--- magic/Header +++ magic/Header 2006-03-27 13:29:19.000000000 +0200 @@ -1,5 +1,7 @@ # Magic # Magic data for file(1) command. -# Machine-generated from src/cmd/file/magdir/*; edit there only! -# Format is described in magic(files), where: -# files is 5 on V7 and BSD, 4 on SV, and ?? in the SVID. +# Format is described in magic(5). +# +# Note: If you have edited this file you may run `file -C' +# to make a pre-compiled magic.mgc for faster execution +# --- magic/Makefile.am +++ magic/Makefile.am 2008-04-14 18:09:04.858253210 +0200 @@ -1,7 +1,7 @@ MAGIC_FRAGMENT_BASE = Magdir MAGIC_FRAGMENT_DIR = $(top_srcdir)/magic/$(MAGIC_FRAGMENT_BASE) -pkgdata_DATA = magic.mgc +pkgdata_DATA = magic.mgc magic EXTRA_DIST = Header Localstuff \ $(MAGIC_FRAGMENT_DIR)/acorn \ @@ -14,7 +14,6 @@ $(MAGIC_FRAGMENT_DIR)/amanda \ $(MAGIC_FRAGMENT_DIR)/amigaos \ $(MAGIC_FRAGMENT_DIR)/animation \ $(MAGIC_FRAGMENT_DIR)/apl \ -$(MAGIC_FRAGMENT_DIR)/apple \ $(MAGIC_FRAGMENT_DIR)/applix \ $(MAGIC_FRAGMENT_DIR)/archive \ $(MAGIC_FRAGMENT_DIR)/asterix \ @@ -61,7 +60,6 @@ $(MAGIC_FRAGMENT_DIR)/epoc \ $(MAGIC_FRAGMENT_DIR)/erlang \ $(MAGIC_FRAGMENT_DIR)/esri \ $(MAGIC_FRAGMENT_DIR)/fcs \ -$(MAGIC_FRAGMENT_DIR)/filesystems \ $(MAGIC_FRAGMENT_DIR)/flash \ $(MAGIC_FRAGMENT_DIR)/fonts \ $(MAGIC_FRAGMENT_DIR)/fortran \ @@ -91,18 +89,18 @@ $(MAGIC_FRAGMENT_DIR)/island \ $(MAGIC_FRAGMENT_DIR)/ispell \ $(MAGIC_FRAGMENT_DIR)/java \ $(MAGIC_FRAGMENT_DIR)/jpeg \ +$(MAGIC_FRAGMENT_DIR)/linux \ +$(MAGIC_FRAGMENT_DIR)/filesystems \ $(MAGIC_FRAGMENT_DIR)/karma \ $(MAGIC_FRAGMENT_DIR)/kde \ $(MAGIC_FRAGMENT_DIR)/lecter \ $(MAGIC_FRAGMENT_DIR)/lex \ $(MAGIC_FRAGMENT_DIR)/lif \ -$(MAGIC_FRAGMENT_DIR)/linux \ $(MAGIC_FRAGMENT_DIR)/lisp \ $(MAGIC_FRAGMENT_DIR)/llvm \ $(MAGIC_FRAGMENT_DIR)/lua \ $(MAGIC_FRAGMENT_DIR)/luks \ $(MAGIC_FRAGMENT_DIR)/mach \ -$(MAGIC_FRAGMENT_DIR)/macintosh \ $(MAGIC_FRAGMENT_DIR)/magic \ $(MAGIC_FRAGMENT_DIR)/mail.news \ $(MAGIC_FRAGMENT_DIR)/maple \ @@ -118,10 +116,10 @@ $(MAGIC_FRAGMENT_DIR)/misctools \ $(MAGIC_FRAGMENT_DIR)/mkid \ $(MAGIC_FRAGMENT_DIR)/mlssa \ $(MAGIC_FRAGMENT_DIR)/mmdf \ -$(MAGIC_FRAGMENT_DIR)/modem \ $(MAGIC_FRAGMENT_DIR)/motorola \ $(MAGIC_FRAGMENT_DIR)/mozilla \ $(MAGIC_FRAGMENT_DIR)/msdos \ +$(MAGIC_FRAGMENT_DIR)/modem \ $(MAGIC_FRAGMENT_DIR)/msvc \ $(MAGIC_FRAGMENT_DIR)/mup \ $(MAGIC_FRAGMENT_DIR)/natinst \ @@ -158,6 +156,8 @@ $(MAGIC_FRAGMENT_DIR)/pyramid \ $(MAGIC_FRAGMENT_DIR)/python \ $(MAGIC_FRAGMENT_DIR)/revision \ $(MAGIC_FRAGMENT_DIR)/riff \ +$(MAGIC_FRAGMENT_DIR)/apple \ +$(MAGIC_FRAGMENT_DIR)/macintosh \ $(MAGIC_FRAGMENT_DIR)/rpm \ $(MAGIC_FRAGMENT_DIR)/rtf \ $(MAGIC_FRAGMENT_DIR)/sc \ @@ -210,8 +210,20 @@ $(MAGIC_FRAGMENT_DIR)/xwindows \ $(MAGIC_FRAGMENT_DIR)/zilog \ $(MAGIC_FRAGMENT_DIR)/zyxel +RAW = magic MAGIC = magic.mgc -CLEANFILES = ${MAGIC} +CLEANFILES = ${MAGIC} ${RAW} + +${RAW}: Header Localstuff $(EXTRA_DIST) + cat /dev/null > $@ + for frag in $(EXTRA_DIST); do \ + if test -f $(srcdir)/$$frag; then \ + f=$(srcdir)/$$frag; \ + else \ + f=$$frag; \ + fi; \ + cat $$f; \ + done >> $@ # FIXME: Build file natively as well so that it can be used to compile # the target's magic file @@ -221,6 +233,5 @@ else FILE_COMPILE = $(top_builddir)/src/file endif -${MAGIC}: $(EXTRA_DIST) $(FILE_COMPILE) - $(FILE_COMPILE) -C -m $(MAGIC_FRAGMENT_DIR) - @mv $(MAGIC_FRAGMENT_BASE).mgc $@ +${MAGIC}: $(EXTRA_DIST) $(FILE_COMPILE) $(RAW) + $(FILE_COMPILE) -C -m $(RAW) --- magic/Magdir/compress +++ magic/Magdir/compress 2008-11-27 13:40:46.805632294 +0100 @@ -9,7 +9,7 @@ # because it tries to uncompress it to figure out what's inside. # standard unix compress -#0 string \037\235 compress'd data +0 string \037\235 compress'd data #!:mime application/x-compress >2 byte&0x80 >0 block compressed >2 byte&0x1f x %d bits --- magic/Magdir/elf +++ magic/Magdir/elf 2006-11-22 15:57:15.000000000 +0100 @@ -97,7 +97,7 @@ >>18 leshort 47 Renesas H8/300H, >>18 leshort 48 Renesas H8S, >>18 leshort 49 Renesas H8/500, ->>18 leshort 50 IA-64, +>>18 leshort 50 IA-64 (Intel 64 bit architecture), >>18 leshort 51 Stanford MIPS-X, >>18 leshort 52 Motorola Coldfire, >>18 leshort 53 Motorola M68HC12, @@ -234,7 +234,7 @@ >>18 beshort 47 Renesas H8/300H, >>18 beshort 48 Renesas H8S, >>18 beshort 49 Renesas H8/500, ->>18 beshort 50 IA-64, +>>18 beshort 50 IA-64 (Intel 64 bit architecture), >>18 beshort 51 Stanford MIPS-X, >>18 beshort 52 Motorola Coldfire, >>18 beshort 53 Motorola M68HC12, --- magic/Magdir/linux +++ magic/Magdir/linux 2006-03-27 13:29:19.000000000 +0200 @@ -81,21 +81,43 @@ # and Nicolás Lichtmaier # All known start with: b8 c0 07 8e d8 b8 00 90 8e c0 b9 00 01 29 f6 29 # Linux kernel boot images (i386 arch) (Wolfram Kleff) -514 string HdrS Linux kernel ->510 leshort 0xAA55 x86 boot executable ->>518 leshort >=0x200 ->>529 byte 0 zImage, ->>>529 byte 1 bzImage, ->>>(526.s+0x200) string >\0 version %s, ->>498 leshort 1 RO-rootFS, ->>498 leshort 0 RW-rootFS, ->>508 leshort >0 root_dev 0x%X, ->>502 leshort >0 swap_dev 0x%X, ->>504 leshort >0 RAMdisksize %u KB, ->>506 leshort 0xFFFF Normal VGA ->>506 leshort 0xFFFE Extended VGA ->>506 leshort 0xFFFD Prompt for Videomode ->>506 leshort >0 Video mode %d +514 string HdrS Linux +>510 leshort 