diff options
author | mpp <mpp@FreeBSD.org> | 1997-03-18 18:00:03 +0000 |
---|---|---|
committer | mpp <mpp@FreeBSD.org> | 1997-03-18 18:00:03 +0000 |
commit | 8bba93cbbd93c0a6b69596c2d5331302bf76a963 (patch) | |
tree | 1a6f53f7d3b88b87b17df936fc1c703fa53334eb /usr.bin/file | |
parent | 1961b381e0c8da141c7f1ebbc57236f8854d586e (diff) | |
parent | 12c550bd9fb9772fef442bd692f0e0fdff9b2176 (diff) | |
download | FreeBSD-src-8bba93cbbd93c0a6b69596c2d5331302bf76a963.zip FreeBSD-src-8bba93cbbd93c0a6b69596c2d5331302bf76a963.tar.gz |
This commit was generated by cvs2svn to compensate for changes in r23988,
which included commits to RCS files with non-trunk default branches.
Diffstat (limited to 'usr.bin/file')
33 files changed, 1136 insertions, 85 deletions
diff --git a/usr.bin/file/Magdir/alpha b/usr.bin/file/Magdir/alpha new file mode 100644 index 0000000..42e1917 --- /dev/null +++ b/usr.bin/file/Magdir/alpha @@ -0,0 +1,21 @@ +#------------------------------------------------------------------------------ +# alpha architecture description +# + +0 leshort 0603 COFF format alpha +>22 leshort&030000 !020000 executable +>24 leshort 0410 pure +>24 leshort 0413 paged +>22 leshort&020000 !0 dynamically linked +>16 lelong !0 not stripped +>16 lelong 0 stripped +>22 leshort&030000 020000 shared library +>24 leshort 0407 object +>27 byte x - version %d +>26 byte x .%d +>28 byte x -%d + +# Basic recognition of OSF/1 core dumps - Mike Bremford <mike@opac.bl.uk> +# +0 string Core\001 COFF format core dump (OSF/1) +>24 string >\0 generated by '%s' diff --git a/usr.bin/file/Magdir/amanda b/usr.bin/file/Magdir/amanda new file mode 100644 index 0000000..57c4359 --- /dev/null +++ b/usr.bin/file/Magdir/amanda @@ -0,0 +1,7 @@ +#------------------------------------------------------------------------------ +# amanda: file(1) magic for amanda file format +# +0 string AMANDA:\ TAPESTART\ DATE AMANDA dump header file, +>23 string X +>>25 string >\ Unused %s +>23 string >\ DATE %s diff --git a/usr.bin/file/Magdir/amigaos b/usr.bin/file/Magdir/amigaos new file mode 100644 index 0000000..6073936 --- /dev/null +++ b/usr.bin/file/Magdir/amigaos @@ -0,0 +1,10 @@ +#------------------------------------------------------------------------------ +# amigaos: file(1) magic for AmigaOS binary formats: + +# +# From ignatios@cs.uni-bonn.de (Ignatios Souvatzis) +# Some formats are still missing: AmigaOS special IFF's, e.g.: FORM....CTLG +# (the others should be seperate, anyway) +# +0 belong 0x000003f3 AmigaOS loadseg()ble executable/binary +0 belong 0x000003e7 AmigaOS object/library data diff --git a/usr.bin/file/Magdir/archive b/usr.bin/file/Magdir/archive index bd40081..f266b19 100644 --- a/usr.bin/file/Magdir/archive +++ b/usr.bin/file/Magdir/archive @@ -45,8 +45,6 @@ >19 string B and an EB hash table >22 string X -- out of date -0 string !<arch> archive ->8 string __.SYMDEF random library 0 string -h- Software Tools format archive text # @@ -56,11 +54,10 @@ # 0 string !<arch> current ar archive # 0 long 0x213c6172 archive file # -# and for SVR3.1 archives, we have: +# and for SVR1 archives, we have: # # 0 string \<ar> System V Release 1 ar archive # 0 string =<ar> archive -# 0 string =<ar> archive # # XXX - did Aegis really store shared libraries, breakpointed modules, # and absolute code program modules in the same format as new-style @@ -68,6 +65,8 @@ # 0 string !<arch> current ar archive >8 string __.SYMDEF random library +>8 string debian-split part of multipart Debian package +>8 string debian-binary Debian binary package >0 belong =65538 - pre SR9.5 >0 belong =65539 - post SR9.5 >0 beshort 2 - object archive @@ -96,14 +95,10 @@ 0 leshort 0177545 old PDP-11 archive >8 string __.SYMDEF random library # -0 string =<ar> archive -# -# From "pdp": +# From "pdp" (but why a 4-byte quantity?) # 0 lelong 0x39bed PDP-11 old archive 0 lelong 0x39bee PDP-11 4.0 archive -# -0 string -h- Software Tools format archive text # ARC archiver, from Daniel Quinlan (quinlan@yggdrasil.com) # diff --git a/usr.bin/file/Magdir/asterix b/usr.bin/file/Magdir/asterix new file mode 100644 index 0000000..d89504a --- /dev/null +++ b/usr.bin/file/Magdir/asterix @@ -0,0 +1,17 @@ + +#------------------------------------------------------------------------------ +# asterix: file(1) magic for Aster*x; SunOS 5.5.1 gave the 4-character +# strings as "long" - we assume they're just strings: +# From: guy@netapp.com (Guy Harris) +# +0 string *STA Aster*x +>7 string WORD Words Document +>7 string GRAP Graphic +>7 string SPRE Spreadsheet +>7 string MACR Macro +0 string 2278 Aster*x Version 2 +>29 byte 0x36 Words Document +>29 byte 0x35 Graphic +>29 byte 0x32 Spreadsheet +>29 byte 0x38 Macro + diff --git a/usr.bin/file/Magdir/bsdi b/usr.bin/file/Magdir/bsdi index faf0a60..2e3b646 100644 --- a/usr.bin/file/Magdir/bsdi +++ b/usr.bin/file/Magdir/bsdi @@ -1,2 +1,7 @@ -# BSDI BSD/386 -0 long 0314 BSD/386 demand paged (first page unmapped) pure executable + +#------------------------------------------------------------------------------ +# bsdi: file(1) magic for BSD/OS (from BSDI) objects +# +0 lelong 000000314 BSD/OS i386 compact demand paged executable +>16 lelong >0 not stripped +>32 byte 0x6a (uses shared libs) diff --git a/usr.bin/file/Magdir/compress b/usr.bin/file/Magdir/compress index 2cf8d19..a797f8f 100644 --- a/usr.bin/file/Magdir/compress +++ b/usr.bin/file/Magdir/compress @@ -79,8 +79,14 @@ # # This will cause very short GSM files to be declared as data and # mismatches to be declared as data too! -#0 byte&0xF0 0xd0 data +#0 byte&0xF0 0xd0 data #>33 byte&0xF0 0xd0 #>66 byte&0xF0 0xd0 #>99 byte&0xF0 0xd0 -#>132 byte&0xF0 0xd0 GSM 06.10 compressed audio +#>132 byte&0xF0 0xd0 GSM 06.10 compressed audio + +# Bzip from ulmo@Q.Net +0 string BZ bzip compressed data, +>2 byte x format v. %c, +>3 byte x block size indicator %c + diff --git a/usr.bin/file/Magdir/convex b/usr.bin/file/Magdir/convex index 14ed867..b1235d7 100644 --- a/usr.bin/file/Magdir/convex +++ b/usr.bin/file/Magdir/convex @@ -1,7 +1,69 @@ - #------------------------------------------------------------------------------ # convex: file(1) magic for Convex boxes # # Convexes are big-endian. # -0 long 0513 Convex executable +# /*\ +# * Below are the magic numbers and tests added for Convex. +# * Added at beginning, because they are expected to be used most. +# \*/ +0 belong 0507 Convex old-style object +>16 belong >0 not stripped +0 belong 0513 Convex old-style demand paged executable +>16 belong >0 not stripped +0 belong 0515 Convex old-style pre-paged executable +>16 belong >0 not stripped +0 belong 0517 Convex old-style pre-paged, non-swapped executable +>16 belong >0 not stripped +0 belong 0x011257 Core file +# +# The following are a series of dump format magic numbers. Each one +# corresponds to a drastically different dump format. The first on is +# the original dump format on a 4.1 BSD or earlier file system. The +# second marks the change between the 4.1 file system and the 4.2 file +# system. The Third marks the changing of the block size from 1K +# to 2K to be compatible with an IDC file system. The fourth indicates +# a dump that is dependent on Convex Storage Manager, because data in +# secondary storage is not physically contained within the dump. +# The restore program uses these number to determine how the data is +# to be extracted. +# +24 belong =60011 dump format, 4.1 BSD or earlier +24 belong =60012 dump format, 4.2 or 4.3 BSD without IDC +24 belong =60013 dump format, 4.2 or 4.3 BSD (IDC compatible) +24 belong =60014 dump format, Convex Storage Manager by-reference dump +# +# what follows is a bunch of bit-mask checks on the flags field of the opthdr. +# If there is no `=' sign, assume just checking for whether the bit is set? +# +0 belong 0601 Convex SOFF +>88 belong&0x000f0000 =0x00000000 c1 +>88 belong &0x00010000 c2 +>88 belong &0x00020000 c2mp +>88 belong &0x00040000 parallel +>88 belong &0x00080000 intrinsic +>88 belong &0x00000001 demand paged +>88 belong &0x00000002 pre-paged +>88 belong &0x00000004 non-swapped +>88 belong &0x00000008 POSIX +# +>84 belong &0x80000000 executable +>84 belong &0x40000000 object +>84 belong&0x20000000 =0 not stripped +>84 belong&0x18000000 =0x00000000 native fpmode +>84 belong&0x18000000 =0x10000000 ieee fpmode +>84 belong&0x18000000 =0x18000000 undefined fpmode +# +0 belong 0605 Convex SOFF core +# +0 belong 0607 Convex SOFF checkpoint +>88 belong&0x000f0000 =0x00000000 c1 +>88 belong &0x00010000 c2 +>88 belong &0x00020000 c2mp +>88 belong &0x00040000 parallel +>88 belong &0x00080000 intrinsic +>88 belong &0x00000008 POSIX +# +>84 belong&0x18000000 =0x00000000 native fpmode +>84 belong&0x18000000 =0x10000000 ieee fpmode +>84 belong&0x18000000 =0x18000000 undefined fpmode diff --git a/usr.bin/file/Magdir/database b/usr.bin/file/Magdir/database index 692ce6b..146c310 100644 --- a/usr.bin/file/Magdir/database +++ b/usr.bin/file/Magdir/database @@ -17,16 +17,18 @@ >8 belong 1234 Little Endian, >8 belong 4321 Big Endian, >12 belong x Bucket Size %d, ->16 belong x Directory Size %d, ->20 belong x Segment Size %d, ->24 belong x Segment Shift %d, ->28 belong x Overflow Point %d, ->32 belong x Last Freed %d, ->36 belong x Max Bucket %d, ->40 belong x High Mask 0x%x, ->44 belong x Low Mask 0x%x, ->48 belong x Fill Factor %d, ->52 belong x Number of Keys %d) +>16 belong x Bucket Shift %d, +>20 belong x Directory Size %d, +>24 belong x Segment Size %d, +>28 belong x Segment Shift %d, +>32 belong x Overflow Point %d, +>36 belong x Last Freed %d, +>40 belong x Max Bucket %d, +>44 belong x High Mask 0x%x, +>48 belong x Low Mask 0x%x, +>52 belong x Fill Factor %d, +>56 belong x Number of Keys %d) +# # 0 belong 0x053162 Berkeley DB Btree file >4 belong >0 (Version %d, diff --git a/usr.bin/file/Magdir/digital b/usr.bin/file/Magdir/digital new file mode 100644 index 0000000..f4ebbff --- /dev/null +++ b/usr.bin/file/Magdir/digital @@ -0,0 +1,41 @@ +# Digital UNIX - Info +# +0 string ^!<arch>\n_______64E Alpha archive +>22 string X -- out of date +# +# Alpha COFF Based Executables +# The stripped stuff really needs to be an 8 byte (64 bit) compare, +# but this works +0 leshort 0x183 COFF format alpha +>22 leshort&020000 &010000 sharable library, +>22 leshort&020000 ^010000 dynamically linked, +>24 leshort 0410 pure +>24 leshort 0413 demand paged +>8 lelong >0 executable or object module, not stripped +>8 lelong 0 +>>12 lelong 0 executable or object module, stripped +>>12 lelong >0 executable or object module, not stripped +>27 byte >0 - version %d. +>26 byte >0 %d- +>28 leshort >0 %d +# +# The next is incomplete, we could tell more about this format, +# but its not worth it. +0 leshort 0x188 Alpha compressed COFF +0 leshort 0x18f Alpha u-code object +# +# +# Some other interesting Digital formats, +0 string \377\377\177 ddis/ddif +0 string \377\377\174 ddis/dots archive +0 string \377\377\176 ddis/dtif table data +0 string \033c\033 LN03 output +0 long 04553207 X image +# +0 string !<PDF>!\n profiling data file +# +# Locale data tables (MIPS and Alpha). +# +0 short 0x0501 locale data table +>6 short 0x24 for MIPS +>6 short 0x40 for Alpha diff --git a/usr.bin/file/Magdir/dump b/usr.bin/file/Magdir/dump index 955275b..628ead8 100644 --- a/usr.bin/file/Magdir/dump +++ b/usr.bin/file/Magdir/dump @@ -43,8 +43,8 @@ >888 belong >0 Flags %x 24 lelong 60012 new-fs dump file (little endian), ->4 ledate x Previous dump %s, ->8 ledate x This dump %s, +>4 ledate x This dump %s, +>8 ledate x Previous dump %s, >12 lelong >0 Volume %ld, >692 lelong 0 Level zero, type: >692 lelong >0 Level %d, type: diff --git a/usr.bin/file/Magdir/hp b/usr.bin/file/Magdir/hp index 82d1130..e1efdbd 100644 --- a/usr.bin/file/Magdir/hp +++ b/usr.bin/file/Magdir/hp @@ -6,12 +6,6 @@ # applied to the "TML" stuff; I'm assuming the Apollo stuff is # big-endian as it was mostly 68K-based. # -# HP-PA is big-endian, so it (and "800", which is *also* HP-PA-based; I -# assume "HPPA-RISC1.1" really means "HP-PA Version 1.1", which first -# showed up in the 700 