593 lines
17 KiB
Plaintext
593 lines
17 KiB
Plaintext
---
|
|
magic/Magdir/elf | 2
|
|
magic/Magdir/linux | 36 +++++----
|
|
magic/Magdir/msad | 5 +
|
|
magic/Magdir/msdos | 4 -
|
|
magic/Makefile.am | 61 +++++++++------
|
|
magic/Makefile.in | 60 +++++++++------
|
|
src/Makefile.am | 2
|
|
src/dcore.c | 207 +++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
src/magic.h.in | 1
|
|
9 files changed, 312 insertions(+), 66 deletions(-)
|
|
|
|
--- magic/Magdir/elf
|
|
+++ magic/Magdir/elf 2016-04-18 11:59:52.349157805 +0000
|
|
@@ -128,7 +128,7 @@
|
|
>18 leshort 47 Renesas H8/300H,
|
|
>18 leshort 48 Renesas H8S,
|
|
>18 leshort 49 Renesas H8/500,
|
|
->18 leshort 50 IA-64,
|
|
+>18 leshort 50 IA-64 (Intel 64 bit architecture),
|
|
>18 leshort 51 Stanford MIPS-X,
|
|
>18 leshort 52 Motorola Coldfire,
|
|
>18 leshort 53 Motorola M68HC12,
|
|
--- magic/Magdir/linux
|
|
+++ magic/Magdir/linux 2016-04-18 11:59:52.349157805 +0000
|
|
@@ -101,23 +101,27 @@
|
|
# and Nicolas Lichtmaier <nick@debian.org>
|
|
# All known start with: b8 c0 07 8e d8 b8 00 90 8e c0 b9 00 01 29 f6 29
|
|
# Linux kernel boot images (i386 arch) (Wolfram Kleff)
|
|
-514 string HdrS Linux kernel
|
|
+514 string HdrS Linux
|
|
!:strength + 55
|
|
->510 leshort 0xAA55 x86 boot executable
|
|
->>518 leshort >0x1ff
|
|
->>>529 byte 0 zImage,
|
|
->>>529 byte 1 bzImage,
|
|
->>>526 lelong >0
|
|
->>>>(526.s+0x200) string >\0 version %s,
|
|
->>498 leshort 1 RO-rootFS,
|
|
->>498 leshort 0 RW-rootFS,
|
|
->>508 leshort >0 root_dev 0x%X,
|
|
->>502 leshort >0 swap_dev 0x%X,
|
|
->>504 leshort >0 RAMdisksize %u KB,
|
|
->>506 leshort 0xFFFF Normal VGA
|
|
->>506 leshort 0xFFFE Extended VGA
|
|
->>506 leshort 0xFFFD Prompt for Videomode
|
|
->>506 leshort >0 Video mode %d
|
|
+>510 leshort 0xAA55 \b/x86 Kernel
|
|
+>510 leshort <0xAA55 Kernel
|
|
+>510 leshort >0xAA55 Kernel
|
|
+>518 leshort 0x0105 \b, Setup Version 0x105, zImage
|
|
+>518 leshort >0x0105 \b, Setup Version %#x
|
|
+>518 leshort >0x1ff
|
|
+>>529 byte 0 \b, zImage
|
|
+>>529 byte 1 \b, bzImage
|
|
+>>526 lelong >0
|
|
+>>>(526.s+0x200) string >\0 \b, Version %s
|
|
+>>498 leshort 1 \b, RO-rootFS
|
|
+>>498 leshort 0 \b, RW-rootFS
|
|
+>>508 leshort >0 \b, root_dev 0x%X
|
|
+>>502 leshort >0 \b, swap_dev 0x%X
