mirror of
https://git.FreeBSD.org/src.git
synced 2024-10-18 02:19:39 +00:00
Vendor import of file 5.45.
This commit is contained in:
parent
5d5531f83b
commit
72d4668c77
64
ChangeLog
64
ChangeLog
@ -1,3 +1,63 @@
|
||||
2023-07-27 15:45 Christos Zoulas <christos@zoulas.com>
|
||||
|
||||
* release 5.45
|
||||
|
||||
2023-07-17 11:53 Christos Zoulas <christos@zoulas.com>
|
||||
|
||||
* PR/465: psrok1: Avoid muslc asctime_r crash
|
||||
|
||||
2023-05-21 13:05 Christos Zoulas <christos@zoulas.com>
|
||||
|
||||
* add SIMH tape format support
|
||||
|
||||
2023-02-09 12:50 Christos Zoulas <christos@zoulas.com>
|
||||
|
||||
* bump the max size of the elf section notes to be read to 128K
|
||||
and make it configurable
|
||||
|
||||
2023-01-08 1:08 Christos Zoulas <christos@zoulas.com>
|
||||
|
||||
* PR/415: Fix decompression with program returning empty
|
||||
|
||||
2022-12-26 1:47 Christos Zoulas <christos@zoulas.com>
|
||||
|
||||
* PR/408: fix -p with seccomp
|
||||
* PR/412: fix MinGW compilation
|
||||
|
||||
2022-12-26 12:26 Christos Zoulas <christos@zoulas.com>
|
||||
|
||||
* release 5.44
|
||||
|
||||
2022-12-14 9:24 Christos Zoulas <christos@zoulas.com>
|
||||
|
||||
* Handle nan's so that we don't get internal floating point exceptions
|
||||
when they are enabled (Vincent Mihalkovic)
|
||||
|
||||
2022-10-23 10:21 Christos Zoulas <christos@zoulas.com>
|
||||
|
||||
* PR/397: Restore the ability to process files from stdin immediately.
|
||||
|
||||
2022-09-20 17:12 Christos Zoulas <christos@zoulas.com>
|
||||
|
||||
* fixed various clustefuzz issues
|
||||
|
||||
2022-09-19 15:54 Christos Zoulas <christos@zoulas.com>
|
||||
|
||||
* Fix error detection for decompression code (Vincent Mihalkovic)
|
||||
|
||||
2022-09-15 13:50 Christos Zoulas <christos@zoulas.com>
|
||||
|
||||
* Add MAGIC_NO_COMPRESS_FORK and use it to produce a more
|
||||
meaningful error message if we are sandboxing.
|
||||
|
||||
2022-09-15 10:45 Christos Zoulas <christos@zoulas.com>
|
||||
|
||||
* Add built-in lzip decompression support (Michal Gorny)
|
||||
|
||||
2022-09-14 10:35 Christos Zoulas <christos@zoulas.com>
|
||||
|
||||
* Add built-in zstd decompression support (Martin Rodriguez Reboredo)
|
||||
|
||||
2022-09-13 14:55 Christos Zoulas <christos@zoulas.com>
|
||||
|
||||
* release 5.43
|
||||
@ -229,7 +289,7 @@
|
||||
2019-12-15 22:13 Christos Zoulas <christos@zoulas.com>
|
||||
Document changes since the previous release:
|
||||
- Always accept -S (no sandbox) even if we don't support sandboxing
|
||||
- More syscalls elided for sandboxiing
|
||||
- More syscalls elided for sandboxing
|
||||
- For ELF dynamic means having an interpreter not just PT_DYNAMIC
|
||||
- Check for large ELF session header offset
|
||||
- When saving and restoring a locale, keep the locale name in our
|
||||
@ -1759,7 +1819,7 @@
|
||||
|
||||
* Magic format checks (Dr. Werner Fink)
|
||||
|
||||
* Magic format function improvent (Karl Chen)
|
||||
* Magic format function improvement (Karl Chen)
|
||||
|
||||
2006-05-03 11:11 Christos Zoulas <christos@astron.com>
|
||||
|
||||
|
@ -1,6 +1,6 @@
|
||||
## README for file(1) Command and the libmagic(3) library ##
|
||||
|
||||
@(#) $File: README.md,v 1.4 2021/10/21 01:51:31 christos Exp $
|
||||
@(#) $File: README.md,v 1.5 2023/05/28 13:59:47 christos Exp $
|
||||
|
||||
- Bug Tracker: <https://bugs.astron.com/>
|
||||
- Build Status: <https://travis-ci.org/file/file>
|
||||
@ -91,6 +91,7 @@ COPYING - read this first.
|
||||
* `src/gmtime_r.c` - replacement for OS's that don't have it.
|
||||
* `src/is_csv.c` - knows about Comma Separated Value file format (RFC 4180).
|
||||
* `src/is_json.c` - knows about JavaScript Object Notation format (RFC 8259).
|
||||
* `src/is_simh.c` - knows about SIMH tape file format.
|
||||
* `src/is_tar.c, tar.h` - knows about Tape ARchive format (courtesy John Gilmore).
|
||||
* `src/localtime_r.c` - replacement for OS's that don't have it.
|
||||
* `src/magic.h.in` - source file for magic.h
|
||||
|
@ -39,11 +39,12 @@ AC_CHECK_DECLS([daylight], , , [#include <time.h>
|
||||
#include <stdlib.h>])
|
||||
AC_CACHE_CHECK(for daylight, ac_cv_var_daylight,
|
||||
[AC_LINK_IFELSE(
|
||||
[AC_LANG_PROGRAM([#include <time.h>],
|
||||
[AC_LANG_PROGRAM([#include <time.h>
|
||||
#include <stdlib.h>],
|
||||
[#if !HAVE_DECL_DAYLIGHT
|
||||
extern int daylight;
|
||||
#endif
|
||||
atoi(daylight);])], ac_cv_var_daylight=yes, ac_cv_var_daylight=no)])
|
||||
daylight = atoi("1");])], ac_cv_var_daylight=yes, ac_cv_var_daylight=no)])
|
||||
if test $ac_cv_var_daylight = yes; then
|
||||
AC_DEFINE(HAVE_DAYLIGHT,1,[HAVE_DAYLIGHT])
|
||||
fi
|
||||
|
2
config.guess
vendored
2
config.guess
vendored
@ -210,6 +210,8 @@ case $UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION in
|
||||
aarch64eb) machine=aarch64_be-unknown ;;
|
||||
armeb) machine=armeb-unknown ;;
|
||||
arm*) machine=arm-unknown ;;
|
||||
mipsn64eb) machine=mips64-unknown ;;
|
||||
mipsn64el) machine=mips64el-unknown ;;
|
||||
sh3el) machine=shl-unknown ;;
|
||||
sh3eb) machine=sh-unknown ;;
|
||||
sh5el) machine=sh5le-unknown ;;
|
||||
|
21
config.h.in
21
config.h.in
@ -89,6 +89,9 @@
|
||||
/* Define to 1 if you have the `gnurx' library (-lgnurx). */
|
||||
#undef HAVE_LIBGNURX
|
||||
|
||||
/* Define to 1 if you have the `lz' library (-llz). */
|
||||
#undef HAVE_LIBLZ
|
||||
|
||||
/* Define to 1 if you have the `lzma' library (-llzma). */
|
||||
#undef HAVE_LIBLZMA
|
||||
|
||||
@ -98,9 +101,15 @@
|
||||
/* Define to 1 if you have the `z' library (-lz). */
|
||||
#undef HAVE_LIBZ
|
||||
|
||||
/* Define to 1 if you have the `zstd' library (-lzstd). */
|
||||
#undef HAVE_LIBZSTD
|
||||
|
||||
/* Define to 1 if you have the `localtime_r' function. */
|
||||
#undef HAVE_LOCALTIME_R
|
||||
|
||||
/* Define to 1 if you have the <lzlib.h> header file. */
|
||||
#undef HAVE_LZLIB_H
|
||||
|
||||
/* Define to 1 if you have the <lzma.h> header file. */
|
||||
#undef HAVE_LZMA_H
|
||||
|
||||
@ -276,9 +285,18 @@
|
||||
/* Define to 1 if you have the <zlib.h> header file. */
|
||||
#undef HAVE_ZLIB_H
|
||||
|
||||
/* Define to 1 if you have the <zstd_errors.h> header file. */
|
||||
#undef HAVE_ZSTD_ERRORS_H
|
||||
|
||||
/* Define to 1 if you have the <zstd.h> header file. */
|
||||
#undef HAVE_ZSTD_H
|
||||
|
||||
/* Define to the sub-directory where libtool stores uninstalled libraries. */
|
||||
#undef LT_OBJDIR
|
||||
|
||||
/* Enable lzlib compression support */
|
||||
#undef LZLIBSUPPORT
|
||||
|
||||
/* Define to 1 if `major', `minor', and `makedev' are declared in <mkdev.h>.
|
||||
*/
|
||||
#undef MAJOR_IN_MKDEV
|
||||
@ -425,6 +443,9 @@
|
||||
/* Enable zlib compression support */
|
||||
#undef ZLIBSUPPORT
|
||||
|
||||
/* Enable zstdlib compression support */
|
||||
#undef ZSTDLIBSUPPORT
|
||||
|
||||
/* Number of bits in a file offset, on hosts where this is settable. */
|
||||
#undef _FILE_OFFSET_BITS
|
||||
|
||||
|
1
config.sub
vendored
1
config.sub
vendored
@ -1219,6 +1219,7 @@ case $cpu-$vendor in
|
||||
| mips64vr4300 | mips64vr4300el \
|
||||
| mips64vr5000 | mips64vr5000el \
|
||||
| mips64vr5900 | mips64vr5900el \
|
||||
| mipsn64eb | mipsn64el \
|
||||
| mipsisa32 | mipsisa32el \
|
||||
| mipsisa32r2 | mipsisa32r2el \
|
||||
| mipsisa32r3 | mipsisa32r3el \
|
||||
|
184
configure
vendored
184
configure
vendored
@ -1,6 +1,6 @@
|
||||
#! /bin/sh
|
||||
# Guess values for system-dependent variables and create Makefiles.
|
||||
# Generated by GNU Autoconf 2.71 for file 5.43.
|
||||
# Generated by GNU Autoconf 2.71 for file 5.45.
|
||||
#
|
||||
# Report bugs to <christos@astron.com>.
|
||||
#
|
||||
@ -621,8 +621,8 @@ MAKEFLAGS=
|
||||
# Identity of this package.
|
||||
PACKAGE_NAME='file'
|
||||
PACKAGE_TARNAME='file'
|
||||
PACKAGE_VERSION='5.43'
|
||||
PACKAGE_STRING='file 5.43'
|
||||
PACKAGE_VERSION='5.45'
|
||||
PACKAGE_STRING='file 5.45'
|
||||
PACKAGE_BUGREPORT='christos@astron.com'
|
||||
PACKAGE_URL=''
|
||||
|
||||
@ -800,6 +800,8 @@ enable_elf_core
|
||||
enable_zlib
|
||||
enable_bzlib
|
||||
enable_xzlib
|
||||
enable_zstdlib
|
||||
enable_lzlib
|
||||
enable_libseccomp
|
||||
enable_fsect_man5
|
||||
enable_dependency_tracking
|
||||
@ -1371,7 +1373,7 @@ if test "$ac_init_help" = "long"; then
|
||||
# Omit some internal or obsolete options to make the list less imposing.
|
||||
# This message is too long to be a string in the A/UX 3.1 sh.
|
||||
cat <<_ACEOF
|
||||
\`configure' configures file 5.43 to adapt to many kinds of systems.
|
||||
\`configure' configures file 5.45 to adapt to many kinds of systems.
|
||||
|
||||
Usage: $0 [OPTION]... [VAR=VALUE]...
|
||||
|
||||
@ -1442,7 +1444,7 @@ fi
|
||||
|
||||
if test -n "$ac_init_help"; then
|
||||
case $ac_init_help in
|
||||
short | recursive ) echo "Configuration of file 5.43:";;
|
||||
short | recursive ) echo "Configuration of file 5.45:";;
|
||||
esac
|
||||
cat <<\_ACEOF
|
||||
|
||||
@ -1458,6 +1460,9 @@ Optional Features:
|
||||
--disable-bzlib disable bz2lib compression support [default=auto]
|
||||
--disable-xzlib disable liblzma/xz compression support
|
||||
[default=auto]
|
||||
--disable-zstdlib disable zstdlib compression support [default=auto]
|
||||
--disable-lzlib disable liblz (lzip) compression support
|
||||
[default=auto]
|
||||
--disable-libseccomp disable libseccomp sandboxing [default=auto]
|
||||
--enable-fsect-man5 enable file formats in man section 5
|
||||
--enable-dependency-tracking
|
||||
@ -1562,7 +1567,7 @@ fi
|
||||
test -n "$ac_init_help" && exit $ac_status
|
||||
if $ac_init_version; then
|
||||
cat <<\_ACEOF
|
||||
file configure 5.43
|
||||
file configure 5.45
|
||||
generated by GNU Autoconf 2.71
|
||||
|
||||
Copyright (C) 2021 Free Software Foundation, Inc.
|
||||
@ -2129,7 +2134,7 @@ cat >config.log <<_ACEOF
|
||||
This file contains any messages produced by compilers while
|
||||
running configure, to aid debugging if configure makes a mistake.
|
||||
|
||||
It was created by file $as_me 5.43, which was
|
||||
It was created by file $as_me 5.45, which was
|
||||
generated by GNU Autoconf 2.71. Invocation command line was
|
||||
|
||||
$ $0$ac_configure_args_raw
|
||||
@ -3405,7 +3410,7 @@ fi
|
||||
|
||||
# Define the identity of the package.
|
||||
PACKAGE='file'
|
||||
VERSION='5.43'
|
||||
VERSION='5.45'
|
||||
|
||||
|
||||
printf "%s\n" "#define PACKAGE \"$PACKAGE\"" >>confdefs.h
|
||||
@ -3641,6 +3646,28 @@ fi
|
||||
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $enable_xzlib" >&5
|
||||
printf "%s\n" "$enable_xzlib" >&6; }
|
||||
|
||||
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for zstdlib support" >&5
|
||||
printf %s "checking for zstdlib support... " >&6; }
|
||||
# Check whether --enable-zstdlib was given.
|
||||
if test ${enable_zstdlib+y}
|
||||
then :
|
||||
enableval=$enable_zstdlib;
|
||||
fi
|
||||
|
||||
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $enable_zstdlib" >&5
|
||||
printf "%s\n" "$enable_zstdlib" >&6; }
|
||||
|
||||
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for lzlib support" >&5
|
||||
printf %s "checking for lzlib support... " >&6; }
|
||||
# Check whether --enable-lzlib was given.
|
||||
if test ${enable_lzlib+y}
|
||||
then :
|
||||
enableval=$enable_lzlib;
|
||||
fi
|
||||
|
||||
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $enable_lzlib" >&5
|
||||
printf "%s\n" "$enable_lzlib" >&6; }
|
||||
|
||||
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for libseccomp support" >&5
|
||||
printf %s "checking for libseccomp support... " >&6; }
|
||||
# Check whether --enable-libseccomp was given.
|
||||
@ -13665,6 +13692,30 @@ then :
|
||||
|
||||
fi
|
||||
|
||||
fi
|
||||
if test "$enable_zstdlib" != "no"; then
|
||||
ac_fn_c_check_header_compile "$LINENO" "zstd.h" "ac_cv_header_zstd_h" "$ac_includes_default"
|
||||
if test "x$ac_cv_header_zstd_h" = xyes
|
||||
then :
|
||||
printf "%s\n" "#define HAVE_ZSTD_H 1" >>confdefs.h
|
||||
|
||||
fi
|
||||
ac_fn_c_check_header_compile "$LINENO" "zstd_errors.h" "ac_cv_header_zstd_errors_h" "$ac_includes_default"
|
||||
if test "x$ac_cv_header_zstd_errors_h" = xyes
|
||||
then :
|
||||
printf "%s\n" "#define HAVE_ZSTD_ERRORS_H 1" >>confdefs.h
|
||||
|
||||
fi
|
||||
|
||||
fi
|
||||
if test "$enable_lzlib" != "no"; then
|
||||
ac_fn_c_check_header_compile "$LINENO" "lzlib.h" "ac_cv_header_lzlib_h" "$ac_includes_default"
|
||||
if test "x$ac_cv_header_lzlib_h" = xyes
|
||||
then :
|
||||
printf "%s\n" "#define HAVE_LZLIB_H 1" >>confdefs.h
|
||||
|
||||
fi
|
||||
|
||||
fi
|
||||
ac_fn_c_check_type "$LINENO" "sig_t" "ac_cv_type_sig_t" "#include <signal.h>
|
||||
"
|
||||
@ -14037,13 +14088,14 @@ else $as_nop
|
||||
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
|
||||
/* end confdefs.h. */
|
||||
#include <time.h>
|
||||
#include <stdlib.h>
|
||||
int
|
||||
main (void)
|
||||
{
|
||||
#if !HAVE_DECL_DAYLIGHT
|
||||
extern int daylight;
|
||||
#endif
|
||||
atoi(daylight);
|
||||
daylight = atoi("1");
|
||||
;
|
||||
return 0;
|
||||
}
|
||||
@ -15459,6 +15511,96 @@ then :
|
||||
|
||||
fi
|
||||
|
||||
fi
|
||||
if test "$enable_zstdlib" != "no"; then
|
||||
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ZSTD_createDStream in -lzstd" >&5
|
||||
printf %s "checking for ZSTD_createDStream in -lzstd... " >&6; }
|
||||
if test ${ac_cv_lib_zstd_ZSTD_createDStream+y}
|
||||
then :
|
||||
printf %s "(cached) " >&6
|
||||
else $as_nop
|
||||
ac_check_lib_save_LIBS=$LIBS
|
||||
LIBS="-lzstd $LIBS"
|
||||
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
|
||||
/* end confdefs.h. */
|
||||
|
||||
/* Override any GCC internal prototype to avoid an error.
|
||||
Use char because int might match the return type of a GCC
|
||||
builtin and then its argument prototype would still apply. */
|
||||
char ZSTD_createDStream ();
|
||||
int
|
||||
main (void)
|
||||
{
|
||||
return ZSTD_createDStream ();
|
||||
;
|
||||
return 0;
|
||||
}
|
||||
_ACEOF
|
||||
if ac_fn_c_try_link "$LINENO"
|
||||
then :
|
||||
ac_cv_lib_zstd_ZSTD_createDStream=yes
|
||||
else $as_nop
|
||||
ac_cv_lib_zstd_ZSTD_createDStream=no
|
||||
fi
|
||||
rm -f core conftest.err conftest.$ac_objext conftest.beam \
|
||||
conftest$ac_exeext conftest.$ac_ext
|
||||
LIBS=$ac_check_lib_save_LIBS
|
||||
fi
|
||||
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_zstd_ZSTD_createDStream" >&5
|
||||
printf "%s\n" "$ac_cv_lib_zstd_ZSTD_createDStream" >&6; }
|
||||
if test "x$ac_cv_lib_zstd_ZSTD_createDStream" = xyes
|
||||
then :
|
||||
printf "%s\n" "#define HAVE_LIBZSTD 1" >>confdefs.h
|
||||
|
||||
LIBS="-lzstd $LIBS"
|
||||
|
||||
fi
|
||||
|
||||
fi
|
||||
if test "$enable_lzlib" != "no"; then
|
||||
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for LZ_decompress_open in -llz" >&5
|
||||
printf %s "checking for LZ_decompress_open in -llz... " >&6; }
|
||||
if test ${ac_cv_lib_lz_LZ_decompress_open+y}
|
||||
then :
|
||||
printf %s "(cached) " >&6
|
||||
else $as_nop
|
||||
ac_check_lib_save_LIBS=$LIBS
|
||||
LIBS="-llz $LIBS"
|
||||
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
|
||||
/* end confdefs.h. */
|
||||
|
||||
/* Override any GCC internal prototype to avoid an error.
|
||||
Use char because int might match the return type of a GCC
|
||||
builtin and then its argument prototype would still apply. */
|
||||
char LZ_decompress_open ();
|
||||
int
|
||||
main (void)
|
||||
{
|
||||
return LZ_decompress_open ();
|
||||
;
|
||||
return 0;
|
||||
}
|
||||
_ACEOF
|
||||
if ac_fn_c_try_link "$LINENO"
|
||||
then :
|
||||
ac_cv_lib_lz_LZ_decompress_open=yes
|
||||
else $as_nop
|
||||
ac_cv_lib_lz_LZ_decompress_open=no
|
||||
fi
|
||||
rm -f core conftest.err conftest.$ac_objext conftest.beam \
|
||||
conftest$ac_exeext conftest.$ac_ext
|
||||
LIBS=$ac_check_lib_save_LIBS
|
||||
fi
|
||||
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_lz_LZ_decompress_open" >&5
|
||||
printf "%s\n" "$ac_cv_lib_lz_LZ_decompress_open" >&6; }
|
||||
if test "x$ac_cv_lib_lz_LZ_decompress_open" = xyes
|
||||
then :
|
||||
printf "%s\n" "#define HAVE_LIBLZ 1" >>confdefs.h
|
||||
|
||||
LIBS="-llz $LIBS"
|
||||
|
||||
fi
|
||||
|
||||
fi
|
||||
if test "$enable_libseccomp" != "no"; then
|
||||
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for seccomp_init in -lseccomp" >&5
|
||||
@ -15591,6 +15733,26 @@ if test "$ac_cv_header_lzma_h$ac_cv_lib_lzma_lzma_stream_decoder" = "yesyes"; t
|
||||
|
||||
printf "%s\n" "#define XZLIBSUPPORT 1" >>confdefs.h
|
||||
|
||||
fi
|
||||
if test "$enable_zstdlib" = "yes"; then
|
||||
if test "$ac_cv_header_zstd_h$ac_cv_lib_zstd_ZSTD_createDStream" != "yesyes"; then
|
||||
as_fn_error $? "zstdlib support requested but not found" "$LINENO" 5
|
||||
fi
|
||||
fi
|
||||
if test "$ac_cv_header_zstd_h$ac_cv_lib_zstd_ZSTD_createDStream" = "yesyes"; then
|
||||
|
||||
printf "%s\n" "#define ZSTDLIBSUPPORT 1" >>confdefs.h
|
||||
|
||||
fi
|
||||
if test "$enable_lzlib" = "yes"; then
|
||||
if test "$ac_cv_header_lzlib_h$ac_cv_lib_lz_LZ_decompress_open" != "yesyes"; then
|
||||
as_fn_error $? "lzlib support requested but not found" "$LINENO" 5
|
||||
fi
|
||||
fi
|
||||
if test "$ac_cv_header_lzlib_h$ac_cv_lib_lz_LZ_decompress_open" = "yesyes"; then
|
||||
|
||||
printf "%s\n" "#define LZLIBSUPPORT 1" >>confdefs.h
|
||||
|
||||
fi
|
||||
|
||||
ac_config_files="$ac_config_files Makefile src/Makefile magic/Makefile tests/Makefile doc/Makefile python/Makefile libmagic.pc"
|
||||
@ -16131,7 +16293,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
|
||||
# report actual input values of CONFIG_FILES etc. instead of their
|
||||
# values after options handling.
|
||||
ac_log="
|
||||
This file was extended by file $as_me 5.43, which was
|
||||
This file was extended by file $as_me 5.45, which was
|
||||
generated by GNU Autoconf 2.71. Invocation command line was
|
||||
|
||||
CONFIG_FILES = $CONFIG_FILES
|
||||
@ -16199,7 +16361,7 @@ ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\
|
||||
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
|
||||
ac_cs_config='$ac_cs_config_escaped'
|
||||
ac_cs_version="\\
|
||||
file config.status 5.43
|
||||
file config.status 5.45
|
||||
configured by $0, generated by GNU Autoconf 2.71,
|
||||
with options \\"\$ac_cs_config\\"
|
||||
|
||||
|
40
configure.ac
40
configure.ac
@ -1,5 +1,5 @@
|
||||
dnl Process this file with autoconf to produce a configure script.
|
||||
AC_INIT([file],[5.43],[christos@astron.com])
|
||||
AC_INIT([file],[5.45],[christos@astron.com])
|
||||
AM_INIT_AUTOMAKE([subdir-objects foreign])
|
||||
m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
|
||||
|
||||
@ -49,6 +49,16 @@ AC_ARG_ENABLE([xzlib],
|
||||
[AS_HELP_STRING([--disable-xzlib], [disable liblzma/xz compression support @<:@default=auto@:>@])])
|
||||
AC_MSG_RESULT($enable_xzlib)
|
||||
|
||||
AC_MSG_CHECKING(for zstdlib support)
|
||||
AC_ARG_ENABLE([zstdlib],
|
||||
[AS_HELP_STRING([--disable-zstdlib], [disable zstdlib compression support @<:@default=auto@:>@])])
|
||||
AC_MSG_RESULT($enable_zstdlib)
|
||||
|
||||
AC_MSG_CHECKING(for lzlib support)
|
||||
AC_ARG_ENABLE([lzlib],
|
||||
[AS_HELP_STRING([--disable-lzlib], [disable liblz (lzip) compression support @<:@default=auto@:>@])])
|
||||
AC_MSG_RESULT($enable_lzlib)
|
||||
|
||||
AC_MSG_CHECKING(for libseccomp support)
|
||||
AC_ARG_ENABLE([libseccomp],
|
||||
[AS_HELP_STRING([--disable-libseccomp], [disable libseccomp sandboxing @<:@default=auto@:>@])])
|
||||
@ -112,6 +122,12 @@ fi
|
||||
if test "$enable_xzlib" != "no"; then
|
||||
AC_CHECK_HEADERS(lzma.h)
|
||||
fi
|
||||
if test "$enable_zstdlib" != "no"; then
|
||||
AC_CHECK_HEADERS(zstd.h zstd_errors.h)
|
||||
fi
|
||||
if test "$enable_lzlib" != "no"; then
|
||||
AC_CHECK_HEADERS(lzlib.h)
|
||||
fi
|
||||
AC_CHECK_TYPE([sig_t],[AC_DEFINE([HAVE_SIG_T],1,[Have sig_t type])],,[#include <signal.h>])
|
||||
|
||||
dnl Checks for typedefs, structures, and compiler characteristics.
|
||||
@ -180,6 +196,12 @@ fi
|
||||
if test "$enable_xzlib" != "no"; then
|
||||
AC_CHECK_LIB(lzma, lzma_stream_decoder)
|
||||
fi
|
||||
if test "$enable_zstdlib" != "no"; then
|
||||
AC_CHECK_LIB(zstd, ZSTD_createDStream)
|
||||
fi
|
||||
if test "$enable_lzlib" != "no"; then
|
||||
AC_CHECK_LIB(lz, LZ_decompress_open)
|
||||
fi
|
||||
if test "$enable_libseccomp" != "no"; then
|
||||
AC_CHECK_LIB(seccomp, seccomp_init)
|
||||
fi
|
||||
@ -215,6 +237,22 @@ fi
|
||||
if test "$ac_cv_header_lzma_h$ac_cv_lib_lzma_lzma_stream_decoder" = "yesyes"; then
|
||||
AC_DEFINE([XZLIBSUPPORT], 1, [Enable xzlib compression support])
|
||||
fi
|
||||
if test "$enable_zstdlib" = "yes"; then
|
||||
if test "$ac_cv_header_zstd_h$ac_cv_lib_zstd_ZSTD_createDStream" != "yesyes"; then
|
||||
AC_MSG_ERROR([zstdlib support requested but not found])
|
||||
fi
|
||||
fi
|
||||
if test "$ac_cv_header_zstd_h$ac_cv_lib_zstd_ZSTD_createDStream" = "yesyes"; then
|
||||
AC_DEFINE([ZSTDLIBSUPPORT], 1, [Enable zstdlib compression support])
|
||||
fi
|
||||
if test "$enable_lzlib" = "yes"; then
|
||||
if test "$ac_cv_header_lzlib_h$ac_cv_lib_lz_LZ_decompress_open" != "yesyes"; then
|
||||
AC_MSG_ERROR([lzlib support requested but not found])
|
||||
fi
|
||||
fi
|
||||
if test "$ac_cv_header_lzlib_h$ac_cv_lib_lz_LZ_decompress_open" = "yesyes"; then
|
||||
AC_DEFINE([LZLIBSUPPORT], 1, [Enable lzlib compression support])
|
||||
fi
|
||||
|
||||
AC_CONFIG_FILES([Makefile src/Makefile magic/Makefile tests/Makefile doc/Makefile python/Makefile libmagic.pc])
|
||||
AC_OUTPUT
|
||||
|
21
doc/file.man
21
doc/file.man
@ -1,5 +1,5 @@
|
||||
.\" $File: file.man,v 1.146 2022/10/26 16:56:14 christos Exp $
|
||||
.Dd October 26, 2022
|
||||
.\" $File: file.man,v 1.150 2023/05/21 17:08:34 christos Exp $
|
||||
.Dd May 21, 2023
|
||||
.Dt FILE __CSECTION__
|
||||
.Os
|
||||
.Sh NAME
|
||||
@ -224,6 +224,8 @@ elf magic is found.
|
||||
Examines JSON (RFC-7159) files by parsing them for compliance.
|
||||
.It soft
|
||||
Consults magic files.
|
||||
.It simh
|
||||
Examines SIMH tape files.
|
||||
.It tar
|
||||
Examines tar files by verifying the checksum of the 512 byte tar header.
|
||||
Excluding this test can provide more detailed content description by using
|
||||
@ -337,16 +339,17 @@ attempt to preserve the access time of files analyzed, to pretend that
|
||||
never read them.
|
||||
.It Fl P , Fl Fl parameter Ar name=value
|
||||
Set various parameter limits.
|
||||
.Bl -column "elf_phnum" "Default" "XXXXXXXXXXXXXXXXXXXXXXXXXXX" -offset indent
|
||||
.Bl -column "elf_phnum" "Default" "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
|
||||
.It Sy "Name" Ta Sy "Default" Ta Sy "Explanation"
|
||||
.It Li bytes Ta 1048576 Ta max number of bytes to read from file
|
||||
.It Li bytes Ta 1M Ta max number of bytes to read from file
|
||||
.It Li elf_notes Ta 256 Ta max ELF notes processed
|
||||
.It Li elf_phnum Ta 2048 Ta max ELF program sections processed
|
||||
.It Li elf_shnum Ta 32768 Ta max ELF sections processed
|
||||
.It Li encoding Ta 65536 Ta max number of bytes to scan for encoding evaluation
|
||||
.It Li elf_phnum Ta 2K Ta max ELF program sections processed
|
||||
.It Li elf_shnum Ta 32K Ta max ELF sections processed
|
||||
.It Li elf_shsize Ta 128MB Ta max ELF section size processed
|
||||
.It Li encoding Ta 65K Ta max number of bytes to determine encoding
|
||||
.It Li indir Ta 50 Ta recursion limit for indirect magic
|
||||
.It Li name Ta 50 Ta use count limit for name/use magic
|
||||
.It Li regex Ta 8192 Ta length limit for regex searches
|
||||
.It Li regex Ta 8K Ta length limit for regex searches
|
||||
.El
|
||||
.It Fl r , Fl Fl raw
|
||||
Don't translate unprintable characters to \eooo.
|
||||
@ -727,7 +730,7 @@ variable in file.h), then we don't seek to that offset, but we give up.
|
||||
It would be better if buffer managements was done when the file descriptor
|
||||
is available so we can seek around the file.
|
||||
One must be careful though because this has performance and thus security
|
||||
considerations, because one can slow down things by repeateadly seeking.
|
||||
considerations, because one can slow down things by repeatedly seeking.
|
||||
.Pp
|
||||
There is support now for keeping separate buffers and having offsets from
|
||||
the end of the file, but the internal buffer management still needs an
|
||||
|
@ -1,6 +1,6 @@
|
||||
.\" $File: libmagic.man,v 1.45 2019/06/08 22:16:24 christos Exp $
|
||||
.\" $File: libmagic.man,v 1.49 2023/07/20 14:32:07 christos Exp $
|
||||
.\"
|
||||
.\" Copyright (c) Christos Zoulas 2003, 2018.
|
||||
.\" Copyright (c) Christos Zoulas 2003, 2018, 2022
|
||||
.\" All Rights Reserved.
|
||||
.\"
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
@ -25,7 +25,7 @@
|
||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.Dd June 8, 2019
|
||||
.Dd June 16, 2023
|
||||
.Dt LIBMAGIC 3
|
||||
.Os
|
||||
.Sh NAME
|
||||
@ -84,6 +84,8 @@
|
||||
.Fn magic_setparam "magic_t cookie" "int param" "const void *value"
|
||||
.Ft int
|
||||
.Fn magic_version "void"
|
||||
.Ft const char *
|
||||
.Fn magic_getpath "const char *magicfile" "int action"
|
||||
.Sh DESCRIPTION
|
||||
These functions
|
||||
operate on the magic database file
|
||||
@ -143,6 +145,8 @@ Don't report on compression, only report about the uncompressed data.
|
||||
Don't check for
|
||||
.Dv EMX
|
||||
application type (only on EMX).
|
||||
.It Dv MAGIC_NO_COMPRESS_FORK
|
||||
Don't allow decompressors that use fork.
|
||||
.It Dv MAGIC_NO_CHECK_CDF
|
||||
Don't get extra information on MS Composite Document Files.
|
||||
.It Dv MAGIC_NO_CHECK_COMPRESS
|
||||
@ -163,6 +167,8 @@ Don't look for known tokens inside ascii files.
|
||||
Don't examine JSON files.
|
||||
.It Dv MAGIC_NO_CHECK_CSV
|
||||
Don't examine CSV files.
|
||||
.It Dv MAGIC_NO_CHECK_SIMH
|
||||
Don't examine SIMH tape files.
|
||||
.El
|
||||
.Pp
|
||||
The
|
||||
@ -343,6 +349,20 @@ from
|
||||
.In magic.h .
|
||||
This can be used by client programs to verify that the version they compile
|
||||
against is the same as the version that they run against.
|
||||
.Pp
|
||||
The
|
||||
.Fn magic_getpath
|
||||
command returns the colon separated list of magic database locations.
|
||||
If the
|
||||
.Fa filename
|
||||
is non-NULL, then it is returned.
|
||||
Otherwise, if the
|
||||
.Dv MAGIC
|
||||
environment variable is defined, then it is returned.
|
||||
Otherwise, if
|
||||
.Fa action
|
||||
is 0 (meaning "file load"), then any user-specific magic database file is included.
|
||||
Otherwise, only the system default magic database path is included.
|
||||
.Sh RETURN VALUES
|
||||
The function
|
||||
.Fn magic_open
|
||||
|
@ -1,5 +1,5 @@
|
||||
.\" $File: magic.man,v 1.100 2022/09/10 13:19:26 christos Exp $
|
||||
.Dd September 10, 2022
|
||||
.\" $File: magic.man,v 1.103 2023/07/20 14:32:07 christos Exp $
|
||||
.Dd Arpil 18, 2023
|
||||
.Dt MAGIC __FSECTION__
|
||||
.Os
|
||||
.\" install as magic.4 on USG, magic.5 on V7, Berkeley and Linux systems.
|
||||
@ -68,54 +68,52 @@ A 32-bit single precision IEEE floating point number in this machine's native by
|
||||
A 64-bit double precision IEEE floating point number in this machine's native byte order.
|
||||
.It Dv string
|
||||
A string of bytes.
|
||||
The string type specification can be optionally followed
|
||||
by /[WwcCtbTf]*.
|
||||
The
|
||||
.Dq W
|
||||
flag compacts whitespace in the target, which must
|
||||
The string type specification can be optionally followed by a /<width>
|
||||
option and optionally followed by a set of flags /[bCcftTtWw]*.
|
||||
The width limits the number of characters to be copied.
|
||||
Zero means all characters.
|
||||
The following flags are supported:
|
||||
.Bl -tag -width B -compact -offset XXXX
|
||||
.It b
|
||||
Force binary file test.
|
||||
.It C
|
||||
Use upper case insensitive matching: upper case
|
||||
characters in the magic match both lower and upper case characters in the
|
||||
target, whereas lower case characters in the magic only match upper case
|
||||
characters in the target.
|
||||
.It c
|
||||
Use lower case insensitive matching: lower case
|
||||
characters in the magic match both lower and upper case characters in the
|
||||
target, whereas upper case characters in the magic only match upper case
|
||||
characters in the target.
|
||||
To do a complete case insensitive match, specify both
|
||||
.Dq c
|
||||
and
|
||||
.Dq C .
|
||||
.It f
|
||||
Require that the matched string is a full word, not a partial word match.
|
||||
.It T
|
||||
Trim the string, i.e. leading and trailing whitespace
|
||||
.It t
|
||||
Force text file test.
|
||||
.It W
|
||||
Compact whitespace in the target, which must
|
||||
contain at least one whitespace character.
|
||||
If the magic has
|
||||
.Dv n
|
||||
consecutive blanks, the target needs at least
|
||||
.Dv n
|
||||
consecutive blanks to match.
|
||||
The
|
||||
.Dq w
|
||||
flag treats every blank in the magic as an optional blank.
|
||||
The
|
||||
.Dq f
|
||||
flags requires that the matched string is a full word, not a partial word match.
|
||||
The
|
||||
.Dq c
|
||||
flag specifies case insensitive matching: lower case
|
||||
characters in the magic match both lower and upper case characters in the
|
||||
target, whereas upper case characters in the magic only match upper case
|
||||
characters in the target.
|
||||
The
|
||||
.Dq C
|
||||
flag specifies case insensitive matching: upper case
|
||||
characters in the magic match both lower and upper case characters in the
|
||||
target, whereas lower case characters in the magic only match upper case
|
||||
characters in the target.
|
||||
To do a complete case insensitive match, specify both
|
||||
.Dq c
|
||||
and
|
||||
.Dq C .
|
||||
The
|
||||
.Dq t
|
||||
flag forces the test to be done for text files, while the
|
||||
.Dq b
|
||||
flag forces the test to be done for binary files.
|
||||
The
|
||||
.Dq T
|
||||
flag causes the string to be trimmed, i.e. leading and trailing whitespace
|
||||
.It w
|
||||
Treat every blank in the magic as an optional blank.
|
||||
is deleted before the string is printed.
|
||||
.El
|
||||
.It Dv pstring
|
||||
A Pascal-style string where the first byte/short/int is interpreted as the
|
||||
unsigned length.
|
||||
The length defaults to byte and can be specified as a modifier.
|
||||
The following modifiers are supported:
|
||||
.Bl -tag -compact -width B
|
||||
.Bl -tag -width B -compact -offset XXXX
|
||||
.It B
|
||||
A byte length (default).
|
||||
.It H
|
||||
@ -544,6 +542,20 @@ An APPLE 4+4 character APPLE creator and type can be specified as:
|
||||
!:apple CREATYPE
|
||||
.Ed
|
||||
.Pp
|
||||
A slash-separated list of commonly found filename extensions can be specified
|
||||
as:
|
||||
.Bd -literal -offset indent
|
||||
!:ext ext[/ext...]
|
||||
.Ed
|
||||
.Pp
|
||||
i.e. the literal string
|
||||
.Dq !:ext
|
||||
followed by a slash-separated list of commonly found extensions; for example
|
||||
for JPEG images:
|
||||
.Bd -literal -offset indent
|
||||
!:ext jpeg/jpg/jpe/jfif
|
||||
.Ed
|
||||
.Pp
|
||||
A MIME type is given on a separate line, which must be the next
|
||||
non-blank or comment line after the magic line that identifies the
|
||||
file type, and has the following format:
|
||||
@ -776,8 +788,8 @@ and
|
||||
.Dv long
|
||||
on the platform, even though the Single
|
||||
.Ux
|
||||
Specification implies that they do. However, as OS X Mountain Lion has
|
||||
passed the Single
|
||||
Specification implies that they do.
|
||||
However, as OS X Mountain Lion has passed the Single
|
||||
.Ux
|
||||
Specification validation suite, and supplies a version of
|
||||
.Xr file __CSECTION__
|
||||
|
@ -8,3 +8,4 @@ Description: Magic number recognition library
|
||||
Version: @VERSION@
|
||||
Libs: -L${libdir} -lmagic
|
||||
Libs.private: @LIBS@
|
||||
Cflags: -I${includedir}
|
||||
|
@ -1,6 +1,6 @@
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# $File: algol68,v 1.4 2021/08/15 06:00:55 christos Exp $
|
||||
# $File: algol68,v 1.6 2022/11/06 18:36:55 christos Exp $
|
||||
# algol68: file(1) magic for Algol 68 source
|
||||
#
|
||||
# URL: https://en.wikipedia.org/wiki/ALGOL_68
|
||||
@ -9,14 +9,8 @@
|
||||
0 search/8192 (input,
|
||||
>0 use algol_68
|
||||
# graph_2d.a68
|
||||
0 regex/4006 \^PROC
|
||||
#>&-4 string x \b, dBase or Algol "%s"
|
||||
# most xBase scripts *.prg with PROCEDURE like: Areacode BarCount Def_mens Vendors
|
||||
#>&-4 string =PROCEDURE \b, dBase PROCEDURE
|
||||
# skip xBase program scripts *.prg with PROCEDURE keyword
|
||||
# keyword proc probably followed by white space used to specify algol procedures
|
||||
>&-4 string !PROCEDURE
|
||||
>>0 use algol_68
|
||||
0 regex/4006 \^PROC[[:space:]][a-zA-Z0-9_[:space:]]*[[:space:]]=
|
||||
>0 use algol_68
|
||||
0 regex/1024 \bMODE[\t\ ]
|
||||
>0 use algol_68
|
||||
0 regex/1024 \bMODE[\t\ ]
|
||||
|
@ -1,6 +1,6 @@
|
||||
|
||||
#------------------------------------------------------------
|
||||
# $File: android,v 1.19 2021/04/26 15:56:00 christos Exp $
|
||||
# $File: android,v 1.24 2023/02/20 16:51:59 christos Exp $
|
||||
# Various android related magic entries
|
||||
#------------------------------------------------------------
|
||||
|
||||
@ -180,7 +180,9 @@
|
||||
# In include/androidfw/ResourceTypes.h:
|
||||
# RES_XML_TYPE = 0x0003 followed by the size of the header (ResXMLTree_header),
|
||||
# which is 8 bytes (2 bytes type + 2 bytes header size + 4 bytes size).
|
||||
# The strength is increased to avoid misidentifying as Targa image data
|
||||
0 lelong 0x00080003 Android binary XML
|
||||
!:strength +1
|
||||
|
||||
# Android cryptfs footer
|
||||
# From https://android.googlesource.com/\
|
||||
@ -207,3 +209,51 @@
|
||||
>8 string >000 dex section version: %s,
|
||||
>12 lelong >0 number of dex files: %d,
|
||||
>16 lelong >0 verifier deps size: %d
|
||||
|
||||
# Disassembled DEX files
|
||||
0 string/t .class\x20
|
||||
>&0 regex/512 \^\\.super\x20L.*;$ disassembled Android DEX Java class (smali/baksmali)
|
||||
!:ext smali
|
||||
|
||||
# Android ART (baseline) profile + metadata: baseline.prof, baseline.profm
|
||||
# Reference: https://android.googlesource.com/platform/frameworks/support/\
|
||||
# +/refs/heads/androidx-main/profileinstaller/profileinstaller/\
|
||||
# src/main/java/androidx/profileinstaller/ProfileTranscoder.java
|
||||
# Reference: https://android.googlesource.com/platform/frameworks/support/\
|
||||
# +/refs/heads/androidx-main/profileinstaller/profileinstaller/\
|
||||
# src/main/java/androidx/profileinstaller/ProfileVersion.java
|
||||
0 string pro\x00
|
||||
>0 regex pro\x000[0-9][0-9]\x00 Android ART profile
|
||||
!:ext prof
|
||||
>>4 string 001\x00 \b, version 001 N
|
||||
>>4 string 005\x00 \b, version 005 O
|
||||
>>4 string 009\x00 \b, version 009 O MR1
|
||||
>>4 string 010\x00 \b, version 010 P
|
||||
>>4 string 015\x00 \b, version 015 S
|
||||
0 string prm\x00
|
||||
>0 regex prm\x000[0-9][0-9]\x00 Android ART profile metadata
|
||||
!:ext profm
|
||||
>>4 string 001\x00 \b, version 001 N
|
||||
>>4 string 002\x00 \b, version 002
|
||||
|
||||
# Android package resource table (ARSC): resources.arsc
|
||||
# Reference: https://android.googlesource.com/platform/tools/base/\
|
||||
# +/refs/heads/mirror-goog-studio-main/apkparser/binary-resources/\
|
||||
# src/main/java/com/google/devrel/gmscore/tools/apk/arsc
|
||||
# 00: resource table type = 0x0002 (2) + header size = 12 (2)
|
||||
# 04: chunk size (4, skipped)
|
||||
# 08: #packages (4)
|
||||
0 ulelong 0x000c0002 Android package resource table (ARSC)
|
||||
!:ext arsc
|
||||
>8 ulelong !1 \b, %d packages
|
||||
# 12: string pool type = 0x0001 (2) + header size = 28 (2)
|
||||
# 16: chunk size (4, skipped)
|
||||
# 20: #strings (4), #styles (4), flags (4)
|
||||
>12 ulelong 0x001c0001
|
||||
>>20 ulelong !0 \b, %d string(s)
|
||||
>>24 ulelong !0 \b, %d style(s)
|
||||
>>28 ulelong &1 \b, sorted
|
||||
>>28 ulelong &256 \b, utf8
|
||||
|
||||
# extracted APK Signing Block
|
||||
-16 string APK\x20Sig\x20Block\x2042 APK Signing Block
|
||||
|
@ -1,6 +1,6 @@
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# $File: animation,v 1.90 2022/08/16 11:16:39 christos Exp $
|
||||
# $File: animation,v 1.94 2023/06/16 20:06:50 christos Exp $
|
||||
# animation: file(1) magic for animation/movie formats
|
||||
#
|
||||
# animation formats
|
||||
@ -18,8 +18,8 @@
|
||||
>12 string rmra \b multiple URLs
|
||||
4 string mdat Apple QuickTime movie (unoptimized)
|
||||
!:mime video/quicktime
|
||||
#4 string wide Apple QuickTime movie (unoptimized)
|
||||
#!:mime video/quicktime
|
||||
4 string wide Apple QuickTime movie (unoptimized)
|
||||
!:mime video/quicktime
|
||||
#4 string skip Apple QuickTime movie (modified)
|
||||
#!:mime video/quicktime
|
||||
#4 string free Apple QuickTime movie (modified)
|
||||
@ -37,6 +37,7 @@
|
||||
4 string ftyp ISO Media
|
||||
# https://aeroquartet.com/wordpress/2016/03/05/3-xavc-s/
|
||||
>8 string XAVC \b, MPEG v4 system, Sony XAVC Codec
|
||||
!:mime video/mp4
|
||||
>>96 string x \b, Audio "%.4s"
|
||||
>>118 beshort x at %dHz
|
||||
>>140 string x \b, Video "%.4s"
|
||||
@ -938,6 +939,15 @@
|
||||
!:mime video/MP2T
|
||||
!:ext ts
|
||||
|
||||
# Blu-ray disc Audio-Video MPEG-2 transport stream
|
||||
# From: Alexandre Iooss <erdnaxe@crans.org>
|
||||
# URL: https://en.wikipedia.org/wiki/MPEG_transport_stream
|
||||
# Note: similar to ISO 13818.1 but with 4 extra bytes per packets
|
||||
4 belong&0xFF5FFF10 =0x47400010
|
||||
>196 byte =0x47 BDAV MPEG-2 Transport Stream (M2TS)
|
||||
!:mime video/MP2T
|
||||
!:ext m2ts/mts
|
||||
|
||||
# DIF digital video file format <mpruett@sgi.com>
|
||||
0 belong&0xffffff00 0x1f070000 DIF
|
||||
!:mime video/x-dv
|
||||
@ -1185,3 +1195,12 @@
|
||||
>30 lelong x \b, height: %d
|
||||
>34 lelong x \b, %d bit
|
||||
>38 lelong x \b, frames: %d
|
||||
|
||||
# https://wiki.multimedia.cx/index.php/Duck_IVF
|
||||
0 string DKIF Duck IVF video file
|
||||
!:mime video/x-ivf
|
||||
>4 leshort >0 \b, version %d
|
||||
>8 string x \b, codec %s
|
||||
>12 leshort x \b, %d
|
||||
>14 leshort x \bx%d
|
||||
>24 lelong >0 \b, %d frames
|
||||
|
@ -1,6 +1,6 @@
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# $File: apple,v 1.45 2021/04/26 15:56:00 christos Exp $
|
||||
# $File: apple,v 1.48 2023/05/01 14:20:21 christos Exp $
|
||||
# apple: file(1) magic for Apple file formats
|
||||
#
|
||||
0 search/1/t FiLeStArTfIlEsTaRt binscii (apple ][) text
|
||||
@ -11,26 +11,48 @@
|
||||
0 belong 0x00051600 AppleSingle encoded Macintosh file
|
||||
0 belong 0x00051607 AppleDouble encoded Macintosh file
|
||||
|
||||
# Type: Apple Emulator A2R format
|
||||
# From: Greg Wildman <greg@apple2.org.za>
|
||||
# Ref: https://applesaucefdc.com/a2r2-reference/
|
||||
# Ref: https://applesaucefdc.com/a2r/
|
||||
0 string A2R
|
||||
>3 string \x31\xFF\x0A\x0D\x0A Applesauce A2R 1.x Disk Image
|
||||
>3 string \x32\xFF\x0A\x0D\x0A Applesauce A2R 2.x Disk Image
|
||||
>3 string \x33\xFF\x0A\x0D\x0A Applesauce A2R 3.x Disk Image
|
||||
>8 string INFO
|
||||
>>49 byte 01 \b, 5.25″ SS 40trk
|
||||
>>49 byte 02 \b, 3.5″ DS 80trk
|
||||
>>49 byte 03 \b, 5.25″ DS 80trk
|
||||
>>49 byte 04 \b, 5.25″ DS 40trk
|
||||
>>49 byte 05 \b, 3.5″ DS 80trk
|
||||
>>49 byte 06 \b, 8″ DS
|
||||
>>50 byte 01 \b, write protected
|
||||
>>51 byte 01 \b, cross track synchronized
|
||||
>>17 string/T x \b, %.32s
|
||||
|
||||
# Type: Apple Emulator WOZ format
|
||||
# From: Greg Wildman <greg@apple2.org.za>
|
||||
# Ref: https://applesaucefdc.com/woz/reference/
|
||||
# Ref: https://applesaucefdc.com/woz/reference2/
|
||||
#
|
||||
# Note: The following test are mostly identical. I would rather not
|
||||
# use a regex to identify the WOZ format number.
|
||||
0 string WOZ1
|
||||
>4 string \xFF\x0A\x0D\x0A Apple ][ WOZ 1.0 Disk Image
|
||||
0 string WOZ
|
||||
>3 string \x31\xFF\x0A\x0D\x0A Apple ][ WOZ 1.0 Disk Image
|
||||
>3 string \x32\xFF\x0A\x0D\x0A Apple ][ WOZ 2.0 Disk Image
|
||||
>12 string INFO
|
||||
>>21 byte 01 \b, 5.25 inch
|
||||
>>21 byte 02 \b, 3.5 inch
|
||||
>>22 byte 01 \b, write protected
|
||||
>>23 byte 01 \b, cross track synchronized
|
||||
>>25 string/T x \b, %.32s
|
||||
0 string WOZ2
|
||||
>4 string \xFF\x0A\x0D\x0A Apple ][ WOZ 2.0 Disk Image
|
||||
|
||||
# Type: Apple Macintosh Emulator MOOF format
|
||||
# From: Greg Wildman <greg@apple2.org.za>
|
||||
# Ref: https://applesaucefdc.com/moof-reference/
|
||||
0 string MOOF
|
||||
>4 string \xFF\x0A\x0D\x0A Apple Macintosh MOOF Disk Image
|
||||
>12 string INFO
|
||||
>>21 byte 01 \b, 5.25 inch
|
||||
>>21 byte 02 \b, 3.5 inch
|
||||
>>21 byte 01 \b, SSDD GCR (400K)
|
||||
>>21 byte 02 \b, DSDD GCR (800K)
|
||||
>>21 byte 03 \b, DSHD MFM (1.44M)
|
||||
>>22 byte 01 \b, write protected
|
||||
>>23 byte 01 \b, cross track synchronized
|
||||
>>25 string/T x \b, %.32s
|
||||
@ -43,29 +65,79 @@
|
||||
>0x400 string \x00\x00\x03\x00
|
||||
>>0x404 byte &0xF0
|
||||
>>>0x405 string x \b, Volume /%s
|
||||
>>>0x429 leshort x \b, %u Blocks
|
||||
>>>0x429 uleshort x \b, %u Blocks
|
||||
# ProDOS ordered ?
|
||||
>0xb00 string \x00\x00\x03\x00
|
||||
>>0xb04 byte &0xF0
|
||||
>>>0xb05 string x \b, Volume /%s
|
||||
>>>0xb29 leshort x \b, %u Blocks
|
||||
>>>0xb29 uleshort x \b, %u Blocks
|
||||
#
|
||||
# DOS3.3 boot loader?
|
||||
0 string \x01\xA5\x27\xC9\x09\xD0\x18\xA5\x2B
|
||||
>0x11001 string \x11\x0F\x03 Apple DOS 3.3 Image
|
||||
>>0x11006 byte x \b, Volume %u
|
||||
>>0x11034 byte x \b, %u Tracks
|
||||
>>0x11035 byte x \b, %u Sectors
|
||||
>>0x11036 leshort x \b, %u bytes per sector
|
||||
# DOS3.2 ?
|
||||
>0x11001 string \x11\x0C\x02 Apple DOS 3.2 Image
|
||||
>>0x11006 byte x \b, Volume %u
|
||||
>>0x11034 byte x \b, %u Tracks
|
||||
>>0x11035 byte x \b, %u Sectors
|
||||
>>0x11036 leshort x \b, %u bytes per sector
|
||||
# DOS3.1 ?
|
||||
>0x11001 string \x11\x0C\x01
|
||||
>>0x11c00 string \x00\x11\x0B Apple DOS 3.1 Image
|
||||
# Proboot HD
|
||||
0 string \x01\x8A\x48\xD8\x2C\x82\xC0\x8D\x0E\xC0\x8D\x0C Apple ProDOS ProBoot Image
|
||||
>0x400 string \x00\x00\x03\x00
|
||||
>>0x404 byte &0xF0
|
||||
>>>0x405 string x \b, Volume /%s
|
||||
>>>0x429 uleshort x \b, %u Blocks
|
||||
>0xb00 string \x00\x00\x03\x00
|
||||
>>0xb04 byte &0xF0
|
||||
>>>0xb05 string x \b, Volume /%s
|
||||
>>>0xb29 uleshort x \b, %u Blocks
|
||||
0 string \x01\xA8\x8A\x20\x7B\xF8\x29\x07\x09\xC0\x99\x30 Apple ProDOS ProBoot Image
|
||||
>0x400 string \x00\x00\x03\x00
|
||||
>>0x404 byte &0xF0
|
||||
>>>0x405 string x \b, Volume /%s
|
||||
>>>0x429 uleshort x \b, %u Blocks
|
||||
>0xb00 string \x00\x00\x03\x00
|
||||
>>0xb04 byte &0xF0
|
||||
>>>0xb05 string x \b, Volume /%s
|
||||
>>>0xb29 uleshort x \b, %u Blocks
|
||||
0 string \x01\x4A\xD0\x34\xE6\x3D\x8A\x20\x7B\xF8\x09\xC0 Apple ProDOS ProBoot Image
|
||||
>0x400 string \x00\x00\x03\x00
|
||||
>>0x404 byte &0xF0
|
||||
>>>0x405 string x \b, Volume /%s
|
||||
>>>0x429 uleshort x \b, %u Blocks
|
||||
>0xb00 string \x00\x00\x03\x00
|
||||
>>0xb04 byte &0xF0
|
||||
>>>0xb05 string x \b, Volume /%s
|
||||
>>>0xb29 uleshort x \b, %u Blocks
|
||||
#
|
||||
# ProDOS formatted
|
||||
0 string \x01\xBD\x88\xC0\x20\x2F\xFB\x20\x58\xFC\x20\x40 Apple ProDOS Unbootable Image
|
||||
>0x400 string \x00\x00\x03\x00
|
||||
>>0x404 byte &0xF0
|
||||
>>>0x405 string x \b, Volume /%s
|
||||
>>>0x429 uleshort x \b, %u Blocks
|
||||
>0xb00 string \x00\x00\x03\x00
|
||||
>>0xb04 byte &0xF0
|
||||
>>>0xb05 string x \b, Volume /%s
|
||||
>>>0xb29 uleshort x \b, %u Blocks
|
||||
0 string \x01\x38\xB0\x03\x4C\x1C\x09\x78\x86\x43\xC9\x03 Apple ProDOS Unbootable Image
|
||||
>0x400 string \x00\x00\x03\x00
|
||||
>>0x404 byte &0xF0
|
||||
>>>0x405 string x \b, Volume /%s
|
||||
>>>0x429 uleshort x \b, %u Blocks
|
||||
>0xb00 string \x00\x00\x03\x00
|
||||
>>0xb04 byte &0xF0
|
||||
>>>0xb05 string x \b, Volume /%s
|
||||
>>>0xb29 uleshort x \b, %u Blocks
|
||||
#
|
||||
# DOS3 boot loader
|
||||
0 string \x01\xA5\x27\xC9\x09\xD0
|
||||
>0x11001 byte 0x11
|
||||
>>0x11003 ubyte x Apple DOS 3.%u Image
|
||||
>>0x11006 ubyte x \b, Volume #%03u
|
||||
>>0x11034 ubyte x \b, %u Tracks
|
||||
>>0x11035 ubyte x \b, %u Sectors
|
||||
>>0x11036 uleshort x \b, %u bytes per sector
|
||||
#
|
||||
# DOS3 uninitialized disk
|
||||
0 string \x01\xA6\x2B\xBD\x88\xC0\x8A\x4A\x4A
|
||||
>0x11001 byte 0x11
|
||||
>>0x11003 ubyte x Apple DOS 3.%u Unbootable Image
|
||||
>>>0x11006 ubyte x \b, Volume #%03u
|
||||
>>>0x11034 ubyte x \b, %u Tracks
|
||||
>>>0x11035 ubyte x \b, %u Sectors
|
||||
>>>0x11036 uleshort x \b, %u bytes per sector
|
||||
#
|
||||
# Pascal boot loader?
|
||||
0 string \x01\xE0\x60\xF0\x03\x4C\xE3\x08\xAD
|
||||
@ -112,9 +184,70 @@
|
||||
>>0x440 string \x00\x00\x03\x00
|
||||
>>>0x444 byte &0xF0
|
||||
>>>>0x445 string x \b, Volume /%s
|
||||
>>>>0x469 leshort x \b, %u Blocks
|
||||
>>>>0x469 uleshort x \b, %u Blocks
|
||||
>0xc byte 02 \b, NIB data
|
||||
|
||||
# Type: Peter Ferrie QBoot
|
||||
# From: Greg Wildman <greg@apple2.org.za>
|
||||
# Ref: https://github.com/peterferrie/qboot
|
||||
0 string \x01\x4A\xA8\x69\x0F\x85\x27\xC9
|
||||
>8 string \x12\xF0\x10\xE6\x3D\x86\xDA\x8A Apple ][ QBoot Image
|
||||
|
||||
# Type: Peter Ferrie 0Boot
|
||||
# From: Greg Wildman <greg@apple2.org.za>
|
||||
# Ref: https://github.com/peterferrie/0boot
|
||||
0 string \x01\x4A\xA8\x69\x0F\x85\x27\xC9
|
||||
>8 string \x12\xF0\x10\xE6\x3D\x86\xDA\x8A Apple ][ 0Boot Image
|
||||
|
||||
# Different proprietary boot sectors
|
||||
0 string \x01\x0F\x21\x74\x00\x01\x6B\x00\x02\x30\x81\x5D Apple ][ Disk Image
|
||||
0 string \x01\x20\x58\xFC\xA2\x00\x8E\x78\x04\x8E\xF4\x03 Apple ][ Disk Image
|
||||
0 string \x01\x20\x58\xFC\xAD\x51\xC0\xAD\x54\xC0\xA6\x2B Apple ][ Disk Image
|
||||
0 string \x01\x20\x89\xFE\x20\x93\xFE\xA6\x2B\xBD\x88\xC0 Apple ][ Disk Image
|
||||
0 string \x01\x20\x93\xFE\x20\x89\xFE\x4C\x25\x08\x68\x85 Apple ][ Disk Image
|
||||
0 string \x01\x20\x93\xFE\x20\x89\xFE\x4C\x2D\x08\x68\x85 Apple ][ Disk Image
|
||||
0 string \x01\x38\x90\x2A\xC9\x01\xF0\x33\xA8\xC8\xC0\x10 Apple ][ Disk Image
|
||||
0 string \x01\x38\xB0\x03\x4C\x32\xA1\x87\x43\xC9\x03\x08 Apple ][ Disk Image
|
||||
0 string \x01\x4C\x04\x08\xA9\x2A\x8D\x02\x08\x86\x2B\xEE Apple ][ Disk Image
|
||||
0 string \x01\x4C\x60\x08\x09\xD0\x18\xA5\x2B\x4A\x4A\x4A Apple ][ Disk Image
|
||||
0 string \x01\x4C\x92\x08\x01\x08\xA2\x00\xB5\x00\x9D\x00 Apple ][ Disk Image
|
||||
0 string \x01\x4C\xB3\x08\x09\xD0\x18\xA5\x2B\x4A\x4A\x4A Apple ][ Disk Image
|
||||
0 string \x01\x8D\xFB\x03\x8E\xFC\x03\x8C\xFD\x03\x8A\x29 Apple ][ Disk Image
|
||||
0 string \x01\xA2\xFF\x9A\xD8\x20\x20\x08\x20\x34\x08\xAD Apple ][ Disk Image
|
||||
0 string \x01\xA5\x27\xBD\x88\xC0\x2C\x10\xC0\xA2\x00\xA9 Apple ][ Disk Image
|
||||
0 string \x01\xA5\x2B\xAE\x51\xC0\xEA\xAA\xBD\x88\xC0\x20 Apple ][ Disk Image
|
||||
0 string \x01\xA6\x27\xBD\x0B\x08\x48\xBD\x0A\x08\x48\x85 Apple ][ Disk Image
|
||||
0 string \x01\xA6\x2B\xBD\x88\xC0\x20\x58\xFC\xA9\x01\x85 Apple ][ Disk Image
|
||||
0 string \x01\xA6\x2B\xBD\x88\xC0\x20\x58\xFC\xA9\x25\x85 Apple ][ Disk Image
|
||||
0 string \x01\xA8\xC0\x0F\x90\x16\xF0\x12\xA0\xFF\x18\xAD Apple ][ Disk Image
|
||||
0 string \x01\xA9\x00\x85\xF0\xA9\x04\x85\xF1\xA0\x00\xA9 Apple ][ Disk Image
|
||||
0 string \x01\xA9\x5C\x8D\xF2\x03\xA9\xC6\x8D\xF3\x03\x49 Apple ][ Disk Image
|
||||
0 string \x01\xA9\x60\x8D\x01\x08\x20\x2F\xFB\x20\x58\xFC Apple ][ Disk Image
|
||||
0 string \x01\xA9\x60\x8D\x01\x08\x20\x49\x08\xA9\x0A\x85 Apple ][ Disk Image
|
||||
0 string \x01\xA9\x60\x8D\x01\x08\x2C\x82\xC0\xBD\x88\xC0 Apple ][ Disk Image
|
||||
0 string \x01\xA9\x60\x8D\x01\x08\x86\x43\x8A\x4A\x4A\x4A Apple ][ Disk Image
|
||||
0 string \x01\xA9\x60\x8D\x01\x08\xA2\x00\x86\xFF\xB5\x00 Apple ][ Disk Image
|
||||
0 string \x01\xA9\x60\x8D\x01\x08\xA2\x00\xB5\x00\x9D\x00 Apple ][ Disk Image
|
||||
0 string \x01\xA9\x60\x8D\x01\x08\xA9\xB2\x8D\xF2\x03\xA9 Apple ][ Disk Image
|
||||
0 string \x01\xA9\x60\x8D\x01\x08\xA9\xFF\x8D\xF3\x03\x8D Apple ][ Disk Image
|
||||
0 string \x01\xAC\x00\x08\xF0\x19\xB9\x30\x08\x85\x3D\xCE Apple ][ Disk Image
|
||||
0 string \x01\xAC\x23\x08\x30\x2E\xB9\x24\x08\x85\x3D\xCE Apple ][ Disk Image
|
||||
0 string \x01\xAD\x00\x08\xC9\x09\xB0\x20\x69\x02\x8D\x00 Apple ][ Disk Image
|
||||
0 string \x01\xB0\x00\xA9\x3C\x8D\x02\x08\x86\x2B\x8A\x4A Apple ][ Disk Image
|
||||
0 string \x01\xB0\x00\xA9\x3C\x8D\x02\x08\xA9\xF5\x8D\xF2 Apple ][ Disk Image
|
||||
0 string \x01\xB0\x00\xA9\x3F\x8D\x02\x08\x86\x2B\x8E\xF4 Apple ][ Disk Image
|
||||
0 string \x01\xB0\x00\xA9\x48\x8D\x02\x08\x86\x2B\x8E\xF4 Apple ][ Disk Image
|
||||
0 string \x01\xBD\x88\xC0\x8A\x4A\x4A\x4A\x4A\x09\xC0\x8D Apple ][ Disk Image
|
||||
0 string \x01\xBD\x88\xC0\x8A\x4A\x4A\x4A\x4A\x8D\x2F\x08 Apple ][ Disk Image
|
||||
0 string \x01\xD8\x2C\x81\xC0\xA9\x60\x4D\x58\xFF\xD0\xFE Apple ][ Disk Image
|
||||
0 string \x01\xD8\x78\xBD\x88\xC0\xA9\xFD\x85\x37\x85\x39 Apple ][ Disk Image
|
||||
0 string \x01\xE0\x60\xF0\x03\x4C\x16\x09\xAD\x00\x08\xC9 Apple ][ Disk Image
|
||||
0 string \x01\xE0\x60\xF0\x03\x4C\xCB\x08\xAD\x00\x08\xC9 Apple ][ Disk Image
|
||||
0 string \x01\xE0\x60\xF0\x03\x4C\xEE\x08\xAD\x00\x08\xC9 Apple ][ Disk Image
|
||||
0 string \x01\xE0\x60\xF0\x03\x4C\xEF\x08\xAD\x00\x08\xC9 Apple ][ Disk Image
|
||||
0 string \x01\xE0\x70\xB0\x04\xE0\x40\xB0\x39\xBD\x88\xC0 Apple ][ Disk Image
|
||||
0 string \x01\xEA\x8D\xF4\x03\xA9\x60\x9D\x88\xC0\x8D\x51 Apple ][ Disk Image
|
||||
|
||||
# magic for Newton PDA package formats
|
||||
# from Ruda Moura <ruda@helllabs.org>
|
||||
0 string package0 Newton package, NOS 1.x,
|
||||
@ -291,7 +424,13 @@
|
||||
#>0x410 string disk\ image UDIF read/write image (UDRW)
|
||||
|
||||
# From: Toby Peterson <toby@apple.com>
|
||||
# From https://www.nationalarchives.gov.uk/pronom/fmt/866
|
||||
0 string bplist00
|
||||
>8 search/500 WebMainResource Apple Safari Webarchive
|
||||
!:mime application/x-webarchive
|
||||
!:strength +50
|
||||
0 string bplist00 Apple binary property list
|
||||
!:mime application/x-bplist
|
||||
|
||||
# Apple binary property list (bplist)
|
||||
# Assumes version bytes are hex.
|
||||
@ -491,9 +630,107 @@
|
||||
# Usually not in separate files, but have either filename rsrc with
|
||||
# no extension, or a filename corresponding to another file, with
|
||||
# extensions rsr/rsrc
|
||||
# URL: http://fileformats.archiveteam.org/wiki/Macintosh_resource_file
|
||||
# https://en.wikipedia.org/wiki/Resource_fork
|
||||
# Reference: https://github.com/kreativekorp/ksfl/wiki/Macintosh-Resource-File-Format
|
||||
# http://developer.apple.com/legacy/mac/library/documentation/mac/pdf/MoreMacintoshToolbox.pdf
|
||||
# https://formats.kaitai.io/resource_fork/
|
||||
# Update: Joerg Jenderek
|
||||
# Note: verified often by command like `deark -m macrsrc Icon_.rsrc`
|
||||
# offset of resource data; usually starts at offset 0x0100
|
||||
0 string \000\000\001\000
|
||||
>4 leshort 0
|
||||
>>16 lelong 0 Apple HFS/HFS+ resource fork
|
||||
# skip NPETraceSession.etl with invalid "low" map offset 0
|
||||
>4 ubelong >0xFF
|
||||
# skip few Atari DEGAS Elite bitmap (eil2.pi1 nastro.pi1) with ivalid "high" 0x6550766 0x7510763 map length
|
||||
>>12 ubelong <0x8001
|
||||
# most examples with zeroed system reserved field
|
||||
>>>16 lelong =0
|
||||
>>>>0 use apple-rsr
|
||||
# few samples with not zeroed system reserved field like: Empty.rsrc.rsr OpenSans-CondBold.dfont
|
||||
>>>16 lelong !0
|
||||
# resource fork variant with not zeroed system reserved field and copy of header
|
||||
>>>>(4.L) ubelong 0x100
|
||||
# GRR: the line above only works if in ../../src/file.h FILE_BYTES_MAX is raised from 1 MiB above 0x6ab0f4 (HelveticaNeue.dfont)
|
||||
>>>>>0 use apple-rsr
|
||||
# data fork variant with not zeroed system reserved field and no copy of header
|
||||
>>>>(4.L) ubelong 0
|
||||
>>>>>0 use apple-rsr
|
||||
# Note: moved and merged from ./macintosh
|
||||
# From: Adam Buchbinder <adam.buchbinder@gmail.com>
|
||||
# URL: https://en.wikipedia.org/wiki/Datafork_TrueType
|
||||
# Derived from the 'fondu' and 'ufond' source code (fondu.sf.net). 'sfnt' is
|
||||
# TrueType; 'POST' is PostScript. 'FONT' and 'NFNT' sometimes appear, but I
|
||||
# don't know what they mean.
|
||||
# display information about Mac OSX datafork font DFONT
|
||||
0 name apple-dfont
|
||||
>(4.L+30) ubelong x Mac OSX datafork font,
|
||||
# https://en.wikipedia.org/wiki/Datafork_TrueType
|
||||
!:mime application/x-dfont
|
||||
!:ext dfont
|
||||
# https://exiftool.org/TagNames/RSRC.html
|
||||
>(4.L+30) ubelong 0x73666e74 TrueType
|
||||
>(4.L+30) ubelong 0x464f4e54 'FONT'
|
||||
>(4.L+30) ubelong 0x4e464e54 'NFNT'
|
||||
>(4.L+30) ubelong 0x504f5354 PostScript
|
||||
>(4.L+30) ubelong 0x464f4e44 'FOND'
|
||||
>(4.L+30) ubelong 0x76657273 'vers'
|
||||
# display information about Macintosh resource
|
||||
0 name apple-rsr
|
||||
>(4.L+30) ubelong 0x73666e74
|
||||
>>0 use apple-dfont
|
||||
>(4.L+30) ubelong 0x464f4e54
|
||||
>>0 use apple-dfont
|
||||
>(4.L+30) ubelong 0x4e464e54
|
||||
>>0 use apple-dfont
|
||||
>(4.L+30) ubelong 0x504f5354
|
||||
>>0 use apple-dfont
|
||||
>(4.L+30) ubelong 0x464f4e44
|
||||
>>0 use apple-dfont
|
||||
>(4.L+30) ubelong 0x76657273
|
||||
>>0 use apple-dfont
|
||||
>(4.L+30) default x Apple HFS/HFS+ resource fork
|
||||
#!:mime application/octet-stream
|
||||
!:mime application/x-apple-rsr
|
||||
!:ext rsrc/rsr
|
||||
# offset to resource data; usually starts at offset 0x0100
|
||||
>0 ubelong !0x100 \b, data offset %#x
|
||||
# offset to resource map; positive but not nil like in NPETraceSession.etl
|
||||
>4 ubelong x \b, map offset %#x
|
||||
# length of resource map; positive with 32K limitation but not
|
||||
# nil like in NPETraceSession.etl or high like 0x7510763 in nastro.pi1
|
||||
>12 ubelong x \b, map length %#x
|
||||
# length of resource data; positive but not nil like in NPETraceSession.etl
|
||||
>8 ubelong x \b, data length %#x
|
||||
# reserved 112 bytes for system use; apparently often nil, but 8fd20000h in Empty.rsrc.rsr and 0x00768c2b in OpenSans-CondBold.dfont
|
||||
>16 ubelong !0 \b, at 16 %#8.8x
|
||||
# https://fontforge.org/docs/techref/macformats.html
|
||||
# jump to resource map
|
||||
# a copy of resource header or 16 bytes of zeros for data fork
|
||||
#>(4.L) ubelong x \b, DATA offset %#x
|
||||
#>(4.L+4) ubelong x \b, MAP offset %#x
|
||||
#>(4.L+8) ubelong x \b, DATA length %#x
|
||||
#>(4.L+12) ubelong x \b, MAP length %#x
|
||||
# nextResourceMap; handle to next resource map; used by the Resource Manager for internal bookkeeping; should be zero
|
||||
>(4.L+16) ubelong !0 \b, nextResourceMap %#x
|
||||
# fileRef; file reference number; used by the Resource Manager for internal bookkeeping; should be zero
|
||||
>(4.L+20) ubeshort !0 \b, fileRef %#x
|
||||
# attributes; Resource fork attributes (80h~read-only 40h~compression needed 20h~changed); other bits are reserved and should be zero
|
||||
>(4.L+22) ubeshort !0 \b, attributes %#x
|
||||
# typeListOffset; offset from resource map to start of type list like: 1Ch
|
||||
>(4.L+24) ubeshort x \b, list offset %#x
|
||||
# nameListOffset; offset from esource map to start of name list like: 32h 46h 56h (XLISP.RSR XLISPTIN.RSR) 13Eh (HelveticaNeue.dfont)
|
||||
>(4.L+26) ubeshort x \b, name offset %#x
|
||||
# typeCount; number of types in the map minus 1; If there are no resources, this is 0xFFFF
|
||||
>(4.L+28) beshort+1 >0 \b, %u type
|
||||
# plural s
|
||||
>>(4.L+28) beshort+1 >1 \bs
|
||||
# resource type list array; 1st resource type like: ALRT CODE FOND MPSR icns scsz
|
||||
>>(4.L+30) ubelong x \b, %#x
|
||||
>>(4.L+30) string x '%-.4s'
|
||||
# resourceCount; number of this type resources minus one. If there is one resource of this type, this is 0x0000
|
||||
>>(4.L+34) beshort+1 x * %d
|
||||
# resourceListOffset; offset from type list to resource list like: Ah 12h DAh
|
||||
>(4.L+36) ubeshort x resource offset %#x
|
||||
|
||||
#https://en.wikipedia.org/wiki/AppleScript
|
||||
0 string FasdUAS AppleScript compiled
|
||||
|
@ -1,5 +1,5 @@
|
||||
#------------------------------------------------------------------------------
|
||||
# $File: archive,v 1.169 2022/09/12 13:13:28 christos Exp $
|
||||
# $File: archive,v 1.193 2023/07/27 17:55:58 christos Exp $
|
||||
# archive: file(1) magic for archive formats (see also "msdos" for self-
|
||||
# extracting compressed archives)
|
||||
#
|
||||
@ -30,9 +30,11 @@
|
||||
# check for 1st image main name with digits used for sorting
|
||||
# and for name extension case insensitive like: PNG JPG JPEG TIF TIFF GIF BMP
|
||||
>>>>>>>>0 regex \^[0-9]{2,4}[.](png|jpg|jpeg|tif|tiff|gif|bmp)
|
||||
#foo
|
||||
>>>>>>>>>0 use tar-cbt
|
||||
# if 1st member name without digits and without used image suffix then it is a TAR archive
|
||||
# check for 1st member name with ovf suffix
|
||||
>>>>>>>>0 regex \^.{1,96}[.](ovf)
