNU tools # # GNU nlsutils message catalog file format @@ -34,9 +34,12 @@ # This magic is not particularly good, as the keyrings don't have true # magic. Nevertheless, it covers many keyrings. -0 beshort 0x9901 GPG key public ring -!:mime application/x-gnupg-keyring +0 ubeshort-0x9901 <2 +>3 byte 4 +>>4 bedate x GPG key public ring, created %s +!:mime application/x-gnupg-keyring + # Symmetric encryption 0 leshort 0x0d8c >4 leshort 0x0203 @@ -68,7 +71,7 @@ # they will ordinarily reported as "compressed", but at least -z helps 39 string = +# From: James Youngman # gnu find magic 0 string \0LOCATE GNU findutils locate database data >7 string >\0 \b, format %s --- contrib/file/magic/Magdir/gpt.orig +++ contrib/file/magic/Magdir/gpt @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: gpt,v 1.3 2014/04/30 21:41:02 christos Exp $ +# $File: gpt,v 1.4 2017/03/17 21:35:28 christos Exp $ # # GPT Partition table patterns. # Author: Rogier Goossens (goossens.rogier@gmail.com) @@ -36,7 +36,7 @@ >>>>>>>>>>>>>(454.l*8192) string EFI\ PART GPT partition table >>>>>>>>>>>>>>0 use gpt-mbr-type >>>>>>>>>>>>>>&-8 use gpt-table ->>>>>>>>>>>>>>0 ubyte x of 8192 bytes +>>>>>>>>>>>>>>0 ubyte x of 8192 bytes >>>>>>>>>>>>>(454.l*8192) string !EFI\ PART >>>>>>>>>>>>>>(454.l*4096) string EFI\ PART GPT partition table >>>>>>>>>>>>>>>0 use gpt-mbr-type @@ -66,7 +66,7 @@ >>>>>>>>>>>>>(470.l*8192) string EFI\ PART GPT partition table >>>>>>>>>>>>>>0 use gpt-mbr-type >>>>>>>>>>>>>>&-8 use gpt-table ->>>>>>>>>>>>>>0 ubyte x of 8192 bytes +>>>>>>>>>>>>>>0 ubyte x of 8192 bytes >>>>>>>>>>>>>(470.l*8192) string !EFI\ PART >>>>>>>>>>>>>>(470.l*4096) string EFI\ PART GPT partition table >>>>>>>>>>>>>>>0 use gpt-mbr-type @@ -96,7 +96,7 @@ >>>>>>>>>>>>>(486.l*8192) string EFI\ PART GPT partition table >>>>>>>>>>>>>>0 use gpt-mbr-type >>>>>>>>>>>>>>&-8 use gpt-table ->>>>>>>>>>>>>>0 ubyte x of 8192 bytes +>>>>>>>>>>>>>>0 ubyte x of 8192 bytes >>>>>>>>>>>>>(486.l*8192) string !EFI\ PART >>>>>>>>>>>>>>(486.l*4096) string EFI\ PART GPT partition table >>>>>>>>>>>>>>>0 use gpt-mbr-type @@ -126,7 +126,7 @@ >>>>>>>>>>>>>(502.l*8192) string EFI\ PART GPT partition table >>>>>>>>>>>>>>0 use gpt-mbr-type >>>>>>>>>>>>>>&-8 use gpt-table ->>>>>>>>>>>>>>0 ubyte x of 8192 bytes +>>>>>>>>>>>>>>0 ubyte x of 8192 bytes >>>>>>>>>>>>>(502.l*8192) string !EFI\ PART >>>>>>>>>>>>>>(502.l*4096) string EFI\ PART GPT partition table >>>>>>>>>>>>>>>0 use gpt-mbr-type @@ -166,7 +166,7 @@ ##>(8.l*8192) string EFI\ PART ##>>(8.l*8192) use gpt-mbr-type ##>>&-8 use gpt-table -##>>0 ubyte x of 8192 bytes +##>>0 ubyte x of 8192 bytes ##>(8.l*8192) string !EFI\ PART ##>>(8.l*4096) string EFI\ PART GPT partition table ##>>>0 use gpt-mbr-type @@ -212,7 +212,7 @@ >>486 ulelong !1 \b (nonstandard: not at LBA 1) # GPT with protective MBR entry in partition 4 >498 ubyte 0xee ->>502 ulelong 1 +>>502 ulelong 1 >>>446 string !\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0 \b (with hybrid MBR) >>502 ulelong !1 \b (nonstandard: not at LBA 1) --- contrib/file/magic/Magdir/gpu.orig +++ contrib/file/magic/Magdir/gpu @@ -0,0 +1,28 @@ + +#------------------------------------------------------------------------------ +# $File: gpu,v 1.2 2017/03/23 22:11:53 christos Exp $ +# gpu: file(1) magic for GPU input files + +# Standard Portable Intermediate Representation (SPIR) +# Documentation: https://www.khronos.org/spir +# Typical file extension: .spv + +0 belong 0x07230203 Khronos SPIR-V binary, big-endian +>4 belong x \b, version 0x%08x +>8 belong x \b, generator 0x%08x + +0 lelong 0x07230203 Khronos SPIR-V binary, little-endian +>4 lelong x \b, version 0x%08x +>8 lelong x \b, generator 0x%08x + +# Vulkan Trace file +# Documentation: +# https://github.com/LunarG/VulkanTools/blob/master/vktrace/vktrace_common/\ +# vktrace_trace_packet_identifiers.h +# Typical file extension: .vktrace + +8 lequad 0xABADD068ADEAFD0C Vulkan trace file, little-endian +>0 leshort x \b, version %d + +8 bequad 0xABADD068ADEAFD0C Vulkan trace file, big-endian +>0 beshort x \b, version %d --- contrib/file/magic/Magdir/gringotts.orig +++ contrib/file/magic/Magdir/gringotts @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: gringotts,v 1.5 2009/09/19 16:28:09 christos Exp $ +# $File: gringotts,v 1.6 2017/03/17 21:35:28 christos Exp $ # gringotts: file(1) magic for Gringotts # http://devel.pluto.linux.it/projects/Gringotts/ # author: Germano Rizzo @@ -9,10 +9,10 @@ #file format 1 >3 string 1 v.1, MCRYPT S2K, SERPENT crypt, SHA-256 hash, ZLib lvl.9 #file format 2 ->3 string 2 v.2, MCRYPT S2K, +>3 string 2 v.2, MCRYPT S2K, >>8 byte&0x70 0x00 RIJNDAEL-128 crypt, >>8 byte&0x70 0x10 SERPENT crypt, ->>8 byte&0x70 0x20 TWOFISH crypt, +>>8 byte&0x70 0x20 TWOFISH crypt, >>8 byte&0x70 0x30 CAST-256 crypt, >>8 byte&0x70 0x40 SAFER+ crypt, >>8 byte&0x70 0x50 LOKI97 crypt, @@ -27,10 +27,10 @@ >>8 byte&0x03 0x02 lvl.6 >>8 byte&0x03 0x03 lvl.9 #file format 3 ->3 string 3 v.3, OpenPGP S2K, +>3 string 3 v.3, OpenPGP S2K, >>8 byte&0x70 0x00 RIJNDAEL-128 crypt, >>8 byte&0x70 0x10 SERPENT crypt, ->>8 byte&0x70 0x20 TWOFISH crypt, +>>8 byte&0x70 0x20 TWOFISH crypt, >>8 byte&0x70 0x30 CAST-256 crypt, >>8 byte&0x70 0x40 SAFER+ crypt, >>8 byte&0x70 0x50 LOKI97 crypt, --- contrib/file/magic/Magdir/hitachi-sh.orig +++ contrib/file/magic/Magdir/hitachi-sh @@ -1,22 +1,28 @@ #------------------------------------------------------------------------------ -# $File: hitachi-sh,v 1.6 2013/01/29 19:31:33 christos Exp $ +# $File: hitachi-sh,v 1.8 2017/03/17 21:35:28 christos Exp $ # hitach-sh: file(1) magic for Hitachi Super-H # # Super-H COFF # -# below test line conflicts with 2nd NTFS filesystem sector -0 beshort 0x0500 Hitachi SH big-endian COFF +# updated by Joerg Jenderek at Oct 2015 +# https://en.wikipedia.org/wiki/COFF +# https://de.wikipedia.org/wiki/Common_Object_File_Format +# http://www.delorie.com/djgpp/doc/coff/filhdr.html +# below test line conflicts with 2nd NTFS filesystem sector # 2nd NTFS filesystem sector often starts with 0x05004e00 for unicode string 5 NTLDR -#0 ubelong&0xFFFFNMPQ 0x0500NMPQ Hitachi SH big-endian COFF ->18 beshort&0x0002 =0x0000 object ->18 beshort&0x0002 =0x0002 executable ->18 beshort&0x0008 =0x0008 \b, stripped ->18 beshort&0x0008 =0x0000 \b, not stripped -# -0 leshort 0x0550 Hitachi SH little-endian COFF ->18 leshort&0x0002 =0x0000 object ->18 leshort&0x0002 =0x0002 executable ->18 leshort&0x0008 =0x0008 \b, stripped ->18 leshort&0x0008 =0x0000 \b, not stripped +# and Portable Gaming Notation Compressed format (*.WID http://pgn.freeservers.com/) +0 beshort 0x0500 +# test for unused flag bits (0x8000,0x0800,0x0400,0x0200,x0080) in f_flags +>18 ubeshort&0x8E80 0 +# use big endian variant of subroutine to display name+variables+flags +# for common object formated files +>>0 use \^display-coff +0 leshort 0x0550 +# test for unused flag bits in f_flags +>18 uleshort&0x8E80 0 +# use little endian variant of subroutine to +# display name+variables+flags for common object formated files +>>0 use display-coff + --- contrib/file/magic/Magdir/ibm370.orig +++ contrib/file/magic/Magdir/ibm370 @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: ibm370,v 1.9 2014/04/30 21:41:02 christos Exp $ +# $File: ibm370,v 1.10 2017/03/17 21:35:28 christos Exp $ # ibm370: file(1) magic for IBM 370 and compatibles. # # "ibm370" said that 0x15d == 0535 was "ibm 370 pure executable". @@ -7,11 +7,11 @@ # What the heck *is* "USS/370"? # AIX 4.1's "/etc/magic" has # -# 0 short 0535 370 sysV executable +# 0 short 0535 370 sysV executable # >12 long >0 not stripped # >22 short >0 - version %d # >30 long >0 - 5.2 format -# 0 short 0530 370 sysV pure executable +# 0 short 0530 370 sysV pure executable # >12 long >0 not stripped # >22 short >0 - version %d # >30 long >0 - 5.2 format @@ -18,11 +18,11 @@ # # instead of the "USS/370" versions of the same magic numbers. # -0 beshort 0537 370 XA sysV executable +0 beshort 0537 370 XA sysV executable >12 belong >0 not stripped >22 beshort >0 - version %d >30 belong >0 - 5.2 format -0 beshort 0532 370 XA sysV pure executable +0 beshort 0532 370 XA sysV pure executable >12 belong >0 not stripped >22 beshort >0 - version %d >30 belong >0 - 5.2 format --- contrib/file/magic/Magdir/ibm6000.orig +++ contrib/file/magic/Magdir/ibm6000 @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: ibm6000,v 1.12 2013/09/16 15:12:42 christos Exp $ +# $File: ibm6000,v 1.13 2017/03/17 21:35:28 christos Exp $ # ibm6000: file(1) magic for RS/6000 and the RT PC. # 0 beshort 0x01df executable (RISC System/6000 V3.1) or obj module @@ -21,7 +21,7 @@ 0 beshort 0x01f7 64-bit XCOFF executable or object module >20 belong 0 not stripped # GRR: this test is still too general as it catches also many FATs of DOS filesystems -4 belong &0x0feeddb0 +4 belong &0x0feeddb0 # real core dump could not be 32-bit and 64-bit together >7 byte&0x03 !3 AIX core file >>1 byte &0x01 fulldump --- contrib/file/magic/Magdir/icc.orig +++ contrib/file/magic/Magdir/icc @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: icc,v 1.1 2013/01/08 01:43:18 christos Exp $ +# $File: icc,v 1.5 2017/08/13 00:21:47 christos Exp $ # icc: file(1) magic for International Color Consortium file formats # @@ -11,41 +11,204 @@ # http://www.color.org/specification/ICC1v43_2010-12.pdf # # for Specification ICC.1:2010 (Profile version 4.3.0.0). +# URL: http://fileformats.archiveteam.org/wiki/ICC_profile +# Reference: http://www.color.org/iccmax/ICC.2-2016-7.pdf +# Update: Joerg Jenderek # # Bytes 36 to 39 contain a generic profile file signature of "acsp"; # bytes 40 to 43 "may be used to identify the primary platform/operating # system framework for which the profile was created". # -# There are other fields that might be worth dumping as well. +# check and display ICC/ICM color profile +0 name color-profile +>36 string acsp +# skip ASCII like Cognacspirit.txt by month <= 12 +>>26 ubeshort <13 +# platform/operating system. Only 5 mentioned + # - # This appears to be what's used for Apple ColorSync profiles. # Instead of adding that, Apple just changed the generic "acsp" entry # to be for "ColorSync ICC Color Profile" rather than "Kodak Color # Management System, ICC Profile". # Yes, it's "APPL", not "AAPL"; see the spec. -36 string acspAPPL ColorSync ICC Profile -!:mime application/vnd.iccprofile +>>>40 string APPL ColorSync # Microsoft ICM color profile -36 string acspMSFT Microsoft ICM Color Profile -!:mime application/vnd.iccprofile +>>>40 string MSFT Microsoft # Yes, that's a blank after "SGI". -36 string acspSGI\ SGI ICC Profile -!:mime application/vnd.iccprofile +>>>40 string SGI\ SGI # XXX - is this what's used for the Sun KCMS or not? The standard file # uses just "acsp" for that, but Apple's file uses it for "ColorSync", # and there *is* an identified "primary platform" value of SUNW. -36 string acspSUNW Sun KCMS ICC Profile +>>>40 string SUNW Sun KCMS + +# 5th platform +>>>40 string TGNT Taligent + +# remaining "l" "e" of "color profile" printed later to avoid error +>>>40 string x color profi +#>>>40 string x (%.4s) !:mime application/vnd.iccprofile +# for "ICM" extension only versions 2.x and for Kodak "CC" 2.0 is found +>>>8 ubyte =2 +# do not use empty message text to a avoid error like +# icc, 82: Warning: Current entry does not yet have a description for adding a EXTENSION type +# file.exe: could not find any valid magic files! +>>>>9 ubyte !0 \ble +!:ext icc/icm +# minor version +>>>>9 ubyte =0 \bl +# Kodak colour management system +>>>>>4 string =KCMS \be +!:ext icc/icm/cc +>>>>>4 string !KCMS \be +!:ext icc/icm +>>>8 ubyte !2 \ble +!:ext icc +# Profile version major.4bit-minor.sub1.sub2 like 4.3.0.0 (04300000h) +>>>8 ubyte x %u +>>>9 ubyte/16 x \b.%u +# reserved and shall be null but 205.205 in umx1220u.icm +>>>10 ubyte >0 \b.%u +>>>>11 ubyte >0 \b.%u +# preferred colour management module like appl CCMS KCMS Lino UCCM "Win " "FF " +# skip space like in brmsl08f.icm and null like in brmsl09f.icm, brmsl07f.icm +>>>4 string >\ \b, type %.2s +>>>>6 string >\ \b%.1s +>>>>>7 string >\ \b%.1s +# colour space "XYZ " "Lab " "RGB " CMYK GRAY ... +>>>16 string x \b, %.3s +>>>19 string >\ \b%.1s +# Profile Connection Space (PCS) field usually "XYZ " or "Lab " but sometimes +# null or CMYK like in ISOcoated_v2_to_PSOcoated_v3_DeviceLink.icc +>>>20 string >\0 \b/%.3s +>>>>23 string >\ \b%.1s +# eleven device classes +>>>12 string x \b-%.4s device +# skip 00001964h in hpf69000.icc or 0h in XRDC50Q.ICM or " ROT" in brmsl05f.icm +>>>52 string >\040 +# skip "none" model like in "Trinitron Compatible 9300K G2.2.icm" +>>>>52 ubelong !0x6e6f6e65 +# device manufacturer field like "HP " "IBM " EPSO +>>>>>48 string x \b, %.2s +>>>>>50 string >\ \b%.1s +>>>>>51 string >\ \b%.1s +# model like "ADI " "A265" and skip 20000404h in IS330.icm for RICOH RUSSIAN-SC +>>>>>52 string >\ \ \b/%.3s +>>>>>>55 string >\ \b%.1s +>>>>>52 string x model +# creator (often same as manufacture) like HP SONY XROX or null like in A925A.icm +>>>80 string >\0 by %.2s +>>>>82 string >\ \b%.1s +>>>>>83 string >\ \b%.1s +# profile size +>>>0 ubelong x \b, %u bytes +# skip invalid date 0 like in linearSRGB.icc +>>>24 ubequad !0 +# datetime dd-mm-yyyy hh:mm:ss +>>>>28 ubeshort x \b, %u +# month <= 12 +>>>>26 ubeshort x \b-%u +# year +>>>>24 ubeshort x \b-%u +# do not display midnight time like in CNHP8308.ICC +>>>>30 ubequad&0xFFffFFffFFff0000 !0 +# hour <= 24 +>>>>>30 ubeshort x %u +# minutes <= 59 +>>>>>32 ubeshort x \b:%.2u +# seconds <= 59 +>>>>>34 ubeshort x \b:%.2u +# vendor specific flags like 2 in HPCLJ5.ICM +>>>44 ubeshort >0 \b, 0x%x vendor flags +# profile flags bits 0-2 of least 16 used by ICC +#>>>44 ubelong >0 \b, 0x%x flags +# icEmbeddedProfileTrue +>>>44 ubelong &1 \b, embedded +# icEmbeddedProfileFalse +#>>>44 ubelong ^1 \b, not embedded +# icUseWithEmbeddedDataOnly +>>>44 ubelong &2 \b, dependently +# icUseAnywhere +#>>>44 ubelong ^2 \b, independently +>>>44 ubelong &4 \b, MCS +#>>>44 ubelong ^4 \b, no MCS +# vendor specific device attributes 1~srgb.icc +# E000D00h~CNB7QEDA.ICM C000A00h~CNB5FCAA.ICM 01040401h~CNB25PE3.ICM +>>>56 ubelong >0 \b, 0x%x vendor attribute +# ICC device attributes bits 0-7 used +#>>>60 ubelong x \b, 0x%x attribute +# http://www.color.org/icc34.h +>>>60 ubelong &0x01 \b, transparent +#>>>60 ubelong ^0x01 \b, reflective +>>>60 ubelong &0x02 \b, matte +#>>>60 ubelong ^0x02 \b, glossy +>>>60 ubelong &0x04 \b, negative +#>>>60 ubelong ^0x04 \b, positive +>>>60 ubelong &0x08 \b, black&white +#>>>60 ubelong ^0x08 \b, colour +>>>60 ubelong &0x10 \b, non-paper +#>>>60 ubelong ^0x10 \b, paper +>>>60 ubelong &0x20 \b, non-textured +#>>>60 ubelong ^0x20 \b, textured +>>>60 ubelong &0x40 \b, non-isotropic +#>>>60 ubelong ^0x40 \b, isotropic +>>>60 ubelong &0x80 \b, self-luminous +#>>>60 ubelong ^0x80 \b, non-self-luminous +# rendering intent 0-3 but 7AEA5027h in EE051__1.ICM 6CB1BCh in EE061__1.ICM +>>>64 ubelong >3 \b, 0x%x rendering intent +#>>>64 ubelong =0 \b, perceptual +>>>64 ubelong =1 \b, relative colorimetric +>>>64 ubelong =2 \b, saturation +>>>64 ubelong =3 \b, absolute colorimetric +# PCS illuminant (3*s15Fixed16Numbers) often 0000f6d6 00010000 0000d32d +>>>71 ubequad !0xd6000100000000d3 \b, PCS +# usually X~0.9642*65536=63189.8112~63190=F6D5h ; but also found +# often F6D6 in gt5000r.icm, F6B8 in kodakce.icm, F6CA in RSWOP.icm +>>>>68 ubelong !0x0000f6d5 X=0x%x +# usually Y=1.0~00010000h but Y=0 in brmsl07f.icm +>>>>72 ubelong !0x00010000 Y=0x%x +# usually Z~0.8249*65536=54060.6464~54061=D32Dh ; but also found +# D2F7 in hp1200c.icm, often D32C in A925A.icm, D309 in RSWOP.icm , D2F8 in kodak_dc.icm +>>>>76 ubelong !0x0000d32d Z=0x%x +# Profile ID. MD5 fingerprinting method as defined in Internet RFC 1321. +>>>84 ubequad >0 \b, 0x%llx MD5 +# reserved in older versions should be zero but also found CDCDCDCDCDCDCDCD +#>>100 ubequad x \b 0x%llx reserved +# tag table +# 6 <= tags count <= 43 +#>>>128 ubelong >43 \b, %u tags +>>>128 ubelong x +# shall contain the profileDescriptionTag "desc" , copyrightTag "cprt" +# search range = tags count * 12 -8=< maximal tag count * 12 -8= 43 * 12 -8= 508 +>>>>132 search/508 cprt +# but no copyright tag in linearSRGB.icc +# beneath /System/Library/Frameworks/WebKit.framework/ +# Versions/A/Frameworks/WebCore.framework/Versions/A/Resources +>>>>132 default x \b, no copyright tag +# 1st tag +#>>>132 string x \b, 1st tag %.4s +#>>>136 ubelong x 0x%x offset +#>>>140 ubelong x 0x%x len +# 2nd tag,... +# look also for profileDescriptionTag "desc" +>>>132 search/508 desc +# look further for TextDescriptionType "desc" signature +>>>>(&0.L) string =desc +>>>>>&4 pstring/l x "%s" +# look alternative for multiLocalizedUnicodeType "mluc" signature like in VideoPAL.icc +>>>>(&0.L) string =mluc +>>>>>&(&8.L) ubequad x +>>>>>>&4 bestring16 x '%s' # Any other profile. # XXX - should we use "acsp\0\0\0\0" for "no primary platform" profiles, # and use "acsp" for everything else and dump the "primary platform" # string in those cases? -36 string acsp ICC Profile -!:mime application/vnd.iccprofile +36 string acsp +>0 use color-profile --- contrib/file/magic/Magdir/images.orig +++ contrib/file/magic/Magdir/images @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: images,v 1.107 2015/07/11 14:40:10 christos Exp $ +# $File: images,v 1.126 2017/06/11 22:25:44 christos Exp $ # images: file(1) magic for image formats (see also "iff", and "c-lang" for # XPM bitmaps) # @@ -12,26 +12,160 @@ # Targa - matches `povray', `ppmtotga' and `xv' outputs # by Philippe De Muyter +# URL: http://justsolve.archiveteam.org/wiki/TGA +# Reference: http://www.dca.fee.unicamp.br/~martino/disciplinas/ea978/tgaffs.pdf +# Update: Joerg Jenderek # at 2, byte ImgType must be 1, 2, 3, 9, 10 or 11 +# ,32 or 33 (both not observed) # at 1, byte CoMapType must be 1 if ImgType is 1 or 9, 0 otherwise +# or theoretically 2-128 reserved for use by Truevision or 128-255 may be used for developer applications # at 3, leshort Index is 0 for povray, ppmtotga and xv outputs # `xv' recognizes only a subset of the following (RGB with pixelsize = 24) # `tgatoppm' recognizes a superset (Index may be anything) -1 belong&0xfff7ffff 0x01010000 Targa image data - Map -!:strength + 2 ->2 byte&8 8 - RLE ->12 leshort >0 %d x ->14 leshort >0 %d -1 belong&0xfff7ffff 0x00020000 Targa image data - RGB -!:strength + 2 ->2 byte&8 8 - RLE ->12 leshort >0 %d x ->14 leshort >0 %d -1 belong&0xfff7ffff 0x00030000 Targa image data - Mono -!:strength + 2 ->2 byte&8 8 - RLE ->12 leshort >0 %d x ->14 leshort >0 %d +# +# test of Color Map Type 0~no 1~color map +# and Image Type 1 2 3 9 10 11 32 33 +# and Color Map Entry Size 0 15 16 24 32 +0 ubequad&0x00FeC400000000C0 0 +# skip more garbage by looking for positive image type +>2 ubyte >0 +# skip some compiled terminfo by looking for image type less equal 33 +>>2 ubyte <34 +# skip arches.3200 , Finder.Root , Slp.1 by looking for low pixel sizes 15 16 24 32 +>>>16 ubyte <33 +# skip more by looking for pixel size 0Fh 10h 18h 20h +>>>>16 ubyte&0xC0 0x00 +# Color Map +>>>>>1 belong&0xfff7ffff 0x01010000 +>>>>>>0 use tga-image +>>>>>1 belong&0xfff7ffff 0x00020000 +>>>>>>0 use tga-image +>>>>>1 belong&0xfff7ffff 0x00030000 +>>>>>>0 use tga-image +>>>>>1 default x +# skip 260-16.ico by looking for no color map +>>>>>>1 ubyte 0 +# implies no first map entry +>>>>>>>3 uleshort 0 +>>>>>>>>0 use tga-image +# display tga bitmap image information +0 name tga-image +>2 ubyte <34 Targa image data +!:mime image/x-tga +!:apple ????TPIC +# normal extension .tga but some Truevision products used others: +# tpic (Apple),icb (Image Capture Board),vda (Video Display Adapter),vst (NuVista),win (UNSURE about that) +!:ext tga/tpic/icb/vda/vst +# image type 1 2 3 9 10 11 32 33 +>2 ubyte&0xF7 1 - Map +>2 ubyte&0xF7 2 - RGB +# alpha channel +>>17 ubyte&0x0F >0 \bA +>2 ubyte&0xF7 3 - Mono +# type not found, but by http://www.fileformat.info/format/tga/corion.htm +# Compressed color-mapped data, using Huffman, Delta, and runlength encoding +>2 ubyte 32 - Color +# Compressed color-mapped data, using Huffman, Delta, and RLE. 4-pass quadtree- type process +>2 ubyte 33 - Color +# Color Map Type 0~no 1~color map +>1 ubyte 1 ( +# first color map entry, 0 normal +>>3 uleshort >0 \b%d- +# color map length 0 2 1dh 3bh d9h 100h +>>5 uleshort x \b%d) +# 8~run length encoding bit +>2 ubyte&0x08 8 - RLE +# gimp can create big pictures! +>12 uleshort >0 %d x +>12 uleshort =0 65536 x +# image height. 0 interpreted as 65536 +>14 uleshort >0 %d +>14 uleshort =0 65536 +# Image Pixel Size 15 16 24 32 +>16 ubyte x x %d +# X origin of image. 0 normal +>8 uleshort >0 +%d +# Y origin of image. 0 normal; positive for top +>10 uleshort >0 +%d +# Image descriptor: bits 3-0 give the alpha channel depth, bits 5-4 give direction +>17 ubyte&0x0F >0 - %d-bit alpha +# bits 5-4 give direction. normal bottom left +>17 ubyte &0x20 - top +#>17 ubyte ^0x20 - bottom +>17 ubyte &0x10 - right +#>17 ubyte ^0x10 - left +# some info say other bits 6-7 should be zero +# but data storage interleave by http://www.fileformat.info/format/tga/corion.htm +# 00 - no interleave;01 - even/odd interleave; 10 - four way interleave; 11 - reserved +#>17 ubyte&0xC0 0x00 - no interleave +>17 ubyte&0xC0 0x40 - interleave +>17 ubyte&0xC0 0x80 - four way interleave +>17 ubyte&0xC0 0xC0 - reserved +# positive length implies identification field +>0 ubyte >0 +>>18 string x "%s" +# last 18 bytes of newer tga file footer signature +>18 search/4261301/s TRUEVISION-XFILE.\0 +# extension area offset if not 0 +>>&-8 ulelong >0 +# length of the extension area. normal 495 for version 2.0 +>>>(&-4.l) uleshort 0x01EF +# AuthorName[41] +>>>>&0 string >\0 - author "%-.40s" +# Comment[324]=4 * 80 null terminated +>>>>&41 string >\0 - comment "%-.80s" +# date +>>>>&365 ubequad&0xffffFFFFffff0000 !0 +# Day +>>>>>&-6 uleshort x %d +# Month +>>>>>&-8 uleshort x \b-%d +# Year +>>>>>&-4 uleshort x \b-%d +# time +>>>>&371 ubequad&0xffffFFFFffff0000 !0 +# hour +>>>>>&-8 uleshort x %d +# minutes +>>>>>&-6 uleshort x \b:%.2d +# second +>>>>>&-4 uleshort x \b:%.2d +# JobName[41] +>>>>&377 string >\0 - job "%-.40s" +# JobHour Jobminute Jobsecond +>>>>&418 ubequad&0xffffFFFFffff0000 !0 +>>>>>&-8 uleshort x %d +>>>>>&-6 uleshort x \b:%.2d +>>>>>&-4 uleshort x \b:%.2d +# SoftwareId[41] +>>>>&424 string >\0 - %-.40s +# SoftwareVersionNumber +>>>>&424 ubyte >0 +>>>>>&40 uleshort/100 x %d +>>>>>&40 uleshort%100 x \b.%d +# VersionLetter +>>>>>&42 ubyte >0x20 \b%c +# KeyColor +>>>>&468 ulelong >0 - keycolor 0x%8.8x +# Denominator of Pixel ratio. 0~no pixel aspect +>>>>&474 uleshort >0 +# Numerator +>>>>>&-4 uleshort >0 - aspect %d +>>>>>&-2 uleshort x \b/%d +# Denominator of Gamma ratio. 0~no Gamma value +>>>>&478 uleshort >0 +# Numerator +>>>>>&-4 uleshort >0 - gamma %d +>>>>>&-2 uleshort x \b/%d +# ColorOffset +#>>>>&480 ulelong x - col offset 0x%8.8x +# StampOffset +#>>>>&484 ulelong x - stamp offset 0x%8.8x +# ScanOffset +#>>>>&488 ulelong x - scan offset 0x%8.8x +# AttributesType +#>>>>&492 ubyte x - Attributes 0x%x +## EndOfTGA # PBMPLUS images # The next byte following the magic is always whitespace. @@ -41,39 +175,45 @@ >>&0 regex =[0-9]{1,50} \b, size = %s x >>>&0 regex =[0-9]{1,50} \b %s -0 search/1 P1 ->0 use netpbm ->>0 string x \b, bitmap +0 search/1 P1 +>0 regex/4 P1[\040\t\f\r\n] +>>0 use netpbm +>>>0 string x \b, bitmap !:strength + 45 !:mime image/x-portable-bitmap -0 search/1 P2 ->0 use netpbm ->>0 string x \b, greymap +0 search/1 P2 +>0 regex/4 P2[\040\t\f\r\n] +>>0 use netpbm +>>>0 string x \b, greymap !:strength + 45 !:mime image/x-portable-greymap 0 search/1 P3 ->0 use netpbm ->>0 string x \b, pixmap +>0 regex/4 P3[\040\t\f\r\n] +>>0 use netpbm +>>>0 string x \b, pixmap !:strength + 45 !:mime image/x-portable-pixmap -0 string P4 ->0 use netpbm ->>0 string x \b, rawbits, bitmap +0 string P4 +>0 regex/4 P4[\040\t\f\r\n] +>>0 use netpbm +>>>0 string x \b, rawbits, bitmap !:strength + 45 !:mime image/x-portable-bitmap -0 string P5 ->0 use netpbm ->>0 string x \b, rawbits, greymap +0 string P5 +>0 regex/4 P5[\040\t\f\r\n] +>>0 use netpbm +>>>0 string x \b, rawbits, greymap !:strength + 45 !:mime image/x-portable-greymap -0 string P6 ->0 use netpbm ->>0 string x \b, rawbits, pixmap +0 string P6 +>0 regex/4 P6[\040\t\f\r\n] +>>0 use netpbm +>>>0 string x \b, rawbits, pixmap !:strength + 45 !:mime image/x-portable-pixmap @@ -168,7 +308,7 @@ >>>8 leshort 0x8765 \bJBIG >>>8 leshort 0x8798 \bJPEG2000 >>>8 leshort 0x8799 \bNikon NEF Compressed ->>>8 default x +>>>8 default x >>>>8 leshort x \b(unknown 0x%x) >>>12 use tiff_entry >0 leshort 0x106 \b, PhotometricIntepretation= @@ -279,22 +419,36 @@ # (Greg Roelofs, newt@uchicago.edu) # (Albert Cahalan, acahalan@cs.uml.edu) # -# 137 P N G \r \n ^Z \n [4-byte length] H E A D [HEAD data] [HEAD crc] ... +# 137 P N G \r \n ^Z \n [4-byte length] I H D R [HEAD data] [HEAD crc] ... # -0 string \x89PNG\x0d\x0a\x1a\x0a PNG image data + +# IHDR parser +0 name png-ihdr +>0 belong x \b, %d x +>4 belong x %d, +>8 byte x %d-bit +>9 byte 0 grayscale, +>9 byte 2 \b/color RGB, +>9 byte 3 colormap, +>9 byte 4 gray+alpha, +>9 byte 6 \b/color RGBA, +#>10 byte 0 deflate/32K, +>12 byte 0 non-interlaced +>12 byte 1 interlaced + +# Standard PNG image. +0 string \x89PNG\x0d\x0a\x1a\x0a\x00\x00\x00\x0DIHDR PNG image data !:mime image/png ->16 belong x \b, %d x ->20 belong x %d, ->24 byte x %d-bit ->25 byte 0 grayscale, ->25 byte 2 \b/color RGB, ->25 byte 3 colormap, ->25 byte 4 gray+alpha, ->25 byte 6 \b/color RGBA, -#>26 byte 0 deflate/32K, ->28 byte 0 non-interlaced ->28 byte 1 interlaced +!:strength +10 +>16 use png-ihdr +# Apple CgBI PNG image. +0 string \x89PNG\x0d\x0a\x1a\x0a\x00\x00\x00\x04CgBI +>24 string \x00\x00\x00\x0DIHDR PNG image data (CgBI) +!:mime image/png +!:strength +10 +>>32 use png-ihdr + # possible GIF replacements; none yet released! # (Greg Roelofs, newt@uchicago.edu) # @@ -303,13 +457,13 @@ !:mime image/x-unknown # # GRR 950115: this is Jeremy Wohl's Free Graphics Format (better): -# +# 0 string FGF95a FGF image (GIF+deflate beta) !:mime image/x-unknown # # GRR 950115: this is Thomas Boutell's Portable Bitmap Format proposal # (best; not yet implemented): -# +# 0 string PBF PBF image (deflate compression) !:mime image/x-unknown @@ -393,19 +547,19 @@ # http://www.blackfiveservices.co.uk/awbmtools.shtml # http://biosgfx.narod.ru/v3/ # http://biosgfx.narod.ru/abr-2/ -0 string AWBM +0 string AWBM >4 leshort <1981 Award BIOS bitmap !:mime image/x-award-bmp # image width is a multiple of 4 ->>4 leshort&0x0003 0 +>>4 leshort&0x0003 0 >>>4 leshort x \b, %d >>>6 leshort x x %d >>4 leshort&0x0003 >0 \b, ->>>4 leshort&0x0003 =1 +>>>4 leshort&0x0003 =1 >>>>4 leshort x %d+3 ->>>4 leshort&0x0003 =2 +>>>4 leshort&0x0003 =2 >>>>4 leshort x %d+2 ->>>4 leshort&0x0003 =3 +>>>4 leshort&0x0003 =3 >>>>4 leshort x %d+1 >>>6 leshort x x %d # at offset 8 starts imagedata followed by "RGB " marker @@ -545,8 +699,12 @@ 0 beshort 0x1010 PEX Binary Archive # DICOM medical imaging data +# URL: https://en.wikipedia.org/wiki/DICOM#Data_format +# Note: "dcm" is the official file name extension +# XnView mention also "dc3" and "acr" as file name extension 128 string DICM DICOM medical imaging data !:mime application/dicom +!:ext dcm/dicom/dic # XWD - X Window Dump file. # As described in /usr/X11R6/include/X11/XWDFile.h @@ -625,11 +783,11 @@ # http://web.archive.org/web/20100206055706/http://www.qzx.com/pc-gpe/pcx.txt # GRR: original test was still too general as it catches xbase examples T5.DBT,T6.DBT with 0xa000000 # test for bytes 0x0a,version byte (0,2,3,4,5),compression byte flag(0,1), bit depth (>0) of PCX or T5.DBT,T6.DBT -0 ubelong&0xffF8fe00 0x0a000000 -# for PCX bit depth > 0 ->3 ubyte >0 +0 ubelong&0xffF8fe00 0x0a000000 +# for PCX bit depth > 0 +>3 ubyte >0 # test for valid versions ->>1 ubyte <6 +>>1 ubyte <6 >>>1 ubyte !1 PCX !:mime image/x-pcx #!:mime image/pcx @@ -686,30 +844,67 @@ # GEM Image: Version 1, Headerlen 8 (Wolfram Kleff) # Format variations from: Bernd Nuernberger +# Update: Joerg Jenderek # See http://fileformats.archiveteam.org/wiki/GEM_Raster # For variations, also see: -# http://www.seasip.info/Gem/ff_img.html (Ventura) +# http://www.seasip.info/Gem/ff_img.html (Ventura) # http://www.atari-wiki.com/?title=IMG_file (XIMG, STTT) # http://www.fileformat.info/format/gemraster/spec/index.htm (XIMG, STTT) # http://sylvana.net/1stguide/1STGUIDE.ENG (TIMG) 0 beshort 0x0001 ->2 beshort 0x0008 GEM Image data +# header_size +>2 beshort 0x0008 >>0 use gem_info ->2 beshort 0x0009 GEM Image data (Ventura) +>2 beshort 0x0009 >>0 use gem_info -16 string XIMG\0 GEM XIMG Image data +# no example for NOSIG +>2 beshort 24 +>>0 use gem_info +# no example for HYPERPAINT +>2 beshort 25 +>>0 use gem_info +16 string XIMG\0 >0 use gem_info -16 string STTT\0\x10 GEM STTT Image data +# no example +16 string STTT\0\x10 >0 use gem_info -16 string TIMG\0 GEM TIMG Image data +# no example or description +16 string TIMG\0 >0 use gem_info 0 name gem_info ->12 beshort x %d x ->14 beshort x %d, ->4 beshort x %d planes, ->8 beshort x %d x ->10 beshort x %d pixelsize +# version is 2 for some XIMG and 1 for all others +>0 beshort <0x0003 GEM +# http://www.snowstone.org.uk/riscos/mimeman/mimemap.txt +!:mime image/x-gem +# header_size 24 25 27 59 779 words for colored bitmaps +>>2 beshort >9 +>>>16 string STTT\0\x10 STTT +>>>16 string TIMG\0 TIMG +# HYPERPAINT or NOSIG variant +>>>16 string \0\x80 +>>>>2 beshort =24 NOSIG +>>>>2 beshort !24 HYPERPAINT +# NOSIG or XIMG variant +>>>16 default x +>>>>16 string !XIMG\0 NOSIG +>>16 string =XIMG\0 XIMG Image data +!:ext img/ximg +# to avoid Warning: Current entry does not yet have a description for adding a EXTENSION type +>>16 string !XIMG\0 Image data +!:ext img +# header_size is 9 for Ventura files and 8 for other GEM Paint files +>>2 beshort 9 (Ventura) +#>>2 beshort 8 (Paint) +>>12 beshort x %d x +>>14 beshort x %d, +# 1 4 8 +>>4 beshort x %d planes, +# in tenths of a millimetre +>>8 beshort x %d x +>>10 beshort x %d pixelsize +# pattern_size 1-8. 2 for GEM Paint +>>6 beshort !2 \b, pattern size %d # GEM Metafile (Wolfram Kleff) 0 lelong 0x0018FFFF GEM Metafile data @@ -998,7 +1193,22 @@ !:mime image/x-polar-monitor-bitmap # From: Rick Richardson +# updated by: Joerg Jenderek +# URL: http://techmods.net/nuvi/ 0 string GARMIN\ BITMAP\ 01 Garmin Bitmap file +# extension is also used for +# Sony SRF raw image (image/x-sony-srf) +# SRF map +# Terragen Surface Map (http://www.planetside.co.uk/terragen) +# FileLocator Pro search criteria file (http://www.mythicsoft.com/filelocatorpro) +!:ext srf +#!:mime image/x-garmin-srf +# version 1.00,2.00,2.10,2.40,2.50 +>0x2f string >0 \b, version %4.4s +# width (2880,2881,3240) +>0x55 uleshort >0 \b, %dx +# height (80,90) +>>0x53 uleshort x \b%d # Type: Ulead Photo Explorer5 (.pe5) # URL: http://www.jisyo.com/cgibin/view.cgi?EXT=pe5 (Japanese) @@ -1120,3 +1330,152 @@ # 0 string \x42\x50\x47\xFB BPG (Better Portable Graphics) !:mime image/bpg + +# From: Joerg Jenderek +# URL: https://en.wikipedia.org/wiki/Apple_Icon_Image_format +0 string icns Mac OS X icon +!:mime image/x-icns +!:apple ????icns +!:ext icns +>4 ubelong >0 +# file size +>>4 ubelong x \b, %d bytes +# icon type +>>8 string x \b, "%4.4s" type + +# TIM images +0 lelong 0x00000010 TIM image, +>4 lelong 0x8 4-Bit, +>4 lelong 0x9 8-Bit, +>4 lelong 0x2 15-Bit, +>4 lelong 0x3 24-Bit, +>4 lelong &8 +>>(8.l+12) leshort x Pixel at (%d, +>>(8.l+14) leshort x \b%d) +>>(8.l+16) leshort x Size=%dx +>>(8.l+18) leshort x \b%d, +>>4 lelong 0x8 16 CLUT Entries at +>>4 lelong 0x9 256 CLUT Entries at +>>12 leshort x (%d, +>>14 leshort x \b%d) +>4 lelong ^8 +>>12 leshort x Pixel at (%d, +>>14 leshort x \b%d) +>>16 leshort x Size=%dx +>>18 leshort x \b%d + +# MDEC streams +0 lelong 0x80010160 MDEC video stream, +>16 leshort x %dx +>18 leshort x \b%d +#>8 lelong x %d frames +#>4 leshort x secCount=%d; +#>6 leshort x nSectors=%d; +#>12 lelong x frameSize=%d; + +# BS encoded bitstreams +2 leshort 0x3800 BS image, +>6 leshort x Version %d, +>4 leshort x Quantization %d, +>0 leshort x (Decompresses to %d words) + +# Type: farbfeld image. +# Url: http://tools.suckless.org/farbfeld/ +# From: Ian D. Scott +# +0 string farbfeld farbfeld image data, +>8 ubelong x %dx +>12 ubelong x \b%d + +# Type: Sega PVR image. +# From: David Korth +# References: +# - http://fabiensanglard.net/Mykaruga/tools/segaPVRFormat.txt +# - https://github.com/yazgoo/pvrx2png +# - https://github.com/nickworonekin/puyotools + +# Sega PVR header. +0 name sega-pvr-image-header +>0x0C leshort x %d x +>0x0E leshort x %d +# Image format. +>0x08 byte 0 \b, ARGB1555 +>0x08 byte 1 \b, RGB565 +>0x08 byte 2 \b, ARGB4444 +>0x08 byte 3 \b, YUV442 +>0x08 byte 4 \b, Bump +>0x08 byte 5 \b, 4bpp +>0x08 byte 6 \b, 8bpp +# Image data type. +>0x09 byte 0x01 \b, square twiddled +>0x09 byte 0x02 \b, square twiddled & mipmap +>0x09 byte 0x03 \b, VQ +>0x09 byte 0x04 \b, VQ & mipmap +>0x09 byte 0x05 \b, 8-bit CLUT twiddled +>0x09 byte 0x06 \b, 4-bit CLUT twiddled +>0x09 byte 0x07 \b, 8-bit direct twiddled +>0x09 byte 0x08 \b, 4-bit direct twiddled +>0x09 byte 0x09 \b, rectangle +>0x09 byte 0x0B \b, rectangular stride +>0x09 byte 0x0D \b, rectangular twiddled +>0x09 byte 0x10 \b, small VQ +>0x09 byte 0x11 \b, small VQ & mipmap +>0x09 byte 0x12 \b, square twiddled & mipmap + +# Sega PVR (Xbox) image header. +# Contains an embedded DirectDraw surface instead of PVR data. +0 name sega-pvr-xbox-dds-header +>16 lelong x %d x +>12 lelong x %d, +>84 string x %.4s + +# Sega PVR image. +0 string PVRT +>0x10 string DDS\040\174\000\000\000 Sega PVR (Xbox) image: +>>0x20 use sega-pvr-xbox-dds-header +>0x10 belong !0x44445320 Sega PVR image: +>>0 use sega-pvr-image-header + +# Sega PVR image with GBIX. +0 string GBIX +>0x10 string PVRT +>>0x10 string DDS\040\174\000\000\000 Sega PVR (Xbox) image: +>>>0x20 use sega-pvr-xbox-dds-header +>>0x10 belong !0x44445320 Sega PVR image: +>>>0x10 use sega-pvr-image-header +>>0x08 lelong x \b, global index = %u + +# Sega GVR header. +0 name sega-gvr-image-header +>0x0C beshort x %d x +>0x0E beshort x %d +# Image data format. +>0x0B byte 0 \b, I4 +>0x0B byte 1 \b, I8 +>0x0B byte 2 \b, IA4 +>0x0B byte 3 \b, IA8 +>0x0B byte 4 \b, RGB565 +>0x0B byte 5 \b, RGB5A3 +>0x0B byte 6 \b, ARGB8888 +>0x0B byte 8 \b, CI4 +>0x0B byte 9 \b, CI8 +>0x0B byte 14 \b, DXT1 + +# Sega GVR image. +0 string GVRT Sega GVR image: +>0x10 use sega-gvr-image-header + +# Sega GVR image with GBIX. +0 string GBIX +>0x10 string GVRT Sega GVR image: +>>0x10 use sega-gvr-image-header +>>0x08 belong x \b, global index = %u + +# Light Field Picture +# Documentation: http://optics.miloush.net/lytro/TheFileFormat.aspx +# Typical file extensions: .lfp .lfr .lfx + +0 belong 0x894C4650 +>4 belong 0x0D0A1A0A +>12 belong 0x00000000 Lytro Light Field Picture +>8 belong x \b, version %d --- contrib/file/magic/Magdir/intel.orig +++ contrib/file/magic/Magdir/intel @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: intel,v 1.12 2014/04/30 21:41:02 christos Exp $ +# $File: intel,v 1.15 2017/03/17 21:35:28 christos Exp $ # intel: file(1) magic for x86 Unix # # Various flavors of x86 UNIX executable/object (other than Xenix, which @@ -30,15 +30,27 @@ 0 leshort =0522 iAPX 286 executable large model (COFF) >12 lelong >0 not stripped #>22 leshort >0 - version %d +# updated by Joerg Jenderek at Oct 2015 +# https://de.wikipedia.org/wiki/Common_Object_File_Format +# http://www.delorie.com/djgpp/doc/coff/filhdr.html +# ./msdos (version 5.25) labeled the next entry as "MS Windows COFF Intel 80386 object file" +# ./intel (version 5.25) label labeled the next entry as "80386 COFF executable" # SGI labeled the next entry as "iAPX 386 executable" --Dan Quinlan -0 leshort =0514 80386 COFF executable ->12 lelong >0 not stripped ->22 leshort >0 - version %d +0 leshort =0514 +# use subroutine to display name+flags+variables for common object formated files +>0 use display-coff +#>12 lelong >0 not stripped +# no hint found, that at offset 22 is version +#>22 leshort >0 - version %d # rom: file(1) magic for BIOS ROM Extensions found in intel machines # mapped into memory between 0xC0000 and 0xFFFFF # From Gurkan Sengun , www.linuks.mine.nu +# updated by Joerg Jenderek +# https://en.wikipedia.org/wiki/Option_ROM 0 beshort 0x55AA BIOS (ia32) ROM Ext. +!:mime application/octet-stream +!:ext rom/bin >5 string USB USB >7 string LDR UNDI image >30 string IBM IBM comp. Video --- contrib/file/magic/Magdir/isz.orig +++ contrib/file/magic/Magdir/isz @@ -1,7 +1,7 @@ #------------------------------------------------------------------------------ -# $File: isz,v 1.3 2014/04/30 21:41:02 christos Exp $ -# ISO Zipped file format +# $File: isz,v 1.4 2017/03/17 21:35:28 christos Exp $ +# ISO Zipped file format # http://www.ezbsystems.com/isz/iszspec.txt 0 string IsZ! ISO Zipped file >4 byte x \b, header size %u --- contrib/file/magic/Magdir/java.orig +++ contrib/file/magic/Magdir/java @@ -1,6 +1,6 @@ #------------------------------------------------------------ -# $File: java,v 1.16 2013/09/24 20:22:03 christos Exp $ +# $File: java,v 1.18 2015/11/29 22:08:14 christos Exp $ # Java ByteCode and Mach-O binaries (e.g., Mac OS X) use the # same magic number, 0xcafebabe, so they are both handled # in the entry called "cafebabe". @@ -16,5 +16,12 @@ !:mime application/x-java-jce-keystore # Java source -0 regex ^import.*;$ Java source +0 regex \^import.*;$ Java source !:mime text/x-java + +# Java HPROF dumps +# https://java.net/downloads/heap-snapshot/hprof-binary-format.html +0 string JAVA\x20PROFILE\x201.0. +>0x12 short 0 +>>0x11 ushort-0x31 <2 Java HPROF dump, +>>0x17 beqdate/1000 x created %s --- contrib/file/magic/Magdir/jpeg.orig +++ contrib/file/magic/Magdir/jpeg @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: jpeg,v 1.29 2015/04/10 15:36:02 christos Exp $ +# $File: jpeg,v 1.31 2017/03/17 21:35:28 christos Exp $ # JPEG images # SunOS 5.5.1 had # @@ -53,7 +53,7 @@ >>5 beshort x \b%d >>9 byte x \b, frames %d ->0 beshort 0xFFC1 +>0 beshort 0xFFC1 >>(2.S+2) use jpeg_segment >>4 byte x \b, extended sequential, precision %d >>7 beshort x \b, %dx @@ -60,7 +60,7 @@ >>5 beshort x \b%d >>9 byte x \b, frames %d ->0 beshort 0xFFC2 +>0 beshort 0xFFC2 >>(2.S+2) use jpeg_segment >>4 byte x \b, progressive, precision %d >>7 beshort x \b, %dx @@ -71,11 +71,11 @@ >0 beshort 0xFFC4 >>(2.S+2) use jpeg_segment ->0 beshort 0xFFE1 +>0 beshort 0xFFE1 # Recursion handled by FFE0 #>>(2.S+2) use jpeg_segment >>4 string Exif \b, Exif Standard: [ ->>>10 indirect/r x +>>>10 indirect/r x >>>10 string x \b] # Application specific markers @@ -117,3 +117,10 @@ # From: Mathieu Malaterre 0 belong 0xff4fff51 JPEG 2000 codestream 45 beshort 0xff52 + +# JPEG extended range +0 string \x49\x49\xbc +>3 byte 1 +>>4 lelong%2 0 JPEG-XR +!:mime image/jxr +!:ext jxr --- contrib/file/magic/Magdir/kerberos.orig +++ contrib/file/magic/Magdir/kerberos @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: kerberos,v 1.1 2014/12/10 18:45:43 christos Exp $ +# $File: kerberos,v 1.2 2017/03/17 21:35:28 christos Exp $ # kerberos: MIT kerberos file binary formats # @@ -38,7 +38,7 @@ >>>>>&0 bedate x \b, date=%s >>>>>>&0 byte x \b, kvno=%u #>>>>>>>&0 pstring/H x -#>>>>>>>>&0 belong x +#>>>>>>>>&0 belong x #>>>>>>>>>>&0 use keytab_entry 0 belong 0x05020000 Kerberos Keytab file --- contrib/file/magic/Magdir/kml.orig +++ contrib/file/magic/Magdir/kml @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: kml,v 1.3 2010/11/25 15:00:12 christos Exp $ +# $File: kml,v 1.4 2017/03/17 21:35:28 christos Exp $ # Type: Google KML, formerly Keyhole Markup Language # Future development of this format has been handed # over to the Open Geospatial Consortium. @@ -7,7 +7,7 @@ # http://www.opengeospatial.org/standards/kml/ # From: Asbjoern Sloth Toennesen 0 string/t \20 search/400 \ xmlns= +>20 search/400 \ xmlns= >>&0 regex ['"]http://earth.google.com/kml Google KML document !:mime application/vnd.google-earth.kml+xml >>>&1 string 2.0' \b, version 2.0 @@ -25,7 +25,7 @@ >>>&1 string/t 2.2 \b, version 2.2 #------------------------------------------------------------------------------ -# Type: Google KML Archive (ZIP based) +# Type: Google KML Archive (ZIP based) # http://code.google.com/apis/kml/documentation/kml_tut.html # From: Asbjoern Sloth Toennesen 0 string PK\003\004 --- contrib/file/magic/Magdir/linux.orig +++ contrib/file/magic/Magdir/linux @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: linux,v 1.63 2015/08/24 05:16:11 christos Exp $ +# $File: linux,v 1.64 2017/03/17 21:35:28 christos Exp $ # linux: file(1) magic for Linux files # # Values for Linux/i386 binaries, from Daniel Quinlan @@ -199,7 +199,7 @@ ############################################################################ # Linux 8086 executable 0 lelong&0xFF0000FF 0xC30000E9 Linux-Dev86 executable, headerless ->5 string . +>5 string . >>4 string >\0 \b, libc version %s 0 lelong&0xFF00FFFF 0x4000301 Linux-8086 executable @@ -213,7 +213,7 @@ >2 byte&0x40 !0 \b, A_PURE >2 byte&0x80 !0 \b, A_TOVLY >28 long !0 \b, not stripped ->37 string . +>37 string . >>36 string >\0 \b, libc version %s # 0 lelong&0xFF00FFFF 0x10000301 ld86 I80386 executable @@ -241,7 +241,7 @@ >24 lelong x %d symbols >28 lelong x %d ocons -# Linux Logical Volume Manager (LVM) +# Linux Logical Volume Manager (LVM) # Emmanuel VARAGNAT # # System ID, UUID and volume group name are 128 bytes long @@ -301,7 +301,7 @@ >>&0x20 lequad x \b, size: %lld 0x618 string LVM2\ 001 LVM2 PV (Linux Logical Volume Manager) ->&(&-12.l-0x21) byte x +>&(&-12.l-0x21) byte x # display UUID in LVM format + display all 32 bytes (instead of max string length: 31) >>&0x0 string >\x2f \b, UUID: %.6s >>&0x6 string >\x2f \b-%.4s @@ -340,7 +340,7 @@ # Summary: Xen saved domain file # Created by: Radek Vokal 0 string LinuxGuestRecord Xen saved domain ->20 search/256 (name +>20 search/256 (name >>&1 string x (name %s) # Type: Xen, the virtual machine monitor @@ -397,7 +397,7 @@ >>0x1046 ubeshort x \b%04x # Linux device tree: -# File format description can be found in the Linux kernel sources at +# File format description can be found in the Linux kernel sources at # Documentation/devicetree/booting-without-of.txt # From Christoph Biedl 0 belong 0xd00dfeed --- contrib/file/magic/Magdir/lisp.orig +++ contrib/file/magic/Magdir/lisp @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: lisp,v 1.23 2009/09/19 16:28:10 christos Exp $ +# $File: lisp,v 1.25 2017/03/17 21:35:28 christos Exp $ # lisp: file(1) magic for lisp programs # # various lisp types, from Daniel Quinlan (quinlan@yggdrasil.com) @@ -7,7 +7,7 @@ # updated by Joerg Jenderek # GRR: This lot is too weak -#0 string ;; +#0 string ;; # windows INF files often begin with semicolon and use CRLF as line end # lisp files are mainly created on unix system with LF as line end #>2 search/4096 !