+2006-03-02 16:06 Christos Zoulas <christos@zoulas.com>
+
+ * Print empty if the file is (Mike Frysinger)
+
+ * Don't try to read past the end of the buffer (Mike Frysinger)
+
+ * Sort magic entries by strength [experimental]
2005-11-29 13:26 Christos Zoulas <christos@zoulas.com>
-# Makefile.in generated by automake 1.9.5 from Makefile.am.
+# Makefile.in generated by automake 1.9.6 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# generated automatically by aclocal 1.9.5 -*- Autoconf -*-
+# generated automatically by aclocal 1.9.6 -*- Autoconf -*-
# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004,
# 2005 Free Software Foundation, Inc.
AC_LIBTOOL_SYS_LIB_STRIP
AC_LIBTOOL_DLOPEN_SELF($1)
-# Report which library types will actually be built
+# Report which librarie types wil actually be built
AC_MSG_CHECKING([if libtool supports shared libraries])
AC_MSG_RESULT([$can_build_shared])
# Call AM_AUTOMAKE_VERSION so it can be traced.
# This function is AC_REQUIREd by AC_INIT_AUTOMAKE.
AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION],
- [AM_AUTOMAKE_VERSION([1.9.5])])
+ [AM_AUTOMAKE_VERSION([1.9.6])])
# AM_AUX_DIR_EXPAND -*- Autoconf -*-
# Define the identity of the package.
PACKAGE=file
- VERSION=4.16
+ VERSION=4.17
cat >>confdefs.h <<_ACEOF
fi
-# Report which library types will actually be built
+# Report which librarie types wil actually be built
echo "$as_me:$LINENO: checking if libtool supports shared libraries" >&5
echo $ECHO_N "checking if libtool supports shared libraries... $ECHO_C" >&6
echo "$as_me:$LINENO: result: $can_build_shared" >&5
dnl Process this file with autoconf to produce a configure script.
AC_INIT
AC_CONFIG_SRCDIR([src/file.c])
-AM_INIT_AUTOMAKE(file, 4.16)
+AM_INIT_AUTOMAKE(file, 4.17)
AM_CONFIG_HEADER([config.h])
AM_MAINTAINER_MODE
-# Makefile.in generated by automake 1.9.5 from Makefile.am.
+# Makefile.in generated by automake 1.9.6 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
#>3 byte&0x03 3 \b, NR: CCIT J.17
# MPA, M1A
-0 beshort&0xFFFE 0xFFFE MPEG ADTS, layer I, v1
+# modified by Joerg Jenderek
+# GRR the original test are too common for many DOS files, so test 32 <= kbits <= 448
+0 beshort&0xFFFE 0xFFFE
+>2 byte&0xF0 >0x0F
+>>2 byte&0xF0 <0xE1 MPEG ADTS, layer I, v1
# rate
->2 byte&0xF0 0x10 \b, 32 kBits
->2 byte&0xF0 0x20 \b, 64 kBits
->2 byte&0xF0 0x30 \b, 96 kBits
->2 byte&0xF0 0x40 \b, 128 kBits
->2 byte&0xF0 0x50 \b, 160 kBits
->2 byte&0xF0 0x60 \b, 192 kBits
->2 byte&0xF0 0x70 \b, 224 kBits
->2 byte&0xF0 0x80 \b, 256 kBits
->2 byte&0xF0 0x90 \b, 288 kBits
->2 byte&0xF0 0xA0 \b, 320 kBits
->2 byte&0xF0 0xB0 \b, 352 kBits
->2 byte&0xF0 0xC0 \b, 384 kBits
->2 byte&0xF0 0xD0 \b, 416 kBits
->2 byte&0xF0 0xE0 \b, 448 kBits
+>>>2 byte&0xF0 0x10 \b, 32 kBits
+>>>2 byte&0xF0 0x20 \b, 64 kBits
+>>>2 byte&0xF0 0x30 \b, 96 kBits
+>>>2 byte&0xF0 0x40 \b, 128 kBits
+>>>2 byte&0xF0 0x50 \b, 160 kBits
+>>>2 byte&0xF0 0x60 \b, 192 kBits
+>>>2 byte&0xF0 0x70 \b, 224 kBits
+>>>2 byte&0xF0 0x80 \b, 256 kBits
+>>>2 byte&0xF0 0x90 \b, 288 kBits
+>>>2 byte&0xF0 0xA0 \b, 320 kBits
+>>>2 byte&0xF0 0xB0 \b, 352 kBits
+>>>2 byte&0xF0 0xC0 \b, 384 kBits
+>>>2 byte&0xF0 0xD0 \b, 416 kBits
+>>>2 byte&0xF0 0xE0 \b, 448 kBits
# timing
->2 byte&0x0C 0x00 \b, 44.1 kHz
->2 byte&0x0C 0x04 \b, 48 kHz
->2 byte&0x0C 0x08 \b, 32 kHz
+>>>2 byte&0x0C 0x00 \b, 44.1 kHz
+>>>2 byte&0x0C 0x04 \b, 48 kHz
+>>>2 byte&0x0C 0x08 \b, 32 kHz
# channels/options
->3 byte&0xC0 0x00 \b, Stereo
->3 byte&0xC0 0x40 \b, JntStereo
->3 byte&0xC0 0x80 \b, 2x Monaural
->3 byte&0xC0 0xC0 \b, Monaural
+>>>3 byte&0xC0 0x00 \b, Stereo
+>>>3 byte&0xC0 0x40 \b, JntStereo
+>>>3 byte&0xC0 0x80 \b, 2x Monaural
+>>>3 byte&0xC0 0xC0 \b, Monaural
#>1 byte ^0x01 \b, Data Verify
#>2 byte &0x02 \b, Packet Pad
#>2 byte &0x01 \b, Custom Flag
# From: Toby Peterson <toby@apple.com>
0 string bplist00 Apple binary property list
+
+# Apple binary property list (bplist)
+# Assumes version bytes are hex.
