SHA256
1
0
forked from pool/file
file/file-5.07.dif
2011-06-14 17:53:47 +00:00

425 lines
12 KiB
Plaintext

--- magic/Magdir/elf
+++ magic/Magdir/elf 2006-11-22 14:57:15.000000000 +0000
@@ -102,7 +102,7 @@
>>18 leshort 47 Renesas H8/300H,
>>18 leshort 48 Renesas H8S,
>>18 leshort 49 Renesas H8/500,
->>18 leshort 50 IA-64,
+>>18 leshort 50 IA-64 (Intel 64 bit architecture),
>>18 leshort 51 Stanford MIPS-X,
>>18 leshort 52 Motorola Coldfire,
>>18 leshort 53 Motorola M68HC12,
@@ -247,7 +247,7 @@
>>18 beshort 47 Renesas H8/300H,
>>18 beshort 48 Renesas H8S,
>>18 beshort 49 Renesas H8/500,
->>18 beshort 50 IA-64,
+>>18 beshort 50 IA-64 (Intel 64 bit architecture),
>>18 beshort 51 Stanford MIPS-X,
>>18 beshort 52 Motorola Coldfire,
>>18 beshort 53 Motorola M68HC12,
--- magic/Magdir/linux
+++ magic/Magdir/linux 2009-05-05 12:25:21.000000000 +0000
@@ -94,21 +94,43 @@
# and Nicolás Lichtmaier <nick@debian.org>
# All known start with: b8 c0 07 8e d8 b8 00 90 8e c0 b9 00 01 29 f6 29
# Linux kernel boot images (i386 arch) (Wolfram Kleff)
-514 string HdrS Linux kernel
->510 leshort 0xAA55 x86 boot executable
->>518 leshort >0x1ff
->>>529 byte 0 zImage,
->>>529 byte 1 bzImage,
->>>(526.s+0x200) string >\0 version %s,
->>498 leshort 1 RO-rootFS,
->>498 leshort 0 RW-rootFS,
->>508 leshort >0 root_dev 0x%X,
->>502 leshort >0 swap_dev 0x%X,
->>504 leshort >0 RAMdisksize %u KB,
->>506 leshort 0xFFFF Normal VGA
->>506 leshort 0xFFFE Extended VGA
->>506 leshort 0xFFFD Prompt for Videomode
->>506 leshort >0 Video mode %d
+514 string HdrS Linux
+>510 leshort 0xAA55 \b/x86 Kernel
+>510 leshort <0xAA55 Kernel
+>510 leshort >0xAA55 Kernel
+>518 leshort 0x0105 \b, Setup Version 0x105, zImage
+>518 leshort >0x0105 \b, Setup Version %#hx
+>>529 byte 0 \b, zImage
+>>529 byte 1 \b, bzImage
+>>>(526.s+0x205) byte 32
+>>>>(526.s+0x200) string >\0 \b, Version %5.5s
+>>>(526.s+0x206) byte 32
+>>>>(526.s+0x200) string >\0 \b, Version %6.6s
+>>>(526.s+0x207) byte 32
+>>>>(526.s+0x200) string >\0 \b, Version %7.7s
+>>>(526.s+0x205) byte 45
+>>>>(526.s+0x200) string >\0 \b, Version %5.5s
+>>>(526.s+0x206) byte 45
+>>>>(526.s+0x200) string >\0 \b, Version %6.6s
+>>>(526.s+0x207) byte 45
+>>>>(526.s+0x200) string >\0 \b, Version %7.7s
+>>>(526.s+0x208) byte 45
+>>>>(526.s+0x200) string >\0 \b, Version %8.8s
+>>>(526.s+0x209) byte 45
+>>>>(526.s+0x200) string >\0 \b, Version %9.9s
+>>>(526.s+0x20a) byte 45
+>>>>(526.s+0x200) string >\0 \b, Version %10.10s
+>>>(526.s+0x20b) byte 45
+>>>>(526.s+0x200) string >\0 \b, Version %11.11s
+>>498 leshort 1 \b, RO-rootFS
+>>498 leshort 0 \b, RW-rootFS
+>>508 leshort >0 \b, root_dev 0x%X
+>>502 leshort >0 \b, swap_dev 0x%X
+>>504 leshort >0 \b, RAMdisksize %u KB
+>>506 leshort 0xFFFF \b, Normal VGA
+>>506 leshort 0xFFFE \b, Extended VGA
+>>506 leshort 0xFFFD \b, Prompt for Videomode
+>>506 leshort >0 \b, Video mode %d