\r Lisp/Scheme program text @@ -26,16 +26,39 @@ 0 search/4096 (custom-set-variables\ Lisp/Scheme program text !:mime text/x-lisp +# URL: https://en.wikipedia.org/wiki/Emacs_Lisp +# Reference: http://ftp.gnu.org/old-gnu/emacs/elisp-manual-18-1.03.tar.gz +# Update: Joerg Jenderek # Emacs 18 - this is always correct, but not very magical. -0 string \012( Emacs v18 byte-compiled Lisp data +0 string \012( +# look for emacs lisp keywords +# GRR: split regex because it is too long or get error like +# lisp, 36: Warning: cannot get string from `^(defun|defvar|defconst|defmacro|setq|fset|put|provide|require|' +>&0 regex \^(defun|defvar|defconst|defmacro|setq|fset) Emacs v18 byte-compiled Lisp data !:mime application/x-elc +# https://searchcode.com/codesearch/view/2173420/ +# not really pure text +!:apple EMAxTEXT +!:ext elc +# remaining regex +>&0 regex \^(put|provide|require|random) Emacs v18 byte-compiled Lisp data +!:mime application/x-elc +!:apple EMAxTEXT +!:ext elc +# missed cl.elc dbx.elc simple.elc look like normal lisp starting with ;;; + # Emacs 19+ - ver. recognition added by Ian Springer # Also applies to XEmacs 19+ .elc files; could tell them apart with regexs # - Chris Chittleborough -0 string ;ELC ->4 byte >18 ->4 byte <32 Emacs/XEmacs v%d byte-compiled Lisp data -!:mime application/x-elc +# Update: Joerg Jenderek +0 string ;ELC +# version\0\0\0 +>4 byte >18 Emacs/XEmacs v%d byte-compiled Lisp data +# why less than 32 ? does not make sense to me. GNU Emacs version is 24.5 at April 2015 +#>4 byte <32 Emacs/XEmacs v%d byte-compiled Lisp data +!:mime application/x-elc +!:apple EMAxTEXT +!:ext elc # Files produced by CLISP Common Lisp From: Bruno Haible 0 string (SYSTEM::VERSION\040' CLISP byte-compiled Lisp program (pre 2004-03-27) @@ -44,7 +67,7 @@ 0 long 0x70768BD2 CLISP memory image data 0 long 0xD28B7670 CLISP memory image data, other endian -#.com and .bin for MIT scheme +#.com and .bin for MIT scheme 0 string \372\372\372\372 MIT scheme (library?) # From: David Allouche --- contrib/file/magic/Magdir/m4.orig +++ contrib/file/magic/Magdir/m4 @@ -1,6 +1,9 @@ #------------------------------------------------------------------------------ -# $File: m4,v 1.1 2011/12/08 12:12:46 rrt Exp $ +# $File: m4,v 1.2 2017/08/14 07:40:38 christos Exp $ # make: file(1) magic for M4 scripts # 0 regex \^dnl\ M4 macro processor script text !:mime text/x-m4 +0 regex \^AC_DEFUN\\(\\[ M4 macro processor script text +!:strength + 15 +!:mime text/x-m4 --- contrib/file/magic/Magdir/mach.orig +++ contrib/file/magic/Magdir/mach @@ -1,6 +1,6 @@ #------------------------------------------------------------ -# $File: mach,v 1.20 2015/05/21 18:28:41 christos Exp $ +# $File: mach,v 1.23 2015/10/15 21:51:22 christos Exp $ # Mach has two magic numbers, 0xcafebabe and 0xfeedface. # Unfortunately the first, cafebabe, is shared with # Java ByteCode, so they are both handled in the file "cafebabe". @@ -106,15 +106,19 @@ >>>4 belong&0x00ffffff 2 subarchitecture=%d >>>4 belong&0x00ffffff 3 subarchitecture=%d >>>4 belong&0x00ffffff 4 subarchitecture=%d ->>>4 belong&0x00ffffff 5 \b_v4t ->>>4 belong&0x00ffffff 6 \b_v6 ->>>4 belong&0x00ffffff 7 \b_v5tej ->>>4 belong&0x00ffffff 8 \b_xscale ->>>4 belong&0x00ffffff 9 \b_v7 ->>>4 belong&0x00ffffff 10 \b_v7f ->>>4 belong&0x00ffffff 11 subarchitecture=%d ->>>4 belong&0x00ffffff 12 \b_v7k ->>>4 belong&0x00ffffff >12 subarchitecture=%d +>>>4 belong&0x00ffffff 5 \bv4t +>>>4 belong&0x00ffffff 6 \bv6 +>>>4 belong&0x00ffffff 7 \bv5tej +>>>4 belong&0x00ffffff 8 \bxscale +>>>4 belong&0x00ffffff 9 \bv7 +>>>4 belong&0x00ffffff 10 \bv7f +>>>4 belong&0x00ffffff 11 \bv7s +>>>4 belong&0x00ffffff 12 \bv7k +>>>4 belong&0x00ffffff 13 \bv8 +>>>4 belong&0x00ffffff 14 \bv6m +>>>4 belong&0x00ffffff 15 \bv7m +>>>4 belong&0x00ffffff 16 \bv7em +>>>4 belong&0x00ffffff >16 subarchitecture=%d # 13 m88k >>0 belong&0x00ffffff 13 >>>4 belong&0x00ffffff 0 mc88000 @@ -158,12 +162,15 @@ >>>4 belong&0x00ffffff 2 subarchitecture=%d >>>4 belong&0x00ffffff 3 >>>4 belong&0x00ffffff 4 \b_arch1 +>>>4 belong&0x00ffffff 8 \b_haswell >>>4 belong&0x00ffffff >4 subarchitecture=%d >>0 belong&0x00ffffff 8 64-bit architecture=%d >>0 belong&0x00ffffff 9 64-bit architecture=%d >>0 belong&0x00ffffff 10 64-bit architecture=%d >>0 belong&0x00ffffff 11 64-bit architecture=%d ->>0 belong&0x00ffffff 12 64-bit architecture=%d +>>0 belong&0x00ffffff 12 arm64 +>>>4 belong&0x00ffffff 0 +>>>4 belong&0x00ffffff 1 \bv8 >>0 belong&0x00ffffff 13 64-bit architecture=%d >>0 belong&0x00ffffff 14 64-bit architecture=%d >>0 belong&0x00ffffff 15 64-bit architecture=%d @@ -203,6 +210,34 @@ >12 belong 11 kext bundle >12 belong >11 >>12 belong x filetype=%d +>24 belong >0 \b, flags:< +>>24 belong &0x0000001 \bNOUNDEFS +>>24 belong &0x0000002 \b|INCRLINK +>>24 belong &0x0000004 \b|DYLDLINK +>>24 belong &0x0000008 \b|BINDATLOAD +>>24 belong &0x0000010 \b|PREBOUND +>>24 belong &0x0000020 \b|SPLIT_SEGS +>>24 belong &0x0000040 \b|LAZY_INIT +>>24 belong &0x0000080 \b|TWOLEVEL +>>24 belong &0x0000100 \b|FORCE_FLAT +>>24 belong &0x0000200 \b|NOMULTIDEFS +>>24 belong &0x0000400 \b|NOFIXPREBINDING +>>24 belong &0x0000800 \b|PREBINDABLE +>>24 belong &0x0001000 \b|ALLMODSBOUND +>>24 belong &0x0002000 \b|SUBSECTIONS_VIA_SYMBOLS +>>24 belong &0x0004000 \b|CANONICAL +>>24 belong &0x0008000 \b|WEAK_DEFINES +>>24 belong &0x0010000 \b|BINDS_TO_WEAK +>>24 belong &0x0020000 \b|ALLOW_STACK_EXECUTION +>>24 belong &0x0040000 \b|ROOT_SAFE +>>24 belong &0x0080000 \b|SETUID_SAFE +>>24 belong &0x0100000 \b|NO_REEXPORTED_DYLIBS +>>24 belong &0x0200000 \b|PIE +>>24 belong &0x0400000 \b|DEAD_STRIPPABLE_DYLIB +>>24 belong &0x0800000 \b|HAS_TLV_DESCRIPTORS +>>24 belong &0x1000000 \b|NO_HEAP_EXECUTION +>>24 belong &0x2000000 \b|APP_EXTENSION_SAFE +>>24 belong x \b> # 0 lelong&0xfffffffe 0xfeedface Mach-O --- contrib/file/magic/Magdir/macintosh.orig +++ contrib/file/magic/Magdir/macintosh @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: macintosh,v 1.25 2014/09/03 13:34:16 christos Exp $ +# $File: macintosh,v 1.27 2017/03/17 21:35:28 christos Exp $ # macintosh description # # BinHex is the Macintosh ASCII-encoded file format (see also "apple") @@ -109,9 +109,9 @@ # the assumption that 65-72 will all be ASCII (0x20-0x7F), that 73 will # have bits 1 (changed), 2 (busy), 3 (bozo), and 6 (invisible) unset, # and that 74 will be 0. So something like -# +# # 71 belong&0x80804EFF 0x00000000 Macintosh MacBinary data -# +# # >73 byte&0x01 0x01 \b, inited # >73 byte&0x02 0x02 \b, changed # >73 byte&0x04 0x04 \b, busy @@ -254,7 +254,7 @@ >0x9C string INDEX data file index >0x9C string VIEW data view -# spss magic for SPSS system and portable files, +# spss magic for SPSS system and portable files, # from Bruce Foster (bef@nwu.edu). 0 long 0xc1e2c3c9 SPSS Portable File @@ -273,7 +273,7 @@ # entries depend on the data arithmetic added after v.35 # There's also some Pascal strings in here, ditto... -# The boot block signature, according to IM:Files, is +# The boot block signature, according to IM:Files, is # "for HFS volumes, this field always contains the value 0x4C4B." # But if this is true for MFS or HFS+ volumes, I don't know. # Alternatively, the boot block is supposed to be zeroed if it's @@ -291,17 +291,20 @@ # *.hfs updated by Joerg Jenderek # http://en.wikipedia.org/wiki/Hierarchical_File_System # "BD" gives many false positives -0x400 beshort 0x4244 +0x400 beshort 0x4244 # ftp://ftp.mars.org/pub/hfs/hfsutils-3.2.6.tar.gz/hfsutils-3.2.6/libhfs/apple.h # first block of volume bit map (always 3) ->0x40e ubeshort 0x0003 +>0x40e ubeshort 0x0003 # maximal length of volume name is 27 >>0x424 ubyte <28 Macintosh HFS data -#!:mime application/octet-stream -# these mime and apple types are not sure !:mime application/x-apple-diskimage #!:apple hfsdINIT #!:apple MACSdisk +# http://www.macdisk.com/macsigen.php +#!:apple ddskdevi +!:apple ????devi +# https://en.wikipedia.org/wiki/Apple_Disk_Image +!:ext hfs/dmg >>>0 beshort 0x4C4B (bootable) #>>>0 beshort 0x0000 (not bootable) >>>0x40a beshort &0x8000 (locked) @@ -348,15 +351,15 @@ #>0x230 string x first type: %s, #>0x210 string x name: %s, #>0x254 belong x number of blocks: %d, -#>0x400 beshort 0x504D +#>0x400 beshort 0x504D #>>0x430 string x second type: %s, #>>0x410 string x name: %s, #>>0x454 belong x number of blocks: %d, -#>>0x800 beshort 0x504D +#>>0x800 beshort 0x504D #>>>0x830 string x third type: %s, #>>>0x810 string x name: %s, #>>>0x854 belong x number of blocks: %d, -#>>>0xa00 beshort 0x504D +#>>>0xa00 beshort 0x504D #>>>>0xa30 string x fourth type: %s, #>>>>0xa10 string x name: %s, #>>>>0xa54 belong x number of blocks: %d --- contrib/file/magic/Magdir/make.orig +++ contrib/file/magic/Magdir/make @@ -1,7 +1,8 @@ #------------------------------------------------------------------------------ -# $File: make,v 1.2 2015/08/25 07:34:06 christos Exp $ +# $File: make,v 1.3 2016/12/10 14:21:29 christos Exp $ # make: file(1) magic for makefiles # +# URL: https://en.wikipedia.org/wiki/Make_(software) 0 regex/100l \^CFLAGS makefile script text !:mime text/x-makefile 0 regex/100l \^VPATH makefile script text @@ -10,12 +11,19 @@ !:mime text/x-makefile 0 regex/100l \^all: makefile script text !:mime text/x-makefile -0 regex/100l \^\.PRECIOUS makefile script text +0 regex/100l \^\\.PRECIOUS makefile script text !:mime text/x-makefile -0 regex/100l \^\.BEGIN BSD makefile script text +# Update: Joerg Jenderek +# Reference: https://www.freebsd.org/cgi/man.cgi?make(1) +# exclude grub-core\lib\libgcrypt\mpi\Makefile.am with "#BEGIN_ASM_LIST" +# by additional escaping point character +0 regex/100l \^\\.BEGIN BSD makefile script text with "%s" !:mime text/x-makefile -0 regex/100l \^\.include BSD makefile script text +!:ext /mk +# exclude MS Windows help file CoNtenT with ":include FOOBAR.CNT" +# and NSIS script with "!include" by additional escaping point character +0 regex/100l \^\\.include BSD makefile script text with "%s" !:mime text/x-makefile - +!:ext /mk 0 regex/100l \^SUBDIRS automake makefile script text !:mime text/x-makefile --- contrib/file/magic/Magdir/maple.orig +++ contrib/file/magic/Magdir/maple @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: maple,v 1.7 2013/01/11 16:45:23 christos Exp $ +# $File: maple,v 1.8 2017/03/17 21:35:28 christos Exp $ # maple: file(1) magic for maple files # "H. Nanosecond" # Maple V release 4, a multi-purpose math program @@ -13,7 +13,7 @@ # no magic for these :-( # they are compiled indexes for maple files -# .hdb +# .hdb 0 string \000\004\000\000 Maple help database # .mhp @@ -40,7 +40,7 @@ # from byte 4 it is either 'nul E' or 'soh R' # I think 'nul E' means a file that was saved as a different name # a sort of revision marking -# 'soh R' means new +# 'soh R' means new >4 string \000\105 An old revision >4 string \001\122 The latest save --- contrib/file/magic/Magdir/marc21.orig +++ contrib/file/magic/Magdir/marc21 @@ -2,7 +2,7 @@ # marc21: file(1) magic for MARC 21 Format # # Kevin Ford (kefo@loc.gov) -# +# # MARC21 formats are for the representation and communication # of bibliographic and related information in machine-readable # form. For more info, see http://www.loc.gov/marc/ @@ -9,20 +9,22 @@ # leader position 20-21 must be 45 -20 string 45 +# and 22-23 also 00 so far, but we check that later. +20 string 45 +>0 search/2048 \x1e # leader starts with 5 digits, followed by codes specific to MARC format ->0 regex/1l (^[0-9]{5})[acdnp][^bhlnqsu-z] MARC21 Bibliographic +>>0 regex/1l (^[0-9]{5})[acdnp][^bhlnqsu-z] MARC21 Bibliographic !:mime application/marc ->0 regex/1l (^[0-9]{5})[acdnosx][z] MARC21 Authority +>>0 regex/1l (^[0-9]{5})[acdnosx][z] MARC21 Authority !:mime application/marc ->0 regex/1l (^[0-9]{5})[cdn][uvxy] MARC21 Holdings +>>0 regex/1l (^[0-9]{5})[cdn][uvxy] MARC21 Holdings !:mime application/marc -0 regex/1l (^[0-9]{5})[acdn][w] MARC21 Classification +>>0 regex/1l (^[0-9]{5})[acdn][w] MARC21 Classification !:mime application/marc ->0 regex/1l (^[0-9]{5})[cdn][q] MARC21 Community +>>0 regex/1l (^[0-9]{5})[cdn][q] MARC21 Community !:mime application/marc # leader position 22-23, should be "00" but is it? ->0 regex/1l (^.{21})([^0]{2}) (non-conforming) +>>0 regex/1l (^.{21})([^0]{2}) (non-conforming) !:mime application/marc --- contrib/file/magic/Magdir/mathematica.orig +++ contrib/file/magic/Magdir/mathematica @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: mathematica,v 1.8 2015/04/09 20:01:40 christos Exp $ +# $File: mathematica,v 1.9 2017/03/17 21:35:28 christos Exp $ # mathematica: file(1) magic for mathematica files # "H. Nanosecond" # Mathematica a multi-purpose math program @@ -49,7 +49,7 @@ #0 string (*This\ is\ a\ Mathematica\ binary\ dump\ file.\ It\ can\ be\ loaded\ with\ Get.*) Mathematica binary file 0 string (*This\ is\ a\ Mathematica\ binary\ Mathematica binary file -#>71 string \000\010\010\010\010\000\000\000\000\000\000\010\100\010\000\000\000 +#>71 string \000\010\010\010\010\000\000\000\000\000\000\010\100\010\000\000\000 # >71... is optional >88 string >\0 from %s @@ -59,7 +59,7 @@ 0 string MMAPBF\000\001\000\000\000\203\000\001\000 Mathematica PBF (fonts I think) # .ml files These are menu resources I think -# these start with "[0-9][0-9][0-9]\ A~[0-9][0-9][0-9]\ +# these start with "[0-9][0-9][0-9]\ A~[0-9][0-9][0-9]\ # how to put that into a magic rule? 4 string \ A~ MAthematica .ml file --- contrib/file/magic/Magdir/metastore.orig +++ contrib/file/magic/Magdir/metastore @@ -1,8 +1,8 @@ #------------------------------------------------------------------------------ -# $File: metastore,v 1.1 2011/04/06 12:37:44 christos Exp $ +# $File: metastore,v 1.2 2017/03/17 21:35:28 christos Exp $ # metastore: file(1) magic for metastore files # From: Thomas Wissen # see http://david.hardeman.nu/software.php#metastore -0 string MeTaSt00r3 Metastore data file, +0 string MeTaSt00r3 Metastore data file, >10 bequad x version %0llx --- contrib/file/magic/Magdir/meteorological.orig +++ contrib/file/magic/Magdir/meteorological @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: meteorological,v 1.1 2014/08/04 06:26:16 christos Exp $ +# $File: meteorological,v 1.2 2017/03/17 21:35:28 christos Exp $ # rinex: file(1) magic for RINEX files # http://igscb.jpl.nasa.gov/igscb/data/format/rinex210.txt # ftp://cddis.gsfc.nasa.gov/pub/reports/formats/rinex300.pdf @@ -34,7 +34,7 @@ >>&32 string x \b, date %15.15s >>5 string x \b, version %6.6s !:mime rinex/meteorological ->80 search/256 XXRINEXN RINEX Data, Navigation +>80 search/256 XXRINEXN RINEX Data, Navigation >>&32 string x \b, date %15.15s >>5 string x \b, version %6.6s !:mime rinex/navigation --- contrib/file/magic/Magdir/microfocus.orig +++ contrib/file/magic/Magdir/microfocus @@ -0,0 +1,21 @@ + +#------------------------------------------------------------------------------ +# $File: microfocus,v 1.2 2017/03/17 21:35:28 christos Exp $ +# Micro Focus COBOL data files. + +# http://documentation.microfocus.com/help/index.jsp?topic=\ +# %2FGUID-0E0191D8-C39A-44D1-BA4C-D67107BAF784%2FHRFLRHFILE05.html +# http://www.cobolproducts.com/datafile/data-viewer.html +# https://github.com/miracle2k/mfcobol-export + +0 string \x30\x00\x00\x7C +>36 string \x00\x3E Micro Focus File with Header (DAT) +!:mime application/octet-stream + +0 string \x30\x7E\x00\x00 +>36 string \x00\x3E Micro Focus File with Header (DAT) +!:mime application/octet-stream + +39 string \x02 +>136 string \x02\x02\x04\x04 Micro Focus Index File (IDX) +!:mime application/octet-stream --- contrib/file/magic/Magdir/mime.orig +++ contrib/file/magic/Magdir/mime @@ -1,9 +1,9 @@ #------------------------------------------------------------------------------ -# $File: mime,v 1.6 2010/11/25 15:00:12 christos Exp $ +# $File: mime,v 1.8 2017/03/17 22:20:22 christos Exp $ # mime: file(1) magic for MIME encoded files # -0 string/t Content-Type:\ +0 string/t Content-Type:\040 >14 string >\0 %s 0 string/t Content-Type: >13 string >\0 %s --- contrib/file/magic/Magdir/misctools.orig +++ contrib/file/magic/Magdir/misctools @@ -1,6 +1,6 @@ #----------------------------------------------------------------------------- -# $File: misctools,v 1.15 2015/04/15 18:29:30 christos Exp $ +# $File: misctools,v 1.17 2017/03/17 21:35:28 christos Exp $ # misctools: file(1) magic for miscellaneous UNIX tools. # 0 search/1 %%!! X-Post-It-Note text @@ -14,7 +14,7 @@ #!:mime text/x-vcard !:mime text/vcard # VERSION must come right after BEGIN for 3.0 or 4.0 except in 2.1 , where it can be anywhere ->12 search/14000/c VERSION: +>12 search/14000/c VERSION: # VERSION 2.1 , 3.0 or 4.0 >>&0 string x \b, version %-.3s @@ -29,7 +29,35 @@ 0 search/80 .lo\ -\ a\ libtool\ object\ file libtool object file # From: Daniel Novotny -0 string MDMP\x93\xA7 MDMP crash report data +# Update: Joerg Jenderek +# URL: https://en.wikipedia.org/wiki/Core_dump#User-mode_memory_dumps +# Reference: https://msdn.microsoft.com/en-us/library/ms680378%28VS.85%29.aspx +# +# "Windows Minidump" by TrID +# ./misctools (version 5.25) labeled the entry as "MDMP crash report data" +0 string MDMP Mini DuMP crash report +# http://filext.com/file-extension/DMP +!:mime application/x-dmp +!:ext dmp/mdmp +# The high-order word is an internal value that is implementation specific. +# The low-order word is MINIDUMP_VERSION 0xA793 +>4 ulelong&0x0000FFFF !0xA793 \b, version 0x%4.4x +# NumberOfStreams 8,9,10,13 +>8 ulelong x \b, %d streams +# StreamDirectoryRva 0x20 +>12 ulelong !0x20 \b, 0x%8.8x RVA +# CheckSum 0 +>16 ulelong !0 \b, CheckSum 0x%8.8x +# Reserved or TimeDateStamp +>20 ledate x \b, %s +# https://msdn.microsoft.com/en-us/library/windows/desktop/ms680519%28v=vs.85%29.aspx +# Flags MINIDUMP_TYPE enumeration type 0 0x121 0x800 +>24 ulelong x \b, 0x%x type +# >24 ulelong >0 \b; include +# >>24 ulelong &0x00000001 \b data sections, +# >>24 ulelong &0x00000020 \b list of unloaded modules, +# >>24 ulelong &0x00000100 \b process and thread information, +# >>24 ulelong &0x00000800 \b memory information, # Summary: abook addressbook file # Submitted by: Mark Schreiber --- contrib/file/magic/Magdir/modem.orig +++ contrib/file/magic/Magdir/modem @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: modem,v 1.6 2015/02/14 17:35:47 christos Exp $ +# $File: modem,v 1.8 2017/03/17 21:35:28 christos Exp $ # modem: file(1) magic for modem programs # # From: Florian La Roche @@ -8,8 +8,48 @@ >29 byte 1 \b, fine resolution >29 byte 0 \b, normal resolution -0 short 0x0100 raw G3 data, byte-padded -0 short 0x1400 raw G3 data +# Summary: CCITT Group 3 Facsimile in "raw" form (i.e. no header). +# Modified by: Joerg Jenderek +# URL: https://de.wikipedia.org/wiki/Fax +# Reference: http://web.archive.org/web/20020628195336/http://www.netnam.vn/unescocourse/computervision/104.htm +# GRR: EOL of G3 is too general as it catches also TrueType fonts, Postscript PrinterFontMetric, others +0 short 0x0100 +# 16 0-bits near beginning like True Type fonts *.ttf, Postscript PrinterFontMetric *.pfm, FTYPE.HYPERCARD, XFER +>2 search/9 \0\0 +# maximal 7 0-bits for pixel sequences or 11 0-bits for EOL in G3 +>2 default x +# skip IRCAM file (VAX big-endian) ./audio +>>0 belong !0x0001a364 +# skip GEM Image data ./images +>>>2 beshort !0x0008 +# look for first keyword of Panorama database *.pan +>>>>11 search/262 \x06DESIGN +# skip Panorama database +>>>>11 default x +# old Apple DreamWorld DreamGrafix *.3200 with keyword at end of g3 looking files +>>>>>27118 search/1864 DreamWorld +>>>>>27118 default x +# skip MouseTrap/Mt.Defaults with file size 16 found on Golden Orchard Apple II CD Rom +>>>>>>8 ubequad !0x2e01010454010203 +# skip PICTUREH.SML found on Golden Orchard Apple II CD Rom +>>>>>>>8 ubequad !0x5dee74ad1aa56394 raw G3 (Group 3) FAX, byte-padded +# version 5.25 labeled the entry above "raw G3 data, byte-padded" +!:mime image/g3fax +#!:apple ????TIFF +!:ext g3 +# unusual image starting with black pixel +#0 short 0x1300 raw G3 (Group 3) FAX +0 short 0x1400 +# 16 0-bits near beginning like PicturePuzzler found on Golden Orchard Apple CD Rom +>2 search/9 \0\0 +# maximal 7 0-bits for pixel sequences or 11 0-bits for EOL in G3 +>2 default x raw G3 (Group 3) FAX +# version 5.25 labeled the above entry as "raw G3 data" +!:mime image/g3fax +!:ext g3 +# unusual image with black pixel near beginning +#0 short 0x1900 raw G3 (Group 3) FAX + # # Magic data for vgetty voice formats # (Martin Seine & Marc Eberhard) --- contrib/file/magic/Magdir/mozilla.orig +++ contrib/file/magic/Magdir/mozilla @@ -1,7 +1,7 @@ #------------------------------------------------------------------------------ -# $File: mozilla,v 1.6 2015/01/25 16:20:46 christos Exp $ -# mozilla: file(1) magic for Mozilla XUL fastload files +# $File: mozilla,v 1.7 2017/03/17 21:35:28 christos Exp $ +# mozilla: file(1) magic for Mozilla XUL fastload files # (XUL.mfasl and XPC.mfasl) # URL: http://www.mozilla.org/ # From: Josh Triplett --- contrib/file/magic/Magdir/msdos.orig +++ contrib/file/magic/Magdir/msdos @@ -1,12 +1,12 @@ #------------------------------------------------------------------------------ -# $File: msdos,v 1.101 2015/08/24 05:08:48 christos Exp $ +# $File: msdos,v 1.120 2017/08/13 00:21:47 christos Exp $ # msdos: file(1) magic for MS-DOS files # # .BAT files (Daniel Quinlan, quinlan@yggdrasil.com) # updated by Joerg Jenderek at Oct 2008,Apr 2011 -0 string/t @ +0 string/t @ >1 string/cW \ echo\ off DOS batch file text !:mime text/x-msdos-batch >1 string/cW echo\ off DOS batch file text @@ -24,7 +24,11 @@ 100 search/0xffff say >100 regex/c =^[\ \t]{0,10}say\ ['"] OS/2 REXX batch file text -0 leshort 0x14c MS Windows COFF Intel 80386 object file +# updated by Joerg Jenderek at Oct 2015 +# https://de.wikipedia.org/wiki/Common_Object_File_Format +# http://www.delorie.com/djgpp/doc/coff/filhdr.html +# ./intel already labeled COFF type 0x14c=0514 as "80386 COFF executable" +#0 leshort 0x14c MS Windows COFF Intel 80386 object file #>4 ledate x stamp %s 0 leshort 0x166 MS Windows COFF MIPS R4000 object file #>4 ledate x stamp %s @@ -226,7 +230,7 @@ >>(8.s*16) string go32stub for MS-DOS, DJGPP go32 DOS extender >>(8.s*16) string emx >>>&1 string x for DOS, Win or OS/2, emx %s ->>&(&0x42.l-3) byte x +>>&(&0x42.l-3) byte x >>>&0x26 string UPX \b, UPX compressed # and yet another guess: small .text, and after large .data is unusal, could be 32lite >>&0x2c search/0xa0 .text @@ -236,8 +240,8 @@ >(8.s*16) string $WdX \b, WDos/X DOS extender # By now an executable type should have been printed out. The executable -# may be a self-uncompressing archive, so look for evidence of that and -# print it out. +# may be a self-uncompressing archive, so look for evidence of that and +# print it out. # # Some signatures below from Greg Roelofs, newt@uchicago.edu. # @@ -279,8 +283,8 @@ # Skip to the end of the EXE. This will usually work fine in the PE case # because the MZ image is hardcoded into the toolchain and almost certainly # won't match any of these signatures. ->(4.s*512) long x ->>&(2.s-517) byte x +>(4.s*512) long x +>>&(2.s-517) byte x >>>&0 string PK\3\4 \b, ZIP self-extracting archive >>>&0 string Rar! \b, RAR self-extracting archive >>>&0 string =!\x11 \b, AIN 2.x self-extracting archive @@ -308,80 +312,77 @@ # only version=0x100 found >3 uleshort x \b, version 0x%x # length of string containing author,info and special characters ->6 ubyte >0 +>6 ubyte >0 #>>6 pstring x \b, name=%s >>7 string >\0 \b, author=%-.14s >>7 search/254 \xff \b, info= #>>>&0 string x \b%-s >>>&0 string x \b%-.15s -# for FreeDOS *.KL files +# for FreeDOS *.KL files 0 string/b KLF FreeDOS KEYBoard Layout file # only version=0x100 or 0x101 found >3 uleshort x \b, version 0x%x # stringlength ->5 ubyte >0 +>5 ubyte >0 >>8 string x \b, name=%-.2s -0 string \xffKEYB\ \ \ \0\0\0\0 +0 string \xffKEYB\ \ \ \0\0\0\0 >12 string \0\0\0\0`\004\360 MS-DOS KEYBoard Layout file -# .COM formats (Daniel Quinlan, quinlan@yggdrasil.com) -# Uncommenting only the first two lines will cover about 2/3 of COM files, -# but it isn't feasible to match all COM files since there must be at least -# two dozen different one-byte "magics". -# test too generic ? -0 byte 0xe9 DOS executable (COM) ->0x1FE leshort 0xAA55 \b, boot code ->6 string SFX\ of\ LHarc (%s) - -# DOS device driver updated by Joerg Jenderek at May 2011 -# http://maben.homeip.net/static/S100/IBM/software/DOS/DOS%20techref/CHAPTER.009 -0 ulequad&0x07a0ffffffff 0xffffffff DOS executable ( ->40 search/7 UPX! \bUPX compressed +# DOS device driver updated by Joerg Jenderek at May 2011,Mar 2017 +# https://amaus.net/static/S100/IBM/software/DOS/DOS%20techref/CHAPTER.009 +0 ulequad&0x07a0ffffffff 0xffffffff +>0 use msdos-driver +0 name msdos-driver DOS executable ( +#!:mime application/octet-stream +!:mime application/x-dosdriver +# also found FreeDOS print driver SPOOL.DEV and disc compression driver STACLOAD.BIN +!:ext sys/dev/bin +>40 search/7 UPX! \bUPX compressed # DOS device driver attributes >4 uleshort&0x8000 0x0000 \bblock device driver # character device >4 uleshort&0x8000 0x8000 \b ->>4 uleshort&0x0008 0x0008 \bclock +>>4 uleshort&0x0008 0x0008 \bclock # fast video output by int 29h ->>4 uleshort&0x0010 0x0010 \bfast +>>4 uleshort&0x0010 0x0010 \bfast # standard input/output device ->>4 uleshort&0x0003 >0 \bstandard +>>4 uleshort&0x0003 >0 \bstandard >>>4 uleshort&0x0001 0x0001 \binput >>>4 uleshort&0x0003 0x0003 \b/ ->>>4 uleshort&0x0002 0x0002 \boutput +>>>4 uleshort&0x0002 0x0002 \boutput >>4 uleshort&0x8000 0x8000 \bcharacter device driver ->0 ubyte x +>0 ubyte x # upx compressed device driver has garbage instead of real in name field of header ->>40 search/7 UPX! ->>40 default x +>>40 search/7 UPX! +>>40 default x # leading/trailing nulls, zeros or non ASCII characters in 8-byte name field at offset 10 are skipped ->>>12 ubyte >0x27 \b ->>>>10 ubyte >0x20 ->>>>>10 ubyte !0x2E +>>>12 ubyte >0x2E \b +>>>>10 ubyte >0x20 +>>>>>10 ubyte !0x2E >>>>>>10 ubyte !0x2A \b%c ->>>>11 ubyte >0x20 +>>>>11 ubyte >0x20 >>>>>11 ubyte !0x2E \b%c ->>>>12 ubyte >0x20 ->>>>>12 ubyte !0x39 +>>>>12 ubyte >0x20 +>>>>>12 ubyte !0x39 >>>>>>12 ubyte !0x2E \b%c ->>>13 ubyte >0x20 +>>>13 ubyte >0x20 >>>>13 ubyte !0x2E \b%c ->>>>14 ubyte >0x20 +>>>>14 ubyte >0x20 >>>>>14 ubyte !0x2E \b%c ->>>>15 ubyte >0x20 +>>>>15 ubyte >0x20 >>>>>15 ubyte !0x2E \b%c ->>>>16 ubyte >0x20 ->>>>>16 ubyte !0x2E +>>>>16 ubyte >0x20 +>>>>>16 ubyte !0x2E >>>>>>16 ubyte <0xCB \b%c ->>>>17 ubyte >0x20 ->>>>>17 ubyte !0x2E +>>>>17 ubyte >0x20 +>>>>>17 ubyte !0x2E >>>>>>17 ubyte <0x90 \b%c # some character device drivers like ASPICD.SYS, btcdrom.sys and Cr_atapi.sys contain only spaces or points in name field ->>>4 uleshort&0x8000 0x8000 ->>>>12 ubyte <0x2F +>>>12 ubyte <0x2F # they have their real name at offset 22 ->>>>>22 string >\0 \b%-.5s ->4 uleshort&0x8000 0x0000 +# also block device drivers like DUMBDRV.SYS +>>>>22 string >\056 %-.6s +>4 uleshort&0x8000 0x0000 # 32 bit sector addressing ( > 32 MB) for block devices >>4 uleshort&0x0002 0x0002 \b,32-bit sector- # support by driver functions 13h, 17h, 18h @@ -389,54 +390,129 @@ # open, close, removable media support by driver functions 0Dh, 0Eh, 0Fh >4 uleshort&0x0800 0x0800 \b,close media- # output until busy support by int 10h for character device driver ->4 uleshort&0x8000 0x8000 +>4 uleshort&0x8000 0x8000 >>4 uleshort&0x2000 0x2000 \b,until busy- # direct read/write support by driver functions 03h,0Ch >4 uleshort&0x4000 0x4000 \b,control strings- ->4 uleshort&0x8000 0x8000 +>4 uleshort&0x8000 0x8000 >>4 uleshort&0x6840 >0 \bsupport ->4 uleshort&0x8000 0x0000 +>4 uleshort&0x8000 0x0000 >>4 uleshort&0x4842 >0 \bsupport >0 ubyte x \b) -# DOS driver cmd640x.sys has 0x12 instead of 0xffffffff for pointer field to next device header -# Too weak, matches files that only contain 0's -#0 ulequad&0x000007a0ffffffed 0x0000000000000000 DOS-executable ( -#>4 uleshort&0x8000 0x8000 \bcharacter device driver -#>>10 string x %-.8s -#>4 uleshort&0x4000 0x4000 \b,control strings-support) +# DOS driver cmd640x.sys has 0x12 instead of 0xffffffff for pointer field to next device header +0 ulequad 0x0513c00000000012 +>0 use msdos-driver +# DOS drivers DC2975.SYS, DUMBDRV.SYS, ECHO.SYS has also none 0xffffffff for pointer field +0 ulequad 0x32f28000ffff0016 +>0 use msdos-driver +0 ulequad 0x007f00000000ffff +>0 use msdos-driver +0 ulequad 0x001600000000ffff +>0 use msdos-driver +# DOS drivers LS120.SYS, MKELS120.SYS use reserved bits of attribute field +0 ulequad 0x0bf708c2ffffffff +>0 use msdos-driver +0 ulequad 0x07bd08c2ffffffff +>0 use msdos-driver -# test too generic ? -0 byte 0x8c DOS executable (COM) +# updated by Joerg Jenderek +# GRR: line below too general as it catches also +# rt.lib DYADISKS.PIC and many more +# start with assembler instruction MOV +0 ubyte 0x8c +# skip "AppleWorks word processor data" like ARTICLE.1 ./apple +>4 string !O==== +# skip some unknown basic binaries like RocketRnger.SHR +>>5 string !MAIN +# skip "GPG symmetrically encrypted data" ./gnu +# skip "PGP symmetric key encrypted data" ./pgp +# openpgpdefs.h: fourth byte < 14 indicate cipher algorithm type +>>>4 ubyte >13 DOS executable (COM, 0x8C-variant) +# the remaining files should be DOS *.COM executables +# dosshell.COM 8cc0 2ea35f07 e85211 e88a11 b80058 cd +# hmload.COM 8cc8 8ec0 bbc02b 89dc 83c30f c1eb04 b4 +# UNDELETE.COM 8cca 2e8916 6503 b430 cd21 8b 2e0200 8b +# BOOTFIX.COM 8cca 2e8916 9603 b430 cd21 8b 2e0200 8b +# RAWRITE3.COM 8cca 2e8916 d602 b430 cd21 8b 2e0200 8b +# SHARE.COM 8cca 2e8916 d602 b430 cd21 8b 2e0200 8b +# validchr.COM 8cca 2e8916 9603 b430 cd21 8b 2e028b1e +# devload.COM 8cca 8916ad01 b430 cd21 8b2e0200 892e +!:mime application/x-dosexec +!:ext com + # updated by Joerg Jenderek at Oct 2008 0 ulelong 0xffff10eb DR-DOS executable (COM) # byte 0xeb conflicts with "sequent" magic leshort 0xn2eb -0 ubeshort&0xeb8d >0xeb00 +0 ubeshort&0xeb8d >0xeb00 # DR-DOS STACKER.COM SCREATE.SYS missed ->0 byte 0xeb ->>0x1FE leshort 0xAA55 DOS executable (COM), boot code ->>85 string UPX DOS executable (COM), UPX compressed ->>4 string \ $ARX DOS executable (COM), ARX self-extracting archive ->>4 string \ $LHarc DOS executable (COM), LHarc self-extracting archive ->>0x20e string SFX\ by\ LARC DOS executable (COM), LARC self-extracting archive -# updated by Joerg Jenderek at Oct 2008 -#0 byte 0xb8 COM executable -0 uleshort&0x80ff 0x00b8 + +0 name msdos-com +>0 byte x DOS executable (COM) +>6 string SFX\ of\ LHarc \b, %s +>0x1FE leshort 0xAA55 \b, boot code +>85 string UPX \b, UPX compressed +>4 string \ $ARX \b, ARX self-extracting archive +>4 string \ $LHarc \b, LHarc self-extracting archive +>0x20e string SFX\ by\ LARC \b, LARC self-extracting archive + +# JMP 8bit +0 byte 0xeb +# allow forward jumps only +>1 byte >-1 +# that offset must be accessible +>>(1.b+2) byte x +>>>0 use msdos-com + +# JMP 16bit +0 byte 0xe9 +# forward jumps +>1 short >-1 +# that offset must be accessible +>>(1.s+3) byte x +>>>0 use msdos-com +# negative offset, must not lead into PSP +>1 short <-259 +# that offset must be accessible +>>(1,s+65539) byte x +>>>0 use msdos-com + +# updated by Joerg Jenderek at Oct 2008,2015 +# following line is too general +0 ubyte 0xb8 +# skip 2 linux kernels like memtest.bin with "\xb8\xc0\x07\x8e" in ./linux +>0 string !\xb8\xc0\x07\x8e # modified by Joerg Jenderek ->1 lelong !0x21cd4cff COM executable for DOS +# syslinux COM32 or COM32R executable +>>1 lelong&0xFFFFFFFe 0x21CD4CFe COM executable (32-bit COMBOOT +# http://www.syslinux.org/wiki/index.php/Comboot_API +# Since version 5.00 c32 modules switched from the COM32 object format to ELF +!:mime application/x-c32-comboot-syslinux-exec +!:ext c32 # http://syslinux.zytor.com/comboot.php +# older syslinux version ( <4 ) # (32-bit COMBOOT) programs *.C32 contain 32-bit code and run in flat-memory 32-bit protected mode # start with assembler instructions mov eax,21cd4cffh -0 uleshort&0xc0ff 0xc0b8 ->1 lelong 0x21cd4cff COM executable (32-bit COMBOOT) +>>>1 lelong 0x21CD4CFf \b) # syslinux:doc/comboot.txt # A COM32R program must start with the byte sequence B8 FE 4C CD 21 (mov # eax,21cd4cfeh) as a magic number. -0 string/b \xb8\xfe\x4c\xcd\x21 COM executable (COM32R) -# start with assembler instructions mov eax,21cd4cfeh -0 uleshort&0xc0ff 0xc0b8 ->1 lelong 0x21cd4cfe COM executable (32-bit COMBOOT, relocatable) -0 string/b \x81\xfc ->4 string \x77\x02\xcd\x20\xb9 +# syslinux version (4.x) +# "COM executable (COM32R)" or "Syslinux COM32 module" by TrID +>>>1 lelong 0x21CD4CFe \b, relocatable) +# remaining are DOS COM executables starting with assembler instruction MOV +# like FreeDOS BANNER*.COM FINDDISK.COM GIF2RAW.COM WINCHK.COM +# MS-DOS SYS.COM RESTART.COM +# SYSLINUX.COM (version 1.40 - 2.13) +# GFXBOOT.COM (version 3.75) +# COPYBS.COM POWEROFF.COM INT18.COM +>>1 default x COM executable for DOS +!:mime application/x-dosexec +#!:mime application/x-ms-dos-executable +#!:mime application/x-msdos-program +!:ext com + +0 string/b \x81\xfc +>4 string \x77\x02\xcd\x20\xb9 >>36 string UPX! FREE-DOS executable (COM), UPX compressed 252 string Must\ have\ DOS\ version DR-DOS executable (COM) # added by Joerg Jenderek at Oct 2008 @@ -453,10 +529,10 @@ #IFMEMDSK.cOM ASSIGN.cOM COMP.cOM 5 string \xcd\x21 COM executable for DOS #DELTMP.COm HASFAT32.cOM -7 string \xcd\x21 +7 string \xcd\x21 >0 byte !0xb8 COM executable for DOS #COMP.cOM MORE.COm -10 string \xcd\x21 +10 string \xcd\x21 >5 string !\xcd\x21 COM executable for DOS #comecho.com 13 string \xcd\x21 COM executable for DOS @@ -504,10 +580,23 @@ 0 string/b PO^Q` Microsoft Word 6.0 Document !:mime application/msword # -0 string/b \376\067\0\043 Microsoft Office Document +4 long 0 +>0 belong 0xfe320000 Microsoft Word for Macintosh 1.0 !:mime application/msword -0 string/b \333\245-\0\0\0 Microsoft Office Document +!:ext mcw +>0 belong 0xfe340000 Microsoft Word for Macintosh 3.0 !:mime application/msword +!:ext mcw +>0 belong 0xfe37001c Microsoft Word for Macintosh 4.0 +!:mime application/msword +!:ext mcw +>0 belong 0xfe370023 Microsoft Word for Macintosh 5.0 +!:mime application/msword +!:ext mcw + +0 string/b \333\245-\0\0\0 Microsoft Word 2.0 Document +!:mime application/msword +!:ext doc 512 string/b \354\245\301 Microsoft Word Document !:mime application/msword @@ -533,17 +622,158 @@ 0 string/b \x09\x04\x06\x00\x00\x00\x10\x00 Microsoft Excel Worksheet !:mime application/vnd.ms-excel # -0 belong 0x00001a00 Lotus 1-2-3 -!:mime application/x-123 ->4 belong 0x00100400 wk3 document data ->4 belong 0x02100400 wk4 document data ->4 belong 0x07800100 fm3 or fmb document data ->4 belong 0x07800000 fm3 or fmb document data +# Update: Joerg Jenderek +# URL: https://en.wikipedia.org/wiki/Lotus_1-2-3 +# Reference: http://www.aboutvb.de/bas/formate/pdf/wk3.pdf +# Note: newer Lotus versions >2 use longer BOF record +# record type (BeginningOfFile=0000h) + length (001Ah) +0 belong 0x00001a00 +# reserved should be 0h but 8c0dh for TUTMAC.WK3, 5h for SAMPADNS.WK3, 1h for a_readme.wk3, 1eh for K&G86.WK3 +#>18 uleshort&0x73E0 0 +# Lotus Multi Byte Character Set (LMBCS=1-31) +>20 ubyte >0 +>>20 ubyte <32 Lotus 1-2-3 +#!:mime application/x-123 +!:mime application/vnd.lotus-1-2-3 +!:apple ????L123 +# (version 5.26) labeled the entry as "Lotus 1-2-3 wk3 document data" +>>>4 uleshort 0x1000 WorKsheet, version 3 +!:ext wk3 +# (version 5.26) labeled the entry as "Lotus 1-2-3 wk4 document data" +>>>4 uleshort 0x1002 WorKsheet, version 4 +# also worksheet template 4 (.wt4) +!:ext wk4/wt4 +# no example or documentation for wk5 +#>>4 uleshort 0x???? WorKsheet, version 4 +#!:ext wk5 +# only MacrotoScript.123 example +>>>4 uleshort 0x1003 WorKsheet, version 97 +# also worksheet template Smartmaster (.12M)? +!:ext 123 +# only Set_Y2K.123 example +>>>4 uleshort 0x1005 WorKsheet, version 9.8 Millennium +!:ext 123 +# no example for this version +>>>4 uleshort 0x8001 FoRMatting data +!:ext frm +# (version 5.26) labeled the entry as "Lotus 1-2-3 fm3 or fmb document data" +# TrID labeles the entry as "Formatting Data for Lotus 1-2-3 worksheet" +>>>4 uleshort 0x8007 ForMatting data, version 3 +!:ext fm3 +>>>4 default x unknown +# file revision sub code 0004h for worksheets +>>>>6 uleshort =0x0004 worksheet +!:ext wXX +>>>>6 uleshort !0x0004 formatting data +!:ext fXX +# main revision number +>>>>4 uleshort x \b, revision 0x%x +>>>6 uleshort =0x0004 \b, cell range +# active cellcoord range (start row, page,column ; end row, page, column) +# start values normally 0~1st sheet A1 +>>>>8 ulelong !0 +>>>>>10 ubyte >0 \b%d* +>>>>>8 uleshort x \b%d, +>>>>>11 ubyte x \b%d- +# end page mostly 0 +>>>>14 ubyte >0 \b%d* +# end raw, column normally not 0 +>>>>12 uleshort x \b%d, +>>>>15 ubyte x \b%d +# Lotus Multi Byte Character Set (1~cp850,2~cp851,...,16~japan,...,31~??) +>>>>20 ubyte >1 \b, character set 0x%x +# flags +>>>>21 ubyte x \b, flags 0x%x +>>>6 uleshort !0x0004 +# record type (FONTNAME=00AEh) +>>>>30 search/29 \0\xAE +# variable length m (2) + entries (1) + ?? (1) + LCMBS string (n) +>>>>>&4 string >\0 \b, 1st font "%s" # -0 belong 0x00000200 Lotus 1-2-3 -!:mime application/x-123 ->4 belong 0x06040600 wk1 document data ->4 belong 0x06800200 fmt document data +# Update: Joerg Jenderek +# URL: http://fileformats.archiveteam.org/wiki/Lotus_1-2-3 +# Reference: http://www.schnarff.com/file-formats/lotus-1-2-3/WSFF2.TXT +# Note: Used by both old Lotus 1-2-3 and Lotus Symphony (DOS) til version 2.x +# record type (BeginningOfFile=0000h) + length (0002h) +0 belong 0x00000200 +# GRR: line above is too general as it catches also MS Windows CURsor +# to display MS Windows cursor (strength=70) before Lotus 1-2-3 (strength=70-1) +!:strength -1 +# skip Windows cursors with image height <256 and keep Lotus with low opcode 0001-0083h +>7 ubyte 0 +# skip Windows cursors with image width 256 and keep Lotus with positiv opcode +>>6 ubyte >0 Lotus +# !:mime application/x-123 +!:mime application/vnd.lotus-1-2-3 +!:apple ????L123 +# revision number (0404h = 123 1A, 0405h = Lotus Symphony , 0406h = 123 2.x wk1 , 8006h = fmt , ...) +# undocumented; (version 5.26) labeled the configurations as "Lotus 1-2-3" +>>>4 uleshort 0x0007 1-2-3 CoNFiguration, version 2.x (PGRAPH.CNF) +!:ext cnf +>>>4 uleshort 0x0C05 1-2-3 CoNFiguration, version 2.4J +!:ext cnf +>>>4 uleshort 0x0801 1-2-3 CoNFiguration, version 1-2.1 +!:ext cnf +>>>4 uleshort 0x0802 Symphony CoNFiguration +!:ext cnf +>>>4 uleshort 0x0804 1-2-3 CoNFiguration, version 2.2 +!:ext cnf +>>>4 uleshort 0x080A 1-2-3 CoNFiguration, version 2.3-2.4 +!:ext cnf +>>>4 uleshort 0x1402 1-2-3 CoNFiguration, version 3.x +!:ext cnf +>>>4 uleshort 0x1450 1-2-3 CoNFiguration, version 4.x +!:ext cnf +# (version 5.26) labeled the entry as "Lotus 123" +# TrID labeles the entry as "Lotus 123 Worksheet (generic)" +>>>4 uleshort 0x0404 1-2-3 WorKSheet, version 1 +# extension "wks" also for Microsoft Works document +!:ext wks +# (version 5.26) labeled the entry as "Lotus 123" +# TrID labeles the entry as "Lotus 123 Worksheet (generic)" +>>>4 uleshort 0x0405 Symphony WoRksheet, version 1.0 +!:ext wrk/wr1 +# (version 5.26) labeled the entry as "Lotus 1-2-3 wk1 document data" +# TrID labeles the entry as "Lotus 123 Worksheet (V2)" +>>>4 uleshort 0x0406 1-2-3/Symphony worksheet, version 2 +# Symphony (.wr1) +!:ext wk1/wr1 +# no example for this japan version +>>>4 uleshort 0x0600 1-2-3 WorKsheet, version 1.xJ +!:ext wj1 +# no example or documentation for wk2 +#>>>4 uleshort 0x???? 1-2-3 WorKsheet, version 2 +#!:ext wk2 +# undocumented japan version +>>>4 uleshort 0x0602 1-2-3 worksheet, version 2.4J +!:ext wj3 +# (version 5.26) labeled the entry as "Lotus 1-2-3 fmt document data" +>>>4 uleshort 0x8006 1-2-3 ForMaTting data, version 2.x +# japan version 2.4J (fj3) +!:ext fmt/fj3 +# no example for this version +>>>4 uleshort 0x8007 1-2-3 FoRMatting data, version 2.0 +!:ext frm +# (version 5.26) labeled the entry as "Lotus 1-2-3" +>>>4 default x unknown worksheet or configuration +!:ext cnf +>>>>4 uleshort x \b, revision 0x%x +# 2nd record for most worksheets describes cells range +>>>6 use lotus-cells +# 3nd record for most japan worksheets describes cells range +>>>(8.s+10) use lotus-cells +# check and then display Lotus worksheet cells range +0 name lotus-cells +# look for type (RANGE=0006h) + length (0008h) at record begin +>0 ubelong 0x06000800 \b, cell range +# cell range (start column, row, end column, row) start values normally 0,0~A1 cell +>>4 ulong !0 +>>>4 uleshort x \b%d, +>>>6 uleshort x \b%d- +# end of cell range +>>8 uleshort x \b%d, +>>10 uleshort x \b%d +# EndOfLotus123 0 string/b WordPro\0 Lotus WordPro !:mime application/vnd.lotus-wordpro 0 string/b WordPro\r\373 Lotus WordPro @@ -588,56 +818,95 @@ 0 string/b \102\101\050\000\000\000\056\000\000\000\000\000\000\000 Icon for MS Windows # Windows icons -0 name ico-dir -# not entirely accurate, the number of icons is part of the header ->0 byte 1 - 1 icon ->0 ubyte >1 - %d icons ->2 byte 0 \b, 256x ->2 byte !0 \b, %dx ->3 byte 0 \b256 ->3 byte !0 \b%d ->4 ubyte !0 \b, %d colors - +# Update: Joerg Jenderek +# URL: https://en.wikipedia.org/wiki/CUR_(file_format) +# Note: similar to Windows CURsor. container for BMP (only DIB part) or PNG 0 belong 0x00000100 >9 byte 0 ->>0 byte x MS Windows icon resource -!:mime image/x-icon ->>4 use ico-dir +>>0 byte x +>>0 use cur-ico-dir >9 ubyte 0xff ->>0 byte x MS Windows icon resource -!:mime image/x-icon ->>4 use ico-dir +>>0 byte x +>>0 use cur-ico-dir +# displays number of icons and information for icon or cursor +0 name cur-ico-dir +# skip some Lotus 1-2-3 worksheets, CYCLE.PIC and keep Windows cursors with +# 1st data offset = dir header size + n * dir entry size = 6 + n * 10h = ?6h +>18 ulelong &0x00000006 +# skip remaining worksheets, because valid only for DIB image (40) or PNG image (\x89PNG) +>>(18.l) ulelong x MS Windows +>>>0 ubelong 0x00000100 icon resource +#!:mime image/vnd.microsoft.icon +!:mime image/x-icon +!:ext ico +>>>>4 uleshort x - %d icon +# plural s +>>>>4 uleshort >1 \bs +# 1st icon +>>>>0x06 use ico-entry +# 2nd icon +>>>>4 uleshort >1 +>>>>>0x16 use ico-entry +>>>0 ubelong 0x00000200 cursor resource +#!:mime image/x-cur +!:mime image/x-win-bitmap +!:ext cur +>>>>4 uleshort x - %d icon +>>>>4 uleshort >1 \bs +# 1st cursor +>>>>0x06 use cur-entry +#>>>>0x16 use cur-entry +# display information of one cursor entry +0 name cur-entry +>0 use cur-ico-entry +>4 uleshort x \b, hotspot @%dx +>6 uleshort x \b%d +# display information of one icon entry +0 name ico-entry +>0 use cur-ico-entry +# normally 0 1 but also found 14 +>4 uleshort >1 \b, %d planes +# normally 0 1 but also found some 3, 4, some 6, 8, 24, many 32, two 256 +>6 uleshort >1 \b, %d bits/pixel +# display shared information of cursor or icon entry +0 name cur-ico-entry +>0 byte =0 \b, 256x +>0 byte !0 \b, %dx +>1 byte =0 \b256 +>1 byte !0 \b%d +# number of colors in palette +>2 ubyte !0 \b, %d colors +# reserved 0 FFh +#>3 ubyte x \b, reserved %x +#>8 ulelong x \b, image size %d +# offset of PNG or DIB image +#>12 ulelong x \b, offset 0x%x +# PNG header (\x89PNG) +>(12.l) ubelong =0x89504e47 +>>&-4 indirect x \b with +# DIB image +>(12.l) ubelong !0x89504e47 +#>>&-4 use dib-image # Windows non-animated cursors -0 name cur-dir -# not entirely accurate, the number of icons is part of the header ->0 byte 1 - 1 icon ->0 ubyte >1 - %d icons ->2 byte 0 \b, 256x ->2 byte !0 \b, %dx ->3 byte 0 \b256 ->3 byte !0 \b%d ->6 uleshort x \b, hotspot @%dx ->8 uleshort x \b%d - +# Update: Joerg Jenderek +# URL: https://en.wikipedia.org/wiki/CUR_(file_format) +# Note: similar to Windows ICOn. container for BMP ( only DIB part) +# GRR: line below is too general as it catches also Lotus 1-2-3 files 0 belong 0x00000200 >9 byte 0 ->>0 byte x MS Windows cursor resource -!:mime image/x-cur ->>4 use cur-dir +>>0 use cur-ico-dir >9 ubyte 0xff ->>0 byte x MS Windows cursor resource -!:mime image/x-cur ->>4 use cur-dir +>>0 use cur-ico-dir # .chr files -0 string/b PK\010\010BGI Borland font +0 string/b PK\010\010BGI Borland font >4 string >\0 %s # then there is a copyright notice # .bgi files -0 string/b pk\010\010BGI Borland device +0 string/b pk\010\010BGI Borland device >4 string >\0 %s # then there is a copyright notice @@ -654,24 +923,6 @@ 0 lelong 0x00000005 >12 lelong 0x00000320 Windows Recycle Bin INFO2 file (Win2k - WinXP) - -##### put in Either Magic/font or Magic/news -# Acroread or something files wrongly identified as G3 .pfm -# these have the form \000 \001 any? \002 \000 \000 -# or \000 \001 any? \022 \000 \000 -0 belong&0xffff00ff 0x00010012 PFM data ->4 string \000\000 ->6 string >\060 - %s - -0 belong&0xffff00ff 0x00010002 PFM data ->4 string \000\000 ->6 string >\060 - %s -#0 string \000\001 pfm? -#>3 string \022\000\000Copyright\ yes -#>3 string \002\000\000Copyright\ yes -#>3 string >\0 oops, not a font file. Cancel that. -#it clashes with ttf files so put it lower down. - # From Doug Lee via a FreeBSD pr 9 string GERBILDOC First Choice document 9 string GERBILDB First Choice database @@ -686,7 +937,7 @@ 0 lelong 0x08086b70 TurboC BGI file 0 lelong 0x08084b50 TurboC Font file -# Debian#712046: The magic below identifies "Delphi compiled form data". +# Debian#712046: The magic below identifies "Delphi compiled form data". # An additional source of information is available at: # http://www.woodmann.com/fravia/dafix_t1.htm 0 string TPF0 @@ -695,7 +946,7 @@ # tests for DBase files moved, updated and merged to database 0 string PMCC Windows 3.x .GRP file -1 string RDC-meg MegaDots +1 string RDC-meg MegaDots >8 byte >0x2F version %c >9 byte >0x2F \b.%c file 0 lelong 0x4C @@ -712,16 +963,16 @@ #>0x181 leshort x \b, offset %x #>0x183 leshort x \b, offsetdata %x #>0x185 leshort x \b, section length %x ->0x187 search/0xB55 WINDOWS\ VMM\ 4.0\0 ->>&0x5e ubyte >0 +>0x187 search/0xB55 WINDOWS\ VMM\ 4.0\0 +>>&0x5e ubyte >0 >>>&-1 string >>&-1 string PIFMGR.DLL \b, icon=%s >>>&-1 string >PIFMGR.DLL \b, icon=%s ->>&0xF0 ubyte >0 +>>&0xF0 ubyte >0 >>>&-1 string >>&-1 string =Terminal \b, font=%.32s >>>&-1 string >Terminal \b, font=%.32s ->>&0x110 ubyte >0 +>>&0x110 ubyte >0 >>>&-1 string >>&-1 string =Lucida\ Console \b, TrueTypeFont=%.32s >>>&-1 string >Lucida\ Console \b, TrueTypeFont=%.32s @@ -737,6 +988,7 @@ # DOS EPS Binary File Header # From: Ed Sznyter 0 belong 0xC5D0D3C6 DOS EPS Binary File +!:mime image/x-eps >4 long >0 Postscript starts at byte %d >>8 long >0 length %d >>>12 long >0 Metafile starts at byte %d @@ -744,15 +996,15 @@ >>>20 long >0 TIFF starts at byte %d >>>>24 long >0 length %d -# TNEF magic From "Joomy" +# TNEF magic From "Joomy" # Microsoft Outlook's Transport Neutral Encapsulation Format (TNEF) -0 leshort 0x223e9f78 TNEF +0 lelong 0x223e9f78 TNEF !:mime application/vnd.ms-tnef # Norton Guide (.NG , .HLP) files added by Joerg Jenderek from source NG2HTML.C # of http://www.davep.org/norton-guides/ng2h-105.tgz # http://en.wikipedia.org/wiki/Norton_Guides -0 string NG\0\001 +0 string NG\0\001 # only value 0x100 found at offset 2 >2 ulelong 0x00000100 Norton Guide # Title[40] @@ -762,7 +1014,7 @@ >>48 string >\0 \b, %-.66s >>114 string >\0 %-.66s -# 4DOS help (.HLP) files added by Joerg Jenderek from source TPHELP.PAS +# 4DOS help (.HLP) files added by Joerg Jenderek from source TPHELP.PAS # of http://www.4dos.info/ # pointer,HelpID[8]=4DHnnnmm 0 ulelong 0x48443408 4DOS help file @@ -810,7 +1062,7 @@ # Windows Enhanced Metafile (EMF) -# See msdn.microsoft.com/archive/en-us/dnargdi/html/msdn_enhmeta.asp +# See msdn.microsoft.com/archive/en-us/dnargdi/html/msdn_enhmeta.asp # for further information. 0 ulelong 1 >40 string \ EMF Windows Enhanced Metafile (EMF) image data @@ -856,7 +1108,8 @@ # Type: Microsoft Document Imaging Format (.mdi) # URL: http://en.wikipedia.org/wiki/Microsoft_Document_Imaging_Format # From: Daniele Sempione -0 short 0x5045 Microsoft Document Imaging Format +# Too weak (EP) +#0 short 0x5045 Microsoft Document Imaging Format # MS eBook format (.lit) 0 string/b ITOLITLS Microsoft Reader eBook Data @@ -869,8 +1122,9 @@ # Windows Imaging (WIM) Image 0 string/b MSWIM\000\000\000 Windows imaging (WIM) image +0 string/b WLPWM\000\000\000 Windows imaging (WIM) image, wimlib pipable format -# The second byte of these signatures is a file version; I don't know what, +# The second byte of these signatures is a file version; I don't know what, # if anything, produced files with version numbers 0-2. # From: John Elliott 0 string \xfc\x03\x00 Mallard BASIC program data (v1.11) @@ -881,3 +1135,66 @@ 0 string MIOPEN Mallard BASIC Jetsam data 0 string Jetsam0 Mallard BASIC Jetsam index data +# DOS backup 2.0 to 3.2 + +# backupid.