Cross Reference: /freebsd-10.0-release/contrib/file/Magdir/msdos

Deleted Added

sdiff udiff text old ( 74784 ) new ( 80588 )

full compact

1
2#------------------------------------------------------------------------------
3# msdos: file(1) magic for MS-DOS files
4#
5
6# .BAT files (Daniel Quinlan, quinlan@yggdrasil.com)
70 string @echo\ off MS-DOS batch file text
8
9# XXX - according to Microsoft's spec, at an offset of 0x3c in a
10# PE-format executable is the offset in the file of the PE header;
11# unfortunately, that's a little-endian offset, and there's no way
12# to specify an indirect offset with a specified byte order.
13# So, for now, we assume the standard MS-DOS stub, which puts the
14# PE header at 0x80 = 128.
15#
16# Required OS version and subsystem version were 4.0 on some NT 3.51
17# executables built with Visual C++ 4.0, so it's not clear that
18# they're interesting. The user version was 0.0, but there's
19# probably some linker directive to set it. The linker version was
20# 3.0, except for one ".exe" which had it as 4.20 (same damn linker!).
21#
22128 string PE\0\0 MS Windows PE
23>150 leshort&0x0100 >0 32-bit
24>132 leshort 0x0 unknown processor
25>132 leshort 0x14c Intel 80386
26>132 leshort 0x166 MIPS R4000
27>132 leshort 0x184 Alpha
28>132 leshort 0x268 Motorola 68000
29>132 leshort 0x1f0 PowerPC
30>132 leshort 0x290 PA-RISC
31>148 leshort >27
32>>220 leshort 0 unknown subsystem
33>>220 leshort 1 native
34>>220 leshort 2 GUI
35>>220 leshort 3 console
36>>220 leshort 7 POSIX
37>150 leshort&0x2000 =0 executable
38#>>136 ledate x stamp %s,
39>>150 leshort&0x0001 >0 not relocatable
40#>>150 leshort&0x0004 =0 with line numbers,
41#>>150 leshort&0x0008 =0 with local symbols,
42#>>150 leshort&0x0200 =0 with debug symbols,
43>>150 leshort&0x1000 >0 system file
44#>>148 leshort >0
45#>>>154 byte x linker %d
46#>>>155 byte x \b.%d,
47#>>148 leshort >27
48#>>>192 leshort x requires OS %d
49#>>>194 leshort x \b.%d,
50#>>>196 leshort x user version %d
51#>>>198 leshort x \b.%d,
52#>>>200 leshort x subsystem version %d
53#>>>202 leshort x \b.%d,
54>150 leshort&0x2000 >0 DLL
55#>>136 ledate x stamp %s,
56>>150 leshort&0x0001 >0 not relocatable
57#>>150 leshort&0x0004 =0 with line numbers,
58#>>150 leshort&0x0008 =0 with local symbols,
59#>>150 leshort&0x0200 =0 with debug symbols,
60>>150 leshort&0x1000 >0 system file
61#>>148 leshort >0
62#>>>154 byte x linker %d
63#>>>155 byte x \b.%d,
64#>>148 leshort >27
65#>>>192 leshort x requires OS %d
66#>>>194 leshort x \b.%d,
67#>>>196 leshort x user version %d
68#>>>198 leshort x \b.%d,
69#>>>200 leshort x subsystem version %d
70#>>>202 leshort x \b.%d,
710 leshort 0x14c MS Windows COFF Intel 80386 object file
72#>4 ledate x stamp %s
730 leshort 0x166 MS Windows COFF MIPS R4000 object file
74#>4 ledate x stamp %s
750 leshort 0x184 MS Windows COFF Alpha object file
76#>4 ledate x stamp %s
770 leshort 0x268 MS Windows COFF Motorola 68000 object file
78#>4 ledate x stamp %s
790 leshort 0x1f0 MS Windows COFF PowerPC object file
80#>4 ledate x stamp %s
810 leshort 0x290 MS Windows COFF PA-RISC object file
82#>4 ledate x stamp %s
83
84# .EXE formats (Greg Roelofs, newt@uchicago.edu)
85#
860 string MZ MS-DOS executable (EXE)
87>24 string @ \b, OS/2 or MS Windows
88>>0xe7 string LH/2\ Self-Extract \b, %s
89>>0xe9 string PKSFX2 \b, %s
90>>122 string Windows\ self-extracting\ ZIP \b, %s
91>0x1c string RJSX\xff\xff \b, ARJ SFX
92>0x1c string diet\xf9\x9c \b, diet compressed
93>0x1e string Copyright\ 1989-1990\ PKWARE\ Inc. \b, PKSFX
94# JM: 0x1e "PKLITE Copr. 1990-92 PKWARE Inc. All Rights Reserved\7\0\0\0"
95>0x1e string PKLITE\ Copr. \b, %.6s compressed
96>0x24 string LHa's\ SFX \b, %.15s
97>0x24 string LHA's\ SFX \b, %.15s
98>1638 string -lh5- \b, LHa SFX archive v2.13S
99>7195 string Rar! \b, RAR self-extracting archive
100#
101# [GRR 950118: file 3.15 has a buffer-size limitation; offsets bigger than
102# 8161 bytes are ignored. To make the following entries work, increase
103# HOWMANY in file.h to 32K at least, and maybe to 70K or more for OS/2,
104# NT/Win32 and VMS.]
105# [GRR: some company sells a self-extractor/displayer for image data(!)]
106#
107>11696 string PK\003\004 \b, PKZIP SFX archive v1.1
108>13297 string PK\003\004 \b, PKZIP SFX archive v1.93a
109>15588 string PK\003\004 \b, PKZIP2 SFX archive v1.09
110>15770 string PK\003\004 \b, PKZIP SFX archive v2.04g
111>28374 string PK\003\004 \b, PKZIP2 SFX archive v1.02
112#
113# Info-ZIP self-extractors
114# these are the DOS versions:
115>25115 string PK\003\004 \b, Info-ZIP SFX archive v5.12
116>26331 string PK\003\004 \b, Info-ZIP SFX archive v5.12 w/decryption
