#-----------------------------------------------------------------------------
-# $File: misctools,v 1.14 2014/03/06 16:08:58 christos Exp $
+# $File: misctools,v 1.15 2015/04/15 18:29:30 christos Exp $
# misctools: file(1) magic for miscellaneous UNIX tools.
#
0 search/1 %%!! X-Post-It-Note text
0 search/80 .lo\ -\ a\ libtool\ object\ file libtool object file
# From: Daniel Novotny <dnovotny@redhat.com>
-0 string MDMP\x93\xA7 MDMP crash report data
+# Update: Joerg Jenderek
+# URL: https://en.wikipedia.org/wiki/Core_dump#User-mode_memory_dumps
+# Reference: https://msdn.microsoft.com/en-us/library/ms680378%28VS.85%29.aspx
+#
+# "Windows Minidump" by TrID
+# ./misctools (version 5.25) labeled the entry as "MDMP crash report data"
+0 string MDMP Mini DuMP crash report
+# http://filext.com/file-extension/DMP
+!:mime application/x-dmp
+!:ext dmp/mdmp
+# The high-order word is an internal value that is implementation specific.
+# The low-order word is MINIDUMP_VERSION 0xA793
+>4 ulelong&0x0000FFFF !0xA793 \b, version 0x%4.4x
+# NumberOfStreams 8,9,10,13
+>8 ulelong x \b, %d streams
+# StreamDirectoryRva 0x20
+>12 ulelong !0x20 \b, 0x%8.8x RVA
+# CheckSum 0
+>16 ulelong !0 \b, CheckSum 0x%8.8x
+# Reserved or TimeDateStamp
+>20 ledate x \b, %s
+# https://msdn.microsoft.com/en-us/library/windows/desktop/ms680519%28v=vs.85%29.aspx
+# Flags MINIDUMP_TYPE enumeration type 0 0x121 0x800
+>24 ulelong x \b, 0x%x type
+# >24 ulelong >0 \b; include
+# >>24 ulelong &0x00000001 \b data sections,
+# >>24 ulelong &0x00000020 \b list of unloaded modules,
+# >>24 ulelong &0x00000100 \b process and thread information,
+# >>24 ulelong &0x00000800 \b memory information,
# Summary: abook addressbook file
# Submitted by: Mark Schreiber <mark7@alumni.cmu.edu>
projects / file / commitdiff