From: Christos Zoulas Date: Thu, 2 Mar 2006 22:10:24 +0000 (+0000) Subject: new magic autoreconf X-Git-Tag: FILE4_17~5 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=957dcc3e1eed17663c4f8c74ab548b639a2d94ac;p=file new magic autoreconf --- diff --git a/ChangeLog b/ChangeLog index 25e9feb3..d35b9047 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +2006-03-02 16:06 Christos Zoulas + + * Print empty if the file is (Mike Frysinger) + + * Don't try to read past the end of the buffer (Mike Frysinger) + + * Sort magic entries by strength [experimental] 2005-11-29 13:26 Christos Zoulas diff --git a/Makefile.in b/Makefile.in index bd843d9a..d7691cd6 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.9.5 from Makefile.am. +# Makefile.in generated by automake 1.9.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, diff --git a/aclocal.m4 b/aclocal.m4 index 68758f0b..dc5347ac 100644 --- a/aclocal.m4 +++ b/aclocal.m4 @@ -1,4 +1,4 @@ -# generated automatically by aclocal 1.9.5 -*- Autoconf -*- +# generated automatically by aclocal 1.9.6 -*- Autoconf -*- # Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, # 2005 Free Software Foundation, Inc. @@ -2618,7 +2618,7 @@ AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH($1) AC_LIBTOOL_SYS_LIB_STRIP AC_LIBTOOL_DLOPEN_SELF($1) -# Report which library types will actually be built +# Report which librarie types wil actually be built AC_MSG_CHECKING([if libtool supports shared libraries]) AC_MSG_RESULT([$can_build_shared]) @@ -6176,7 +6176,7 @@ AC_DEFUN([AM_AUTOMAKE_VERSION], [am__api_version="1.9"]) # Call AM_AUTOMAKE_VERSION so it can be traced. # This function is AC_REQUIREd by AC_INIT_AUTOMAKE. AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION], - [AM_AUTOMAKE_VERSION([1.9.5])]) + [AM_AUTOMAKE_VERSION([1.9.6])]) # AM_AUX_DIR_EXPAND -*- Autoconf -*- diff --git a/configure b/configure index e24bb881..538dd497 100755 --- a/configure +++ b/configure @@ -1808,7 +1808,7 @@ fi # Define the identity of the package. PACKAGE=file - VERSION=4.16 + VERSION=4.17 cat >>confdefs.h <<_ACEOF @@ -9287,7 +9287,7 @@ echo "${ECHO_T}$lt_cv_dlopen_self_static" >&6 fi -# Report which library types will actually be built +# Report which librarie types wil actually be built echo "$as_me:$LINENO: checking if libtool supports shared libraries" >&5 echo $ECHO_N "checking if libtool supports shared libraries... $ECHO_C" >&6 echo "$as_me:$LINENO: result: $can_build_shared" >&5 diff --git a/configure.in b/configure.in index 1e056aa0..706332ae 100644 --- a/configure.in +++ b/configure.in @@ -1,7 +1,7 @@ dnl Process this file with autoconf to produce a configure script. AC_INIT AC_CONFIG_SRCDIR([src/file.c]) -AM_INIT_AUTOMAKE(file, 4.16) +AM_INIT_AUTOMAKE(file, 4.17) AM_CONFIG_HEADER([config.h]) AM_MAINTAINER_MODE diff --git a/doc/Makefile.in b/doc/Makefile.in index 841b59cd..e4a24127 100644 --- a/doc/Makefile.in +++ b/doc/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.9.5 from Makefile.am. +# Makefile.in generated by automake 1.9.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, diff --git a/magic/Magdir/animation b/magic/Magdir/animation index c6698306..95c842eb 100644 --- a/magic/Magdir/animation +++ b/magic/Magdir/animation @@ -320,31 +320,35 @@ #>3 byte&0x03 3 \b, NR: CCIT J.17 # MPA, M1A -0 beshort&0xFFFE 0xFFFE MPEG ADTS, layer I, v1 +# modified by Joerg Jenderek +# GRR the original test are too common for many DOS files, so test 32 <= kbits <= 448 +0 beshort&0xFFFE 0xFFFE +>2 byte&0xF0 >0x0F +>>2 byte&0xF0 <0xE1 MPEG ADTS, layer I, v1 # rate ->2 byte&0xF0 0x10 \b, 32 kBits ->2 byte&0xF0 0x20 \b, 64 kBits ->2 byte&0xF0 0x30 \b, 96 kBits ->2 byte&0xF0 0x40 \b, 128 kBits ->2 byte&0xF0 0x50 \b, 160 kBits ->2 byte&0xF0 0x60 \b, 192 kBits ->2 byte&0xF0 0x70 \b, 224 kBits ->2 byte&0xF0 0x80 \b, 256 kBits ->2 byte&0xF0 0x90 \b, 288 kBits ->2 byte&0xF0 0xA0 \b, 320 kBits ->2 byte&0xF0 0xB0 \b, 352 kBits ->2 byte&0xF0 0xC0 \b, 384 kBits ->2 byte&0xF0 0xD0 \b, 416 kBits ->2 byte&0xF0 0xE0 \b, 448 kBits +>>>2 byte&0xF0 0x10 \b, 32 kBits +>>>2 byte&0xF0 0x20 \b, 64 kBits +>>>2 