From: Christos Zoulas Date: Tue, 26 Jan 2016 00:03:19 +0000 (+0000) Subject: Improve pdb magic from Joerg Jenderek X-Git-Tag: FILE5_26~37 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=e3f9082f8b64dd0a3f7c99c88bfcdac18ad7cb9a;p=file Improve pdb magic from Joerg Jenderek --- diff --git a/magic/Magdir/msvc b/magic/Magdir/msvc index c37b7a56..eb0dcaea 100644 --- a/magic/Magdir/msvc +++ b/magic/Magdir/msvc @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File$ +# $File: msvc,v 1.5 2009/09/19 16:28:11 christos Exp $ # msvc: file(1) magic for msvc # "H. Nanosecond" # Microsoft visual C @@ -27,11 +27,32 @@ #.pch 0 string DTJPCH0\000\022\103\006\200 Microsoft Visual C .pch -# .pdb -# too long 0 string Microsoft\ C/C++\ program\ database\ -0 string Microsoft\ C/C++\ MSVC program database ->18 string program\ database\ ->33 string >\0 ver %s +# Summary: Symbol Table / Debug info used by Microsoft compilers +# URL: https://en.wikipedia.org/wiki/Program_database +# Reference: https://code.google.com/p/pdbparser/wiki/MSF_Format +# Update: Joerg Jenderek +# Note: test only for Windows XP+SP3 x86 , 8.1 x64 arm and 10.1 x86 +# info does only applies partly for older files like msvbvm50.pdb about year 2001 +0 string Microsoft\ C/C++\ +# "Microsoft Program DataBase" by TrID +>24 search/14 \r\n\x1A MSVC program database +!:mime application/x-ms-pdb +!:ext pdb +# "MSF 7.00" "program database 2.00" for msvbvm50.pdb +>>16 regex \([0-9.]+\) ver %s +#>>>0x38 search/128123456 /LinkInfo \b with linkinfo +# "MSF 7.00" variant +>>0x1e leshort 0 +# PageSize 400h 1000h +>>>0x20 lelong x \b, %d +# Page Count +>>>0x28 lelong x \b*%d bytes +# "program database 2.00" variant +>>0x1e leshort !0 +# PageSize 400h +>>>0x2c lelong x \b, %d +# Page Count for msoo-dll.pdb 4379h +>>>0x32 leshort x \b*%d bytes #.sbr 0 string \000\002\000\007\000 MSVC .sbr