diff options
author | Todd C. Miller <millert@cvs.openbsd.org> | 1997-02-09 22:49:35 +0000 |
---|---|---|
committer | Todd C. Miller <millert@cvs.openbsd.org> | 1997-02-09 22:49:35 +0000 |
commit | 88659d1e6983c53919569275eeda236ff564227b (patch) | |
tree | fe41498cbac62ebb8f4dca2a8594105f708d150d /usr.bin/file/magdir | |
parent | a18b952c83c4544deacbd28d35271126156d00cf (diff) |
Updated from NetBSD.
Diffstat (limited to 'usr.bin/file/magdir')
38 files changed, 679 insertions, 126 deletions
diff --git a/usr.bin/file/magdir/386bsd b/usr.bin/file/magdir/386bsd new file mode 100644 index 00000000000..77bbe9e52c9 --- /dev/null +++ b/usr.bin/file/magdir/386bsd @@ -0,0 +1,6 @@ + +#------------------------------------------------------------------------------ +# 386bsd: file(1) magic for 386BSD objects +# +0 lelong 000000413 386BSD demand paged executable +>16 lelong >0 not stripped diff --git a/usr.bin/file/magdir/OpenBSD b/usr.bin/file/magdir/OpenBSD index e7949cff490..34b51ea8c89 100644 --- a/usr.bin/file/magdir/OpenBSD +++ b/usr.bin/file/magdir/OpenBSD @@ -4,19 +4,6 @@ # # All new-style magic numbers are in network byte order. # -0 lelong 000000413 386BSD demand paged executable ->16 lelong >0 not stripped -0 lelong 000000314 BSDI demand paged executable ->16 lelong >0 not stripped ->32 byte 0x6a (uses shared libs) - -0 lelong&077777777 041400314 FreeBSD/i386 demand paged ->3 byte &0x80 ->>20 lelong <4096 shared library ->>20 lelong =4096 dynamically linked executable ->>20 lelong >4096 dynamically linked executable ->3 byte ^0x80 executable ->16 lelong >0 not stripped 0 lelong 000000407 OpenBSD little-endian object file >16 lelong >0 not stripped @@ -170,6 +157,15 @@ 0 belong&0377777777 043000507 OpenBSD/vax core >12 string >\0 from '%s' +# OpenBSD/alpha does not support (and has never supported) a.out objects, +# so no rules are provided for them. OpenBSD/alpha ELF objects are +# dealt with in "elf". +0 leshort 0x00070185 ECOFF OpenBSD/alpha binary +>10 leshort 0x0001 not stripped +>10 leshort 0x0000 stripped +0 belong&0377777777 043200507 OpenBSD/alpha core +>12 string >\0 from '%s' + 0 belong&0377777777 043400413 OpenBSD/mips demand paged >0 byte &0x80 >>20 belong <8192 shared library @@ -191,23 +187,23 @@ 0 belong&0377777777 043400507 OpenBSD/mips core >12 string >\0 from '%s' -0 belong&0377777777 043600413 NetBSD/arm32 demand paged +0 belong&0377777777 043600413 OpenBSD/arm32 demand paged >0 byte &0x80 >>20 lelong <8192 shared library >>20 lelong =8192 dynamically linked executable >>20 lelong >8192 dynamically linked executable >0 byte ^0x80 executable >16 lelong >0 not stripped -0 belong&0377777777 043600410 NetBSD/arm32 pure +0 belong&0377777777 043600410 OpenBSD/arm32 pure >0 byte &0x80 dynamically linked executable >0 byte ^0x80 executable >16 lelong >0 not stripped -0 belong&0377777777 043600407 NetBSD/arm32 +0 belong&0377777777 043600407 OpenBSD/arm32 >0 byte &0x80 dynamically linked executable >0 byte ^0x80 >>0 byte &0x40 position independent >>20 lelong !0 executable >>20 lelong =0 object file >16 lelong >0 not stripped -0 belong&0377777777 043600507 NetBSD/arm32 core +0 belong&0377777777 043600507 OpenBSD/arm32 core >12 string >\0 from '%s' diff --git a/usr.bin/file/magdir/alpha b/usr.bin/file/magdir/alpha new file mode 100644 index 00000000000..1a8cb147207 --- /dev/null +++ b/usr.bin/file/magdir/alpha @@ -0,0 +1,21 @@ +#------------------------------------------------------------------------------ +# alpha architecture description +# + +0 leshort 0603 COFF format alpha +>22 leshort&030000 !020000 executable +>24 leshort 0410 pure +>24 leshort 0413 paged +>22 leshort&020000 !0 dynamically linked +>16 lelong !0 not stripped +>16 lelong 0 stripped +>22 leshort&030000 020000 shared library +>24 leshort 0407 object +>27 byte x - version %d +>26 byte x .%d +>28 byte x -%d + +# Basic recognition of Digital UNIX core dumps - Mike Bremford <mike@opac.bl.uk> +# +0 string Core\001 Alpha COFF format core dump (Digital UNIX) +>24 string >\0 \b, from '%s' diff --git a/usr.bin/file/magdir/amanda b/usr.bin/file/magdir/amanda new file mode 100644 index 00000000000..57c4359fc16 --- /dev/null +++ b/usr.bin/file/magdir/amanda @@ -0,0 +1,7 @@ +#------------------------------------------------------------------------------ +# amanda: file(1) magic for amanda file format +# +0 string AMANDA:\ TAPESTART\ DATE AMANDA dump header file, +>23 string X +>>25 string >\ Unused %s +>23 string >\ DATE %s diff --git a/usr.bin/file/magdir/amigaos b/usr.bin/file/magdir/amigaos new file mode 100644 index 00000000000..6073936e17b --- /dev/null +++ b/usr.bin/file/magdir/amigaos @@ -0,0 +1,10 @@ +#------------------------------------------------------------------------------ +# amigaos: file(1) magic for AmigaOS binary formats: + +# +# From ignatios@cs.uni-bonn.de (Ignatios Souvatzis) +# Some formats are still missing: AmigaOS special IFF's, e.g.: FORM....CTLG +# (the others should be seperate, anyway) +# +0 belong 0x000003f3 AmigaOS loadseg()ble executable/binary +0 belong 0x000003e7 AmigaOS object/library data diff --git a/usr.bin/file/magdir/apple b/usr.bin/file/magdir/apple index c21ee34372c..55acff1683b 100644 --- a/usr.bin/file/magdir/apple +++ b/usr.bin/file/magdir/apple @@ -5,5 +5,4 @@ 0 string FiLeStArTfIlEsTaRt binscii (apple ][) text 0 string \x0aGL Binary II (apple ][) data 0 string \x76\xff Squeezed (apple ][) data -0 string NuFile NuFile archive (apple ][) data -0 string N\xf5F\xe9l\xe5 NuFile archive (apple ][) data +0 string N\365F\351l\345 NuFile archive (apple ][) data diff --git a/usr.bin/file/magdir/archive b/usr.bin/file/magdir/archive index bd400815444..30d90683d17 100644 --- a/usr.bin/file/magdir/archive +++ b/usr.bin/file/magdir/archive @@ -45,8 +45,6 @@ >19 string B and an EB hash table >22 string X -- out of date -0 string !