@@@ + +# plausibility check for date +0x3 ushort >1979 +>0x5 ubyte-1 <31 +>>0x6 ubyte-1 <12 +# actually 121 nul bytes +>>>0x7 string \0\0\0\0\0\0\0\0 +>>>>0x1 ubyte x DOS 2.0 backup id file, sequence %d +!:ext @@@ +>>>>0x0 ubyte 0xff \b, last disk + +# backed up file + +# skip some AppleWorks word like Tomahawk.Awp, WIN98SE-DE.vhd +# by looking for trailing nul of maximal file name string +0x52 ubyte 0 +# test for flag byte: FFh~complete file, 00h~split file +# FFh -127 = -1 -127 = -128 +# 00h -127 = 0 -127 = -127 +>0 byte-127 <-126 +# plausibility check for file name length +>>0x53 ubyte-1 <78 +# looking for terminating nul of file name string +>>>(0x53.b+4) ubyte 0 +# looking if last char of string is valid DOS file name +>>>>(0x53.b+3) ubyte >0x1F +# actually 44 nul bytes +# but sometimes garbage according to Ralf Quint. So can not be used as test +#>0x54 string \0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0 +# first char of full file name is DOS (5Ch) or UNIX (2Fh) path separator +# only DOS variant found. UNIX variant according to V32SLASH.TXT in archive PD0315.EXE +>>>>>5 ubyte&0x8C 0x0C +# ./msdos (version 5.30) labeled the entry as +# "DOS 2.0 backed up file %s, split file, sequence %d" or +# "DOS 2.0 backed up file %s, complete file" +>>>>>>0 ubyte x DOS 2.0-3.2 backed up +#>>>>>>0 ubyte 0xff complete +>>>>>>0 ubyte 0 +>>>>>>>1 uleshort x sequence %d of +# full file name with path but without drive letter and colon stored from 0x05 til 0x52 +>>>>>>0x5 string x file %s +# backup name is original filename +#!:ext * +# magic/Magdir/msdos, 1169: Warning: EXTENSION type ` *' has bad char '*' +# file: line 1169: Bad magic entry ' *' +# after header original file content +>>>>>>128 indirect x \b; + + +# DOS backup 3.3 to 5.x + +# CONTROL.nnn files +0 string \x8bBACKUP\x20 +# actually 128 nul bytes +>0xa string \0\0\0\0\0\0\0\0 +>>0x9 ubyte x DOS 3.3 backup control file, sequence %d +>>0x8a ubyte 0xff \b, last disk + +# NB: The BACKUP.nnn files consist of the files backed up, +# concatenated. --- contrib/file/magic/Magdir/msvc.orig +++ contrib/file/magic/Magdir/msvc @@ -1,10 +1,10 @@ #------------------------------------------------------------------------------ -# $File: msvc,v 1.5 2009/09/19 16:28:11 christos Exp $ +# $File: msvc,v 1.9 2017/08/02 08:15:20 christos Exp $ # msvc: file(1) magic for msvc # "H. Nanosecond" # Microsoft visual C -# +# # I have version 1.0 # .aps @@ -27,12 +27,36 @@ #.pch 0 string DTJPCH0\000\022\103\006\200 Microsoft Visual C .pch -# .pdb -# too long 0 string Microsoft\ C/C++\ program\ database\ -0 string Microsoft\ C/C++\ MSVC program database ->18 string program\ database\ ->33 string >\0 ver %s +# Summary: Symbol Table / Debug info used by Microsoft compilers +# URL: https://en.wikipedia.org/wiki/Program_database +# Reference: https://code.google.com/p/pdbparser/wiki/MSF_Format +# Update: Joerg Jenderek +# Note: test only for Windows XP+SP3 x86 , 8.1 x64 arm and 10.1 x86 +# info does only applies partly for older files like msvbvm50.pdb about year 2001 +0 string Microsoft\ C/C++\040 +# "Microsoft Program DataBase" by TrID +>24 search/14 \r\n\x1A MSVC program database +!:mime application/x-ms-pdb +!:ext pdb +# "MSF 7.00" "program database 2.00" for msvbvm50.pdb +>>16 regex \([0-9.]+\) ver %s +#>>>0x38 search/128123456 /LinkInfo \b with linkinfo +# "MSF 7.00" variant +>>0x1e leshort 0 +# PageSize 400h 1000h +>>>0x20 lelong x \b, %d +# Page Count +>>>0x28 lelong x \b*%d bytes +# "program database 2.00" variant +>>0x1e leshort !0 +# PageSize 400h +>>>0x2c lelong x \b, %d +# Page Count for msoo-dll.pdb 4379h +>>>0x32 leshort x \b*%d bytes +# Reference: https://github.com/Microsoft/vstest/pull/856/commits/fdc7a9f074ca5a8dfeec83b1be9162bf0cf4000d +0 string/c bsjb\001\000\001\000\000\000\000\000\f\000\000\000pdb\ v1.0 Microsoft Rosyln C# debugging symbols version 1.0 + #.sbr 0 string \000\002\000\007\000 MSVC .sbr >5 string >\0 %s --- contrib/file/magic/Magdir/msx.orig +++ contrib/file/magic/Magdir/msx @@ -1,13 +1,13 @@ #------------------------------------------------------------------------------ # msx: file(1) magic for the MSX Home Computer -# v1.1 +# v1.3 # Fabio R. Schmidlin ############## MSX Music file formats ############## # Gigamix MGSDRV music file -0 string MGS MSX Gigamix MGSDRV3 music file, +0 string/b MGS MSX Gigamix MGSDRV3 music file, >6 ubeshort 0x0D0A >>3 byte x \bv%c >>4 byte x \b.%c @@ -14,13 +14,13 @@ >>5 byte x \b%c >>8 string >\0 \b, title: %s -1 string mgs2\ MSX Gigamix MGSDRV2 music file +1 string/b mgs2\ MSX Gigamix MGSDRV2 music file >6 uleshort 0x80 >>0x2E uleshort 0 >>>0x30 string >\0 \b, title: %s # KSS music file -0 string KSCC KSS music file v1.03 +0 string/b KSCC KSS music file v1.03 >0xE byte 0 >>0xF byte&0x02 0 \b, soundchips: AY-3-8910, SCC(+) >>0xF byte&0x02 2 \b, soundchip(s): SN76489 @@ -28,7 +28,7 @@ >>0xF byte&0x01 1 \b, YM2413 >>0xF byte&0x08 8 \b, Y8950 -0 string KSSX KSS music file v1.20 +0 string/b KSSX KSS music file v1.20 >0xE byte&0xEF 0 >>0xF byte&0x40 0x00 \b, 60Hz >>0xF byte&0x40 0x40 \b, 50Hz @@ -35,7 +35,7 @@ >>0xF byte&0x02 0 \b, soundchips: AY-3-8910, SCC(+) >>0xF byte&0x02 0x02 \b, soundchips: SN76489 >>>0xF byte&0x04 0x04 stereo ->>0xF byte&0x01 0x01 \b, +>>0xF byte&0x01 0x01 \b, >>>0xF byte&0x18 0x00 \bYM2413 >>>0xF byte&0x18 0x08 \bYM2413, Y8950 >>>0xF byte&0x18 0x18 \bYM2413+Y8950 pseudostereo @@ -42,11 +42,11 @@ >>0xF byte&0x18 0x10 \b, Majyutsushi DAC # Moonblaster for Moonsound -0 string MBMS +0 string/b MBMS >4 byte 0x10 MSX Moonblaster for MoonSound music # Music Player K-kaz -0 string MPK MSX Music Player K-kaz song +0 string/b MPK MSX Music Player K-kaz song >6 ubeshort 0x0D0A >>3 byte x v%c >>4 byte x \b.%c @@ -70,7 +70,7 @@ >>>>>0 string >\32 \b, title: %s # SCMD music file -0x8B string SCMD +0x8B string/b SCMD >0xCE uleshort 0 MSX SCMD Music file #>>-2 uleshort 0x6a71 ; The file must end with this value. How to code this here? >>0x8F string >\0 \b, title: %s @@ -99,36 +99,8 @@ >>5 uleshort 0 >>>3 uleshort >0x013D MSX Graph Saurus compressed image -# Maki-chan Graphic format -0 string MAKI02\ \ Maki-chan image, ->8 byte x system ID: %c ->9 byte x \b%c ->10 byte x \b%c ->11 byte x \b%c, ->13 search/0x200 \x1A -# >>&3 ubyte 0 , video mode: PC-98 400 lines, 16 analog colors -# >>&3 ubyte 1 , video mode: MSX SC7, 16 analog colors -# >>&3 ubyte 2 , video mode: VM-98 400 lines, 8 analog colors -# >>&3 ubyte 3 , video mode: PC-88 analog, 200 lines, 8 analog colors -# >>&3 ubyte 4 , video mode: 400 lines, 16 digital colors -# >>&3 ubyte 5 , video mode: 200 lines, 16 digital colors -# >>&3 ubyte 6 , video mode: old PC-98 digital 400 lines, 8 colors -# >>&3 ubyte 7 , video mode: PC-88 400 lines, 8 digital colors ->>&8 uleshort+1 x %dx ->>&10 uleshort+1 x \b%d, ->>&3 ubyte&0x82 0x80 256 colors ->>&3 ubyte&0x82 0x00 16 colors ->>&3 ubyte&0x82 0x01 8 colors ->>&3 ubyte&0x04 4 digital ->>&3 ubyte&0x04 0 analog ->>&3 ubyte&0x01 1 \b, 2:1 dot aspect ratio - -# Japanese PIC file -0 string PIC\x1A ->4 lelong 0 Japanese PIC image file - # MSX G9B image file -0 string G9B +0 string/b G9B >1 uleshort 11 >>3 uleshort >10 >>>5 ubyte >0 MSX G9B image, depth=%d @@ -146,70 +118,152 @@ ############## Other MSX file formats ############## -# MSX ROMs -0 string AB +# MSX internal ROMs +0 ubeshort 0xF3C3 +>2 uleshort <0x4000 +>>8 ubyte 0xC3 +>>>9 uleshort <0x4000 +>>>>0x0B ubeshort 0x00C3 +>>>>>0x0D uleshort <0x4000 +>>>>>>0x0F ubeshort 0x00C3 +>>>>>>>0x11 uleshort <0x4000 +>>>>>>>>0x13 ubeshort 0x00C3 +>>>>>>>>>0x15 uleshort <0x4000 +>>>>>>>>>>0x50 ubyte 0xC3 +>>>>>>>>>>>0x51 uleshort <0x4000 +>>>>>>>>>>>>(9.s) ubyte 0xC3 +>>>>>>>>>>>>>&0 uleshort >0x4000 +>>>>>>>>>>>>>>&0 ubyte 0xC3 MSX BIOS+BASIC +>>>>>>>>>>>>>>>0x002D ubyte+1 <3 \b. version=MSX%d +>>>>>>>>>>>>>>>0x002D ubyte 2 \b, version=MSX2+ +>>>>>>>>>>>>>>>0x002D ubyte 3 \b, version=MSX Turbo-R +>>>>>>>>>>>>>>>0x002D ubyte >3 \b, version=Unknown MSX %d version +>>>>>>>>>>>>>>>0x0006 ubyte x \b, VDP.DR=0x%2x +>>>>>>>>>>>>>>>0x0007 ubyte x \b, VDP.DW=0x%2x +>>>>>>>>>>>>>>>0x002B ubyte&0xF 0 \b, charset=Japanese +>>>>>>>>>>>>>>>0x002B ubyte&0xF 1 \b, charset=International +>>>>>>>>>>>>>>>0x002B ubyte&0xF 2 \b, charset=Korean +>>>>>>>>>>>>>>>0x002B ubyte&0xF >2 \b, charset=Unknown id:%d +>>>>>>>>>>>>>>>0x002B ubyte&0x70 0x00 \b, date format=Y-M-D +>>>>>>>>>>>>>>>0x002B ubyte&0x70 0x10 \b, date format=M-D-Y +>>>>>>>>>>>>>>>0x002B ubyte&0x70 0x20 \b, date format=D-M-Y +>>>>>>>>>>>>>>>0x002B ubyte&0x80 0x00 \b, vfreq=60Hz +>>>>>>>>>>>>>>>0x002B ubyte&0x80 0x80 \b, vfreq=50Hz +>>>>>>>>>>>>>>>0x002C ubyte&0x0F 0 \b, keyboard=Japanese +>>>>>>>>>>>>>>>0x002C ubyte&0x0F 1 \b, keyboard=International +>>>>>>>>>>>>>>>0x002C ubyte&0x0F 2 \b, keyboard=French +>>>>>>>>>>>>>>>0x002C ubyte&0x0F 3 \b, keyboard=UK +>>>>>>>>>>>>>>>0x002C ubyte&0x0F 4 \b, keyboard=German +>>>>>>>>>>>>>>>0x002C ubyte&0x0F 5 \b, keyboard=Unknown id:%d +>>>>>>>>>>>>>>>0x002C ubyte&0x0F 6 \b, keyboard=Spanish +>>>>>>>>>>>>>>>0x002C ubyte&0x0F >6 \b, keyboard=Unknown id:%d +>>>>>>>>>>>>>>>0x002C ubyte&0xF0 0x00 \b, basic=Japanese +>>>>>>>>>>>>>>>0x002C ubyte&0xF0 0x10 \b, basic=International +>>>>>>>>>>>>>>>0x002C ubyte&0xF0 >0x10 \b, basic=Unknown id:%d +>>>>>>>>>>>>>>>0x002E ubyte&1 1 \b, built-in MIDI + + +0 string/b CD +>2 uleshort >0x10 +>>2 uleshort <0x4000 +>>>4 uleshort <0x4000 +>>>>6 uleshort <0x4000 +>>>>>8 ubyte 0xC3 +>>>>>>9 uleshort <0x4000 +>>>>>>>0x10 ubyte 0xC3 +>>>>>>>>0x11 uleshort <0x4000 +>>>>>>>>>0x14 ubyte 0xC3 +>>>>>>>>>>0x15 uleshort <0x4000 MSX2/2+/TR SubROM + +0 string \0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0 +>0x5F0 ubequad 0x8282828244380000 +>>0x150 ubyte 0x38 +>>>0x170 string \20\20\20 +>>>>0x1E32 string ()) +>>>>>0x2130 ubequad 0xA5A5594924231807 +>>>>>0x2138 ubequad 0x4A4A3424488830C0 MSX Kanji Font + + + +# MSX extension ROMs +0 string/b AB >2 uleshort 0x0010 MSX ROM >>2 uleshort x \b, init=0x%4x ->>4 uleshort >0 \b, stat=0x%4x ->>6 uleshort >0 \b, dev=0x%4x +>>4 uleshort >0 \b, stahdl=0x%4x +>>6 uleshort >0 \b, devhdl=0x%4x >>8 uleshort >0 \b, bas=0x%4x >2 uleshort 0x4010 MSX ROM >>2 uleshort x \b, init=0x%04x ->>4 uleshort >0 \b, stat=0x%04x ->>6 uleshort >0 \b, dev=0x%04x +>>4 uleshort >0 \b, stahdl=0x%04x +>>6 uleshort >0 \b, devhdl=0x%04x >>8 uleshort >0 \b, bas=0x%04x >2 uleshort 0x8010 MSX ROM >>2 uleshort x \b, init=0x%04x ->>4 uleshort >0 \b, stat=0x%04x ->>6 uleshort >0 \b, dev=0x%04x +>>4 uleshort >0 \b, stahdl=0x%04x +>>6 uleshort >0 \b, devhdl=0x%04x >>8 uleshort >0 \b, bas=0x%04x +0 string/b AB\0\0 +>6 uleshort 0 +>>4 uleshort >0x400F MSX-BASIC extension ROM +>>>4 uleshort >0 \b, stahdl=0x%04x +>>>6 uleshort >0 \b, devhdl=0x%04x +>>>0x1C string OPLL \b, MSX-Music +>>>>0x18 string PAC2 \b (external) +>>>>0x18 string APRL \b (internal) -0 string AB +0 string/b AB\0\0\0\0 +>6 uleshort >0x400F MSX device BIOS +>>6 uleshort >0 \b, devhdl=0x%04x + + +0 string/b AB #>2 string 5JSuperLAYDOCK MSX Super Laydock ROM #>3 string @HYDLIDE3MSX MSX Hydlide-3 ROM #>3 string @3\x80IA862 Golvellius MSX1 ROM ->2 uleshort >10 ->>10 string \0\0\0\0\0\0 MSX ROM ->>>0x10 string YZ\0\0\0\0 Konami Game Master 2 MSX ROM ->>>0x10 string CD \b, Konami RC- ->>>>0x12 ubyte x \b%d ->>>>0x13 ubyte/16 x \b%d ->>>>0x13 ubyte&0xF x \b%d ->>>0x10 string EF \b, Konami RC- ->>>>0x12 ubyte x \b%d ->>>>0x13 ubyte/16 x \b%d ->>>>0x13 ubyte&0xF x \b%d ->>>2 uleshort x \b, init=0x%04x ->>>4 uleshort >0 \b, stat=0x%04x ->>>6 uleshort >0 \b, dev=0x%04x ->>>8 uleshort >0 \b, bas=0x%04x ->2 uleshort 0 ->>4 uleshort 0 ->>>6 uleshort 0 ->>>>8 uleshort >0 MSX BASIC program in ROM, bas=0x%04x +>2 uleshort >15 +>>2 uleshort <0xC000 +>>>8 string \0\0\0\0\0\0\0\0 +>>>>(2.s&0x3FFF) uleshort >0 MSX ROM +>>>>>0x10 string YZ\0\0\0\0 Konami Game Master 2 MSX ROM +>>>>>0x10 string CD \b, Konami RC- +>>>>>>0x12 ubyte x \b%d +>>>>>>0x13 ubyte/16 x \b%d +>>>>>>0x13 ubyte&0xF x \b%d +>>>>>0x10 string EF \b, Konami RC- +>>>>>>0x12 ubyte x \b%d +>>>>>>0x13 ubyte/16 x \b%d +>>>>>>0x13 ubyte&0xF x \b%d +>>>>>2 uleshort x \b, init=0x%04x +>>>>>4 uleshort >0 \b, stahdl=0x%04x +>>>>>6 uleshort >0 \b, devhdl=0x%04x +>>>>>8 uleshort >0 \b, bas=0x%04x +>>>2 uleshort 0 +>>>>4 uleshort 0 +>>>>>6 uleshort 0 +>>>>>>8 uleshort >0 MSX BASIC program in ROM, bas=0x%04x -0x4000 string AB ->0x4002 uleshort >0x4010 ->>0x400A string \0\0\0\0\0\0 MSX MegaROM with nonstandard page order ->>0x4002 uleshort x \b, init=0x%04x ->>0x4004 uleshort >0 \b, stat=0x%04x ->>0x4006 uleshort >0 \b, dev=0x%04x ->>0x4008 uleshort >0 \b, bas=0x%04x +0x4000 string/b AB +>0x4002 uleshort >0x400F +>>0x400A string \0\0\0\0\0\0 MSX ROM with nonstandard page order +>>>0x4002 uleshort x \b, init=0x%04x +>>>0x4004 uleshort >0 \b, stahdl=0x%04x +>>>0x4006 uleshort >0 \b, devhdl=0x%04x +>>>0x4008 uleshort >0 \b, bas=0x%04x -0x8000 string AB ->0x8002 uleshort >0x4010 ->>0x800A string \0\0\0\0\0\0 MSX MegaROM with nonstandard page order ->>0x8002 uleshort x \b, init=0x%04x ->>0x8004 uleshort >0 \b, stat=0x%04x ->>0x8006 uleshort >0 \b, dev=0x%04x ->>0x8008 uleshort >0 \b, bas=0x%04x +0x8000 string/b AB +>0x8002 uleshort >0x400F +>>0x800A string \0\0\0\0\0\0 MSX ROM with nonstandard page order +>>>0x8002 uleshort x \b, init=0x%04x +>>>0x8004 uleshort >0 \b, stahdl=0x%04x +>>>0x8006 uleshort >0 \b, devhdl=0x%04x +>>>0x8008 uleshort >0 \b, bas=0x%04x -0x3C000 string AB +0x3C000 string/b AB >0x3C008 string \0\0\0\0\0\0\0\0 MSX MegaROM with nonstandard page order >>0x3C002 uleshort x \b, init=0x%04x ->>0x3C004 uleshort >0 \b, stat=0x%04x ->>0x3C006 uleshort >0 \b, dev=0x%04x +>>0x3C004 uleshort >0 \b, stahdl=0x%04x +>>0x3C006 uleshort >0 \b, devhdl=0x%04x >>0x3C008 uleshort >0 \b, bas=0x%04x # MSX BIN file @@ -224,7 +278,7 @@ >>1 uleshort >0x8000 MSX-BASIC program # MSX .CAS file -0 string \x1F\xA6\xDE\xBA\xCC\x13\x7D\x74 MSX cassette archive +0 string/b \x1F\xA6\xDE\xBA\xCC\x13\x7D\x74 MSX cassette archive # Mega-Assembler file 0 byte 0xFE @@ -242,7 +296,7 @@ 4 uleshort 0x0900 >0xF byte 1 >>0x14 byte 0 ->>>0x1E string \ \ \ +>>>0x1E string \040\040\040 >>>>0x23 byte 1 >>>>>0x25 byte 0 >>>>>>0x15 string >\x30 --- contrib/file/magic/Magdir/mup.orig +++ contrib/file/magic/Magdir/mup @@ -1,6 +1,6 @@ # ------------------------------------------------------------------------ -# $File: mup,v 1.4 2009/09/19 16:28:11 christos Exp $ +# $File: mup,v 1.5 2017/03/17 21:35:28 christos Exp $ # mup: file(1) magic for Mup (Music Publisher) input file. # # From: Abel Cheung @@ -12,13 +12,13 @@ # 0 search/1 //!Mup Mup music publication program input text >6 string -Arkkra (Arkkra) ->>13 string - ->>>16 string . +>>13 string - +>>>16 string . >>>>14 string x \b, need V%.4s ->>>15 string . +>>>15 string . >>>>14 string x \b, need V%.3s ->6 string - ->>9 string . +>6 string - +>>9 string . >>>7 string x \b, need V%.4s ->>8 string . +>>8 string . >>>7 string x \b, need V%.3s --- contrib/file/magic/Magdir/nasa.orig +++ contrib/file/magic/Magdir/nasa @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# nasa: file(1) magic +# nasa: file(1) magic # From: Barry Carter 0 string DAF/SPK NASA SPICE file (binary format) --- contrib/file/magic/Magdir/netbsd.orig +++ contrib/file/magic/Magdir/netbsd @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: netbsd,v 1.22 2014/12/08 20:53:52 christos Exp $ +# $File: netbsd,v 1.24 2017/03/17 21:35:28 christos Exp $ # netbsd: file(1) magic for NetBSD objects # # All new-style magic numbers are in network byte order. @@ -10,7 +10,7 @@ # 0 belong&0377777777 041400413 a.out NetBSD/i386 demand paged ->0 byte &0x80 +>0 byte &0x80 >>20 lelong <4096 shared library >>20 lelong =4096 dynamically linked executable >>20 lelong >4096 dynamically linked executable @@ -32,7 +32,7 @@ >32 lelong !0 (signal %d) 0 belong&0377777777 041600413 a.out NetBSD/m68k demand paged ->0 byte &0x80 +>0 byte &0x80 >>20 belong <8192 shared library >>20 belong =8192 dynamically linked executable >>20 belong >8192 dynamically linked executable @@ -54,7 +54,7 @@ >32 belong !0 (signal %d) 0 belong&0377777777 042000413 a.out NetBSD/m68k4k demand paged ->0 byte &0x80 +>0 byte &0x80 >>20 belong <4096 shared library >>20 belong =4096 dynamically linked executable >>20 belong >4096 dynamically linked executable @@ -76,7 +76,7 @@ >32 belong !0 (signal %d) 0 belong&0377777777 042200413 a.out NetBSD/ns32532 demand paged ->0 byte &0x80 +>0 byte &0x80 >>20 lelong <4096 shared library >>20 lelong =4096 dynamically linked executable >>20 lelong >4096 dynamically linked executable @@ -101,7 +101,7 @@ >12 string >\0 from '%s' 0 belong&0377777777 042400413 a.out NetBSD/SPARC demand paged ->0 byte &0x80 +>0 byte &0x80 >>20 belong <8192 shared library >>20 belong =8192 dynamically linked executable >>20 belong >8192 dynamically linked executable @@ -123,7 +123,7 @@ >32 belong !0 (signal %d) 0 belong&0377777777 042600413 a.out NetBSD/pmax demand paged ->0 byte &0x80 +>0 byte &0x80 >>20 lelong <4096 shared library >>20 lelong =4096 dynamically linked executable >>20 lelong >4096 dynamically linked executable @@ -145,7 +145,7 @@ >32 lelong !0 (signal %d) 0 belong&0377777777 043000413 a.out NetBSD/vax 1k demand paged ->0 byte &0x80 +>0 byte &0x80 >>20 lelong <4096 shared library >>20 lelong =4096 dynamically linked executable >>20 lelong >4096 dynamically linked executable @@ -167,7 +167,7 @@ >32 lelong !0 (signal %d) 0 belong&0377777777 045400413 a.out NetBSD/vax 4k demand paged ->0 byte &0x80 +>0 byte &0x80 >>20 lelong <4096 shared library >>20 lelong =4096 dynamically linked executable >>20 lelong >4096 dynamically linked executable @@ -189,7 +189,7 @@ >32 lelong !0 (signal %d) # NetBSD/alpha does not support (and has never supported) a.out objects, -# so no rules are provided for them. NetBSD/alpha ELF objects are +# so no rules are provided for them. NetBSD/alpha ELF objects are # dealt with in "elf". 0 lelong 0x00070185 ECOFF NetBSD/alpha binary >10 leshort 0x0001 not stripped @@ -199,7 +199,7 @@ >32 lelong !0 (signal %d) 0 belong&0377777777 043400413 a.out NetBSD/mips demand paged ->0 byte &0x80 +>0 byte &0x80 >>20 belong <8192 shared library >>20 belong =8192 dynamically linked executable >>20 belong >8192 dynamically linked executable @@ -286,3 +286,20 @@ >4 leshort x \b, (headersize = %d >6 leshort x \b, segmentsize = %d >6 lelong x \b, segments = %d) + +# little endian only for now. +0 name ktrace +>4 leshort 7 +>>6 leshort <3 NetBSD ktrace file version %d +>>>12 string x from %s +>>>56 string x \b, emulation %s +>>>8 lelong <65536 \b, pid=%d + +56 string netbsd +>0 use ktrace +56 string linux +>0 use ktrace +56 string sunos +>0 use ktrace +56 string hpux +>0 use ktrace --- contrib/file/magic/Magdir/netscape.orig +++ contrib/file/magic/Magdir/netscape @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: netscape,v 1.7 2015/08/24 05:20:52 christos Exp $ +# $File: netscape,v 1.8 2017/03/17 21:35:28 christos Exp $ # netscape: file(1) magic for Netscape files # "H. Nanosecond" # version 3 and 4 I think @@ -15,8 +15,8 @@ # .snm Caches 0 string #\ Netscape\ folder\ cache Netscape folder cache 0 string \000\036\204\220\000 Netscape folder cache -# .n2p -# Net 2 Phone +# .n2p +# Net 2 Phone #0 string 123\130\071\066\061\071\071\071\060\070\061\060\061\063\060 0 string SX961999 Net2phone --- contrib/file/magic/Magdir/nitpicker.orig +++ contrib/file/magic/Magdir/nitpicker @@ -1,9 +1,9 @@ #------------------------------------------------------------------------------ -# $File: nitpicker,v 1.6 2014/04/30 21:41:02 christos Exp $ +# $File: nitpicker,v 1.7 2017/03/17 21:35:28 christos Exp $ # nitpicker: file(1) magic for Flowfiles. # From: Christian Jachmann http://www.nitpicker.de -0 string NPFF NItpicker Flow File +0 string NPFF NItpicker Flow File >4 byte x V%d. >5 byte x %d >6 bedate x started: %s --- contrib/file/magic/Magdir/os2.orig +++ contrib/file/magic/Magdir/os2 @@ -1,12 +1,12 @@ #------------------------------------------------------------------------------ -# $File: os2,v 1.8 2015/01/05 00:17:13 christos Exp $ +# $File: os2,v 1.10 2017/03/17 21:35:28 christos Exp $ # os2: file(1) magic for OS/2 files # # Provided 1998/08/22 by # David Mediavilla -1 search/1 InternetShortcut MS Windows 95 Internet shortcut text +1 search/100 InternetShortcut MS Windows 95 Internet shortcut text >17 search/100 URL= (URL=< >>&0 string x \b%s>) @@ -25,7 +25,7 @@ #>5 string >\ (Local file) <%s> # >>>>> OS/2 INF/HLP <<<<< (source: Daniel Dissett ddissett@netcom.com) -# Carl Hauser (chauser.parc@xerox.com) and +# Carl Hauser (chauser.parc@xerox.com) and # Marcus Groeber (marcusg@ph-cip.uni-koeln.de) # list the following header format in inf02a.doc: # @@ -35,11 +35,11 @@ # // bit 0: set if INF style file # // bit 4: set if HLP style file # // patching this byte allows reading HLP files -# // using the VIEW command, while help files +# // using the VIEW command, while help files # // seem to work with INF settings here as well. # int16 hdrsize; // total size of header # int16 unknown2; // unknown purpose -# +# 0 string HSP\x01\x9b\x00 OS/2 INF >107 string >0 (%s) 0 string HSP\x10\x9b\x00 OS/2 HLP --- contrib/file/magic/Magdir/os9.orig +++ contrib/file/magic/Magdir/os9 @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: os9,v 1.7 2011/05/13 22:15:54 christos Exp $ +# $File: os9,v 1.8 2017/03/17 21:35:28 christos Exp $ # # Copyright (c) 1996 Ignatios Souvatzis. All rights reserved. # @@ -15,7 +15,7 @@ # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR # IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. # IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, # PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; --- contrib/file/magic/Magdir/pbf.orig +++ contrib/file/magic/Magdir/pbf @@ -1,11 +1,11 @@ #------------------------------------------------------------------------------ -# $File: pbf,v 1.1 2013/12/21 14:27:24 christos Exp $ +# $File: pbf,v 1.2 2017/01/18 16:16:21 christos Exp $ # file(1) magic(5) data for OpenStreetMap # OpenStreetMap Protocolbuffer Binary Format (.osm.pbf) # http://wiki.openstreetmap.org/wiki/PBF_Format # From: Markus Heidelberg -0 belong 0x0000000D ->4 beshort 0x0A09 ->>6 string OSMHeader OpenStreetMap Protocolbuffer Binary Format +0 belong&0xfffffff0 0 +>4 beshort 0x0A09 +>>6 string OSMHeader OpenStreetMap Protocolbuffer Binary Format --- contrib/file/magic/Magdir/pc88.orig +++ contrib/file/magic/Magdir/pc88 @@ -0,0 +1,24 @@ +#------------------------------------------------------------------------------ +# pc88: file(1) magic for the NEC Home Computer +# v1.0 +# Fabio R. Schmidlin + +# PC88 2D disk image +0x20 ulelong&0xFFFFFEFF 0x2A0 +>0x10 string \0\0\0\0\0\0\0\0\0\0 +>>0x280 string \0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0 +>>>0x1A ubyte&0xEF 0 +>>>>0x1B ubyte&0x8F 0 +>>>>>0x1B ubyte&70 <0x40 +>>>>>>0x1C ulelong >0x21 +>>>>>>>0 regex [[:print:]]* NEC PC-88 disk image, name=%s +>>>>>>>>0x1B ubyte 0 \b, media=2D +>>>>>>>>0x1B ubyte 0x10 \b, media=2DD +>>>>>>>>0x1B ubyte 0x20 \b, media=2HD +>>>>>>>>0x1B ubyte 0x30 \b, media=1D +>>>>>>>>0x1B ubyte 0x40 \b, media=1DD +>>>>>>>>0x1A ubyte 0x10 \b, write-protected + + + + --- contrib/file/magic/Magdir/pc98.orig +++ contrib/file/magic/Magdir/pc98 @@ -0,0 +1,77 @@ +#------------------------------------------------------------------------------ +# pc98: file(1) magic for the MSX Home Computer +# v1.0 +# Fabio R. Schmidlin + +# Maki-chan v1 Graphic format +# The image resolution should be X=(44.L - 40.L) and Y=(46.L - 42.L), but I couldn't find a way to do so +# http://www.jisyo.com/viewer/faq/maki_tech.htm +0 string/b MAKI01 Maki-chan v1. +>6 ubyte|0x20 x \b%c image +>8 ubelong >0x40404040 \b, system ID: +>>8 byte x %c +>>9 byte x \b%c +>>10 byte x \b%c +>>11 byte x \b%c +>44 ubeshort x \b, %dx +>46 ubeshort x \b%d +>38 ubeshort&2 0 \b, 16 paletted RGB colors +>38 ubeshort&2 2 \b, 8 fixed RGB colors +>38 ubeshort&1 1 \b, 2:1 dot aspect ratio + +# Maki-chan v2 Graphic format +# http://www.jisyo.com/viewer/faq/mag_tech.htm +# http://mooncore.eu/bunny/txt/makichan.htm +# http://metanest.jp/mag/mag.xhtml +0 string/b MAKI02\ \ Maki-chan v2 image, +>8 byte x system ID: %c +>9 byte x \b%c +>10 byte x \b%c +>11 byte x \b%c, +>13 search/0x200 \x1A +#Maki-chan video modes are a bit messy and seems to have been expanded over the years without too much planing: +#1) When offset1(ubeshort) !=0x0344: +# 1.1) And offset3(ubyte).b7=0: +# - b0=pixel aspect ratio: 1=2:1 (note: this ignores that the machine's 1:1 pixel aspect ratio isn't really 1:1) +# - b1=number of colors: 0=16 colors, 1=8 colors +# - b2=Palette or fixed colors flag (called "analog" and "digital" in the doc): 0=Paletted, 1=Fixed colors encoded directly in the pixel data +# 1.2) And offset3(ubyte).B7=1: +# - b0=256 paletted colors +# - b1=256 fixed colors using the MSX SCR8 palette +#2) When offset1(ubeshort) =0x0344: +# - 256x212 image with 19268 YJK colors. The usual resolution and color information fields from the file must be ignored +>>&1 ubeshort 0x0344 256x212, 19268 fixed YJK colors +>>&1 ubeshort !0x0344 +>>>&5 uleshort+1 x %dx +>>>&7 uleshort+1 x \b%d, +>>>&0 ubyte&0x86 0x00 16 paletted RGB colors +>>>&0 ubyte&0x86 0x02 8 paletted RGB colors +>>>&0 ubyte&0x86 0x04 16 fixed RGB colors +>>>&0 ubyte&0x86 0x06 8 fixed RGB colors +>>>&0 ubyte&0x81 0x80 256 paletted RGB colors +>>>&0 ubyte&0x81 0x81 256 fixed MSX-SCR8 colors +>>>&0 ubyte&0x01 1 \b, 2:1 dot aspect ratio + +# XLD4 (Q4) picture +11 string/b MAJYO XLD4(Q4) picture + +# Yanagisawa Pi picture +#0 string Pi\x1A\0 Yanagisawa Pi picture +#>3 search/0x200 \x04 +0 string Pi +>2 search/0x200 \x1A +>>&0 ubyte 0 +>>>&3 ubyte 4 Yanagisawa Pi 16 color picture, +>>>&4 byte x system ID: %c +>>>&5 byte x \b%c +>>>&6 byte x \b%c +>>>&7 byte x \b%c, +>>>&10 ubeshort x %dx +>>>&12 ubeshort x \b%d +>>>&3 ubyte 8 Yanagisawa Pi 256 color picture +>>>&4 byte x system ID: %c +>>>&5 byte x \b%c +>>>&6 byte x \b%c +>>>&7 byte x \b%c, +>>>&10 ubeshort x %dx +>>>&12 ubeshort x \b%d --- contrib/file/magic/Magdir/pdf.orig +++ contrib/file/magic/Magdir/pdf @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: pdf,v 1.8 2015/01/11 18:19:18 christos Exp $ +# $File: pdf,v 1.9 2017/05/24 17:35:20 christos Exp $ # pdf: file(1) magic for Portable Document Format # @@ -20,3 +20,8 @@ !:mime application/vnd.fdf >5 byte x \b, version %c >7 byte x \b.%c + +0 search/256 %PDF- PDF document +!:mime application/pdf +>&0 byte x \b, version %c +>&2 byte x \b.%c --- contrib/file/magic/Magdir/pdp.orig +++ contrib/file/magic/Magdir/pdp @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: pdp,v 1.10 2014/04/30 21:41:02 christos Exp $ +# $File: pdp,v 1.11 2017/03/17 21:35:28 christos Exp $ # pdp: file(1) magic for PDP-11 executable/object and APL workspace # 0 lelong 0101555 PDP-11 single precision APL workspace @@ -14,8 +14,8 @@ # updated by Joerg Jenderek at Mar 2013 # GRR: line below too general as it catches also Windows precompiled setup information *.PNF -0 leshort 0401 -# skip *.PNF with WinDirPathOffset 58h +0 leshort 0401 +# skip *.PNF with WinDirPathOffset 58h >68 ulelong !0x00000058 PDP-11 UNIX/RT ldp # skip *.PNF with high byte of InfVersionDatumCount zero #>>15 byte !0 PDP-11 UNIX/RT ldp --- contrib/file/magic/Magdir/perl.orig +++ contrib/file/magic/Magdir/perl @@ -1,5 +1,5 @@ #------------------------------------------------------------------------------ -# $File: perl,v 1.24 2015/03/27 17:58:58 christos Exp $ +# $File: perl,v 1.26 2017/02/21 18:34:55 christos Exp $ # perl: file(1) magic for Larry Wall's perl language. # # The `eval' lines recognizes an outrageously clever hack. @@ -23,24 +23,24 @@ !:mime text/x-perl 0 search/1024 eval\ '(exit\ $?0)'\ &&\ eval\ 'exec Perl script text !:mime text/x-perl -0 search/1024 #!/usr/bin/env\ perl Perl script text executable +0 string #!/usr/bin/env\ perl Perl script text executable !:mime text/x-perl -0 search/1024 #!\ /usr/bin/env\ perl Perl script text executable +0 string #!\ /usr/bin/env\ perl Perl script text executable !:mime text/x-perl -0 search/1024 #! +0 string #! >0 regex \^#!.*/bin/perl([[:space:]].*)*$ Perl script text executable !:mime text/x-perl # by Dmitry V. Levin and Alexey Tourbin # check the first line -0 search/1024 package +0 search/8192 package >0 regex \^package[\ \t]+[0-9A-Za-z_:]+\ *; Perl5 module source text -!:strength + 10 +!:strength + 40 # not 'p', check other lines -0 search/1024 !p +0 search/8192 !p >0 regex \^package[\ \t]+[0-9A-Za-z_:]+\ *; >>0 regex \^1\ *;|\^(use|sub|my)\ .*[(;{=] Perl5 module source text -!:strength + 10 +!:strength + 75 # Perl POD documents # From: Tom Hukins --- contrib/file/magic/Magdir/pgf.orig +++ contrib/file/magic/Magdir/pgf @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: pgf,v 1.1 2013/04/22 15:19:49 christos Exp $ +# $File: pgf,v 1.2 2017/03/17 21:35:28 christos Exp $ # pgf: file(1) magic for Progressive Graphics File (PGF) # # @@ -42,7 +42,7 @@ >>20 byte 19 RGB color 12, >>20 byte 20 RGB color 16, >>20 byte 255 unknown format, ->>20 default x format +>>20 default x format >>>20 byte x \b %d, >>21 byte x %d bpc # PGFPostHeader --- contrib/file/magic/Magdir/pgp.orig +++ contrib/file/magic/Magdir/pgp @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: pgp,v 1.11 2014/11/11 21:32:38 christos Exp $ +# $File: pgp,v 1.14 2017/03/17 21:35:28 christos Exp $ # pgp: file(1) magic for Pretty Good Privacy # see http://lists.gnupg.org/pipermail/gnupg-devel/1999-September/016052.html # @@ -19,15 +19,15 @@ #>15 string SIGNED\040MESSAGE- signed message #>15 string PGP\040SIGNATURE- signature -2 string ---BEGIN\ PGP\ PUBLIC\ KEY\ BLOCK- PGP public key block +2 string ---BEGIN\040PGP\040PUBLIC\040KEY\040BLOCK- PGP public key block !:mime application/pgp-keys >10 search/100 \n\n >>&0 use pgp -0 string -----BEGIN\040PGP\40MESSAGE- PGP message +0 string -----BEGIN\040PGP\040MESSAGE- PGP message !:mime application/pgp >10 search/100 \n\n >>&0 use pgp -0 string -----BEGIN\040PGP\40SIGNATURE- PGP signature +0 string -----BEGIN\040PGP\040SIGNATURE- PGP signature !:mime application/pgp-signature >10 search/100 \n\n >>&0 use pgp @@ -77,7 +77,7 @@ >0 byte 0x30 >>1 byte&0xc0 0x00 Unused [0%x] >>1 byte&0xc0 0x40 User Attribute ->>1 byte&0xc0 0x80 Sym. Encrypted and Integrity Protected Data +>>1 byte&0xc0 0x80 Sym. Encrypted and Integrity Protected Data >>1 byte&0xc0 0xc0 Modification Detection Code # magic signatures to detect PGP crypto material (from stef) @@ -194,6 +194,23 @@ >0 byte 0x0a SHA512 >0 byte 0x0b SHA224 +# display public key algorithms as human readable text +0 name key_algo +>0 byte 0x01 RSA (Encrypt or Sign) +# keep old look of version 5.28 without parentheses +>0 byte 0x02 RSA Encrypt-Only +>0 byte 0x03 RSA (Sign-Only) +>0 byte 16 ElGamal (Encrypt-Only) +>0 byte 17 DSA +>0 byte 18 Elliptic Curve +>0 byte 19 ECDSA +>0 byte 20 ElGamal (Encrypt or Sign) +>0 byte 21 Diffie-Hellman +>0 default x +>>0 ubyte <22 unknown (pub %d) +# this should never happen +>>0 ubyte >21 invalid (%d) + # pgp symmetric encrypted data 0 byte 0x8c PGP symmetric key encrypted data - @@ -465,5 +482,41 @@ >1 use pgpkey 0 byte 0x97 PGP Secret Sub-key - >1 use pgpkey -0 byte 0x9d PGP Secret Sub-key - ->1 use pgpkey +0 byte 0x9d +# Update: Joerg Jenderek +# secret subkey packet (tag 7) with same structure as secret key packet (tag 5) +# skip Fetus.Sys16 CALIBUS.MAIN OrbFix.Sys16.Ex by looking for positive len +>1 ubeshort >0 +#>1 ubeshort x \b, body length 0x%x +# next packet type often 88h,89h~(tag 2)~Signature Packet +#>>(1.S+3) ubyte x \b, next packet type 0x%x +# skip Dragon.SHR DEMO.INIT by looking for positive version +>>3 ubyte >0 +# skip BUISSON.13 GUITAR1 by looking for low version number +>>>3 ubyte <5 PGP Secret Sub-key +# sub-key are normally part of secret key. So it does not occur as standalone file +#!:ext bin +# version 2,3~old 4~new . Comment following line for version 5.28 look +>>>>3 ubyte x (v%d) +>>>>3 ubyte x - +# old versions 2 or 3 but no real example found +>>>>3 ubyte <4 +# 2 byte for key bits in version 5.28 look +>>>>>11 ubeshort x %db +>>>>>4 beldate x created on %s - +# old versions use 2 additional bytes after time stamp +#>>>>>8 ubeshort x 0x%x +# display key algorithm 1~RSA Encrypt|Sign - 21~Diffie-Hellman +>>>>>10 use key_algo +>>>>>(11.S/8) ubequad x +# look after first key +>>>>>>&5 use keyend +# new version +>>>>3 ubyte >3 +>>>>>9 ubeshort x %db +>>>>>4 beldate x created on %s - +# display key algorithm +>>>>>8 use key_algo +>>>>>(9.S/8) ubequad x +# look after first key for something like s2k +>>>>>>&3 use keyend --- contrib/file/magic/Magdir/polyml.orig +++ contrib/file/magic/Magdir/polyml @@ -0,0 +1,23 @@ + +#------------------------------------------------------------------------------ +# $File: polyml,v 1.1 2016/02/26 15:52:45 christos Exp $ +# polyml: file(1) magic for PolyML +# +# PolyML +# MPEG, FLI, DL originally from vax@ccwf.cc.utexas.edu (VaX#n8) +# FLC, SGI, Apple originally from Daniel Quinlan (quinlan@yggdrasil.com) + +# [0]: http://www.polyml.org/ +# [1]: https://github.com/polyml/polyml/blob/master/\ +# libpolyml/savestate.cpp#L146-L147 +# [2]: https://github.com/polyml/polyml/blob/master/\ +# libpolyml/savestate.cpp#L1262-L1263 + +# Type: Poly/ML saved data +# From: Matthew Fernandez + +0 string POLYSAVE Poly/ML saved state +>8 long x version %u + +0 string POLYMODU Poly/ML saved module +>8 long x version %u --- contrib/file/magic/Magdir/printer.orig +++ contrib/file/magic/Magdir/printer @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: printer,v 1.26 2014/04/12 14:51:52 christos Exp $ +# $File: printer,v 1.28 2017/03/17 22:20:22 christos Exp $ # printer: file(1) magic for printer-formatted files # @@ -13,7 +13,7 @@ >>>15 string EPS \b, type %s >>>15 string Query \b, type %s >>>15 string ExitServer \b, type %s ->>>15 search/1000 %%LanguageLevel:\ +>>>15 search/1000 %%LanguageLevel:\040 >>>>&0 string >\0 \b, Level %s # Some PCs have the annoying habit of adding a ^D as a document separator 0 string \004%! PostScript document text @@ -24,7 +24,7 @@ >>>16 string EPS \b, type %s >>>16 string Query \b, type %s >>>16 string ExitServer \b, type %s ->>>16 search/1000 %%LanguageLevel:\ +>>>16 search/1000 %%LanguageLevel:\040 >>>>&0 string >\0 \b, Level %s 0 string \033%-12345X%!PS PostScript document @@ -49,18 +49,18 @@ # HP Printer Job Language 0 string \033%-12345X@PJL HP Printer Job Language data # HP Printer Job Language -# The header found on Win95 HP plot files is the "Silliest Thing possible" +# The header found on Win95 HP plot files is the "Silliest Thing possible" # (TM) # Every driver puts the language at some random position, with random case # (LANGUAGE and Language) # For example the LaserJet 5L driver puts the "PJL ENTER LANGUAGE" in line 10 # From: Uwe Bonnes -# +# 0 string \033%-12345X@PJL HP Printer Job Language data ->&0 string >\0 %s ->>&0 string >\0 %s ->>>&0 string >\0 %s ->>>>&0 string >\0 %s +>&0 string >\0 %s +>>&0 string >\0 %s +>>>&0 string >\0 %s +>>>>&0 string >\0 %s #>15 string \ ENTER\ LANGUAGE\ = #>31 string PostScript PostScript @@ -143,8 +143,8 @@ #------------------------------------------------------------------------------ # HP LaserJet 1000 series downloadable firmware file -0 string \xbe\xefABCDEFGH HP LaserJet 1000 series downloadable firmware +0 string \xbe\xefABCDEFGH HP LaserJet 1000 series downloadable firmware # From: Paolo -# Epson ESC/Page, ESC/PageColor +# Epson ESC/Page, ESC/PageColor 0 string \x1b\x01@EJL Epson ESC/Page language printer data --- contrib/file/magic/Magdir/project.orig +++ contrib/file/magic/Magdir/project @@ -1,8 +1,8 @@ #------------------------------------------------------------------------------ -# $File: project,v 1.4 2009/09/19 16:28:11 christos Exp $ +# $File: project,v 1.5 2017/03/17 21:35:28 christos Exp $ # project: file(1) magic for Project management -# +# # Magic strings for ftnchek project files. Alexander Mai 0 string FTNCHEK_\ P project file for ftnchek >10 string 1 version 2.7 --- contrib/file/magic/Magdir/psdbms.orig +++ contrib/file/magic/Magdir/psdbms @@ -1,8 +1,14 @@ #------------------------------------------------------------------------------ -# $File: psdbms,v 1.6 2009/09/19 16:28:11 christos Exp $ +# $File: psdbms,v 1.8 2017/03/17 21:35:28 christos Exp $ # psdbms: file(1) magic for psdatabase # -0 belong&0xff00ffff 0x56000000 ps database ->1 string >\0 version %s ->4 string >\0 from kernel %s +# Update: Joerg Jenderek +# GRR: line below too general as it catches also some Panorama database *.pan , +# AppleWorks word processor +0 belong&0xff00ffff 0x56000000 +# assume version starts with digit +>1 regex/s =^[0-9] ps database +>>1 string >\0 version %s +# kernel name +>>4 string >\0 from kernel %s --- contrib/file/magic/Magdir/psl.orig +++ contrib/file/magic/Magdir/psl @@ -0,0 +1,14 @@ + +#------------------------------------------------------------------------------ +# $File: psl,v 1.2 2016/07/14 17:34:27 christos Exp $ +# psl: file(1) magic for Public Suffix List representations +# From: Daniel Kahn Gillmor +# URL: https://publicsuffix.org +# see also: http://thread.gmane.org/gmane.network.dns.libpsl.bugs/162/focus=166 + +0 search/512 \n\n//\ ===BEGIN\ ICANN\ DOMAINS===\n\n Public Suffix List data + +0 string .DAFSA@PSL_ +>15 string \n Public Suffix List data (optimized) +>>11 byte >0x2f +>>>11 byte <0x3a (Version %c) --- contrib/file/magic/Magdir/python.orig +++ contrib/file/magic/Magdir/python @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: python,v 1.27 2015/09/08 13:59:44 christos Exp $ +# $File: python,v 1.34 2017/08/14 07:40:38 christos Exp $ # python: file(1) magic for python # # Outlook puts """ too for urgent messages @@ -9,7 +9,7 @@ 0 string/t """ Python script text executable # MAGIC as specified in Python/import.c (1.5 to 2.7a0 and 3.1a0, assuming # that Py_UnicodeFlag is off for Python 2) -# 20121 ( YEAR - 1995 ) + MONTH + DAY (little endian followed by "\r\n" +# two bytes of magic followed by "\r\n" in little endian order 0 belong 0x994e0d0a python 1.5/1.6 byte-compiled 0 belong 0x87c60d0a python 2.0 byte-compiled 0 belong 0x2aeb0d0a python 2.1 byte-compiled @@ -24,30 +24,48 @@ 0 belong 0x6c0c0d0a python 3.2 byte-compiled 0 belong 0x9e0c0d0a python 3.3 byte-compiled 0 belong 0xee0c0d0a python 3.4 byte-compiled +0 belong 0x160d0d0a python 3.5.1- byte-compiled +0 belong 0x170d0d0a python 3.5.2+ byte-compiled +0 belong 0x330d0d0a python 3.6 byte-compiled +0 belong 0x3e0d0d0a python 3.7 byte-compiled + 0 search/1/w #!\ /usr/bin/python Python script text executable -!:strength + 10 +!:strength + 15 !:mime text/x-python 0 search/1/w #!\ /usr/local/bin/python Python script text executable -!:strength + 10 +!:strength + 15 !:mime text/x-python 0 search/1 #!/usr/bin/env\ python Python script text executable -!:strength + 10 +!:strength + 15 !:mime text/x-python 0 search/10 #!\ /usr/bin/env\ python Python script text executable -!:strength + 10 +!:strength + 15 !:mime text/x-python # from module.submodule import func1, func2 -0 regex \^from\\s+(\\w|\\.)+\\s+import.*$ Python script text executable +0 regex \^from[\040\t\f\r\n]+([A-Za-z0-9_]|\\.)+[\040\t\f\r\n]+import.*$ Python script text executable +!:strength + 15 !:mime text/x-python # def __init__ (self, ...): 0 search/4096 def\ __init__ >&0 search/64 self Python script text executable +!:strength + 15 !:mime text/x-python +# if __name__ == "__main__": +0 search/4096 if\ __name__ +>&0 search/64 '__main__' Python script text executable +>&0 search/64 "__main__" Python script text executable +!:strength + 15 +!:mime text/x-python + +# import module [as abrev] +0 regex \^import\ [_[:alpha:]]+\ as\ [[:alpha:]][[:space:]]*$ Python script text executable +!:mime text/x-python + # comments #0 search/4096 ''' #>&0 regex .*'''$ Python script text executable @@ -61,12 +79,19 @@ # except: or finally: # block 0 search/4096 try: ->&0 regex \^\\s*except.*: Python script text executable +>&0 regex \^[[:space:]]*except.*:$ Python script text executable +!:strength + 15 !:mime text/x-python >&0 search/4096 finally: Python script text executable !:mime text/x-python -# def name(args, args): -0 regex \^(\ |\\t){0,50}def\ {1,50}[a-zA-Z]{1,100} ->&0 regex \ {0,50}\\(([a-zA-Z]|,|\ ){1,255}\\):$ Python script text executable +# class name[(base classes,)]: [pass] +0 regex \^class\ [_[:alpha:]]+(\\(.*\\))?(\ )*:([\ \t]+pass)?$ Python script text executable +!:strength + 15 !:mime text/x-python + +# def name(*args, **kwargs): +0 regex \^[[:space:]]{0,50}def\ {1,50}[_a-zA-Z]{1,100} +>&0 regex \\(([[:alpha:]*_,\ ]){0,255}\\):$ Python script text executable +!:strength + 15 +!:mime text/x-python --- contrib/file/magic/Magdir/riff.orig +++ contrib/file/magic/Magdir/riff @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: riff,v 1.31 2015/02/14 17:30:03 christos Exp $ +# $File: riff,v 1.32 2017/03/17 21:35:28 christos Exp $ # riff: file(1) magic for RIFF format # See # @@ -75,7 +75,7 @@ >>18 leshort x \b, %d entries # RIFF Device Independent Bitmap format >8 string RDIB \b, device-independent bitmap ->>16 string BM +>>16 string BM >>>30 leshort 12 \b, OS/2 1.x format >>>>34 leshort x \b, %d x >>>>36 leshort x %d @@ -226,9 +226,9 @@ >8 string sfbk SoundFont/Bank # MPEG-1 wrapped in a RIFF, apparently >8 string CDXA \b, wrapped MPEG-1 (CDXA) ->8 string 4XMV \b, 4X Movie file +>8 string 4XMV \b, 4X Movie file # AMV-type AVI file: http://wiki.multimedia.cx/index.php?title=AMV ->8 string AMV\040 \b, AMV +>8 string AMV\040 \b, AMV >8 string WEBP \b, Web/P image !:mime image/webp >>12 use riff-walk @@ -246,7 +246,7 @@ >>18 beshort x \b, %d entries # RIFF Device Independent Bitmap format >8 string RDIB \b, device-independent bitmap ->>16 string BM +>>16 string BM >>>30 beshort 12 \b, OS/2 1.x format >>>>34 beshort x \b, %d x >>>>36 beshort x %d @@ -284,7 +284,7 @@ #------------------------------------------------------------------------------ # Sony Wave64 # see http://www.vcs.de/fileadmin/user_upload/MBS/PDF/Whitepaper/Informations_about_Sony_Wave64.pdf -# 128 bit RIFF-GUID { 66666972-912E-11CF-A5D6-28DB04C10000 } in little-endian +# 128 bit RIFF-GUID { 66666972-912E-11CF-A5D6-28DB04C10000 } in little-endian 0 string riff\x2E\x91\xCF\x11\xA5\xD6\x28\xDB\x04\xC1\x00\x00 Sony Wave64 RIFF data # 128 bit + total file size (64 bits) so 24 bytes # then WAVE-GUID { 65766177-ACF3-11D3-8CD1-00C04F8EDB8A } --- contrib/file/magic/Magdir/ruby.orig +++ contrib/file/magic/Magdir/ruby @@ -1,28 +1,51 @@ #------------------------------------------------------------------------------ -# $File: ruby,v 1.5 2010/07/21 16:47:17 christos Exp $ +# $File: ruby,v 1.7 2017/08/14 13:39:18 christos Exp $ # ruby: file(1) magic for Ruby scripting language # URL: http://www.ruby-lang.org/ # From: Reuben Thomas # Ruby scripts -0 search/1/w #!\ /usr/bin/ruby Ruby script text executable +0 search/1/w #!\ /usr/bin/ruby Ruby script text executable +!:strength + 15 !:mime text/x-ruby 0 search/1/w #!\ /usr/local/bin/ruby Ruby script text executable +!:strength + 15 !:mime text/x-ruby -0 search/1 #!/usr/bin/env\ ruby Ruby script text executable +0 search/1 #!/usr/bin/env\ ruby Ruby script text executable +!:strength + 15 !:mime text/x-ruby -0 search/1 #!\ /usr/bin/env\ ruby Ruby script text executable +0 search/1 #!\ /usr/bin/env\ ruby Ruby script text executable +!:strength + 15 !:mime text/x-ruby # What looks like ruby, but does not have a shebang # (modules and such) # From: Lubomir Rintel -0 regex \^[\ \t]*require[\ \t]'[A-Za-z_/]+' ->0 regex include\ [A-Z]|def\ [a-z]|\ do$ ->>0 regex \^[\ \t]*end([\ \t]*[;#].*)?$ Ruby script text +0 regex \^[[:space:]]*require[[:space:]]'[A-Za-z_/]+' +>0 regex def\ [a-z]|\ do$ +>>&0 regex \^[[:space:]]*end([[:space:]]+[;#].*)?$ Ruby script text +!:strength + 30 !:mime text/x-ruby -0 regex \^[\ \t]*(class|module)[\ \t][A-Z] +0 regex \^[[:space:]]*(class|module)[[:space:]][A-Z] >0 regex (modul|includ)e\ [A-Z]|def\ [a-z] ->>0 regex \^[\ \t]*end([\ \t]*[;#].*)?$ Ruby module source text +>>&0 regex \^[[:space:]]*end([[:space:]]+[;#].*)?$ Ruby script text +!:strength + 30 !:mime text/x-ruby +# Classes with no modules or defs, beats simple ASCII +0 regex \^[[:space:]]*(class|module)[[:space:]][A-Z] +>&0 regex \^[[:space:]]*end([[:space:]]+[;#if].*)?$ Ruby script text +!:strength + 10 +!:mime text/x-ruby +# Looks for function definition to balance python magic +# def name (args) +# end +0 regex \^[[:space:]]*def\ [a-z]|def\ [[:alpha:]]+::[a-z] +>&0 regex \^[[:space:]]*end([[:space:]]+[;#].*)?$ Ruby script text +!:strength + 10 +!:mime text/x-ruby + +0 regex \^[[:space:]]*require[[:space:]]'[A-Za-z_/]+' Ruby script text +!:mime text/x-ruby +0 regex \^[[:space:]]*include\ ([A-Z]+[a-z]*(::))+ Ruby script text +!:mime text/x-ruby --- contrib/file/magic/Magdir/sccs.orig +++ contrib/file/magic/Magdir/sccs @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: sccs,v 1.6 2009/09/19 16:28:12 christos Exp $ +# $File: sccs,v 1.7 2017/03/17 21:35:28 christos Exp $ # sccs: file(1) magic for SCCS archives # # SCCS archive structure: @@ -17,6 +17,6 @@ # Maybe we should just switch everybody from SCCS to RCS! # Further, you can't just say '\001h0', because the five-digit number # is a checksum that could (presumably) have any leading digit, -# and we don't have regular expression matching yet. +# and we don't have regular expression matching yet. # Hence the following official kludge: 8 string \001s\ SCCS archive data --- contrib/file/magic/Magdir/scientific.orig +++ contrib/file/magic/Magdir/scientific @@ -1,7 +1,7 @@ #------------------------------------------------------------------------------ -# $File: scientific,v 1.10 2015/08/24 05:18:55 christos Exp $ -# scientific: file(1) magic for scientific formats +# $File: scientific,v 1.12 2017/03/17 22:20:22 christos Exp $ +# scientific: file(1) magic for scientific formats # # From: Joe Krahn @@ -90,7 +90,7 @@ # format DD-MMM-YY, e.g., 01-JAN-70, and the IDcode consists of numbers and # uppercase letters. However, examples have been seen without the date string, # e.g., the example on the chemime site. -0 string HEADER\ \ \ \ +0 string HEADER\ \ \ \040 >&0 regex/1l \^.{40} >>&0 regex/1l [0-9]{2}-[A-Z]{3}-[0-9]{2}\ {3} >>>&0 regex/1ls [A-Z0-9]{4}.{14}$ --- contrib/file/magic/Magdir/sendmail.orig +++ contrib/file/magic/Magdir/sendmail @@ -1,14 +1,31 @@ #------------------------------------------------------------------------------ -# $File: sendmail,v 1.7 2009/09/19 16:28:12 christos Exp $ +# $File: sendmail,v 1.10 2017/08/13 00:21:47 christos Exp $ # sendmail: file(1) magic for sendmail config files # # XXX - byte order? # -0 byte 046 Sendmail frozen configuration ->16 string >\0 - version %s -0 short 0x271c Sendmail frozen configuration ->16 string >\0 - version %s +# Update: Joerg Jenderek +# GRR: this test is too general as it catches also +# READ.ME.FIRST.AWP Sendmail frozen configuration +# - version ====|====|====|====|====|====|====|====|====|====|====|====|=== +# Email_23_f217153422.ts Sendmail frozen configuration +# - version \330jK\354 +0 byte 046 +# http://www.sendmail.com/sm/open_source/docs/older_release_notes/ +# freezed configuration file (dbm format?) created from sendmal.cf with -bz +# by older sendmail. til version 8.6 support for frozen configuration files is removed +# valid version numbers look like "7.14.4" and should be similar to output of commands +# "sendmail -d0 -bt < /dev/null |grep -i Version" or "egrep '^DZ' /etc/sendmail.cf" +>16 regex/s =^[0-78][0-9.]