|
|
+>>504 leshort >0 \b, RAMdisksize %u KB
|
|
+>>506 leshort 0xFFFF \b, Normal VGA
|
|
+>>506 leshort 0xFFFE \b, Extended VGA
|
|
+>>506 leshort 0xFFFD \b, Prompt for Videomode
|
|
+>>506 leshort >0 \b, Video mode %d
|
|
# This also matches new kernels, which were caught above by "HdrS".
|
|
0 belong 0xb8c0078e Linux kernel
|
|
>0x1e3 string Loading version 1.3.79 or older
|
|
--- magic/Magdir/msad
|
|
+++ magic/Magdir/msad 2016-04-18 11:59:52.349157805 +0000
|
|
@@ -0,0 +1,5 @@
|
|
+#------------------------------------------------------------------------------
|
|
+# msad: file(1) magic for msad
|
|
+# Microsoft visual C
|
|
+# This must precede the heuristic for raw G3 data
|
|
+4 string Standard\ Jet\ DB Microsoft Access Database
|
|
--- magic/Magdir/msdos
|
|
+++ magic/Magdir/msdos 2016-04-18 11:59:52.349157805 +0000
|
|
@@ -104,9 +104,9 @@
|
|
>>>(0x3c.l+22) leshort&0x0200 >0 (stripped to external PDB)
|
|
>>>(0x3c.l+22) leshort&0x1000 >0 system file
|
|
>>>(0x3c.l+24) leshort 0x010b
|
|
->>>>(0x3c.l+232) lelong >0 Mono/.Net assembly
|
|
+>>>>(0x3c.l+232) lelong >0 \b, Mono/.Net assembly
|
|
>>>(0x3c.l+24) leshort 0x020b
|
|
->>>>(0x3c.l+248) lelong >0 Mono/.Net assembly
|
|
+>>>>(0x3c.l+248) lelong >0 \b, Mono/.Net assembly
|
|
|
|
# hooray, there's a DOS extender using the PE format, with a valid PE
|
|
# executable inside (which just prints a message and exits if run in win)
|
|
--- magic/Makefile.am
|
|
+++ magic/Makefile.am 2016-04-18 12:02:09.262627467 +0000
|
|
@@ -5,7 +5,7 @@ MAGIC_FRAGMENT_BASE = Magdir
|
|
MAGIC_DIR = $(top_srcdir)/magic
|
|
MAGIC_FRAGMENT_DIR = $(MAGIC_DIR)/$(MAGIC_FRAGMENT_BASE)
|
|
|
|
-pkgdata_DATA = magic.mgc
|
|
+pkgdata_DATA = magic.mgc magic
|
|
|
|
EXTRA_DIST = \
|
|
$(MAGIC_DIR)/Header \
|
|
@@ -21,7 +21,6 @@ $(MAGIC_FRAGMENT_DIR)/android \
|
|
$(MAGIC_FRAGMENT_DIR)/animation \
|
|
$(MAGIC_FRAGMENT_DIR)/aout \
|
|
$(MAGIC_FRAGMENT_DIR)/apl \
|
|
-$(MAGIC_FRAGMENT_DIR)/apple \
|
|
$(MAGIC_FRAGMENT_DIR)/applix \
|
|
$(MAGIC_FRAGMENT_DIR)/archive \
|
|
$(MAGIC_FRAGMENT_DIR)/assembler \
|
|
@@ -80,7 +79,6 @@ $(MAGIC_FRAGMENT_DIR)/epoc \
|
|
$(MAGIC_FRAGMENT_DIR)/erlang \
|
|
$(MAGIC_FRAGMENT_DIR)/esri \
|
|
$(MAGIC_FRAGMENT_DIR)/fcs \
|
|
-$(MAGIC_FRAGMENT_DIR)/filesystems \
|
|