<arch> archive ->8 string __.SYMDEF random library 0 string -h- Software Tools format archive text # @@ -60,7 +58,6 @@ # # 0 string \<ar> System V Release 1 ar archive # 0 string =<ar> archive -# 0 string =<ar> archive # # XXX - did Aegis really store shared libraries, breakpointed modules, # and absolute code program modules in the same format as new-style @@ -68,6 +65,8 @@ # 0 string !<arch> current ar archive >8 string __.SYMDEF random library +>8 string debian-split part of multipart Debian package +>8 string debian-binary Debian binary package >0 belong =65538 - pre SR9.5 >0 belong =65539 - post SR9.5 >0 beshort 2 - object archive @@ -96,14 +95,10 @@ 0 leshort 0177545 old PDP-11 archive >8 string __.SYMDEF random library # -0 string =<ar> archive -# -# From "pdp": +# From "pdp" (but why a 4-byte quantity?) # 0 lelong 0x39bed PDP-11 old archive 0 lelong 0x39bee PDP-11 4.0 archive -# -0 string -h- Software Tools format archive text # ARC archiver, from Daniel Quinlan (quinlan@yggdrasil.com) # diff --git a/usr.bin/file/magdir/asterix b/usr.bin/file/magdir/asterix new file mode 100644 index 00000000000..d89504a2407 --- /dev/null +++ b/usr.bin/file/magdir/asterix @@ -0,0 +1,17 @@ + +#------------------------------------------------------------------------------ +# asterix: file(1) magic for Aster*x; SunOS 5.5.1 gave the 4-character +# strings as "long" - we assume they're just strings: +# From: guy@netapp.com (Guy Harris) +# +0 string *STA Aster*x +>7 string WORD Words Document +>7 string GRAP Graphic +>7 string SPRE Spreadsheet +>7 string MACR Macro +0 string 2278 Aster*x Version 2 +>29 byte 0x36 Words Document +>29 byte 0x35 Graphic +>29 byte 0x32 Spreadsheet +>29 byte 0x38 Macro + diff --git a/usr.bin/file/magdir/audio b/usr.bin/file/magdir/audio index 96cef47525a..50b88bc4db2 100644 --- a/usr.bin/file/magdir/audio +++ b/usr.bin/file/magdir/audio @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# audio: file(1) magic for sound formats +# audio: file(1) magic for sound formats (see also "iff") # # Jan Nicolai Langfeldt (janl@ifi.uio.no), Dan Quinlan (quinlan@yggdrasil.com), # and others @@ -16,6 +16,10 @@ >12 belong 6 32-bit IEEE floating point, >12 belong 7 64-bit IEEE floating point, >12 belong 23 8-bit ISDN u-law compressed (CCITT G.721 ADPCM voice data encoding), +>12 belong 24 compressed (8-bit G.722 ADPCM) +>12 belong 25 compressed (3-bit G.723 ADPCM), +>12 belong 26 compressed (5-bit G.723 ADPCM), +>12 belong 27 8-bit A-law, >20 belong 1 mono, >20 belong 2 stereo, >20 belong 4 quad, @@ -54,14 +58,15 @@ >4 belong x - version %ld # Microsoft WAVE format (*.wav) -# [GRR 950115: probably all of the shorts and longs should be leshort/lelong] 0 string RIFF Microsoft RIFF ->8 string WAVE - WAVE format ->34 short >0 %d bit ->22 short =1 Mono ->22 short =2 Stereo ->22 short >2 %d Channels ->24 long >0 %d Hz +>8 string WAVE \b, WAVE audio data +>>34 leshort >0 \b, %d bit +>>22 leshort =1 \b, mono +>>22 leshort =2 \b, stereo +>>22 leshort >2 \b, %d channels +>>24 lelong >0 %d Hz +# AVI == Audio Video Interleave +>8 string AVI\ \b, AVI data # Extended MOD format (*.emd) (Greg Roelofs, newt@uchicago.edu); NOT TESTED # [based on posting 940824 by "Dirk/Elastik", husberg@lehtori.cc.tut.fi] @@ -71,3 +76,15 @@ >45 byte x %d instruments >83 byte 0 (module) >83 byte 1 (song) + +# Real Audio (Magic .ra\0375) +0 belong 0x2e7261fd realaudio sound file + +# MTM/669/FAR/S3M/ULT/XM format checking [Aaron Eppert, aeppert@dialin.ind.net] +# Oct 31, 1995 +0 string MTM MultiTracker Module sound file +0 string if Composer 669 Module sound data +0 string FAR Module sound data +0 string MAS_U ULT(imate) Module sound data +0x2c string SCRM ScreamTracker III Module sound data +0 string Extended Module Extended Module sound data diff --git a/usr.bin/file/magdir/bsdi b/usr.bin/file/magdir/bsdi new file mode 100644 index 00000000000..2e3b646f6bd --- /dev/null +++ b/usr.bin/file/magdir/bsdi @@ -0,0 +1,7 @@ + +#------------------------------------------------------------------------------ +# bsdi: file(1) magic for BSD/OS (from BSDI) objects +# +0 lelong 000000314 BSD/OS i386 compact demand paged executable +>16 lelong >0 not stripped +>32 byte 0x6a (uses shared libs) diff --git a/usr.bin/file/magdir/compress b/usr.bin/file/magdir/compress index 2cf8d195f59..a797f8fff5d 100644 --- a/usr.bin/file/magdir/compress +++ b/usr.bin/file/magdir/compress @@ -79,8 +79,14 @@ # # This will cause very short GSM files to be declared as data and # mismatches to be declared as data too! -#0 byte&0xF0 0xd0 data +#0 byte&0xF0 0xd0 data #>33 byte&0xF0 0xd0 #>66 byte&0xF0 0xd0 #>99 byte&0xF0 0xd0 -#>132 byte&0xF0 0xd0 GSM 06.10 compressed audio +#>132 byte&0xF0 0xd0 GSM 06.10 compressed audio + +# Bzip from ulmo@Q.Net +0 string BZ bzip compressed data, +>2 byte x format v. %c, +>3 byte x block size indicator %c + diff --git a/usr.bin/file/magdir/convex b/usr.bin/file/magdir/convex index 14ed86742da..b1235d7e79a 100644 --- a/usr.bin/file/magdir/convex +++ b/usr.bin/file/magdir/convex @@ -1,7 +1,69 @@ - #------------------------------------------------------------------------------ # convex: file(1) magic for Convex boxes # # Convexes are big-endian. # -0 long 0513 Convex executable +# /*\ +# * Below are the magic numbers and tests added for Convex. +# * Added