byte&0xF0 0x30 \b, 96 kBits +>>>2 byte&0xF0 0x40 \b, 128 kBits +>>>2 byte&0xF0 0x50 \b, 160 kBits +>>>2 byte&0xF0 0x60 \b, 192 kBits +>>>2 byte&0xF0 0x70 \b, 224 kBits +>>>2 byte&0xF0 0x80 \b, 256 kBits +>>>2 byte&0xF0 0x90 \b, 288 kBits +>>>2 byte&0xF0 0xA0 \b, 320 kBits +>>>2 byte&0xF0 0xB0 \b, 352 kBits +>>>2 byte&0xF0 0xC0 \b, 384 kBits +>>>2 byte&0xF0 0xD0 \b, 416 kBits +>>>2 byte&0xF0 0xE0 \b, 448 kBits # timing ->2 byte&0x0C 0x00 \b, 44.1 kHz ->2 byte&0x0C 0x04 \b, 48 kHz ->2 byte&0x0C 0x08 \b, 32 kHz +>>>2 byte&0x0C 0x00 \b, 44.1 kHz +>>>2 byte&0x0C 0x04 \b, 48 kHz +>>>2 byte&0x0C 0x08 \b, 32 kHz # channels/options ->3 byte&0xC0 0x00 \b, Stereo ->3 byte&0xC0 0x40 \b, JntStereo ->3 byte&0xC0 0x80 \b, 2x Monaural ->3 byte&0xC0 0xC0 \b, Monaural +>>>3 byte&0xC0 0x00 \b, Stereo +>>>3 byte&0xC0 0x40 \b, JntStereo +>>>3 byte&0xC0 0x80 \b, 2x Monaural +>>>3 byte&0xC0 0xC0 \b, Monaural #>1 byte ^0x01 \b, Data Verify #>2 byte &0x02 \b, Packet Pad #>2 byte &0x01 \b, Custom Flag diff --git a/magic/Magdir/apple b/magic/Magdir/apple index ccbd155a..6d2a07b7 100644 --- a/magic/Magdir/apple +++ b/magic/Magdir/apple @@ -151,3 +151,41 @@ # From: Toby Peterson 0 string bplist00 Apple binary property list + +# Apple binary property list (bplist) +# Assumes version bytes are hex. +# Provides content hints for version 0 files. Assumes that the root +# object is the first object (true for CoreFoundation implementation). +# From: David Remahl +0 string bplist +>6 byte x \bCoreFoundation binary property list data, version 0x%c +>>7 byte x \b%c +>6 string 00 \b +>>8 byte&0xF0 0x00 \b +>>>8 byte&0x0F 0x00 \b, root type: null +>>>8 byte&0x0F 0x08 \b, root type: false boolean +>>>8 byte&0x0F 0x09 \b, root type: true boolean +>>8 byte&0xF0 0x10 \b, root type: integer +>>8 byte&0xF0 0x20 \b, root type: real +>>8 byte&0xF0 0x30 \b, root type: date +>>8 byte&0xF0 0x40 \b, root type: data +>>8 byte&0xF0 0x50 \b, root type: ascii string +>>8 byte&0xF0 0x60 \b, root type: unicode string +>>8 byte&0xF0 0x80 \b, root type: uid (CORRUPT) +>>8 byte&0xF0 0xa0 \b, root type: array +>>8 byte&0xF0 0xd0 \b, root type: dictionary + +# Apple/NeXT typedstream data +# Serialization format used by NeXT and Apple for various +# purposes in YellowStep/Cocoa, including some nib files. +# From: David Remahl +2 string typedstream NeXT/Apple typedstream data, big endian +>0 byte x \b, version %hhd +>0 byte <5 \b +>>13 byte 0x81 \b +>>>14 ubeshort x \b, system %hd +2 string streamtyped NeXT/Apple typedstream data, little endian +>0 byte x \b, version %hhd +>0 byte <5 \b +>>13 byte 0x81 \b +>>>14 uleshort x \b, system %hd diff --git a/magic/Magdir/archive b/magic/Magdir/archive index 4eb91e77..f60731b8 100644 --- a/magic/Magdir/archive +++ b/magic/Magdir/archive @@ -226,6 +226,14 @@ 0 string PPMZ PPMZ archive data # MS Compress 4 string \x88\xf0\x27 MS Compress archive data +# updated by Joerg Jenderek +>9 string \0 +>>0 string KWAJ +>>>7 string \321\003 MS Compress archive data +>>>>14 ulong >0 \b, original size: %ld bytes +>>>>18 ubyte >0x65 +>>>>>18 string x \b, was %.8s +>>>>>(10.b-4) string x \b.%.3s # MP3 (archiver, not lossy audio compression) 0 string MP3\x1a MP3-Archiver archive data # ZET @@ -516,11 +524,66 @@ 0 string UC2\x1a UC2 archive data # ZIP archives (Greg Roelofs, c/o zip-bugs@wkuvx1.wku.edu) -0 string PK\003\004 Zip archive data ->4 byte 0x09 \b, at least v0.9 to extract ->4 byte 0x0a \b, at least v1.0 to extract ->4 byte 0x0b \b, at least v1.1 to extract ->4 byte 0x14 \b, at least v2.0 to extract +0 string PK\003\004 +>4 byte 0x09 Zip archive data, at least v0.9 to extract +>4 byte 0x0a Zip archive data, at least v1.0 to extract +>4 byte 0x0b Zip archive data, at least v1.1 to extract +>4 byte 0x14 +>>30 ubelong !0x6d696d65 Zip archive data, at least v2.0 to extract + +# OpenOffice.org / KOffice / StarOffice documents +# From: Abel Cheung +# Listed here because they are basically zip files +>>30 string mimetype + +# KOffice (1.2 or above) formats +>>>50 string vnd.kde. KOffice (>=1.2) +>>>>58 string karbon Karbon document +>>>>58 string