Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

bring in changes from file-3.22

This commit is contained in:
christos 1997-01-27 17:58:11 +00:00
parent ded84699df
commit 96aa33d4de
25 changed files with 392 additions and 153 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
usr.bin/file/magdir/386bsd Normal file
View File

@ -0,0 +1,6 @@
#------------------------------------------------------------------------------
# 386bsd: file(1) magic for 386BSD objects
#
0 lelong 000000413 386BSD demand paged executable
>16 lelong >0 not stripped

5
usr.bin/file/magdir/alpha
View File

@ -14,3 +14,8 @@
>27 byte x - version %d
>26 byte x .%d
>28 byte x -%d
# Basic recognition of Digital UNIX core dumps - Mike Bremford <mike@opac.bl.uk>
#
0 string Core\001 Alpha COFF format core dump (Digital UNIX)
>24 string >\0 \b, from '%s'

7
usr.bin/file/magdir/amanda Normal file
View File

@ -0,0 +1,7 @@
#------------------------------------------------------------------------------
# amanda: file(1) magic for amanda file format
#
0 string AMANDA:\ TAPESTART\ DATE AMANDA dump header file,
>23 string X
>>25 string >\ Unused %s
>23 string >\ DATE %s

1
usr.bin/file/magdir/amigaos
View File

@ -1,4 +1,3 @@
#------------------------------------------------------------------------------
# amigaos: file(1) magic for AmigaOS binary formats:

9
usr.bin/file/magdir/archive
View File

@ -54,11 +54,10 @@
# 0 string !<arch> current ar archive
# 0 long 0x213c6172 archive file
#
# and for SVR3.1 archives, we have:
# and for SVR1 archives, we have:
#
# 0 string \<ar> System V Release 1 ar archive
# 0 string =<ar> archive
# 0 string =<ar> archive
#
# XXX - did Aegis really store shared libraries, breakpointed modules,
# and absolute code program modules in the same format as new-style
@ -96,14 +95,10 @@
0 leshort 0177545 old PDP-11 archive
>8 string __.SYMDEF random library
#
0 string =<ar> archive
#
# From "pdp":
# From "pdp" (but why a 4-byte quantity?)
#
0 lelong 0x39bed PDP-11 old archive
0 lelong 0x39bee PDP-11 4.0 archive
#
0 string -h- Software Tools format archive text
# ARC archiver, from Daniel Quinlan (quinlan@yggdrasil.com)
#

17
usr.bin/file/magdir/asterix Normal file
View File

@ -0,0 +1,17 @@
#------------------------------------------------------------------------------
# asterix: file(1) magic for Aster*x; SunOS 5.5.1 gave the 4-character
# strings as "long" - we assume they're just strings:
# From: guy@netapp.com (Guy Harris)
#
0 string *STA Aster*x
>7 string WORD Words Document
>7 string GRAP Graphic
>7 string SPRE Spreadsheet
>7 string MACR Macro
0 string 2278 Aster*x Version 2
>29 byte 0x36 Words Document
>29 byte 0x35 Graphic
>29 byte 0x32 Spreadsheet
>29 byte 0x38 Macro

18
usr.bin/file/magdir/audio
View File

@ -16,6 +16,10 @@
>12 belong 6 32-bit IEEE floating point,
>12 belong 7 64-bit IEEE floating point,
>12 belong 23 8-bit ISDN u-law compressed (CCITT G.721 ADPCM voice data encoding),
>12 belong 24 compressed (8-bit G.722 ADPCM)
>12 belong 25 compressed (3-bit G.723 ADPCM),
>12 belong 26 compressed (5-bit G.723 ADPCM),
>12 belong 27 8-bit A-law,
>20 belong 1 mono,
>20 belong 2 stereo,
>20 belong 4 quad,
@ -54,14 +58,13 @@
>4 belong x - version %ld
# Microsoft WAVE format (*.wav)
# [GRR 950115: probably all of the shorts and longs should be leshort/lelong]
0 string RIFF Microsoft RIFF
>8 string WAVE \b, WAVE audio data
>>34 short >0 \b, %d bit
>>22 short =1 \b, mono
>>22 short =2 \b, stereo
>>22 short >2 \b, %d channels
>>24 long >0 %d Hz
>>34 leshort >0 \b, %d bit
>>22 leshort =1 \b, mono
>>22 leshort =2 \b, stereo
>>22 leshort >2 \b, %d channels
>>24 lelong >0 %d Hz
# AVI == Audio Video Interleave
>8 string AVI\ \b, AVI data
@ -77,9 +80,6 @@
# Real Audio (Magic .ra\0375)
0 belong 0x2e7261fd realaudio sound file
# Real Audio (Magic .ra\0375)
0 belong 0x2e7261fd realaudio sound file
# MTM/669/FAR/S3M/ULT/XM format checking [Aaron Eppert, aeppert@dialin.ind.net]
# Oct 31, 1995
0 string MTM MultiTracker Module sound file