{4} Sendmail frozen configuration +# normally only /etc/sendmail.fc or /var/adm/sendmail/sendmail.fc +!:ext fc +>>16 string >\0 - version %s +0 short 0x271c +# look for valid version number +>16 regex/s =^[0-78][0-9.]{4} Sendmail frozen configuration +!:ext fc +>>16 string >\0 - version %s #------------------------------------------------------------------------------ # sendmail: file(1) magic for sendmail m4(1) files --- contrib/file/magic/Magdir/sequent.orig +++ contrib/file/magic/Magdir/sequent @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: sequent,v 1.12 2014/08/16 16:07:12 christos Exp $ +# $File: sequent,v 1.13 2017/03/17 21:35:28 christos Exp $ # sequent: file(1) magic for Sequent machines # # Sequent information updated by Don Dwiggins . @@ -33,9 +33,9 @@ # http://en.wikipedia.org/wiki/Sequent_Computer_Systems # below test line conflicts with MS-DOS 2.11 floppies and Acronis loader #0 leshort 0x42eb SYMMETRY i386 standalone executable -0 leshort 0x42eb +0 leshort 0x42eb # skip unlike negative version ->124 lelong >-1 +>124 lelong >-1 # assuming version 28867614 is very low probable >>124 lelong !28867614 SYMMETRY i386 standalone executable >>>16 lelong >0 not stripped --- contrib/file/magic/Magdir/sgml.orig +++ contrib/file/magic/Magdir/sgml @@ -1,16 +1,20 @@ -#------------------------------------------------------------------------------ # $File: sgml,v 1.32 2015/07/11 15:08:53 christos Exp $ + +#------------------------------------------------------------------------------ +# $File: sgml,v 1.37 2017/07/23 08:23:33 christos Exp $ # Type: SVG Vectorial Graphics # From: Noel Torres -0 string \15 string >\0 +0 string \14 regex ['"\ \t]*[0-9.]+['"\ \t]* >>19 search/4096 \>19 search/4096 \>19 search/4096 \ -0 string \15 string >\0 +0 string \14 regex ['"\ \t]*[0-9.]+['"\ \t]* >>19 search/4096 \ HTML document text !:mime text/html !:strength + 5 @@ -88,25 +98,25 @@ # Extensible markup language (XML), a subset of SGML # from Marc Prud'hommeaux (marc@apocalypse.org) 0 search/1/cwt \15 string/t >\0 %.3s document text >>23 search/1 \>24 search/1 \49124 belong <47104 -#>>49128 belong <47104 -#>>>49132 belong <47104 -#>>>>49136 belong <47104 QL OS dump data, -#>>>>>49148 string >\0 type %.3s, -#>>>>>49142 string >\0 version %.4s +0 belong =0x30000 +>49124 belong <47104 +>>49128 belong <47104 +>>>49132 belong <47104 +>>>>49136 belong <47104 QL OS dump data, +>>>>>49148 string >\0 type %.3s, +>>>>>49142 string >\0 version %.4s # Sinclair QL firmware executables (ThMO) 0 string NqNqNq`\004 QL firmware executable (BCPL) --- contrib/file/magic/Magdir/sketch.orig +++ contrib/file/magic/Magdir/sketch @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: sketch,v 1.4 2009/09/19 16:28:12 christos Exp $ -# Sketch Drawings: http://sketch.sourceforge.net/ +# $File: sketch,v 1.5 2017/03/17 21:35:28 christos Exp $ +# Sketch Drawings: http://sketch.sourceforge.net/ # From: Edwin Mons 0 search/1 ##Sketch Sketch document text --- contrib/file/magic/Magdir/sql.orig +++ contrib/file/magic/Magdir/sql @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: sql,v 1.15 2014/04/30 21:41:02 christos Exp $ +# $File: sql,v 1.21 2017/03/17 21:35:28 christos Exp $ # sql: file(1) magic for SQL files # # From: "Marty Leisner" @@ -10,28 +10,70 @@ # 0 beshort 0xfe01 MySQL table definition file >2 byte x Version %d +>3 byte 0 \b, type UNKNOWN +>3 byte 1 \b, type DIAM_ISAM +>3 byte 2 \b, type HASH +>3 byte 3 \b, type MISAM +>3 byte 4 \b, type PISAM +>3 byte 5 \b, type RMS_ISAM +>3 byte 6 \b, type HEAP +>3 byte 7 \b, type ISAM +>3 byte 8 \b, type MRG_ISAM +>3 byte 9 \b, type MYISAM +>3 byte 10 \b, type MRG_MYISAM +>3 byte 11 \b, type BERKELEY_DB +>3 byte 12 \b, type INNODB +>3 byte 13 \b, type GEMINI +>3 byte 14 \b, type NDBCLUSTER +>3 byte 15 \b, type EXAMPLE_DB +>3 byte 16 \b, type CSV_DB +>3 byte 17 \b, type FEDERATED_DB +>3 byte 18 \b, type BLACKHOLE_DB +>3 byte 19 \b, type PARTITION_DB +>3 byte 20 \b, type BINLOG +>3 byte 21 \b, type SOLID +>3 byte 22 \b, type PBXT +>3 byte 23 \b, type TABLE_FUNCTION +>3 byte 24 \b, type MEMCACHE +>3 byte 25 \b, type FALCON +>3 byte 26 \b, type MARIA +>3 byte 27 \b, type PERFORMANCE_SCHEMA +>3 byte 127 \b, type DEFAULT +>0x0033 ulong x \b, MySQL version %d +0 belong&0xffffff00 0xfefe0500 MySQL ISAM index file +>3 byte x Version %d +0 belong&0xffffff00 0xfefe0600 MySQL ISAM compressed data file +>3 byte x Version %d 0 belong&0xffffff00 0xfefe0700 MySQL MyISAM index file >3 byte x Version %d +>14 beshort x \b, %d key parts +>16 beshort x \b, %d unique key parts +>18 byte x \b, %d keys +>28 bequad x \b, %lld records +>36 bequad x \b, %lld deleted records 0 belong&0xffffff00 0xfefe0800 MySQL MyISAM compressed data file >3 byte x Version %d 0 belong&0xffffff00 0xfefe0900 MySQL Maria index file >3 byte x Version %d -0 belong&0xffffff00 0xfefe0A00 MySQL Maria compressed data file +0 belong&0xffffff00 0xfefe0a00 MySQL Maria compressed data file >3 byte x Version %d -0 belong&0xffffff00 0xfefe0500 MySQL ISAM index file ->3 byte x Version %d -0 belong&0xffffff00 0xfefe0600 MySQL ISAM compressed data file ->3 byte x Version %d -0 string \376bin MySQL replication log -0 belong&0xffffff00 0xfefe0b00 ->4 string MARIALOG MySQL Maria transaction log file ->>3 byte x Version %d 0 belong&0xffffff00 0xfefe0c00 >4 string MACF MySQL Maria control file >>3 byte x Version %d +0 string \376bin MySQL replication log, +>9 long x server id %d +>8 byte 1 +>>13 long 69 \b, MySQL V3.2.3 +>>>19 string x \b, server version %s +>>13 long 75 \b, MySQL V4.0.2-V4.1 +>>>25 string x \b, server version %s +>8 byte 15 MySQL V5+, +>>25 string x server version %s +>4 string MARIALOG MySQL Maria transaction log file +>>3 byte x Version %d #------------------------------------------------------------------------------ -# iRiver H Series database file +# iRiver H Series database file # From Ken Guest # As observed from iRivNavi.iDB and unencoded firmware # @@ -54,21 +96,32 @@ # at offset 68 that is preferred over "user version" for indicating the # associated application. # -0 string SQLite\ format\ 3 ->60 belong =0x5f4d544e Monotone source repository - SQLite3 database ->68 belong =0x0f055112 Fossil checkout - SQLite3 database ->68 belong =0x0f055113 Fossil global configuration - SQLite3 database ->68 belong =0x0f055111 Fossil repository - SQLite3 database ->68 belong =0x42654462 Bentley Systems BeSQLite Database - SQLite3 database ->68 belong =0x42654c6e Bentley Systems Localization File - SQLite3 database ->68 belong =0x47504b47 OGC GeoPackage file - SQLite3 database ->68 default x SQLite 3.x database +0 string SQLite\ format\ 3 SQLite 3.x database +!:mime application/x-sqlite3 +# seldom found extension sqlite3 like in SyncData.sqlite3 +# db +# Avira Antivir use extension "dbe" like in avevtdb.dbe, avguard_tchk.dbe +# Unfortunately extension sqlite also used for other databases starting with string +# "TTCONTAINER" like in tracks.sqlite contentconsumer.sqlite contentproducerrepository.sqlite +# and with string "ZV-zlib" in like extra.sqlite +!:ext sqlite/sqlite3/db/dbe +>60 belong =0x5f4d544e (Monotone source repository) +>68 belong =0x0f055112 (Fossil checkout) +>68 belong =0x0f055113 (Fossil global configuration) +>68 belong =0x0f055111 (Fossil repository) +>68 belong =0x42654462 (Bentley Systems BeSQLite Database) +>68 belong =0x42654c6e (Bentley Systems Localization File) +>68 belong =0x47504b47 (OGC GeoPackage file) +>68 default x >>68 belong !0 \b, application id %u >>60 belong !0 \b, user version %d +>96 belong x \b, last written using SQLite version %d + # SQLite Write-Ahead Log from SQLite version >= 3.7.0 # http://www.sqlite.org/fileformat.html#walformat 0 belong&0xfffffffe 0x377f0682 SQLite Write-Ahead Log, +!:ext sqlite-wal/db-wal >4 belong x version %d # SQLite Rollback Journal @@ -76,8 +129,13 @@ 0 string \xd9\xd5\x05\xf9\x20\xa1\x63\xd7 SQLite Rollback Journal # Panasonic channel list database svl.bin or svl.db added by Joerg Jenderek -# http://www.ullrich.es/job/service-menue/panasonic/panasonic-sendersortierung-sat-am-pc/ -# pceditor_V2003.jar -0 string PSDB\0 Panasonic channel list database ->126 string SQLite\ format\ 3 ->>&-15 indirect x \b; contains +# https://github.com/PredatH0r/ChanSort +0 string PSDB\0 Panasonic channel list DataBase +!:ext db/bin +#!:mime application/x-db-svl-panasonic +>126 string SQLite\ format\ 3 +#!:mime application/x-panasonic-sqlite3 +>>&-15 indirect x \b; contains + +# H2 Database from http://www.h2database.com/ +0 string --\ H2\ 0.5/B\ --\ \n H2 Database file --- contrib/file/magic/Magdir/ssl.orig +++ contrib/file/magic/Magdir/ssl @@ -1,8 +1,20 @@ + +#------------------------------------------------------------------------------ +# $File: ssl,v 1.4 2017/01/22 21:14:25 christos Exp $ +# ssl: file(1) magic for SSL file formats + # Type: OpenSSL certificates/key files # From: Nicolas Collignon -0 string -----BEGIN\ CERTIFICATE----- PEM certificate -0 string -----BEGIN\ CERTIFICATE\ REQ PEM certificate request -0 string -----BEGIN\ RSA\ PRIVATE PEM RSA private key -0 string -----BEGIN\ DSA\ PRIVATE PEM DSA private key -0 string -----BEGIN\ EC\ PRIVATE PEM EC private key +0 string -----BEGIN\040CERTIFICATE----- PEM certificate +0 string -----BEGIN\040CERTIFICATE\040REQ PEM certificate request +0 string -----BEGIN\040RSA\040PRIVATE PEM RSA private key +0 string -----BEGIN\040DSA\040PRIVATE PEM DSA private key +0 string -----BEGIN\040EC\040PRIVATE PEM EC private key +0 string -----BEGIN\040ECDSA\040PRIVATE PEM ECDSA private key + +# From Luc Gommans +# OpenSSL enc file (recognized by a magic string preceding the password's salt) +0 string Salted__ openssl enc'd data with salted password +# Using the -a or -base64 option, OpenSSL will base64-encode the data. +0 string U2FsdGVkX19 openssl enc'd data with salted password, base64 encoded --- contrib/file/magic/Magdir/sysex.orig +++ contrib/file/magic/Magdir/sysex @@ -1,6 +1,6 @@ #------------------------------------------------------------------------ -# $File: sysex,v 1.8 2014/06/03 19:17:27 christos Exp $ +# $File: sysex,v 1.9 2017/03/17 21:35:28 christos Exp $ # sysex: file(1) magic for MIDI sysex files # # GRR: original 1 byte test at offset was too general as it catches also many FATs of DOS filesystems @@ -256,7 +256,7 @@ >1 belong&0xffffff00 0x00011d00 Nemesys >1 belong&0xffffff00 0x00011e00 DBX >1 belong&0xffffff00 0x00011f00 Syndyne ->1 belong&0xffffff00 0x00012000 Bitheadz +>1 belong&0xffffff00 0x00012000 Bitheadz >1 belong&0xffffff00 0x00012100 Cakewalk >1 belong&0xffffff00 0x00012200 Staccato >1 belong&0xffffff00 0x00012300 National Semicon. --- contrib/file/magic/Magdir/terminfo.orig +++ contrib/file/magic/Magdir/terminfo @@ -1,10 +1,51 @@ #------------------------------------------------------------------------------ -# $File: terminfo,v 1.6 2009/09/19 16:28:12 christos Exp $ +# $File: terminfo,v 1.9 2017/04/28 16:28:58 christos Exp $ # terminfo: file(1) magic for terminfo # -# XXX - byte order for screen images? +# URL: http://invisible-island.net/ncurses/man/term.5.html +# URL: http://invisible-island.net/ncurses/man/scr_dump.5.html # -0 string \032\001 Compiled terminfo entry -0 short 0433 Curses screen image -0 short 0434 Curses screen image +# Workaround for Targa image type by Joerg Jenderek +# GRR: line below too general as it catches also +# Targa image type 1 with 26 long identification field +# and HELP.DSK +0 string \032\001 +# 5th character of terminal name list, but not Targa image pixel size (15 16 24 32) +>16 ubyte >32 +# namelist, if more than 1 separated by "|" like "st|stterm| simpleterm 0.4.1" +>>12 regex \^[a-zA-Z0-9][a-zA-Z0-9.][^|]* Compiled terminfo entry "%-s" +!:mime application/x-terminfo +# no extension +#!:ext +# +# While the compiled terminfo uses little-endian format irregardless of +# platform, SystemV screen dumps do not. They came later, and that detail was +# overlooked. +# +# AIX and HPUX use the SVr4 big-endian format +# Solaris uses the SVr3 formats (sparc and x86 differ endian-ness) +0 beshort 0433 SVr2 curses screen image, big-endian +0 beshort 0434 SVr3 curses screen image, big-endian +0 beshort 0435 SVr4 curses screen image, big-endian +# +0 leshort 0433 SVr2 curses screen image, little-endian +0 leshort 0434 SVr3 curses screen image, little-endian +0 leshort 0435 SVr4 curses screen image, little-endian +# +# Rather than SVr4, Solaris "xcurses" writes this header: +0 regex \^MAX=[0-9]+,[0-9]+$ +>1 regex \^BEG=[0-9]+,[0-9]+$ +>2 regex \^SCROLL=[0-9]+,[0-9]+$ +>3 regex \^VMIN=[0-9]+$ +>4 regex \^VTIME=[0-9]+$ +>5 regex \^FLAGS=0x[[:xdigit:]]+$ +>6 regex \^FG=[0-9],[0-9]+$ +>7 regex \^BG=[0-9]+,[0-9]+, Solaris xcurses screen image +# +# ncurses5 (and before) did not use a magic number, making screen dumps "data". +# ncurses6 (2015) uses this format, ignoring byte-order +0 string \210\210\210\210ncurses ncurses6 screen image +# +# PDCurses added this in 2005 +0 string PDC\001 PDCurses screen image --- contrib/file/magic/Magdir/vacuum-cleaner.orig +++ contrib/file/magic/Magdir/vacuum-cleaner @@ -0,0 +1,54 @@ + +#------------------------------------------------------------------------------ +# $File: vacuum-cleaner,v 1.1 2015/11/14 13:38:35 christos Exp $ +# vacuum cleaner magic by Thomas M. Ott (ThMO) +# +# navigation map for LG robot vacuum cleaner models VR62xx, VR64xx, VR63xx +# file: MAPDATAyyyymmddhhmmss_xxxxxx_cc.blk +# -> yyyymmdd: year, month, day of cleaning +# -> hhmmss: hour, minute, second of cleaning +# -> xxxxxx: 6 digits +# -> cc: cleaning runs counter +# size: 136044 bytes +# +# struct maphdr { +# int32_t map_cnt; /* 0: single map */ +# int32_t min_ceil; /* 4: 100 mm == 10 cm == min. ceil */ +# int32_t max_ceil; /* 8: 10000 mm == 100 m == max. ceil */ +# int32_t max_climb; /* 12: 50 mm = 5 cm == max. height to climb */ +# int32_t unknown; /* 16: 50000 ??? */ +# int32_t cell_bytes; /* 20: # of bytes for cells per block */ +# int32_t block_max; /* 24: 1000 == max. # of blocks */ +# int32_t route_max; /* 28: 1000 == max. # of routes */ +# int32_t used_blocks; /* 32: 5/45/33/... == # of block entries used! */ +# int32_t cell_dim; /* 36: 10 == cell dimension */ +# int32_t clock_tick; /* 40: 100 == clock ticks */ +# #if 0 +# struct { /* 44: 1000 blocks for 10x10 cells */ +# int32_t yoffset; +# int32_t xoffset; +# int32_t posxy; +# int32_t timecode; +# } blocks[ 1000]; +# char cells[ 1000* 100]; /* 16044: 1000 10x10 cells */ +# int16_t routes[ 1000* 10]; /* 116044: 1000 10-routes */ +# #endif +# }; + +0 lelong =1 +>4 lelong =100 +>>8 lelong =10000 +>>>12 lelong =50 +>>>>16 lelong =50000 +>>>>>20 lelong =100 +>>>>>>24 lelong =1000 +>>>>>>>28 lelong =1000 +>>>>>>>>36 lelong =10 +>>>>>>>>>40 lelong =100 +>>>>>>>>>>32 lelong x LG robot VR6[234]xx %dm^2 navigation +>>>>>>>>>>136040 lelong =-1 reuse map data +>>>>>>>>>>136040 lelong =0 map data +>>>>>>>>>>136040 lelong >0 spurious map data +>>>>>>>>>>136040 lelong <-1 spurious map data + + --- contrib/file/magic/Magdir/vms.orig +++ contrib/file/magic/Magdir/vms @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: vms,v 1.9 2014/08/17 13:47:59 christos Exp $ +# $File: vms,v 1.10 2017/03/17 21:35:28 christos Exp $ # vms: file(1) magic for VMS executables (experimental) # # VMS .exe formats, both VAX and AXP (Greg Roelofs, newt@uchicago.edu) @@ -25,6 +25,6 @@ # 00040 00 00 00 00 ff ff ff ff ff ff ff ff 02 00 00 00 ................ # # GRR this test is still too general as it catches example adressen.dbt -0 belong 0x03000000 +0 belong 0x03000000 >8 ubelong 0xec020000 VMS Alpha executable >>75264 string PK\003\004 \b, Info-ZIP SFX archive v5.12 w/decryption --- contrib/file/magic/Magdir/vmware.orig +++ contrib/file/magic/Magdir/vmware @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: vmware,v 1.7 2009/09/19 16:28:13 christos Exp $ +# $File: vmware,v 1.8 2017/03/17 21:35:28 christos Exp $ # VMware specific files (deducted from version 1.1 and log file entries) # Anthon van der Neut (anthon@mnt.org) -0 belong 0x4d52564e VMware nvram +0 belong 0x4d52564e VMware nvram --- contrib/file/magic/Magdir/vorbis.orig +++ contrib/file/magic/Magdir/vorbis @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: vorbis,v 1.22 2015/03/28 15:14:55 christos Exp $ +# $File: vorbis,v 1.23 2017/03/17 21:35:28 christos Exp $ # vorbis: file(1) magic for Ogg/Vorbis files # # From Felix von Leitner @@ -95,7 +95,7 @@ # in a different place, so we must use an indirect offset. >>>(84.b+85) string \x03vorbis >>>>(84.b+96) string/c Xiphophorus\ libVorbis\ I \b, created by: Xiphophorus libVorbis I ->>>>>(84.b+120) string >00000000 +>>>>>(84.b+120) string >00000000 # Map to beta version numbers: >>>>>>(84.b+120) string <20000508 (>>>>>(84.b+120) string 20000508 (1.0 beta 1 or beta 2) @@ -117,7 +117,7 @@ >>>>>>(84.b+120) string >20011231 (pre-1.0 CVS) # For the 1.0 release, Xiphophorus is replaced by Xiph.Org >>>>(84.b+96) string/c Xiph.Org\ libVorbis\ I \b, created by: Xiph.Org libVorbis I ->>>>>(84.b+117) string >00000000 +>>>>>(84.b+117) string >00000000 >>>>>>(84.b+117) string <20020717 (pre-1.0 CVS) >>>>>>(84.b+117) string 20020717 (1.0) >>>>>>(84.b+117) string 20030909 (1.0.1) @@ -128,13 +128,13 @@ !:mime audio/ogg >>>36 ubyte >0x0F UNKNOWN VERSION %u, >>>36 ubyte &0x0F version 0.%d ->>>>46 ubyte >1 +>>>>46 ubyte >1 >>>>>46 ubyte !255 unknown channel mapping family %u, >>>>>37 ubyte x %u channels >>>>46 ubyte 0 >>>>>37 ubyte 1 mono >>>>>37 ubyte 2 stereo ->>>>46 ubyte 1 +>>>>46 ubyte 1 >>>>>37 ubyte 1 mono >>>>>37 ubyte 2 stereo >>>>>37 ubyte 3 linear surround --- contrib/file/magic/Magdir/webassembly.orig +++ contrib/file/magic/Magdir/webassembly @@ -0,0 +1,15 @@ +#------------------------------------------------------------------------------ +# $File: webassembly,v 1.2 2017/05/02 14:05:29 christos Exp $ +# webassembly: file(1) magic for WebAssembly modules +# +# WebAssembly is a virtual architecture developed by a W3C Community +# Group at http://webassembly.org/. The file extension is .wasm, and +# the MIME type is application/wasm. +# +# http://webassembly.org/docs/binary-encoding/ is the main +# document describing the binary format. +# From: Pip Cet and Joel Martin + +0 string \0asm WebAssembly (wasm) binary module +>4 lelong =1 version %#x (MVP) +>4 lelong >1 version %#x --- contrib/file/magic/Magdir/windows.orig +++ contrib/file/magic/Magdir/windows @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: windows,v 1.12 2015/08/29 07:10:35 christos Exp $ +# $File: windows,v 1.16 2017/03/17 22:20:22 christos Exp $ # windows: file(1) magic for Microsoft Windows # # This file is mainly reserved for files where programs @@ -29,7 +29,7 @@ # Created by: Andreas Schuster (http://computer.forensikblog.de/) # Reference (1): http://computer.forensikblog.de/en/2008/02/64bit_magic.html # Modified by (1): Abel Cheung (Avoid match with first 4 bytes only) -0 string PAGE +0 string PAGE >4 string DUMP MS Windows 32bit crash dump >>0x05c byte 0 \b, no PAE >>0x05c byte 1 \b, PAE @@ -64,18 +64,156 @@ # Summary: Old format help files -# Extension: .hlp +# URL: https://en.wikipedia.org/wiki/WinHelp +# Reference: http://www.oocities.org/mwinterhoff/helpfile.htm +# Update: Joerg Jenderek # Created by: Dirk Jagdmann -0 lelong 0x00035f3f MS Windows 3.x help file +# +# check and then display version and date inside MS Windows HeLP file fragment +0 name help-ver-date +# look for Magic of SYSTEMHEADER +>0 leshort 0x036C +# version Major 1 for right file fragment +>>4 leshort 1 Windows +# print non empty string above to avoid error message +# Warning: Current entry does not yet have a description for adding a MIME type +!:mime application/winhelp +!:ext hlp +# version Minor of help file format is hint for windows version +>>>2 leshort 0x0F 3.x +>>>2 leshort 0x15 3.0 +>>>2 leshort 0x21 3.1 +>>>2 leshort 0x27 x.y +>>>2 leshort 0x33 95 +>>>2 default x y.z +>>>>2 leshort x 0x%x +# to complete message string like "MS Windows 3.x help file" +>>>2 leshort x help +# GenDate often older than file creation date +>>>6 ldate x \b, %s +# +# Magic for HeLP files +0 lelong 0x00035f3f +# ./windows (version 5.25) labeled the entry as "MS Windows 3.x help file" +# file header magic 0x293B at DirectoryStart+9 +>(4.l+9) uleshort 0x293B MS +# look for @VERSION bmf.. like IBMAVW.ANN +>>0xD4 string =\x62\x6D\x66\x01\x00 Windows help annotation +!:mime application/x-winhelp +!:ext ann +>>0xD4 string !\x62\x6D\x66\x01\x00 +# "GID Help index" by TrID +>>>(4.l+0x65) string =|Pete Windows help Global Index +!:mime application/x-winhelp +!:ext gid +# HeLP Bookmark or +# "Windows HELP File" by TrID +>>>(4.l+0x65) string !|Pete +# maybe there exist a cleaner way to detect HeLP fragments +# brute search for Magic 0x036C with matching Major maximal 7 iterations +# discapp.hlp +>>>>16 search/0x49AF/s \x6c\x03 +>>>>>&0 use help-ver-date +>>>>>&4 leshort !1 +# putty.hlp +>>>>>>&0 search/0x69AF/s \x6c\x03 +>>>>>>>&0 use help-ver-date +>>>>>>>&4 leshort !1 +>>>>>>>>&0 search/0x49AF/s \x6c\x03 +>>>>>>>>>&0 use help-ver-date +>>>>>>>>>&4 leshort !1 +>>>>>>>>>>&0 search/0x49AF/s \x6c\x03 +>>>>>>>>>>>&0 use help-ver-date +>>>>>>>>>>>&4 leshort !1 +>>>>>>>>>>>>&0 search/0x49AF/s \x6c\x03 +>>>>>>>>>>>>>&0 use help-ver-date +>>>>>>>>>>>>>&4 leshort !1 +>>>>>>>>>>>>>>&0 search/0x49AF/s \x6c\x03 +>>>>>>>>>>>>>>>&0 use help-ver-date +>>>>>>>>>>>>>>>&4 leshort !1 +>>>>>>>>>>>>>>>>&0 search/0x49AF/s \x6c\x03 +# GCC.HLP is detected after 7 iterations +>>>>>>>>>>>>>>>>>&0 use help-ver-date +# this only happens if bigger hlp file is detected after used search iterations +>>>>>>>>>>>>>>>>>&4 leshort !1 Windows y.z help +!:mime application/winhelp +!:ext hlp +# repeat search again or following default line does not work +>>>>16 search/0x49AF/s \x6c\x03 +# remaining files should be HeLP Bookmark WinHlp32.BMK (XP 32-bit) or WinHlp32 (Windows 8.1 64-bit) +>>>>16 default x Windows help Bookmark +!:mime application/x-winhelp +!:ext /bmk +## FirstFreeBlock normally FFFFFFFFh 10h for *ANN +##>>8 lelong x \b, FirstFreeBlock 0x%8.8x +# EntireFileSize +>>12 lelong x \b, %d bytes +## ReservedSpace normally 042Fh AFh for *.ANN +#>>(4.l) lelong x \b, ReservedSpace 0x%8.8x +## UsedSpace normally 0426h A6h for *.ANN +#>>(4.l+4) lelong x \b, UsedSpace 0x%8.8x +## FileFlags normally 04... +#>>(4.l+5) lelong x \b, FileFlags 0x%8.8x +## file header magic 0x293B +#>>(4.l+9) uleshort x \b, file header magic 0x%4.4x +## file header Flags 0x0402 +#>>(4.l+11) uleshort x \b, file header Flags 0x%4.4x +## file header PageSize 0400h 80h for *.ANN +#>>(4.l+13) uleshort x \b, PageSize 0x%4.4x +## Structure[16] z4 +#>>(4.l+15) string >\0 \b, Structure_"%-.16s" +## MustBeZero 0 +#>>(4.l+31) uleshort x \b, MustBeZero 0x%4.4x +## PageSplits +#>>(4.l+33) uleshort x \b, PageSplits 0x%4.4x +## RootPage +#>>(4.l+35) uleshort x \b, RootPage 0x%4.4x +## MustBeNegOne 0xffff +#>>(4.l+37) uleshort x \b, MustBeNegOne 0x%4.4x +## TotalPages 1 +#>>(4.l+39) uleshort x \b, TotalPages 0x%4.4x +## NLevels 0x0001 +#>>(4.l+41) uleshort x \b, NLevels 0x%4.4x +## TotalBtreeEntries +#>>(4.l+43) ulelong x \b, TotalBtreeEntries 0x%8.8x +## pages of the B+ tree +#>>(4.l+47) ubequad x \b, PageStart 0x%16.16llx +# start with colon or semicolon for comment line like Back2Life.cnt +0 regex \^(:|;) +# look for first keyword Base +>0 search/45 :Base +>>&0 use cnt-name +# only solution to search again from beginning , because relative offsets changes when use is called +>0 search/45 :Base +>0 default x +# look for other keyword Title like in putty.cnt +>>0 search/45 :Title +>>>&0 use cnt-name +# +# display mime type and name of Windows help Content source +0 name cnt-name +# skip space at beginning +>0 string \040 +# name without extension and greater character or name with hlp extension +>>1 regex/c \^([^\xd>]*|.*\.hlp) MS Windows help file Content, based "%s" +!:mime text/plain +!:apple ????TEXT +!:ext cnt +# +# Windows creates an full text search from hlp file, if the user clicks the "Find" tab and enables keyword indexing +0 string tfMR MS Windows help Full Text Search index +!:mime application/x-winhelp-fts +!:ext fts +>16 string >\0 for "%s" # Summary: Hyper terminal # Extension: .ht # Created by: unknown -0 string HyperTerminal\ +0 string HyperTerminal\040 >15 string 1.0\ --\ HyperTerminal\ data\ file MS Windows HyperTerminal profile -# http://ithreats.files.wordpress.com/2009/05/\ +# http://ithreats.files.wordpress.com/2009/05/\040 # lnk_the_windows_shortcut_file_format.pdf # Summary: Windows shortcut # Extension: .lnk @@ -155,7 +293,7 @@ # Extension: .reg # Submitted by: Abel Cheung 0 string REGEDIT4\r\n\r\n Windows Registry text (Win95 or above) -0 string Windows\ Registry\ Editor\ +0 string Windows\ Registry\ Editor\040 >&0 string Version\ 5.00\r\n\r\n Windows Registry text (Win2K or above) # Windows *.INF *.INI files updated by Joerg Jenderek at Apr 2013 @@ -163,10 +301,10 @@ # PR/383: remove unicode BOM because it is not portable across regex impls 0 regex/s \\`(\\r\\n|;|[[]) # left bracket in section line ->&0 search/8192 [ +>&0 search/8192 [ # http://en.wikipedia.org/wiki/Autorun.inf # http://msdn.microsoft.com/en-us/library/windows/desktop/cc144200.aspx ->>&0 regex/c \^(autorun)]\r\n +>>&0 regex/c \^(autorun)]\r\n >>>&0 ubyte =0x5b INItialization configuration !:mime application/x-wine-extension-ini # From: Pal Tamas @@ -205,31 +343,31 @@ # http://en.wikipedia.org/wiki/NTLDR Windows Boot Loader information >>&0 regex/c \^(boot\x20loader)] Windows boot.ini !:mime application/x-wine-extension-ini ->>>&0 ubyte x +>>>&0 ubyte x # http://en.wikipedia.org/wiki/CONFIG.SYS >>&0 regex/c \^(menu)]\r\n MS-DOS CONFIG.SYS # http://support.microsoft.com/kb/118579/ >>&0 regex/c \^(Paths)]\r\n MS-DOS MSDOS.SYS # VERS string unicoded case-independent ->>&0 ubequad&0xFFdfFFdfFFdfFFdf 0x0056004500520053 +>>&0 ubequad&0xFFdfFFdfFFdfFFdf 0x0056004500520053 # ION] string unicoded case-independent ->>>&0 ubequad&0xFFdfFFdfFFdfFFff 0x0049004f004e005d Windows setup INFormation +>>>&0 ubequad&0xFFdfFFdfFFdfFFff 0x0049004f004e005d Windows setup INFormation !:mime application/x-setupscript # STRI string unicoded case-independent ->>&0 ubequad&0xFFdfFFdfFFdfFFdf 0x0053005400520049 +>>&0 ubequad&0xFFdfFFdfFFdfFFdf 0x0053005400520049 # NGS] string unicoded case-independent ->>>&0 ubequad&0xFFdfFFdfFFdfFFff 0x004e00470053005D Windows setup INFormation +>>>&0 ubequad&0xFFdfFFdfFFdfFFff 0x004e00470053005D Windows setup INFormation !:mime application/x-setupscript # unknown keyword after opening bracket ->>&0 default x ->>>&0 search/8192 [ +>>&0 default x +>>>&0 search/8192 [ # version Strings FileIdentification ->>>>&0 string/c version Windows setup INFormation +>>>>&0 string/c version Windows setup INFormation !:mime application/x-setupscript # VERS string unicoded case-independent ->>>>&0 ubequad&0xFFdfFFdfFFdfFFdf 0x0056004500520053 +>>>>&0 ubequad&0xFFdfFFdfFFdfFFdf 0x0056004500520053 # ION] string unicoded case-independent ->>>>>&0 ubequad&0xFFdfFFdfFFdfFFff 0x0049004f004e005d Windows setup INFormation +>>>>>&0 ubequad&0xFFdfFFdfFFdfFFff 0x0049004f004e005d Windows setup INFormation !:mime application/x-setupscript # http://en.wikipedia.org/wiki/Initialization_file Windows Initialization File or other #>>>>&0 default x Generic INItialization configuration @@ -238,21 +376,21 @@ # Windows Precompiled INF files *.PNF added by Joerg Jenderek at Mar 2013 of _PNF_HEADER inf.h # http://read.pudn.com/downloads3/sourcecode/windows/248345/win2k/private/windows/setup/setupapi/inf.h__.htm # GRR: line below too general as it catches also PDP-11 UNIX/RT ldp -0 leshort&0xFeFe 0x0000 +0 leshort&0xFeFe 0x0000 !:strength -5 # test for unused null bits in PNF_FLAGs ->4 ulelong&0xFCffFe00 0x00000000 +>4 ulelong&0xFCffFe00 0x00000000 # only found 58h for Offset of WinDirPath immediately after _PNF_HEADER structure ->>68 ulelong >0x57 +>>68 ulelong >0x57 # test for zero high byte of InfValueBlockSize, followed by WinDirPath like # C:\WINDOWS (ASCII 0x433a5c.. , unicode 0x43003a005c..) or X:\MININT >>>(68.l-1) ubelong&0xffE0C519 =0x00400018 Windows Precompiled iNF !:mime application/x-pnf # currently only found Major Version=1 and Minor Version=1 -#>>>>0 uleshort =0x0101 +#>>>>0 uleshort =0x0101 #>>>>>1 ubyte x \b, version %u #>>>>>0 ubyte x \b.%u ->>>>0 uleshort !0x0101 +>>>>0 uleshort !0x0101 >>>>>1 ubyte x \b, version %u >>>>>0 ubyte x \b.%u # 1 ,2 (windows 98 SE) @@ -278,10 +416,10 @@ #>>>>16 ulelong x \b, InfVersionDataSize 0x%x # only found positive values lower 0x00ffFFff for InfVersionDataOffset >>>>20 ulelong x \b, at 0x%x ->>>>4 ulelong&0x00000001 =0x00000001 -# case independent: CatalogFile Class DriverVer layoutfile LayoutFile SetupClass signature Signature +>>>>4 ulelong&0x00000001 =0x00000001 +# case independent: CatalogFile Class DriverVer layoutfile LayoutFile SetupClass signature Signature >>>>>(20.l) lestring16 x "%s" ->>>>4 ulelong&0x00000001 !0x00000001 +>>>>4 ulelong&0x00000001 !0x00000001 >>>>>(20.l) string x "%s" # FILETIME is number of 100-nanosecond intervals since 1 January 1601 #>>>>24 ulequad x \b, InfVersionLastWriteTime %16.16llx @@ -297,23 +435,23 @@ #>>>>64 ulelong x \b, InfValueBlockSize 0x%x # WinDirPathOffset #>>>>68 ulelong x \b, at 0x%x ->>>>68 ulelong >0x57 ->>>>>4 ulelong&0x00000001 =0x00000001 ->>>>>>(68.l) ubequad =0x43003a005c005700 +>>>>68 ulelong >0x57 +>>>>>4 ulelong&0x00000001 =0x00000001 +>>>>>>(68.l) ubequad =0x43003a005c005700 # normally unicoded C:\Windows #>>>>>>>(68.l) lestring16 x \b, WinDirPath "%s" ->>>>>>(68.l) ubequad !0x43003a005c005700 +>>>>>>(68.l) ubequad !0x43003a005c005700 >>>>>>>(68.l) lestring16 x \b, WinDirPath "%s" ->>>>>4 ulelong&0x00000001 !0x00000001 +>>>>>4 ulelong&0x00000001 !0x00000001 # normally ASCII C:\WINDOWS #>>>>>>(68.l) string =C:\\WINDOWS \b, WinDirPath "%s" >>>>>>(68.l) string !C:\\WINDOWS \b, WinDirPath "%s" -# found OsLoaderPathOffset values often 0 , once 70h corelist.PNF, once 68h ASCII machine.PNF +# found OsLoaderPathOffset values often 0 , once 70h corelist.PNF, once 68h ASCII machine.PNF #>>>>72 ulelong >0 \b, at 0x%x >>>>72 ulelong >0 \b, ->>>>>4 ulelong&0x00000001 =0x00000001 +>>>>>4 ulelong&0x00000001 =0x00000001 >>>>>>(72.l) lestring16 x OsLoaderPath "%s" ->>>>>4 ulelong&0x00000001 !0x00000001 +>>>>>4 ulelong&0x00000001 !0x00000001 # seldom C:\ instead empty >>>>>>(72.l) string x OsLoaderPath "%s" # 1fdh @@ -324,15 +462,114 @@ # InfSourcePathOffset often 0 #>>>>80 ulelong >0 \b, at 0x%x >>>>80 ulelong >0 \b, ->>>>>4 ulelong&0x00000001 =0x00000001 +>>>>>4 ulelong&0x00000001 =0x00000001 >>>>>>(80.l) lestring16 x SourcePath "%s" ->>>>>4 ulelong&0x00000001 !0x00000001 +>>>>>4 ulelong&0x00000001 !0x00000001 >>>>>>(80.l) string >\0 SourcePath "%s" # OriginalInfNameOffset often 0 #>>>>84 ulelong >0 \b, at 0x%x >>>>84 ulelong >0 \b, ->>>>>4 ulelong&0x00000001 =0x00000001 +>>>>>4 ulelong&0x00000001 =0x00000001 >>>>>>(84.l) lestring16 x InfName "%s" ->>>>>4 ulelong&0x00000001 !0x00000001 +>>>>>4 ulelong&0x00000001 !0x00000001 >>>>>>(84.l) string >\0 InfName "%s" +# Summary: backup file created with utility like NTBACKUP.EXE shipped with Windows NT/2K/XP/2003 +# Extension: .bkf +# Created by: Joerg Jenderek +# URL: http://en.wikipedia.org/wiki/NTBackup +# Reference: http://laytongraphics.com/mtf/MTF_100a.PDF +# Descriptor BloCK name of Microsoft Tape Format +0 string TAPE +# Format Logical Address is zero +>20 ulequad 0 +# Reserved for MBC is zero +>>28 uleshort 0 +# Control Block ID is zero +>>>36 ulelong 0 +# BIT4-BIT15, BIT18-BIT31 of block attributes are unused +>>>>4 ulelong&0xFFfcFFe0 0 Windows NTbackup archive +#!:mime application/x-ntbackup +!:ext bkf +# OS ID +>>>>>10 ubyte 1 \b NetWare +>>>>>10 ubyte 13 \b NetWare SMS +>>>>>10 ubyte 14 \b NT +>>>>>10 ubyte 24 \b 3 +>>>>>10 ubyte 25 \b OS/2 +>>>>>10 ubyte 26 \b 95 +>>>>>10 ubyte 27 \b Macintosh +>>>>>10 ubyte 28 \b UNIX +# OS Version (2) +#>>>>>11 ubyte x OS V=%x +# MTF_CONTINUATION Media Sequence Number > 1 +#>>>>>4 ulelong&0x00000001 !0 \b, continued +# MTF_COMPRESSION +>>>>>4 ulelong&0x00000004 !0 \b, compressed +# MTF_EOS_AT_EOM End Of Medium was hit during end of set processing +>>>>>4 ulelong&0x00000008 !0 \b, End Of Medium hit +>>>>>4 ulelong&0x00020000 0 +# MTF_SET_MAP_EXISTS A Media Based Catalog Set Map may exist on tape +>>>>>>4 ulelong&0x00010000 !0 \b, with catalog +# MTF_FDD_ALLOWED However File/Directory Detail can only exist if a Set Map is also present +>>>>>4 ulelong&0x00020000 !0 \b, with file catalog +# Offset To First Event 238h,240h,28Ch +#>>>>>8 uleshort x \b, event offset %4.4x +# Displayable Size (20e0230h 20e024ch 20e0224h) +#>>>>>8 ulequad x dis. size %16.16llx +# Media Family ID (455288C4h 4570BD1Ah 45708F2Fh 4570BBF5h) +#>>>>>52 ulelong x family ID %8.8x +# TAPE Attributes (3) +#>>>>>56 ulelong x TAPE %8.8x +# Media Sequence Number +>>>>>60 uleshort >1 \b, sequence %u +# Password Encryption Algorithm (3) +>>>>>62 uleshort >0 \b, 0x%x encrypted +# Soft Filemark Block Size * 512 (2) +#>>>>>64 uleshort =2 \b, soft size %u*512 +>>>>>64 uleshort !2 \b, soft size %u*512 +# Media Based Catalog Type (1,2) +#>>>>>66 uleshort x \b, catalog type %4.4x +# size of Media Name (66,68,6Eh) +>>>>>68 uleshort >0 +# offset of Media Name (5Eh) +>>>>>>70 uleshort >0 +# 0~, 1~ANSI, 2~UNICODE +>>>>>>>48 ubyte 1 +# size terminated ansi coded string normally followed by "MTF Media Label" +>>>>>>>>(70.s) string >\0 \b, name: %s +>>>>>>>48 ubyte 2 +# Not null, but size terminated unicoded string +>>>>>>>>(70.s) lestring16 x \b, name: %s +# size of Media Label (104h) +>>>>>72 uleshort >0 +# offset of Media Label (C4h,C6h,CCh) +>>>>>74 uleshort >0 +>>>>>>48 ubyte 1 +#Tag|Version|Vendor|Vendor ID|Creation Time Stamp|Cartridge Label|Side|Media ID|Media Domain ID|Vendor Specific fields +>>>>>>>(74.s) string >\0 \b, label: %s +>>>>>>48 ubyte 2 +>>>>>>>(74.s) lestring16 x \b, label: %s +# size of password name (0,1Ch) +#>>>>>76 uleshort >0 \b, password size %4.4x +# Software Vendor ID (CBEh) +>>>>>86 uleshort x \b, software (0x%x) +# size of Software Name (6Eh) +>>>>>80 uleshort >0 +# offset of Software Name (1C8h,1CAh,1D0h) +>>>>>>82 uleshort >0 +# 1~ANSI, 2~UNICODE +>>>>>>>48 ubyte 1 +>>>>>>>>(82.s) string >\0 \b: %s +>>>>>>>48 ubyte 2 +# size terminated unicoded coded string normally followed by "SPAD" +>>>>>>>>(82.s) lestring16 x \b: %s +# Format Logical Block Size (512,1024) +#>>>>>84 uleshort =1024 \b, block size %u +>>>>>84 uleshort !1024 \b, block size %u +# Media Date of MTF_DATE_TIME type with 5 bytes +#>>>>>>88 ubequad x DATE %16.16llx +# MTF Major Version (1) +#>>>>>>93 ubyte x \b, MFT version %x +# + --- contrib/file/magic/Magdir/wordprocessors.orig +++ contrib/file/magic/Magdir/wordprocessors @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: wordprocessors,v 1.18 2013/06/03 19:07:29 christos Exp $ +# $File: wordprocessors,v 1.19 2015/10/16 15:11:07 christos Exp $ # wordprocessors: file(1) magic fo word processors. # ####### PWP file format used on Smith Corona Personal Word Processors: @@ -12,97 +12,187 @@ >25 byte 0x54 \b, legal >26 byte 0x46 \b, A4 -#WordPerfect type files Version 1.6 - PLEASE DO NOT REMOVE THIS LINE -0 string \377WPC\020\000\000\000\022\012\001\001\000\000\000\000 (WP) loadable file ->15 byte 0 Optimized for Intel ->15 byte 1 Optimized for Non-Intel -1 string WPC (Corel/WP) ->8 short 257 WordPerfect macro ->8 short 258 WordPerfect help file ->8 short 259 WordPerfect keyboard file ->8 short 266 WordPerfect document ->8 short 267 WordPerfect dictionary ->8 short 268 WordPerfect thesaurus ->8 short 269 WordPerfect block ->8 short 270 WordPerfect rectangular block ->8 short 271 WordPerfect column block ->8 short 272 WordPerfect printer data ->8 short 275 WordPerfect printer data ->8 short 276 WordPerfect driver resource data ->8 short 279 WordPerfect hyphenation code ->8 short 280 WordPerfect hyphenation data ->8 short 281 WordPerfect macro resource data ->8 short 283 WordPerfect hyphenation lex ->8 short 285 WordPerfect wordlist ->8 short 286 WordPerfect equation resource data ->8 short 289 WordPerfect spell rules ->8 short 290 WordPerfect dictionary rules ->8 short 295 WordPerfect spell rules (Microlytics) ->8 short 299 WordPerfect settings file ->8 short 301 WordPerfect 4.2 document ->8 short 325 WordPerfect dialog file ->8 short 332 WordPerfect button bar ->8 short 513 Shell macro ->8 short 522 Shell definition ->8 short 769 Notebook macro ->8 short 770 Notebook help file ->8 short 771 Notebook keyboard file ->8 short 778 Notebook definition ->8 short 1026 Calculator help file ->8 short 1538 Calendar help file ->8 short 1546 Calendar data file ->8 short 1793 Editor macro ->8 short 1794 Editor help file ->8 short 1795 Editor keyboard file ->8 short 1817 Editor macro resource file ->8 short 2049 Macro editor macro ->8 short 2050 Macro editor help file ->8 short 2051 Macro editor keyboard file ->8 short 2305 PlanPerfect macro ->8 short 2306 PlanPerfect help file ->8 short 2307 PlanPerfect keyboard file ->8 short 2314 PlanPerfect worksheet ->8 short 2319 PlanPerfect printer definition ->8 short 2322 PlanPerfect graphic definition ->8 short 2323 PlanPerfect data ->8 short 2324 PlanPerfect temporary printer ->8 short 2329 PlanPerfect macro resource data ->8 byte 11 Mail ->8 short 2818 help file ->8 short 2821 distribution list ->8 short 2826 out box ->8 short 2827 in box ->8 short 2836 users archived mailbox ->8 short 2837 archived message database ->8 short 2838 archived attachments ->8 short 3083 Printer temporary file ->8 short 3330 Scheduler help file ->8 short 3338 Scheduler in file ->8 short 3339 Scheduler out file ->8 short 3594 GroupWise settings file ->8 short 3601 GroupWise directory services ->8 short 3627 GroupWise settings file ->8 short 4362 Terminal resource data ->8 short 4363 Terminal resource data ->8 short 4395 Terminal resource data ->8 short 4619 GUI loadable text ->8 short 4620 graphics resource data ->8 short 4621 printer settings file ->8 short 4622 port definition file ->8 short 4623 print queue parameters ->8 short 4624 compressed file ->8 short 5130 Network service msg file ->8 short 5131 Network service msg file ->8 short 5132 Async gateway login msg ->8 short 5134 GroupWise message file ->8 short 7956 GroupWise admin domain database ->8 short 7957 GroupWise admin host database ->8 short 7959 GroupWise admin remote host database ->8 short 7960 GroupWise admin ADS deferment data file ->8 short 8458 IntelliTAG (SGML) compiled DTD ->8 long 18219264 WordPerfect graphic image (1.0) ->8 long 18219520 WordPerfect graphic image (2.0) -#end of WordPerfect type files Version 1.6 - PLEASE DO NOT REMOVE THIS LINE +# Corel/WordPerfect +0 string \xffWPC +# WordPerfect +>8 byte 1 +>>9 byte 1 WordPerfect macro +>>9 byte 2 WordPerfect help file +>>9 byte 3 WordPerfect keyboard file +>>9 byte 10 WordPerfect document +>>9 byte 11 WordPerfect dictionary +>>9 byte 12 WordPerfect thesaurus +>>9 byte 13 WordPerfect block +>>9 byte 14 WordPerfect rectangular block +>>9 byte 15 WordPerfect column block +>>9 byte 16 WordPerfect printer data +>>9 byte 19 WordPerfect printer data +>>9 byte 20 WordPerfect driver resource data +>>9 byte 22 WordPerfect graphic image +>>9 byte 23 WordPerfect hyphenation code +>>9 byte 24 WordPerfect hyphenation data +>>9 byte 25 WordPerfect macro resource data +>>9 byte 27 WordPerfect hyphenation lex +>>9 byte 29 WordPerfect wordlist +>>9 byte 30 WordPerfect equation resource data +>>9 byte 33 WordPerfect spell rules +>>9 byte 34 WordPerfect dictionary rules +>>9 byte 39 WordPerfect spell rules (Microlytics) +>>9 byte 43 WordPerfect settings file +>>9 byte 44 WordPerfect 3.5 document +>>9 byte 45 WordPerfect 4.2 document +>>9 byte 69 WordPerfect dialog file +>>9 byte 76 WordPerfect button bar +>>9 default x +>>>9 byte x Corel WordPerfect: Unknown filetype %d +# Corel Shell +>8 byte 2 +>>9 byte 1 Corel shell macro +>>9 byte 10 Corel shell definition +>>9 default x +>>>9 byte x Corel Shell: Unknown filetype %d +# Corel Notebook +>8 byte 3 +>>9 byte 1 Corel Notebook macro +>>9 byte 2 Corel Notebook help file +>>9 byte 3 Corel Notebook keyboard file +>>9 byte 10 Corel Notebook definition +>>9 default x +>>>9 byte x Corel Notebook: Unknown filetype %d +# Corel Calculator +>8 byte 4 +>>9 byte 2 Corel Calculator help file +>>9 default x +>>>9 byte x Corel Calculator: Unknown filetype %d +# Corel File Manager +>8 byte 5 +>>9 default x +>>>9 byte x Corel File Manager: Unknown filetype %d +# Corel Calendar +>8 byte 6 +>>9 byte 2 Corel Calendar help file +>>9 byte 10 Corel Calendar data file +>>9 default x +>>>9 byte x Corel Calendar: Unknown filetype %d +# Corel Program Editor/Ed Editor +>8 byte 7 +>>9 byte 1 Corel Editor macro +>>9 byte 2 Corel Editor help file +>>9 byte 3 Corel Editor keyboard file +>>9 byte 25 Corel Editor macro resource file +>>9 default x +>>>9 byte x Corel Program Editor/Ed Editor: Unknown filetype %d +# Corel Macro Editor +>8 byte 8 +>>9 byte 1 Corel Macro editor macro +>>9 byte 2 Corel Macro editor help file +>>9 byte 3 Corel Macro editor keyboard file +>>9 default x +>>>9 byte x Corel Macro Editor: Unknown filetype %d +# Corel Plan Perfect +>8 byte 9 +>>9 default x +>>>9 byte x Corel Plan Perfect: Unknown filetype %d +# Corel DataPerfect +>8 byte 10 +# CHECK: Don't these belong into product 9? +>>9 byte 1 Corel PlanPerfect macro +>>9 byte 2 Corel PlanPerfect help file +>>9 byte 3 Corel PlanPerfect keyboard file +>>9 byte 10 Corel PlanPerfect worksheet +>>9 byte 15 Corel PlanPerfect printer definition +>>9 byte 18 Corel PlanPerfect graphic definition +>>9 byte 19 Corel PlanPerfect data +>>9 byte 20 Corel PlanPerfect temporary printer +>>9 byte 25 Corel PlanPerfect macro resource data +>>9 default x +>>>9 byte x Corel DataPerfect: Unknown filetype %d +# Corel Mail +>8 byte 11 +>>9 byte 2 Corel Mail help file +>>9 byte 5 Corel Mail distribution list +>>9 byte 10 Corel Mail out box +>>9 byte 11 Corel Mail in box +>>9 byte 20 Corel Mail users archived mailbox +>>9 byte 21 Corel Mail archived message database +>>9 byte 22 Corel Mail archived attachments +>>9 default x +>>>9 byte x Corel Mail: Unknown filetype %d +# Corel Printer +>8 byte 12 +>>9 byte 11 Corel Printer temporary file +>>9 default x +>>>9 byte x Corel Printer: Unknown filetype %d +# Corel Scheduler +>8 byte 13 +>>9 byte 2 Corel Scheduler help file +>>9 byte 10 Corel Scheduler in file +>>9 byte 11 Corel Scheduler out file +>>9 default x +>>>9 byte x Corel Scheduler: Unknown filetype %d +# Corel WordPerfect Office +>8 byte 14 +>>9 byte 10 Corel GroupWise settings file +>>9 byte 17 Corel GroupWise directory services +>>9 byte 43 Corel GroupWise settings file +>>9 default x +>>>9 byte x Corel WordPerfect Office: Unknown filetype %d +# Corel DrawPerfect +>8 byte 15 +>>9 default x +>>>9 byte x Corel DrawPerfect: Unknown filetype %d +# Corel LetterPerfect +>8 byte 16 +>>9 default x +>>>9 byte x Corel LetterPerfect: Unknown filetype %d +# Corel Terminal +>8 byte 17 +>>9 byte 10 Corel Terminal resource data +>>9 byte 11 Corel Terminal resource data +>>9 byte 43 Corel Terminal resource data +>>9 default x +>>>9 byte x Corel Terminal: Unknown filetype %d +# Corel loadable file +>8 byte 18 +>>9 byte 10 Corel loadable file +>>9 byte 11 Corel GUI loadable text +>>9 byte 12 Corel graphics resource data +>>9 byte 13 Corel printer settings file +>>9 byte 14 Corel port definition file +>>9 byte 15 Corel print queue parameters +>>9 byte 16 Corel compressed file +>>9 default x +>>>9 byte x Corel loadable file: Unknown filetype %d +>>15 byte 0 \b, optimized for Intel +>>15 byte 1 \b, optimized for Non-Intel +# Network service +>8 byte 20 +>>9 byte 10 Corel Network service msg file +>>9 byte 11 Corel Network service msg file +>>9 byte 12 Corel Async gateway login msg +>>9 byte 14 Corel GroupWise message file +>>9 default x +>>>9 byte x Corel Network service: Unknown filetype %d +# GroupWise +>8 byte 31 +>>9 byte 20 GroupWise admin domain database +>>9 byte 21 GroupWise admin host database +>>9 byte 23 GroupWise admin remote host database +>>9 byte 24 GroupWise admin ADS deferment data file +>>9 default x +>>>9 byte x GroupWise: Unknown filetype %d +# IntelliTAG +>8 byte 33 +>>9 byte 10 IntelliTAG (SGML) compiled DTD +>>9 default x +>>>9 byte x IntelliTAG: Unknown filetype %d +# everything else +>8 default x +>>8 byte x Unknown Corel/Wordperfect product %d, +>>>9 byte x file type %d +>10 byte 0 \b, v5. +>10 byte !0 \b, v%d. +>11 byte x \b%d # Hangul (Korean) Word Processor File 0 string HWP\ Document\ File Hangul (Korean) Word Processor File 3.0 --- contrib/file/magic/Magdir/x68000.orig +++ contrib/file/magic/Magdir/x68000 @@ -0,0 +1,25 @@ +#------------------------------------------------------------------------------ +# x68000: file(1) magic for the Sharp Home Computer +# v1.0 +# Fabio R. Schmidlin + +# Yanagisawa PIC picture +0 string PIC +>3 search/0x200 \x1A +>>&0 search/0x200 \x0 +>>>&0 ubyte 0 Yanagisawa PIC image file, +>>>>&0 ubyte&15 0 model: X68000, +>>>>&0 ubyte&15 1 model: PC-88VA, +>>>>&0 ubyte&15 2 model: FM-TOWNS, +>>>>&0 ubyte&15 3 model: MAC, +>>>>&0 ubyte&15 15 model: Generic, +>>>>&3 ubeshort x %dx +>>>>&5 ubeshort x \b%d, +>>>>&1 ubeshort 4 colors: 16 +>>>>&1 ubeshort 8 colors: 256 +>>>>&1 ubeshort 12 colors: 4096 +>>>>&1 ubeshort 15 colors: 32768 +>>>>&1 ubeshort 16 colors: 65536 +>>>>&1 ubeshort >16 colors: %d-bit + + --- contrib/file/magic/Magdir/xenix.orig +++ contrib/file/magic/Magdir/xenix @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: xenix,v 1.9 2009/09/19 16:28:13 christos Exp $ +# $File: xenix,v 1.11 2017/03/17 21:35:28 christos Exp $ # xenix: file(1) magic for Microsoft Xenix # # "Middle model" stuff, and "Xenix 8086 relocatable or 80286 small @@ -12,7 +12,26 @@ # XXX - "x.out" collides with PDP-11 archives # 0 string core core file (Xenix) -0 byte 0x80 8086 relocatable (Microsoft) +# URL: http://www.polarhome.com/service/man/?qf=86rel&tf=2&of=Xenix +# Reference: http://www.azillionmonkeys.com/qed/Omfg.pdf +# Update: Joerg Jenderek +# recordtype~TranslatorHEADerRecord +0 byte 0x80 +# GRR: line above is too general as it catches also Extensible storage engine DataBase +# skip examples like GENA.SND Switch.Snd by looking for record length maximal 1024-3 +>1 uleshort <1022 +# skip examples like GAME.PICTURE Strange.Pic by looking for positiv record length +>>1 uleshort >0 +# skip examples like Xtable.Data FRACTAL.GEN SHR.VIEW by looking for positiv string length +>>>3 ubyte >0 +# skip examples like OMBRE.6 with "UUUUUU" by looking for filename like "hello.c" +>>>>4 regex [a-zA-Z_/]{1,8}[.] 