kchart KChart document +>>>>58 string kformula KFormula document +>>>>58 string kivio Kivio document +>>>>58 string kontour Kontour document +>>>>58 string kpresenter KPresenter document +>>>>58 string kspread KSpread document +>>>>58 string kword KWord document + +# OpenOffice formats (for OpenOffice 1.x / StarOffice 6/7) +>>>50 string vnd.sun.xml. OpenOffice.org 1.x +>>>>62 string writer Writer +>>>>>68 byte !0x2e document +>>>>>68 string .template template +>>>>>68 string .global global document +>>>>62 string calc Calc +>>>>>66 byte !0x2e spreadsheet +>>>>>66 string .template template +>>>>62 string draw Draw +>>>>>66 byte !0x2e document +>>>>>66 string .template template +>>>>62 string impress Impress +>>>>>69 byte !0x2e presentation +>>>>>69 string .template template +>>>>62 string math Math document + +# OpenDocument formats (for OpenOffice 2.x / StarOffice >= 8) +# http://lists.oasis-open.org/archives/office/200505/msg00006.html +>>>50 string vnd.oasis.opendocument. OpenDocument +>>>>73 string text +>>>>>77 byte !0x2d Text +>>>>>77 string -template Text Template +>>>>>77 string -web HTML Document Template +>>>>>77 string -master Master Document +>>>>73 string graphics Drawing +>>>>>81 string -template Template +>>>>73 string presentation Presentation +>>>>>85 string -template Template +>>>>73 string spreadsheet Spreadsheet +>>>>>84 string -template Template +>>>>73 string chart Chart +>>>>>78 string -template Template +>>>>73 string formula Formula +>>>>>80 string -template Template +>>>>73 string database Database +>>>>73 string image Image # Zoo archiver 20 lelong 0xfdc4a7dc Zoo archive data diff --git a/magic/Magdir/audio b/magic/Magdir/audio index 96171f4e..252a9dea 100644 --- a/magic/Magdir/audio +++ b/magic/Magdir/audio @@ -236,7 +236,7 @@ >122 byte&0x1 =1 PAL >122 byte&0x1 =0 NTSC -# Impuse tracker module (audio/x-it) +# Impulse tracker module (audio/x-it) 0 string IMPM Impulse Tracker module sound data - >4 string >\0 "%s" >40 leshort !0 compatible w/ITv%x @@ -399,15 +399,28 @@ # From "Simon Hosie 0 string TFMX-SONG TFMX module sound data +# Monkey's Audio compressed audio format (.ape) # From danny.milo@gmx.net (Danny Milosavljevic) -# monkeysaudio for magic.mime -0 string MAC\ X/Monkey audio, ->4 leshort >0 version %d, ->6 leshort >0 compression level %d, ->8 leshort >0 flags %x, ->10 leshort >0 channels %d, ->12 lelong >0 samplerate %d, ->24 lelong >0 frames %d +# New version from Abel Cheung +0 string MAC\040 Monkey's Audio compressed format +>4 uleshort >0x0F8B version %d +>>(0x08.l) uleshort =1000 with fast compression +>>(0x08.l) uleshort =2000 with normal compression +>>(0x08.l) uleshort =3000 with high compression +>>(0x08.l) uleshort =4000 with extra high compression +>>(0x08.l) uleshort =5000 with insane compression +>>(0x08.l+18) uleshort =1 \b, mono +>>(0x08.l+18) uleshort =2 \b, stereo +>>(0x08.l+20) ulelong x \b, sample rate %d +>4 uleshort <0x0F8C version %d +>>6 uleshort =1000 with fast compression +>>6 uleshort =2000 with normal compression +>>6 uleshort =3000 with high compression +>>6 uleshort =4000 with extra high compression +>>6 uleshort =5000 with insane compression +>>10 uleshort =1 \b, mono +>>10 uleshort =2 \b, stereo +>>12 ulelong x \b, sample rate %d # adlib sound files # From Gürkan Sengün , http://www.linuks.mine.nu @@ -442,3 +455,27 @@ >16 byte x mid-side 384 string LockStream LockStream Embedded file (mostly MP3 on old Nokia phones) + +# format VQF (proprietary codec for sound) +# some infos on the header file available at : +# http://www.twinvq.org/english/technology_format.html +0 string TWIN97012000 VQF data +>27 short 0 \b, Mono +>27 short 1 \b, Stereo +>31 short >0 \b, %d kbit/s +>35 short >0 \b, %d kHz + +# Nelson A. de Oliveira (naoliv@gmail.com) +# .eqf +0 string Winamp\ EQ\ library\ file %s +# it will match only versions like v. +# Since I saw only eqf files with version v1.1 I think that it's OK +>23 string x \b%.4s +# .preset +0 string \[Equalizer\ preset\] XMMS equalizer preset +# .m3u +0 string \#EXTM3U M3U playlist +# .pls +0 string \[playlist\] PLS