0xAA55 \b/x86 Kernel +>510 leshort <0xAA55 Kernel +>510 leshort >0xAA55 Kernel +>518 leshort 0x0105 \b, Setup Version 0x105, zImage +>518 leshort >0x0105 \b, Setup Version %#hx +>>529 byte 0 \b, zImage +>>529 byte 1 \b, bzImage +>>>(526.s+0x205) byte 32 +>>>>(526.s+0x200) string >\0 \b, Version %5.5s +>>>(526.s+0x206) byte 32 +>>>>(526.s+0x200) string >\0 \b, Version %6.6s +>>>(526.s+0x207) byte 32 +>>>>(526.s+0x200) string >\0 \b, Version %7.7s +>>>(526.s+0x205) byte 45 +>>>>(526.s+0x200) string >\0 \b, Version %5.5s +>>>(526.s+0x206) byte 45 +>>>>(526.s+0x200) string >\0 \b, Version %6.6s +>>>(526.s+0x207) byte 45 +>>>>(526.s+0x200) string >\0 \b, Version %7.7s +>>>(526.s+0x208) byte 45 +>>>>(526.s+0x200) string >\0 \b, Version %8.8s +>>>(526.s+0x209) byte 45 +>>>>(526.s+0x200) string >\0 \b, Version %9.9s +>>>(526.s+0x20a) byte 45 +>>>>(526.s+0x200) string >\0 \b, Version %10.10s +>>>(526.s+0x20b) byte 45 +>>>>(526.s+0x200) string >\0 \b, Version %11.11s +>>498 leshort 1 \b, RO-rootFS +>>498 leshort 0 \b, RW-rootFS +>>508 leshort >0 \b, root_dev 0x%X +>>502 leshort >0 \b, swap_dev 0x%X +>>504 leshort >0 \b, RAMdisksize %u KB +>>506 leshort 0xFFFF \b, Normal VGA +>>506 leshort 0xFFFE \b, Extended VGA +>>506 leshort 0xFFFD \b, Prompt for Videomode +>>506 leshort >0 \b, Video mode %d # This also matches new kernels, which were caught above by "HdrS". 0 belong 0xb8c0078e Linux kernel >0x1e3 string Loading version 1.3.79 or older --- magic/Magdir/modem +++ magic/Magdir/modem 2006-03-27 13:29:19.000000000 +0200 @@ -2,9 +2,9 @@ # modem: file(1) magic for modem programs # # From: Florian La Roche -4 string Research, Digifax-G3-File ->29 byte 1 , fine resolution ->29 byte 0 , normal resolution +1 string PC\ Research,\ Inc Digifax-G3-File +>29 byte 1 \b, fine resolution +>29 byte 0 \b, normal resolution 0 short 0x0100 raw G3 data, byte-padded 0 short 0x1400 raw G3 data --- magic/Magdir/msad +++ magic/Magdir/msad 2006-03-27 13:29:19.000000000 +0200 @@ -0,0 +1,5 @@ +#------------------------------------------------------------------------------ +# msad: file(1) magic for msad +# Microsoft visual C +# This must precede the heuristic for raw G3 data +4 string Standard\ Jet\ DB Microsoft Access Database --- magic/Magdir/msdos +++ magic/Magdir/msdos 2006-11-22 16:01:01.000000000 +0100 @@ -65,6 +65,7 @@ >>&0 leshort 0x290 PA-RISC >>&18 leshort&0x0100 >0 32-bit >>&18 leshort&0x1000 >0 system file +>>&228 lelong >0 \b, Mono/.Net assembly >>&0xf4 search/0x140 \x0\x40\x1\x0 >>>(&0.l+(4)) string MSCF \b, WinHKI CAB self-extracting archive >30 string Copyright\ 1989-1990\ PKWARE\ Inc. Self-extracting PKZIP archive @@ -94,7 +95,7 @@ >>>>(0x3c.l+4) leshort 0x290 PA-RISC >>>>(0x3c.l+22) leshort&0x0100 >0 32-bit >>>>(0x3c.l+22) leshort&0x1000 >0 system file ->>>>(0x3c.l+232) lelong >0 Mono/.Net assembly +>>>>(0x3c.l+232) lelong >0 \b, Mono/.Net assembly >>>>(0x3c.l+0xf8) string UPX0 \b, UPX compressed >>>>(0x3c.l+0xf8) search/0x140 PEC2 \b, PECompact2 compressed @@ -503,6 +504,13 @@ # Acroread or something files wrongly identified as G3 .pfm # these have the form \000 \001 any? \002 \000 \000 # or \000 \001 any? \022 \000 \000 +0 belong&0xffff00ff 0x00010012 PFM data +>4 string \000\000 +>6 string >\060 - %s + +0 belong&0xffff00ff 0x00010002 PFM data +>4 string \000\000 +>6 string >\060 - %s #0 string \000\001 pfm? #>3 string \022\000\000Copyright\ yes #>3 string \002\000\000Copyright\ yes --- src/Makefile.am +++ src/Makefile.am 2008-04-14 17:14:56.330076493 +0200 @@ -1,4 +1,4 @@ -MAGIC = $(pkgdatadir)/magic +MAGIC = $(sysconfdir)/magic:$(pkgdatadir)/magic lib_LTLIBRARIES = libmagic.la include_HEADERS = magic.h EXTRA_DIST = getopt_long.c --- src/dcore.c +++ src/dcore.c 2006-03-27 13:29:19.000000000 +0200 @@ -0,0 +1,207 @@ +/* + * Show goo about ELF core files + * Jeremy Fitzhardinge 1996 + */ +#include +#include +#include +#include +#include +#include +#if defined __GLIBC__ && __GLIBC__ >= 2 +#include +#include +# ifndef NT_PRFPREG +# define NT_PRFPREG 2 +# endif +# ifndef NT_TASKSTRUCT +# define NT_TASKSTRUCT 4 +# endif +#else +#include +#include +#endif + +static void fperror(const char *str) +{ + perror(str); + exit(1); +} + +static size_t myread(int fd, void *buf, size_t sz) +{ + size_t ret; + + if ((ret = read(fd, buf, sz)) != sz) + fperror("read failed"); + return ret; +} + +static void print_prstatus(const prstatus_t *pr) +{ + unsigned i; + static const char *regs[] = { "ebx", "ecx", "edx", "esi", "edi", "ebp", + "eax", "ds", "es", "fs", "gs", + "orig_eax", "eip", "cs", + "efl", "uesp", "ss"}; + + printf(" pid=%d ppid=%d pgrp=%d sid=%d\n", + pr->pr_pid, pr->pr_ppid, pr->pr_pgrp, pr->pr_sid); + for(i = 0; i < NGREG; i++) + { + unsigned long val = pr->pr_reg[i]; + printf(" %-2u %-5s=%08lx %lu\n", i, regs[i], val, val); + } +} + +static void print_prpsinfo(const prpsinfo_t *ps) +{ + printf(" uid=%d gid=%d\n", ps->pr_uid, ps->pr_gid); + printf(" comm=%s\n", ps->pr_fname); + printf(" psargs=%s\n", ps->pr_psargs); +} + +#define roundup(x, y) ((((x)+((y)-1))/(y))*(y)) + +static void do_note(int fd, Elf32_Phdr *phdr) +{ + off_t here = lseek(fd, 0, SEEK_CUR); + int size = phdr->p_filesz; + char *raw = alloca(size), *end; + end = raw+size; + + lseek(fd, phdr->p_offset, SEEK_SET); + myread(fd, raw, size); + + while(raw < end) + { + Elf32_Nhdr *note = (Elf32_Nhdr *)raw; + const char *str; + const char *name, *desc; + + raw += sizeof(*note); + name = raw; + raw += roundup(note->n_namesz, sizeof(long)); + desc = raw; + raw += roundup(note->n_descsz, sizeof(long)); + + printf(" name=%.