series, although later 800 series machines are, -# I think, based on the PA7100 which implements HP-PA 1.1) are flagged -# as big-endian. -# # I think the 500 series was the old stack-based machines, running a # UNIX environment atop the "SUN kernel"; dunno whether it was # big-endian or little-endian. @@ -21,10 +15,23 @@ # HP magic is useful for reference, but using "long" magic is a better # practice in order to avoid collisions. # +# Guy Harris (guy@netapp.com): some additions to this list came from +# HP-UX 10.0's "/usr/include/sys/unistd.h" (68030, 68040, PA-RISC 1.1, +# 1.2, and 2.0). The 1.2 and 2.0 stuff isn't in the HP-UX 10.0 +# "/etc/magic", though, except for the "archive file relocatable library" +# stuff, and the 68030 and 68040 stuff isn't there at all - are they not +# used in executables, or have they just not yet updated "/etc/magic" +# completely? +# # 0 beshort 200 hp200 (68010) BSD binary # 0 beshort 300 hp300 (68020+68881) BSD binary # 0 beshort 0x20c hp200/300 HP-UX binary -# 0 beshort 0x20b hp800 HP-UX binary +# 0 beshort 0x20d hp400 (68030) HP-UX binary +# 0 beshort 0x20e hp400 (68040?) HP-UX binary +# 0 beshort 0x20b PA-RISC1.0 HP-UX binary +# 0 beshort 0x210 PA-RISC1.1 HP-UX binary +# 0 beshort 0x211 PA-RISC1.2 HP-UX binary +# 0 beshort 0x214 PA-RISC2.0 HP-UX binary # # The "misc" stuff needs a byte order; the archives look suspiciously @@ -41,49 +48,58 @@ 0 long 01702407010 TML 1032 byte-order format 0 long 01003405017 TML 2301 byte-order format 0 long 01602007412 TML 3210 byte-order format -#### HPPA -0 belong 0x02100106 HPPA-RISC1.1 relocatable object -0 belong 0x02100107 HPPA-RISC1.1 executable +#### PA-RISC +0 belong 0x02100106 PA-RISC1.1 relocatable object +0 belong 0x02100107 PA-RISC1.1 executable +>168 belong &=0x00000004 dynamically linked >(144) belong 0x054ef630 dynamically linked >96 belong >0 - not stripped -0 belong 0x02100108 HPPA-RISC1.1 shared executable +0 belong 0x02100108 PA-RISC1.1 shared executable +>168 belong&0x4 0x4 dynamically linked >(144) belong 0x054ef630 dynamically linked >96 belong >0 - not stripped -0 belong 0x0210010b HPPA-RISC1.1 demand-load executable +0 belong 0x0210010b PA-RISC1.1 demand-load executable +>168 belong&0x4 0x4 dynamically linked >(144) belong 0x054ef630 dynamically linked >96 belong >0 - not stripped -0 belong 0x0210010e HPPA-RISC1.1 shared library +0 belong 0x0210010e PA-RISC1.1 shared library >96 belong >0 - not stripped -0 belong 0x0210010d HPPA-RISC1.1 dynamic load library +0 belong 0x0210010d PA-RISC1.1 dynamic load library >96 belong >0 - not stripped #### 800 -0 belong 0x020b0106 HP s800 relocatable object +0 belong 0x020b0106 PA-RISC1.0 relocatable object -0 belong 0x020b0107 HP s800 executable +0 belong 0x020b0107 PA-RISC1.0 executable +>168 belong&0x4 0x4 dynamically linked >(144) belong 0x054ef630 dynamically linked >96 belong >0 - not stripped -0 belong 0x020b0108 HP s800 shared executable +0 belong 0x020b0108 PA-RISC1.0 shared executable +>168 belong&0x4 0x4 dynamically linked >(144) belong 0x054ef630 dynamically linked >96 belong >0 - not stripped -0 belong 0x020b010b HP s800 demand-load executable +0 belong 0x020b010b PA-RISC1.0 demand-load executable +>168 belong&0x4 0x4 dynamically linked >(144) belong 0x054ef630 dynamically linked >96 belong >0 - not stripped -0 belong 0x020b010e HP s800 shared library +0 belong 0x020b010e PA-RISC1.0 shared library >96 belong >0 - not stripped -0 belong 0x020b010d HP s800 dynamic load library +0 belong 0x020b010d PA-RISC1.0 dynamic load library >96 belong >0 - not stripped 0 belong 0x213c6172 archive file ->68 belong 0x020b0619 - HP s800 relocatable library +>68 belong 0x020b0619 - PA-RISC1.0 relocatable library +>68 belong 0x02100619 - PA-RISC1.1 relocatable library +>68 belong 0x02110619 - PA-RISC1.2 relocatable library +>68 belong 0x02140619 - PA-RISC2.0 relocatable library #### 500 0 long 0x02080106 HP s500 relocatable executable @@ -156,7 +172,7 @@ 0 string IMGfile CIS compimg HP Bitmapfile # XXX - see "lif" -0 short 0x8000 lif file +#0 short 0x8000 lif file 0 long 0x020c010c compiled Lisp 0 string msgcat01 HP NLS message catalog, diff --git a/usr.bin/file/Magdir/ibm370 b/usr.bin/file/Magdir/ibm370 index 32d6bec..8cd9da2 100644 --- a/usr.bin/file/Magdir/ibm370 +++ b/usr.bin/file/Magdir/ibm370 @@ -4,7 +4,35 @@ # # "ibm370" said that 0x15d == 0535 was "ibm 370 pure executable". # What the heck *is* "USS/370"? +# AIX 4.1's "/etc/magic" has # +# 0 short 0535 370 sysV executable +# >12 long >0 not stripped +# >22 short >0 - version %d +# >30 long >0 - 5.2 format +# 0 short 0530 370 sysV pure executable +# >12 long >0 not stripped +# >22 short >0 - version %d +# >30 long >0 - 5.2 format +# +# instead of the "USS/370" versions of the same magic numbers. +# +0 beshort 0537 370 XA sysV executable +>12 belong >0 not stripped +>22 beshort >0 - version %d +>30 belong >0 - 5.2 format +0 beshort 0532 370 XA sysV pure executable +>12 belong >0 not stripped +>22 beshort >0 - version %d +>30 belong >0 - 5.2 format +0 beshort 054001 370 sysV pure executable +>12 belong >0 not stripped +0 beshort 055001 370 XA sysV pure executable +>12 belong >0 not stripped +0 beshort 056401 370 sysV executable +>12 belong >0 not stripped +0 beshort 057401 370 XA sysV executable +>12 belong >0 not stripped 0 beshort 0531 SVR2 executable (Amdahl-UTS) >12 belong >0 not stripped >24 belong >0 - version %ld diff --git a/usr.bin/file/Magdir/ibm6000 b/usr.bin/file/Magdir/ibm6000 index 7b8e494..8e1077b 100644 --- a/usr.bin/file/Magdir/ibm6000 +++ b/usr.bin/file/Magdir/ibm6000 @@ -12,5 +12,6 @@ 0 beshort 0x0104 shared library 0 beshort 0x0105 ctab data 0 beshort 0xfe04 structured file -0 string 0xabcdef message catalog -#0 string <aiaff> archive +0 string 0xabcdef AIX message catalog +0 belong 0x000001f9 AIX compiled message catalog +0 string \<aiaff> archive diff --git a/usr.bin/file/Magdir/images b/usr.bin/file/Magdir/images index 4ff0824..271b169 100644 --- a/usr.bin/file/Magdir/images +++ b/usr.bin/file/Magdir/images @@ -53,14 +53,14 @@ >6 leshort >0 %hd x >8 leshort >0 %hd, #>10 byte &0x80 color mapped, ->10 byte&0x07 =0x00 2 colors ->10 byte&0x07 =0x01 4 colors ->10 byte&0x07 =0x02 8 colors ->10 byte&0x07 =0x03 16 colors ->10 byte&0x07 =0x04 32 colors ->10 byte&0x07 =0x05 64 colors ->10 byte&0x07 =0x06 128 colors ->10 byte&0x07 =0x07 256 colors +#>10 byte&0x07 =0x00 2 colors +#>10 byte&0x07 =0x01 4 colors +#>10 byte&0x07 =0x02 8 colors +#>10 byte&0x07 =0x03 16 colors +#>10 byte&0x07 =0x04 32 colors +#>10 byte&0x07 =0x05 64 colors +#>10 byte&0x07 =0x06 128 colors +#>10 byte&0x07 =0x07 256 colors # ITC (CMU WM) raster files. It is essentially a byte-reversed Sun raster, # 1 plane, no encoding. @@ -116,6 +116,13 @@ >29 byte 1 \b, fine resolution (204x196 DPI) # JPEG images +# SunOS 5.5.1 had +# +# 0 string \377\330\377\340 JPEG file +# 0 string \377\330\377\356 JPG file +# +# both of which turn into "JPEG image data" here. +# 0 beshort 0xffd8 JPEG image data >6 string JFIF \b, JFIF standard # HSI is Handmade Software's proprietary JPEG encoding scheme @@ -222,3 +229,8 @@ # other images 0 string This\ is\ a\ BitMap\ file Lisp Machine bit-array-file 0 string !! Bennet Yee's "face" format + +# From SunOS 5.5.1 "/etc/magic" - appeared right before Sun raster image +# stuff. +# +0 beshort 0x1010 PEX Binary Archive diff --git a/usr.bin/file/Magdir/island b/usr.bin/file/Magdir/island new file mode 100644 index 0000000..9903cdd --- /dev/null +++ b/usr.bin/file/Magdir/island @@ -0,0 +1,9 @@ + +#------------------------------------------------------------------------------ +# island: file(1) magic for IslandWite/IslandDraw, from SunOS 5.5.1 +# "/etc/magic": +# From: guy@netapp.com (Guy Harris) +# +4 string pgscriptver IslandWrite document +13 string DrawFile IslandDraw document + diff --git a/usr.bin/file/Magdir/linux b/usr.bin/file/Magdir/linux index a6e7520..75a2a2b 100644 --- a/usr.bin/file/Magdir/linux +++ b/usr.bin/file/Magdir/linux @@ -24,7 +24,7 @@ 0 string \007\001\000 Linux/i386 object file >20 lelong >0x1020 \b, DLL library # message catalogs, from Mitchum DSouza <m.dsouza@mrc-apu.cam.ac.uk> -0 string *nazgul* compiled message catalog +0 string *nazgul* Linux compiled message catalog >8 lelong >0 \b, version %ld # core dump file, from Bill Reynolds <bill@goshawk.lanl.gov> 216 lelong 0421 Linux/i386 core file @@ -49,7 +49,25 @@ >3 byte >0 8x%d # Linux swap file, from Daniel Quinlan <quinlan@yggdrasil.com> 4086 string SWAP-SPACE Linux/i386 swap file -# From: Erik Troan <ewt@redhat.com> -0 leshort 0x00070183 ECOFF (Linux/OSF) Alpha binary ->10 leshort 0x0001 not stripped ->10 leshort 0x0000 stripped +# ECOFF magic for OSF/1 and Linux (only tested under Linux though) +# +# from Erik Troan (ewt@redhat.com) examining od dumps, so this +# could be wrong +# updated by David Mosberger (davidm@azstarnet.com) based on +# GNU BFD and MIPS info found below. +# +0 leshort 0x0183 ECOFF alpha +>24 leshort 0407 executable +>24 leshort 0410 pure +>24 leshort 0413 demand paged +>8 long >0 not stripped +>8 long 0 stripped +>23 leshort >0 - version %ld. +# linux Kernel images version 1.3.80 - ? +# from Axel Kohlmeyer <akohlmey@rincewind.chemie.uni-ulm.de> +0 belong 0xb8c0078e Linux/x86 kernel image, +>0x048c byte 0x31 +>>0x048c string x version %s +>0x0493 byte 0x31 +>>0x0493 string x version %s +# diff --git a/usr.bin/file/Magdir/mach b/usr.bin/file/Magdir/mach new file mode 100644 index 0000000..308325e --- /dev/null +++ b/usr.bin/file/Magdir/mach @@ -0,0 +1,38 @@ +#------------------------------------------------------------------------------ +# mach file description +# +0 belong 0xcafebabe mach-o fat file +>4 belong 1 with 1 architecture +>4 belong >1 +>>4 belong x with %ld architectures +# +0 belong 0xfeedface mach-o +>12 belong 1 object +>12 belong 2 executable +>12 belong 3 shared library +>12 belong 4 core +>12 belong 5 preload executable +>12 belong >5 +>>12 belong x filetype=%ld +>4 belong <0 +>>4 belong x architecture=%ld +>4 belong 1 vax +>4 belong 2 romp +>4 belong 3 architecture=3 +>4 belong 4 ns32032 +>4 belong 5 ns32332 +>4 belong 6 for m68k architecture +>4 belong 7 i386 +>4 belong 8 mips +>4 belong 9 ns32532 +>4 belong 10 architecture=10 +>4 belong 11 hp pa-risc +>4 belong 12 acorn +>4 belong 13 m88k +>4 belong 14 sparc +>4 belong 15 i860-big +>4 belong 16 i860 +>4 belong 17 rs6000 +>4 belong 18 powerPC +>4 belong >18 +>>4 belong x architecture=%ld diff --git a/usr.bin/file/Magdir/mail.news b/usr.bin/file/Magdir/mail.news index 64c4e1c..bd3fd2d 100644 --- a/usr.bin/file/Magdir/mail.news +++ b/usr.bin/file/Magdir/mail.news @@ -16,3 +16,6 @@ 0 string From: news or mail text 0 string Article saved news text 0 string BABYL Emacs RMAIL text +0 string Received: RFC 822 mail text +0 string MIME-Version: MIME entity text +0 string Content- MIME entity text diff --git a/usr.bin/file/Magdir/motorola b/usr.bin/file/Magdir/motorola index d9fa226..efed159 100644 --- a/usr.bin/file/Magdir/motorola +++ b/usr.bin/file/Magdir/motorola @@ -27,3 +27,6 @@ # Motorola/88Open BCS # 0 beshort 0555 88K BCS executable +# +# Motorola S-Records, from Gerd Truschinski <gt@freebsd.first.gmd.de> +0 string S0 Motorola S-Record; binary data in text format diff --git a/usr.bin/file/Magdir/netbsd b/usr.bin/file/Magdir/netbsd index ea948bd..7d92ef5 100644 --- a/usr.bin/file/Magdir/netbsd +++ b/usr.bin/file/Magdir/netbsd @@ -4,12 +4,6 @@ # # All new-style magic numbers are in network byte order. # -0 lelong 000000413 386BSD demand paged executable ->16 lelong >0 not stripped -0 lelong 000000314 BSDI demand paged executable ->16 lelong >0 not stripped ->32 byte 0x6a (uses shared libs) - 0 lelong 000000407 NetBSD little-endian object file >16 lelong >0 not stripped @@ -163,6 +157,15 @@ 0 belong&0377777777 043000507 NetBSD/vax core >12 string >\0 from '%s' +# NetBSD/alpha does not support (and has never supported) a.out objects, +# so no rules are provided for them. NetBSD/alpha ELF objects are +# dealt with in "elf". +0 leshort 0x00070185 ECOFF NetBSD/alpha binary +>10 leshort 0x0001 not