playlist +# licq.conf +1 string \[licq\] LICQ configuration file diff --git a/magic/Magdir/basis b/magic/Magdir/basis new file mode 100644 index 00000000..1813c0e0 --- /dev/null +++ b/magic/Magdir/basis @@ -0,0 +1,16 @@ +#---------------------------------------------------------------- +# basis: file(1) magic for BBx/Pro5-files +# Oliver Dammer 2005/11/07 +# http://www.basis.com business-basic-files. +# +0 string \074\074bbx\076\076 BBx +>7 string \000 indexed file +>7 string \001 serial file +>7 string \002 keyed file +>>13 short 0 (sort) +>7 string \004 program +>>18 byte x (LEVEL %d) +>>>23 string >\000 psaved +>7 string \006 mkeyed file +>>13 short 0 (sort) +>>8 string \000 (mkey) diff --git a/magic/Magdir/bFLT b/magic/Magdir/bflt similarity index 100% rename from magic/Magdir/bFLT rename to magic/Magdir/bflt diff --git a/magic/Magdir/btsnoop b/magic/Magdir/btsnoop new file mode 100644 index 00000000..5ade6ba4 --- /dev/null +++ b/magic/Magdir/btsnoop @@ -0,0 +1,11 @@ ++#------------------------------------------------------------------------------ ++# BTSnoop: file(1) magic for BTSnoop files ++# ++# From ++0 string btsnoop\0 BTSnoop ++>8 belong x version %d, ++>12 belong 1001 Unencapsulated HCI ++>12 belong 1002 HCI UART (H4) ++>12 belong 1003 HCI BCSP ++>12 belong 1004 HCI Serial (H5) ++>>12 belong x type %d diff --git a/magic/Magdir/commands b/magic/Magdir/commands index 93244b8c..24649844 100644 --- a/magic/Magdir/commands +++ b/magic/Magdir/commands @@ -27,7 +27,8 @@ # 0 string/b #!\ /bin/awk awk script text executable 0 string/b #!\ /usr/bin/awk awk script text executable -0 string BEGIN awk script text +# update to distinguish from *.vcf files +0 regex BEGIN[[:space:]]*[{] awk script text # AT&T Bell Labs' Plan 9 shell 0 string/b #!\ /bin/rc Plan 9 rc shell script text executable diff --git a/magic/Magdir/compress b/magic/Magdir/compress index 493a7ca8..e9be46b7 100644 --- a/magic/Magdir/compress +++ b/magic/Magdir/compress @@ -176,3 +176,14 @@ # AFX compressed files (Wolfram Kleff) 2 string -afx- AFX compressed file data + +# Supplementary magic data for the file(1) command to support +# rzip(1). The format is described in magic(5). +# +# Copyright (C) 2003 by Andrew Tridgell. You may do whatever you want with +# this file. +# +0 string RZIP rzip compressed data +>4 byte x - version %d +>5 byte x \b.%d +>6 belong x (%d bytes) diff --git a/magic/Magdir/cracklib b/magic/Magdir/cracklib index 40241469..8f7e0d46 100644 --- a/magic/Magdir/cracklib +++ b/magic/Magdir/cracklib @@ -8,5 +8,6 @@ >>8 long >-1 (%i words) 0 belong 0x70775631 Cracklib password index, big endian >4 belong >-1 (%i words) +# really bellong 0x0000000070775631 4 belong 0x70775631 Cracklib password index, big endian ("64-bit") >12 belong >0 (%i words) diff --git a/magic/Magdir/filesystems b/magic/Magdir/filesystems index fd507333..e8134c31 100644 --- a/magic/Magdir/filesystems +++ b/magic/Magdir/filesystems @@ -23,7 +23,7 @@ >0770 long x %ld blocks # Is there a boot block written 1 sector in? >512 belong&077777777 0600407 \b, boot block present -# Smart Boot Manager backup file is 41 byte header + first sectors of disc +# Joerg Jenderek: Smart Boot Manager backup file is 41 byte header + first sectors of disc # (http://btmgr.sourceforge.net/docs/user-guide-3.html) 0 string SBMBAKUP_ Smart Boot Manager backup file >9 string x \b, version %-5.5s @@ -33,8 +33,22 @@ >>>>>17 string x \b%-.1s >>>>>>18 string =_ \b. >>>>>>>19 string x \b%-.1s -# DOS Emulator image is 128 byte header + harddisc image +>>>22 ubyte 0 +>>>>21 ubyte x \b, from drive 0x%x +>>>22 ubyte >0 +>>>>21 string x \b, from drive %s + +# Joerg Jenderek +# DOS Emulator image is 128 byte, null right padded header + harddisc image 0 string DOSEMU\0 +>0x27E leshort 0xAA55 +#offset is 128 +>>19 ubyte 128 +>>>(19.b-1) ubyte 0x0 DOS Emulator image +>>>>7 ulong >0 \b, %u heads +>>>>11 ulong >0 \b, %d sectors/track +>>>>15 ulong >0 \b, %d cylinders + >0x27E leshort 0xAA55 DOS Emulator image 0x1FE leshort 0xAA55 x86 boot sector >2 string OSBS \b, OS/BS MBR @@ -111,6 +125,51 @@ >480 string Boot\ failed\r >>495 string LDLINUX\ SYS \b, SYSLINUX bootloader (2.06) >395 string chksum\0\ ERROR!