$(MAGIC_FRAGMENT_DIR)/finger \
|
|
$(MAGIC_FRAGMENT_DIR)/flash \
|
|
$(MAGIC_FRAGMENT_DIR)/flif \
|
|
@@ -120,6 +118,8 @@ $(MAGIC_FRAGMENT_DIR)/isz \
|
|
$(MAGIC_FRAGMENT_DIR)/java \
|
|
$(MAGIC_FRAGMENT_DIR)/javascript \
|
|
$(MAGIC_FRAGMENT_DIR)/jpeg \
|
|
+$(MAGIC_FRAGMENT_DIR)/linux \
|
|
+$(MAGIC_FRAGMENT_DIR)/filesystems \
|
|
$(MAGIC_FRAGMENT_DIR)/karma \
|
|
$(MAGIC_FRAGMENT_DIR)/kde \
|
|
$(MAGIC_FRAGMENT_DIR)/keepass \
|
|
@@ -128,7 +128,6 @@ $(MAGIC_FRAGMENT_DIR)/kml \
|
|
$(MAGIC_FRAGMENT_DIR)/lecter \
|
|
$(MAGIC_FRAGMENT_DIR)/lex \
|
|
$(MAGIC_FRAGMENT_DIR)/lif \
|
|
-$(MAGIC_FRAGMENT_DIR)/linux \
|
|
$(MAGIC_FRAGMENT_DIR)/lisp \
|
|
$(MAGIC_FRAGMENT_DIR)/llvm \
|
|
$(MAGIC_FRAGMENT_DIR)/lua \
|
|
@@ -136,7 +135,6 @@ $(MAGIC_FRAGMENT_DIR)/luks \
|
|
$(MAGIC_FRAGMENT_DIR)/m4 \
|
|
$(MAGIC_FRAGMENT_DIR)/mach \
|
|
$(MAGIC_FRAGMENT_DIR)/macos \
|
|
-$(MAGIC_FRAGMENT_DIR)/macintosh \
|
|
$(MAGIC_FRAGMENT_DIR)/magic \
|
|
$(MAGIC_FRAGMENT_DIR)/mail.news \
|
|
$(MAGIC_FRAGMENT_DIR)/make \
|
|
@@ -158,10 +156,10 @@ $(MAGIC_FRAGMENT_DIR)/misctools \
|
|
$(MAGIC_FRAGMENT_DIR)/mkid \
|
|
$(MAGIC_FRAGMENT_DIR)/mlssa \
|
|
$(MAGIC_FRAGMENT_DIR)/mmdf \
|
|
-$(MAGIC_FRAGMENT_DIR)/modem \
|
|
$(MAGIC_FRAGMENT_DIR)/motorola \
|
|
$(MAGIC_FRAGMENT_DIR)/mozilla \
|
|
$(MAGIC_FRAGMENT_DIR)/msdos \
|
|
+$(MAGIC_FRAGMENT_DIR)/modem \
|
|
$(MAGIC_FRAGMENT_DIR)/msooxml \
|
|
$(MAGIC_FRAGMENT_DIR)/msx \
|
|
$(MAGIC_FRAGMENT_DIR)/msvc \
|
|
@@ -210,6 +208,8 @@ $(MAGIC_FRAGMENT_DIR)/python \
|
|
$(MAGIC_FRAGMENT_DIR)/qt \
|
|
$(MAGIC_FRAGMENT_DIR)/revision \
|
|
$(MAGIC_FRAGMENT_DIR)/riff \
|
|
+$(MAGIC_FRAGMENT_DIR)/apple \
|
|
+$(MAGIC_FRAGMENT_DIR)/macintosh \
|
|
$(MAGIC_FRAGMENT_DIR)/rpm \
|
|
$(MAGIC_FRAGMENT_DIR)/rtf \
|
|
$(MAGIC_FRAGMENT_DIR)/ruby \
|
|
@@ -280,8 +280,20 @@ $(MAGIC_FRAGMENT_DIR)/zfs \
|
|
$(MAGIC_FRAGMENT_DIR)/zilog \
|
|
$(MAGIC_FRAGMENT_DIR)/zyxel
|
|
|
|
+RAW = magic
|
|
MAGIC = magic.mgc
|
|
-CLEANFILES = ${MAGIC} $(MAGIC_FRAGMENT_DIR)/Localstuff
|
|
+CLEANFILES = ${MAGIC} $(MAGIC_DIR)/Localstuff ${RAW}
|
|
+
|
|
+${RAW}: $(MAGIC_DIR)/Header $(MAGIC_DIR)/Localstuff $(EXTRA_DIST)
|
|
+ cat /dev/null > $@
|
|
+ for frag in $(EXTRA_DIST); do \
|
|
+ if test -f $(srcdir)/$$frag; then \
|
|
+ f=$(srcdir)/$$frag; \
|
|
+ else \