stripped +>10 leshort 0x0000 stripped +0 belong&0377777777 043200507 NetBSD/alpha core +>12 string >\0 from '%s' + 0 belong&0377777777 043400413 NetBSD/mips demand paged >0 byte &0x80 >>20 belong <8192 shared library @@ -183,3 +186,24 @@ >16 belong >0 not stripped 0 belong&0377777777 043400507 NetBSD/mips core >12 string >\0 from '%s' + +0 belong&0377777777 043600413 NetBSD/arm32 demand paged +>0 byte &0x80 +>>20 lelong <8192 shared library +>>20 lelong =8192 dynamically linked executable +>>20 lelong >8192 dynamically linked executable +>0 byte ^0x80 executable +>16 lelong >0 not stripped +0 belong&0377777777 043600410 NetBSD/arm32 pure +>0 byte &0x80 dynamically linked executable +>0 byte ^0x80 executable +>16 lelong >0 not stripped +0 belong&0377777777 043600407 NetBSD/arm32 +>0 byte &0x80 dynamically linked executable +>0 byte ^0x80 +>>0 byte &0x40 position independent +>>20 lelong !0 executable +>>20 lelong =0 object file +>16 lelong >0 not stripped +0 belong&0377777777 043600507 NetBSD/arm32 core +>12 string >\0 from '%s' diff --git a/usr.bin/file/Magdir/osf1 b/usr.bin/file/Magdir/osf1 new file mode 100644 index 0000000..d2868c3 --- /dev/null +++ b/usr.bin/file/Magdir/osf1 @@ -0,0 +1,10 @@ +# +# Mach magic number info +# +0 long 0xefbe OSF/Rose object +# I386 magic number info +# +0 short 0565 i386 COFF object +# +0 string Core Alpha Digital UNIX core file +>24 string >\0 \b, generated from '%s' diff --git a/usr.bin/file/Magdir/pdf b/usr.bin/file/Magdir/pdf index 3cea0de..a1aef13 100644 --- a/usr.bin/file/Magdir/pdf +++ b/usr.bin/file/Magdir/pdf @@ -1,7 +1,7 @@ - #------------------------------------------------------------------------------ # pdf: file(1) magic for Portable Document Format # 0 string %PDF- PDF document ->5 string x \b, version %.3s +>5 byte x \b, version %c +>7 byte x \b.%c diff --git a/usr.bin/file/Magdir/printer b/usr.bin/file/Magdir/printer index 2d12bc5..d20330f 100644 --- a/usr.bin/file/Magdir/printer +++ b/usr.bin/file/Magdir/printer @@ -21,7 +21,7 @@ # HP Printer Job Language 0 string \033%-12345X@PJL HP Printer Job Language data >15 string \ ENTER\ LANGUAGE\ = ->31 string PostScript Postscript +>31 string PostScript PostScript # HP Printer Control Language, Daniel Quinlan (quinlan@yggdrasil.com) 0 string \033E\033 HP PCL printer data diff --git a/usr.bin/file/Magdir/rpm b/usr.bin/file/Magdir/rpm index 7b89c68..14ad6db 100644 --- a/usr.bin/file/Magdir/rpm +++ b/usr.bin/file/Magdir/rpm @@ -9,6 +9,9 @@ >>6 beshort 1 src >>8 beshort 1 i386 >>8 beshort 2 Alpha ->>8 beshort 3 PowerPC ->>8 beshort 4 Sparc +>>8 beshort 3 Sparc +>>8 beshort 4 MIPS +>>8 beshort 5 PowerPC +>>8 beshort 6 68000 +>>8 beshort 7 SGI >>10 string x %s diff --git a/usr.bin/file/Magdir/sgi b/usr.bin/file/Magdir/sgi index a73cfcf..ce9dbc8 100644 --- a/usr.bin/file/Magdir/sgi +++ b/usr.bin/file/Magdir/sgi @@ -1,12 +1,16 @@ #------------------------------------------------------------------------------ # sgi: file(1) magic for Silicon Graphics (MIPS, IRIS, IRIX, etc.) -# +# Dec Ultrix (MIPS) # all of SGI's *current* machines and OSes run in big-endian mode on the # MIPS machines, as far as I know. # # XXX - what is the blank "-" line? # +# kbd file definitions +0 string kbd!map kbd map file +>8 byte >0 Ver %d: +>10 short >0 with %d table(s) 0 belong 0407 old SGI 68020 executable 0 belong 0410 old SGI 68020 pure executable 0 beshort 0x8765 disk quotas file @@ -47,8 +51,8 @@ >20 beshort 05401 (paged) >8 belong >0 not stripped >8 belong 0 stripped ->22 byte x - version %d ->23 byte x .%ld +>23 byte x - version %d +>22 byte x .%ld # 0 beshort 0x6201 MIPSEL-LE COFF executable >20 beshort 03401 (impure) @@ -56,8 +60,8 @@ >20 beshort 05401 (paged) >8 belong >0 not stripped >8 belong 0 stripped ->22 byte x - version %ld ->23 byte x .%ld +>23 byte x - version %ld +>22 byte x .%ld # # MIPS 2 additions # @@ -86,7 +90,7 @@ >8 belong >0 not stripped >8 belong 0 stripped >23 byte x - version %ld ->23 byte x .%ld +>22 byte x .%ld # 0 beshort 0x6601 MIPSEL-LE MIPS-II COFF executable >20 beshort 03401 (impure) @@ -95,7 +99,7 @@ >8 belong >0 not stripped >8 belong 0 stripped >23 byte x - version %ld ->23 byte x .%ld +>22 byte x .%ld # # MIPS 3 additions # @@ -124,7 +128,7 @@ >8 belong >0 not stripped >8 belong 0 stripped >23 byte x - version %ld ->23 byte x .%ld +>22 byte x .%ld # 0 beshort 0x4201 MIPSEL-LE MIPS-III COFF executable >20 beshort 03401 (impure) @@ -133,7 +137,7 @@ >8 belong >0 not stripped >8 belong 0 stripped >23 byte x - version %ld ->23 byte x .%ld +>22 byte x .%ld # 0 beshort 0x180 MIPSEB Ucode 0 beshort 0x182 MIPSEL Ucode @@ -157,7 +161,8 @@ 0 string WNGZWZSS Wingz spreadsheet 0 string WNGZWZHP Wingz help file # -0 string \#Inventor V IRIS Inventor file +0 string \#Inventor V IRIS Inventor 1.0 file +0 string \#Inventor V2 Open Inventor 2.0 file # XXX - I don't know what next thing is! It is likely to be an image # (or movie) format 0 string glfHeadMagic(); GLF_TEXT diff --git a/usr.bin/file/Magdir/sniffer b/usr.bin/file/Magdir/sniffer new file mode 100644 index 0000000..861ec8c --- /dev/null +++ b/usr.bin/file/Magdir/sniffer @@ -0,0 +1,63 @@ + +#------------------------------------------------------------------------------ +# sniffer: file(1) magic for packet captured files +# +# From: guy@netapp.com (Guy Harris) +# +# Microsoft NetMon (packet capture/display program) capture files. +# +0 string RTSS NetMon capture file +>4 byte x - version %d +>5 byte x \b.%d +# +# Network General Sniffer capture files (the Sniffer software does, +# after all, run under MS-DOS...). +# +0 string TRSNIFF\ data\ \ \ \ \032 Sniffer capture file +>23 leshort x - version %d +>25 leshort x \b.%d +>33 byte x (Format %d, +>32 byte 0 Token ring) +>32 byte 1 Ethernet) +>32 byte 2 ARCnet) +>32 byte 3 StarLAN) +>32 byte 4 PC Network broadband) +>32 byte 5 LocalTalk) +>32 byte 6 Znet) +# +# (We call them "tcpdump capture file(s)" for now, as "tcpdump" is +# the main program that uses that format, but there's also "tcpview", +# and there may be others in the future.) +# +0 ubelong 0xa1b2c3d4 tcpdump capture file (big-endian) +>4 beshort x - version %d +>6 beshort x \b.