7
usr.bin/file/magdir/bsdi Normal file
View File

@ -0,0 +1,7 @@
#------------------------------------------------------------------------------
# bsdi: file(1) magic for BSD/OS (from BSDI) objects
#
0 lelong 000000314 BSD/OS i386 compact demand paged executable
>16 lelong >0 not stripped
>32 byte 0x6a (uses shared libs)

12
usr.bin/file/magdir/digital
View File

@ -1,7 +1,7 @@
# Digital UNIX - Info
#
0 string ^!<arch>\n________64E Alpha archive
>22 string ^X -- out of date
0 string !<arch>\n________64E Alpha archive
>22 string X -- out of date
#
# Alpha COFF Based Executables
# The stripped stuff really needs to be an 8 byte (64 bit) compare,
@ -26,10 +26,10 @@
#
#
# Some other interesting Digital formats,
0 string ^\0377\0377\0177 ddis/ddif
0 string ^\0377\0377\0174 ddis/dots archive
0 string ^\0377\0377\0176 ddis/dtif table data
0 string ^\033c\033 LN03 output
0 string \377\377\177 ddis/ddif
0 string \377\377\174 ddis/dots archive
0 string \377\377\176 ddis/dtif table data
0 string \033c\033 LN03 output
0 long 04553207 X image
#
0 string !<PDF>!\n profiling data file

4
usr.bin/file/magdir/dump
View File

@ -43,8 +43,8 @@
>888 belong >0 Flags %x
24 lelong 60012 new-fs dump file (little endian),
>4 ledate x Previous dump %s,
>8 ledate x This dump %s,
>4 ledate x This dump %s,
>8 ledate x Previous dump %s,
>12 lelong >0 Volume %ld,
>692 lelong 0 Level zero, type:
>692 lelong >0 Level %d, type:

24
usr.bin/file/magdir/elf
View File

@ -5,8 +5,8 @@
# We have to check the byte order flag to see what byte order all the
# other stuff in the header is in.
#
# Byte order is probably big-endian for MIPS RS3000 and Amdahl.
# MIPS RS3000 may also be for MIPS RS2000.
# What're the correct byte orders for the nCUBE and the Fujitsu VPP500?
#
# updated by Daniel Quinlan (quinlan@yggdrasil.com)
0 string \177ELF ELF
@ -21,7 +21,6 @@
>>16 leshort 3 shared object,
# Core handling from Peter Tobias <tobias@server.et-inf.fho-emden.de>
>>16 leshort 4 core file
>>>576 string >\0 of '%s'
>>>400 lelong >0 (signal %d),
>>16 leshort &0xff00 processor-specific,
>>18 leshort 0 no machine,
@ -32,8 +31,15 @@
>>18 leshort 5 Motorola 88000 - invalid byte order,
>>18 leshort 6 Intel 80486,
>>18 leshort 7 Intel 80860,
>>18 leshort 8 MIPS RS3000,
>>18 leshort 9 Amdahl,
>>18 leshort 8 MIPS RS3000_BE - invalid byte order,
>>18 leshort 9 Amdahl - invalid byte order,
>>18 leshort 10 MIPS RS3000_LE,
>>18 leshort 11 RS6000 - invalid byte order,
>>18 leshort 15 PA-RISC - invalid byte order,
>>18 leshort 16 nCUBE,
>>18 leshort 17 VPP500,
>>18 leshort 18 SPARC32PLUS,
>>18 leshort 20 PowerPC,
>>18 leshort 0x9026 Alpha,
>>20 lelong 0 invalid version
>>20 lelong 1 version 1
@ -44,7 +50,6 @@
>>16 beshort 2 executable,
>>16 beshort 3 shared object,
>>16 beshort 4 core file,
>>>576 string >\0 of '%s'
>>>400 lelong >0 (signal %d),
>>16 beshort &0xff00 processor-specific,
>>18 beshort 0 no machine,
@ -55,8 +60,15 @@
>>18 beshort 5 Motorola 88000,
>>18 beshort 6 Intel 80486 - invalid byte order,
>>18 beshort 7 Intel 80860,
>>18 beshort 8 MIPS RS3000,
>>18 beshort 8 MIPS RS3000_BE,
>>18 beshort 9 Amdahl,
>>18 beshort 10 MIPS RS3000_LE - invalid byte order,
>>18 beshort 11 RS6000,
>>18 beshort 15 PA-RISC,
>>18 beshort 16 nCUBE,
>>18 beshort 17 VPP500,
>>18 beshort 18 SPARC32PLUS,
>>18 beshort 20 PowerPC,
>>18 beshort 0x9026 Alpha,
>>20 belong 0 invalid version
>>20 belong 1 version 1