117# these are the OS/2 versions (OS/2 is flagged above):
118>47031 string PK\003\004 \b, Info-ZIP SFX archive v5.12
119>49845 string PK\003\004 \b, Info-ZIP SFX archive v5.12 w/decryption
120# this is the NT/Win32 version:
121>69120 string PK\003\004 \b, Info-ZIP NT SFX archive v5.12 w/decryption
122#
123# TELVOX Teleinformatica CODEC self-extractor for OS/2:
124>49801 string \x79\xff\x80\xff\x76\xff \b, CODEC archive v3.21
125>>49824 leshort =1 \b, 1 file
126>>49824 leshort >1 \b, %u files
127
128# .COM formats (Daniel Quinlan, quinlan@yggdrasil.com)
129# Uncommenting only the first two lines will cover about 2/3 of COM files,
130# but it isn't feasible to match all COM files since there must be at least
131# two dozen different one-byte "magics".
132#0 byte 0xe9 MS-DOS executable (COM)
133#>6 string SFX\ of\ LHarc (%s)
134#0 byte 0x8c MS-DOS executable (COM)
135# 0xeb conflicts with "sequent" magic
136#0 byte 0xeb MS-DOS executable (COM)
137#0 byte 0xb8 MS-DOS executable (COM)
138
139# miscellaneous formats
1400 string LZ MS-DOS executable (built-in)
141#0 byte 0xf0 MS-DOS program library data
142#
143
144#
145# Windows NT Registry files.
146#
1470 string regf Windows NT Registry file
148
149# Popular applications
1502080 string Microsoft\ Word\ 6.0\ Document %s
1512080 string Documento\ Microsoft\ Word\ 6 Spanish Microsoft Word 6 document data
152# Pawel Wiecek <coven@i17linuxb.ists.pwr.wroc.pl> (for polish Word)
1532112 string MSWordDoc Microsoft Word document data
154#
1550 belong 0x31be0000 Microsoft Word Document
156#
1570 string PO^Q` Microsoft Word 6.0 Document
158#
1590 string \376\067\0\043 Microsoft Office Document
1600 string \320\317\021\340\241\261 Microsoft Office Document
1610 string \333\245-\0\0\0 Microsoft Office Document
162#
1632080 string Microsoft\ Excel\ 5.0\ Worksheet %s
164#
165# Pawel Wiecek <coven@i17linuxb.ists.pwr.wroc.pl> (for polish Excel)
1662114 string Biff5 Microsoft Excel 5.0 Worksheet
167#
1680 belong 0x00001a00 Lotus 1-2-3
169>4 belong 0x00100400 wk3 document data
170>4 belong 0x02100400 wk4 document data
171>4 belong 0x07800100 fm3 or fmb document data
172>4 belong 0x07800000 fm3 or fmb document data
173#
1740 belong 0x00000200 Lotus 1-2-3
175>4 belong 0x06040600 wk1 document data
176>4 belong 0x06800200 fmt document data
177
178# Help files
1790 string ?_\3\0 MS Windows Help Data
180
181# Microsoft CAB distribution format Dale Worley <root@dworley.ny.mediaone.net>
1820 string MSCF\000\000\000\000 Microsoft CAB file
183
184# DeIsL1.isu what this is I don't know
1850 string \161\250\000\000\001\002 DeIsL1.isu whatever that is
186
187# Winamp .avs
188#0 string Nullsoft\ AVS\ Preset\ \060\056\061\032 A plug in for Winamp ms-windows Freeware media player
1890 string Nullsoft\ AVS\ Preset\ Winamp plug in
190
191# Hyper terminal:
1920 string HyperTerminal\ hyperterm
193>15 string 1.0\ --\ HyperTerminal\ data\ file MS-windows Hyperterminal
194
195# Windows Metafont .WMF
1960 string \327\315\306\232\000\000\000\000\000\000 ms-windows metafont .wmf
197
198#tz3 files whatever that is (MS Works files)
1990 string \003\001\001\004\070\001\000\000 tz3 ms-works file
2000 string \003\002\001\004\070\001\000\000 tz3 ms-works file
2010 string \003\003\001\004\070\001\000\000 tz3 ms-works file
202
203# PGP sig files .sig
204#0 string \211\000\077\003\005\000\063\237\127 065 to \027\266\151\064\005\045\101\233\021\002 PGP sig
2050 string \211\000\077\003\005\000\063\237\127\065\027\266\151\064\005\045\101\233\021\002 PGP sig
2060 string \211\000\077\003\005\000\063\237\127\066\027\266\151\064\005\045\101\233\021\002 PGP sig
2070 string \211\000\077\003\005\000\063\237\127\067\027\266\151\064\005\045\101\233\021\002 PGP sig
2080 string \211\000\077\003\005\000\063\237\127\070\027\266\151\064\005\045\101\233\021\002 PGP sig
2090 string \211\000\077\003\005\000\063\237\127\071\027\266\151\064\005\045\101\233\021\002 PGP sig
2100 string \211\000\225\003\005\000\062\122\207\304\100\345\042 PGP sig
211
212# windows zips files .dmf
2130 string MDIF\032\000\010\000\000\000\372\046\100\175\001\000\001\036\001\000 Ms-windows special zipped file
214
215
216# Windows help file FTG FTS
2170 string \164\146\115\122\012\000\000\000\001\000\000\000 ms-windows help cache
218
219# grp old windows 3.1 group files
2200 string \120\115\103\103 Ms-windows 3.1 group files
221
222
223# lnk files windows symlinks
2240 string \114\000\000\000\001\024\002\000\000\000\000\000\300\000\000\000\000\000\000\106 ms-Windows shortcut
225
226#ico files
2270 string \102\101\050\000\000\000\056\000\000\000\000\000\000\000 Icon for ms-windows