+# Provides content hints for version 0 files. Assumes that the root
+# object is the first object (true for CoreFoundation implementation).
+# From: David Remahl <dremahl@apple.com>
+0 string bplist
+>6 byte x \bCoreFoundation binary property list data, version 0x%c
+>>7 byte x \b%c
+>6 string 00 \b
+>>8 byte&0xF0 0x00 \b
+>>>8 byte&0x0F 0x00 \b, root type: null
+>>>8 byte&0x0F 0x08 \b, root type: false boolean
+>>>8 byte&0x0F 0x09 \b, root type: true boolean
+>>8 byte&0xF0 0x10 \b, root type: integer
+>>8 byte&0xF0 0x20 \b, root type: real
+>>8 byte&0xF0 0x30 \b, root type: date
+>>8 byte&0xF0 0x40 \b, root type: data
+>>8 byte&0xF0 0x50 \b, root type: ascii string
+>>8 byte&0xF0 0x60 \b, root type: unicode string
+>>8 byte&0xF0 0x80 \b, root type: uid (CORRUPT)
+>>8 byte&0xF0 0xa0 \b, root type: array
+>>8 byte&0xF0 0xd0 \b, root type: dictionary
+
+# Apple/NeXT typedstream data
+# Serialization format used by NeXT and Apple for various
+# purposes in YellowStep/Cocoa, including some nib files.
+# From: David Remahl <dremahl@apple.com>
+2 string typedstream NeXT/Apple typedstream data, big endian
+>0 byte x \b, version %hhd
+>0 byte <5 \b
+>>13 byte 0x81 \b
+>>>14 ubeshort x \b, system %hd
+2 string streamtyped NeXT/Apple typedstream data, little endian
+>0 byte x \b, version %hhd
+>0 byte <5 \b
+>>13 byte 0x81 \b
+>>>14 uleshort x \b, system %hd
0 string PPMZ PPMZ archive data
# MS Compress
4 string \x88\xf0\x27 MS Compress archive data
+# updated by Joerg Jenderek
+>9 string \0
+>>0 string KWAJ
+>>>7 string \321\003 MS Compress archive data
+>>>>14 ulong >0 \b, original size: %ld bytes
+>>>>18 ubyte >0x65
+>>>>>18 string x \b, was %.8s
+>>>>>(10.b-4) string x \b.%.3s
# MP3 (archiver, not lossy audio compression)
0 string MP3\x1a MP3-Archiver archive data
# ZET
0 string UC2\x1a UC2 archive data
# ZIP archives (Greg Roelofs, c/o zip-bugs@wkuvx1.wku.edu)
-0 string PK\003\004 Zip archive data
->4 byte 0x09 \b, at least v0.9 to extract
->4 byte 0x0a \b, at least v1.0 to extract
->4 byte 0x0b \b, at least v1.1 to extract
->4 byte 0x14 \b, at least v2.0 to extract
+0 string PK\003\004
+>4 byte 0x09 Zip archive data, at least v0.9 to extract
+>4 byte 0x0a Zip archive data, at least v1.0 to extract
+>4 byte 0x0b Zip archive data, at least v1.1 to extract
+>4 byte 0x14
+>>30 ubelong !0x6d696d65 Zip archive data, at least v2.0 to extract
+
+# OpenOffice.org / KOffice / StarOffice documents
+# From: Abel Cheung <abel@oaka.org>
+# Listed here because they are basically zip files
+>>30 string mimetype
+
+# KOffice (1.2 or above) formats
+>>>50 string vnd.kde. KOffice (>=1.2)
+>>>>58 string karbon Karbon document
+>>>>58 string kchart KChart document
+>>>>58 string kformula KFormula document
+>>>>58 string kivio Kivio document
+>>>>58 string kontour Kontour document
+>>>>58 string kpresenter KPresenter document
+>>>>58 string kspread KSpread document
+>>>>58 string kword KWord document
+
+# OpenOffice formats (for OpenOffice 1.x / StarOffice 6/7)
+>>>50 string vnd.sun.xml. OpenOffice.org 1.x
+>>>>62 string writer Writer
+>>>>>68 byte !0x2e document
+>>>>>68 string .template template
+>>>>>68 string .global global document
+>>>>62 string calc Calc
+>>>>>66 byte !0x2e spreadsheet
+>>>>>66 string .template template
+>>>>62 string draw Draw
+>>>>>66 byte !0x2e document
+>>>>>66 string .template template
+>>>>62 string impress Impress
+>>>>>69 byte !0x2e presentation
+>>>>>69 string .template template