130
usr.bin/file/magdir/freebsd Normal file
View File

@ -0,0 +1,130 @@
#------------------------------------------------------------------------------
# freebsd: file(1) magic for FreeBSD objects
#
# All new-style FreeBSD magic numbers are in host byte order (i.e.,
# little-endian on x86).
#
# XXX - this comes from the file "freebsd" in a recent FreeBSD version of
# "file"; it, and the NetBSD stuff in "netbsd", appear to use different
# schemes for distinguishing between executable images, shared libraries,
# and object files.
#
# FreeBSD says:
#
# Regardless of whether it's pure, demand-paged, or none of the
# above:
#
# if the entry point is < 4096, then it's a shared library if
# the "has run-time loader information" bit is set, and is
# position-independent if the "is position-independent" bit
# is set;
#
# if the entry point is >= 4096 (or >4095, same thing), then it's
# an executable, and is dynamically-linked if the "has run-time
# loader information" bit is set.
#
# On x86, NetBSD says:
#
# If it's neither pure nor demand-paged:
#
# if it has the "has run-time loader information" bit set, it's
# a dynamically-linked executable;
#
# if it doesn't have that bit set, then:
#
# if it has the "is position-independent" bit set, it's
# position-independent;
#
# if the entry point is non-zero, it's an executable, otherwise
# it's an object file.
#
# If it's pure:
#
# if it has the "has run-time loader information" bit set, it's
# a dynamically-linked executable, otherwise it's just an
# executable.
#
# If it's demand-paged:
#
# if it has the "has run-time loader information" bit set,
# then:
#
# if the entry point is < 4096, it's a shared library;
#
# if the entry point is = 4096 or > 4096 (i.e., >= 4096),
# it's a dynamically-linked executable);
#
# if it doesn't have the "has run-time loader information" bit
# set, then it's just an executable.
#
# (On non-x86, NetBSD does much the same thing, except that it uses
# 8192 on 68K - except for "68k4k", which is presumably "68K with 4K
# pages - SPARC, and MIPS, presumably because Sun-3's and Sun-4's
# had 8K pages; dunno about MIPS.)
#
# I suspect the two will differ only in perverse and uninteresting cases
# ("shared" libraries that aren't demand-paged and whose pages probably
# won't actually be shared, executables with entry points <4096).
#
# I leave it to those more familiar with FreeBSD and NetBSD to figure out
# what the right answer is (although using ">4095", FreeBSD-style, is
# probably better than separately checking for "=4096" and ">4096",
# NetBSD-style). (The old "netbsd" file analyzed FreeBSD demand paged
# executables using the NetBSD technique.)
#
0 lelong&0377777777 041400407 FreeBSD/i386
>20 lelong <4096
>>3 byte&0xC0 &0x80 shared library
>>3 byte&0xC0 0x40 PIC object
>>3 byte&0xC0 0x00 object
>20 lelong >4095
>>3 byte&0x80 0x80 dynamically linked executable
>>3 byte&0x80 0x00 executable
>16 lelong >0 not stripped
0 lelong&0377777777 041400410 FreeBSD/i386 pure
>20 lelong <4096
>>3 byte&0xC0 &0x80 shared library
>>3 byte&0xC0 0x40 PIC object
>>3 byte&0xC0 0x00 object
>20 lelong >4095
>>3 byte&0x80 0x80 dynamically linked executable
>>3 byte&0x80 0x00 executable
>16 lelong >0 not stripped
0 lelong&0377777777 041400413 FreeBSD/i386 demand paged
>20 lelong <4096
>>3 byte&0xC0 &0x80 shared library
>>3 byte&0xC0 0x40 PIC object
>>3 byte&0xC0 0x00 object
>20 lelong >4095
>>3 byte&0x80 0x80 dynamically linked executable
>>3 byte&0x80 0x00 executable
>16 lelong >0 not stripped
0 lelong&0377777777 041400314 FreeBSD/i386 compact demand paged
>20 lelong <4096
>>3 byte&0xC0 &0x80 shared library
>>3 byte&0xC0 0x40 PIC object
>>3 byte&0xC0 0x00 object
>20 lelong >4095
>>3 byte&0x80 0x80 dynamically linked executable
>>3 byte&0x80 0x00 executable
>16 lelong >0 not stripped
# XXX gross hack to identify core files
# cores start with a struct tss; we take advantage of the following:
# byte 7: highest byte of the kernel stack pointer, always 0xfe
# 8/9: kernel (ring 0) ss value, always 0x0010
# 10 - 27: ring 1 and 2 ss/esp, unused, thus always 0
# 28: low order byte of the current PTD entry, always 0 since the
# PTD is page-aligned
#
7 string \357\020\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0 FreeBSD/i386 a.out core file
>1039 string >\0 from '%s'
# /var/run/ld.so.hints
# What are you laughing about?
0 lelong 011421044151 ld.so hints file
>4 lelong >0 (version %d)