\0 \b, Gujin bootloader +# mbr partion table entries, if not fat boot secor, activ flag 0 or 0x80 and type > 0 +>3 string !MS +>>3 string !SYSLINUX +>>>82 string !FAT32 +>>>>446 ubyte <0x81 +>>>>>446 ubyte&0x7F 0 +>>>>>>450 ubyte >0 \b; partition 1: ID=0x%x +>>>>>>>446 ubyte 0x80 \b, active +>>>>>>>447 ubyte x \b, starthead %u +#>>>>>>>448 ubyte x \b, start C_S: 0x%x +#>>>>>>448 ubeshort&1023 x \b, startcylinder? %d +>>>>>>>454 ulelong x \b, startsector %u +>>>>>>>458 ulelong x \b, %u sectors +# +>>>>462 ubyte <0x81 +>>>>>462 ubyte&0x7F 0 +>>>>>>466 ubyte >0 \b; partition 2: ID=0x%x +>>>>>>>462 ubyte 0x80 \b, active +>>>>>>>463 ubyte x \b, starthead %u +#>>>>>>>464 ubyte x \b, start C_S: 0x%x +#>>>>>>>464 ubeshort&1023 x \b, startcylinder? %d +>>>>>>>470 ulelong x \b, startsector %u +>>>>>>>474 ulelong x \b, %u sectors +# +>>>>478 ubyte <0x81 +>>>>>478 ubyte&0x7F 0 +>>>>>>482 ubyte >0 \b; partition 3: ID=0x%x +>>>>>>>478 ubyte 0x80 \b, active +>>>>>>>479 ubyte x \b, starthead %u +#>>>>>>>480 ubyte x \b, start C_S: 0x%x +#>>>>>>>481 ubyte x \b, start C2S: 0x%x +#>>>>>>>480 ubeshort&1023 x \b, startcylinder? %d +>>>>>>>486 ulelong x \b, startsector %u +>>>>>>>490 ulelong x \b, %u sectors +# +>>>>494 ubyte <0x81 +>>>>>494 ubyte&0x7F 0 +>>>>>>498 ubyte >0 \b; partition 4: ID=0x%x +>>>>>>>494 ubyte 0x80 \b, active +>>>>>>>495 ubyte x \b, starthead %u +#>>>>>>>496 ubyte x \b, start C_S: 0x%x +#>>>>>>>496 ubeshort&1023 x \b, startcylinder? %d +>>>>>>>502 ulelong x \b, startsector %u +>>>>>>>506 ulelong x \b, %u sectors +# mbr partion table entries end >185 string FDBOOT\ Version\ >>204 string \rNo\ Systemdisk.\ >>>220 string Booting\ from\ harddisk.\n\r @@ -137,6 +196,10 @@ >>>>>>>>>(1.b+11) ubyte 0xb >>>>>>>>>>(1.b+12) ubyte 0x56 >>>>>>>>>>(1.b+13) ubyte 0xb4 \b, mkdosfs boot message display +>103 string This\ is\ not\ a\ bootable\ disk.\ +>>132 string Please\ insert\ a\ bootable\ +>>>157 string floppy\ and\r\n +>>>>169 string press\ any\ key\ to\ try\ again...\r \b, FREE-DOS message display # >66 string Solaris\ Boot\ Sector >>99 string Incomplete\ MDBoot\ load. @@ -467,7 +530,14 @@ >>>>505 ubyte&0xDF >0 >>>>>505 string x \b.%-.3s # loader end ->0 string \0\0\0\0 \b, extended partition table +# Joerg Jenderek +>446 ubyte 0 +>>450 ubyte >0 +>>>482 ubyte 0 +>>>>498 ubyte 0 +>>>>466 ubyte 0x05 \b, extended partition table +>>>>466 ubyte 0x0F \b, extended partition table (LBA) +>>>>466 ubyte 0x0 \b, extended partition table (last) # JuMP short bootcodeoffset NOP assembler instructions will usually be EB xx 90 # older drives may use E9 xx xx >0 lelong&0x009000EB 0x009000EB diff --git a/magic/Magdir/fsav b/magic/Magdir/fsav index 0fa5c37b..4d61beba 100644 --- a/magic/Magdir/fsav +++ b/magic/Magdir/fsav @@ -37,3 +37,24 @@ #>>>>>>11 ubyte x size 0x%02x #>>>>>>12 ubyte x \b%02x #>>>>>>13 ubyte x \b%02x bytes + +# Joerg Jenderek: joerg dot jenderek at web dot de +# http://www.clamav.net/doc/latest/html/node45.html +# .cvd files start with a 512 bytes colon separated header +# ClamAV-VDB:buildDate:version:signaturesNumbers:functionalityLevelRequired:MD5:Signature:builder:buildTime +# + gzipped tarball files +0 string ClamAV-VDB: +>11 string >\0 Clam AntiVirus database %-.23s +>>34 string : +>>>35 regex [^:]+ \b, version +>>>>35 string x \b%-.1s +>>>>>36 string !: +>>>>>>36 string x \b%-.1s +>>>>>>>37 string !: +>>>>>>>>37 string x \b%-.1s +>>>>>>>>>38 string !: +>>>>>>>>>>38 string x \b%-.1s +>>>>512 string \037\213 \b, gzipped +>>>>769 string ustar\0 \b, tared +>512 string \037\213 \b, gzipped +>769 string ustar\0 \b, tared diff --git a/magic/Magdir/lisp b/magic/Magdir/lisp index 42698c00..c72b06cb 100644 --- a/magic/Magdir/lisp +++ b/magic/Magdir/lisp @@ -4,8 +4,18 @@ # # various lisp types, from Daniel Quinlan (quinlan@yggdrasil.com) -# This is a guess, but a good one. -0 string ;; Lisp/Scheme program text +# updated by Joerg Jenderek +0 string ;; +# windows INF files often begin with semicolon and use CRLF as line end +# lisp files are mainly created on unix system with LF as line end +>2 search/2048 !