%d +>20 belong 0 (No link-layer encapsulation +>20 belong 1 (Ethernet +>20 belong 2 (3Mb Ethernet +>20 belong 3 (AX.25 +>20 belong 4 (ProNet +>20 belong 5 (Chaos +>20 belong 6 (IEEE 802.x network +>20 belong 7 (ARCnet +>20 belong 8 (SLIP +>20 belong 9 (PPP +>20 belong 10 (FDDI +>20 belong 11 (RFC 1483 ATM +>16 belong x \b, capture length %d) +0 ulelong 0xa1b2c3d4 tcpdump capture file (little-endian) +>4 leshort x - version %d +>6 leshort x \b.%d +>20 lelong 0 (No link-layer encapsulation +>20 lelong 1 (Ethernet +>20 lelong 2 (3Mb Ethernet +>20 lelong 3 (AX.25 +>20 lelong 4 (ProNet +>20 lelong 5 (Chaos +>20 lelong 6 (IEEE 802.x network +>20 lelong 7 (ARCnet +>20 lelong 8 (SLIP +>20 lelong 9 (PPP +>20 lelong 10 (FDDI +>20 lelong 11 (RFC 1483 ATM +>16 lelong x \b, capture length %d) diff --git a/usr.bin/file/Magdir/sun b/usr.bin/file/Magdir/sun index f6695f1..2f0336a 100644 --- a/usr.bin/file/Magdir/sun +++ b/usr.bin/file/Magdir/sun @@ -84,3 +84,27 @@ >>128 string >\0 from '%s' >4 belong 456 (SPARC 4.x BCP) >>152 string >\0 from '%s' +# Sun SunPC +0 long 0xfa33c08e SunPC 4.0 Hard Disk +0 string #SUNPC_CONFIG SunPC 4.0 Properties Values +# Sun snoop +# +# XXX - are numbers stored in big-endian format, or in host byte order? +# They're the same on SPARC, but not the same on x86. +# +0 string snoop Snoop capture file +>8 long >0 - version %ld +>12 long 0 (IEEE 802.3) +>12 long 1 (IEEE 802.4) +>12 long 2 (IEEE 802.5) +>12 long 3 (IEEE 802.6) +>12 long 4 (Ethernet) +>12 long 5 (HDLC) +>12 long 6 (Character synchronous) +>12 long 7 (IBM channel-to-channel adapter) +>12 long 8 (FDDI) +>12 long 9 (Unknown) +# Sun KCMS +36 string acsp Kodak Color Management System, ICC Profile + + diff --git a/usr.bin/file/Magdir/varied.out b/usr.bin/file/Magdir/varied.out index 2d1c956..9245cfc 100644 --- a/usr.bin/file/Magdir/varied.out +++ b/usr.bin/file/Magdir/varied.out @@ -13,3 +13,6 @@ 0 beshort 0160007 amd 29k coff archive # Cray 6 beshort 0407 unicos (cray) executable +# Ultrix 4.3 +596 string \130\337\377\377 Ultrix core file +>600 string >\0 '%s' diff --git a/usr.bin/file/Magdir/xenix b/usr.bin/file/Magdir/xenix new file mode 100644 index 0000000..1acadec --- /dev/null +++ b/usr.bin/file/Magdir/xenix @@ -0,0 +1,72 @@ + +#------------------------------------------------------------------------------ +# xenix: file(1) magic for Microsoft Xenix +# +# "Middle model" stuff, and "Xenix 8086 relocatable or 80286 small +# model" lifted from "magic.xenix", with comment "derived empirically; +# treat as folklore until proven" +# +# "small model", "large model", "huge model" stuff lifted from XXX +# +# XXX - "x.out" collides with PDP-11 archives +# +0 string core core file (Xenix) +0 byte 0x80 8086 relocatable (Microsoft) +0 leshort 0xff65 x.out +>2 string __.SYMDEF randomized +>0 byte x archive +0 leshort 0x206 Microsoft a.out +>8 leshort 1 Middle model +>0x1e leshort &0x10 overlay +>0x1e leshort &0x2 separate +>0x1e leshort &0x4 pure +>0x1e leshort &0x800 segmented +>0x1e leshort &0x400 standalone +>0x1e leshort &0x8 fixed-stack +>0x1c byte &0x80 byte-swapped +>0x1c byte &0x40 word-swapped +>0x10 lelong >0 not-stripped +>0x1e leshort ^0xc000 pre-SysV +>0x1e leshort &0x4000 V2.3 +>0x1e leshort &0x8000 V3.0 +>0x1c byte &0x4 86 +>0x1c byte &0xb 186 +>0x1c byte &0x9 286 +>0x1c byte &0xa 386 +>0x1f byte <0x040 small model +>0x1f byte =0x048 large model +>0x1f byte =0x049 huge model +>0x1e leshort &0x1 executable +>0x1e leshort ^0x1 object file +>0x1e leshort &0x40 Large Text +>0x1e leshort &0x20 Large Data +>0x1e leshort &0x120 Huge Objects Enabled +>0x10 lelong >0 not stripped + +0 leshort 0x140 old Microsoft 8086 x.out +>0x3 byte &0x4 separate +>0x3 byte &0x2 pure +>0 byte &0x1 executable +>0 byte ^0x1 relocatable +>0x14 lelong >0 not stripped + +0 lelong 0x206 b.out +>0x1e leshort &0x10 overlay +>0x1e leshort &0x2 separate +>0x1e leshort &0x4 pure +>0x1e leshort &0x800 segmented +>0x1e leshort &0x400 standalone +>0x1e leshort &0x1 executable +>0x1e leshort ^0x1 object file +>0x1e leshort &0x4000 V2.3 +>0x1e leshort &0x8000 V3.0 +>0x1c byte &0x4 86 +>0x1c byte &0xb 186 +>0x1c byte &0x9 286 +>0x1c byte &0x29 286 +>0x1c byte &0xa 386 +>0x1e leshort &0x4 Large Text +>0x1e leshort &0x2 Large Data +>0x1e leshort &0x102 Huge Objects Enabled + +0 leshort 0x580 XENIX 8086 relocatable or 80286 small model diff --git a/usr.bin/file/internat.c b/usr.bin/file/internat.c new file mode 100644 index 0000000..59a508a --- /dev/null +++ b/usr.bin/file/internat.c @@ -0,0 +1,72 @@ +#include "file.h" + +#include <string.h> + +#define F 0 +#define T 1 + +/* + * List of characters that look "reasonable" in international + * language texts. That's almost all characters :), except a + * few in the control range of ASCII (all the known international + * charactersets share the bottom half with ASCII). + */ +static char maybe_internat[256] = { + F, F, F, F, F, F, F, F, T, T, T, T, T, T, F, F, /* 0x0X */ + F, F, F, F, F, F, F, F, F, F, F, T, F, F, F, F, /* 0x1X */ + T, T, T, T, T, T, T, T, T, T, T, T, T, T, T, T, /* 0x2X */ + T, T, T, T, T, T, T, T, T, T, T, T, T, T, T, T, /* 0x3X */ + T, T, T, T, T, T, T, T, T, T, T, T, T, T, T, T, /* 0x4X */ + T, T, T, T, T, T, T, T, T, T, T, T, T, T, T, T, /* 0x5X */ + T, T, T, T, T, T, T, T, T, T, T, T, T, T, T, T, /* 0x6X */ + T, T, T, T, T, T, T, T, T, T, T, T, T, T, T, F, /* 0x7X */ + T, T, T, T, T, T, T, T, T, T, T, T, T, T, T, T, /* 0x8X */ + T, T, T, T, T, T, T, T, T, T, T, T, T, T, T, T, /* 0x9X */ + T, T, T, T, T, T, T, T, T, T, T, T, T, T, T, T, /* 0xaX */ + T, T, T, T, T, T, T, T, T, T, T, T, T, T, T, T, /* 0xbX */ + T, T, T, T, T, T, T, T, T, T, T, T, T, T, T, T, /* 0xcX */ + T, T, T, T, T, T, T, T, T, T, T, T, T, T, T, T, /* 0xdX */ + T, T, T, T, T, T, T, T, T, T, T, T, T, T, T, T, /* 0xeX */ + T, T, T, T, T, T, T, T, T, T, T, T, T, T, T, T /* 0xfX */ +}; + +/* Maximal length of a line we consider "reasonable". */ +#define