60
usr.bin/file/magdir/hp
View File

@ -6,12 +6,6 @@
# applied to the "TML" stuff; I'm assuming the Apollo stuff is
# big-endian as it was mostly 68K-based.
#
# HP-PA is big-endian, so it (and "800", which is *also* HP-PA-based; I
# assume "HPPA-RISC1.1" really means "HP-PA Version 1.1", which first
# showed up in the 700 series, although later 800 series machines are,
# I think, based on the PA7100 which implements HP-PA 1.1) are flagged
# as big-endian.
#
# I think the 500 series was the old stack-based machines, running a
# UNIX environment atop the "SUN kernel"; dunno whether it was
# big-endian or little-endian.
@ -21,10 +15,23 @@
# HP magic is useful for reference, but using "long" magic is a better
# practice in order to avoid collisions.
#
# Guy Harris (guy@netapp.com): some additions to this list came from
# HP-UX 10.0's "/usr/include/sys/unistd.h" (68030, 68040, PA-RISC 1.1,
# 1.2, and 2.0). The 1.2 and 2.0 stuff isn't in the HP-UX 10.0
# "/etc/magic", though, except for the "archive file relocatable library"
# stuff, and the 68030 and 68040 stuff isn't there at all - are they not
# used in executables, or have they just not yet updated "/etc/magic"
# completely?
#
# 0 beshort 200 hp200 (68010) BSD binary
# 0 beshort 300 hp300 (68020+68881) BSD binary
# 0 beshort 0x20c hp200/300 HP-UX binary
# 0 beshort 0x20b hp800 HP-UX binary
# 0 beshort 0x20d hp400 (68030) HP-UX binary
# 0 beshort 0x20e hp400 (68040?) HP-UX binary
# 0 beshort 0x20b PA-RISC1.0 HP-UX binary
# 0 beshort 0x210 PA-RISC1.1 HP-UX binary
# 0 beshort 0x211 PA-RISC1.2 HP-UX binary
# 0 beshort 0x214 PA-RISC2.0 HP-UX binary
#
# The "misc" stuff needs a byte order; the archives look suspiciously
@ -41,49 +48,58 @@
0 long 01702407010 TML 1032 byte-order format
0 long 01003405017 TML 2301 byte-order format
0 long 01602007412 TML 3210 byte-order format
#### HPPA
0 belong 0x02100106 HPPA-RISC1.1 relocatable object
0 belong 0x02100107 HPPA-RISC1.1 executable
#### PA-RISC
0 belong 0x02100106 PA-RISC1.1 relocatable object
0 belong 0x02100107 PA-RISC1.1 executable
>168 belong &=0x00000004 dynamically linked
>(144) belong 0x054ef630 dynamically linked
>96 belong >0 - not stripped
0 belong 0x02100108 HPPA-RISC1.1 shared executable
0 belong 0x02100108 PA-RISC1.1 shared executable
>168 belong&0x4 0x4 dynamically linked
>(144) belong 0x054ef630 dynamically linked
>96 belong >0 - not stripped
0 belong 0x0210010b HPPA-RISC1.1 demand-load executable
0 belong 0x0210010b PA-RISC1.1 demand-load executable
>168 belong&0x4 0x4 dynamically linked
>(144) belong 0x054ef630 dynamically linked
>96 belong >0 - not stripped
0 belong 0x0210010e HPPA-RISC1.1 shared library
0 belong 0x0210010e PA-RISC1.1 shared library
>96 belong >0 - not stripped
