new sdb (microsoft jet database) magic from joerg jenderek

diff --git a/magic/Magdir/database b/magic/Magdir/database
index 04d40ae54549ae5ad2cf3673a5a632ccef30ec2c..28efa4188f47d41abff3f53ce1689c2cecf65e78 100644 (file)
--- a/magic/Magdir/database
+++ b/magic/Magdir/database
@@ -1,6 +1,6 @@
 
 #------------------------------------------------------------------------------
-# $File: database,v 1.46 2015/09/27 05:40:08 christos Exp $
+# $File: database,v 1.47 2016/01/08 00:41:02 christos Exp $
 # database:  file(1) magic for various databases
 #
 # extracted from header/code files by Graeme Wilford (eep2gw@ee.surrey.ac.uk)
@@ -460,6 +460,52 @@
 4      string  Standard\ ACE\ DB       Microsoft Access Database
 !:mime application/x-msaccess
 
+# From: Joerg Jenderek
+# URL: http://fileformats.archiveteam.org/wiki/Extensible_Storage_Engine
+# Reference: https://github.com/libyal/libesedb/archive/master.zip
+#      libesedb-master/documentation/
+#      Extensible Storage Engine (ESE) Database File (EDB) format.asciidoc
+# Note: also known as "JET Blue". Used by numerous Windows components such as 
+# Windows Search, Mail, Exchange and Active Directory.
+4      ubelong         0xefcdab89      
+# unknown1
+>132   ubelong         0               Extensible storage engine
+!:mime application/x-ms-ese
+# file_type 0~database 1~stream
+>>12   ulelong         0               DataBase
+# Security DataBase (sdb)
+!:ext  edb/sdb
+>>12   ulelong         1               STreaMing
+!:ext  stm
+# format_version 620h
+>>8    uleshort        x               \b, version 0x%x
+>>10   uleshort        >0              revision 0x%4.4x
+>>0    ubelong         x               \b, checksum 0x%8.8x
+# Page size 4096 8192 32768
+>>236  ulequad         x               \b, page size %lld
+# database_state
+>>52   ulelong         1               \b, JustCreated
+>>52   ulelong         2               \b, DirtyShutdown
+#>>52  ulelong         3               \b, CleanShutdown
+>>52   ulelong         4               \b, BeingConverted
+>>52   ulelong         5               \b, ForceDetach
+# Windows NT major version when the databases indexes were updated.
+>>216  ulelong         x               \b, Windows version %d
+# Windows NT minor version
+>>220  ulelong         x               \b.%d
+
+# From: Joerg Jenderek
+# URL: http://forensicswiki.org/wiki/Windows_Application_Compatibility
+# Note: files contain application compatibility fixes, application compatibility modes and application help messages.
+8      string          sdbf            
+>7     ubyte           0               
+# TAG_TYPE_LIST+TAG_INDEXES
+>>12   uleshort        0x7802          Windows application compatibility Shim DataBase
+# version? 2 3
+#>>>0  ulelong         x               \b, version %d
+!:mime application/x-ms-sdb
+!:ext  sdb
+
 # TDB database from Samba et al - Martin Pool <mbp@samba.org>
 0      string  TDB\ file               TDB database
 >32    lelong  0x2601196D              version 6, little-endian