+>>>>62 string math Math document
+
+# OpenDocument formats (for OpenOffice 2.x / StarOffice >= 8)
+# http://lists.oasis-open.org/archives/office/200505/msg00006.html
+>>>50 string vnd.oasis.opendocument. OpenDocument
+>>>>73 string text
+>>>>>77 byte !0x2d Text
+>>>>>77 string -template Text Template
+>>>>>77 string -web HTML Document Template
+>>>>>77 string -master Master Document
+>>>>73 string graphics Drawing
+>>>>>81 string -template Template
+>>>>73 string presentation Presentation
+>>>>>85 string -template Template
+>>>>73 string spreadsheet Spreadsheet
+>>>>>84 string -template Template
+>>>>73 string chart Chart
+>>>>>78 string -template Template
+>>>>73 string formula Formula
+>>>>>80 string -template Template
+>>>>73 string database Database
+>>>>73 string image Image
# Zoo archiver
20 lelong 0xfdc4a7dc Zoo archive data
>122 byte&0x1 =1 PAL
>122 byte&0x1 =0 NTSC
-# Impuse tracker module (audio/x-it)
+# Impulse tracker module (audio/x-it)
0 string IMPM Impulse Tracker module sound data -
>4 string >\0 "%s"
>40 leshort !0 compatible w/ITv%x
# From "Simon Hosie
0 string TFMX-SONG TFMX module sound data
+# Monkey's Audio compressed audio format (.ape)
# From danny.milo@gmx.net (Danny Milosavljevic)
-# monkeysaudio for magic.mime
-0 string MAC\ X/Monkey audio,
->4 leshort >0 version %d,
->6 leshort >0 compression level %d,
->8 leshort >0 flags %x,
->10 leshort >0 channels %d,
->12 lelong >0 samplerate %d,
->24 lelong >0 frames %d
+# New version from Abel Cheung <abel (@) oaka.org>
+0 string MAC\040 Monkey's Audio compressed format
+>4 uleshort >0x0F8B version %d
+>>(0x08.l) uleshort =1000 with fast compression
+>>(0x08.l) uleshort =2000 with normal compression
+>>(0x08.l) uleshort =3000 with high compression
+>>(0x08.l) uleshort =4000 with extra high compression
+>>(0x08.l) uleshort =5000 with insane compression
+>>(0x08.l+18) uleshort =1 \b, mono
+>>(0x08.l+18) uleshort =2 \b, stereo
+>>(0x08.l+20) ulelong x \b, sample rate %d
+>4 uleshort <0x0F8C version %d
+>>6 uleshort =1000 with fast compression
+>>6 uleshort =2000 with normal compression
+>>6 uleshort =3000 with high compression
+>>6 uleshort =4000 with extra high compression
+>>6 uleshort =5000 with insane compression
+>>10 uleshort =1 \b, mono
+>>10 uleshort =2 \b, stereo
+>>12 ulelong x \b, sample rate %d
# adlib sound files
# From Gürkan Sengün <gurkan@linuks.mine.nu>, http://www.linuks.mine.nu
>16 byte x mid-side
384 string LockStream LockStream Embedded file (mostly MP3 on old Nokia phones)
+
+# format VQF (proprietary codec for sound)
+# some infos on the header file available at :
+# http://www.twinvq.org/english/technology_format.html
+0 string TWIN97012000 VQF data
+>27 short 0 \b, Mono
+>27 short 1 \b, Stereo
+>31 short >0 \b, %d kbit/s
+>35 short >0 \b, %d kHz
+
+# Nelson A. de Oliveira (naoliv@gmail.com)
+# .eqf
+0 string Winamp\ EQ\ library\ file %s
+# it will match only versions like v<digit>.<digit>
+# Since I saw only eqf files with version v1.1 I think that it's OK
+>23 string x \b%.4s
+# .preset
+0 string \[Equalizer\ preset\] XMMS equalizer preset
+# .m3u
+0 string \#EXTM3U M3U playlist
+# .pls
+0 string \[playlist\] PLS playlist
+# licq.conf
+1 string \[licq\] LICQ configuration file
--- /dev/null
+#----------------------------------------------------------------
+# basis: file(1) magic for BBx/Pro5-files
+# Oliver Dammer <dammer@olida.de> 2005/11/07
+# http://www.basis.com business-basic-files.