0 belong 0x0210010d HPPA-RISC1.1 dynamic load library
0 belong 0x0210010d PA-RISC1.1 dynamic load library
>96 belong >0 - not stripped
#### 800
0 belong 0x020b0106 HP s800 relocatable object
0 belong 0x020b0106 PA-RISC1.0 relocatable object
0 belong 0x020b0107 HP s800 executable
0 belong 0x020b0107 PA-RISC1.0 executable
>168 belong&0x4 0x4 dynamically linked
>(144) belong 0x054ef630 dynamically linked
>96 belong >0 - not stripped
0 belong 0x020b0108 HP s800 shared executable
0 belong 0x020b0108 PA-RISC1.0 shared executable
>168 belong&0x4 0x4 dynamically linked
>(144) belong 0x054ef630 dynamically linked
>96 belong >0 - not stripped
0 belong 0x020b010b HP s800 demand-load executable
0 belong 0x020b010b PA-RISC1.0 demand-load executable
>168 belong&0x4 0x4 dynamically linked
>(144) belong 0x054ef630 dynamically linked
>96 belong >0 - not stripped
0 belong 0x020b010e HP s800 shared library
0 belong 0x020b010e PA-RISC1.0 shared library
>96 belong >0 - not stripped
0 belong 0x020b010d HP s800 dynamic load library
0 belong 0x020b010d PA-RISC1.0 dynamic load library
>96 belong >0 - not stripped
0 belong 0x213c6172 archive file
>68 belong 0x020b0619 - HP s800 relocatable library
>68 belong 0x020b0619 - PA-RISC1.0 relocatable library
>68 belong 0x02100619 - PA-RISC1.1 relocatable library
>68 belong 0x02110619 - PA-RISC1.2 relocatable library
>68 belong 0x02140619 - PA-RISC2.0 relocatable library
#### 500
0 long 0x02080106 HP s500 relocatable executable
@ -156,7 +172,7 @@
0 string IMGfile CIS compimg HP Bitmapfile
# XXX - see "lif"
0 short 0x8000 lif file
#0 short 0x8000 lif file
0 long 0x020c010c compiled Lisp
0 string msgcat01 HP NLS message catalog,

28
usr.bin/file/magdir/ibm370
View File

@ -4,7 +4,35 @@
#
# "ibm370" said that 0x15d == 0535 was "ibm 370 pure executable".
# What the heck *is* "USS/370"?
# AIX 4.1's "/etc/magic" has
#
# 0 short 0535 370 sysV executable
# >12 long >0 not stripped
# >22 short >0 - version %d
# >30 long >0 - 5.2 format
# 0 short 0530 370 sysV pure executable
# >12 long >0 not stripped
# >22 short >0 - version %d
# >30 long >0 - 5.2 format
#
# instead of the "USS/370" versions of the same magic numbers.
#
0 beshort 0537 370 XA sysV executable
>12 belong >0 not stripped
>22 beshort >0 - version %d
>30 belong >0 - 5.2 format
0 beshort 0532 370 XA sysV pure executable
>12 belong >0 not stripped
>22 beshort >0 - version %d
>30 belong >0 - 5.2 format
0 beshort 054001 370 sysV pure executable
>12 belong >0 not stripped
0 beshort 055001 370 XA sysV pure executable
>12 belong >0 not stripped
0 beshort 056401 370 sysV executable
>12 belong >0 not stripped
0 beshort 057401 370 XA sysV executable
>12 belong >0 not stripped
0 beshort 0531 SVR2 executable (Amdahl-UTS)
>12 belong >0 not stripped
>24 belong >0 - version %ld