8086 relocatable (Microsoft) +#!:mime application/octet-stream +!:mime application/x-object +!:ext o/a +>>>>>3 pstring x \b, "%s" +# checksum +#>>>>>(3.b+4) ubyte x \b, checksum 0x%2.2x 0 leshort 0xff65 x.out >2 string __.SYMDEF randomized >0 byte x archive @@ -35,8 +54,8 @@ >0x1c byte &0x9 286 >0x1c byte &0xa 386 >0x1f byte <0x040 small model ->0x1f byte =0x048 large model ->0x1f byte =0x049 huge model +>0x1f byte =0x048 large model +>0x1f byte =0x049 huge model >0x1e leshort &0x1 executable >0x1e leshort ^0x1 object file >0x1e leshort &0x40 Large Text --- contrib/file/magic/Magdir/xilinx.orig +++ contrib/file/magic/Magdir/xilinx @@ -1,12 +1,12 @@ #------------------------------------------------------------------------------ -# $File: xilinx,v 1.7 2014/04/30 21:41:02 christos Exp $ +# $File: xilinx,v 1.8 2017/03/17 21:35:28 christos Exp $ # This is Aaron's attempt at a MAGIC file for Xilinx .bit files. # Xilinx-Magic@RevRagnarok.com # Got the info from FPGA-FAQ 0026 # -# Rewritten to use pstring/H instead of hardcoded lengths by O. Freyermuth, -# fixes at least reading of bitfiles from Spartan 2, 3, 6. +# Rewritten to use pstring/H instead of hardcoded lengths by O. Freyermuth, +# fixes at least reading of bitfiles from Spartan 2, 3, 6. # http://www.fpga-faq.com/FAQ_Pages/0026_Tell_me_about_bit_files.htm # # First there is the sync header and its length @@ -20,7 +20,7 @@ >>>>&0 pstring/H x - from %s # And then 'b' >>>>>&1 string b -# Then the model / part number: +# Then the model / part number: >>>>>>&0 pstring/H x - for %s # Then 'c' >>>>>>>&1 string c @@ -36,5 +36,5 @@ >>>>>>>>>>>>&0 belong x - data length 0x%x # Raw bitstream files -0 long 0xffffffff +0 long 0xffffffff >&0 belong 0xaa995566 Xilinx RAW bitstream (.BIN) --- contrib/file/magic/Magdir/xwindows.orig +++ contrib/file/magic/Magdir/xwindows @@ -1,9 +1,9 @@ #------------------------------------------------------------------------------ -# $File: xwindows,v 1.9 2014/04/30 21:41:02 christos Exp $ +# $File: xwindows,v 1.10 2017/03/17 21:35:28 christos Exp $ # xwindows: file(1) magic for various X/Window system file formats. -# Compiled X Keymap +# Compiled X Keymap # XKM (compiled X keymap) files (including version and byte ordering) 1 string mkx Compiled XKB Keymap: lsb, >0 byte >0 version %d --- contrib/file/magic/Magdir/yara.orig +++ contrib/file/magic/Magdir/yara @@ -0,0 +1,17 @@ + + +#------------------------------------------------------------------------------ +# $File: yara,v 1.2 2017/05/25 20:07:23 christos Exp $ +# yara: file(1) magic for http://virustotal.github.io/yara/ +# + +0 string YARA +>4 lelong >2047 +>8 byte <20 YARA 3.x compiled rule set +# version +>>8 clear x +>>8 byte 6 created with version 3.3.0 +>>8 byte 8 created with version 3.4.0 +>>8 byte 11 created with version 3.5.0 +>>8 default x +>>>8 byte x development version 0x%02x --- contrib/file/magic/Makefile.am.orig +++ contrib/file/magic/Makefile.am @@ -1,5 +1,5 @@ # -# $File: Makefile.am,v 1.103 2015/03/17 15:15:12 christos Exp $ +# $File: Makefile.am,v 1.126 2017/08/10 11:01:38 christos Exp $ # MAGIC_FRAGMENT_BASE = Magdir MAGIC_DIR = $(top_srcdir)/magic @@ -13,6 +13,7 @@ $(MAGIC_FRAGMENT_DIR)/acorn \ $(MAGIC_FRAGMENT_DIR)/adi \ $(MAGIC_FRAGMENT_DIR)/adventure \ +$(MAGIC_FRAGMENT_DIR)/algol68 \ $(MAGIC_FRAGMENT_DIR)/allegro \ $(MAGIC_FRAGMENT_DIR)/alliant \ $(MAGIC_FRAGMENT_DIR)/amanda \ @@ -20,9 +21,12 @@ $(MAGIC_FRAGMENT_DIR)/android \ $(MAGIC_FRAGMENT_DIR)/animation \ $(MAGIC_FRAGMENT_DIR)/aout \ +$(MAGIC_FRAGMENT_DIR)/apache \ $(MAGIC_FRAGMENT_DIR)/apl \ $(MAGIC_FRAGMENT_DIR)/apple \ +$(MAGIC_FRAGMENT_DIR)/application \ $(MAGIC_FRAGMENT_DIR)/applix \ +$(MAGIC_FRAGMENT_DIR)/apt \ $(MAGIC_FRAGMENT_DIR)/archive \ $(MAGIC_FRAGMENT_DIR)/assembler \ $(MAGIC_FRAGMENT_DIR)/asterix \ @@ -29,7 +33,10 @@ $(MAGIC_FRAGMENT_DIR)/att3b \ $(MAGIC_FRAGMENT_DIR)/audio \ $(MAGIC_FRAGMENT_DIR)/basis \ +$(MAGIC_FRAGMENT_DIR)/ber \ $(MAGIC_FRAGMENT_DIR)/bflt \ +$(MAGIC_FRAGMENT_DIR)/bhl \ +$(MAGIC_FRAGMENT_DIR)/bioinformatics \ $(MAGIC_FRAGMENT_DIR)/blackberry \ $(MAGIC_FRAGMENT_DIR)/blcr \ $(MAGIC_FRAGMENT_DIR)/blender \ @@ -50,11 +57,13 @@ $(MAGIC_FRAGMENT_DIR)/clarion \ $(MAGIC_FRAGMENT_DIR)/claris \ $(MAGIC_FRAGMENT_DIR)/clipper \ +$(MAGIC_FRAGMENT_DIR)/coff \ $(MAGIC_FRAGMENT_DIR)/commands \ $(MAGIC_FRAGMENT_DIR)/communications \ $(MAGIC_FRAGMENT_DIR)/compress \ $(MAGIC_FRAGMENT_DIR)/console \ $(MAGIC_FRAGMENT_DIR)/convex \ +$(MAGIC_FRAGMENT_DIR)/coverage \ $(MAGIC_FRAGMENT_DIR)/cracklib \ $(MAGIC_FRAGMENT_DIR)/ctags \ $(MAGIC_FRAGMENT_DIR)/ctf \ @@ -62,6 +71,7 @@ $(MAGIC_FRAGMENT_DIR)/cups \ $(MAGIC_FRAGMENT_DIR)/dact \ $(MAGIC_FRAGMENT_DIR)/database \ +$(MAGIC_FRAGMENT_DIR)/der \ $(MAGIC_FRAGMENT_DIR)/diamond \ $(MAGIC_FRAGMENT_DIR)/diff \ $(MAGIC_FRAGMENT_DIR)/digital \ @@ -78,7 +88,9 @@ $(MAGIC_FRAGMENT_DIR)/esri \ $(MAGIC_FRAGMENT_DIR)/fcs \ $(MAGIC_FRAGMENT_DIR)/filesystems \ +$(MAGIC_FRAGMENT_DIR)/finger \ $(MAGIC_FRAGMENT_DIR)/flash \ +$(MAGIC_FRAGMENT_DIR)/flif \ $(MAGIC_FRAGMENT_DIR)/fonts \ $(MAGIC_FRAGMENT_DIR)/fortran \ $(MAGIC_FRAGMENT_DIR)/frame \ @@ -87,6 +99,7 @@ $(MAGIC_FRAGMENT_DIR)/fusecompress \ $(MAGIC_FRAGMENT_DIR)/games \ $(MAGIC_FRAGMENT_DIR)/gcc \ +$(MAGIC_FRAGMENT_DIR)/gconv \ $(MAGIC_FRAGMENT_DIR)/geo \ $(MAGIC_FRAGMENT_DIR)/geos \ $(MAGIC_FRAGMENT_DIR)/gimp \ @@ -94,6 +107,7 @@ $(MAGIC_FRAGMENT_DIR)/gnu \ $(MAGIC_FRAGMENT_DIR)/gnumeric \ $(MAGIC_FRAGMENT_DIR)/gpt \ +$(MAGIC_FRAGMENT_DIR)/gpu \ $(MAGIC_FRAGMENT_DIR)/grace \ $(MAGIC_FRAGMENT_DIR)/graphviz \ $(MAGIC_FRAGMENT_DIR)/gringotts \ @@ -145,6 +159,7 @@ $(MAGIC_FRAGMENT_DIR)/mercurial \ $(MAGIC_FRAGMENT_DIR)/metastore \ $(MAGIC_FRAGMENT_DIR)/meteorological \ +$(MAGIC_FRAGMENT_DIR)/microfocus \ $(MAGIC_FRAGMENT_DIR)/mime \ $(MAGIC_FRAGMENT_DIR)/mips \ $(MAGIC_FRAGMENT_DIR)/mirage \ @@ -185,6 +200,8 @@ $(MAGIC_FRAGMENT_DIR)/pascal \ $(MAGIC_FRAGMENT_DIR)/pbf \ $(MAGIC_FRAGMENT_DIR)/pbm \ +$(MAGIC_FRAGMENT_DIR)/pc88 \ +$(MAGIC_FRAGMENT_DIR)/pc98 \ $(MAGIC_FRAGMENT_DIR)/pdf \ $(MAGIC_FRAGMENT_DIR)/pdp \ $(MAGIC_FRAGMENT_DIR)/perl \ @@ -193,9 +210,11 @@ $(MAGIC_FRAGMENT_DIR)/pkgadd \ $(MAGIC_FRAGMENT_DIR)/plan9 \ $(MAGIC_FRAGMENT_DIR)/plus5 \ +$(MAGIC_FRAGMENT_DIR)/polyml \ $(MAGIC_FRAGMENT_DIR)/printer \ $(MAGIC_FRAGMENT_DIR)/project \ $(MAGIC_FRAGMENT_DIR)/psdbms \ +$(MAGIC_FRAGMENT_DIR)/psl \ $(MAGIC_FRAGMENT_DIR)/pulsar \ $(MAGIC_FRAGMENT_DIR)/pwsafe \ $(MAGIC_FRAGMENT_DIR)/pyramid \ @@ -247,6 +266,7 @@ $(MAGIC_FRAGMENT_DIR)/uterus \ $(MAGIC_FRAGMENT_DIR)/uuencode \ $(MAGIC_FRAGMENT_DIR)/varied.out \ +$(MAGIC_FRAGMENT_DIR)/vacuum-cleaner \ $(MAGIC_FRAGMENT_DIR)/varied.script \ $(MAGIC_FRAGMENT_DIR)/vax \ $(MAGIC_FRAGMENT_DIR)/vicar \ @@ -259,15 +279,18 @@ $(MAGIC_FRAGMENT_DIR)/vxl \ $(MAGIC_FRAGMENT_DIR)/warc \ $(MAGIC_FRAGMENT_DIR)/weak \ +$(MAGIC_FRAGMENT_DIR)/webassembly \ $(MAGIC_FRAGMENT_DIR)/windows \ $(MAGIC_FRAGMENT_DIR)/wireless \ $(MAGIC_FRAGMENT_DIR)/wordprocessors \ $(MAGIC_FRAGMENT_DIR)/wsdl \ +$(MAGIC_FRAGMENT_DIR)/x68000 \ $(MAGIC_FRAGMENT_DIR)/xdelta \ $(MAGIC_FRAGMENT_DIR)/xenix \ $(MAGIC_FRAGMENT_DIR)/xilinx \ $(MAGIC_FRAGMENT_DIR)/xo65 \ $(MAGIC_FRAGMENT_DIR)/xwindows \ +$(MAGIC_FRAGMENT_DIR)/yara \ $(MAGIC_FRAGMENT_DIR)/zfs \ $(MAGIC_FRAGMENT_DIR)/zilog \ $(MAGIC_FRAGMENT_DIR)/zyxel @@ -291,7 +314,7 @@ @(if expr "${FILE_COMPILE}" : '.*/.*' > /dev/null; then \ echo "Using ${FILE_COMPILE} to generate ${MAGIC}" > /dev/null; \ else \ - v=$$(file --version | sed -e s/file-// -e q); \ + v=$$(${FILE_COMPILE} --version | sed -e s/file-// -e q); \ if [ "$$v" != "${PACKAGE_VERSION}" ]; then \ echo "Cannot use the installed version of file ($$v) to"; \ echo "cross-compile file ${PACKAGE_VERSION}"; \ --- contrib/file/magic/Makefile.in.orig +++ contrib/file/magic/Makefile.in @@ -273,7 +273,7 @@ top_srcdir = @top_srcdir@ # -# $File: Makefile.am,v 1.103 2015/03/17 15:15:12 christos Exp $ +# $File: Makefile.am,v 1.126 2017/08/10 11:01:38 christos Exp $ # MAGIC_FRAGMENT_BASE = Magdir MAGIC_DIR = $(top_srcdir)/magic @@ -285,6 +285,7 @@ $(MAGIC_FRAGMENT_DIR)/acorn \ $(MAGIC_FRAGMENT_DIR)/adi \ $(MAGIC_FRAGMENT_DIR)/adventure \ +$(MAGIC_FRAGMENT_DIR)/algol68 \ $(MAGIC_FRAGMENT_DIR)/allegro \ $(MAGIC_FRAGMENT_DIR)/alliant \ $(MAGIC_FRAGMENT_DIR)/amanda \ @@ -292,9 +293,12 @@ $(MAGIC_FRAGMENT_DIR)/android \ $(MAGIC_FRAGMENT_DIR)/animation \ $(MAGIC_FRAGMENT_DIR)/aout \ +$(MAGIC_FRAGMENT_DIR)/apache \ $(MAGIC_FRAGMENT_DIR)/apl \ $(MAGIC_FRAGMENT_DIR)/apple \ +$(MAGIC_FRAGMENT_DIR)/application \ $(MAGIC_FRAGMENT_DIR)/applix \ +$(MAGIC_FRAGMENT_DIR)/apt \ $(MAGIC_FRAGMENT_DIR)/archive \ $(MAGIC_FRAGMENT_DIR)/assembler \ $(MAGIC_FRAGMENT_DIR)/asterix \ @@ -301,7 +305,10 @@ $(MAGIC_FRAGMENT_DIR)/att3b \ $(MAGIC_FRAGMENT_DIR)/audio \ $(MAGIC_FRAGMENT_DIR)/basis \ +$(MAGIC_FRAGMENT_DIR)/ber \ $(MAGIC_FRAGMENT_DIR)/bflt \ +$(MAGIC_FRAGMENT_DIR)/bhl \ +$(MAGIC_FRAGMENT_DIR)/bioinformatics \ $(MAGIC_FRAGMENT_DIR)/blackberry \ $(MAGIC_FRAGMENT_DIR)/blcr \ $(MAGIC_FRAGMENT_DIR)/blender \ @@ -322,11 +329,13 @@ $(MAGIC_FRAGMENT_DIR)/clarion \ $(MAGIC_FRAGMENT_DIR)/claris \ $(MAGIC_FRAGMENT_DIR)/clipper \ +$(MAGIC_FRAGMENT_DIR)/coff \ $(MAGIC_FRAGMENT_DIR)/commands \ $(MAGIC_FRAGMENT_DIR)/communications \ $(MAGIC_FRAGMENT_DIR)/compress \ $(MAGIC_FRAGMENT_DIR)/console \ $(MAGIC_FRAGMENT_DIR)/convex \ +$(MAGIC_FRAGMENT_DIR)/coverage \ $(MAGIC_FRAGMENT_DIR)/cracklib \ $(MAGIC_FRAGMENT_DIR)/ctags \ $(MAGIC_FRAGMENT_DIR)/ctf \ @@ -334,6 +343,7 @@ $(MAGIC_FRAGMENT_DIR)/cups \ $(MAGIC_FRAGMENT_DIR)/dact \ $(MAGIC_FRAGMENT_DIR)/database \ +$(MAGIC_FRAGMENT_DIR)/der \ $(MAGIC_FRAGMENT_DIR)/diamond \ $(MAGIC_FRAGMENT_DIR)/diff \ $(MAGIC_FRAGMENT_DIR)/digital \ @@ -350,7 +360,9 @@ $(MAGIC_FRAGMENT_DIR)/esri \ $(MAGIC_FRAGMENT_DIR)/fcs \ $(MAGIC_FRAGMENT_DIR)/filesystems \ +$(MAGIC_FRAGMENT_DIR)/finger \ $(MAGIC_FRAGMENT_DIR)/flash \ +$(MAGIC_FRAGMENT_DIR)/flif \ $(MAGIC_FRAGMENT_DIR)/fonts \ $(MAGIC_FRAGMENT_DIR)/fortran \ $(MAGIC_FRAGMENT_DIR)/frame \ @@ -359,6 +371,7 @@ $(MAGIC_FRAGMENT_DIR)/fusecompress \ $(MAGIC_FRAGMENT_DIR)/games \ $(MAGIC_FRAGMENT_DIR)/gcc \ +$(MAGIC_FRAGMENT_DIR)/gconv \ $(MAGIC_FRAGMENT_DIR)/geo \ $(MAGIC_FRAGMENT_DIR)/geos \ $(MAGIC_FRAGMENT_DIR)/gimp \ @@ -366,6 +379,7 @@ $(MAGIC_FRAGMENT_DIR)/gnu \ $(MAGIC_FRAGMENT_DIR)/gnumeric \ $(MAGIC_FRAGMENT_DIR)/gpt \ +$(MAGIC_FRAGMENT_DIR)/gpu \ $(MAGIC_FRAGMENT_DIR)/grace \ $(MAGIC_FRAGMENT_DIR)/graphviz \ $(MAGIC_FRAGMENT_DIR)/gringotts \ @@ -417,6 +431,7 @@ $(MAGIC_FRAGMENT_DIR)/mercurial \ $(MAGIC_FRAGMENT_DIR)/metastore \ $(MAGIC_FRAGMENT_DIR)/meteorological \ +$(MAGIC_FRAGMENT_DIR)/microfocus \ $(MAGIC_FRAGMENT_DIR)/mime \ $(MAGIC_FRAGMENT_DIR)/mips \ $(MAGIC_FRAGMENT_DIR)/mirage \ @@ -457,6 +472,8 @@ $(MAGIC_FRAGMENT_DIR)/pascal \ $(MAGIC_FRAGMENT_DIR)/pbf \ $(MAGIC_FRAGMENT_DIR)/pbm \ +$(MAGIC_FRAGMENT_DIR)/pc88 \ +$(MAGIC_FRAGMENT_DIR)/pc98 \ $(MAGIC_FRAGMENT_DIR)/pdf \ $(MAGIC_FRAGMENT_DIR)/pdp \ $(MAGIC_FRAGMENT_DIR)/perl \ @@ -465,9 +482,11 @@ $(MAGIC_FRAGMENT_DIR)/pkgadd \ $(MAGIC_FRAGMENT_DIR)/plan9 \ $(MAGIC_FRAGMENT_DIR)/plus5 \ +$(MAGIC_FRAGMENT_DIR)/polyml \ $(MAGIC_FRAGMENT_DIR)/printer \ $(MAGIC_FRAGMENT_DIR)/project \ $(MAGIC_FRAGMENT_DIR)/psdbms \ +$(MAGIC_FRAGMENT_DIR)/psl \ $(MAGIC_FRAGMENT_DIR)/pulsar \ $(MAGIC_FRAGMENT_DIR)/pwsafe \ $(MAGIC_FRAGMENT_DIR)/pyramid \ @@ -519,6 +538,7 @@ $(MAGIC_FRAGMENT_DIR)/uterus \ $(MAGIC_FRAGMENT_DIR)/uuencode \ $(MAGIC_FRAGMENT_DIR)/varied.out \ +$(MAGIC_FRAGMENT_DIR)/vacuum-cleaner \ $(MAGIC_FRAGMENT_DIR)/varied.script \ $(MAGIC_FRAGMENT_DIR)/vax \ $(MAGIC_FRAGMENT_DIR)/vicar \ @@ -531,15 +551,18 @@ $(MAGIC_FRAGMENT_DIR)/vxl \ $(MAGIC_FRAGMENT_DIR)/warc \ $(MAGIC_FRAGMENT_DIR)/weak \ +$(MAGIC_FRAGMENT_DIR)/webassembly \ $(MAGIC_FRAGMENT_DIR)/windows \ $(MAGIC_FRAGMENT_DIR)/wireless \ $(MAGIC_FRAGMENT_DIR)/wordprocessors \ $(MAGIC_FRAGMENT_DIR)/wsdl \ +$(MAGIC_FRAGMENT_DIR)/x68000 \ $(MAGIC_FRAGMENT_DIR)/xdelta \ $(MAGIC_FRAGMENT_DIR)/xenix \ $(MAGIC_FRAGMENT_DIR)/xilinx \ $(MAGIC_FRAGMENT_DIR)/xo65 \ $(MAGIC_FRAGMENT_DIR)/xwindows \ +$(MAGIC_FRAGMENT_DIR)/yara \ $(MAGIC_FRAGMENT_DIR)/zfs \ $(MAGIC_FRAGMENT_DIR)/zilog \ $(MAGIC_FRAGMENT_DIR)/zyxel @@ -776,7 +799,7 @@ @(if expr "${FILE_COMPILE}" : '.*/.*' > /dev/null; then \ echo "Using ${FILE_COMPILE} to generate ${MAGIC}" > /dev/null; \ else \ - v=$$(file --version | sed -e s/file-// -e q); \ + v=$$(${FILE_COMPILE} --version | sed -e s/file-// -e q); \ if [ "$$v" != "${PACKAGE_VERSION}" ]; then \ echo "Cannot use the installed version of file ($$v) to"; \ echo "cross-compile file ${PACKAGE_VERSION}"; \ --- contrib/file/python/README.orig +++ contrib/file/python/README @@ -1,13 +0,0 @@ -This directory contains Python bindings to allow you to access the -libmagic api. At the moment their status is "experimental". - -You can install the modules either with: - -$ python setup.py build -$ python setup.py install - -or, if you have easy_install: - -$ easy_install . - -magic-python should work now! --- contrib/file/python/magic.py.orig +++ contrib/file/python/magic.py @@ -1,4 +1,5 @@ -#!/usr/bin/env python +# coding: utf-8 + ''' Python bindings for libmagic ''' @@ -5,6 +6,8 @@ import ctypes +from collections import namedtuple + from ctypes import * from ctypes.util import find_library @@ -32,7 +35,7 @@ MAGIC_RAW = RAW = 256 MAGIC_ERROR = ERROR = 512 MAGIC_MIME_ENCODING = MIME_ENCODING = 1024 -MAGIC_MIME = MIME = 1040 +MAGIC_MIME = MIME = 1040 # MIME_TYPE + MIME_ENCODING MAGIC_APPLE = APPLE = 2048 MAGIC_NO_CHECK_COMPRESS = NO_CHECK_COMPRESS = 4096 @@ -47,7 +50,9 @@ MAGIC_NO_CHECK_BUILTIN = NO_CHECK_BUILTIN = 4173824 +FileMagic = namedtuple('FileMagic', ('mime_type', 'encoding', 'name')) + class magic_set(Structure): pass magic_set._fields_ = [] @@ -112,26 +117,43 @@ """ _close(self._magic_t) + @staticmethod + def __tostr(s): + if s is None: + return None + if isinstance(s, str): + return s + try: # keep Python 2 compatibility + return str(s, 'utf-8') + except TypeError: + return str(s) + + @staticmethod + def __tobytes(b): + if b is None: + return None + if isinstance(b, bytes): + return b + try: # keep Python 2 compatibility + return bytes(b, 'utf-8') + except TypeError: + return bytes(b) + def file(self, filename): """ Returns a textual description of the contents of the argument passed as a filename or None if an error occurred and the MAGIC_ERROR flag - is set. A call to errno() will return the numeric error code. + is set. A call to errno() will return the numeric error code. """ - try: # attempt python3 approach first - if isinstance(filename, bytes): - bi = filename - else: - bi = bytes(filename, 'utf-8') - return str(_file(self._magic_t, bi), 'utf-8') - except: - return _file(self._magic_t, filename.encode('utf-8')) + return Magic.__tostr(_file(self._magic_t, Magic.__tobytes(filename))) def descriptor(self, fd): """ - Like the file method, but the argument is a file descriptor. + Returns a textual description of the contents of the argument passed + as a file descriptor or None if an error occurred and the MAGIC_ERROR + flag is set. A call to errno() will return the numeric error code. """ - return _descriptor(self._magic_t, fd) + return Magic.__tostr(_descriptor(self._magic_t, fd)) def buffer(self, buf): """ @@ -139,10 +161,7 @@ as a buffer or None if an error occurred and the MAGIC_ERROR flag is set. A call to errno() will return the numeric error code. """ - try: # attempt python3 approach first - return str(_buffer(self._magic_t, buf, len(buf)), 'utf-8') - except: - return _buffer(self._magic_t, buf, len(buf)) + return Magic.__tostr(_buffer(self._magic_t, buf, len(buf))) def error(self): """ @@ -149,10 +168,7 @@ Returns a textual explanation of the last error or None if there was no error. """ - try: # attempt python3 approach first - return str(_error(self._magic_t), 'utf-8') - except: - return _error(self._magic_t) + return Magic.__tostr(_error(self._magic_t)) def setflags(self, flags): """ @@ -173,17 +189,18 @@ Returns 0 on success and -1 on failure. """ - return _load(self._magic_t, filename) + return _load(self._magic_t, Magic.__tobytes(filename)) def compile(self, dbs): """ Compile entries in the colon separated list of database files passed as argument or the default database file if no argument. - Returns 0 on success and -1 on failure. The compiled files created are named from the basename(1) of each file argument with ".mgc" appended to it. + + Returns 0 on success and -1 on failure. """ - return _compile(self._magic_t, dbs) + return _compile(self._magic_t, Magic.__tobytes(dbs)) def check(self, dbs): """ @@ -190,9 +207,10 @@ Check the validity of entries in the colon separated list of database files passed as argument or the default database file if no argument. + Returns 0 on success and -1 on failure. """ - return _check(self._magic_t, dbs) + return _check(self._magic_t, Magic.__tobytes(dbs)) def list(self, dbs): """ @@ -199,9 +217,10 @@ Check the validity of entries in the colon separated list of database files passed as argument or the default database file if no argument. + Returns 0 on success and -1 on failure. """ - return _list(self._magic_t, dbs) + return _list(self._magic_t, Magic.__tobytes(dbs)) def errno(self): """ @@ -219,3 +238,48 @@ Flags argument as for setflags. """ return Magic(_open(flags)) + + +# Objects used by `detect_from_` functions +mime_magic = Magic(_open(MAGIC_MIME)) +mime_magic.load() +none_magic = Magic(_open(MAGIC_NONE)) +none_magic.load() + + +def _create_filemagic(mime_detected, type_detected): + mime_type, mime_encoding = mime_detected.split('; ') + + return FileMagic(name=type_detected, mime_type=mime_type, + encoding=mime_encoding.replace('charset=', '')) + + +def detect_from_filename(filename): + '''Detect mime type, encoding and file type from a filename + + Returns a `FileMagic` namedtuple. + ''' + + return _create_filemagic(mime_magic.file(filename), + none_magic.file(filename)) + + +def detect_from_fobj(fobj): + '''Detect mime type, encoding and file type from file-like object + + Returns a `FileMagic` namedtuple. + ''' + + file_descriptor = fobj.fileno() + return _create_filemagic(mime_magic.descriptor(file_descriptor), + none_magic.descriptor(file_descriptor)) + + +def detect_from_content(byte_content): + '''Detect mime type, encoding and file type from bytes + + Returns a `FileMagic` namedtuple. + ''' + + return _create_filemagic(mime_magic.buffer(byte_content), + none_magic.buffer(byte_content)) --- contrib/file/python/setup.py.orig +++ contrib/file/python/setup.py @@ -1,10 +1,22 @@ -# Python distutils build script for magic extension -from distutils.core import setup +# coding: utf-8 -setup(name = 'Magic file extensions', - version = '0.2', - author = 'Reuben Thomas', - author_email = 'rrt@sc3d.org', - license = 'BSD', - description = 'libmagic Python bindings', - py_modules = ['magic']) +from __future__ import unicode_literals + +from setuptools import setup + + +setup(name='file-magic', + version='0.3.0', + author='Reuben Thomas, Ãlvaro Justen', + author_email='rrt@sc3d.org, alvarojusten@gmail.com', + url='https://github.com/file/file', + license='BSD', + description='(official) libmagic Python bindings', + py_modules=['magic'], + test_suite='tests', + classifiers = [ + 'Intended Audience :: Developers', + 'License :: OSI Approved :: BSD License', + 'Natural Language :: English', + 'Topic :: Software Development :: Libraries :: Python Modules', + ]) --- contrib/file/src/Makefile.am.orig +++ contrib/file/src/Makefile.am @@ -1,6 +1,6 @@ MAGIC = $(pkgdatadir)/magic lib_LTLIBRARIES = libmagic.la -include_HEADERS = magic.h +nodist_include_HEADERS = magic.h bin_PROGRAMS = file @@ -9,7 +9,7 @@ libmagic_la_SOURCES = magic.c apprentice.c softmagic.c ascmagic.c \ encoding.c compress.c is_tar.c readelf.c print.c fsmagic.c \ - funcs.c file.h readelf.h tar.h apptype.c \ + funcs.c file.h readelf.h tar.h apptype.c der.c der.h \ file_opts.h elfclass.h mygetopt.h cdf.c cdf_time.c readcdf.c cdf.h libmagic_la_LDFLAGS = -no-undefined -version-info 1:0:0 if MINGW --- contrib/file/src/Makefile.in.orig +++ contrib/file/src/Makefile.in @@ -98,8 +98,7 @@ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) -DIST_COMMON = $(srcdir)/Makefile.am $(include_HEADERS) \ - $(am__DIST_COMMON) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -138,8 +137,8 @@ libmagic_la_DEPENDENCIES = $(LTLIBOBJS) $(am__DEPENDENCIES_1) am_libmagic_la_OBJECTS = magic.lo apprentice.lo softmagic.lo \ ascmagic.lo encoding.lo compress.lo is_tar.lo readelf.lo \ - print.lo fsmagic.lo funcs.lo apptype.lo cdf.lo cdf_time.lo \ - readcdf.lo + print.lo fsmagic.lo funcs.lo apptype.lo der.lo cdf.lo \ + cdf_time.lo readcdf.lo libmagic_la_OBJECTS = $(am_libmagic_la_OBJECTS) AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) @@ -193,7 +192,7 @@ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac -HEADERS = $(include_HEADERS) +HEADERS = $(nodist_include_HEADERS) am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) # Read a list of newline-separated strings from the standard input, # and print each of them once, without duplicates. Input order is @@ -214,9 +213,9 @@ ETAGS = etags CTAGS = ctags am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp \ - asctime_r.c asprintf.c ctime_r.c fmtcheck.c getline.c \ - getopt_long.c gmtime_r.c localtime_r.c pread.c strcasestr.c \ - strlcat.c strlcpy.c vasprintf.c + asctime_r.c asprintf.c ctime_r.c dprintf.c fmtcheck.c \ + getline.c getopt_long.c gmtime_r.c localtime_r.c pread.c \ + strcasestr.c strlcat.c strlcpy.c vasprintf.c DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) pkgdatadir = @pkgdatadir@ ACLOCAL = @ACLOCAL@ @@ -340,12 +339,12 @@ top_srcdir = @top_srcdir@ MAGIC = $(pkgdatadir)/magic lib_LTLIBRARIES = libmagic.la -include_HEADERS = magic.h +nodist_include_HEADERS = magic.h AM_CPPFLAGS = -DMAGIC='"$(MAGIC)"' AM_CFLAGS = $(CFLAG_VISIBILITY) @WARNINGS@ libmagic_la_SOURCES = magic.c apprentice.c softmagic.c ascmagic.c \ encoding.c compress.c is_tar.c readelf.c print.c fsmagic.c \ - funcs.c file.h readelf.h tar.h apptype.c \ + funcs.c file.h readelf.h tar.h apptype.c der.c der.h \ file_opts.h elfclass.h mygetopt.h cdf.c cdf_time.c readcdf.c cdf.h libmagic_la_LDFLAGS = -no-undefined -version-info 1:0:0 @@ -493,6 +492,7 @@ @AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/asctime_r.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/asprintf.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/ctime_r.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/dprintf.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/fmtcheck.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/getline.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/getopt_long.Plo@am__quote@ @@ -509,6 +509,7 @@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cdf.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cdf_time.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/compress.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/der.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/encoding.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/file.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/fsmagic.Plo@am__quote@ @@ -549,9 +550,9 @@ clean-libtool: -rm -rf .libs _libs -install-includeHEADERS: $(include_HEADERS) +install-nodist_includeHEADERS: $(nodist_include_HEADERS) @$(NORMAL_INSTALL) - @list='$(include_HEADERS)'; test -n "$(includedir)" || list=; \ + @list='$(nodist_include_HEADERS)'; test -n "$(includedir)" || list=; \ if test -n "$$list"; then \ echo " $(MKDIR_P) '$(DESTDIR)$(includedir)'"; \ $(MKDIR_P) "$(DESTDIR)$(includedir)" || exit 1; \ @@ -565,9 +566,9 @@ $(INSTALL_HEADER) $$files "$(DESTDIR)$(includedir)" || exit $$?; \ done -uninstall-includeHEADERS: +uninstall-nodist_includeHEADERS: @$(NORMAL_UNINSTALL) - @list='$(include_HEADERS)'; test -n "$(includedir)" || list=; \ + @list='$(nodist_include_HEADERS)'; test -n "$(includedir)" || list=; \ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ dir='$(DESTDIR)$(includedir)'; $(am__uninstall_files_from_dir) @@ -719,7 +720,7 @@ info-am: -install-data-am: install-includeHEADERS +install-data-am: install-nodist_includeHEADERS install-dvi: install-dvi-am @@ -765,8 +766,8 @@ ps-am: -uninstall-am: uninstall-binPROGRAMS uninstall-includeHEADERS \ - uninstall-libLTLIBRARIES +uninstall-am: uninstall-binPROGRAMS uninstall-libLTLIBRARIES \ + uninstall-nodist_includeHEADERS .MAKE: all check install install-am install-strip @@ -777,15 +778,15 @@ distclean-tags distdir dvi dvi-am html html-am info info-am \ install install-am install-binPROGRAMS install-data \ install-data-am install-dvi install-dvi-am install-exec \ - install-exec-am install-html install-html-am \ - install-includeHEADERS install-info install-info-am \ - install-libLTLIBRARIES install-man install-pdf install-pdf-am \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-libLTLIBRARIES install-man \ + install-nodist_includeHEADERS install-pdf install-pdf-am \ install-ps install-ps-am install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags tags-am uninstall uninstall-am uninstall-binPROGRAMS \ - uninstall-includeHEADERS uninstall-libLTLIBRARIES + uninstall-libLTLIBRARIES uninstall-nodist_includeHEADERS .PRECIOUS: Makefile --- contrib/file/src/apprentice.c.orig +++ contrib/file/src/apprentice.c @@ -32,7 +32,7 @@ #include "file.h" #ifndef lint -FILE_RCSID("@(#)$File: apprentice.c,v 1.238 2015/09/12 18:10:42 christos Exp $") +FILE_RCSID("@(#)$File: apprentice.c,v 1.262 2017/08/28 13:39:18 christos Exp $") #endif /* lint */ #include "magic.h" @@ -86,9 +86,9 @@ #define ALLOC_CHUNK (size_t)10 #define ALLOC_INCR (size_t)200 -#define MAP_TYPE_MMAP 0 +#define MAP_TYPE_USER 0 #define MAP_TYPE_MALLOC 1 -#define MAP_TYPE_USER 2 +#define MAP_TYPE_MMAP 2 struct magic_entry { struct magic *mp; @@ -143,7 +143,7 @@ private void apprentice_unmap(struct magic_map *); private int apprentice_compile(struct magic_set *, struct magic_map *, const char *); -private int check_format_type(const char *, int); +private int check_format_type(const char *, int, const char **); private int check_format(struct magic_set *, struct magic *); private int get_op(char); private int parse_mime(struct magic_set *, struct magic_entry *, const char *); @@ -268,6 +268,7 @@ { XX("name"), FILE_NAME, FILE_FMT_NONE }, { XX("use"), FILE_USE, FILE_FMT_NONE }, { XX("clear"), FILE_CLEAR, FILE_FMT_NONE }, + { XX("der"), FILE_DER, FILE_FMT_STR }, { XX_NULL, FILE_INVALID, FILE_FMT_NONE }, }; @@ -276,6 +277,7 @@ * unsigned. */ static const struct type_tbl_s special_tbl[] = { + { XX("der"), FILE_DER, FILE_FMT_STR }, { XX("name"), FILE_NAME, FILE_FMT_STR }, { XX("use"), FILE_USE, FILE_FMT_STR }, { XX_NULL, FILE_INVALID, FILE_FMT_NONE }, @@ -406,11 +408,11 @@ { struct mlist *ml; - mlp->map = idx == 0 ? map : NULL; + mlp->map = NULL; if ((ml = CAST(struct mlist *, malloc(sizeof(*ml)))) == NULL) return -1; - ml->map = NULL; + ml->map = idx == 0 ? map : NULL; ml->magic = map->magic[idx]; ml->nmagic = map->nmagic[idx]; @@ -449,6 +451,8 @@ #ifndef COMPILE_ONLY map = apprentice_map(ms, fn); + if (map == (struct magic_map *)-1) + return -1; if (map == NULL) { if (ms->flags & MAGIC_CHECK) file_magwarn(ms, "using regular magic file `%s'", fn); @@ -460,7 +464,7 @@ for (i = 0; i < MAGIC_SETS; i++) { if (add_mlist(ms->mlist[i], map, i) == -1) { file_oomem(ms, sizeof(*ml)); - goto fail; + return -1; } } @@ -474,12 +478,6 @@ } } return 0; -fail: - for (i = 0; i < MAGIC_SETS; i++) { - mlist_free(ms->mlist[i]); - ms->mlist[i] = NULL; - } - return -1; #else return 0; #endif /* COMPILE_ONLY */ @@ -532,6 +530,7 @@ ms->elf_phnum_max = FILE_ELF_PHNUM_MAX; ms->elf_notes_max = FILE_ELF_NOTES_MAX; ms->regex_max = FILE_REGEX_MAX; + ms->bytes_max = FILE_BYTES_MAX; return ms; free: free(ms); @@ -546,19 +545,25 @@ return; switch (map->type) { + case MAP_TYPE_USER: + break; + case MAP_TYPE_MALLOC: + for (i = 0; i < MAGIC_SETS; i++) { + void *b = map->magic[i]; + void *p = map->p; + if (CAST(char *, b) >= CAST(char *, p) && + CAST(char *, b) <= CAST(char *, p) + map->len) + continue; + free(map->magic[i]); + } + free(map->p); + break; #ifdef QUICK case MAP_TYPE_MMAP: - if (map->p) + if (map->p && map->p != MAP_FAILED) (void)munmap(map->p, map->len); break; #endif - case MAP_TYPE_MALLOC: - free(map->p); - for (i = 0; i < MAGIC_SETS; i++) - free(map->magic[i]); - break; - case MAP_TYPE_USER: - break; default: abort(); } @@ -587,7 +592,7 @@ ml = mlist->next; for (ml = mlist->next; (next = ml->next) != NULL; ml = next) { if (ml->map) - apprentice_unmap(ml->map); + apprentice_unmap(CAST(struct magic_map *, ml->map)); free(ml); if (ml == mlist) break; @@ -607,8 +612,7 @@ if (nbufs == 0) return -1; - if (ms->mlist[0] != NULL) - file_reset(ms); + (void)file_reset(ms, 0); init_file_tables(); @@ -651,8 +655,7 @@ int file_err, errs = -1; size_t i; - if (ms->mlist[0] != NULL) - file_reset(ms); + (void)file_reset(ms, 0); if ((fn = magic_getpath(fn, action)) == NULL) return -1; @@ -774,6 +777,59 @@ return rv == 0 ? 1 : rv; /* Return at least 1 */ } + +private size_t +typesize(int type) +{ + switch (type) { + case FILE_BYTE: + return 1; + + case FILE_SHORT: + case FILE_LESHORT: + case FILE_BESHORT: + return 2; + + case FILE_LONG: + case FILE_LELONG: + case FILE_BELONG: + case FILE_MELONG: + return 4; + + case FILE_DATE: + case FILE_LEDATE: + case FILE_BEDATE: + case FILE_MEDATE: + case FILE_LDATE: + case FILE_LELDATE: + case FILE_BELDATE: + case FILE_MELDATE: + case FILE_FLOAT: + case FILE_BEFLOAT: + case FILE_LEFLOAT: + return 4; + + case FILE_QUAD: + case FILE_BEQUAD: + case FILE_LEQUAD: + case FILE_QDATE: + case FILE_LEQDATE: + case FILE_BEQDATE: + case FILE_QLDATE: + case FILE_LEQLDATE: + case FILE_BEQLDATE: + case FILE_QWDATE: + case FILE_LEQWDATE: + case FILE_BEQWDATE: + case FILE_DOUBLE: + case FILE_BEDOUBLE: + case FILE_LEDOUBLE: + return 8; + default: + return (size_t)~0; + } +} + /* * Get weight of this magic entry, for sorting purposes. */ @@ -781,7 +837,7 @@ apprentice_magic_strength(const struct magic *m) { #define MULT 10 - size_t v, val = 2 * MULT; /* baseline strength */ + size_t ts, v, val = 2 * MULT; /* baseline strength */ switch (m->type) { case FILE_DEFAULT: /* make sure this sorts last */ @@ -790,41 +846,13 @@ return 0; case FILE_BYTE: - val += 1 * MULT; - break; - case FILE_SHORT: case FILE_LESHORT: case FILE_BESHORT: - val += 2 * MULT; - break; - case FILE_LONG: case FILE_LELONG: case FILE_BELONG: case FILE_MELONG: - val += 4 * MULT; - break; - - case FILE_PSTRING: - case FILE_STRING: - val += m->vallen * MULT; - break; - - case FILE_BESTRING16: - case FILE_LESTRING16: - val += m->vallen * MULT / 2; - break; - - case FILE_SEARCH: - val += m->vallen * MAX(MULT / m->vallen, 1); - break; - - case FILE_REGEX: - v = nonmagic(m->value.s); - val += v * MAX(MULT / v, 1); - break; - case FILE_DATE: case FILE_LEDATE: case FILE_BEDATE: @@ -836,9 +864,6 @@ case FILE_FLOAT: case FILE_BEFLOAT: case FILE_LEFLOAT: - val += 4 * MULT; - break; - case FILE_QUAD: case FILE_BEQUAD: case FILE_LEQUAD: @@ -854,14 +879,40 @@ case FILE_DOUBLE: case FILE_BEDOUBLE: case FILE_LEDOUBLE: - val += 8 * MULT; + ts = typesize(m->type); + if (ts == (size_t)~0) + abort(); + val += ts * MULT; break; + case FILE_PSTRING: + case FILE_STRING: + val += m->vallen * MULT; + break; + + case FILE_BESTRING16: + case FILE_LESTRING16: + val += m->vallen * MULT / 2; + break; + + case FILE_SEARCH: + val += m->vallen * MAX(MULT / m->vallen, 1); + break; + + case FILE_REGEX: + v = nonmagic(m->value.s); + val += v * MAX(MULT / v, 1); + break; + case FILE_INDIRECT: case FILE_NAME: case FILE_USE: break; + case FILE_DER: + val += MULT; + break; + default: (void)fprintf(stderr, "Bad type %d\n", m->type); abort(); @@ -1017,6 +1068,7 @@ case FILE_DOUBLE: case FILE_BEDOUBLE: case FILE_LEDOUBLE: + case FILE_DER: mstart->flag |= BINTEST; break; case FILE_STRING: @@ -1306,6 +1358,8 @@ goto out; } while ((d = readdir(dir)) != NULL) { + if (d->d_name[0] == '.') + continue; if (asprintf(&mfn, "%s/%s", fn, d->d_name) < 0) { file_oomem(ms, strlen(fn) + strlen(d->d_name) + 2); @@ -1448,6 +1502,7 @@ case FILE_NAME: case FILE_USE: case FILE_CLEAR: + case FILE_DER: break; default: if (ms->flags & MAGIC_CHECK) @@ -1866,10 +1921,13 @@ if (m->flag & INDIR) { m->in_type = FILE_LONG; m->in_offset = 0; + m->in_op = 0; /* - * read [.lbs][+-]nnnnn) + * read [.,lbs][+-]nnnnn) */ - if (*l == '.') { + if (*l == '.' || *l == ',') { + if (*l == ',') + m->in_op |= FILE_OPSIGNED; l++; switch (*l) { case 'l': @@ -1921,7 +1979,6 @@ l++; } - m->in_op = 0; if (*l == '~') { m->in_op |= FILE_OPINVERSE; l++; @@ -2103,7 +2160,7 @@ /* * TODO finish this macro and start using it! - * #define offsetcheck {if (offset > HOWMANY-1) + * #define offsetcheck {if (offset > ms->bytes_max -1) * magwarn("offset too big"); } */ @@ -2267,7 +2324,7 @@ return parse_extra(ms, me, line, CAST(off_t, offsetof(struct magic, apple)), - sizeof(m->apple), "APPLE", "!+-./", 0); + sizeof(m->apple), "APPLE", "!+-./?", 0); } /* @@ -2280,7 +2337,7 @@ return parse_extra(ms, me, line, CAST(off_t, offsetof(struct magic, ext)), - sizeof(m->ext), "EXTENSION", ",!+-/", 0); + sizeof(m->ext), "EXTENSION", ",!+-/@", 0); } /* @@ -2298,11 +2355,13 @@ } private int -check_format_type(const char *ptr, int type) +check_format_type(const char *ptr, int type, const char **estr) { int quad = 0, h; + size_t len, cnt; if (*ptr == '\0') { /* Missing format string; bad */ + *estr = "missing format spec"; return -1; } @@ -2339,15 +2398,24 @@ ptr++; if (*ptr == '.') ptr++; - while (isdigit((unsigned char)*ptr)) ptr++; + if (*ptr == '#') + ptr++; +#define CHECKLEN() do { \ + for (len = cnt = 0; isdigit((unsigned char)*ptr); ptr++, cnt++) \ + len = len * 10 + (*ptr - '0'); \ + if (cnt > 5 || len > 1024) \ + goto toolong; \ +} while (/*CONSTCOND*/0) + + CHECKLEN(); if (*ptr == '.') ptr++; - while (isdigit((unsigned char)*ptr)) ptr++; + CHECKLEN(); if (quad) { if (*ptr++ != 'l') - return -1; + goto invalid; if (*ptr++ != 'l') - return -1; + goto invalid; } switch (*ptr++) { @@ -2361,9 +2429,11 @@ case 'o': case 'x': case 'X': - return h != 0 ? -1 : 0; + if (h == 0) + return 0; + /*FALLTHROUGH*/ default: - return -1; + goto invalid; } /* @@ -2372,11 +2442,11 @@ */ case 'h': if (h-- <= 0) - return -1; + goto invalid; switch (*ptr++) { case 'h': if (h-- <= 0) - return -1; + goto invalid; switch (*ptr++) { case 'i': case 'd': @@ -2386,7 +2456,7 @@ case 'X': return 0; default: - return -1; + goto invalid; } case 'i': case 'd': @@ -2394,13 +2464,17 @@ case 'o': case 'x': case 'X': - return h != 0 ? -1 : 0; + if (h == 0) + return 0; + /*FALLTHROUGH*/ default: - return -1; + goto invalid; } #endif case 'c': - return h != 2 ? -1 : 0; + if (h == 2) + return 0; + goto invalid; case 'i': case 'd': case 'u': @@ -2408,12 +2482,14 @@ case 'x': case 'X': #ifdef STRICT_FORMAT - return h != 0 ? -1 : 0; + if (h == 0) + return 0; + /*FALLTHROUGH*/ #else return 0; #endif default: - return -1; + goto invalid; } case FILE_FMT_FLOAT: @@ -2422,11 +2498,10 @@ ptr++; if (*ptr == '.') ptr++; - while (isdigit((unsigned char)*ptr)) ptr++; + CHECKLEN(); if (*ptr == '.') ptr++; - while (isdigit((unsigned char)*ptr)) ptr++; - + CHECKLEN(); switch (*ptr++) { case 'e': case 'E': @@ -2437,7 +2512,7 @@ return 0; default: - return -1; + goto invalid; } @@ -2456,7 +2531,7 @@ case 's': return 0; default: - return -1; + goto invalid; } default: @@ -2463,7 +2538,10 @@ /* internal error */ abort(); } - /*NOTREACHED*/ +invalid: + *estr = "not valid"; +toolong: + *estr = "too long"; return -1; } @@ -2475,6 +2553,7 @@ check_format(struct magic_set *ms, struct magic *m) { char *ptr; + const char *estr; for (ptr = m->desc; *ptr; ptr++) if (*ptr == '%') @@ -2498,13 +2577,13 @@ } ptr++; - if (check_format_type(ptr, m->type) == -1) { + if (check_format_type(ptr, m->type, &estr) == -1) { /* * TODO: this error message is unhelpful if the format * string is not one character long */ - file_magwarn(ms, "Printf format `%c' is not valid for type " - "`%s' in description `%s'", *ptr ? *ptr : '?', + file_magwarn(ms, "Printf format is %s for type " + "`%s' in description `%s'", estr, file_names[m->type], m->desc); return -1; } @@ -2538,6 +2617,7 @@ case FILE_SEARCH: case FILE_NAME: case FILE_USE: + case FILE_DER: *p = getstr(ms, m, *p, action == FILE_COMPILE); if (*p == NULL) { if (ms->flags & MAGIC_CHECK) @@ -2585,9 +2665,46 @@ default: if (m->reln != 'x') { char *ep; + uint64_t ull; errno = 0; - m->value.q = file_signextend(ms, m, - (uint64_t)strtoull(*p, &ep, 0)); + ull = (uint64_t)strtoull(*p, &ep, 0); + m->value.q = file_signextend(ms, m, ull); + if (*p == ep) { + file_magwarn(ms, "Unparseable number `%s'", *p); + } else { + size_t ts = typesize(m->type); + uint64_t x; + const char *q; + + if (ts == (size_t)~0) { + file_magwarn(ms, "Expected numeric type got `%s'", + type_tbl[m->type].name); + } + for (q = *p; isspace((unsigned char)*q); q++) + continue; + if (*q == '-') + ull = -(int64_t)ull; + switch (ts) { + case 1: + x = ull & ~0xffULL; + break; + case 2: + x = ull & ~0xffffULL; + break; + case 4: + x = ull & ~0xffffffffULL; + break; + case 8: + x = 0; + break; + default: + abort(); + } + if (x) { + file_magwarn(ms, "Overflow for numeric type `%s' value %#" PRIx64, + type_tbl[m->type].name, ull); + } + } if (errno == 0) { *p = ep; eatsize(p); @@ -2896,6 +3013,7 @@ struct stat st; char *dbname = NULL; struct magic_map *map; + struct magic_map *rv = NULL; fd = -1; if ((map = CAST(struct magic_map *, calloc(1, sizeof(*map)))) == NULL) { @@ -2902,6 +3020,7 @@ file_oomem(ms, sizeof(*map)); goto error; } + map->type = MAP_TYPE_USER; /* unspecified */ dbname = mkdbname(ms, fn, 0); if (dbname == NULL) @@ -2922,13 +3041,14 @@ map->len = (size_t)st.st_size; #ifdef QUICK + map->type = MAP_TYPE_MMAP; if ((map->p = mmap(0, (size_t)st.st_size, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FILE, fd, (off_t)0)) == MAP_FAILED) { file_error(ms, errno, "cannot map `%s'", dbname); goto error; } - map->type = MAP_TYPE_MMAP; #else + map->type = MAP_TYPE_MALLOC; if ((map->p = CAST(void *, malloc(map->len))) == NULL) { file_oomem(ms, map->len); goto error; @@ -2937,14 +3057,21 @@ file_badread(ms); goto error; } - map->type = MAP_TYPE_MALLOC; #define RET 1 #endif (void)close(fd); fd = -1; - if (check_buffer(ms, map, dbname) != 0) + if (check_buffer(ms, map, dbname) != 0) { + rv = (struct magic_map *)-1; goto error; + } +#ifdef QUICK + if (mprotect(map->p, (size_t)st.st_size, PROT_READ) == -1) { + file_error(ms, errno, "cannot mprotect `%s'", dbname); + goto error; + } +#endif free(dbname); return map; @@ -2954,7 +3081,7 @@ (void)close(fd); apprentice_unmap(map); free(dbname); - return NULL; + return rv; } private int @@ -3063,6 +3190,7 @@ (void)close(fd); rv = 0; out: + apprentice_unmap(map); free(dbname); return rv; } @@ -3109,7 +3237,7 @@ return NULL; /* Compatibility with old code that looked in .mime */ - if (strstr(p, ".mime") != NULL) + if (strstr(fn, ".mime") != NULL) ms->flags &= MAGIC_MIME_TYPE; return buf; } @@ -3228,6 +3356,7 @@ { size_t len = 0; const unsigned char *s = (const unsigned char *)ss; + unsigned int s3, s2, s1, s0; switch (m->str_flags & PSTRING_LEN) { case PSTRING_1_LE: @@ -3234,16 +3363,28 @@ len = *s; break; case PSTRING_2_LE: - len = (s[1] << 8) | s[0]; + s0 = s[0]; + s1 = s[1]; + len = (s1 << 8) | s0; break; case PSTRING_2_BE: - len = (s[0] << 8) | s[1]; + s0 = s[0]; + s1 = s[1]; + len = (s0 << 8) | s1; break; case PSTRING_4_LE: - len = (s[3] << 24) | (s[2] << 16) | (s[1] << 8) | s[0]; + s0 = s[0]; + s1 = s[1]; + s2 = s[2]; + s3 = s[3]; + len = (s3 << 24) | (s2 << 16) | (s1 << 8) | s0; break; case PSTRING_4_BE: - len = (s[0] << 24) | (s[1] << 16) | (s[2] << 8) | s[3]; + s0 = s[0]; + s1 = s[1]; + s2 = s[2]; + s3 = s[3]; + len = (s0 << 24) | (s1 << 16) | (s2 << 8) | s3; break; default: abort(); /* Impossible */ --- contrib/file/src/ascmagic.c.orig +++ contrib/file/src/ascmagic.c @@ -35,7 +35,7 @@ #include "file.h" #ifndef lint -FILE_RCSID("@(#)$File: ascmagic.c,v 1.92 2015/04/09 20:01:41 christos Exp $") +FILE_RCSID("@(#)$File: ascmagic.c,v 1.97 2016/06/27 20:56:25 christos Exp $") #endif /* lint */ #include "magic.h" @@ -79,9 +79,6 @@ const char *code_mime = NULL; const char *type = NULL; - if (ms->flags & (MAGIC_APPLE|MAGIC_EXTENSION)) - return 0; - nbytes = trim_nuls(buf, nbytes); /* If file doesn't look like any sort of text, give up. */ @@ -123,9 +120,6 @@ size_t last_line_end = (size_t)-1; int has_long_lines = 0; - if (ms->flags & (MAGIC_APPLE|MAGIC_EXTENSION)) - return 0; - nbytes = trim_nuls(buf, nbytes); /* If we have fewer than 2 bytes, give up. */ @@ -147,10 +141,16 @@ == NULL) goto done; if ((rv = file_softmagic(ms, utf8_buf, - (size_t)(utf8_end - utf8_buf), 0, NULL, + (size_t)(utf8_end - utf8_buf), NULL, NULL, TEXTTEST, text)) == 0) rv = -1; + if ((ms->flags & (MAGIC_APPLE|MAGIC_EXTENSION))) { + rv = rv == -1 ? 