MAXLINELEN 300 + +int +internatmagic(buf, nbytes) + unsigned char *buf; + int nbytes; +{ + int i; + unsigned char *cp; + + nbytes--; + + /* First, look whether there are "unreasonable" characters. */ + for (i = 0, cp = buf; i < nbytes; i++, cp++) + if (!maybe_internat[*cp]) + return 0; + + /* + * Now, look whether the file consists of lines of + * "reasonable" length. + */ + + for (i = 0; i < nbytes;) { + cp = memchr(buf, '\n', nbytes - i); + if (cp == NULL) { + /* Don't fail if we hit the end of buffer. */ + if (i + MAXLINELEN >= nbytes) + break; + else + return 0; + } + if (cp - buf > MAXLINELEN) + return 0; + i += (cp - buf + 1); + buf = cp + 1; + } + ckfputs("International language text", stdout); + return 1; +} diff --git a/usr.bin/file/readelf.c b/usr.bin/file/readelf.c new file mode 100644 index 0000000..a007cca --- /dev/null +++ b/usr.bin/file/readelf.c @@ -0,0 +1,314 @@ + +#ifdef BUILTIN_ELF +#include <sys/types.h> +#include <string.h> +#include <stdio.h> +#include <ctype.h> +#include <stdlib.h> +#include <unistd.h> +#include <errno.h> + +#include "readelf.h" +#include "file.h" + +static void +doshn(fd, off, num, size, buf) + int fd; + off_t off; + int num; + size_t size; + char *buf; +{ + /* + * This works for both 32-bit and 64-bit ELF formats, + * because it looks only at the "sh_type" field, which is + * always 32 bits, and is preceded only by the "sh_name" + * field which is also always 32 bits, and because it uses + * the shdr size from the ELF header rather than using + * the size of an "Elf32_Shdr". + */ + Elf32_Shdr *sh = (Elf32_Shdr *) buf; + + if (lseek(fd, off, SEEK_SET) == -1) + error("lseek failed (%s).\n", strerror(errno)); + + for ( ; num; num--) { + if (read(fd, buf, size) == -1) + error("read failed (%s).\n", strerror(errno)); + if (sh->sh_type == SHT_SYMTAB) { + (void) printf (", not stripped"); + return; + } + } + (void) printf (", stripped"); +} + +/* + * Look through the program headers of an executable image, searching + * for a PT_INTERP section; if one is found, it's dynamically linked, + * otherwise it's statically linked. + */ +static void +dophn_exec(fd, off, num, size, buf) + int fd; + off_t off; + int num; + size_t size; + char *buf; +{ + /* I am not sure if this works for 64 bit elf formats */ + Elf32_Phdr *ph = (Elf32_Phdr *) buf; + + if (lseek(fd, off, SEEK_SET) == -1) + error("lseek failed (%s).\n", strerror(errno)); + + for ( ; num; num--) { + if (read(fd, buf, size) == -1) + error("read failed (%s).\n", strerror(errno)); + if (ph->p_type == PT_INTERP) { + /* + * Has an interpreter - must be a dynamically-linked + * executable. + */ + printf(", dynamically linked"); + return; + } + } + printf(", statically linked"); +} + +size_t prpsoffsets[] = { + 100, /* SunOS 5.x */ + 32, /* Linux */ +}; + +#define NOFFSETS (sizeof prpsoffsets / sizeof prpsoffsets[0]) + +/* + * Look through the program headers of an executable image, searching + * for a PT_NOTE section of type NT_PRPSINFO, with a name "CORE"; if one + * is found, try looking in various places in its contents for a 16-character + * string containing only printable characters - if found, that string + * should be the name of the program that dropped core. + * Note: right after that 16-character string is, at least in SunOS 5.x + * (and possibly other SVR4-flavored systems) and Linux, a longer string + * (80 characters, in 5.x, probably other SVR4-flavored systems, and Linux) + * containing the start of the command line for that program. + */ +static void +dophn_core(fd, off, num, size, buf) + int fd; + off_t off; + int num; + size_t size; + char *buf; +{ + /* + * This doesn't work for 64-bit ELF, as the "p_offset" field is + * 64 bits in 64-bit ELF. + */ + /* + * This doesn't work for 64-bit ELF, as the "p_offset" field is + * 64 bits in 64-bit ELF. + */ + Elf32_Phdr *ph = (Elf32_Phdr *) buf; + Elf32_Nhdr *nh; + size_t offset, noffset, reloffset; + unsigned char c; + int i, j; + char nbuf[BUFSIZ]; + int bufsize; + + for ( ; num; num--) { + if (lseek(fd, off, SEEK_SET) == -1) + error("lseek failed (%s).\n", strerror(errno)); + if (read(fd, buf, size) == -1) + error("read failed (%s).\n", strerror(errno)); + off += size; + if (ph->p_type != PT_NOTE) + continue; + if (lseek(fd, ph->p_offset, SEEK_SET) == -1) + error("lseek failed (%s).\n", strerror(errno)); + bufsize = read(fd, nbuf, BUFSIZ); + if (bufsize == -1) + error("read failed (%s).\n", strerror(errno)); + offset = 0; + for (;;) { + if (offset >= bufsize) + break; + nh = (Elf32_Nhdr *)&nbuf[offset]; + offset += sizeof *nh; + + /* + * If this note isn't an NT_PRPSINFO note, it's + * not what we're looking for. + */ + if (nh->n_type != NT_PRPSINFO) { + offset += nh->n_namesz; + offset = ((offset + 3)/4)*4; + offset += nh->n_descsz; + offset = ((offset + 3)/4)*4; + continue; + } + + /* + * Make sure this note has the name "CORE". + */ + if (offset + nh->n_namesz >= bufsize) { + /* + * We're past the end of the buffer. + */ + break; + } + if (nh->n_namesz != 5 + || strcmp(&nbuf[offset], "CORE") != 0) + continue; + offset += nh->n_namesz; + offset = ((offset + 3)/4)*4; + + /* + * Extract the program name. We assume it to be + * 16 characters (that's what it is in SunOS 5.x + * and Linux). + * + * Unfortunately, it's at a different offset in + * SunOS 5.x and Linux, so try multiple offsets. + * If the characters aren't all printable, reject + * it. + */ + for (i = 0; i < NOFFSETS; i++) { + reloffset = prpsoffsets[i]; + noffset = offset + reloffset; + for (j = 0; j < 16; + j++, noffset++, reloffset++) { + /* + * Make sure we're not past the end + * of the buffer; if we are, just + * give up. + */ + if (noffset >= bufsize) + return; + + /* + * Make sure we're not past the + * end of the contents; if we + * are, this obviously isn't + * the right offset. + */ + if (reloffset >= nh->n_descsz) + goto tryanother; + + c = nbuf[noffset]; + if (c != '\0' && !isprint(c)) + goto tryanother; + } + + /* + * Well, that worked. + */ + printf(", from '%.16s'", + &nbuf[offset + prpsoffsets[i]]); + return; + + tryanother: + ; + } + offset += nh->n_descsz; + offset = ((offset + 3)/4)*4; + } + } +} + +void +tryelf(fd, buf, nbytes) + int fd; + char *buf; + int nbytes; +{ + union { + int32 l; + char c[sizeof (int32)]; + } u; + + /* + * ELF executables have multiple section headers in arbitrary + * file locations and thus file(1) cannot determine it from easily. + * Instead we traverse thru all section headers until a symbol table + * one is found or else the binary is stripped. + */ + if (buf[EI_MAG0] != ELFMAG0 || buf[EI_MAG1] != ELFMAG1 + || buf[EI_MAG2] != ELFMAG2 || buf[EI_MAG3] != ELFMAG3) + return; + + + if (buf[4] == ELFCLASS32) { + Elf32_Ehdr elfhdr; + if (nbytes <= sizeof (Elf32_Ehdr)) + return; + + + u.l = 1; + (void) memcpy(&elfhdr, buf, sizeof elfhdr); + /* + * If the system byteorder does not equal the + * object byteorder then don't test. + * XXX - we could conceivably fix up the "dophn_XXX()" and + * "doshn()" routines to extract stuff in the right + * byte order.... + */ + if ((u.c[sizeof(long) - 1] + 1) == elfhdr.e_ident[5]) { + if (elfhdr.e_type == ET_CORE) + dophn_core(fd, elfhdr.e_phoff, elfhdr.e_phnum, + elfhdr.e_phentsize, buf); + else { + if (elfhdr.e_type == ET_EXEC) { + dophn_exec(fd, elfhdr.e_phoff, + elfhdr.e_phnum, + elfhdr.e_phentsize, buf); + } + doshn(fd, elfhdr.e_shoff, elfhdr.e_shnum, + elfhdr.e_shentsize, buf); + } + } + return; + } + + if (buf[4] == ELFCLASS64) { + Elf64_Ehdr elfhdr; + if (nbytes <= sizeof (Elf64_Ehdr)) + return; + + + u.l = 1; + (void) memcpy(&elfhdr, buf, sizeof elfhdr); + + /* + * If the system byteorder does not equal the + * object byteorder then don't test. + * XXX - we could conceivably fix up the "dophn_XXX()" and + * "doshn()" routines to extract stuff in the right + * byte order.... + */ + if ((u.c[sizeof(long) - 1] + 1) == elfhdr.e_ident[5]) { +#ifdef notyet + if (elfhdr.e_type == ET_CORE) + dophn_core(fd, elfhdr.e_phoff, elfhdr.e_phnum, + elfhdr.e_phentsize, buf); + else +#endif + { +#ifdef notyet + if (elfhdr.e_type == ET_EXEC) { + dophn_exec(fd, elfhdr.e_phoff, + elfhdr.e_phnum, + elfhdr.e_phentsize, buf); + } +#endif + doshn(fd, elfhdr.e_shoff, elfhdr.e_shnum, + elfhdr.e_shentsize, buf); + } + } + return; + } +} +#endif diff --git a/usr.bin/file/readelf.h b/usr.bin/file/readelf.h new file mode 100644 index 0000000..c4b42d7 --- /dev/null +++ b/usr.bin/file/readelf.h @@ -0,0 +1,167 @@ +/* + * readelf.h + * @(#)$Id: readelf.h,v 1.4 1997/01/15 17:23:24 christos Exp $ + * + * Provide elf data structures for non-elf machines, allowing file + * non-elf hosts to determine if an elf binary is stripped. + * Note: cobbled from the linux header file, with modifications + */ +#ifndef __fake_elf_h__ +#define __fake_elf_h__ + +typedef unsigned int Elf32_Addr; +typedef unsigned short Elf32_Half; +typedef unsigned int Elf32_Off; +typedef unsigned int Elf32_Word; +typedef unsigned char Elf32_Char; + +/* XXX: We need 64 bit numbers here */ +typedef unsigned int Elf64_Addr[2]; +typedef unsigned short Elf64_Half; +typedef unsigned int Elf64_Off[2]; +typedef unsigned int Elf64_Word; +typedef unsigned char Elf64_Char; + +#define EI_NIDENT 16 + +typedef struct { + Elf32_Char e_ident[EI_NIDENT]; + Elf32_Half e_type; + Elf32_Half e_machine; + Elf32_Word e_version; + Elf32_Addr e_entry; /* Entry point */ + Elf32_Off e_phoff; + Elf32_Off e_shoff; + Elf32_Word e_flags; + Elf32_Half e_ehsize; + Elf32_Half e_phentsize; + Elf32_Half e_phnum; + Elf32_Half e_shentsize; + Elf32_Half e_shnum; + Elf32_Half e_shstrndx; +} Elf32_Ehdr; + +typedef struct { + Elf64_Char e_ident[EI_NIDENT]; + Elf64_Half e_type; + Elf64_Half e_machine; + Elf64_Word e_version; + Elf64_Addr e_entry; /* Entry point */ + Elf64_Off e_phoff; + Elf64_Off e_shoff; + Elf64_Word e_flags; + Elf64_Half e_ehsize; + Elf64_Half e_phentsize; + Elf64_Half e_phnum; + Elf64_Half e_shentsize; + Elf64_Half e_shnum; + Elf64_Half e_shstrndx; +} Elf64_Ehdr; + +/* e_type */ +#define ET_EXEC 2 +#define ET_CORE 4 + +/* sh_type */ +#define SHT_SYMTAB 2 +#define SHT_NOTE 7 + +/* elf type */ +#define ELFDATANONE 0 /* e_ident[EI_DATA] */ +#define ELFDATA2LSB 1 +#define ELFDATA2MSB 2 + +/* elf class */ +#define ELFCLASSNONE 0 +#define ELFCLASS32 1 +#define ELFCLASS64 2 + +/* magic number */ +#define EI_MAG0 0 /* e_ident[] indexes */ +#define EI_MAG1 1 +#define EI_MAG2 2 +#define EI_MAG3 3 +#define EI_CLASS 4 +#define EI_DATA 5 +#define EI_VERSION 6 +#define EI_PAD 7 + +#define ELFMAG0 0x7f /* EI_MAG */ +#define ELFMAG1 'E' +#define ELFMAG2 'L' +#define ELFMAG3 'F' +#define ELFMAG "\177ELF" + +typedef struct { + Elf32_Word p_type; + Elf32_Off p_offset; + Elf32_Addr p_vaddr; + Elf32_Addr p_paddr; + Elf32_Word p_filesz; + Elf32_Word p_memsz; + Elf32_Word p_flags; + Elf32_Word p_align; +} Elf32_Phdr; + +#define PT_NULL 0 /* p_type */ +#define PT_LOAD 1 +#define PT_DYNAMIC 2 +#define PT_INTERP 3 +#define PT_NOTE 4 +#define PT_SHLIB 5 +#define PT_PHDR 6 +#define PT_NUM 7 + +typedef struct { + Elf32_Word sh_name; + Elf32_Word sh_type; + Elf32_Word sh_flags; + Elf32_Addr sh_addr; + Elf32_Off sh_offset; + Elf32_Word sh_size; + Elf32_Word sh_link; + Elf32_Word sh_info; + Elf32_Word sh_addralign; + Elf32_Word sh_entsize; +} Elf32_Shdr; + +typedef struct { + Elf64_Word sh_name; + Elf64_Word sh_type; + Elf64_Off sh_flags; + Elf64_Addr sh_addr; + Elf64_Off sh_offset; + Elf64_Off sh_size; + Elf64_Word sh_link; + Elf64_Word sh_info; + Elf64_Off sh_addralign; + Elf64_Off sh_entsize; +} Elf64_Shdr; + +/* Notes used in ET_CORE */ +#define NT_PRSTATUS 1 +#define NT_PRFPREG 2 +#define NT_PRPSINFO 3 +#define NT_TASKSTRUCT 4 + +/* Note header in a PT_NOTE section */ +typedef struct elf_note { + Elf32_Word n_namesz; /* Name size */ + Elf32_Word n_descsz; /* Content size */ + Elf32_Word n_type; /* Content type */ +} Elf32_Nhdr; + +typedef struct { + Elf64_Word n_namesz; + Elf64_Word n_descsz; + Elf64_Word n_type; +} Elf64_Nhdr; + +#define NT_PRSTATUS 1 +#define NT_PRFPREG 2 +#define NT_PRPSINFO 3 +#define NT_PRXREG 4 +#define NT_PLATFORM 5 +#define NT_AUXV 6 + +#endif |