3
usr.bin/file/magdir/ibm6000
View File

@ -12,5 +12,6 @@
0 beshort 0x0104 shared library
0 beshort 0x0105 ctab data
0 beshort 0xfe04 structured file
0 string 0xabcdef message catalog
0 string 0xabcdef AIX message catalog
0 belong 0x000001f9 AIX compiled message catalog
0 string \<aiaff> archive

12
usr.bin/file/magdir/images
View File

@ -116,6 +116,13 @@
>29 byte 1 \b, fine resolution (204x196 DPI)
# JPEG images
# SunOS 5.5.1 had
#
# 0 string \377\330\377\340 JPEG file
# 0 string \377\330\377\356 JPG file
#
# both of which turn into "JPEG image data" here.
#
0 beshort 0xffd8 JPEG image data
>6 string JFIF \b, JFIF standard
# HSI is Handmade Software's proprietary JPEG encoding scheme
@ -222,3 +229,8 @@
# other images
0 string This\ is\ a\ BitMap\ file Lisp Machine bit-array-file
0 string !! Bennet Yee's "face" format
# From SunOS 5.5.1 "/etc/magic" - appeared right before Sun raster image
# stuff.
#
0 beshort 0x1010 PEX Binary Archive

9
usr.bin/file/magdir/island Normal file
View File

@ -0,0 +1,9 @@
#------------------------------------------------------------------------------
# island: file(1) magic for IslandWite/IslandDraw, from SunOS 5.5.1
# "/etc/magic":
# From: guy@netapp.com (Guy Harris)
#
4 string pgscriptver IslandWrite document
13 string DrawFile IslandDraw document

1
usr.bin/file/magdir/java
View File

@ -1,4 +1,5 @@
#------------------------------------------------------------
# Java ByteCode
# From Larry Schwimmer (schwim@cs.stanford.edu)
0 belong 0xcafebabe
>4 belong 0x0003002d Java bytecode

2
usr.bin/file/magdir/linux
View File

@ -24,7 +24,7 @@
0 string \007\001\000 Linux/i386 object file
>20 lelong >0x1020 \b, DLL library
# message catalogs, from Mitchum DSouza <m.dsouza@mrc-apu.cam.ac.uk>
0 string *nazgul* compiled message catalog
0 string *nazgul* Linux compiled message catalog
>8 lelong >0 \b, version %ld
# core dump file, from Bill Reynolds <bill@goshawk.lanl.gov>
216 lelong 0421 Linux/i386 core file

72
usr.bin/file/magdir/microsoft
View File

@ -1,72 +0,0 @@
#------------------------------------------------------------------------------
# microsoft: file(1) magic for Microsoft Xenix
#
# "Middle model" stuff, and "Xenix 8086 relocatable or 80286 small
# model" lifted from "magic.xenix", with comment "derived empirically;
# treat as folklore until proven"
#
# "small model", "large model", "huge model" stuff lifted from XXX
#
# XXX - "x.out" collides with PDP-11 archives
#
0 string core core file (Xenix)
0 byte 0x80 8086 relocatable (Microsoft)
0 leshort 0xff65 x.out
>2 string __.SYMDEF randomized
>0 byte x archive
0 leshort 0x206 Microsoft a.out
>8 leshort 1 Middle model
>0x1e leshort &0x10 overlay
>0x1e leshort &0x2 separate
>0x1e leshort &0x4 pure
>0x1e leshort &0x800 segmented
>0x1e leshort &0x400 standalone
>0x1e leshort &0x8 fixed-stack
>0x1c byte &0x80 byte-swapped
>0x1c byte &0x40 word-swapped
>0x10 lelong >0 not-stripped
>0x1e leshort ^0xc000 pre-SysV
>0x1e leshort &0x4000 V2.3
>0x1e leshort &0x8000 V3.0
>0x1c byte &0x4 86
>0x1c byte &0xb 186
>0x1c byte &0x9 286
>0x1c byte &0xa 386
>0x1f byte <0x040 small model
>0x1f byte =0x048 large model
>0x1f byte =0x049 huge model
>0x1e leshort &0x1 executable
>0x1e leshort ^0x1 object file
>0x1e leshort &0x40 Large Text
>0x1e leshort &0x20 Large Data
>0x1e leshort &0x120 Huge Objects Enabled
>0x10 lelong >0 not stripped
0 leshort 0x140 old Microsoft 8086 x.out
>0x3 byte &0x4 separate
>0x3 byte &0x2 pure
>0 byte &0x1 executable
>0 byte ^0x1 relocatable
>0x14 lelong >0 not stripped
0 lelong 0x206 b.out
>0x1e leshort &0x10 overlay
>0x1e leshort &0x2 separate
>0x1e leshort &0x4 pure
>0x1e leshort &0x800 segmented
>0x1e leshort &0x400 standalone
>0x1e leshort &0x1 executable
>0x1e leshort ^0x1 object file
>0x1e leshort &0x4000 V2.3
>0x1e leshort &0x8000 V3.0
>0x1c byte &0x4 86
>0x1c byte &0xb 186
>0x1c byte &0x9 286
>0x1c byte &0x29 286
>0x1c byte &0xa 386
>0x1e leshort &0x4 Large Text
>0x1e leshort &0x2 Large Data
>0x1e leshort &0x102 Huge Objects Enabled
0 leshort 0x580 XENIX 8086 relocatable or 80286 small model