|
|
+ f=$$frag; \
|
|
+ fi; \
|
|
+ cat $$f; \
|
|
+ done >> $@
|
|
|
|
# FIXME: Build file natively as well so that it can be used to compile
|
|
# the target's magic file; for now we bail if the local version does not match
|
|
@@ -293,19 +305,22 @@ FILE_COMPILE = $(top_builddir)/src/file$
|
|
FILE_COMPILE_DEP = $(FILE_COMPILE)
|
|
endif
|
|
|
|
-${MAGIC}: $(EXTRA_DIST) $(FILE_COMPILE_DEP)
|
|
- @rm -fr magic
|
|
- @mkdir magic && cp -p $(EXTRA_DIST) magic
|
|
- @(if expr "${FILE_COMPILE}" : '.*/.*' > /dev/null; then \
|
|
- echo "Using ${FILE_COMPILE} to generate ${MAGIC}" > /dev/null; \
|
|
- else \
|
|
- v=$$(${FILE_COMPILE} --version | sed -e s/file-// -e q); \
|
|
- if [ "$$v" != "${PACKAGE_VERSION}" ]; then \
|
|
- echo "Cannot use the installed version of file ($$v) to"; \
|
|
- echo "cross-compile file ${PACKAGE_VERSION}"; \
|
|
- echo "Please install file ${PACKAGE_VERSION} locally first"; \
|
|
- exit 1; \
|
|
- fi; \
|
|
- fi)
|
|
- $(FILE_COMPILE) -C -m magic
|
|
- @rm -fr magic
|
|
+${MAGIC}: $(EXTRA_DIST) $(FILE_COMPILE_DEP) $(RAW)
|
|
+ $(FILE_COMPILE) -C -m $(RAW)
|
|
+
|
|
+#${MAGIC}: $(EXTRA_DIST) $(FILE_COMPILE_DEP)
|
|
+# @rm -fr magic
|
|
+# @mkdir magic && cp -p $(EXTRA_DIST) magic
|
|
+# @(if expr "${FILE_COMPILE}" : '.*/.*' > /dev/null; then \
|
|
+# echo "Using ${FILE_COMPILE} to generate ${MAGIC}" > /dev/null; \
|
|
+# else \
|
|
+# v=$$(${FILE_COMPILE} --version | sed -e s/file-// -e q); \
|
|
+# if [ "$$v" != "${PACKAGE_VERSION}" ]; then \
|
|
+# echo "Cannot use the installed version of file ($$v) to"; \
|
|
+# echo "cross-compile file ${PACKAGE_VERSION}"; \
|
|
+# echo "Please install file ${PACKAGE_VERSION} locally first"; \
|
|
+# exit 1; \
|
|
+# fi; \
|
|
+# fi)
|
|
+# $(FILE_COMPILE) -C -m magic
|
|
+# @rm -fr magic
|
|
--- magic/Makefile.in
|
|
+++ magic/Makefile.in 2016-04-18 12:03:07.113558364 +0000
|
|
@@ -278,7 +278,7 @@ top_srcdir = @top_srcdir@
|
|
MAGIC_FRAGMENT_BASE = Magdir
|
|
MAGIC_DIR = $(top_srcdir)/magic
|
|
MAGIC_FRAGMENT_DIR = $(MAGIC_DIR)/$(MAGIC_FRAGMENT_BASE)
|
|
-pkgdata_DATA = magic.mgc
|
|
+pkgdata_DATA = magic.mgc magic
|
|
EXTRA_DIST = \
|
|
$(MAGIC_DIR)/Header \
|
|
$(MAGIC_DIR)/Localstuff \
|
|
@@ -293,7 +293,6 @@ $(MAGIC_FRAGMENT_DIR)/android \
|
|
$(MAGIC_FRAGMENT_DIR)/animation \
