summaryrefslogtreecommitdiffstats
path: root/contrib/file/magic/Magdir/database
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/file/magic/Magdir/database')
-rw-r--r--contrib/file/magic/Magdir/database214
1 files changed, 112 insertions, 102 deletions
diff --git a/contrib/file/magic/Magdir/database b/contrib/file/magic/Magdir/database
index 15f94b1..a0300ae 100644
--- a/contrib/file/magic/Magdir/database
+++ b/contrib/file/magic/Magdir/database
@@ -1,6 +1,6 @@
#------------------------------------------------------------------------------
-# $File: database,v 1.49 2016/06/11 17:01:51 christos Exp $
+# $File: database,v 1.52 2017/08/13 00:21:47 christos Exp $
# database: file(1) magic for various databases
#
# extracted from header/code files by Graeme Wilford (eep2gw@ee.surrey.ac.uk)
@@ -84,7 +84,7 @@
# From Max Bowsher.
12 long 0x00040988 Berkeley DB
>16 long >0 (Log, version %d, native byte-order)
-12 belong 0x00040988 Berkeley DB
+12 belong 0x00040988 Berkeley DB
>16 belong >0 (Log, version %d, big-endian)
12 lelong 0x00040988 Berkeley DB
>16 lelong >0 (Log, version %d, little-endian)
@@ -103,7 +103,7 @@
>>>12 long !0 32bit aligned
>>>>12 bedouble 8.642135e+130 big-endian
>>>>>20 long 0 64bit long
->>>>>20 long !0 32bit long
+>>>>>20 long !0 32bit long
>>>>12 ledouble 8.642135e+130 little-endian
>>>>>24 long 0 64bit long
>>>>>24 long !0 32bit long (i386)
@@ -128,22 +128,22 @@
# XXX: Weak magic.
# Alex Ott <ott@jet.msk.su>
## Paradox file formats
-#2 leshort 0x0800 Paradox
-#>0x39 byte 3 v. 3.0
-#>0x39 byte 4 v. 3.5
-#>0x39 byte 9 v. 4.x
-#>0x39 byte 10 v. 5.x
-#>0x39 byte 11 v. 5.x
-#>0x39 byte 12 v. 7.x
-#>>0x04 byte 0 indexed .DB data file
-#>>0x04 byte 1 primary index .PX file
-#>>0x04 byte 2 non-indexed .DB data file
-#>>0x04 byte 3 non-incrementing secondary index .Xnn file
-#>>0x04 byte 4 secondary index .Ynn file
-#>>0x04 byte 5 incrementing secondary index .Xnn file
-#>>0x04 byte 6 non-incrementing secondary index .XGn file
-#>>0x04 byte 7 secondary index .YGn file
-#>>>0x04 byte 8 incrementing secondary index .XGn file
+#2 leshort 0x0800 Paradox
+#>0x39 byte 3 v. 3.0
+#>0x39 byte 4 v. 3.5
+#>0x39 byte 9 v. 4.x
+#>0x39 byte 10 v. 5.x
+#>0x39 byte 11 v. 5.x
+#>0x39 byte 12 v. 7.x
+#>>0x04 byte 0 indexed .DB data file
+#>>0x04 byte 1 primary index .PX file
+#>>0x04 byte 2 non-indexed .DB data file
+#>>0x04 byte 3 non-incrementing secondary index .Xnn file
+#>>0x04 byte 4 secondary index .Ynn file
+#>>0x04 byte 5 incrementing secondary index .Xnn file
+#>>0x04 byte 6 non-incrementing secondary index .XGn file
+#>>0x04 byte 7 secondary index .YGn file
+#>>>0x04 byte 8 incrementing secondary index .XGn file
## XBase database files
# updated by Joerg Jenderek at Feb 2013
@@ -151,33 +151,33 @@