at beginning, because they are expected to be used most. +# \*/ +0 belong 0507 Convex old-style object +>16 belong >0 not stripped +0 belong 0513 Convex old-style demand paged executable +>16 belong >0 not stripped +0 belong 0515 Convex old-style pre-paged executable +>16 belong >0 not stripped +0 belong 0517 Convex old-style pre-paged, non-swapped executable +>16 belong >0 not stripped +0 belong 0x011257 Core file +# +# The following are a series of dump format magic numbers. Each one +# corresponds to a drastically different dump format. The first on is +# the original dump format on a 4.1 BSD or earlier file system. The +# second marks the change between the 4.1 file system and the 4.2 file +# system. The Third marks the changing of the block size from 1K +# to 2K to be compatible with an IDC file system. The fourth indicates +# a dump that is dependent on Convex Storage Manager, because data in +# secondary storage is not physically contained within the dump. +# The restore program uses these number to determine how the data is +# to be extracted. +# +24 belong =60011 dump format, 4.1 BSD or earlier +24 belong =60012 dump format, 4.2 or 4.3 BSD without IDC +24 belong =60013 dump format, 4.2 or 4.3 BSD (IDC compatible) +24 belong =60014 dump format, Convex Storage Manager by-reference dump +# +# what follows is a bunch of bit-mask checks on the flags field of the opthdr. +# If there is no `=' sign, assume just checking for whether the bit is set? +# +0 belong 0601 Convex SOFF +>88 belong&0x000f0000 =0x00000000 c1 +>88 belong &0x00010000 c2 +>88 belong &0x00020000 c2mp +>88 belong &0x00040000 parallel +>88 belong &0x00080000 intrinsic +>88 belong &0x00000001 demand paged +>88 belong &0x00000002 pre-paged +>88 belong &0x00000004 non-swapped +>88 belong &0x00000008 POSIX +# +>84 belong &0x80000000 executable +>84 belong &0x40000000 object +>84 belong&0x20000000 =0 not stripped +>84 belong&0x18000000 =0x00000000 native fpmode +>84 belong&0x18000000 =0x10000000 ieee fpmode +>84 belong&0x18000000 =0x18000000 undefined fpmode +# +0 belong 0605 Convex SOFF core +# +0 belong 0607 Convex SOFF checkpoint +>88 belong&0x000f0000 =0x00000000 c1 +>88 belong &0x00010000 c2 +>88 belong &0x00020000 c2mp +>88 belong &0x00040000 parallel +>88 belong &0x00080000 intrinsic +>88 belong &0x00000008 POSIX +# +>84 belong&0x18000000 =0x00000000 native fpmode +>84 belong&0x18000000 =0x10000000 ieee fpmode +>84 belong&0x18000000 =0x18000000 undefined fpmode diff --git a/usr.bin/file/magdir/database b/usr.bin/file/magdir/database index 692ce6b3153..146c3108e1e 100644 --- a/usr.bin/file/magdir/database +++ b/usr.bin/file/magdir/database @@ -17,16 +17,18 @@ >8 belong 1234 Little Endian, >8 belong 4321 Big Endian, >12 belong x Bucket Size %d, ->16 belong x Directory Size %d, ->20 belong x Segment Size %d, ->24 belong x Segment Shift %d, ->28 belong x Overflow Point %d, ->32 belong x Last Freed %d, ->36 belong x Max Bucket %d, ->40 belong x High Mask 0x%x, ->44 belong x Low Mask 0x%x, ->48 belong x Fill Factor %d, ->52 belong x Number of Keys %d) +>16 belong x Bucket Shift %d, +>20 belong x Directory Size %d, +>24 belong x Segment Size %d, +>28 belong x Segment Shift %d, +>32 belong x Overflow Point %d, +>36 belong x Last Freed %d, +>40 belong x Max Bucket %d, +>44 belong x High Mask 0x%x, +>48 belong x Low Mask 0x%x, +>52 belong x Fill Factor %d, +>56 belong x Number of Keys %d) +# # 0 belong 0x053162 Berkeley DB Btree file >4 belong >0 (Version %d, diff --git a/usr.bin/file/magdir/digital b/usr.bin/file/magdir/digital new file mode 100644 index 00000000000..6a573a6e052 --- /dev/null +++ b/usr.bin/file/magdir/digital @@ -0,0 +1,41 @@ +# Digital UNIX - Info +# +0 string !<arch>\n________64E Alpha archive +>22 string X -- out of date +# +# Alpha COFF Based Executables +# The stripped stuff really needs to be an 8 byte (64 bit) compare, +# but this works +0 leshort 0x183 COFF format alpha +>22 leshort&020000 &010000 sharable library, +>22 leshort&020000 ^010000 dynamically linked, +>24 leshort 0410 pure +>24 leshort 0413 demand paged +>8 lelong >0 executable or object module, not stripped +>8 lelong 0 +>>12 lelong 0 executable or object module, stripped +>>12 lelong >0 executable or object module, not stripped +>27 byte >0 - version %d. +>26 byte >0 %d- +>28 leshort >0 %d +# +# The next is incomplete, we could tell more about this format, +# but its not worth it. +0 leshort 0x188 Alpha compressed COFF +0 leshort 0x18f Alpha u-code object +# +# +# Some other interesting Digital formats, +0 string \377\377\177 ddis/ddif +0 string \377\377\174 ddis/dots archive +0 string \377\377\176 ddis/dtif table data +0 string \033c\033 LN03 output +0 long 04553207 X image +# +0 string !<PDF>!\n profiling data file +# +# Locale data tables (MIPS and Alpha). +# +0 short 0x0501 locale data table +>6 short 0x24 for MIPS +>6 short 0x40 for Alpha diff --git a/usr.bin/file/magdir/dump b/usr.bin/file/magdir/dump index 955275b8c74..628ead86c61 100644 --- a/usr.bin/file/magdir/dump +++ b/usr.bin/file/magdir/dump @@ -43,8 +43,8 @@ >888 belong >0 Flags %x 24 lelong 60012 new-fs dump file (little endian), ->4 ledate x Previous dump %s, ->8 ledate x This dump %s, +>4 ledate x This dump %s, +>8 ledate x Previous dump %s, >12 lelong >0 Volume %ld, >692 lelong 0 Level zero, type: >692 lelong >0 Level %d, type: diff --git a/usr.bin/file/magdir/elf b/usr.bin/file/magdir/elf index cfab44cf51f..3da99d08e2b 100644 --- a/usr.bin/file/magdir/elf +++ b/usr.bin/file/magdir/elf @@ -5,8 +5,8 @@ # We have to check the byte order flag to see what