|
|
$(MAGIC_FRAGMENT_DIR)/aout \
|
|
$(MAGIC_FRAGMENT_DIR)/apl \
|
|
-$(MAGIC_FRAGMENT_DIR)/apple \
|
|
$(MAGIC_FRAGMENT_DIR)/applix \
|
|
$(MAGIC_FRAGMENT_DIR)/archive \
|
|
$(MAGIC_FRAGMENT_DIR)/assembler \
|
|
@@ -352,7 +351,6 @@ $(MAGIC_FRAGMENT_DIR)/epoc \
|
|
$(MAGIC_FRAGMENT_DIR)/erlang \
|
|
$(MAGIC_FRAGMENT_DIR)/esri \
|
|
$(MAGIC_FRAGMENT_DIR)/fcs \
|
|
-$(MAGIC_FRAGMENT_DIR)/filesystems \
|
|
$(MAGIC_FRAGMENT_DIR)/finger \
|
|
$(MAGIC_FRAGMENT_DIR)/flash \
|
|
$(MAGIC_FRAGMENT_DIR)/flif \
|
|
@@ -392,6 +390,8 @@ $(MAGIC_FRAGMENT_DIR)/isz \
|
|
$(MAGIC_FRAGMENT_DIR)/java \
|
|
$(MAGIC_FRAGMENT_DIR)/javascript \
|
|
$(MAGIC_FRAGMENT_DIR)/jpeg \
|
|
+$(MAGIC_FRAGMENT_DIR)/linux \
|
|
+$(MAGIC_FRAGMENT_DIR)/filesystems \
|
|
$(MAGIC_FRAGMENT_DIR)/karma \
|
|
$(MAGIC_FRAGMENT_DIR)/kde \
|
|
$(MAGIC_FRAGMENT_DIR)/keepass \
|
|
@@ -400,7 +400,6 @@ $(MAGIC_FRAGMENT_DIR)/kml \
|
|
$(MAGIC_FRAGMENT_DIR)/lecter \
|
|
$(MAGIC_FRAGMENT_DIR)/lex \
|
|
$(MAGIC_FRAGMENT_DIR)/lif \
|
|
-$(MAGIC_FRAGMENT_DIR)/linux \
|
|
$(MAGIC_FRAGMENT_DIR)/lisp \
|
|
$(MAGIC_FRAGMENT_DIR)/llvm \
|
|
$(MAGIC_FRAGMENT_DIR)/lua \
|
|
@@ -408,7 +407,6 @@ $(MAGIC_FRAGMENT_DIR)/luks \
|
|
$(MAGIC_FRAGMENT_DIR)/m4 \
|
|
$(MAGIC_FRAGMENT_DIR)/mach \
|
|
$(MAGIC_FRAGMENT_DIR)/macos \
|
|
-$(MAGIC_FRAGMENT_DIR)/macintosh \
|
|
$(MAGIC_FRAGMENT_DIR)/magic \
|
|
$(MAGIC_FRAGMENT_DIR)/mail.news \
|
|
$(MAGIC_FRAGMENT_DIR)/make \
|
|
@@ -430,10 +428,10 @@ $(MAGIC_FRAGMENT_DIR)/misctools \
|
|
$(MAGIC_FRAGMENT_DIR)/mkid \
|
|
$(MAGIC_FRAGMENT_DIR)/mlssa \
|
|
$(MAGIC_FRAGMENT_DIR)/mmdf \
|
|
-$(MAGIC_FRAGMENT_DIR)/modem \
|
|
$(MAGIC_FRAGMENT_DIR)/motorola \
|
|
$(MAGIC_FRAGMENT_DIR)/mozilla \
|
|
$(MAGIC_FRAGMENT_DIR)/msdos \
|
|
+$(MAGIC_FRAGMENT_DIR)/modem \
|
|
$(MAGIC_FRAGMENT_DIR)/msooxml \
|
|
$(MAGIC_FRAGMENT_DIR)/msx \
|
|
$(MAGIC_FRAGMENT_DIR)/msvc \
|
|
@@ -482,6 +480,8 @@ $(MAGIC_FRAGMENT_DIR)/python \
|
|
$(MAGIC_FRAGMENT_DIR)/qt \
|
|
$(MAGIC_FRAGMENT_DIR)/revision \
|
|
$(MAGIC_FRAGMENT_DIR)/riff \
|
|
+$(MAGIC_FRAGMENT_DIR)/apple \
|
|
+$(MAGIC_FRAGMENT_DIR)/macintosh \
|
|
$(MAGIC_FRAGMENT_DIR)/rpm \
|
|
$(MAGIC_FRAGMENT_DIR)/rtf \
|
|
$(MAGIC_FRAGMENT_DIR)/ruby \
|
|
@@ -552,10 +552,22 @@ $(MAGIC_FRAGMENT_DIR)/zfs \
|
|
$(MAGIC_FRAGMENT_DIR)/zilog \