|
||||
>>>>>>>>>0 use tar-ova
|
||||
# if 1st member name without digits and without used image suffix and without *.ovf then it is a TAR archive
|
||||
>>>>>>>>0 default x
|
||||
>>>>>>>>>0 use tar-file
|
||||
# minimal check and then display tar archive information which can also be
|
||||
@ -168,6 +170,21 @@
|
||||
# name[100] probably like: 19.jpg 0001.png 0002.png
|
||||
# or maybe like ComicInfo.xml
|
||||
>0 string >\0 \b, 1st image %-.60s
|
||||
# Summary: Open Virtualization Format *.OVF with disk images and more packed as TAR archive *.OVA
|
||||
# From: Joerg Jenderek
|
||||
# URL: https://en.wikipedia.org/wiki/Open_Virtualization_Format
|
||||
# http://fileformats.archiveteam.org/wiki/OVF_(Open_Virtualization_Format)
|
||||
# Reference: http://mark0.net/download/triddefs_xml.7z/defs/o/ova.trid.xml
|
||||
# Note: called "Open Virtualization Format package" by TrID
|
||||
# assuming *.ovf comes first
|
||||
0 name tar-ova
|
||||
>0 string x Open Virtualization Format Archive
|
||||
#!:mime application/x-ustar
|
||||
# http://extension.nirsoft.net/ova
|
||||
!:mime application/x-virtualbox-ova
|
||||
!:ext ova
|
||||
# assuming name[100] like: DOS-0.9.ovf FreeDOS_1.ovf Win98SE_DE.ovf
|
||||
>0 string >\0 \b, with %-.60s
|
||||
|
||||
# Incremental snapshot gnu-tar format from:
|
||||
# https://www.gnu.org/software/tar/manual/html_node/Snapshot-Files.html
|
||||
@ -185,16 +202,88 @@
|
||||
# The SVR4 "cpio(4)" hints that there are additional formats, but they
|
||||
# are defined as "short"s; I think all the new formats are
|
||||
# character-header formats and thus are strings, not numbers.
|
||||
0 short 070707 cpio archive
|
||||
# URL: http://fileformats.archiveteam.org/wiki/Cpio
|
||||
# https://en.wikipedia.org/wiki/Cpio
|
||||
# Reference: https://people.freebsd.org/~kientzle/libarchive/man/cpio.5.txt
|
||||
# Update: Joerg Jenderek
|
||||
#
|
||||
# Reference: http://mark0.net/download/triddefs_xml.7z/defs/a/ark-cpio-bin.trid.xml
|
||||
# Note: called "CPIO archive (binary)" by TrID, "cpio/Binary LE" by 7-Zip and "CPIO" by DROID via PUID fmt/635
|
||||
0 short 070707
|
||||
# skip DROID fmt-635-signature-id-960.cpio by looking for pathname of 1st entry
|
||||
>26 string >\0 cpio archive
|
||||
!:mime application/x-cpio
|
||||
# https://download.opensuse.org/distribution/leap/15.4/iso/openSUSE-Leap-15.4-NET-x86_64-Media.iso
|
||||
# boot/x86_64/loader/bootlogo
|
||||
# message.cpi
|
||||
!:ext /cpio/cpi
|
||||
>>0 use cpio-bin
|
||||
# Reference: http://mark0.net/download/triddefs_xml.7z/defs/a/ark-cpio-bin-sw.trid.xml
|
||||
# Note: called "CPIO archive (byte swapped binary)" by TrID and "Cpio/Binary BE" by 7-Zip
|
||||
0 short 0143561 byte-swapped cpio archive
|
||||
!:mime application/x-cpio # encoding: swapped
|
||||
# https://telparia.com/fileFormatSamples/archive/cpio/skeleton2.cpio
|
||||
!:ext cpio
|
||||
>0 use cpio-bin-be
|
||||
# Reference: http://mark0.net/download/triddefs_xml.7z/defs/a/ark-cpio.trid.xml
|
||||
# Note: called "CPIO archive (portable)" by TrID, "cpio/Portable ASCII" by 7-Zip and "cpio/odc" by GNU cpio
|
||||
0 string 070707 ASCII cpio archive (pre-SVR4 or odc)
|
||||
!:mime application/x-cpio
|
||||
# https://telparia.com/fileFormatSamples/archive/cpio/ pthreads-1.60B5.osr5src.cpio cinema.cpi VOL.000.008 VOL.000.012
|
||||
!:ext cpio/cpi/008/012
|
||||
# Note: called "CPIO archive (portable)" by TrID, "cpio/New ASCII" by 7-Zip and "cpio/newc" by GNU cpio
|
||||
0 string 070701 ASCII cpio archive (SVR4 with no CRC)
|
||||
!:mime application/x-cpio
|
||||
# https://telparia.com/fileFormatSamples/archive/cpio/MainActor-2.06.3.cpio
|
||||
!:ext cpio
|
||||
# Note: called "CPIO archive (portable)" by TrID, "cpio/New CRC" by 7-Zip and "cpio/crc" by GNU cpio
|
||||
0 string 070702 ASCII cpio archive (SVR4 with CRC)
|
||||
!:mime application/x-cpio
|
||||
# http://ftp.gnu.org/gnu/tar/tar-1.27.cpio.gz
|
||||
# https://telparia.com/fileFormatSamples/archive/cpio/pcmcia
|
||||
!:ext /cpio
|
||||
# display information of old binary cpio archive
|
||||
# Note: verfied by 7-Zip `7z l -tcpio -slt *.cpio` and
|
||||
# `cpio -ivt --numeric-uid-gid --file=clam.bin-le.cpio`
|
||||
0 name cpio-bin
|
||||
# c_dev; device number; WHAT IS THAT?
|
||||
>2 uleshort x \b; device %u
|
||||
# c_ino; truncated inode number; use `ls --inode`
|
||||
>4 uleshort x \b, inode %u
|
||||
# c_mode; mode specifies permissions and file type like: ?622~?rw-r--r-- by `ls -l`
|
||||
>6 uleshort x \b, mode %o
|
||||
# c_uid; numeric user id; use `ls --numeric-uid-gid`
|
||||
>8 uleshort x \b, uid %u
|
||||
# c_gid; numeric group id
|
||||
>10 uleshort x \b, gid %u
|
||||
# c_nlink; links to this file; directories at least 2
|
||||
>12 uleshort >1 \b, %u links
|
||||
# c_rdev; device number for block and character entries; zero for all other entries by writers
|
||||
# like 0x0440 for /dev/ttyS0
|
||||
>14 uleshort >0 \b, device %#4.4x
|
||||
# c_mtime[2]; modification time in seconds since 1 January 1970; most-significant 16 bits first
|
||||
>16 medate x \b, modified %s
|
||||
# c_filesize[2]; size of pathname; most-significant 16 bits first like: 544
|
||||
>22 melong x \b, %u bytes
|
||||
# c_namesize; bytes in the pathname that follows the header like: 9
|
||||
#>20 uleshort x \b, namesize %u
|
||||
# pathname of entry like: "clam.exe"
|
||||
>26 string x "%s"
|
||||
# display information of old binary byte swapped cpio archive
|
||||
# Note: verfied by 7-Zip `7z l -tcpio -slt *.cpio` and
|
||||
# `LANGUAGE=C cpio -ivt --numeric-uid-gid --file=clam.bin-be.cpio`
|
||||
0 name cpio-bin-be
|
||||
>2 ubeshort x \b; device %u
|
||||
>4 ubeshort x \b, inode %u
|
||||
>6 ubeshort x \b, mode %o
|
||||
>8 ubeshort x \b, uid %u
|
||||
>10 ubeshort x \b, gid %u
|
||||
>12 ubeshort >1 \b, %u links
|
||||
>14 ubeshort >0 \b, device %#4.4x
|
||||
>16 bedate x \b, modified %s
|
||||
>22 ubelong x \b, %u bytes
|
||||
#>20 ubeshort x \b, namesize %u
|
||||
>26 string x "%s"
|
||||
|
||||
#
|
||||
# Various archive formats used by various versions of the "ar"
|
||||
@ -271,7 +360,8 @@
|
||||
#>>68 string x (format %.3s)
|
||||
>68 string =2.0\n
|
||||
# 2nd archive name=control archive name like control.tar.gz or control.tar.xz
|
||||
>>72 string >\0 \b, with %.14s
|
||||
# or control.tar.zst
|
||||
>>72 string >\0 \b, with %.15s
|
||||
# look for 3rd archive name=data archive name like data.tar.{gz,xz,bz2,lzma}
|
||||
>>0 search/0x93e4f data.tar. \b, data compression
|
||||
# the above line only works if FILE_BYTES_MAX in ../../src/file.h is raised
|
||||
@ -506,11 +596,12 @@
|
||||
>>>>0 use ttcomp
|
||||
0 string \1\4
|
||||
# TODO:
|
||||
# skip Commodore PET BASIC 4.0 program *.prg
|
||||
# variant ASCII, 1K dictionary (strength=48=50-2). With strength=49 wrong order! WHY?
|
||||
# skip shared library (strength=50) handled by ./ibm6000
|
||||
!:strength -2
|
||||
>0 use ttcomp
|
||||
# skip Commodore PET BASIC programs (Mastermind.prg) with last 3 nil bytes (\0~end of line followed by 0000h line offset)
|
||||
#>-4 ubelong x LAST_BYTES=%8.8x
|
||||
>-4 ubelong&0x00FFffFF !0
|
||||
>>0 use ttcomp
|
||||
# display information of TTComp archive
|
||||
0 name ttcomp
|
||||
# (version 5.25) labeled the entry as "TTComp archive data"
|
||||
@ -753,6 +844,88 @@
|
||||
!:ext ??$
|
||||
>>8 ulelong >0 \b, original size: %u bytes
|
||||
|
||||
# Summary: lzss compressed/EDI Pack
|
||||
# From: Joerg Jenderek
|
||||
# URL: http://fileformats.archiveteam.org/wiki/EDI_Install_packed_file
|
||||
# Note: called "EDI Install LZS compressed data" by TrID and verified by
|
||||
# command like `deark -l -m edi_pack -d2 BOOK01A.IC$` as "EDI Pack LZSS1"
|
||||
0 string EDILZSS
|
||||
>7 string 1
|
||||
# look for point character before orginal file name extension
|
||||
>>8 search/9/b .
|
||||
# check suffix of possible orginal file anme
|
||||
#>>>&0 ubelong x SUFFIX=%8.8x
|
||||
# samples without valid character after point in original file name field like: FENNEL.LZS PLANTAIN.LZS
|
||||
>>>&0 ubyte <0x20
|
||||
>>>>0 use edi-lzs
|
||||
# samples with valid character after point in original file name field
|
||||
>>>&0 ubyte >0x1F
|
||||
# check 2nd charcter of suffix
|
||||
#>>>>&0 ubyte x 2ND_SUFFIX=%x
|
||||
# sample with one valid character after point followed by \0 in original file name field like: SPELMATE.H$
|
||||
>>>>&0 ubyte =0
|
||||
>>>>>0 use edi-pack
|
||||
>>>>&0 ubyte >0x1F
|
||||
# check 3rd charcter of suffix
|
||||
#>>>>>&0 ubyte x 3RD_SUFFIX=%x
|
||||
# no sample with 2 valid characters after point followed by \0 in original file name field
|
||||
>>>>>&0 ubyte =0
|
||||
>>>>>>0 use edi-pack
|
||||
# samples with valid 3rd character after point in original file name field
|
||||
>>>>>&0 ubyte >0x1F
|
||||
# sample with 3 valid character after point followed by \0 in original file name field like: BOOK01A.IC$ CTL3D.DL$
|
||||
>>>>>>&0 ubyte =0
|
||||
>>>>>>>0 use edi-pack
|
||||
# sample with 3 valid character after point followed by no \0 in original file name field like: HERBTEXT.LZS
|
||||
>>>>>>&0 ubyte !0
|
||||
>>>>>>>0 use edi-lzs
|
||||
# no sample with invalid 3rd character after point in original file name field
|
||||
>>>>>&0 default x
|
||||
>>>>>>0 use edi-lzs
|
||||
# sample with invalid 2nd character after point in original file name field like: LACERATE.LZS SPLINTER.LZS
|
||||
>>>>&0 default x
|
||||
>>>>>0 use edi-lzs
|
||||
# sample without point character in original file name field like GUNSHOT.LZS
|
||||
>>8 default x
|
||||
>>>0 use edi-lzs
|
||||
# Reference: http://mark0.net/download/triddefs_xml.7z/defs/e/edi-lzss2.trid.xml
|
||||
# Note: called "EDI Install Pro LZSS2 compressed data" by TrID and verified by
|
||||
# command like `deark -l -m edi_pack -d2 4WAY.WA$` as "EDI Pack LZSS2"
|
||||
>7 string 2 EDI LZSS2 packed
|
||||
#!:mime application/octet-stream
|
||||
!:mime application/x-edi-pack-lzss
|
||||
# the name of a compressed file often ends in character '$' or '_'
|
||||
!:ext ??$/??_
|
||||
# original filename, NUL-terminated, padded to 13 bytes like: mci.vbx 4way.wav skymap.exe cmdialog.vbx
|
||||
>>8 string x "%-0.13s"
|
||||
# original file size, as a 4-byte integer.
|
||||
>>21 ulelong x \b, %u bytes
|
||||
# compressed data like: ff5249464606ec00 ff4d5aa601010000
|
||||
>>>25 ubequad x \b, data %#16.16llx...
|
||||
0 name edi-pack
|
||||
# Note: verified by command like `deark -l -d2 SPELMATE.H$` as "EDI Pack LZSS1"
|
||||
# original filename, NUL-terminated, padded to 13 bytes like: ctl3d.dll spelmate.h filemenu.rc owl.def index-it.exe
|
||||
# but not like \377Aloe.lzs\273 (HERBTEXT.LZS)
|
||||
>8 string x EDI LZSS packed "%-.13s"
|
||||
#!:mime application/octet-stream
|
||||
!:mime application/x-edi-pack-lzss
|
||||
# the name of a compressed file often ends in character '$' or '_'
|
||||
!:ext ??$/?$
|
||||
# compressed data like: f7000001eff02020 ff4d5aa900020000 ff2f2a207370656c
|
||||
>21 ubequad x \b, data %#16.16llx...
|
||||
# URL: http://fileformats.archiveteam.org/wiki/EDI_LZSSLib
|
||||
# Note: verified partly by command like `deark -l -m edi_pack -d2 GUNSHOT.LZS` as "EDI LZSSLib"
|
||||
0 name edi-lzs
|
||||
# Note: verified by command like `deark -l -d2 GUNSHOT.LZS` as "EDI LZSSLib"
|
||||
# no original filename looks like: \277BM\226.\0 \277BM.n\001 \277BM\226.\0 \277BM.g\001 \377Aloe.lzs\273
|
||||
>8 string x EDI LZSSLib packed
|
||||
#!:mime application/octet-stream
|
||||
!:mime application/x-edi-pack-lzss
|
||||
# The name of a compressed file ends with LZS suffix
|
||||
!:ext lzs
|
||||
# compressed data like: bf424df6e10100f3 ff416c6f652e6c7a ff416c6f652e6c7a
|
||||
>8 ubequad x \b, data %#16.16llx...
|
||||
|
||||
# Summary: CAZIP compressed file
|
||||
# From: Joerg Jenderek
|
||||
# URL: http://fileformats.archiveteam.org/wiki/CAZIP
|
||||
@ -791,8 +964,6 @@
|
||||
3 string OctSqu Squash archive data
|
||||
# Terse
|
||||
0 string \5\1\1\0 Terse archive data
|
||||
# PUCrunch
|
||||
0 string \x01\x08\x0b\x08\xef\x00\x9e\x32\x30\x36\x31 PUCrunch archive data
|
||||
# UHarc
|
||||
0 string UHA UHarc archive data
|
||||
# ABComp
|
||||
@ -821,8 +992,10 @@
|
||||
# QFC
|
||||
0 string \x1aFC\x1a QFC archive data
|
||||
0 string \x1aQF\x1a QFC archive data
|
||||
# PRO-PACK
|
||||
0 string RNC PRO-PACK archive data
|
||||
# PRO-PACK https://www.segaretro.org/Rob_Northen_compression
|
||||
0 string RNC
|
||||
>3 byte 1 PRO-PACK archive data (compression 1)
|
||||
>3 byte 2 PRO-PACK archive data (compression 2)
|
||||
# 777
|
||||
0 string 777 777 archive data
|
||||
# LZS221
|
||||
@ -925,11 +1098,39 @@
|
||||
# TPac
|
||||
0 string \4TPAC\3 TPac archive data
|
||||
# Ai
|
||||
# Update: Joerg Jenderek
|
||||
# URL: http://fileformats.archiveteam.org/wiki/Ai_Archiver
|
||||
0 string Ai\1\1\0 Ai archive data
|
||||
#!:mime application/octet-stream
|
||||
!:mime application/x-compress-ai
|
||||
!:ext ai
|
||||
0 string Ai\1\0\0 Ai archive data
|
||||
#!:mime application/octet-stream
|
||||
!:mime application/x-compress-ai
|
||||
!:ext ai
|
||||
# Ai32
|
||||
# Reference: http://mark0.net/download/triddefs_xml.7z/defs/a/ark-ai.trid.xml
|
||||
# Note: called "Ai Archivator compressed archive" by TrID
|
||||
0 string Ai\2\0 Ai32 archive data
|
||||
#!:mime application/octet-stream
|
||||
!:mime application/x-compress-ai
|
||||
!:ext ai
|
||||
# original file name
|
||||
>8 pstring/h x "%s"
|
||||
# according to TrID the next 3 bytes are nil
|
||||
>5 ubyte !0 \b, at 5 %#x
|
||||
>6 ubyte !0 \b, at 6 %#x
|
||||
>7 ubyte !0 \b, at 7 %#x
|
||||
# the fourth byte with value 0 is probably a flag for "non solid" mode
|
||||
#>3 ubyte =0x00 \b, unsolid mode
|
||||
0 string Ai\2\1 Ai32 archive data
|
||||
#!:mime application/octet-stream
|
||||
!:mime application/x-compress-ai
|
||||
!:ext ai
|
||||
# original file name
|
||||
>8 pstring/h x "%s"
|
||||
# the fourth byte with value 0x01 is probably a flag for "solid" mode; this is not the default
|
||||
>3 ubyte =0x01 \b, solid mode
|
||||
# SBC
|
||||
0 string SBC SBC archive data
|
||||
# Ybs
|
||||
@ -1234,7 +1435,7 @@
|
||||
>>>>>>3 regex \^lh[01] LHarc 1.x/ARX archive data
|
||||
# LHice archiver use ".ICE" as name extension instead usual one ".lzh"
|
||||
# FOOBAR archiver use ".foo" as name extension instead usual one
|
||||
# "Florain Orjanov's and Olga Bachetska's ARchiver" not found at the moment
|
||||
# "Florian Orjanov's and Olga Bachetska's ARchiver" not found at the moment
|
||||
>>>>>>>2 string -lh1 \b
|
||||
!:ext lha/lzh/ice
|
||||
>>>>>>3 regex \^lh[23d] LHa 2.x? archive data
|
||||
@ -1422,6 +1623,83 @@
|
||||
!:mime application/zip
|
||||
!:ext zip/cbz
|
||||
|
||||
# Android APK file (Zip archive)
|
||||
0 string PK\003\004
|
||||
!:strength +1
|
||||
# Starts with AndroidManifest.xml (file name length = 19)
|
||||
>26 uleshort 19
|
||||
>>30 string AndroidManifest.xml Android package (APK), with AndroidManifest.xml
|
||||
!:mime application/vnd.android.package-archive
|
||||
!:ext apk
|
||||
>>>-22 string PK\005\006
|
||||
>>>>(-6.l-16) string APK\x20Sig\x20Block\x2042 \b, with APK Signing Block
|
||||
# Starts with META-INF/com/android/build/gradle/app-metadata.properties
|
||||
>26 uleshort 57
|
||||
>>30 string META-INF/com/android/build/gradle/
|
||||
>>>&0 string app-metadata.properties Android package (APK), with gradle app-metadata.properties
|
||||
!:mime application/vnd.android.package-archive
|
||||
!:ext apk
|
||||
>>>>-22 string PK\005\006
|
||||
>>>>>(-6.l-16) string APK\x20Sig\x20Block\x2042 \b, with APK Signing Block
|
||||
# Starts with classes.dex (file name length = 11)
|
||||
>26 uleshort 11
|
||||
>>30 string classes.dex Android package (APK), with classes.dex
|
||||
!:mime application/vnd.android.package-archive
|
||||
!:ext apk
|
||||
>>>-22 string PK\005\006
|
||||
>>>>(-6.l-16) string APK\x20Sig\x20Block\x2042 \b, with APK Signing Block
|
||||
# Starts with META-INF/MANIFEST.MF (file name length = 20)
|
||||
# NB: checks for resources.arsc, classes.dex, etc. as well to avoid matching JAR files
|
||||
>26 uleshort 20
|
||||
>>30 string META-INF/MANIFEST.MF
|
||||
# Contains resources.arsc (near the end, in the central directory)
|
||||
>>>-512 search resources.arsc Android package (APK), with MANIFEST.MF and resources.arsc
|
||||
!:mime application/vnd.android.package-archive
|
||||
!:ext apk
|
||||
>>>>-22 string PK\005\006
|
||||
>>>>>(-6.l-16) string APK\x20Sig\x20Block\x2042 \b, with APK Signing Block
|
||||
>>>-512 default x
|
||||
# Contains classes.dex (near the end, in the central directory)
|
||||
>>>>-512 search classes.dex Android package (APK), with MANIFEST.MF and classes.dex
|
||||
!:mime application/vnd.android.package-archive
|
||||
!:ext apk
|
||||
>>>>>-22 string PK\005\006
|
||||
>>>>>>(-6.l-16) string APK\x20Sig\x20Block\x2042 \b, with APK Signing Block
|
||||
>>>>-512 default x
|
||||
# Contains lib/armeabi (near the end, in the central directory)
|
||||
>>>>>-512 search lib/armeabi Android package (APK), with MANIFEST.MF and armeabi lib
|
||||
!:mime application/vnd.android.package-archive
|
||||
!:ext apk
|
||||
>>>>>>-22 string PK\005\006
|
||||
>>>>>>>(-6.l-16) string APK\x20Sig\x20Block\x2042 \b, with APK Signing Block
|
||||
>>>>>-512 default x
|
||||
# Contains drawables (near the end, in the central directory)
|
||||
>>>>>>-512 search res/drawable Android package (APK), with MANIFEST.MF and drawables
|
||||
!:mime application/vnd.android.package-archive
|
||||
!:ext apk
|
||||
>>>>>>>-22 string PK\005\006
|
||||
>>>>>>>>(-6.l-16) string APK\x20Sig\x20Block\x2042 \b, with APK Signing Block
|
||||
# It may or may not be an APK file, but it's definitely a Java JAR file
|
||||
>>>>>>-512 default x Java archive data (JAR)
|
||||
!:mime application/java-archive
|
||||
!:ext jar
|
||||
# Starts with zipflinger virtual entry (28 + 104 = 132 bytes)
|
||||
# See https://github.com/obfusk/apksigcopier/blob/666f5b7/apksigcopier/__init__.py#L230
|
||||
>4 string \x00\x00\x00\x00\x00\x00
|
||||
>>&0 string \x21\x08\x21\x02
|
||||
>>>&0 string \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00
|
||||
>>>>&0 string \x00\x00 Android package (APK), with zipflinger virtual entry
|
||||
!:mime application/vnd.android.package-archive
|
||||
!:ext apk
|
||||
>>>>>-22 string PK\005\006
|
||||
>>>>>>(-6.l-16) string APK\x20Sig\x20Block\x2042 \b, with APK Signing Block
|
||||
# APK Signing Block
|
||||
>0 default x
|
||||
>>-22 string PK\005\006
|
||||
>>>(-6.l-16) string APK\x20Sig\x20Block\x2042 Android package (APK), with APK Signing Block
|
||||
!:mime application/vnd.android.package-archive
|
||||
!:ext apk
|
||||
|
||||
# Zip archives (Greg Roelofs, c/o zip-bugs@wkuvx1.wku.edu)
|
||||
0 string PK\005\006 Zip archive data (empty)
|
||||
!:mime application/zip
|
||||
@ -1524,9 +1802,13 @@
|
||||
>>>>77 string -web HTML Document Template
|
||||
!:mime application/vnd.oasis.opendocument.text-web
|
||||
!:ext oth
|
||||
>>>>77 string -master Master Document
|
||||
>>>>77 string -master
|
||||
>>>>>84 byte !0x2d Master Document
|
||||
!:mime application/vnd.oasis.opendocument.text-master
|
||||
!:ext odm
|
||||
>>>>>84 string -template Master Template
|
||||
!:mime application/vnd.oasis.opendocument.text-master-template
|
||||
!:ext otm
|
||||
>>>73 string graphics
|
||||
>>>>81 byte !0x2d Drawing
|
||||
!:mime application/vnd.oasis.opendocument.graphics
|
||||
@ -1569,8 +1851,7 @@
|
||||
# Valid for LibreOffice Base 6.0.1.1 at least
|
||||
>>>73 string base Database
|
||||
# https://bugs.documentfoundation.org/show_bug.cgi?id=45854
|
||||
!:mime application/vnd.oasis.opendocument.database
|
||||
#!:mime application/vnd.oasis.opendocument.base
|
||||
!:mime application/vnd.oasis.opendocument.base
|
||||
!:ext odb
|
||||
>>>73 string image
|
||||
>>>>78 byte !0x2d Image
|
||||
@ -1586,6 +1867,16 @@
|
||||
>>50 string epub+zip EPUB document
|
||||
!:mime application/epub+zip
|
||||
|
||||
# From: Hajin Jang <jb6804@naver.com>
|
||||
# hwpx (OWPML) document format follows OCF specification.
|
||||
# Hangul Word Processor 2010+ supports HWPX format.
|
||||
# URL: https://www.hancom.com/etc/hwpDownload.do
|
||||
# https://standard.go.kr/KSCI/standardIntro/getStandardSearchView.do?menuId=503&topMenuId=502&ksNo=KSX6101
|
||||
# https://e-ks.kr/streamdocs/view/sd;streamdocsId=72059197557727331
|
||||
>>50 string hwp+zip Hancom HWP (Hangul Word Processor) file, HWPX
|
||||
!:mime application/x-hwp+zip
|
||||
!:ext hwpx
|
||||
|
||||
# From: Joerg Jenderek
|
||||
# URL: http://en.wikipedia.org/wiki/CorelDRAW
|
||||
# NOTE: version; til 2 WL-based; from 3 til 13 by ./riff; from 14 zip based
|
||||
@ -1639,9 +1930,10 @@
|
||||
>>>38 regex [!-OQ-~]+ Zip data (MIME type "%s"?)
|
||||
!:mime application/zip
|
||||
|
||||
# Java Jar files
|
||||
# Java Jar files (see also APK files above)
|
||||
>(26.s+30) leshort 0xcafe Java archive data (JAR)
|
||||
!:mime application/java-archive
|
||||
!:ext jar
|
||||
|
||||
# iOS App
|
||||
>(26.s+30) leshort !0xcafe
|
||||
@ -1674,16 +1966,116 @@
|
||||
>8 belong x \b, size %d
|
||||
|
||||
# Zoo archiver
|
||||
20 lelong 0xfdc4a7dc Zoo archive data
|
||||
# Update: Joerg Jenderek
|
||||
# URL: https://en.wikipedia.org/wiki/Zoo_(file_format)
|
||||
# http://fileformats.archiveteam.org/wiki/Zoo
|
||||
# Reference: http://mark0.net/download/triddefs_xml.7z/defs/a/ark-zoo-strict.trid.xml
|
||||
# http://distcache.freebsd.org/ports-distfiles/zoo-2.10pl1.tar.gz/zoo.h
|
||||
# Note: called "ZOO compressed archive (strict)" by TrID and "ZOO Compressed Archive" by DROID via PUID x-fmt/269
|
||||
# verified by command like `deark -m zoo -l -d2 WHRCGA.ZOO`
|
||||
20 lelong 0xfdc4a7dc
|
||||
# skip DROID x-fmt-269-signature-id-621.zoo by looking for valid major version to manipulate archive
|
||||
>32 byte >0 Zoo archive data
|
||||
!:mime application/x-zoo
|
||||
>4 byte >48 \b, v%c.
|
||||
>>6 byte >47 \b%c
|
||||
>>>7 byte >47 \b%c
|
||||
>32 byte >0 \b, modify: v%d
|
||||
>>33 byte x \b.%d+
|
||||
>42 lelong 0xfdc4a7dc \b,
|
||||
>>70 byte >0 extract: v%d
|
||||
>>>71 byte x \b.%d+
|
||||
# bak is extension of backup-ed zoo
|
||||
!:ext zoo/bak
|
||||
# version in text form like: 1.50 2.00 2.10
|
||||
>>4 byte >48 \b, v%c.
|
||||
>>>6 byte >47 \b%c
|
||||
>>>>7 byte >47 \b%c
|
||||
# ZOO files typically start with "ZOO ?.?? Archive.", followed by the bytes 0x1a 0x0 0x0; not used by Zoo and they may be anything
|
||||
>>8 string !\040Archive.\032 \b, at 8
|
||||
>>>8 string x text "%0.10s"
|
||||
# major_ver.minor_ver; minimum version needed to manipulate archive like: 1.0 2.0
|
||||
>>32 byte >0 \b, modify: v%d
|
||||
>>>33 byte x \b.%d+
|
||||
# major_ver.minor_ver; minimum version needed to extract after modify like in old versions
|
||||
>>(24.l+28) ubyte x \b, extract: v%u
|
||||
>>(24.l+29) ubyte x \b.%u+
|
||||
# with zoo 2.00 additional fields have been added in the archive header
|
||||
>>32 byte >1
|
||||
# type; type of archive header like: 1 2
|
||||
>>>34 ubyte !1 \b, header type %u
|
||||
# acmt_pos; position of archive comment like: 6258 30599 61369 149501
|
||||
>>>35 lelong >0 \b, at %d
|
||||
# acmt_len; length of archive comment like: 258
|
||||
>>>>39 uleshort x %u bytes comment
|
||||
#>>>>(35.l) ubequad x COMMENT=%16.16llx
|
||||
# 1st character of comment maybe is CarriageReturn (0x0d)
|
||||
>>>>(35.l) ubyte <040
|
||||
# 2nd character of comment maybe is LineFeed (0x0a)
|
||||
>>>>>(35.l+1) ubyte <040
|
||||
# comment string after CRLF like "Anonymous ftp site garbo.uwasa.fi 128.214.87.1 moderated by"
|
||||
>>>>>>(35.l+2) string x %s
|
||||
# next character of remaining comment maybe is CarriageReturn (0x0d)
|
||||
>>>>>>>&0 ubyte <040
|
||||
>>>>>>>>&0 ubyte <040
|
||||
# 2nd comment part like: Timo Salmi ts@chyde.uwasa.fi PC directories and uploads\015\012Harri Valkama hv@chyde.uwasa.fi PC, Mac, Unix files, and upload
|
||||
>>>>>>>>>&0 string >037 %s
|
||||
# vdata; archive-level versioning byte like: 1 3
|
||||
>>>41 ubyte !1 \b, vdata %#x
|
||||
# zoo_start; pointer to 1st entry header
|
||||
>>24 lelong x \b; at %u
|
||||
# zoo_minus; zoo_start -1 for consistency checking
|
||||
#>>28 lelong x \b, zoo_minus %#x
|
||||
# zoo_tag; tag for check
|
||||
#>>(24.l+0) ulelong !0xfdc4a7dc \b, zoo_tag=%8.8x
|
||||
# type; type of directory entry like: 1 2
|
||||
>>(24.l+4) ubyte !2 type=%u
|
||||
# packing_method; 0~no packing 1~normal LZW 2~lzh
|
||||
>>(24.l+5) ubyte x method=
|
||||
>>>(24.l+5) ubyte 0 \bnot-compressed
|
||||
>>>(24.l+5) ubyte 1 \blzd
|
||||
>>>(24.l+5) ubyte 2 \blzh
|
||||
# next; position of next directory entry
|
||||
>>(24.l+6) ulelong x \b, next entry at %u
|
||||
# offset; position of file data for this entry
|
||||
#>>(24.l+10) ulelong x \b, data at %u
|
||||
# file_crc; CRC-16 of file data
|
||||
>>(24.l+18) uleshort x \b, CRC %#4.4x
|
||||
# comment; zero if none or points to entry comment like ADD9h (WHRCGA.ZOO)
|
||||
>>(24.l+32) lelong >0 \b, at %#x
|
||||
# cmt_size; if not 0 for none then length of entry comment like: 46
|
||||
>>>(24.l+36) uleshort >0 %u bytes comment
|
||||
# entry comment itself like: "CGA .GL file showing menu input from keyboard"
|
||||
>>>>(&-6.l) string x "%s"
|
||||
# org_size; original size of file
|
||||
>>(24.l+20) ulelong x \b, size %u
|
||||
# size_now; compressed size of file
|
||||
>>(24.l+24) ulelong x (%u compressed)
|
||||
# major_ver.minor_ver; minimum version needed to extract already done
|
||||
# deleted; will be 1 if deleted, 0 if not
|
||||
>>(24.l+30) ubyte =1 \b, deleted
|
||||
# struc; file structure if any; WHAT IS THAT?
|
||||
>>(24.l+31) ubyte !0 \b, structured
|
||||
# fname[13]; short/DOS file name like 12345678.012
|
||||
>>(24.l+38) string x \b, %0.13s
|
||||
# for directory entry type 2 with variable part
|
||||
>>(24.l+4) ubyte =2
|
||||
# var_dir_len; length of variable part of dir entry
|
||||
>>>(24.l+51) uleshort >0
|
||||
#>>>(24.l+51) uleshort >0 \b, variable part length %u
|
||||
# namlen; length of long filename
|
||||
#>>>>(24.l+56) ubyte x \b, namlen %u
|
||||
# dirlen; length of directory name
|
||||
#>>>>(24.l+57) ubyte x \b, dirlen %u
|
||||
# if file length positive then show long file name
|
||||
>>>>(24.l+56) ubyte >0
|
||||
# lfname[256]; long file name \0-terminated
|
||||
>>>>>(24.l+58) string x "%s"
|
||||
# if directory length positive then jump before file name field and then jump this addtional length plus 2 (\0-terminator + dirlen field) to following directory name
|
||||
>>>>(24.l+57) ubyte >0
|
||||
>>>>>(24.l+55) ubyte x
|
||||
# dirname[256]; directory name \0-terminated
|
||||
>>>>>>&(&0.b+2) string x in "%s"
|
||||
# dir_crc; CRC of directory entry
|
||||
#>>>(24.l+54) uleshort x \b, entry CRC %#4.4x
|
||||
# tz; timezone where file was archived; 7Fh~unknown 4~1.00hoursWestOfUTC 12 16 20~5.00hoursWestOfUTC -107~26.75hoursEastOfUTC -4~1.00hoursEastOfUTC
|
||||
>>>(24.l+53) byte !0x7f \b, time zone %d/4
|
||||
# date; last mod file date in DOS format
|
||||
>>>(24.l+14) lemsdosdate x \b, modified %s
|
||||
# time; last mod file time in DOS format
|
||||
>>>(24.l+16) lemsdostime x %s
|
||||
|
||||
# Shell archives
|
||||
10 string #\ This\ is\ a\ shell\ archive shell archive text
|
||||
@ -1789,6 +2181,19 @@
|
||||
!:mime application/zip
|
||||
!:ext zip/cbz
|
||||
|
||||
# Recognize ZIP archives with prepended data by end-of-central-directory record
|
||||
# https://en.wikipedia.org/wiki/ZIP_(file_format)#End_of_central_directory_record_(EOCD)
|
||||
# by Michal Gorny <mgorny@gentoo.org>
|
||||
-2 uleshort 0
|
||||
>&-22 string PK\005\006
|
||||
# without #!
|
||||
>>0 string !#! Zip archive, with extra data prepended
|
||||
!:mime application/zip
|
||||
!:ext zip/cbz
|
||||
# with #!
|
||||
>>0 string/w #!\ a
|
||||
>>>&-1 string/T x %s script executable (Zip archive)
|
||||
|
||||
# ACE archive (from http://www.wotsit.org/download.asp?f=ace)
|
||||
# by Stefan `Sec` Zehl <sec@42.org>
|
||||
7 string **ACE** ACE archive data
|
||||
@ -2033,7 +2438,28 @@
|
||||
>3 byte x version %d
|
||||
|
||||
# LyNX archive
|
||||
# Update: Joerg Jenderek
|
||||
# URL: http://fileformats.archiveteam.org/wiki/Lynx_archive
|
||||
# Reference: http://ist.uwaterloo.ca/~schepers/formats/LNX.TXT
|
||||
# http://mark0.net/download/triddefs_xml.7z/defs/a/ark-lnx.trid.xml
|
||||
# Note: called "Lynx archive" by TrID and "Commodore C64 BASIC program" with "POKE 53280" by ./c64
|
||||
# TODO: merge and unify with Commodore C64 BASIC program
|
||||
56 string USE\040LYNX\040TO\040DISSOLVE\040THIS\040FILE LyNX archive
|
||||
# display "Lynx archive" (strength=330) before Commodore C64 BASIC program (strength=50) handled by ./c64
|
||||
#!:strength +0
|
||||
#!:mime application/octet-stream
|
||||
!:mime application/x-commodore-lnx
|
||||
!:ext lnx
|
||||
# afterwards look for BASIC tokenized GOTO (89h) 10, line terminator \0, end of programm tag \0\0 and CarriageReturn
|
||||
>86 search/10 \x8910\0\0\0\r \b,
|
||||
# for DEBUGGING
|
||||
#>>&0 string x STRING="%s"
|
||||
# number in ASCII of directory blocks with spaces on both sides like: 1 2 3 5
|
||||
>>&0 regex [0-9]{1,5} %s directory blocks
|
||||
# signature like: "*LYNX XII BY WILL CORLEY" " LYNX IX BY WILL CORLEY" "*LYNX BY CBMCONVERT 2.0*"
|
||||
>>>&2 regex [^\r]{1,24} \b, signature "%s"
|
||||
# number of files in ASCII surrounded by spaces and delimited by CR like: 2 3 6 13 69 144 (maximum?)
|
||||
>>>>&1 regex [0-9]{1,3} \b, %s files
|
||||
|
||||
# From: Joerg Jenderek
|
||||
# URL: https://www.acronis.com/
|
||||
@ -2066,6 +2492,7 @@
|
||||
# https://gitweb.gentoo.org/proj/portage.git/tree/man/xpak.5
|
||||
-4 string STOP
|
||||
>-16 string XPAKSTOP Gentoo binary package (XPAK)
|
||||
!:mime application/vnd.gentoo.xpak
|
||||
|
||||
# From: Joerg Jenderek
|
||||
# URL: https://kodi.wiki/view/TexturePacker
|
||||
@ -2110,3 +2537,71 @@
|
||||
|
||||
# From wof (wof@stachelkaktus.net)
|
||||
0 string Unison\ archive\ format Unison archive format
|
||||
|
||||
# https://ankiweb.net
|
||||
30 string collection.anki2 Anki APKG file
|
||||
#!:ext .apkg
|
||||
|
||||
# Synology archive (DiskStation Manager 7.0+)
|
||||
# From: Alexandre Iooss <erdnaxe@crans.org>
|
||||
# Note: These archives are signed and encrypted.
|
||||
0 ulelong&0xFFFFFF00 0xEFBEAD00
|
||||
# MessagePack header (fixarray of 5 elements starting with a bin of 32 bytes)
|
||||
>8 ulelong&0x00FFFFFF 0x20C495 Synology archive
|
||||
!:ext spk
|
||||
# Extract some properties from MessagePack third item
|
||||
>>43 search/0x10000 package=
|
||||
>>>&0 string x \b, package %s
|
||||
>>43 search/0x10000 arch=
|
||||
>>>&0 string x %s
|
||||
>>43 search/0x10000 version=
|
||||
>>>&0 string x %s
|
||||
>>43 search/0x10000 create_time=
|
||||
>>>&0 string x \b, created on %s
|
||||
|
||||
# MonoGame/XNA processed assets archive
|
||||
# From: Alexandre Iooss <erdnaxe@crans.org>
|
||||
# URL: https://github.com/MonoGame/MonoGame/blob/v3.8.1/MonoGame.Framework/Content/ContentManager.cs
|
||||
0 string XNB
|
||||
# XNB must be version 4 or 5
|
||||
>4 byte <6
|
||||
>>4 byte >3
|
||||
# Size must be positive
|
||||
>>>6 lelong >0 MonoGame/XNA processed assets
|
||||
!:ext xnb
|
||||
>>>>3 string =w \b, for Windows
|
||||
>>>>3 string =x \b, for Xbox360
|
||||
>>>>3 string =i \b, for iOS
|
||||
>>>>3 string =a \b, for Android
|
||||
>>>>3 string =d \b, for DesktopGL
|
||||
>>>>3 string =X \b, for MacOSX
|
||||
>>>>3 string =W \b, for WindowsStoreApp
|
||||
>>>>3 string =n \b, for NativeClient
|
||||
>>>>3 string =M \b, for WindowsPhone8
|
||||
>>>>3 string =r \b, for RaspberryPi
|
||||
>>>>3 string =P \b, for PlayStation4
|
||||
>>>>3 string =5 \b, for PlayStation5
|
||||
>>>>3 string =O \b, for XboxOne
|
||||
>>>>3 string =S \b, for Nintendo Switch
|
||||
>>>>3 string =G \b, for Google Stadia
|
||||
>>>>3 string =b \b, for WebAssembly and Bridge.NET
|
||||
>>>>3 string =m \b, for WindowsPhone7.0 (XNA)
|
||||
>>>>3 string =p \b, for PlayStationMobile
|
||||
>>>>3 string =v \b, for PSVita
|
||||
>>>>3 string =g \b, for Windows (OpenGL)
|
||||
>>>>3 string =l \b, for Linux
|
||||
>>>>4 byte x \b, version %d
|
||||
>>>>5 byte &0x80 \b, LZX compressed
|
||||
>>>>>10 lelong x \b, decompressed size: %d bytes
|
||||
>>>>5 byte &0x40 \b, LZ4 compressed
|
||||
>>>>>10 lelong x \b, decompressed size: %d bytes
|
||||
|
||||
# Electron ASAR archive
|
||||
# From: Alexandre Iooss <erdnaxe@crans.org>
|
||||
# URL: https://github.com/electron/asar
|
||||
0 ulelong 4
|
||||
# Match JSON header start and end
|
||||
>16 string {"files":{"
|
||||
>>(12.l+12) string }}}} Electron ASAR archive
|
||||
!:ext asar
|
||||
>>>12 ulelong x \b, header length: %d bytes
|
||||
|
@ -1,5 +1,5 @@
|
||||
#------------------------------------------------------------------------------
|
||||
# $File: arm,v 1.2 2021/07/14 17:40:31 christos Exp $
|
||||
# $File: arm,v 1.3 2022/10/31 14:35:39 christos Exp $
|
||||
# arm: file(1) magic for ARM COFF
|
||||
#
|
||||
# https://docs.microsoft.com/en-us/windows/win32/debug/pe-format
|
||||
@ -39,3 +39,12 @@
|
||||
# display name+variables+flags for common object formatted files
|
||||
>>0 use display-coff
|
||||
!:strength -10
|
||||
|
||||
# ARM64EC
|
||||
0 leshort 0xa641
|
||||
# test for unused flag bits in f_flags
|
||||
>18 uleshort&0x8E80 0
|
||||
# use little endian variant of subroutine to
|
||||
# display name+variables+flags for common object formatted files
|
||||
>>0 use display-coff
|
||||
!:strength -10
|
||||
|
@ -1,6 +1,6 @@
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# $File: asf,v 1.3 2022/04/25 17:33:13 christos Exp $
|
||||
# $File: asf,v 1.4 2022/10/31 13:22:26 christos Exp $
|
||||
# asf: file(1) magic for Microsoft Advanced Systems Format (ASF) files
|
||||
# http://www.staroceans.org/e-book/ASF_Specification.pdf
|
||||
|
||||
@ -21,7 +21,7 @@
|
||||
# ASF_Stream_Properties_Object
|
||||
>0 guid B7DC0791-A9B7-11CF-8EE6-00C00C205365
|
||||
#>>56 lequad x Time Offset %lld
|
||||
#>>64 lelong x Type-Specicic Data Length %d
|
||||
#>>64 lelong x Type-Specific Data Length %d
|
||||
#>>68 lelong x Error Correction Data Length %d
|
||||
#>>72 leshort x Flags %#x
|
||||
#>>74 lelong x Reserved %x
|
||||
|
@ -1,6 +1,6 @@
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# $File: audio,v 1.124 2022/08/28 08:58:20 christos Exp $
|
||||
# $File: audio,v 1.127 2023/03/05 20:15:49 christos Exp $
|
||||
# audio: file(1) magic for sound formats (see also "iff")
|
||||
#
|
||||
# Jan Nicolai Langfeldt (janl@ifi.uio.no), Dan Quinlan (quinlan@yggdrasil.com),
|
||||
@ -183,42 +183,57 @@
|
||||
21 string BMOD2STM Screamtracker 2 module sound data
|
||||
!:mime audio/x-mod
|
||||
#audio/x-screamtracker-module
|
||||
|
||||
1080 string \!PM! 4-channel Protracker module sound data
|
||||
!:mime audio/x-mod
|
||||
#audio/x-protracker-module
|
||||
>0 string >\0 Title: "%s"
|
||||
|
||||
1080 string M.K. 4-channel Protracker module sound data
|
||||
!:mime audio/x-mod
|
||||
#audio/x-protracker-module
|
||||
>0 string >\0 Title: "%s"
|
||||
|
||||
1080 string M!K! 4-channel Protracker module sound data
|
||||
!:mime audio/x-mod
|
||||
#audio/x-protracker-module
|
||||
>0 string >\0 Title: "%s"
|
||||
|
||||
1080 string FLT4 4-channel Startracker module sound data
|
||||
!:mime audio/x-mod
|
||||
#audio/x-startracker-module
|
||||
>0 string >\0 Title: "%s"
|
||||
|
||||
1080 string FLT8 8-channel Startracker module sound data
|
||||
!:mime audio/x-mod
|
||||
#audio/x-startracker-module
|
||||
>0 string >\0 Title: "%s"
|
||||
|
||||
1080 string 4CHN 4-channel Fasttracker module sound data
|
||||
!:mime audio/x-mod
|
||||
#audio/x-fasttracker-module
|
||||
>0 string >\0 Title: "%s"
|
||||
|
||||
1080 string 6CHN 6-channel Fasttracker module sound data
|
||||
!:mime audio/x-mod
|
||||
#audio/x-fasttracker-module
|
||||
>0 string >\0 Title: "%s"
|
||||
|
||||
1080 string 8CHN 8-channel Fasttracker module sound data
|
||||
!:mime audio/x-mod
|
||||
#audio/x-fasttracker-module
|
||||
>0 string >\0 Title: "%s"
|
||||
|
||||
1080 string CD81 8-channel Octalyser module sound data
|
||||
!:mime audio/x-mod
|
||||
#audio/x-octalysertracker-module
|
||||
>0 string >\0 Title: "%s"
|
||||
|
||||
1080 string OKTA 8-channel Octalyzer module sound data
|
||||
!:mime audio/x-mod
|
||||
#audio/x-octalysertracker-module
|
||||
>0 string >\0 Title: "%s"
|
||||
|
||||
# Not good enough.
|
||||
#1082 string CH
|
||||
#>1080 string >/0 %.2s-channel Fasttracker "oktalyzer" module sound data
|
||||
|
@ -1,13 +1,24 @@
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# $File: blender,v 1.8 2019/04/19 00:42:27 christos Exp $
|
||||
# $File: blender,v 1.9 2022/12/21 15:53:27 christos Exp $
|
||||
# blender: file(1) magic for Blender 3D related files
|
||||
#
|
||||
# Native format rule v1.2. For questions use the developers list
|
||||
# https://lists.blender.org/mailman/listinfo/bf-committers
|
||||
# GLOB chunk was moved near start and provides subversion info since 2.42
|
||||
|
||||
# Update: Joerg Jenderek
|
||||
# URL: http://fileformats.archiveteam.org/wiki/BLEND
|
||||
# http://www.blender.org/
|
||||
# Reference: http://mark0.net/download/triddefs_xml.7z/defs/b/blend.trid.xml
|
||||
# http://formats.kaitai.io/blender_blend/index.html
|
||||
# Note: called "Blender 3D data" by TrID
|
||||
# and gzip compressed variant handled by ./compress
|
||||
0 string =BLENDER Blender3D,
|
||||
#!:mime application/octet-stream
|
||||
!:mime application/x-blender
|
||||
!:ext blend
|
||||
# no sample found with extension blender
|
||||
#!:ext blend/blender
|
||||
>7 string =_ saved as 32-bits
|
||||
>>8 string =v little endian
|
||||
>>>9 byte x with version %c.
|
||||
|
@ -1,6 +1,6 @@
|
||||
|
||||
#------------------------------------------------------------
|
||||
# $File: bytecode,v 1.3 2022/03/24 15:48:58 christos Exp $
|
||||
# $File: bytecode,v 1.5 2023/02/20 16:25:05 christos Exp $
|
||||
# magic for various bytecodes
|
||||
|
||||
# From: Mikhail Gusarov <dottedmag@dottedmag.net>
|
||||
@ -28,3 +28,14 @@
|
||||
>11 string 4 \b, 32bit
|
||||
>11 string 8 \b, 64bit
|
||||
>13 regex .\\.. \b, bytecode v%s
|
||||
|
||||
# Racket file magic
|
||||
# From: Haelwenn (lanodan) Monnier <contact+libmagic@hacktivis.me>
|
||||
# https://racket-lang.org/
|
||||
# https://github.com/racket/racket/blob/master/racket/src/expander/compile/write-linklet.rkt
|
||||
0 string #~
|
||||
>&0 pstring x
|
||||
>>&0 pstring racket
|
||||
>>>0 string #~ Racket bytecode
|
||||
>>>>&0 pstring x (version %s)
|
||||
|
||||
|
@ -1,5 +1,5 @@
|
||||
#------------------------------------------------------------------------------
|
||||
# $File: c-lang,v 1.30 2021/08/16 10:17:05 christos Exp $
|
||||
# $File: c-lang,v 1.32 2023/06/16 19:57:19 christos Exp $
|
||||
# c-lang: file(1) magic for C and related languages programs
|
||||
#
|
||||
# The strength is to beat standard HTML
|
||||
@ -17,7 +17,7 @@
|
||||
>>0 regex \^class[[:space:]]+
|
||||
>>>&0 regex \\{[\.\*]\\}(;)?$ \b++
|
||||
>>&0 clear x source text
|
||||
!:strength + 13
|
||||
!:strength + 15
|
||||
!:mime text/x-c
|
||||
0 search/8192 pragma
|
||||
>0 regex \^#[[:space:]]*pragma C source text
|
||||
@ -88,13 +88,13 @@
|
||||
!:strength + 30
|
||||
!:mime text/x-c++
|
||||
0 search/8192 protected
|
||||
>0 regex \^[[:space:]]*protected: C++ source text
|
||||
>0 regex \^[[:space:]]*protected: C++ source text
|
||||
!:strength + 30
|
||||
!:mime text/x-c++
|
||||
|
||||
# Objective-C
|
||||
0 search/8192 #import
|
||||
>0 regex \^#import Objective-C source text
|
||||
>0 regex \^#import[[:space:]]+["<] Objective-C source text
|
||||
!:strength + 25
|
||||
!:mime text/x-objective-c
|
||||
|
||||
|
357
magic/Magdir/c64
357
magic/Magdir/c64
@ -1,6 +1,6 @@
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# $File: c64,v 1.12 2022/05/14 20:03:39 christos Exp $
|
||||
# $File: c64,v 1.14 2023/06/16 19:24:06 christos Exp $
|
||||
# c64: file(1) magic for various commodore 64 related files
|
||||
#
|
||||
# From: Dirk Jagdmann <doj@cubic.org>
|
||||
@ -194,7 +194,356 @@
|
||||
>100 byte >0 \b, %u subsong(s)
|
||||
|
||||
# CBM BASIC (cc65 compiled)
|
||||
# Summary: binary executable or Basic program for Commodore C64 computers
|
||||
# Update: Joerg Jenderek
|
||||
# URL: http://fileformats.archiveteam.org/wiki/Commodore_BASIC_tokenized_file
|
||||
# Reference: https://www.c64-wiki.com/wiki/BASIC_token
|
||||
# https://github.com/thezerobit/bastext/blob/master/bastext.doc
|
||||
# http://mark0.net/download/triddefs_xml.7z/defs/p/prg-c64.trid.xml
|
||||
# TODO: unify Commodore BASIC/program sub routines
|
||||
# Note: "PUCrunch archive data" moved from ./archive and merged with c64-exe
|
||||
0 leshort 0x0801
|
||||
>2 leshort 0x080b
|
||||
>6 string \x9e CBM BASIC
|
||||
>7 string >\0 \b, SYS %s
|
||||
# display Commodore C64 BASIC program (strength=50) after "Lynx archive" (strength=330) handled by ./archive
|
||||
#!:strength +0
|
||||
# if first token is not SYS this implies BASIC program in most cases
|
||||
>6 ubyte !0x9e
|
||||
# but sELF-ExTRACTING-zIP executable unzp6420.prg contains SYS token at end of second BASIC line (at 0x35)
|
||||
>>23 search/30 \323ELF-E\330TRACTING-\332IP
|
||||
>>>0 use c64-exe
|
||||
>>23 default x
|
||||
>>>0 use c64-prg
|
||||
# if first token is SYS this implies binary executable
|
||||
>6 ubyte =0x9e
|
||||
>>0 use c64-exe
|
||||
# display information about C64 binary executable (memory address, line number, token)
|
||||
0 name c64-exe
|
||||
>0 uleshort x Commodore C64
|
||||
# http://a1bert.kapsi.fi/Dev/pucrunch/
|
||||
# start address 0801h; next offset 080bh; BASIC line number is 239=00EFh; BASIC instruction is SYS 2061
|
||||
# the above combination appartly also occur for other Commodore programs like: gunzip111.c64.prg
|
||||
# and there exist PUCrunch archive for other machines like C16 with other magics
|
||||
>0 string \x01\x08\x0b\x08\xef\x00\x9e\x32\x30\x36\x31 program, probably PUCrunch archive data
|
||||
!:mime application/x-compress-pucrunch
|
||||
!:ext prg/pck
|
||||
>0 string !\x01\x08\x0b\x08\xef\x00\x9e\x32\x30\x36\x31 program
|
||||
!:mime application/x-commodore-exec
|
||||
!:ext prg/
|
||||
# start address like: 801h
|
||||
>0 uleshort !0x0801 \b, start address %#4.4x
|
||||
# 1st BASIC fragment
|
||||
>2 use basic-line
|
||||
# jump to 1 byte before next BASIC fragment; this must be zero-byte marking the end of line
|
||||
>(2.s-0x800) ubyte x
|
||||
>>&-1 ubyte !0 \b, no EOL=%#x
|
||||
# valid 2nd BASIC fragment found only in sELF-ExTRACTING-zIP executable unzp6420.prg
|
||||
>>23 search/30 \323ELF-E\330TRACTING-\332IP
|
||||
# jump again from beginning
|
||||
>>>(2.s-0x800) ubyte x
|
||||
>>>>&0 use basic-line
|
||||
# Zero-byte marking the end of the BASIC line
|
||||
>-3 ubyte !0 \b, 3 last bytes %#2.2x
|
||||
# Two zero-bytes in place of the pointer to next BASIC line indicates the end of the program
|
||||
>>-2 ubeshort x \b%4.4x
|
||||
# display information about tokenized C64 BASIC program (memory address, line number, token)
|
||||
0 name c64-prg
|
||||
>0 uleshort x Commodore C64 BASIC program
|
||||
!:mime application/x-commodore-basic
|
||||
# Tokenized BASIC programs were stored by Commodore as file type program "PRG" in separate field in directory structures.
|
||||
# So file name can have no suffix like in saveroms; When transferring to other platforms, they are often saved with .prg extensions.
|
||||
# BAS suffix is typically used for the BASIC source but also found in program pods.bas
|
||||
!:ext prg/bas/
|
||||
# start address like: 801h
|
||||
>0 uleshort !0x0801 \b, start address %#4.4x
|
||||
# 1st BASIC fragment
|
||||
>2 use basic-line
|
||||
# jump to 1 byte before next BASIC fragment; this must be zero-byte marking the end of line
|
||||
>(2.s-0x0800) ubyte x
|
||||
>>&-1 ubyte !0 \b, no EOL=%#x
|
||||
# 2nd BASIC fragment
|
||||
>>&0 use basic-line
|
||||
# zero-byte marking the end of the BASIC line
|
||||
>-3 ubyte !0 \b, 3 last bytes %#2.2x
|
||||
# Two zero-bytes in place of the pointer to next BASIC line indicates the end of the program
|
||||
>>-2 ubeshort x \b%4.4x
|
||||
# Summary: binary executable or Basic program for Commodore C128 computers
|
||||
# URL: https://en.wikipedia.org/wiki/Commodore_128
|
||||
# Reference: http://mark0.net/download/triddefs_xml.7z/defs/p/prg-c128.trid.xml
|
||||
# From: Joerg Jenderek
|
||||
# Note: Commodore 128 BASIC 7.0 variant; there exist varaints with different start addresses
|
||||
0 leshort 0x1C01
|
||||
!:strength +1
|
||||
# GRR: line above with strength 51 (50+1) is too generic because it matches SVr3 curses screen image, big-endian with strength (50) handled by ./terminfo
|
||||
# probably skip SVr3 curses images with "invalid high" second line offset
|
||||
>2 uleshort <0x1D02
|
||||
# skip foo with "invalid low" second line offset
|
||||
>>2 uleshort >0x1C06
|
||||
# if first token is not SYS this implies BASIC program
|
||||
>>>6 ubyte !0x9e
|
||||
>>>>0 use c128-prg
|
||||
# if first token is SYS this implies binary executable
|
||||
>>>6 ubyte =0x9e
|
||||
>>>>0 use c128-exe
|
||||
# Summary: binary executable or Basic program for Commodore C128 computers
|
||||
# Note: Commodore 128 BASIC 7.1 extension by Rick Simon
|
||||
# start adress 132Dh
|
||||
#0 leshort 0x132D THIS_IS_C128_7.1
|
||||
#>0 use c128-prg
|
||||
# Summary: binary executable or Basic program for Commodore C128 computers
|
||||
# Note: Commodore 128 BASIC 7.0 saved with graphics mode enabled
|
||||
# start adress 4001h
|
||||
#0 leshort 0x4001 THIS_IS_C128_GRAPHIC
|
||||
#>0 use c128-prg
|
||||
# display information about tokenized C128 BASIC program (memory address, line number, token)
|
||||
0 name c128-prg
|
||||
>0 uleshort x Commodore C128 BASIC program
|
||||
!:mime application/x-commodore-basic
|
||||
!:ext prg
|
||||
# start address like: 1C01h
|
||||
>0 uleshort !0x1C01 \b, start address %#4.4x
|
||||
# 1st BASIC fragment
|
||||
>2 use basic-line
|
||||
# jump to 1 byte before next BASIC fragment; this must be zero-byte marking the end of line
|
||||
>(2.s-0x1C00) ubyte x
|
||||
>>&-1 ubyte !0 \b, no EOL=%#x
|
||||
# 2nd BASIC fragment
|
||||
>>&0 use basic-line
|
||||
# Zero-byte marking the end of the BASIC line
|
||||
>-3 ubyte !0 \b, 3 last bytes %#2.2x
|
||||
# Two zero-bytes in place of the pointer to next BASIC line indicates the end of the program
|
||||
>>-2 ubeshort x \b%4.4x
|
||||
# display information about C128 program (memory address, line number, token)
|
||||
0 name c128-exe
|
||||
>0 uleshort x Commodore C128 program
|
||||
!:mime application/x-commodore-exec
|
||||
!:ext prg/
|
||||
# start address like: 1C01h
|
||||
>0 uleshort !0x1C01 \b, start address %#4.4x
|
||||
# 1st BASIC fragment
|
||||
>2 use basic-line
|
||||
# jump to 1 byte before next BASIC fragment; this must be zero-byte marking the end of line
|
||||
>(2.s-0x1C00) ubyte x
|
||||
>>&-1 ubyte !0 \b, no EOL=%#x
|
||||
# no valid 2nd BASIC fragment in Commodore executables
|
||||
#>>&0 use basic-line
|
||||
# Zero-byte marking the end of the BASIC line
|
||||
>-3 ubyte !0 \b, 3 last bytes %#2.2x
|
||||
# Two zero-bytes in place of the pointer to next BASIC line indicates the end of the program
|
||||
>>-2 ubeshort x \b%4.4x
|
||||
# Summary: binary executable or Basic program for Commodore C16/VIC-20/Plus4 computers
|
||||
# URL: https://en.wikipedia.org/wiki/Commodore_Plus/4
|
||||
# Reference: http://mark0.net/download/triddefs_xml.7z/defs/p/prg-vic20.trid.xml
|
||||
# defs/p/prg-plus4.trid.xml
|
||||
# From: Joerg Jenderek
|
||||
# Note: there exist VIC-20 variants with different start address
|
||||
# GRR: line below is too generic because it matches Novell LANalyzer capture
|
||||
# with regular trace header record handled by ./sniffer
|
||||
0 leshort 0x1001
|
||||
# skip regular Novell LANalyzer capture (novell-2.tr1 novell-lanalyzer.tr1 novell-win10.tr1) with "invalid low" token value 54h
|
||||
>6 ubyte >0x7F
|
||||
# skip regular Novell LANalyzer capture (novell-2.tr1 novell-lanalyzer.tr1 novell-win10.tr1) with "invalid low" second line offset 4Ch
|
||||
#>>2 uleshort >0x1006 OFFSET_NOT_TOO_LOW
|
||||
# skip foo with "invalid high" second line offset but not for 0x123b (Minefield.prg)
|
||||
#>>>2 uleshort <0x1102 OFFSET_NOT_TOO_HIGH
|
||||
# if first token is not SYS this implies BASIC program
|
||||
>>6 ubyte !0x9e
|
||||
# valid second end of line separator implies BASIC program
|
||||
>>>(2.s-0x1000) ubyte =0
|
||||
>>>>0 use c16-prg
|
||||
# invalid second end of line separator !=0 implies binary executable like: Minefield.prg
|
||||
>>>(2.s-0x1000) ubyte !0
|
||||
>>>>0 use c16-exe
|
||||
# if first token is SYS this implies binary executable
|
||||
>>6 ubyte =0x9e
|
||||
>>>0 use c16-exe
|
||||
# display information about C16 program (memory address, line number, token)
|
||||
0 name c16-exe
|
||||
>0 uleshort x Commodore C16/VIC-20/Plus4 program
|
||||
!:mime application/x-commodore-exec
|
||||
!:ext prg/
|
||||
# start address like: 1001h
|
||||
>0 uleshort !0x1001 \b, start address %#4.4x
|
||||
# 1st BASIC fragment
|
||||
>2 use basic-line
|
||||
# jump to 1 byte before next BASIC fragment; this must be zero-byte marking the end of line
|
||||
>(2.s-0x1000) ubyte x
|
||||
>>&-1 ubyte !0 \b, no EOL=%#x
|
||||
# no valid 2nd BASIC fragment in excutables
|
||||
#>>&0 use basic-line
|
||||
# Zero-byte marking the end of the BASIC line
|
||||
>-3 ubyte !0 \b, 3 last bytes %#2.2x
|
||||
# Two zero-bytes in place of the pointer to next BASIC line indicates the end of the program
|
||||
>>-2 ubeshort x \b%4.4x
|
||||
# display information about tokenized C16 BASIC program (memory address, line number, token)
|
||||
0 name c16-prg
|
||||
>0 uleshort x Commodore C16/VIC-20/Plus4 BASIC program
|
||||
!:mime application/x-commodore-basic
|
||||
!:ext prg
|
||||
# start address like: 1001h
|
||||
>0 uleshort !0x1001 \b, start address %#4.4x
|
||||
# 1st BASIC fragment
|
||||
>2 use basic-line
|
||||
# jump to 1 byte before next BASIC fragment; this must be zero-byte marking the end of line
|
||||
>(2.s-0x1000) ubyte x
|
||||
>>&-1 ubyte !0 \b, no EOL=%#x
|
||||
# 2nd BASIC fragment
|
||||
>>&0 use basic-line
|
||||
# Zero-byte marking the end of the BASIC line
|
||||
>-3 ubyte !0 \b, 3 last bytes %#2.2x
|
||||
# Two zero-bytes in place of the pointer to next BASIC line indicates the end of the program
|
||||
>>-2 ubeshort x \b%4.4x
|
||||
# Summary: binary executable or Basic program for Commodore VIC-20 computer with 8K RAM expansion
|
||||
# URL: https://en.wikipedia.org/wiki/VIC-20
|
||||
# Reference: http://mark0.net/download/triddefs_xml.7z/defs/p/prg-vic20-8k.trid.xml
|
||||
# From: Joerg Jenderek
|
||||
# Note: Basic v2.0 with Basic v4.0 extension (VIC20); there exist VIC-20 variants with different start addresses
|
||||
# start adress 1201h
|
||||
0 leshort 0x1201
|
||||
# if first token is not SYS this implies BASIC program
|
||||
>6 ubyte !0x9e
|
||||
>>0 use vic-prg
|
||||
# if first token is SYS this implies binary executable
|
||||
>6 ubyte =0x9e
|
||||
>>0 use vic-exe
|
||||
# display information about Commodore VIC-20 BASIC+8K program (memory address, line number, token)
|
||||
0 name vic-prg
|
||||
>0 uleshort x Commodore VIC-20 +8K BASIC program
|
||||
!:mime application/x-commodore-basic
|
||||
!:ext prg
|
||||
# start address like: 1201h
|
||||
>0 uleshort !0x1201 \b, start address %#4.4x
|
||||
# 1st BASIC fragment
|
||||
>2 use basic-line
|
||||
# jump to 1 byte before next BASIC fragment; this must be zero-byte marking the end of line
|
||||
>(2.s-0x1200) ubyte x
|
||||
>>&-1 ubyte !0 \b, no EOL=%#x
|
||||
# 2nd BASIC fragment
|
||||
>>&0 use basic-line
|
||||
# Zero-byte marking the end of the BASIC line
|
||||
>-3 ubyte !0 \b, 3 last bytes %#2.2x
|
||||
# Two zero-bytes in place of the pointer to next BASIC line indicates the end of the program
|
||||
>>-2 ubeshort x \b%4.4x
|
||||
# display information about Commodore VIC-20 +8K program (memory address, line number, token)
|
||||
0 name vic-exe
|
||||
>0 uleshort x Commodore VIC-20 +8K program
|
||||
!:mime application/x-commodore-exec
|
||||
!:ext prg/
|
||||
# start address like: 1201h
|
||||
>0 uleshort !0x1201 \b, start address %#4.4x
|
||||
# 1st BASIC fragment
|
||||
>2 use basic-line
|
||||
# jump to 1 byte before next BASIC fragment; this must be zero-byte marking the end of line
|
||||
>(2.s-0x0400) ubyte x
|
||||
>>&-1 ubyte !0 \b, no EOL=%#x
|
||||
# no valid 2nd BASIC fragment in excutables
|
||||
#>>&0 use basic-line
|
||||
# Zero-byte marking the end of the BASIC line
|
||||
>-3 ubyte !0 \b, 3 last bytes %#2.2x
|
||||
# Two zero-bytes in place of the pointer to next BASIC line indicates the end of the program
|
||||
>>-2 ubeshort x \b%4.4x
|
||||
# Summary: binary executable or Basic program for Commodore PET computers
|
||||
# URL: https://en.wikipedia.org/wiki/Commodore_PET
|
||||
# Reference: http://mark0.net/download/triddefs_xml.7z/defs/p/prg-pet.trid.xml
|
||||
# From: Joerg Jenderek
|
||||
# start adress 0401h
|
||||
0 leshort 0x0401
|
||||
!:strength +1
|
||||
# GRR: line above with strength 51 (50+1) is too generic because it matches TTComp archive data, ASCII, 1K dictionary
|
||||
# (strength=48=50-2) handled by ./archive and shared library (strength=50) handled by ./ibm6000
|
||||
# skip TTComp archive data, ASCII, 1K dictionary ttcomp-ascii-1k.bin with "invalid high" second line offset 4162h
|
||||
>2 uleshort <0x0502
|
||||
# skip foo with "invalid low" second line offset
|
||||
#>>2 uleshort >0x0406 OFFSET_NOT_TOO_LOW
|
||||
# skip bar with "invalid end of line"
|
||||
#>>>(2.s-0x0400) ubyte =0 END_OF_LINE_OK
|
||||
# if first token is not SYS this implies BASIC program
|
||||
>>6 ubyte !0x9e
|
||||
>>>0 use pet-prg
|
||||
# if first token is SYS this implies binary executable
|
||||
>>6 ubyte =0x9e
|
||||
>>>0 use pet-exe
|
||||
# display information about Commodore PET BASIC program (memory address, line number, token)
|
||||
0 name pet-prg
|
||||
>0 uleshort x Commodore PET BASIC program
|
||||
!:mime application/x-commodore-basic
|
||||
!:ext prg
|
||||
# start address like: 0401h
|
||||
>0 uleshort !0x0401 \b, start address %#4.4x
|
||||
# 1st BASIC fragment
|
||||
>2 use basic-line
|
||||
# jump to 1 byte before next BASIC fragment; this must be zero-byte marking the end of line
|
||||
>(2.s-0x0400) ubyte x
|
||||
# 2nd BASIC fragment
|
||||
>>&0 use basic-line
|
||||
# zero-byte marking the end of the BASIC line
|
||||
>-3 ubyte !0 \b, 3 last bytes %#2.2x
|
||||
# Two zero-bytes in place of the pointer to next BASIC line indicates the end of the program
|
||||
>>-2 ubeshort x \b%4.4x
|
||||
# display information about Commodore PET program (memory address, line number, token)
|
||||
0 name pet-exe
|
||||
>0 uleshort x Commodore PET program
|
||||
!:mime application/x-commodore-exec
|
||||
!:ext prg/
|
||||
# start address like: 0401h
|
||||
>0 uleshort !0x0401 \b, start address %#4.4x
|
||||
# 1st BASIC fragment
|
||||
>2 use basic-line
|
||||
# jump to 1 byte before next BASIC fragment; this must be zero-byte marking the end of line
|
||||
>(2.s-0x0400) ubyte x
|
||||
>>&-1 ubyte !0 \b, no EOL=%#x
|
||||
# no valid 2nd BASIC fragment in excutables
|
||||
#>>&0 use basic-line
|
||||
# Zero-byte marking the end of the BASIC line
|
||||
>-3 ubyte !0 \b, 3 last bytes %#2.2x
|
||||
# Two zero-bytes in place of the pointer to next BASIC line indicates the end of the program
|
||||
>>-2 ubeshort x \b%4.4x
|
||||
# display information about tokenized BASIC line (memory address, line number, Token)
|
||||
0 name basic-line
|
||||
# pointer to memory address of beginning of "next" BASIC line
|
||||
# greater then previous offset but maximal 100h difference
|
||||
>0 uleshort x \b, offset %#4.4x
|
||||
# offset 0x0000 indicates the end of BASIC program; so bytes afterwards may be some other data
|
||||
>0 uleshort 0
|
||||
# not line number but first 2 data bytes
|
||||
>>2 ubeshort x \b, data %#4.4x
|
||||
# not token but next 2 data bytes
|
||||
>>4 ubeshort x \b%4.4x
|
||||
# not token arguments but next data bytes
|
||||
>>6 ubequad x \b%16.16llx
|
||||
>>14 ubequad x \b%16.16llx...