# http://www.clicketyclick.dk/databases/xbase/format/dbf.html
# http://home.f1.htw-berlin.de/scheibl/db/intern/dBase.htm
# inspect VVYYMMDD , where 1<= MM <= 12 and 1<= DD <= 31
-0 ubelong&0x0000FFFF <0x00000C20
+0 ubelong&0x0000FFFF <0x00000C20
# skip Infocom game Z-machine
->2 ubyte >0
+>2 ubyte >0
# skip Androids *.xml
->>3 ubyte >0
->>>3 ubyte <32
+>>3 ubyte >0
+>>>3 ubyte <32
# 1 < version VV
->>>>0 ubyte >1
+>>>>0 ubyte >1
# skip HELP.CA3 by test for reserved byte ( NULL )
->>>>>27 ubyte 0
+>>>>>27 ubyte 0
# reserved bytes not always 0 ; also found 0x3901 (T4.DBF) ,0x7101 (T5.DBF,T6.DBF)
#>>>>>30 ubeshort x 30NULL?%x
-# possible production flag,tag numbers(<=0x30),tag length(<=0x20), reserved (NULL)
->>>>>>24 ubelong&0xffFFFFff >0x01302000
+# possible production flag,tag numbers(<=0x30),tag length(<=0x20), reserved (NULL)
+>>>>>>24 ubelong&0xffFFFFff >0x01302000
# .DBF or .MDX
->>>>>>24 ubelong&0xffFFFFff <0x01302001
+>>>>>>24 ubelong&0xffFFFFff <0x01302001
# for Xbase Database file (*.DBF) reserved (NULL) for multi-user
->>>>>>>24 ubelong&0xffFFFFff =0
+>>>>>>>24 ubelong&0xffFFFFff =0
# test for 2 reserved NULL bytes,transaction and encryption byte flag
->>>>>>>>12 ubelong&0xFFFFfEfE 0
+>>>>>>>>12 ubelong&0xFFFFfEfE 0
# test for MDX flag
->>>>>>>>>28 ubyte x
->>>>>>>>>28 ubyte&0xf8 0
+>>>>>>>>>28 ubyte x
+>>>>>>>>>28 ubyte&0xf8 0
# header size >= 32
->>>>>>>>>>8 uleshort >31
+>>>>>>>>>>8 uleshort >31
# skip PIC15736.PCX by test for language driver name or field name
->>>>>>>>>>>32 ubyte >0
+>>>>>>>>>>>32 ubyte >0
#!:mime application/x-dbf; charset=unknown-8bit ??
#!:mime application/x-dbase
>>>>>>>>>>>>0 use xbase-type
@@ -202,22 +202,22 @@
>>>>>>>>>>>>28 ubyte&0x02 2 \b, with memo .FPT
>>>>>>>>>>>>28 ubyte&0x04 4 \b, DataBaseContainer
# 1st record offset + 1 = header size
->>>>>>>>>>>>8 uleshort >0
->>>>>>>>>>>>(8.s+1) ubyte >0
+>>>>>>>>>>>>8 uleshort >0
+>>>>>>>>>>>>(8.s+1) ubyte >0
>>>>>>>>>>>>>8 uleshort >0 \b, at offset %d
->>>>>>>>>>>>>(8.s+1) ubyte >0
+>>>>>>>>>>>>>(8.s+1) ubyte >0
>>>>>>>>>>>>>>&-1 string >\0 1st record "%s"
-# for multiple index files (*.MDX) Production flag,tag numbers(<=0x30),tag length(<=0x20), reserverd (NULL)
->>>>>>>24 ubelong&0x0133f7ff >0
+# for multiple index files (*.MDX) Production flag,tag numbers(<=0x30),tag length(<=0x20), reserved (NULL)
+>>>>>>>24 ubelong&0x0133f7ff >0
# test for reserved NULL byte
->>>>>>>>47 ubyte 0
+>>>>>>>>47 ubyte 0
# test for valid TAG key format (0x10 or 0)
->>>>>>>>>559 ubyte&0xeF 0
+>>>>>>>>>559 ubyte&0xeF 0
# test MM <= 12
->>>>>>>>>>45 ubeshort <0x0C20
->>>>>>>>>>>45 ubyte >0
->>>>>>>>>>>>46 ubyte <32
->>>>>>>>>>>>>46 ubyte >0
+>>>>>>>>>>45 ubeshort <0x0C20
+>>>>>>>>>>>45 ubyte >0
+>>>>>>>>>>>>46 ubyte <32
+>>>>>>>>>>>>>46 ubyte >0
#!:mime application/x-mdx
