From: Christos Zoulas Date: Wed, 30 Sep 2015 20:32:35 +0000 (+0000) Subject: centralize coff magic by Joerg Jenderek. X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=4c5181c4a14e31f9c6003f43231cf912ee4a7877;p=file centralize coff magic by Joerg Jenderek. --- diff --git a/magic/Magdir/coff b/magic/Magdir/coff new file mode 100644 index 00000000..02cbf9ce --- /dev/null +++ b/magic/Magdir/coff @@ -0,0 +1,77 @@ + +#------------------------------------------------------------------------------ +# $File: coff,v 1.1 2015/09/30 20:32:35 christos Exp $ +# coff: file(1) magic for Common Object Files not specific to known cpu types or manufactures +# +# COFF +# +# by Joerg Jenderek at Oct 2015 +# https://en.wikipedia.org/wiki/COFF +# https://de.wikipedia.org/wiki/Common_Object_File_Format +# http://www.delorie.com/djgpp/doc/coff/filhdr.html + +# display name+variables+flags of Common Object Files Format (32bit) +# Maybe used also in adi,att3b,clipper,hitachi-sh,hp,ibm6000,intel, +# mips,motorola,msdos,osf1,sharc,varied.out,vax +0 name display-coff +# test for unused flag bits (0x8000,0x0800,0x0400,0x0200,x0080) in f_flags +>18 uleshort&0x8E80 0 +>>0 clear x +# f_magic - magic number +# DJGPP, 80386 COFF executable, MS Windows COFF Intel 80386 object file (./intel) +>>0 uleshort 0x014C Intel 80386 +# Hitachi SH big-endian COFF (./hitachi-sh) +>>0 uleshort 0x0500 Hitachi SH big-endian +# Hitachi SH little-endian COFF (./hitachi-sh) +>>0 uleshort 0x0550 Hitachi SH little-endian +# executable (RISC System/6000 V3.1) or obj module (./ibm6000) +#>>0 uleshort 0x01DF +# TODO for other COFFs +#>>0 uleshort 0xABCD COFF_TEMPLATE +>>0 default x +>>>0 uleshort x type 0x%04x +>>0 uleshort x COFF +# F_EXEC flag bit +>>18 leshort ^0x0002 object file +#!:mime application/x-coff +#!:ext cof/o/obj/lib +>>18 leshort &0x0002 executable +#!:mime application/x-coffexec +# F_RELFLG flag bit,static object +>>18 leshort &0x0001 \b, no relocation info +# F_LNNO flag bit +>>18 leshort &0x0004 \b, no line number info +# F_LSYMS flag bit +>>18 leshort &0x0008 \b, stripped +>>18 leshort ^0x0008 \b, not stripped +# flags in other COFF versions +#0x0010 F_FDPR_PROF +#0x0020 F_FDPR_OPTI +#0x0040 F_DSA +# F_AR32WR flag bit +#>>>18 leshort &0x0100 \b, 32 bit little endian +#0x1000 F_DYNLOAD +#0x2000 F_SHROBJ +#0x4000 F_LOADONLY +# f_nscns - number of sections +>>2 uleshort <2 \b, %d section +>>2 uleshort >1 \b, %d sections +# f_timdat - file time & date stamp only for little endian +#>>4 date x \b, %s +# f_symptr - symbol table pointer, only for not stripped +>>8 ulelong >0 \b, symbol offset=0x%x +# f_nsyms - number of symbols, only for not stripped +>>12 ulelong >0 \b, %d symbols +# f_opthdr - optional header size +>>16 uleshort >0 \b, optional header size %d +# at offset 20 can be optional header, extra bytes FILHSZ-20 because +# do not rely on sizeof(FILHDR) to give the correct size for header. +# or first section header +# additional variables for other COFF files +# >20 beshort 0407 (impure) +# >20 beshort 0410 (pure) +# >20 beshort 0413 (demand paged) +# >20 beshort 0421 (standalone) +# >22 leshort >0 - version %d +# >168 string .lowmem Apple toolbox + diff --git a/magic/Magdir/hitachi-sh b/magic/Magdir/hitachi-sh index 213d2d69..1b615ae9 100644 --- a/magic/Magdir/hitachi-sh +++ b/magic/Magdir/hitachi-sh @@ -1,22 +1,28 @@ #------------------------------------------------------------------------------ -# $File: hitachi-sh,v 1.6 2013/01/29 19:31:33 christos Exp $ +# $File: hitachi-sh,v 1.7 2015/09/30 20:32:35 christos Exp $ # hitach-sh: file(1) magic for Hitachi Super-H # # Super-H COFF # +# updated by Joerg Jenderek at Oct 2015 +# https://en.wikipedia.org/wiki/COFF +# https://de.wikipedia.org/wiki/Common_Object_File_Format +# http://www.delorie.com/djgpp/doc/coff/filhdr.html # below test line conflicts with 2nd NTFS filesystem sector -0 beshort 0x0500 Hitachi SH big-endian COFF # 2nd NTFS filesystem