+#
+0 string \074\074bbx\076\076 BBx
+>7 string \000 indexed file
+>7 string \001 serial file
+>7 string \002 keyed file
+>>13 short 0 (sort)
+>7 string \004 program
+>>18 byte x (LEVEL %d)
+>>>23 string >\000 psaved
+>7 string \006 mkeyed file
+>>13 short 0 (sort)
+>>8 string \000 (mkey)
--- /dev/null
++#------------------------------------------------------------------------------
++# BTSnoop: file(1) magic for BTSnoop files
++#
++# From <marcel@holtmann.org>
++0 string btsnoop\0 BTSnoop
++>8 belong x version %d,
++>12 belong 1001 Unencapsulated HCI
++>12 belong 1002 HCI UART (H4)
++>12 belong 1003 HCI BCSP
++>12 belong 1004 HCI Serial (H5)
++>>12 belong x type %d
#
0 string/b #!\ /bin/awk awk script text executable
0 string/b #!\ /usr/bin/awk awk script text executable
-0 string BEGIN awk script text
+# update to distinguish from *.vcf files
+0 regex BEGIN[[:space:]]*[{] awk script text
# AT&T Bell Labs' Plan 9 shell
0 string/b #!\ /bin/rc Plan 9 rc shell script text executable
# AFX compressed files (Wolfram Kleff)
2 string -afx- AFX compressed file data
+
+# Supplementary magic data for the file(1) command to support
+# rzip(1). The format is described in magic(5).
+#
+# Copyright (C) 2003 by Andrew Tridgell. You may do whatever you want with
+# this file.
+#
+0 string RZIP rzip compressed data
+>4 byte x - version %d
+>5 byte x \b.%d
+>6 belong x (%d bytes)
>>8 long >-1 (%i words)
0 belong 0x70775631 Cracklib password index, big endian
>4 belong >-1 (%i words)
+# really bellong 0x0000000070775631
4 belong 0x70775631 Cracklib password index, big endian ("64-bit")
>12 belong >0 (%i words)
>0770 long x %ld blocks
# Is there a boot block written 1 sector in?
>512 belong&077777777 0600407 \b, boot block present
-# Smart Boot Manager backup file is 41 byte header + first sectors of disc
+# Joerg Jenderek: Smart Boot Manager backup file is 41 byte header + first sectors of disc
# (http://btmgr.sourceforge.net/docs/user-guide-3.html)
0 string SBMBAKUP_ Smart Boot Manager backup file
>9 string x \b, version %-5.5s
>>>>>17 string x \b%-.1s
>>>>>>18 string =_ \b.
>>>>>>>19 string x \b%-.1s
-# DOS Emulator image is 128 byte header + harddisc image
+>>>22 ubyte 0
+>>>>21 ubyte x \b, from drive 0x%x
+>>>22 ubyte >0
+>>>>21 string x \b, from drive %s
+
+# Joerg Jenderek
+# DOS Emulator image is 128 byte, null right padded header + harddisc image
0 string DOSEMU\0
+>0x27E leshort 0xAA55
+#offset is 128
+>>19 ubyte 128
+>>>(19.b-1) ubyte 0x0 DOS Emulator image
+>>>>7 ulong >0 \b, %u heads
+>>>>11 ulong >0 \b, %d sectors/track
+>>>>15 ulong >0 \b, %d cylinders
+
>0x27E leshort 0xAA55 DOS Emulator image
0x1FE leshort 0xAA55 x86 boot sector
>2 string OSBS \b, OS/BS MBR
>480 string Boot\ failed\r
>>495 string LDLINUX\ SYS \b, SYSLINUX bootloader (2.06)
>395 string chksum\0\ ERROR!\0 \b, Gujin bootloader
+# mbr partion table entries, if not fat boot secor, activ flag 0 or 0x80 and type > 0
+>3 string !MS
+>>3 string !SYSLINUX
+>>>82 string !FAT32
+>>>>446 ubyte <0x81
+>>>>>446 ubyte&0x7F 0
+>>>>>>450 ubyte >0 \b; partition 1: ID=0x%x
+>>>>>>>446 ubyte 0x80 \b, active
+>>>>>>>447 ubyte x \b, starthead %u