|
||||
# like 0x0d20352020204c594e5820495820204259205749 "\r 5 LYNX IX BY WILL CORLEY" for LyNX archive Darkon.lnx handled by ./archive
|
||||
#>>3 string x "%-0.30s"
|
||||
>0 uleshort >0
|
||||
# BASIC line number with range from 0 to 65520; practice to increment numbers by some value (5, 10 or 100)
|
||||
>>2 uleshort x \b, line %u
|
||||
# https://www.c64-wiki.com/wiki/BASIC_token
|
||||
# The "high-bit" bytes from #128-#254 stood for the various BASIC commands and mathematical operators
|
||||
>>4 ubyte x \b, token (%#x)
|
||||
# https://www.c64-wiki.com/wiki/REM
|
||||
>>4 string \x8f REM
|
||||
# remark string like: ** SYNTHESIZER BY RICOCHET **
|
||||
>>>5 string >\0 %s
|
||||
#>>>>&1 uleshort x \b, NEXT OFFSET %#4.4x
|
||||
# https://www.c64-wiki.com/wiki/PRINT
|
||||
>>4 string \x99 PRINT
|
||||
# string like: "Hello world" "\021 \323ELF-E\330TRACTING-\332IP (64 ONLY)\016\231":\2362141
|
||||
>>>5 string x %s
|
||||
#>>>>&0 ubequad x AFTER_PRINT=%#16.16llx
|
||||
# https://www.c64-wiki.com/wiki/POKE
|
||||
>>4 string \x97 POKE
|
||||
# <Memory address>,<number>
|
||||
>>>5 regex \^[0-9,\040]+ %s
|
||||
# BASIC command delimiter colon (:=3Ah)
|
||||
>>>>&-2 ubyte =0x3A
|
||||
# after BASIC command delimiter colon remaining (<255) other tokenized BASIC commands
|
||||
>>>>>&0 string x "%s"
|
||||
# https://www.c64-wiki.com/wiki/SYS 0x9e=\236
|
||||
>>4 string \x9e SYS
|
||||
# SYS <Address> parameter is a 16-bit unsigned integer; in the range 0 - 65535
|
||||
>>>5 regex \^[0-9]{1,5} %s
|
||||
# maybe followed by spaces, "control-characters" or colon (:) followed by next commnds or in victracker.prg
|
||||
# (\302(43)\252256\254\302(44)\25236) /T.L.R/
|
||||
#>>>5 string x SYS_STRING="%s"
|
||||
# https://www.c64-wiki.com/wiki/GOSUB
|
||||
>>4 string \x8d GOSUB
|
||||
# <line>
|
||||
>>>5 string >\0 %s
|
||||
|
@ -1,6 +1,6 @@
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# $File: cad,v 1.29 2021/12/06 19:33:27 christos Exp $
|
||||
# $File: cad,v 1.31 2022/12/09 15:36:23 christos Exp $
|
||||
# autocad: file(1) magic for cad files
|
||||
#
|
||||
|
||||
@ -301,18 +301,50 @@
|
||||
# https://docs.techsoft3d.com/visualize/3df/latest/build/general/hsf/\
|
||||
# HSF_architecture.html
|
||||
# Stephane Charette <stephane.charette@gmail.com>
|
||||
0 string ;;\020HSF\020V OpenHSF (Hoops Stream Format)
|
||||
>7 regex/9 V[.0-9]{4,5}\020 %s
|
||||
0 string ;;\040HSF\040V OpenHSF (Hoops Stream Format)
|
||||
>7 regex/9 V[.0-9]{4,5}\040 %s
|
||||
!:ext hsf
|
||||
|
||||
# AutoCAD Drawing Exchange Format
|
||||
# Update: Joerg Jenderek
|
||||
# URL: http://fileformats.archiveteam.org/wiki/DXF
|
||||
# https://en.wikipedia.org/wiki/AutoCAD_DXF
|
||||
# Reference: http://mark0.net/download/triddefs_xml.7z/defs/d/
|
||||
# dxf-var0.trid.xml dxf-var0u.trid.xml dxf-var2.trid.xml dxf-var2u.trid.xml
|
||||
# Note: called "AutoCAD Drawing eXchange Format" by TrID and
|
||||
# "Drawing Interchange File Format (ASCII)" by DROID
|
||||
# GRR: some samples does not match 1st test like: abydos.dxf
|
||||
0 regex \^[\ \t]*0\r?\000$
|
||||
>1 regex \^[\ \t]*SECTION\r?$
|
||||
>>2 regex \^[\ \t]*2\r?$
|
||||
# GRR: some samples without HEADER section like: airplan2.dxf
|
||||
>>>3 regex \^[\ \t]*HEADER\r?$ AutoCAD Drawing Exchange Format
|
||||
!:mime application/x-dxf
|
||||
#!:mime application/x-dxf
|
||||
!:mime image/vnd.dxf
|
||||
!:ext dxf
|
||||
# DROID PUID fmt/64 fmt-64-signature-id-99.dxf
|
||||
>>>>&1 search/8192 MC0.0 \b, 1.0
|
||||
# DROID PUID fmt/65 fmt-65-signature-id-100.dxf
|
||||
>>>>&1 search/8192 AC1.2 \b, 1.2
|
||||
# DROID PUID fmt/66 fmt-66-signature-id-101.dxf
|
||||
>>>>&1 search/8192 AC1.3 \b, 1.3
|
||||
# DROID PUID fmt/67 fmt-67-signature-id-102.dxf
|
||||
>>>>&1 search/8192 AC1.40 \b, 1.4
|
||||
# DROID PUID fmt/68 fmt-68-signature-id-103.dxf
|
||||
>>>>&1 search/8192 AC1.50 \b, 2.0
|
||||
# DROID PUID fmt/69 fmt-69-signature-id-104.dxf
|
||||
>>>>&1 search/8192 AC2.10 \b, 2.1
|
||||
# DROID PUID fmt/70 fmt-70-signature-id-105.dxf
|
||||
>>>>&1 search/8192 AC2.21 \b, 2.2
|
||||
# DROID PUID fmt/71 fmt-71-signature-id-106.dxf
|
||||
>>>>&1 search/8192 AC1002 \b, 2.5
|
||||
# DROID PUID fmt/72 fmt-72-signature-id-107.dxf
|
||||
>>>>&1 search/8192 AC1003 \b, 2.6
|
||||
# DROID PUID fmt/73 fmt-73-signature-id-108.dxf
|
||||
>>>>&1 search/8192 AC1004 \b, R9
|
||||
>>>>&1 search/8192 AC1006 \b, R10
|
||||
# http://cd.textfiles.com/amigaenv/DXF/OBJEKTE/LASTMINUTE/apple.dxf
|
||||
#>>>>&1 search/8192 AC1008 \b, Rfoo
|
||||
>>>>&1 search/8192 AC1009 \b, R11/R12
|
||||
>>>>&1 search/8192 AC1012 \b, R13
|
||||
>>>>&1 search/8192 AC1013 \b, R13c3
|
||||
|
@ -1,6 +1,6 @@
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# $File: coff,v 1.6 2021/04/26 15:56:00 christos Exp $
|
||||
# $File: coff,v 1.7 2022/11/21 22:30:22 christos Exp $
|
||||
# coff: file(1) magic for Common Object Files not specific to known cpu types or manufactures
|
||||
#
|
||||
# COFF
|
||||
@ -37,6 +37,7 @@
|
||||
# ARM COFF (./arm)
|
||||
>>>>0 uleshort 0xaa64 Aarch64
|
||||
>>>>0 uleshort 0x01c0 ARM
|
||||
>>>>0 uleshort 0xa641 ARM64EC
|
||||
>>>>0 uleshort 0x01c2 ARM Thumb
|
||||
>>>>0 uleshort 0x01c4 ARMv7 Thumb
|
||||
# TODO for other COFFs
|
||||
|
@ -1,6 +1,6 @@
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# $File: commands,v 1.69 2022/04/20 21:14:23 christos Exp $
|
||||
# $File: commands,v 1.73 2022/11/06 18:39:23 christos Exp $
|
||||
# commands: file(1) magic for various shells and interpreters
|
||||
#
|
||||
#0 string/w : shell archive or script for antique kernel text
|
||||
@ -8,6 +8,8 @@
|
||||
!:mime text/x-shellscript
|
||||
0 string/fwb #!\ /bin/sh POSIX shell script executable (binary data)
|
||||
!:mime text/x-shellscript
|
||||
>10 string #\040This\040script\040was\040generated\040using\040Makeself \b, self-executable archive
|
||||
>>53 string x \b, Makeself %s
|
||||
|
||||
0 string/fwt #!\ /bin/csh C shell script text executable
|
||||
!:mime text/x-shellscript
|
||||
@ -97,9 +99,6 @@
|
||||
0 string/fwt #!\ /usr/bin/env\ fish fish shell script text executable
|
||||
!:mime text/x-shellscript
|
||||
|
||||
0 string/wt #!\ a
|
||||
>&-1 string/T x %s script text executable
|
||||
|
||||
0 search/1/fwt #!\ /usr/bin/tclsh Tcl/Tk script text executable
|
||||
!:mime text/x-tcl
|
||||
|
||||
@ -189,3 +188,14 @@
|
||||
# From Danny Weldon
|
||||
0 string \x0b\x13\x08\x00
|
||||
>0x04 uleshort <4 ksh byte-code version %d
|
||||
|
||||
# From: arno <arenevier@fdn.fr>
|
||||
# mozilla xpconnect typelib
|
||||
# see https://www.mozilla.org/scriptable/typelib_file.html
|
||||
0 string XPCOM\nTypeLib\r\n\032 XPConnect Typelib
|
||||
>0x10 byte x version %d
|
||||
>>0x11 byte x \b.%d
|
||||
|
||||
0 string/fwt #!\ /usr/bin/env\ runghc GHC script executable
|
||||
0 string/fwt #!\ /usr/bin/env\ runhaskell Haskell script executable
|
||||
0 string/fwt #!\ /usr/bin/env\ julia Julia script executable
|
||||
|
@ -1,5 +1,5 @@
|
||||
#------------------------------------------------------------------------------
|
||||
# $File: compress,v 1.83 2022/08/16 11:16:39 christos Exp $
|
||||
# $File: compress,v 1.91 2023/06/16 19:37:47 christos Exp $
|
||||
# compress: file(1) magic for pure-compression formats (no archives)
|
||||
#
|
||||
# compress, gzip, pack, compact, huf, squeeze, crunch, freeze, yabba, etc.
|
||||
@ -12,13 +12,14 @@
|
||||
0 string \037\235 compress'd data
|
||||
!:mime application/x-compress
|
||||
!:apple LZIVZIVU
|
||||
!:ext Z
|
||||
>2 byte&0x80 >0 block compressed
|
||||
>2 byte&0x1f x %d bits
|
||||
|
||||
# gzip (GNU zip, not to be confused with Info-ZIP or PKWARE zip archiver)
|
||||
# URL: https://en.wikipedia.org/wiki/Gzip
|
||||
# Reference: https://tools.ietf.org/html/rfc1952
|
||||
# Update: Joerg Jenderek, Apr 2019
|
||||
# Update: Joerg Jenderek, Apr 2019, Dec 2022
|
||||
# Edited by Chris Chittleborough <cchittleborough@yahoo.com.au>, March 2002
|
||||
# * Original filename is only at offset 10 if "extra field" absent
|
||||
# * Produce shorter output - notably, only report compression methods
|
||||
@ -61,20 +62,24 @@
|
||||
!:mime application/gzip
|
||||
>>>0 use gzip-info
|
||||
# size of the original (uncompressed) input data modulo 2^32
|
||||
>>-0 offset >48
|
||||
# TODO: check for GXD MCD cad the reported size
|
||||
>>>-4 ulelong x \b, original size modulo 2^32 %u
|
||||
>>-0 offset <48 \b, truncated
|
||||
# gzipped TAR or VirtualBox extension package
|
||||
#!:mime application/x-compressed-tar
|
||||
#!:mime application/x-virtualbox-vbox-extpack
|
||||
# https://www.w3.org/TR/SVG/mimereg.html
|
||||
#!:mime image/image/svg+xml-compressed
|
||||
#!:mime image/svg+xml-compressed
|
||||
# zlib.3.gz
|
||||
# microcode-20180312.tgz
|
||||
# tpz same as tgz
|
||||
# lua-md5_1.2-1_i386_i486.ipk https://en.wikipedia.org/wiki/Opkg
|
||||
# Oracle_VM_VirtualBox_Extension_Pack-5.0.12-104815.vbox-extpack
|
||||
!:ext gz/tgz/tpz/ipk/vbox-extpack/svgz
|
||||
# trees.blend http://fileformats.archiveteam.org/wiki/BLEND
|
||||
# 2020-07-19-Note-16-24.xoj https://xournal.sourceforge.net/manual.html
|
||||
# MYgnucash-gz.gnucash https://wiki.gnucash.org/wiki/GnuCash_XML_format
|
||||
# text-rotate.dia https://en.wikipedia.org/wiki/Dia_(software)
|
||||
# MYrdata.RData https://en.wikipedia.org/wiki/R_(programming_language)
|
||||
!:ext gz/tgz/tpz/ipk/vbox-extpack/svgz/blend/dia/gnucash/rdata/xoj
|
||||
# FNAME/FCOMMENT bit implies file name/comment as iso-8859-1 text
|
||||
>3 byte&0x18 >0 gzip compressed data
|
||||
!:mime application/gzip
|
||||
@ -83,12 +88,13 @@
|
||||
#!:mime application/x-abiword-compressed
|
||||
#!:mime image/image/svg+xml-compressed
|
||||
# kleopatra_splashscreen.svgz gzipped .svg
|
||||
!:ext gz/tgz/tpz/zabw/svgz
|
||||
# RSI-Mega-Demo_Disk1.adz gzipped .adf http://fileformats.archiveteam.org/wiki/ADF_(Amiga)
|
||||
# PostbankTest.kmy gzipped XML https://docs.kde.org/stable5/en/kmymoney/kmymoney/details.formats.compressed.html
|
||||
# Logo.xcfgz gzipped .xcf http://fileformats.archiveteam.org/wiki/XCF
|
||||
!:ext gz/tgz/tpz/zabw/svgz/adz/kmy/xcfgz
|
||||
>>0 use gzip-info
|
||||
# size of the original (uncompressed) input data modulo 2^32
|
||||
>>-0 offset >48
|
||||
>>>-4 ulelong x \b, original size modulo 2^32 %u
|
||||
>>-0 offset <48 \b, truncated
|
||||
>>-4 ulelong x \b, original size modulo 2^32 %u
|
||||
# display information of gzip compressed files
|
||||
0 name gzip-info
|
||||
#>2 byte x THIS iS GZIP
|
||||
@ -125,6 +131,7 @@
|
||||
# packed data, Huffman (minimum redundancy) codes on a byte-by-byte basis
|
||||
0 string \037\036 packed data
|
||||
!:mime application/octet-stream
|
||||
!:ext z
|
||||
>2 belong >1 \b, %d characters originally
|
||||
>2 belong =1 \b, %d character originally
|
||||
#
|
||||
@ -159,6 +166,7 @@
|
||||
# lzip
|
||||
0 string LZIP lzip compressed data
|
||||
!:mime application/x-lzip
|
||||
!:ext lz
|
||||
>4 byte x \b, version: %d
|
||||
|
||||
# squeeze and crunch
|
||||
@ -194,6 +202,7 @@
|
||||
|
||||
# lzop from <markus.oberhumer@jk.uni-linz.ac.at>
|
||||
0 string \x89\x4c\x5a\x4f\x00\x0d\x0a\x1a\x0a lzop compressed data
|
||||
!:ext lzo
|
||||
>9 beshort <0x0940
|
||||
>>9 byte&0xf0 =0x00 - version 0.
|
||||
>>9 beshort&0x0fff x \b%03x,
|
||||
@ -254,20 +263,24 @@
|
||||
!:mime application/x-7z-compressed
|
||||
!:ext 7z/cb7
|
||||
|
||||
0 name lzma LZMA compressed data,
|
||||
!:mime application/x-lzma
|
||||
!:ext lzma
|
||||
>5 lequad =0xffffffffffffffff streamed
|
||||
>5 lequad !0xffffffffffffffff non-streamed, size %lld
|
||||
|
||||
# Type: LZMA
|
||||
0 lelong&0xffffff =0x5d
|
||||
>12 leshort 0xff LZMA compressed data,
|
||||
!:mime application/x-lzma
|
||||
>>5 lequad =0xffffffffffffffff streamed
|
||||
>>5 lequad !0xffffffffffffffff non-streamed, size %lld
|
||||
>12 leshort 0 LZMA compressed data,
|
||||
>>5 lequad =0xffffffffffffffff streamed
|
||||
>>5 lequad !0xffffffffffffffff non-streamed, size %lld
|
||||
>12 leshort 0xff
|
||||
>>0 use lzma
|
||||
>12 leshort 0
|
||||
>>0 use lzma
|
||||
|
||||
# http://tukaani.org/xz/xz-file-format.txt
|
||||
0 ustring \xFD7zXZ\x00 XZ compressed data, checksum
|
||||
!:strength * 2
|
||||
!:mime application/x-xz
|
||||
!:ext xz
|
||||
>7 byte&0xf 0x0 NONE
|
||||
>7 byte&0xf 0x1 CRC32
|
||||
>7 byte&0xf 0x4 CRC64
|
||||
@ -275,14 +288,15 @@
|
||||
|
||||
# https://github.com/ckolivas/lrzip/blob/master/doc/magic.header.txt
|
||||
0 string LRZI LRZIP compressed data
|
||||
!:mime application/x-lrzip
|
||||
>4 byte x - version %d
|
||||
>5 byte x \b.%d
|
||||
>22 byte 1 \b, encrypted
|
||||
!:mime application/x-lrzip
|
||||
|
||||
# https://fastcompression.blogspot.fi/2013/04/lz4-streaming-format-final.html
|
||||
0 lelong 0x184d2204 LZ4 compressed data (v1.4+)
|
||||
!:mime application/x-lz4
|
||||
!:ext lz4
|
||||
# Added by osm0sis@xda-developers.com
|
||||
0 lelong 0x184c2103 LZ4 compressed data (v1.0-v1.3)
|
||||
!:mime application/x-lz4
|
||||
@ -319,19 +333,26 @@
|
||||
# https://github.com/facebook/zstd/blob/dev/zstd_compression_format.md
|
||||
0 lelong 0xFD2FB522 Zstandard compressed data (v0.2)
|
||||
!:mime application/zstd
|
||||
!:ext zst
|
||||
0 lelong 0xFD2FB523 Zstandard compressed data (v0.3)
|
||||
!:mime application/zstd
|
||||
!:ext zst
|
||||
0 lelong 0xFD2FB524 Zstandard compressed data (v0.4)
|
||||
!:mime application/zstd
|
||||
!:ext zst
|
||||
0 lelong 0xFD2FB525 Zstandard compressed data (v0.5)
|
||||
!:mime application/zstd
|
||||
!:ext zst
|
||||
0 lelong 0xFD2FB526 Zstandard compressed data (v0.6)
|
||||
!:mime application/zstd
|
||||
!:ext zst
|
||||
0 lelong 0xFD2FB527 Zstandard compressed data (v0.7)
|
||||
!:mime application/zstd
|
||||
!:ext zst
|
||||
>4 use zstd-dictionary-id
|
||||
0 lelong 0xFD2FB528 Zstandard compressed data (v0.8+)
|
||||
!:mime application/zstd
|
||||
!:ext zst
|
||||
>4 use zstd-dictionary-id
|
||||
|
||||
# https://github.com/facebook/zstd/blob/dev/zstd_compression_format.md
|
||||
@ -407,3 +428,34 @@
|
||||
# http://www.shikadi.net/moddingwiki/PCX_Library
|
||||
0 string/b pcxLib
|
||||
>0x0A string/b Copyright\020(c)\020Genus\020Microprogramming,\020Inc. pcxLib compressed
|
||||
|
||||
# https://support-docs.illumina.com/SW/ORA_Format_Specification/Content/SW/ORA/ORAFormatSpecification.htm
|
||||
0 uleshort 0x7c49
|
||||
>2 lelong 0x80 ORA FASTQ compressed file
|
||||
>>6 ulelong x \b, DNA size %u
|
||||
>>10 ulelong x \b, read names size %u
|
||||
>>14 ulelong x \b, quality buffer 1 size %u
|
||||
>>18 ulelong x \b, quality buffer 2 size %u
|
||||
>>22 ulelong x \b, sequence buffer size %u
|
||||
>>26 ulelong x \b, N-position buffer size %u
|
||||
>>30 ulelong x \b, crypto buffer size %u
|
||||
>>34 ulelong x \b, misc buffer 1 size %u
|
||||
>>38 ulelong x \b, misc buffer 2 size %u
|
||||
>>42 ulelong x \b, flags %#x
|
||||
>>46 lelong x \b, read size %d
|
||||
>>50 lelong x \b, number of reads %d
|
||||
>>54 leshort x \b, version %d
|
||||
|
||||
# https://github.com/kspalaiologos/bzip3/blob/master/doc/file_format.md
|
||||
0 string/b BZ3v1 bzip3 compressed data
|
||||
>5 ulelong x \b, blocksize %u
|
||||
|
||||
|
||||
# https://support-docs.illumina.com/SW/ORA_Format_Specification/Content/\
|
||||
# SW/ORA/ORAFormatSpecification.htm
|
||||
# From Guillaume Rizk
|
||||
0 short =0x7C49 DRAGEN ORA file,
|
||||
>-261 short =0x7C49 with metadata:
|
||||
>-125 u8 x NB reads: %llu,
|
||||
>-109 u8 x NB bases: %llu.
|
||||
>-219 u4&0x02 2 File contains interleaved paired reads
|
||||
|
@ -1,6 +1,6 @@
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# $File: console,v 1.68 2022/05/14 20:04:43 christos Exp $
|
||||
# $File: console,v 1.72 2023/06/16 19:24:06 christos Exp $
|
||||
# Console game magic
|
||||
# Toby Deshane <hac@shoelace.digivill.net>
|
||||
|
||||
@ -68,7 +68,7 @@
|
||||
!:mime application/x-nes-rom
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# fds: file(1) magic for Famciom Disk System disk images
|
||||
# fds: file(1) magic for Famicom Disk System disk images
|
||||
# Reference: https://wiki.nesdev.com/w/index.php/Family_Computer_Disk_System#.FDS_format
|
||||
# From: David Korth <gerbilsoft@gerbilsoft.com>
|
||||
# TODO: Check "Disk info block" and get info from that in addition to the optional header.
|
||||
@ -544,6 +544,19 @@
|
||||
0 string CPE CPE executable
|
||||
>3 byte x (version %d)
|
||||
|
||||
# Sony PlayStation archive (PSARC)
|
||||
# From: Alexandre Iooss <erdnaxe@crans.org>
|
||||
# URL: https://www.psdevwiki.com/ps3/PlayStation_archive_(PSARC)
|
||||
0 string PSAR Sony PlayStation Archive
|
||||
!:ext psarc
|
||||
>4 ubeshort x \b, version %d.
|
||||
>6 ubeshort x \b%d
|
||||
>8 string zlib \b, zlib compression
|
||||
>8 string lzma \b, LZMA compression
|
||||
>28 ubeshort&2 0 \b, relative paths
|
||||
>28 ubeshort&2 2 \b, absolute paths
|
||||
>28 ubeshort&1 1 \b, ignore case
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# Microsoft Xbox executables .xbe (Esa Hyytia <ehyytia@cc.hut.fi>)
|
||||
0 string XBEH Microsoft Xbox executable
|
||||
@ -684,12 +697,25 @@
|
||||
>6 string BS93 Lynx homebrew cartridge
|
||||
!:mime application/x-atari-lynx-rom
|
||||
>>2 beshort x \b, RAM start $%04x
|
||||
# Update: Joerg Jenderek
|
||||
# Reference: http://mark0.net/download/triddefs_xml.7z/defs/l/lnx.trid.xml
|
||||
# Note: called "Atari Lynx ROM" by TrID
|
||||
0 string LYNX Lynx cartridge
|
||||
!:mime application/x-atari-lynx-rom
|
||||
!:ext lnx
|
||||
# bank 0 page size like: 128 256 512
|
||||
>4 leshort/4 >0 \b, bank 0 %dk
|
||||
>6 leshort/4 >0 \b, bank 1 %dk
|
||||
# 32 bytes cart name like: "jconnort.lyx" "viking~1.lyx" "Eye of the Beholder" "C:\EMU\LYNX\ROMS\ULTCHESS.LYX"
|
||||
>10 string >\0 \b, "%.32s"
|
||||
# 16 bytes manufacturer like: "Atari" "NuFX Inc." "Matthias Domin"
|
||||
>42 string >\0 \b, "%.16s"
|
||||
# version number
|
||||
#>8 leshort !1 \b, version number %u
|
||||
# rotation: 1~left Lexis (NA).lnx 2~right Centipede (Prototype).lnx
|
||||
>58 ubyte >0 \b, rotation %u
|
||||
# spare
|
||||
#>59 lelong !0 \b, spare %#x
|
||||
|
||||
# Opera file system that is used on the 3DO console
|
||||
# From: Serge van den Boom <svdb@stack.nl>
|
||||
@ -760,6 +786,28 @@
|
||||
>5 byte 0 \b, Simple Encoding
|
||||
>6 string x \b, description: %s
|
||||
|
||||
# Compressed ISO disc image (used mostly by PSP, PS2 and MegaDrive)
|
||||
# From: Alexandre Iooss <erdnaxe@crans.org>
|
||||
# URL: https://en.wikipedia.org/wiki/.CSO
|
||||
# NOTE: This is NOT the same as Compact ISO or GameCube/Wii disc image,
|
||||
# though it has the same magic number.
|
||||
0 string CISO
|
||||
# Match CISO version 1 with ISO-9660 sector size
|
||||
>20 ubyte <2
|
||||
>>16 ulelong =2048 CSO v1 disk image
|
||||
!:mime application/x-compressed-iso
|
||||
!:ext ciso/cso
|
||||
>>>8 ulequad x \b, original size %llu bytes
|
||||
>>>16 ulelong x \b, datablock size %u bytes
|
||||
# Match CISO version 2
|
||||
>20 ubyte =2
|
||||
>>22 uleshort =0
|
||||
>>>4 ulelong =24 CSO v2 disk image
|
||||
!:mime application/x-compressed-iso
|
||||
!:ext ciso/cso
|
||||
>>>>8 ulequad x \b, original size %llu bytes
|
||||
>>>>16 ulelong x \b, datablock size %u bytes
|
||||
|
||||
# From: Daniel Dawson <ddawson@icehouse.net>
|
||||
# SNES9x .smv "movie" file format.
|
||||
0 string SMV\x1A SNES9x input recording
|
||||
|
@ -1,5 +1,49 @@
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# $File: crypto,v 1.2 2021/03/27 20:15:53 christos Exp $
|
||||
# $File: crypto,v 1.4 2023/07/17 16:41:48 christos Exp $
|
||||
# crypto: file(1) magic for crypto formats
|
||||
#
|
||||
# Bitcoin block files
|
||||
0 lelong 0xD9B4BEF9 Bitcoin
|
||||
>(4.l+40) lelong 0xD9B4BEF9 reverse block
|
||||
>>4 lelong x \b, size %u
|
||||
# normal block below
|
||||
>0 default x block
|
||||
>>4 lelong x \b, size %u
|
||||
>>8 lelong&0xE0000000 0x20000000
|
||||
>>>8 lelong x \b, BIP9 0x%x
|
||||
>>8 lelong&0xE0000000 !0x20000000
|
||||
>>>8 lelong x \b, version 0x%x
|
||||
>>76 ledate x \b, %s UTC
|
||||
# VarInt counter
|
||||
>>88 ubyte <0xfd \b, txcount %u
|
||||
>>88 ubyte 0xfd
|
||||
>>>89 leshort x \b, txcount %u
|
||||
>>88 ubyte 0xfe
|
||||
>>>89 lelong x \b, txcount %u
|
||||
>>88 ubyte 0xff
|
||||
>>>89 lequad x \b, txcount %llu
|
||||
!:ext dat
|
||||
# option to find more blocks in the file
|
||||
#>>(4.l+8) indirect x ;
|
||||
|
||||
# LevelDB
|
||||
-8 lequad 0xdb4775248b80fb57 LevelDB table data
|
||||
|
||||
# http://www.tarsnap.com/scrypt.html
|
||||
# see scryptenc_setup() in lib/scryptenc/scryptenc.c
|
||||
0 string scrypt\0 scrypt encrypted file
|
||||
>7 byte x \b, N=2**%d
|
||||
>8 belong x \b, r=%d
|
||||
>12 belong x \b, p=%d
|
||||
|
||||
# https://age-encryption.org/
|
||||
# Only the first recipient is printed in detail to prevent repetitive output
|
||||
# in extreme cases ("ssh-rsa, ssh-rsa, ssh-rsa, ...").
|
||||
0 string age-encryption.org/v1\n age encrypted file
|
||||
>25 regex/128 \^[^\040]+ \b, %s recipient
|
||||
>>25 string scrypt
|
||||
>>>&0 regex/64 [0-9]+\$ (N=2**%s)
|
||||
>>&0 search/256 \n->\040 \b, among others
|
||||
|
||||
0 string -----BEGIN\040AGE\040ENCRYPTED\040FILE----- age encrypted file, ASCII armored
|
||||
|
@ -1,6 +1,6 @@
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# $File: database,v 1.67 2022/07/12 18:57:42 christos Exp $
|
||||
# $File: database,v 1.69 2023/01/12 00:14:04 christos Exp $
|
||||
# database: file(1) magic for various databases
|
||||
#
|
||||
# extracted from header/code files by Graeme Wilford (eep2gw@ee.surrey.ac.uk)
|
||||
@ -387,8 +387,22 @@
|
||||
>>>>>20 ubelong&0xFF01209B 0x00000000
|
||||
# dBASE III
|
||||
>>>>>>16 ubyte 3
|
||||
# dBASE III DBT
|
||||
>>>>>>>0 use dbase3-memo-print
|
||||
# skip with invalid "low" 1st item "\0\0\0\0" StateRepository-Deployment.srd-shm "\001\010\0\0" gcry_cast5.mod
|
||||
>>>>>>>512 ubyte >040
|
||||
# skip with valid 1st item "rintf" keylayouts.mod
|
||||
# by looking for valid terminating character Ctrl-Z like in test.dbt
|
||||
>>>>>>>>513 search/3308 \032
|
||||
# skip GRUB plan9.mod with invalid second terminating character 007
|
||||
# by checking second terminating character Ctrl-Z like in test.dbt
|
||||
>>>>>>>>>&0 ubyte 032
|
||||
# dBASE III DBT with two Ctr-Z terminating characters
|
||||
>>>>>>>>>>0 use dbase3-memo-print
|
||||
# second terminating character \0 like in dbase-memo.dbt or GRUB nativedisk.mod
|
||||
>>>>>>>>>&0 ubyte 0
|
||||
# skip GRUB nativedisk.mod with grub_mod_init\0grub_mod_fini\0grub_fs_autoload_hook\0
|
||||
>>>>>>>>>>0x1ad string !grub_mod_init
|
||||
# like dbase-memo.dbt
|
||||
>>>>>>>>>>>0 use dbase3-memo-print
|
||||
# dBASE III DBT without version, dBASE IV DBT , FoxPro FPT , or many ZIP , DBF garbage
|
||||
>>>>>>16 ubyte 0
|
||||
# unusual dBASE III DBT like angest.dbt, dBASE IV DBT with block size 0 , FoxPro FPT , or garbage PCX DBF
|
||||
@ -410,8 +424,25 @@
|
||||
>>>>>>>>>>513 ubyte >037
|
||||
# skip DOS executables CPQ0TD.DRV E30ODI.COM IBM0MONO.DRV by looking for printable 1st character of 1st memo item
|
||||
>>>>>>>>>>>512 ubyte >037
|
||||
# unusual dBASE III DBT like adressen.dbt
|
||||
>>>>>>>>>>>>0 use dbase3-memo-print
|
||||
# skip few (14/758) Microsoft Event Trace Logs (boot_BASE+CSWITCH_1.etl DlTel-Merge.etl UpdateUx.006.etl) with invalid "high" 1st item \377\377
|
||||
>>>>>>>>>>>>512 ubyte <0377
|
||||
# skip some Commodore 64 Art Studio (Deep_Strike.aas dragon's_lair_ii.aas), some Atari DEGAS Elite bitmap (ELEPHANT.PC3 ST.PC2)
|
||||
# some probably old GRUB modules (part_sun.mod) and virtual-boy-wario-land.vb.
|
||||
# by looking for valid terminating character Ctrl-Z
|
||||
>>>>>>>>>>>>>513 search/523 \032
|
||||
# Atari DEGAS bitmap ST.PC2 with 0370 as second terminating character
|
||||
#>>>>>>>>>>>>>>&0 ubyte x 2ND_CHAR_IS=%o
|
||||
# dBASE III DBT with two Ctr-Z terminating characters like dbase3dbt0_1.dbt dbase_83.dbt
|
||||
>>>>>>>>>>>>>>&0 ubyte 032
|
||||
>>>>>>>>>>>>>>>0 use dbase3-memo-print
|
||||
# second terminating character \0 like in pcidump.mod or fsadress.dbt umlaut-dbf-cmd.dbt
|
||||
>>>>>>>>>>>>>>&0 ubyte 0
|
||||
# look for old GRUB module pcidump.mod with specific content "pcidump\0Show raw dump of the PCI configuration space"
|
||||
>>>>>>>>>>>>>>>514 search/0x11E pcidump\0Show
|
||||
# dBASE III DBT with Ctr-Z + \0 terminating characters like fsadress.dbt
|
||||
>>>>>>>>>>>>>>>514 default x
|
||||
# unusual dBASE III DBT like fsadress.dbt umlaut-dbf-cmd.dbt
|
||||
>>>>>>>>>>>>>>>>0 use dbase3-memo-print
|
||||
# dBASE III DBT like angest.dbt, or garbage PCX DBF
|
||||
>>>>>>>>8 ubelong !0
|
||||
# skip PCX and some DBF by test for for reserved NULL bytes
|
||||
@ -424,7 +455,19 @@
|
||||
>>>>>>>>>>>>512 ubyte <0200
|
||||
# skip gluon-ffhat-1.0-tp-link-tl-wr1043n-nd-v2-sysupgrade.bin by printable 2nd character
|
||||
>>>>>>>>>>>>>513 ubyte >037
|
||||
>>>>>>>>>>>>>>0 use dbase3-memo-print
|
||||
# skip few (8/758) Microsoft Event Trace Logs (WBEngine.3.etl Wifi.etl) with valid 1st item like
|
||||
# "9600.20369.amd64fre.winblue_ltsb_escrow.220427-1727"
|
||||
# "9600.19846.amd64fre.winblue_ltsb_escrow.200923-1735"
|
||||
# "10586.494.amd64fre.th2_release_sec.160630-1736"
|
||||
# by looking for valid terminating character Ctrl-Z
|
||||
>>>>>>>>>>>>>>513 search/0x11E \032
|
||||
# followed by second character Ctrl-Z implies typical DBT
|
||||
>>>>>>>>>>>>>>>&0 ubyte 032
|
||||
# examples like: angest.dbt
|
||||
>>>>>>>>>>>>>>>>0 use dbase3-memo-print
|
||||
>>>>>>>>>>>>>>>&0 ubyte 0
|
||||
# no example found here with terminating sequence CTRL-Z + \0
|
||||
>>>>>>>>>>>>>>>>0 use dbase3-memo-print
|
||||
# dBASE IV DBT with positive block size
|
||||
>>>>>>>20 uleshort >0
|
||||
# dBASE IV DBT with valid block length like 512, 1024
|
||||
@ -446,11 +489,16 @@
|
||||
# no positive block length
|
||||
#>20 uleshort =0 \b, block length %u
|
||||
>20 uleshort !0 \b, block length %u
|
||||
# dBase III memo field terminated by \032\032
|
||||
# dBase III memo field terminated often by \032\032
|
||||
# like: "WHAT IS XBASE" test.dbt "Borges, Malte" biblio.dbt "First memo\032\032" T2.DBT
|
||||
>512 string >\0 \b, 1st item "%s"
|
||||
# For DEBUGGING
|
||||
#>512 ubelong x \b, 1ST item %#8.8x
|
||||
#>513 search/0x225 \032 FOUND_TERMINATOR
|
||||
#>>&0 ubyte 032 2xCTRL_Z
|
||||
# fsadress.dbt has 1 Ctrl-Z terminator followed by nil byte
|
||||
#>>&0 ubyte 0 1xCTRL_Z
|
||||
|
||||
# https://www.clicketyclick.dk/databases/xbase/format/dbt.html
|
||||
# Print the information of dBase IV DBT memo file
|
||||
0 name dbase4-memo-print
|
||||
|
@ -1,5 +1,5 @@
|
||||
#------------------------------------------------------------------------------
|
||||
# $File: der,v 1.5 2022/07/30 18:07:34 christos Exp $
|
||||
# $File: der,v 1.6 2023/01/11 23:59:49 christos Exp $
|
||||
# der: file(1) magic for DER encoded files
|
||||
#
|
||||
|
||||
@ -137,3 +137,10 @@
|
||||
>>>>&0 der seq
|
||||
>>>>>&0 der obj_id3=550403
|
||||
>>>>>&0 der utf8_str=x \b, Subject=%s
|
||||
|
||||
# PKCS#7 Signed Data (e.g. JAR Signature Block File)
|
||||
# OID 1.2.840.113549.1.7.2 (2a864886f70d010702)
|
||||
# Reference: https://www.rfc-editor.org/rfc/rfc2315
|
||||
0 der seq
|
||||
>&0 der obj_id9=2a864886f70d010702 DER Encoded PKCS#7 Signed Data
|
||||
!:ext RSA/DSA/EC
|
||||
|
@ -1,25 +0,0 @@
|
||||
|
||||
#------------------------------------------------------------
|
||||
# $File: dsf,v 1.1 2022/01/08 16:29:18 christos Exp $
|
||||
# dsf: file(1) magic for DSD Stream File
|
||||
# URL: https://en.wikipedia.org/wiki/Direct_Stream_Digital
|
||||
# Reference: https://dsd-guide.com/sites/default/files/white-papers/DSFFileFormatSpec_E.pdf
|
||||
0 string DSD\x20 DSD Stream File,
|
||||
>0x30 leshort 1 mono,
|
||||
>0x30 leshort 2 stereo,
|
||||
>0x30 leshort 3 three-channel,
|
||||
>0x30 leshort 4 quad-channel,
|
||||
>0x30 leshort 5 3.1 4-channel,
|
||||
>0x30 leshort 6 five-channel,
|
||||
>0x30 leshort 7 5.1 surround,
|
||||
>0x30 default x
|
||||
>>0x30 leshort x unknown channel format (%d),
|
||||
>0x38 lelong 2822400 simple-rate,
|
||||
>0x38 lelong 5644800 double-rate,
|
||||
>0x38 default x
|
||||
>>0x38 lelong x %d Hz,
|
||||
>0x3c leshort 1 1 bit,
|
||||
>0x3c leshort 8 8 bit,
|
||||
>0x3c default x
|
||||
>>0x3c leshort x %d bit,
|
||||
>0x40 lelong x %d samples
|
45
magic/Magdir/dwarfs
Normal file
45
magic/Magdir/dwarfs
Normal file
@ -0,0 +1,45 @@
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# $File: dwarfs,v 1.2 2023/05/23 13:37:32 christos Exp $
|
||||
# dwarfs: file(1) magic for DwarFS File System Image files
|
||||
# URL: https://github.com/mhx/dwarfs for details about DwarFS
|
||||
# From: Marcus Holland-Moritz <github@mhxnet.de>
|
||||
|
||||
#### DwarFS Version Macro
|
||||
0 name dwarfsversion
|
||||
>&0 byte x \b, version %d
|
||||
>&1 byte x \b.%d
|
||||
|
||||
#### DwarFS Compression Macro
|
||||
0 name dwarfscompression
|
||||
>&0 leshort =0 \b, uncompressed
|
||||
>&0 leshort =1 \b, LZMA compression
|
||||
>&0 leshort =2 \b, ZSTD compression
|
||||
>&0 leshort =3 \b, LZ4 compression
|
||||
>&0 leshort =4 \b, LZ4HC compression
|
||||
>&0 leshort =5 \b, BROTLI compression
|
||||
|
||||
#### DwarFS files without header
|
||||
## We first check against a DWARFS magic at the start of the file, then
|
||||
## validate by checking the block count / section type to be all zeros
|
||||
## for the first block. Finally, we check that the *next* block also
|
||||
## has the correct DWARFS magic.
|
||||
0 string DWARFS
|
||||
>&0x2A string/b \0\0\0\0\0\0
|
||||
>>&(&0x02.q+0x0A) string DWARFS DwarFS File System Image
|
||||
>>>&0 use dwarfsversion
|
||||
>>&0 use dwarfscompression
|
||||
|
||||
#### DwarFS files with header
|
||||
## We search for a DWARFS magic in the first 64k of the file (images with
|
||||
## headers longer than 64k won't be recognized), then validate by checking
|
||||
## the block count / section type to be all zeros for the first block.
|
||||
## Finally, we check that the *next* block also has the correct DWARFS magic.
|
||||
## If we find a DWARFS magic that doesn't pass validation, we continue with
|
||||
## an indirect match recursively.
|
||||
1 search/65536/b DWARFS
|
||||
>&0x2A string/b \0\0\0\0\0\0
|
||||
>>&(&0x02.q+0x0A) string DWARFS DwarFS File System Image (with header)
|
||||
>>>&0 use dwarfsversion
|
||||
>>&0 use dwarfscompression
|
||||
>&-1 indirect x
|
@ -1,6 +1,6 @@
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# $File: elf,v 1.87 2021/05/25 15:19:51 christos Exp $
|
||||
# $File: elf,v 1.88 2023/01/08 17:09:18 christos Exp $
|
||||
# elf: file(1) magic for ELF executables
|
||||
#
|
||||
# We have to check the byte order flag to see what byte order all the
|
||||
@ -8,6 +8,8 @@
|
||||
#
|
||||
# What're the correct byte orders for the nCUBE and the Fujitsu VPP500?
|
||||
#
|
||||
# https://www.sco.com/developers/gabi/latest/ch4.eheader.html
|
||||
#
|
||||
# Created by: unknown
|
||||
# Modified by (1): Daniel Quinlan <quinlan@yggdrasil.com>
|
||||
# Modified by (2): Peter Tobias <tobias@server.et-inf.fho-emden.de> (core support)
|
||||
@ -282,6 +284,12 @@
|
||||
>18 leshort 216 Cognitive Smart Memory,
|
||||
>18 leshort 217 iCelero CoolEngine,
|
||||
>18 leshort 218 Nanoradio Optimized RISC,
|
||||
>18 leshort 219 CSR Kalimba architecture family
|
||||
>18 leshort 220 Zilog Z80
|
||||
>18 leshort 221 Controls and Data Services VISIUMcore processor
|
||||
>18 leshort 222 FTDI Chip FT32 high performance 32-bit RISC architecture
|
||||
>18 leshort 223 Moxie processor family
|
||||
>18 leshort 224 AMD GPU architecture
|
||||
>18 leshort 243 UCB RISC-V,
|
||||
# only for 32-bit
|
||||
>>4 byte 1
|
||||
|
@ -1,5 +1,5 @@
|
||||
#------------------------------------------------------------------------------
|
||||
# $File: filesystems,v 1.150 2022/07/04 16:40:33 christos Exp $
|
||||
# $File: filesystems,v 1.158 2023/05/21 17:19:08 christos Exp $
|
||||
# filesystems: file(1) magic for different filesystems
|
||||
#
|
||||
0 name partid
|
||||
@ -1596,7 +1596,8 @@
|
||||
>0x1e lequad x %lld total clusters,
|
||||
>0x26 lequad x %lld clusters in use
|
||||
|
||||
9564 lelong 0x00011954 Unix Fast File system [v1] (little-endian),
|
||||
|
||||
0 name ffsv1
|
||||
>8404 string x last mounted on %s,
|
||||
#>9504 ledate x last checked at %s,
|
||||
>8224 ledate x last written at %s,
|
||||
@ -1612,105 +1613,59 @@
|
||||
>8320 lelong 0 TIME optimization
|
||||
>8320 lelong 1 SPACE optimization
|
||||
|
||||
42332 lelong 0x19540119 Unix Fast File system [v2] (little-endian)
|
||||
>&-1164 string x last mounted on %s,
|
||||
>&-696 string >\0 volume name %s,
|
||||
>&-304 leqldate x last written at %s,
|
||||
>&-1167 byte x clean flag %d,
|
||||
>&-1168 byte x readonly flag %d,
|
||||
>&-296 lequad x number of blocks %lld,
|
||||
>&-288 lequad x number of data blocks %lld,
|
||||
>&-1332 lelong x number of cylinder groups %d,
|
||||
>&-1328 lelong x block size %d,
|
||||
>&-1324 lelong x fragment size %d,
|
||||
>&-180 lelong x average file size %d,
|
||||
>&-176 lelong x average number of files in dir %d,
|
||||
>&-272 lequad x pending blocks to free %lld,
|
||||
>&-264 lelong x pending inodes to free %d,
|
||||
>&-664 lequad x system-wide uuid %0llx,
|
||||
>&-1316 lelong x minimum percentage of free blocks %d,
|
||||
>&-1248 lelong 0 TIME optimization
|
||||
>&-1248 lelong 1 SPACE optimization
|
||||
|
||||
66908 lelong 0x19540119 Unix Fast File system [v2] (little-endian)
|
||||
>&-1164 string x last mounted on %s,
|
||||
>&-696 string >\0 volume name %s,
|
||||
>&-304 leqldate x last written at %s,
|
||||
>&-1167 byte x clean flag %d,
|
||||
>&-1168 byte x readonly flag %d,
|
||||
>&-296 lequad x number of blocks %lld,
|
||||
>&-288 lequad x number of data blocks %lld,
|
||||
>&-1332 lelong x number of cylinder groups %d,
|
||||
>&-1328 lelong x block size %d,
|
||||
>&-1324 lelong x fragment size %d,
|
||||
>&-180 lelong x average file size %d,
|
||||
>&-176 lelong x average number of files in dir %d,
|
||||
>&-272 lequad x pending blocks to free %lld,
|
||||
>&-264 lelong x pending inodes to free %d,
|
||||
>&-664 lequad x system-wide uuid %0llx,
|
||||
>&-1316 lelong x minimum percentage of free blocks %d,
|
||||
>&-1248 lelong 0 TIME optimization
|
||||
>&-1248 lelong 1 SPACE optimization
|
||||
9564 lelong 0x00011954 Unix Fast File system [v1] (little-endian),
|
||||
>0 use ffsv1
|
||||
|
||||
9564 belong 0x00011954 Unix Fast File system [v1] (big-endian),
|
||||
>7168 belong 0x4c41424c Apple UFS Volume
|
||||
>>7186 string x named %s,
|
||||
>>7176 belong x volume label version %d,
|
||||
>>7180 bedate x created on %s,
|
||||
>8404 string x last mounted on %s,
|
||||
#>9504 bedate x last checked at %s,
|
||||
>8224 bedate x last written at %s,
|
||||
>8401 byte x clean flag %d,
|
||||
>8228 belong x number of blocks %d,
|
||||
>8232 belong x number of data blocks %d,
|
||||
>8236 belong x number of cylinder groups %d,
|
||||
>8240 belong x block size %d,
|
||||
>8244 belong x fragment size %d,
|
||||
>8252 belong x minimum percentage of free blocks %d,
|
||||
>8256 belong x rotational delay %dms,
|
||||
>8260 belong x disk rotational speed %drps,
|
||||
>8320 belong 0 TIME optimization
|
||||
>8320 belong 1 SPACE optimization
|
||||
>0 use \^ffsv1
|
||||
|
||||
0 name ffsv2
|
||||
>212 string x last mounted on %s,
|
||||
>680 string >\0 volume name %s,
|
||||
>1072 leqldate x last written at %s,
|
||||
>209 byte x clean flag %d,
|
||||
>210 byte x readonly flag %d,
|
||||
>1080 lequad x number of blocks %lld,
|
||||
>1088 lequad x number of data blocks %lld,
|
||||
>44 lelong x number of cylinder groups %d,
|
||||
>48 lelong x block size %d,
|
||||
>52 lelong x fragment size %d,
|
||||
>1196 lelong x average file size %d,
|
||||
>1200 lelong x average number of files in dir %d,
|
||||
>1104 lequad x pending blocks to free %lld,
|
||||
>1112 lelong x pending inodes to free %d,
|
||||
>712 lequad x system-wide uuid %0llx,
|
||||
>60 lelong x minimum percentage of free blocks %d,
|
||||
>128 lelong 0 TIME optimization
|
||||
>128 lelong 1 SPACE optimization
|
||||
|
||||
42332 lelong 0x19012038 Unix Fast File system [v2ea] (little-endian)
|
||||
>40960 use ffsv2
|
||||
|
||||
42332 lelong 0x19540119 Unix Fast File system [v2] (little-endian)
|
||||
>40960 use ffsv2
|
||||
|
||||
42332 belong 0x19012038 Unix Fast File system [v2ea] (little-endian)
|
||||
>40960 use \^ffsv2
|
||||
|
||||
42332 belong 0x19540119 Unix Fast File system [v2] (big-endian)
|
||||
>&-1164 string x last mounted on %s,
|
||||
>&-696 string >\0 volume name %s,
|
||||
>&-304 beqldate x last written at %s,
|
||||
>&-1167 byte x clean flag %d,
|
||||
>&-1168 byte x readonly flag %d,
|
||||
>&-296 bequad x number of blocks %lld,
|
||||
>&-288 bequad x number of data blocks %lld,
|
||||
>&-1332 belong x number of cylinder groups %d,
|
||||
>&-1328 belong x block size %d,
|
||||
>&-1324 belong x fragment size %d,
|
||||
>&-180 belong x average file size %d,
|
||||
>&-176 belong x average number of files in dir %d,
|
||||
>&-272 bequad x pending blocks to free %lld,
|
||||
>&-264 belong x pending inodes to free %d,
|
||||
>&-664 bequad x system-wide uuid %0llx,
|
||||
>&-1316 belong x minimum percentage of free blocks %d,
|
||||
>&-1248 belong 0 TIME optimization
|
||||
>&-1248 belong 1 SPACE optimization
|
||||
>40960 use \^ffsv2
|
||||
|
||||
66908 lelong 0x19012038 Unix Fast File system [v2ea] (little-endian)
|
||||
>65536 use ffsv2
|
||||
|
||||
66908 lelong 0x19540119 Unix Fast File system [v2] (little-endian)
|
||||
>65536 use ffsv2
|
||||
|
||||
66908 belong 0x19012038 Unix Fast File system [v2ea] (little-endian)
|
||||
>65536 use \^ffsv2
|
||||
|
||||
66908 belong 0x19540119 Unix Fast File system [v2] (big-endian)
|
||||
>&-1164 string x last mounted on %s,
|
||||
>&-696 string >\0 volume name %s,
|
||||
>&-304 beqldate x last written at %s,
|
||||
>&-1167 byte x clean flag %d,
|
||||
>&-1168 byte x readonly flag %d,
|
||||
>&-296 bequad x number of blocks %lld,
|
||||
>&-288 bequad x number of data blocks %lld,
|
||||
>&-1332 belong x number of cylinder groups %d,
|
||||
>&-1328 belong x block size %d,
|
||||
>&-1324 belong x fragment size %d,
|
||||
>&-180 belong x average file size %d,
|
||||
>&-176 belong x average number of files in dir %d,
|
||||
>&-272 bequad x pending blocks to free %lld,
|
||||
>&-264 belong x pending inodes to free %d,
|
||||
>&-664 bequad x system-wide uuid %0llx,
|
||||
>&-1316 belong x minimum percentage of free blocks %d,
|
||||
>&-1248 belong 0 TIME optimization
|
||||
>&-1248 belong 1 SPACE optimization
|
||||
>65536 use \^ffsv2
|
||||
|
||||
0 ulequad 0xc8414d4dc5523031 HAMMER filesystem (little-endian),
|
||||
>0x90 lelong+1 x volume %d
|
||||
@ -2648,19 +2603,25 @@
|
||||
>10 ubelong x \b-%08x
|
||||
>14 ubeshort x \b%04x
|
||||
|
||||
0x1018 string \xc6\x85\x73\xf6\x4e\x1a\x45\xca\x82\x65\xf5\x7f\x48\xba\x6d\x81 bcachefs
|
||||
>0x1068 lequad 8 \b, UUID=
|
||||
>>0x1038 use bcachefs-uuid
|
||||
>>0x1048 string >0 \b, label "%.32s"
|
||||
>>0x1010 uleshort x \b, version %u
|
||||
>>0x1012 uleshort x \b, min version %u
|
||||
>>0x107a byte x \b, device %d
|
||||
0 name bcachefs bcachefs
|
||||
>0x68 lequad 8 \b, UUID=
|
||||
>>0x38 use bcachefs-uuid
|
||||
>>0x48 string >0 \b, label "%.32s"
|
||||
>>0x10 uleshort x \b, version %u
|
||||
>>0x12 uleshort x \b, min version %u
|
||||
>>0x7a byte x \b, device %d
|
||||
# assumes the first field is the members field
|
||||
>>0x12f4 ulelong 0x01 \b/UUID=
|
||||
>>>0x12f0 default x
|
||||
>>>&(0x107a.b*56) use bcachefs-uuid
|
||||
>>0x107b byte x \b, %d devices
|
||||
>>0x1090 byte ^0x02 \b (unclean)
|
||||
>>0x2f4 ulelong 0x01 \b/UUID=
|
||||
>>>0x2f0 default x
|
||||
>>>&(0x07a.b*56) use bcachefs-uuid
|
||||
>>0x07b byte x \b, %d devices
|
||||
>>0x090 byte ^0x02 \b (unclean)
|
||||
|
||||
0x1018 string \xc6\x85\x73\xf6\x4e\x1a\x45\xca\x82\x65\xf5\x7f\x48\xba\x6d\x81
|
||||
>0x1000 use bcachefs
|
||||
|
||||
0x1018 string \xc6\x85\x73\xf6\x66\xce\x90\xa9\xd9\x6a\x60\xcf\x80\x3d\xf7\xef
|
||||
>0x1000 use bcachefs
|
||||
|
||||
# EROFS
|
||||
# https://kernel.googlesource.com/pub/scm/linux/kernel/git/xiang/erofs-utils/\
|
||||
@ -2687,3 +2648,47 @@
|
||||
>>1104 lelong &4 CHUNKED_FILE
|
||||
>>1104 lelong &8 DEVICE_TABLE
|
||||
>>1104 lelong &16 ZTAILPACKING
|
||||
|
||||
# YAFFS
|
||||
# The layout itself is undocumented, determined by the memory layout of the
|
||||
# reference implementation. This signature is derived from the
|
||||
# reference implementation code and generated test cases
|
||||
# We recognize the start of an object header defined by yaffs_obj_hdr:
|
||||
# (Note the values being encoded depending on platform endianess)
|
||||
|
||||
# u32 type /* enum yaffs_obj_type, valid 1-5 */
|
||||
# u32 parent_obj_id; /* 1 for root objects we recognize */
|
||||
# u16 sum_no_longer_used; /* checksum of name. Not used by YAFFS and memset to 0xFF */
|
||||
# YCHAR name[YAFFS_MAX_NAME_LENGTH + 1];
|
||||
|
||||
# mkyaffsimage always writes a root directory with empty name, then processing the target directory contents
|
||||
# mkyaffs2image directly proceeds to writing entries with the appropriate u32 YAFFS_OBJECT_TYPE (1-5 valid), each with parent id 1
|
||||
|
||||
0 name yaffs
|
||||
>0 ulelong 1 \b, type file
|
||||
>0 ulelong 2 \b, type symlink
|
||||
>0 ulelong 3 \b, type root or directory
|
||||
>0 ulelong 4 \b, type hardlink
|
||||
>0 ulelong 5 \b, type special
|
||||
>0xA byte 0 \b, v1 root directory
|
||||
>0xA byte !0 \b, object entry
|
||||
>>0xA string x (name: "%s")
|
||||
|
||||
# Little Endian: XX 00 00 00 01 00 00 00 FF FF YY
|
||||
# XX: 01 - 05 (object type)
|
||||
# YY: 00 for version 1 root directory, > 00 for version 2 (name data)
|
||||
0x1 string \x00\x00\x00\x01\x00\x00\x00\xFF\xFF
|
||||
>0 ulelong 0
|
||||
>0 ulelong >5
|
||||
>0 default x YAFFS filesystem root entry (little endian)
|
||||
>>0 use yaffs
|
||||
|
||||
# Big Endian: 00 00 00 XX 00 00 00 01 FF FF YY
|
||||
# XX: 01 - 05 (object type)
|
||||
# YY: 00 for version 1 root directory, > 00 for version 2 (name data)
|
||||
0x4 string \x00\x00\x00\x01\xFF\xFF
|
||||
>0 string \x00\x00\x00
|
||||
>>0 ubelong 0
|
||||
>>0 ubelong >5
|
||||
>>0 default x YAFFS filesystem root entry (big endian)
|
||||
>>>0 use \^yaffs
|
||||
|
133
magic/Magdir/firmware
Normal file
133
magic/Magdir/firmware
Normal file
@ -0,0 +1,133 @@
|
||||
#------------------------------------------------------------------------------
|
||||
# $File: firmware,v 1.7 2023/03/11 18:52:03 christos Exp $
|
||||
# firmware: file(1) magic for firmware files
|
||||
#
|
||||
|
||||
# https://github.com/MatrixEditor/frontier-smart-api/blob/main/docs/firmware-2.0.md#11-header-structure
|
||||
# examples: https://github.com/cweiske/frontier-silicon-firmwares
|
||||
0 lelong 0x00001176
|
||||
>4 lelong 0x7c Frontier Silicon firmware download
|
||||
>>8 lelong x \b, MeOS version %x
|
||||
>>12 string/32/T x \b, version %s
|
||||
>>40 string/64/T x \b, customization %s
|
||||
|
||||
# HPE iLO firmware update image
|
||||
# From: Alexandre Iooss <erdnaxe@crans.org>
|
||||
# URL: https://www.sstic.org/2018/presentation/backdooring_your_server_through_its_bmc_the_hpe_ilo4_case/
|
||||
# iLO1 (ilo1*.bin) or iLO2 (ilo2_*.bin) images
|
||||
0 string \x20\x36\xc1\xce\x60\x37\x62\xf0\x3f\x06\xde\x00\x00\x03\x7f\x00
|
||||
>16 ubeshort =0xCFDD HPE iLO2 firmware update image
|
||||
>16 ubeshort =0x6444 HPE iLO1 firmware update image
|
||||
# iLO3 images (ilo3_*.bin) start directly with image name
|
||||
0 string iLO3\x20v\x20 HPE iLO3 firmware update image,
|
||||
>7 string x version %s
|
||||
# iLO4 images (ilo4_*.bin) start with a signature and a certificate
|
||||
0 string --=</Begin\x20HP\x20Signed
|
||||
>75 string label_HPBBatch
|
||||
>>5828 string iLO\x204
|
||||
>>>5732 string HPIMAGE\x00 HPE iLO4 firmware update image,
|
||||
>>>6947 string x version %s
|
||||
# iLO5 images (ilo5_*.bin) start with a signature
|
||||
>75 string label_HPE-HPB-BMC-ILO5-4096
|
||||
>>880 string HPIMAGE\x00 HPE iLO5 firmware update image,
|
||||
>>944 string x version %s
|
||||
|
||||
# IBM POWER Secure Boot Container
|
||||
# from https://github.com/open-power/skiboot/blob/master/libstb/container.h
|
||||
0 belong 0x17082011 POWER Secure Boot Container,
|
||||
>4 beshort x version %u
|
||||
>6 bequad x container size %llu
|
||||
# These are always zero
|
||||
# >14 bequad x target HRMOR %llx
|
||||
# >22 bequad x stack pointer %llx
|
||||
>4096 ustring \xFD7zXZ\x00 XZ compressed
|
||||
0 belong 0x1bad1bad POWER boot firmware
|
||||
>256 belong 0x48002030 (PHYP entry point)
|
||||
|
||||
# ARM Cortex-M vector table
|
||||
# From: Alexandre Iooss <erdnaxe@crans.org>
|
||||
# URL: https://developer.arm.com/documentation/100701/0200/Exception-properties
|
||||
# Match stack MSB
|
||||
3 byte 0x20
|
||||
# Function pointers must be in Thumb-mode and before 0x20000000 (4*5 bits match)
|
||||
>4 ulelong&0xE0000001 1
|
||||
>>8 ulelong&0xE0000001 1
|
||||
>>>12 ulelong&0xE0000001 1
|
||||
>>>>44 ulelong&0xE0000001 1
|
||||
>>>>>56 ulelong&0xE0000001 1
|
||||
# Match Cortex-M reserved sections (0x00000000 or 0xFFFFFFFF)
|
||||
>>>>>>28 ulelong+1 <2
|
||||
>>>>>>>32 ulelong+1 <2
|
||||
>>>>>>>>36 ulelong+1 <2
|
||||
>>>>>>>>>40 ulelong+1 <2
|
||||
>>>>>>>>>>52 ulelong+1 <2 ARM Cortex-M firmware
|
||||
>>>>>>>>>>>0 ulelong >0 \b, initial SP at 0x%08x
|
||||
>>>>>>>>>>>4 ulelong^1 x \b, reset at 0x%08x
|
||||
>>>>>>>>>>>8 ulelong^1 x \b, NMI at 0x%08x
|
||||
>>>>>>>>>>>12 ulelong^1 x \b, HardFault at 0x%08x
|
||||
>>>>>>>>>>>44 ulelong^1 x \b, SVCall at 0x%08x
|
||||
>>>>>>>>>>>56 ulelong^1 x \b, PendSV at 0x%08x
|
||||
|
||||
# ESP-IDF partition table entry
|
||||
# From: Alexandre Iooss <erdnaxe@crans.org>
|
||||
# URL: https://github.com/espressif/esp-idf/blob/v5.0/components/esp_partition/include/esp_partition.h
|
||||
0 string \xAA\x50
|
||||
>2 ubyte <2 ESP-IDF partition table entry
|
||||
>>12 string/16 x \b, label: "%s"
|
||||
>>2 ubyte 0
|
||||
>>>3 ubyte 0x00 \b, factory app
|
||||
>>>3 ubyte 0x10 \b, OTA_0 app
|
||||
>>>3 ubyte 0x11 \b, OTA_1 app
|
||||
>>>3 ubyte 0x12 \b, OTA_2 app
|
||||
>>>3 ubyte 0x13 \b, OTA_3 app
|
||||
>>>3 ubyte 0x14 \b, OTA_4 app
|
||||
>>>3 ubyte 0x15 \b, OTA_5 app
|
||||
>>>3 ubyte 0x16 \b, OTA_6 app
|
||||
>>>3 ubyte 0x17 \b, OTA_7 app
|
||||
>>>3 ubyte 0x18 \b, OTA_8 app
|
||||
>>>3 ubyte 0x19 \b, OTA_9 app
|
||||
>>>3 ubyte 0x1A \b, OTA_10 app
|
||||
>>>3 ubyte 0x1B \b, OTA_11 app
|
||||
>>>3 ubyte 0x1C \b, OTA_12 app
|
||||
>>>3 ubyte 0x1D \b, OTA_13 app
|
||||
>>>3 ubyte 0x1E \b, OTA_14 app
|
||||
>>>3 ubyte 0x1F \b, OTA_15 app
|
||||
>>>3 ubyte 0x20 \b, test app
|
||||
>>2 ubyte 1
|
||||
>>>3 ubyte 0x00 \b, OTA selection data
|
||||
>>>3 ubyte 0x01 \b, PHY init data
|
||||
>>>3 ubyte 0x02 \b, NVS data
|
||||
>>>3 ubyte 0x03 \b, coredump data
|
||||
>>>3 ubyte 0x04 \b, NVS keys
|
||||
>>>3 ubyte 0x05 \b, emulated eFuse data
|
||||
>>>3 ubyte 0x06 \b, undefined data
|
||||
>>>3 ubyte 0x80 \b, ESPHTTPD partition
|
||||
>>>3 ubyte 0x81 \b, FAT partition
|
||||
>>>3 ubyte 0x82 \b, SPIFFS partition
|
||||
>>>3 ubyte 0xFF \b, any data
|
||||
>>4 ulelong x \b, offset: 0x%X
|
||||
>>8 ulelong x \b, size: 0x%X
|
||||
>>28 ulelong&0x1 1 \b, encrypted
|
||||
|
||||
# ESP-IDF application image
|
||||
# From: Alexandre Iooss <erdnaxe@crans.org>
|
||||
# URL: https://github.com/espressif/esp-idf/blob/v5.0/components/bootloader_support/include/esp_app_format.h
|
||||
# Note: Concatenation of esp_image_header_t, esp_image_segment_header_t and esp_app_desc_t
|
||||
# First segment contains esp_app_desc_t
|
||||
0 ubyte 0xE9
|
||||
>32 ulelong 0xABCD5432 ESP-IDF application image
|
||||
>>12 uleshort 0x0000 for ESP32
|
||||
>>12 uleshort 0x0002 for ESP32-S2
|
||||
>>12 uleshort 0x0005 for ESP32-C3
|
||||
>>12 uleshort 0x0009 for ESP32-S3
|
||||
>>12 uleshort 0x000A for ESP32-H2 Beta1
|
||||
>>12 uleshort 0x000C for ESP32-C2
|
||||
>>12 uleshort 0x000D for ESP32-C6
|
||||
>>12 uleshort 0x000E for ESP32-H2 Beta2
|
||||
>>12 uleshort 0x0010 for ESP32-H2
|
||||
>>80 string/32 x \b, project name: "%s"
|
||||
>>48 string/32 x \b, version %s
|
||||
>>128 string/16 x \b, compiled on %s
|
||||
>>>112 string/16 x %s
|
||||
>>144 string/32 x \b, IDF version: %s
|
||||
>>4 ulelong x \b, entry address: 0x%08X
|
@ -1,6 +1,6 @@
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# $File: games,v 1.25 2022/05/31 18:40:20 christos Exp $
|
||||
# $File: games,v 1.31 2023/03/29 22:57:27 christos Exp $
|
||||
# games: file(1) for games
|
||||
|
||||
# Fabio Bonelli <fabiobonelli@libero.it>
|
||||
@ -184,6 +184,15 @@
|
||||
0 string MComprHD MAME CHD compressed hard disk image,
|
||||
>12 belong x version %u
|
||||
|
||||
# MAME input recordings
|
||||
|
||||
0 string MAMEINP\0 MAME input recording
|
||||
>8 leqdate x at %s,
|
||||
>16 leshort x format version %d.