|
|
$(MAGIC_FRAGMENT_DIR)/zyxel
|
|
|
|
+RAW = magic
|
|
MAGIC = magic.mgc
|
|
-CLEANFILES = ${MAGIC} $(MAGIC_FRAGMENT_DIR)/Localstuff
|
|
+CLEANFILES = ${MAGIC} $(MAGIC_FRAGMENT_DIR)/Localstuff ${RAW}
|
|
@IS_CROSS_COMPILE_FALSE@FILE_COMPILE = $(top_builddir)/src/file${EXEEXT}
|
|
|
|
+${RAW}: $(MAGIC_DIR)/Header $(MAGIC_DIR)/Localstuff $(EXTRA_DIST)
|
|
+ cat /dev/null > $@
|
|
+ for frag in $(EXTRA_DIST); do \
|
|
+ if test -f $(srcdir)/$$frag; then \
|
|
+ f=$(srcdir)/$$frag; \
|
|
+ else \
|
|
+ f=$$frag; \
|
|
+ fi; \
|
|
+ cat $$f; \
|
|
+ done >> $@
|
|
+
|
|
# FIXME: Build file natively as well so that it can be used to compile
|
|
# the target's magic file; for now we bail if the local version does not match
|
|
@IS_CROSS_COMPILE_TRUE@FILE_COMPILE = file${EXEEXT}
|
|
@@ -777,23 +789,25 @@ uninstall-am: uninstall-pkgdataDATA
|
|
|
|
.PRECIOUS: Makefile
|
|
|
|
+${MAGIC}: $(EXTRA_DIST) $(FILE_COMPILE_DEP) $(RAW)
|
|
+ $(FILE_COMPILE) -C -m $(RAW)
|
|
|
|
-${MAGIC}: $(EXTRA_DIST) $(FILE_COMPILE_DEP)
|
|
- @rm -fr magic
|
|
- @mkdir magic && cp -p $(EXTRA_DIST) magic
|
|
- @(if expr "${FILE_COMPILE}" : '.*/.*' > /dev/null; then \
|
|
- echo "Using ${FILE_COMPILE} to generate ${MAGIC}" > /dev/null; \
|
|
- else \
|
|
- v=$$(${FILE_COMPILE} --version | sed -e s/file-// -e q); \
|
|
- if [ "$$v" != "${PACKAGE_VERSION}" ]; then \
|
|
- echo "Cannot use the installed version of file ($$v) to"; \
|
|
- echo "cross-compile file ${PACKAGE_VERSION}"; \
|
|
- echo "Please install file ${PACKAGE_VERSION} locally first"; \
|
|
- exit 1; \
|
|
- fi; \
|
|
- fi)
|
|
- $(FILE_COMPILE) -C -m magic
|
|
- @rm -fr magic
|
|
+#${MAGIC}: $(EXTRA_DIST) $(FILE_COMPILE_DEP)
|
|
+# @rm -fr magic
|
|
+# @mkdir magic && cp -p $(EXTRA_DIST) magic
|
|
+# @(if expr "${FILE_COMPILE}" : '.*/.*' > /dev/null; then \
|
|
+# echo "Using ${FILE_COMPILE} to generate ${MAGIC}" > /dev/null; \
|
|
+# else \
|
|
+# v=$$(${FILE_COMPILE} --version | sed -e s/file-// -e q); \
|
|
+# if [ "$$v" != "${PACKAGE_VERSION}" ]; then \
|
|
+# echo "Cannot use the installed version of file ($$v) to"; \
|
|
+# echo "cross-compile file ${PACKAGE_VERSION}"; \
|
|
+# echo "Please install file ${PACKAGE_VERSION} locally first"; \
|
|
+# exit 1; \
|
|
+# fi; \
|
|
+# fi)