+#>>>>>>>448 ubyte x \b, start C_S: 0x%x
+#>>>>>>448 ubeshort&1023 x \b, startcylinder? %d
+>>>>>>>454 ulelong x \b, startsector %u
+>>>>>>>458 ulelong x \b, %u sectors
+#
+>>>>462 ubyte <0x81
+>>>>>462 ubyte&0x7F 0
+>>>>>>466 ubyte >0 \b; partition 2: ID=0x%x
+>>>>>>>462 ubyte 0x80 \b, active
+>>>>>>>463 ubyte x \b, starthead %u
+#>>>>>>>464 ubyte x \b, start C_S: 0x%x
+#>>>>>>>464 ubeshort&1023 x \b, startcylinder? %d
+>>>>>>>470 ulelong x \b, startsector %u
+>>>>>>>474 ulelong x \b, %u sectors
+#
+>>>>478 ubyte <0x81
+>>>>>478 ubyte&0x7F 0
+>>>>>>482 ubyte >0 \b; partition 3: ID=0x%x
+>>>>>>>478 ubyte 0x80 \b, active
+>>>>>>>479 ubyte x \b, starthead %u
+#>>>>>>>480 ubyte x \b, start C_S: 0x%x
+#>>>>>>>481 ubyte x \b, start C2S: 0x%x
+#>>>>>>>480 ubeshort&1023 x \b, startcylinder? %d
+>>>>>>>486 ulelong x \b, startsector %u
+>>>>>>>490 ulelong x \b, %u sectors
+#
+>>>>494 ubyte <0x81
+>>>>>494 ubyte&0x7F 0
+>>>>>>498 ubyte >0 \b; partition 4: ID=0x%x
+>>>>>>>494 ubyte 0x80 \b, active
+>>>>>>>495 ubyte x \b, starthead %u
+#>>>>>>>496 ubyte x \b, start C_S: 0x%x
+#>>>>>>>496 ubeshort&1023 x \b, startcylinder? %d
+>>>>>>>502 ulelong x \b, startsector %u
+>>>>>>>506 ulelong x \b, %u sectors
+# mbr partion table entries end
>185 string FDBOOT\ Version\
>>204 string \rNo\ Systemdisk.\
>>>220 string Booting\ from\ harddisk.\n\r
>>>>>>>>>(1.b+11) ubyte 0xb
>>>>>>>>>>(1.b+12) ubyte 0x56
>>>>>>>>>>(1.b+13) ubyte 0xb4 \b, mkdosfs boot message display
+>103 string This\ is\ not\ a\ bootable\ disk.\
+>>132 string Please\ insert\ a\ bootable\
+>>>157 string floppy\ and\r\n
+>>>>169 string press\ any\ key\ to\ try\ again...\r \b, FREE-DOS message display
#
>66 string Solaris\ Boot\ Sector
>>99 string Incomplete\ MDBoot\ load.
>>>>505 ubyte&0xDF >0
>>>>>505 string x \b.%-.3s
# loader end
->0 string \0\0\0\0 \b, extended partition table
+# Joerg Jenderek
+>446 ubyte 0
+>>450 ubyte >0
+>>>482 ubyte 0
+>>>>498 ubyte 0
+>>>>466 ubyte 0x05 \b, extended partition table
+>>>>466 ubyte 0x0F \b, extended partition table (LBA)
+>>>>466 ubyte 0x0 \b, extended partition table (last)
# JuMP short bootcodeoffset NOP assembler instructions will usually be EB xx 90
# older drives may use E9 xx xx
>0 lelong&0x009000EB 0x009000EB
#>>>>>>11 ubyte x size 0x%02x
#>>>>>>12 ubyte x \b%02x
#>>>>>>13 ubyte x \b%02x bytes
+
+# Joerg Jenderek: joerg dot jenderek at web dot de
+# http://www.clamav.net/doc/latest/html/node45.html
+# .cvd files start with a 512 bytes colon separated header
+# ClamAV-VDB:buildDate:version:signaturesNumbers:functionalityLevelRequired:MD5:Signature:builder:buildTime
+# + gzipped tarball files
+0 string ClamAV-VDB:
+>11 string >\0 Clam AntiVirus database %-.23s
+>>34 string :
+>>>35 regex [^:]+ \b, version
+>>>>35 string x \b%-.1s
+>>>>>36 string !:
+>>>>>>36 string x \b%-.1s
+>>>>>>>37 string !:
+>>>>>>>>37 string x \b%-.1s
+>>>>>>>>>38 string !:
+>>>>>>>>>>38 string x \b%-.1s
+>>>>512 string \037\213 \b, gzipped
+>>>>769 string ustar\0 \b, tared
+>512 string \037\213 \b, gzipped
+>769 string ustar\0 \b, tared
#
# various lisp types, from Daniel Quinlan (quinlan@yggdrasil.com)
-# This is a guess, but a good one.