|
||||
>18 leshort x \b%d,
|
||||
>20 string x %s driver,
|
||||
>32 string x %s
|
||||
|
||||
# doom - submitted by Jon Dowland
|
||||
|
||||
0 string =IWAD doom main IWAD data
|
||||
@ -293,12 +302,92 @@
|
||||
>2 regex/c GM\\[21\\] - twix Game
|
||||
|
||||
# Epic Games/Unreal Engine Package
|
||||
#
|
||||
0 lelong 0x9E2A83C1 Unreal Engine Package,
|
||||
>4 leshort x version: %i
|
||||
>12 lelong !0 \b, names: %i
|
||||
>28 lelong !0 \b, imports: %i
|
||||
>20 lelong !0 \b, exports: %i
|
||||
# URL: https://docs.unrealengine.com/udk/Three/ContentCooking.html
|
||||
# https://eliotvu.com/page/unreal-package-file-format
|
||||
# Little-endian version (such as x86 PC)
|
||||
0 lelong 0x9E2A83C1 Unreal Engine package (little-endian)
|
||||
!:ext xxx/tfc/upk/me1/u
|
||||
>4 uleshort !0 \b, version %u
|
||||
>>6 uleshort !0 \b/%03u
|
||||
>>0 use upk_header
|
||||
# Big-endian version (such as PS3)
|
||||
0 belong 0x9E2A83C1 Unreal Engine package (big-endian)
|
||||
!:ext xxx/tfc
|
||||
>6 ubeshort !0 \b, version %u
|
||||
>>4 ubeshort !0 \b/%03u
|
||||
>>0 use \^upk_header
|
||||
|
||||
0 name upk_header
|
||||
# Identify game from version and licensee
|
||||
>4 ulelong 0x000002b2 (Alice Madness Returns)
|
||||
>4 ulelong 0x002f0313 (Aliens: Colonial Marines)
|
||||
>4 ulelong 0x005b021b (Alpha Protocol)
|
||||
>4 ulelong 0x0000032c (AntiChamber)
|
||||
>4 ulelong 0x00200223 (APB: All Points Bulletin)
|
||||
>4 ulelong 0x004b02d7 (Bioshock Infinite)
|
||||
>4 ulelong 0x00380340 (Borderlands 2)
|
||||
>4 ulelong 0x001d02e6 (Bulletstorm)
|
||||
>4 ulelong 0x00050240 (CrimeCraft)
|
||||
>4 ulelong 0x00000356 (Deadlight)
|
||||
>4 ulelong 0x001e0321 (Dishonored)
|
||||
>4 ulelong 0x000202a6 (Dungeon Defenders)
|
||||
>4 ulelong 0x000901ea (Gears of War)
|
||||
>4 ulelong 0x0000023f (Gears of War 2)
|
||||
>4 ulelong 0x0000033c (Gears of War 3)
|
||||
>4 ulelong 0x0000034e (Gears of War: Judgement)
|
||||
>4 ulelong 0x0004035c (Hawken)
|
||||
>4 ulelong 0x0001034a (Infinity Blade 2)
|
||||
>4 ulelong 0x00000350 (InMomentum)
|
||||
>4 ulelong 0x0015037D (Life Is Strange)
|
||||
>4 ulelong 0x000b01a5 (Medal of Honor: Airborne)
|
||||
>4 ulelong 0x002b0218 (Mirrors Edge)
|
||||
>4 ulelong 0x0000027e (Monday Night Combat)
|
||||
>4 ulelong 0x0000024b (MoonBase Alpha)
|
||||
>4 ulelong 0x002e01d8 (Mortal Kombat Komplete Edition 2605)
|
||||
>4 ulelong 0x0000035c (Painkiller HD)
|
||||
>4 ulelong 0x0000034d (Q.U.B.E)
|
||||
>4 ulelong 0x80660340 (Quantum Conundrum)
|
||||
>4 ulelong 0x0000035b (Ravaged)
|
||||
>4 ulelong 0x00150340 (Remember Me)
|
||||
>4 ulelong 0x00060171 (Roboblitz)
|
||||
>4 ulelong 0x00000325 (Rock of Ages)
|
||||
>4 ulelong 0x0000032a (Sanctum)
|
||||
>4 ulelong 0x00030248 (Saw)
|
||||
>4 ulelong 0x007e0248 (Singularity)
|
||||
>4 ulelong 0x00090388 (Soldier Front 2)
|
||||
>4 ulelong 0x000701e6 (Stargate Worlds)
|
||||
>4 ulelong 0x00000334 (Super Monday Night Combat)
|
||||
>4 ulelong 0x000002c2 (The Ball)
|
||||
>4 ulelong 0x000e0262 (The Exiled Realm of Arborea or TERA)
|
||||
>4 ulelong 0x0000035b (The Five Cores)
|
||||
>4 ulelong 0x00000349 (The Haunted: Hells Reach)
|
||||
>4 ulelong 0x00000354 (Unmechanical)
|
||||
>4 ulelong 0x035c0298 (Unreal Development Kit)
|
||||
>4 ulelong 0x00000200 (Unreal Tournament 3)
|
||||
>4 ulelong 0x0000032d (Waves)
|
||||
>4 ulelong 0x003b034d (XCOM: Enemy Unknown)
|
||||
# Newer versions insert more headers
|
||||
>4 ulelong&0xFFFF <249
|
||||
>>12 lelong !0 \b, names: %d
|
||||
>>28 lelong !0 \b, imports: %d
|
||||
>>20 lelong !0 \b, exports: %d
|
||||
>4 ulelong&0xFFFF >248
|
||||
>>12 belong&0xFF !0
|
||||
>>>12 string x \b, folder "%s"
|
||||
>>>>&5 lelong !0 \b, names: %d
|
||||
>>>>&21 lelong !0 \b, imports: %d
|
||||
>>>>&13 lelong !0 \b, exports: %d
|
||||
>>12 belong&0xFF 0
|
||||
>>>16 belong&0xFF !0
|
||||
>>>>16 string x \b, folder "%s"
|
||||
>>>>>&5 lelong !0 \b, names: %d
|
||||
>>>>>&21 lelong !0 \b, imports: %d
|
||||
>>>>>&13 lelong !0 \b, exports: %d
|
||||
>>>16 belong&0xFF 0
|
||||
>>>>20 string x \b, folder "%s"
|
||||
>>>>>&5 lelong !0 \b, names: %d
|
||||
>>>>>&21 lelong !0 \b, imports: %d
|
||||
>>>>>&13 lelong !0 \b, exports: %d
|
||||
|
||||
0 string ESVG
|
||||
>4 lelong 0x00160000
|
||||
@ -510,3 +599,98 @@
|
||||
>>0 ulelong&0xf =8 RDR 2,
|
||||
>>4 ulelong x %d bytes,
|
||||
>>>8 ulelong x %d entries
|
||||
|
||||
# Blitz3D Model File Format
|
||||
# From: Alexandre Iooss <erdnaxe@crans.org>
|
||||
# URL: https://github.com/minetest/B3DExport/blob/master/B3DExport.py
|
||||
0 string BB3D
|
||||
>4 lelong >0
|
||||
>>8 lelong >0 Blitz3D Model
|
||||
!:ext b3d
|
||||
>>>8 lelong x \b, version %d
|
||||
|
||||
# Minetest Schematic File Format
|
||||
# From: Alexandre Iooss <erdnaxe@crans.org>
|
||||
# URL: https://github.com/minetest/minetest/blob/5.6.1/src/mapgen/mg_schematic.h
|
||||
0 string MTSM Minetest Schematic
|
||||
!:ext mts
|
||||
>4 ubeshort x \b, version %d
|
||||
>6 ubeshort x \b, size [%d
|
||||
>8 ubeshort x \b, %d
|
||||
>10 ubeshort x \b, %d]
|
||||
|
||||
# MagicaVoxel File Format
|
||||
# From: Alexandre Iooss <erdnaxe@crans.org>
|
||||
# URL: https://github.com/ephtracy/voxel-model/blob/ee2216c28a78ebb68691dc6cfa9c4ba429117ea2/MagicaVoxel-file-format-vox.txt
|
||||
# Note: This format is used in Veloren voxel RPG.
|
||||
0 string VOX\x20
|
||||
>4 lelong >0 MagicaVoxel model
|
||||
!:ext vox
|
||||
>>4 lelong x \b, version %d
|
||||
|
||||
# Wwise SoundBank
|
||||
# From: Alexandre Iooss <erdnaxe@crans.org>
|
||||
# URL: https://wiki.xentax.com/index.php/Wwise_SoundBank_(*.bnk)
|
||||
0 string BKHD
|
||||
# Little-endian version (such as x86 PC)
|
||||
>4 ulelong <0x100 Wwise SoundBank (little-endian)
|
||||
!:ext bnk
|
||||
>>0 use wwise_bkhd
|
||||
# Big-endian version (such as PS3)
|
||||
>4 ubelong <0x100 Wwise SoundBank (big-endian)
|
||||
!:ext bnk
|
||||
>>0 use \^wwise_bkhd
|
||||
|
||||
0 name wwise_bkhd
|
||||
>8 ulelong x \b, version %d
|
||||
>12 ulelong x \b, id %08X
|
||||
>16 ulelong =0x00 \b, SFX
|
||||
>16 ulelong =0x01 \b, arabic
|
||||
>16 ulelong =0x02 \b, bulgarian
|
||||
>16 ulelong =0x03 \b, chinese (HK)
|
||||
>16 ulelong =0x04 \b, chinese (PRC)
|
||||
>16 ulelong =0x05 \b, chinese (Taiwan)
|
||||
>16 ulelong =0x06 \b, czech
|
||||
>16 ulelong =0x07 \b, danish
|
||||
>16 ulelong =0x08 \b, dutch
|
||||
>16 ulelong =0x09 \b, english (Australia)
|
||||
>16 ulelong =0x0A \b, english (India)
|
||||
>16 ulelong =0x0B \b, english (UK)
|
||||
>16 ulelong =0x0C \b, english (US)
|
||||
>16 ulelong =0x0D \b, finnish
|
||||
>16 ulelong =0x0E \b, french (Canada)
|
||||
>16 ulelong =0x0F \b, french (France)
|
||||
>16 ulelong =0x10 \b, german
|
||||
>16 ulelong =0x11 \b, greek
|
||||
>16 ulelong =0x12 \b, hebrew
|
||||
>16 ulelong =0x13 \b, hungarian
|
||||
>16 ulelong =0x14 \b, indonesian
|
||||
>16 ulelong =0x15 \b, italian
|
||||
>16 ulelong =0x16 \b, japanese
|
||||
>16 ulelong =0x17 \b, korean
|
||||
>16 ulelong =0x18 \b, latin
|
||||
>16 ulelong =0x19 \b, norwegian
|
||||
>16 ulelong =0x1A \b, polish
|
||||
>16 ulelong =0x1B \b, portuguese (Brazil)
|
||||
>16 ulelong =0x1C \b, portuguese (Portugal)
|
||||
>16 ulelong =0x1D \b, romanian
|
||||
>16 ulelong =0x1E \b, russian
|
||||
>16 ulelong =0x1F \b, slovenian
|
||||
>16 ulelong =0x20 \b, spanish (Mexico)
|
||||
>16 ulelong =0x21 \b, spanish (Spain)
|
||||
>16 ulelong =0x22 \b, spanish (US)
|
||||
>16 ulelong =0x23 \b, swedish
|
||||
>16 ulelong =0x24 \b, turkish
|
||||
>16 ulelong =0x25 \b, ukrainian
|
||||
>16 ulelong =0x26 \b, vietnamese
|
||||
|
||||
# Wwise Audio Package
|
||||
# From: Alexandre Iooss <erdnaxe@crans.org>
|
||||
# URL: https://wiki.xentax.com/index.php/Wwise_Audio_PCK
|
||||
0 string AKPK
|
||||
# Little-endian version (such as x86 PC)
|
||||
>8 ulelong <0x100 Wwise Audio Package (little-endian)
|
||||
!:ext pck
|
||||
# Big-endian version (such as PS3)
|
||||
>8 ubelong <0x100 Wwise Audio Package (big-endian)
|
||||
!:ext pck
|
||||
|
@ -1,5 +1,5 @@
|
||||
#------------------------------------------------------------------------------
|
||||
# $File: gentoo,v 1.2 2022/09/12 13:13:28 christos Exp $
|
||||
# $File: gentoo,v 1.5 2022/12/26 17:16:55 christos Exp $
|
||||
# gentoo: file(1) magic for gentoo specific formats
|
||||
#
|
||||
# Summary: Gentoo ebuild Manifest files (GLEP 74)
|
||||
@ -36,6 +36,7 @@
|
||||
# (<tag>'s already been matched prior to calling)
|
||||
0 name gentoo-manifest
|
||||
>&0 regex [[:space:]]+[[:print:]]+[[:space:]]+[[:digit:]]+[[:space:]]+[[:alnum:]]+[[:space:]]+[[:xdigit:]]{32} Gentoo Manifest (GLEP 74)
|
||||
!:mime application/vnd.gentoo.manifest
|
||||
|
||||
# Summary: Gentoo ebuild and eclass files
|
||||
# Reference: https://projects.gentoo.org/pms/8/pms.html
|
||||
@ -43,16 +44,20 @@
|
||||
0 search/512 EAPI=
|
||||
>0 regex .*\n[\040\t]*EAPI=["']? Gentoo ebuild
|
||||
>>&0 regex [[:alnum:]+_.-]+ \b, EAPI %s
|
||||
!:mime application/vnd.gentoo.ebuild
|
||||
|
||||
0 search/512 @ECLASS:\040 Gentoo eclass
|
||||
>&0 string x %s
|
||||
!:mime application/vnd.gentoo.eclass
|
||||
|
||||
# Summary: Gentoo supplementary package and category metadata files
|
||||
# Reference: https://www.gentoo.org/glep/glep-0068.html
|
||||
# Submitted by: Michal Gorny <mgorny@gentoo.org>
|
||||
0 string \<?xml
|
||||
>0 search/512 \<catmetadata Gentoo category metadata file
|
||||
!:mime application/vnd.gentoo.catmetadata+xml
|
||||
>0 search/512 \<pkgmetadata Gentoo package metadata file
|
||||
!:mime application/vnd.gentoo.pkgmetadata+xml
|
||||
|
||||
# Summary: Gentoo GLEP 78 binary package
|
||||
# Reference: https://www.gentoo.org/glep/glep-0078.html
|
||||
@ -64,7 +69,7 @@
|
||||
257 string ustar
|
||||
>0 search/100 /gpkg-1\0
|
||||
>>0 regex [^/]+ Gentoo GLEP 78 (GPKG) binary package for "%s"
|
||||
!:mime application/x-tar
|
||||
!:mime application/vnd.gentoo.gpkg
|
||||
!:ext tar
|
||||
# the logic below requires the gpkg-1 file to be empty
|
||||
>>>124 string 00000000000\0
|
||||
|
@ -1,6 +1,6 @@
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# $File: geo,v 1.8 2022/03/24 15:48:58 christos Exp $
|
||||
# $File: geo,v 1.10 2022/10/31 13:22:26 christos Exp $
|
||||
# Geo- files from Kurt Schwehr <schwehr@ccom.unh.edu>
|
||||
|
||||
######################################################################
|
||||
@ -54,7 +54,43 @@
|
||||
######################################################################
|
||||
|
||||
# GeoAcoustics - GeoSwath Plus
|
||||
4 beshort 0x2002 GeoSwath RDF
|
||||
# Update: Joerg Jenderek
|
||||
# URL: https://www.mbari.org/products/research-software/mb-system/
|
||||
# Reference: http://ccom.unh.edu/sites/default/files/news-and-events/conferences/auv-bootcamp/
|
||||
# GS%2B-6063-BB-GS%2B-Broadcast-Raw-Data-File-Format-Command-Specification.pdf
|
||||
# Note: All data is written using Intel 80x86 byte ordering (LSB to MSB)
|
||||
# raw_header_siz; file header size is 544 bytes
|
||||
4 beshort 0x2002
|
||||
# GRR: line above is too general as it matches also some Microsoft Event Trace Logs *.ETL
|
||||
# skip many (63/753) Microsoft Event Trace Logs (AMSITrace.etl lxcore_kernel.etl NotificationUxBroker.052.etl WindowsBackup.4.etl) with invalid "low" ping header size 0
|
||||
>6 leshort >0 GeoSwath RDF
|
||||
# skip foo samples with invalid "high" spare bytes
|
||||
#>>536 ulequad =0 OK_THIS_IS_GeoSwath_RDF
|
||||
#!:mime application/octet-stream
|
||||
!:mime application/x-geoswath-rdf
|
||||
# http://ccom.unh.edu/sites/default/files/news-and-events/conferences/auv-bootcamp/060116342.rdf
|
||||
!:ext rdf
|
||||
# filename; original file name like: "C:\GS+\Projects\Default\Raw Data Files\060116342.rdf"
|
||||
>>8 string x "%-.512s"
|
||||
# version[8]; recording software version number like: 3.16c
|
||||
>>527 string x \b, version %-.8s
|
||||
# creation; unsigned int file creation time; WHAT time format is this?
|
||||
>>0 ulelong x \b, creation time %#8.8x
|
||||
# raw_ping_header_size; size of ping header in bytes like: 64
|
||||
>>6 leshort !64 \b, ping header size %d
|
||||
# frequency; system frequency in hertz like: 500000
|
||||
>>520 lelong x \b, frequency %d
|
||||
# echo_type; Echosounder type index like: 1
|
||||
>>524 leshort x \b, echo type %#x
|
||||
# file_mode; file mode mask (0x00 bathy & sidescan, 0x80 bathy, 0x40 sidescan, 0x20 seismic)
|
||||
>>526 ubyte !0 \b, file mode %#2.2x
|
||||
# pps_mode; PPS synch mode like: 2
|
||||
>>535 byte x \b, pps mode %#x
|
||||
# char spare[8]; apparently zeroed
|
||||
>>536 ubequad !0 \b, spare %#16.16llx
|
||||
# Ping_number; 1st ping number like: 4944
|
||||
>>544 lelong x \b, 1st ping number %d
|
||||
|
||||
0 string Start:- GeoSwatch auf text file
|
||||
|
||||
# Seabeam 2100
|
||||
@ -88,7 +124,7 @@
|
||||
#
|
||||
######################################################################
|
||||
|
||||
# IVS - IVS3d.com Tagged Data Represetation
|
||||
# IVS - IVS3d.com Tagged Data Representation
|
||||
0 string %%\ TDR\ 2.0 IVS Fledermaus TDR file
|
||||
|
||||
# http://www.ecma-international.org/publications/standards/Ecma-363.htm
|
||||
|
@ -1,6 +1,6 @@
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# $File: images,v 1.227 2022/09/11 20:58:52 christos Exp $
|
||||
# $File: images,v 1.243 2023/07/17 16:49:09 christos Exp $
|
||||
# images: file(1) magic for image formats (see also "iff", and "c-lang" for
|
||||
# XPM bitmaps)
|
||||
#
|
||||
@ -179,7 +179,7 @@
|
||||
# adding 65 to strength so that Netpbm images comes before "x86 boot sector" or
|
||||
# "DOS/MBR boot sector" identified by ./filesystems
|
||||
0 name netpbm
|
||||
>3 regex/s =[0-9]{1,50}[\040\t\f\r\n]+[0-9]{1,50} Netpbm image data
|
||||
>3 regex/s =\^[0-9]{1,50}[\040\t\f\r\n]+[0-9]{1,50} Netpbm image data
|
||||
>>&0 regex =[0-9]{1,50} \b, size = %s x
|
||||
>>>&0 regex =[0-9]{1,50} \b %s
|
||||
|
||||
@ -311,12 +311,12 @@
|
||||
0 string MM\x00\x2a TIFF image data, big-endian
|
||||
!:strength +70
|
||||
!:mime image/tiff
|
||||
!:ext tif,tiff
|
||||
!:ext tif/tiff
|
||||
>(4.L) use \^tiff_ifd
|
||||
0 string II\x2a\x00 TIFF image data, little-endian
|
||||
!:mime image/tiff
|
||||
!:strength +70
|
||||
!:ext tif,tiff
|
||||
!:ext tif/tiff
|
||||
>(4.l) use tiff_ifd
|
||||
|
||||
0 name tiff_ifd
|
||||
@ -625,7 +625,7 @@
|
||||
>>8 string x "%s"
|
||||
# should be point character (2Eh) of version string according to TrID
|
||||
#>6 ubyte !0x2E \b, at 6 %#x
|
||||
# caret character (23h) at the beginning in most or probaly all exanples
|
||||
# caret character (23h) at the beginning in most or probably all examples
|
||||
#>0 ubyte !0x23 \b, starting with character %#x
|
||||
# URL: http://fileformats.archiveteam.org/wiki/DeskMate_Draw
|
||||
# http://en.wikipedia.org/wiki/Deskmate
|
||||
@ -652,7 +652,86 @@
|
||||
>24 string SunGKS \b, SunGKS
|
||||
|
||||
# CGM image files
|
||||
0 string BEGMF clear text Computer Graphics Metafile
|
||||
# Update: Joerg Jenderek
|
||||
# URL: http://fileformats.archiveteam.org/wiki/CGM
|
||||
# https://en.wikipedia.org/wiki/Computer_Graphics_Metafile
|
||||
# Reference: http://mark0.net/download/triddefs_xml.7z/defs/c/cgm-ct.trid.xml
|
||||
# http://standards.iso.org/ittf/PubliclyAvailableStandards/c032381_ISO_IEC_8632-4_1999(E).zip
|
||||
# Note: called "Computer Graphics Metafile (Clear Text)" by TrID and
|
||||
# "Computer Graphics Metafile ASCII" by DROID or CGM by XnView
|
||||
# verified by LibreOffice and partly by XnView `nconvert -info *.CGM`
|
||||
# According to TrID only letter B and M are always upcased and by DROID often only B is upcased for command BEGIN METAFILE
|
||||
0 string/c begmf
|
||||
# skip SOME DROID fmt-301-signature-id-359.cgm fmt-301-signature-id-361.cgm fmt-302-signature-id-364.cgm
|
||||
# fmt-302-signature-id-365.cgm x-fmt-142-signature-id-350.cgm x-fmt-142-signature-id-351.cgm
|
||||
>5 short !0
|
||||
# skip other versions of DROID fmt-301-signature-id-359.cgm fmt-301-signature-id-361.cgm fmt-302-signature-id-364.cgm
|
||||
# fmt-302-signature-id-365.cgm x-fmt-142-signature-id-350.cgm x-fmt-142-signature-id-351.cgm
|
||||
>>5 short !0xABab clear text Computer Graphics Metafile
|
||||
# https://reposcope.com/mimetype/image/cgm
|
||||
!:mime image/cgm
|
||||
!:ext cgm
|
||||
# SF:NAME like: 'metafile example';
|
||||
>>>5 string x %s
|
||||
# look for command METAFILE VERSION (MFVERSION <SOFTSEP> <I:VERSION>)
|
||||
>>>2 search/128/c mfversion
|
||||
#>>>>&0 ubyte x SOFTSEP=%#x
|
||||
# version like: 1 3 4
|
||||
>>>>&1 ubyte >0x31 \b, version %c
|
||||
# Summary: Computer Graphics Metafile (binary)
|
||||
# Reference: http://mark0.net/download/triddefs_xml.7z/defs/c/cgm-bin.trid.xml
|
||||
# https://standards.iso.org/ittf/PubliclyAvailableStandards/c032380_ISO_IEC_8632-3_1999(E).zip
|
||||
# Note: called "Computer Graphics Metafile (binary)" by TrID and DROID or CGM by XnView
|
||||
# verified by LibreOffice and partly by XnView `nconvert -info *.CGM`
|
||||
# look for BEGIN METAFILE (element Class 0 and ID 1 and "random" Parameter) that is binary C C C C 0 0 0 0 0 0 1 P P P P P
|
||||
0 ubeshort&0xFFe0 0x0020
|
||||
# skip SOME DROID fmt-303-signature-id-368.cgm fmt-304-signature-id-369.cgm fmt-305-signature-id-370.cgm fmt-306-signature-id-371.cgm
|
||||
# with containing only 28 bytes
|
||||
>28 ubyte x
|
||||
# look for METAFILE VERSION (element class 1 and id 1 and parameter P1 with length 2) that is binary 0 0 0 1 i i i i i i 1 P P P 1 P
|
||||
# with "low" version; 2nd worst case argentin.cgm with parameter length 56
|
||||
# worst MS.CGM
|
||||
#>>2 search/73/b \x10\x22\0 binary Computer Graphics Metafile
|
||||
>>2 search/128/b \x10\x22\0 binary Computer Graphics Metafile
|
||||
!:mime image/cgm
|
||||
!:ext cgm
|
||||
# metafile 2 byte version number like: 1 (most) 2 3 4
|
||||
>>>&-1 ubeshort >1 \b, version %u
|
||||
# length number of 1st parameter octets in range 0 to 30 implies short command
|
||||
>>>0 ubeshort&0x001F <31 \b, parameter length %u
|
||||
# length of string like: 8 9 10 11 12 29
|
||||
#>>>>2 ubyte x \b, %u BYTES (SHORT)
|
||||
# string like: 'HiJaak 2' 'Example 1' 'sahara.cgm' 'MASTERCLIPS--Art Of Business '
|
||||
>>>>2 pstring >\0 '%s'
|
||||
# after 1st short command with even parameter length comes 2nd command like: 1022h 0010h (EAF00010.CGM 'HiJaak 2' FLOPPY2.CGM TIGER.CGM 'B:\TIGER.CGM')
|
||||
>>>>0 ubeshort&0x0001 =0
|
||||
>>>>>(2.b+3) ubeshort !0x1022 \b, 2nd command %#4.4x (short even)
|
||||
# after 1st short command with odd parameter length comes nil padding byte followed 2nd command like: 1022h
|
||||
>>>>0 ubeshort&0x0001 =1
|
||||
#>>>>>(2.b+3) ubyte !0 \b, PADDING %#x
|
||||
>>>>>(2.b+4) ubeshort !0x1022 \b, 2nd command %#4.4x (short odd)
|
||||
# 11111 binary (decimal 31) in the parameter field indicates that the command is in long-form
|
||||
>>>0 ubeshort&0x001F =0x1F
|
||||
# bit 15 is partition flag with 1 for 'not-last' partition and 0 for 'last' partition
|
||||
>>>>2 ubeshort&0x8000 !0 \b, partition flag %#4.4x
|
||||
# bits 0 to 14 is parameter list length; the number of following parameter octets; range 0 to 32767
|
||||
# length of 1st long command parameter like: 53
|
||||
>>>>2 ubeshort&0x7Fff x \b, parameter length %u (long)
|
||||
# The two header words are then followed by lenghth of 1st string like: 52
|
||||
#>>>>4 ubyte x \b, %u BYTES
|
||||
# string like: 'K:\PROJECTS\GRAPHICS\DWKS3.5\CLIPART\FLAGS\Italy.cgm'
|
||||
>>>>4 pstring/B x '%s'
|
||||
# odd long parameter length implies single null padding octet to start command on word boundary
|
||||
>>>>2 ubeshort&0x0001 =1
|
||||
# after 1st long command with odd parameter length comes nil padding byte followed by 2nd command like: 1022h
|
||||
#>>>>>(4.b+5) ubyte !0 \b, PADDING %#x
|
||||
>>>>>(4.b+6) ubeshort !0x1022 \b, 2nd command %#4.4x (long odd)
|
||||
# even long parameter length implies next command directly is following
|
||||
>>>>2 ubeshort&0x0001 =0
|
||||
# after 1st long command with even parameter length comes 2nd command like: 1022h 0x1054 (MS.CGM)
|
||||
>>>>>(4.b+5) ubeshort !0x1022 \b, 2nd command %#4.4x (long even)
|
||||
# look for END METAFILE (element class 0 and id 2 and 0 parameter) that is binary 0 0 0 0 i i i i i 1 i P P P P P
|
||||
>>>-2 ubeshort !0x0040 \b, NOT_FOUND_END_METAFILE
|
||||
|
||||
# MGR bitmaps (Michael Haardt, u31b3hs@pool.informatik.rwth-aachen.de)
|
||||
0 string yz MGR bitmap, modern format, 8-bit aligned
|
||||
@ -1138,7 +1217,7 @@
|
||||
0 string /*\040
|
||||
# 9 byte c-comment "/* XPM */" not at the beginning like: mozicon16.xpm mozicon50.xpm (thunderbird)
|
||||
>0 search/0xCE /*\ XPM\ */
|
||||
# skip DROID x-fmt-208-signature-id-620.xpm by looking for char aray without explict length
|
||||
# skip DROID x-fmt-208-signature-id-620.xpm by looking for char array without explict length
|
||||
# and match mh-logo.xpm (emacs)
|
||||
>>&0 search/1249 []
|
||||
>>>0 use xpm-image
|
||||
@ -1146,7 +1225,7 @@
|
||||
>0 default x
|
||||
# words are separated by a white space which can be composed of space and tabulation characters
|
||||
>>0 search/0x52 static\040char\040
|
||||
# skip debug.c testmlc.c by looking for char aray without explict length
|
||||
# skip debug.c testmlc.c by looking for char array without explict length
|
||||
# https://www.clamav.net/downloads/production/clamav-0.104.2.tar.gz
|
||||
# clamav-0.104.2\libclammspack\mspack\debug.c
|
||||
>>>&0 search/64 []
|
||||
@ -1459,22 +1538,22 @@
|
||||
# skip g3test.g3 by test for unused bits of 2nd color entry
|
||||
>>4 ubeshort&0xF000 0
|
||||
#>>>0 beshort x 1ST_VALUE=%x
|
||||
>>>-0 offset x FILE_SIZE=%lld
|
||||
#>>>-0 offset x FILE_SIZE=%lld
|
||||
# standard DEGAS low-res uncompressed bitmap *.pi1 with file size 32034
|
||||
>>>-0 offset =32034 VARIANT_STANDARD
|
||||
>>>-0 offset =32034
|
||||
#>>>>0 beshort x 1st_VALUE=%x
|
||||
# like: 8ball.pi1 teddy.pi1 sonic01.pi1
|
||||
>>>>0 use degas-bitmap
|
||||
# about 61 DEGAS Elite low-res uncompressed bitmap *.pi1 with file size 32066
|
||||
>>>-0 offset =32066 VARIANT_ELITE
|
||||
>>>-0 offset =32066
|
||||
# like: spider.pi1 pinkgirl.pi1 frog3.pi1
|
||||
>>>>0 use degas-bitmap
|
||||
# about 55 DEGAS Elite low-res uncompressed bitmap *.pi1 with file size 32128
|
||||
>>>-0 offset =32128 VARIANT_3
|
||||
>>>-0 offset =32128
|
||||
# like: mountain.pi1 bigspid.pi1 alf33.pi1
|
||||
>>>>0 use degas-bitmap
|
||||
# 1 DEGAS Elite low-res uncompressed bitmap *.pi1 with file size 44834
|
||||
>>>-0 offset =44834 VARIANT_4
|
||||
>>>-0 offset =44834
|
||||
# like: kenshin.pi1
|
||||
>>>>0 use degas-bitmap
|
||||
# DEGAS mid-res uncompressed bitmap *.pi2 (strength=50) after GEM Images like:
|
||||
@ -1483,19 +1562,17 @@
|
||||
#!:strength +0
|
||||
# skip many control files like gnucash-4.8.setup.exe.aria2 by test for non black in 4 palette entries
|
||||
>2 quad !0
|
||||
# skip control file load-v0001.aria2 by test for unused bits of 5th color palette entry
|
||||
>>10 ubeshort&0xF000 0
|
||||
# skip many GEM Image data like DANCER.IMG GAMEOVR4.IMG SHIP.IMG by test for unused bits of 8th color palette entry
|
||||
>>>16 ubeshort&0xF000 0
|
||||
# skip many GEM Image data like BEETHVEN.IMG CABINETS.IMG MEMO.IMG by test for unused bits of 14th color palette entry
|
||||
>>>>28 ubeshort&0xF000 0
|
||||
# skip few GEM Image data like CHURCH.IMG by test for unused bits of 15th color palette entry
|
||||
>>>>>30 ubeshort&0xF000 0
|
||||
# skip many GEM Image data like TIGER.IMG TURKEY.IMG XMAS.IMG by test for unused bits of 16th color palette entry
|
||||
>>>>>>32 ubeshort&0xF000 0
|
||||
# skip GEM Image data like clinton.img by test for existing bytes at the end
|
||||
>>>>>>>32026 quad x
|
||||
>>>>>>>>0 use degas-bitmap
|
||||
# skip control file load-v0001.aria2 and many GEM Image data like
|
||||
# GAMEOVR4.IMG BEETHVEN.IMG CHURCH.IMG TURKEY.IMG clinton.img
|
||||
# by test for valid file sizes
|
||||
# standard DEGAS mid-res uncompressed bitmap *.pi2 with file size 32034
|
||||
>>-0 offset =32034
|
||||
# (39/41) like: GEMINI03.PI2 ST_TOOLS.PI2 TBX_DEMO.PI2
|
||||
>>>0 use degas-bitmap
|
||||
# few DEGAS Elite mid-res uncompressed bitmap *.pi2 with file size 32066
|
||||
>>-0 offset =32066
|
||||
# (2/41) like: medres.pi2
|
||||
>>>0 use degas-bitmap
|
||||
# DEGAS high-res uncompressed bitmap *.pi3
|
||||
0 beshort 0x0002
|
||||
# skip Intel ia64 COFF msvcrt.lib by test for unused bits of 1st atari color palette entry
|
||||
@ -1515,8 +1592,12 @@
|
||||
# 00000000 "LEREDACT.PI3" 03730773 "TBX_DEMO.PI3"
|
||||
#>>>>&8 ubelong x \b, LAST CHAR+NIL %8.8x
|
||||
>>>>&8 ubelong&0xff00ffFF !0
|
||||
# skip many Adobe Photoshop Color swatch (ANPA-Farben.aco TOYO-Farbsystem.aco) with invalid 3rd color entry (1319 2201 2206 21f5 2480 24db 25fd)
|
||||
>>>>>6 ubeshort&0xF000 0
|
||||
# skip few Adobe Photoshop Color swatch (FOCOLTONE-Farben.aco "PANTONE process coated.aco") with invalid 4th color entry (ffff)
|
||||
>>>>>>8 ubeshort&0xF000 0
|
||||
# many DEGAS bitmap like: ARABDEMO.PI3 ELMRSESN.PI3 GEMVIEW.PI3 LEREDACT.PI3 PICCOLO.PI3 REPRO_JR.PI3 ST_TOOLS.PI3 TBX_DEMO.PI3 evgem7.pi3
|
||||
>>>>>0 use degas-bitmap
|
||||
>>>>>>>0 use degas-bitmap
|
||||
# test for last character of Adobe PhotoShop Brush UTF16-LE string and terminating nul char
|
||||
>>>>&8 ubelong&0xff00ffFF =0
|
||||
# select last DEGAS bitmaps by invalid last char of brush note like BASICNES.PI3 DB_HELP.PI3 DB_WRITR.PI3 LEREDACT.PI3
|
||||
@ -1528,13 +1609,23 @@
|
||||
0 beshort 0x8000
|
||||
# skip lif files handled via ./lif by test for unused bits of 1st palette entry
|
||||
>2 ubeshort&0xF000 0
|
||||
>>0 use degas-bitmap
|
||||
# skip CRI ADX ADPCM audio (R04HT.adx R03T-15552.adx) with 44100 Hz misinterpreted as 5th color entry value AC44h
|
||||
>>10 ubeshort&0xF000 0
|
||||
# skip few (fmt-840-signature-id-1195.adx fmt-840-signature-id-1199.adx) by test for 4 first non black colors in palette entries
|
||||
>>>2 quad !0
|
||||
>>>>0 use degas-bitmap
|
||||
# DEGAS mid-res compressed bitmap *.pc2 like: abydos.pc2 ARTIS3.PC2 SMTHDRAW.PC2 STAR_2K.PC2 TX2_DEMO.PC2
|
||||
0 beshort 0x8001
|
||||
>0 use degas-bitmap
|
||||
# skip many (1274/1369) PostScript Type 1 font (DarkGardenMK.pfb coupbi.pfb MONOBOLD.PFB) with invalid 1st atari color palette entry 5506 5b06 6906 7906 7e06 fb15
|
||||
>2 ubeshort&0xF000 0
|
||||
# skip some (95/1369) PostScript Type 1 font (fmt-525-signature-id-816.pfb LUXEMBRG.PFB) with invalid 3rd atari color palette entry 2521
|
||||
>>6 ubeshort&0xF000 0
|
||||
>>>0 use degas-bitmap
|
||||
# DEGAS high-res compressed bitmap *.pc3 like: abydos.pc3 COYOTE.PC3 ELEPHANT.PC3 TX2_DEMO.PC3 SMTHDRAW.PC3
|
||||
0 beshort 0x8002
|
||||
>0 use degas-bitmap
|
||||
# skip some (36/212) Python Pickle (factor_cache.pickle environment.pickle) with invalid 1st atari color entry (2863 6363 7d71)
|
||||
>2 ubeshort&0xF000 0
|
||||
>>0 use degas-bitmap
|
||||
# display information of Atari DEGAS and DEGAS Elite bitmap images
|
||||
0 name degas-bitmap
|
||||
>0 ubyte x Atari DEGAS
|
||||
@ -1620,6 +1711,19 @@
|
||||
# channel_delay[4]; 128 - channel delay, timebase 1/60 s
|
||||
#>32058 ubequad !0 \b, channel delays %16.16llx
|
||||
|
||||
# From: Joerg Jenderek
|
||||
# URL: http://fileformats.archiveteam.org/wiki/GED
|
||||
# https://recoil.sourceforge.net/formats.html#Atari-8-bit
|
||||
# Reference: https://sourceforge.net/projects/recoil/files/recoil/6.3.4/recoil-6.3.4.tar.gz
|
||||
# recoil-6.3.4/recoil.c
|
||||
# http://mark0.net/download/triddefs_xml.7z/defs/b/bitmap-ged.trid.xml
|
||||
# Note: called "Atari GED bitmap" by TrID; file size 11302
|
||||
# and verified by RECOIL graphic tool
|
||||
0 string \xFF\xFF0SO\x7F Atari GED bitmap, 160x200
|
||||
#!:mime application/octet-stream
|
||||
!:mime image/x-atari-ged
|
||||
!:ext ged
|
||||
|
||||
# From: Joerg Jenderek
|
||||
# URL: http://fileformats.archiveteam.org/wiki/ImageLab/PrintTechnic
|
||||
# Reference: http://mark0.net/download/triddefs_xml.7z/defs/b/bitmap-b_w.trid.xml
|
||||
@ -1741,6 +1845,113 @@
|
||||
>>>6 belong x 0x%8.8x
|
||||
>>>6 beshort x \b%4.4x
|
||||
|
||||
# From: Joerg Jenderek
|
||||
# URL: https://www.adobe.com/devnet-apps/photoshop/fileformatashtml/
|
||||
# http://fileformats.archiveteam.org/wiki/Photoshop
|
||||
# Reference: http://www.nomodes.com/aco.html
|
||||
# Note: registers as Photoshop.SwatchesFile for Photoshop.exe on Windows
|
||||
# check for valid versions like: 2 (newest) 1 (old) 0 (oldest no examples)
|
||||
0 ubeshort <3
|
||||
# skip few Atari DEGAS med-res bitmap (DIAGRAM1.PI2) and many ISO 9660 CD-ROM by check for invalid low color numbers (0)
|
||||
>2 ubeshort >0
|
||||
# skip few Targa (bmpsuite-15col.tga rgb24_top_left_colormap.tga) by check for invalid high color space ID (F0 1D)
|
||||
>>4 ubeshort <16
|
||||
# skip many (69/327) Targa image *.TGA by check of accessing near the ending of first color space section (size=nc*5*2)
|
||||
>>>(2.S*10) ubelong x
|
||||
# RGB branch for Adobe Photoshop Color swatch
|
||||
>>>>4 ubeshort =0
|
||||
# skip many (220/327) Targa by check of for invalid high RGB color z value (hexadecimal 2 3 2e03 4600 5e04 7502 8002 8b05 c700)
|
||||
>>>>>12 ubeshort =0
|
||||
# RGB branch for Adobe Photoshop Color swatch for older versions
|
||||
>>>>>>0 ubeshort <2
|
||||
>>>>>>>0 use adobe-aco
|
||||
# RGB branch for Adobe Photoshop Color swatch for newer version 2
|
||||
>>>>>>0 ubeshort =2
|
||||
# skip many (74/176) Atari DEGAS hi-res bitmap (*.PI3) by check for invalid low color name length (0)
|
||||
>>>>>>>16 ubeshort >0
|
||||
>>>>>>>>0 use adobe-aco
|
||||
# non RGB branch for Adobe Photoshop Color swatch
|
||||
>>>>4 ubeshort !0
|
||||
# non RGB branch for Adobe Photoshop Color swatch for older versions
|
||||
>>>>>0 ubeshort <2
|
||||
# skip many GEM Image (CHURCH.IMG TIGER.IMG) by check for invalid second high color space ID (55 114 143 157 256 288 450)
|
||||
>>>>>>14 ubeshort <16
|
||||
>>>>>>>0 use adobe-aco
|
||||
# non RGB branch for Adobe Photoshop Color swatch for newer version 2
|
||||
>>>>>0 ubeshort =2
|
||||
# skip few Atari DEGAS hi-res bitmap (pal1wb-blue.pi3) and few ABR by check for invalid "high" nil bytes (7) before color name length
|
||||
>>>>>>14 ubeshort =0
|
||||
>>>>>>>0 use adobe-aco
|
||||
# display Adobe Photoshop Color swatch file information (version, number of colors, color spaces, coordinates, names)
|
||||
0 name adobe-aco
|
||||
>0 ubeshort x Adobe Photoshop Color swatch, version %u
|
||||
#!:mime application/octet-stream
|
||||
!:mime application/x-adobe-aco
|
||||
!:apple ????8BCO
|
||||
!:ext aco
|
||||
>0 ubeshort <2
|
||||
>>(2.S*10) ubelong x
|
||||
# version 2 section after version 1 section
|
||||
>>>&0 ubeshort 2 and 2
|
||||
# nc; number of colors like: 20 50 86 88 126 204 300 1050 1137 1280 2092 3010 4096
|
||||
>2 ubeshort x \b, %u colors
|
||||
# maybe last 4 bytes of first section (probably y z color value) like: 0 0x66660000 0xfe700000 0xffff0000
|
||||
#>(2.S*10) ubelong x 1ST_SECTION_END=%#8.8x
|
||||
>0 ubeshort <2 \b; 1st
|
||||
# first older Adobe Photoshop Color entry
|
||||
>>4 use aco-color
|
||||
>>>2 ubeshort >1 \b; 2nd
|
||||
# second older Adobe Photoshop Color entry
|
||||
>>>>14 use aco-color
|
||||
>0 ubeshort =2 \b; 1st
|
||||
# first new Adobe Photoshop Color entry
|
||||
>>4 use aco-color-v2
|
||||
>>>2 ubeshort >1 \b; 2nd
|
||||
# jump first color name length words
|
||||
>>>>(16.S*2) ubequad x
|
||||
# second new Adobe Photoshop Color entry
|
||||
>>>>>&10 use aco-color-v2
|
||||
# display Adobe Photoshop Color entry (color space, color coordinates)
|
||||
0 name aco-color
|
||||
# each color spec entry occupies five words
|
||||
# color space: 0~RGB 1~HSB 2~CMYK 3~Pantone 4~Focoltone 5~Trumatch 6~Toyo 7~Lab 8~Grayscale 9?~wideCMYK 10~HKS ...
|
||||
#>0 ubeshort x COLOR_ENTRY
|
||||
>0 ubeshort 0 RGB
|
||||
>0 ubeshort 1 HSB
|
||||
>0 ubeshort 2 CMYK
|
||||
>0 ubeshort 3 Pantone
|
||||
>0 ubeshort 4 Focoltone
|
||||
>0 ubeshort 5 Trumatch
|
||||
>0 ubeshort 6 Toyo
|
||||
>0 ubeshort 7 Lab
|
||||
>0 ubeshort 8 Grayscale
|
||||
>0 ubeshort 9 wide CMYK
|
||||
>0 ubeshort 10 HKS
|
||||
# unofficial
|
||||
# >0 ubeshort 12 foo
|
||||
# >0 ubeshort 13 bar
|
||||
# >0 ubeshort 14 FOO
|
||||
# >0 ubeshort 15 BAR
|
||||
>0 ubeshort x space (%u)
|
||||
# color coordinate w
|
||||
>2 ubeshort x \b, w %#x
|
||||
# color coordinate x
|
||||
>4 ubeshort x \b, x %#x
|
||||
# color coordinate y
|
||||
>6 ubeshort x \b, y %#x
|
||||
# color coordinate z; zero for RGB space
|
||||
>8 ubeshort x \b, z %#x
|
||||
# display Adobe Photoshop Color entry version 2 (color space, color coordinates names)
|
||||
0 name aco-color-v2
|
||||
>0 use aco-color
|
||||
#>10 ubeshort x \b, NUL_BYTES %#x
|
||||
# color name length plus one (len+1) like: 7 8 9 13 14 15 16 17 22 26
|
||||
#>>12 ubeshort x \b, LENGTH %u
|
||||
>>12 ubeshort-1 x \b, %u chars
|
||||
# len words; UTF-16 representation of the color name like: "DIC 1s" "PANTONE Process Yellow PC"
|
||||
>>14 bestring16 x "%s"
|
||||
# followed by nil word
|
||||
|
||||
# XV thumbnail indicator (ThMO)
|
||||
# URL: https://en.wikipedia.org/wiki/Xv_(software)
|
||||
# Reference: http://fileformats.archiveteam.org/wiki/XV_thumbnail
|
||||
@ -2351,7 +2562,7 @@
|
||||
# URL: http://local.wasp.uwa.edu.au/~pbourke/dataformats/pic/
|
||||
# Radiance HDR; usually has .pic or .hdr extension.
|
||||
0 string #?RADIANCE\n Radiance HDR image data
|
||||
#!mime image/vnd.radiance
|
||||
!:mime image/vnd.radiance
|
||||
|
||||
# From: Adam Buchbinder <adam.buchbinder@gmail.com>
|
||||
# URL: https://www.mpi-inf.mpg.de/resources/pfstools/pfs_format_spec.pdf
|
||||
@ -2537,6 +2748,7 @@
|
||||
|
||||
# BS encoded bitstreams
|
||||
2 uleshort 0x3800 BS image,
|
||||
# GRR: the above line is also true for binary Computer Graphics Metafile SAB00012.CGM with long parameter length 56 (=38h)
|
||||
>6 uleshort x Version %d,
|
||||
>4 uleshort x Quantization %d,
|
||||
>0 uleshort x (Decompresses to %d words)
|
||||
@ -3720,6 +3932,29 @@
|
||||
# display ICC/ICM color profile by ./icc
|
||||
#>>>0x154 use color-profile
|
||||
|
||||
# URL: http://fileformats.archiveteam.org/wiki/CorelDRAW
|
||||
# https://en.wikipedia.org/wiki/CorelDRAW
|
||||
# Reference: http://mark0.net/download/triddefs_xml.7z/defs/c/cdr-gen.trid.xml
|
||||
# Note: called "CorelDRAW drawing (generic)" by TrID
|
||||
# version til 2 WL-based; from version 3 til 13 handled by ./riff and from 14 zip based handled by ./archive
|
||||
0 ubelong&0xFFffF7ff 0x574C6500 Corel Draw Picture
|
||||
#!:mime image/x-coreldraw
|
||||
!:mime application/vnd.corel-draw
|
||||
!:ext cdr
|
||||
# Reference: http://mark0.net/download/triddefs_xml.7z/defs/c/cdr-corel-10.trid.xml
|
||||
# Note: called "CorelDRAW drawing (v1.0)" by TrID and
|
||||
# "CorelDraw Drawing" with version "1.0" by DROID via PUID fmt/467
|
||||
# only DROID fmt-467-signature-id-726.cdr example
|
||||
>2 ubyte 0x65 \b, version 1.0
|
||||
#>>4 ubelong !0x45000000 \b, at 4 %#8.8x
|
||||
# Reference: http://mark0.net/download/triddefs_xml.7z/defs/c/cdr-corel-20.trid.xml
|
||||
# Note: called "CorelDRAW drawing (v2.0)" by TrID and
|
||||
# "CorelDraw Drawing" with version "2.0" by DROID via PUID fmt/466
|
||||
>2 ubyte 0x6D \b, version 2.0
|
||||
# According to DROID 0xed080000 or 0x25050000
|
||||
#>>4 ubelong !0xed080000
|
||||
#>>>4 ubelong !0x25050000 \b, at 4 %#8.8x
|
||||
|
||||
# Type: Crunch compressed texture.
|
||||
# From: David Korth <gerbilsoft@gerbilsoft.com>
|
||||
# References:
|
||||
@ -3937,3 +4172,48 @@
|
||||
#!:mime application/octet-stream
|
||||
!:mime image/x-idf
|
||||
!:ext idf
|
||||
|
||||
# Type: ColoRIX VGA Paint Image File (.rix/.sci/.scX)
|
||||
# From: Eddy Jansson <github.com/eloj>
|
||||
# Reference: https://www.fileformat.info/format/rix/spec/
|
||||
#
|
||||
0 name rix-header
|
||||
>0 uleshort x \b, %u x
|
||||
>2 uleshort x %u
|
||||
# palette type:
|
||||
# .. if direct color, low bits encode bpp
|
||||
>4 ubyte&128 0
|
||||
>>4 ubyte&127 x \b %u bpp (direct color)
|
||||
# .. else palette
|
||||
>4 ubyte&128 128
|
||||
>>4 ubyte&7 0 \b x 2
|
||||
>>4 ubyte&7 1 \b x 4
|
||||
>>4 ubyte&7 2 \b x 8
|
||||
>>4 ubyte&7 3 \b x 16
|
||||
>>4 ubyte&7 4 \b x 32
|
||||
>>4 ubyte&7 5 \b x 64
|
||||
>>4 ubyte&7 6 \b x 128
|
||||
>>4 ubyte&7 7 \b x 256
|
||||
# storage type
|
||||
#>5 ubyte&15 0 \b, Linear
|
||||
>5 ubyte&15 1 \b, Planar (0213)
|
||||
>5 ubyte&15 2 \b, Planar
|
||||
>5 ubyte&15 3 \b, Text
|
||||
>5 ubyte&15 4 \b, Planar lines
|
||||
>5 ubyte&128 128 \b (compressed)
|
||||
>5 ubyte&64 64 \b (extension)
|
||||
>5 ubyte&32 32 \b (encrypted)
|
||||
|
||||
0 string RIX3 ColoRIX Image
|
||||
>4 use rix-header
|
||||
|
||||
0 string RIX7 ColoRIX Slideshow
|
||||
|
||||
# http://fileformats.archiveteam.org/wiki/PaperPort_(MAX)
|
||||
0 string ViG Visioneer PaperPort
|
||||
>3 string Ae 2
|
||||
>3 string Be 2
|
||||
>3 string Cj 3-4
|
||||
>3 string Em 5-7
|
||||
>3 string Fk 8-12
|
||||
>3 default x MAX
|
||||
|
@ -1,6 +1,6 @@
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# $File: intel,v 1.22 2022/04/02 14:47:42 christos Exp $
|
||||
# $File: intel,v 1.23 2022/10/31 13:22:26 christos Exp $
|
||||
# intel: file(1) magic for x86 Unix
|
||||
#
|
||||
# Various flavors of x86 UNIX executable/object (other than Xenix, which
|
||||
@ -141,7 +141,7 @@
|
||||
# e80d0fcbh PXE-Intel.rom
|
||||
# b8004875h orchid.bin
|
||||
>>3 ubelong x %#8.8x
|
||||
# For misidetified raspberry pi pieeprom-*.bin like: 0xf00f
|
||||
# For misidentified raspberry pi pieeprom-*.bin like: 0xf00f
|
||||
#>2 ubeshort x \b, AT 2 %#4.4x
|
||||
################################################################################
|
||||
# new sections for BIOS (ia32) ROM Extension
|
||||
@ -230,12 +230,12 @@
|
||||
# PCI data structure length like: 24h 28h
|
||||
>>(24.s+0xA) uleshort >0x28 \b, length %u
|
||||
# PCI data structure revision like: 0 3
|
||||
>>(24.s+0xC) ubyte >0 \b, revison %u
|
||||
>>(24.s+0xC) ubyte >0 \b, revision %u
|
||||
# image length (hexadecimal) in multiple of 512 bytes like: 54 56 68 6a 76 78 7c 7d 7e 7f 80 81 83
|
||||
# Apparently this gives the same information as given by byte at offset 2 but as 16-bit
|
||||
#>>(24.s+0x10) uleshort x \b, length %u*512
|
||||
# revision level of code/data like: 0 1 201h 502h
|
||||
>>(24.s+0xC) ubyte >1 \b, code revison %#x
|
||||
>>(24.s+0xC) ubyte >1 \b, code revision %#x
|
||||
# code type: 0~Intel x86/PC-AT compatible 1~Open firmware standard for PCI42 FF~Reserved
|
||||
>>(24.s+0x14) ubyte >0 \b, code type %#x
|
||||
# last image indicator; bit 7 indicates "last image"; bits 0-6 are reserved
|
||||
|
@ -1,6 +1,6 @@
|
||||
|
||||
#------------------------------------------------------------
|
||||
# $File: java,v 1.21 2019/02/18 17:58:50 christos Exp $
|
||||
# $File: java,v 1.22 2023/01/11 23:59:49 christos Exp $
|
||||
# Java ByteCode and Mach-O binaries (e.g., Mac OS X) use the
|
||||
# same magic number, 0xcafebabe, so they are both handled
|
||||
# in the entry called "cafebabe".
|
||||
@ -43,3 +43,10 @@
|
||||
>6 leshort >0x00 \b, version %d
|
||||
>4 leshort x \b.%d
|
||||
!:mime application/x-java-image
|
||||
|
||||
# JAR Manifest & Signature File
|
||||
# Reference: https://docs.oracle.com/javase/8/docs/technotes/guides/jar/jar.html
|
||||
0 string/t Manifest-Version:\x201.0 JAR Manifest
|
||||
!:ext MF
|
||||
0 string/t Signature-Version:\x201.0 JAR Signature File
|
||||
!:ext SF
|
||||
|
@ -1,20 +1,70 @@
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# $File: javascript,v 1.4 2022/09/02 08:08:17 christos Exp $
|
||||
# $File: javascript,v 1.5 2023/01/12 00:02:16 christos Exp $
|
||||
# javascript: magic for javascript and node.js scripts.
|
||||
#
|
||||
0 string/w #!/bin/node Node.js script text executable
|
||||
0 string/tw #!/bin/node Node.js script executable
|
||||
!:mime application/javascript
|
||||
0 string/w #!/usr/bin/node Node.js script text executable
|
||||
0 string/tw #!/usr/bin/node Node.js script executable
|
||||
!:mime application/javascript
|
||||
0 string/w #!/bin/nodejs Node.js script text executable
|
||||
0 string/tw #!/bin/nodejs Node.js script executable
|
||||
!:mime application/javascript
|
||||
0 string/w #!/usr/bin/nodejs Node.js script text executable
|
||||
0 string/tw #!/usr/bin/nodejs Node.js script executable
|
||||
!:mime application/javascript
|
||||
0 string #!/usr/bin/env\ node Node.js script text executable
|
||||
0 string/t #!/usr/bin/env\ node Node.js script executable
|
||||
!:mime application/javascript
|
||||
0 string #!/usr/bin/env\ nodejs Node.js script text executable
|
||||
0 string/t #!/usr/bin/env\ nodejs Node.js script executable
|
||||
!:mime application/javascript
|
||||
|
||||
# JavaScript
|
||||
# The strength is increased to beat the C++ & HTML rules
|
||||
0 search "use\x20strict" JavaScript source
|
||||
!:strength +30
|
||||
!:mime application/javascript
|
||||
!:ext js
|
||||
0 search 'use\x20strict' JavaScript source
|
||||
!:strength +30
|
||||
!:mime application/javascript
|
||||
!:ext js
|
||||
0 regex module(\\.|\\[["'])exports.*= JavaScript source
|
||||
!:strength +30
|
||||
!:mime application/javascript
|
||||
!:ext js
|
||||
0 regex \^(const|var|let).*=.*require\\( JavaScript source
|
||||
!:strength +30
|
||||
!:mime application/javascript
|
||||
!:ext js
|
||||
0 regex \^export\x20(function|class|default|const|var|let|async)\x20 JavaScript source
|
||||
!:strength +30
|
||||
!:mime application/javascript
|
||||
!:ext js
|
||||
0 regex \\((async\x20)?function[(\x20] JavaScript source
|
||||
!:strength +30
|
||||
!:mime application/javascript
|
||||
!:ext js
|
||||
0 regex \^(import|export).*\x20from\x20 JavaScript source
|
||||
!:strength +30
|
||||
!:mime application/javascript
|
||||
!:ext js
|
||||
0 regex \^(import|export)\x20["']\\./ JavaScript source
|
||||
!:strength +30
|
||||
!:mime application/javascript
|
||||
!:ext js
|
||||
0 regex \^require\\(["'] JavaScript source
|
||||
!:strength +30
|
||||
!:mime application/javascript
|
||||
!:ext js
|
||||
0 regex typeof.*[!=]== JavaScript source
|
||||
!:strength +30
|
||||
!:mime application/javascript
|
||||
!:ext js
|
||||
|
||||
# React Native minified JavaScript
|
||||
0 search/128 __BUNDLE_START_TIME__= React Native minified JavaScript
|
||||
!:strength +30
|
||||
!:mime application/javascript
|
||||
!:ext bundle/jsbundle
|
||||
|
||||
# Hermes by Facebook https://hermesengine.dev/
|
||||
# https://github.com/facebook/hermes/blob/master/include/hermes/\
|
||||
# BCGen/HBC/BytecodeFileFormat.h#L24
|
||||
|
@ -1,6 +1,6 @@
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# $File: jpeg,v 1.37 2022/06/17 18:03:35 christos Exp $
|
||||
# $File: jpeg,v 1.38 2022/12/02 17:42:04 christos Exp $
|
||||
# JPEG images
|
||||
# SunOS 5.5.1 had
|
||||
#
|
||||
@ -239,8 +239,7 @@
|
||||
# Reference: http://mark0.net/download/triddefs_xml.7z/defs/b/bitmap-jxl.trid.xml
|
||||
# Note: called by TrID "JPEG XL bitmap"
|
||||
0 string \xff\x0a JPEG XL codestream
|
||||
#!:mime image/jxl
|
||||
!:mime image/x-jxl
|
||||
!:mime image/jxl
|
||||
!:ext jxl
|
||||
|
||||
# JPEG XL (transcoded JPEG file)
|
||||
@ -249,6 +248,5 @@
|
||||
# Reference: http://mark0.net/download/triddefs_xml.7z/defs/b/bitmap-jxl-iso.trid.xml
|
||||
# Note: called by TrID "JPEG XL bitmap (ISOBMFF)"
|
||||
0 string \x00\x00\x00\x0cJXL\x20\x0d\x0a\x87\x0a JPEG XL container
|
||||
#!:mime image/jxl
|
||||
!:mime image/x-jxl
|
||||
!:mime image/jxl
|
||||
!:ext jxl
|
||||
|
@ -1,6 +1,6 @@
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# $File: lif,v 1.10 2021/04/26 15:56:00 christos Exp $
|
||||
# $File: lif,v 1.11 2022/10/19 20:15:16 christos Exp $
|
||||
# lif: file(1) magic for lif
|
||||
#
|
||||
# (Daniel Quinlan <quinlan@yggdrasil.com>)
|
||||
@ -16,9 +16,9 @@
|
||||
>14 beshort =0
|
||||
# skip MUNCHIE.PC1 BOARD.PC1 ENEMIES.PC1 by test for low version number
|
||||
>>20 ubeshort <0x0100
|
||||
# skip DEGAS MUNCHIE.PC1 BOARD.PC1 ENEMIES.PC1 by test for ASCII like volume name
|
||||
#>>>2 ubelong >0x2020201F
|
||||
>>>0 use lif-file
|
||||
# skip DROID fmt-840-signature-id-1195.adx fmt-840-signature-id-1199.adx by test for ASCII like volume name
|
||||
>>>2 ubelong >0x2020201F
|
||||
>>>>0 use lif-file
|
||||
0 name lif-file
|
||||
# LIF ID
|
||||
>0 beshort x lif file
|
||||
@ -27,6 +27,7 @@
|
||||
!:ext lif/hpi/dat
|
||||
# volume label; A-Z 0-9 _ ; default are 6 spaces
|
||||
>2 string x "%.6s"
|
||||
#>2 ubelong x LABEL=%8.8x
|
||||
# version number; 0 for systems without extensions or 1 for model 64000
|
||||
>20 ubeshort x \b, version %u
|
||||
# LIF identifier; 010000 for system 3000
|
||||
|
@ -1,6 +1,6 @@
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# $File: linux,v 1.82 2022/09/07 11:23:44 christos Exp $
|
||||
# $File: linux,v 1.85 2023/07/17 14:40:09 christos Exp $
|
||||
# linux: file(1) magic for Linux files
|
||||
#
|
||||
# Values for Linux/i386 binaries, from Daniel Quinlan <quinlan@yggdrasil.com>
|
||||
@ -67,8 +67,8 @@
|
||||
>16 lelong x %d characters,
|
||||
>12 lelong&0x01 0 no directory,
|
||||
>12 lelong&0x01 !0 Unicode directory,
|
||||
>24 lelong x %d
|
||||
>28 lelong x \bx%d
|
||||
>28 lelong x %d
|
||||
>24 lelong x \bx%d
|
||||
|
||||
# Linux swap and hibernate files
|
||||
# Linux kernel: include/linux/swap.h
|
||||
@ -380,26 +380,96 @@
|
||||
# Systemd journald files
|
||||
# See https://www.freedesktop.org/wiki/Software/systemd/journal-files/.
|
||||
# From: Zbigniew Jedrzejewski-Szmek <zbyszek@in.waw.pl>
|
||||
|
||||
# check magic
|
||||
# Update: Joerg Jenderek
|
||||
# URL: https://systemd.io/JOURNAL_FILE_FORMAT/
|
||||
# Reference: http://mark0.net/download/triddefs_xml.7z/defs/j/journal-sysd.trid.xml
|
||||
# Note: called "systemd journal" by TrID
|
||||
# verified by `journalctl --file=user-1000.journal`
|
||||
# check magic signature[8]
|
||||
0 string LPKSHHRH
|
||||
# check that state is one of known values
|
||||
# STATE_OFFLINE~0 STATE_ONLINE~1 STATE_ARCHIVED~2
|
||||
>16 ubyte&252 0
|
||||
# check that each half of three unique id128s is non-zero
|
||||
# file_id
|
||||
>>24 ubequad >0
|
||||
>>>32 ubequad >0
|
||||
# machine_id
|
||||
>>>>40 ubequad >0
|
||||
>>>>>48 ubequad >0
|
||||
# boot_id; last writer
|
||||
>>>>>>56 ubequad >0
|
||||
>>>>>>>64 ubequad >0 Journal file
|
||||
!:mime application/octet-stream
|
||||
#!:mime application/octet-stream
|
||||
!:mime application/x-linux-journal
|
||||
# provide more info
|
||||
# head_entry_realtime; contains a POSIX timestamp stored in microseconds
|
||||
>>>>>>>>184 leqdate/1000000 !0 \b, %s
|
||||
>>>>>>>>184 leqdate 0 empty
|
||||
>>>>>>>>16 ubyte 0 \b, offline
|
||||
>>>>>>>>16 ubyte 1 \b, online
|
||||
# If a file is closed after writing the state field should be set to STATE_OFFLINE
|
||||
>>>>>>>>16 ubyte 0 \b,
|
||||
# for offline and empty only journal~ extension found
|
||||
>>>>>>>>>184 leqdate 0 offline
|
||||
# https://man7.org/linux/man-pages/man8/systemd-journald.service.8.html
|
||||
# GRR: add char ~ inside parse_ext in ../../src/apprentice.c to avoid in file version 5.44 error like:
|
||||
# Magdir/linux, 463: Warning: EXTENSION type ` journal~' has bad char '~'
|
||||
!:ext journal~
|
||||
# for offline and non empty often *.journal~ but also user-1001.journal
|
||||
>>>>>>>>>184 leqdate !0 offline
|
||||
!:ext journal/journal~
|
||||
# if a file is opened for writing the state field should be set to STATE_ONLINE
|
||||
>>>>>>>>16 ubyte 1 \b,
|
||||
# for online and empty only journal~ extension found
|
||||
>>>>>>>>>184 leqdate 0 online
|
||||
# system@0005febee06e2ff2-f7ea54d10e4346ff.journal~
|
||||
!:ext journal~
|
||||
# for online and non empty only journal extension found
|
||||
>>>>>>>>>184 leqdate !0 online
|
||||
# system.journal user-1000.journal
|
||||
!:ext journal
|
||||
# after a file has been rotated it should be set to STATE_ARCHIVED
|
||||
>>>>>>>>16 ubyte 2 \b, archived
|
||||
!:ext journal
|
||||
# no *.journal~ found
|
||||
#!:ext journal/journal~
|
||||
# compatible_flags
|
||||
>>>>>>>>8 ulelong&1 1 \b, sealed
|
||||
# incompatible_flags; COMPRESSED_XZ~1 COMPRESSED_LZ4~2 KEYED_HASH~4 COMPRESSED_ZSTD~8 COMPACT~16
|
||||
#>>>>>>>>12 ulelong x FLAGS=%#x
|
||||
>>>>>>>>12 ulelong&1 1 \b, compressed
|
||||
>>>>>>>>12 ulelong&2 !0 \b, compressed lz4
|
||||
>>>>>>>>12 ulelong&4 !0 \b, keyed hash siphash24
|
||||
>>>>>>>>12 ulelong&8 !0 \b, compressed zstd
|
||||
>>>>>>>>12 ulelong&16 !0 \b, compact
|
||||
# uint8_t reserved[7]; apparently nil
|
||||
#>>17 long !0 \b, reserved %#8.8x
|
||||
# seqnum_id; like: 0 e623691afec94b5aa968ae2d726c49cc f98b2af481924b29 8d6816ca3639edc6
|
||||
#>>>>>>>>72 ubequad x \b, seqnum_id %#16.16llx
|
||||
#>>>>>>>>80 ubequad x b%16.16llx
|
||||
# header_size like: 100h
|
||||
>>>>>>>>88 ulequad !0x100h \b, header size %#llx
|
||||
# arena_size like: 0 7fff00h ffff00h 17fff00h
|
||||
#>>>>>>>>96 ulequad >0 \b, arena size %#llx
|
||||
# data_hash_table_offset like: 0 15f0h 15f0h
|
||||
#>>>>>>>>104 ulequad >0 \b, hash table offset %#llx
|
||||
# data_hash_table_size like: 0 38e380h
|
||||
#>>>>>>>>112 ulequad >0 \b, hash table size %#llx
|
||||
# field_hash_table_offset like: 0 110h
|
||||
#>>>>>>>>120 ulequad >0 \b, field hash table offset %#llx
|
||||
# field_hash_table_size like: 0 14d0h
|
||||
#>>>>>>>>128 ulequad >0 \b, field hash table size %#llx
|
||||
# tail_object_offset like: 0 43edd8h 511278h c68968h d487d0h efaa98h
|
||||
#>>>>>>>>136 ulequad >0 \b, tail object offset %#llx
|
||||
# n_objects like: 0 1032h 5a2eh 92bdh a8b5h aa75h 112adh 40c23h 4714eh
|
||||
#>>>>>>>>144 ulequad >0 \b, objects %#llx
|
||||
# n_entries like: 0 3aeh 235ah 2dc4h 3125h 16129h 187a1h
|
||||
>>>>>>>>152 ulequad >0 \b, entries %#llx
|
||||
# tail_entry_seqnum like: 0 1988h 16249h 24c12h 24c12h 41e64h 9fefdh
|
||||
#>>>>>>>>160 ulequad >0 \b, tail entry seqnum %#llx
|
||||
# head_entry_seqnum like: 0 1h 15dbh 6552h 213bfh 213bfh 3e672h 9a28ah
|
||||
#>>>>>>>>168 ulequad >0 \b, head entry seqnum %#llx
|
||||
# entry_array_offset like: 0 390058h 3909d8h 3909e0h
|
||||
#>>>>>>>>176 ulequad >0 \b, entry array offset %#llx
|
||||
|
||||
# BCache backing and cache devices
|
||||
# From: Gabriel de Perthuis <g2p.code@gmail.com>
|
||||
@ -492,9 +562,12 @@
|
||||
0 lelong 0x58313116 CRIU inventory
|
||||
|
||||
# Kdump compressed dump files
|
||||
# https://sourceforge.net/p/makedumpfile/code/ci/master/tree/IMPLEMENTATION
|
||||
# https://github.com/makedumpfile/makedumpfile/blob/master/IMPLEMENTATION
|
||||
|
||||
0 string KDUMP Kdump compressed dump
|
||||
0 string KDUMP\x20\x20\x20 Kdump compressed dump
|
||||
>0 use kdump-compressed-dump
|
||||
|
||||
0 name kdump-compressed-dump
|
||||
>8 long x v%d
|
||||
>12 string >\0 \b, system %s
|
||||
>77 string >\0 \b, node %s
|
||||
@ -503,6 +576,12 @@
|
||||
>272 string >\0 \b, machine %s
|
||||
>337 string >\0 \b, domain %s
|
||||
|
||||
# Flattened format
|
||||
0 string makedumpfile
|
||||
>16 bequad 1
|
||||
>>0x1010 string KDUMP\x20\x20\x20 Flattened kdump compressed dump
|
||||
>>>0x1010 use kdump-compressed-dump
|
||||
|
||||
# Device Tree files
|
||||
0 search/1024 /dts-v1/ Device Tree File (v1)
|
||||
# beat c code
|
||||
|
@ -1,6 +1,6 @@
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# $File: llvm,v 1.9 2019/04/19 00:42:27 christos Exp $
|
||||
# $File: llvm,v 1.10 2023/03/11 17:54:17 christos Exp $
|
||||
# llvm: file(1) magic for LLVM byte-codes
|
||||
# URL: https://llvm.org/docs/BitCodeFormat.html
|
||||
# From: Al Stone <ahs3@fc.hp.com>
|
||||
@ -9,6 +9,7 @@
|
||||
0 string llvc0 LLVM byte-codes, null compression
|
||||
0 string llvc1 LLVM byte-codes, gzip compression
|
||||
0 string llvc2 LLVM byte-codes, bzip2 compression
|
||||
0 string CPCH LLVM Pre-compiled header file
|
||||
|
||||
0 lelong 0x0b17c0de LLVM bitcode, wrapper
|
||||
# Are these Mach-O ABI values? They appear to be.
|
||||
|
@ -1,6 +1,6 @@
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# $File: macintosh,v 1.32 2021/04/26 15:56:00 christos Exp $
|
||||
# $File: macintosh,v 1.36 2022/12/06 18:45:20 christos Exp $
|
||||
# macintosh description
|
||||
#
|
||||
# BinHex is the Macintosh ASCII-encoded file format (see also "apple")
|
||||
@ -95,7 +95,10 @@
|
||||
# MacBinary format (Eric Fischer, enf@pobox.com)
|
||||
# Update: Joerg Jenderek
|
||||
# URL: https://en.wikipedia.org/wiki/MacBinary
|
||||
# http://fileformats.archiveteam.org/wiki/MacBinary
|
||||
# Reference: https://files.stairways.com/other/macbinaryii-standard-info.txt
|
||||
# Note: verified by macutils `macunpack -i -v BBEdit4.0.sit.bin` and
|
||||
# `deark -l -d -m macbinary G3FirmwareUpdate1.1.smi.bin`
|
||||
#
|
||||
# Unfortunately MacBinary doesn't really have a magic number prior
|
||||
# to the MacBinary III format.
|
||||
@ -114,19 +117,19 @@
|
||||
>>>>74 byte 0
|
||||
# zero fill, must be zero for compatibility
|
||||
>>>>>82 byte 0
|
||||
# skip few DEGAS mid-res uncompressed bitmap (GEMINI03.PI2 CODE_RAM.PI2) with "too high" file names ffffff88 ffff4f00
|
||||
>>>>>>2 ubelong <0xffff0000
|
||||
# MacBinary I test for valid version numbers
|
||||
>>>>>>122 ubeshort 0
|
||||
# additional check for creation date after 1 Jan 1970 ~ 7C25B080h
|
||||
#>>>>>>>91 ubelong >0x7c25b07F
|
||||
>>>>>>>122 ubeshort 0
|
||||
# additional check for undefined header fields in MacBinary I
|
||||
#>>>>>>>101 ulong 0
|
||||
>>>>>>>0 use mac-bin
|
||||
#>>>>>>>>101 ulong 0
|
||||
>>>>>>>>0 use mac-bin
|
||||
# MacBinary II the newer versions begins at 129
|
||||
>>>>>>122 ubeshort 0x8181
|
||||
>>>>>>>0 use mac-bin
|
||||
>>>>>>>122 ubeshort 0x8181
|
||||
>>>>>>>>0 use mac-bin
|
||||
# MacBinary III with MacBinary II to read
|
||||
>>>>>122 ubeshort 0x8281
|
||||
>>>>>>0 use mac-bin
|
||||
>>>>>>122 ubeshort 0x8281
|
||||
>>>>>>>0 use mac-bin
|
||||
|
||||
# display information of MacBinary file
|
||||
0 name mac-bin
|
||||
@ -139,7 +142,7 @@
|
||||
!:mime application/x-macbinary
|
||||
!:apple PSPTBINA
|
||||
!:ext bin/macbin
|
||||
# THIS SHOULD NEVER HAPPEN! Maybe another file type is misidetified as MacBinary
|
||||
# THIS SHOULD NEVER HAPPEN! Maybe another file type is misidentified as MacBinary
|
||||
#>1 ubyte >63 \b, name length %u too BIG!