>>>>>>>>>>>>>>0 use xbase-type
>>>>>>>>>>>>>>0 ubyte x \b MDX
@@ -236,11 +236,11 @@
# 2nd tag name
#>>>>>>>>>>>>(26.b+548) string x \b, 2nd tag "%.11s"
#
-# Print the xBase names of different version variants
+# Print the xBase names of different version variants
0 name xbase-type
->0 ubyte <2
+>0 ubyte <2
# 1 < version
->0 ubyte >1
+>0 ubyte >1
>>0 ubyte 0x02 FoxBase
# FoxBase+/dBaseIII+, no memo
>>0 ubyte 0x03 FoxBase+/dBase III
@@ -293,7 +293,7 @@
# dBASE IV with SQL table, with memo .DBT
>>0 ubyte 0xCB dBase IV with SQL table, with memo .DBT
!:mime application/x-dbf
-# HiPer-Six format;Clipper SIX, with SMT memo file
+# HiPer-Six format;Clipper SIX, with SMT memo file
>>0 ubyte 0xE5 Clipper SIX with memo
!:mime application/x-dbf
# http://msdn.microsoft.com/en-US/library/st4a0s68(v=vs.80).aspx
@@ -318,12 +318,12 @@
# test and print the date of xBase .DBF .MDX
0 name xbase-date
# inspect YYMMDD , where 1<= MM <= 12 and 1<= DD <= 31
->0 ubelong x
->1 ubyte <13
->>1 ubyte >0
->>>2 ubyte >0
->>>>2 ubyte <32
->>>>>0 ubyte x
+>0 ubelong x
+>1 ubyte <13
+>>1 ubyte >0
+>>>2 ubyte >0
+>>>>2 ubyte <32
+>>>>>0 ubyte x
# YY is interpreted as 20YY or 19YY
>>>>>>0 ubyte <100 \b %.2d
# YY is interpreted 1900+YY; TODO: display yy or 20yy instead 1YY
@@ -333,56 +333,56 @@
# dBase memo files .DBT or .FPT
# http://msdn.microsoft.com/en-us/library/8599s21w(v=vs.80).aspx
-16 ubyte <4
->16 ubyte !2
->>16 ubyte !1
+16 ubyte <4
+>16 ubyte !2
+>>16 ubyte !1
# next free block index is positive
->>>0 ulelong >0
+>>>0 ulelong >0
# skip many JPG. ZIP, BZ2 by test for reserved bytes NULL , 0|2 , 0|1 , low byte of block size
->>>>17 ubelong&0xFFfdFE00 0x00000000
+>>>>17 ubelong&0xFFfdFE00 0x00000000
# skip many RAR by test for low byte 0 ,high byte 0|2|even of block size, 0|a|e|d7 , 0|64h
->>>>>20 ubelong&0xFF01209B 0x00000000
+>>>>>20 ubelong&0xFF01209B 0x00000000
# dBASE III
->>>>>>16 ubyte 3
+>>>>>>16 ubyte 3
# dBASE III DBT
>>>>>>>0 use dbase3-memo-print
# dBASE III DBT without version, dBASE IV DBT , FoxPro FPT , or many ZIP , DBF garbage
->>>>>>16 ubyte 0
+>>>>>>16 ubyte 0
# unusual dBASE III DBT like angest.dbt, dBASE IV DBT with block size 0 , FoxPro FPT , or garbage PCX DBF
->>>>>>>20 uleshort 0
+>>>>>>>20 uleshort 0
# FoxPro FPT , unusual dBASE III DBT like biblio.dbt or garbage
->>>>>>>>8 ulong =0
->>>>>>>>>6 ubeshort >0
+>>>>>>>>8 ulong =0
+>>>>>>>>>6 ubeshort >0
# skip emacs.PIF
->>>>>>>>>>4 ushort 0
+>>>>>>>>>>4 ushort 0
>>>>>>>>>>>0 use foxpro-memo-print
# dBASE III DBT , garbage
->>>>>>>>>6 ubeshort 0
+>>>>>>>>>6 ubeshort 0
# skip MM*DD*.bin by test for for reserved NULL byte
->>>>>>>>>>510 ubeshort 0
+>>>>>>>>>>510 ubeshort 0
# skip TK-DOS11.img image by looking for memo text
->>>>>>>>>>>512 ubelong <0xfeffff03