13
usr.bin/file/magdir/NetBSD → usr.bin/file/magdir/netbsd
View File

@ -4,19 +4,6 @@
#
# All new-style magic numbers are in network byte order.
#
0 lelong 000000413 386BSD demand paged executable
>16 lelong >0 not stripped
0 lelong 000000314 BSDI demand paged executable
>16 lelong >0 not stripped
>32 byte 0x6a (uses shared libs)
0 lelong&077777777 041400314 FreeBSD/i386 demand paged
>3 byte &0x80
>>20 lelong <4096 shared library
>>20 lelong =4096 dynamically linked executable
>>20 lelong >4096 dynamically linked executable
>3 byte ^0x80 executable
>16 lelong >0 not stripped
0 lelong 000000407 NetBSD little-endian object file
>16 lelong >0 not stripped

3
usr.bin/file/magdir/osf1
View File

@ -5,6 +5,3 @@
# I386 magic number info
#
0 short 0565 i386 COFF object
#
0 string Core alpha core file
>24 string >\0 '%s'

25
usr.bin/file/magdir/sgi
View File

@ -1,12 +1,16 @@
#------------------------------------------------------------------------------
# sgi: file(1) magic for Silicon Graphics (MIPS, IRIS, IRIX, etc.)
#
# Dec Ultrix (MIPS)
# all of SGI's *current* machines and OSes run in big-endian mode on the
# MIPS machines, as far as I know.
#
# XXX - what is the blank "-" line?
#
# kbd file definitions
0 string kbd!map kbd map file
>8 byte >0 Ver %d:
>10 short >0 with %d table(s)
0 belong 0407 old SGI 68020 executable
0 belong 0410 old SGI 68020 pure executable
0 beshort 0x8765 disk quotas file
@ -47,8 +51,8 @@
>20 beshort 05401 (paged)
>8 belong >0 not stripped
>8 belong 0 stripped
>22 byte x - version %d
>23 byte x .%ld
>23 byte x - version %d
>22 byte x .%ld
#
0 beshort 0x6201 MIPSEL-LE COFF executable
>20 beshort 03401 (impure)
@ -56,8 +60,8 @@
>20 beshort 05401 (paged)
>8 belong >0 not stripped
>8 belong 0 stripped
>22 byte x - version %ld
>23 byte x .%ld
>23 byte x - version %ld
>22 byte x .%ld
#
# MIPS 2 additions
#
@ -86,7 +90,7 @@
>8 belong >0 not stripped
>8 belong 0 stripped
>23 byte x - version %ld
>23 byte x .%ld
>22 byte x .%ld
#
0 beshort 0x6601 MIPSEL-LE MIPS-II COFF executable
>20 beshort 03401 (impure)
@ -95,7 +99,7 @@
>8 belong >0 not stripped
>8 belong 0 stripped
>23 byte x - version %ld
>23 byte x .%ld
>22 byte x .%ld
#
# MIPS 3 additions
#
@ -124,7 +128,7 @@
>8 belong >0 not stripped
>8 belong 0 stripped
>23 byte x - version %ld
>23 byte x .%ld
>22 byte x .%ld
#
0 beshort 0x4201 MIPSEL-LE MIPS-III COFF executable
>20 beshort 03401 (impure)
@ -133,7 +137,7 @@
>8 belong >0 not stripped
>8 belong 0 stripped
>23 byte x - version %ld
>23 byte x .%ld
>22 byte x .%ld
#
0 beshort 0x180 MIPSEB Ucode
0 beshort 0x182 MIPSEL Ucode
@ -157,7 +161,8 @@
0 string WNGZWZSS Wingz spreadsheet
0 string WNGZWZHP Wingz help file
#
0 string \#Inventor V IRIS Inventor file
0 string \#Inventor V IRIS Inventor 1.0 file
0 string \#Inventor V2 Open Inventor 2.0 file
# XXX - I don't know what next thing is! It is likely to be an image
# (or movie) format
0 string glfHeadMagic(); GLF_TEXT