*s", (int)note->n_namesz, name); + + if(strncmp(name, "CORE", note->n_namesz) != 0) + { + printf("\n"); + continue; + } + + switch(note->n_type) + { +#define X(x) case x: str = #x; break; + X(NT_PRSTATUS); + X(NT_PRFPREG); + X(NT_PRPSINFO); + X(NT_TASKSTRUCT); +#undef X + default: + str = "???"; + } + printf(" n_type=%s n_descsz=%ld\n", + str, note->n_descsz); + switch(note->n_type) + { + case NT_PRSTATUS: + print_prstatus((prstatus_t *)desc); + break; + case NT_PRPSINFO: + print_prpsinfo((prpsinfo_t *)desc); + break; + } + } + lseek(fd, here, SEEK_SET); +} + +int main(int argc, char *argv[]) +{ + int fd; + Elf32_Ehdr elf; + int i; + + if (argc != 2) + { + fprintf(stderr, "Usage: %s corefile\n", argv[0]); + exit(1); + } + + if ((fd = open(argv[1], O_RDONLY)) == -1) + fperror("open of core"); + + myread(fd, &elf, sizeof(elf)); + + if (memcmp(ELFMAG, elf.e_ident, SELFMAG) != 0) + printf("bad magic\n"); + + if (elf.e_ident[EI_CLASS] != ELFCLASS32) + printf("wrong class\n"); + + if (elf.e_ident[EI_DATA] != ELFDATA2LSB) + printf("wrong endianess\n"); + + if (elf.e_ident[EI_VERSION] != EV_CURRENT) + printf("wrong version\n"); + + { + const char *str; + switch(elf.e_type) + { +#define C(x) case ET_##x: str = #x; break; + C(NONE); + C(REL); + C(EXEC); + C(DYN); + C(CORE); +#undef C + default: str = "???"; break; + } + printf("elf file type ET_%s\n", str); + } + + if (elf.e_machine != EM_386 && elf.e_machine != EM_486) + printf("not i386 or i486\n"); + + if (elf.e_ehsize != sizeof(elf)) + printf("wrong header size\n"); + + if (elf.e_phentsize != sizeof(Elf32_Phdr)) + printf("wrong phdr size\n"); + + if (lseek(fd, elf.e_phoff, SEEK_SET) != (off_t)elf.e_phoff) + fperror("lseek to phdr failed\n"); + + for(i = 0; i < elf.e_phnum; i++) + { + Elf32_Phdr phdr; + const char *str; + + myread(fd, &phdr, sizeof(phdr)); + switch(phdr.p_type) + { +#define C(x) case PT_##x: str = #x; break; + C(NULL); + C(LOAD); + C(DYNAMIC); + C(INTERP); + C(NOTE); + C(SHLIB); + C(PHDR); +#undef C + default: + str = "???"; break; + } + printf("type PT_%s off=%ld vaddr=%lx filesz=%ld flags=%lx\n", + str, phdr.p_offset, phdr.p_vaddr, phdr.p_filesz, + (unsigned long)phdr.p_flags); + if (phdr.p_type == PT_NOTE) + do_note(fd, &phdr); + } + exit(0); +} +