-0 string ;; Lisp/Scheme program text
+# updated by Joerg Jenderek
+0 string ;;
+# windows INF files often begin with semicolon and use CRLF as line end
+# lisp files are mainly created on unix system with LF as line end
+>2 search/2048 !\r Lisp/Scheme program text
+>2 search/2048 \r Windows INF file
+0 string (
+>1 string if\ Lisp/Scheme program text
+>1 string setq\ Lisp/Scheme program text
+>1 string defvar\ Lisp/Scheme program text
+>1 string autoload\ Lisp/Scheme program text
+>1 string custom-set-variables Lisp/Scheme program text
# Emacs 18 - this is always correct, but not very magical.
0 string \012( Emacs v18 byte-compiled Lisp data
#
# .BAT files (Daniel Quinlan, quinlan@yggdrasil.com)
-0 string/c @echo\ off MS-DOS batch file text
+# updated by Joerg Jenderek
+0 string @
+>1 string/cB \ echo\ off MS-DOS batch file text
+>1 string/cB echo\ off MS-DOS batch file text
+>1 string/cB rem\ MS-DOS batch file text
+>1 string/cB set\ MS-DOS batch file text
+
# OS/2 batch files are REXX. the second regex is a bit generic, oh well
# the matched commands seem to be common in REXX and uncommon elsewhere
#
# many of the compressed formats were extraced from IDARC 1.23 source code
#
-0 string MZ
->0 string MZ\0\0\0\0\0\0\0\0\0\0PE\0\0 PE executable for MS Windows
+0 string MZ MS-DOS executable
+>0 string MZ\0\0\0\0\0\0\0\0\0\0PE\0\0 \b, PE for MS Windows
>>&18 leshort&0x2000 >0 (DLL)
>>&88 leshort 0 (unknown subsystem)
>>&88 leshort 1 (native)
>>>(&0.l+(4)) string MSCF \b, WinHKI CAB self-extracting archive
>0x18 leshort >0x3f
->>(0x3c.l) string PE\0\0 PE executable
+>>(0x3c.l) string PE\0\0 PE
# hooray, there's a DOS extender using the PE format, with a valid PE
# executable inside (which just prints a message and exits if run in win)
>>>(8.s*16) string 32STUB for MS-DOS, 32rtm DOS extender
>>>>&(0x3c.l+0xf8) search/0x100 SharedD \b, Microsoft Installer self-extracting archive
>>>>0x30 string Inno \b, InnoSetup self-extracting archive
->>(0x3c.l) string NE NE executable
+>>(0x3c.l) string NE \b, NE
>>>(0x3c.l+0x36) byte 0 (unknown OS)
>>>(0x3c.l+0x36) byte 1 for OS/2 1.x
>>>(0x3c.l+0x36) byte 2 for MS Windows 3.x
>>>&(&0x24.s-1) string ARJSFX \b, ARJ self-extracting archive
>>>(0x3c.l+0x70) search/0x80 WinZip(R)\ Self-Extractor \b, ZIP self-extracting archive (WinZip)
->>(0x3c.l) string LX\0\0 LX executable
+>>(0x3c.l) string LX\0\0 \b, LX
>>>(0x3c.l+0x0a) leshort <1 (unknown OS)
>>>(0x3c.l+0x0a) leshort 1 for OS/2
>>>(0x3c.l+0x0a) leshort 2 for MS Windows
>>>&(&0x54.l-3) string arjsfx \b, ARJ self-extracting archive
# MS Windows system file, supposedly a collection of LE executables
->>(0x3c.l) string W3 W3 executable for MS Windows
+>>(0x3c.l) string W3 \b, W3 for MS Windows
->>(0x3c.l) string LE\0\0 LE executable
+>>(0x3c.l) string LE\0\0 \b, LE executable
>>>(0x3c.l+0x0a) leshort 1
# some DOS extenders use LE files with OS/2 header
>>>>0x240 search/0x100 DOS/4G for MS-DOS, DOS4GW DOS extender
#>>>>(0x3c.l+0x1c) lelong >0x10000 for OS/2
# fails with DOS-Extenders.
>>>(0x3c.l+0x0a) leshort 2 for MS Windows
->>>(0x3c.l+0x0a) leshort 3 for MS-DOS
+>>>(0x3c.l+0x0a) leshort 3 for DOS
>>>(0x3c.l+0x0a) leshort 4 for MS Windows (VxD)