0 : 1; + goto done; + } } + if ((ms->flags & (MAGIC_APPLE|MAGIC_EXTENSION))) + return 0; /* Now try to discover other details about the file. */ for (i = 0; i < ulen; i++) { @@ -183,10 +183,10 @@ } /* Beware, if the data has been truncated, the final CR could have - been followed by a LF. If we have HOWMANY bytes, it indicates + been followed by a LF. If we have ms->bytes_max bytes, it indicates that the data might have been truncated, probably even before this function was called. */ - if (seen_cr && nbytes < HOWMANY) + if (seen_cr && nbytes < ms->bytes_max) n_cr++; if (strcmp(type, "binary") == 0) { --- contrib/file/src/cdf.c.orig +++ contrib/file/src/cdf.c @@ -35,7 +35,7 @@ #include "file.h" #ifndef lint -FILE_RCSID("@(#)$File: cdf.c,v 1.76 2015/02/28 00:18:02 christos Exp $") +FILE_RCSID("@(#)$File: cdf.c,v 1.106 2017/04/30 17:05:02 christos Exp $") #endif #include @@ -80,7 +80,35 @@ CDF_TOLE8(CAST(uint64_t, x)))) #define CDF_GETUINT32(x, y) cdf_getuint32(x, y) +#define CDF_MALLOC(n) cdf_malloc(__FILE__, __LINE__, (n)) +#define CDF_REALLOC(p, n) cdf_realloc(__FILE__, __LINE__, (p), (n)) +#define CDF_CALLOC(n, u) cdf_calloc(__FILE__, __LINE__, (n), (u)) + +static void * +cdf_malloc(const char *file __attribute__((__unused__)), + size_t line __attribute__((__unused__)), size_t n) +{ + DPRINTF(("%s,%zu: %s %zu\n", file, line, __func__, n)); + return malloc(n); +} + +static void * +cdf_realloc(const char *file __attribute__((__unused__)), + size_t line __attribute__((__unused__)), void *p, size_t n) +{ + DPRINTF(("%s,%zu: %s %zu\n", file, line, __func__, n)); + return realloc(p, n); +} + +static void * +cdf_calloc(const char *file __attribute__((__unused__)), + size_t line __attribute__((__unused__)), size_t n, size_t u) +{ + DPRINTF(("%s,%zu: %s %zu %zu\n", file, line, __func__, n, u)); + return calloc(n, u); +} + /* * swap a short */ @@ -266,6 +294,26 @@ CDF_UNPACK(d->d_unused0); } +int +cdf_zero_stream(cdf_stream_t *scn) +{ + scn->sst_len = 0; + scn->sst_dirlen = 0; + scn->sst_ss = 0; + free(scn->sst_tab); + scn->sst_tab = NULL; + return -1; +} + +static size_t +cdf_check_stream(const cdf_stream_t *sst, const cdf_header_t *h) +{ + size_t ss = sst->sst_dirlen < h->h_min_size_standard_stream ? + CDF_SHORT_SEC_SIZE(h) : CDF_SEC_SIZE(h); + assert(ss == sst->sst_ss); + return sst->sst_ss; +} + static int cdf_check_stream_offset(const cdf_stream_t *sst, const cdf_header_t *h, const void *p, size_t tail, int line) @@ -272,8 +320,7 @@ { const char *b = (const char *)sst->sst_tab; const char *e = ((const char *)p) + tail; - size_t ss = sst->sst_dirlen < h->h_min_size_standard_stream ? - CDF_SHORT_SEC_SIZE(h) : CDF_SEC_SIZE(h); + size_t ss = cdf_check_stream(sst, h); /*LINTED*/(void)&line; if (e >= b && (size_t)(e - b) <= ss * sst->sst_len) return 0; @@ -290,10 +337,8 @@ { size_t siz = (size_t)off + len; - if ((off_t)(off + len) != (off_t)siz) { - errno = EINVAL; - return -1; - } + if ((off_t)(off + len) != (off_t)siz) + goto out; if (info->i_buf != NULL && info->i_len >= siz) { (void)memcpy(buf, &info->i_buf[off], len); @@ -301,12 +346,15 @@ } if (info->i_fd == -1) - return -1; + goto out; if (pread(info->i_fd, buf, len, off) != (ssize_t)len) return -1; return (ssize_t)len; +out: + errno = EINVAL; + return -1; } int @@ -320,7 +368,7 @@ cdf_unpack_header(h, buf); cdf_swap_header(h); if (h->h_magic != CDF_MAGIC) { - DPRINTF(("Bad magic 0x%" INT64_T_FORMAT "x != 0x%" + DPRINTF(("Bad magic %#" INT64_T_FORMAT "x != %#" INT64_T_FORMAT "x\n", (unsigned long long)h->h_magic, (unsigned long long)CDF_MAGIC)); @@ -327,11 +375,11 @@ goto out; } if (h->h_sec_size_p2 > 20) { - DPRINTF(("Bad sector size 0x%u\n", h->h_sec_size_p2)); + DPRINTF(("Bad sector size %hu\n", h->h_sec_size_p2)); goto out; } if (h->h_short_sec_size_p2 > 20) { - DPRINTF(("Bad short sector size 0x%u\n", + DPRINTF(("Bad short sector size %hu\n", h->h_short_sec_size_p2)); goto out; } @@ -363,11 +411,14 @@ DPRINTF(("Out of bounds read %" SIZE_T_FORMAT "u > %" SIZE_T_FORMAT "u\n", pos + len, CDF_SEC_SIZE(h) * sst->sst_len)); - return -1; + goto out; } (void)memcpy(((char *)buf) + offs, ((const char *)sst->sst_tab) + pos, len); return len; +out: + errno = EFTYPE; + return -1; } /* @@ -385,7 +436,7 @@ if (h->h_master_sat[i] == CDF_SECID_FREE) break; -#define CDF_SEC_LIMIT (UINT32_MAX / (4 * ss)) +#define CDF_SEC_LIMIT (UINT32_MAX / (8 * ss)) if ((nsatpersec > 0 && h->h_num_sectors_in_master_sat > CDF_SEC_LIMIT / nsatpersec) || i > CDF_SEC_LIMIT) { @@ -398,7 +449,7 @@ sat->sat_len = h->h_num_sectors_in_master_sat * nsatpersec + i; DPRINTF(("sat_len = %" SIZE_T_FORMAT "u ss = %" SIZE_T_FORMAT "u\n", sat->sat_len, ss)); - if ((sat->sat_tab = CAST(cdf_secid_t *, calloc(sat->sat_len, ss))) + if ((sat->sat_tab = CAST(cdf_secid_t *, CDF_CALLOC(sat->sat_len, ss))) == NULL) return -1; @@ -412,7 +463,7 @@ } } - if ((msa = CAST(cdf_secid_t *, calloc(1, ss))) == NULL) + if ((msa = CAST(cdf_secid_t *, CDF_CALLOC(1, ss))) == NULL) goto out1; mid = h->h_secid_first_sector_in_master_sat; @@ -421,8 +472,7 @@ goto out; if (j >= CDF_LOOP_LIMIT) { DPRINTF(("Reading master sector loop limit")); - errno = EFTYPE; - goto out2; + goto out3; } if (cdf_read_sector(info, msa, 0, ss, h, mid) != (ssize_t)ss) { DPRINTF(("Reading master sector %d", mid)); @@ -435,8 +485,7 @@ if (i >= sat->sat_len) { DPRINTF(("Out of bounds reading MSA %" SIZE_T_FORMAT "u >= %" SIZE_T_FORMAT "u", i, sat->sat_len)); - errno = EFTYPE; - goto out2; + goto out3; } if (cdf_read_sector(info, sat->sat_tab, ss * i, ss, h, sec) != (ssize_t)ss) { @@ -451,6 +500,8 @@ sat->sat_len = i; free(msa); return 0; +out3: + errno = EFTYPE; out2: free(msa); out1: @@ -476,23 +527,24 @@ DPRINTF((" %d", sid)); if (j >= CDF_LOOP_LIMIT) { DPRINTF(("Counting chain loop limit")); - errno = EFTYPE; - return (size_t)-1; + goto out; } if (sid >= maxsector) { DPRINTF(("Sector %d >= %d\n", sid, maxsector)); - errno = EFTYPE; - return (size_t)-1; + goto out; } sid = CDF_TOLE4((uint32_t)sat->sat_tab[sid]); } if (i == 0) { DPRINTF((" none, sid: %d\n", sid)); - return (size_t)-1; + goto out; } DPRINTF(("\n")); return i; +out: + errno = EFTYPE; + return (size_t)-1; } int @@ -501,20 +553,24 @@ { size_t ss = CDF_SEC_SIZE(h), i, j; ssize_t nr; + scn->sst_tab = NULL; scn->sst_len = cdf_count_chain(sat, sid, ss); - scn->sst_dirlen = len; + scn->sst_dirlen = MAX(h->h_min_size_standard_stream, len); + scn->sst_ss = ss; + if (sid == CDF_SECID_END_OF_CHAIN || len == 0) + return cdf_zero_stream(scn); + if (scn->sst_len == (size_t)-1) - return -1; + goto out; - scn->sst_tab = calloc(scn->sst_len, ss); + scn->sst_tab = CDF_CALLOC(scn->sst_len, ss); if (scn->sst_tab == NULL) - return -1; + return cdf_zero_stream(scn); for (j = i = 0; sid >= 0; i++, j++) { if (j >= CDF_LOOP_LIMIT) { DPRINTF(("Read long sector chain loop limit")); - errno = EFTYPE; goto out; } if (i >= scn->sst_len) { @@ -521,7 +577,6 @@ DPRINTF(("Out of bounds reading long sector chain " "%" SIZE_T_FORMAT "u > %" SIZE_T_FORMAT "u\n", i, scn->sst_len)); - errno = EFTYPE; goto out; } if ((nr = cdf_read_sector(info, scn->sst_tab, i * ss, ss, h, @@ -537,8 +592,8 @@ } return 0; out: - free(scn->sst_tab); - return -1; + errno = EFTYPE; + return cdf_zero_stream(scn); } int @@ -547,20 +602,21 @@ cdf_secid_t sid, size_t len, cdf_stream_t *scn) { size_t ss = CDF_SHORT_SEC_SIZE(h), i, j; + scn->sst_tab = NULL; scn->sst_len = cdf_count_chain(ssat, sid, CDF_SEC_SIZE(h)); scn->sst_dirlen = len; + scn->sst_ss = ss; - if (sst->sst_tab == NULL || scn->sst_len == (size_t)-1) - return -1; + if (scn->sst_len == (size_t)-1) + goto out; - scn->sst_tab = calloc(scn->sst_len, ss); + scn->sst_tab = CDF_CALLOC(scn->sst_len, ss); if (scn->sst_tab == NULL) - return -1; + return cdf_zero_stream(scn); for (j = i = 0; sid >= 0; i++, j++) { if (j >= CDF_LOOP_LIMIT) { DPRINTF(("Read short sector chain loop limit")); - errno = EFTYPE; goto out; } if (i >= scn->sst_len) { @@ -567,7 +623,6 @@ DPRINTF(("Out of bounds reading short sector chain " "%" SIZE_T_FORMAT "u > %" SIZE_T_FORMAT "u\n", i, scn->sst_len)); - errno = EFTYPE; goto out; } if (cdf_read_short_sector(sst, scn->sst_tab, i * ss, ss, h, @@ -579,8 +634,8 @@ } return 0; out: - free(scn->sst_tab); - return -1; + errno = EFTYPE; + return cdf_zero_stream(scn); } int @@ -613,11 +668,11 @@ dir->dir_len = ns * nd; dir->dir_tab = CAST(cdf_directory_t *, - calloc(dir->dir_len, sizeof(dir->dir_tab[0]))); + CDF_CALLOC(dir->dir_len, sizeof(dir->dir_tab[0]))); if (dir->dir_tab == NULL) return -1; - if ((buf = CAST(char *, malloc(ss))) == NULL) { + if ((buf = CAST(char *, CDF_MALLOC(ss))) == NULL) { free(dir->dir_tab); return -1; } @@ -625,7 +680,6 @@ for (j = i = 0; i < ns; i++, j++) { if (j >= CDF_LOOP_LIMIT) { DPRINTF(("Read dir loop limit")); - errno = EFTYPE; goto out; } if (cdf_read_sector(info, buf, 0, ss, h, sid) != (ssize_t)ss) { @@ -646,6 +700,7 @@ out: free(dir->dir_tab); free(buf); + errno = EFTYPE; return -1; } @@ -658,18 +713,18 @@ size_t ss = CDF_SEC_SIZE(h); cdf_secid_t sid = h->h_secid_first_sector_in_short_sat; - ssat->sat_len = cdf_count_chain(sat, sid, CDF_SEC_SIZE(h)); + ssat->sat_tab = NULL; + ssat->sat_len = cdf_count_chain(sat, sid, ss); if (ssat->sat_len == (size_t)-1) - return -1; + goto out; - ssat->sat_tab = CAST(cdf_secid_t *, calloc(ssat->sat_len, ss)); + ssat->sat_tab = CAST(cdf_secid_t *, CDF_CALLOC(ssat->sat_len, ss)); if (ssat->sat_tab == NULL) - return -1; + goto out1; for (j = i = 0; sid >= 0; i++, j++) { if (j >= CDF_LOOP_LIMIT) { DPRINTF(("Read short sat sector loop limit")); - errno = EFTYPE; goto out; } if (i >= ssat->sat_len) { @@ -676,18 +731,19 @@ DPRINTF(("Out of bounds reading short sector chain " "%" SIZE_T_FORMAT "u > %" SIZE_T_FORMAT "u\n", i, ssat->sat_len)); - errno = EFTYPE; goto out; } if (cdf_read_sector(info, ssat->sat_tab, i * ss, ss, h, sid) != (ssize_t)ss) { DPRINTF(("Reading short sat sector %d", sid)); - goto out; + goto out1; } sid = CDF_TOLE4((uint32_t)sat->sat_tab[sid]); } return 0; out: + errno = EFTYPE; +out1: free(ssat->sat_tab); return -1; } @@ -706,21 +762,24 @@ break; /* If the it is not there, just fake it; some docs don't have it */ - if (i == dir->dir_len) + if (i == dir->dir_len) { + DPRINTF(("Cannot find root storage dir\n")); goto out; + } d = &dir->dir_tab[i]; *root = d; /* If the it is not there, just fake it; some docs don't have it */ - if (d->d_stream_first_sector < 0) + if (d->d_stream_first_sector < 0) { + DPRINTF(("No first secror in dir\n")); goto out; + } - return cdf_read_long_sector_chain(info, h, sat, + return cdf_read_long_sector_chain(info, h, sat, d->d_stream_first_sector, d->d_size, scn); out: scn->sst_tab = NULL; - scn->sst_len = 0; - scn->sst_dirlen = 0; + (void)cdf_zero_stream(scn); return 0; } @@ -734,6 +793,15 @@ } int +cdf_read_doc_summary_info(const cdf_info_t *info, const cdf_header_t *h, + const cdf_sat_t *sat, const cdf_sat_t *ssat, const cdf_stream_t *sst, + const cdf_dir_t *dir, cdf_stream_t *scn) +{ + return cdf_read_user_stream(info, h, sat, ssat, sst, dir, + "\05DocumentSummaryInformation", scn); +} + +int cdf_read_summary_info(const cdf_info_t *info, const cdf_header_t *h, const cdf_sat_t *sat, const cdf_sat_t *ssat, const cdf_stream_t *sst, const cdf_dir_t *dir, cdf_stream_t *scn) @@ -750,8 +818,10 @@ const cdf_directory_t *d; int i = cdf_find_stream(dir, name, CDF_DIR_TYPE_USER_STREAM); - if (i <= 0) + if (i <= 0) { + memset(scn, 0, sizeof(*scn)); return -1; + } d = &dir->dir_tab[i - 1]; return cdf_read_sector_chain(info, h, sat, ssat, sst, @@ -769,7 +839,7 @@ == 0) break; if (i > 0) - return i; + return CAST(int, i); DPRINTF(("Cannot find type %d `%s'\n", type, name)); errno = ESRCH; @@ -776,6 +846,100 @@ return 0; } +#define CDF_SHLEN_LIMIT (UINT32_MAX / 8) +#define CDF_PROP_LIMIT (UINT32_MAX / (8 * sizeof(cdf_property_info_t))) + +static const void * +cdf_offset(const void *p, size_t l) +{ + return CAST(const void *, CAST(const uint8_t *, p) + l); +} + +static const uint8_t * +cdf_get_property_info_pos(const cdf_stream_t *sst, const cdf_header_t *h, + const uint8_t *p, const uint8_t *e, size_t i) +{ + size_t tail = (i << 1) + 1; + size_t ofs; + const uint8_t *q; + + if (p >= e) { + DPRINTF(("Past end %p < %p\n", e, p)); + return NULL; + } + if (cdf_check_stream_offset(sst, h, p, (tail + 1) * sizeof(uint32_t), + __LINE__) == -1) + return NULL; + ofs = CDF_GETUINT32(p, tail); + q = CAST(const uint8_t *, cdf_offset(CAST(const void *, p), + ofs - 2 * sizeof(uint32_t))); + + if (q < p) { + DPRINTF(("Wrapped around %p < %p\n", q, p)); + return NULL; + } + + if (q >= e) { + DPRINTF(("Ran off the end %p >= %p\n", q, e)); + return NULL; + } + return q; +} + +static cdf_property_info_t * +cdf_grow_info(cdf_property_info_t **info, size_t *maxcount, size_t incr) +{ + cdf_property_info_t *inp; + size_t newcount = *maxcount + incr; + + if (newcount > CDF_PROP_LIMIT) { + DPRINTF(("exceeded property limit %zu > %zu\n", + newcount, CDF_PROP_LIMIT)); + goto out; + } + inp = CAST(cdf_property_info_t *, + CDF_REALLOC(*info, newcount * sizeof(*inp))); + if (inp == NULL) + goto out; + + *info = inp; + *maxcount = newcount; + return inp; +out: + free(*info); + *maxcount = 0; + *info = NULL; + return NULL; +} + +static int +cdf_copy_info(cdf_property_info_t *inp, const void *p, const void *e, + size_t len) +{ + if (inp->pi_type & CDF_VECTOR) + return 0; + + if ((size_t)(CAST(const char *, e) - CAST(const char *, p)) < len) + return 0; + + (void)memcpy(&inp->pi_val, p, len); + + switch (len) { + case 2: + inp->pi_u16 = CDF_TOLE2(inp->pi_u16); + break; + case 4: + inp->pi_u32 = CDF_TOLE4(inp->pi_u32); + break; + case 8: + inp->pi_u64 = CDF_TOLE8(inp->pi_u64); + break; + default: + abort(); + } + return 1; +} + int cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h, uint32_t offs, cdf_property_info_t **info, size_t *count, size_t *maxcount) @@ -783,13 +947,7 @@ const cdf_section_header_t *shp; cdf_section_header_t sh; const uint8_t *p, *q, *e; - int16_t s16; - int32_t s32; - uint32_t u32; - int64_t s64; - uint64_t u64; - cdf_timestamp_t tp; - size_t i, o, o4, nelements, j; + size_t i, o4, nelements, j, slen, left; cdf_property_info_t *inp; if (offs > UINT32_MAX / 4) { @@ -796,79 +954,62 @@ errno = EFTYPE; goto out; } - shp = CAST(const cdf_section_header_t *, (const void *) - ((const char *)sst->sst_tab + offs)); + shp = CAST(const cdf_section_header_t *, + cdf_offset(sst->sst_tab, offs)); if (cdf_check_stream_offset(sst, h, shp, sizeof(*shp), __LINE__) == -1) goto out; sh.sh_len = CDF_TOLE4(shp->sh_len); -#define CDF_SHLEN_LIMIT (UINT32_MAX / 8) if (sh.sh_len > CDF_SHLEN_LIMIT) { errno = EFTYPE; goto out; } + + if (cdf_check_stream_offset(sst, h, shp, sh.sh_len, __LINE__) == -1) + goto out; + sh.sh_properties = CDF_TOLE4(shp->sh_properties); -#define CDF_PROP_LIMIT (UINT32_MAX / (4 * sizeof(*inp))) + DPRINTF(("section len: %u properties %u\n", sh.sh_len, + sh.sh_properties)); if (sh.sh_properties > CDF_PROP_LIMIT) goto out; - DPRINTF(("section len: %u properties %u\n", sh.sh_len, - sh.sh_properties)); - if (*maxcount) { - if (*maxcount > CDF_PROP_LIMIT) - goto out; - *maxcount += sh.sh_properties; - inp = CAST(cdf_property_info_t *, - realloc(*info, *maxcount * sizeof(*inp))); - } else { - *maxcount = sh.sh_properties; - inp = CAST(cdf_property_info_t *, - malloc(*maxcount * sizeof(*inp))); - } + inp = cdf_grow_info(info, maxcount, sh.sh_properties); if (inp == NULL) goto out; - *info = inp; inp += *count; *count += sh.sh_properties; - p = CAST(const uint8_t *, (const void *) - ((const char *)(const void *)sst->sst_tab + - offs + sizeof(sh))); - e = CAST(const uint8_t *, (const void *) - (((const char *)(const void *)shp) + sh.sh_len)); - if (cdf_check_stream_offset(sst, h, e, 0, __LINE__) == -1) + p = CAST(const uint8_t *, cdf_offset(sst->sst_tab, offs + sizeof(sh))); + e = CAST(const uint8_t *, cdf_offset(shp, sh.sh_len)); + if (p >= e || cdf_check_stream_offset(sst, h, e, 0, __LINE__) == -1) goto out; + for (i = 0; i < sh.sh_properties; i++) { - size_t tail = (i << 1) + 1; - size_t ofs; - if (cdf_check_stream_offset(sst, h, p, tail * sizeof(uint32_t), - __LINE__) == -1) + if ((q = cdf_get_property_info_pos(sst, h, p, e, i)) == NULL) goto out; - ofs = CDF_GETUINT32(p, tail); - q = (const uint8_t *)(const void *) - ((const char *)(const void *)p + ofs - - 2 * sizeof(uint32_t)); - if (q < p) { - DPRINTF(("Wrapped around %p < %p\n", q, p)); + inp[i].pi_id = CDF_GETUINT32(p, i << 1); + left = CAST(size_t, e - q); + if (left < sizeof(uint32_t)) { + DPRINTF(("short info (no type)_\n")); goto out; } - if (q > e) { - DPRINTF(("Ran of the end %p > %p\n", q, e)); - goto out; - } - inp[i].pi_id = CDF_GETUINT32(p, i << 1); inp[i].pi_type = CDF_GETUINT32(q, 0); - DPRINTF(("%" SIZE_T_FORMAT "u) id=%x type=%x offs=0x%tx,0x%x\n", + DPRINTF(("%" SIZE_T_FORMAT "u) id=%#x type=%#x offs=%#tx,%#x\n", i, inp[i].pi_id, inp[i].pi_type, q - p, offs)); if (inp[i].pi_type & CDF_VECTOR) { + if (left < sizeof(uint32_t) * 2) { + DPRINTF(("missing CDF_VECTOR length\n")); + goto out; + } nelements = CDF_GETUINT32(q, 1); if (nelements == 0) { DPRINTF(("CDF_VECTOR with nelements == 0\n")); goto out; } - o = 2; + slen = 2; } else { nelements = 1; - o = 1; + slen = 1; } - o4 = o * sizeof(uint32_t); + o4 = slen * sizeof(uint32_t); if (inp[i].pi_type & (CDF_ARRAY|CDF_BYREF|CDF_RESERVED)) goto unknown; switch (inp[i].pi_type & CDF_TYPEMASK) { @@ -876,64 +1017,31 @@ case CDF_EMPTY: break; case CDF_SIGNED16: - if (inp[i].pi_type & CDF_VECTOR) + if (!cdf_copy_info(&inp[i], &q[o4], e, sizeof(int16_t))) goto unknown; - (void)memcpy(&s16, &q[o4], sizeof(s16)); - inp[i].pi_s16 = CDF_TOLE2(s16); break; case CDF_SIGNED32: - if (inp[i].pi_type & CDF_VECTOR) - goto unknown; - (void)memcpy(&s32, &q[o4], sizeof(s32)); - inp[i].pi_s32 = CDF_TOLE4((uint32_t)s32); - break; case CDF_BOOL: case CDF_UNSIGNED32: - if (inp[i].pi_type & CDF_VECTOR) + case CDF_FLOAT: + if (!cdf_copy_info(&inp[i], &q[o4], e, sizeof(int32_t))) goto unknown; - (void)memcpy(&u32, &q[o4], sizeof(u32)); - inp[i].pi_u32 = CDF_TOLE4(u32); break; case CDF_SIGNED64: - if (inp[i].pi_type & CDF_VECTOR) - goto unknown; - (void)memcpy(&s64, &q[o4], sizeof(s64)); - inp[i].pi_s64 = CDF_TOLE8((uint64_t)s64); - break; case CDF_UNSIGNED64: - if (inp[i].pi_type & CDF_VECTOR) - goto unknown; - (void)memcpy(&u64, &q[o4], sizeof(u64)); - inp[i].pi_u64 = CDF_TOLE8((uint64_t)u64); - break; - case CDF_FLOAT: - if (inp[i].pi_type & CDF_VECTOR) - goto unknown; - (void)memcpy(&u32, &q[o4], sizeof(u32)); - u32 = CDF_TOLE4(u32); - memcpy(&inp[i].pi_f, &u32, sizeof(inp[i].pi_f)); - break; case CDF_DOUBLE: - if (inp[i].pi_type & CDF_VECTOR) + case CDF_FILETIME: + if (!cdf_copy_info(&inp[i], &q[o4], e, sizeof(int64_t))) goto unknown; - (void)memcpy(&u64, &q[o4], sizeof(u64)); - u64 = CDF_TOLE8((uint64_t)u64); - memcpy(&inp[i].pi_d, &u64, sizeof(inp[i].pi_d)); break; case CDF_LENGTH32_STRING: case CDF_LENGTH32_WSTRING: if (nelements > 1) { size_t nelem = inp - *info; - if (*maxcount > CDF_PROP_LIMIT - || nelements > CDF_PROP_LIMIT) - goto out; - *maxcount += nelements; - inp = CAST(cdf_property_info_t *, - realloc(*info, *maxcount * sizeof(*inp))); + inp = cdf_grow_info(info, maxcount, nelements); if (inp == NULL) goto out; - *info = inp; - inp = *info + nelem; + inp += nelem; } DPRINTF(("nelements = %" SIZE_T_FORMAT "u\n", nelements)); @@ -940,29 +1048,33 @@ for (j = 0; j < nelements && i < sh.sh_properties; j++, i++) { - uint32_t l = CDF_GETUINT32(q, o); + uint32_t l; + + if (o4 + sizeof(uint32_t) > left) + goto out; + + l = CDF_GETUINT32(q, slen); + o4 += sizeof(uint32_t); + if (o4 + l > left) + goto out; + inp[i].pi_str.s_len = l; - inp[i].pi_str.s_buf = (const char *) - (const void *)(&q[o4 + sizeof(l)]); - DPRINTF(("l = %d, r = %" SIZE_T_FORMAT - "u, s = %s\n", l, - CDF_ROUND(l, sizeof(l)), + inp[i].pi_str.s_buf = CAST(const char *, + CAST(const void *, &q[o4])); + + DPRINTF(("o=%zu l=%d(%" SIZE_T_FORMAT + "u), t=%zu s=%s\n", o4, l, + CDF_ROUND(l, sizeof(l)), left, inp[i].pi_str.s_buf)); + if (l & 1) l++; - o += l >> 1; - if (q + o >= e) - goto out; - o4 = o * sizeof(uint32_t); + + slen += l >> 1; + o4 = slen * sizeof(uint32_t); } i--; break; - case CDF_FILETIME: - if (inp[i].pi_type & CDF_VECTOR) - goto unknown; - (void)memcpy(&tp, &q[o4], sizeof(tp)); - inp[i].pi_tp = CDF_TOLE8((uint64_t)tp); - break; case CDF_CLIPBOARD: if (inp[i].pi_type & CDF_VECTOR) goto unknown; @@ -969,7 +1081,8 @@ break; default: unknown: - DPRINTF(("Don't know how to deal with %x\n", + memset(&inp[i].pi_val, 0, sizeof(inp[i].pi_val)); + DPRINTF(("Don't know how to deal with %#x\n", inp[i].pi_type)); break; } @@ -977,6 +1090,10 @@ return 0; out: free(*info); + *info = NULL; + *count = 0; + *maxcount = 0; + errno = EFTYPE; return -1; } @@ -1022,10 +1139,9 @@ cdf_unpack_catalog(const cdf_header_t *h, const cdf_stream_t *sst, cdf_catalog_t **cat) { - size_t ss = sst->sst_dirlen < h->h_min_size_standard_stream ? - CDF_SHORT_SEC_SIZE(h) : CDF_SEC_SIZE(h); + size_t ss = cdf_check_stream(sst, h); const char *b = CAST(const char *, sst->sst_tab); - const char *eb = b + ss * sst->sst_len; + const char *nb, *eb = b + ss * sst->sst_len; size_t nr, i, j, k; cdf_catalog_entry_t *ce; uint16_t reclen; @@ -1040,9 +1156,13 @@ if (b > eb) break; } + if (nr == 0) + return -1; nr--; *cat = CAST(cdf_catalog_t *, - malloc(sizeof(cdf_catalog_t) + nr * sizeof(*ce))); + CDF_MALLOC(sizeof(cdf_catalog_t) + nr * sizeof(*ce))); + if (*cat == NULL) + return -1; ce = (*cat)->cat_e; memset(ce, 0, nr * sizeof(*ce)); b = CAST(const char *, sst->sst_tab); @@ -1066,7 +1186,9 @@ cep->ce_namlen = rlen; np = CAST(const uint16_t *, CAST(const void *, (b + 16))); - if (CAST(const char *, np + cep->ce_namlen) > eb) { + nb = CAST(const char *, CAST(const void *, + (np + cep->ce_namlen))); + if (nb > eb) { cep->ce_namlen = 0; break; } @@ -1125,7 +1247,7 @@ for (i = 0; i < __arraycount(vn); i++) if (vn[i].v == p) return snprintf(buf, bufsiz, "%s", vn[i].n); - return snprintf(buf, bufsiz, "0x%x", p); + return snprintf(buf, bufsiz, "%#x", p); } int @@ -1184,7 +1306,7 @@ h->h_ ## b, 1 << h->h_ ## b) DUMP("%d", revision); DUMP("%d", version); - DUMP("0x%x", byte_order); + DUMP("%#x", byte_order); DUMP2("%d", sec_size_p2); DUMP2("%d", short_sec_size_p2); DUMP("%d", num_sectors_in_sat); @@ -1243,10 +1365,9 @@ } void -cdf_dump_stream(const cdf_header_t *h, const cdf_stream_t *sst) +cdf_dump_stream(const cdf_stream_t *sst) { - size_t ss = sst->sst_dirlen < h->h_min_size_standard_stream ? - CDF_SHORT_SEC_SIZE(h) : CDF_SEC_SIZE(h); + size_t ss = sst->sst_ss; cdf_dump(sst->sst_tab, ss * sst->sst_len); } @@ -1279,7 +1400,7 @@ d->d_color ? "black" : "red"); (void)fprintf(stderr, "Left child: %d\n", d->d_left_child); (void)fprintf(stderr, "Right child: %d\n", d->d_right_child); - (void)fprintf(stderr, "Flags: 0x%x\n", d->d_flags); + (void)fprintf(stderr, "Flags: %#x\n", d->d_flags); cdf_timestamp_to_timespec(&ts, d->d_created); (void)fprintf(stderr, "Created %s", cdf_ctime(&ts.tv_sec, buf)); cdf_timestamp_to_timespec(&ts, d->d_modified); @@ -1300,7 +1421,7 @@ name, d->d_stream_first_sector, d->d_size); break; } - cdf_dump_stream(h, &scn); + cdf_dump_stream(&scn); free(scn.sst_tab); break; default: @@ -1372,7 +1493,7 @@ (void)fprintf(stderr, "CLIPBOARD %u\n", info[i].pi_u32); break; default: - DPRINTF(("Don't know how to deal with %x\n", + DPRINTF(("Don't know how to deal with %#x\n", info[i].pi_type)); break; } @@ -1391,7 +1512,7 @@ (void)&h; if (cdf_unpack_summary_info(sst, h, &ssi, &info, &count) == -1) return; - (void)fprintf(stderr, "Endian: %x\n", ssi.si_byte_order); + (void)fprintf(stderr, "Endian: %#x\n", ssi.si_byte_order); (void)fprintf(stderr, "Os Version %d.%d\n", ssi.si_os_version & 0xff, ssi.si_os_version >> 8); (void)fprintf(stderr, "Os %d\n", ssi.si_os); @@ -1476,7 +1597,7 @@ == -1) err(1, "Cannot read short stream"); #ifdef CDF_DEBUG - cdf_dump_stream(&h, &sst); + cdf_dump_stream(&sst); #endif #ifdef CDF_DEBUG --- contrib/file/src/cdf.h.orig +++ contrib/file/src/cdf.h @@ -127,8 +127,9 @@ typedef struct { void *sst_tab; - size_t sst_len; - size_t sst_dirlen; + size_t sst_len; /* Number of sectors */ + size_t sst_dirlen; /* Directory sector size */ + size_t sst_ss; /* Sector size */ } cdf_stream_t; typedef struct { @@ -277,7 +278,7 @@ typedef struct { size_t cat_num; - cdf_catalog_entry_t cat_e[0]; + cdf_catalog_entry_t cat_e[1]; } cdf_catalog_t; struct timespec; @@ -315,6 +316,10 @@ const cdf_sat_t *, const cdf_sat_t *, const cdf_stream_t *, const cdf_dir_t *, const char *, cdf_stream_t *); int cdf_find_stream(const cdf_dir_t *, const char *, int); +int cdf_zero_stream(cdf_stream_t *); +int cdf_read_doc_summary_info(const cdf_info_t *, const cdf_header_t *, + const cdf_sat_t *, const cdf_sat_t *, const cdf_stream_t *, + const cdf_dir_t *, cdf_stream_t *); int cdf_read_summary_info(const cdf_info_t *, const cdf_header_t *, const cdf_sat_t *, const cdf_sat_t *, const cdf_stream_t *, const cdf_dir_t *, cdf_stream_t *); @@ -335,7 +340,7 @@ void cdf_dump_header(const cdf_header_t *); void cdf_dump_sat(const char *, const cdf_sat_t *, size_t); void cdf_dump(const void *, size_t); -void cdf_dump_stream(const cdf_header_t *, const cdf_stream_t *); +void cdf_dump_stream(const cdf_stream_t *); void cdf_dump_dir(const cdf_info_t *, const cdf_header_t *, const cdf_sat_t *, const cdf_sat_t *, const cdf_stream_t *, const cdf_dir_t *); void cdf_dump_property_info(const cdf_property_info_t *, size_t); --- contrib/file/src/cdf_time.c.orig +++ contrib/file/src/cdf_time.c @@ -27,7 +27,7 @@ #include "file.h" #ifndef lint -FILE_RCSID("@(#)$File: cdf_time.c,v 1.15 2014/05/14 23:15:42 christos Exp $") +FILE_RCSID("@(#)$File: cdf_time.c,v 1.16 2017/03/29 15:57:48 christos Exp $") #endif #include @@ -171,7 +171,7 @@ char *ptr = ctime_r(sec, buf); if (ptr != NULL) return buf; - (void)snprintf(buf, 26, "*Bad* 0x%16.16" INT64_T_FORMAT "x\n", + (void)snprintf(buf, 26, "*Bad* %#16.16" INT64_T_FORMAT "x\n", (long long)*sec); return buf; } --- contrib/file/src/compress.c.orig +++ contrib/file/src/compress.c @@ -35,7 +35,7 @@ #include "file.h" #ifndef lint -FILE_RCSID("@(#)$File: compress.c,v 1.80 2015/06/03 18:21:24 christos Exp $") +FILE_RCSID("@(#)$File: compress.c,v 1.105 2017/05/25 00:13:03 christos Exp $") #endif #include "magic.h" @@ -45,6 +45,8 @@ #endif #include #include +#include +#include #ifdef HAVE_SIGNAL_H #include # ifndef HAVE_SIG_T @@ -60,46 +62,126 @@ #if defined(HAVE_SYS_TIME_H) #include #endif -#if defined(HAVE_ZLIB_H) && defined(HAVE_LIBZ) +#if defined(HAVE_ZLIB_H) && defined(ZLIBSUPPORT) #define BUILTIN_DECOMPRESS #include #endif +#ifdef DEBUG +int tty = -1; +#define DPRINTF(...) do { \ + if (tty == -1) \ + tty = open("/dev/tty", O_RDWR); \ + if (tty == -1) \ + abort(); \ + dprintf(tty, __VA_ARGS__); \ +} while (/*CONSTCOND*/0) +#else +#define DPRINTF(...) +#endif +#ifdef ZLIBSUPPORT +/* + * The following python code is not really used because ZLIBSUPPORT is only + * defined if we have a built-in zlib, and the built-in zlib handles that. + * That is not true for android where we have zlib.h and not -lz. + */ +static const char zlibcode[] = + "import sys, zlib; sys.stdout.write(zlib.decompress(sys.stdin.read()))"; + +static const char *zlib_args[] = { "python", "-c", zlibcode, NULL }; + +static int +zlibcmp(const unsigned char *buf) +{ + unsigned short x = 1; + unsigned char *s = CAST(unsigned char *, CAST(void *, &x)); + + if ((buf[0] & 0xf) != 8 || (buf[0] & 0x80) != 0) + return 0; + if (s[0] != 1) /* endianness test */ + x = buf[0] | (buf[1] << 8); + else + x = buf[1] | (buf[0] << 8); + if (x % 31) + return 0; + return 1; +} +#endif + +#define gzip_flags "-cd" +#define lrzip_flags "-do" +#define lzip_flags gzip_flags + +static const char *gzip_args[] = { + "gzip", gzip_flags, NULL +}; +static const char *uncompress_args[] = { + "uncompress", "-c", NULL +}; +static const char *bzip2_args[] = { + "bzip2", "-cd", NULL +}; +static const char *lzip_args[] = { + "lzip", lzip_flags, NULL +}; +static const char *xz_args[] = { + "xz", "-cd", NULL +}; +static const char *lrzip_args[] = { + "lrzip", lrzip_flags, NULL +}; +static const char *lz4_args[] = { + "lz4", "-cd", NULL +}; +static const char *zstd_args[] = { + "zstd", "-cd", NULL +}; + private const struct { - const char magic[8]; + const void *magic; size_t maglen; - const char *argv[3]; - int silent; + const char **argv; } compr[] = { - { "\037\235", 2, { "gzip", "-cdq", NULL }, 1 }, /* compressed */ + { "\037\235", 2, gzip_args }, /* compressed */ /* Uncompress can get stuck; so use gzip first if we have it * Idea from Damien Clark, thanks! */ - { "\037\235", 2, { "uncompress", "-c", NULL }, 1 }, /* compressed */ - { "\037\213", 2, { "gzip", "-cdq", NULL }, 1 }, /* gzipped */ - { "\037\236", 2, { "gzip", "-cdq", NULL }, 1 }, /* frozen */ - { "\037\240", 2, { "gzip", "-cdq", NULL }, 1 }, /* SCO LZH */ + { "\037\235", 2, uncompress_args }, /* compressed */ + { "\037\213", 2, gzip_args }, /* gzipped */ + { "\037\236", 2, gzip_args }, /* frozen */ + { "\037\240", 2, gzip_args }, /* SCO LZH */ /* the standard pack utilities do not accept standard input */ - { "\037\036", 2, { "gzip", "-cdq", NULL }, 0 }, /* packed */ - { "PK\3\4", 4, { "gzip", "-cdq", NULL }, 1 }, /* pkzipped, */ - /* ...only first file examined */ - { "BZh", 3, { "bzip2", "-cd", NULL }, 1 }, /* bzip2-ed */ - { "LZIP", 4, { "lzip", "-cdq", NULL }, 1 }, - { "\3757zXZ\0",6,{ "xz", "-cd", NULL }, 1 }, /* XZ Utils */ - { "LRZI", 4, { "lrzip", "-dqo-", NULL }, 1 }, /* LRZIP */ - { "\004\"M\030", 4, { "lz4", "-cd", NULL }, 1 }, /* LZ4 */ + { "\037\036", 2, gzip_args }, /* packed */ + { "PK\3\4", 4, gzip_args }, /* pkzipped, */ + /* ...only first file examined */ + { "BZh", 3, bzip2_args }, /* bzip2-ed */ + { "LZIP", 4, lzip_args }, /* lzip-ed */ + { "\3757zXZ\0", 6, xz_args }, /* XZ Utils */ + { "LRZI", 4, lrzip_args }, /* LRZIP */ + { "\004\"M\030",4, lz4_args }, /* LZ4 */ + { "\x28\xB5\x2F\xFD", 4, zstd_args }, /* zstd */ +#ifdef ZLIBSUPPORT + { RCAST(const void *, zlibcmp), 0, zlib_args }, /* zlib */ +#endif }; -#define NODATA ((size_t)~0) +#define OKDATA 0 +#define NODATA 1 +#define ERRDATA 2 private ssize_t swrite(int, const void *, size_t); #if HAVE_FORK private size_t ncompr = sizeof(compr) / sizeof(compr[0]); -private size_t uncompressbuf(struct magic_set *, int, size_t, - const unsigned char *, unsigned char **, size_t); +private int uncompressbuf(int, size_t, size_t, const unsigned char *, + unsigned char **, size_t *); #ifdef BUILTIN_DECOMPRESS -private size_t uncompressgzipped(struct magic_set *, const unsigned char *, - unsigned char **, size_t); +private int uncompresszlib(const unsigned char *, unsigned char **, size_t, + size_t *, int); +private int uncompressgzipped(const unsigned char *, unsigned char **, size_t, + size_t *); #endif +static int makeerror(unsigned char **, size_t *, const char *, ...) + __attribute__((__format__(__printf__, 3, 4))); +private const char *methodname(size_t); protected int file_zmagic(struct magic_set *ms, int fd, const char *name, @@ -107,7 +189,9 @@ { unsigned char *newbuf = NULL; size_t i, nsz; - int rv = 0; + char *rbuf; + file_pushbuf_t *pb; + int urv, prv, rv = 0; int mime = ms->flags & MAGIC_MIME; #ifdef HAVE_SIGNAL_H sig_t osigpipe; @@ -120,37 +204,80 @@ osigpipe = signal(SIGPIPE, SIG_IGN); #endif for (i = 0; i < ncompr; i++) { + int zm; if (nbytes < compr[i].maglen) continue; - if (memcmp(buf, compr[i].magic, compr[i].maglen) == 0 && - (nsz = uncompressbuf(ms, fd, i, buf, &newbuf, - nbytes)) != NODATA) { +#ifdef ZLIBSUPPORT + if (compr[i].maglen == 0) + zm = (RCAST(int (*)(const unsigned char *), + CCAST(void *, compr[i].magic)))(buf); + else +#endif + zm = memcmp(buf, compr[i].magic, compr[i].maglen) == 0; + + if (!zm) + continue; + nsz = nbytes; + urv = uncompressbuf(fd, ms->bytes_max, i, buf, &newbuf, &nsz); + DPRINTF("uncompressbuf = %d, %s, %zu\n", urv, (char *)newbuf, + nsz); + switch (urv) { + case OKDATA: + case ERRDATA: + ms->flags &= ~MAGIC_COMPRESS; - rv = -1; - if (file_buffer(ms, -1, name, newbuf, nsz) == -1) + if (urv == ERRDATA) + prv = file_printf(ms, "%s ERROR: %s", + methodname(i), newbuf); + else + prv = file_buffer(ms, -1, name, newbuf, nsz); + if (prv == -1) goto error; - - if ((ms->flags & MAGIC_COMPRESS_TRANSP) == 0 && - (mime == MAGIC_MIME || mime == 0)) { - if (file_printf(ms, mime ? - " compressed-encoding=" : " (") == -1) + rv = 1; + if ((ms->flags & MAGIC_COMPRESS_TRANSP) != 0) + goto out; + if (mime != MAGIC_MIME && mime != 0) + goto out; + if ((file_printf(ms, + mime ? " compressed-encoding=" : " (")) == -1) + goto error; + if ((pb = file_push_buffer(ms)) == NULL) + goto error; + /* + * XXX: If file_buffer fails here, we overwrite + * the compressed text. FIXME. + */ + if (file_buffer(ms, -1, NULL, buf, nbytes) == -1) + goto error; + if ((rbuf = file_pop_buffer(ms, pb)) != NULL) { + if (file_printf(ms, "%s", rbuf) == -1) { + free(rbuf); goto error; - if (file_buffer(ms, -1, NULL, buf, nbytes) == -1) - goto error; - if (!mime && file_printf(ms, ")") == -1) - goto error; + } + free(rbuf); } - - rv = 1; + if (!mime && file_printf(ms, ")") == -1) + goto error; + /*FALLTHROUGH*/ + case NODATA: break; + default: + abort(); + /*NOTREACHED*/ + error: + rv = -1; + break; } } -error: +out: + DPRINTF("rv = %d\n", rv); + #ifdef HAVE_SIGNAL_H (void)signal(SIGPIPE, osigpipe); #endif free(newbuf); ms->flags |= MAGIC_COMPRESS; + DPRINTF("Zmagic returns %d\n", rv); return rv; } #endif @@ -240,7 +367,7 @@ return rn - n; default: n -= rv; - buf = ((char *)buf) + rv; + buf = CAST(char *, CCAST(void *, buf)) + rv; break; } while (n > 0); @@ -322,222 +449,314 @@ #define FNAME (1 << 3) #define FCOMMENT (1 << 4) -private size_t -uncompressgzipped(struct magic_set *ms, const unsigned char *old, - unsigned char **newch, size_t n) + +private int +uncompressgzipped(const unsigned char *old, unsigned char **newch, + size_t bytes_max, size_t *n) { unsigned char flg = old[3]; size_t data_start = 10; - z_stream z; - int rc; if (flg & FEXTRA) { - if (data_start+1 >= n) - return 0; + if (data_start + 1 >= *n) + goto err; data_start += 2 + old[data_start] + old[data_start + 1] * 256; } if (flg & FNAME) { - while(data_start < n && old[data_start]) + while(data_start < *n && old[data_start]) data_start++; data_start++; } - if(flg & FCOMMENT) { - while(data_start < n && old[data_start]) + if (flg & FCOMMENT) { + while(data_start < *n && old[data_start]) data_start++; data_start++; } - if(flg & FHCRC) + if (flg & FHCRC) data_start += 2; - if (data_start >= n) - return 0; - if ((*newch = CAST(unsigned char *, malloc(HOWMANY + 1))) == NULL) { - return 0; - } - - /* XXX: const castaway, via strchr */ - z.next_in = (Bytef *)strchr((const char *)old + data_start, - old[data_start]); - z.avail_in = CAST(uint32_t, (n - data_start)); + if (data_start >= *n) + goto err; + + *n -= data_start; + old += data_start; + return uncompresszlib(old, newch, bytes_max, n, 0); +err: + return makeerror(newch, n, "File too short"); +} + +private int +uncompresszlib(const unsigned char *old, unsigned char **newch, + size_t bytes_max, size_t *n, int zlib) +{ + int rc; + z_stream z; + + if ((*newch = CAST(unsigned char *, malloc(bytes_max + 1))) == NULL) + return makeerror(newch, n, "No buffer, %s", strerror(errno)); + + z.next_in = CCAST(Bytef *, old); + z.avail_in = CAST(uint32_t, *n); z.next_out = *newch; - z.avail_out = HOWMANY; + z.avail_out = CAST(unsigned int, bytes_max); z.zalloc = Z_NULL; z.zfree = Z_NULL; z.opaque = Z_NULL; /* LINTED bug in header macro */ - rc = inflateInit2(&z, -15); - if (rc != Z_OK) { - file_error(ms, 0, "zlib: %s", z.msg); - return 0; - } + rc = zlib ? inflateInit(&z) : inflateInit2(&z, -15); + if (rc != Z_OK) + goto err; rc = inflate(&z, Z_SYNC_FLUSH); - if (rc != Z_OK && rc != Z_STREAM_END) { - file_error(ms, 0, "zlib: %s", z.msg); - return 0; - } + if (rc != Z_OK && rc != Z_STREAM_END) + goto err; - n = (size_t)z.total_out; - (void)inflateEnd(&z); + *n = (size_t)z.total_out; + rc = inflateEnd(&z); + if (rc != Z_OK) + goto err; /* let's keep the nul-terminate tradition */ - (*newch)[n] = '\0'; + (*newch)[*n] = '\0'; + return OKDATA; +err: + strlcpy((char *)*newch, z.msg ? z.msg : zError(rc), bytes_max); + *n = strlen((char *)*newch); + return ERRDATA; +} +#endif + +static int +makeerror(unsigned char **buf, size_t *len, const char *fmt, ...) +{ + char *msg; + va_list ap; + int rv; + + va_start(ap, fmt); + rv = vasprintf(&msg, fmt, ap); + va_end(ap); + if (rv < 0) { + *buf = NULL; + *len = 0; + return NODATA; + } + *buf = (unsigned char *)msg; + *len = strlen(msg); + return ERRDATA; +} + +static void +closefd(int *fd, size_t i) +{ + if (fd[i] == -1) + return; + (void) close(fd[i]); + fd[i] = -1; +} + +static void +closep(int *fd) +{ + size_t i; + for (i = 0; i < 2; i++) + closefd(fd, i); +} + +static void +copydesc(int i, int *fd) +{ + int j = fd[i == STDIN_FILENO ? 0 : 1]; + if (j == i) + return; + if (dup2(j, i) == -1) { + DPRINTF("dup(%d, %d) failed (%s)\n", j, i, strerror(errno)); + exit(1); + } + closep(fd); +} + +static void +writechild(int fdp[3][2], const void *old, size_t n) +{ + int status; + + closefd(fdp[STDIN_FILENO], 0); + /* + * fork again, to avoid blocking because both + * pipes filled + */ + switch (fork()) { + case 0: /* child */ + closefd(fdp[STDOUT_FILENO], 0); + if (swrite(fdp[STDIN_FILENO][1], old, n) != (ssize_t)n) { + DPRINTF("Write failed (%s)\n", strerror(errno)); + exit(1); + } + exit(0); + /*NOTREACHED*/ + + case -1: + DPRINTF("Fork failed (%s)\n", strerror(errno)); + exit(1); + /*NOTREACHED*/ + + default: /* parent */ + if (wait(&status) == -1) { + DPRINTF("Wait failed (%s)\n", strerror(errno)); + exit(1); + } + DPRINTF("Grandchild wait return %#x\n", status); + } + closefd(fdp[STDIN_FILENO], 1); +} + +static ssize_t +filter_error(unsigned char *ubuf, ssize_t n) +{ + char *p; + char *buf; + + ubuf[n] = '\0'; + buf = (char *)ubuf; + while (isspace((unsigned char)*buf)) + buf++; + DPRINTF("Filter error[[[%s]]]\n", buf); + if ((p = strchr((char *)buf, '\n')) != NULL) + *p = '\0'; + if ((p = strchr((char *)buf, ';')) != NULL) + *p = '\0'; + if ((p = strrchr((char *)buf, ':')) != NULL) { + ++p; + while (isspace((unsigned char)*p)) + p++; + n = strlen(p); + memmove(ubuf, p, CAST(size_t, n + 1)); + } + DPRINTF("Filter error after[[[%s]]]\n", (char *)ubuf); + if (islower(*ubuf)) + *ubuf = toupper(*ubuf); return n; } + +private const char * +methodname(size_t method) +{ +#ifdef BUILTIN_DECOMPRESS + /* FIXME: This doesn't cope with bzip2 */ + if (method == 2 || compr[method].maglen == 0) + return "zlib"; #endif + return compr[method].argv[0]; +} -private size_t -uncompressbuf(struct magic_set *ms, int fd, size_t method, - const unsigned char *old, unsigned char **newch, size_t n) +private int +uncompressbuf(int fd, size_t bytes_max, size_t method, const unsigned char *old, + unsigned char **newch, size_t* n) { - int fdin[2], fdout[2]; - int status; + int fdp[3][2]; + int status, rv; + size_t i; ssize_t r; #ifdef BUILTIN_DECOMPRESS /* FIXME: This doesn't cope with bzip2 */ if (method == 2) - return uncompressgzipped(ms, old, newch, n); + return uncompressgzipped(old, newch, bytes_max, n); + if (compr[method].maglen == 0) + return uncompresszlib(old, newch, bytes_max, n, 1); #endif (void)fflush(stdout); (void)fflush(stderr); - if ((fd != -1 && pipe(fdin) == -1) || pipe(fdout) == -1) { - file_error(ms, errno, "cannot create pipe"); - return NODATA; + for (i = 0; i < __arraycount(fdp); i++) + fdp[i][0] = fdp[i][1] = -1; + + if ((fd == -1 && pipe(fdp[STDIN_FILENO]) == -1) || + pipe(fdp[STDOUT_FILENO]) == -1 || pipe(fdp[STDERR_FILENO]) == -1) { + closep(fdp[STDIN_FILENO]); + closep(fdp[STDOUT_FILENO]); + return makeerror(newch, n, "Cannot create pipe, %s", + strerror(errno)); } switch (fork()) { case 0: /* child */ - (void) close(0); if (fd != -1) { - if (dup(fd) == -1) - _exit(1); - (void) lseek(0, (off_t)0, SEEK_SET); - } else { - if (dup(fdin[0]) == -1) - _exit(1); - (void) close(fdin[0]); - (void) close(fdin[1]); + fdp[STDIN_FILENO][0] = fd; + (void) lseek(fd, (off_t)0, SEEK_SET); } + + for (i = 0; i < __arraycount(fdp); i++) + copydesc(CAST(int, i), fdp[i]); - (void) close(1); - if (dup(fdout[1]) == -1) - _exit(1); - (void) close(fdout[0]); - (void) close(fdout[1]); -#ifndef DEBUG - if (compr[method].silent) - (void)close(2); -#endif - (void)execvp(compr[method].argv[0], (char *const *)(intptr_t)compr[method].argv); -#ifdef DEBUG - (void)fprintf(stderr, "exec `%s' failed (%s)\n", + dprintf(STDERR_FILENO, "exec `%s' failed, %s", compr[method].argv[0], strerror(errno)); -#endif exit(1); /*NOTREACHED*/ case -1: - file_error(ms, errno, "could not fork"); - return NODATA; + return makeerror(newch, n, "Cannot fork, %s", + strerror(errno)); default: /* parent */ - (void) close(fdout[1]); - if (fd == -1) { - (void) close(fdin[0]); - /* - * fork again, to avoid blocking because both - * pipes filled - */ - switch (fork()) { - case 0: /* child */ - (void)close(fdout[0]); - if (swrite(fdin[1], old, n) != (ssize_t)n) { -#ifdef DEBUG - (void)fprintf(stderr, - "Write failed (%s)\n", - strerror(errno)); -#endif - exit(1); - } - exit(0); - /*NOTREACHED*/ + for (i = 1; i < __arraycount(fdp); i++) + closefd(fdp[i], 1); - case -1: -#ifdef DEBUG - (void)fprintf(stderr, "Fork failed (%s)\n", - strerror(errno)); -#endif - exit(1); - /*NOTREACHED*/ + /* Write the buffer data to the child, if we don't have fd */ + if (fd == -1) + writechild(fdp, old, *n); - default: /* parent */ - if (wait(&status) == -1) { -#ifdef DEBUG - (void)fprintf(stderr, - "Wait failed (%s)\n", - strerror(errno)); -#endif - exit(1); - } - exit(WIFEXITED(status) ? - WEXITSTATUS(status) : 1); - /*NOTREACHED*/ - } - (void) close(fdin[1]); - fdin[1] = -1; - } - - if ((*newch = (unsigned char *) malloc(HOWMANY + 1)) == NULL) { -#ifdef DEBUG - (void)fprintf(stderr, "Malloc failed (%s)\n", + *newch = CAST(unsigned char *, malloc(bytes_max + 1)); + if (*newch == NULL) { + rv = makeerror(newch, n, "No buffer, %s", strerror(errno)); -#endif - n = NODATA; goto err; } - if ((r = sread(fdout[0], *newch, HOWMANY, 0)) <= 0) { -#ifdef DEBUG - (void)fprintf(stderr, "Read failed (%s)\n", - strerror(errno)); -#endif - free(*newch); - n = NODATA; - *newch = NULL; - goto err; - } else { - n = r; + rv = OKDATA; + if ((r = sread(fdp[STDOUT_FILENO][0], *newch, bytes_max, 0)) > 0) + break; + DPRINTF("Read stdout failed %d (%s)\n", fdp[STDOUT_FILENO][0], + r != -1 ? strerror(errno) : "no data"); + + rv = ERRDATA; + if (r == 0 && + (r = sread(fdp[STDERR_FILENO][0], *newch, bytes_max, 0)) > 0) + { + r = filter_error(*newch, r); + break; } - /* NUL terminate, as every buffer is handled here. */ - (*newch)[n] = '\0'; -err: - if (fdin[1] != -1) - (void) close(fdin[1]); - (void) close(fdout[0]); - if (wait(&status) == -1) { -#ifdef DEBUG - (void)fprintf(stderr, "Wait failed (%s)\n", + free(*newch); + if (r == 0) + rv = makeerror(newch, n, "Read failed, %s", strerror(errno)); -#endif - n = NODATA; - } else if (!WIFEXITED(status)) { -#ifdef DEBUG - (void)fprintf(stderr, "Child not exited (0x%x)\n", - status); -#endif - } else if (WEXITSTATUS(status) != 0) { -#ifdef DEBUG - (void)fprintf(stderr, "Child exited (0x%d)\n", - WEXITSTATUS(status)); -#endif - } + else + rv = makeerror(newch, n, "No data"); + goto err; + } - (void) close(fdin[0]); - - return n; + *n = r; + /* NUL terminate, as every buffer is handled here. */ + (*newch)[*n] = '\0'; +err: + closefd(fdp[STDIN_FILENO], 1); + closefd(fdp[STDOUT_FILENO], 0); + closefd(fdp[STDERR_FILENO], 0); + if (wait(&status) == -1) { + free(*newch); + rv = makeerror(newch, n, "Wait failed, %s", strerror(errno)); + DPRINTF("Child wait return %#x\n", status); + } else if (!WIFEXITED(status)) { + DPRINTF("Child not exited (%#x)\n", status); + } else if (WEXITSTATUS(status) != 0) { + DPRINTF("Child exited (%#x)\n", WEXITSTATUS(status)); } + + closefd(fdp[STDIN_FILENO], 0); + DPRINTF("Returning %p n=%zu rv=%d\n", *newch, *n, rv); + + return rv; } #endif --- contrib/file/src/der.c.orig +++ contrib/file/src/der.c @@ -0,0 +1,404 @@ +/*- + * Copyright (c) 2016 Christos Zoulas + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ +/* + * DER (Distinguished Encoding Rules) Parser + * + * Sources: + * https://en.wikipedia.org/wiki/X.690 + * http://fm4dd.com/openssl/certexamples.htm + * http://blog.engelke.com/2014/10/17/parsing-ber-and-der-encoded-asn-1-objects/ + */ +#ifndef TEST_DER +#include "file.h" + +#ifndef lint +FILE_RCSID("@(#)$File: der.c,v 1.12 2017/02/10 18:14:01 christos Exp $") +#endif +#endif + +#include + +#include +#include +#include +#include +#include + +#ifndef TEST_DER +#include "magic.h" +#include "der.h" +#else +#include +#include +#include +#endif + +#define DER_BAD ((uint32_t)-1) + +#define DER_CLASS_UNIVERSAL 0 +#define DER_CLASS_APPLICATION 1 +#define DER_CLASS_CONTEXT 2 +#define DER_CLASS_PRIVATE 3 +#ifdef DEBUG_DER +static const char der_class[] = "UACP"; +#endif + +#define DER_TYPE_PRIMITIVE 0 +#define DER_TYPE_CONSTRUCTED 1 +#ifdef DEBUG_DER +static const char der_type[] = "PC"; +#endif + +#define DER_TAG_EOC 0x00 +#define DER_TAG_BOOLEAN 0x01 +#define DER_TAG_INTEGER 0x02 +#define DER_TAG_BIT STRING 0x03 +#define DER_TAG_OCTET_STRING 0x04 +#define DER_TAG_NULL 0x05 +#define DER_TAG_OBJECT_IDENTIFIER 0x06 +#define DER_TAG_OBJECT_DESCRIPTOR 0x07 +#define DER_TAG_EXTERNAL 0x08 +#define DER_TAG_REAL 0x09 +#define DER_TAG_ENUMERATED 0x0a +#define DER_TAG_EMBEDDED_PDV 0x0b +#define DER_TAG_UTF8_STRING 0x0c +#define DER_TAG_RELATIVE_OID 0x0d +#define DER_TAG_RESERVED_1 0x0e +#define DER_TAG_RESERVED_2 0x0f +#define DER_TAG_SEQUENCE 0x10 +#define DER_TAG_SET 0x11 +#define DER_TAG_NUMERIC_STRING 0x12 +#define DER_TAG_PRINTABLE_STRING 0x13 +#define DER_TAG_T61_STRING 0x14 +#define DER_TAG_VIDEOTEX_STRING 0x15 +#define DER_TAG_IA5_STRING 0x16 +#define DER_TAG_UTCTIME 0x17 +#define DER_TAG_GENERALIZED_TIME 0x18 +#define DER_TAG_GRAPHIC_STRING 0x19 +#define DER_TAG_VISIBLE_STRING 0x1a +#define DER_TAG_GENERAL_STRING 0x1b +#define DER_TAG_UNIVERSAL_STRING 0x1c +#define DER_TAG_CHARACTER_STRING 0x1d +#define DER_TAG_BMP_STRING 0x1e +#define DER_TAG_LONG 0x1f + +static const char *der__tag[] = { + "eoc", "bool", "int", "bit_str", "octet_str", + "null", "obj_id", "obj_desc", "ext", "real", + "enum", "embed", "utf8_str", "oid", "res1", + "res2", "seq", "set", "num_str", "prt_str", + "t61_str", "vid_str", "ia5_str", "utc_time", + "gen_time", "gr_str", "vis_str", "gen_str", + "char_str", "bmp_str", "long" +}; + +#ifdef DEBUG_DER +#define DPRINTF(a) printf a +#else +#define DPRINTF(a) +#endif + +#ifdef TEST_DER +static uint8_t +getclass(uint8_t c) +{ + return c >> 6; +} + +static uint8_t +gettype(uint8_t c) +{ + return (c >> 5) & 1; +} +#endif + +static uint32_t +gettag(const uint8_t *c, size_t *p, size_t l) +{ + uint32_t tag; + + if (*p >= l) + return DER_BAD; + + tag = c[(*p)++] & 0x1f; + + if (tag != 0x1f) + return tag; + + if (*p >= l) + return DER_BAD; + + while (c[*p] >= 0x80) { + tag = tag * 128 + c[(*p)++] - 0x80; + if (*p >= l) + return DER_BAD; + } + return tag; +} + +/* + * Read the length of a DER tag from the input. + * + * `c` is the input, `p` is an output parameter that specifies how much of the + * input we consumed, and `l` is the maximum input length. + * + * Returns the length, or DER_BAD if the end of the input is reached or the + * length exceeds the remaining input. + */ +static uint32_t +getlength(const uint8_t *c, size_t *p, size_t l) +{ + uint8_t digits, i; + size_t len; + int is_onebyte_result; + + if (*p >= l) + return DER_BAD; + + /* + * Digits can either be 0b0 followed by the result, or 0b1 + * followed by the number of digits of the result. In either case, + * we verify that we can read so many bytes from the input. + */ + is_onebyte_result = (c[*p] & 0x80) == 0; + digits = c[(*p)++] & 0x7f; + if (*p + digits >= l) + return DER_BAD; + + if (is_onebyte_result) + return digits; + + /* + * Decode len. We've already verified that we're allowed to read + * `digits` bytes. + */ + len = 0; + for (i = 0; i < digits; i++) + len = (len << 8) | c[(*p)++]; + + if (*p + len >= l) + return DER_BAD; + return CAST(uint32_t, len); +} + +static const char * +der_tag(char *buf, size_t len, uint32_t tag) +{ + if (tag < DER_TAG_LONG) + strlcpy(buf, der__tag[tag], len); + else + snprintf(buf, len, "%#x", tag); + return buf; +} + +#ifndef TEST_DER +static int +der_data(char *buf, size_t blen, uint32_t tag, const void *q, uint32_t len) +{ + const uint8_t *d = CAST(const uint8_t *, q); + switch (tag) { + case DER_TAG_PRINTABLE_STRING: + case DER_TAG_UTF8_STRING: + case DER_TAG_IA5_STRING: + case DER_TAG_UTCTIME: + return snprintf(buf, blen, "%.*s", len, (const char *)q); + default: + break; + } + + for (uint32_t i = 0; i < len; i++) { + uint32_t z = i << 1; + if (z < blen - 2) + snprintf(buf + z, blen - z, "%.2x", d[i]); + } + return len * 2; +} + +int32_t +der_offs(struct magic_set *ms, struct magic *m, size_t nbytes) +{ + const uint8_t *b = RCAST(const uint8_t *, ms->search.s); + size_t offs = 0, len = ms->search.s_len ? ms->search.s_len : nbytes; + + if (gettag(b, &offs, len) == DER_BAD) + return -1; + DPRINTF(("%s1: %d %zu %u\n", __func__, ms->offset, offs, m->offset)); + + uint32_t tlen = getlength(b, &offs, len); + if (tlen == DER_BAD) + return -1; + DPRINTF(("%s2: %d %zu %u\n", __func__, ms->offset, offs, tlen)); + + offs += ms->offset + m->offset; + DPRINTF(("cont_level = %d\n", m->cont_level)); +#ifdef DEBUG_DER + for (size_t i = 0; i < m->cont_level; i++) + printf("cont_level[%zu] = %u\n", i, ms->c.li[i].off); +#endif + if (m->cont_level != 0) { + if (offs + tlen > nbytes) + return -1; + ms->c.li[m->cont_level - 1].off = CAST(int, offs + tlen); + DPRINTF(("cont_level[%u] = %u\n", m->cont_level - 1, + ms->c.li[m->cont_level - 1].off)); + } + return CAST(int32_t, offs); +} + +int +der_cmp(struct magic_set *ms, struct magic *m) +{ + const uint8_t *b = RCAST(const uint8_t *, ms->search.s); + const char *s = m->value.s; + size_t offs = 0, len = ms->search.s_len; + uint32_t tag, tlen; + char buf[128]; + + tag = gettag(b, &offs, len); + if (tag == DER_BAD) + return -1; + + tlen = getlength(b, &offs, len); + if (tlen == DER_BAD) + return -1; + + der_tag(buf, sizeof(buf), tag); + if ((ms->flags & MAGIC_DEBUG) != 0) + fprintf(stderr, "%s: tag %p got=%s exp=%s\n", __func__, b, + buf, s); + size_t slen = strlen(buf); + + if (strncmp(buf, s, slen) != 0) + return 0; + + s += slen; + +again: + switch (*s) { + case '\0': + return 1; + case '=': + s++; + goto val; + default: + if (!isdigit((unsigned char)*s)) + return 0; + + slen = 0; + do + slen = slen * 10 + *s - '0'; + while (isdigit((unsigned char)*++s)); + if ((ms->flags & MAGIC_DEBUG) != 0) + fprintf(stderr, "%s: len %zu %u\n", __func__, + slen, tlen); + if (tlen != slen) + return 0; + goto again; + } +val: + DPRINTF(("%s: before data %zu %u\n", __func__, offs, tlen)); + der_data(buf, sizeof(buf), tag, b + offs, tlen); + if ((ms->flags & MAGIC_DEBUG) != 0) + fprintf(stderr, "%s: data %s %s\n", __func__, buf, s); + if (strcmp(buf, s) != 0 && strcmp("x", s) != 0) + return 0; + strlcpy(ms->ms_value.s, buf, sizeof(ms->ms_value.s)); + return 1; +} +#endif + +#ifdef TEST_DER +static void +printtag(uint32_t tag, const void *q, uint32_t len) +{ + const uint8_t *d = q; + switch (tag) { + case DER_TAG_PRINTABLE_STRING: + case DER_TAG_UTF8_STRING: + printf("%.