\r Lisp/Scheme program text +>2 search/2048 \r Windows INF file +0 string ( +>1 string if\ Lisp/Scheme program text +>1 string setq\ Lisp/Scheme program text +>1 string defvar\ Lisp/Scheme program text +>1 string autoload\ Lisp/Scheme program text +>1 string custom-set-variables Lisp/Scheme program text # Emacs 18 - this is always correct, but not very magical. 0 string \012( Emacs v18 byte-compiled Lisp data diff --git a/magic/Magdir/msdos b/magic/Magdir/msdos index 44ad6ce7..c02ca993 100644 --- a/magic/Magdir/msdos +++ b/magic/Magdir/msdos @@ -4,7 +4,13 @@ # # .BAT files (Daniel Quinlan, quinlan@yggdrasil.com) -0 string/c @echo\ off MS-DOS batch file text +# updated by Joerg Jenderek +0 string @ +>1 string/cB \ echo\ off MS-DOS batch file text +>1 string/cB echo\ off MS-DOS batch file text +>1 string/cB rem\ MS-DOS batch file text +>1 string/cB set\ MS-DOS batch file text + # OS/2 batch files are REXX. the second regex is a bit generic, oh well # the matched commands seem to be common in REXX and uncommon elsewhere @@ -39,8 +45,8 @@ # # many of the compressed formats were extraced from IDARC 1.23 source code # -0 string MZ ->0 string MZ\0\0\0\0\0\0\0\0\0\0PE\0\0 PE executable for MS Windows +0 string MZ MS-DOS executable +>0 string MZ\0\0\0\0\0\0\0\0\0\0PE\0\0 \b, PE for MS Windows >>&18 leshort&0x2000 >0 (DLL) >>&88 leshort 0 (unknown subsystem) >>&88 leshort 1 (native) @@ -60,7 +66,7 @@ >>>(&0.l+(4)) string MSCF \b, WinHKI CAB self-extracting archive >0x18 leshort >0x3f ->>(0x3c.l) string PE\0\0 PE executable +>>(0x3c.l) string PE\0\0 PE # hooray, there's a DOS extender using the PE format, with a valid PE # executable inside (which just prints a message and exits if run in win) >>>(8.s*16) string 32STUB for MS-DOS, 32rtm DOS extender @@ -108,7 +114,7 @@ >>>>&(0x3c.l+0xf8) search/0x100 SharedD \b, Microsoft Installer self-extracting archive >>>>0x30 string Inno \b, InnoSetup self-extracting archive ->>(0x3c.l) string NE NE executable +>>(0x3c.l) string NE \b, NE >>>(0x3c.l+0x36) byte 0 (unknown OS) >>>(0x3c.l+0x36) byte 1 for OS/2 1.x >>>(0x3c.l+0x36) byte 2 for MS Windows 3.x @@ -120,7 +126,7 @@ >>>&(&0x24.s-1) string ARJSFX \b, ARJ self-extracting archive >>>(0x3c.l+0x70) search/0x80 WinZip(R)\ Self-Extractor \b, ZIP self-extracting archive (WinZip) ->>(0x3c.l) string LX\0\0 LX executable +>>(0x3c.l) string LX\0\0 \b, LX >>>(0x3c.l+0x0a) leshort <1 (unknown OS) >>>(0x3c.l+0x0a) leshort 1 for OS/2 >>>(0x3c.l+0x0a) leshort 2 for MS Windows @@ -138,9 +144,9 @@ >>>&(&0x54.l-3) string arjsfx \b, ARJ self-extracting archive # MS Windows system file, supposedly a collection of LE executables ->>(0x3c.l) string W3 W3 executable for MS Windows +>>(0x3c.l) string W3 \b, W3 for MS Windows ->>(0x3c.l) string LE\0\0 LE executable +>>(0x3c.l) string LE\0\0 \b, LE executable >>>(0x3c.l+0x0a) leshort 1 # some DOS extenders use LE files with OS/2 header >>>>0x240 search/0x100 DOS/4G for MS-DOS, DOS4GW DOS extender @@ -158,7 +164,7 @@ #>>>>(0x3c.l+0x1c) lelong >0x10000 for OS/2 # fails with DOS-Extenders. >>>(0x3c.l+0x0a) leshort 2 for MS Windows ->>>(0x3c.l+0x0a) leshort 3 for MS-DOS +>>>(0x3c.l+0x0a) leshort 3 for DOS >>>(0x3c.l+0x0a) leshort 4 for MS Windows (VxD) >>>(&0x7c.l+0x26) string UPX \b, UPX compressed >>>&(&0x54.l-3) string UNACE \b, ACE self-extracting archive @@ -166,25 +172,25 @@ # looks like ASCII, probably some embedded copyright message. # and definitely not NE/LE/LX/PE >>0x3c lelong >0x20000000 ->>>(4.s*512) leshort !0x014c MZ executable for MS-DOS +>>>(4.s*512) leshort !0x014c \b, MZ for MS-DOS # header data too small for extended executable >2 long !0 >>0x18 leshort <0x40 >>>(4.s*512) leshort !0x014c >>>>&(2.s-514) string !LE ->>>>>&-2 string !BW MZ executable for MS-DOS ->>>>&(2.s-514) string LE LE executable +>>>>>&-2 string !BW \b, MZ for MS-DOS +>>>>&(2.s-514) string LE \b, LE >>>>>0x240 search/0x100 DOS/4G for MS-DOS, DOS4GW DOS extender # educated guess since indirection is still not capable enough for complex offset # calculations (next embedded executable would be at &(&2*512+&0-2) # I suspect there are only LE executables in these multi-exe files >>>>&(2.s-514) string BW ->>>>>0x240 search/0x100 DOS/4G LE executable for MS-DOS, DOS4GW DOS extender (embedded) ->>>>>0x240 search/0x100 !DOS/4G BW executable collection for MS-DOS +>>>>>0x240 search/0x100 DOS/4G ,\b LE for MS-DOS, DOS4GW DOS extender (embedded) +>>>>>0x240 search/0x100 !DOS/4G ,\b BW collection for MS-DOS # This sequence skips to the first COFF segment, usually .text ->(4.s*512) leshort 0x014c COFF executable +>(4.s*512) leshort 0x014c \b, COFF >>(8.s*16) string go32stub for MS-DOS, DJGPP go32 DOS extender >>(8.s*16) string emx >>>&1 string x for DOS, Win or OS/2, emx %s @@ -255,18 +261,76 @@ # Uncommenting only the first two lines will cover about 2/3 of COM files, # but it isn't feasible to match all COM files since there must be at least # two dozen different one-byte "magics". -0 byte 0xe9 MS-DOS executable (COM) +0 byte 0xe9 DOS executable (COM) +>0x1FE leshort 0xAA55 \b, boot code >6 string SFX\ of\ LHarc (%s) -0 byte 0x8c MS-DOS executable (COM) +0 belong 0xffffffff DOS executable (device driver) +#CMD640X2.SYS +>10 string >\x23 +>>10 string !\x2e +>>>17 string <\x5B +>>>>10 string x \b, name: %.8s +#UDMA.SYS KEYB.SYS CMD640X2.SYS +>10 string <\x41 +>>12 string >\x40 +>>>10 string !$ +>>>>12 string x \b, name: %.8s +#BTCDROM.SYS ASPICD.SYS +>22 string >\x40 +>>22 string <\x5B +>>>23 string <\x5B +>>>>22 string x \b, name: %.8s +#ATAPICD.SYS +>76 string \0 +>>77 string >\x40 +>>>77 string <\x5B +>>>>77 string x \b, name: %.8s +0 byte 0x8c DOS executable (COM) # 0xeb conflicts with "sequent" magic -0 byte 0xeb MS-DOS executable (COM) +0 byte 0xeb DOS executable (COM) +>0x1FE leshort 0xAA55 \b, boot code +>85 string UPX \b, UPX compressed >4 string \ $ARX \b, ARX self-extracting archive >4 string \ $LHarc \b, LHarc self-extracting archive >0x20e string SFX\ by\ LARC \b, LARC self-extracting archive -0 byte 0xb8 COM executable for MS-DOS +0 byte 0xb8 COM executable +# modified by Joerg Jenderek +>1 lelong !0x21cd4cff for DOS +# http://syslinux.zytor.com/comboot.php +# (32-bit COMBOOT) programs *.C32 contain 32-bit code and run in flat-memory 32-bit protected mode +# start with assembler instructions mov eax,21cd4cffh +>1 lelong 0x21cd4cff (32-bit COMBOOT) +0 string \x81\xfc +>4 string \x77\x02\xcd\x20\xb9 +>>36 string UPX! FREE-DOS executable (COM), UPX compressed +252 string Must\ have\ DOS\ version DR-DOS executable (COM) +# GRR search is not working +#2 search/28 \xcd\x21 COM executable for MS-DOS +#WHICHFAT.cOM +2 string \xcd\x21 COM executable for DOS +#DELTREE.cOM DELTREE2.cOM +4 string \xcd\x21 COM executable for DOS +#IFMEMDSK.cOM ASSIGN.cOM COMP.cOM +5 string \xcd\x21 COM executable for DOS +#DELTMP.COm HASFAT32.cOM +7 string \xcd\x21 +>0 byte !0xb8 COM executable for DOS +#COMP.cOM MORE.COm +10 string \xcd\x21 +>5 string !\xcd\x21 COM executable for DOS +#comecho.com +13 string \xcd\x21 COM executable for DOS +#HELP.COm EDIT.coM +18 string \xcd\x21 COM executable for MS-DOS +#NWRPLTRM.COm +23 string \xcd\x21 COM executable for MS-DOS +#LOADFIX.cOm LOADFIX.cOm +30 string \xcd\x21 COM executable for MS-DOS +#syslinux.com 3.11 +70 string \xcd\x21 COM executable for DOS # many compressed/converted COMs start with a copy loop instead of a jump 0x6 search/0xa \xfc\x57\xf3\xa5\xc3 COM executable for MS-DOS -0x6 search/0xa \xfc\x57\xf3\xa4\xc3 COM executable for MS-DOS +0x6 search/0xa \xfc\x57\xf3\xa4\xc3 COM executable for DOS >0x18 search/0x10 \x50\xa4\xff\xd5\x73 \b, aPack compressed 0x3c string W\ Collis\0\0 COM executable for MS-DOS, Compack compressed # FIXME: missing diet .com compression @@ -278,9 +342,10 @@ # # Windows Registry files. -# -0 string regf Windows NT registry file -0 string CREG Windows 95 registry file +# updated by Joerg Jenderek +0 string regf Windows NT/XP registry file +0 string CREG Windows 95/98/ME registry file +0 string SHCC3 Windows 3.1 registry file # AAF files: @@ -340,7 +405,9 @@ >15 string 1.0\ --\ HyperTerminal\ data\ file