byte order all the # other stuff in the header is in. # -# Byte order is probably big-endian for MIPS R3000 and Amdahl. -# MIPS R3000 may also be for MIPS R2000. +# MIPS RS3000 may also be for MIPS RS2000. +# What're the correct byte orders for the nCUBE and the Fujitsu VPP500? # # updated by Daniel Quinlan (quinlan@yggdrasil.com) 0 string \177ELF ELF @@ -19,7 +19,9 @@ >>16 leshort 1 relocatable, >>16 leshort 2 executable, >>16 leshort 3 shared object, ->>16 leshort 4 core file, +# Core handling from Peter Tobias <tobias@server.et-inf.fho-emden.de> +>>16 leshort 4 core file +>>>400 lelong >0 (signal %d), >>16 leshort &0xff00 processor-specific, >>18 leshort 0 no machine, >>18 leshort 1 AT&T WE32100 - invalid byte order, @@ -29,9 +31,16 @@ >>18 leshort 5 Motorola 88000 - invalid byte order, >>18 leshort 6 Intel 80486, >>18 leshort 7 Intel 80860, ->>18 leshort 8 MIPS R3000, ->>18 leshort 9 Amdahl, +>>18 leshort 8 MIPS RS3000_BE - invalid byte order, +>>18 leshort 9 Amdahl - invalid byte order, +>>18 leshort 10 MIPS RS3000_LE, +>>18 leshort 11 RS6000 - invalid byte order, +>>18 leshort 15 PA-RISC - invalid byte order, +>>18 leshort 16 nCUBE, +>>18 leshort 17 VPP500, +>>18 leshort 18 SPARC32PLUS, >>18 leshort 20 PowerPC, +>>18 leshort 0x9026 Alpha, >>20 lelong 0 invalid version >>20 lelong 1 version 1 >>36 lelong 1 MathCoPro/FPU/MAU Required @@ -41,6 +50,7 @@ >>16 beshort 2 executable, >>16 beshort 3 shared object, >>16 beshort 4 core file, +>>>400 lelong >0 (signal %d), >>16 beshort &0xff00 processor-specific, >>18 beshort 0 no machine, >>18 beshort 1 AT&T WE32100, @@ -50,9 +60,16 @@ >>18 beshort 5 Motorola 88000, >>18 beshort 6 Intel 80486 - invalid byte order, >>18 beshort 7 Intel 80860, ->>18 beshort 8 MIPS R3000, +>>18 beshort 8 MIPS RS3000_BE, +>>18 beshort 9 Amdahl, +>>18 beshort 10 MIPS RS3000_LE - invalid byte order, +>>18 beshort 11 RS6000, +>>18 beshort 15 PA-RISC, +>>18 beshort 16 nCUBE, +>>18 beshort 17 VPP500, +>>18 beshort 18 SPARC32PLUS, >>18 beshort 20 PowerPC, ->>18 leshort 9 Amdahl, +>>18 beshort 0x9026 Alpha, >>20 belong 0 invalid version >>20 belong 1 version 1 >>36 belong 1 MathCoPro/FPU/MAU Required diff --git a/usr.bin/file/magdir/freebsd b/usr.bin/file/magdir/freebsd new file mode 100644 index 00000000000..2370c257841 --- /dev/null +++ b/usr.bin/file/magdir/freebsd @@ -0,0 +1,130 @@ + +#------------------------------------------------------------------------------ +# freebsd: file(1) magic for FreeBSD objects +# +# All new-style FreeBSD magic numbers are in host byte order (i.e., +# little-endian on x86). +# +# XXX - this comes from the file "freebsd" in a recent FreeBSD version of +# "file"; it, and the NetBSD stuff in "netbsd", appear to use different +# schemes for distinguishing between executable images, shared libraries, +# and object files. +# +# FreeBSD says: +# +# Regardless of whether it's pure, demand-paged, or none of the +# above: +# +# if the entry point is < 4096, then it's a shared library if +# the "has run-time loader information" bit is set, and is +# position-independent if the "is position-independent" bit +# is set; +# +# if the entry point is >= 4096 (or >4095, same thing), then it's +# an executable, and is dynamically-linked if the "has run-time +# loader information" bit is set. +# +# On x86, NetBSD says: +# +# If it's neither pure nor demand-paged: +# +# if it has the "has run-time loader information" bit set, it's +# a dynamically-linked executable; +# +# if it doesn't have that bit set, then: +# +# if it has the "is position-independent" bit set, it's +# position-independent; +# +# if the entry point is non-zero, it's an executable, otherwise +# it's an object file. +# +# If it's pure: +# +# if it has the "has run-time loader information" bit set, it's +# a dynamically-linked executable, otherwise it's just an +# executable. +# +# If it's demand-paged: +# +# if it has the "has run-time loader information" bit set, +# then: +# +# if the entry point is < 4096, it's a shared library; +# +# if the entry point is = 4096 or > 4096 (i.e., >= 4096), +# it's a dynamically-linked executable); +# +# if it doesn't have the "has run-time loader information" bit +# set, then it's just an executable. +# +# (On non-x86, NetBSD does much the same thing, except that it uses +# 8192 on 68K - except for "68k4k", which is presumably "68K with 4K +# pages - SPARC, and MIPS, presumably because Sun-3's and Sun-4's +# had 8K pages; dunno about MIPS.) +# +# I suspect the two will differ only in perverse and uninteresting cases +# ("shared" libraries that aren't demand-paged and whose pages probably +# won't actually be shared, executables with entry points <4096). +# +# I leave it to those more familiar with FreeBSD and NetBSD to figure out +# what the right answer is (although using ">4095", FreeBSD-style, is +# probably better than separately checking for "=4096" and ">4096", +# NetBSD-style). (The old "netbsd" file analyzed FreeBSD demand paged +# executables using the NetBSD technique.) +# +0 lelong&0377777777 041400407 FreeBSD/i386 +>20 lelong <4096 +>>3 byte&0xC0 &0x80 shared library +>>3 byte&0xC0 0x40 PIC object +>>3 byte&0xC0 0x00 object +>20 lelong >4095 +>>3 byte&0x80 0x80 dynamically linked executable +>>3 byte&0x80 0x00 executable +>16 lelong >0 not stripped + +0 lelong&0377777777 041400410 FreeBSD/i386 pure +>20 lelong <4096 +>>3 byte&0xC0 &0x80 shared library +>>3 byte&0xC0 0x40 PIC object +>>3 byte&0xC0 0x00 object +>20 lelong >4095 +>>3 byte&0x80 0x80 dynamically linked executable +>>3 byte&0x80 0x00 executable +>16 lelong >0 