|
|
+# $(FILE_COMPILE) -C -m magic
|
|
+# @rm -fr magic
|
|
|
|
# Tell versions [3.59,3.63) of GNU make to not export all variables.
|
|
# Otherwise a system limit (for SysV at least) may be exceeded.
|
|
--- src/Makefile.am
|
|
+++ src/Makefile.am 2016-04-18 11:59:52.381157214 +0000
|
|
@@ -1,4 +1,4 @@
|
|
-MAGIC = $(pkgdatadir)/magic
|
|
+MAGIC = $(sysconfdir)/magic:$(pkgdatadir)/magic
|
|
lib_LTLIBRARIES = libmagic.la
|
|
include_HEADERS = magic.h
|
|
|
|
--- src/dcore.c
|
|
+++ src/dcore.c 2016-04-18 11:59:52.381157214 +0000
|
|
@@ -0,0 +1,207 @@
|
|
+/*
|
|
+ * Show goo about ELF core files
|
|
+ * Jeremy Fitzhardinge <jeremy@zip.com.au> 1996
|
|
+ */
|
|
+#include <unistd.h>
|
|
+#include <fcntl.h>
|
|
+#include <stdlib.h>
|
|
+#include <stdio.h>
|
|
+#include <sys/types.h>
|
|
+#include <string.h>
|
|
+#if defined __GLIBC__ && __GLIBC__ >= 2
|
|
+#include <elf.h>
|
|
+#include <sys/procfs.h>
|
|
+# ifndef NT_PRFPREG
|
|
+# define NT_PRFPREG 2
|
|
+# endif
|
|
+# ifndef NT_TASKSTRUCT
|
|
+# define NT_TASKSTRUCT 4
|
|
+# endif
|
|
+#else
|
|
+#include <linux/elf.h>
|
|
+#include <linux/elfcore.h>
|
|
+#endif
|
|
+
|
|
+static void fperror(const char *str)
|
|
+{
|
|
+ perror(str);
|
|
+ exit(1);
|
|
+}
|
|
+
|
|
+static size_t myread(int fd, void *buf, size_t sz)
|
|
+{
|
|
+ size_t ret;
|
|
+
|
|
+ if ((ret = read(fd, buf, sz)) != sz)
|
|
+ fperror("read failed");
|
|
+ return ret;
|
|
+}
|
|
+
|
|
+static void print_prstatus(const prstatus_t *pr)
|
|
+{
|
|
+ unsigned i;
|
|
+ static const char *regs[] = { "ebx", "ecx", "edx", "esi", "edi", "ebp",
|
|
+ "eax", "ds", "es", "fs", "gs",
|
|
+ "orig_eax", "eip", "cs",
|
|
+ "efl", "uesp", "ss"};
|
|
+
|
|
+ printf(" pid=%d ppid=%d pgrp=%d sid=%d\n",
|
|
+ pr->pr_pid, pr->pr_ppid, pr->pr_pgrp, pr->pr_sid);
|
|
+ for(i = 0; i < NGREG; i++)
|
|
+ {
|
|
+ unsigned long val = pr->pr_reg[i];
|
|
+ printf(" %-2u %-5s=%08lx %lu\n", i, regs[i], val, val);
|
|
+ }
|
|
+}
|
|
+
|
|
+static void print_prpsinfo(const prpsinfo_t *ps)
|
|
+{
|
|
+ printf(" uid=%d gid=%d\n", ps->pr_uid, ps->pr_gid);
|
|
+ printf(" comm=%s\n", ps->pr_fname);
|
|
+ printf(" psargs=%s\n", ps->pr_psargs);
|
|
+}
|
|
+
|
|
+#define roundup(x, y) ((((x)+((y)-1))/(y))*(y))
|
|
+
|
|
+static void do_note(int fd, Elf32_Phdr *phdr)
|
|
+{
|
|
+ off_t here = lseek(fd, 0, SEEK_CUR);
|
|
+ int size = phdr->p_filesz;
|
|
+ char *raw = alloca(size), *end;
|
|
+ end = raw+size;
|
|
+
|
|
+ lseek(fd, phdr->p_offset, SEEK_SET);
|
|
+ myread(fd, raw, size);
|
|
+
|
|
+ while(raw < end)
|
|
+ {
|
|
+ Elf32_Nhdr *note = (Elf32_Nhdr *)raw;
|
|
+ const char *str;
|
|
+ const char *name, *desc;
|
|
+
|
|
+ raw += sizeof(*note);
|
|
+ name = raw;
|
|
+ raw += roundup(note->n_namesz, sizeof(long));
|
|
+ desc = raw;
|
|
+ raw += roundup(note->n_descsz, sizeof(long));
|
|
+
|
|
+ printf(" name=%.*s", (int)note->n_namesz, name);
|
|
+
|
|
+ if(strncmp(name, "CORE", note->n_namesz) != 0)
|
|
+ {
|
|
+ printf("\n");
|
|
+ continue;