|
||||
#>122 ubeshort x \b, version %#x
|
||||
# Finder flags if not 0
|
||||
@ -180,12 +183,16 @@
|
||||
# 124 beshort # checksum
|
||||
#>124 ubeshort !0 \b, CRC %#x
|
||||
# creation date in seconds since MacOS epoch start. So 1 Jan 1970 ~ 7C25B080
|
||||
>91 beldate-0x7C25B080 x \b, %s
|
||||
# THIS SHOULD NEVER HAPPEN! Maybe another file type is misidetified or time overflow
|
||||
# few (31/1247) examples (hinkC4.0.sitx.bin InternetExplorer5.1.smi.bin G3FirmwareUpdate1.1.smi.bin Firewire2.3.3.smi.bin LR2image.bin) contain zeroed date fields
|
||||
>91 long !0
|
||||
>>91 beldate-0x7C25B080 x \b, %s
|
||||
# THIS SHOULD NEVER HAPPEN! Maybe another file type is misidentified or time overflow
|
||||
>91 ubelong <0x7c25b080 INVALID date
|
||||
#>91 belong-0x7C25B080 x \b, DEBUG DATE %d
|
||||
# reported date seconds by deark
|
||||
#>91 ubelong x deark-DATE=%u
|
||||
# last modified date
|
||||
>95 beldate-0x7C25B080 x \b, modified %s
|
||||
>95 long !0
|
||||
>>95 beldate-0x7C25B080 x \b, modified %s
|
||||
# Apple creator+typ if not null
|
||||
# file creator (normally expressed as four characters)
|
||||
>69 ulong !0 \b, creator
|
||||
@ -197,6 +204,7 @@
|
||||
# length of data segment
|
||||
>83 ubelong !0 \b, %u bytes
|
||||
# filename (in the range 1-63)
|
||||
# like "BBEdit4.0.sit" "Archive.sitx" "MacPGP 2.2 (.sea)"
|
||||
>1 pstring x "%s"
|
||||
# print 1 space and then at offset 128 inspect data fork content if it has one
|
||||
>83 ubelong !0 \b
|
||||
@ -447,7 +455,7 @@
|
||||
>>>0x412 beshort x number of blocks: %d,
|
||||
>>>0x424 pstring x volume name: %s
|
||||
|
||||
0x400 beshort 0x482B Macintosh HFS Extended
|
||||
0 name hfsplus
|
||||
>&0 beshort x version %d data
|
||||
>0 beshort 0x4C4B (bootable)
|
||||
>0x404 belong ^0x00000100 (mounted)
|
||||
@ -466,6 +474,11 @@
|
||||
>&42 belong x number of blocks: %d,
|
||||
>&46 belong x free blocks: %d
|
||||
|
||||
0x400 beshort 0x482B Apple HFS Plus
|
||||
>&0 use hfsplus
|
||||
0x400 beshort 0x4858 Apple HFS Plus Extended
|
||||
>&0 use hfsplus
|
||||
|
||||
## AFAIK, only the signature is different
|
||||
# same as Apple Partition Map
|
||||
# GRR: This magic is too weak, it is just "TS"
|
||||
@ -490,14 +503,3 @@
|
||||
# From: Remi Mommsen <mommsen@slac.stanford.edu>
|
||||
0 string BOMStore Mac OS X bill of materials (BOM) file
|
||||
|
||||
# From: Adam Buchbinder <adam.buchbinder@gmail.com>
|
||||
# URL: https://en.wikipedia.org/wiki/Datafork_TrueType
|
||||
# Derived from the 'fondu' and 'ufond' source code (fondu.sf.net). 'sfnt' is
|
||||
# TrueType; 'POST' is PostScript. 'FONT' and 'NFNT' sometimes appear, but I
|
||||
# don't know what they mean.
|
||||
0 belong 0x100
|
||||
>(0x4.L+24) beshort x
|
||||
>>&4 belong 0x73666e74 Mac OSX datafork font, TrueType
|
||||
>>&4 belong 0x464f4e54 Mac OSX datafork font, 'FONT'
|
||||
>>&4 belong 0x4e464e54 Mac OSX datafork font, 'NFNT'
|
||||
>>&4 belong 0x504f5354 Mac OSX datafork font, PostScript
|
||||
|
@ -1,10 +1,71 @@
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# $File: magic,v 1.10 2010/11/25 15:00:12 christos Exp $
|
||||
# $File: magic,v 1.11 2023/06/27 13:42:49 christos Exp $
|
||||
# magic: file(1) magic for magic files
|
||||
#
|
||||
0 string/t #\ Magic magic text file for file(1) cmd
|
||||
# Update: Joerg Jenderek
|
||||
# skip Magicsee_R1.cfg found on retropie starting with # Magicsee R1 one-handed controller
|
||||
0 string/t #\ Magic\ magic text file for file(1) cmd
|
||||
#!:mime text/plain
|
||||
!:mime text/x-file
|
||||
# no suffix in ../Header
|
||||
!:ext /
|
||||
#
|
||||
# some samples start with a comment line
|
||||
0 ubyte =0x23
|
||||
# many samples start with separator line
|
||||
>4 string --------
|
||||
>>0 use magic-fragment
|
||||
# few samples with 1st comment line and without seperator comment line
|
||||
>4 default x
|
||||
# few sample with 1st comment line and without seperator comment line and regular expression like: sisu
|
||||
>>1 search/112 regex\x09
|
||||
>>>0 use magic-fragment
|
||||
>>1 default x
|
||||
# few samples with 1st comment line and without seperator comment line and string value like:
|
||||
# blcr bsi selinux ssh (file 3.34) digital gnu wordperfect
|
||||
>>>1 search/471 string\x09
|
||||
>>>>0 use magic-fragment
|
||||
>>>1 default x
|
||||
# few samples with 1st comment line and without seperator comment line and short value like:
|
||||
# (file 3.34) os9 osf1
|
||||
>>>>1 search/1716 short\x09
|
||||
>>>>>0 use magic-fragment
|
||||
# but many samples start with an empty first line
|
||||
0 ubyte =0x0A
|
||||
# many samples sttart with separator comment line
|
||||
>4 string --------
|
||||
>>0 use magic-fragment
|
||||
# few samples with 1st empty line and without seperator comment line like: biosig espressif
|
||||
>4 default x
|
||||
>>1 search/581 \041:mime
|
||||
>>>0 use magic-fragment
|
||||
# display information (lines) about magic text fragment
|
||||
0 name magic-fragment
|
||||
>0 string x magic text fragment for file(1) cmd
|
||||
!:mime text/x-file
|
||||
# most without suffix but mail.news varied.out varied.script
|
||||
!:ext /news/out/script
|
||||
# next lines are mainly for control reasons
|
||||
# some (34/339) samples start comment line
|
||||
>0 ubyte !0x0A
|
||||
>>0 string x \b, 1st line "%s"
|
||||
>>>&1 string x \b, 2nd line "%s"
|
||||
# but most (305/339) samples start with an empty first line
|
||||
>0 ubyte =0x0A
|
||||
>>1 string x \b, 2nd line "%s"
|
||||
>>>&1 string x \b, 3rd line "%s"
|
||||
#
|
||||
# URL: http://en.wikipedia.org/wiki/File_(command)
|
||||
# Reference: http://mark0.net/download/triddefs_xml.7z/defs/m/mgc.trid.xml
|
||||
# Note: called "magic compiled data (LE)" by TrID
|
||||
0 lelong 0xF11E041C magic binary file for file(1) cmd
|
||||
#!:mime application/octet-stream
|
||||
!:mime application/x-file
|
||||
!:ext mgc
|
||||
>4 lelong x (version %d) (little endian)
|
||||
0 belong 0xF11E041C magic binary file for file(1) cmd
|
||||
#!:mime application/octet-stream
|
||||
!:mime application/x-file
|
||||
!:ext mgc
|
||||
>4 belong x (version %d) (big endian)
|
||||
|
@ -1,5 +1,5 @@
|
||||
#------------------------------------------------------------------------------
|
||||
# $File: mail.news,v 1.29 2022/06/17 18:02:19 christos Exp $
|
||||
# $File: mail.news,v 1.30 2022/10/31 13:22:26 christos Exp $
|
||||
# mail.news: file(1) magic for mail and news
|
||||
#
|
||||
# Unfortunately, saved netnews also has From line added in some news software.
|
||||
@ -65,7 +65,7 @@
|
||||
# other ID (like 02900000h) or TnefVersion ID (idTnefVersion=06900800h)
|
||||
>7 ubelong !0x06900800 \b, 1st id %#8.8x
|
||||
>7 ubelong =0x06900800
|
||||
# TnefVersion lenght like: 4
|
||||
# TnefVersion length like: 4
|
||||
>>11 ulelong !4 \b, TnefVersion length %x
|
||||
# TNEFVersionData; TnefVersion data like: 00010000h
|
||||
>>15 ulelong !0x00010000h \b, version %#8.8x
|
||||
|
@ -1,7 +1,7 @@
|
||||
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# $File: map,v 1.9 2021/04/26 15:56:00 christos Exp $
|
||||
# $File: map,v 1.10 2023/02/03 20:41:57 christos Exp $
|
||||
# map: file(1) magic for Map data
|
||||
#
|
||||
|
||||
@ -406,3 +406,8 @@
|
||||
>>>>5 byte x \b%d,
|
||||
>>>>6 leshort x product ID %04d)
|
||||
|
||||
# Garmin firmware:
|
||||
# https://www.memotech.franken.de/FileFormats/Garmin_GCD_Format.pdf
|
||||
# https://www.gpsrchive.com/GPSMAP/GPSMAP%2066sr/Firmware.html
|
||||
0 string GARMIN
|
||||
>6 uleshort 100 GARMIN firmware (version 1.0)
|
||||
|
@ -1,48 +1,59 @@
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# $File: mathematica,v 1.14 2021/11/07 16:27:36 christos Exp $
|
||||
# $File: mathematica,v 1.17 2023/06/16 19:33:58 christos Exp $
|
||||
# mathematica: file(1) magic for mathematica files
|
||||
# "H. Nanosecond" <aldomel@ix.netcom.com>
|
||||
# Mathematica a multi-purpose math program
|
||||
# versions 2.2 and 3.0
|
||||
|
||||
0 name wolfram
|
||||
>0 string x Mathematica notebook version 2.x
|
||||
!:ext mb
|
||||
!:mime application/vnd.wolfram.mathematica
|
||||
|
||||
#mathematica .mb
|
||||
0 string \064\024\012\000\035\000\000\000 Mathematica version 2 notebook
|
||||
!:ext mb
|
||||
0 string \064\024\011\000\035\000\000\000 Mathematica version 2 notebook
|
||||
!:ext mb
|
||||
0 string \064\024\012\000\035\000\000\000
|
||||
>0 use wolfram
|
||||
0 string \064\024\011\000\035\000\000\000
|
||||
>0 use wolfram
|
||||
|
||||
#
|
||||
0 search/1000 Content-type:\040application/mathematica Mathematica notebook version 2.x
|
||||
!:ext nb
|
||||
!:mime application/mathematica
|
||||
|
||||
|
||||
# .ma
|
||||
# multiple possibilities:
|
||||
|
||||
0 string (*^\n\n::[\011frontEndVersion\ =\ Mathematica notebook
|
||||
0 string (*^\n\n::[\011frontEndVersion\ =
|
||||
#>41 string >\0 %s
|
||||
!:ext mb
|
||||
>0 use wolfram
|
||||
|
||||
#0 string (*^\n\n::[\011palette Mathematica notebook version 2.x
|
||||
#0 string (*^\n\n::[\011palette
|
||||
|
||||
#0 string (*^\n\n::[\011Information Mathematica notebook version 2.x
|
||||
#0 string (*^\n\n::[\011Information
|
||||
#>675 string >\0 %s #doesn't work well
|
||||
|
||||
# there may be 'cr' instead of 'nl' in some does this matter?
|
||||
|
||||
# generic:
|
||||
0 string (*^\r\r::[\011 Mathematica notebook version 2.x
|
||||
!:ext mb
|
||||
0 string (*^\r\n\r\n::[\011 Mathematica notebook version 2.x
|
||||
!:ext mb
|
||||
0 string (*^\015 Mathematica notebook version 2.x
|
||||
!:ext mb
|
||||
0 string (*^\n\r\n\r::[\011 Mathematica notebook version 2.x
|
||||
!:ext mb
|
||||
0 string (*^\r::[\011 Mathematica notebook version 2.x
|
||||
!:ext mb
|
||||
0 string (*^\r\n::[\011 Mathematica notebook version 2.x
|
||||
!:ext mb
|
||||
0 string (*^\n\n::[\011 Mathematica notebook version 2.x
|
||||
!:ext mb
|
||||
0 string (*^\n::[\011 Mathematica notebook version 2.x
|
||||
!:ext mb
|
||||
0 string (*^\r\r::[\011
|
||||
>0 use wolfram
|
||||
0 string (*^\r\n\r\n::[\011
|
||||
>0 use wolfram
|
||||
0 string (*^\015
|
||||
>0 use wolfram
|
||||
0 string (*^\n\r\n\r::[\011
|
||||
>0 use wolfram
|
||||
0 string (*^\r::[\011
|
||||
>0 use wolfram
|
||||
0 string (*^\r\n::[\011
|
||||
>0 use wolfram
|
||||
0 string (*^\n\n::[\011
|
||||
>0 use wolfram
|
||||
0 string (*^\n::[\011
|
||||
>0 use wolfram
|
||||
|
||||
|
||||
# Mathematica .mx files
|
||||
@ -132,14 +143,18 @@
|
||||
>>>>0 ulelong <53
|
||||
# skip tokens.dat and some Netwfw*.dat by check for valid imaginary flag value of MAT version 4
|
||||
>>>>>12 ulelong <2
|
||||
# no misidentfied little endian MATrix example with "short" matrix name
|
||||
# no misidentified little endian MATrix example with "short" matrix name
|
||||
>>>>>>16 ulelong <3
|
||||
>>>>>>>0 use \^matlab4
|
||||
# skip radeon firmware BONAIRE_sdma.bin HAWAII_sdma.bin KABINI_sdma.bin KAVERI_sdma.bin MULLINS_sdma.bin
|
||||
# by check for non zero matrix name length
|
||||
>>>>>>>16 ubelong >0
|
||||
>>>>>>>>0 use \^matlab4
|
||||
# little endian MATrix with "long" matrix name or some misidentified samples
|
||||
>>>>>>16 ulelong >2
|
||||
# skip TileCacheLogo-*.dat with invalid 2nd character \001 of matrix name with length 96
|
||||
>>>>>>>21 ubyte >0x1F
|
||||
>>>>>>>>0 use \^matlab4
|
||||
# Note: called "MATLAB Mat File" with version "Level 4" by DROID via PUID fmt/1550
|
||||
# display information of Matlab v4 mat-file
|
||||
0 name matlab4 Matlab v4 mat-file
|
||||
#!:mime application/octet-stream
|
||||
|
@ -1,6 +1,6 @@
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# $File: meteorological,v 1.2 2017/03/17 21:35:28 christos Exp $
|
||||
# $File: meteorological,v 1.4 2022/12/09 18:02:09 christos Exp $
|
||||
# rinex: file(1) magic for RINEX files
|
||||
# http://igscb.jpl.nasa.gov/igscb/data/format/rinex210.txt
|
||||
# ftp://cddis.gsfc.nasa.gov/pub/reports/formats/rinex300.pdf
|
||||
@ -45,5 +45,9 @@
|
||||
|
||||
# https://en.wikipedia.org/wiki/GRIB
|
||||
0 string GRIB
|
||||
>7 byte =1 Gridded binary (GRIB) version 1
|
||||
>7 byte =1 Gridded binary (GRIB) version 1
|
||||
!:mime application/x-grib
|
||||
!:ext grb/grib
|
||||
>7 byte =2 Gridded binary (GRIB) version 2
|
||||
!:mime application/x-grib2
|
||||
!:ext grb2/grib2
|
||||
|
@ -1,11 +1,71 @@
|
||||
|
||||
#-----------------------------------------------------------------------------
|
||||
# $File: misctools,v 1.20 2021/05/25 15:13:55 christos Exp $
|
||||
# $File: misctools,v 1.21 2023/02/03 20:43:48 christos Exp $
|
||||
# misctools: file(1) magic for miscellaneous UNIX tools.
|
||||
#
|
||||
0 search/1 %%!! X-Post-It-Note text
|
||||
0 string/c BEGIN:VCALENDAR vCalendar calendar file
|
||||
!:mime text/calendar
|
||||
# URL: http://fileformats.archiveteam.org/wiki/ICalendar
|
||||
# https://en.wikipedia.org/wiki/ICalendar
|
||||
# Update: Joerg Jenderek
|
||||
# Reference: https://www.rfc-editor.org/rfc/rfc5545
|
||||
# http://mark0.net/download/triddefs_xml.7z/defs/v/vcs.trid.xml
|
||||
# Note: called "iCalendar - vCalendar" by TrID
|
||||
0 string/c BEGIN:vcalendar
|
||||
# skip DROID fmt-387-signature-id-572.vcs fmt-388-signature-id-573.ics
|
||||
# with invalid separator 0x0 or 0xAB instead of CarriageReturn (0x0D) or LineFeed (0x0A)
|
||||
>15 ubyte&0xF8 =0x08
|
||||
# look for VERSION keyword often on second line but sometimes later as in holidays_NRW_2014.ics
|
||||
>>0 search/188 VERSION
|
||||
# after VERSION keword :1.0 or often :2.0 but sometimes also ;VALUE=TEXT:2.0 like in Jewish religious Juish.ics
|
||||
# http://www.webcal.guru/de-DE/kalender_herunterladen?calendar_instance_id=217
|
||||
# \n\040:2.0 like in import-real-world-2004-11-19.ics found at
|
||||
# https://ftp.gnu.org/gnu/emacs/emacs-28.1.tar.xz
|
||||
# emacs-28.1/test/lisp/calendar/icalendar-resources/import-real-world-2004-11-19.ics
|
||||
#>>>&0 string x AFTER_VERSION=%.15s
|
||||
# Note: called "Internet Calendar and Scheduling format" by DROID via PUID fmt/388
|
||||
# skip optional verparam=;other-param like ;VALUE=TEXT and look for version 2.0 that implies iCalendar variant
|
||||
>>>&0 search/81 :2.0 iCalendar calendar
|
||||
# look for Free/Busy component
|
||||
>>>>15 search/278 :VFREEBUSY file, with Free/Busy component
|
||||
!:mime text/calendar
|
||||
!:apple ????iFBf
|
||||
# no real examples found but only example on Wikipedia page
|
||||
!:ext ifb
|
||||
# iCalendar calendar without Free/Busy component
|
||||
>>>>15 default x
|
||||
# look for ALARM component
|
||||
>>>>>15 search/154 :VALARM file, with ALARM component
|
||||
!:mime text/calendar
|
||||
!:apple ????iCal
|
||||
# found on macOS beneath /Users/$USER/Library/Calendars/ as EventAllDayAlarms.icsalarm or EventTimedAlarms.icsalarm
|
||||
# no isc examples found
|
||||
!:ext icsalarm/ics
|
||||
# iCalendar calendar without Free/Busy component and ALARM component
|
||||
>>>>>15 default x file
|
||||
!:mime text/calendar
|
||||
!:apple ????iCal
|
||||
# no examples found with .ical .icalender suffix
|
||||
!:ext ics
|
||||
# if no VERSION 2.0 is found then assume it is VERSION 1.0, that is older vCalendar
|
||||
# URL: http://fileformats.archiveteam.org/wiki/VCalendar
|
||||
# Note: called "VCalendar format" by DROID via fmt/387
|
||||
>>>&0 default x vCalendar calendar file
|
||||
# deprecated
|
||||
!:mime text/x-vcalendar
|
||||
!:ext vcs
|
||||
# GRR: without VERSION keyword violates specification but accepted by Thunderbird like
|
||||
# https://ftp.gnu.org/gnu/emacs/emacs-28.1.tar.xz
|
||||
# emacs-28.1/test/lisp/calendar/icalendar-resources/import-with-timezone.ics
|
||||
>>0 default x vCalendar calendar file, without VERSION
|
||||
!:mime text/x-vcalendar
|
||||
#!:mime text/calendar
|
||||
# no vcs example found
|
||||
!:ext ics/vcs
|
||||
# GRR: According to newest specification CarriageReturn (0xD) and LineFeed (0xA) should be used as separator but others accepted by Thunderbird
|
||||
# like CRLF,LF in Sport Today.vcs created by calendar plugin of TV-Browser https://enwiki.tvbrowser.org/index.php/Calendar_Export
|
||||
# or LF like https://www.schulferien.org/media/ical/deutschland/ferien_nordrhein-westfalen_2023.ics?k=foo
|
||||
>>15 ubeshort !0x0D0A \b, without CRLF
|
||||
|
||||
# updated by Joerg Jenderek at Apr 2015, May 2021
|
||||
# https://en.wikipedia.org/wiki/VCard
|
||||
# URL: http://fileformats.archiveteam.org/wiki/VCard
|
||||
|
@ -1,6 +1,6 @@
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# $File: modem,v 1.10 2021/04/26 15:56:00 christos Exp $
|
||||
# $File: modem,v 1.11 2022/10/19 20:15:16 christos Exp $
|
||||
# modem: file(1) magic for modem programs
|
||||
#
|
||||
# From: Florian La Roche <florian@knorke.saar.de>
|
||||
@ -11,6 +11,7 @@
|
||||
# Summary: CCITT Group 3 Facsimile in "raw" form (i.e. no header).
|
||||
# Modified by: Joerg Jenderek
|
||||
# URL: https://de.wikipedia.org/wiki/Fax
|
||||
# http://fileformats.archiveteam.org/wiki/CCITT_Group_3
|
||||
# Reference: https://web.archive.org/web/20020628195336/http://www.netnam.vn/unescocourse/computervision/104.htm
|
||||
# GRR: EOL of G3 is too general as it catches also TrueType fonts, Postscript PrinterFontMetric, others
|
||||
0 short 0x0100
|
||||
@ -32,7 +33,10 @@
|
||||
# skip MouseTrap/Mt.Defaults with file size 16 found on Golden Orchard Apple II CD Rom
|
||||
>>>>>>8 ubequad !0x2e01010454010203
|
||||
# skip PICTUREH.SML found on Golden Orchard Apple II CD Rom
|
||||
>>>>>>>8 ubequad !0x5dee74ad1aa56394 raw G3 (Group 3) FAX, byte-padded
|
||||
>>>>>>>8 ubequad !0x5dee74ad1aa56394
|
||||
# skip few (5/41) DEGAS mid-res bitmap (GEMINI01.PI2 GEMINI02.PI2 GEMINI03.PI2 CODE_RAM.PI2 TBX_DEMO.PI2)
|
||||
# with file size 32034
|
||||
>>>>>>>>-0 offset !32034 raw G3 (Group 3) FAX, byte-padded
|
||||
# version 5.25 labeled the entry above "raw G3 data, byte-padded"
|
||||
!:mime image/g3fax
|
||||
#!:apple ????TIFF
|
||||
@ -43,7 +47,9 @@
|
||||
# 16 0-bits near beginning like PicturePuzzler found on Golden Orchard Apple CD Rom
|
||||
>2 search/9 \0\0
|
||||
# maximal 7 0-bits for pixel sequences or 11 0-bits for EOL in G3
|
||||
>2 default x raw G3 (Group 3) FAX
|
||||
>2 default x
|
||||
# skip some (84/1246) MacBinary II/III (Cyberdog2.068k.smi.bin FileMakerPro4.img.bin Hypercard1.25.image.bin UsbStorage1.3.5.smi.bin) with "non random" numbers by versions values 81h/82h + 81h
|
||||
>>122 ubeshort&0xFcFf !0x8081 raw G3 (Group 3) FAX
|
||||
# version 5.25 labeled the above entry as "raw G3 data"
|
||||
!:mime image/g3fax
|
||||
!:ext g3
|
||||
|
@ -1,6 +1,6 @@
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# $File: msdos,v 1.158 2022/09/07 11:17:31 christos Exp $
|
||||
# $File: msdos,v 1.169 2023/04/17 16:39:19 christos Exp $
|
||||
# msdos: file(1) magic for MS-DOS files
|
||||
#
|
||||
|
||||
@ -49,29 +49,127 @@
|
||||
#
|
||||
# Many of the compressed formats were extracted from IDARC 1.23 source code.
|
||||
#
|
||||
# e_magic
|
||||
0 string/b MZ
|
||||
# All non-DOS EXE extensions have the relocation table more than 0x40 bytes into the file.
|
||||
>0x18 leshort <0x40 MS-DOS executable
|
||||
# TODO
|
||||
# FLT: Syntrillium CoolEdit Filter https://en.wikipedia.org/wiki/Adobe_Audition
|
||||
# FMX64:FileMaker Pro 64-bit plug-in https://en.wikipedia.org/wiki/FileMaker
|
||||
# FMX: FileMaker Pro 32-bit plug-in https://en.wikipedia.org/wiki/FileMaker
|
||||
# FOD: WIFE Font Driver
|
||||
# GAU: MS Flight Simulator Gauge
|
||||
# IFS: OS/2 Installable File System https://en.wikipedia.org/wiki/OS/2
|
||||
# MEXW32:MATLAB Windows 32bit compiled function https://en.wikipedia.org/wiki/MATLAB
|
||||
# MEXW64:MATLAB Windows 64bit compiled function https://en.wikipedia.org/wiki/MATLAB
|
||||
# MLL: Maya plug-in (generic) http://en.wikipedia.org/wiki/Autodesk_Maya
|
||||
# PFL: PhotoFilter plugin http://photofiltre.free.fr
|
||||
# 8*: PhotoShop plug-in (generic) http://www.adobe.com/products/photoshop/main.html
|
||||
# PLG: Aston Shell plugin http://www.astonshell.com/
|
||||
# QLB: Microsoft Basic Quick library https://en.wikipedia.org/wiki/QuickBASIC
|
||||
# SKL: WinLIFT skin http://www.zapsolution.com/winlift/index.htm
|
||||
# TBK: Asymetrix ToolBook application http://www.toolbook.com
|
||||
# TBP: The Bat! plugin http://www.ritlabs.com
|
||||
# UPC: Ultimate Paint Graphics Editor plugin http://ultimatepaint.j-t-l.com
|
||||
# XFM: Syntrillium Cool Edit Transform Effect bad http://www.cooledit.com
|
||||
# XPL: X-Plane plugin http://www.xsquawkbox.net/xpsdk/
|
||||
# ZAP: ZoneLabs Zone Alarm data http://www.zonelabs.com
|
||||
#
|
||||
# NEXT LINES FOR DEBUGGING!
|
||||
# e_cblp; bytes on last page of file
|
||||
# e_cp; pages in file
|
||||
#>4 uleshort x \b, e_cp 0x%x
|
||||
# e_lfanew; file address of new exe header
|
||||
#>0x3c ulelong x \b, e_lfanew 0x%x
|
||||
# e_lfarlc; address of relocation table
|
||||
#>0x18 uleshort x \b, e_lfarlc=0x%x
|
||||
# e_ovno; overlay number. If zero, this is the main executable foo
|
||||
#>0x1a uleshort !0 \b, e_ovno 0x%x
|
||||
#>0x1C ubequad !0 \b, e_res 0x%16.16llx
|
||||
# e_oemid; often 0
|
||||
#>0x24 uleshort !0 \b, e_oemid 0x%x
|
||||
# e_oeminfo; typically zeroes, but 13Dh (WORDSTAR.CNV WPFT5.CNV) 143h (WRITWIN.CNV)
|
||||
# 1A3h (DBASE.CNV LOTUS123.CNV RFTDCA.CNV WORDDOS.CNV WORDMAC.CNV WORDWIN1.CNVXLBIFF.CNV)
|
||||
#>0x26 uleshort !0 \b, e_oeminfo 0x%x
|
||||
# e_res2; typically zeroes, but 000006006F082D2Ah SCSICFG.EXE 00009A0300007C03h de.exe
|
||||
# 0000CA0000000002h country.exe dosxmgr.exe 421E0A00421EA823h QMC.EXE
|
||||
#>0x28 ubequad !0 \b, e_res2 0x%16.16llx
|
||||
# https://web.archive.org/web/20171116024937/http://www.ctyme.com/intr/rb-2939.htm#table1593
|
||||
# https://github.com/uxmal/reko/blob/master/src/ImageLoaders/MzExe/ExeImageLoader.cs
|
||||
# new exe header magic like: PE NE LE LX W3 W4
|
||||
# no examples found for ZM DL MP P2 P3
|
||||
#>(0x3c.l) string x \b, at [0x3c] %.2s
|
||||
#>(0x3c.l) ubelong x \b, at [0x3c] %#8.8x
|
||||
#>(0x3c.l+4) ubelong x \b, at [0x3c+4] %#8.8x
|
||||
#
|
||||
# Most non-DOS MZ-executable extensions have the relocation table more than 0x40 bytes into the file.
|
||||
# http://www.mitec.cz/Downloads/EXE.zip/EXE64.exe e_lfarlc=0x8ead
|
||||
# OS/2 ECS\INSTALL\DETECTEI\PCISCAN.EXE e_lfarlc=0x1c
|
||||
# some EFI apps Shell_Full.efi ext4_x64_signed.efi e_lfarlc=0
|
||||
# Icon library WORD60.ICL e_lfarlc=0
|
||||
# Microsoft compiled help format 2.0 WINWORD.DEV.HXS e_lfarlc=0
|
||||
>0x18 uleshort <0x40
|
||||
# check magic of new second header
|
||||
# NE executable with low e_lfarlc like: WORD60.ICL
|
||||
# ICL: Icons Library 16-bit http://fileformats.archiveteam.org/wiki/Icon_library
|
||||
>>(0x3c.l) string NE Windows Icons Library 16-bit
|
||||
!:mime image/x-ms-icl
|
||||
!:ext icl
|
||||
# handle LX executable with low e_lfarlc like: PCISCAN.EXE
|
||||
>>(0x3c.l) string LX
|
||||
>>>(0x3c.l) use lx-executable
|
||||
# skip Portable Executable (PE) with low e_lfarlc here, because handled later
|
||||
# like: ext4_x64_signed.efi Shell_Full.efi WINWORD.DEV.HXS
|
||||
>>(0x3c.l) string PE
|
||||
# not New Executable (NE) and not PE with low e_lfarlc like:
|
||||
# MACCNV55.EXE WORK_RTF.EXE TELE200.EXE NDD.EXE iflash.exe
|
||||
>>(0x3c.l) default x MS-DOS executable, MZ for MS-DOS
|
||||
!:mime application/x-dosexec
|
||||
# Windows and later versions of DOS will allow .EXEs to be named with a .COM
|
||||
# extension, mostly for compatibility's sake.
|
||||
# like: EDIT.COM 4DOS.COM CMD8086.COM CMD-FR.COM SYSLINUX.COM
|
||||
# URL: https://en.wikipedia.org/wiki/Personal_NetWare#VLM
|
||||
# Reference: https://mark0.net/download/triddefs_xml.7z/defs/e/exe-vlm-msg.trid.xml
|
||||
!:ext exe/com/vlm
|
||||
# also like: BGISRV.DRV
|
||||
!:ext exe/com/vlm/drv
|
||||
# These traditional tests usually work but not always. When test quality support is
|
||||
# implemented these can be turned on.
|
||||
#>>0x18 leshort 0x1c (Borland compiler)
|
||||
#>>0x18 leshort 0x1e (MS compiler)
|
||||
|
||||
# Maybe it's a PE?
|
||||
# URL: http://fileformats.archiveteam.org/wiki/Portable_Executable
|
||||
# Reference: https://docs.microsoft.com/de-de/windows/win32/debug/pe-format
|
||||
>(0x3c.l) string PE\0\0 PE
|
||||
!:mime application/x-dosexec
|
||||
!:mime application/vnd.microsoft.portable-executable
|
||||
# https://docs.microsoft.com/de-de/windows/win32/debug/pe-format#characteristics
|
||||
# DLL Characteristics
|
||||
#>>(0x3c.l+22) uleshort x \b, CHARACTERISTICS %#4.4x,
|
||||
# 0x0200~IMAGE_FILE_DEBUG_STRIPPED Debugging information is removed from the image file
|
||||
# 0x1000~IMAGE_FILE_SYSTEM The image file is a system file, not a user program.
|
||||
# 0x2000~IMAGE_FILE_DLL The image file is a dynamic-link library (DLL)
|
||||
>>(0x3c.l+24) leshort 0x010b \b32 executable
|
||||
# https://learn.microsoft.com/en-us/windows/win32/debug/pe-format#windows-subsystem
|
||||
#>>>(0x3c.l+92) leshort x \b, SUBSYSTEM %u
|
||||
>>(0x3c.l+24) leshort 0x020b \b32+ executable
|
||||
#>>>(0x3c.l+92) leshort x \b, SUBSYSTEM %u
|
||||
>>(0x3c.l+24) leshort 0x0107 ROM image
|
||||
>>(0x3c.l+24) default x Unknown PE signature
|
||||
>>>&0 leshort x %#x
|
||||
>>(0x3c.l+22) leshort&0x2000 >0 (DLL)
|
||||
# 0~IMAGE_SUBSYSTEM_UNKNOWN An unknown subsystem
|
||||
>>(0x3c.l+92) leshort 0 (
|
||||
# Summary: Microsoft compiled help *.HXS format 2.0
|
||||
# URL: https://en.wikipedia.org/wiki/Microsoft_Help_2
|
||||
# Reference: http://www.russotto.net/chm/itolitlsformat.html
|
||||
# https://mark0.net/download/triddefs_xml.7z/defs/h/hxs.trid.xml
|
||||
# Note: 2 PE sections (.rsrc, .its) implies Microsoft compiled help format; the .its section contains the help content ITOLITLS
|
||||
# verified by command like `pelook.exe -d WINWORD.HXS & pelook.exe -h WINWORD.HXS`
|
||||
>>>(0x3c.l+6) uleshort =2 \bMicrosoft compiled help format 2.0)
|
||||
!:ext hxs
|
||||
# 3 PE sections (.text, .reloc, .rsrc) implies some Control Panel Item like:
|
||||
# CPL: Control Panel item for WINE 1.7.28 https://www.winehq.org/
|
||||
>>>(0x3c.l+6) uleshort !2 \bControl Panel Item)
|
||||
!:ext cpl
|
||||
# 1~IMAGE_SUBSYSTEM_NATIVE device drivers and native Windows processes
|
||||
>>(0x3c.l+92) leshort 1
|
||||
# Native PEs include ntoskrnl.exe, hal.dll, smss.exe, autochk.exe, and all the
|
||||
# drivers in Windows/System32/drivers/*.sys.
|
||||
@ -79,6 +177,7 @@
|
||||
!:ext dll/sys
|
||||
>>>(0x3c.l+22) leshort&0x2000 0 (native)
|
||||
!:ext exe/sys
|
||||
# 2~IMAGE_SUBSYSTEM_WINDOWS_GUI The Windows graphical user interface (GUI) subsystem
|
||||
>>(0x3c.l+92) leshort 2
|
||||
>>>(0x3c.l+22) leshort&0x2000 >0 (GUI)
|
||||
# These could probably be at least partially distinguished from one another by
|
||||
@ -94,21 +193,72 @@
|
||||
# Screen savers typically include code from the scrnsave.lib static library, but
|
||||
# that's not guaranteed.
|
||||
!:ext exe/scr
|
||||
# 3~IMAGE_SUBSYSTEM_WINDOWS_CUI The Windows character subsystem
|
||||
>>(0x3c.l+92) leshort 3
|
||||
>>>(0x3c.l+22) leshort&0x2000 >0 (console)
|
||||
!:ext dll/cpl/tlb/ocx/acm/ax/ime
|
||||
>>>(0x3c.l+22) leshort&0x2000 0 (console)
|
||||
!:ext exe/com
|
||||
# https://docs.microsoft.com/en-us/windows/win32/debug/pe-format
|
||||
>>(0x3c.l+92) leshort 7 (POSIX)
|
||||
>>(0x3c.l+92) leshort 9 (Windows CE)
|
||||
# NO Windows Subsystem number 4!
|
||||
>>(0x3c.l+92) leshort 4 (Unknown subsystem 4)
|
||||
# 5~IMAGE_SUBSYSTEM_OS2_CUI The OS/2 character subsystem
|
||||
>>(0x3c.l+92) leshort 5 (OS/2)
|
||||
# GRR: No examples found by Joerg Jenderek
|
||||
#!:ext foo-exe-os2
|
||||
# NO Windows Subsystem number 6!
|
||||
>>(0x3c.l+92) leshort 6 (Unknown subsystem 6)
|
||||
# 7~IMAGE_SUBSYSTEM_POSIX_CUI The Posix character subsystem
|
||||
>>(0x3c.l+92) leshort 7 (POSIX
|
||||
>>>(0x3c.l+22) leshort&0x2000 >0 \b)
|
||||
# like: PSXDLL.DLL
|
||||
!:ext dll
|
||||
>>>(0x3c.l+22) leshort&0x2000 0 \b)
|
||||
# like: PAX.EXE
|
||||
!:ext exe
|
||||
# 8~IMAGE_SUBSYSTEM_NATIVE_WINDOWS Native Win9x driver
|
||||
>>(0x3c.l+92) leshort 8 (Win9x)
|
||||
# GRR: No examples found by Joerg Jenderek
|
||||
#!:ext foo-exe-win98
|
||||
# 9~IMAGE_SUBSYSTEM_WINDOWS_CE_GUI Windows CE
|
||||
>>(0x3c.l+92) leshort 9 (Windows CE
|
||||
>>>(0x3c.l+22) leshort&0x2000 >0 \b)
|
||||
# like: MCS9900Ce50.dll Mosiisr99x.dll TMCGPS.DLL
|
||||
!:ext dll
|
||||
>>>(0x3c.l+22) leshort&0x2000 0 \b)
|
||||
# like: NNGStart.exe navigator.exe
|
||||
!:ext exe
|
||||
# 10~IMAGE_SUBSYSTEM_EFI_APPLICATION An Extensible Firmware Interface (EFI) application
|
||||
>>(0x3c.l+92) leshort 10 (EFI application)
|
||||
# like: bootmgfw.efi grub.efi gdisk_x64.efi Shell_Full.efi shim.efi syslinux.efi
|
||||
!:ext efi
|
||||
# 11~IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER An EFI driver with boot services
|
||||
>>(0x3c.l+92) leshort 11 (EFI boot service driver)
|
||||
# like: ext2_x64_signed.efi Fat_x64.efi iso9660_x64_signed.efi
|
||||
!:ext efi
|
||||
>>(0x3c.l+92) leshort 12 (EFI runtime driver)
|
||||
# no sample found
|
||||
!:ext efi
|
||||
# 13~IMAGE_SUBSYSTEM_EFI_ROM An EFI ROM image
|
||||
>>(0x3c.l+92) leshort 13 (EFI ROM)
|
||||
# no sample found
|
||||
!:ext efi
|
||||
# 14~IMAGE_SUBSYSTEM_XBOX XBOX
|
||||
>>(0x3c.l+92) leshort 14 (XBOX)
|
||||
>>(0x3c.l+92) leshort 15 (Windows boot application)
|
||||
>>(0x3c.l+92) default x (Unknown subsystem
|
||||
#!:ext foo-xbox
|
||||
# NO Windows Subsystem number 15!
|
||||
>>(0x3c.l+92) leshort 15 (Unknown subsystem 15)
|
||||
# 16~IMAGE_SUBSYSTEM_WINDOWS_BOOT_APPLICATION Windows boot application
|
||||
>>(0x3c.l+92) leshort 16 (Windows boot application
|
||||
>>>(0x3c.l+22) leshort&0x2000 >0 \b)
|
||||
# like: bootvhd.dll bootuwf.dll hvloader.dll tcbloader.dll bootspaces.dll
|
||||
!:ext dll
|
||||
>>>(0x3c.l+22) leshort&0x2000 0 \b)
|
||||
# like: bootmgr.efi memtest.efi shellx64.efi memtest.exe winload.exe winresume.exe bootvhd.dll hvloader.dll
|
||||
!:ext efi/exe
|
||||
# GRR: the next 2 lines are not executed!
|
||||
#>>(0x3c.l+92) default x (Unknown subsystem
|
||||
#>>>&0 leshort x %#x)
|
||||
>>(0x3c.l+92) leshort >16 (Unknown subsystem
|
||||
>>>&0 leshort x %#x)
|
||||
>>(0x3c.l+4) leshort 0x14c Intel 80386
|
||||
>>(0x3c.l+4) leshort 0x166 MIPS R4000
|
||||
@ -136,10 +286,13 @@
|
||||
>>(0x3c.l+4) leshort 0x5032 RISC-V 32-bit
|
||||
>>(0x3c.l+4) leshort 0x5064 RISC-V 64-bit
|
||||
>>(0x3c.l+4) leshort 0x5128 RISC-V 128-bit
|
||||
>>(0x3c.l+4) leshort 0x6232 LoongArch 32-bit
|
||||
>>(0x3c.l+4) leshort 0x6264 LoongArch 64-bit
|
||||
>>(0x3c.l+4) leshort 0x9041 Mitsubishi M32R
|
||||
>>(0x3c.l+4) leshort 0x8664 x86-64
|
||||
>>(0x3c.l+4) leshort 0xaa64 Aarch64
|
||||
>>(0x3c.l+4) leshort 0xc0ee MSIL
|
||||
# GRR: the next 2 lines are not executed!
|
||||
>>(0x3c.l+4) default x Unknown processor type
|
||||
>>>&0 leshort x %#x
|
||||
>>(0x3c.l+22) leshort&0x0200 >0 (stripped to external PDB)
|
||||
@ -176,33 +329,134 @@
|
||||
>>&(0x3c.l+0xf8) search/0x100 _winzip_ \b, ZIP self-extracting archive (WinZip)
|
||||
>>&(0x3c.l+0xf8) search/0x100 SharedD \b, Microsoft Installer self-extracting archive
|
||||
>>0x30 string Inno \b, InnoSetup self-extracting archive
|
||||
# NumberOfSections; Normal Dynamic Link libraries have a few sections for code, data and resource etc.
|
||||
# PE used as container have less sections
|
||||
>>(0x3c.l+6) leshort >1 \b, %u sections
|
||||
# do not display for 1 section to get output like in version 5.43 and to keep output columns low
|
||||
#>>(0x3c.l+6) leshort =1 \b, %u section
|
||||
|
||||
# If the relocation table is 0x40 or more bytes into the file, it's definitely
|
||||
# not a DOS EXE.
|
||||
>0x18 leshort >0x3f
|
||||
>0x18 uleshort >0x3f
|
||||
|
||||
# Hmm, not a PE but the relocation table is too high for a traditional DOS exe,
|
||||
# must be one of the unusual subformats.
|
||||
>>(0x3c.l) string !PE\0\0 MS-DOS executable
|
||||
!:mime application/x-dosexec
|
||||
#!:mime application/x-dosexec
|
||||
|
||||
>>(0x3c.l) string NE \b, NE
|
||||
!:mime application/x-dosexec
|
||||
#!:mime application/x-dosexec
|
||||
!:mime application/x-ms-ne-executable
|
||||
# FOR DEBUGGING!
|
||||
# Reference: https://wiki.osdev.org/NE
|
||||
# ProgFlags; Program flags, bitmapped
|
||||
#>>>(0x3c.l+0x0C) ubyte x \b, ProgFlags 0x%2.2x
|
||||
# >>>(0x3c.l+0x0c) ubyte&0x03 =0 \b, none
|
||||
# >>>(0x3c.l+0x0c) ubyte&0x03 =1 \b, single shared
|
||||
# >>>(0x3c.l+0x0c) ubyte&0x03 =2 \b, multiple
|
||||
# >>>(0x3c.l+0x0c) ubyte&0x03 =3 \b, (null)
|
||||
# >>>(0x3c.l+0x0c) ubyte &0x04 \b, Global initialization
|
||||
# >>>(0x3c.l+0x0c) ubyte &0x08 \b, Protected mode only
|
||||
# >>>(0x3c.l+0x0c) ubyte &0x10 \b, 8086 instructions
|
||||
# >>>(0x3c.l+0x0c) ubyte &0x20 \b, 80286 instructions
|
||||
# >>>(0x3c.l+0x0c) ubyte &0x40 \b, 80386 instructions
|
||||
# >>>(0x3c.l+0x0c) ubyte &0x80 \b, 80x87 instructions
|
||||
# ApplFlags; Application flags, bitmapped
|
||||
# https://www.fileformat.info/format/exe/corion-ne.htm
|
||||
#>>>(0x3c.l+0x0D) ubyte x \b, ApplFlags 0x%2.2x
|
||||
# Application type (bits 0-2); 1~Full screen (not aware of Windows/P.M. API)
|
||||
# 2~Compatible with Windows/P.M. API 3~Uses Windows/P.M. API
|
||||
#>>>(0x3c.l+0x0D) ubyte&0x07 =1 \b, Full screen
|
||||
#>>>(0x3c.l+0x0D) ubyte&0x07 =2 \b, Compatible with Windows/P.M. API
|
||||
#>>>(0x3c.l+0x0D) ubyte&0x07 =3 \b, use Windows/P.M. API
|
||||
# bit 7; DLL or driver (SS:SP info invalid, CS:IP points at FAR init routine called with AX handle
|
||||
#>>>(0x3c.l+0x0D) ubyte &0x80 \b, DLL or driver
|
||||
# AutoDataSegIndex; automatic data segment index like: 0 2 3 22
|
||||
# zero if the SINGLEDATA and MULTIPLEDATA bits are cleared
|
||||
#>>>(0x3c.l+0x0e) uleshort x \b, AutoDataSegIndex %u
|
||||
# InitHeapSize; intial local heap size like; 0 400h 1400h
|
||||
# zero if there is no local allocation
|
||||
#>>>(0x3c.l+0x10) uleshort !0 \b, InitHeapSize 0x%x
|
||||
# InitStackSize; inital stack size like: 0 10h A00h 7D0h A8Ch FA0h 1000h 1388h
|
||||
# 1400h (CBT) 1800h 2000h 2800h 2EE0h 2F3Ch 3258h 3E80h 4000h 4E20h 5000h 6000h
|
||||
# 6D60h 8000h 40000h
|
||||
# zero if the SS register value does not equal the DS register value
|
||||
#>>>(0x3c.l+0x12) uleshort !0 \b, InitStackSize 0x%x
|
||||
# EntryPoint; segment offset value of CS:IP like: 0 10000h 18A84h 11C1Ah 307F1h
|
||||
#>>>(0x3c.l+0x14) ulelong !0 \b, EntryPoint 0x%x
|
||||
# InitStack; specifies the segment offset value of stack pointer SS:SP
|
||||
# like: 0 20000h 160000h
|
||||
#>>>(0x3c.l+0x18) ulelong !0 \b, InitStack 0x%x
|
||||
# SegCount; number of segments in segment table like: 0 1 2 3 16h
|
||||
#>>>(0x3c.l+0x1C) uleshort x \b, SegCount 0x%x
|
||||
# ModRefs; number of module references (DLLs) like; 0 1 3
|
||||
#>>>(0x3c.l+0x1E) uleshort !0 \b, ModRefs %u
|
||||
# NoResNamesTabSiz; size in bytes of non-resident names table
|
||||
# like: Bh 16h B4h B9h 2Ch 18Fh 16AAh
|
||||
#>>>(0x3c.l+0x20) uleshort x \b, NoResNamesTabSiz 0x%x
|
||||
# SegTableOffset; offset of Segment table like: 40h
|
||||
#>>>(0x3c.l+0x22) uleshort !0x40 \b, SegTableOffset 0x%x
|
||||
# ResTableOffset; offset of resources table like: 40h 50h 58h F0h
|
||||
# 40h for most fonts likedos737.fon FMFONT.FOT but 60h for L1WBASE.FON
|
||||
#>>>(0x3c.l+0x24) uleshort x \b, ResTableOffset 0x%x
|
||||
# ResidNamTable; offset of resident names table
|
||||
# like: 58h 5Ch 60h 68h 74h 98h 2E3h 2E7h 2F0h
|
||||
#>>>(0x3c.l+0x26) uleshort x \b, ResidNamTable 0x%x
|
||||
# ImportNameTable; offset of imported names table (array of counted strings, terminated with string of length 00h)
|
||||
# like: 77h 7Eh 80h C6h A7h ACh 2F8h 3FFh
|
||||
#>>>(0x3c.l+0x2a) uleshort x \b, ImportNameTable 0x%x
|
||||
# OffStartNonResTab; offset from start of file to non-resident names table
|
||||
# like: 110h 11Dh 19Bh 1A5h 3F5h 4C8h 4EEh D93h
|
||||
#>>>(0x3c.l+0x2c) ulelong x \b, OffStartNonResTab 0x%x
|
||||
# MovEntryCount; number of movable entry points like: 0 4 5 6 16 17 24 312 355 446
|
||||
#>>>(0x3c.l+0x30) uleshort !0 \b, MovEntryCount %u
|
||||
# FileAlnSzShftCnt; log2 of the segment sector size; 4~16 0~9~512 (default)
|
||||
#>>>(0x3c.l+0x32) uleshort !9 \b, FileAlnSzShftCnt %u
|
||||
# nResTabEntries; number of resource table entries like: 0 2
|
||||
#>>>(0x3c.l+0x34) uleshort !0 \b, nResTabEntries %u
|
||||
# targOS; Target OS; 0~unknown~OS/2 1.0 or MS Windows 1-2
|
||||
# OS/2 1.0 like: DTM.DLL SHELL11F.EXE HELPMSG.EXE CREATEDD.EXE
|
||||
# or Windows 1.03 - 2.1 like: MSDOSD.EXE KARTEI.EXE KALENDER.EXE
|
||||
#>>>(0x3c.l+0x36) byte x TARGOS %x
|
||||
>>>(0x3c.l+0x36) byte 0 for OS/2 1.0 or MS Windows 1-2
|
||||
>>>(0x3c.l+0x36) byte 1 for OS/2 1.x
|
||||
>>>(0x3c.l+0x36) byte 2 for MS Windows 3.x
|
||||
>>>(0x3c.l+0x36) byte 3 for MS-DOS
|
||||
>>>(0x3c.l+0x36) byte 4 for Windows 386
|
||||
>>>(0x3c.l+0x36) byte 5 for Borland Operating System Services
|
||||
# http://downloads.sourceforge.net/dfendreloaded/D-Fend-Reloaded-1.4.4.zip
|
||||
# D-Fend Reloaded/VirtualHD/FREEDOS/DPMILD32.EXE
|
||||
# GRR: WHAT OS is this?
|
||||
#>>>(0x3c.l+0x36) byte 6 for TARGET SIX
|
||||
# https://en.wikipedia.org/wiki/Phar_Lap_(company)
|
||||
>>>(0x3c.l+0x36) byte 0x81 for MS-DOS, Phar Lap DOS extender, OS/2
|
||||
# like: CVP7.EXE
|
||||
>>>(0x3c.l+0x36) byte 0x82 for MS-DOS, Phar Lap DOS extender, Windows
|
||||
>>>(0x3c.l+0x36) default x
|
||||
>>>>(0x3c.l+0x36) byte x (unknown OS %x)
|
||||
>>>(0x3c.l+0x36) byte 0x81 for MS-DOS, Phar Lap DOS extender
|
||||
>>>>(0x3c.l+0x36) ubyte x (unknown OS %#x)
|
||||
# expctwinver; expected Windows version (minor first) like:
|
||||
# 0.0~DTM.DLL 203.4~Windows 1.03 GDI.EXE 2.1~TTY.DRV 3.0~dos737.fon FMFONT.FOT THREED.VBX 3.10~GDI.EXE 4.0~(ME) VGAFULL.3GR
|
||||
>>>(0x3c.l+0x3F) ubyte x (%u
|
||||
>>>(0x3c.l+0x3E) ubyte x \b.%u)
|
||||
# OS2EXEFlags; other EXE flags
|
||||
# 0~Long filename support 1~2.x protected mode 4~2.x proportional fonts 8~Executable has gangload area
|
||||
#>>>(0x3c.l+0x37) byte !0 \b, OS2EXEFlags 0x%x
|
||||
# retThunkOffset; offset to return thunks or start of gangload area like: 0 34h 58h 246h
|
||||
#>>>(0x3c.l+0x38) uleshort !0 \b, retThunkOffset 0x%x
|
||||
# segrefthunksoff; offset to segment reference thunks or size of gangload area
|
||||
# like: 0 33Eh 39Ah AEEh
|
||||
#>>>(0x3c.l+0x3A) uleshort !0 \b, segrefthunksoff 0x%x
|
||||
# mincodeswap; minimum code swap area size like 0 620Ch
|
||||
#>>>(0x3c.l+0x3C) uleshort !0 \b, mincodeswap 0x%x
|
||||
>>>(0x3c.l+0x0c) leshort&0x8000 0x8000 (DLL or font)
|
||||
# DRV: Driver
|
||||
# 3GR: Grabber device driver
|
||||
# CPL: Control Panel Item
|
||||
# VBX: Visual Basic Extension
|
||||
# FON: Bitmap font
|
||||
# VBX: Visual Basic Extension https://en.wikipedia.org/wiki/Visual_Basic
|
||||
# FON: Bitmap font http://fileformats.archiveteam.org/wiki/FON
|
||||
# FOT: Font resource file
|
||||
# EXE: WINSPOOL.EXE USER.EXE krnl386.exe GDI.EXE
|
||||
# CNV: Microsoft Word text conversion https://www.file-extensions.org/cnv-file-extension-microsoft-word-text-conversion-data
|
||||
!:ext dll/drv/3gr/cpl/vbx/fon/fot
|
||||
>>>(0x3c.l+0x0c) leshort&0x8000 0 (EXE)
|
||||
!:ext exe/scr
|
||||
@ -228,8 +482,17 @@
|
||||
>>>&(&0x54.l-3) string arjsfx \b, ARJ self-extracting archive
|
||||
|
||||
# MS Windows system file, supposedly a collection of LE executables
|
||||
# like vmm32.vxd WIN386.EXE
|
||||
>>(0x3c.l) string W3 \b, W3 for MS Windows
|
||||
!:mime application/x-dosexec
|
||||
#!:mime application/x-dosexec
|
||||
!:mime application/x-ms-w3-executable
|
||||
!:ext vxd/exe
|
||||
# W4 executable
|
||||
>>(0x3c.l) string W4 \b, W4 for MS Windows
|
||||
#!:mime application/x-dosexec
|
||||
!:mime application/x-ms-w4-executable
|
||||
# windows 98 VMM32.VXD
|
||||
!:ext vxd
|
||||
|
||||
>>(0x3c.l) string LE\0\0 \b, LE executable
|
||||
!:mime application/x-dosexec
|
||||
@ -268,11 +531,19 @@
|
||||
!:ext exe/com
|
||||
# header data too small for extended executable
|
||||
>2 long !0
|
||||
>>0x18 leshort <0x40
|
||||
>>0x18 uleshort <0x40
|
||||
>>>(4.s*512) leshort !0x014c
|
||||
|
||||
>>>>&(2.s-514) string !LE
|
||||
>>>>>&-2 string !BW \b, MZ for MS-DOS
|
||||
>>>>>&-2 string !BW
|
||||
#>>>>>>(0x3c.l) string x \b, 2ND MAGIC %.2s
|
||||
# but some LX executable appear here also like: PCISCAN.EXE
|
||||
>>>>>>(0x3c.l) string !LX
|
||||
# because Portable Executable (PE) already done skip many here like:
|
||||
# xcopy32.exe stinger64.exe WimUtil.exe
|
||||
# NO such DOS examples found and
|
||||
# DOS examples seems to be already handled by e_lfarlc <0x40 like: CMD8086.COM CMD-FR.COM
|
||||
>>>>>>>(0x3c.l) string !PE \b, MZ for MS-DOS
|
||||
!:mime application/x-dosexec
|
||||
>>>>&(2.s-514) string LE \b, LE
|
||||
>>>>>0x240 search/0x100 DOS/4G for MS-DOS, DOS4GW DOS extender
|
||||
@ -386,6 +657,7 @@
|
||||
>0x00 uleshort x executable
|
||||
#!:mime application/x-msdownload
|
||||
!:mime application/x-lx-executable
|
||||
!:ext exe
|
||||
# byte order: 00h~little-endian non-zero=1~big-endian
|
||||
#>0x02 ubyte =0 (little-endian)
|
||||
>0x02 ubyte !0 (big-endian)
|
||||
@ -420,7 +692,7 @@
|
||||
>0x0a leshort 3 for DOS
|
||||
# http://www.ctyme.com/intr/rb-2939.htm#Table1610
|
||||
# library by module type mask 00038000h (bits 15-17);
|
||||
# 0h ~exectable Program module
|
||||
# 0h ~executable Program module
|
||||
>0x10 ulelong&0x00038000 =0x00000000 (program)
|
||||
#!:ext exe
|
||||
# OSF_IS_DLL=8000h ~Library module (DLL)
|
||||
@ -468,14 +740,18 @@
|
||||
0 string \xffKEYB\ \ \ \0\0\0\0
|
||||
>12 string \0\0\0\0`\004\360 MS-DOS KEYBoard Layout file
|
||||
|
||||
# DOS device driver updated by Joerg Jenderek at May 2011,Mar 2017,Aug 2020
|
||||
# DOS device driver updated by Joerg Jenderek at May 2011,Mar 2017,Aug 2020,Mar 2023
|
||||
# URL: http://fileformats.archiveteam.org/wiki/DOS_device_driver
|
||||
# Reference: http://www.delorie.com/djgpp/doc/rbinter/it/46/16.html
|
||||
# https://amaus.net/static/S100/IBM/software/DOS/DOS%20techref/CHAPTER.009
|
||||
# http://www.o3one.org/hwdocs/bios_doc/dosref22.html
|
||||
0 ulequad&0x07a0ffffffff 0xffffffff
|
||||
# skip OS/2 INI ./os2
|
||||
>4 ubelong !0x14000000
|
||||
>>0 use msdos-driver
|
||||
#>>10 ubequad x MAYBE_DRIVER_NAME=%16.16llx
|
||||
# https://bugs.astron.com/view.php?id=434
|
||||
# skip OOXML document fragment 0000.dat where driver name is "empty" instead of "ASCII like"
|
||||
>>10 ubequad !0
|
||||
>>>0 use msdos-driver
|
||||
0 name msdos-driver DOS executable (
|
||||
#!:mime application/octet-stream
|
||||
!:mime application/x-dosdriver
|
||||
@ -507,8 +783,8 @@
|
||||
>>40 search/7 UPX!
|
||||
>>40 default x
|
||||
# leading/trailing nulls, zeros or non ASCII characters in 8-byte name field at offset 10 are skipped
|
||||
# 1 space char before device driver name to get phrase like "device driver PROTMAN$"
|
||||
>>>12 ubyte >0x2E \b
|
||||
# 1 space char before device driver name to get phrase like "device driver PROTMAN$" "device driver HP-150II" "device driver PC$MOUSE"
|
||||
>>>12 ubyte >0x23 \b
|
||||
>>>>10 ubyte >0x20
|
||||
>>>>>10 ubyte !0x2E
|
||||
>>>>>>10 ubyte !0x2A \b%c
|
||||
@ -602,11 +878,11 @@
|
||||
0 name msdos-com
|
||||
# URL: http://fileformats.archiveteam.org/wiki/DOS_executable_(.com)
|
||||
>0 byte x DOS executable (
|
||||
# DOS execuable with JuMP 16-bit instruction
|
||||
# DOS executable with JuMP 16-bit instruction
|
||||
>0 byte =0xE9
|
||||
# check for probably nil padding til offset 64 of Lotus driver name
|
||||
>>56 quad =0
|
||||
# check for "long" alpabetical Lotus driver name like:
|
||||
# check for "long" alphabetic Lotus driver name like:
|
||||
# Diablo "COMPAQ Text Display" "IBM Monochrome Display" "Plantronics ColorPlus"
|
||||
>>>24 regex =^[A-Z][A-Za-z\040]{5,21} \bLotus driver) %s
|
||||
!:mime application/x-dosexec
|
||||
@ -616,7 +892,7 @@
|
||||
>>>24 default x \bCOM)
|
||||
!:mime application/x-dosexec
|
||||
!:ext com
|
||||
# DOS excutable with JuMP 16-bit and without nil padding
|
||||
# DOS executable with JuMP 16-bit and without nil padding
|
||||
>>56 quad !0
|
||||
# https://wiki.syslinux.org/wiki/index.php?title=Doc/comboot
|
||||
# TODO: HOWTO distinguish COMboot from pure DOS executables?
|
||||
@ -781,7 +1057,7 @@
|
||||
>>1 default x
|
||||
# look for interrupt instruction like in rem.com (DJGPP) LOADER.COM (DR-DOS 7.x)
|
||||
>>>3 search/118 \xCD
|
||||
# FOR DEBUGGING; possible hexadecimal interupt number like: 10~BANNER.COM 13~bcdw_cl.com 15~poweroff.com (Syslinux)
|
||||
# FOR DEBUGGING; possible hexadecimal interrupt number like: 10~BANNER.COM 13~bcdw_cl.com 15~poweroff.com (Syslinux)
|
||||
# 1A~BERNDPCI.COM 20~SETENHKB.COM 21~mostly 22~gfxboot.com (Syslinux) 2F~SHUTDOWN.COM (GEMSYS)
|
||||
#>>>>&0 ubyte x \b, INTERUPT %#x
|
||||
# few examples with interrupt 0x13 instruction
|
||||
@ -791,7 +1067,7 @@
|
||||
# skip Gpt.com Mbr.com (edk2-UDK2018 bootsector) described as "DOS/MBR boot sector" by ./filesystems
|
||||
# by check for assembler instructions: mov es,ax ; mov ax,07c0h ; mov ds,ax
|
||||
>>>>>3 ubequad !0x8ec0b8c0078ed88d
|
||||
# few COM exectables with interrupt 0x13 instruction like: Bootable CD Wizard executables bcdw_cl.com fdemuoff.com
|
||||
# few COM executables with interrupt 0x13 instruction like: Bootable CD Wizard executables bcdw_cl.com fdemuoff.com
|
||||
# http://bootcd.narod.ru/bcdw150z_en.zip
|
||||
>>>>>>0 use msdos-com
|
||||
# few examples with interrupt 0x16 instruction like flashimg.img
|
||||
@ -806,7 +1082,7 @@
|
||||
#>>>>>&-1 ubyte x \b, INTERUPT %#x
|
||||
# like: LOADER.COM SETENHKB.COM banner.com copybs.com gif2raw.com poweroff.com rem.com
|
||||
>>>>>0 use msdos-com
|
||||
# few COM executables without interupt instruction like RESTART.COM (DOS 7.10) REBOOT.COM
|
||||
# few COM executables without interrupt instruction like RESTART.COM (DOS 7.10) REBOOT.COM
|
||||
# or some EUC-KR text files or one Ulead Imaginfo thumbnail
|
||||
>>>3 default x
|
||||
# FOR DEBUGGING; 2nd instruction like 0x50 (RESTART.COM) 0x8e (REBOOT.COM)
|
||||
@ -1213,15 +1489,82 @@
|
||||
0 string/b Nullsoft\ AVS\ Preset\ Winamp plug in
|
||||
|
||||
# Windows Metafile .WMF
|
||||
0 string/b \327\315\306\232 Windows metafile
|
||||
!:mime image/wmf
|
||||
!:ext wmf
|
||||
# URL: http://fileformats.archiveteam.org/wiki/Windows_Metafile
|
||||
# http://en.wikipedia.org/wiki/Windows_Metafile
|
||||
# Reference: https://winprotocoldoc.blob.core.windows.net/productionwindowsarchives/MS-WMF/%5bMS-WMF%5d.pdf
|
||||
# http://mark0.net/download/triddefs_xml.7z/defs/w/wmf.trid.xml
|
||||
# Note: called "Windows Metafile" by TrID and
|
||||
# verified by ImageMagick `identify -verbose *.wmf` as WMF (Windows Meta File)
|
||||
# META_PLACEABLE Record (Aldus Placeable Metafile signature)
|
||||
0 string/b \327\315\306\232
|
||||
# Note: called "Windows Metafile Image with Placeable File Header" by DROID via PUID x-fmt/119
|
||||
# and verified by XnView `nconvert -info abydos.wmf SPA_FLAG.wmf hardcopy-windows-meta.wmf` as "Windows Placeable metafile"
|
||||
# skip failed libreoffice-7.3.2.2 ofz35149-1.wmf with invalid version 2020h and exttextout-2.wmf with invalid version 3a02h
|
||||
# and x-fmt-119-signature-id-609.wmf without version instead of 0100h=METAVERSION100 or 0300h=METAVERSION300
|
||||
>26 uleshort&0xFDff =0x0100 Windows metafile
|
||||
# HWmf; resource handle to the metafile; When the metafile is on disk, this field MUST contain 0
|
||||
# seems to be always true but in failed samples 2020h ofz35149-1.wmf 56f8h exttextout-2.wmf
|
||||
>>4 uleshort !0 \b, resource handle %#x
|
||||
# BoundingBox; the rectangle in the playback context measured in logical units for displaying
|
||||
# sometimes useful like: hardcopy-windows-meta.wmf (0,0 / 1280,1024)
|
||||
# but garbage in x-fmt-119-signature-id-609.wmf (-21589,-21589 / -21589,-21589)
|
||||
#>>6 ubequad x \b, bounding box %#16.16llx
|
||||
# Left; x-coordinate of the upper-left corner of the rectangle
|
||||
>>6 leshort x \b, bounding box (%d
|
||||
# Top; y-coordinate upper-left corner
|
||||
>>8 leshort x \b,%d
|
||||
# Right; x-coordinate lower-right corner
|
||||
>>10 leshort x / %d
|
||||
# Bottom; y-coordinate lower-right corner
|
||||
>>12 leshort x \b,%d)
|
||||
# Inch; number of logical units per inch like: 72 96 575 576 1000 1200 1439 1440 2540
|
||||
>>14 uleshort x \b, dpi %u
|
||||
# Reserved; field is not used and MUST be set to 0; but ababababh in x-fmt-119-signature-id-609.wmf
|
||||
>>16 ulelong !0 \b, reserved %#x
|
||||
# Checksum; checksum for the previous 10 words
|
||||
>>20 uleshort x \b, checksum %#x
|
||||
# META_HEADER Record after META_PLACEABLE Record
|
||||
>>22 use wmf-head
|
||||
# GRR: no example for type 2 (DISKMETAFILE) variant found under few thousands WMF
|
||||
0 string/b \002\000\011\000 Windows metafile
|
||||
>0 use wmf-head
|
||||
# Reference: http://mark0.net/download/triddefs_xml.7z/defs/w/wmf-16.trid.xml
|
||||
# Note: called "Windows Metafile (old Win 3.x format)" by TrID and
|
||||
# "Windows Metafile Image without Placeable File Header" by DROID via PUID x-fmt/119
|
||||
# verified by XnView `nconvert -info *.wmf` as Windows metafile
|
||||
# variant with type=1=MEMORYMETAFILE and valid HeaderSize 9
|
||||
0 string/b \001\000\011\000
|
||||
# skip DROID x-fmt-119-signature-id-1228.wmf by looking for content after header (18 bytes=2*011)
|
||||
>18 ulelong >0 Windows metafile
|
||||
# GRR: in version 5.44 unequal and not endian variant not working!
|
||||
#>18 ulelong !0 THIS_SHOULD_NOT_HAPPEN
|
||||
#>18 long !0 THIS_SHOULD_NOT_HAPPEN
|
||||
>>0 use wmf-head
|
||||
# display information of Windows metafile header (type, size, objects)
|
||||
0 name wmf-head
|
||||
# MetafileType: 0001h=MEMORYMETAFILE~Metafile is stored in memory 0002h=DISKMETAFILE~Metafile is stored on disk
|
||||
>0 uleshort !0x0001 \b, type %#x
|
||||
# HeaderSize; the number of WORDs in header record; seems to be always 9 (18 bytes)
|
||||
>2 uleshort*2 !18 \b, header size %u
|
||||
# MetafileVersion: 0100h=METAVERSION100~DIBs (device-independent bitmaps) not supported 0300h=METAVERSION300~DIBs are supported
|
||||
# but in failed samples 2020h ofz35149-1.wmf 3a02h exttextout-2.wmf
|
||||
>4 uleshort =0x0100 \b, DIBs not supported
|
||||
>4 uleshort =0x0300
|
||||
#>4 uleshort =0x0300 \b, DIBs supported
|
||||
# this should not happen!
|
||||
>4 default x \b, version
|
||||
>>4 uleshort x %#x
|
||||
# Size; the number of WORDs in the entire metafile
|
||||
>6 ulelong x \b, size %u words
|
||||
#>6 ulelong*2 x \b, size %u bytes
|
||||
!:mime image/wmf
|
||||
!:ext wmf
|
||||
0 string/b \001\000\011\000 Windows metafile
|
||||
!:mime image/wmf
|
||||
!:ext wmf
|
||||
# NumberOfObjects: the number of graphics objects like: 0 hardcopy-windows-meta.wmf 1 2 3 4 5 6 7 8 9 12 13 14 16 17 20 27 110 PERSGRID.WMF
|
||||
>10 uleshort x \b, %u objects
|
||||
# MaxRecord: the size of the largest record in the metafile in WORDs like: 78h b0h 1f4h 310h 63fh 1e0022h 3fcc21h
|
||||
>12 ulelong x \b, largest record size %#x
|
||||
# NumberOfMembers: It SHOULD be 0x0000, but 5 TestBitBltStretchBlt.wmf 13 TestPalette.wmf and in failed samples 4254 bitcount-1.wmf 8224 ofz5942-1.wmf 56832 exttextout-2.wmf
|
||||
>16 uleshort !0 \b, %u members
|
||||
|
||||
#tz3 files whatever that is (MS Works files)
|
||||
0 string/b \003\001\001\004\070\001\000\000 tz3 ms-works file
|
||||
@ -1374,8 +1717,6 @@
|
||||
1 string RDC-meg MegaDots
|
||||
>8 byte >0x2F version %c
|
||||
>9 byte >0x2F \b.%c file
|
||||
0 lelong 0x4C
|
||||
>4 lelong 0x00021401 Windows shortcut file
|
||||
|
||||
# .PIF files added by Joerg Jenderek from https://smsoft.ru/en/pifdoc.htm
|
||||
# only for windows versions equal or greater 3.0
|
||||
@ -1411,17 +1752,6 @@
|
||||
>0x187 search/0xB55 AUTOEXECBAT\ 4.0\0 \b +AUTOEXEC.BAT
|
||||
#>>&06 string x \b:%s
|
||||
|
||||
# DOS EPS Binary File Header
|
||||
# From: Ed Sznyter <ews@Black.Market.NET>
|
||||
0 belong 0xC5D0D3C6 DOS EPS Binary File
|
||||
!:mime image/x-eps
|
||||
>4 long >0 Postscript starts at byte %d
|
||||
>>8 long >0 length %d
|
||||
>>>12 long >0 Metafile starts at byte %d
|
||||
>>>>16 long >0 length %d
|
||||
>>>20 long >0 TIFF starts at byte %d
|
||||
>>>>24 long >0 length %d
|
||||
|
||||
# Norton Guide (.NG , .HLP) files added by Joerg Jenderek from source NG2HTML.C
|
||||
# of http://www.davep.org/norton-guides/ng2h-105.tgz
|
||||
# https://en.wikipedia.org/wiki/Norton_Guides
|
||||
@ -1575,6 +1905,12 @@
|
||||
>0x2c default x
|
||||
# look for 1st member name
|
||||
>>(16.l+16) ubyte x
|
||||
# From: Joerg Jenderek
|
||||
# URL: https://docs.microsoft.com/en-us/windows-hardware/drivers/install/building-device-metadata-packages
|
||||
# Reference: http://mark0.net/download/triddefs_xml.7z/defs/d/devicemetadata-ms.trid.xml
|
||||
>>>&-1 string PackageInfo.xml \b, Device Metadata Package
|
||||
!:mime application/vnd.ms-cab-compressed
|
||||
!:ext devicemetadata-ms
|
||||
# https://en.wikipedia.org/wiki/SNP_file_format
|
||||
>>>&-1 string/c _accrpt_.snp \b, Access report snapshot
|
||||
!:mime application/msaccess
|
||||
@ -1598,14 +1934,20 @@
|
||||
!:ext msu
|
||||
>>>&-1 default x
|
||||
# look at point character of 1st archive member name for file name extension
|
||||
# GRR: search range is maybe too large and match point else where like in EN600x64.cab!
|
||||
>>>>&-1 search/255 .
|
||||
# http://www.pptfaq.com/FAQ00164_What_is_a_PPZ_file-.htm
|
||||
# PPZ were created using Pack & Go feature of PowerPoint versions 97 - 2002
|
||||
# packs optional files, a PowerPoint presentation *.ppt with optional PLAYLIST.LST to CAB
|
||||
>>>>>&0 string/c ppt\0 \b, PowerPoint Packed and Go
|
||||
>>>>>&0 string/c ppt\0
|
||||
>>>>>>28 uleshort >1 \b, PowerPoint Packed and Go
|
||||
!:mime application/vnd.ms-powerpoint
|
||||
#!:mime application/mspowerpoint
|
||||
!:ext ppz
|
||||
# or POWERPNT.PPT packed as POWERPNT.PP_ found on Windows 2000,XP setup CD in directory i386
|
||||
>>>>>>28 uleshort =1 \b, one packed PowerPoint
|
||||
!:mime application/vnd.ms-cab-compressed
|
||||
!:ext pp_
|
||||
# https://msdn.microsoft.com/en-us/library/windows/desktop/bb773190(v=vs.85).aspx
|
||||
# first member *.theme implies Windows 7 Theme Pack like in CommunityShowcaseAqua3.themepack
|
||||
# or Windows 8 Desktop Theme Pack like in PanoramicGlaciers.deskthemepack
|
||||
@ -1653,6 +1995,16 @@
|
||||
>>>>>>>>>30 uleshort !0x0000 \b, single
|
||||
!:mime application/vnd.ms-cab-compressed
|
||||
!:ext cab
|
||||
# first archive name without point character
|
||||
>>>>&-1 default x
|
||||
>>>>>28 uleshort =1 \b, single
|
||||
!:mime application/vnd.ms-cab-compressed
|
||||
# on XP_CD\I386\ like: NETWORKS._ PROTOCOL._ QUOTES._ SERVICES._
|
||||
!:ext _
|
||||
>>>>>28 uleshort >1 \b, many
|
||||
!:mime application/vnd.ms-cab-compressed
|
||||
# like: HP Envy 6000 printer driver packages Full_x86.cab Full_x64.cab
|
||||
!:ext cab
|
||||
# TODO: additional extensions like
|
||||
# .xtp InfoPath Template Part
|
||||
# .lvf Logitech Video Effects Face Accessory
|
||||
@ -1750,9 +2102,9 @@
|
||||
# define ifoldCONTINUED_PREV_AND_NEXT (0xFFFF)
|
||||
>8 uleshort >0 \b, iFolder %#x
|
||||
# date stamp for file
|
||||
#>10 uleshort x \b, date %#x
|
||||
>10 lemsdosdate x last modified %s
|
||||
# time stamp for file
|
||||
#>12 uleshort x \b, time %#x
|
||||
>12 lemsdostime x %s
|
||||
# attribs is attribute flags for file
|
||||
# define _A_RDONLY (0x01) file is read-only
|
||||
# define _A_HIDDEN (0x02) file is hidden
|
||||
|
@ -1,6 +1,6 @@
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# $File: msooxml,v 1.18 2022/08/16 11:16:39 christos Exp $
|
||||
# $File: msooxml,v 1.19 2023/03/14 19:46:15 christos Exp $
|
||||
# msooxml: file(1) magic for Microsoft Office XML
|
||||
# From: Ralf Brown <ralf.brown@gmail.com>
|
||||
|
||||
@ -56,3 +56,13 @@
|
||||
>>>>>>>>>&26 default x Microsoft OOXML
|
||||
>>>>>>>&26 default x Microsoft OOXML
|
||||
>>>>>&26 default x Microsoft OOXML
|
||||
>>0x1E regex \\[trash\\]
|
||||
>>>&26 search/6000 PK\003\004
|
||||
>>>>&26 search/6000 PK\003\004
|
||||
>>>>>&26 use msooxml
|
||||
>>>>>&26 default x
|
||||
>>>>>>&26 search/6000 PK\003\004
|
||||
>>>>>>>&26 use msooxml
|
||||
>>>>>>>&26 default x Microsoft OOXML
|
||||
>>>>>>&26 default x Microsoft OOXML
|
||||
>>>>>&26 default x Microsoft OOXML
|
||||
|
@ -1,6 +1,6 @@
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# $File: ole2compounddocs,v 1.19 2022/09/11 20:52:40 christos Exp $
|
||||
# $File: ole2compounddocs,v 1.26 2023/05/15 16:46:12 christos Exp $
|
||||
# Microsoft OLE 2 Compound Documents : file(1) magic for Microsoft Structured
|
||||
# storage (https://en.wikipedia.org/wiki/Compound_File_Binary_Format)
|
||||
# Additional tests for OLE 2 Compound Documents should be under this recipe.
|
||||
@ -72,6 +72,7 @@
|
||||
#>67 ubyte x \b, color %x
|
||||
# the DirIDs of the child nodes. Should both be -1 in the root storage entry
|
||||
#>68 bequad !0xffffffffffffffff \b, DirIDs %llx
|
||||
# NEXT lines for DEBUGGING
|
||||
# second directory entry name like VisioDocument Control000
|
||||
#>128 lestring16 x \b, 2nd %.20s
|
||||
# third directory entry like WordDocument
|
||||
@ -201,6 +202,18 @@
|
||||
!:ext nfo
|
||||
#
|
||||
# From: Joerg Jenderek
|
||||
# URL: https://learn.microsoft.com/en-us/sysinternals/downloads/autoruns
|
||||
# Reference: http://mark0.net/download/triddefs_xml.7z/defs/a/arn-autoruns-v14.trid.xml
|
||||
# Note: older versions til 13 about middle 2021 handled by ./windows
|
||||
# called "Sysinternals Autoruns data (v14)" by TrID
|
||||
# second, third and fourth directory entry name like Header Items 0
|
||||
>>>>128 lestring16 Header : Microsoft sysinternals AutoRuns data, version 14
|
||||
#!:mime application/x-ole-storage
|
||||
!:mime application/x-ms-arn
|
||||
# like: MyHOSTNAME.arn
|
||||
!:ext arn
|
||||
#
|
||||
# From: Joerg Jenderek
|
||||
# URL: https://en.wikipedia.org/wiki/Microsoft_Access
|
||||
# Reference: http://mark0.net/download/triddefs_xml.7z/defs/m/mdz.trid.xml
|
||||
# http://fileformats.archiveteam.org/wiki/Microsoft_Compound_File
|
||||
@ -249,9 +262,11 @@
|
||||
!:ext tpl
|
||||
#
|
||||
# URL: https://en.wikipedia.org/wiki/Hangul_(word_processor)
|
||||
# https://www.hancom.com/etc/hwpDownload.do
|
||||
# Note: "HWP Document File" signature found in FileHeader
|
||||
# Hangul Word Processor WORDIAN, 2002 and later is using HWP 5.0 format.
|
||||
# Second directory entry name FileHeader hint for Thinkfree Office document
|
||||
>>>>128 lestring16 FileHeader : Hangul (Korean) 5.0 Word Processor File
|
||||
>>>>128 lestring16 FileHeader : Hancom HWP (Hangul Word Processor) file, version 5.0
|
||||
#!:mime application/haansofthwp
|
||||
!:mime application/x-hwp
|
||||
# https://example-files.online-convert.com/document/hwp/example.hwp
|
||||
@ -305,62 +320,93 @@
|
||||
# THIS WORKS PARTLY!
|
||||
>>>>>>&0 indirect x
|
||||
# remaining null clsid
|
||||
>>>>128 default x : UNKNOWN
|
||||
# second directory entry name like VisioDocument Control000
|
||||
>>>>>128 lestring16 x with names %.20s
|
||||
# third directory entry like WordDocument
|
||||
>>>>>256 lestring16 x %.20s
|
||||
# forth
|
||||
>>>>>384 lestring16 x %.20s
|
||||
!:mime application/x-ole-storage
|
||||
# according to file version 5.41 with -e soft option
|
||||
#!:mime application/CDFV2
|
||||
#!:ext ???