not stripped + +0 lelong&0377777777 041400413 FreeBSD/i386 demand paged +>20 lelong <4096 +>>3 byte&0xC0 &0x80 shared library +>>3 byte&0xC0 0x40 PIC object +>>3 byte&0xC0 0x00 object +>20 lelong >4095 +>>3 byte&0x80 0x80 dynamically linked executable +>>3 byte&0x80 0x00 executable +>16 lelong >0 not stripped + +0 lelong&0377777777 041400314 FreeBSD/i386 compact demand paged +>20 lelong <4096 +>>3 byte&0xC0 &0x80 shared library +>>3 byte&0xC0 0x40 PIC object +>>3 byte&0xC0 0x00 object +>20 lelong >4095 +>>3 byte&0x80 0x80 dynamically linked executable +>>3 byte&0x80 0x00 executable +>16 lelong >0 not stripped + +# XXX gross hack to identify core files +# cores start with a struct tss; we take advantage of the following: +# byte 7: highest byte of the kernel stack pointer, always 0xfe +# 8/9: kernel (ring 0) ss value, always 0x0010 +# 10 - 27: ring 1 and 2 ss/esp, unused, thus always 0 +# 28: low order byte of the current PTD entry, always 0 since the +# PTD is page-aligned +# +7 string \357\020\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0 FreeBSD/i386 a.out core file +>1039 string >\0 from '%s' + +# /var/run/ld.so.hints +# What are you laughing about? +0 lelong 011421044151 ld.so hints file +>4 lelong >0 (version %d) diff --git a/usr.bin/file/magdir/hp b/usr.bin/file/magdir/hp index 82d11306c0a..e1efdbde82e 100644 --- a/usr.bin/file/magdir/hp +++ b/usr.bin/file/magdir/hp @@ -6,12 +6,6 @@ # applied to the "TML" stuff; I'm assuming the Apollo stuff is # big-endian as it was mostly 68K-based. # -# HP-PA is big-endian, so it (and "800", which is *also* HP-PA-based; I -# assume "HPPA-RISC1.1" really means "HP-PA Version 1.1", which first -# showed up in the 700 series, although later 800 series machines are, -# I think, based on the PA7100 which implements HP-PA 1.1) are flagged -# as big-endian. -# # I think the 500 series was the old stack-based machines, running a # UNIX environment atop the "SUN kernel"; dunno whether it was # big-endian or little-endian. @@ -21,10 +15,23 @@ # HP magic is useful for reference, but using "long" magic is a better # practice in order to avoid collisions. # +# Guy Harris (guy@netapp.com): some additions to this list came from +# HP-UX 10.0's "/usr/include/sys/unistd.h" (68030, 68040, PA-RISC 1.1, +# 1.2, and 2.0). The 1.2 and 2.0 stuff isn't in the HP-UX 10.0 +# "/etc/magic", though, except for the "archive file relocatable library" +# stuff, and the 68030 and 68040 stuff isn't there at all - are they not +# used in executables, or have they just not yet updated "/etc/magic" +# completely? +# # 0 beshort 200 hp200 (68010) BSD binary # 0 beshort 300 hp300 (68020+68881) BSD binary # 0 beshort 0x20c hp200/300 HP-UX binary -# 0 beshort 0x20b hp800 HP-UX binary +# 0 beshort 0x20d hp400 (68030) HP-UX binary +# 0 beshort 0x20e hp400 (68040?) HP-UX binary +# 0 beshort 0x20b PA-RISC1.0 HP-UX binary +# 0 beshort 0x210 PA-RISC1.1 HP-UX binary +# 0 beshort 0x211 PA-RISC1.2 HP-UX binary +# 0 beshort 0x214 PA-RISC2.0 HP-UX binary # # The "misc" stuff needs a byte order; the archives look suspiciously @@ -41,49 +48,58 @@ 0 long 01702407010 TML 1032 byte-order format 0 long 01003405017 TML 2301 byte-order format 0 long 01602007412 TML 3210 byte-order format -#### HPPA -0 belong 0x02100106 HPPA-RISC1.1 relocatable object -0 belong 0x02100107 HPPA-RISC1.1 executable +#### PA-RISC +0 belong 0x02100106 PA-RISC1.1 relocatable object +0 belong 0x02100107 PA-RISC1.1 executable +>168 belong &=0x00000004 dynamically linked >(144) belong 0x054ef630 dynamically linked >96 belong >0 - not stripped -0 belong 0x02100108 HPPA-RISC1.1 shared executable +0 belong 0x02100108 PA-RISC1.1 shared executable +>168 belong&0x4 0x4 dynamically linked >(144) belong 0x054ef630 dynamically linked >96 belong >0 - not stripped -0 belong 0x0210010b HPPA-RISC1.1 demand-load executable +0 belong 0x0210010b PA-RISC1.1 demand-load executable +>168 belong&0x4 0x4 dynamically linked >(144) belong 0x054ef630 dynamically linked >96 belong >0 - not stripped -0 belong 0x0210010e HPPA-RISC1.1 shared library +0 belong 0x0210010e PA-RISC1.1 shared library >96 belong >0 - not stripped -0 belong 0x0210010d HPPA-RISC1.1 dynamic load library +0 belong 0x0210010d PA-RISC1.1 dynamic load library >96 belong >0 - not stripped #### 800 -0 belong 0x020b0106 HP s800 relocatable object +0 belong 0x020b0106 PA-RISC1.0 relocatable object -0 belong 0x020b0107 HP s800 executable +0 belong 0x020b0107 PA-RISC1.0 executable +>168 belong&0x4 0x4 dynamically linked >(144) belong 0x054ef630 dynamically linked >96 belong >0 - not stripped -0 belong 0x020b0108 HP s800 shared executable +0 belong 0x020b0108 PA-RISC1.0 shared executable +>168 belong&0x4 0x4 dynamically linked >(144) belong 0x054ef630 dynamically linked >96 belong >0 - not stripped -0 belong 0x020b010b HP s800 demand-load executable +0 belong 0x020b010b PA-RISC1.0 demand-load executable +>168 belong&0x4 0x4 dynamically linked >(144) belong 0x054ef630 dynamically linked >96 belong >0 - not stripped -0 belong 0x020b010e HP s800 shared library +0 belong 0x020b010e PA-RISC1.0 shared library >96 belong >0 - not stripped -0 belong 0x020b010d HP s800 dynamic load library +0 belong 0x020b010d PA-RISC1.0 dynamic load library >96 belong >0 - not stripped 0 belong 0x213c6172 archive file ->68 belong 0x020b0619 - HP s800 relocatable library +>68 belong 0x020b0619 - PA-RISC1.0 relocatable library +>68 belong 0x02100619 - PA-RISC1.1 relocatable library +>68 belong 0x02110619 - PA-RISC1.2 relocatable library +>68 belong 0x02140619 - PA-RISC2.0 relocatable library #### 500 0 long 0x02080106 HP s500 relocatable executable @@ -156,7 +172,7 @@ 0 string IMGfile CIS compimg HP Bitmapfile # XXX - see "lif" -0 short 0x8000 lif file +#0 short 0x8000 lif file 0 long 0x020c010c compiled Lisp 0 string msgcat01 HP NLS message catalog, diff --git a/usr.bin/file/magdir/ibm370 b/usr.bin/file/magdir/ibm370 index fc245969c29..8cd9da27ae6 100644 --- a/usr.bin/file/magdir/ibm370 +++ b/usr.bin/file/magdir/ibm370 @@ -4,7 +4,35 @@ # # "ibm370" said that 0x15d == 0535 was "ibm 370 pure executable". # What the heck *is* "USS/370"? +# AIX 4.1's "/etc/magic" has # +# 0 short 0535 370 sysV executable +# >12 long >0 not stripped +# >22 short >0 - version %d +# >30 long >0 - 5.2 format +# 0 short 0530 370 sysV pure executable +# >12 long >0 not stripped +# >22 short >0 - version %d +# >30 long >0 - 5.2 format +# +# instead of the "USS/370" versions of the same magic numbers. +# +0 beshort 0537 370 XA sysV executable +>12 belong >0 not stripped +>22 beshort >0 - version %d +>30 belong >0 - 5.2 format +0 beshort 0532 370 XA sysV pure executable +>12 belong >0 not stripped +>22 beshort >0 - version %d +>30 belong >0 - 5.2 format +0 beshort 054001 370 sysV pure executable +>12 belong >0 not stripped +0 beshort 055001 370 XA sysV pure executable +>12 belong >0 not stripped +0 beshort 056401 370 sysV executable +>12 belong >0 not stripped +0 beshort 057401 370 XA sysV executable +>12 belong >0 not stripped 0 beshort 0531 SVR2 executable (Amdahl-UTS) >12 belong >0 not stripped >24 belong >0 - version %ld @@ -17,5 +45,3 @@ 0 beshort 0535 SVR2 executable (USS/370) >12 belong >0 not stripped >24 belong >0 - version %ld - - diff --git a/usr.bin/file/magdir/ibm6000 b/usr.bin/file/magdir/ibm6000 index b1a6d41cee6..8e1077b9b8c 100644 --- a/usr.bin/file/magdir/ibm6000 +++ b/usr.bin/file/magdir/ibm6000 @@ -4,13 +4,14 @@ # 0 beshort 0x01df executable (RISC System/6000 V3.1) or obj module >12 belong >0 not stripped -# Breaks sun4 statically linked execs. Really? -0 beshort 0x0103 executable (RT Version 2) or obj module ->2 byte 0x50 pure ->28 belong >0 not stripped ->6 beshort >0 - version %ld +# Breaks sun4 statically linked execs. +#0 beshort 0x0103 executable (RT Version 2) or obj module +#>2 byte 0x50 pure +#>28 belong >0 not stripped +#>6 beshort >0 - version %ld 0 beshort 0x0104 shared library 0 beshort 0x0105 ctab data 0 beshort 0xfe04 structured file -0 string 0xabcdef message catalog -#0 string <aiaff> archive +0 string 0xabcdef AIX message catalog +0 belong 0x000001f9 AIX compiled message catalog +0 string \<aiaff> archive diff --git a/usr.bin/file/magdir/images b/usr.bin/file/magdir/images index 4ff082489b3..271b169ca5a 100644 --- a/usr.bin/file/magdir/images +++ b/usr.bin/file/magdir/images @@ -53,14 +53,14 @@ >6 leshort >0 %hd x >8 leshort >0 %hd, #>10 byte &0x80 color mapped, ->10 byte&0x07 =0x00 2 colors ->10 byte&0x07 =0x01 4 colors ->10 byte&0x07 =0x02 8 colors ->10 byte&0x07 =0x03 16 colors ->10 byte&0x07 =0x04 32 colors ->10 byte&0x07 =0x05 64 colors ->10 byte&0x07 =0x06 128 colors ->10 byte&0x07 =0x07 256 colors +#>10 byte&0x07 =0x00 2 colors +#>10 byte&0x07 =0x01 4 colors +#>10 byte&0x07 =0x02 8 colors +#>10 byte&0x07 =0x03 16 colors +#>10 byte&0x07 =0x04 32 colors +#>10 byte&0x07 =0x05 64 colors +#>10 byte&0x07 =0x06 128 colors +#>10 byte&0x07 =0x07 256 colors # ITC (CMU WM) raster files. It is essentially a byte-reversed Sun raster, # 1 plane, no encoding. @@ -116,6 +116,13 @@ >29 byte 1 \b, fine resolution (204x196 DPI) # JPEG images +# SunOS 5.5.1 had +# +# 0 string \377\330\377\340 JPEG file +# 0 string \377\330\377\356 JPG file +# +# both of which turn into "JPEG image data" here. +# 0 beshort 0xffd8 JPEG image data >6 string JFIF \b, JFIF standard # HSI is Handmade Software's proprietary JPEG encoding scheme @@ -222,3 +229,8 @@ # other images 0 string This\ is\ a\ BitMap\ file Lisp Machine bit-array-file 0 string !! Bennet Yee's "face" format + +# From SunOS 5.5.1 "/etc/magic" - appeared right before Sun raster image +# stuff. +# +0 beshort 0x1010 PEX Binary Archive diff --git a/usr.bin/file/magdir/java b/usr.bin/file/magdir/java new file mode 100644 index 00000000000..51bbccccade --- /dev/null +++ b/usr.bin/file/magdir/java @@ -0,0 +1,5 @@ +#------------------------------------------------------------ +# Java ByteCode +# From Larry Schwimmer (schwim@cs.stanford.edu) +0 belong 0xcafebabe +>4 belong 0x0003002d Java bytecode diff --git a/usr.bin/file/magdir/karma b/usr.bin/file/magdir/karma index 29d19dbdf84..e256abfd05a 100644 --- a/usr.bin/file/magdir/karma +++ b/usr.bin/file/magdir/karma @@ -6,5 +6,3 @@ 0 string KarmaRHD Version Karma Data Structure Version >16 long x %lu - - diff --git a/usr.bin/file/magdir/linux b/usr.bin/file/magdir/linux index a6e7520140d..75a2a2b98b6 100644 --- a/usr.bin/file/magdir/linux +++ b/usr.bin/file/magdir/linux @@ -24,7 +24,7 @@ 0 string \007\001\000 Linux/i386 object file >20 lelong >0x1020 \b, DLL library # message catalogs, from Mitchum DSouza <m.dsouza@mrc-apu.cam.ac.uk> -0 string *nazgul* compiled message catalog +0 string *nazgul* Linux compiled message catalog >8 lelong >0 \b, version %ld # core dump file, from Bill Reynolds <bill@goshawk.lanl.gov> 216 lelong 0421 Linux/i386 core file @@ -49,7 +49,25 @@ >3 byte >0 8x%d # Linux swap file, from Daniel Quinlan <quinlan@yggdrasil.com> 4086 string SWAP-SPACE Linux/i386 swap file -# From: Erik Troan <ewt@redhat.com> -0 leshort 0x00070183 ECOFF (Linux/OSF) Alpha binary ->10 leshort 0x0001 not stripped ->10 leshort 0x0000 stripped +# ECOFF magic for OSF/1 and Linux (only