# This also matches new kernels, which were caught above by "HdrS".
0 belong 0xb8c0078e Linux kernel
>0x1e3 string Loading version 1.3.79 or older
--- magic/Magdir/msad
+++ magic/Magdir/msad 2006-03-27 11:29:19.000000000 +0000
@@ -0,0 +1,5 @@
+#------------------------------------------------------------------------------
+# msad: file(1) magic for msad
+# Microsoft visual C
+# This must precede the heuristic for raw G3 data
+4 string Standard\ Jet\ DB Microsoft Access Database
--- magic/Magdir/msdos
+++ magic/Magdir/msdos 2011-06-14 14:36:26.175926257 +0000
@@ -98,9 +98,9 @@
>>>(0x3c.l+22) leshort&0x0200 >0 (stripped to external PDB)
>>>(0x3c.l+22) leshort&0x1000 >0 system file
>>>(0x3c.l+24) leshort 0x010b
->>>>(0x3c.l+232) lelong >0 Mono/.Net assembly
+>>>>(0x3c.l+232) lelong >0 \b, Mono/.Net assembly
>>>(0x3c.l+24) leshort 0x020b
->>>>(0x3c.l+248) lelong >0 Mono/.Net assembly
+>>>>(0x3c.l+248) lelong >0 \b, Mono/.Net assembly
# hooray, there's a DOS extender using the PE format, with a valid PE
# executable inside (which just prints a message and exits if run in win)
--- magic/Makefile.am
+++ magic/Makefile.am 2011-06-14 14:32:37.504427061 +0000
@@ -5,7 +5,7 @@ MAGIC_FRAGMENT_BASE = Magdir
MAGIC_DIR = $(top_srcdir)/magic
MAGIC_FRAGMENT_DIR = $(MAGIC_DIR)/$(MAGIC_FRAGMENT_BASE)
-pkgdata_DATA = magic.mgc
+pkgdata_DATA = magic.mgc magic
EXTRA_DIST = \
$(MAGIC_DIR)/Header \
@@ -19,7 +19,6 @@ $(MAGIC_FRAGMENT_DIR)/amanda \
$(MAGIC_FRAGMENT_DIR)/amigaos \
$(MAGIC_FRAGMENT_DIR)/animation \
$(MAGIC_FRAGMENT_DIR)/apl \
-$(MAGIC_FRAGMENT_DIR)/apple \
$(MAGIC_FRAGMENT_DIR)/applix \
$(MAGIC_FRAGMENT_DIR)/archive \
$(MAGIC_FRAGMENT_DIR)/asterix \
@@ -69,7 +68,6 @@ $(MAGIC_FRAGMENT_DIR)/epoc \
$(MAGIC_FRAGMENT_DIR)/erlang \
$(MAGIC_FRAGMENT_DIR)/esri \
$(MAGIC_FRAGMENT_DIR)/fcs \
-$(MAGIC_FRAGMENT_DIR)/filesystems \
$(MAGIC_FRAGMENT_DIR)/flash \
$(MAGIC_FRAGMENT_DIR)/fonts \
$(MAGIC_FRAGMENT_DIR)/fortran \
@@ -102,19 +100,19 @@ $(MAGIC_FRAGMENT_DIR)/ispell \
$(MAGIC_FRAGMENT_DIR)/isz \
$(MAGIC_FRAGMENT_DIR)/java \
$(MAGIC_FRAGMENT_DIR)/jpeg \
+$(MAGIC_FRAGMENT_DIR)/linux \
+$(MAGIC_FRAGMENT_DIR)/filesystems \
$(MAGIC_FRAGMENT_DIR)/karma \
$(MAGIC_FRAGMENT_DIR)/kde \
$(MAGIC_FRAGMENT_DIR)/kml \
$(MAGIC_FRAGMENT_DIR)/lecter \
$(MAGIC_FRAGMENT_DIR)/lex \
$(MAGIC_FRAGMENT_DIR)/lif \
-$(MAGIC_FRAGMENT_DIR)/linux \
$(MAGIC_FRAGMENT_DIR)/lisp \
$(MAGIC_FRAGMENT_DIR)/llvm \
$(MAGIC_FRAGMENT_DIR)/lua \
$(MAGIC_FRAGMENT_DIR)/luks \
$(MAGIC_FRAGMENT_DIR)/mach \
-$(MAGIC_FRAGMENT_DIR)/macintosh \
$(MAGIC_FRAGMENT_DIR)/magic \
$(MAGIC_FRAGMENT_DIR)/mail.news \
$(MAGIC_FRAGMENT_DIR)/maple \
@@ -131,10 +129,10 @@ $(MAGIC_FRAGMENT_DIR)/misctools \
$(MAGIC_FRAGMENT_DIR)/mkid \
$(MAGIC_FRAGMENT_DIR)/mlssa \
$(MAGIC_FRAGMENT_DIR)/mmdf \
-$(MAGIC_FRAGMENT_DIR)/modem \
$(MAGIC_FRAGMENT_DIR)/motorola \
$(MAGIC_FRAGMENT_DIR)/mozilla \
$(MAGIC_FRAGMENT_DIR)/msdos \
+$(MAGIC_FRAGMENT_DIR)/modem \