|
||||
>>>>128 default x
|
||||
>>>>>0 use ole2-unknown
|
||||
# look for CLSID where "second" part is 0
|
||||
>>>80 ubequad !0x0
|
||||
#
|
||||
# Summary: Family Tree Maker
|
||||
# From: Joerg Jenderek
|
||||
# URL: http://fileformats.archiveteam.org/wiki/Family_Tree_Maker
|
||||
# https://en.wikipedia.org/wiki/Family_Tree_Maker
|
||||
# Reference: http://mark0.net/download/triddefs_xml.7z/defs/f/ftw.trid.xml
|
||||
# Note called "Family Tree Maker Family Tree" by TrID and
|
||||
# "FamilyTree Maker Database" with version "1-4" by DROID via PUID fmt/1352
|
||||
# tested only with version 2.0
|
||||
# verified by Michal Mutl Structured Storage Viewer `SSView.exe my.ftw`
|
||||
# newer versions are SQLite based and handled by ./sql
|
||||
# directory names like: IND.DB AUX.DB GENERAL.DB NAME.NDX BIRTH.NDX EXTRA.DB
|
||||
>>>>80 ubequad 0x5702000000000000 : Family Tree Maker Windows database, version 1-4
|
||||
# look for "File Format (C) Copyright 1993 Banner Blue Software Inc. - All Rights Reserved" in GENERAL.DB
|
||||
#>>>>>0 search/0x5460c/s F\0i\0l\0e\0\040\0F\0o\0r\0m\0a\0t\0\040\0(\0C\0)\0 \b, VERSION
|
||||
# GRR: jump to version value like 2 does not work!
|
||||
#>>>>>>&-8 ubyte x %u
|
||||
#!:mime application/x-ole-storage
|
||||
!:mime application/x-fmt
|
||||
# FBK is used for backup of FTW
|
||||
!:ext ftw/fbk
|
||||
#
|
||||
>>>>80 default x
|
||||
>>>>>0 use ole2-unknown
|
||||
# look for known clsid GUID
|
||||
# - Visio documents
|
||||
# URL: http://fileformats.archiveteam.org/wiki/Visio
|
||||
# Last update on 10/23/2006 by Lester Hightower, 07/20/2019 by Joerg Jenderek
|
||||
>>88 ubequad 0xc000000000000046 : Microsoft
|
||||
>>>80 ubequad 0x131a020000000000 Visio 2000-2002 Document, stencil or template
|
||||
>>88 ubequad 0xc000000000000046
|
||||
>>>80 ubequad 0x131a020000000000 : Microsoft Visio 2000-2002 Document, stencil or template
|
||||
!:mime application/vnd.visio
|
||||
# VSD~Drawing VSS~Stencil VST~Template
|
||||
!:ext vsd/vss/vst
|
||||
>>>80 ubequad 0x141a020000000000 Visio 2003-2010 Document, stencil or template
|
||||
>>>80 ubequad 0x141a020000000000 : Microsoft Visio 2003-2010 Document, stencil or template
|
||||
!:mime application/vnd.visio
|
||||
!:ext vsd/vss/vst
|
||||
#
|
||||
# URL: http://fileformats.archiveteam.org/wiki/Windows_Installer
|
||||
>>>80 ubequad 0x84100c0000000000 Windows Installer Package
|
||||
# https://en.wikipedia.org/wiki/Windows_Installer#ICE_validation
|
||||
# Update: Joerg Jenderek
|
||||
# Windows Installer Package *.MSI or validation module *.CUB
|
||||
>>>80 ubequad 0x84100c0000000000 : Microsoft Windows Installer Package or validation module
|
||||
!:mime application/x-msi
|
||||
#!:mime application/x-ms-win-installer
|
||||
!:ext msi
|
||||
>>>80 ubequad 0x86100c0000000000 Windows Installer Patch
|
||||
# https://learn.microsoft.com/en-us/windows/win32/msi/internal-consistency-evaluators-ices
|
||||
# cub is used for validation module like: Vstalogo.cub XPlogo.cub darice.cub logo.cub mergemod.cub
|
||||
#!:mime application/x-ms-cub
|
||||
!:ext msi/cub
|
||||
# From: Joerg Jenderek
|
||||
# URL: http://en.wikipedia.org/wiki/Windows_Installer
|
||||
# Reference: http://mark0.net/download/triddefs_xml.7z/defs/m/mst.trid.xml
|
||||
# called "Windows SDK Setup Transform script" by TrID
|
||||
>>>80 ubequad 0x82100c0000000000 : Microsoft Windows Installer transform script
|
||||
#!:mime application/x-ole-storage
|
||||
!:mime application/x-ms-mst
|
||||
!:ext mst
|
||||
>>>80 ubequad 0x86100c0000000000 : Microsoft Windows Installer Patch
|
||||
# ??
|
||||
!:mime application/x-wine-extension-msp
|
||||
#!:mime application/x-ms-msp
|
||||
!:ext msp
|
||||
#
|
||||
# URL: http://fileformats.archiveteam.org/wiki/DOC
|
||||
>>>80 ubequad 0x0009020000000000 Word 6-95 document or template
|
||||
>>>80 ubequad 0x0009020000000000 : Microsoft Word 6-95 document or template
|
||||
!:mime application/msword
|
||||
# for template MSWDW8TN
|
||||
!:apple MSWDWDBN
|
||||
!:ext doc/dot
|
||||
>>>80 ubequad 0x0609020000000000 Word 97-2003 document or template
|
||||
>>>80 ubequad 0x0609020000000000 : Microsoft Word 97-2003 document or template
|
||||
!:mime application/msword
|
||||
!:apple MSWDWDBN
|
||||
# dot for template; no extension on Macintosh
|
||||
!:ext doc/dot/
|
||||
#
|
||||
# URL: http://fileformats.archiveteam.org/wiki/Microsoft_Works_Word_Processor
|
||||
>>>80 ubequad 0x0213020000000000 Works 3-4 document or template
|
||||
>>>80 ubequad 0x0213020000000000 : Microsoft Works 3-4 document or template
|
||||
!:mime application/vnd.ms-works
|
||||
!:apple ????AWWP
|
||||
# ps for template https://filext.com/file-extension/PS bps for backup
|
||||
!:ext wps/ps/bps
|
||||
#
|
||||
# URL: http://fileformats.archiveteam.org/wiki/Microsoft_Works_Database
|
||||
>>>80 ubequad 0x0313020000000000 Works 3-4 database or template
|
||||
>>>80 ubequad 0x0313020000000000 : Microsoft Works 3-4 database or template
|
||||
!:mime application/vnd.ms-works-db
|
||||
# https://www.macdisk.com/macsigen.php
|
||||
!:apple ????AWDB
|
||||
@ -368,14 +414,14 @@
|
||||
!:ext wdb/db/bdb
|
||||
#
|
||||
# URL: https://en.wikipedia.org/wiki/Microsoft_Excel
|
||||
>>>80 ubequad 0x1008020000000000 Excel 5-95 worksheet, addin or template
|
||||
>>>80 ubequad 0x1008020000000000 : Microsoft Excel 5-95 worksheet, addin or template
|
||||
!:mime application/vnd.ms-excel
|
||||
# https://www.macdisk.com/macsigen.php
|
||||
!:apple ????XLS5
|
||||
# worksheet/addin/template/no extension on Macintosh
|
||||
!:ext xls/xla/xlt/
|
||||
#
|
||||
>>>80 ubequad 0x2008020000000000 Excel 97-2003
|
||||
>>>80 ubequad 0x2008020000000000 : Microsoft Excel 97-2003
|
||||
!:mime application/vnd.ms-excel
|
||||
# https://www.macdisk.com/macsigen.php XLS5 for Excel 5
|
||||
!:apple ????XLS9
|
||||
@ -391,23 +437,36 @@
|
||||
#!:ext xls/xlt/
|
||||
#
|
||||
# URL: http://fileformats.archiveteam.org/wiki/OLE2
|
||||
>>>80 ubequad 0x0b0d020000000000 Outlook 97-2003 item
|
||||
#>>>80 ubequad 0x0b0d020000000000 Outlook 97-2003 Message
|
||||
>>>80 ubequad 0x0b0d020000000000 : Microsoft Outlook 97-2003 item
|
||||
#>>>80 ubequad 0x0b0d020000000000 : Microsoft Outlook 97-2003 Message
|
||||
#!:mime application/vnd.ms-outlook
|
||||
!:mime application/x-ms-msg
|
||||
!:ext msg
|
||||
# URL: https://wiki.fileformat.com/email/oft/
|
||||
>>>80 ubequad 0x46f0060000000000 Outlook 97-2003 item template
|
||||
>>>80 ubequad 0x46f0060000000000 : Microsoft Outlook 97-2003 item template
|
||||
#!:mime application/vnd.ms-outlook
|
||||
!:mime application/x-ms-oft
|
||||
!:ext oft
|
||||
#
|
||||
# URL: http://fileformats.archiveteam.org/wiki/PPT
|
||||
>>>80 ubequad 0x5148040000000000 PowerPoint 4.0 presentation
|
||||
>>>80 ubequad 0x5148040000000000 : Microsoft PowerPoint 4.0 presentation
|
||||
!:mime application/vnd.ms-powerpoint
|
||||
# https://www.macdisk.com/macsigen.php
|
||||
!:apple ????PPT3
|
||||
!:ext ppt
|
||||
# Summary: "newer" Greenstreet Art drawing
|
||||
# From: Joerg Jenderek
|
||||
# URL: http://fileformats.archiveteam.org/wiki/GST_ART
|
||||
# Reference: http://mark0.net/download/triddefs_xml.7z/defs/a/art-gst-docfile.trid.xml
|
||||
# Note: called like "Greenstreet Art drawing" by TrID
|
||||
# Note: CONTENT stream contains binary part of older versions with phrase GST:ART at offset 16
|
||||
# verified by Michal Mutl Structured Storage Viewer `SSView.exe BCARD2.ART`
|
||||
>>>80 ubequad 0x602c020000000000 : Greenstreet Art drawing
|
||||
#!:mime application/x-ole-storage
|
||||
!:mime image/x-greenstreet-art
|
||||
!:ext art
|
||||
>>>80 default x
|
||||
>>>>0 use ole2-unknown
|
||||
#??
|
||||
# URL: http://www.checkfilename.com/view-details/Microsoft-Works/RespageIndex/0/sTab/2/
|
||||
>>88 ubequad 0xa29a00aa004a1a72 : Microsoft
|
||||
@ -547,6 +606,19 @@
|
||||
!:apple ????WPC9
|
||||
!:ext wpg
|
||||
#
|
||||
# From: Joerg Jenderek
|
||||
# URL: http://fileformats.archiveteam.org/wiki/CorelCAD
|
||||
# https://en.wikipedia.org/wiki/CorelCAD
|
||||
# Reference: http://mark0.net/download/triddefs_xml.7z/defs/c/ccd-corelcad.trid.xml
|
||||
# Note: called "CorelCAD Drawing" by TrID and CorelCAD
|
||||
# directory entry names like Contents ViewInfo CustomViewDescriptions LayerInfo
|
||||
>>88 ubequad 0xbe26db67235e2689 : Corel
|
||||
>>>80 ubequad 0x20f414de1cacce11 \bCAD Drawing or Template
|
||||
#!:mime application/x-ole-storage
|
||||
!:mime application/x-corel-cad
|
||||
# CCT for CorelCAD Template
|
||||
!:ext ccd/cct
|
||||
#
|
||||
# URL: http://fileformats.archiveteam.org/wiki/StarOffice_binary_formats
|
||||
>>88 ubequad 0x996104021c007002 : StarOffice
|
||||
>>>80 ubequad 0x407e5cdc5cb31b10 StarWriter 3.0 document or template
|
||||
@ -661,13 +733,28 @@
|
||||
#!:ext max/chr
|
||||
# remaining non null clsid
|
||||
>>88 default x
|
||||
# GRR: check again for non null clsid because wrong when called by indirect directive
|
||||
>>>88 ubequad !0 : UNKNOWN
|
||||
>>>0 use ole2-unknown
|
||||
# display information about directory for not detected CDF files
|
||||
0 name ole2-unknown
|
||||
>80 ubequad x : UNKNOWN
|
||||
# https://reposcope.com/mimetype/application/x-ole-storage
|
||||
!:mime application/x-ole-storage
|
||||
# according to file version 5.41 with -e soft option
|
||||
#!:mime application/CDFV2
|
||||
#!:ext ???
|
||||
>>>>80 ubequad !0 \b, clsid %#16.16llx
|
||||
>>>>88 ubequad x \b%16.16llx
|
||||
|
||||
>80 ubequad !0 \b, clsid %#16.16llx
|
||||
>>88 ubequad x \b%16.16llx
|
||||
# converted hexadecimal format to standard GUUID notation
|
||||
>>80 guid x {%s}
|
||||
# second directory entry name like VisioDocument Control000
|
||||
>128 lestring16 x with names %.20s
|
||||
# third directory entry like WordDocument Preview.dib
|
||||
>256 lestring16 x %.20s
|
||||
# forth like \005SummaryInformation
|
||||
>384 lestring16 x %.25s
|
||||
# 5th
|
||||
>512 lestring16 x %.10s
|
||||
# 6th
|
||||
>640 lestring16 x %.10s
|
||||
# 7th
|
||||
>768 lestring16 x %.10s
|
||||
|
@ -1,12 +1,12 @@
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# $File: pdf,v 1.16 2021/07/30 11:47:07 christos Exp $
|
||||
# $File: pdf,v 1.18 2023/07/17 15:57:18 christos Exp $
|
||||
# pdf: file(1) magic for Portable Document Format
|
||||
#
|
||||
|
||||
0 name pdf
|
||||
>8 search /Count
|
||||
>>&0 regex [0-9]+ \b, %s pages
|
||||
>>&0 regex [0-9]+ \b, %s page(s)
|
||||
>8 search/512 /Filter/FlateDecode/ (zip deflate encoded)
|
||||
|
||||
0 string %PDF- PDF document
|
||||
@ -42,7 +42,7 @@
|
||||
>5 byte x \b, version %c
|
||||
>7 byte x \b.%c
|
||||
|
||||
0 search/256 %PDF- PDF document
|
||||
0 search/1024 %PDF- PDF document
|
||||
!:mime application/pdf
|
||||
!:strength +60
|
||||
!:ext pdf
|
||||
|
@ -1,5 +1,5 @@
|
||||
#------------------------------------------------------------------------------
|
||||
# $File: perl,v 1.26 2017/02/21 18:34:55 christos Exp $
|
||||
# $File: perl,v 1.27 2023/07/17 16:01:36 christos Exp $
|
||||
# perl: file(1) magic for Larry Wall's perl language.
|
||||
#
|
||||
# The `eval' lines recognizes an outrageously clever hack.
|
||||
@ -34,12 +34,12 @@
|
||||
# by Dmitry V. Levin and Alexey Tourbin
|
||||
# check the first line
|
||||
0 search/8192 package
|
||||
>0 regex \^package[\ \t]+[0-9A-Za-z_:]+\ *; Perl5 module source text
|
||||
>0 regex \^package[[:space:]]+[0-9A-Za-z_:]+[[:space:]]*([[:space:]]v?[0-9][0-9.]*)?[[:space:]]*; Perl5 module source text
|
||||
!:strength + 40
|
||||
# not 'p', check other lines
|
||||
0 search/8192 !p
|
||||
>0 regex \^package[\ \t]+[0-9A-Za-z_:]+\ *;
|
||||
>>0 regex \^1\ *;|\^(use|sub|my)\ .*[(;{=] Perl5 module source text
|
||||
>0 regex \^package[[:space:]]+[0-9A-Za-z_:]+[[:space:]]*([[:space:]]v?[0-9][0-9.]*)?[[:space:]]*;
|
||||
>>0 regex \^1[[:space:]]*;|\^(use|sub|my)[[:space:]].*[(;{=] Perl5 module source text
|
||||
!:strength + 75
|
||||
|
||||
# Perl POD documents
|
||||
|
57
magic/Magdir/playdate
Normal file
57
magic/Magdir/playdate
Normal file
@ -0,0 +1,57 @@
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# $File: playdate,v 1.1 2022/11/04 13:34:48 christos Exp $
|
||||
#
|
||||
# Various native file formats for the Playdate portable video game console.
|
||||
#
|
||||
# These are unofficially documented at
|
||||
# https://github.com/jaames/playdate-reverse-engineering
|
||||
#
|
||||
# The SDK is a source for many test files, and can be used to
|
||||
# create others. https://play.date/dev/
|
||||
|
||||
|
||||
# pdi: static image
|
||||
0 string Playdate\ IMG Playdate image data
|
||||
>12 belong&0x80 0x80 (compressed)
|
||||
>>20 lelong x %d x
|
||||
>>24 lelong x %d
|
||||
>12 belong&0x80 0x00 (uncompressed)
|
||||
>>16 leshort x %d x
|
||||
>>18 leshort x %d
|
||||
|
||||
# pdt: multiple static images
|
||||
0 string Playdate\ IMT Playdate image data set
|
||||
>12 belong&0x80 0x80 (compressed)
|
||||
>>20 lelong x %d x
|
||||
>>24 lelong x %d,
|
||||
>>28 lelong x %d cells
|
||||
>12 belong&0x80 0x00 (uncompressed)
|
||||
>>20 lelong x tile grid %d x
|
||||
>>24 lelong x %d
|
||||
|
||||
# pds: string tables
|
||||
0 string Playdate\ STR Playdate localization strings
|
||||
>12 belong&0x80 0x80 (compressed)
|
||||
>12 belong&0x80 0x00 (uncompressed)
|
||||
|
||||
# pda: audio
|
||||
0 string Playdate\ AUD Playdate audio file
|
||||
>12 lelong&0xffffff x %d Hz,
|
||||
>15 byte 0 unsigned, 8-bit PCM, 1 channel
|
||||
>15 byte 1 unsigned, 8-bit PCM, 2 channel
|
||||
>15 byte 2 signed, 16-bit little-endian PCM, 1 channel
|
||||
>15 byte 3 signed, 16-bit little-endian PCM, 1 channel
|
||||
>15 byte 4 4-bit ADPCM, 1 channel
|
||||
>15 byte 5 4-bit ADPCM, 2 channel
|
||||
|
||||
# pda: video
|
||||
0 string Playdate\ VID Playdate video file
|
||||
>24 leshort x %d x
|
||||
>26 leshort x %d,
|
||||
>16 leshort x %d frames,
|
||||
>20 lefloat x %.2f FPS
|
||||
|
||||
# pdz: executable package
|
||||
# Not a lot we can do, as it's a stream of entries with no summary information.
|
||||
0 string Playdate\ PDZ Playdate executable package
|
@ -1,6 +1,6 @@
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# $File: printer,v 1.29 2019/04/19 00:42:27 christos Exp $
|
||||
# $File: printer,v 1.34 2023/06/16 19:27:12 christos Exp $
|
||||
# printer: file(1) magic for printer-formatted files
|
||||
#
|
||||
|
||||
@ -30,13 +30,42 @@
|
||||
|
||||
# DOS EPS Binary File Header
|
||||
# From: Ed Sznyter <ews@Black.Market.NET>
|
||||
0 belong 0xC5D0D3C6 DOS EPS Binary File
|
||||
>4 long >0 Postscript starts at byte %d
|
||||
>>8 long >0 length %d
|
||||
>>>12 long >0 Metafile starts at byte %d
|
||||
# Update: Joerg Jenderek
|
||||
# URL: http://fileformats.archiveteam.org/wiki/Encapsulated_PostScript
|
||||
# Reference: http://mark0.net/download/triddefs_xml.7z/defs/eps-adobe.trid.xml
|
||||
# Note: called "Encapsulated PostScript binary" by TrID and
|
||||
# verified partly by ImageMagick `identify -verbose *` as EPT (Encapsulated PostScript with TIFF preview)
|
||||
0 belong 0xC5D0D3C6
|
||||
# skip DROID fmt-122-signature-id-174.eps fmt-123-signature-id-178.eps fmt-124-signature-id-180.eps
|
||||
# by looking for content after header
|
||||
# GRR: in version 5.44 unequal and not endian variant not working!
|
||||
>32 ulelong >0 DOS EPS Binary File
|
||||
!:mime image/x-eps
|
||||
# TODO: check that "long" is false on big endian machines
|
||||
# Postscript often (850/857) comes after header; so values like: 30 32 or 2788 10644 43350 71828
|
||||
>>4 long >0 at byte %d
|
||||
# 1 space char after length value to get phrase like "length 263893 PostScript document text"
|
||||
>>>8 long >0 length %d
|
||||
# PostScript document text handled by ./printer
|
||||
>>>>(4.l) indirect x
|
||||
# Reference: http://mark0.net/download/triddefs_xml.7z/defs/e/eps-wmf.trid.xml
|
||||
# Note: called "Encapsulated PostScript binary (with WMF preview)" by TrID
|
||||
# verified partly by XnView `nconvert -info *.EP?` as TIFF epsp
|
||||
>>>>12 long >0 at byte %d
|
||||
!:ext eps
|
||||
# GRR: in file version 5.44 calling indirect of ./msdos produce phrase like "length 452\012- Windows metafile"
|
||||
>>>>16 long >0 length %d
|
||||
>>>20 long >0 TIFF starts at byte %d
|
||||
>>>>24 long >0 length %d
|
||||
# Windows metafile data handled by ./msdos
|
||||
>>>>>(12.l) indirect x
|
||||
# Reference: http://mark0.net/download/triddefs_xml.7z/defs/e/eps-tiff.trid.xml
|
||||
# Note: called "Encapsulated PostScript binary (with TIFF preview)" by TrID
|
||||
>>>>20 long >0 at byte %d
|
||||
# For the variant with the TIFF preview image sometimes the file extension ept is used
|
||||
!:ext eps/ept
|
||||
# GRR: in file version 5.44 calling indirect of ./images produce phrase like "length 43320\012- TIFF image data,"
|
||||
>>>>>24 long >0 length %d
|
||||
# TIFF image data handled by ./images
|
||||
>>>>>>(20.l) indirect x
|
||||
|
||||
# Summary: Adobe's PostScript Printer Description File
|
||||
# Extension: .ppd
|
||||
@ -45,6 +74,8 @@
|
||||
#
|
||||
0 string *PPD-Adobe:\x20 PPD file
|
||||
>&0 string x \b, version %s
|
||||
!:ext ppd
|
||||
!:mime application/vnd.cups-ppd
|
||||
|
||||
# HP Printer Job Language
|
||||
0 string \033%-12345X@PJL HP Printer Job Language data
|
||||
@ -82,7 +113,16 @@
|
||||
>0 search/10000 @PJL\ ENTER\ LANGUAGE=QPDL - Samsung QPDL
|
||||
>0 search/10000 @PJL\ ENTER\ LANGUAGE\ =\ QPDL - Samsung QPDL
|
||||
>0 search/10000 @PJL\ ENTER\ LANGUAGE=ZJS - HP ZJS
|
||||
|
||||
# Summary: Hewlett-Packard printer firmware update
|
||||
# From: Joerg Jenderek
|
||||
# URL: https://support.hp.com/us-en/drivers/selfservice/hp-envy-6000e-all-in-one-printer-series/2100187505/model/2100187513
|
||||
# Note: firmware update tested with ENVY 6000 All-in-One Printer
|
||||
0 string @PJL\ ENTER\ LANGUAGE=FWUPDATE2 HP Printer firmware update
|
||||
#!:mime application/octet-stream
|
||||
#!:mime application/x-hp-firmware
|
||||
# https://ftp.hp.com/pub/softlib/software13/printers/en6000/2214/EN6000_2214B.exe
|
||||
# vasari_base_dist_pp1_001.2214B_nonassert_appsigned_lbi_rootfs_secure_signed.ful2
|
||||
!:ext ful2
|
||||
|
||||
# HP Printer Control Language, Daniel Quinlan (quinlan@yggdrasil.com)
|
||||
0 string \033E\033 HP PCL printer data
|
||||
@ -148,3 +188,91 @@
|
||||
# From: Paolo <oopla@users.sf.net>
|
||||
# Epson ESC/Page, ESC/PageColor
|
||||
0 string \x1b\x01@EJL Epson ESC/Page language printer data
|
||||
|
||||
# Summary: Hewlett-Packard Graphics Language
|
||||
# From: Joerg Jenderek
|
||||
# URL: http://fileformats.archiveteam.org/wiki/HP-GL
|
||||
# https://en.wikipedia.org/wiki/HPGL
|
||||
# Reference: http://mark0.net/download/triddefs_xml.7z/defs/h/hpg.trid.xml
|
||||
# Note: called "Hewlett-Packard Graphics Language" by TrID and
|
||||
# "Hewlett Packard Graphics Language" by DROID via PUID x-fmt/293 and
|
||||
# HPGL by XnView command `nconvert -info *`
|
||||
# initialize, start a plotting job
|
||||
0 string IN;
|
||||
>0 use hpgl
|
||||
# fill.plt
|
||||
0 string INPS
|
||||
>0 use hpgl
|
||||
# http://ftp.funet.fi/index/graphics/packages/hpgl2ps/hpgl2ps.tar.Z/hpgl2ps/test1.hpgl
|
||||
0 string DF;
|
||||
>0 use hpgl
|
||||
# http://ftp.funet.fi/index/graphics/packages/hpgl2ps/hpgl2ps.tar.Z/hpgl2ps/test3.hpgl
|
||||
# Select Pen n; If no pen number or 0, the controller performs an end of file command; n in range between -32767 and 32768 like: 6
|
||||
0 string SP
|
||||
# skip text Linux-syscall-note inside qemu sources starting with SPDX-Exception-Identifier: Linux-syscall-note
|
||||
# by checking for valid Pen number
|
||||
>2 regex \^([0-9]{1,5})
|
||||
#>2 regex \^([0-9]{1,5}) PEN_NUMBER=%s
|
||||
>>0 use hpgl
|
||||
# charsize.hp pages.hp set the scaling points (P1 and P2) to their default positions
|
||||
0 string IP0
|
||||
>0 use hpgl
|
||||
# ci.hp
|
||||
0 string CO\040
|
||||
>0 use hpgl
|
||||
# iw.hp 286x192.5_lh.hpg 286x192.5_lq.hpg
|
||||
0 string PS\040
|
||||
>0 use hpgl
|
||||
# thick.hp
|
||||
0 string PS9
|
||||
>0 use hpgl
|
||||
# ul.hp
|
||||
0 string PS4
|
||||
>0 use hpgl
|
||||
# la.hp
|
||||
0 string BP
|
||||
>0 use hpgl
|
||||
# miter.hp
|
||||
# Plot Absolute x,y{,x,y{...}}; x and y in range between -32767 and 32768 like: PA4000,3000;
|
||||
0 string PA
|
||||
# skip shell scripts test_msa_run_32r5eb.sh test_msa_run_32r5eb.sh with variable PATH_TO_QEMU
|
||||
# by checking for valid x coordinate
|
||||
>2 regex \^([-]{0,1}[0-9]{1,5})
|
||||
#>2 regex \^([-]{0,1}[0-9]{1,5}) COORDINATE=%s
|
||||
>>0 use hpgl
|
||||
# pw.hpg number of pens x
|
||||
0 string NP
|
||||
>0 use hpgl
|
||||
# win_1.hp
|
||||
#0 string \003INCA WHAT_IS_THAT
|
||||
#>0 use hpgl
|
||||
# Reference: http://mark0.net/download/triddefs_xml.7z/defs/h/hpgl2.trid.xml
|
||||
# Note: called "Hewlett-Packard Graphics Language 2" by TrID
|
||||
0 string \033%-1B Hewlett-Packard Graphics Language 2
|
||||
!:mime application/vnd.hp-HPGL
|
||||
# like: dt.plt
|
||||
!:ext plt
|
||||
#!:ext plt/gl2/hpg2/spl
|
||||
# remaining part after escsape sequnce
|
||||
>5 string x with "%-.10s"
|
||||
# display Hewlett-Packard Graphics Language vector graphic information
|
||||
0 name hpgl
|
||||
>0 string x Hewlett-Packard Graphics Language
|
||||
#!:mime vector/x-hpgl
|
||||
# https://www.iana.org/assignments/media-types/application/vnd.hp-HPGL
|
||||
!:mime application/vnd.hp-HPGL
|
||||
# no example with HPL suffix found
|
||||
!:ext hpgl/hpg/hp/plt
|
||||
# like: "IN;" "DF;IN;LT;PU1000,1000;PD2000,10" "SP6;DI0,1;SR0.70,1.90;SC0,800,"
|
||||
# "CO Concentric circles drawn with different linewidths;"
|
||||
>0 string x \b, starting with "%-.54s"
|
||||
# continue but not for 1 long line without CR or LF
|
||||
>>&0 ubyte <0x0E
|
||||
#>>&0 ubyte <0x0E TERMINATOR=%x
|
||||
# second line after 1 terminator character
|
||||
>>>&0 string >\r with "%-.10s"
|
||||
# next character again CR or LF
|
||||
>>>&0 ubyte <0x0E
|
||||
#>>>&0 ubyte <0x0E 2ND_CHARACTER=%x
|
||||
# second line after 2 terminator characters
|
||||
>>>>&0 string >\r with "%-.10s"
|
||||
|
@ -1,6 +1,6 @@
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# $File: qt,v 1.3 2019/04/19 00:42:27 christos Exp $
|
||||
# $File: qt,v 1.4 2022/11/11 14:50:23 christos Exp $
|
||||
# qt: file(1) magic for Qt
|
||||
|
||||
# https://doc.qt.io/qt-5/resources.html
|
||||
@ -17,3 +17,14 @@
|
||||
# src/corelib/kernel/qtranslator.cpp#L62
|
||||
0 string \x3c\xb8\x64\x18\xca\xef\x9c\x95
|
||||
>8 string \xcd\x21\x1c\xbf\x60\xa1\xbd\xdd Qt Translation file
|
||||
|
||||
|
||||
# Qt V4 Javascript engine compiled unit
|
||||
# From: Alexandre Iooss <erdnaxe@crans.org>
|
||||
# URL: https://github.com/qt/qtdeclarative/blob/v6.4.0/src/qml/common/qv4compileddata_p.h
|
||||
0 string qv4cdata QV4 compiled unit
|
||||
!:ext qmlc
|
||||
>8 ulelong x \b, version %d
|
||||
>12 byte x \b, Qt %d
|
||||
>13 byte x \b.%d
|
||||
>14 byte x \b.%d
|
||||
|
@ -1,11 +1,13 @@
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# $File: rst,v 1.3 2020/04/27 01:50:36 christos Exp $
|
||||
# $File: rst,v 1.4 2023/07/27 18:26:32 christos Exp $
|
||||
# rst: ReStructuredText http://docutils.sourceforge.net/rst.html
|
||||
0 search/256 \=\=
|
||||
!:strength + 30
|
||||
>&0 regex/256 \^[\=]+$
|
||||
>>&0 search/512 :Author: ReStructuredText file
|
||||
>>&0 search/512 :Author: ReStructuredText file
|
||||
>>&0 search/512 \012Authors: ReStructuredText file
|
||||
>>&0 search/512 \012Author: ReStructuredText file
|
||||
>>&0 default x
|
||||
>>>&0 regex/512 \^\\.\\.[A-Za-z] ReStructuredText file
|
||||
!:ext rst
|
||||
|
21
magic/Magdir/rust
Normal file
21
magic/Magdir/rust
Normal file
@ -0,0 +1,21 @@
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# $File: rust,v 1.2 2022/11/18 15:58:15 christos Exp $
|
||||
# Magic for Rust and related languages programs
|
||||
#
|
||||
|
||||
# Rust compiler metadata
|
||||
# From: Alexandre Iooss <erdnaxe@crans.org>
|
||||
# URL: https://github.com/rust-lang/rust/blob/1.64.0/compiler/rustc_metadata/src/rmeta/mod.rs
|
||||
0 string rust\x00\x00\x00
|
||||
>12 string \014rustc\x20 Rust compiler metadata
|
||||
!:ext rmeta
|
||||
>>7 byte x \b, version %d
|
||||
|
||||
# Rust incremental compilation metadata
|
||||
# From: Alexandre Iooss <erdnaxe@crans.org>
|
||||
# URL: https://github.com/rust-lang/rust/blob/1.64.0/compiler/rustc_incremental/src/persist/file_format.rs
|
||||
0 string RSIC
|
||||
>4 uleshort =0 Rust incremental compilation metadata
|
||||
!:ext bin
|
||||
>>6 pstring x \b, rustc %s
|
@ -1,6 +1,6 @@
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# $File: scientific,v 1.13 2019/04/19 00:42:27 christos Exp $
|
||||
# $File: scientific,v 1.14 2023/04/29 17:28:09 christos Exp $
|
||||
# scientific: file(1) magic for scientific formats
|
||||
#
|
||||
# From: Joe Krahn <krahn@niehs.nih.gov>
|
||||
@ -62,15 +62,48 @@
|
||||
|
||||
# Type: GEDCOM genealogical (family history) data
|
||||
# From: Giuseppe Bilotta
|
||||
# Update: Joerg Jenderek
|
||||
# URL: http://fileformats.archiveteam.org/wiki/GEDCOM
|
||||
# https://en.wikipedia.org/wiki/GEDCOM
|
||||
# Reference: http://mark0.net/download/triddefs_xml.7z/defs/g/
|
||||
# ged.trid.xml ged-utf8.trid.xml ged-utf16.trid.xml
|
||||
# Note: called "GEDCOM Family History" by TrID and "Genealogical Data Communication (GEDCOM) Format" by DROID via PUID fmt/851
|
||||
0 search/1/c 0\ HEAD GEDCOM genealogy text
|
||||
#!:mime text/plain
|
||||
#!:mime application/x-gedcom
|
||||
# https://www.iana.org/assignments/media-types/text/vnd.familysearch.gedcom
|
||||
!:mime text/vnd.familysearch.gedcom
|
||||
!:ext ged
|
||||
# no gedcom sample found and ged suffix also used for other formats
|
||||
#!:ext ged/gedcom
|
||||
>&0 search 1\ GEDC
|
||||
>>&0 search 2\ VERS version
|
||||
# 4 5.0 5.3 5.4 5.5 5.5.1 5.5.5 5.6 7.0 or no version
|
||||
>>>&1 string >\0 %s
|
||||
# From: Phil Endecott <phil05@chezphil.org>
|
||||
0 string \000\060\000\040\000\110\000\105\000\101\000\104 GEDCOM data
|
||||
0 string \060\000\040\000\110\000\105\000\101\000\104\000 GEDCOM data
|
||||
0 string \376\377\000\060\000\040\000\110\000\105\000\101\000\104 GEDCOM data
|
||||
0 string \377\376\060\000\040\000\110\000\105\000\101\000\104\000 GEDCOM data
|
||||
# 0\040HEAD as UTF-16 big endian without BOM
|
||||
0 string \000\060\000\040\000\110\000\105\000\101\000\104 GEDCOM genealogy text
|
||||
!:mime text/vnd.familysearch.gedcom
|
||||
!:ext ged
|
||||
# look for VERS tag encoded as UTF-16 big endian
|
||||
>12 search/0x65 V\0E\0R\0S version
|
||||
# version like: 5.5.1
|
||||
>>&2 bestring16 x %s
|
||||
>>0 string x \b, UTF-16 (without BOM) big-endian text
|
||||
# 0\040HEAD as UTF-16 little endian without BOM
|
||||
0 string \060\000\040\000\110\000\105\000\101\000\104\000 GEDCOM genealogy text
|
||||
!:mime text/vnd.familysearch.gedcom
|
||||
!:ext ged
|
||||
# look for VERS tag encoded as UTF-16 lttle endian
|
||||
>12 search/0x65 V\0E\0R\0S version
|
||||
# version like: 5.5.1
|
||||
>>&3 lestring16 x %s
|
||||
>>2 string x \b, UTF-16 (without BOM) little-endian text
|
||||
# Note: UTF-16 with BOM variants already described above by first test as "GEDCOM genealogy text"
|
||||
# 0\040HEAD as UTF-16 big endian with BOM
|
||||
#0 string \376\377\000\060\000\040\000\110\000\105\000\101\000\104 GEDCOM data
|
||||
# 0\040HEAD as UTF-16 little endian with BOM
|
||||
#0 string \377\376\060\000\040\000\110\000\105\000\101\000\104\000 GEDCOM data
|
||||
|
||||
# PDB: Protein Data Bank files
|
||||
# Adam Buchbinder <adam.buchbinder@gmail.com>
|
||||
|
@ -1,6 +1,6 @@
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# $File: sendmail,v 1.11 2019/04/19 00:42:27 christos Exp $
|
||||
# $File: sendmail,v 1.12 2022/10/31 13:22:26 christos Exp $
|
||||
# sendmail: file(1) magic for sendmail config files
|
||||
#
|
||||
# XXX - byte order?
|
||||
@ -13,7 +13,7 @@
|
||||
# - version \330jK\354
|
||||
0 byte 046
|
||||
# https://www.sendmail.com/sm/open_source/docs/older_release_notes/
|
||||
# freezed configuration file (dbm format?) created from sendmal.cf with -bz
|
||||
# freezed configuration file (dbm format?) created from sendmail.cf with -bz
|
||||
# by older sendmail. til version 8.6 support for frozen configuration files is removed
|
||||
# valid version numbers look like "7.14.4" and should be similar to output of commands
|
||||
# "sendmail -d0 -bt < /dev/null |grep -i Version" or "egrep '^DZ' /etc/sendmail.cf"
|
||||
|
@ -1,6 +1,6 @@
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# $File: sgml,v 1.46 2022/08/16 11:16:39 christos Exp $
|
||||
# $File: sgml,v 1.48 2023/01/18 16:10:21 christos Exp $
|
||||
# Type: SVG Vectorial Graphics
|
||||
# From: Noel Torres <tecnico@ejerciciosresueltos.com>
|
||||
0 string \<?xml\ version=
|
||||
@ -50,6 +50,17 @@
|
||||
!:mime text/html
|
||||
!:strength + 5
|
||||
|
||||
# avoid misdetection as JavaScript
|
||||
0 string/cWt \<!doctype\ html HTML document text
|
||||
!:mime text/html
|
||||
0 string/ct \<html> HTML document text
|
||||
!:mime text/html
|
||||
0 string/ct \<!--
|
||||
>&0 search/4096/cWt \<!doctype\ html HTML document text
|
||||
!:mime text/html
|
||||
>&0 search/4096/ct \<html> HTML document text
|
||||
!:mime text/html
|
||||
|
||||
# SVG document
|
||||
# https://www.w3.org/TR/SVG/single-page.html
|
||||
0 search/4096/cWbt \<!doctype\ svg SVG XML document
|
||||
|
@ -1,6 +1,6 @@
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# $File: sniffer,v 1.32 2022/07/30 16:46:56 christos Exp $
|
||||
# $File: sniffer,v 1.34 2022/12/14 18:27:36 christos Exp $
|
||||
# sniffer: file(1) magic for packet capture files
|
||||
#
|
||||
# From: guy@alum.mit.edu (Guy Harris)
|
||||
@ -327,14 +327,79 @@
|
||||
|
||||
#
|
||||
# Novell LANalyzer capture files.
|
||||
#
|
||||
0 leshort 0x1001 Novell LANalyzer capture file
|
||||
0 leshort 0x1007 Novell LANalyzer capture file
|
||||
# URL: http://www.blacksheepnetworks.com/security/info/nw/lan/trace.txt
|
||||
# Reference: https://github.com/wireshark/wireshark/blob/master/wiretap/lanalyzer.c
|
||||
# Update: Joerg Jenderek
|
||||
#
|
||||
# regular trace header record (RT_HeaderRegular)
|
||||
0 leshort 0x1001
|
||||
# GRR: line above is too generic because it matches Commodore Plus/4 BASIC V3.5
|
||||
# and VIC-20 BASIC V2 program
|
||||
# skip many Commodore Basic program (Microzodiac.prg Minefield.prg Vic-tac-toe.prg breakvic_joy.prg)
|
||||
# with invalid second record type 0 instead of "Trace receive channel name record"
|
||||
>(2.s+4) leshort =0x1006h
|
||||
>>0 use novell-lanalyzer
|
||||
# cyclic trace header record (RT_HeaderCyclic)
|
||||
0 leshort 0x1007
|
||||
>0 use novell-lanalyzer
|
||||
0 name novell-lanalyzer
|
||||
>0 leshort x Novell LANalyzer capture file
|
||||
# https://reposcope.com/mimetype/application/x-lanalyzer
|
||||
!:mime application/x-lanalyzer
|
||||
# maybe also TR2 .. TR9 TRA .. TRZ
|
||||
!:ext tr1
|
||||
# version like: 1.5
|
||||
>4 ubyte x \b, version %u
|
||||
# minor version; one byte identifying the trace file minor version number
|
||||
>5 ubyte x \b.%u
|
||||
# Trace header record type like: 1001~regular or 1007~cyclic
|
||||
>0 leshort !0x1001 \b, record type %4.4x
|
||||
# record_length[2] is the length of the data part of 1st reorcd (without "type" and "length" fields) like: 4Ch
|
||||
>2 leshort x \b, record length %#x
|
||||
# second record type like: 1006h~Trace receive channel name record
|
||||
>(2.s+4) leshort !0x1006h \b, 2nd record type %#4.4x
|
||||
>(2.s+6) leshort x \b, 2nd record length %#x
|
||||
# each channel name is a null-terminated, eight-byte ASCII string like: Channel1
|
||||
>(2.s+8) string x \b, names %.9s
|
||||
# 2nd channel name like: Channel2
|
||||
>(2.s+17) string x %.9s ...
|
||||
|
||||
#
|
||||
# HP-UX "nettl" capture files.
|
||||
#
|
||||
# URL: https://nixdoc.net/man-pages/HP-UX/man1m/nettl.1m.html
|
||||
# Reference: https://github.com/wireshark/wireshark/blob/master/wiretap/nettl.c
|
||||
# Update: Joerg Jenderek
|
||||
# Note: Wireshark fills "meta information header fields" with "dummy" values
|
||||
# nettl_magic_hpux9[12]; for HP-UX 9.x not tested
|
||||
0 string \x00\x00\x00\x01\x00\x00\x00\x00\x00\x07\xD0\x00 HP/UX 9.x nettl capture file
|
||||
!:mime application/x-nettl
|
||||
!:ext trc0/trc1
|
||||
# nettl_magic_hpux10[12]; for HP-UX 10.x and 11.x
|
||||
0 string \x54\x52\x00\x64\x00 HP/UX nettl capture file
|
||||
# https://reposcope.com/mimetype/application/x-nettl
|
||||
!:mime application/x-nettl
|
||||
# maybe also TRC000 TRC001 TRC002 ...
|
||||
!:ext trc0/trc1
|
||||
# file_name[56]; maybe also like /tmp/raw.tr.TRC000
|
||||
>12 string !/tmp/wireshark.TRC000
|
||||
>>12 string x "%-.56s"
|
||||
# tz[20]; like UTC
|
||||
>68 string !UTC \b, tz
|
||||
>>68 string x %-.20s
|
||||
# host_name[9];
|
||||
>88 string >\0 \b, host %-.9s
|
||||
# os_vers[9]; like B.11.11
|
||||
>97 string !B.11.11 \b, os
|
||||
>>97 string x %-.9s
|
||||
# os_v; like 55h
|
||||
>>106 ubyte x (%#x)
|
||||
# xxa[8]; like 0
|
||||
>107 ubequad !0 \b, xxa=%#16.16llx
|
||||
# model[11] like: 9000/800
|
||||
>115 string !9000/800 \b, model
|
||||
>>115 string x %-.11s
|
||||
# unknown; probably just padding to 128 bytes like: 0406h
|
||||
>126 ubeshort !0x0406h \b, at 126 %#4.4x
|
||||
|
||||
#
|
||||
# RADCOM WAN/LAN Analyzer capture files.
|
||||
|
@ -1,7 +1,8 @@
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# $File: softquad,v 1.13 2009/09/19 16:28:12 christos Exp $
|
||||
# $File: softquad,v 1.14 2022/10/28 17:19:54 christos Exp $
|
||||
# softquad: file(1) magic for SoftQuad Publishing Software
|
||||
# URL: https://en.wikipedia.org/wiki/SoftQuad_Software
|
||||
#
|
||||
# Author/Editor and RulesBuilder
|
||||
#
|
||||
@ -17,8 +18,10 @@
|
||||
0 short 0xc0da Compiled PSI (v2) data
|
||||
>3 string >\0 (%s)
|
||||
# Binary sqtroff font/desc files...
|
||||
0 short 0125252 SoftQuad DESC or font file binary
|
||||
>2 short >0 - version %d
|
||||
# GRR: the line below is also true for 5View capture file handled by ./sniffer
|
||||
0 short 0125252
|
||||
# skip 5View capture file with "invalid" version AAAAh
|
||||
>2 short >0 SoftQuad DESC or font file binary - version %d
|
||||
# Bitmaps...
|
||||
0 search/1 SQ\ BITMAP1 SoftQuad Raster Format text
|
||||
#0 string SQ\ BITMAP2 SoftQuad Raster Format data
|
||||
|
@ -1,6 +1,6 @@
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# $File: spectrum,v 1.9 2021/04/26 15:56:00 christos Exp $
|
||||
# $File: spectrum,v 1.10 2023/05/08 01:33:36 christos Exp $
|
||||
# spectrum: file(1) magic for Spectrum emulator files.
|
||||
#
|
||||
# John Elliott <jce@seasip.demon.co.uk>
|
||||
@ -22,21 +22,125 @@
|
||||
#
|
||||
# Update: Sanity-check string contents to be printable.
|
||||
# -Adam Buchbinder <adam.buchbinder@gmail.com>
|
||||
# Update: Joerg Jenderek 2023 May
|
||||
# URL: http://fileformats.archiveteam.org/wiki/TAP_(ZX_Spectrum)
|
||||
# Reference: http://web.archive.org/web/20110711141601/http://www.zxmodules.de/fileformats/tapformat.html
|
||||
# http://mark0.net/download/triddefs_xml.7z/defs/t/tap-zx.trid.xml
|
||||
# Note: called "ZX Spectrum Tape image" by TrID and "TAP (ZX Spectrum)" by DROID via PUID fmt/801
|
||||
# verified by fuse-emulator-utils `tzxlist EXAMPLES.TAP`
|
||||
#
|
||||
# headers length 19=023 and flag byte 0 indicating a standard ROM loading header
|
||||
0 string \023\000\000
|
||||
>4 string >\0
|
||||
>>4 string <\177 Spectrum .TAP data "%-10.10s"
|
||||
>>>3 byte 0 - BASIC program
|
||||
>>>3 byte 1 - number array
|
||||
>>>3 byte 2 - character array
|
||||
>>>3 byte 3 - memory block
|
||||
>>>>14 belong 0x001B0040 (screen)
|
||||
# skip {85CEE8D6-0F90-4492-B484-98E38862B28D}.2.ver0x0000000000000004.db {DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db
|
||||
# inside c:\ProgramData\Microsoft\Windows\Caches according to TrID and DROID
|
||||
>>23 ubyte =0xFF
|
||||
# skip DROID fmt-801-signature-id-1166.tap with invalid name \253\253\253\253\253\253\253\253\253\253
|
||||
# which looks like: "TF COPY II" "screen " "\023\001TF" " 1943 "
|
||||
>>>4 string <\177 Spectrum .TAP data "%-10.10s"
|
||||
#!:mime application/octet-stream
|
||||
!:mime application/x-spectrum-tap
|
||||
!:ext tap
|
||||
>>>>3 byte 0 - BASIC program
|
||||
# autostart line; 0..9999 are valid; 32768 means "no auto-loading"
|
||||
>>>>>16 uleshort x \b, autostart line %u
|
||||
# program length; length of BASIC program
|
||||
>>>>>18 uleshort x \b, program length %u
|
||||
>>>>3 byte 1 - number array
|
||||
>>>>3 byte 2 - character array
|
||||
>>>>3 byte 3 - memory block
|
||||
# length of the following data 1B00h=6912 and start address 4000h=16384 in case of a SCREEN$ header
|
||||
>>>>>14 belong 0x001B0040 (screen)
|
||||
# unused 32768=8000h
|
||||
>>>>>18 uleshort !32768 \b, unused %u
|
||||
# zxlength; length of the following data after the header
|
||||
>>>>14 uleshort x \b, data length %u
|
||||
#>>14 uleshort x \b, data length %#x
|
||||
# checksum byte; simply all bytes (including flag byte) XORed
|
||||
#>>>>20 ubyte x \b, checksum %#x
|
||||
|
||||
# The following three blocks are from pak21-spectrum@srcf.ucam.org
|
||||
# TZX tape images
|
||||
# Update: Joerg Jenderek 2023 May
|
||||
# URL: http://fileformats.archiveteam.org/wiki/TZX
|
||||
# Reference: https://worldofspectrum.net/TZXformat.html
|
||||
# http://mark0.net/download/triddefs_xml.7z/defs/t/tzx.trid.xml
|
||||
# Note: called "ZX Spectrum Tape image" by TrID and "TZX Format" by DROID via PUID fmt/1000
|
||||
0 string ZXTape!\x1a Spectrum .TZX data
|
||||
#!:mime application/octet-stream
|
||||
!:mime application/x-spectrum-tzx
|
||||
# CDT is used for Amstrad tapes
|
||||
!:ext tzx/cdt
|
||||
>8 byte x version %d
|
||||
>9 byte x \b.%d
|
||||
# ID of first block
|
||||
>10 ubyte x \b; ID %#x
|
||||
# turbo speed data block
|
||||
>10 ubyte =0x11 (turbo)
|
||||
# length of PILOT tone (number of pulses)
|
||||
>>21 uleshort x \b, %u pilot pulses
|
||||
# length of PILOT pulse
|
||||
>>11 uleshort x with %u tstates
|
||||
# length of SYNC first pulse
|
||||
>>13 uleshort x \b, %u and
|
||||
# length of SYNC second pulse
|
||||
>>15 uleshort x %u sync tstates
|
||||
# length of ZERO bit pulse
|
||||
>>17 uleshort x \b, %u zero tstates
|
||||
# length of ONE bit pulse
|
||||
>>19 uleshort x \b, %u one tstates
|
||||
# used bits in the last byte
|
||||
>>23 ubyte x \b, use %u bit
|
||||
# plural s
|
||||
>>23 ubyte >1 \bs
|
||||
# pause after this block in milliseconds
|
||||
>>24 uleshort x \b, %u ms pause
|
||||
# BYTE[3]; length of data that follow
|
||||
>>26 ulelong&0x00FFffFF x \b, %u data bytes
|
||||
>10 ubyte =0x20 (pause)
|
||||
# pause duration in milliseconds
|
||||
>>11 uleshort x %u ms
|
||||
# text description
|
||||
>10 ubyte =0x30 (text)
|
||||
# length of the text description
|
||||
#>>11 ubyte x L=%u
|
||||
>>11 pstring x "%s"
|
||||
# archive text description in ASCII format
|
||||
>10 ubyte =0x32 (archive info)
|
||||
# length of archive text
|
||||
>>11 uleshort x \b, %#x bytes
|
||||
# number of text strings
|
||||
>>13 ubyte x with %u (type) text parts
|
||||
# text type identification byte: 0~title 1~publisher 2~author 3~year 4~language 5~type 6~price 7~protection 8~origin ff~comment
|
||||
>>14 byte <9 (%d)
|
||||
>>>14 byte >-2
|
||||
# length of text string
|
||||
#>>>>15 ubyte x L=%u
|
||||
>>>>15 pstring x %s
|
||||
# 2nd possible text description
|
||||
>>>>>&0 byte <9 (%d)
|
||||
>>>>>>&-1 byte >-2
|
||||
>>>>>>>&0 pstring x %s
|
||||
# 3rd possible text description
|
||||
>>>>>>>>&0 byte <9 (%d)
|
||||
>>>>>>>>>&-1 byte >-2
|
||||
>>>>>>>>>>&0 pstring x %s
|
||||
# 4th possible text description
|
||||
>>>>>>>>>>>&0 byte <9 (%d)
|
||||
>>>>>>>>>>>>&-1 byte >-2
|
||||
>>>>>>>>>>>>>&0 pstring x %s
|
||||
# 5th possible text description
|
||||
>>>>>>>>>>>>>>&0 byte <9 (%d)
|
||||
>>>>>>>>>>>>>>>&-1 byte >-2
|
||||
>>>>>>>>>>>>>>>>&0 pstring x %s
|
||||
# 6th possible text description
|
||||
>>>>>>>>>>>>>>>>>&0 byte <9 (%d)
|
||||
>>>>>>>>>>>>>>>>>>&-1 byte >-2
|
||||
>>>>>>>>>>>>>>>>>>>&0 pstring x %s
|
||||
# 7th possible text description
|
||||
>>>>>>>>>>>>>>>>>>>>&0 byte <9 (%d)
|
||||
>>>>>>>>>>>>>>>>>>>>>&-1 byte >-2
|
||||
>>>>>>>>>>>>>>>>>>>>>>&0 pstring x %s
|
||||
|
||||
# RZX input recording files
|
||||
0 string RZX! Spectrum .RZX data
|
||||
|
@ -1,6 +1,6 @@
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# $File: sql,v 1.24 2022/07/17 15:32:48 christos Exp $
|
||||
# $File: sql,v 1.26 2023/04/29 17:26:58 christos Exp $
|
||||
# sql: file(1) magic for SQL files
|
||||
#
|
||||
# From: "Marty Leisner" <mleisner@eng.mc.xerox.com>
|
||||
@ -88,8 +88,14 @@
|
||||
# Version 1 used GDBM internally; its files cannot be distinguished
|
||||
# from other GDBM files.
|
||||
#
|
||||
# Update: Joerg Jenderek
|
||||
# Reference: http://mark0.net/download/triddefs_xml.7z/defs/s/sqlite-2x.trid.xml
|
||||
# Note: called "SQLite 2.x database" by TrID and "SQLite Database File Format" version 2 by DROID via PUID fmt/1135
|
||||
# Version 2 used this format:
|
||||
0 string **\ This\ file\ contains\ an\ SQLite SQLite 2.x database
|
||||
!:mime application/x-sqlite2
|
||||
# FileAttributesStore.db test.sqlite2
|
||||
!:ext sqlite/sqlite2/db
|
||||
|
||||
# URL: https://en.wikipedia.org/wiki/SQLite
|
||||
# Reference: https://www.sqlite.org/fileformat.html
|
||||
@ -201,6 +207,63 @@
|
||||
0 belong&0xfffffffe 0x377f0682 SQLite Write-Ahead Log,
|
||||
!:ext sqlite-wal/db-wal
|
||||
>4 belong x version %d
|
||||
# Summary: SQLite Write-Ahead-Log index (shared memory)
|
||||
# From: Joerg Jenderek
|
||||
# URL: http://fileformats.archiveteam.org/wiki/SQLite
|
||||
# Reference: http://www.sqlite.org/draft/walformat.html#walidxfmt
|
||||
# iVersion; WAL-index format version number; always 3007000=2DE218h
|
||||
0 ulelong 0x002DE218
|
||||
>0 use shm-le
|
||||
# big endian variant not tested
|
||||
0 ubelong 0x002DE218
|
||||
>0 use \^shm-le
|
||||
# show information about SQLite Write-Ahead-Log shared memory
|
||||
0 name shm-le
|
||||
>0 ulelong x SQLite Write-Ahead Log shared memory
|
||||
#!:mime application/octet-stream
|
||||
!:mime application/vnd.sqlite3
|
||||
# db3-shm Acronis BackupAndRecovery F4CEEE47-042C-4828-95A0-DE44EC267A28.db3-shm
|
||||
# dbx-shm probably Dropbox filecache.dbx-shm
|
||||
# aup3-shm Audacity project tada.aup3-shm
|
||||
# srd-shm Microsoft Windows StateRepository service StateRepository-Deployment.srd-shm StateRepository-Machine.srd-shm:
|
||||
!:ext sqlite-shm/db-shm/db3-shm/dbx-shm/aup3-shm/srd-shm
|
||||
# unused padding space; must be zero
|
||||
>4 ulelong !0 \b, unused %x
|
||||
# iChange; unsigned integer counter, incremented with each transaction
|
||||
>8 ulelong x \b, counter %u
|
||||
# isInit; the "isInit" flag; 1 when the shm file has been initialized
|
||||
>12 ubyte !1 \b, not initialized %u
|
||||
# bigEndCksum; true if the WAL file uses big-ending checksums; 0 if the WAL uses little-endian checksums
|
||||
>13 ubyte !0 \b, checksum type %u
|
||||
# szPage; database page size in bytes, or 1 if the page size is 65536
|
||||
>14 uleshort !1 \b, page size %u
|
||||
>14 uleshort =1 \b, page size 65536
|
||||
# mxFrame; number of valid and committed frames in the WAL file
|
||||
>16 ulelong x \b, %u frames
|
||||
# nPage; size of the database file in pages
|
||||
>20 ulelong x \b, %u pages
|
||||
# aFrameCksum; checksum of the last frame in the WAL file
|
||||
>24 ulelong x \b, frame checksum %#x
|
||||
# aSalt; two salt value copied from the WAL file header in the byte-order of the WAL file; might be different from machine byte-order
|
||||
>32 ulequad x \b, salt %#llx
|
||||
# aCksum; checksum over bytes 0 through 39 of this header
|
||||
>40 ulelong x \b, header checksum %#x
|
||||
# a copy of bytes 0 through 47 of header
|
||||
>48 ulelong !3007000 \b, iversion %u
|
||||
# nBackfill; number of WAL frames that have already been backfilled into the database by prior checkpoints
|
||||
>96 ulelong !0 \b, %u backfilled
|
||||
# nBackfillAttempted; number of WAL frames that have attempted to be backfilled
|
||||
>>128 ulelong x (%u attempts)
|
||||
# read-mark[0..4]; five "read marks"; each read mark is a 32-bit unsigned integer
|
||||
>100 ulelong !0 \b, read-mark[0] %#x
|
||||
>104 ulelong x \b, read-mark[1] %#x
|
||||
>108 ulelong !0xffffffff \b, read-mark[2] %#x
|
||||
>112 ulelong !0xffffffff \b, read-mark[3] %#x
|
||||
>116 ulelong !0xffffffff \b, read-mark[4] %#x
|
||||
# unused space set aside for 8 file locks
|
||||
>120 ulequad !0 \b, space %#llx
|
||||
# unused space reserved for further expansion
|
||||
>132 ulelong !0 \b, reserved %#x
|
||||
|
||||
# SQLite Rollback Journal
|
||||
# https://www.sqlite.org/fileformat.html#rollbackjournal
|
||||
|
@ -1,12 +1,15 @@
|
||||
# Type: OpenSSH key files
|
||||
# From: Nicolas Collignon <tsointsoin@gmail.com>
|
||||
|
||||
0 string SSH\ PRIVATE\ KEY OpenSSH RSA1 private key,
|
||||
0 string SSH\040PRIVATE\040KEY OpenSSH RSA1 private key,
|
||||
>28 string >\0 version %s
|
||||
0 string -----BEGIN\ OPENSSH\ PRIVATE\ KEY----- OpenSSH private key
|
||||
0 string -----BEGIN\040OPENSSH\040PRIVATE\040KEY----- OpenSSH private key
|
||||
# https://www.rfc-editor.org/rfc/rfc5958
|
||||
0 string -----BEGIN\040PRIVATE\040KEY----- OpenSSH private key (no password)
|
||||
0 string -----BEGIN\040ENCRYPTED\040PRIVATE\040KEY----- OpenSSH private key (with password)
|
||||
|
||||
0 string ssh-dss\ OpenSSH DSA public key
|
||||
0 string ssh-rsa\ OpenSSH RSA public key
|
||||
0 string ssh-dss\040 OpenSSH DSA public key
|
||||
0 string ssh-rsa\040 OpenSSH RSA public key
|
||||
0 string ecdsa-sha2-nistp256 OpenSSH ECDSA public key
|
||||
0 string ecdsa-sha2-nistp384 OpenSSH ECDSA public key
|
||||
0 string ecdsa-sha2-nistp521 OpenSSH ECDSA public key
|
||||
|
5
magic/Magdir/svf
Normal file
5
magic/Magdir/svf
Normal file
@ -0,0 +1,5 @@
|
||||
# $File: svf,v 1.2 2023/05/23 13:37:32 christos Exp $
|
||||
#
|
||||
# file(1) magic(5) data for SmartVersion files with the .svf extension.
|
||||
|
||||
0 string DFS\ File\x0D\x0Ahttp://www.difstream.com\x0D\x0A SmartVersion binary patch file
|
@ -1,6 +1,6 @@
|
||||
|
||||
#------------------------------------------------------------------------
|
||||
# $File: sysex,v 1.11 2022/01/17 17:16:51 christos Exp $
|
||||
# $File: sysex,v 1.12 2022/10/31 13:22:26 christos Exp $
|
||||
# sysex: file(1) magic for MIDI sysex files
|
||||
#
|
||||
# GRR: original 1 byte test at offset was too general as it catches also many FATs of DOS filesystems
|
||||
@ -10,8 +10,8 @@
|
||||
0 ubeshort&0xFF80 0xF000
|
||||
# MIDI System Exclusive (SysEx) messages (strength=50) after Microsoft Visual C library (strength=70)
|
||||
#!:strength +0
|
||||
# skip Microsoft Visual C library with page size 16 misidentifed as ADA and
|
||||
# page size 32 misidentifed as Inventronics by looking for terminating End Of eXclusive byte (EOX)
|
||||
# skip Microsoft Visual C library with page size 16 misidentified as ADA and
|
||||
# page size 32 misidentified as Inventronics by looking for terminating End Of eXclusive byte (EOX)
|
||||
>2 search/12 \xF7
|
||||
>>0 use midi-sysex
|
||||
# display information about MIDI System Exclusive (SysEx) messages
|
||||
|
@ -1,6 +1,6 @@
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# $File: terminfo,v 1.12 2021/02/23 00:51:10 christos Exp $
|
||||
# $File: terminfo,v 1.13 2022/11/21 22:25:37 christos Exp $
|
||||
# terminfo: file(1) magic for terminfo
|
||||
#
|
||||
# URL: https://invisible-island.net/ncurses/man/term.5.html
|
||||
@ -37,6 +37,7 @@
|
||||
# AIX and HPUX use the SVr4 big-endian format
|
||||
# Solaris uses the SVr3 formats (sparc and x86 differ endian-ness)
|
||||
0 beshort 0433 SVr2 curses screen image, big-endian
|
||||
# GRR: line below too general as it catches Commodore C128 program (crc32.prg XLINK.PRG) with start address 1C01h handled by ./c64
|
||||
0 beshort 0434 SVr3 curses screen image, big-endian
|
||||
0 beshort 0435 SVr4 curses screen image, big-endian
|
||||
#
|
||||
|
@ -1,6 +1,6 @@
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# $File: tex,v 1.21 2019/04/19 00:42:27 christos Exp $
|
||||
# $File: tex,v 1.22 2022/12/21 16:50:04 christos Exp $
|
||||
# tex: file(1) magic for TeX files
|
||||
#
|
||||
# XXX - needs byte-endian stuff (big-endian and little-endian DVI?)
|
||||
@ -10,13 +10,15 @@
|
||||
# Although we may know the offset of certain text fields in TeX DVI
|
||||
# and font files, we can't use them reliably because they are not
|
||||
# zero terminated. [but we do anyway, christos]
|
||||
0 string \367\002 TeX DVI file
|
||||
0 string \367\002
|
||||
>(14.b+15) string \213
|
||||
>>14 pstring >\0 TeX DVI file (%s)
|
||||
!:mime application/x-dvi
|
||||
>16 string >\0 (%s)
|
||||
0 string \367\203 TeX generic font data
|
||||
0 string \367\131 TeX packed font data
|
||||
>3 string >\0 (%s)
|
||||
0 string \367\312 TeX virtual font data
|
||||
0 string \367\312
|
||||
>(2.b+11) string \363 TeX virtual font data
|
||||
0 search/1 This\ is\ TeX, TeX transcript text
|
||||
0 search/1 This\ is\ METAFONT, METAFONT transcript text
|
||||
|
||||
|
@ -1,25 +1,32 @@
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# $File: tplink,v 1.7 2021/04/26 15:56:00 christos Exp $
|
||||
# $File: tplink,v 1.8 2023/05/15 16:41:02 christos Exp $
|
||||
# tplink: File magic for openwrt firmware files
|
||||
|
||||
# URL: https://wiki.openwrt.org/doc/techref/header
|
||||
# Reference: https://git.openwrt.org/?p=openwrt.git;a=blob;f=tools/firmware-utils/src/mktplinkfw.c
|
||||
# http://mark0.net/download/triddefs_xml.7z/defs/b/bin-tplink-v1.trid.xml
|
||||
# Note: called "TP-Link router firmware (v1)" by TrID
|
||||
# From: Joerg Jenderek
|
||||
# check for valid header version 1 or 2
|
||||
0 ulelong <3
|
||||
>0 ulelong !0
|
||||
# test for header padding with nulls
|
||||
>>0x100 long 0
|
||||
# skip Norton Commander Cleanup Utility NCCLEAN.INI by looking for valid vendor
|
||||
# skip Norton Commander Cleanup Utility NCCLEAN.INI by looking for valid vendor name
|
||||
>>>4 ubelong >0x1F000000
|
||||
# skip user.dbt by looking for positive hardware id
|
||||
>>>>0x40 ubeshort >0
|
||||
>>>>>0 use firmware-tplink
|
||||
# skip cversions.1.db cversions.2.db cversions.3.db inside
|
||||
# c:\ProgramData\Microsoft\Windows\Caches
|
||||
# with invalid vendor names \240\0\0\0 \140\0\0\0 \040\0\0\0
|
||||
>>>>>5 short !0
|
||||
>>>>>>0 use firmware-tplink
|
||||
|
||||
0 name firmware-tplink
|
||||
>0 ubyte x firmware
|
||||
!:mime application/x-tplink-bin
|
||||
# like: TL-WR1043ND-V1-FW0.0.3-stripped.bin gluon-ffrefugee-0.9.2-tp-link-archer-c5-v1-sysupgrade.bin
|
||||
!:ext bin
|
||||
# hardware id like 10430001 07410001 09410004 09410006
|
||||
>0x40 ubeshort x %x
|
||||
|
@ -1,24 +1,30 @@
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# $File: troff,v 1.13 2020/05/30 23:12:34 christos Exp $
|
||||
# $File: troff,v 1.14 2023/06/01 16:00:46 christos Exp $
|
||||
# troff: file(1) magic for *roff
|
||||
#
|
||||
# updated by Daniel Quinlan (quinlan@yggdrasil.com)
|
||||
|
||||
# troff input
|
||||
0 search/1 .\\" troff or preprocessor input text
|
||||
!:strength +12
|
||||
!:mime text/troff
|
||||
0 search/1 '\\" troff or preprocessor input text
|
||||
!:strength +12
|
||||
!:mime text/troff
|
||||
0 search/1 '.\\" troff or preprocessor input text
|
||||
!:strength +12
|
||||
!:mime text/troff
|
||||
0 search/1 \\" troff or preprocessor input text
|
||||
!:strength +12
|
||||
!:mime text/troff
|
||||
#0 search/1 ''' troff or preprocessor input text
|
||||
#!:mime text/troff
|
||||
0 regex/20l \^\\.[A-Za-z][A-Za-z0-9][\ \t] troff or preprocessor input text
|
||||
!:strength +12
|
||||
!:mime text/troff
|
||||
0 regex/20l \^\\.[A-Za-z][A-Za-z0-9]$ troff or preprocessor input text
|
||||
!:strength +12
|
||||
!:mime text/troff
|
||||
|
||||
# ditroff intermediate output text
|
||||
|
@ -1,6 +1,6 @@
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# $File: uterus,v 1.3 2014/04/30 21:41:02 christos Exp $
|
||||
# $File: uterus,v 1.4 2022/10/31 13:22:26 christos Exp $
|
||||
# file(1) magic for uterus files
|
||||
# http://freecode.com/projects/uterus
|
||||
#
|
||||
@ -11,6 +11,6 @@
|
||||
>7 byte x \b%c
|
||||
>8 string \<\> \b, big-endian
|
||||
>>16 belong >0 \b, slut size %u
|
||||
>8 string \>\< \b, litte-endian
|
||||
>8 string \>\< \b, little-endian
|
||||
>>16 lelong >0 \b, slut size %u
|
||||
>10 byte &8 \b, compressed
|
||||
|
@ -1,59 +1,21 @@
|
||||
#------------------------------------------------------------------------------
|
||||
# $File: varied.script,v 1.13 2019/10/11 14:35:29 christos Exp $
|
||||
# $File: varied.script,v 1.15 2022/10/18 13:01:30 christos Exp $
|
||||
# varied.script: file(1) magic for various interpreter scripts
|
||||
|
||||
0 string/t #!\ / a
|
||||
>3 string >\0 %s script text executable
|
||||
!:strength / 2
|
||||
0 string/wt #!\ a
|
||||
>&-1 string/T x %s script text executable
|
||||
!:strength / 3
|
||||
|
||||
0 string/b #!\ / a
|
||||
>3 string >\0 %s script executable (binary data)
|
||||
!:strength / 2
|
||||
0 string/wb #!\ a
|
||||
>&-1 string/T x %s script executable (binary data)
|
||||
!:strength / 3
|
||||
|
||||
0 string/t #!\t/ a
|
||||
>3 string >\0 %s script text executable
|
||||
!:strength / 2
|
||||
|
||||
0 string/b #!\t/ a
|
||||
>3 string >\0 %s script executable (binary data)
|
||||
!:strength / 2
|
||||
|
||||
0 string/t #!/ a
|
||||
>2 string >\0 %s script text executable
|
||||
!:strength / 2
|
||||
|
||||
0 string/b #!/ a
|
||||
>2 string >\0 %s script executable (binary data)
|
||||
!:strength / 2
|
||||
|
||||
0 string/t #!\ script text executable
|
||||
>3 string >\0 for %s
|
||||
!:strength / 2
|
||||
|
||||
0 string/b #!\ script executable
|
||||
>3 string >\0 for %s (binary data)
|
||||
!:strength / 2
|
||||
|
||||
# using env
|
||||
0 string/t #!/usr/bin/env a
|
||||
>15 string/t >\0 %s script text executable
|
||||
!:strength / 10
|
||||
0 string/wt #!\ /usr/bin/env a
|
||||
>15 string/T >\0 %s script text executable
|
||||
!:strength / 6
|
||||
|
||||
0 string/b #!/usr/bin/env a
|
||||
>15 string/b >\0 %s script executable (binary data)
|
||||
!:strength / 10
|
||||
|
||||
0 string/t #!\ /usr/bin/env a
|
||||
>16 string/t >\0 %s script text executable
|
||||
!:strength / 10
|
||||
|
||||
0 string/b #!\ /usr/bin/env a
|
||||
>16 string/b >\0 %s script executable (binary data)
|
||||
!:strength / 10
|
||||
|
||||
# From: arno <arenevier@fdn.fr>
|
||||
# mozilla xpconnect typelib
|
||||
# see https://www.mozilla.org/scriptable/typelib_file.html
|
||||
0 string XPCOM\nTypeLib\r\n\032 XPConnect Typelib
|
||||
>0x10 byte x version %d
|
||||
>>0x11 byte x \b.%d
|
||||
0 string/wb #!\ /usr/bin/env a
|
||||
>15 string/T >\0 %s script executable (binary data)
|
||||
!:strength / 6
|
||||
|
@ -1,6 +1,6 @@
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# $File: web,v 1.1 2020/05/17 19:14:28 christos Exp $
|
||||
# $File: web,v 1.2 2022/10/29 16:02:37 christos Exp $
|
||||
|
||||
# http://www.rdfhdt.org/
|
||||
# From Christoph Biedl
|
||||
@ -10,3 +10,9 @@
|
||||
0 string $HDT\x01 HDT file (binary compressed indexed RDF triples) type 1
|
||||
!:mime application/vnd.hdt
|
||||
!:ext hdt
|
||||
|
||||
0 string [Adblock\040Plus Adblock Plus
|
||||
>&1 regex [0-9.]+ %s
|
||||
>1 string x rules file
|
||||
>10 search/100 Version:
|
||||
>>&1 regex [0-9]+ \b, version %s
|
||||
|
@ -1,6 +1,6 @@
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# $File: windows,v 1.46 2022/07/02 17:46:09 christos Exp $
|
||||
# $File: windows,v 1.63 2023/07/17 16:56:13 christos Exp $
|
||||
# windows: file(1) magic for Microsoft Windows
|
||||
#
|
||||
# This file is mainly reserved for files where programs
|
||||
@ -95,30 +95,175 @@
|
||||
>>40 lestring16 x "%s"
|
||||
|
||||
# Summary: Windows crash dump
|
||||
# Extension: .dmp
|
||||
# Created by: Andreas Schuster (https://computer.forensikblog.de/)
|
||||
# Reference (1): https://computer.forensikblog.de/en/2008/02/64bit_magic.html
|
||||
# https://web.archive.org/web/20101125060849/https://computer.forensikblog.de/en/2008/02/64bit_magic.html
|
||||
# Modified by (1): Abel Cheung (Avoid match with first 4 bytes only)
|
||||
# Modified by (2): Joerg Jenderek (addtional fields, extension, URL)
|
||||
# Reference: http://mark0.net/download/triddefs_xml.7z/defs/d/dmp.trid.xml
|
||||
# https://gitlab.com/qemu-project/qemu/-/blob/master/include/qemu/win_dump_defs.h
|
||||
# Note: called "Windows memory dump" by TrID
|
||||
# and verified by like Windows Kit `Dumpchk.exe 043022-18703-01.dmp`
|
||||
# and partly by NirSoft `BlueScreenView.exe 043022-18703-01.dmp`
|
||||
# char Signature[4]
|
||||
0 string PAGE
|
||||
# char ValidDump[4]
|
||||
>4 string DUMP MS Windows 32bit crash dump
|
||||
#!:mime application/octet-stream
|
||||
!:mime application/x-ms-dmp
|
||||
# like: Mini111013-01.dmp
|
||||
!:ext dmp
|
||||
# major version like: 15
|
||||
>>8 ulelong x \b, version %u
|
||||
# minor version like: 2600
|
||||
>>12 ulelong x \b.%u
|
||||
# DirectoryTableBase like: 709000
|
||||
#>>16 ulelong x \b, DirectoryTableBase %#x
|
||||
# PfnDatabase like: 805620c8
|
||||
#>>20 ulelong x \b, PfnDatabase %#x
|
||||
# PsLoadedModuleList like: 8055d720
|
||||
#>>24 ulelong x \b, PsLoadedModuleList %#x
|
||||
# PsActiveProcessHead like:805638b8
|
||||
#>>28 ulelong x \b, PsActiveProcessHead %#x
|
||||
# MachineImageType like: 14c (intel x86)
|
||||
>>32 ulelong !0x14c \b, MachineImageType %#x
|
||||
# NumberProcessors like: 2
|
||||
>>36 ulelong x \b, %u processors
|
||||
# BugcheckCode like: e2
|
||||
#>>40 ulelong x \b, BugcheckCode %#x
|
||||
# BugcheckParameter1 like: 0
|
||||
#>>44 ulelong x \b, BugcheckParameter1 %#x
|
||||
# BugcheckParameter2 like: 0
|
||||
#>>48 ulelong x \b, BugcheckParameter2 %#x
|
||||
# BugcheckParameter3 like: 0
|
||||
#>>52 ulelong x \b, BugcheckParameter3 %#x
|
||||
# BugcheckParameter4 like: 0
|
||||
#>>56 ulelong x \b, BugcheckParameter4 %#x
|
||||
# VersionUser[32]; like "PAGEPAGEPAGEPAGEPAGEPAGEPAGEPAGE" ""
|
||||
#>>60 string x \b, VersionUser "%.32s"
|
||||
# uint32_t reserved0 like: 45474101
|
||||
#>>92 ulelong x \b, reserved0 %#x
|
||||
>>0x05c byte 0 \b, no PAE
|
||||
>>0x05c byte 1 \b, PAE
|
||||
# KdDebuggerDataBlock like: 8054d2e0
|
||||
#>>96 ulelong x \b, KdDebuggerDataBlock %#x
|
||||
# uint8_t PhysicalMemoryBlockBuffer[700]
|
||||
# WinDumpPhyMemDesc32 NumberOfRuns like: 45474150
|
||||
#>>100 ulelong x \b, NumberOfRuns %#x
|
||||
# WinDumpPhyMemDesc32 uint32_t NumberOfPages like: 1162297680
|
||||
#>>104 ulelong x \b, NumberOfPages %#x
|
||||
# WinDumpPhyMemRun32 Run[86]; 688 bytes
|
||||
#>>108 ulelong x \b, BasePage %#x
|
||||
#>>112 ulelong x \b, PageCount %#x
|
||||
# uint8_t reserved1[3200]
|
||||
#>>800 string x \b, reserved "%s"
|
||||
#>>4000 ulelong x \b, RequiredDumpSpace %#x
|
||||
# uint8_t reserved2[92];
|
||||
#>>4004 string x \b, reserved2 "%s"
|
||||
>>0xf88 lelong 1 \b, full dump
|
||||
>>0xf88 lelong 2 \b, kernel dump
|
||||
>>0xf88 lelong 3 \b, small dump
|
||||
# like: 4
|
||||
>>0xf88 lelong >3 \b, dump type (%#x)