MS-windows Hyperterminal # Windows Metafont .WMF -0 string \327\315\306\232\000\000\000\000\000\000 ms-windows metafont .wmf +0 string \327\315\306\232 ms-windows metafont .wmf +0 string \002\000\011\000 ms-windows metafont .wmf +0 string \001\000\011\000 ms-windows metafont .wmf #tz3 files whatever that is (MS Works files) 0 string \003\001\001\004\070\001\000\000 tz3 ms-works file diff --git a/magic/Magdir/python b/magic/Magdir/python index c6260fb2..5aea137f 100644 --- a/magic/Magdir/python +++ b/magic/Magdir/python @@ -13,3 +13,6 @@ 0 belong 0x2ded0d0a python 2.2 byte-compiled 0 belong 0x3bf20d0a python 2.3 byte-compiled 0 belong 0x6df20d0a python 2.4 byte-compiled + +0 string/b #!\ /usr/bin/python python script text executable + diff --git a/magic/Makefile.am b/magic/Makefile.am index 1330ed32..781af600 100644 --- a/magic/Makefile.am +++ b/magic/Makefile.am @@ -44,11 +44,13 @@ Magdir/archive \ Magdir/asterix \ Magdir/att3b \ Magdir/audio \ -Magdir/bFLT \ +Magdir/basis \ +Magdir/bflt \ Magdir/blender \ Magdir/blit \ Magdir/bout \ Magdir/bsdi \ +Magdir/btsnoop \ Magdir/cad \ Magdir/c-lang \ Magdir/c64 \ diff --git a/magic/Makefile.in b/magic/Makefile.in index 21fd1a4e..e5223636 100644 --- a/magic/Makefile.in +++ b/magic/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.9.5 from Makefile.am. +# Makefile.in generated by automake 1.9.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -184,11 +184,13 @@ Magdir/archive \ Magdir/asterix \ Magdir/att3b \ Magdir/audio \ -Magdir/bFLT \ +Magdir/basis \ +Magdir/bflt \ Magdir/blender \ Magdir/blit \ Magdir/bout \ Magdir/bsdi \ +Magdir/btsnoop \ Magdir/cad \ Magdir/c-lang \ Magdir/c64 \ diff --git a/magic/magic.mime b/magic/magic.mime index ab234a21..7b811534 100644 --- a/magic/magic.mime +++ b/magic/magic.mime @@ -269,7 +269,8 @@ 0 string #!\ /bin/awk application/x-awk 0 string #!/usr/bin/awk application/x-awk 0 string #!\ /usr/bin/awk application/x-awk -0 string BEGIN application/x-awk +# update to distinguish from *.vcf files by Joerg Jenderek: joerg dot jenderek at web dot de +0 regex BEGIN[[:space:]]*[{] application/x-awk # For Larry Wall's perl language. The ``eval'' line recognizes an # outrageously clever hack for USG systems. diff --git a/magic/magic2mime b/magic/magic2mime index c83ee595..f3fbe267 100755 --- a/magic/magic2mime +++ b/magic/magic2mime @@ -1,6 +1,6 @@ -#! /usr/local/bin/perl +#! /usr/bin/env perl # -*- PERL -*- -# $Id: magic2mime,v 1.2 2003/03/23 04:17:27 christos Exp $ +# $Id: magic2mime,v 1.3 2006/03/02 22:10:26 christos Exp $ # Copyright (c) 1996, 1997 vax@linkdead.paranoia.com (VaX#n8) # # Usage: echo 'your-file-output-here' | file_to_ctype.pl diff --git a/python/Makefile.in b/python/Makefile.in index 42f12bbf..f16e830b 100644 --- a/python/Makefile.in +++ b/python/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.9.5 from Makefile.am. +# Makefile.in generated by automake 1.9.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, diff --git a/src/Makefile.in b/src/Makefile.in index 7f7ff53e..01517b04 100644 --- a/src/Makefile.in +++ b/src/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.9.5 from Makefile.am. +# Makefile.in generated by automake 1.9.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -16,8 +16,6 @@ -SOURCES = $(libmagic_la_SOURCES) $(file_SOURCES) - srcdir = @srcdir@ top_srcdir = @top_srcdir@ VPATH = @srcdir@ diff --git a/src/funcs.c b/src/funcs.c index 77caa03a..5ea27f42 100644 --- a/src/funcs.c +++ b/src/funcs.c @@ -35,7 +35,7 @@ #endif #ifndef lint -FILE_RCSID("@(#)$Id: funcs.c,v 1.18 2005/11/29 18:25:53 christos Exp $") +FILE_RCSID("@(#)$Id: funcs.c,v 1.19 2006/03/02 22:10:26 christos Exp $") #endif /* lint */ #ifndef HAVE_VSNPRINTF @@ -131,7 +131,10 @@ file_buffer(struct magic_set *ms, int fd, const void *buf, size_t nb) if ((m = file_ascmagic(ms, buf, nb)) == 0) { /* abandon hope, all ye who remain here */ if (file_printf(ms, ms->flags & MAGIC_MIME ? - "application/octet-stream" : "data") == -1) + (nb ? "application/octet-stream" : + "application/empty") : + (nb ? "data" : + "empty")) == -1) return -1; m = 1; }