*s\n", len, (const char *)q); + return; + default: + break; + } + + for (uint32_t i = 0; i < len; i++) + printf("%.2x", d[i]); + printf("\n"); +} + +static void +printdata(size_t level, const void *v, size_t x, size_t l) +{ + const uint8_t *p = v, *ep = p + l; + size_t ox; + char buf[128]; + + while (p + x < ep) { + const uint8_t *q; + uint8_t c = getclass(p[x]); + uint8_t t = gettype(p[x]); + ox = x; + if (x != 0) + printf("%.2x %.2x %.2x\n", p[x - 1], p[x], p[x + 1]); + uint32_t tag = gettag(p, &x, ep - p + x); + if (p + x >= ep) + break; + uint32_t len = getlength(p, &x, ep - p + x); + + printf("%zu %zu-%zu %c,%c,%s,%u:", level, ox, x, + der_class[c], der_type[t], + der_tag(buf, sizeof(buf), tag), len); + q = p + x; + if (p + len > ep) + errx(EXIT_FAILURE, "corrupt der"); + printtag(tag, q, len); + if (t != DER_TYPE_PRIMITIVE) + printdata(level + 1, p, x, len + x); + x += len; + } +} + +int +main(int argc, char *argv[]) +{ + int fd; + struct stat st; + size_t l; + void *p; + + if ((fd = open(argv[1], O_RDONLY)) == -1) + err(EXIT_FAILURE, "open `%s'", argv[1]); + if (fstat(fd, &st) == -1) + err(EXIT_FAILURE, "stat `%s'", argv[1]); + l = (size_t)st.st_size; + if ((p = mmap(NULL, l, PROT_READ, MAP_FILE, fd, 0)) == MAP_FAILED) + err(EXIT_FAILURE, "mmap `%s'", argv[1]); + + printdata(0, p, 0, l); + munmap(p, l); + return 0; +} +#endif --- contrib/file/src/der.h.orig +++ contrib/file/src/der.h @@ -0,0 +1,28 @@ +/*- + * Copyright (c) 2016 Christos Zoulas + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +extern int der_offs(struct magic_set *, struct magic *, size_t); +extern int der_cmp(struct magic_set *, struct magic *); --- contrib/file/src/dprintf.c.orig +++ contrib/file/src/dprintf.c @@ -0,0 +1,58 @@ +/* + * Copyright (c) Ian F. Darwin 1986-1995. + * Software written by Ian F. Darwin and others; + * maintained 1995-present by Christos Zoulas and others. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice immediately at the beginning of the file, without modification, + * this list of conditions, and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ +#include "file.h" + +#ifndef lint +FILE_RCSID("@(#)$File: dprintf.c,v 1.1 2015/11/13 15:36:14 christos Exp $") +#endif /* lint */ + +#include +#include +#include +#include + +int +dprintf(int fd, const char *fmt, ...) +{ + va_list ap; + /* Simpler than using vasprintf() here, since we never need more */ + char buf[1024]; + int len; + + va_start(ap, fmt); + len = vsnprintf(buf, sizeof(buf), fmt, ap); + va_end(ap); + + if ((size_t)len >= sizeof(buf)) + return -1; + + if (write(fd, buf, (size_t)len) != len) + return -1; + + return len; +} --- contrib/file/src/file.c.orig +++ contrib/file/src/file.c @@ -32,7 +32,7 @@ #include "file.h" #ifndef lint -FILE_RCSID("@(#)$File: file.c,v 1.167 2015/09/11 17:24:09 christos Exp $") +FILE_RCSID("@(#)$File: file.c,v 1.172 2016/10/24 15:21:07 christos Exp $") #endif /* lint */ #include "magic.h" @@ -94,9 +94,9 @@ #define OPT_EXTENSIONS 3 #define OPT_MIME_TYPE 4 #define OPT_MIME_ENCODING 5 -#define OPT(shortname, longname, opt, doc) \ +#define OPT(shortname, longname, opt, def, doc) \ {longname, opt, NULL, shortname}, -#define OPT_LONGONLY(longname, opt, doc, id) \ +#define OPT_LONGONLY(longname, opt, def, doc, id) \ {longname, opt, NULL, id}, #include "file_opts.h" #undef OPT @@ -132,15 +132,17 @@ { "elf_shnum", MAGIC_PARAM_ELF_SHNUM_MAX, 0 }, { "elf_notes", MAGIC_PARAM_ELF_NOTES_MAX, 0 }, { "regex", MAGIC_PARAM_REGEX_MAX, 0 }, + { "bytes", MAGIC_PARAM_BYTES_MAX, 0 }, }; private char *progname; /* used throughout */ +private int posixly; #ifdef __dead __dead #endif private void usage(void); -private void docprint(const char *); +private void docprint(const char *, int); #ifdef __dead __dead #endif @@ -183,7 +185,8 @@ progname = argv[0]; #ifdef S_IFLNK - flags |= getenv("POSIXLY_CORRECT") ? MAGIC_SYMLINK : 0; + posixly = getenv("POSIXLY_CORRECT") != NULL; + flags |= posixly ? MAGIC_SYMLINK : 0; #endif while ((c = getopt_long(argc, argv, OPTSTRING, long_options, &longindex)) != -1) @@ -204,7 +207,7 @@ flags |= MAGIC_MIME_ENCODING; break; case '0': - nulsep = 1; + nulsep++; break; case 'b': bflag++; @@ -348,9 +351,10 @@ if (c == -1) { (void)fprintf(stderr, "%s: %s\n", progname, magic_error(magic)); - return 1; + e = 1; + goto out; } - return 0; + goto out; default: if (magic == NULL) if ((magic = load(magicfile, flags)) == NULL) @@ -380,6 +384,7 @@ e |= process(magic, argv[optind], wid); } +out: if (magic) magic_close(magic); return e; @@ -426,6 +431,8 @@ load(const char *magicfile, int flags) { struct magic_set *magic = magic_open(flags); + const char *e; + if (magic == NULL) { (void)fprintf(stderr, "%s: %s\n", progname, strerror(errno)); return NULL; @@ -436,6 +443,8 @@ magic_close(magic); return NULL; } + if ((e = magic_error(magic)) != NULL) + (void)fprintf(stderr, "%s: Warning: %s\n", progname, e); return magic; } @@ -492,7 +501,7 @@ private int process(struct magic_set *ms, const char *inname, int wid) { - const char *type; + const char *type, c = nulsep > 1 ? '\0' : '\n'; int std_in = strcmp(inname, "-") == 0; if (wid > 0 && !bflag) { @@ -499,17 +508,21 @@ (void)printf("%s", std_in ? "/dev/stdin" : inname); if (nulsep) (void)putc('\0', stdout); - (void)printf("%s", separator); - (void)printf("%*s ", - (int) (nopad ? 0 : (wid - file_mbswidth(inname))), ""); + if (nulsep < 2) { + (void)printf("%s", separator); + (void)printf("%*s ", + (int) (nopad ? 0 : (wid - file_mbswidth(inname))), + ""); + } } type = magic_file(ms, std_in ? NULL : inname); + if (type == NULL) { - (void)printf("ERROR: %s\n", magic_error(ms)); + (void)printf("ERROR: %s%c", magic_error(ms), c); return 1; } else { - (void)printf("%s\n", type); + (void)printf("%s%c", type, c); return 0; } } @@ -559,8 +572,18 @@ } private void -docprint(const char *opts) +defprint(int def) { + if (!def) + return; + if (((def & 1) && posixly) || ((def & 2) && !posixly)) + fprintf(stdout, " (default)"); + fputc('\n', stdout); +} + +private void +docprint(const char *opts, int def) +{ size_t i; int comma; char *sp, *p; @@ -568,6 +591,7 @@ p = strstr(opts, "%o"); if (p == NULL) { fprintf(stdout, "%s", opts); + defprint(def); return; } @@ -595,12 +619,12 @@ "Usage: file [OPTION...] [FILE...]\n" "Determine type of FILEs.\n" "\n", stdout); -#define OPT(shortname, longname, opt, doc) \ +#define OPT(shortname, longname, opt, def, doc) \ fprintf(stdout, " -%c, --" longname, shortname), \ - docprint(doc); -#define OPT_LONGONLY(longname, opt, doc, id) \ + docprint(doc, def); +#define OPT_LONGONLY(longname, opt, def, doc, id) \ fprintf(stdout, " --" longname), \ - docprint(doc); + docprint(doc, def); #include "file_opts.h" #undef OPT #undef OPT_LONGONLY --- contrib/file/src/file.h.orig +++ contrib/file/src/file.h @@ -27,7 +27,7 @@ */ /* * file.h - definitions for file(1) program - * @(#)$File: file.h,v 1.172 2015/09/11 17:24:09 christos Exp $ + * @(#)$File: file.h,v 1.183 2017/08/28 13:39:18 christos Exp $ */ #ifndef __file_h__ @@ -36,6 +36,10 @@ #ifdef HAVE_CONFIG_H #include #endif +#ifdef HAVE_STDINT_H +#ifndef __STDC_LIMIT_MACROS +#define __STDC_LIMIT_MACROS +#endif #ifdef WIN32 #ifdef _WIN64 @@ -50,16 +54,12 @@ #define INT64_T_FORMAT "ll" #define INTMAX_T_FORMAT "j" #endif +#include +#endif #include /* Include that here, to make sure __P gets defined */ #include #include /* For open and flags */ -#ifdef HAVE_STDINT_H -#ifndef __STDC_LIMIT_MACROS -#define __STDC_LIMIT_MACROS -#endif -#include -#endif #ifdef HAVE_INTTYPES_H #include #endif @@ -127,18 +127,18 @@ #define MAX(a,b) (((a) > (b)) ? (a) : (b)) #endif -#ifndef HOWMANY -# define HOWMANY (1024 * 1024) /* how much of the file to look at */ +#ifndef FILE_BYTES_MAX +# define FILE_BYTES_MAX (1024 * 1024) /* how much of the file to look at */ #endif #define MAXMAGIS 8192 /* max entries in any one magic file or directory */ #define MAXDESC 64 /* max len of text description/MIME type */ #define MAXMIME 80 /* max len of text MIME type */ -#define MAXstring 64 /* max len of "string" types */ +#define MAXstring 96 /* max len of "string" types */ #define MAGICNO 0xF11E041C -#define VERSIONNO 13 -#define FILE_MAGICSIZE 312 +#define VERSIONNO 14 +#define FILE_MAGICSIZE 344 #define FILE_LOAD 0 #define FILE_CHECK 1 @@ -227,7 +227,8 @@ #define FILE_NAME 45 #define FILE_USE 46 #define FILE_CLEAR 47 -#define FILE_NAMES_SIZE 48 /* size of array to contain all names */ +#define FILE_DER 48 +#define FILE_NAMES_SIZE 49 /* size of array to contain all names */ #define IS_STRING(t) \ ((t) == FILE_STRING || \ @@ -274,7 +275,7 @@ #define FILE_OPS_MASK 0x07 /* mask for above ops */ #define FILE_UNUSED_1 0x08 #define FILE_UNUSED_2 0x10 -#define FILE_UNUSED_3 0x20 +#define FILE_OPSIGNED 0x20 #define FILE_OPINVERSE 0x40 #define FILE_OPINDIRECT 0x80 @@ -365,9 +366,11 @@ #ifdef __cplusplus #define CAST(T, b) static_cast(b) #define RCAST(T, b) reinterpret_cast(b) +#define CCAST(T, b) const_cast(b) #else -#define CAST(T, b) (T)(b) -#define RCAST(T, b) (T)(b) +#define CAST(T, b) ((T)(b)) +#define RCAST(T, b) ((T)(b)) +#define CCAST(T, b) ((T)(uintptr_t)(b)) #endif struct level_info { @@ -416,7 +419,8 @@ uint16_t elf_phnum_max; uint16_t elf_notes_max; uint16_t regex_max; -#define FILE_INDIR_MAX 15 + size_t bytes_max; /* number of bytes to read from file */ +#define FILE_INDIR_MAX 50 #define FILE_NAME_MAX 30 #define FILE_ELF_SHNUM_MAX 32768 #define FILE_ELF_PHNUM_MAX 2048 @@ -443,7 +447,7 @@ protected int file_replace(struct magic_set *, const char *, const char *); protected int file_printf(struct magic_set *, const char *, ...) __attribute__((__format__(__printf__, 2, 3))); -protected int file_reset(struct magic_set *); +protected int file_reset(struct magic_set *, int); protected int file_tryelf(struct magic_set *, int, const unsigned char *, size_t); protected int file_trycdf(struct magic_set *, int, const unsigned char *, @@ -461,7 +465,7 @@ unichar **, size_t *, const char **, const char **, const char **); protected int file_is_tar(struct magic_set *, const unsigned char *, size_t); protected int file_softmagic(struct magic_set *, const unsigned char *, size_t, - uint16_t, uint16_t *, int, int); + uint16_t *, uint16_t *, int, int); protected int file_apprentice(struct magic_set *, const char *, int); protected int buffer_apprentice(struct magic_set *, struct magic **, size_t *, size_t); @@ -506,6 +510,8 @@ #define USE_C_LOCALE locale_t old_lc_ctype; locale_t c_lc_ctype; +#else + char *old_lc_ctype; #endif int rc; regex_t rx; @@ -550,6 +556,9 @@ #ifndef HAVE_ASPRINTF int asprintf(char **, const char *, ...); #endif +#ifndef HAVE_DPRINTF +int dprintf(int, const char *, ...); +#endif #ifndef HAVE_STRLCPY size_t strlcpy(char *, const char *, size_t); --- contrib/file/src/file_opts.h.orig +++ contrib/file/src/file_opts.h @@ -12,47 +12,47 @@ * switch statement! */ -OPT_LONGONLY("help", 0, " display this help and exit\n", OPT_HELP) -OPT('v', "version", 0, " output version information and exit\n") -OPT('m', "magic-file", 1, " LIST use LIST as a colon-separated list of magic\n" +OPT_LONGONLY("help", 0, 0, " display this help and exit\n", OPT_HELP) +OPT('v', "version", 0, 0, " output version information and exit\n") +OPT('m', "magic-file", 1, 0, " LIST use LIST as a colon-separated list of magic\n" " number files\n") -OPT('z', "uncompress", 0, " try to look inside compressed files\n") -OPT('Z', "uncompress-noreport", 0, " only print the contents of compressed files\n") -OPT('b', "brief", 0, " do not prepend filenames to output lines\n") -OPT('c', "checking-printout", 0, " print the parsed form of the magic file, use in\n" +OPT('z', "uncompress", 0, 0, " try to look inside compressed files\n") +OPT('Z', "uncompress-noreport", 0, 0, " only print the contents of compressed files\n") +OPT('b', "brief", 0, 0, " do not prepend filenames to output lines\n") +OPT('c', "checking-printout", 0, 0, " print the parsed form of the magic file, use in\n" " conjunction with -m to debug a new magic file\n" " before installing it\n") -OPT('e', "exclude", 1, " TEST exclude TEST from the list of test to be\n" +OPT('e', "exclude", 1, 0, " TEST exclude TEST from the list of test to be\n" " performed for file. Valid tests are:\n" " %o\n") -OPT('f', "files-from", 1, " FILE read the filenames to be examined from FILE\n") -OPT('F', "separator", 1, " STRING use string as separator instead of `:'\n") -OPT('i', "mime", 0, " output MIME type strings (--mime-type and\n" +OPT('f', "files-from", 1, 0, " FILE read the filenames to be examined from FILE\n") +OPT('F', "separator", 1, 0, " STRING use string as separator instead of `:'\n") +OPT('i', "mime", 0, 0, " output MIME type strings (--mime-type and\n" " --mime-encoding)\n") -OPT_LONGONLY("apple", 0, " output the Apple CREATOR/TYPE\n", OPT_APPLE) -OPT_LONGONLY("extension", 0, " output a slash-separated list of extensions\n", OPT_EXTENSIONS) -OPT_LONGONLY("mime-type", 0, " output the MIME type\n", OPT_MIME_TYPE) -OPT_LONGONLY("mime-encoding", 0, " output the MIME encoding\n", OPT_MIME_ENCODING) -OPT('k', "keep-going", 0, " don't stop at the first match\n") -OPT('l', "list", 0, " list magic strength\n") +OPT_LONGONLY("apple", 0, 0, " output the Apple CREATOR/TYPE\n", OPT_APPLE) +OPT_LONGONLY("extension", 0, 0, " output a slash-separated list of extensions\n", OPT_EXTENSIONS) +OPT_LONGONLY("mime-type", 0, 0, " output the MIME type\n", OPT_MIME_TYPE) +OPT_LONGONLY("mime-encoding", 0, 0, " output the MIME encoding\n", OPT_MIME_ENCODING) +OPT('k', "keep-going", 0, 0, " don't stop at the first match\n") +OPT('l', "list", 0, 0, " list magic strength\n") #ifdef S_IFLNK -OPT('L', "dereference", 0, " follow symlinks (default)\n") -OPT('h', "no-dereference", 0, " don't follow symlinks\n") +OPT('L', "dereference", 0, 1, " follow symlinks") +OPT('h', "no-dereference", 0, 2, " don't follow symlinks") #endif -OPT('n', "no-buffer", 0, " do not buffer output\n") -OPT('N', "no-pad", 0, " do not pad output\n") -OPT('0', "print0", 0, " terminate filenames with ASCII NUL\n") +OPT('n', "no-buffer", 0, 0, " do not buffer output\n") +OPT('N', "no-pad", 0, 0, " do not pad output\n") +OPT('0', "print0", 0, 0, " terminate filenames with ASCII NUL\n") #if defined(HAVE_UTIME) || defined(HAVE_UTIMES) -OPT('p', "preserve-date", 0, " preserve access times on files\n") +OPT('p', "preserve-date", 0, 0, " preserve access times on files\n") #endif -OPT('P', "parameter", 1, " set file engine parameter limits\n" +OPT('P', "parameter", 1, 0, " set file engine parameter limits\n" " indir 15 recursion limit for indirection\n" " name 30 use limit for name/use magic\n" " elf_notes 256 max ELF notes processed\n" " elf_phnum 128 max ELF prog sections processed\n" " elf_shnum 32768 max ELF sections processed\n") -OPT('r', "raw", 0, " don't translate unprintable chars to \\ooo\n") -OPT('s', "special-files", 0, " treat special (block/char devices) files as\n" +OPT('r', "raw", 0, 0, " don't translate unprintable chars to \\ooo\n") +OPT('s', "special-files", 0, 0, " treat special (block/char devices) files as\n" " ordinary ones\n") -OPT('C', "compile", 0, " compile file specified by -m\n") -OPT('d', "debug", 0, " print debugging messages\n") +OPT('C', "compile", 0, 0, " compile file specified by -m\n") +OPT('d', "debug", 0, 0, " print debugging messages\n") --- contrib/file/src/fmtcheck.c.orig +++ contrib/file/src/fmtcheck.c @@ -91,6 +91,23 @@ f++; longdouble = 1; break; +#ifdef WIN32 + case 'I': + f++; + if (!*f) RETURN(pf,f,FMTCHECK_UNKNOWN); + if (*f == '3' && f[1] == '2') { + f += 2; + } else if (*f == '6' && f[1] == '4') { + f += 2; + quad = 1; + } +#ifdef _WIN64 + else { + quad = 1; + } +#endif + break; +#endif default: break; } --- contrib/file/src/fsmagic.c.orig +++ contrib/file/src/fsmagic.c @@ -32,7 +32,7 @@ #include "file.h" #ifndef lint -FILE_RCSID("@(#)$File: fsmagic.c,v 1.76 2015/04/09 20:01:41 christos Exp $") +FILE_RCSID("@(#)$File: fsmagic.c,v 1.77 2017/05/24 19:17:50 christos Exp $") #endif /* lint */ #include "magic.h" @@ -104,6 +104,7 @@ { int ret, did = 0; int mime = ms->flags & MAGIC_MIME; + int silent = ms->flags & (MAGIC_APPLE|MAGIC_EXTENSION); #ifdef S_IFLNK char buf[BUFSIZ+4]; ssize_t nch; @@ -110,8 +111,6 @@ struct stat tstatbuf; #endif - if (ms->flags & (MAGIC_APPLE|MAGIC_EXTENSION)) - return 0; if (fn == NULL) return 0; @@ -168,7 +167,7 @@ } ret = 1; - if (!mime) { + if (!mime && !silent) { #ifdef S_ISUID if (sb->st_mode & S_ISUID) if (file_printf(ms, "%ssetuid", COMMA) == -1) @@ -191,6 +190,7 @@ if (mime) { if (handle_mime(ms, mime, "directory") == -1) return -1; + } else if (silent) { } else if (file_printf(ms, "%sdirectory", COMMA) == -1) return -1; break; @@ -208,6 +208,7 @@ if (mime) { if (handle_mime(ms, mime, "chardevice") == -1) return -1; + } else if (silent) { } else { #ifdef HAVE_STRUCT_STAT_ST_RDEV # ifdef dv_unit @@ -242,6 +243,7 @@ if (mime) { if (handle_mime(ms, mime, "blockdevice") == -1) return -1; + } else if (silent) { } else { #ifdef HAVE_STRUCT_STAT_ST_RDEV # ifdef dv_unit @@ -270,6 +272,7 @@ if (mime) { if (handle_mime(ms, mime, "fifo") == -1) return -1; + } else if (silent) { } else if (file_printf(ms, "%sfifo (named pipe)", COMMA) == -1) return -1; break; @@ -279,6 +282,7 @@ if (mime) { if (handle_mime(ms, mime, "door") == -1) return -1; + } else if (silent) { } else if (file_printf(ms, "%sdoor", COMMA) == -1) return -1; break; @@ -294,6 +298,7 @@ if (mime) { if (handle_mime(ms, mime, "symlink") == -1) return -1; + } else if (silent) { } else if (file_printf(ms, "%sunreadable symlink `%s' (%s)", COMMA, fn, strerror(errno)) == -1) @@ -323,6 +328,7 @@ if (handle_mime(ms, mime, "x-path-too-long") == -1) return -1; + } else if (silent) { } else if (file_printf(ms, "%spath too long: `%s'", COMMA, fn) == -1) @@ -352,6 +358,7 @@ if (mime) { if (handle_mime(ms, mime, "symlink") == -1) return -1; + } else if (silent) { } else if (file_printf(ms, "%ssymbolic link to %s", COMMA, buf) == -1) return -1; @@ -364,6 +371,7 @@ if (mime) { if (handle_mime(ms, mime, "socket") == -1) return -1; + } else if (silent) { } else if (file_printf(ms, "%ssocket", COMMA) == -1) return -1; break; @@ -386,6 +394,7 @@ if (mime) { if (handle_mime(ms, mime, "x-empty") == -1) return -1; + } else if (silent) { } else if (file_printf(ms, "%sempty", COMMA) == -1) return -1; break; @@ -399,7 +408,7 @@ /*NOTREACHED*/ } - if (!mime && did && ret == 0) { + if (!silent && !mime && did && ret == 0) { if (file_printf(ms, " ") == -1) return -1; } --- contrib/file/src/funcs.c.orig +++ contrib/file/src/funcs.c @@ -27,7 +27,7 @@ #include "file.h" #ifndef lint -FILE_RCSID("@(#)$File: funcs.c,v 1.84 2015/09/10 13:32:19 christos Exp $") +FILE_RCSID("@(#)$File: funcs.c,v 1.93 2017/08/28 13:39:18 christos Exp $") #endif /* lint */ #include "magic.h" @@ -76,7 +76,7 @@ ms->o.buf = buf; return 0; out: - file_error(ms, errno, "vasprintf failed"); + fprintf(stderr, "vasprintf failed (%s)", strerror(errno)); return -1; } @@ -178,7 +178,6 @@ const void *buf, size_t nb) { int m = 0, rv = 0, looks_text = 0; - int mime = ms->flags & MAGIC_MIME; const unsigned char *ubuf = CAST(const unsigned char *, buf); unichar *u8buf = NULL; size_t ulen; @@ -251,8 +250,9 @@ } /* try soft magic tests */ - if ((ms->flags & MAGIC_NO_CHECK_SOFT) == 0) - m = file_softmagic(ms, ubuf, nb, 0, NULL, BINTEST, looks_text); + if ((ms->flags & MAGIC_NO_CHECK_SOFT) == 0) { + m = file_softmagic(ms, ubuf, nb, NULL, NULL, BINTEST, + looks_text); if ((ms->flags & MAGIC_DEBUG) != 0) (void)fprintf(stderr, "[try softmagic %d]\n", m); if (m) { @@ -277,6 +277,7 @@ if (checkdone(ms, &rv)) goto done; } + } /* try text properties */ if ((ms->flags & MAGIC_NO_CHECK_TEXT) == 0) { @@ -293,9 +294,19 @@ simple: /* give up */ m = 1; - if ((!mime || (mime & MAGIC_MIME_TYPE)) && - file_printf(ms, "%s", mime ? type : def) == -1) { - rv = -1; + if (ms->flags & MAGIC_MIME) { + if ((ms->flags & MAGIC_MIME_TYPE) && + file_printf(ms, "%s", type) == -1) + rv = -1; + } else if (ms->flags & MAGIC_APPLE) { + if (file_printf(ms, "UNKNUNKN") == -1) + rv = -1; + } else if (ms->flags & MAGIC_EXTENSION) { + if (file_printf(ms, "???") == -1) + rv = -1; + } else { + if (file_printf(ms, "%s", def) == -1) + rv = -1; } done: if ((ms->flags & MAGIC_MIME_ENCODING) != 0) { @@ -317,9 +328,9 @@ #endif protected int -file_reset(struct magic_set *ms) +file_reset(struct magic_set *ms, int checkloaded) { - if (ms->mlist[0] == NULL) { + if (checkloaded && ms->mlist[0] == NULL) { file_error(ms, 0, "no magic files loaded"); return -1; } @@ -485,6 +496,8 @@ assert(rx->c_lc_ctype != NULL); rx->old_lc_ctype = uselocale(rx->c_lc_ctype); assert(rx->old_lc_ctype != NULL); +#else + rx->old_lc_ctype = setlocale(LC_CTYPE, "C"); #endif rx->pat = pat; @@ -496,6 +509,8 @@ regmatch_t* pmatch, int eflags) { assert(rx->rc == 0); + /* XXX: force initialization because glibc does not always do this */ + memset(pmatch, 0, nmatch * sizeof(*pmatch)); return regexec(&rx->rx, str, nmatch, pmatch, eflags); } @@ -507,6 +522,8 @@ #ifdef USE_C_LOCALE (void)uselocale(rx->old_lc_ctype); freelocale(rx->c_lc_ctype); +#else + (void)setlocale(LC_CTYPE, rx->old_lc_ctype); #endif } --- contrib/file/src/is_tar.c.orig +++ contrib/file/src/is_tar.c @@ -40,7 +40,7 @@ #include "file.h" #ifndef lint -FILE_RCSID("@(#)$File: is_tar.c,v 1.38 2015/04/09 20:01:41 christos Exp $") +FILE_RCSID("@(#)$File: is_tar.c,v 1.39 2017/03/17 20:45:01 christos Exp $") #endif #include "magic.h" @@ -51,7 +51,7 @@ #define isodigit(c) ( ((c) >= '0') && ((c) <= '7') ) private int is_tar(const unsigned char *, size_t); -private int from_oct(int, const char *); /* Decode octal number */ +private int from_oct(const char *, size_t); /* Decode octal number */ static const char tartype[][32] = { "tar archive", @@ -93,31 +93,35 @@ is_tar(const unsigned char *buf, size_t nbytes) { const union record *header = (const union record *)(const void *)buf; - int i; - int sum, recsum; - const unsigned char *p; + size_t i; + int sum, recsum; + const unsigned char *p, *ep; - if (nbytes < sizeof(union record)) + if (nbytes < sizeof(*header)) return 0; - recsum = from_oct(8, header->header.chksum); + recsum = from_oct(header->header.chksum, sizeof(header->header.chksum)); sum = 0; p = header->charptr; - for (i = sizeof(union record); --i >= 0;) + ep = header->charptr + sizeof(*header); + while (p < ep) sum += *p++; /* Adjust checksum to count the "chksum" field as blanks. */ - for (i = sizeof(header->header.chksum); --i >= 0;) + for (i = 0; i < sizeof(header->header.chksum); i++) sum -= header->header.chksum[i]; - sum += ' ' * sizeof header->header.chksum; + sum += ' ' * sizeof(header->header.chksum); if (sum != recsum) return 0; /* Not a tar archive */ - if (strcmp(header->header.magic, GNUTMAGIC) == 0) + if (strncmp(header->header.magic, GNUTMAGIC, + sizeof(header->header.magic)) == 0) return 3; /* GNU Unix Standard tar archive */ - if (strcmp(header->header.magic, TMAGIC) == 0) + + if (strncmp(header->header.magic, TMAGIC, + sizeof(header->header.magic)) == 0) return 2; /* Unix Standard tar archive */ return 1; /* Old fashioned tar archive */ @@ -130,19 +134,22 @@ * Result is -1 if the field is invalid (all blank, or non-octal). */ private int -from_oct(int digs, const char *where) +from_oct(const char *where, size_t digs) { int value; + if (digs == 0) + return -1; + while (isspace((unsigned char)*where)) { /* Skip spaces */ where++; - if (--digs <= 0) + if (digs-- == 0) return -1; /* All blank field */ } value = 0; while (digs > 0 && isodigit(*where)) { /* Scan til non-octal */ value = (value << 3) | (*where++ - '0'); - --digs; + digs--; } if (digs > 0 && *where && !isspace((unsigned char)*where)) --- contrib/file/src/magic.c.orig +++ contrib/file/src/magic.c @@ -33,7 +33,7 @@ #include "file.h" #ifndef lint -FILE_RCSID("@(#)$File: magic.c,v 1.95 2015/09/11 17:24:09 christos Exp $") +FILE_RCSID("@(#)$File: magic.c,v 1.102 2017/08/28 13:39:18 christos Exp $") #endif /* lint */ #include "magic.h" @@ -167,7 +167,7 @@ { if (fdwReason == DLL_PROCESS_ATTACH) _w32_dll_instance = hinstDLL; - return TRUE; + return 1; } #endif @@ -409,7 +409,7 @@ int ispipe = 0; off_t pos = (off_t)-1; - if (file_reset(ms) == -1) + if (file_reset(ms, 1) == -1) goto out; /* @@ -417,7 +417,7 @@ * some overlapping space for matches near EOF */ #define SLOP (1 + sizeof(union VALUETYPE)) - if ((buf = CAST(unsigned char *, malloc(HOWMANY + SLOP))) == NULL) + if ((buf = CAST(unsigned char *, malloc(ms->bytes_max + SLOP))) == NULL) return NULL; switch (file_fsmagic(ms, inname, &sb)) { @@ -481,18 +481,18 @@ } /* - * try looking at the first HOWMANY bytes + * try looking at the first ms->bytes_max bytes */ if (ispipe) { ssize_t r = 0; while ((r = sread(fd, (void *)&buf[nbytes], - (size_t)(HOWMANY - nbytes), 1)) > 0) { + (size_t)(ms->bytes_max - nbytes), 1)) > 0) { nbytes += r; if (r < PIPE_BUF) break; } - if (nbytes == 0) { + if (nbytes == 0 && inname) { /* We can not read it, but we were able to stat it. */ if (unreadable_info(ms, sb.st_mode, inname) == -1) goto done; @@ -503,10 +503,10 @@ } else { /* Windows refuses to read from a big console buffer. */ size_t howmany = -#if defined(WIN32) && HOWMANY > 8 * 1024 +#if defined(WIN32) _isatty(fd) ? 8 * 1024 : #endif - HOWMANY; + ms->bytes_max; if ((nbytes = read(fd, (char *)buf, howmany)) == -1) { if (inname == NULL && fd != STDIN_FILENO) file_error(ms, errno, "cannot read fd %d", fd); @@ -523,9 +523,11 @@ rv = 0; done: free(buf); - if (pos != (off_t)-1) - (void)lseek(fd, pos, SEEK_SET); - close_and_restore(ms, inname, fd, &sb); + if (fd != -1) { + if (pos != (off_t)-1) + (void)lseek(fd, pos, SEEK_SET); + close_and_restore(ms, inname, fd, &sb); + } out: return rv == 0 ? file_getbuffer(ms) : NULL; } @@ -536,7 +538,7 @@ { if (ms == NULL) return NULL; - if (file_reset(ms) == -1) + if (file_reset(ms, 1) == -1) return NULL; /* * The main work is done here! @@ -566,6 +568,15 @@ } public int +magic_getflags(struct magic_set *ms) +{ + if (ms == NULL) + return -1; + + return ms->flags; +} + +public int magic_setflags(struct magic_set *ms, int flags) { if (ms == NULL) @@ -606,6 +617,9 @@ case MAGIC_PARAM_REGEX_MAX: ms->elf_notes_max = (uint16_t)*(const size_t *)val; return 0; + case MAGIC_PARAM_BYTES_MAX: + ms->bytes_max = *(const size_t *)val; + return 0; default: errno = EINVAL; return -1; @@ -634,6 +648,9 @@ case MAGIC_PARAM_REGEX_MAX: *(size_t *)val = ms->regex_max; return 0; + case MAGIC_PARAM_BYTES_MAX: + *(size_t *)val = ms->bytes_max; + return 0; default: errno = EINVAL; return -1; --- contrib/file/src/magic.h.orig +++ contrib/file/src/magic.h @@ -1,125 +0,0 @@ -/* - * Copyright (c) Christos Zoulas 2003. - * All Rights Reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice immediately at the beginning of the file, without modification, - * this list of conditions, and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ -#ifndef _MAGIC_H -#define _MAGIC_H - -#include - -#define MAGIC_NONE 0x0000000 /* No flags */ -#define MAGIC_DEBUG 0x0000001 /* Turn on debugging */ -#define MAGIC_SYMLINK 0x0000002 /* Follow symlinks */ -#define MAGIC_COMPRESS 0x0000004 /* Check inside compressed files */ -#define MAGIC_DEVICES 0x0000008 /* Look at the contents of devices */ -#define MAGIC_MIME_TYPE 0x0000010 /* Return the MIME type */ -#define MAGIC_CONTINUE 0x0000020 /* Return all matches */ -#define MAGIC_CHECK 0x0000040 /* Print warnings to stderr */ -#define MAGIC_PRESERVE_ATIME 0x0000080 /* Restore access time on exit */ -#define MAGIC_RAW 0x0000100 /* Don't convert unprintable chars */ -#define MAGIC_ERROR 0x0000200 /* Handle ENOENT etc as real errors */ -#define MAGIC_MIME_ENCODING 0x0000400 /* Return the MIME encoding */ -#define MAGIC_MIME (MAGIC_MIME_TYPE|MAGIC_MIME_ENCODING) -#define MAGIC_APPLE 0x0000800 /* Return the Apple creator/type */ -#define MAGIC_EXTENSION 0x1000000 /* Return a /-separated list of - * extensions */ -#define MAGIC_COMPRESS_TRANSP 0x2000000 /* Check inside compressed files - * but not report compression */ -#define MAGIC_NODESC (MAGIC_EXTENSION|MAGIC_MIME|MAGIC_APPLE) - -#define MAGIC_NO_CHECK_COMPRESS 0x0001000 /* Don't check for compressed files */ -#define MAGIC_NO_CHECK_TAR 0x0002000 /* Don't check for tar files */ -#define MAGIC_NO_CHECK_SOFT 0x0004000 /* Don't check magic entries */ -#define MAGIC_NO_CHECK_APPTYPE 0x0008000 /* Don't check application type */ -#define MAGIC_NO_CHECK_ELF 0x0010000 /* Don't check for elf details */ -#define MAGIC_NO_CHECK_TEXT 0x0020000 /* Don't check for text files */ -#define MAGIC_NO_CHECK_CDF 0x0040000 /* Don't check for cdf files */ -#define MAGIC_NO_CHECK_TOKENS 0x0100000 /* Don't check tokens */ -#define MAGIC_NO_CHECK_ENCODING 0x0200000 /* Don't check text encodings */ - -/* No built-in tests; only consult the magic file */ -#define MAGIC_NO_CHECK_BUILTIN ( \ - MAGIC_NO_CHECK_COMPRESS | \ - MAGIC_NO_CHECK_TAR | \ -/* MAGIC_NO_CHECK_SOFT | */ \ - MAGIC_NO_CHECK_APPTYPE | \ - MAGIC_NO_CHECK_ELF | \ - MAGIC_NO_CHECK_TEXT | \ - MAGIC_NO_CHECK_CDF | \ - MAGIC_NO_CHECK_TOKENS | \ - MAGIC_NO_CHECK_ENCODING | \ - 0 \ -) - -/* Defined for backwards compatibility (renamed) */ -#define MAGIC_NO_CHECK_ASCII MAGIC_NO_CHECK_TEXT - -/* Defined for backwards compatibility; do nothing */ -#define MAGIC_NO_CHECK_FORTRAN 0x000000 /* Don't check ascii/fortran */ -#define MAGIC_NO_CHECK_TROFF 0x000000 /* Don't check ascii/troff */ - -#define MAGIC_VERSION 524 /* This implementation */ - - -#ifdef __cplusplus -extern "C" { -#endif - -typedef struct magic_set *magic_t; -magic_t magic_open(int); -void magic_close(magic_t); - -const char *magic_getpath(const char *, int); -const char *magic_file(magic_t, const char *); -const char *magic_descriptor(magic_t, int); -const char *magic_buffer(magic_t, const void *, size_t); - -const char *magic_error(magic_t); -int magic_setflags(magic_t, int); - -int magic_version(void); -int magic_load(magic_t, const char *); -int magic_load_buffers(magic_t, void **, size_t *, size_t); - -int magic_compile(magic_t, const char *); -int magic_check(magic_t, const char *); -int magic_list(magic_t, const char *); -int magic_errno(magic_t); - -#define MAGIC_PARAM_INDIR_MAX 0 -#define MAGIC_PARAM_NAME_MAX 1 -#define MAGIC_PARAM_ELF_PHNUM_MAX 2 -#define MAGIC_PARAM_ELF_SHNUM_MAX 3 -#define MAGIC_PARAM_ELF_NOTES_MAX 4 -#define MAGIC_PARAM_REGEX_MAX 5 - -int magic_setparam(magic_t, int, const void *); -int magic_getparam(magic_t, int, void *); - -#ifdef __cplusplus -}; -#endif - -#endif /* _MAGIC_H */ --- contrib/file/src/magic.h.in.orig +++ contrib/file/src/magic.h.in @@ -73,6 +73,35 @@ 0 \ ) +#define MAGIC_SNPRINTB "\177\020\ +b\0debug\0\ +b\1symlink\0\ +b\2compress\0\ +b\3devices\0\ +b\4mime_type\0\ +b\5continue\0\ +b\6check\0\ +b\7preserve_atime\0\ +b\10raw\0\ +b\11error\0\ +b\12mime_encoding\0\ +b\13apple\0\ +b\14no_check_compress\0\ +b\15no_check_tar\0\ +b\16no_check_soft\0\ +b\17no_check_sapptype\0\ +b\20no_check_elf\0\ +b\21no_check_text\0\ +b\22no_check_cdf\0\ +b\23no_check_reserved0\0\ +b\24no_check_tokens\0\ +b\25no_check_encoding\0\ +b\26no_check_reserved1\0\ +b\27no_check_reserved2\0\ +b\30extension\0\ +b\31transp_compression\0\ +" + /* Defined for backwards compatibility (renamed) */ #define MAGIC_NO_CHECK_ASCII MAGIC_NO_CHECK_TEXT @@ -97,6 +126,7 @@ const char *magic_buffer(magic_t, const void *, size_t); const char *magic_error(magic_t); +int magic_getflags(magic_t); int magic_setflags(magic_t, int); int magic_version(void); @@ -114,6 +144,7 @@ #define MAGIC_PARAM_ELF_SHNUM_MAX 3 #define MAGIC_PARAM_ELF_NOTES_MAX 4 #define MAGIC_PARAM_REGEX_MAX 5 +#define MAGIC_PARAM_BYTES_MAX 6 int magic_setparam(magic_t, int, const void *); int magic_getparam(magic_t, int, void *); --- contrib/file/src/print.c.orig +++ contrib/file/src/print.c @@ -32,7 +32,7 @@ #include "file.h" #ifndef lint -FILE_RCSID("@(#)$File: print.c,v 1.80 2015/07/16 14:28:57 christos Exp $") +FILE_RCSID("@(#)$File: print.c,v 1.82 2017/02/10 18:14:01 christos Exp $") #endif /* lint */ #include @@ -198,6 +198,7 @@ break; case FILE_USE: case FILE_NAME: + case FILE_DER: (void) fprintf(stderr, "'%s'", m->value.s); break; default: @@ -237,7 +238,7 @@ if (flags & FILE_T_WINDOWS) { struct timespec ts; - cdf_timestamp_to_timespec(&ts, v); + cdf_timestamp_to_timespec(&ts, CAST(cdf_timestamp_t, v)); t = ts.tv_sec; } else { // XXX: perhaps detect and print something if overflow --- contrib/file/src/readcdf.c.orig +++ contrib/file/src/readcdf.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2008 Christos Zoulas + * Copyright (c) 2008, 2016 Christos Zoulas * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -26,7 +26,7 @@ #include "file.h" #ifndef lint -FILE_RCSID("@(#)$File: readcdf.c,v 1.53 2015/04/09 20:01:41 christos Exp $") +FILE_RCSID("@(#)$File: readcdf.c,v 1.65 2017/04/08 20:58:03 christos Exp $") #endif #include @@ -60,12 +60,16 @@ { "Windows Installer", "vnd.ms-msi", }, { NULL, NULL, }, }, name2mime[] = { + { "Book", "vnd.ms-excel", }, + { "Workbook", "vnd.ms-excel", }, { "WordDocument", "msword", }, { "PowerPoint", "vnd.ms-powerpoint", }, { "DigitalSignature", "vnd.ms-msi", }, { NULL, NULL, }, }, name2desc[] = { - { "WordDocument", "Microsoft Office Word",}, + { "Book", "Microsoft Excel", }, + { "Workbook", "Microsoft Excel", }, + { "WordDocument", "Microsoft Word", }, { "PowerPoint", "Microsoft PowerPoint", }, { "DigitalSignature", "Microsoft Installer", }, { NULL, NULL, }, @@ -119,6 +123,8 @@ assert(c_lc_ctype != NULL); old_lc_ctype = uselocale(c_lc_ctype); assert(old_lc_ctype != NULL); +#else + char *old_lc_ctype = setlocale(LC_CTYPE, "C"); #endif for (i = 0; nv[i].pattern != NULL; i++) if (strcasestr(vbuf, nv[i].pattern) != NULL) { @@ -131,6 +137,8 @@ #ifdef USE_C_LOCALE (void)uselocale(old_lc_ctype); freelocale(c_lc_ctype); +#else + setlocale(LC_CTYPE, old_lc_ctype); #endif return rv; } @@ -144,7 +152,7 @@ struct timespec ts; char buf[64]; const char *str = NULL; - const char *s; + const char *s, *e; int len; if (!NOTMIME(ms) && root_storage) @@ -191,7 +199,9 @@ if (info[i].pi_type == CDF_LENGTH32_WSTRING) k++; s = info[i].pi_str.s_buf; - for (j = 0; j < sizeof(vbuf) && len--; s += k) { + e = info[i].pi_str.s_buf + len; + for (j = 0; s < e && j < sizeof(vbuf) + && len--; s += k) { if (*s == '\0') break; if (isprint((unsigned char)*s)) @@ -365,7 +375,7 @@ dir, "Catalog", scn)) == -1) return i; #ifdef CDF_DEBUG - cdf_dump_catalog(&h, &scn); + cdf_dump_catalog(h, scn); #endif if ((i = cdf_file_catalog(ms, h, scn)) == -1) return -1; @@ -372,6 +382,54 @@ return i; } +private int +cdf_check_summary_info(struct magic_set *ms, const cdf_info_t *info, + const cdf_header_t *h, const cdf_sat_t *sat, const cdf_sat_t *ssat, + const cdf_stream_t *sst, const cdf_dir_t *dir, cdf_stream_t *scn, + const cdf_directory_t *root_storage, const char **expn) +{ + int i; + const char *str = NULL; + cdf_directory_t *d; + char name[__arraycount(d->d_name)]; + size_t j, k; + +#ifdef CDF_DEBUG + cdf_dump_summary_info(h, scn); +#endif + if ((i = cdf_file_summary_info(ms, h, scn, root_storage)) < 0) { + *expn = "Can't expand summary_info"; + return i; + } + if (i == 1) + return i; + for (j = 0; str == NULL && j < dir->dir_len; j++) { + d = &dir->dir_tab[j]; + for (k = 0; k < sizeof(name); k++) + name[k] = (char)cdf_tole2(d->d_name[k]); + str = cdf_app_to_mime(name, + NOTMIME(ms) ? name2desc : name2mime); + } + if (NOTMIME(ms)) { + if (str != NULL) { + if (file_printf(ms, "%s", str) == -1) + return -1; + i = 1; + } + } else { + if (str == NULL) + str = "vnd.ms-office"; + if (file_printf(ms, "application/%s", str) == -1) + return -1; + i = 1; + } + if (i <= 0) { + i = cdf_file_catalog_info(ms, info, h, sat, ssat, sst, + dir, scn); + } + return i; +} + private struct sinfo { const char *name; const char *mime; @@ -380,10 +438,13 @@ } sectioninfo[] = { { "Encrypted", "encrypted", { - "EncryptedPackage", NULL, NULL, NULL, NULL, + "EncryptedPackage", "EncryptedSummary", + NULL, NULL, NULL, }, { - CDF_DIR_TYPE_USER_STREAM, 0, 0, 0, 0, + CDF_DIR_TYPE_USER_STREAM, + CDF_DIR_TYPE_USER_STREAM, + 0, 0, 0, }, }, @@ -404,6 +465,46 @@ 0, 0, 0, 0 }, }, + { "Microsoft Excel", "vnd.ms-excel", + { + "Book", "Workbook", NULL, NULL, NULL, + }, + { + CDF_DIR_TYPE_USER_STREAM, + CDF_DIR_TYPE_USER_STREAM, + 0, 0, 0, + }, + }, + { "Microsoft Word", "msword", + { + "WordDocument", NULL, NULL, NULL, NULL, + }, + { + CDF_DIR_TYPE_USER_STREAM, + 0, 0, 0, 0, + }, + }, + { "Microsoft PowerPoint", "vnd.ms-powerpoint", + { + "PowerPoint", NULL, NULL, NULL, NULL, + }, + { + CDF_DIR_TYPE_USER_STREAM, + 0, 0, 0, 0, + }, + }, + { "Microsoft Outlook Message", "vnd.ms-outlook", + { + "__properties_version1.0", + "__recip_version1.0_#00000000", + NULL, NULL, NULL, + }, + { + CDF_DIR_TYPE_USER_STREAM, + CDF_DIR_TYPE_USER_STORAGE, + 0, 0, 0, + }, + }, }; private int @@ -415,22 +516,19 @@ const struct sinfo *si = §ioninfo[sd]; for (j = 0; si->sections[j]; j++) { if (cdf_find_stream(dir, si->sections[j], si->types[j]) - <= 0) { + > 0) + break; #ifdef CDF_DEBUG - fprintf(stderr, "Can't read %s\n", - si->sections[j]); + fprintf(stderr, "Can't read %s\n", si->sections[j]); #endif - break; - } } - if (si->sections[j] != NULL) + if (si->sections[j] == NULL) continue; if (NOTMIME(ms)) { if (file_printf(ms, "CDFV2 %s", si->name) == -1) return -1; } else { - if (file_printf(ms, "application/CDFV2-%s", - si->mime) == -1) + if (file_printf(ms, "application/%s", si->mime) == -1) return -1; } return 1; @@ -451,6 +549,7 @@ const char *expn = ""; const cdf_directory_t *root_storage; + scn.sst_tab = NULL; info.i_fd = fd; info.i_buf = buf; info.i_len = nbytes; @@ -506,7 +605,7 @@ if ((i = cdf_read_user_stream(&info, &h, &sat, &ssat, &sst, &dir, "FileHeader", &scn)) != -1) { #define HWP5_SIGNATURE "HWP Document File" - if (scn.sst_dirlen >= sizeof(HWP5_SIGNATURE) - 1 + if (scn.sst_len * scn.sst_ss >= sizeof(HWP5_SIGNATURE) - 1 && memcmp(scn.sst_tab, HWP5_SIGNATURE, sizeof(HWP5_SIGNATURE) - 1) == 0) { if (NOTMIME(ms)) { @@ -520,10 +619,7 @@ i = 1; goto out5; } else { - free(scn.sst_tab); - scn.sst_tab = NULL; - scn.sst_len = 0; - scn.sst_dirlen = 0; + cdf_zero_stream(&scn); } } @@ -531,56 +627,31 @@ &scn)) == -1) { if (errno != ESRCH) { expn = "Cannot read summary info"; - goto out4; } - i = cdf_file_catalog_info(ms, &info, &h, &sat, &ssat, &sst, - &dir, &scn); - if (i > 0) - goto out4; - i = cdf_file_dir_info(ms, &dir); - if (i < 0) - expn = "Cannot read section info"; - goto out4; + } else { + i = cdf_check_summary_info(ms, &info, &h, + &sat, &ssat, &sst, &dir, &scn, root_storage, &expn); + cdf_zero_stream(&scn); } - - -#ifdef CDF_DEBUG - cdf_dump_summary_info(&h, &scn); -#endif - if ((i = cdf_file_summary_info(ms, &h, &scn, root_storage)) < 0) - expn = "Can't expand summary_info"; - - if (i == 0) { - const char *str = NULL; - cdf_directory_t *d; - char name[__arraycount(d->d_name)]; - size_t j, k; - - for (j = 0; str == NULL && j < dir.dir_len; j++) { - d = &dir.dir_tab[j]; - for (k = 0; k < sizeof(name); k++) - name[k] = (char)cdf_tole2(d->d_name[k]); - str = cdf_app_to_mime(name, - NOTMIME(ms) ? name2desc : name2mime); - } - if (NOTMIME(ms)) { - if (str != NULL) { - if (file_printf(ms, "%s", str) == -1) - return -1; - i = 1; + if (i <= 0) { + if ((i = cdf_read_doc_summary_info(&info, &h, &sat, &ssat, + &sst, &dir, &scn)) == -1) { + if (errno != ESRCH) { + expn = "Cannot read summary info"; } } else { - if (str == NULL) - str = "vnd.ms-office"; - if (file_printf(ms, "application/%s", str) == -1) - return -1; - i = 1; + i = cdf_check_summary_info(ms, &info, &h, &sat, &ssat, + &sst, &dir, &scn, root_storage, &expn); } } + if (i <= 0) { + i = cdf_file_dir_info(ms, &dir); + if (i < 0) + expn = "Cannot read section info"; + } out5: - free(scn.sst_tab); -out4: - free(sst.sst_tab); + cdf_zero_stream(&scn); + cdf_zero_stream(&sst); out3: free(dir.dir_tab); out2: @@ -597,7 +668,7 @@ if (file_printf(ms, ", %s", expn) == -1) return -1; } else { - if (file_printf(ms, "application/CDFV2-unknown") == -1) + if (file_printf(ms, "application/CDFV2") == -1) return -1; } i = 1; --- contrib/file/src/readelf.c.orig +++ contrib/file/src/readelf.c @@ -27,7 +27,7 @@ #include "file.h" #ifndef lint -FILE_RCSID("@(#)$File: readelf.c,v 1.122 2015/09/10 13:59:32 christos Exp $") +FILE_RCSID("@(#)$File: readelf.c,v 1.138 2017/08/27 07:55:02 christos Exp $") #endif #ifdef BUILTIN_ELF @@ -50,7 +50,7 @@ private int doshn(struct magic_set *, int, int, int, off_t, int, size_t, off_t, int, int, int *, uint16_t *); private size_t donote(struct magic_set *, void *, size_t, size_t, int, - int, size_t, int *, uint16_t *); + int, size_t, int *, uint16_t *, int, off_t, int, off_t); #define ELF_ALIGN(a) ((((a) + align - 1) / align) * align) @@ -177,6 +177,11 @@ elf_getu32(swap, ph32.p_align) : 4) \ : (off_t) (ph64.p_align ? \ elf_getu64(swap, ph64.p_align) : 4))) +#define xph_vaddr (size_t)((clazz == ELFCLASS32 \ + ? (off_t) (ph32.p_vaddr ? \ + elf_getu32(swap, ph32.p_vaddr) : 4) \ + : (off_t) (ph64.p_vaddr ? \ + elf_getu64(swap, ph64.p_vaddr) : 4))) #define xph_filesz (size_t)((clazz == ELFCLASS32 \ ? elf_getu32(swap, ph32.p_filesz) \ : elf_getu64(swap, ph64.p_filesz))) @@ -187,8 +192,8 @@ ? elf_getu32(swap, ph32.p_memsz) \ : elf_getu64(swap, ph64.p_memsz))) #define xnh_sizeof (clazz == ELFCLASS32 \ - ? sizeof nh32 \ - : sizeof nh64) + ? sizeof(nh32) \ + : sizeof(nh64)) #define xnh_type (clazz == ELFCLASS32 \ ? elf_getu32(swap, nh32.n_type) \ : elf_getu32(swap, nh64.n_type)) @@ -213,6 +218,18 @@ #define xcap_val (clazz == ELFCLASS32 \ ? elf_getu32(swap, cap32.c_un.c_val) \ : elf_getu64(swap, cap64.c_un.c_val)) +#define xauxv_addr (clazz == ELFCLASS32 \ + ? (void *)&auxv32 \ + : (void *)&auxv64) +#define xauxv_sizeof (clazz == ELFCLASS32 \ + ? sizeof(auxv32) \ + : sizeof(auxv64)) +#define xauxv_type (clazz == ELFCLASS32 \ + ? elf_getu32(swap, auxv32.a_type) \ + : elf_getu64(swap, auxv64.a_type)) +#define xauxv_val (clazz == ELFCLASS32 \ + ? elf_getu32(swap, auxv32.a_v) \ + : elf_getu64(swap, auxv64.a_v)) #ifdef ELFCORE /* @@ -293,16 +310,19 @@ "NetBSD", }; -#define FLAGS_DID_CORE 0x001 -#define FLAGS_DID_OS_NOTE 0x002 -#define FLAGS_DID_BUILD_ID 0x004 -#define FLAGS_DID_CORE_STYLE 0x008 -#define FLAGS_DID_NETBSD_PAX 0x010 -#define FLAGS_DID_NETBSD_MARCH 0x020 -#define FLAGS_DID_NETBSD_CMODEL 0x040 -#define FLAGS_DID_NETBSD_UNKNOWN 0x080 -#define FLAGS_IS_CORE 0x100 +#define FLAGS_CORE_STYLE 0x003 +#define FLAGS_DID_CORE 0x004 +#define FLAGS_DID_OS_NOTE 0x008 +#define FLAGS_DID_BUILD_ID 0x010 +#define FLAGS_DID_CORE_STYLE 0x020 +#define FLAGS_DID_NETBSD_PAX 0x040 +#define FLAGS_DID_NETBSD_MARCH 0x080 +#define FLAGS_DID_NETBSD_CMODEL 0x100 +#define FLAGS_DID_NETBSD_UNKNOWN 0x200 +#define FLAGS_IS_CORE 0x400 +#define FLAGS_DID_AUXV 0x800 + private int dophn_core(struct magic_set *ms, int clazz, int swap, int fd, off_t off, int num, size_t size, off_t fsize, int *flags, uint16_t *notecount) @@ -312,6 +332,8 @@ size_t offset, len; unsigned char nbuf[BUFSIZ]; ssize_t bufsize; + off_t ph_off = off; + int ph_num = num; if (size != xph_sizeof) { if (file_printf(ms, ", corrupted program header size") == -1) @@ -351,7 +373,8 @@ if (offset >= (size_t)bufsize) break; offset = donote(ms, nbuf, offset, (size_t)bufsize, - clazz, swap, 4, flags, notecount); + clazz, swap, 4, flags, notecount, fd, ph_off, + ph_num, fsize); if (offset == 0) break; @@ -488,12 +511,26 @@ size_t noff, size_t doff, int *flags) { if (namesz == 4 && strcmp((char *)&nbuf[noff], "GNU") == 0 && - type == NT_GNU_BUILD_ID && (descsz == 16 || descsz == 20)) { + type == NT_GNU_BUILD_ID && (descsz >= 4 && descsz <= 20)) { uint8_t desc[20]; + const char *btype; uint32_t i; *flags |= FLAGS_DID_BUILD_ID; - if (file_printf(ms, ", BuildID[%s]=", descsz == 16 ? "md5/uuid" : - "sha1") == -1) + switch (descsz) { + case 8: + btype = "xxHash"; + break; + case 16: + btype = "md5/uuid"; + break; + case 20: + btype = "sha1"; + break; + default: + btype = "unknown"; + break; + } + if (file_printf(ms, ", BuildID[%s]=", btype) == -1) return 1; (void)memcpy(desc, &nbuf[doff], descsz); for (i = 0; i < descsz; i++) @@ -674,6 +711,7 @@ == -1) return 1; *flags |= FLAGS_DID_CORE_STYLE; + *flags |= os_style; } switch (os_style) { @@ -680,26 +718,23 @@ case OS_STYLE_NETBSD: if (type == NT_NETBSD_CORE_PROCINFO) { char sbuf[512]; - uint32_t signo; - /* - * Extract the program name. It is at - * offset 0x7c, and is up to 32-bytes, - * including the terminating NUL. - */ - if (file_printf(ms, ", from '%.31s'", + struct NetBSD_elfcore_procinfo pi; + memset(&pi, 0, sizeof(pi)); + memcpy(&pi, nbuf + doff, descsz); + + if (file_printf(ms, ", from '%.31s', pid=%u, uid=%u, " + "gid=%u, nlwps=%u, lwp=%u (signal %u/code %u)", file_printable(sbuf, sizeof(sbuf), - (const char *)&nbuf[doff + 0x7c])) == -1) + CAST(char *, pi.cpi_name)), + elf_getu32(swap, pi.cpi_pid), + elf_getu32(swap, pi.cpi_euid), + elf_getu32(swap, pi.cpi_egid), + elf_getu32(swap, pi.cpi_nlwps), + elf_getu32(swap, pi.cpi_siglwp), + elf_getu32(swap, pi.cpi_signo), + elf_getu32(swap, pi.cpi_sigcode)) == -1) return 1; - - /* - * Extract the signal number. It is at - * offset 0x08. - */ - (void)memcpy(&signo, &nbuf[doff + 0x08], - sizeof(signo)); - if (file_printf(ms, " (signal %u)", - elf_getu32(swap, signo)) == -1) - return 1; + *flags |= FLAGS_DID_CORE; return 1; } @@ -813,9 +848,177 @@ return 0; } +private off_t +get_offset_from_virtaddr(struct magic_set *ms, int swap, int clazz, int fd, + off_t off, int num, off_t fsize, uint64_t virtaddr) +{ + Elf32_Phdr ph32; + Elf64_Phdr ph64; + + /* + * Loop through all the program headers and find the header with + * virtual address in which the "virtaddr" belongs to. + */ + for ( ; num; num--) { + if (pread(fd, xph_addr, xph_sizeof, off) < (ssize_t)xph_sizeof) { + file_badread(ms); + return -1; + } + off += xph_sizeof; + + if (fsize != SIZE_UNKNOWN && xph_offset > fsize) { + /* Perhaps warn here */ + continue; + } + + if (virtaddr >= xph_vaddr && virtaddr < xph_vaddr + xph_filesz) + return xph_offset + (virtaddr - xph_vaddr); + } + return 0; +} + private size_t +get_string_on_virtaddr(struct magic_set *ms, + int swap, int clazz, int fd, off_t ph_off, int ph_num, + off_t fsize, uint64_t virtaddr, char *buf, ssize_t buflen) +{ + char *bptr; + off_t offset; + + if (buflen == 0) + return 0; + + offset = get_offset_from_virtaddr(ms, swap, clazz, fd, ph_off, ph_num, + fsize, virtaddr); + if ((buflen = pread(fd, buf, CAST(size_t, buflen), offset)) <= 0) { + file_badread(ms); + return 0; + } + + buf[buflen - 1] = '\0'; + + /* We expect only printable characters, so return if buffer contains + * non-printable character before the '\0' or just '\0'. */ + for (bptr = buf; *bptr && isprint((unsigned char)*bptr); bptr++) + continue; + if (*bptr != '\0') + return 0; + + return bptr - buf; +} + + +private int +do_auxv_note(struct magic_set *ms, unsigned char *nbuf, uint32_t type, + int swap, uint32_t namesz __attribute__((__unused__)), + uint32_t descsz __attribute__((__unused__)), + size_t noff __attribute__((__unused__)), size_t doff, + int *flags, size_t size __attribute__((__unused__)), int clazz, + int fd, off_t ph_off, int ph_num, off_t fsize) +{ +#ifdef ELFCORE + Aux32Info auxv32; + Aux64Info auxv64; + size_t elsize = xauxv_sizeof; + const char *tag; + int is_string; + size_t nval; + + if ((*flags & (FLAGS_IS_CORE|FLAGS_DID_CORE_STYLE)) != + (FLAGS_IS_CORE|FLAGS_DID_CORE_STYLE)) + return 0; + + switch (*flags & FLAGS_CORE_STYLE) { + case OS_STYLE_SVR4: + if (type != NT_AUXV) + return 0; + break; +#ifdef notyet + case OS_STYLE_NETBSD: + if (type != NT_NETBSD_CORE_AUXV) + return 0; + break; + case OS_STYLE_FREEBSD: + if (type != NT_FREEBSD_PROCSTAT_AUXV) + return 0; + break; +#endif + default: + return 0; + } + + *flags |= FLAGS_DID_AUXV; + + nval = 0; + for (size_t off = 0; off + elsize <= descsz; off += elsize) { + (void)memcpy(xauxv_addr, &nbuf[doff + off], xauxv_sizeof); + /* Limit processing to 50 vector entries to prevent DoS */ + if (nval++ >= 50) { + file_error(ms, 0, "Too many ELF Auxv elements"); + return 1; + } + + switch(xauxv_type) { + case AT_LINUX_EXECFN: + is_string = 1; + tag = "execfn"; + break; + case AT_LINUX_PLATFORM: + is_string = 1; + tag = "platform"; + break; + case AT_LINUX_UID: + is_string = 0; + tag = "real uid"; + break; + case AT_LINUX_GID: + is_string = 0; + tag = "real gid"; + break; + case AT_LINUX_EUID: + is_string = 0; + tag = "effective uid"; + break; + case AT_LINUX_EGID: + is_string = 0; + tag = "effective gid"; + break; + default: + is_string = 0; + tag = NULL; + break; + } + + if (tag == NULL) + continue; + + if (is_string) { + char buf[256]; + ssize_t buflen; + buflen = get_string_on_virtaddr(ms, swap, clazz, fd, + ph_off, ph_num, fsize, xauxv_val, buf, sizeof(buf)); + + if (buflen == 0) + continue; + + if (file_printf(ms, ", %s: '%s'", tag, buf) == -1) + return 0; + } else { + if (file_printf(ms, ", %s: %d", tag, (int) xauxv_val) + == -1) + return 0; + } + } + return 1; +#else + return 0; +#endif +} + +private size_t donote(struct magic_set *ms, void *vbuf, size_t offset, size_t size, - int clazz, int swap, size_t align, int *flags, uint16_t *notecount) + int clazz, int swap, size_t align, int *flags, uint16_t *notecount, + int fd, off_t ph_off, int ph_num, off_t fsize) { Elf32_Nhdr nh32; Elf64_Nhdr nh64; @@ -839,6 +1042,7 @@ namesz = xnh_namesz; descsz = xnh_descsz; + if ((namesz == 0) && (descsz == 0)) { /* * We're out of note headers. @@ -847,13 +1051,13 @@ } if (namesz & 0x80000000) { - (void)file_printf(ms, ", bad note name size 0x%lx", + (void)file_printf(ms, ", bad note name size %#lx", (unsigned long)namesz); return 0; } if (descsz & 0x80000000) { - (void)file_printf(ms, ", bad note description size 0x%lx", + (void)file_printf(ms, ", bad note description size %#lx", (unsigned long)descsz); return 0; } @@ -876,61 +1080,69 @@ return (offset >= size) ? offset : size; } + if ((*flags & FLAGS_DID_OS_NOTE) == 0) { if (do_os_note(ms, nbuf, xnh_type, swap, namesz, descsz, noff, doff, flags)) - return size; + return offset; } if ((*flags & FLAGS_DID_BUILD_ID) == 0) { if (do_bid_note(ms, nbuf, xnh_type, swap, namesz, descsz, noff, doff, flags)) - return size; + return offset; } if ((*flags & FLAGS_DID_NETBSD_PAX) == 0) { if (do_pax_note(ms, nbuf, xnh_type, swap, namesz, descsz, noff, doff, flags)) - return size; + return offset; } if ((*flags & FLAGS_DID_CORE) == 0) { if (do_core_note(ms, nbuf, xnh_type, swap, namesz, descsz, noff, doff, flags, size, clazz)) - return size; + return offset; } + if ((*flags & FLAGS_DID_AUXV) == 0) { + if (do_auxv_note(ms, nbuf, xnh_type, swap, + namesz, descsz, noff, doff, flags, size, clazz, + fd, ph_off, ph_num, fsize)) + return offset; + } + if (namesz == 7 && strcmp((char *)&nbuf[noff], "NetBSD") == 0) { if (descsz > 100) descsz = 100; switch (xnh_type) { case NT_NETBSD_VERSION: - return size; + return offset; case NT_NETBSD_MARCH: if (*flags & FLAGS_DID_NETBSD_MARCH) - return size; + return offset; *flags |= FLAGS_DID_NETBSD_MARCH; if (file_printf(ms, ", compiled for: %.