|
||||
# WinDumpPhyMemDesc32 uint32_t NumberOfPages like: 1162297680
|
||||
# GRR: IS THIS TRUE? VALUE IS SOMETIMES VERY HIGH!
|
||||
#>>104 ulelong x \b, NumberOfPages %#x
|
||||
>>0x068 lelong x \b, %d pages
|
||||
# Reference: http://mark0.net/download/triddefs_xml.7z/defs/d/dmp-64.trid.xml113o
|
||||
# Note: called "Windows 64bit Memory Dump" by TrID
|
||||
# char ValidDump[4]
|
||||
>4 string DU64 MS Windows 64bit crash dump
|
||||
>>0xf98 lelong 1 \b, full dump
|
||||
>>0xf98 lelong 2 \b, kernel dump
|
||||
>>0xf98 lelong 3 \b, small dump
|
||||
#!:mime application/octet-stream
|
||||
!:mime application/x-ms-dmp
|
||||
# like: c:\Windows\Minidump\020322-18890-01.dmp c:\Windows\MEMORY.DMP
|
||||
!:ext dmp
|
||||
# major version like: 15
|
||||
>>8 ulelong x \b, version %u
|
||||
# minor version like: 9600 19041 22621
|
||||
>>12 ulelong x \b.%u
|
||||
# DirectoryTableBase like: 001ab000
|
||||
#>>16 ulequad x \b, DirectoryTableBase %#llx
|
||||
# PfnDatabase like: fffffa8000000000
|
||||
#>>24 ulequad x \b, PfnDatabase %#llx
|
||||
# PsLoadedModuleList like: fffff800c553f650
|
||||
#>>32 ulequad x \b, PsLoadedModuleList %#llx
|
||||
# PsActiveProcessHead like: fffff800c5525400
|
||||
#>>40 ulequad x \b, PsActiveProcessHead %#llx
|
||||
# MachineImageType like: 00008664
|
||||
>>48 ulelong !0x8664 \b, MachineImageType %#x
|
||||
# NumberProcessors like: 2 4
|
||||
>>52 ulelong x \b, %u processors
|
||||
# BugcheckCode like: 1000007e
|
||||
#>>56 ulelong x \b, BugcheckCode %#x
|
||||
# unused0
|
||||
#>>60 ulelong x \b, unused0 %#x
|
||||
# BugcheckParameter1 like: ffffffffc0000005
|
||||
#>>64 ulequad x \b, BugcheckParameter1 %#llx
|
||||
# BugcheckParameter2 like: fffff801abb2158f
|
||||
#>>72 ulequad x \b, BugcheckParameter2 %#llx
|
||||
# BugcheckParameter3 like: ffffd000290d4288
|
||||
#>>80 ulequad x \b, BugcheckParameter3 %#llx
|
||||
# BugcheckParameter4 like: ffffd000290d3aa0
|
||||
#>>88 ulequad x \b, BugcheckParameter4 %#llx
|
||||
# VersionUser[32]; like "" "PAGEPAGEPAGEPAGEPAGEPAGEPAGEPAGE" ""
|
||||
#>>96 string x \b, VersionUser "%.32s"
|
||||
# KdDebuggerDataBlock like: fffff800c550c530
|
||||
#>>128 ulequad x \b, KdDebuggerDataBlock %#llx
|
||||
# uint8_t PhysicalMemoryBlockBuffer[704]
|
||||
# WinDumpPhyMemDesc64 NumberOfRuns like: 6 7 0x45474150
|
||||
#>>136 ulelong x \b, NumberOfRuns %#x
|
||||
# WinDumpPhyMemDesc64 unused like: 0 0x45474150
|
||||
#>>140 ulelong x \b, unused %#x
|
||||
# WinDumpPhyMemRun64 Run[43] BasePage like: 1
|
||||
#>>152 ulequad x \b, BasePage %#llx
|
||||
# WinDumpPhyMemRun64 Run[43] PageCount like: 57h
|
||||
#>>160 ulequad x \b, PageCount %#llx
|
||||
# uint8_t ContextBuffer[3000] like: "" "\001" "\0207J\266\001\340\377\377&8\007\312"
|
||||
#>>840 string x \b, ContextBuffer "%s"
|
||||
# WinDumpExceptionRecord ExceptionCode
|
||||
#>>3840 ulelong x \b, ExceptionCode %#x
|
||||
# WinDumpExceptionRecord ExceptionFlags
|
||||
#>>3844 ulelong x \b, ExceptionFlags %#x
|
||||
# WinDumpExceptionRecord ExceptionRecord
|
||||
#>>3848 ulequad x \b, ExceptionRecord %#llx
|
||||
# WinDumpExceptionRecord ExceptionAddress
|
||||
#>>3856 ulequad x \b, ExceptionAddress %#llx
|
||||
# WinDumpExceptionRecord NumberParameters
|
||||
#>>3864 ulelong x \b, NumberParameters %#x
|
||||
# WinDumpExceptionRecord unused
|
||||
#>>3868 ulelong x \b, unsed %#x
|
||||
# WinDumpExceptionRecord ExceptionInformation[15]
|
||||
#>>3872 ulequad x \b, ExceptionInformation[0] %#llx
|
||||
# https://learn.microsoft.com/en-us/troubleshoot/windows-server/performance/memory-dump-file-options
|
||||
# but DumpType like: 4~small 5~full (MEMORY.DMP) 6~kernel (MEMORY.DMP)
|
||||
>>0xf98 ulelong x \b,
|
||||
>>>0xf98 lelong 5 full dump
|
||||
>>>0xf98 lelong 6 kernel dump
|
||||
>>>0xf98 lelong 4 small dump
|
||||
# This probably never occur
|
||||
>>>0xf98 default x DumpType
|
||||
>>>>0xf98 ulelong x (%#x)
|
||||
# WinDumpPhyMemDesc64 uint64_t NumberOfPages like: 3142425 8341923 8366500 1162297680 4992030524978970960
|
||||
# GRR: IS THIS TRUE? VALUE IS SOMETIMES VERY HIGH!
|
||||
>>0x090 lequad x \b, %lld pages
|
||||
|
||||
|
||||
# Summary: Vista Event Log
|
||||
# Extension: .evtx
|
||||
# Created by: Andreas Schuster (https://computer.forensikblog.de/)
|
||||
# Reference (1): https://computer.forensikblog.de/en/2007/05/some_magic.html
|
||||
0 string ElfFile\0 MS Windows Vista Event Log
|
||||
# Update: Joerg Jenderek
|
||||
# URL: https://github.com/libyal/libevtx/blob/main/documentation/Windows%20XML%20Event%20Log%20(EVTX).asciidoc
|
||||
# Reference (1): https://web.archive.org/web/20110803085000/
|
||||
# https://computer.forensikblog.de/en/2007/05/some_magic.html
|
||||
# http://mark0.net/download/triddefs_xml.7z/defs/e/evtx.trid.xml
|
||||
# Note: called "Vista Event Log" by TrID and "Event Log" by Windows
|
||||
# verified partly by `wevtutil.exe gli /lf:true dumpfile.evtx`
|
||||
0 string ElfFile\0 MS Windows
|
||||
#!:mime application/octet-stream
|
||||
!:mime application/x-ms-evtx
|
||||
!:ext evtx
|
||||
# Major+Minor format version: 3.1~Vista and later 3.2~Windows 10 (2004) and later
|
||||
>0x24 ulelong =0x00030001 Vista-8.1 Event Log
|
||||
>0x24 ulelong !0x00030001 10-11 Event Log, version
|
||||
>>0x26 uleshort x %u
|
||||
>>0x24 uleshort x \b.%u
|
||||
>0x2a leshort x \b, %d chunks
|
||||
>>0x10 lelong x \b (no. %d in use)
|
||||
>0x18 lelong >1 \b, next record no. %d
|
||||
@ -126,6 +271,32 @@
|
||||
>0x78 lelong &1 \b, DIRTY
|
||||
>0x78 lelong &2 \b, FULL
|
||||
|
||||
# Summary: Windows Event Trace Log
|
||||
# From: Joerg Jenderek
|
||||
# URL: http://fileformats.archiveteam.org/wiki/ETL
|
||||
# Reference: http://mark0.net/download/triddefs_xml.7z/defs/e/etl.trid.xml
|
||||
# https://www.geoffchappell.com/studies/windows/km/ntoskrnl/api/etw/tracelog/trace_logfile_header.htm
|
||||
# Note: called "Window tracing/diagnostic binary log" by TrID
|
||||
# verified by `tracerpt.EXE Wifi.etl -of EVTX`
|
||||
# and by etl-parser `etl2xml --input AMSITrace.etl --output AMSITrace.xml`
|
||||
# Every ETL file begins with a WMI_BUFFER_HEADER, a SYSTEM_TRACE_HEADER and a TRACE_LOGFILE_HEADER
|
||||
0 ubyte 0
|
||||
# look for corresponding encoded as UTF-16 file name extension like in: boot_BASE+CSWITCH_1.etl
|
||||
>0 search/0x699087/b .\0e\0t\0l\0\0\0
|
||||
# GRR: line above only works if in ../../src/file.h FILE_BYTES_MAX is raised above 699086h (6,59 MiB)
|
||||
>>0 use trace-etl
|
||||
# display information of Windows Performance Analyzer Trace File (file name)
|
||||
0 name trace-etl
|
||||
>0 ubyte x Windows Event Trace Log
|
||||
#!:mime application/x-ms-etl
|
||||
# http://extension.nirsoft.net/etl
|
||||
!:mime application/etl
|
||||
!:ext etl
|
||||
# look for DOS drive letter part of log file name like: PhotosAppTracing_startedInBGMode.etl
|
||||
>0 search/0x2b4/sb :\0\x5c\0
|
||||
# like: "c:\Windows\Logs\NetSetup\service.0.etl" "C:\Windows\System32\LogFiles\WMI\Wifi.etl"
|
||||
>>&-2 lestring16 x "%s"
|
||||
|
||||
# Summary: Windows System Deployment Image
|
||||
# Created by: Joerg Jenderek
|
||||
# URL: http://en.wikipedia.org/wiki/System_Deployment_Image
|
||||
@ -440,62 +611,248 @@
|
||||
>16 string >\0 for "%s"
|
||||
|
||||
# Summary: Hyper terminal
|
||||
# Extension: .ht
|
||||
# Created by: unknown
|
||||
# Update: Joerg Jenderek
|
||||
# URL: https://en.wikipedia.org/wiki/HyperACCESS
|
||||
# https://www.hilgraeve.com/hyperterminal/
|
||||
# Reference: http://mark0.net/download/triddefs_xml.7z/defs/h/ht.trid.xml
|
||||
# Note: called "HyperTerminal data file" by TrID and "HyperTerminal File" on English Windows
|
||||
0 string HyperTerminal\040
|
||||
>15 string 1.0\ --\ HyperTerminal\ data\ file MS Windows HyperTerminal profile
|
||||
>14 string 1.0\ --\ HyperTerminal\ data\ file MS Windows HyperTerminal profile
|
||||
#!:mime application/octet-stream
|
||||
!:mime application/x-ms-ht
|
||||
!:ext ht
|
||||
|
||||
# https://ithreats.files.wordpress.com/2009/05/\040
|
||||
# lnk_the_windows_shortcut_file_format.pdf
|
||||
# Summary: Windows shortcut
|
||||
# Extension: .lnk
|
||||
# Created by: unknown
|
||||
# Update: Joerg Jenderek
|
||||
# URL: http://fileformats.archiveteam.org/wiki/Windows_Shortcut
|
||||
# https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-shllink/
|
||||
# Reference: http://mark0.net/download/triddefs_xml.7z/defs/l/lnk-shortcut.trid.xml
|
||||
# https://winprotocoldoc.blob.core.windows.net/productionwindowsarchives/MS-SHLLINK/%5bMS-SHLLINK%5d.pdf
|
||||
# Note: called "Windows Shortcut" by TrID, "Microsoft Windows Shortcut" by DROID via PUID x-fmt/428 and "Windows shortcut file" by ./msdos (v 1.158)
|
||||
# partly verified by command like `lnkinfo AOL.lnk`
|
||||
# 'L' + GUUID
|
||||
# HeaderSize + LinkCLSID 00021401-0000-0000-C000-000000000046
|
||||
0 string \114\0\0\0\001\024\002\0\0\0\0\0\300\0\0\0\0\0\0\106 MS Windows shortcut
|
||||
!:mime application/x-ms-shortcut
|
||||
!:ext lnk
|
||||
# LinkFlags
|
||||
# HasLinkTargetIDList; if set a LinkTargetIDList structure MUST follow the ShellLinkHeader; If is not set, structure MUST NOT be present
|
||||
>20 lelong&1 1 \b, Item id list present
|
||||
# HasLinkInfo; if set a LinkInfo structure MUST follow the ShellLinkHeader or LinkTargetIDList; If is not set, structure MUST NOT be present
|
||||
>20 lelong&2 2 \b, Points to a file or directory
|
||||
>20 lelong&4 4 \b, Has Description string
|
||||
>20 lelong&8 8 \b, Has Relative path
|
||||
>20 lelong&16 16 \b, Has Working directory
|
||||
>20 lelong&32 32 \b, Has command line arguments
|
||||
>20 lelong&64 64 \b, Icon
|
||||
# IconIndex
|
||||
>>56 lelong x \b number=%d
|
||||
# IsUnicode; If set then StringData section contains Unicode-encoded strings
|
||||
>20 lelong&128 128 \b, Unicoded
|
||||
# ForceNoLinkInfo; LinkInfo structure is ignored
|
||||
>20 lelong&256 256 \b, NoLinkInfo
|
||||
# HasExpString; with an EnvironmentVariableDataBlock
|
||||
>20 lelong&512 512 \b, HasEnvironment
|
||||
# look for BlockSize 314h and EnvironmentVariableDataBlock BlockSignature A0000001h
|
||||
>>76 search/1972 \x14\x03\x00\x00\x01\x00\x00\xa0
|
||||
# TargetAnsi (260 bytes); NULL-terminated path to environment variable encoded with system default code page
|
||||
#>>>&0 string x '%s'
|
||||
# TargetUnicode (520 bytes): optional NULL-terminated path to same environment variable Unicode encoded
|
||||
# like: "%windir%\system32\calc.exe"
|
||||
>>>&260 lestring16 x "%s"
|
||||
# RunInSeparateProcess; run in a separate virtual machine when launching a 16-bit application; no examples found
|
||||
>20 lelong&1024 1024 \b, RunInSeparateProcess
|
||||
# Unused1; undefined and MUST be ignored
|
||||
#>20 lelong&2048 2048 \b, Unused1
|
||||
# HasDarwinID; with a DarwinDataBlock
|
||||
>20 lelong&4096 4096 \b, HasDarwinID
|
||||
# look for BlockSize 314h and DarwinDataBlock BlockSignature A0000006h
|
||||
>>76 search/1972 \x14\x03\x00\x00\x06\x00\x00\xa0
|
||||
# DarwinDataAnsi (260 bytes); NULL-terminated application identifier encoded with system default code page; SHOULD be ignored
|
||||
#>>>&0 string x '%s'
|
||||
# DarwinDataUnicode (520 bytes); NULL-terminated application identifier Unicode encoded
|
||||
>>>&260 lestring16 x "%s"
|
||||
# RunAsUser; target application is run as a different user
|
||||
>20 lelong&8192 8192 \b, RunAsUser
|
||||
# HasExpIcon; with an IconEnvironmentDataBlock
|
||||
>20 lelong&16384 16384 \b, HasExpIcon
|
||||
# look for BlockSize 314h and IconEnvironmentDataBlock BlockSignature A0000007h
|
||||
>>76 search/1972 \x14\x03\x00\x00\x07\x00\x00\xa0
|
||||
# TargetAnsi (260 bytes); NULL-terminated path to environment icon variable encoded with system default code page
|
||||
#>>>&0 string x '%s'
|
||||
# TargetUnicode (520 bytes); optional NULL-terminated path to same icon environment variable Unicode encoded
|
||||
# like: "%SystemDrive%\Program Files\YaCy\addon\YaCy.ico"
|
||||
>>>&260 lestring16 x "%s"
|
||||
# NoPidlAlias; represented in the shell namespace; no examples found
|
||||
>20 lelong&32768 32768 \b, NoPidlAlias
|
||||
# Unused2; undefined and MUST be ignored
|
||||
#>20 lelong&65536 65536 \b, Unused2
|
||||
# RunWithShimLayer; with a ShimDataBlock; no examples found
|
||||
>20 lelong&131072 131072 \b, RunWithShimLayer
|
||||
# ForceNoLinkTrack; TrackerDataBlock is ignored; no examples found
|
||||
>20 lelong&262144 262144 \b, ForceNoLinkTrack
|
||||
>20 lelong&262144 0
|
||||
# look for BlockSize 60h, TrackerDataBlock BlockSignature A0000003h, it length 58h and Version 0
|
||||
>>76 search/1972 \x60\x00\x00\x00\x03\x00\x00\xa0\x58\x00\x00\x00\0\0\0\0
|
||||
# MachineID (16 bytes); a NULL-terminated NetBIOS name encoded with system default code page of the machine
|
||||
>>>&0 string x \b, MachineID %0.16s
|
||||
# Droid (32 bytes)
|
||||
#
|
||||
# DroidBirth (32 bytes)
|
||||
#
|
||||
# EnableTargetMetadata; collect target properties and store in PropertyStoreDataBlock
|
||||
>20 lelong&524288 524288 \b, EnableTargetMetadata
|
||||
# look for BlockSize >= Ch, PropertyStoreDataBlock BlockSignature A0000009h
|
||||
#>>76 search/1972 \x00\x00\x09\x00\x00\xa0
|
||||
# PropertyStore (variable)
|
||||
#
|
||||
# DisableLinkPathTracking; EnvironmentVariableDataBlock is ignored; no examples found
|
||||
>20 lelong&1048576 1048576 \b, DisableLinkPathTracking
|
||||
# DisableKnownFolderTracking; SpecialFolderDataBlock and KnownFolderDataBlock are ignored and not saved
|
||||
>20 lelong&2097152 2097152 \b, DisableKnownFolderTracking
|
||||
>20 lelong&2097152 0
|
||||
# look for BlockSize 1Ch and KnownFolderDataBlock BlockSignature A000000Bh
|
||||
>>76 search/1972 \x1c\x00\x00\x00\x0B\x00\x00\xa0
|
||||
# https://learn.microsoft.com/en-us/dotnet/desktop/winforms/controls/known-folder-guids-for-file-dialog-custom-places
|
||||
# KnownFolderID specifies the folder GUID ID
|
||||
# ProgramFiles 905E63B6-C1BF-494E-B29C-65B732D3D21A
|
||||
# ProgramFilesX86 7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E
|
||||
>>>&0 guid x KnownFolderID %s
|
||||
# DisableKnownFolderAlias; unaliased form of the known folder IDList SHOULD be used; no examples found
|
||||
>20 lelong&4194304 4194304 \b, DisableKnownFolderAlias
|
||||
# AllowLinkToLink; link that references another link is enabled; no examples found
|
||||
>20 lelong&8388608 8388608 \b, AllowLinkToLink
|
||||
# UnaliasOnSave; unaliased form of that known folder or the target IDList SHOULD be used; no examples found
|
||||
>20 lelong&16777216 16777216 \b, UnaliasOnSave
|
||||
# PreferEnvironmentPath; path specified in the EnvironmentVariableDataBlock SHOULD be used
|
||||
>20 lelong&33554432 33554432 \b, PreferEnvironmentPath
|
||||
# KeepLocalIDListForUNCTarget; UNC name SHOULD be stored in local path IDList in PropertyStoreDataBlock; no examples found
|
||||
>20 lelong&67108864 67108864 \b, KeepLocalIDListForUNCTarget
|
||||
# FileAttributes
|
||||
>24 lelong&1 1 \b, Read-Only
|
||||
>24 lelong&2 2 \b, Hidden
|
||||
>24 lelong&4 4 \b, System
|
||||
>24 lelong&8 8 \b, Volume Label
|
||||
# Reserved1; MUST be zero
|
||||
>24 lelong&8 8 \b, Reserved1
|
||||
>24 lelong&16 16 \b, Directory
|
||||
>24 lelong&32 32 \b, Archive
|
||||
>24 lelong&64 64 \b, Encrypted
|
||||
# Reserved2; MUST be zero
|
||||
>24 lelong&64 64 \b, Reserved2
|
||||
>24 lelong&128 128 \b, Normal
|
||||
>24 lelong&256 256 \b, Temporary
|
||||
# no examples found
|
||||
>24 lelong&512 512 \b, Sparse
|
||||
# no examples found
|
||||
>24 lelong&1024 1024 \b, Reparse point
|
||||
>24 lelong&2048 2048 \b, Compressed
|
||||
>24 lelong&4096 4096 \b, Offline
|
||||
>28 leqwdate x \b, ctime=%s
|
||||
>36 leqwdate x \b, mtime=%s
|
||||
>44 leqwdate x \b, atime=%s
|
||||
# FILE_ATTRIBUTE_NOT_CONTENT_INDEXED; contents need to be indexed
|
||||
>24 lelong&8192 8192 \b, NeedIndexed
|
||||
# FILE_ATTRIBUTE_ENCRYPTED; file or directory is encrypted
|
||||
>24 lelong&16384 16384 \b, Encrypted
|
||||
# value zero means there is no time set on the target
|
||||
>28 leqwdate !0 \b, ctime=%s
|
||||
# Access time of target in UTC
|
||||
>36 leqwdate !0 \b, atime=%s
|
||||
# write time of target in UTC
|
||||
>44 leqwdate !0 \b, mtime=%s
|
||||
# FileSize; 32 bit size of target in bytes
|
||||
>52 lelong x \b, length=%u, window=
|
||||
>60 lelong&1 1 \bhide
|
||||
>60 lelong&2 2 \bnormal
|
||||
>60 lelong&4 4 \bshowminimized
|
||||
>60 lelong&8 8 \bshowmaximized
|
||||
>60 lelong&16 16 \bshownoactivate
|
||||
>60 lelong&32 32 \bminimize
|
||||
>60 lelong&64 64 \bshowminnoactive
|
||||
>60 lelong&128 128 \bshowna
|
||||
>60 lelong&256 256 \brestore
|
||||
>60 lelong&512 512 \bshowdefault
|
||||
#>20 lelong&1 0
|
||||
#>>20 lelong&2 2
|
||||
#>>>(72.l-64) pstring/h x \b [%s]
|
||||
#>20 lelong&1 1
|
||||
#>>20 lelong&2 2
|
||||
#>>>(72.s) leshort x
|
||||
#>>>&75 pstring/h x \b [%s]
|
||||
# ShowCommand; 1~SW_SHOWNORMAL 3~SW_SHOWMAXIMIZED HerzlichMEDION.lnk 7~SW_SHOWMINNOACTIVE YaCy.lnk Privoxy.lnk; All other values like 2 MUST be treated as SW_SHOWNORMAL
|
||||
#>60 lelong x ShowCommand=%#x
|
||||
>60 lelong x
|
||||
>>60 lelong 3 \bshowmaximized
|
||||
>>60 lelong 7 \bshowminnoactive
|
||||
>>60 default x \bnormal
|
||||
# Hotkey
|
||||
>64 uleshort >0 \b, hot key
|
||||
# 41h~A 42h~B ...
|
||||
>>64 ubyte x %c
|
||||
# modifier keys: 0x01~HOTKEYF_SHIFT 0x02~HOTKEYF_CONTROL 0x04~HOTKEYF_ALT
|
||||
>>65 ubyte&1 1 \b+SHIFT
|
||||
>>65 ubyte&2 2 \b+CONTROL
|
||||
>>65 ubyte&4 4 \b+ALT
|
||||
# Reserved; MUST be zero
|
||||
#>66 uleshort !0 \b, reserved %#x
|
||||
# Reserved2; MUST be zero
|
||||
#>68 ulelong !0 \b, reserved2 %#x
|
||||
# Reserved3; MUST be zero
|
||||
#>72 ulelong !0 \b, reserved3 %#x
|
||||
# optional LINKTARGET_IDLIST if LinkFlags bit HasLinkTargetIDList is set
|
||||
>20 lelong&1 1
|
||||
# IDListSize; size of IDList
|
||||
>>76 uleshort x \b, IDListSize %#4.4x
|
||||
# 1st item
|
||||
>>78 use lnk-item
|
||||
# 2nd possible item
|
||||
>>(78.s+78) uleshort >0
|
||||
>>>(78.s+78) use lnk-item
|
||||
# 3rd possible item
|
||||
>>>&(&-2.s-2) uleshort >0
|
||||
>>>>&-2 use lnk-item
|
||||
# 4th possible item
|
||||
>>>>&(&-2.s-2) uleshort >0
|
||||
>>>>>&-2 use lnk-item
|
||||
# Because HasLinkInfo is set, a LinkInfo structure follows
|
||||
>20 lelong&2 2
|
||||
# if no LINKTARGET_IDLIST (no HasLinkTargetIDList) then direct after header; no example found
|
||||
>>20 lelong&1 =0
|
||||
>>>76 use lnk-info
|
||||
# if LINKTARGET_IDLIST (HasLinkTargetIDList) then after LINKTARGET_IDLIST by addtional IDListSize bytes
|
||||
>>20 lelong&1 =1
|
||||
>>>76 uleshort >0
|
||||
#>>>>(76.s+78) use lnk-info
|
||||
>>>>(76.s+78) ubelong x
|
||||
# move pointer to beginnig of LinkInfo structure
|
||||
>>>>>&-8 ubelong x
|
||||
#>>>>>>&16 ulelong x \b, LocalBasePathOffset=%#8.8x
|
||||
>>>>>>&(&16.l) string x \b, LocalBasePath "%s"
|
||||
# check and then display link item (size,data)
|
||||
0 name lnk-item
|
||||
# size value 0x0000 means TerminalID; indicates the end of the item IDs list
|
||||
>0 uleshort >0
|
||||
#>>0 uleshort x \b, ItemIDSize %#4.4x
|
||||
# item Data
|
||||
#>>2 ubequad x \b, Item data=%#16.16llx
|
||||
#>>2 ubyte x \b, Item type=%#x
|
||||
>>2 ubyte =0x1f \b, Root folder
|
||||
# like: "26EE0668-A00A-44D7-9371-BEB064C98683" Control Panel
|
||||
# "20D04FE0-3AEA-1069-A2D8-08002B30309D" My Computer
|
||||
# "871C5380-42A0-1069-A2EA-08002B30309D" Internet Explorer
|
||||
>>>4 guid x "%s"
|
||||
>>2 ubyte =0x2f \b, Volume
|
||||
# like: "C:\" "D:\"
|
||||
>>>3 string x "%s"
|
||||
# Control panel category
|
||||
#>>2 ubyte foo \b, Control panel category
|
||||
# display LinkInfo structure (size,flags,offsets)
|
||||
0 name lnk-info
|
||||
# LinkInfoSize; size of the LinkInfo structure
|
||||
>0 ulelong x \b, LinkInfoSize %#x
|
||||
# LinkInfoHeaderSize; if 1C no optional fields; >=24 optional fields are specified
|
||||
>4 ulelong x \b, LinkInfoHeaderSize %#x
|
||||
# LinkInfoFlags;
|
||||
#>8 ulelong x \b, LinkInfoFlags=%#x
|
||||
>8 ulelong&1 1 \b, VolumeIDAndLocalBasePath
|
||||
# VolumeIDOffset; location of the VolumeID field (VolumeIDSize DriveType DriveSerialNumber VolumeLabelOffset ... ) inside LinkInfo structure
|
||||
>>12 ulelong x \b, VolumeIDOffset %#x
|
||||
# LocalBasePathOffset; location of LocalBasePath field like "C:\test\a.txt" inside LinkInfo structure
|
||||
>>16 ulelong x \b, LocalBasePathOffset %#x
|
||||
# LocalBasePathOffsetUnicode; location of the LocalBasePathUnicode field inside LinkInfo structure
|
||||
>>4 ulelong >23
|
||||
>>>28 ulelong x \b, LocalBasePathOffsetUnicode %#x
|
||||
>8 ulelong&2 2 \b, CommonNetworkRelativeLinkAndPathSuffix
|
||||
# CommonNetworkRelativeLinkOffset; location of the CommonNetworkRelativeLink field inside LinkInfo structure
|
||||
>>20 ulelong x \b, CommonNetworkRelativeLinkOffset %#x
|
||||
# CommonPathSuffixOffset; location of CommonPathSuffix field
|
||||
>24 ulelong x \b, CommonPathSuffixOffset %#x
|
||||
# CommonPathSuffixOffsetUnicode; location of CommonPathSuffixUnicode field inside LinkInfo structure
|
||||
>4 ulelong >23
|
||||
>>32 ulelong x \b, CommonPathSuffixOffsetUnicode %#x
|
||||
|
||||
# Summary: Outlook Personal Folders
|
||||
# Created by: unknown
|
||||
@ -752,6 +1109,27 @@
|
||||
# like: 12510866.CPX
|
||||
!:ext cpx
|
||||
# From: Joerg Jenderek
|
||||
# URL: https://en.wikipedia.org/wiki/File_Explorer
|
||||
# Reference: http://mark0.net/download/triddefs_xml.7z/defs/s/scf-exp.trid.xml,scf-exp-old.trid.xml
|
||||
# Note: called "Windows Explorer Command Shell File" by TrID and "File Explorer Command" by Windows via SHCmdFile
|
||||
>>&0 regex/c \^Shell]\r\n Windows Explorer Shell Command File
|
||||
#!:mime text/plain
|
||||
!:mime text/x-ms-scf
|
||||
# like: channels.scf desktop.scf explorer.scf "Desktop anzeigen.scf"
|
||||
!:ext scf
|
||||
# look for icon file directive maybe pointing to malicious file
|
||||
>>>1 search/128 IconFile= \b, icon
|
||||
>>>>&0 string x "%s"
|
||||
# From: Joerg Jenderek
|
||||
# URL: http://en.wikipedia.org/wiki/VIA_Technologies
|
||||
# Reference: http://mark0.net/download/triddefs_xml.7z/defs/s/scf-via.trid.xml
|
||||
# Note: called "VIA setup configuration file" by TrID
|
||||
>>&0 regex/c \^SCF]\r\n VIA setup configuration
|
||||
#!:mime text/plain
|
||||
!:mime text/x-via-scf
|
||||
# like: SETUP.SCF
|
||||
!:ext scf
|
||||
# From: Joerg Jenderek
|
||||
# URL: https://en.wikipedia.org/wiki/InstallShield
|
||||
# Reference: http://mark0.net/download/triddefs_xml.7z/defs/l/lid-is.trid.xml
|
||||
# Note: contain also 3 keywords like: count Default key0
|
||||
@ -770,6 +1148,23 @@
|
||||
!:mime text/x-ms-tag
|
||||
# like: DATA.TAG
|
||||
!:ext tag
|
||||
# URL: https://en.wikipedia.org/wiki/Flatpak
|
||||
# Reference: http://mark0.net/download/triddefs_xml.7z/defs/f/flatpakref.trid.xml
|
||||
# Note: called "Flatpack Reference" by TrID
|
||||
>>&0 string Flatpak\ Ref] Flatpak repository reference
|
||||
#!:mime text/plain
|
||||
# https://reposcope.com/mimetype/application/vnd.flatpak.ref
|
||||
!:mime application/vnd.flatpak.ref
|
||||
!:ext flatpakref
|
||||
# From: Joerg Jenderek
|
||||
# URL: https://en.wikipedia.org/wiki/CloneCD
|
||||
# Reference: https://en.wikipedia.org/wiki/CloneCD_Control_File
|
||||
# http://mark0.net/download/triddefs_xml.7z/defs/c/cdimage-clonecd-cue.trid.xml
|
||||
# Note: called "CloneCD CDImage (description)" by TrID and "CloneCD Control File" by DROID via PUID fmt/1760
|
||||
>>&0 string CloneCD] CloneCD CD-image Description
|
||||
#!:mime text/plain
|
||||
!:mime text/x-ccd
|
||||
!:ext ccd
|
||||
# unknown keyword after opening bracket
|
||||
>>&0 default x
|
||||
#>>>&0 string/c x UNKNOWN [%s
|
||||
@ -779,6 +1174,12 @@
|
||||
>>>>&0 string/c version Windows setup INFormation
|
||||
!:mime application/x-setupscript
|
||||
!:ext inf
|
||||
# From: Joerg Jenderek
|
||||
# URL: https://cdrtfe.sourceforge.io/
|
||||
# Reference: http://mark0.net/download/triddefs_xml.7z/defs/c/cfp-cdrtfe.trid.xml
|
||||
>>>>&0 string FileExplorer] cdrtfe Project
|
||||
!:mime text/x-cfp
|
||||
!:ext cfp
|
||||
# https://en.wikipedia.org/wiki/Initialization_file Windows Initialization File or other
|
||||
>>>>&0 default x
|
||||
>>>>>&0 ubyte x
|
||||
@ -790,6 +1191,10 @@
|
||||
!:mime application/x-wine-extension-ini
|
||||
#!:mime text/plain
|
||||
!:ext ini/inf
|
||||
# samples with only 1 and unknown section name
|
||||
# XXX: matches a file containing '[1] 2'
|
||||
#>>>&0 default x Generic INItialization configuration
|
||||
#>>>>0 string x \b, 1st line "%s"
|
||||
# UTF-16 BOM
|
||||
0 ubeshort =0xFFFE
|
||||
# look for phrase of Windows policy ADMinistrative template (UTF-16 by adm-uni.trid.xml)
|
||||
@ -871,21 +1276,24 @@
|
||||
>>>2 uleshort <3
|
||||
# look for colon in WinDirPath after PNF header
|
||||
#>>>>0x59 search/18 :
|
||||
>>>>0 use PreCompiledInf
|
||||
# skip few Adobe Photoshop Color swatch ("Mac OS.aco" TRUMATCH-Farben.aco Windows.aco) and some
|
||||
# Targa image (money-256.tga XING_B_UCM8.tga x-fmt-367-signature-id-604.tga) with "invalid low section name" \0
|
||||
>>>>(20.l) ubelong >0x40004000
|
||||
>>>>>0 use PreCompiledInf
|
||||
0 name PreCompiledInf
|
||||
>0 uleshort x Windows Precompiled iNF
|
||||
!:mime application/x-pnf
|
||||
!:ext pnf
|
||||
# major version 1 for older Windows like XP and 3 since about Windows Vista
|
||||
# 101h~98-XP; 301h~Windows Vista-7 ; 302h~Windows 10 14393; 303h~Windows 10 18362
|
||||
# 101h~95-XP; 301h~Windows Vista-7 ; 302h~Windows 10 14393; 303h~Windows 10 18362-Windows11
|
||||
>1 ubyte x \b, version %u
|
||||
>0 ubyte x \b.%u
|
||||
>0 uleshort =0x0101 (Windows
|
||||
>>4 ulelong&0x00000001 !0x00000001 98)
|
||||
>>4 ulelong&0x00000001 !0x00000001 95-98)
|
||||
>>4 ulelong&0x00000001 =0x00000001 XP)
|
||||
>0 uleshort =0x0301 (Windows Vista-8.1)
|
||||
>0 uleshort =0x0302 (Windows 10 older)
|
||||
>0 uleshort =0x0303 (Windows 10)
|
||||
>0 uleshort =0x0303 (Windows 10-11)
|
||||
# 1 ,2 (windows 98 SE)
|
||||
>2 uleshort !2 \b, InfStyle %u
|
||||
# PNF_FLAG_IS_UNICODE 0x00000001
|
||||
@ -927,7 +1335,7 @@
|
||||
>>(20.l) string x "%s"
|
||||
# FILETIME is number of 100-nanosecond intervals since 1 January 1601
|
||||
#>24 ulequad x \b, InfVersionLastWriteTime %16.16llx
|
||||
#>24 foodate-0xbar x \b, InfVersionLastWriteTime %s
|
||||
>24 qwdate x \b, InfVersionLastWriteTime %s
|
||||
# for Windows 98, XP
|
||||
>0 uleshort <0x0102
|
||||
# only found values lower 0x00ffFFff
|
||||
@ -965,6 +1373,7 @@
|
||||
>>>>>(72.l) string x OsLoaderPath "%s"
|
||||
# 1fdh
|
||||
#>>>76 uleshort x \b, StringTableHashBucketCount %#x
|
||||
# https://docs.microsoft.com/en-us/openspecs/office_standards/ms-oe376/6c085406-a698-4e12-9d4d-c3b0ee3dbc4a
|
||||
# only 407h found
|
||||
>>>78 uleshort !0x409 \b, LanguageID %x
|
||||
#>>>78 uleshort =0x409 \b, LanguageID %x
|
||||
@ -1342,7 +1751,7 @@
|
||||
# 5000010021083f00 50000100b0335600 50000100cbfdf800 50000100dfbc4700
|
||||
#>4 ubequad x \b, at 4 %#16.16llx
|
||||
# copyright text like: "Stirling Technologies, Inc. (c) 1990-1994"
|
||||
# "InstallSHIELD Software Coporation (c) 1990-1997"
|
||||
# "InstallSHIELD Software Corporation (c) 1990-1997"
|
||||
>13 pstring/h x "%s"
|
||||
# look for specific ASCII variable names
|
||||
>1 search/0x121/s SRCDIR \b, variable names:
|
||||
@ -1370,3 +1779,44 @@
|
||||
# ... LOGHANDLE
|
||||
>0 ubelong x ...
|
||||
#
|
||||
|
||||
# Summary: Microsoft Remote Desktop Protocol connection
|
||||
# From: Joerg Jenderek
|
||||
# URL: https://learn.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/rdp-files
|
||||
# Reference: http://mark0.net/download/triddefs_xml.7z/defs/r/rdp.trid.xml
|
||||
# Note: called "Remote Desktop Connection Settings" by TrID
|
||||
0 string screen\040mode\040id:i: Remote Desktop Protocol connection
|
||||
#!:mime text/plain
|
||||
!:mime text/x-ms-rdp
|
||||
!:ext rdp
|
||||
# Screen mode: 1~session appear in a window 2~session appear full screen
|
||||
>17 string 1 \b, window mode
|
||||
>17 string 2 \b, full screen mode
|
||||
|
||||
0 guid 7B5C52E4-D88C-4DA7-AEB1-5378D02996D3 Microsoft OneNote
|
||||
!:ext one
|
||||
!:mime application/onenote
|
||||
0 guid 43FF2FA1-EFD9-4C76-9EE2-10EA5722765F Microsoft OneNote Revision Store File
|
||||
|
||||
# Microsoft XAML Binary Format
|
||||
# From: Alexandre Iooss <erdnaxe@crans.org>
|
||||
# URL: https://github.com/WalkingCat/XbfDump/blob/8832d2ffcaa738434d803fefa2ba99d3af37ed29/xbf_data.h
|
||||
0 string XBF\0
|
||||
>12 ulelong <0xFF
|
||||
>>16 ulelong <0xFF Microsoft XAML Binary Format
|
||||
!:ext xbf
|
||||
>>>12 ulelong x %d
|
||||
>>>16 ulelong x \b.%d
|
||||
>>>4 ulelong x \b, metadata size: %d bytes
|
||||
>>>8 ulelong x \b, node size: %d bytes
|
||||
|
||||
# Metaswitch MetaView Service Assurance Server exports
|
||||
0 string MetaView\x20Service\x20Assurance\x20Export\x20File MetaView SAS export
|
||||
>39 string Version\x20
|
||||
>>47 byte x \b, version %c
|
||||
|
||||
# Active Directory Group Policy Registry Policy File Format
|
||||
# From: Yuuta Liang <yuuta@yuuta.moe>
|
||||
# URL: https://learn.microsoft.com/en-us/previous-versions/windows/desktop/policy/registry-policy-file-format
|
||||
0 string PReg
|
||||
>4 lelong x Group Policy Registry Policy, Version=%d
|
||||
|
@ -1,6 +1,6 @@
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# $File: wordprocessors,v 1.31 2022/08/31 08:00:53 christos Exp $
|
||||
# $File: wordprocessors,v 1.34 2023/01/24 20:13:40 christos Exp $
|
||||
# wordprocessors: file(1) magic fo word processors.
|
||||
#
|
||||
####### PWP file format used on Smith Corona Personal Word Processors:
|
||||
@ -288,7 +288,65 @@
|
||||
>>9 default x
|
||||
>>>9 byte x Corel WordPerfect Office: Unknown filetype %d
|
||||
# Corel DrawPerfect
|
||||
# URL: http://fileformats.archiveteam.org/wiki/Corel_Presentations
|
||||
# Update: Joerg Jenderek
|
||||
>8 byte 15
|
||||
# Reference: http://mark0.net/download/triddefs_xml.7z/defs/s/shw-wp-2.trid.xml
|
||||
# Note: called "WordPerfect Presentations (v2)" by TrID and
|
||||
# "Corel Presentation" with version "7-8-9" by DROID via PUID fmt/877
|
||||
>>9 byte 10 WordPerfect Presentation
|
||||
#!:mime application/octet-stream
|
||||
#!:mime application/vnd.wordperfect
|
||||
!:mime application/x-drawperfect-shw
|
||||
# like: BENEFITS.SHW chartbar.shw chartbul.shw chartgal.shw chartorg.shw fig-demo.shw figurgal.shw mastrgal.shw scuba.shw tutorial.shw
|
||||
!:ext shw
|
||||
# pointer to document area like: 10h
|
||||
>>>4 ulelong !0x10 \b, at %#x document area
|
||||
# according to TrID this is nil
|
||||
>>>12 ulelong !0 \b, at 0xC %#x
|
||||
# search for embedded WP file like in tutorial.shw
|
||||
#>>>16 search/638/sb \xffWPC WPC_MAGIC_FOUND
|
||||
# GRR: indirect call leads to recursion! WHY?
|
||||
#>>>>&0 indirect x \b; contains
|
||||
# Reference: http://mark0.net/download/triddefs_xml.7z/defs/s/shw-wp-3.trid.xml
|
||||
# Note: called "WordPerfect/Corel Presentations (v3)" by TrID and
|
||||
# "Corel Presentation" with version "3" by DROID via PUID fmt/878
|
||||
>>9 byte 15 Corel Presentation
|
||||
#!:mime application/octet-stream
|
||||
#!:mime application/vnd.wordperfect
|
||||
!:mime application/x-drawperfect-shw
|
||||
# like: FIG_ANIM.SHW presenta.shw
|
||||
!:ext shw
|
||||
# pointer to document area like: 1ah
|
||||
>>>4 ulelong !0x1a \b, at %#x document area
|
||||
# according to TrID this is nil
|
||||
>>>12 ulelong !0 \b, at 0xC %#x
|
||||
# reserved like: 3
|
||||
>>>16 ulelong !0x3 \b, at 0x10 %#x
|
||||
# file size, not including pad characters at EOF
|
||||
>>>0x14 ulelong x \b, %u bytes
|
||||
# search for embedded WP file like in foo
|
||||
#>>>24 search/638/sb \xffWPC WPC_MAGIC_FOUND
|
||||
# GRR: indirect call leads to recursion! WHY?
|
||||
#>>>>&0 indirect x \b; contains
|
||||
# embedded inside Compound Document variant handled by ./ole2compounddocs
|
||||
>>9 byte 16 Corel Presentation (embeded)
|
||||
#!:mime application/octet-stream
|
||||
#!:mime application/vnd.wordperfect
|
||||
!:mime application/x-corelpresentations
|
||||
# like: PerfectOffice_MAIN
|
||||
!:ext /
|
||||
# pointer to document area like: 1ah
|
||||
>>>4 ulelong !0x1a \b, at %#x document area
|
||||
>>>12 ulelong !0 \b, at 0xC %#x
|
||||
# reserved like: 3
|
||||
>>>16 ulelong !0x3 \b, at 0x10 %#x
|
||||
# file size, not including pad characters at EOF
|
||||
>>>0x14 ulelong x \b, %u bytes
|
||||
# search for embedded WP file
|
||||
#>>>24 search/638/sb \xffWPC WPC_MAGIC_FOUND
|
||||
# GRR: indirect call leads to recursion! WHY?
|
||||
#>>>>&0 indirect x \b; contains
|
||||
>>9 default x
|
||||
>>>9 byte x Corel DrawPerfect: Unknown filetype %d
|
||||
# Corel LetterPerfect
|
||||
@ -378,11 +436,17 @@
|
||||
>>8 byte x Unknown Corel/Wordperfect product %d,
|
||||
>>>9 byte x file type %d
|
||||
>10 byte 0 \b, v5.
|
||||
# version of WP file; 2.1~WP 8.0
|
||||
# major version of WP file like: 1 2
|
||||
>10 byte !0 \b, v%d.
|
||||
# minor version of WP file like: 0 1
|
||||
>11 byte x \b%d
|
||||
|
||||
# Hangul (Korean) Word Processor File
|
||||
0 string HWP\ Document\ File Hangul (Korean) Word Processor File 3.0
|
||||
# Hancom HWP (Hangul Word Processor)
|
||||
# Hangul Word Processor 3.0 through 97 used HWP 3.0 format.
|
||||
# URL: https://www.hancom.com/etc/hwpDownload.do
|
||||
0 string HWP\ Document\ File Hancom HWP (Hangul Word Processor) file, version 3.0
|
||||
!:ext hwp
|
||||
|
||||
# CosmicBook, from Benoit Rouits
|
||||
0 string CSBK Ted Neslson's CosmicBook hypertext file
|
||||
@ -430,7 +494,7 @@
|
||||
>110 uleshort/256 =0 document
|
||||
# https://www.macdisk.com/macsigen.php
|
||||
!:apple ALB3ALD3
|
||||
# PT3 for template and no example for PageMaker document/publiction with PM3 extension
|
||||
# PT3 for template and no example for PageMaker document/publication with PM3 extension
|
||||
!:ext pm3/pt3
|
||||
>110 uleshort/256 =4 document
|
||||
!:apple ALD4ALB4
|
||||
|
@ -1,6 +1,6 @@
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# $File: xenix,v 1.14 2021/04/26 15:56:00 christos Exp $
|
||||
# $File: xenix,v 1.15 2022/10/19 20:15:16 christos Exp $
|
||||
# xenix: file(1) magic for Microsoft Xenix
|
||||
#
|
||||
# "Middle model" stuff, and "Xenix 8086 relocatable or 80286 small
|
||||
@ -28,20 +28,23 @@
|
||||
# skip examples like Xtable.Data FRACTAL.GEN SHR.VIEW by looking for positive string length
|
||||
>>>3 ubyte >0
|
||||
# skip examples like OMBRE.6 with "UUUUUU" name by looking for valid high second record type
|
||||
>>>>(1.s+3) ubyte >0x6D 8086 relocatable (Microsoft)
|
||||
>>>>(1.s+3) ubyte >0x6D
|
||||
# skip few Atari DEGAS bitmap TPDEMO.PC2 RECIPE.PC2 with invalid "high" second record type FEh FFh
|
||||
>>>>>(1.s+3) ubyte <0xF2 8086 relocatable (Microsoft)
|
||||
#!:mime application/octet-stream
|
||||
!:mime application/x-object
|
||||
!:ext obj/o/a
|
||||
# T-module name often source name like "hello.c" or "jmppm32.asm" in JMPPM32.OBJ or
|
||||
# "kbhit" in KBHITS.OBJ or "CAUSEWAY_KERNAL" in CWAPI.OBJ
|
||||
>>>>>3 pstring x \b, "%s"
|
||||
>>>>>>3 pstring x \b, "%s"
|
||||
# data length probably lower 256 according to TrID obj_omf.trid.xml
|
||||
>>>>>1 uleshort x \b, 1st record data length %u
|
||||
>>>>>>1 uleshort x \b, 1st record data length %u
|
||||
# checksum
|
||||
#>>>>>(3.b+4) ubyte x \b, checksum %#2.2x
|
||||
#>>>>>>(3.b+4) ubyte x \b, checksum %#2.2x
|
||||
# second recordtype: 96h~LNAMES 88h~COMENT 8CH~EXTDEF
|
||||
>>>>>(1.s+3) ubyte x \b, 2nd record type %#x
|
||||
>>>>>(1.s+4) uleshort x \b, 2nd record data length %u
|
||||
# highest F1h~Library End Record
|
||||
>>>>>>(1.s+3) ubyte x \b, 2nd record type %#x
|
||||
>>>>>>(1.s+4) uleshort x \b, 2nd record data length %u
|
||||
0 leshort 0xff65 x.out
|
||||
>2 string __.SYMDEF randomized
|
||||
>0 byte x archive
|
||||
@ -100,3 +103,4 @@
|
||||
>0x1e leshort &0x102 Huge Objects Enabled
|
||||
|
||||
0 leshort 0x580 XENIX 8086 relocatable or 80286 small model
|
||||
# GRR: line above is too general as it catches also all 8086 relocatable (Microsoft) with 1st record data length 5 C0M.OBJ C0T.OBJ C0S.OBJ
|
||||
|
@ -1,6 +1,6 @@
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# $File: xilinx,v 1.9 2021/04/26 15:56:00 christos Exp $
|
||||
# $File: xilinx,v 1.10 2022/12/18 14:59:32 christos Exp $
|
||||
# This is Aaron's attempt at a MAGIC file for Xilinx .bit files.
|
||||
# Xilinx-Magic@RevRagnarok.com
|
||||
# Got the info from FPGA-FAQ 0026
|
||||
@ -38,3 +38,21 @@
|
||||
# Raw bitstream files
|
||||
0 long 0xffffffff
|
||||
>&0 belong 0xaa995566 Xilinx RAW bitstream (.BIN)
|
||||
|
||||
# AXLF (xclbin) files used by AMD/Xilinx accelerators.
|
||||
# The file format is defined by XRT source tree:
|
||||
# https://github.com/Xilinx/XRT/blob/master/src/runtime_src/core/include/xclbin.h
|
||||
# Display file size, creation date, accelerator shell name, xclbin uuid and
|
||||
# number of sections.
|
||||
|
||||
0 string xclbin2 AMD/Xilinx accelerator AXLF (xclbin) file
|
||||
>0x130 lequad x \b, %lld bytes
|
||||
>0x138 leqdate x \b, created %s
|
||||
>0x160 string >0 \b, shell "%.64s"
|
||||
>0x1a0 ubelong x \b, uuid %08x
|
||||
>0x1a4 ubeshort x \b-%04x
|
||||
>0x1a6 ubeshort x \b-%04x
|
||||
>0x1a8 ubeshort x \b-%04x
|
||||
>0x1aa ubelong x \b-%08x
|
||||
>0x1ae ubeshort x \b%04x
|
||||
>0x1c0 lelong x \b, %d sections
|
@ -1,5 +1,5 @@
|
||||
#
|
||||
# $File: Makefile.am,v 1.182 2022/09/11 21:04:30 christos Exp $
|
||||
# $File: Makefile.am,v 1.188 2023/05/21 17:19:08 christos Exp $
|
||||
#
|
||||
MAGIC_FRAGMENT_BASE = Magdir
|
||||
MAGIC_DIR = $(top_srcdir)/magic
|
||||
@ -92,8 +92,8 @@ $(MAGIC_FRAGMENT_DIR)/dif \
|
||||
$(MAGIC_FRAGMENT_DIR)/diff \
|
||||
$(MAGIC_FRAGMENT_DIR)/digital \
|
||||
$(MAGIC_FRAGMENT_DIR)/dolby \
|
||||
$(MAGIC_FRAGMENT_DIR)/dsf \
|
||||
$(MAGIC_FRAGMENT_DIR)/dump \
|
||||
$(MAGIC_FRAGMENT_DIR)/dwarfs \
|
||||
$(MAGIC_FRAGMENT_DIR)/dyadic \
|
||||
$(MAGIC_FRAGMENT_DIR)/ebml \
|
||||
$(MAGIC_FRAGMENT_DIR)/edid \
|
||||
@ -108,6 +108,7 @@ $(MAGIC_FRAGMENT_DIR)/esri \
|
||||
$(MAGIC_FRAGMENT_DIR)/fcs \
|
||||
$(MAGIC_FRAGMENT_DIR)/filesystems \
|
||||
$(MAGIC_FRAGMENT_DIR)/finger \
|
||||
$(MAGIC_FRAGMENT_DIR)/firmware \
|
||||
$(MAGIC_FRAGMENT_DIR)/flash \
|
||||
$(MAGIC_FRAGMENT_DIR)/flif \
|
||||
$(MAGIC_FRAGMENT_DIR)/fonts \
|
||||
@ -245,6 +246,7 @@ $(MAGIC_FRAGMENT_DIR)/pgp \
|
||||
$(MAGIC_FRAGMENT_DIR)/pgp-binary-keys \
|
||||
$(MAGIC_FRAGMENT_DIR)/pkgadd \
|
||||
$(MAGIC_FRAGMENT_DIR)/plan9 \
|
||||
$(MAGIC_FRAGMENT_DIR)/playdate \
|
||||
$(MAGIC_FRAGMENT_DIR)/plus5 \
|
||||
$(MAGIC_FRAGMENT_DIR)/pmem \
|
||||
$(MAGIC_FRAGMENT_DIR)/polyml \
|
||||
@ -267,6 +269,7 @@ $(MAGIC_FRAGMENT_DIR)/rpmsg \
|
||||
$(MAGIC_FRAGMENT_DIR)/rtf \
|
||||
$(MAGIC_FRAGMENT_DIR)/rst \
|
||||
$(MAGIC_FRAGMENT_DIR)/ruby \
|
||||
$(MAGIC_FRAGMENT_DIR)/rust \
|
||||
$(MAGIC_FRAGMENT_DIR)/sc \
|
||||
$(MAGIC_FRAGMENT_DIR)/sccs \
|
||||
$(MAGIC_FRAGMENT_DIR)/scientific \
|
||||
@ -294,6 +297,7 @@ $(MAGIC_FRAGMENT_DIR)/ssl \
|
||||
$(MAGIC_FRAGMENT_DIR)/statistics \
|
||||
$(MAGIC_FRAGMENT_DIR)/subtitle \
|
||||
$(MAGIC_FRAGMENT_DIR)/sun \
|
||||
$(MAGIC_FRAGMENT_DIR)/svf \
|
||||
$(MAGIC_FRAGMENT_DIR)/sylk \
|
||||
$(MAGIC_FRAGMENT_DIR)/symbos \
|
||||
$(MAGIC_FRAGMENT_DIR)/sysex \
|
||||
|
@ -278,7 +278,7 @@ top_builddir = @top_builddir@
|
||||
top_srcdir = @top_srcdir@
|
||||
|
||||
#
|
||||
# $File: Makefile.am,v 1.182 2022/09/11 21:04:30 christos Exp $
|
||||
# $File: Makefile.am,v 1.188 2023/05/21 17:19:08 christos Exp $
|
||||
#
|
||||
MAGIC_FRAGMENT_BASE = Magdir
|
||||
MAGIC_DIR = $(top_srcdir)/magic
|
||||
@ -369,8 +369,8 @@ $(MAGIC_FRAGMENT_DIR)/dif \
|
||||
$(MAGIC_FRAGMENT_DIR)/diff \
|
||||
$(MAGIC_FRAGMENT_DIR)/digital \
|
||||
$(MAGIC_FRAGMENT_DIR)/dolby \
|
||||
$(MAGIC_FRAGMENT_DIR)/dsf \
|
||||
$(MAGIC_FRAGMENT_DIR)/dump \
|
||||
$(MAGIC_FRAGMENT_DIR)/dwarfs \
|
||||
$(MAGIC_FRAGMENT_DIR)/dyadic \
|
||||
$(MAGIC_FRAGMENT_DIR)/ebml \
|
||||
$(MAGIC_FRAGMENT_DIR)/edid \
|
||||
@ -385,6 +385,7 @@ $(MAGIC_FRAGMENT_DIR)/esri \
|
||||
$(MAGIC_FRAGMENT_DIR)/fcs \
|
||||
$(MAGIC_FRAGMENT_DIR)/filesystems \
|
||||
$(MAGIC_FRAGMENT_DIR)/finger \
|
||||
$(MAGIC_FRAGMENT_DIR)/firmware \
|
||||
$(MAGIC_FRAGMENT_DIR)/flash \
|
||||
$(MAGIC_FRAGMENT_DIR)/flif \
|
||||
$(MAGIC_FRAGMENT_DIR)/fonts \
|
||||
@ -522,6 +523,7 @@ $(MAGIC_FRAGMENT_DIR)/pgp \
|
||||
$(MAGIC_FRAGMENT_DIR)/pgp-binary-keys \
|
||||
$(MAGIC_FRAGMENT_DIR)/pkgadd \
|
||||
$(MAGIC_FRAGMENT_DIR)/plan9 \
|
||||
$(MAGIC_FRAGMENT_DIR)/playdate \
|
||||
$(MAGIC_FRAGMENT_DIR)/plus5 \
|
||||
$(MAGIC_FRAGMENT_DIR)/pmem \
|
||||
$(MAGIC_FRAGMENT_DIR)/polyml \
|
||||
@ -544,6 +546,7 @@ $(MAGIC_FRAGMENT_DIR)/rpmsg \
|
||||
$(MAGIC_FRAGMENT_DIR)/rtf \
|
||||
$(MAGIC_FRAGMENT_DIR)/rst \
|
||||
$(MAGIC_FRAGMENT_DIR)/ruby \
|
||||
$(MAGIC_FRAGMENT_DIR)/rust \
|
||||
$(MAGIC_FRAGMENT_DIR)/sc \
|
||||
$(MAGIC_FRAGMENT_DIR)/sccs \
|
||||
$(MAGIC_FRAGMENT_DIR)/scientific \
|
||||
@ -571,6 +574,7 @@ $(MAGIC_FRAGMENT_DIR)/ssl \
|
||||
$(MAGIC_FRAGMENT_DIR)/statistics \
|
||||
$(MAGIC_FRAGMENT_DIR)/subtitle \
|
||||
$(MAGIC_FRAGMENT_DIR)/sun \
|
||||
$(MAGIC_FRAGMENT_DIR)/svf \
|
||||
$(MAGIC_FRAGMENT_DIR)/sylk \
|
||||
$(MAGIC_FRAGMENT_DIR)/symbos \
|
||||
$(MAGIC_FRAGMENT_DIR)/sysex \
|
||||
|
@ -8,8 +8,8 @@ AM_CPPFLAGS = -DMAGIC='"$(MAGIC)"'
|
||||
AM_CFLAGS = $(CFLAG_VISIBILITY) @WARNINGS@
|
||||
|
||||
libmagic_la_SOURCES = buffer.c magic.c apprentice.c softmagic.c ascmagic.c \
|
||||
encoding.c compress.c is_csv.c is_json.c is_tar.c readelf.c print.c \
|
||||
fsmagic.c funcs.c file.h readelf.h tar.h apptype.c der.c der.h \
|
||||
encoding.c compress.c is_csv.c is_json.c is_simh.c is_tar.c readelf.c \
|
||||
print.c fsmagic.c funcs.c file.h readelf.h tar.h apptype.c der.c der.h \
|
||||
file_opts.h elfclass.h mygetopt.h cdf.c cdf_time.c readcdf.c cdf.h
|
||||
libmagic_la_LDFLAGS = -no-undefined -version-info 1:0:0
|
||||
if MINGW
|
||||
@ -17,10 +17,10 @@ MINGWLIBS = -lgnurx -lshlwapi
|
||||
else
|
||||
MINGWLIBS =
|
||||
endif
|
||||
libmagic_la_LIBADD = $(LTLIBOBJS) $(MINGWLIBS)
|
||||
libmagic_la_LIBADD = -lm $(LTLIBOBJS) $(MINGWLIBS)
|
||||
|
||||
file_SOURCES = file.c seccomp.c
|
||||
file_LDADD = libmagic.la
|
||||
file_LDADD = libmagic.la -lm
|
||||
CLEANFILES = magic.h
|
||||
EXTRA_DIST = magic.h.in cdf.mk BNF memtest.c
|
||||
HDR= $(top_srcdir)/src/magic.h.in
|
||||
|
@ -139,8 +139,8 @@ am__DEPENDENCIES_1 =
|
||||
libmagic_la_DEPENDENCIES = $(LTLIBOBJS) $(am__DEPENDENCIES_1)
|
||||
am_libmagic_la_OBJECTS = buffer.lo magic.lo apprentice.lo softmagic.lo \
|
||||
ascmagic.lo encoding.lo compress.lo is_csv.lo is_json.lo \
|
||||
is_tar.lo readelf.lo print.lo fsmagic.lo funcs.lo apptype.lo \
|
||||
der.lo cdf.lo cdf_time.lo readcdf.lo
|
||||
is_simh.lo is_tar.lo readelf.lo print.lo fsmagic.lo funcs.lo \
|
||||
apptype.lo der.lo cdf.lo cdf_time.lo readcdf.lo
|
||||
libmagic_la_OBJECTS = $(am_libmagic_la_OBJECTS)
|
||||
AM_V_lt = $(am__v_lt_@AM_V@)
|
||||
am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
|
||||
@ -181,10 +181,10 @@ am__depfiles_remade = $(DEPDIR)/asctime_r.Plo $(DEPDIR)/asprintf.Plo \
|
||||
./$(DEPDIR)/encoding.Plo ./$(DEPDIR)/file.Po \
|
||||
./$(DEPDIR)/fsmagic.Plo ./$(DEPDIR)/funcs.Plo \
|
||||
./$(DEPDIR)/is_csv.Plo ./$(DEPDIR)/is_json.Plo \
|
||||
./$(DEPDIR)/is_tar.Plo ./$(DEPDIR)/magic.Plo \
|
||||
./$(DEPDIR)/print.Plo ./$(DEPDIR)/readcdf.Plo \
|
||||
./$(DEPDIR)/readelf.Plo ./$(DEPDIR)/seccomp.Po \
|
||||
./$(DEPDIR)/softmagic.Plo
|
||||
./$(DEPDIR)/is_simh.Plo ./$(DEPDIR)/is_tar.Plo \
|
||||
./$(DEPDIR)/magic.Plo ./$(DEPDIR)/print.Plo \
|
||||
./$(DEPDIR)/readcdf.Plo ./$(DEPDIR)/readelf.Plo \
|
||||
./$(DEPDIR)/seccomp.Po ./$(DEPDIR)/softmagic.Plo
|
||||
am__mv = mv -f
|
||||
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
|
||||
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
|
||||
@ -364,16 +364,16 @@ nodist_include_HEADERS = magic.h
|
||||
AM_CPPFLAGS = -DMAGIC='"$(MAGIC)"'
|
||||
AM_CFLAGS = $(CFLAG_VISIBILITY) @WARNINGS@
|
||||
libmagic_la_SOURCES = buffer.c magic.c apprentice.c softmagic.c ascmagic.c \
|
||||
encoding.c compress.c is_csv.c is_json.c is_tar.c readelf.c print.c \
|
||||
fsmagic.c funcs.c file.h readelf.h tar.h apptype.c der.c der.h \
|
||||
encoding.c compress.c is_csv.c is_json.c is_simh.c is_tar.c readelf.c \
|
||||
print.c fsmagic.c funcs.c file.h readelf.h tar.h apptype.c der.c der.h \
|
||||
file_opts.h elfclass.h mygetopt.h cdf.c cdf_time.c readcdf.c cdf.h
|
||||
|
||||
libmagic_la_LDFLAGS = -no-undefined -version-info 1:0:0
|
||||
@MINGW_FALSE@MINGWLIBS =
|
||||
@MINGW_TRUE@MINGWLIBS = -lgnurx -lshlwapi
|
||||
libmagic_la_LIBADD = $(LTLIBOBJS) $(MINGWLIBS)
|
||||
libmagic_la_LIBADD = -lm $(LTLIBOBJS) $(MINGWLIBS)
|
||||
file_SOURCES = file.c seccomp.c
|
||||
file_LDADD = libmagic.la
|
||||
file_LDADD = libmagic.la -lm
|
||||
CLEANFILES = magic.h
|
||||
EXTRA_DIST = magic.h.in cdf.mk BNF memtest.c
|
||||
HDR = $(top_srcdir)/src/magic.h.in
|
||||
@ -538,6 +538,7 @@ distclean-compile:
|
||||
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/funcs.Plo@am__quote@ # am--include-marker
|
||||
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/is_csv.Plo@am__quote@ # am--include-marker
|
||||
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/is_json.Plo@am__quote@ # am--include-marker
|
||||
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/is_simh.Plo@am__quote@ # am--include-marker
|
||||
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/is_tar.Plo@am__quote@ # am--include-marker
|
||||
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/magic.Plo@am__quote@ # am--include-marker
|
||||
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/print.Plo@am__quote@ # am--include-marker
|
||||
@ -765,6 +766,7 @@ distclean: distclean-am
|
||||
-rm -f ./$(DEPDIR)/funcs.Plo
|
||||
-rm -f ./$(DEPDIR)/is_csv.Plo
|
||||
-rm -f ./$(DEPDIR)/is_json.Plo
|
||||
-rm -f ./$(DEPDIR)/is_simh.Plo
|
||||
-rm -f ./$(DEPDIR)/is_tar.Plo
|
||||
-rm -f ./$(DEPDIR)/magic.Plo
|
||||
-rm -f ./$(DEPDIR)/print.Plo
|
||||
@ -845,6 +847,7 @@ maintainer-clean: maintainer-clean-am
|
||||
-rm -f ./$(DEPDIR)/funcs.Plo
|
||||
-rm -f ./$(DEPDIR)/is_csv.Plo
|
||||
-rm -f ./$(DEPDIR)/is_json.Plo
|
||||
-rm -f ./$(DEPDIR)/is_simh.Plo
|
||||
-rm -f ./$(DEPDIR)/is_tar.Plo
|
||||
-rm -f ./$(DEPDIR)/magic.Plo
|
||||
-rm -f ./$(DEPDIR)/print.Plo
|
||||
|
275
src/apprentice.c
275
src/apprentice.c
@ -32,7 +32,7 @@
|
||||
#include "file.h"
|
||||
|
||||
#ifndef lint
|
||||
FILE_RCSID("@(#)$File: apprentice.c,v 1.326 2022/09/13 18:46:07 christos Exp $")
|
||||
FILE_RCSID("@(#)$File: apprentice.c,v 1.342 2023/07/17 14:38:35 christos Exp $")
|
||||
#endif /* lint */
|
||||
|
||||
#include "magic.h"
|
||||
@ -112,25 +112,24 @@ const size_t file_nformats = FILE_NAMES_SIZE;
|
||||
const char *file_names[FILE_NAMES_SIZE];
|
||||
const size_t file_nnames = FILE_NAMES_SIZE;
|
||||
|
||||
private int getvalue(struct magic_set *ms, struct magic *, const char **, int);
|
||||
private int hextoint(int);
|
||||
private const char *getstr(struct magic_set *, struct magic *, const char *,
|
||||
file_private int getvalue(struct magic_set *ms, struct magic *, const char **, int);
|
||||
file_private int hextoint(int);
|
||||
file_private const char *getstr(struct magic_set *, struct magic *, const char *,
|
||||
int);
|
||||
private int parse(struct magic_set *, struct magic_entry *, const char *,
|
||||
file_private int parse(struct magic_set *, struct magic_entry *, const char *,
|
||||
size_t, int);
|
||||
private void eatsize(const char **);
|
||||
private int apprentice_1(struct magic_set *, const char *, int);
|
||||
private ssize_t apprentice_magic_strength_1(const struct magic *);
|
||||
private size_t apprentice_magic_strength(const struct magic *, size_t);
|
||||
private int apprentice_sort(const void *, const void *);
|
||||
private void apprentice_list(struct mlist *, int );
|
||||
private struct magic_map *apprentice_load(struct magic_set *,
|
||||
file_private void eatsize(const char **);
|
||||
file_private int apprentice_1(struct magic_set *, const char *, int);
|
||||
file_private ssize_t apprentice_magic_strength_1(const struct magic *);
|
||||
file_private int apprentice_sort(const void *, const void *);
|
||||
file_private void apprentice_list(struct mlist *, int );
|
||||
file_private struct magic_map *apprentice_load(struct magic_set *,
|
||||
const char *, int);
|
||||
private struct mlist *mlist_alloc(void);
|
||||
private void mlist_free_all(struct magic_set *);
|
||||
private void mlist_free(struct mlist *);
|
||||
private void byteswap(struct magic *, uint32_t);
|
||||
private void bs1(struct magic *);
|
||||
file_private struct mlist *mlist_alloc(void);
|
||||
file_private void mlist_free_all(struct magic_set *);
|
||||
file_private void mlist_free(struct mlist *);
|
||||
file_private void byteswap(struct magic *, uint32_t);
|
||||
file_private void bs1(struct magic *);
|
||||
|
||||
#if defined(HAVE_BYTESWAP_H)
|
||||
#define swap2(x) bswap_16(x)
|
||||
@ -141,37 +140,37 @@ private void bs1(struct magic *);
|
||||
#define swap4(x) bswap32(x)
|
||||
#define swap8(x) bswap64(x)
|
||||
#else
|
||||
private uint16_t swap2(uint16_t);
|
||||
private uint32_t swap4(uint32_t);
|
||||
private uint64_t swap8(uint64_t);
|
||||
file_private uint16_t swap2(uint16_t);
|
||||
file_private uint32_t swap4(uint32_t);
|
||||
file_private uint64_t swap8(uint64_t);
|
||||
#endif
|
||||
|
||||
private char *mkdbname(struct magic_set *, const char *, int);
|
||||
private struct magic_map *apprentice_buf(struct magic_set *, struct magic *,
|
||||
file_private char *mkdbname(struct magic_set *, const char *, int);
|
||||
file_private struct magic_map *apprentice_buf(struct magic_set *, struct magic *,
|
||||
size_t);
|
||||
private struct magic_map *apprentice_map(struct magic_set *, const char *);
|
||||
private int check_buffer(struct magic_set *, struct magic_map *, const char *);
|
||||
private void apprentice_unmap(struct magic_map *);
|
||||
private int apprentice_compile(struct magic_set *, struct magic_map *,
|
||||
file_private struct magic_map *apprentice_map(struct magic_set *, const char *);
|
||||
file_private int check_buffer(struct magic_set *, struct magic_map *, const char *);
|
||||
file_private void apprentice_unmap(struct magic_map *);
|
||||
file_private int apprentice_compile(struct magic_set *, struct magic_map *,
|
||||
const char *);
|
||||
private int check_format_type(const char *, int, const char **);
|
||||
private int check_format(struct magic_set *, struct magic *);
|
||||
private int get_op(char);
|
||||
private int parse_mime(struct magic_set *, struct magic_entry *, const char *,
|
||||
file_private int check_format_type(const char *, int, const char **);
|
||||
file_private int check_format(struct magic_set *, struct magic *);
|
||||
file_private int get_op(char);
|
||||
file_private int parse_mime(struct magic_set *, struct magic_entry *, const char *,
|
||||
size_t);
|
||||
private int parse_strength(struct magic_set *, struct magic_entry *,
|
||||
file_private int parse_strength(struct magic_set *, struct magic_entry *,
|
||||
const char *, size_t);
|
||||
private int parse_apple(struct magic_set *, struct magic_entry *, const char *,
|
||||
file_private int parse_apple(struct magic_set *, struct magic_entry *, const char *,
|
||||
size_t);
|
||||
private int parse_ext(struct magic_set *, struct magic_entry *, const char *,
|
||||
file_private int parse_ext(struct magic_set *, struct magic_entry *, const char *,
|
||||
size_t);
|
||||
|
||||
|
||||
private size_t magicsize = sizeof(struct magic);
|
||||
file_private size_t magicsize = sizeof(struct magic);
|
||||
|
||||
private const char usg_hdr[] = "cont\toffset\ttype\topcode\tmask\tvalue\tdesc";
|
||||
file_private const char usg_hdr[] = "cont\toffset\ttype\topcode\tmask\tvalue\tdesc";
|
||||
|
||||
private struct {
|
||||
file_private struct {
|
||||
const char *name;
|
||||
size_t len;
|
||||
int (*fun)(struct magic_set *, struct magic_entry *, const char *,
|
||||
@ -313,7 +312,7 @@ static const struct type_tbl_s special_tbl[] = {
|
||||
# undef XX
|
||||
# undef XX_NULL
|
||||
|
||||
private int
|
||||
file_private int
|
||||
get_type(const struct type_tbl_s *tbl, const char *l, const char **t)
|
||||
{
|
||||
const struct type_tbl_s *p;
|
||||
@ -328,7 +327,7 @@ get_type(const struct type_tbl_s *tbl, const char *l, const char **t)
|
||||
return p->type;
|
||||
}
|
||||
|
||||
private off_t
|
||||
file_private off_t
|
||||
maxoff_t(void) {
|
||||
if (/*CONSTCOND*/sizeof(off_t) == sizeof(int))
|
||||
return CAST(off_t, INT_MAX);
|
||||
@ -337,7 +336,7 @@ maxoff_t(void) {
|
||||
return 0x7fffffff;
|
||||
}
|
||||
|
||||
private int
|
||||
file_private int
|
||||
get_standard_integer_type(const char *l, const char **t)
|
||||
{
|
||||
int type;
|
||||
@ -422,7 +421,7 @@ get_standard_integer_type(const char *l, const char **t)
|
||||
return type;
|
||||
}
|
||||
|
||||
private void
|
||||
file_private void
|
||||
init_file_tables(void)
|
||||
{
|
||||
static int done = 0;
|
||||
@ -440,7 +439,7 @@ init_file_tables(void)
|
||||
assert(p - type_tbl == FILE_NAMES_SIZE);
|
||||
}
|
||||
|
||||
private int
|
||||
file_private int
|
||||
add_mlist(struct mlist *mlp, struct magic_map *map, size_t idx)
|
||||
{
|
||||
struct mlist *ml;
|
||||
@ -471,12 +470,11 @@ add_mlist(struct mlist *mlp, struct magic_map *map, size_t idx)
|
||||
/*
|
||||
* Handle one file or directory.