$(MAGIC_FRAGMENT_DIR)/msooxml \
$(MAGIC_FRAGMENT_DIR)/msvc \
$(MAGIC_FRAGMENT_DIR)/mup \
@@ -173,6 +171,8 @@ $(MAGIC_FRAGMENT_DIR)/pyramid \
$(MAGIC_FRAGMENT_DIR)/python \
$(MAGIC_FRAGMENT_DIR)/revision \
$(MAGIC_FRAGMENT_DIR)/riff \
+$(MAGIC_FRAGMENT_DIR)/apple \
+$(MAGIC_FRAGMENT_DIR)/macintosh \
$(MAGIC_FRAGMENT_DIR)/rinex \
$(MAGIC_FRAGMENT_DIR)/rpm \
$(MAGIC_FRAGMENT_DIR)/rtf \
@@ -238,8 +238,20 @@ $(MAGIC_FRAGMENT_DIR)/xwindows \
$(MAGIC_FRAGMENT_DIR)/zilog \
$(MAGIC_FRAGMENT_DIR)/zyxel
+RAW = magic
MAGIC = magic.mgc
-CLEANFILES = ${MAGIC} $(MAGIC_FRAGMENT_DIR)/Localstuff
+CLEANFILES = ${MAGIC} $(MAGIC_DIR)/Localstuff ${RAW}
+
+${RAW}: $(MAGIC_DIR)/Header $(MAGIC_DIR)/Localstuff $(EXTRA_DIST)
+ cat /dev/null > $@
+ for frag in $(EXTRA_DIST); do \
+ if test -f $(srcdir)/$$frag; then \
+ f=$(srcdir)/$$frag; \
+ else \
+ f=$$frag; \
+ fi; \
+ cat $$f; \
+ done >> $@
# FIXME: Build file natively as well so that it can be used to compile
# the target's magic file
@@ -251,8 +263,5 @@ FILE_COMPILE = $(top_builddir)/src/file
FILE_COMPILE_DEP = $(FILE_COMPILE)
endif
-${MAGIC}: $(EXTRA_DIST) $(FILE_COMPILE_DEP)
- @rm -fr magic
- @mkdir magic && cp -p $(EXTRA_DIST) magic
- $(FILE_COMPILE) -C -m magic
- @rm -fr magic
+${MAGIC}: $(EXTRA_DIST) $(FILE_COMPILE_DEP) $(RAW)
+ $(FILE_COMPILE) -C -m $(RAW)
--- src/Makefile.am
+++ src/Makefile.am 2008-04-14 15:14:56.000000000 +0000
@@ -1,4 +1,4 @@
-MAGIC = $(pkgdatadir)/magic
+MAGIC = $(sysconfdir)/magic:$(pkgdatadir)/magic
lib_LTLIBRARIES = libmagic.la
include_HEADERS = magic.h
--- src/dcore.c
+++ src/dcore.c 2006-03-27 11:29:19.000000000 +0000
@@ -0,0 +1,207 @@
+/*
+ * Show goo about ELF core files
+ * Jeremy Fitzhardinge <jeremy@zip.com.au> 1996
+ */
+#include <unistd.h>
+#include <fcntl.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <sys/types.h>
+#include <string.h>
+#if defined __GLIBC__ && __GLIBC__ >= 2
+#include <elf.h>
+#include <sys/procfs.h>
+# ifndef NT_PRFPREG
+# define NT_PRFPREG 2
+# endif
+# ifndef NT_TASKSTRUCT
+# define NT_TASKSTRUCT 4
+# endif
+#else
+#include <linux/elf.h>
+#include <linux/elfcore.h>
+#endif
+
+static void fperror(const char *str)
+{
+ perror(str);
+ exit(1);
+}
+
+static size_t myread(int fd, void *buf, size_t sz)
+{
+ size_t ret;
+
+ if ((ret = read(fd, buf, sz)) != sz)
+ fperror("read failed");
+ return ret;
+}
+
+static void print_prstatus(const prstatus_t *pr)
+{
+ unsigned i;
+ static const char *regs[] = { "ebx", "ecx", "edx", "esi", "edi", "ebp",
+ "eax", "ds", "es", "fs", "gs",
+ "orig_eax", "eip", "cs",
+ "efl", "uesp", "ss"};
+
+ printf(" pid=%d ppid=%d pgrp=%d sid=%d\n",
+ pr->pr_pid, pr->pr_ppid, pr->pr_pgrp, pr->pr_sid);
+ for(i = 0; i < NGREG; i++)
+ {
+ unsigned long val = pr->pr_reg[i];
+ printf(" %-2u %-5s=%08lx %lu\n", i, regs[i], val, val);
+ }
+}
+
+static void print_prpsinfo(const prpsinfo_t *ps)
+{
+ printf(" uid=%d gid=%d\n", ps->pr_uid, ps->pr_gid);