63
usr.bin/file/magdir/sniffer Normal file
View File

@ -0,0 +1,63 @@
#------------------------------------------------------------------------------
# sniffer: file(1) magic for packet captured files
#
# From: guy@netapp.com (Guy Harris)
#
# Microsoft NetMon (packet capture/display program) capture files.
#
0 string RTSS NetMon capture file
>4 byte x - version %d
>5 byte x \b.%d
#
# Network General Sniffer capture files.
#
0 string TRSNIFF\ data\ \ \ \ \032 Sniffer capture file
>23 leshort x - version %d
>25 leshort x \b.%d
>33 byte x (Format %d,
>32 byte 0 Token ring)
>32 byte 1 Ethernet)
>32 byte 2 ARCnet)
>32 byte 3 StarLAN)
>32 byte 4 PC Network broadband)
>32 byte 5 LocalTalk)
>32 byte 6 Znet)
#
# "libpcap" capture files.
# (We call them "tcpdump capture file(s)" for now, as "tcpdump" is
# the main program that uses that format, but there's also "tcpview",
# and there may be others in the future.)
#
0 ubelong 0xa1b2c3d4 tcpdump capture file (big-endian)
>4 beshort x - version %d
>6 beshort x \b.%d
>20 belong 0 (No link-layer encapsulation
>20 belong 1 (Ethernet
>20 belong 2 (3Mb Ethernet
>20 belong 3 (AX.25
>20 belong 4 (ProNet
>20 belong 5 (Chaos
>20 belong 6 (IEEE 802.x network
>20 belong 7 (ARCnet
>20 belong 8 (SLIP
>20 belong 9 (PPP
>20 belong 10 (FDDI
>20 belong 11 (RFC 1483 ATM
>16 belong x \b, capture length %d)
0 ulelong 0xa1b2c3d4 tcpdump capture file (little-endian)
>4 leshort x - version %d
>6 leshort x \b.%d
>20 lelong 0 (No link-layer encapsulation
>20 lelong 1 (Ethernet
>20 lelong 2 (3Mb Ethernet
>20 lelong 3 (AX.25
>20 lelong 4 (ProNet
>20 lelong 5 (Chaos
>20 lelong 6 (IEEE 802.x network
>20 lelong 7 (ARCnet
>20 lelong 8 (SLIP
>20 lelong 9 (PPP
>20 lelong 10 (FDDI
>20 lelong 11 (RFC 1483 ATM
>16 lelong x \b, capture length %d)

14
usr.bin/file/magdir/sun
View File

@ -88,8 +88,22 @@
0 long 0xfa33c08e SunPC 4.0 Hard Disk
0 string #SUNPC_CONFIG SunPC 4.0 Properties Values
# Sun snoop
#
# XXX - are numbers stored in big-endian format, or in host byte order?
# They're the same on SPARC, but not the same on x86.
#
0 string snoop Snoop capture file
>8 long >0 - version %ld
>12 long 0 (IEEE 802.3)
>12 long 1 (IEEE 802.4)
>12 long 2 (IEEE 802.5)
>12 long 3 (IEEE 802.6)
>12 long 4 (Ethernet)
>12 long 5 (HDLC)
>12 long 6 (Character synchronous)
>12 long 7 (IBM channel-to-channel adapter)
>12 long 8 (FDDI)
>12 long 9 (Unknown)
# Sun KCMS
36 string acsp Kodak Color Management System, ICC Profile