tested under Linux though) +# +# from Erik Troan (ewt@redhat.com) examining od dumps, so this +# could be wrong +# updated by David Mosberger (davidm@azstarnet.com) based on +# GNU BFD and MIPS info found below. +# +0 leshort 0x0183 ECOFF alpha +>24 leshort 0407 executable +>24 leshort 0410 pure +>24 leshort 0413 demand paged +>8 long >0 not stripped +>8 long 0 stripped +>23 leshort >0 - version %ld. +# linux Kernel images version 1.3.80 - ? +# from Axel Kohlmeyer <akohlmey@rincewind.chemie.uni-ulm.de> +0 belong 0xb8c0078e Linux/x86 kernel image, +>0x048c byte 0x31 +>>0x048c string x version %s +>0x0493 byte 0x31 +>>0x0493 string x version %s +# diff --git a/usr.bin/file/magdir/mach b/usr.bin/file/magdir/mach new file mode 100644 index 00000000000..308325ee4e4 --- /dev/null +++ b/usr.bin/file/magdir/mach @@ -0,0 +1,38 @@ +#------------------------------------------------------------------------------ +# mach file description +# +0 belong 0xcafebabe mach-o fat file +>4 belong 1 with 1 architecture +>4 belong >1 +>>4 belong x with %ld architectures +# +0 belong 0xfeedface mach-o +>12 belong 1 object +>12 belong 2 executable +>12 belong 3 shared library +>12 belong 4 core +>12 belong 5 preload executable +>12 belong >5 +>>12 belong x filetype=%ld +>4 belong <0 +>>4 belong x architecture=%ld +>4 belong 1 vax +>4 belong 2 romp +>4 belong 3 architecture=3 +>4 belong 4 ns32032 +>4 belong 5 ns32332 +>4 belong 6 for m68k architecture +>4 belong 7 i386 +>4 belong 8 mips +>4 belong 9 ns32532 +>4 belong 10 architecture=10 +>4 belong 11 hp pa-risc +>4 belong 12 acorn +>4 belong 13 m88k +>4 belong 14 sparc +>4 belong 15 i860-big +>4 belong 16 i860 +>4 belong 17 rs6000 +>4 belong 18 powerPC +>4 belong >18 +>>4 belong x architecture=%ld diff --git a/usr.bin/file/magdir/mail.news b/usr.bin/file/magdir/mail.news index 64c4e1c328c..bd3fd2de43a 100644 --- a/usr.bin/file/magdir/mail.news +++ b/usr.bin/file/magdir/mail.news @@ -16,3 +16,6 @@ 0 string From: news or mail text 0 string Article saved news text 0 string BABYL Emacs RMAIL text +0 string Received: RFC 822 mail text +0 string MIME-Version: MIME entity text +0 string Content- MIME entity text diff --git a/usr.bin/file/magdir/motorola b/usr.bin/file/magdir/motorola index d9fa2261ce6..efed159746e 100644 --- a/usr.bin/file/magdir/motorola +++ b/usr.bin/file/magdir/motorola @@ -27,3 +27,6 @@ # Motorola/88Open BCS # 0 beshort 0555 88K BCS executable +# +# Motorola S-Records, from Gerd Truschinski <gt@freebsd.first.gmd.de> +0 string S0 Motorola S-Record; binary data in text format diff --git a/usr.bin/file/magdir/osf1 b/usr.bin/file/magdir/osf1 new file mode 100644 index 00000000000..31166c1f34b --- /dev/null +++ b/usr.bin/file/magdir/osf1 @@ -0,0 +1,7 @@ +# +# Mach magic number info +# +0 long 0xefbe OSF/Rose object +# I386 magic number info +# +0 short 0565 i386 COFF object diff --git a/usr.bin/file/magdir/pdf b/usr.bin/file/magdir/pdf index 3cea0de3457..a1aef133937 100644 --- a/usr.bin/file/magdir/pdf +++ b/usr.bin/file/magdir/pdf @@ -1,7 +1,7 @@ - #------------------------------------------------------------------------------ # pdf: file(1) magic for Portable Document Format # 0 string %PDF- PDF document ->5 string x \b, version %.3s +>5 byte x \b, version %c +>7 byte x \b.%c diff --git a/usr.bin/file/magdir/pgp b/usr.bin/file/magdir/pgp index aaff0e9b4bb..038d098ee4a 100644 --- a/usr.bin/file/magdir/pgp +++ b/usr.bin/file/magdir/pgp @@ -5,6 +5,7 @@ 0 beshort 0x9900 PGP key public ring 0 beshort 0x9501 PGP key security ring 0 beshort 0x9500 PGP key security ring +0 beshort 0xa600 PGP encrypted data 0 string -----BEGIN\040PGP PGP armored data >15 string PUBLIC\040KEY\040BLOCK- public key block >15 string MESSAGE- message diff --git a/usr.bin/file/magdir/printer b/usr.bin/file/magdir/printer index 2d12bc5e454..d20330f4291 100644 --- a/usr.bin/file/magdir/printer +++ b/usr.bin/file/magdir/printer @@ -21,7 +21,7 @@ # HP Printer Job Language 0 string \033%-12345X@PJL HP Printer Job Language data >15 string \ ENTER\ LANGUAGE\ = ->31 string PostScript Postscript +>31 string PostScript PostScript # HP Printer Control Language, Daniel Quinlan (quinlan@yggdrasil.com) 0 string \033E\033 HP PCL printer data diff --git a/usr.bin/file/magdir/rpm b/usr.bin/file/magdir/rpm index d11ca717e2f..14ad6db9364 100644 --- a/usr.bin/file/magdir/rpm +++ b/usr.bin/file/magdir/rpm @@ -1,5 +1,3 @@ -# $OpenBSD: rpm,v 1.2 1996/06/26 05:33:04 deraadt Exp $ - #------------------------------------------------------------------------------ # # RPM: file(1) magic for Red Hat Packages Erik Troan (ewt@redhat.com) @@ -11,6 +9,9 @@ >>6 beshort 1 src >>8 beshort 1 i386 >>8 beshort 2 Alpha ->>8 beshort 3 PowerPC ->>8 beshort 4 Sparc +>>8 beshort 3 Sparc +>>8 beshort 4 MIPS +>>8 beshort 5 PowerPC +>>8 beshort 6 68000 +>>8 beshort 7 SGI >>10 string x %s diff --git a/usr.bin/file/magdir/sgi b/usr.bin/file/magdir/sgi index a73cfcf0b3c..ce9dbc8b274 100644 --- a/usr.bin/file/magdir/sgi +++ b/usr.bin/file/magdir/sgi @@ -1,12 +1,16 @@ #------------------------------------------------------------------------------ # sgi: file(1) magic for Silicon Graphics (MIPS, IRIS, IRIX, etc.) -# +# Dec Ultrix (MIPS) # all of SGI's *current* machines and OSes run in big-endian mode on the # MIPS machines, as far as I know. # # XXX - what is the blank "-" line? # +# kbd file definitions +0 string kbd!map kbd map file +>8 byte >0 Ver %d: +>10 short >0 with %d table(s) 0 belong 0407 old SGI 68020 executable 0 belong 0410 old SGI 68020 pure executable 0 beshort 0x8765 disk quotas file @@ -47,8 +51,8 @@ >20 beshort 05401 (paged) >8 belong >0 not stripped >8 belong 0 stripped ->22 byte x - version %d ->23 byte x .