+ printf(" comm=%s\n", ps->pr_fname);
+ printf(" psargs=%s\n", ps->pr_psargs);
+}
+
+#define roundup(x, y) ((((x)+((y)-1))/(y))*(y))
+
+static void do_note(int fd, Elf32_Phdr *phdr)
+{
+ off_t here = lseek(fd, 0, SEEK_CUR);
+ int size = phdr->p_filesz;
+ char *raw = alloca(size), *end;
+ end = raw+size;
+
+ lseek(fd, phdr->p_offset, SEEK_SET);
+ myread(fd, raw, size);
+
+ while(raw < end)
+ {
+ Elf32_Nhdr *note = (Elf32_Nhdr *)raw;
+ const char *str;
+ const char *name, *desc;
+
+ raw += sizeof(*note);
+ name = raw;
+ raw += roundup(note->n_namesz, sizeof(long));
+ desc = raw;
+ raw += roundup(note->n_descsz, sizeof(long));
+
+ printf(" name=%.*s", (int)note->n_namesz, name);
+
+ if(strncmp(name, "CORE", note->n_namesz) != 0)
+ {
+ printf("\n");
+ continue;
+ }
+
+ switch(note->n_type)
+ {
+#define X(x) case x: str = #x; break;
+ X(NT_PRSTATUS);
+ X(NT_PRFPREG);
+ X(NT_PRPSINFO);
+ X(NT_TASKSTRUCT);
+#undef X
+ default:
+ str = "???";
+ }
+ printf(" n_type=%s n_descsz=%ld\n",
+ str, note->n_descsz);
+ switch(note->n_type)
+ {
+ case NT_PRSTATUS:
+ print_prstatus((prstatus_t *)desc);
+ break;
+ case NT_PRPSINFO:
+ print_prpsinfo((prpsinfo_t *)desc);
+ break;
+ }
+ }
+ lseek(fd, here, SEEK_SET);
+}
+
+int main(int argc, char *argv[])
+{
+ int fd;
+ Elf32_Ehdr elf;
+ int i;
+
+ if (argc != 2)
+ {
+ fprintf(stderr, "Usage: %s corefile\n", argv[0]);
+ exit(1);
+ }
+
+ if ((fd = open(argv[1], O_RDONLY)) == -1)
+ fperror("open of core");
+
+ myread(fd, &elf, sizeof(elf));
+
+ if (memcmp(ELFMAG, elf.e_ident, SELFMAG) != 0)
+ printf("bad magic\n");
+
+ if (elf.e_ident[EI_CLASS] != ELFCLASS32)
+ printf("wrong class\n");
+
+ if (elf.e_ident[EI_DATA] != ELFDATA2LSB)
+ printf("wrong endianess\n");
+
+ if (elf.e_ident[EI_VERSION] != EV_CURRENT)
+ printf("wrong version\n");
+
+ {
+ const char *str;
+ switch(elf.e_type)
+ {
+#define C(x) case ET_##x: str = #x; break;
+ C(NONE);
+ C(REL);
+ C(EXEC);
+ C(DYN);
+ C(CORE);
+#undef C
+ default: str = "???"; break;
+ }
+ printf("elf file type ET_%s\n", str);
+ }
+
+ if (elf.e_machine != EM_386 && elf.e_machine != EM_486)
+ printf("not i386 or i486\n");
+
+ if (elf.e_ehsize != sizeof(elf))
+ printf("wrong header size\n");
+
+ if (elf.e_phentsize != sizeof(Elf32_Phdr))
+ printf("wrong phdr size\n");
+
+ if (lseek(fd, elf.e_phoff, SEEK_SET) != (off_t)elf.e_phoff)
+ fperror("lseek to phdr failed\n");
+
+ for(i = 0; i < elf.e_phnum; i++)
+ {
+ Elf32_Phdr phdr;
+ const char *str;
+
+ myread(fd, &phdr, sizeof(phdr));
+ switch(phdr.p_type)
+ {
+#define C(x) case PT_##x: str = #x; break;
+ C(NULL);
+ C(LOAD);
+ C(DYNAMIC);
+ C(INTERP);
+ C(NOTE);
+ C(SHLIB);
+ C(PHDR);
+#undef C
+ default:
+ str = "???"; break;
+ }
+ printf("type PT_%s off=%ld vaddr=%lx filesz=%ld flags=%lx\n",
+ str, phdr.p_offset, phdr.p_vaddr, phdr.p_filesz,
+ (unsigned long)phdr.p_flags);
+ if (phdr.p_type == PT_NOTE)
+ do_note(fd, &phdr);
+ }
+ exit(0);
+}
+