|
|
+ }
|
|
+
|
|
+ switch(note->n_type)
|
|
+ {
|
|
+#define X(x) case x: str = #x; break;
|
|
+ X(NT_PRSTATUS);
|
|
+ X(NT_PRFPREG);
|
|
+ X(NT_PRPSINFO);
|
|
+ X(NT_TASKSTRUCT);
|
|
+#undef X
|
|
+ default:
|
|
+ str = "???";
|
|
+ }
|
|
+ printf(" n_type=%s n_descsz=%ld\n",
|
|
+ str, note->n_descsz);
|
|
+ switch(note->n_type)
|
|
+ {
|
|
+ case NT_PRSTATUS:
|
|
+ print_prstatus((prstatus_t *)desc);
|
|
+ break;
|
|
+ case NT_PRPSINFO:
|
|
+ print_prpsinfo((prpsinfo_t *)desc);
|
|
+ break;
|
|
+ }
|
|
+ }
|
|
+ lseek(fd, here, SEEK_SET);
|
|
+}
|
|
+
|
|
+int main(int argc, char *argv[])
|
|
+{
|
|
+ int fd;
|
|
+ Elf32_Ehdr elf;
|
|
+ int i;
|
|
+
|
|
+ if (argc != 2)
|
|
+ {
|
|
+ fprintf(stderr, "Usage: %s corefile\n", argv[0]);
|
|
+ exit(1);
|
|
+ }
|
|
+
|
|
+ if ((fd = open(argv[1], O_RDONLY)) == -1)
|
|
+ fperror("open of core");
|
|
+
|
|
+ myread(fd, &elf, sizeof(elf));
|
|
+
|
|
+ if (memcmp(ELFMAG, elf.e_ident, SELFMAG) != 0)
|
|
+ printf("bad magic\n");
|
|
+
|
|
+ if (elf.e_ident[EI_CLASS] != ELFCLASS32)
|
|
+ printf("wrong class\n");
|
|
+
|
|
+ if (elf.e_ident[EI_DATA] != ELFDATA2LSB)
|
|
+ printf("wrong endianess\n");
|
|
+
|
|
+ if (elf.e_ident[EI_VERSION] != EV_CURRENT)
|
|
+ printf("wrong version\n");
|
|
+
|
|
+ {
|
|
+ const char *str;
|
|
+ switch(elf.e_type)
|
|
+ {
|
|
+#define C(x) case ET_##x: str = #x; break;
|
|
+ C(NONE);
|
|
+ C(REL);
|
|
+ C(EXEC);
|
|
+ C(DYN);
|
|
+ C(CORE);
|
|
+#undef C
|
|
+ default: str = "???"; break;
|
|
+ }
|
|
+ printf("elf file type ET_%s\n", str);
|
|
+ }
|
|
+
|
|
+ if (elf.e_machine != EM_386 && elf.e_machine != EM_486)
|
|
+ printf("not i386 or i486\n");
|
|
+
|
|
+ if (elf.e_ehsize != sizeof(elf))
|
|
+ printf("wrong header size\n");
|
|
+
|
|
+ if (elf.e_phentsize != sizeof(Elf32_Phdr))
|
|
+ printf("wrong phdr size\n");
|
|
+
|
|
+ if (lseek(fd, elf.e_phoff, SEEK_SET) != (off_t)elf.e_phoff)
|
|
+ fperror("lseek to phdr failed\n");
|
|
+
|
|
+ for(i = 0; i < elf.e_phnum; i++)
|
|
+ {
|
|
+ Elf32_Phdr phdr;
|
|
+ const char *str;
|
|
+
|
|
+ myread(fd, &phdr, sizeof(phdr));
|
|
+ switch(phdr.p_type)
|
|
+ {
|
|
+#define C(x) case PT_##x: str = #x; break;
|
|
+ C(NULL);
|
|
+ C(LOAD);
|
|
+ C(DYNAMIC);
|
|
+ C(INTERP);
|
|
+ C(NOTE);
|
|
+ C(SHLIB);
|
|
+ C(PHDR);
|
|
+#undef C
|
|
+ default:
|
|
+ str = "???"; break;
|
|
+ }
|
|
+ printf("type PT_%s off=%ld vaddr=%lx filesz=%ld flags=%lx\n",
|
|
+ str, phdr.p_offset, phdr.p_vaddr, phdr.p_filesz,
|
|
+ (unsigned long)phdr.p_flags);
|
|
+ if (phdr.p_type == PT_NOTE)
|
|
+ do_note(fd, &phdr);
|
|
+ }
|
|
+ exit(0);
|
|
+}
|
|
+
|
|
--- src/magic.h.in
|
|
+++ src/magic.h.in 2016-04-18 12:56:55.450019121 +0000
|
|
@@ -114,6 +114,7 @@ int magic_errno(magic_t);
|
|
#define MAGIC_PARAM_ELF_SHNUM_MAX 3
|
|
#define MAGIC_PARAM_ELF_NOTES_MAX 4
|
|
#define MAGIC_PARAM_REGEX_MAX 5
|
|
+#define MAGIC_PARAM_BYTES_MAX 6
|
|
|
|
int magic_setparam(magic_t, int, const void *);
|
|
int magic_getparam(magic_t, int, void *);
|