>>>(&0x7c.l+0x26) string UPX \b, UPX compressed
>>>&(&0x54.l-3) string UNACE \b, ACE self-extracting archive
# looks like ASCII, probably some embedded copyright message.
# and definitely not NE/LE/LX/PE
>>0x3c lelong >0x20000000
->>>(4.s*512) leshort !0x014c MZ executable for MS-DOS
+>>>(4.s*512) leshort !0x014c \b, MZ for MS-DOS
# header data too small for extended executable
>2 long !0
>>0x18 leshort <0x40
>>>(4.s*512) leshort !0x014c
>>>>&(2.s-514) string !LE
->>>>>&-2 string !BW MZ executable for MS-DOS
->>>>&(2.s-514) string LE LE executable
+>>>>>&-2 string !BW \b, MZ for MS-DOS
+>>>>&(2.s-514) string LE \b, LE
>>>>>0x240 search/0x100 DOS/4G for MS-DOS, DOS4GW DOS extender
# educated guess since indirection is still not capable enough for complex offset
# calculations (next embedded executable would be at &(&2*512+&0-2)
# I suspect there are only LE executables in these multi-exe files
>>>>&(2.s-514) string BW
->>>>>0x240 search/0x100 DOS/4G LE executable for MS-DOS, DOS4GW DOS extender (embedded)
->>>>>0x240 search/0x100 !DOS/4G BW executable collection for MS-DOS
+>>>>>0x240 search/0x100 DOS/4G ,\b LE for MS-DOS, DOS4GW DOS extender (embedded)
+>>>>>0x240 search/0x100 !DOS/4G ,\b BW collection for MS-DOS
# This sequence skips to the first COFF segment, usually .text
->(4.s*512) leshort 0x014c COFF executable
+>(4.s*512) leshort 0x014c \b, COFF
>>(8.s*16) string go32stub for MS-DOS, DJGPP go32 DOS extender
>>(8.s*16) string emx
>>>&1 string x for DOS, Win or OS/2, emx %s
# Uncommenting only the first two lines will cover about 2/3 of COM files,
# but it isn't feasible to match all COM files since there must be at least
# two dozen different one-byte "magics".
-0 byte 0xe9 MS-DOS executable (COM)
+0 byte 0xe9 DOS executable (COM)
+>0x1FE leshort 0xAA55 \b, boot code
>6 string SFX\ of\ LHarc (%s)
-0 byte 0x8c MS-DOS executable (COM)
+0 belong 0xffffffff DOS executable (device driver)
+#CMD640X2.SYS
+>10 string >\x23
+>>10 string !\x2e
+>>>17 string <\x5B
+>>>>10 string x \b, name: %.8s
+#UDMA.SYS KEYB.SYS CMD640X2.SYS
+>10 string <\x41
+>>12 string >\x40
+>>>10 string !$
+>>>>12 string x \b, name: %.8s
+#BTCDROM.SYS ASPICD.SYS
+>22 string >\x40
+>>22 string <\x5B
+>>>23 string <\x5B
+>>>>22 string x \b, name: %.8s
+#ATAPICD.SYS
+>76 string \0
+>>77 string >\x40
+>>>77 string <\x5B
+>>>>77 string x \b, name: %.8s
+0 byte 0x8c DOS executable (COM)
# 0xeb conflicts with "sequent" magic
-0 byte 0xeb MS-DOS executable (COM)
+0 byte 0xeb DOS executable (COM)
+>0x1FE leshort 0xAA55 \b, boot code
+>85 string UPX \b, UPX compressed
>4 string \ $ARX \b, ARX self-extracting archive
>4 string \ $LHarc \b, LHarc self-extracting archive
>0x20e string SFX\ by\ LARC \b, LARC self-extracting archive
-0 byte 0xb8 COM executable for MS-DOS
+0 byte 0xb8 COM executable
+# modified by Joerg Jenderek
+>1 lelong !0x21cd4cff for DOS
+# http://syslinux.zytor.com/comboot.php
+# (32-bit COMBOOT) programs *.C32 contain 32-bit code and run in flat-memory 32-bit protected mode
+# start with assembler instructions mov eax,21cd4cffh
+>1 lelong 0x21cd4cff (32-bit COMBOOT)
+0 string \x81\xfc
+>4 string \x77\x02\xcd\x20\xb9
+>>36 string UPX! FREE-DOS executable (COM), UPX compressed
+252 string Must\ have\ DOS\ version DR-DOS executable (COM)