%ld +>23 byte x - version %d +>22 byte x .%ld # 0 beshort 0x6201 MIPSEL-LE COFF executable >20 beshort 03401 (impure) @@ -56,8 +60,8 @@ >20 beshort 05401 (paged) >8 belong >0 not stripped >8 belong 0 stripped ->22 byte x - version %ld ->23 byte x .%ld +>23 byte x - version %ld +>22 byte x .%ld # # MIPS 2 additions # @@ -86,7 +90,7 @@ >8 belong >0 not stripped >8 belong 0 stripped >23 byte x - version %ld ->23 byte x .%ld +>22 byte x .%ld # 0 beshort 0x6601 MIPSEL-LE MIPS-II COFF executable >20 beshort 03401 (impure) @@ -95,7 +99,7 @@ >8 belong >0 not stripped >8 belong 0 stripped >23 byte x - version %ld ->23 byte x .%ld +>22 byte x .%ld # # MIPS 3 additions # @@ -124,7 +128,7 @@ >8 belong >0 not stripped >8 belong 0 stripped >23 byte x - version %ld ->23 byte x .%ld +>22 byte x .%ld # 0 beshort 0x4201 MIPSEL-LE MIPS-III COFF executable >20 beshort 03401 (impure) @@ -133,7 +137,7 @@ >8 belong >0 not stripped >8 belong 0 stripped >23 byte x - version %ld ->23 byte x .%ld +>22 byte x .%ld # 0 beshort 0x180 MIPSEB Ucode 0 beshort 0x182 MIPSEL Ucode @@ -157,7 +161,8 @@ 0 string WNGZWZSS Wingz spreadsheet 0 string WNGZWZHP Wingz help file # -0 string \#Inventor V IRIS Inventor file +0 string \#Inventor V IRIS Inventor 1.0 file +0 string \#Inventor V2 Open Inventor 2.0 file # XXX - I don't know what next thing is! It is likely to be an image # (or movie) format 0 string glfHeadMagic(); GLF_TEXT diff --git a/usr.bin/file/magdir/sniffer b/usr.bin/file/magdir/sniffer new file mode 100644 index 00000000000..bcc3bb43aa9 --- /dev/null +++ b/usr.bin/file/magdir/sniffer @@ -0,0 +1,63 @@ + +#------------------------------------------------------------------------------ +# sniffer: file(1) magic for packet captured files +# +# From: guy@netapp.com (Guy Harris) +# +# Microsoft NetMon (packet capture/display program) capture files. +# +0 string RTSS NetMon capture file +>4 byte x - version %d +>5 byte x \b.%d +# +# Network General Sniffer capture files. +# +0 string TRSNIFF\ data\ \ \ \ \032 Sniffer capture file +>23 leshort x - version %d +>25 leshort x \b.%d +>33 byte x (Format %d, +>32 byte 0 Token ring) +>32 byte 1 Ethernet) +>32 byte 2 ARCnet) +>32 byte 3 StarLAN) +>32 byte 4 PC Network broadband) +>32 byte 5 LocalTalk) +>32 byte 6 Znet) +# +# "libpcap" capture files. +# (We call them "tcpdump capture file(s)" for now, as "tcpdump" is +# the main program that uses that format, but there's also "tcpview", +# and there may be others in the future.) +# +0 ubelong 0xa1b2c3d4 tcpdump capture file (big-endian) +>4 beshort x - version %d +>6 beshort x \b.%d +>20 belong 0 (No link-layer encapsulation +>20 belong 1 (Ethernet +>20 belong 2 (3Mb Ethernet +>20 belong 3 (AX.25 +>20 belong 4 (ProNet +>20 belong 5 (Chaos +>20 belong 6 (IEEE 802.x network +>20 belong 7 (ARCnet +>20 belong 8 (SLIP +>20 belong 9 (PPP +>20 belong 10 (FDDI +>20 belong 11 (RFC 1483 ATM +>16 belong x \b, capture length %d) +0 ulelong 0xa1b2c3d4 tcpdump capture file (little-endian) +>4 leshort x - version %d +>6 leshort x \b.%d +>20 lelong 0 (No link-layer encapsulation +>20 lelong 1 (Ethernet +>20 lelong 2 (3Mb Ethernet +>20 lelong 3 (AX.25 +>20 lelong 4 (ProNet +>20 lelong 5 (Chaos +>20 lelong 6 (IEEE 802.x network +>20 lelong 7 (ARCnet +>20 lelong 8 (SLIP +>20 lelong 9 (PPP +>20 lelong 10 (FDDI +>20 lelong 11 (RFC 1483 ATM +>16 lelong x \b, capture length %d) diff --git a/usr.bin/file/magdir/sun b/usr.bin/file/magdir/sun index f6695f1faa2..2f0336a91b8 100644 --- a/usr.bin/file/magdir/sun +++ b/usr.bin/file/magdir/sun @@ -84,3 +84,27 @@ >>128 string >\0 from '%s' >4 belong 456 (SPARC 4.x BCP) >>152 string >\0 from '%s' +# Sun SunPC +0 long 0xfa33c08e SunPC 4.0 Hard Disk +0 string #SUNPC_CONFIG SunPC 4.0 Properties Values +# Sun snoop +# +# XXX - are numbers stored in big-endian format, or in host byte order? +# They're the same on SPARC, but not the same on x86. +# +0 string snoop Snoop capture file +>8 long >0 - version %ld +>12 long 0 (IEEE 802.3) +>12 long 1 (IEEE 802.4) +>12 long 2 (IEEE 802.5) +>12 long 3 (IEEE 802.6) +>12 long 4 (Ethernet) +>12 long 5 (HDLC) +>12 long 6 (Character synchronous) +>12 long 7 (IBM channel-to-channel adapter) +>12 long 8 (FDDI) +>12 long 9 (Unknown) +# Sun KCMS +36 string acsp Kodak Color Management System, ICC Profile + + diff --git a/usr.bin/file/magdir/varied.out b/usr.bin/file/magdir/varied.out index a5ca783b898..9245cfcbcc3 100644 --- a/usr.bin/file/magdir/varied.out +++ b/usr.bin/file/magdir/varied.out @@ -13,5 +13,6 @@ 0 beshort 0160007 amd 29k coff archive # Cray 6 beshort 0407 unicos (cray) executable - - +# Ultrix 4.3 +596 string \130\337\377\377 Ultrix core file +>600 string >\0 '%s' diff --git a/usr.bin/file/magdir/microsoft b/usr.bin/file/magdir/xenix index 74d1daf9de1..1acadec62a0 100644 --- a/usr.bin/file/magdir/microsoft +++ b/usr.bin/file/magdir/xenix @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# microsoft: file(1) magic for Microsoft Xenix +# xenix: file(1) magic for Microsoft Xenix # # "Middle model" stuff, and "Xenix 8086 relocatable or 80286 small # model" lifted from "magic.xenix", with comment "derived empirically; diff --git a/usr.bin/file/magdir/zilog b/usr.bin/file/magdir/zilog index d48e38d14e7..b746e204f5b 100644 --- a/usr.bin/file/magdir/zilog +++ b/usr.bin/file/magdir/zilog @@ -9,5 +9,3 @@ 0 long 0xe808 pure object file (z8000 a.out) 0 long 0xe809 separate object file (z8000 a.out) 0 long 0xe805 overlay object file (z8000 a.out) - - |