228
229# Windows icons (Ian Springer <ips@fpk.hp.com>)

2300 string \000\000\001\000 ms-windows icon resource
231>4 byte 1 - 1 icon
232>4 byte >1 - %d icons
233>>6 byte >0 \b, %dx
234>>>7 byte >0 \b%d
235>>8 byte 0 \b, 256-colors
236>>8 byte >0 \b, %d-colors
237
238
239# True Type fonts currently misidentified as raw G3 data
240
2410 string \000\001\000\000\000 MS-Windows true type font .ttf
242
243
244# .chr files
2450 string PK\010\010BGI Borland font
246>4 string >\0 %s
247# then there is a copyright notice
248
249
250# .bgi files
2510 string pk\010\010BGI Borland device
252>4 string >\0 %s
253# then there is a copyright notice
254
255
256# recycled/info the windows trash bin index
2579 string \000\000\000\030\001\000\000\000 ms-windows recycled bin info
258
259
260##### put in Either Magic/font or Magic/news
261# Acroread or something files wrongly identified as G3 .pfm
262# these have the form \000 \001 any? \002 \000 \000
263# or \000 \001 any? \022 \000 \000
2640 string \000\001 pfm?
265>3 string \022\000\000Copyright\ yes
266>3 string \002\000\000Copyright\ yes
267#>3 string >\0 oops, not a font file. Cancel that.
268#it clashes with ttf files so put it lower down.
269
270# From Doug Lee via a FreeBSD pr
2719 string GERBILDOC First Choice document
2729 string GERBILDB First Choice database
2739 string GERBILCLIP First Choice database
2740 string GERBIL First Choice device file
2759 string RABBITGRAPH RabbitGraph file
2760 string DCU1 Borland Delphi .DCU file
2770 string !<spell> MKS Spell hash list (old format)
2780 string !<spell2> MKS Spell hash list
2790 string AH Halo(TM) bitmapped font file

~~278~~0 leshort 0x601A Atari ST contiguous executable
~~279~~>14 lelong >0 - not stripped
~~280~~0 leshort 0x601B Atari ST non-contig executable
~~281~~>14 lelong >0 - not stripped

2800 lelong 0x08086b70 TurboC BGI file
2810 lelong 0x08084b50 TurboC Font file
282
283# WARNING: below line conflicts with Infocom game data Z-machine 3
2840 byte 0x03 DBase 3 data file
285>0x04 lelong 0 (no records)
286>0x04 lelong >0 (%ld records)
2870 byte 0x83 DBase 3 data file with memo(s)
288>0x04 lelong 0 (no records)
289>0x04 lelong >0 (%ld records)
2900 leshort 0x0006 DBase 3 index file
2910 string PMCC Windows 3.x .GRP file
2921 string RDC-meg MegaDots
293>8 byte >0x2F version %c
294>9 byte >0x2F \b.%c file
2950 lelong 0x4C
296>4 lelong 0x00021401 Windows shortcut file
297
298# DOS EPS Binary File Header
299# From: Ed Sznyter <ews@Black.Market.NET>
3000 belong 0xC5D0D3C6 DOS EPS Binary File
301>4 long >0 Postscript starts at byte %d
302>>8 long >0 length %d
303>>>12 long >0 Metafile starts at byte %d
304>>>>16 long >0 length %d
305>>>20 long >0 TIFF starts at byte %d
306>>>>24 long >0 length %d
307
308# TNEF magic From "Joomy" <joomy@se-ed.net>
3090 leshort 0x223e9f78 TNEF