sector often starts with 0x05004e00 for unicode string 5 NTLDR -#0 ubelong&0xFFFFNMPQ 0x0500NMPQ Hitachi SH big-endian COFF ->18 beshort&0x0002 =0x0000 object ->18 beshort&0x0002 =0x0002 executable ->18 beshort&0x0008 =0x0008 \b, stripped ->18 beshort&0x0008 =0x0000 \b, not stripped -# -0 leshort 0x0550 Hitachi SH little-endian COFF ->18 leshort&0x0002 =0x0000 object ->18 leshort&0x0002 =0x0002 executable ->18 leshort&0x0008 =0x0008 \b, stripped ->18 leshort&0x0008 =0x0000 \b, not stripped +# and Portable Gaming Notation Compressed format (*.WID http://pgn.freeservers.com/) +0 beshort 0x0500 +# test for unused flag bits (0x8000,0x0800,0x0400,0x0200,x0080) in f_flags +>18 ubeshort&0x8E80 0 +# use big endian variant of subroutine to display name+variables+flags +# for common object formated files +>>0 use \^display-coff + +0 leshort 0x0550 +# test for unused flag bits in f_flags +>18 uleshort&0x8E80 0 +# use little endian variant of subroutine to +# display name+variables+flags for common object formated files +>>0 use display-coff diff --git a/magic/Magdir/intel b/magic/Magdir/intel index 9fa90f47..d7318036 100644 --- a/magic/Magdir/intel +++ b/magic/Magdir/intel @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: intel,v 1.12 2014/04/30 21:41:02 christos Exp $ +# $File: intel,v 1.13 2015/09/30 20:32:35 christos Exp $ # intel: file(1) magic for x86 Unix # # Various flavors of x86 UNIX executable/object (other than Xenix, which @@ -30,10 +30,18 @@ 0 leshort =0522 iAPX 286 executable large model (COFF) >12 lelong >0 not stripped #>22 leshort >0 - version %d +# updated by Joerg Jenderek at Oct 2015 +# https://de.wikipedia.org/wiki/Common_Object_File_Format +# http://www.delorie.com/djgpp/doc/coff/filhdr.html +# ./msdos (version 5.25) labeled the next entry as "MS Windows COFF Intel 80386 object file" +# ./intel (version 5.25) label labeled the next entry as "80386 COFF executable" # SGI labeled the next entry as "iAPX 386 executable" --Dan Quinlan -0 leshort =0514 80386 COFF executable ->12 lelong >0 not stripped ->22 leshort >0 - version %d +0 leshort =0514 +# use subroutine to display name+flags+variables for common object formated files +>0 use display-coff +#>12 lelong >0 not stripped +# no hint found, that at offset 22 is version +#>22 leshort >0 - version %d # rom: file(1) magic for BIOS ROM Extensions found in intel machines # mapped into memory between 0xC0000 and 0xFFFFF diff --git a/magic/Magdir/msdos b/magic/Magdir/msdos index 89c141e9..15192415 100644 --- a/magic/Magdir/msdos +++ b/magic/Magdir/msdos @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: msdos,v 1.101 2015/08/24 05:08:48 christos Exp $ +# $File: msdos,v 1.102 2015/09/30 20:32:35 christos Exp $ # msdos: file(1) magic for MS-DOS files # @@ -24,7 +24,11 @@ 100 search/0xffff say >100 regex/c =^[\ \t]{0,10}say\ ['"] OS/2 REXX batch file text -0 leshort 0x14c MS Windows COFF Intel 80386 object file +# updated by Joerg Jenderek at Oct 2015 +# https://de.wikipedia.org/wiki/Common_Object_File_Format +# http://www.delorie.com/djgpp/doc/coff/filhdr.html +# ./intel already labeled COFF type 0x14c=0514 as "80386 COFF executable" +#0 leshort 0x14c MS Windows COFF Intel 80386 object file #>4 ledate x stamp %s 0 leshort 0x166 MS Windows COFF MIPS R4000 object file #>4 ledate x stamp %s diff --git a/magic/Makefile.am b/magic/Makefile.am index cb62f95b..0fd19846 100644 --- a/magic/Makefile.am +++ b/magic/Makefile.am @@ -1,5 +1,5 @@ # -# $File: Makefile.am,v 1.103 2015/03/17 15:15:12 christos Exp $ +# $File: Makefile.am,v 1.104 2015/09/30 20:32:35 christos Exp $ # MAGIC_FRAGMENT_BASE = Magdir MAGIC_DIR = $(top_srcdir)/magic @@ -50,6 +50,7 @@ $(MAGIC_FRAGMENT_DIR)/citrus \ $(MAGIC_FRAGMENT_DIR)/clarion \ $(MAGIC_FRAGMENT_DIR)/claris \ $(MAGIC_FRAGMENT_DIR)/clipper \ +$(MAGIC_FRAGMENT_DIR)/coff \ $(MAGIC_FRAGMENT_DIR)/commands \ $(MAGIC_FRAGMENT_DIR)/communications \ $(MAGIC_FRAGMENT_DIR)/compress \