|
||||
*/
|
||||
private int
|
||||
file_private int
|
||||
apprentice_1(struct magic_set *ms, const char *fn, int action)
|
||||
{
|
||||
struct magic_map *map;
|
||||
#ifndef COMPILE_ONLY
|
||||
struct mlist *ml;
|
||||
size_t i;
|
||||
#endif
|
||||
|
||||
@ -498,7 +496,7 @@ apprentice_1(struct magic_set *ms, const char *fn, int action)
|
||||
map = apprentice_map(ms, fn);
|
||||
if (map == NULL) {
|
||||
if (ms->flags & MAGIC_CHECK)
|
||||
file_magwarn(ms, "using regular magic file `%s'", fn);
|
||||
file_magwarn(NULL, "using regular magic file `%s'", fn);
|
||||
map = apprentice_load(ms, fn, action);
|
||||
if (map == NULL)
|
||||
return -1;
|
||||
@ -511,7 +509,7 @@ apprentice_1(struct magic_set *ms, const char *fn, int action)
|
||||
apprentice_unmap(map);
|
||||
else
|
||||
mlist_free_all(ms);
|
||||
file_oomem(ms, sizeof(*ml));
|
||||
file_oomem(ms, sizeof(*ms->mlist[0]));
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
@ -531,7 +529,7 @@ apprentice_1(struct magic_set *ms, const char *fn, int action)
|
||||
#endif /* COMPILE_ONLY */
|
||||
}
|
||||
|
||||
protected void
|
||||
file_protected void
|
||||
file_ms_free(struct magic_set *ms)
|
||||
{
|
||||
size_t i;
|
||||
@ -548,14 +546,14 @@ file_ms_free(struct magic_set *ms)
|
||||
free(ms);
|
||||
}
|
||||
|
||||
protected struct magic_set *
|
||||
file_protected struct magic_set *
|
||||
file_ms_alloc(int flags)
|
||||
{
|
||||
struct magic_set *ms;
|
||||
size_t i, len;
|
||||
|
||||
if ((ms = CAST(struct magic_set *, calloc(CAST(size_t, 1u),
|
||||
sizeof(struct magic_set)))) == NULL)
|
||||
sizeof(*ms)))) == NULL)
|
||||
return NULL;
|
||||
|
||||
if (magic_setflags(ms, flags) == -1) {
|
||||
@ -579,6 +577,7 @@ file_ms_alloc(int flags)
|
||||
ms->indir_max = FILE_INDIR_MAX;
|
||||
ms->name_max = FILE_NAME_MAX;
|
||||
ms->elf_shnum_max = FILE_ELF_SHNUM_MAX;
|
||||
ms->elf_shsize_max = FILE_ELF_SHSIZE_MAX;
|
||||
ms->elf_phnum_max = FILE_ELF_PHNUM_MAX;
|
||||
ms->elf_notes_max = FILE_ELF_NOTES_MAX;
|
||||
ms->regex_max = FILE_REGEX_MAX;
|
||||
@ -594,7 +593,7 @@ file_ms_alloc(int flags)
|
||||
return NULL;
|
||||
}
|
||||
|
||||
private void
|
||||
file_private void
|
||||
apprentice_unmap(struct magic_map *map)
|
||||
{
|
||||
size_t i;
|
||||
@ -628,7 +627,7 @@ apprentice_unmap(struct magic_map *map)
|
||||
free(map);
|
||||
}
|
||||
|
||||
private struct mlist *
|
||||
file_private struct mlist *
|
||||
mlist_alloc(void)
|
||||
{
|
||||
struct mlist *mlist;
|
||||
@ -639,7 +638,7 @@ mlist_alloc(void)
|
||||
return mlist;
|
||||
}
|
||||
|
||||
private void
|
||||
file_private void
|
||||
mlist_free_all(struct magic_set *ms)
|
||||
{
|
||||
size_t i;
|
||||
@ -650,7 +649,7 @@ mlist_free_all(struct magic_set *ms)
|
||||
}
|
||||
}
|
||||
|
||||
private void
|
||||
file_private void
|
||||
mlist_free_one(struct mlist *ml)
|
||||
{
|
||||
size_t i;
|
||||
@ -670,7 +669,7 @@ mlist_free_one(struct mlist *ml)
|
||||
free(ml);
|
||||
}
|
||||
|
||||
private void
|
||||
file_private void
|
||||
mlist_free(struct mlist *mlist)
|
||||
{
|
||||
struct mlist *ml, *next;
|
||||
@ -688,12 +687,11 @@ mlist_free(struct mlist *mlist)
|
||||
|
||||
#ifndef COMPILE_ONLY
|
||||
/* void **bufs: an array of compiled magic files */
|
||||
protected int
|
||||
file_protected int
|
||||
buffer_apprentice(struct magic_set *ms, struct magic **bufs,
|
||||
size_t *sizes, size_t nbufs)
|
||||
{
|
||||
size_t i, j;
|
||||
struct mlist *ml;
|
||||
struct magic_map *map;
|
||||
|
||||
if (nbufs == 0)
|
||||
@ -706,7 +704,7 @@ buffer_apprentice(struct magic_set *ms, struct magic **bufs,
|
||||
for (i = 0; i < MAGIC_SETS; i++) {
|
||||
mlist_free(ms->mlist[i]);
|
||||
if ((ms->mlist[i] = mlist_alloc()) == NULL) {
|
||||
file_oomem(ms, sizeof(*ms->mlist[i]));
|
||||
file_oomem(ms, sizeof(*ms->mlist[0]));
|
||||
goto fail;
|
||||
}
|
||||
}
|
||||
@ -718,7 +716,7 @@ buffer_apprentice(struct magic_set *ms, struct magic **bufs,
|
||||
|
||||
for (j = 0; j < MAGIC_SETS; j++) {
|
||||
if (add_mlist(ms->mlist[j], map, j) == -1) {
|
||||
file_oomem(ms, sizeof(*ml));
|
||||
file_oomem(ms, sizeof(*ms->mlist[0]));
|
||||
goto fail;
|
||||
}
|
||||
}
|
||||
@ -732,7 +730,7 @@ buffer_apprentice(struct magic_set *ms, struct magic **bufs,
|
||||
#endif
|
||||
|
||||
/* const char *fn: list of magic files and directories */
|
||||
protected int
|
||||
file_protected int
|
||||
file_apprentice(struct magic_set *ms, const char *fn, int action)
|
||||
{
|
||||
char *p, *mfn;
|
||||
@ -754,7 +752,7 @@ file_apprentice(struct magic_set *ms, const char *fn, int action)
|
||||
for (i = 0; i < MAGIC_SETS; i++) {
|
||||
mlist_free(ms->mlist[i]);
|
||||
if ((ms->mlist[i] = mlist_alloc()) == NULL) {
|
||||
file_oomem(ms, sizeof(*ms->mlist[i]));
|
||||
file_oomem(ms, sizeof(*ms->mlist[0]));
|
||||
for (j = 0; j < i; j++) {
|
||||
mlist_free(ms->mlist[j]);
|
||||
ms->mlist[j] = NULL;
|
||||
@ -822,7 +820,7 @@ file_apprentice(struct magic_set *ms, const char *fn, int action)
|
||||
* - regular characters or escaped magic characters count 1
|
||||
* - 0 length expressions count as one
|
||||
*/
|
||||
private size_t
|
||||
file_private size_t
|
||||
nonmagic(const char *str)
|
||||
{
|
||||
const char *p;
|
||||
@ -862,7 +860,7 @@ nonmagic(const char *str)
|
||||
}
|
||||
|
||||
|
||||
private size_t
|
||||
file_private size_t
|
||||
typesize(int type)
|
||||
{
|
||||
switch (type) {
|
||||
@ -932,7 +930,7 @@ typesize(int type)
|
||||
/*
|
||||
* Get weight of this magic entry, for sorting purposes.
|
||||
*/
|
||||
private ssize_t
|
||||
file_private ssize_t
|
||||
apprentice_magic_strength_1(const struct magic *m)
|
||||
{
|
||||
#define MULT 10U
|
||||
@ -942,8 +940,8 @@ apprentice_magic_strength_1(const struct magic *m)
|
||||
switch (m->type) {
|
||||
case FILE_DEFAULT: /* make sure this sorts last */
|
||||
if (m->factor_op != FILE_FACTOR_OP_NONE) {
|
||||
fprintf(stderr, "Bad factor_op %d", m->factor_op);
|
||||
abort();
|
||||
file_magwarn(NULL, "Usupported factor_op in default %d",
|
||||
m->factor_op);
|
||||
}
|
||||
return 0;
|
||||
|
||||
@ -1069,8 +1067,8 @@ apprentice_magic_strength_1(const struct magic *m)
|
||||
|
||||
|
||||
/*ARGSUSED*/
|
||||
private size_t
|
||||
apprentice_magic_strength(const struct magic *m,
|
||||
file_protected size_t
|
||||
file_magic_strength(const struct magic *m,
|
||||
size_t nmagic __attribute__((__unused__)))
|
||||
{
|
||||
ssize_t val = apprentice_magic_strength_1(m);
|
||||
@ -1130,13 +1128,13 @@ apprentice_magic_strength(const struct magic *m,
|
||||
/*
|
||||
* Sort callback for sorting entries by "strength" (basically length)
|
||||
*/
|
||||
private int
|
||||
file_private int
|
||||
apprentice_sort(const void *a, const void *b)
|
||||
{
|
||||
const struct magic_entry *ma = CAST(const struct magic_entry *, a);
|
||||
const struct magic_entry *mb = CAST(const struct magic_entry *, b);
|
||||
size_t sa = apprentice_magic_strength(ma->mp, ma->cont_count);
|
||||
size_t sb = apprentice_magic_strength(mb->mp, mb->cont_count);
|
||||
size_t sa = file_magic_strength(ma->mp, ma->cont_count);
|
||||
size_t sb = file_magic_strength(mb->mp, mb->cont_count);
|
||||
if (sa == sb)
|
||||
return 0;
|
||||
else if (sa > sb)
|
||||
@ -1148,7 +1146,7 @@ apprentice_sort(const void *a, const void *b)
|
||||
/*
|
||||
* Shows sorted patterns list in the order which is used for the matching
|
||||
*/
|
||||
private void
|
||||
file_private void
|
||||
apprentice_list(struct mlist *mlist, int mode)
|
||||
{
|
||||
uint32_t magindex, descindex, mimeindex, lineindex;
|
||||
@ -1169,18 +1167,20 @@ apprentice_list(struct mlist *mlist, int mode)
|
||||
* description/mimetype.
|
||||
*/
|
||||
lineindex = descindex = mimeindex = magindex;
|
||||
for (magindex++; magindex < ml->nmagic &&
|
||||
ml->magic[magindex].cont_level != 0; magindex++) {
|
||||
for (; magindex + 1 < ml->nmagic &&
|
||||
ml->magic[magindex + 1].cont_level != 0;
|
||||
magindex++) {
|
||||
uint32_t mi = magindex + 1;
|
||||
if (*ml->magic[descindex].desc == '\0'
|
||||
&& *ml->magic[magindex].desc)
|
||||
descindex = magindex;
|
||||
&& *ml->magic[mi].desc)
|
||||
descindex = mi;
|
||||
if (*ml->magic[mimeindex].mimetype == '\0'
|
||||
&& *ml->magic[magindex].mimetype)
|
||||
mimeindex = magindex;
|
||||
&& *ml->magic[mi].mimetype)
|
||||
mimeindex = mi;
|
||||
}
|
||||
|
||||
printf("Strength = %3" SIZE_T_FORMAT "u@%u: %s [%s]\n",
|
||||
apprentice_magic_strength(m, ml->nmagic - magindex),
|
||||
file_magic_strength(m, ml->nmagic - magindex),
|
||||
ml->magic[lineindex].lineno,
|
||||
ml->magic[descindex].desc,
|
||||
ml->magic[mimeindex].mimetype);
|
||||
@ -1188,7 +1188,7 @@ apprentice_list(struct mlist *mlist, int mode)
|
||||
}
|
||||
}
|
||||
|
||||
private void
|
||||
file_private void
|
||||
set_test_type(struct magic *mstart, struct magic *m)
|
||||
{
|
||||
switch (m->type) {
|
||||
@ -1279,7 +1279,7 @@ set_test_type(struct magic *mstart, struct magic *m)
|
||||
}
|
||||
}
|
||||
|
||||
private int
|
||||
file_private int
|
||||
addentry(struct magic_set *ms, struct magic_entry *me,
|
||||
struct magic_entry_set *mset)
|
||||
{
|
||||
@ -1308,7 +1308,7 @@ addentry(struct magic_set *ms, struct magic_entry *me,
|
||||
/*
|
||||
* Load and parse one file.
|
||||
*/
|
||||
private void
|
||||
file_private void
|
||||
load_1(struct magic_set *ms, int action, const char *fn, int *errs,
|
||||
struct magic_entry_set *mset)
|
||||
{
|
||||
@ -1396,14 +1396,14 @@ load_1(struct magic_set *ms, int action, const char *fn, int *errs,
|
||||
* parse a file or directory of files
|
||||
* const char *fn: name of magic file or directory
|
||||
*/
|
||||
private int
|
||||
file_private int
|
||||
cmpstrp(const void *p1, const void *p2)
|
||||
{
|
||||
return strcmp(*RCAST(char *const *, p1), *RCAST(char *const *, p2));
|
||||
}
|
||||
|
||||
|
||||
private uint32_t
|
||||
file_private uint32_t
|
||||
set_text_binary(struct magic_set *ms, struct magic_entry *me, uint32_t nme,
|
||||
uint32_t starttest)
|
||||
{
|
||||
@ -1436,7 +1436,7 @@ set_text_binary(struct magic_set *ms, struct magic_entry *me, uint32_t nme,
|
||||
return i;
|
||||
}
|
||||
|
||||
private void
|
||||
file_private void
|
||||
set_last_default(struct magic_set *ms, struct magic_entry *me, uint32_t nme)
|
||||
{
|
||||
uint32_t i;
|
||||
@ -1457,7 +1457,7 @@ set_last_default(struct magic_set *ms, struct magic_entry *me, uint32_t nme)
|
||||
}
|
||||
}
|
||||
|
||||
private int
|
||||
file_private int
|
||||
coalesce_entries(struct magic_set *ms, struct magic_entry *me, uint32_t nme,
|
||||
struct magic **ma, uint32_t *nma)
|
||||
{
|
||||
@ -1489,7 +1489,7 @@ coalesce_entries(struct magic_set *ms, struct magic_entry *me, uint32_t nme,
|
||||
return 0;
|
||||
}
|
||||
|
||||
private void
|
||||
file_private void
|
||||
magic_entry_free(struct magic_entry *me, uint32_t nme)
|
||||
{
|
||||
uint32_t i;
|
||||
@ -1500,7 +1500,7 @@ magic_entry_free(struct magic_entry *me, uint32_t nme)
|
||||
free(me);
|
||||
}
|
||||
|
||||
private struct magic_map *
|
||||
file_private struct magic_map *
|
||||
apprentice_load(struct magic_set *ms, const char *fn, int action)
|
||||
{
|
||||
int errs = 0;
|
||||
@ -1591,7 +1591,7 @@ apprentice_load(struct magic_set *ms, const char *fn, int action)
|
||||
i = set_text_binary(ms, mset[j].me, mset[j].count, i);
|
||||
}
|
||||
if (mset[j].me)
|
||||
qsort(mset[j].me, mset[j].count, sizeof(*mset[j].me),
|
||||
qsort(mset[j].me, mset[j].count, sizeof(*mset[0].me),
|
||||
apprentice_sort);
|
||||
|
||||
/*
|
||||
@ -1626,7 +1626,7 @@ apprentice_load(struct magic_set *ms, const char *fn, int action)
|
||||
/*
|
||||
* extend the sign bit if the comparison is to be signed
|
||||
*/
|
||||
protected uint64_t
|
||||
file_protected uint64_t
|
||||
file_signextend(struct magic_set *ms, struct magic *m, uint64_t v)
|
||||
{
|
||||
if (!(m->flag & UNSIGNED)) {
|
||||
@ -1712,7 +1712,7 @@ file_signextend(struct magic_set *ms, struct magic *m, uint64_t v)
|
||||
return v;
|
||||
}
|
||||
|
||||
private int
|
||||
file_private int
|
||||
string_modifier_check(struct magic_set *ms, struct magic *m)
|
||||
{
|
||||
if ((ms->flags & MAGIC_CHECK) == 0)
|
||||
@ -1771,7 +1771,7 @@ string_modifier_check(struct magic_set *ms, struct magic *m)
|
||||
return 0;
|
||||
}
|
||||
|
||||
private int
|
||||
file_private int
|
||||
get_op(char c)
|
||||
{
|
||||
switch (c) {
|
||||
@ -1797,7 +1797,7 @@ get_op(char c)
|
||||
}
|
||||
|
||||
#ifdef ENABLE_CONDITIONALS
|
||||
private int
|
||||
file_private int
|
||||
get_cond(const char *l, const char **t)
|
||||
{
|
||||
static const struct cond_tbl_s {
|
||||
@ -1823,7 +1823,7 @@ get_cond(const char *l, const char **t)
|
||||
return p->cond;
|
||||
}
|
||||
|
||||
private int
|
||||
file_private int
|
||||
check_cond(struct magic_set *ms, int cond, uint32_t cont_level)
|
||||
{
|
||||
int last_cond;
|
||||
@ -1867,7 +1867,7 @@ check_cond(struct magic_set *ms, int cond, uint32_t cont_level)
|
||||
}
|
||||
#endif /* ENABLE_CONDITIONALS */
|
||||
|
||||
private int
|
||||
file_private int
|
||||
parse_indirect_modifier(struct magic_set *ms, struct magic *m, const char **lp)
|
||||
{
|
||||
const char *l = *lp;
|
||||
@ -1888,7 +1888,7 @@ parse_indirect_modifier(struct magic_set *ms, struct magic *m, const char **lp)
|
||||
return 0;
|
||||
}
|
||||
|
||||
private void
|
||||
file_private void
|
||||
parse_op_modifier(struct magic_set *ms, struct magic *m, const char **lp,
|
||||
int op)
|
||||
{
|
||||
@ -1905,7 +1905,7 @@ parse_op_modifier(struct magic_set *ms, struct magic *m, const char **lp,
|
||||
*lp = l;
|
||||
}
|
||||
|
||||
private int
|
||||
file_private int
|
||||
parse_string_modifier(struct magic_set *ms, struct magic *m, const char **lp)
|
||||
{
|
||||
const char *l = *lp;
|
||||
@ -2012,7 +2012,7 @@ parse_string_modifier(struct magic_set *ms, struct magic *m, const char **lp)
|
||||
/*
|
||||
* parse one line from magic file, put into magic[index++] if valid
|
||||
*/
|
||||
private int
|
||||
file_private int
|
||||
parse(struct magic_set *ms, struct magic_entry *me, const char *line,
|
||||
size_t lineno, int action)
|
||||
{
|
||||
@ -2429,13 +2429,14 @@ parse(struct magic_set *ms, struct magic_entry *me, const char *line,
|
||||
* if valid
|
||||
*/
|
||||
/*ARGSUSED*/
|
||||
private int
|
||||
file_private int
|
||||
parse_strength(struct magic_set *ms, struct magic_entry *me, const char *line,
|
||||
size_t len __attribute__((__unused__)))
|
||||
{
|
||||
const char *l = line;
|
||||
char *el;
|
||||
unsigned long factor;
|
||||
char sbuf[512];
|
||||
struct magic *m = &me->mp[0];
|
||||
|
||||
if (m->factor_op != FILE_FACTOR_OP_NONE) {
|
||||
@ -2446,12 +2447,15 @@ parse_strength(struct magic_set *ms, struct magic_entry *me, const char *line,
|
||||
}
|
||||
if (m->type == FILE_NAME) {
|
||||
file_magwarn(ms, "%s: Strength setting is not supported in "
|
||||
"\"name\" magic entries", m->value.s);
|
||||
"\"name\" magic entries",
|
||||
file_printable(ms, sbuf, sizeof(sbuf), m->value.s,
|
||||
sizeof(m->value.s)));
|
||||
return -1;
|
||||
}
|
||||
EATAB;
|
||||
switch (*l) {
|
||||
case FILE_FACTOR_OP_NONE:
|
||||
break;
|
||||
case FILE_FACTOR_OP_PLUS:
|
||||
case FILE_FACTOR_OP_MINUS:
|
||||
case FILE_FACTOR_OP_TIMES:
|
||||
@ -2485,13 +2489,13 @@ parse_strength(struct magic_set *ms, struct magic_entry *me, const char *line,
|
||||
return -1;
|
||||
}
|
||||
|
||||
private int
|
||||
file_private int
|
||||
goodchar(unsigned char x, const char *extra)
|
||||
{
|
||||
return (isascii(x) && isalnum(x)) || strchr(extra, x);
|
||||
}
|
||||
|
||||
private int
|
||||
file_private int
|
||||
parse_extra(struct magic_set *ms, struct magic_entry *me, const char *line,
|
||||
size_t llen, off_t off, size_t len, const char *name, const char *extra,
|
||||
int nt)
|
||||
@ -2544,7 +2548,7 @@ parse_extra(struct magic_set *ms, struct magic_entry *me, const char *line,
|
||||
* Parse an Apple CREATOR/TYPE annotation from magic file and put it into
|
||||
* magic[index - 1]
|
||||
*/
|
||||
private int
|
||||
file_private int
|
||||
parse_apple(struct magic_set *ms, struct magic_entry *me, const char *line,
|
||||
size_t len)
|
||||
{
|
||||
@ -2556,20 +2560,22 @@ parse_apple(struct magic_set *ms, struct magic_entry *me, const char *line,
|
||||
/*
|
||||
* Parse a comma-separated list of extensions
|
||||
*/
|
||||
private int
|
||||
file_private int
|
||||
parse_ext(struct magic_set *ms, struct magic_entry *me, const char *line,
|
||||
size_t len)
|
||||
{
|
||||
return parse_extra(ms, me, line, len,
|
||||
CAST(off_t, offsetof(struct magic, ext)),
|
||||
sizeof(me->mp[0].ext), "EXTENSION", ",!+-/@?_$&", 0); /* & for b&w */
|
||||
sizeof(me->mp[0].ext), "EXTENSION", ",!+-/@?_$&~", 0);
|
||||
/* & for b&w */
|
||||
/* ~ for journal~ */
|
||||
}
|
||||
|
||||
/*
|
||||
* parse a MIME annotation line from magic file, put into magic[index - 1]
|
||||
* if valid
|
||||
*/
|
||||
private int
|
||||
file_private int
|
||||
parse_mime(struct magic_set *ms, struct magic_entry *me, const char *line,
|
||||
size_t len)
|
||||
{
|
||||
@ -2578,7 +2584,7 @@ parse_mime(struct magic_set *ms, struct magic_entry *me, const char *line,
|
||||
sizeof(me->mp[0].mimetype), "MIME", "+-/.$?:{}", 1);
|
||||
}
|
||||
|
||||
private int
|
||||
file_private int
|
||||
check_format_type(const char *ptr, int type, const char **estr)
|
||||
{
|
||||
int quad = 0, h;
|
||||
@ -2762,6 +2768,7 @@ check_format_type(const char *ptr, int type, const char **estr)
|
||||
}
|
||||
invalid:
|
||||
*estr = "not valid";
|
||||
return -1;
|
||||
toolong:
|
||||
*estr = "too long";
|
||||
return -1;
|
||||
@ -2771,7 +2778,7 @@ check_format_type(const char *ptr, int type, const char **estr)
|
||||
* Check that the optional printf format in description matches
|
||||
* the type of the magic.
|
||||
*/
|
||||
private int
|
||||
file_private int
|
||||
check_format(struct magic_set *ms, struct magic *m)
|
||||
{
|
||||
char *ptr;
|
||||
@ -2827,11 +2834,12 @@ check_format(struct magic_set *ms, struct magic *m)
|
||||
* pointer, according to the magic type. Update the string pointer to point
|
||||
* just after the number read. Return 0 for success, non-zero for failure.
|
||||
*/
|
||||
private int
|
||||
file_private int
|
||||
getvalue(struct magic_set *ms, struct magic *m, const char **p, int action)
|
||||
{
|
||||
char *ep;
|
||||
uint64_t ull;
|
||||
int y;
|
||||
|
||||
switch (m->type) {
|
||||
case FILE_BESTRING16:
|
||||
@ -2853,8 +2861,8 @@ getvalue(struct magic_set *ms, struct magic *m, const char **p, int action)
|
||||
}
|
||||
if (m->type == FILE_REGEX) {
|
||||
file_regex_t rx;
|
||||
int rc = file_regcomp(ms, &rx, m->value.s,
|
||||
REG_EXTENDED);
|
||||
int rc =
|
||||
file_regcomp(ms, &rx, m->value.s, REG_EXTENDED);
|
||||
if (rc == 0) {
|
||||
file_regfree(&rx);
|
||||
}
|
||||
@ -2899,6 +2907,7 @@ getvalue(struct magic_set *ms, struct magic *m, const char **p, int action)
|
||||
m->value.q = file_signextend(ms, m, ull);
|
||||
if (*p == ep) {
|
||||
file_magwarn(ms, "Unparsable number `%s'", *p);
|
||||
return -1;
|
||||
} else {
|
||||
size_t ts = typesize(m->type);
|
||||
uint64_t x;
|
||||
@ -2908,32 +2917,38 @@ getvalue(struct magic_set *ms, struct magic *m, const char **p, int action)
|
||||
file_magwarn(ms,
|
||||
"Expected numeric type got `%s'",
|
||||
type_tbl[m->type].name);
|
||||
return -1;
|
||||
}
|
||||
for (q = *p; isspace(CAST(unsigned char, *q)); q++)
|
||||
continue;
|
||||
if (*q == '-')
|
||||
if (*q == '-' && ull != UINT64_MAX)
|
||||
ull = -CAST(int64_t, ull);
|
||||
switch (ts) {
|
||||
case 1:
|
||||
x = CAST(uint64_t, ull & ~0xffULL);
|
||||
y = (x & ~0xffULL) != ~0xffULL;
|
||||
break;
|
||||
case 2:
|
||||
x = CAST(uint64_t, ull & ~0xffffULL);
|
||||
y = (x & ~0xffffULL) != ~0xffffULL;
|
||||
break;
|
||||
case 4:
|
||||
x = CAST(uint64_t, ull & ~0xffffffffULL);
|
||||
y = (x & ~0xffffffffULL) != ~0xffffffffULL;
|
||||
break;
|
||||
case 8:
|
||||
x = 0;
|
||||
y = 0;
|
||||
break;
|
||||
default:
|
||||
fprintf(stderr, "Bad width %zu", ts);
|
||||
abort();
|
||||
}
|
||||
if (x) {
|
||||
if (x && y) {
|
||||
file_magwarn(ms, "Overflow for numeric"
|
||||
" type `%s' value %#" PRIx64,
|
||||
type_tbl[m->type].name, ull);
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
if (errno == 0) {
|
||||
@ -2950,7 +2965,7 @@ getvalue(struct magic_set *ms, struct magic *m, const char **p, int action)
|
||||
* Copy the converted version to "m->value.s", and the length in m->vallen.
|
||||
* Return updated scan pointer as function result. Warn if set.
|
||||
*/
|
||||
private const char *
|
||||
file_private const char *
|
||||
getstr(struct magic_set *ms, struct magic *m, const char *s, int warn)
|
||||
{
|
||||
const char *origs = s;
|
||||
@ -3128,7 +3143,7 @@ getstr(struct magic_set *ms, struct magic *m, const char *s, int warn)
|
||||
|
||||
|
||||
/* Single hex char to int; -1 if not a hex char. */
|
||||
private int
|
||||
file_private int
|
||||
hextoint(int c)
|
||||
{
|
||||
if (!isascii(CAST(unsigned char, c)))
|
||||
@ -3146,7 +3161,7 @@ hextoint(int c)
|
||||
/*
|
||||
* Print a string containing C character escapes.
|
||||
*/
|
||||
protected void
|
||||
file_protected void
|
||||
file_showstr(FILE *fp, const char *s, size_t len)
|
||||
{
|
||||
char c;
|
||||
@ -3206,7 +3221,7 @@ file_showstr(FILE *fp, const char *s, size_t len)
|
||||
/*
|
||||
* eatsize(): Eat the size spec from a number [eg. 10UL]
|
||||
*/
|
||||
private void
|
||||
file_private void
|
||||
eatsize(const char **p)
|
||||
{
|
||||
const char *l = *p;
|
||||
@ -3232,7 +3247,7 @@ eatsize(const char **p)
|
||||
/*
|
||||
* handle a buffer containing a compiled file.
|
||||
*/
|
||||
private struct magic_map *
|
||||
file_private struct magic_map *
|
||||
apprentice_buf(struct magic_set *ms, struct magic *buf, size_t len)
|
||||
{
|
||||
struct magic_map *map;
|
||||
@ -3255,7 +3270,7 @@ apprentice_buf(struct magic_set *ms, struct magic *buf, size_t len)
|
||||
* handle a compiled file.
|
||||
*/
|
||||
|
||||
private struct magic_map *
|
||||
file_private struct magic_map *
|
||||
apprentice_map(struct magic_set *ms, const char *fn)
|
||||
{
|
||||
int fd;
|
||||
@ -3331,7 +3346,7 @@ apprentice_map(struct magic_set *ms, const char *fn)
|
||||
return rv;
|
||||
}
|
||||
|
||||
private int
|
||||
file_private int
|
||||
check_buffer(struct magic_set *ms, struct magic_map *map, const char *dbname)
|
||||
{
|
||||
uint32_t *ptr;
|
||||
@ -3390,7 +3405,7 @@ check_buffer(struct magic_set *ms, struct magic_map *map, const char *dbname)
|
||||
/*
|
||||
* handle an mmaped file.
|
||||
*/
|
||||
private int
|
||||
file_private int
|
||||
apprentice_compile(struct magic_set *ms, struct magic_map *map, const char *fn)
|
||||
{
|
||||
static const size_t nm = sizeof(*map->nmagic) * MAGIC_SETS;
|
||||
@ -3443,11 +3458,11 @@ apprentice_compile(struct magic_set *ms, struct magic_map *map, const char *fn)
|
||||
return rv;
|
||||
}
|
||||
|
||||
private const char ext[] = ".mgc";
|
||||
file_private const char ext[] = ".mgc";
|
||||
/*
|
||||
* make a dbname
|
||||
*/
|
||||
private char *
|
||||
file_private char *
|
||||
mkdbname(struct magic_set *ms, const char *fn, int strip)
|
||||
{
|
||||
const char *p, *q;
|
||||
@ -3494,7 +3509,7 @@ mkdbname(struct magic_set *ms, const char *fn, int strip)
|
||||
/*
|
||||
* Byteswap an mmap'ed file if needed
|
||||
*/
|
||||
private void
|
||||
file_private void
|
||||
byteswap(struct magic *magic, uint32_t nmagic)
|
||||
{
|
||||
uint32_t i;
|
||||
@ -3506,7 +3521,7 @@ byteswap(struct magic *magic, uint32_t nmagic)
|
||||
/*
|
||||
* swap a short
|
||||
*/
|
||||
private uint16_t
|
||||
file_private uint16_t
|
||||
swap2(uint16_t sv)
|
||||
{
|
||||
uint16_t rv;
|
||||
@ -3520,7 +3535,7 @@ swap2(uint16_t sv)
|
||||
/*
|
||||
* swap an int
|
||||
*/
|
||||
private uint32_t
|
||||
file_private uint32_t
|
||||
swap4(uint32_t sv)
|
||||
{
|
||||
uint32_t rv;
|
||||
@ -3536,7 +3551,7 @@ swap4(uint32_t sv)
|
||||
/*
|
||||
* swap a quad
|
||||
*/
|
||||
private uint64_t
|
||||
file_private uint64_t
|
||||
swap8(uint64_t sv)
|
||||
{
|
||||
uint64_t rv;
|
||||
@ -3565,7 +3580,7 @@ swap8(uint64_t sv)
|
||||
}
|
||||
#endif
|
||||
|
||||
protected uintmax_t
|
||||
file_protected uintmax_t
|
||||
file_varint2uintmax_t(const unsigned char *us, int t, size_t *l)
|
||||
{
|
||||
uintmax_t x = 0;
|
||||
@ -3598,7 +3613,7 @@ file_varint2uintmax_t(const unsigned char *us, int t, size_t *l)
|
||||
/*
|
||||
* byteswap a single magic entry
|
||||
*/
|
||||
private void
|
||||
file_private void
|
||||
bs1(struct magic *m)
|
||||
{
|
||||
m->cont_level = swap2(m->cont_level);
|
||||
@ -3615,7 +3630,7 @@ bs1(struct magic *m)
|
||||
}
|
||||
}
|
||||
|
||||
protected size_t
|
||||
file_protected size_t
|
||||
file_pstring_length_size(struct magic_set *ms, const struct magic *m)
|
||||
{
|
||||
switch (m->str_flags & PSTRING_LEN) {
|
||||
@ -3634,7 +3649,7 @@ file_pstring_length_size(struct magic_set *ms, const struct magic *m)
|
||||
return FILE_BADSIZE;
|
||||
}
|
||||
}
|
||||
protected size_t
|
||||
file_protected size_t
|
||||
file_pstring_get_length(struct magic_set *ms, const struct magic *m,
|
||||
const char *ss)
|
||||
{
|
||||
@ -3687,7 +3702,7 @@ file_pstring_get_length(struct magic_set *ms, const struct magic *m,
|
||||
return len;
|
||||
}
|
||||
|
||||
protected int
|
||||
file_protected int
|
||||
file_magicfind(struct magic_set *ms, const char *name, struct mlist *v)
|
||||
{
|
||||
uint32_t i, j;
|
||||
|
@ -1,6 +1,6 @@
|
||||
/*
|
||||
* Adapted from: apptype.c, Written by Eberhard Mattes and put into the
|
||||
* public domain
|
||||
* file_public domain
|
||||
*
|
||||
* Notes: 1. Qualify the filename so that DosQueryAppType does not do extraneous
|
||||
* searches.
|
||||
@ -27,7 +27,7 @@
|
||||
#include "file.h"
|
||||
|
||||
#ifndef lint
|
||||
FILE_RCSID("@(#)$File: apptype.c,v 1.14 2018/09/09 20:33:28 christos Exp $")
|
||||
FILE_RCSID("@(#)$File: apptype.c,v 1.17 2022/12/26 17:31:14 christos Exp $")
|
||||
#endif /* lint */
|
||||
|
||||
#include <stdlib.h>
|
||||
@ -41,7 +41,7 @@ FILE_RCSID("@(#)$File: apptype.c,v 1.14 2018/09/09 20:33:28 christos Exp $")
|
||||
#include <os2.h>
|
||||
typedef ULONG APPTYPE;
|
||||
|
||||
protected int
|
||||
file_protected int
|
||||
file_os2_apptype(struct magic_set *ms, const char *fn, const void *buf,
|
||||
size_t nb)
|
||||
{
|
||||
@ -116,7 +116,7 @@ file_os2_apptype(struct magic_set *ms, const char *fn, const void *buf,
|
||||
return -1;
|
||||
} else if (type & FAPPTYP_DLL) {
|
||||
if (type & FAPPTYP_PROTDLL)
|
||||
if (file_printf(ms, "protected ") == -1)
|
||||
if (file_printf(ms, "file_protected ") == -1)
|
||||
return -1;
|
||||
if (file_printf(ms, "DLL") == -1)
|
||||
return -1;
|
||||
|
@ -35,7 +35,7 @@
|
||||
#include "file.h"
|
||||
|
||||
#ifndef lint
|
||||
FILE_RCSID("@(#)$File: ascmagic.c,v 1.110 2021/12/06 15:33:00 christos Exp $")
|
||||
FILE_RCSID("@(#)$File: ascmagic.c,v 1.116 2023/05/21 16:08:50 christos Exp $")
|
||||
#endif /* lint */
|
||||
|
||||
#include "magic.h"
|
||||
@ -50,15 +50,15 @@ FILE_RCSID("@(#)$File: ascmagic.c,v 1.110 2021/12/06 15:33:00 christos Exp $")
|
||||
#define ISSPC(x) ((x) == ' ' || (x) == '\t' || (x) == '\r' || (x) == '\n' \
|
||||
|| (x) == 0x85 || (x) == '\f')
|
||||
|
||||
private unsigned char *encode_utf8(unsigned char *, size_t, file_unichar_t *,
|
||||
file_private unsigned char *encode_utf8(unsigned char *, size_t, file_unichar_t *,
|
||||
size_t);
|
||||
private size_t trim_nuls(const unsigned char *, size_t);
|
||||
file_private size_t trim_nuls(const unsigned char *, size_t);
|
||||
|
||||
/*
|
||||
* Undo the NUL-termination kindly provided by process()
|
||||
* but leave at least one byte to look at
|
||||
*/
|
||||
private size_t
|
||||
file_private size_t
|
||||
trim_nuls(const unsigned char *buf, size_t nbytes)
|
||||
{
|
||||
while (nbytes > 1 && buf[nbytes - 1] == '\0')
|
||||
@ -67,7 +67,7 @@ trim_nuls(const unsigned char *buf, size_t nbytes)
|
||||
return nbytes;
|
||||
}
|
||||
|
||||
protected int
|
||||
file_protected int
|
||||
file_ascmagic(struct magic_set *ms, const struct buffer *b, int text)
|
||||
{
|
||||
file_unichar_t *ubuf = NULL;
|
||||
@ -101,7 +101,7 @@ file_ascmagic(struct magic_set *ms, const struct buffer *b, int text)
|
||||
return rv;
|
||||
}
|
||||
|
||||
protected int
|
||||
file_protected int
|
||||
file_ascmagic_with_encoding(struct magic_set *ms, const struct buffer *b,
|
||||
file_unichar_t *ubuf, size_t ulen, const char *code, const char *type,
|
||||
int text)
|
||||
@ -121,10 +121,10 @@ file_ascmagic_with_encoding(struct magic_set *ms, const struct buffer *b,
|
||||
int has_backspace = 0;
|
||||
int seen_cr = 0;
|
||||
|
||||
int n_crlf = 0;
|
||||
int n_lf = 0;
|
||||
int n_cr = 0;
|
||||
int n_nel = 0;
|
||||
size_t n_crlf = 0;
|
||||
size_t n_lf = 0;
|
||||
size_t n_cr = 0;
|
||||
size_t n_nel = 0;
|
||||
int executable = 0;
|
||||
|
||||
size_t last_line_end = CAST(size_t, -1);
|
||||
@ -148,8 +148,10 @@ file_ascmagic_with_encoding(struct magic_set *ms, const struct buffer *b,
|
||||
goto done;
|
||||
}
|
||||
if ((utf8_end = encode_utf8(utf8_buf, mlen, ubuf, ulen))
|
||||
== NULL)
|
||||
== NULL) {
|
||||
rv = 0;
|
||||
goto done;
|
||||
}
|
||||
buffer_init(&bb, b->fd, &b->st, utf8_buf,
|
||||
CAST(size_t, utf8_end - utf8_buf));
|
||||
|
||||
@ -203,13 +205,6 @@ file_ascmagic_with_encoding(struct magic_set *ms, const struct buffer *b,
|
||||
has_backspace = 1;
|
||||
}
|
||||
|
||||
/* Beware, if the data has been truncated, the final CR could have
|
||||
been followed by a LF. If we have ms->bytes_max bytes, it indicates
|
||||
that the data might have been truncated, probably even before
|
||||
this function was called. */
|
||||
if (seen_cr && nbytes < ms->bytes_max)
|
||||
n_cr++;
|
||||
|
||||
if (strcmp(type, "binary") == 0) {
|
||||
rv = 0;
|
||||
goto done;
|
||||
@ -228,10 +223,9 @@ file_ascmagic_with_encoding(struct magic_set *ms, const struct buffer *b,
|
||||
}
|
||||
if (need_separator && file_separator(ms) == -1)
|
||||
goto done;
|
||||
} else {
|
||||
if (file_printf(ms, "text/plain") == -1)
|
||||
goto done;
|
||||
}
|
||||
if (file_printf(ms, "text/plain") == -1)
|
||||
goto done;
|
||||
}
|
||||
} else {
|
||||
if (len) {
|
||||
@ -339,7 +333,7 @@ file_ascmagic_with_encoding(struct magic_set *ms, const struct buffer *b,
|
||||
* Encode Unicode string as UTF-8, returning pointer to character
|
||||
* after end of string, or NULL if an invalid character is found.
|
||||
*/
|
||||
private unsigned char *
|
||||
file_private unsigned char *
|
||||
encode_utf8(unsigned char *buf, size_t len, file_unichar_t *ubuf, size_t ulen)
|
||||
{
|
||||
size_t i;
|
||||
|
@ -1,8 +1,8 @@
|
||||
/* $File: asctime_r.c,v 1.1 2012/05/15 17:14:36 christos Exp $ */
|
||||
/* $File: asctime_r.c,v 1.3 2022/09/24 20:30:13 christos Exp $ */
|
||||
|
||||
#include "file.h"
|
||||
#ifndef lint
|
||||
FILE_RCSID("@(#)$File: asctime_r.c,v 1.1 2012/05/15 17:14:36 christos Exp $")
|
||||
FILE_RCSID("@(#)$File: asctime_r.c,v 1.3 2022/09/24 20:30:13 christos Exp $")
|
||||
#endif /* lint */
|
||||
#include <time.h>
|
||||
#include <string.h>
|
||||
|
@ -29,7 +29,7 @@
|
||||
#include "file.h"
|
||||
|
||||
#ifndef lint
|
||||
FILE_RCSID("@(#)$File: asprintf.c,v 1.5 2018/09/09 20:33:28 christos Exp $")
|
||||
FILE_RCSID("@(#)$File: asprintf.c,v 1.7 2022/09/24 20:30:13 christos Exp $")
|
||||
#endif
|
||||
|
||||
int asprintf(char **ptr, const char *fmt, ...)
|
||||
|
11
src/buffer.c
11
src/buffer.c
@ -27,7 +27,7 @@
|
||||
#include "file.h"
|
||||
|
||||
#ifndef lint
|
||||
FILE_RCSID("@(#)$File: buffer.c,v 1.8 2020/02/16 15:52:49 christos Exp $")
|
||||
FILE_RCSID("@(#)$File: buffer.c,v 1.13 2023/07/02 12:48:39 christos Exp $")
|
||||
#endif /* lint */
|
||||
|
||||
#include "magic.h"
|
||||
@ -56,6 +56,8 @@ void
|
||||
buffer_fini(struct buffer *b)
|
||||
{
|
||||
free(b->ebuf);
|
||||
b->ebuf = NULL;
|
||||
b->elen = 0;
|
||||
}
|
||||
|
||||
int
|
||||
@ -69,8 +71,13 @@ buffer_fill(const struct buffer *bb)
|
||||
if (!S_ISREG(b->st.st_mode))
|
||||
goto out;
|
||||
|
||||
b->elen = CAST(size_t, b->st.st_size) < b->flen ?
|
||||
b->elen = CAST(size_t, b->st.st_size) < b->flen ?
|
||||
CAST(size_t, b->st.st_size) : b->flen;
|
||||
if (b->elen == 0) {
|
||||
free(b->ebuf);
|
||||
b->ebuf = NULL;
|
||||
return 0;
|
||||
}
|
||||
if ((b->ebuf = malloc(b->elen)) == NULL)
|
||||
goto out;
|
||||
|
||||
|
@ -35,7 +35,7 @@
|
||||
#include "file.h"
|
||||
|
||||
#ifndef lint
|
||||
FILE_RCSID("@(#)$File: cdf.c,v 1.121 2021/10/20 13:56:15 christos Exp $")
|
||||
FILE_RCSID("@(#)$File: cdf.c,v 1.123 2022/09/24 20:30:13 christos Exp $")
|
||||
#endif
|
||||
|
||||
#include <assert.h>
|
||||
|
@ -27,7 +27,7 @@
|
||||
#include "file.h"
|
||||
|
||||
#ifndef lint
|
||||
FILE_RCSID("@(#)$File: cdf_time.c,v 1.20 2021/12/06 15:33:00 christos Exp $")
|
||||
FILE_RCSID("@(#)$File: cdf_time.c,v 1.24 2023/07/17 15:54:44 christos Exp $")
|
||||
#endif
|
||||
|
||||
#include <time.h>
|
||||
@ -157,7 +157,7 @@ cdf_timespec_to_timestamp(cdf_timestamp_t *t, const struct timespec *ts)
|
||||
return -1;
|
||||
}
|
||||
*t = (ts->ts_nsec / 100) * CDF_TIME_PREC;
|
||||
*t = tm.tm_sec;
|
||||
*t += tm.tm_sec;
|
||||
*t += tm.tm_min * 60;
|
||||
*t += tm.tm_hour * 60 * 60;
|
||||
*t += tm.tm_mday * 60 * 60 * 24;
|
||||
@ -168,7 +168,7 @@ cdf_timespec_to_timestamp(cdf_timestamp_t *t, const struct timespec *ts)
|
||||
char *
|
||||
cdf_ctime(const time_t *sec, char *buf)
|
||||
{
|
||||
char *ptr = ctime_r(sec, buf);
|
||||
char *ptr = *sec > MAX_CTIME ? NULL : ctime_r(sec, buf);
|
||||
if (ptr != NULL)
|
||||
return buf;
|
||||
#ifdef WIN32
|
||||
|
395
src/compress.c
395
src/compress.c
@ -35,7 +35,7 @@
|
||||
#include "file.h"
|
||||
|
||||
#ifndef lint
|
||||
FILE_RCSID("@(#)$File: compress.c,v 1.136 2022/09/13 16:08:34 christos Exp $")
|
||||
FILE_RCSID("@(#)$File: compress.c,v 1.157 2023/05/21 15:59:58 christos Exp $")
|
||||
#endif
|
||||
|
||||
#include "magic.h"
|
||||
@ -79,6 +79,17 @@ typedef void (*sig_t)(int);
|
||||
#include <lzma.h>
|
||||
#endif
|
||||
|
||||
#if defined(HAVE_ZSTD_H) && defined(ZSTDLIBSUPPORT)
|
||||
#define BUILTIN_ZSTDLIB
|
||||
#include <zstd.h>
|
||||
#include <zstd_errors.h>
|
||||
#endif
|
||||
|
||||
#if defined(HAVE_LZLIB_H) && defined(LZLIBSUPPORT)
|
||||
#define BUILTIN_LZLIB
|
||||
#include <lzlib.h>
|
||||
#endif
|
||||
|
||||
#ifdef DEBUG
|
||||
int tty = -1;
|
||||
#define DPRINTF(...) do { \
|
||||
@ -132,7 +143,6 @@ lzmacmp(const unsigned char *buf)
|
||||
}
|
||||
|
||||
#define gzip_flags "-cd"
|
||||
#define lrzip_flags "-do"
|
||||
#define lzip_flags gzip_flags
|
||||
|
||||
static const char *gzip_args[] = {
|
||||
@ -151,7 +161,7 @@ static const char *xz_args[] = {
|
||||
"xz", "-cd", NULL
|
||||
};
|
||||
static const char *lrzip_args[] = {
|
||||
"lrzip", lrzip_flags, NULL
|
||||
"lrzip", "-qdf", "-", NULL
|
||||
};
|
||||
static const char *lz4_args[] = {
|
||||
"lz4", "-cd", NULL
|
||||
@ -163,7 +173,7 @@ static const char *zstd_args[] = {
|
||||
#define do_zlib NULL
|
||||
#define do_bzlib NULL
|
||||
|
||||
private const struct {
|
||||
file_private const struct {
|
||||
union {
|
||||
const char *magic;
|
||||
int (*func)(const unsigned char *);
|
||||
@ -175,6 +185,8 @@ private const struct {
|
||||
#define METH_FROZEN 2
|
||||
#define METH_BZIP 7
|
||||
#define METH_XZ 9
|
||||
#define METH_LZIP 8
|
||||
#define METH_ZSTD 12
|
||||
#define METH_LZMA 13
|
||||
#define METH_ZLIB 14
|
||||
{ { .magic = "\037\235" }, 2, gzip_args, NULL }, /* 0, compressed */
|
||||
@ -204,31 +216,39 @@ private const struct {
|
||||
#define NODATA 1
|
||||
#define ERRDATA 2
|
||||
|
||||
private ssize_t swrite(int, const void *, size_t);
|
||||
file_private ssize_t swrite(int, const void *, size_t);
|
||||
#if HAVE_FORK
|
||||
private size_t ncompr = __arraycount(compr);
|
||||
private int uncompressbuf(int, size_t, size_t, const unsigned char *,
|
||||
file_private size_t ncompr = __arraycount(compr);
|
||||
file_private int uncompressbuf(int, size_t, size_t, int, const unsigned char *,
|
||||
unsigned char **, size_t *);
|
||||
#ifdef BUILTIN_DECOMPRESS
|
||||
private int uncompresszlib(const unsigned char *, unsigned char **, size_t,
|
||||
file_private int uncompresszlib(const unsigned char *, unsigned char **, size_t,
|
||||
size_t *, int);
|
||||
file_private int uncompressgzipped(const unsigned char *, unsigned char **, size_t,
|
||||
size_t *, int);
|
||||
private int uncompressgzipped(const unsigned char *, unsigned char **, size_t,
|
||||
size_t *);
|
||||
#endif
|
||||
#ifdef BUILTIN_BZLIB
|
||||
private int uncompressbzlib(const unsigned char *, unsigned char **, size_t,
|
||||
size_t *);
|
||||
file_private int uncompressbzlib(const unsigned char *, unsigned char **, size_t,
|
||||
size_t *, int);
|
||||
#endif
|
||||
#ifdef BUILTIN_XZLIB
|
||||
private int uncompressxzlib(const unsigned char *, unsigned char **, size_t,
|
||||
size_t *);
|
||||
file_private int uncompressxzlib(const unsigned char *, unsigned char **, size_t,
|
||||
size_t *, int);
|
||||
#endif
|
||||
#ifdef BUILTIN_ZSTDLIB
|
||||
file_private int uncompresszstd(const unsigned char *, unsigned char **, size_t,
|
||||
size_t *, int);
|
||||
#endif
|
||||
#ifdef BUILTIN_LZLIB
|
||||
file_private int uncompresslzlib(const unsigned char *, unsigned char **, size_t,
|
||||
size_t *, int);
|
||||
#endif
|
||||
|
||||
static int makeerror(unsigned char **, size_t *, const char *, ...)
|
||||
__attribute__((__format__(__printf__, 3, 4)));
|
||||
private const char *methodname(size_t);
|
||||
file_private const char *methodname(size_t);
|
||||
|
||||
private int
|
||||
file_private int
|
||||
format_decompression_error(struct magic_set *ms, size_t i, unsigned char *buf)
|
||||
{
|
||||
unsigned char *p;
|
||||
@ -245,7 +265,7 @@ format_decompression_error(struct magic_set *ms, size_t i, unsigned char *buf)
|
||||
methodname(i), buf);
|
||||
}
|
||||
|
||||
protected int
|
||||
file_protected int
|
||||
file_zmagic(struct magic_set *ms, const struct buffer *b, const char *name)
|
||||
{
|
||||
unsigned char *newbuf = NULL;
|
||||
@ -287,7 +307,9 @@ file_zmagic(struct magic_set *ms, const struct buffer *b, const char *name)
|
||||
}
|
||||
|
||||
nsz = nbytes;
|
||||
urv = uncompressbuf(fd, ms->bytes_max, i, buf, &newbuf, &nsz);
|
||||
free(newbuf);
|
||||
urv = uncompressbuf(fd, ms->bytes_max, i,
|
||||
(ms->flags & MAGIC_NO_COMPRESS_FORK), buf, &newbuf, &nsz);
|
||||
DPRINTF("uncompressbuf = %d, %s, %" SIZE_T_FORMAT "u\n", urv,
|
||||
(char *)newbuf, nsz);
|
||||
switch (urv) {
|
||||
@ -297,7 +319,8 @@ file_zmagic(struct magic_set *ms, const struct buffer *b, const char *name)
|
||||
if (urv == ERRDATA)
|
||||
prv = format_decompression_error(ms, i, newbuf);
|
||||
else
|
||||
prv = file_buffer(ms, -1, NULL, name, newbuf, nsz);
|
||||
prv = file_buffer(ms, -1, NULL, name, newbuf,
|
||||
nsz);
|
||||
if (prv == -1)
|
||||
goto error;
|
||||
rv = 1;
|
||||
@ -314,7 +337,8 @@ file_zmagic(struct magic_set *ms, const struct buffer *b, const char *name)
|
||||
* XXX: If file_buffer fails here, we overwrite
|
||||
* the compressed text. FIXME.
|
||||
*/
|
||||
if (file_buffer(ms, -1, NULL, NULL, buf, nbytes) == -1) {
|
||||
if (file_buffer(ms, -1, NULL, NULL, buf, nbytes) == -1)
|
||||
{
|
||||
if (file_pop_buffer(ms, pb) != NULL)
|
||||
abort();
|
||||
goto error;
|
||||
@ -354,7 +378,7 @@ file_zmagic(struct magic_set *ms, const struct buffer *b, const char *name)
|
||||
/*
|
||||
* `safe' write for sockets and pipes.
|
||||
*/
|
||||
private ssize_t
|
||||
file_private ssize_t
|
||||
swrite(int fd, const void *buf, size_t n)
|
||||
{
|
||||
ssize_t rv;
|
||||
@ -379,11 +403,11 @@ swrite(int fd, const void *buf, size_t n)
|
||||
/*
|
||||
* `safe' read for sockets and pipes.
|
||||
*/
|
||||
protected ssize_t
|
||||
file_protected ssize_t
|
||||
sread(int fd, void *buf, size_t n, int canbepipe __attribute__((__unused__)))
|
||||
{
|
||||
ssize_t rv;
|
||||
#ifdef FIONREAD
|
||||
#if defined(FIONREAD) && !defined(__MINGW32__)
|
||||
int t = 0;
|
||||
#endif
|
||||
size_t rn = n;
|
||||
@ -391,7 +415,7 @@ sread(int fd, void *buf, size_t n, int canbepipe __attribute__((__unused__)))
|
||||
if (fd == STDIN_FILENO)
|
||||
goto nocheck;
|
||||
|
||||
#ifdef FIONREAD
|
||||
#if defined(FIONREAD) && !defined(__MINGW32__)
|
||||
if (canbepipe && (ioctl(fd, FIONREAD, &t) == -1 || t == 0)) {
|
||||
#ifdef FD_ZERO
|
||||
ssize_t cnt;
|
||||
@ -444,7 +468,7 @@ sread(int fd, void *buf, size_t n, int canbepipe __attribute__((__unused__)))
|
||||
return rn;
|
||||
}
|
||||
|
||||
protected int
|
||||
file_protected int
|
||||
file_pipe2file(struct magic_set *ms, int fd, const void *startbuf,
|
||||
size_t nbytes)
|
||||
{
|
||||
@ -536,13 +560,19 @@ file_pipe2file(struct magic_set *ms, int fd, const void *startbuf,
|
||||
#define FCOMMENT (1 << 4)
|
||||
|
||||
|
||||
private int
|
||||
file_private int
|
||||
uncompressgzipped(const unsigned char *old, unsigned char **newch,
|
||||
size_t bytes_max, size_t *n)
|
||||
size_t bytes_max, size_t *n, int extra __attribute__((__unused__)))
|
||||
{
|
||||
unsigned char flg = old[3];
|
||||
unsigned char flg;
|
||||
size_t data_start = 10;
|
||||
|
||||
if (*n < 4) {
|
||||
goto err;
|
||||
}
|
||||
|
||||
flg = old[3];
|
||||
|
||||
if (flg & FEXTRA) {
|
||||
if (data_start + 1 >= *n)
|
||||
goto err;
|
||||
@ -571,16 +601,14 @@ uncompressgzipped(const unsigned char *old, unsigned char **newch,
|
||||
return makeerror(newch, n, "File too short");
|
||||
}
|
||||
|
||||
private int
|
||||
file_private int
|
||||
uncompresszlib(const unsigned char *old, unsigned char **newch,
|
||||
size_t bytes_max, size_t *n, int zlib)
|
||||
{
|
||||
int rc;
|
||||
z_stream z;
|
||||
|
||||
if ((*newch = CAST(unsigned char *, malloc(bytes_max + 1))) == NULL)
|
||||
return makeerror(newch, n, "No buffer, %s", strerror(errno));
|
||||
|
||||
DPRINTF("builtin zlib decompression\n");
|
||||
z.next_in = CCAST(Bytef *, old);
|
||||
z.avail_in = CAST(uint32_t, *n);
|
||||
z.next_out = *newch;
|
||||
@ -595,8 +623,10 @@ uncompresszlib(const unsigned char *old, unsigned char **newch,
|
||||
goto err;
|
||||
|
||||
rc = inflate(&z, Z_SYNC_FLUSH);
|
||||
if (rc != Z_OK && rc != Z_STREAM_END)
|
||||
if (rc != Z_OK && rc != Z_STREAM_END) {
|
||||
inflateEnd(&z);
|
||||
goto err;
|
||||
}
|
||||
|
||||
*n = CAST(size_t, z.total_out);
|
||||
rc = inflateEnd(&z);
|
||||
@ -608,36 +638,34 @@ uncompresszlib(const unsigned char *old, unsigned char **newch,
|
||||
|
||||
return OKDATA;
|
||||
err:
|
||||
strlcpy(RCAST(char *, *newch), z.msg ? z.msg : zError(rc), bytes_max);
|
||||
*n = strlen(RCAST(char *, *newch));
|
||||
return ERRDATA;
|
||||
return makeerror(newch, n, "%s", z.msg ? z.msg : zError(rc));
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef BUILTIN_BZLIB
|
||||
private int
|
||||
file_private int
|
||||
uncompressbzlib(const unsigned char *old, unsigned char **newch,
|
||||
size_t bytes_max, size_t *n)
|
||||
size_t bytes_max, size_t *n, int extra __attribute__((__unused__)))
|
||||
{
|
||||
int rc;
|
||||
bz_stream bz;
|
||||
|
||||
DPRINTF("builtin bzlib decompression\n");
|
||||
memset(&bz, 0, sizeof(bz));
|
||||
rc = BZ2_bzDecompressInit(&bz, 0, 0);
|
||||
if (rc != BZ_OK)
|
||||
goto err;
|
||||
|
||||
if ((*newch = CAST(unsigned char *, malloc(bytes_max + 1))) == NULL)
|
||||
return makeerror(newch, n, "No buffer, %s", strerror(errno));
|
||||
|
||||
bz.next_in = CCAST(char *, RCAST(const char *, old));
|
||||
bz.avail_in = CAST(uint32_t, *n);
|
||||
bz.next_out = RCAST(char *, *newch);
|
||||
bz.avail_out = CAST(unsigned int, bytes_max);
|
||||
|
||||
rc = BZ2_bzDecompress(&bz);
|
||||
if (rc != BZ_OK && rc != BZ_STREAM_END)
|
||||
if (rc != BZ_OK && rc != BZ_STREAM_END) {
|
||||
BZ2_bzDecompressEnd(&bz);
|
||||
goto err;
|
||||
}
|
||||
|
||||
/* Assume byte_max is within 32bit */
|
||||
/* assert(bz.total_out_hi32 == 0); */
|
||||
@ -651,36 +679,34 @@ uncompressbzlib(const unsigned char *old, unsigned char **newch,
|
||||
|
||||
return OKDATA;
|
||||
err:
|
||||
snprintf(RCAST(char *, *newch), bytes_max, "bunzip error %d", rc);
|
||||
*n = strlen(RCAST(char *, *newch));
|
||||
return ERRDATA;
|
||||
return makeerror(newch, n, "bunzip error %d", rc);
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef BUILTIN_XZLIB
|
||||
private int
|
||||
file_private int
|
||||
uncompressxzlib(const unsigned char *old, unsigned char **newch,
|
||||
size_t bytes_max, size_t *n)
|
||||
size_t bytes_max, size_t *n, int extra __attribute__((__unused__)))
|
||||
{
|
||||
int rc;
|
||||
lzma_stream xz;
|
||||
|
||||
DPRINTF("builtin xzlib decompression\n");
|
||||
memset(&xz, 0, sizeof(xz));
|
||||
rc = lzma_auto_decoder(&xz, UINT64_MAX, 0);
|
||||
if (rc != LZMA_OK)
|
||||
goto err;
|
||||
|
||||
if ((*newch = CAST(unsigned char *, malloc(bytes_max + 1))) == NULL)
|
||||
return makeerror(newch, n, "No buffer, %s", strerror(errno));
|
||||
|
||||
xz.next_in = CCAST(const uint8_t *, old);
|
||||
xz.avail_in = CAST(uint32_t, *n);
|
||||
xz.next_out = RCAST(uint8_t *, *newch);
|
||||
xz.avail_out = CAST(unsigned int, bytes_max);
|
||||
|
||||
rc = lzma_code(&xz, LZMA_RUN);
|
||||
if (rc != LZMA_OK && rc != LZMA_STREAM_END)
|
||||
if (rc != LZMA_OK && rc != LZMA_STREAM_END) {
|
||||
lzma_end(&xz);
|
||||
goto err;
|
||||
}
|
||||
|
||||
*n = CAST(size_t, xz.total_out);
|
||||
|
||||
@ -691,9 +717,115 @@ uncompressxzlib(const unsigned char *old, unsigned char **newch,
|
||||
|
||||
return OKDATA;
|
||||
err:
|
||||
snprintf(RCAST(char *, *newch), bytes_max, "unxz error %d", rc);
|
||||
*n = strlen(RCAST(char *, *newch));
|
||||
return ERRDATA;
|
||||
return makeerror(newch, n, "unxz error %d", rc);
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef BUILTIN_ZSTDLIB
|
||||
file_private int
|
||||
uncompresszstd(const unsigned char *old, unsigned char **newch,
|
||||
size_t bytes_max, size_t *n, int extra __attribute__((__unused__)))
|
||||
{
|
||||
size_t rc;
|
||||
ZSTD_DStream *zstd;
|
||||
ZSTD_inBuffer in;
|
||||
ZSTD_outBuffer out;
|
||||
|
||||
DPRINTF("builtin zstd decompression\n");
|
||||
if ((zstd = ZSTD_createDStream()) == NULL) {
|
||||
return makeerror(newch, n, "No ZSTD decompression stream, %s",
|
||||
strerror(errno));
|
||||
}
|
||||
|
||||
rc = ZSTD_DCtx_reset(zstd, ZSTD_reset_session_only);
|
||||
if (ZSTD_isError(rc))
|
||||
goto err;
|
||||
|
||||
in.src = CCAST(const void *, old);
|
||||
in.size = *n;
|
||||
in.pos = 0;
|
||||
out.dst = RCAST(void *, *newch);
|
||||
out.size = bytes_max;
|
||||
out.pos = 0;
|
||||
|
||||
rc = ZSTD_decompressStream(zstd, &out, &in);
|
||||
if (ZSTD_isError(rc))
|
||||
goto err;
|
||||
|
||||
*n = out.pos;
|
||||
|
||||
ZSTD_freeDStream(zstd);
|
||||
|
||||
/* let's keep the nul-terminate tradition */
|
||||
(*newch)[*n] = '\0';
|
||||
|
||||
return OKDATA;
|
||||
err:
|
||||
ZSTD_freeDStream(zstd);
|
||||
return makeerror(newch, n, "zstd error %d", ZSTD_getErrorCode(rc));
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef BUILTIN_LZLIB
|
||||
file_private int
|
||||
uncompresslzlib(const unsigned char *old, unsigned char **newch,
|
||||
size_t bytes_max, size_t *n, int extra __attribute__((__unused__)))
|
||||
{
|
||||
enum LZ_Errno err;
|
||||
size_t old_remaining = *n;
|
||||
size_t new_remaining = bytes_max;
|
||||
size_t total_read = 0;
|
||||
unsigned char *bufp;
|
||||
struct LZ_Decoder *dec;
|
||||
|
||||
bufp = *newch;
|
||||
|
||||
DPRINTF("builtin lzlib decompression\n");
|
||||
dec = LZ_decompress_open();
|
||||
if (!dec) {
|
||||
return makeerror(newch, n, "unable to allocate LZ_Decoder");
|
||||
}
|
||||
if (LZ_decompress_errno(dec) != LZ_ok)
|
||||
goto err;
|
||||
|
||||
for (;;) {
|
||||
// LZ_decompress_read() stops at member boundaries, so we may
|
||||
// have more than one successful read after writing all data
|
||||
// we have.
|
||||
if (old_remaining > 0) {
|
||||
int wr = LZ_decompress_write(dec, old, old_remaining);
|
||||
if (wr < 0)
|
||||
goto err;
|
||||
old_remaining -= wr;
|
||||
old += wr;
|
||||
}
|
||||
|
||||
int rd = LZ_decompress_read(dec, bufp, new_remaining);
|
||||
if (rd > 0) {
|
||||
new_remaining -= rd;
|
||||
bufp += rd;
|
||||
total_read += rd;
|
||||
}
|
||||
|
||||
if (rd < 0 || LZ_decompress_errno(dec) != LZ_ok)
|
||||
goto err;
|
||||
if (new_remaining == 0)
|
||||
break;
|
||||
if (old_remaining == 0 && rd == 0)
|
||||
break;
|
||||
}
|
||||
|
||||
LZ_decompress_close(dec);
|
||||
*n = total_read;
|
||||
|
||||
/* let's keep the nul-terminate tradition */
|
||||
*bufp = '\0';
|
||||
|
||||
return OKDATA;
|
||||
err:
|
||||
err = LZ_decompress_errno(dec);
|
||||
LZ_decompress_close(dec);
|
||||
return makeerror(newch, n, "lzlib error: %s", LZ_strerror(err));
|
||||
}
|
||||
#endif
|
||||
|
||||
@ -705,10 +837,13 @@ makeerror(unsigned char **buf, size_t *len, const char *fmt, ...)
|
||||
va_list ap;
|
||||
int rv;
|
||||
|
||||
DPRINTF("Makeerror %s\n", fmt);
|
||||
free(*buf);
|
||||
va_start(ap, fmt);
|
||||
rv = vasprintf(&msg, fmt, ap);
|
||||
va_end(ap);
|
||||
if (rv < 0) {
|
||||
DPRINTF("Makeerror failed");
|
||||
*buf = NULL;
|
||||
*len = 0;
|
||||
return NODATA;
|
||||
@ -747,7 +882,7 @@ movedesc(void *v, int i, int fd)
|
||||
#else
|
||||
if (dup2(fd, i) == -1) {
|
||||
DPRINTF("dup(%d, %d) failed (%s)\n", fd, i, strerror(errno));
|
||||
exit(1);
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
close(v ? fd : fd);
|
||||
#endif
|
||||
@ -804,15 +939,15 @@ writechild(int fd, const void *old, size_t n)
|
||||
pid = fork();
|
||||
if (pid == -1) {
|
||||
DPRINTF("Fork failed (%s)\n", strerror(errno));
|
||||
exit(1);
|
||||
return -1;
|
||||
}
|
||||
if (pid == 0) {
|
||||
/* child */
|
||||
if (swrite(fd, old, n) != CAST(ssize_t, n)) {
|
||||
DPRINTF("Write failed (%s)\n", strerror(errno));
|
||||
exit(1);
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
exit(0);
|
||||
exit(EXIT_SUCCESS);
|
||||
}
|
||||
/* parent */
|
||||
return pid;
|
||||
@ -846,7 +981,7 @@ filter_error(unsigned char *ubuf, ssize_t n)
|
||||
return n;
|
||||
}
|
||||
|
||||
private const char *
|
||||
file_private const char *
|
||||
methodname(size_t method)
|
||||
{
|
||||
switch (method) {
|
||||
@ -863,45 +998,80 @@ methodname(size_t method)
|
||||
case METH_XZ:
|
||||
case METH_LZMA:
|
||||
return "xzlib";
|
||||
#endif
|
||||
#ifdef BUILTIN_ZSTDLIB
|
||||
case METH_ZSTD:
|
||||
return "zstd";
|
||||
#endif
|
||||
#ifdef BUILTIN_LZLIB
|
||||
case METH_LZIP:
|
||||
return "lzlib";
|
||||
#endif
|
||||
default:
|
||||
return compr[method].argv[0];
|
||||
}
|
||||
}
|
||||
|
||||
private int
|
||||
uncompressbuf(int fd, size_t bytes_max, size_t method, const unsigned char *old,
|
||||
unsigned char **newch, size_t* n)
|
||||
file_private int (*
|
||||
getdecompressor(size_t method))(const unsigned char *, unsigned char **, size_t,
|
||||
size_t *, int)
|
||||
{
|
||||
switch (method) {
|
||||
#ifdef BUILTIN_DECOMPRESS
|
||||
case METH_FROZEN:
|
||||
return uncompressgzipped;
|
||||
case METH_ZLIB:
|
||||
return uncompresszlib;
|
||||
#endif
|
||||
#ifdef BUILTIN_BZLIB
|
||||
case METH_BZIP:
|
||||
return uncompressbzlib;
|
||||
#endif
|
||||
#ifdef BUILTIN_XZLIB
|
||||
case METH_XZ:
|
||||
case METH_LZMA:
|
||||
return uncompressxzlib;
|
||||
#endif
|
||||
#ifdef BUILTIN_ZSTDLIB
|
||||
case METH_ZSTD:
|
||||
return uncompresszstd;
|
||||
#endif
|
||||
#ifdef BUILTIN_LZLIB
|
||||
case METH_LZIP:
|
||||
return uncompresslzlib;
|
||||
#endif
|
||||
default:
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
|
||||
file_private int
|
||||
uncompressbuf(int fd, size_t bytes_max, size_t method, int nofork,
|
||||
const unsigned char *old, unsigned char **newch, size_t* n)
|
||||
{
|
||||
int fdp[3][2];
|
||||
int status, rv, w;
|
||||
pid_t pid;
|
||||
pid_t writepid = -1;
|
||||
size_t i;
|
||||
ssize_t r;
|
||||
ssize_t r, re;
|
||||
char *const *args;
|
||||
#ifdef HAVE_POSIX_SPAWNP
|
||||
posix_spawn_file_actions_t fa;
|
||||
#endif
|
||||
int (*decompress)(const unsigned char *, unsigned char **,
|
||||
size_t, size_t *, int) = getdecompressor(method);
|
||||
|
||||
switch (method) {
|
||||
#ifdef BUILTIN_DECOMPRESS
|
||||
case METH_FROZEN:
|
||||
return uncompressgzipped(old, newch, bytes_max, n);
|
||||
case METH_ZLIB:
|
||||
return uncompresszlib(old, newch, bytes_max, n, 1);
|
||||
#endif
|
||||
#ifdef BUILTIN_BZLIB
|
||||
case METH_BZIP:
|
||||
return uncompressbzlib(old, newch, bytes_max, n);
|
||||
#endif
|
||||
#ifdef BUILTIN_XZLIB
|
||||
case METH_XZ:
|
||||
case METH_LZMA:
|
||||
return uncompressxzlib(old, newch, bytes_max, n);
|
||||
#endif
|
||||
default:
|
||||
break;
|
||||
*newch = CAST(unsigned char *, malloc(bytes_max + 1));
|
||||
if (*newch == NULL)
|
||||
return makeerror(newch, n, "No buffer, %s", strerror(errno));
|
||||
|
||||
if (decompress) {
|
||||
if (nofork) {
|
||||
return makeerror(newch, n,
|
||||
"Fork is required to uncompress, but disabled");
|
||||
}
|
||||
return (*decompress)(old, newch, bytes_max, n, 1);
|
||||
}
|
||||
|
||||
(void)fflush(stdout);
|
||||
@ -916,7 +1086,7 @@ uncompressbuf(int fd, size_t bytes_max, size_t method, const unsigned char *old,
|
||||
* analyze two large compressed files, both will spawn
|
||||
* an uncompressing child here, which writes out uncompressed data.
|
||||
* We read some portion, then close the pipe, then waitpid() the child.
|
||||
* If uncompressed data is larger, child shound get EPIPE and exit.
|
||||
* If uncompressed data is larger, child should get EPIPE and exit.
|
||||
* However, with *parallel* calls OTHER child may unintentionally
|
||||
* inherit pipe fds, thus keeping pipe open and making writes in
|
||||
* our child block instead of failing with EPIPE!
|
||||
@ -939,6 +1109,7 @@ uncompressbuf(int fd, size_t bytes_max, size_t method, const unsigned char *old,
|
||||
|
||||
handledesc(&fa, fd, fdp);
|
||||
|
||||
DPRINTF("Executing %s\n", compr[method].argv[0]);
|
||||
status = posix_spawnp(&pid, compr[method].argv[0], &fa, NULL,
|
||||
args, NULL);
|
||||
|
||||
@ -964,11 +1135,12 @@ uncompressbuf(int fd, size_t bytes_max, size_t method, const unsigned char *old,
|
||||
* do not modify fdp[i][j].
|
||||
*/
|
||||
handledesc(NULL, fd, fdp);
|
||||
DPRINTF("Executing %s\n", compr[method].argv[0]);
|
||||
|
||||
(void)execvp(compr[method].argv[0], args);
|
||||
dprintf(STDERR_FILENO, "exec `%s' failed, %s",
|
||||
compr[method].argv[0], strerror(errno));
|
||||
_exit(1); /* _exit(), not exit(), because of vfork */
|
||||
_exit(EXIT_FAILURE); /* _exit(), not exit(), because of vfork */
|
||||
}
|
||||
#endif
|
||||
/* parent */
|
||||
@ -979,39 +1151,45 @@ uncompressbuf(int fd, size_t bytes_max, size_t method, const unsigned char *old,
|
||||
if (fd == -1) {
|
||||
closefd(fdp[STDIN_FILENO], 0);
|
||||
writepid = writechild(fdp[STDIN_FILENO][1], old, *n);
|
||||
if (writepid == (pid_t)-1) {
|
||||
rv = makeerror(newch, n, "Write to child failed, %s",
|
||||
strerror(errno));
|
||||
DPRINTF("Write to child failed\n");
|
||||
goto err;
|
||||
}
|
||||
closefd(fdp[STDIN_FILENO], 1);
|
||||
}
|
||||
|
||||
*newch = CAST(unsigned char *, malloc(bytes_max + 1));
|
||||
if (*newch == NULL) {
|
||||
rv = makeerror(newch, n, "No buffer, %s",
|
||||
strerror(errno));
|
||||
goto err;
|
||||
}
|
||||
rv = OKDATA;
|
||||
errno = 0;
|
||||
r = sread(fdp[STDOUT_FILENO][0], *newch, bytes_max, 0);
|
||||
if (r == 0 && errno == 0)
|
||||
goto ok;
|
||||
if (r <= 0) {
|
||||
DPRINTF("Read stdout failed %d (%s)\n", fdp[STDOUT_FILENO][0],
|
||||
r != -1 ? strerror(errno) : "no data");
|
||||
|
||||
DPRINTF("read got %zd\n", r);
|
||||
if (r < 0) {
|
||||
rv = ERRDATA;
|
||||
if (r == 0 &&
|
||||
(r = sread(fdp[STDERR_FILENO][0], *newch, bytes_max, 0)) > 0)
|
||||
{
|
||||
r = filter_error(*newch, r);
|
||||
goto ok;
|
||||
}
|
||||
free(*newch);
|
||||
if (r == 0)
|
||||
rv = makeerror(newch, n, "Read failed, %s",
|
||||
strerror(errno));
|
||||
else
|
||||
rv = makeerror(newch, n, "No data");
|
||||
DPRINTF("Read stdout failed %d (%s)\n", fdp[STDOUT_FILENO][0],
|
||||
strerror(errno));
|
||||
goto err;
|
||||
}
|
||||
if (CAST(size_t, r) == bytes_max) {
|
||||
/*
|
||||
* close fd so that the child exits with sigpipe and ignore
|
||||
* errors, otherwise we risk the child blocking and never
|
||||
* exiting.
|
||||
*/
|
||||
DPRINTF("Closing stdout for bytes_max\n");
|
||||
closefd(fdp[STDOUT_FILENO], 0);
|
||||
goto ok;
|
||||
}
|
||||
if ((re = sread(fdp[STDERR_FILENO][0], *newch, bytes_max, 0)) > 0) {
|
||||
DPRINTF("Got stuff from stderr %s\n", *newch);
|
||||
rv = ERRDATA;
|
||||
r = filter_error(*newch, r);
|
||||
goto ok;
|
||||
}
|
||||
if (re == 0)
|
||||
goto ok;
|
||||
rv = makeerror(newch, n, "Read stderr failed, %s",
|
||||
strerror(errno));
|
||||
goto err;
|
||||
ok:
|
||||
*n = r;
|
||||
/* NUL terminate, as every buffer is handled here. */
|
||||
@ -1024,7 +1202,6 @@ uncompressbuf(int fd, size_t bytes_max, size_t method, const unsigned char *old,
|
||||
w = waitpid(pid, &status, 0);
|
||||
wait_err:
|
||||
if (w == -1) {
|
||||
free(*newch);
|
||||
rv = makeerror(newch, n, "Wait failed, %s", strerror(errno));
|
||||
DPRINTF("Child wait return %#x\n", status);
|
||||
} else if (!WIFEXITED(status)) {
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user