*s", (int)descsz, (const char *)&nbuf[doff]) == -1) - return size; + return offset; break; case NT_NETBSD_CMODEL: if (*flags & FLAGS_DID_NETBSD_CMODEL) - return size; + return offset; *flags |= FLAGS_DID_NETBSD_CMODEL; if (file_printf(ms, ", compiler model: %.*s", (int)descsz, (const char *)&nbuf[doff]) == -1) - return size; + return offset; break; default: if (*flags & FLAGS_DID_NETBSD_UNKNOWN) - return size; + return offset; *flags |= FLAGS_DID_NETBSD_UNKNOWN; if (file_printf(ms, ", note=%u", xnh_type) == -1) - return size; + return offset; break; } - return size; + return offset; } return offset; @@ -993,12 +1205,12 @@ { Elf32_Shdr sh32; Elf64_Shdr sh64; - int stripped = 1; + int stripped = 1, has_debug_info = 0; size_t nbadcap = 0; void *nbuf; off_t noff, coff, name_off; - uint64_t cap_hw1 = 0; /* SunOS 5.x hardware capabilites */ - uint64_t cap_sf1 = 0; /* SunOS 5.x software capabilites */ + uint64_t cap_hw1 = 0; /* SunOS 5.x hardware capabilities */ + uint64_t cap_sf1 = 0; /* SunOS 5.x software capabilities */ char name[50]; ssize_t namesize; @@ -1011,8 +1223,9 @@ /* Read offset of name section to be able to read section names later */ if (pread(fd, xsh_addr, xsh_sizeof, CAST(off_t, (off + size * strtab))) < (ssize_t)xsh_sizeof) { - file_badread(ms); - return -1; + if (file_printf(ms, ", missing section headers") == -1) + return -1; + return 0; } name_off = xsh_offset; @@ -1023,8 +1236,10 @@ return -1; } name[namesize] = '\0'; - if (strcmp(name, ".debug_info") == 0) + if (strcmp(name, ".debug_info") == 0) { + has_debug_info = 1; stripped = 0; + } if (pread(fd, xsh_addr, xsh_sizeof, off) < (ssize_t)xsh_sizeof) { file_badread(ms); @@ -1055,9 +1270,9 @@ if ((uintmax_t)(xsh_size + xsh_offset) > (uintmax_t)fsize) { if (file_printf(ms, - ", note offset/size 0x%" INTMAX_T_FORMAT - "x+0x%" INTMAX_T_FORMAT "x exceeds" - " file size 0x%" INTMAX_T_FORMAT "x", + ", note offset/size %#" INTMAX_T_FORMAT + "x+%#" INTMAX_T_FORMAT "x exceeds" + " file size %#" INTMAX_T_FORMAT "x", (uintmax_t)xsh_offset, (uintmax_t)xsh_size, (uintmax_t)fsize) == -1) return -1; @@ -1080,7 +1295,8 @@ if (noff >= (off_t)xsh_size) break; noff = donote(ms, nbuf, (size_t)noff, - xsh_size, clazz, swap, 4, flags, notecount); + xsh_size, clazz, swap, 4, flags, notecount, + fd, 0, 0, 0); if (noff == 0) break; } @@ -1160,7 +1376,7 @@ default: if (file_printf(ms, ", with unknown capability " - "0x%" INT64_T_FORMAT "x = 0x%" + "%#" INT64_T_FORMAT "x = %#" INT64_T_FORMAT "x", (unsigned long long)xcap_tag, (unsigned long long)xcap_val) == -1) @@ -1177,6 +1393,10 @@ } } + if (has_debug_info) { + if (file_printf(ms, ", with debug_info") == -1) + return -1; + } if (file_printf(ms, ", %sstripped", stripped ? "" : "not ") == -1) return -1; if (cap_hw1) { @@ -1210,13 +1430,13 @@ } if (cap_hw1) if (file_printf(ms, - " unknown hardware capability 0x%" + " unknown hardware capability %#" INT64_T_FORMAT "x", (unsigned long long)cap_hw1) == -1) return -1; } else { if (file_printf(ms, - " hardware capability 0x%" INT64_T_FORMAT "x", + " hardware capability %#" INT64_T_FORMAT "x", (unsigned long long)cap_hw1) == -1) return -1; } @@ -1232,7 +1452,7 @@ cap_sf1 &= ~SF1_SUNW_MASK; if (cap_sf1) if (file_printf(ms, - ", with unknown software capability 0x%" + ", with unknown software capability %#" INT64_T_FORMAT "x", (unsigned long long)cap_sf1) == -1) return -1; @@ -1286,7 +1506,7 @@ if (((align = xph_align) & 0x80000000UL) != 0 || align < 4) { if (file_printf(ms, - ", invalid note alignment 0x%lx", + ", invalid note alignment %#lx", (unsigned long)align) == -1) return -1; align = 4; @@ -1329,7 +1549,7 @@ break; offset = donote(ms, nbuf, offset, (size_t)bufsize, clazz, swap, align, - flags, notecount); + flags, notecount, fd, 0, 0, 0); if (offset == 0) break; } --- contrib/file/src/readelf.h.orig +++ contrib/file/src/readelf.h @@ -54,6 +54,42 @@ #define EI_NIDENT 16 typedef struct { + Elf32_Word a_type; /* 32-bit id */ + Elf32_Word a_v; /* 32-bit id */ +} Aux32Info; + +typedef struct { + Elf64_Xword a_type; /* 64-bit id */ + Elf64_Xword a_v; /* 64-bit id */ +} Aux64Info; + +#define AT_NULL 0 /* end of vector */ +#define AT_IGNORE 1 /* entry should be ignored */ +#define AT_EXECFD 2 /* file descriptor of program */ +#define AT_PHDR 3 /* program headers for program */ +#define AT_PHENT 4 /* size of program header entry */ +#define AT_PHNUM 5 /* number of program headers */ +#define AT_PAGESZ 6 /* system page size */ +#define AT_BASE 7 /* base address of interpreter */ +#define AT_FLAGS 8 /* flags */ +#define AT_ENTRY 9 /* entry point of program */ +#define AT_LINUX_NOTELF 10 /* program is not ELF */ +#define AT_LINUX_UID 11 /* real uid */ +#define AT_LINUX_EUID 12 /* effective uid */ +#define AT_LINUX_GID 13 /* real gid */ +#define AT_LINUX_EGID 14 /* effective gid */ +#define AT_LINUX_PLATFORM 15 /* string identifying CPU for optimizations */ +#define AT_LINUX_HWCAP 16 /* arch dependent hints at CPU capabilities */ +#define AT_LINUX_CLKTCK 17 /* frequency at which times() increments */ +/* AT_* values 18 through 22 are reserved */ +#define AT_LINUX_SECURE 23 /* secure mode boolean */ +#define AT_LINUX_BASE_PLATFORM 24 /* string identifying real platform, may + * differ from AT_PLATFORM. */ +#define AT_LINUX_RANDOM 25 /* address of 16 random bytes */ +#define AT_LINUX_HWCAP2 26 /* extension of AT_HWCAP */ +#define AT_LINUX_EXECFN 31 /* filename of program */ + +typedef struct { Elf32_Char e_ident[EI_NIDENT]; Elf32_Half e_type; Elf32_Half e_machine; @@ -105,7 +141,7 @@ #define SHT_SYMTAB 2 #define SHT_NOTE 7 #define SHT_DYNSYM 11 -#define SHT_SUNW_cap 0x6ffffff5 /* SunOS 5.x hw/sw capabilites */ +#define SHT_SUNW_cap 0x6ffffff5 /* SunOS 5.x hw/sw capabilities */ /* elf type */ #define ELFDATANONE 0 /* e_ident[EI_DATA] */ @@ -194,7 +230,34 @@ } Elf64_Shdr; #define NT_NETBSD_CORE_PROCINFO 1 +#define NT_NETBSD_CORE_AUXV 2 +struct NetBSD_elfcore_procinfo { + /* Version 1 fields start here. */ + uint32_t cpi_version; /* our version */ + uint32_t cpi_cpisize; /* sizeof(this struct) */ + uint32_t cpi_signo; /* killing signal */ + uint32_t cpi_sigcode; /* signal code */ + uint32_t cpi_sigpend[4]; /* pending signals */ + uint32_t cpi_sigmask[4]; /* blocked signals */ + uint32_t cpi_sigignore[4]; /* ignored signals */ + uint32_t cpi_sigcatch[4]; /* caught signals */ + int32_t cpi_pid; /* process ID */ + int32_t cpi_ppid; /* parent process ID */ + int32_t cpi_pgrp; /* process group ID */ + int32_t cpi_sid; /* session ID */ + uint32_t cpi_ruid; /* real user ID */ + uint32_t cpi_euid; /* effective user ID */ + uint32_t cpi_svuid; /* saved user ID */ + uint32_t cpi_rgid; /* real group ID */ + uint32_t cpi_egid; /* effective group ID */ + uint32_t cpi_svgid; /* saved group ID */ + uint32_t cpi_nlwps; /* number of LWPs */ + int8_t cpi_name[32]; /* copy of p->p_comm */ + /* Add version 2 fields below here. */ + int32_t cpi_siglwp; /* LWP target of killing signal */ +}; + /* Note header in a PT_NOTE section */ typedef struct elf_note { Elf32_Word n_namesz; /* Name size */ @@ -292,6 +355,11 @@ */ #define NT_NETBSD_CMODEL 6 +/* + * FreeBSD specific notes + */ +#define NT_FREEBSD_PROCSTAT_AUXV 16 + #if !defined(ELFSIZE) && defined(ARCH_ELFSIZE) #define ELFSIZE ARCH_ELFSIZE #endif --- contrib/file/src/softmagic.c.orig +++ contrib/file/src/softmagic.c @@ -32,7 +32,7 @@ #include "file.h" #ifndef lint -FILE_RCSID("@(#)$File: softmagic.c,v 1.218 2015/09/11 17:24:09 christos Exp $") +FILE_RCSID("@(#)$File: softmagic.c,v 1.249 2017/06/19 18:30:25 christos Exp $") #endif /* lint */ #include "magic.h" @@ -41,28 +41,29 @@ #include #include #include +#include "der.h" private int match(struct magic_set *, struct magic *, uint32_t, - const unsigned char *, size_t, size_t, int, int, int, uint16_t, + const unsigned char *, size_t, size_t, int, int, int, uint16_t *, uint16_t *, int *, int *, int *); private int mget(struct magic_set *, const unsigned char *, - struct magic *, size_t, size_t, unsigned int, int, int, int, uint16_t, + struct magic *, size_t, size_t, unsigned int, int, int, int, uint16_t *, uint16_t *, int *, int *, int *); private int magiccheck(struct magic_set *, struct magic *); private int32_t mprint(struct magic_set *, struct magic *); -private int32_t moffset(struct magic_set *, struct magic *); +private int moffset(struct magic_set *, struct magic *, size_t, int32_t *); private void mdebug(uint32_t, const char *, size_t); private int mcopy(struct magic_set *, union VALUETYPE *, int, int, const unsigned char *, uint32_t, size_t, struct magic *); private int mconvert(struct magic_set *, struct magic *, int); private int print_sep(struct magic_set *, int); -private int handle_annotation(struct magic_set *, struct magic *); -private void cvt_8(union VALUETYPE *, const struct magic *); -private void cvt_16(union VALUETYPE *, const struct magic *); -private void cvt_32(union VALUETYPE *, const struct magic *); -private void cvt_64(union VALUETYPE *, const struct magic *); +private int handle_annotation(struct magic_set *, struct magic *, int); +private int cvt_8(union VALUETYPE *, const struct magic *); +private int cvt_16(union VALUETYPE *, const struct magic *); +private int cvt_32(union VALUETYPE *, const struct magic *); +private int cvt_64(union VALUETYPE *, const struct magic *); -#define OFFSET_OOB(n, o, i) ((n) < (o) || (i) > ((n) - (o))) +#define OFFSET_OOB(n, o, i) ((n) < (uint32_t)(o) || (i) > ((n) - (o))) #define BE64(p) (((uint64_t)(p)->hq[0]<<56)|((uint64_t)(p)->hq[1]<<48)| \ ((uint64_t)(p)->hq[2]<<40)|((uint64_t)(p)->hq[3]<<32)| \ ((uint64_t)(p)->hq[4]<<24)|((uint64_t)(p)->hq[5]<<16)| \ @@ -79,6 +80,7 @@ ((uint32_t)(p)->hl[3]<<8)|((uint32_t)(p)->hl[2])) #define BE16(p) (((uint16_t)(p)->hs[0]<<8)|((uint16_t)(p)->hs[1])) #define LE16(p) (((uint16_t)(p)->hs[1]<<8)|((uint16_t)(p)->hs[0])) +#define SEXT(s,v,p) ((s)?(intmax_t)(int##v##_t)(p):(intmax_t)(uint##v##_t)(p)) /* * softmagic - lookup one file in parsed, in-memory copy of database @@ -87,20 +89,24 @@ /*ARGSUSED1*/ /* nbytes passed for regularity, maybe need later */ protected int file_softmagic(struct magic_set *ms, const unsigned char *buf, size_t nbytes, - uint16_t indir_level, uint16_t *name_count, int mode, int text) + uint16_t *indir_count, uint16_t *name_count, int mode, int text) { struct mlist *ml; int rv, printed_something = 0, need_separator = 0; - uint16_t nc; + uint16_t nc, ic; if (name_count == NULL) { nc = 0; name_count = &nc; } + if (indir_count == NULL) { + ic = 0; + indir_count = ⁣ + } for (ml = ms->mlist[0]->next; ml != ms->mlist[0]; ml = ml->next) if ((rv = match(ms, ml->magic, ml->nmagic, buf, nbytes, 0, mode, - text, 0, indir_level, name_count, + text, 0, indir_count, name_count, &printed_something, &need_separator, NULL)) != 0) return rv; @@ -156,7 +162,7 @@ private int match(struct magic_set *ms, struct magic *magic, uint32_t nmagic, const unsigned char *s, size_t nbytes, size_t offset, int mode, int text, - int flip, uint16_t indir_level, uint16_t *name_count, + int flip, uint16_t *indir_count, uint16_t *name_count, int *printed_something, int *need_separator, int *returnval) { uint32_t magindex = 0; @@ -181,11 +187,12 @@ ((text && (m->str_flags & FLT) == STRING_BINTEST) || (!text && (m->str_flags & FLT) == STRING_TEXTTEST))) || (m->flag & mode) != mode) { +flush: /* Skip sub-tests */ - while (magindex + 1 < nmagic && - magic[magindex + 1].cont_level != 0 && - ++magindex) - continue; + while (magindex < nmagic - 1 && + magic[magindex + 1].cont_level != 0) + magindex++; + cont_level = 0; continue; /* Skip to next top-level test*/ } @@ -194,7 +201,7 @@ /* if main entry matches, print it... */ switch (mget(ms, s, m, nbytes, offset, cont_level, mode, text, - flip, indir_level, name_count, + flip, indir_count, name_count, printed_something, need_separator, returnval)) { case -1: return -1; @@ -222,18 +229,16 @@ * main entry didn't match, * flush its continuations */ - while (magindex < nmagic - 1 && - magic[magindex + 1].cont_level != 0) - magindex++; - continue; + goto flush; } - if ((e = handle_annotation(ms, m)) != 0) { + if ((e = handle_annotation(ms, m, firstline)) != 0) { *need_separator = 1; *printed_something = 1; *returnval = 1; return e; } + /* * If we are going to print something, we'll need to print * a blank before we print something else. @@ -249,7 +254,13 @@ if (print && mprint(ms, m) == -1) return -1; - ms->c.li[cont_level].off = moffset(ms, m); + switch (moffset(ms, m, nbytes, &ms->c.li[cont_level].off)) { + case -1: + case 0: + goto flush; + default: + break; + } /* and any continuations that match */ if (file_check_mem(ms, ++cont_level) == -1) @@ -283,7 +294,7 @@ } #endif switch (mget(ms, s, m, nbytes, offset, cont_level, mode, - text, flip, indir_level, name_count, + text, flip, indir_count, name_count, printed_something, need_separator, returnval)) { case -1: return -1; @@ -318,7 +329,8 @@ break; } else ms->c.li[cont_level].got_match = 1; - if ((e = handle_annotation(ms, m)) != 0) { + + if ((e = handle_annotation(ms, m, firstline)) != 0) { *need_separator = 1; *printed_something = 1; *returnval = 1; @@ -354,7 +366,16 @@ if (print && mprint(ms, m) == -1) return -1; - ms->c.li[cont_level].off = moffset(ms, m); + switch (moffset(ms, m, nbytes, + &ms->c.li[cont_level].off)) { + case -1: + case 0: + flush = 1; + cont_level--; + break; + default: + break; + } if (*m->desc) *need_separator = 1; @@ -682,7 +703,12 @@ case FILE_NAME: t = ms->offset; break; - + case FILE_DER: + if (file_printf(ms, F(ms, m, "%s"), + file_printable(sbuf, sizeof(sbuf), ms->ms_value.s)) == -1) + return -1; + t = ms->offset; + break; default: file_magerror(ms, "invalid m->type (%d) in mprint()", m->type); return -1; @@ -690,102 +716,154 @@ return (int32_t)t; } -private int32_t -moffset(struct magic_set *ms, struct magic *m) +private int +moffset(struct magic_set *ms, struct magic *m, size_t nbytes, int32_t *op) { + int32_t o; + switch (m->type) { case FILE_BYTE: - return CAST(int32_t, (ms->offset + sizeof(char))); + o = CAST(int32_t, (ms->offset + sizeof(char))); + break; case FILE_SHORT: case FILE_BESHORT: case FILE_LESHORT: - return CAST(int32_t, (ms->offset + sizeof(short))); + o = CAST(int32_t, (ms->offset + sizeof(short))); + break; case FILE_LONG: case FILE_BELONG: case FILE_LELONG: case FILE_MELONG: - return CAST(int32_t, (ms->offset + sizeof(int32_t))); + o = CAST(int32_t, (ms->offset + sizeof(int32_t))); + break; case FILE_QUAD: case FILE_BEQUAD: case FILE_LEQUAD: - return CAST(int32_t, (ms->offset + sizeof(int64_t))); + o = CAST(int32_t, (ms->offset + sizeof(int64_t))); + break; case FILE_STRING: case FILE_PSTRING: case FILE_BESTRING16: case FILE_LESTRING16: - if (m->reln == '=' || m->reln == '!') - return ms->offset + m->vallen; - else { + if (m->reln == '=' || m->reln == '!') { + o = ms->offset + m->vallen; + } else { union VALUETYPE *p = &ms->ms_value; - uint32_t t; if (*m->value.s == '\0') p->s[strcspn(p->s, "\r\n")] = '\0'; - t = CAST(uint32_t, (ms->offset + strlen(p->s))); + o = CAST(uint32_t, (ms->offset + strlen(p->s))); if (m->type == FILE_PSTRING) - t += (uint32_t)file_pstring_length_size(m); - return t; + o += (uint32_t)file_pstring_length_size(m); } + break; case FILE_DATE: case FILE_BEDATE: case FILE_LEDATE: case FILE_MEDATE: - return CAST(int32_t, (ms->offset + sizeof(uint32_t))); + o = CAST(int32_t, (ms->offset + sizeof(uint32_t))); + break; case FILE_LDATE: case FILE_BELDATE: case FILE_LELDATE: case FILE_MELDATE: - return CAST(int32_t, (ms->offset + sizeof(uint32_t))); + o = CAST(int32_t, (ms->offset + sizeof(uint32_t))); + break; case FILE_QDATE: case FILE_BEQDATE: case FILE_LEQDATE: - return CAST(int32_t, (ms->offset + sizeof(uint64_t))); + o = CAST(int32_t, (ms->offset + sizeof(uint64_t))); + break; case FILE_QLDATE: case FILE_BEQLDATE: case FILE_LEQLDATE: - return CAST(int32_t, (ms->offset + sizeof(uint64_t))); + o = CAST(int32_t, (ms->offset + sizeof(uint64_t))); + break; case FILE_FLOAT: case FILE_BEFLOAT: case FILE_LEFLOAT: - return CAST(int32_t, (ms->offset + sizeof(float))); + o = CAST(int32_t, (ms->offset + sizeof(float))); + break; case FILE_DOUBLE: case FILE_BEDOUBLE: case FILE_LEDOUBLE: - return CAST(int32_t, (ms->offset + sizeof(double))); + o = CAST(int32_t, (ms->offset + sizeof(double))); + break; case FILE_REGEX: if ((m->str_flags & REGEX_OFFSET_START) != 0) - return CAST(int32_t, ms->search.offset); + o = CAST(int32_t, ms->search.offset); else - return CAST(int32_t, (ms->search.offset + - ms->search.rm_len)); + o = CAST(int32_t, + (ms->search.offset + ms->search.rm_len)); + break; case FILE_SEARCH: if ((m->str_flags & REGEX_OFFSET_START) != 0) - return CAST(int32_t, ms->search.offset); + o = CAST(int32_t, ms->search.offset); else - return CAST(int32_t, (ms->search.offset + m->vallen)); + o = CAST(int32_t, (ms->search.offset + m->vallen)); + break; case FILE_CLEAR: case FILE_DEFAULT: case FILE_INDIRECT: - return ms->offset; + o = ms->offset; + break; + case FILE_DER: + { + o = der_offs(ms, m, nbytes); + if (o == -1 || (size_t)o > nbytes) { + if ((ms->flags & MAGIC_DEBUG) != 0) { + (void)fprintf(stderr, + "Bad DER offset %d nbytes=%zu", + o, nbytes); + } + *op = 0; + return 0; + } + break; + } + default: - return 0; + o = 0; + break; } + + if ((size_t)o > nbytes) { +#if 0 + file_error(ms, 0, "Offset out of range %zu > %zu", + (size_t)o, nbytes); +#endif + return -1; + } + *op = o; + return 1; } +private uint32_t +cvt_id3(struct magic_set *ms, uint32_t v) +{ + v = ((((v >> 0) & 0x7f) << 0) | + (((v >> 8) & 0x7f) << 7) | + (((v >> 16) & 0x7f) << 14) | + (((v >> 24) & 0x7f) << 21)); + if ((ms->flags & MAGIC_DEBUG) != 0) + fprintf(stderr, "id3 offs=%u\n", v); + return v; +} + private int cvt_flip(int type, int flip) { @@ -858,9 +936,13 @@ p->fld *= cast m->num_mask; \ break; \ case FILE_OPDIVIDE: \ + if (cast m->num_mask == 0) \ + return -1; \ p->fld /= cast m->num_mask; \ break; \ case FILE_OPMODULO: \ + if (cast m->num_mask == 0) \ + return -1; \ p->fld %= cast m->num_mask; \ break; \ } \ @@ -867,28 +949,32 @@ if (m->mask_op & FILE_OPINVERSE) \ p->fld = ~p->fld \ -private void +private int cvt_8(union VALUETYPE *p, const struct magic *m) { DO_CVT(b, (uint8_t)); + return 0; } -private void +private int cvt_16(union VALUETYPE *p, const struct magic *m) { DO_CVT(h, (uint16_t)); + return 0; } -private void +private int cvt_32(union VALUETYPE *p, const struct magic *m) { DO_CVT(l, (uint32_t)); + return 0; } -private void +private int cvt_64(union VALUETYPE *p, const struct magic *m) { DO_CVT(q, (uint64_t)); + return 0; } #define DO_CVT2(fld, cast) \ @@ -904,20 +990,24 @@ p->fld *= cast m->num_mask; \ break; \ case FILE_OPDIVIDE: \ + if (cast m->num_mask == 0) \ + return -1; \ p->fld /= cast m->num_mask; \ break; \ } \ -private void +private int cvt_float(union VALUETYPE *p, const struct magic *m) { DO_CVT2(f, (float)); + return 0; } -private void +private int cvt_double(union VALUETYPE *p, const struct magic *m) { DO_CVT2(d, (double)); + return 0; } /* @@ -929,25 +1019,28 @@ mconvert(struct magic_set *ms, struct magic *m, int flip) { union VALUETYPE *p = &ms->ms_value; - uint8_t type; - switch (type = cvt_flip(m->type, flip)) { + switch (cvt_flip(m->type, flip)) { case FILE_BYTE: - cvt_8(p, m); + if (cvt_8(p, m) == -1) + goto out; return 1; case FILE_SHORT: - cvt_16(p, m); + if (cvt_16(p, m) == -1) + goto out; return 1; case FILE_LONG: case FILE_DATE: case FILE_LDATE: - cvt_32(p, m); + if (cvt_32(p, m) == -1) + goto out; return 1; case FILE_QUAD: case FILE_QDATE: case FILE_QLDATE: case FILE_QWDATE: - cvt_64(p, m); + if (cvt_64(p, m) == -1) + goto out; return 1; case FILE_STRING: case FILE_BESTRING16: @@ -979,13 +1072,15 @@ } case FILE_BESHORT: p->h = (short)BE16(p); - cvt_16(p, m); + if (cvt_16(p, m) == -1) + goto out; return 1; case FILE_BELONG: case FILE_BEDATE: case FILE_BELDATE: p->l = (int32_t)BE32(p); - cvt_32(p, m); + if (cvt_32(p, m) == -1) + goto out; return 1; case FILE_BEQUAD: case FILE_BEQDATE: @@ -992,17 +1087,20 @@ case FILE_BEQLDATE: case FILE_BEQWDATE: p->q = (uint64_t)BE64(p); - cvt_64(p, m); + if (cvt_64(p, m) == -1) + goto out; return 1; case FILE_LESHORT: p->h = (short)LE16(p); - cvt_16(p, m); + if (cvt_16(p, m) == -1) + goto out; return 1; case FILE_LELONG: case FILE_LEDATE: case FILE_LELDATE: p->l = (int32_t)LE32(p); - cvt_32(p, m); + if (cvt_32(p, m) == -1) + goto out; return 1; case FILE_LEQUAD: case FILE_LEQDATE: @@ -1009,35 +1107,43 @@ case FILE_LEQLDATE: case FILE_LEQWDATE: p->q = (uint64_t)LE64(p); - cvt_64(p, m); + if (cvt_64(p, m) == -1) + goto out; return 1; case FILE_MELONG: case FILE_MEDATE: case FILE_MELDATE: p->l = (int32_t)ME32(p); - cvt_32(p, m); + if (cvt_32(p, m) == -1) + goto out; return 1; case FILE_FLOAT: - cvt_float(p, m); + if (cvt_float(p, m) == -1) + goto out; return 1; case FILE_BEFLOAT: p->l = BE32(p); - cvt_float(p, m); + if (cvt_float(p, m) == -1) + goto out; return 1; case FILE_LEFLOAT: p->l = LE32(p); - cvt_float(p, m); + if (cvt_float(p, m) == -1) + goto out; return 1; case FILE_DOUBLE: - cvt_double(p, m); + if (cvt_double(p, m) == -1) + goto out; return 1; case FILE_BEDOUBLE: p->q = BE64(p); - cvt_double(p, m); + if (cvt_double(p, m) == -1) + goto out; return 1; case FILE_LEDOUBLE: p->q = LE64(p); - cvt_double(p, m); + if (cvt_double(p, m) == -1) + goto out; return 1; case FILE_REGEX: case FILE_SEARCH: @@ -1045,11 +1151,15 @@ case FILE_CLEAR: case FILE_NAME: case FILE_USE: + case FILE_DER: return 1; default: file_magerror(ms, "invalid type %d in mconvert()", m->type); return 0; } +out: + file_magerror(ms, "zerodivide in mconvert()"); + return 0; } @@ -1072,7 +1182,10 @@ */ if (indir == 0) { switch (type) { + case FILE_DER: case FILE_SEARCH: + if (offset > nbytes) + offset = CAST(uint32_t, nbytes); ms->search.s = RCAST(const char *, s) + offset; ms->search.s_len = nbytes - offset; ms->search.offset = offset; @@ -1086,7 +1199,7 @@ const char *end; size_t lines, linecnt, bytecnt; - if (s == NULL) { + if (s == NULL || nbytes < offset) { ms->search.s_len = 0; ms->search.s = NULL; return 0; @@ -1115,7 +1228,7 @@ memchr(c, '\r', CAST(size_t, (end - c)))))); lines--, b++) { last = b; - if (b[0] == '\r' && b[1] == '\n') + if (b < end - 1 && b[0] == '\r' && b[1] == '\n') b++; } if (lines) @@ -1148,7 +1261,8 @@ if (*dst == '\0') { if (type == FILE_BESTRING16 ? *(src - 1) != '\0' : - *(src + 1) != '\0') + ((src + 1 < esrc) && + *(src + 1) != '\0')) *dst = ' '; } } @@ -1183,14 +1297,53 @@ return 0; } +private uint32_t +do_ops(struct magic *m, intmax_t lhs, intmax_t off) +{ + intmax_t offset; + if (off) { + switch (m->in_op & FILE_OPS_MASK) { + case FILE_OPAND: + offset = lhs & off; + break; + case FILE_OPOR: + offset = lhs | off; + break; + case FILE_OPXOR: + offset = lhs ^ off; + break; + case FILE_OPADD: + offset = lhs + off; + break; + case FILE_OPMINUS: + offset = lhs - off; + break; + case FILE_OPMULTIPLY: + offset = lhs * off; + break; + case FILE_OPDIVIDE: + offset = lhs / off; + break; + case FILE_OPMODULO: + offset = lhs % off; + break; + } + } else + offset = lhs; + if (m->in_op & FILE_OPINVERSE) + offset = ~offset; + + return (uint32_t)offset; +} + private int mget(struct magic_set *ms, const unsigned char *s, struct magic *m, size_t nbytes, size_t o, unsigned int cont_level, int mode, int text, - int flip, uint16_t indir_level, uint16_t *name_count, + int flip, uint16_t *indir_count, uint16_t *name_count, int *printed_something, int *need_separator, int *returnval) { uint32_t offset = ms->offset; - uint32_t lhs; + intmax_t lhs; file_pushbuf_t *pb; int rv, oneed_separator, in_type; char *rbuf; @@ -1197,9 +1350,9 @@ union VALUETYPE *p = &ms->ms_value; struct mlist ml; - if (indir_level >= ms->indir_max) { - file_error(ms, 0, "indirect recursion nesting (%hu) exceeded", - indir_level); + if (*indir_count >= ms->indir_max) { + file_error(ms, 0, "indirect count (%hu) exceeded", + *indir_count); return -1; } @@ -1214,11 +1367,11 @@ return -1; if ((ms->flags & MAGIC_DEBUG) != 0) { - fprintf(stderr, "mget(type=%d, flag=%x, offset=%u, o=%" + fprintf(stderr, "mget(type=%d, flag=%#x, offset=%u, o=%" SIZE_T_FORMAT "u, " "nbytes=%" SIZE_T_FORMAT "u, il=%hu, nc=%hu)\n", m->type, m->flag, offset, o, nbytes, - indir_level, *name_count); + *indir_count, *name_count); mdebug(offset, (char *)(void *)p, sizeof(union VALUETYPE)); #ifndef COMPILE_ONLY file_mdump(m); @@ -1226,184 +1379,64 @@ } if (m->flag & INDIR) { - int off = m->in_offset; + intmax_t off = m->in_offset; + const int sgn = m->in_op & FILE_OPSIGNED; if (m->in_op & FILE_OPINDIRECT) { const union VALUETYPE *q = CAST(const union VALUETYPE *, ((const void *)(s + offset + off))); + if (OFFSET_OOB(nbytes, offset + off, sizeof(*q))) + return 0; switch (cvt_flip(m->in_type, flip)) { case FILE_BYTE: - off = q->b; + off = SEXT(sgn,8,q->b); break; case FILE_SHORT: - off = q->h; + off = SEXT(sgn,16,q->h); break; case FILE_BESHORT: - off = (short)BE16(q); + off = SEXT(sgn,16,BE16(q)); break; case FILE_LESHORT: - off = (short)LE16(q); + off = SEXT(sgn,16,LE16(q)); break; case FILE_LONG: - off = q->l; + off = SEXT(sgn,32,q->l); break; case FILE_BELONG: case FILE_BEID3: - off = (int32_t)BE32(q); + off = SEXT(sgn,32,BE32(q)); break; case FILE_LEID3: case FILE_LELONG: - off = (int32_t)LE32(q); + off = SEXT(sgn,32,LE32(q)); break; case FILE_MELONG: - off = (int32_t)ME32(q); + off = SEXT(sgn,32,ME32(q)); break; } if ((ms->flags & MAGIC_DEBUG) != 0) - fprintf(stderr, "indirect offs=%u\n", off); + fprintf(stderr, "indirect offs=%jd\n", off); } switch (in_type = cvt_flip(m->in_type, flip)) { case FILE_BYTE: if (OFFSET_OOB(nbytes, offset, 1)) return 0; - if (off) { - switch (m->in_op & FILE_OPS_MASK) { - case FILE_OPAND: - offset = p->b & off; - break; - case FILE_OPOR: - offset = p->b | off; - break; - case FILE_OPXOR: - offset = p->b ^ off; - break; - case FILE_OPADD: - offset = p->b + off; - break; - case FILE_OPMINUS: - offset = p->b - off; - break; - case FILE_OPMULTIPLY: - offset = p->b * off; - break; - case FILE_OPDIVIDE: - offset = p->b / off; - break; - case FILE_OPMODULO: - offset = p->b % off; - break; - } - } else - offset = p->b; - if (m->in_op & FILE_OPINVERSE) - offset = ~offset; + offset = do_ops(m, SEXT(sgn,8,p->b), off); break; case FILE_BESHORT: if (OFFSET_OOB(nbytes, offset, 2)) return 0; - lhs = (p->hs[0] << 8) | p->hs[1]; - if (off) { - switch (m->in_op & FILE_OPS_MASK) { - case FILE_OPAND: - offset = lhs & off; - break; - case FILE_OPOR: - offset = lhs | off; - break; - case FILE_OPXOR: - offset = lhs ^ off; - break; - case FILE_OPADD: - offset = lhs + off; - break; - case FILE_OPMINUS: - offset = lhs - off; - break; - case FILE_OPMULTIPLY: - offset = lhs * off; - break; - case FILE_OPDIVIDE: - offset = lhs / off; - break; - case FILE_OPMODULO: - offset = lhs % off; - break; - } - } else - offset = lhs; - if (m->in_op & FILE_OPINVERSE) - offset = ~offset; + offset = do_ops(m, SEXT(sgn,16,BE16(p)), off); break; case FILE_LESHORT: if (OFFSET_OOB(nbytes, offset, 2)) return 0; - lhs = (p->hs[1] << 8) | p->hs[0]; - if (off) { - switch (m->in_op & FILE_OPS_MASK) { - case FILE_OPAND: - offset = lhs & off; - break; - case FILE_OPOR: - offset = lhs | off; - break; - case FILE_OPXOR: - offset = lhs ^ off; - break; - case FILE_OPADD: - offset = lhs + off; - break; - case FILE_OPMINUS: - offset = lhs - off; - break; - case FILE_OPMULTIPLY: - offset = lhs * off; - break; - case FILE_OPDIVIDE: - offset = lhs / off; - break; - case FILE_OPMODULO: - offset = lhs % off; - break; - } - } else - offset = lhs; - if (m->in_op & FILE_OPINVERSE) - offset = ~offset; + offset = do_ops(m, SEXT(sgn,16,LE16(p)), off); break; case FILE_SHORT: if (OFFSET_OOB(nbytes, offset, 2)) return 0; - if (off) { - switch (m->in_op & FILE_OPS_MASK) { - case FILE_OPAND: - offset = p->h & off; - break; - case FILE_OPOR: - offset = p->h | off; - break; - case FILE_OPXOR: - offset = p->h ^ off; - break; - case FILE_OPADD: - offset = p->h + off; - break; - case FILE_OPMINUS: - offset = p->h - off; - break; - case FILE_OPMULTIPLY: - offset = p->h * off; - break; - case FILE_OPDIVIDE: - offset = p->h / off; - break; - case FILE_OPMODULO: - offset = p->h % off; - break; - } - } - else - offset = p->h; - if (m->in_op & FILE_OPINVERSE) - offset = ~offset; + offset = do_ops(m, SEXT(sgn,16,p->h), off); break; case FILE_BELONG: case FILE_BEID3: @@ -1410,37 +1443,9 @@ if (OFFSET_OOB(nbytes, offset, 4)) return 0; lhs = BE32(p); - if (off) { - switch (m->in_op & FILE_OPS_MASK) { - case FILE_OPAND: - offset = lhs & off; - break; - case FILE_OPOR: - offset = lhs | off; - break; - case FILE_OPXOR: - offset = lhs ^ off; - break; - case FILE_OPADD: - offset = lhs + off; - break; - case FILE_OPMINUS: - offset = lhs - off; - break; - case FILE_OPMULTIPLY: - offset = lhs * off; - break; - case FILE_OPDIVIDE: - offset = lhs / off; - break; - case FILE_OPMODULO: - offset = lhs % off; - break; - } - } else - offset = lhs; - if (m->in_op & FILE_OPINVERSE) - offset = ~offset; + if (in_type == FILE_BEID3) + lhs = cvt_id3(ms, (uint32_t)lhs); + offset = do_ops(m, SEXT(sgn,32,lhs), off); break; case FILE_LELONG: case FILE_LEID3: @@ -1447,127 +1452,24 @@ if (OFFSET_OOB(nbytes, offset, 4)) return 0; lhs = LE32(p); - if (off) { - switch (m->in_op & FILE_OPS_MASK) { - case FILE_OPAND: - offset = lhs & off; - break; - case FILE_OPOR: - offset = lhs | off; - break; - case FILE_OPXOR: - offset = lhs ^ off; - break; - case FILE_OPADD: - offset = lhs + off; - break; - case FILE_OPMINUS: - offset = lhs - off; - break; - case FILE_OPMULTIPLY: - offset = lhs * off; - break; - case FILE_OPDIVIDE: - offset = lhs / off; - break; - case FILE_OPMODULO: - offset = lhs % off; - break; - } - } else - offset = lhs; - if (m->in_op & FILE_OPINVERSE) - offset = ~offset; + if (in_type == FILE_LEID3) + lhs = cvt_id3(ms, (uint32_t)lhs); + offset = do_ops(m, SEXT(sgn,32,lhs), off); break; case FILE_MELONG: if (OFFSET_OOB(nbytes, offset, 4)) return 0; - lhs = ME32(p); - if (off) { - switch (m->in_op & FILE_OPS_MASK) { - case FILE_OPAND: - offset = lhs & off; - break; - case FILE_OPOR: - offset = lhs | off; - break; - case FILE_OPXOR: - offset = lhs ^ off; - break; - case FILE_OPADD: - offset = lhs + off; - break; - case FILE_OPMINUS: - offset = lhs - off; - break; - case FILE_OPMULTIPLY: - offset = lhs * off; - break; - case FILE_OPDIVIDE: - offset = lhs / off; - break; - case FILE_OPMODULO: - offset = lhs % off; - break; - } - } else - offset = lhs; - if (m->in_op & FILE_OPINVERSE) - offset = ~offset; + offset = do_ops(m, SEXT(sgn,32,ME32(p)), off); break; case FILE_LONG: if (OFFSET_OOB(nbytes, offset, 4)) return 0; - if (off) { - switch (m->in_op & FILE_OPS_MASK) { - case FILE_OPAND: - offset = p->l & off; - break; - case FILE_OPOR: - offset = p->l | off; - break; - case FILE_OPXOR: - offset = p->l ^ off; - break; - case FILE_OPADD: - offset = p->l + off; - break; - case FILE_OPMINUS: - offset = p->l - off; - break; - case FILE_OPMULTIPLY: - offset = p->l * off; - break; - case FILE_OPDIVIDE: - offset = p->l / off; - break; - case FILE_OPMODULO: - offset = p->l % off; - break; - } - } else - offset = p->l; - if (m->in_op & FILE_OPINVERSE) - offset = ~offset; + offset = do_ops(m, SEXT(sgn,32,p->l), off); break; default: break; } - switch (in_type) { - case FILE_LEID3: - case FILE_BEID3: - offset = ((((offset >> 0) & 0x7f) << 0) | - (((offset >> 8) & 0x7f) << 7) | - (((offset >> 16) & 0x7f) << 14) | - (((offset >> 24) & 0x7f) << 21)); - if ((ms->flags & MAGIC_DEBUG) != 0) - fprintf(stderr, "id3 offs=%u\n", offset); - break; - default: - break; - } - if (m->flag & INDIROFFADD) { offset += ms->c.li[cont_level-1].off; if (offset == 0) { @@ -1656,8 +1558,9 @@ if ((pb = file_push_buffer(ms)) == NULL) return -1; + (*indir_count)++; rv = file_softmagic(ms, s + offset, nbytes - offset, - indir_level + 1, name_count, BINTEST, text); + indir_count, name_count, BINTEST, text); if ((ms->flags & MAGIC_DEBUG) != 0) fprintf(stderr, "indirect @offs=%u[%d]\n", offset, rv); @@ -1697,7 +1600,7 @@ if (m->flag & NOSPACE) *need_separator = 0; rv = match(ms, ml.magic, ml.nmagic, s, nbytes, offset + o, - mode, text, flip, indir_level, name_count, + mode, text, flip, indir_count, name_count, printed_something, need_separator, returnval); if (rv != 1) *need_separator = oneed_separator; @@ -1709,6 +1612,7 @@ if (file_printf(ms, "%s", m->desc) == -1) return -1; return 1; + case FILE_DER: case FILE_DEFAULT: /* nothing to check */ case FILE_CLEAR: default: @@ -1730,6 +1634,7 @@ */ const unsigned char *a = (const unsigned char *)s1; const unsigned char *b = (const unsigned char *)s2; + const unsigned char *eb = b + len; uint64_t v; /* @@ -1744,6 +1649,10 @@ } else { /* combine the others */ while (len-- > 0) { + if (b >= eb) { + v = 1; + break; + } if ((flags & STRING_IGNORE_LOWERCASE) && islower(*a)) { if ((v = tolower(*b++) - *a++) != '\0') @@ -1759,7 +1668,7 @@ a++; if (isspace(*b++)) { if (!isspace(*a)) - while (isspace(*b)) + while (b < eb && isspace(*b)) b++; } else { @@ -1770,7 +1679,7 @@ else if ((flags & STRING_COMPACT_OPTIONAL_WHITESPACE) && isspace(*a)) { a++; - while (isspace(*b)) + while (b < eb && isspace(*b)) b++; } else { @@ -1941,13 +1850,13 @@ for (idx = 0; m->str_range == 0 || idx < m->str_range; idx++) { if (slen + idx > ms->search.s_len) - break; + return 0; v = file_strncmp(m->value.s, ms->search.s + idx, slen, m->str_flags); if (v == 0) { /* found match */ ms->search.offset += idx; - ms->search.rm_len = m->str_range - idx; + ms->search.rm_len = ms->search.s_len - idx; break; } } @@ -1969,14 +1878,13 @@ file_regerror(&rx, rc, ms); v = (uint64_t)-1; } else { - regmatch_t pmatch[1]; + regmatch_t pmatch; size_t slen = ms->search.s_len; -#ifndef REG_STARTEND -#define REG_STARTEND 0 char *copy; if (slen != 0) { - copy = malloc(slen); + copy = CAST(char *, malloc(slen)); if (copy == NULL) { + file_regfree(&rx); file_error(ms, errno, "can't allocate %" SIZE_T_FORMAT "u bytes", slen); @@ -1986,25 +1894,18 @@ copy[--slen] = '\0'; search = copy; } else { - search = ms->search.s; + search = CCAST(char *, ""); copy = NULL; } -#else - search = ms->search.s; - pmatch[0].rm_so = 0; - pmatch[0].rm_eo = slen; -#endif rc = file_regexec(&rx, (const char *)search, - 1, pmatch, REG_STARTEND); -#if REG_STARTEND == 0 + 1, &pmatch, 0); free(copy); -#endif switch (rc) { case 0: - ms->search.s += (int)pmatch[0].rm_so; - ms->search.offset += (size_t)pmatch[0].rm_so; + ms->search.s += (int)pmatch.rm_so; + ms->search.offset += (size_t)pmatch.rm_so; ms->search.rm_len = - (size_t)(pmatch[0].rm_eo - pmatch[0].rm_so); + (size_t)(pmatch.rm_eo - pmatch.rm_so); v = 0; break; @@ -2027,6 +1928,16 @@ case FILE_USE: case FILE_NAME: return 1; + case FILE_DER: + matched = der_cmp(ms, m); + if (matched == -1) { + if ((ms->flags & MAGIC_DEBUG) != 0) { + (void) fprintf(stderr, + "EOF comparing DER entries"); + } + return 0; + } + return matched; default: file_magerror(ms, "invalid type %d in magiccheck()", m->type); return -1; @@ -2124,19 +2035,25 @@ } private int -handle_annotation(struct magic_set *ms, struct magic *m) +handle_annotation(struct magic_set *ms, struct magic *m, int firstline) { - if (ms->flags & MAGIC_APPLE) { + if ((ms->flags & MAGIC_APPLE) && m->apple[0]) { + if (!firstline && file_printf(ms, "\n- ") == -1) + return -1; if (file_printf(ms, "%.8s", m->apple) == -1) return -1; return 1; } - if (ms->flags & MAGIC_EXTENSION) { + if ((ms->flags & MAGIC_EXTENSION) && m->ext[0]) { + if (!firstline && file_printf(ms, "\n- ") == -1) + return -1; if (file_printf(ms, "%s", m->ext) == -1) return -1; return 1; } if ((ms->flags & MAGIC_MIME_TYPE) && m->mimetype[0]) { + if (!firstline && file_printf(ms, "\n- ") == -1) + return -1; if (file_printf(ms, "%s", m->mimetype) == -1) return -1; return 1; @@ -2147,8 +2064,8 @@ private int print_sep(struct magic_set *ms, int firstline) { - if (ms->flags & MAGIC_NODESC) - return 0; +// if (ms->flags & MAGIC_NODESC) +// return 0; if (firstline) return 0; /* --- contrib/file/src/vasprintf.c.orig +++ contrib/file/src/vasprintf.c @@ -88,7 +88,7 @@ The function needs to allocate memory to store the full text before to -actually writting it. i.e if you want to fnprintf() 1000 characters, the +actually writing it. i.e if you want to fnprintf() 1000 characters, the functions will allocate 1000 bytes. This behaviour can be modified: you have to customise the code to flush the internal buffer (writing to screen or file) when it reach a given size. Then @@ -108,7 +108,7 @@ #include "file.h" #ifndef lint -FILE_RCSID("@(#)$File: vasprintf.c,v 1.13 2014/12/04 15:56:46 christos Exp $") +FILE_RCSID("@(#)$File: vasprintf.c,v 1.14 2017/08/13 00:21:47 christos Exp $") #endif /* lint */ #include --- contrib/file/tests/Makefile.am.orig +++ contrib/file/tests/Makefile.am @@ -1,6 +1,6 @@ check_PROGRAMS = test test_LDADD = $(top_builddir)/src/libmagic.la -test_CPPFLAGS = -I$(top_srcdir)/src +test_CPPFLAGS = -I$(top_builddir)/src EXTRA_DIST = \ escapevel.result \ @@ -7,6 +7,8 @@ escapevel.testfile \ gedcom.result \ gedcom.testfile \ +hddrawcopytool.result \ +hddrawcopytool.testfile \ issue311docx.result \ issue311docx.testfile @@ -13,4 +15,4 @@ T = $(top_srcdir)/tests check-local: MAGIC=$(top_builddir)/magic/magic ./test - for i in $T/*.testfile; do echo Running test: $$i; MAGIC=$(top_builddir)/magic/magic ./test $$i $${i%%.testfile}.result; done + set -e; for i in $T/*.testfile; do echo Running test: $$i; TZ=UTC MAGIC=$(top_builddir)/magic/magic ./test $$i $${i%%.testfile}.result; done --- contrib/file/tests/Makefile.in.orig +++ contrib/file/tests/Makefile.in @@ -290,12 +290,14 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ test_LDADD = $(top_builddir)/src/libmagic.la -test_CPPFLAGS = -I$(top_srcdir)/src +test_CPPFLAGS = -I$(top_builddir)/src EXTRA_DIST = \ escapevel.result \ escapevel.testfile \ gedcom.result \ gedcom.testfile \ +hddrawcopytool.result \ +hddrawcopytool.testfile \ issue311docx.result \ issue311docx.testfile @@ -608,7 +610,7 @@ check-local: MAGIC=$(top_builddir)/magic/magic ./test - for i in $T/*.testfile; do echo Running test: $$i; MAGIC=$(top_builddir)/magic/magic ./test $$i $${i%%.testfile}.result; done + set -e; for i in $T/*.testfile; do echo Running test: $$i; TZ=UTC MAGIC=$(top_builddir)/magic/magic ./test $$i $${i%%.testfile}.result; done # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. --- contrib/file/tests/hddrawcopytool.result.orig +++ contrib/file/tests/hddrawcopytool.result @@ -0,0 +1 @@ +HDD Raw Copy Tool 1.10 - HD model: ST500DM0 02-1BD142 serial: 51D20233A7C0 \ No newline at end of file --- contrib/file/tests/test.c.orig +++ contrib/file/tests/test.c @@ -80,7 +80,8 @@ return 10; } if (magic_load(ms, NULL) == -1) { - (void)fprintf(stderr, "ERROR loading with NULL file: %s\n", magic_error(ms)); + (void)fprintf(stderr, "ERROR loading with NULL file: %s\n", + magic_error(ms)); return 11; } --- lib/libmagic/Makefile.orig +++ lib/libmagic/Makefile @@ -1,7 +1,7 @@ # $FreeBSD$ # Copyright (c) David E. O'Brien, 2000-2004, 2006, 2009 -CONTRDIR= ${.CURDIR}/../../contrib/file +CONTRDIR= ${SRCTOP}/contrib/file .PATH: ${CONTRDIR}/src .PATH: ${CONTRDIR}/doc @@ -12,7 +12,7 @@ MAN= libmagic.3 magic.5 SRCS= apprentice.c apptype.c ascmagic.c cdf.c cdf_time.c compress.c \ - encoding.c fsmagic.c funcs.c \ + der.c encoding.c fsmagic.c funcs.c \ is_tar.c magic.c print.c readcdf.c readelf.c softmagic.c INCS= magic.h @@ -19,7 +19,7 @@ MAGICPATH?= /usr/share/misc CFLAGS+= -DMAGIC='"${MAGICPATH}/magic"' -DHAVE_CONFIG_H -CFLAGS+= -I${.CURDIR} -I${CONTRDIR}/src +CFLAGS+= -I${.CURDIR} -I${.OBJDIR} -I${CONTRDIR}/src WARNS?= 3 @@ -40,8 +40,8 @@ CLEANFILES+= mkmagic build-tools: mkmagic -mkmagic: apprentice.c cdf_time.c encoding.c funcs.c magic.c print.c - ${CC} ${CFLAGS} -DCOMPILE_ONLY ${LDFLAGS} -o ${.TARGET} ${.ALLSRC} \ +mkmagic: apprentice.c cdf_time.c encoding.c funcs.c magic.c print.c ${INCS} + ${CC} ${CFLAGS} -DCOMPILE_ONLY ${LDFLAGS} -o ${.TARGET} ${.ALLSRC:N*.h} \ ${LDADD} FILEVER!= awk '$$1 == "\#define" && $$2 == "VERSION" { print $$3; exit }' \ @@ -54,4 +54,10 @@ -e 's,__MAGIC__,${MAGICPATH}/magic,g' ${.ALLSRC} > ${.TARGET} .endfor +CLEANFILES+= ${INCS} +.for inc in ${INCS} +${inc}: ${inc}.in + sed -e 's,X.YY,${FILEVER:S,",,g:S,.,,g},g' ${.ALLSRC} > ${.TARGET} +.endfor + .include --- lib/libmagic/config.h.orig +++ lib/libmagic/config.h @@ -43,6 +43,9 @@ /* Define to 1 if you have the header file. */ #define HAVE_DLFCN_H 1 +/* Define to 1 if you have the `dprintf' function. */ +#define HAVE_DPRINTF 1 + /* Define to 1 if you have the header file. */ #define HAVE_ERR_H 1 @@ -290,7 +293,7 @@ #define PACKAGE_NAME "file" /* Define to the full name and version of this package. */ -#define PACKAGE_STRING "file 5.25" +#define PACKAGE_STRING "file 5.32" /* Define to the one symbol short name of this package. */ #define PACKAGE_TARNAME "file" @@ -299,7 +302,7 @@ #define PACKAGE_URL "" /* Define to the version of this package. */ -#define PACKAGE_VERSION "5.25" +#define PACKAGE_VERSION "5.32" /* Define to 1 if you have the ANSI C header files. */ #define STDC_HEADERS 1 @@ -330,7 +333,7 @@ /* Version number of package */ -#define VERSION "5.25" +#define VERSION "5.32" /* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most significant byte first (like Motorola and SPARC, unlike Intel). */ @@ -344,6 +347,9 @@ # endif #endif +/* Enable zlib compression support */ +#define ZLIBSUPPORT 1 + /* Enable large inode numbers on Mac OS X 10.5. */ #ifndef _DARWIN_USE_64_BIT_INODE # define _DARWIN_USE_64_BIT_INODE 1