+# GRR search is not working
+#2 search/28 \xcd\x21 COM executable for MS-DOS
+#WHICHFAT.cOM
+2 string \xcd\x21 COM executable for DOS
+#DELTREE.cOM DELTREE2.cOM
+4 string \xcd\x21 COM executable for DOS
+#IFMEMDSK.cOM ASSIGN.cOM COMP.cOM
+5 string \xcd\x21 COM executable for DOS
+#DELTMP.COm HASFAT32.cOM
+7 string \xcd\x21
+>0 byte !0xb8 COM executable for DOS
+#COMP.cOM MORE.COm
+10 string \xcd\x21
+>5 string !\xcd\x21 COM executable for DOS
+#comecho.com
+13 string \xcd\x21 COM executable for DOS
+#HELP.COm EDIT.coM
+18 string \xcd\x21 COM executable for MS-DOS
+#NWRPLTRM.COm
+23 string \xcd\x21 COM executable for MS-DOS
+#LOADFIX.cOm LOADFIX.cOm
+30 string \xcd\x21 COM executable for MS-DOS
+#syslinux.com 3.11
+70 string \xcd\x21 COM executable for DOS
# many compressed/converted COMs start with a copy loop instead of a jump
0x6 search/0xa \xfc\x57\xf3\xa5\xc3 COM executable for MS-DOS
-0x6 search/0xa \xfc\x57\xf3\xa4\xc3 COM executable for MS-DOS
+0x6 search/0xa \xfc\x57\xf3\xa4\xc3 COM executable for DOS
>0x18 search/0x10 \x50\xa4\xff\xd5\x73 \b, aPack compressed
0x3c string W\ Collis\0\0 COM executable for MS-DOS, Compack compressed
# FIXME: missing diet .com compression
#
# Windows Registry files.
-#
-0 string regf Windows NT registry file
-0 string CREG Windows 95 registry file
+# updated by Joerg Jenderek
+0 string regf Windows NT/XP registry file
+0 string CREG Windows 95/98/ME registry file
+0 string SHCC3 Windows 3.1 registry file
# AAF files:
>15 string 1.0\ --\ HyperTerminal\ data\ file MS-windows Hyperterminal
# Windows Metafont .WMF
-0 string \327\315\306\232\000\000\000\000\000\000 ms-windows metafont .wmf
+0 string \327\315\306\232 ms-windows metafont .wmf
+0 string \002\000\011\000 ms-windows metafont .wmf
+0 string \001\000\011\000 ms-windows metafont .wmf
#tz3 files whatever that is (MS Works files)
0 string \003\001\001\004\070\001\000\000 tz3 ms-works file
0 belong 0x2ded0d0a python 2.2 byte-compiled
0 belong 0x3bf20d0a python 2.3 byte-compiled
0 belong 0x6df20d0a python 2.4 byte-compiled
+
+0 string/b #!\ /usr/bin/python python script text executable
+
Magdir/asterix \
Magdir/att3b \
Magdir/audio \
-Magdir/bFLT \
+Magdir/basis \
+Magdir/bflt \
Magdir/blender \
Magdir/blit \
Magdir/bout \
Magdir/bsdi \
+Magdir/btsnoop \
Magdir/cad \
Magdir/c-lang \
Magdir/c64 \
-# Makefile.in generated by automake 1.9.5 from Makefile.am.
+# Makefile.in generated by automake 1.9.6 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
Magdir/asterix \
Magdir/att3b \
Magdir/audio \
-Magdir/bFLT \
+Magdir/basis \
+Magdir/bflt \
Magdir/blender \
Magdir/blit \
Magdir/bout \
Magdir/bsdi \
+Magdir/btsnoop \
Magdir/cad \
Magdir/c-lang \
Magdir/c64 \
0 string #!\ /bin/awk application/x-awk
0 string #!/usr/bin/awk application/x-awk
0 string #!\ /usr/bin/awk application/x-awk
-0 string BEGIN application/x-awk
+# update to distinguish from *.vcf files by Joerg Jenderek: joerg dot jenderek at web dot de
+0 regex BEGIN[[:space:]]*[{] application/x-awk
# For Larry Wall's perl language. The ``eval'' line recognizes an
# outrageously clever hack for USG systems.
-#! /usr/local/bin/perl
+#! /usr/bin/env perl
# -*- PERL -*-
-# $Id: magic2mime,v 1.2 2003/03/23 04:17:27 christos Exp $
+# $Id: magic2mime,v 1.3 2006/03/02 22:10:26 christos Exp $
# Copyright (c) 1996, 1997 vax@linkdead.paranoia.com (VaX#n8)
#
# Usage: echo 'your-file-output-here' | file_to_ctype.pl
-# Makefile.in generated by automake 1.9.5 from Makefile.am.
+# Makefile.in generated by automake 1.9.6 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# Makefile.in generated by automake 1.9.5 from Makefile.am.
+# Makefile.in generated by automake 1.9.6 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-SOURCES = $(libmagic_la_SOURCES) $(file_SOURCES)
-
srcdir = @srcdir@
top_srcdir = @top_srcdir@
VPATH = @srcdir@
#endif
#ifndef lint
-FILE_RCSID("@(#)$Id: funcs.c,v 1.18 2005/11/29 18:25:53 christos Exp $")
+FILE_RCSID("@(#)$Id: funcs.c,v 1.19 2006/03/02 22:10:26 christos Exp $")
#endif /* lint */
#ifndef HAVE_VSNPRINTF
if ((m = file_ascmagic(ms, buf, nb)) == 0) {
/* abandon hope, all ye who remain here */
if (file_printf(ms, ms->flags & MAGIC_MIME ?
- "application/octet-stream" : "data") == -1)
+ (nb ? "application/octet-stream" :
+ "application/empty") :
+ (nb ? "data" :
+ "empty")) == -1)
return -1;
m = 1;
}
projects / file / commitdiff