+>>>>>>>>>>>512 ubelong <0xfeffff03
# skip EFI executables by looking for memo text
->>>>>>>>>>>>512 ubelong >0x1F202020
->>>>>>>>>>>>>513 ubyte >0
+>>>>>>>>>>>>512 ubelong >0x1F202020
+>>>>>>>>>>>>>513 ubyte >0
# unusual dBASE III DBT like adressen.dbt
>>>>>>>>>>>>>>0 use dbase3-memo-print
# dBASE III DBT like angest.dbt, or garbage PCX DBF
->>>>>>>>8 ubelong !0
+>>>>>>>>8 ubelong !0
# skip PCX and some DBF by test for for reserved NULL bytes
->>>>>>>>>510 ubeshort 0
+>>>>>>>>>510 ubeshort 0
# skip some DBF by test of invalid version
->>>>>>>>>>0 ubyte >5
->>>>>>>>>>>0 ubyte <48
+>>>>>>>>>>0 ubyte >5
+>>>>>>>>>>>0 ubyte <48
>>>>>>>>>>>>0 use dbase3-memo-print
# dBASE IV DBT with positive block size
->>>>>>>20 uleshort >0
-# dBASE IV DBT with valid block length like 512, 1024
+>>>>>>>20 uleshort >0
+# dBASE IV DBT with valid block length like 512, 1024
# multiple of 2 in between 16 and 16 K ,implies upper and lower bits are zero
->>>>>>>>20 uleshort&0x800f 0
+>>>>>>>>20 uleshort&0x800f 0
>>>>>>>>>0 use dbase4-memo-print
-# Print the information of dBase III DBT memo file
+# Print the information of dBase III DBT memo file
0 name dbase3-memo-print
>0 ubyte x dBase III DBT
# instead 3 as version number 0 for unusual examples like biblio.dbt
@@ -395,45 +395,45 @@
>20 uleshort !0 \b, block length %u
# dBase III memo field terminated by \032\032
>512 string >\0 \b, 1st item "%s"
-# Print the information of dBase IV DBT memo file
+# Print the information of dBase IV DBT memo file
0 name dbase4-memo-print
>0 lelong x dBase IV DBT
!:mime application/x-dbt
!:ext dbt
# 8 character shorted main name of coresponding dBASE IV DBF file
->8 ubelong >0x20000000
+>8 ubelong >0x20000000
# skip unusual like for angest.dbt
->>20 uleshort >0
+>>20 uleshort >0
>>>8 string >\0 \b of %-.8s.DBF
# value 0 implies 512 as size
#>4 ulelong =0 \b, blocks size %u
# size of blocks not reliable like 0x2020204C in angest.dbt
->4 ulelong !0
+>4 ulelong !0
>>4 ulelong&0x0000003f 0 \b, blocks size %u
# dBase IV DBT with positive block length (found 512 , 1024)
>20 uleshort >0 \b, block length %u
# next available block
#>0 lelong =0 \b, next free block index %u
>0 lelong !0 \b, next free block index %u
->20 uleshort >0
->>(20.s) ubelong x
+>20 uleshort >0
+>>(20.s) ubelong x
>>>&-4 use dbase4-memofield-print
# unusual dBase IV DBT without block length (implies 512 as length)
->20 uleshort =0
->>512 ubelong x
+>20 uleshort =0
+>>512 ubelong x
>>>&-4 use dbase4-memofield-print
-# Print the information of dBase IV memo field
+# Print the information of dBase IV memo field
0 name dbase4-memofield-print
# free dBase IV memo field
->0 ubelong !0xFFFF0800
+>0 ubelong !0xFFFF0800
>>0 lelong x \b, next free block %u
>>4 lelong x \b, next used block %u
# used dBase IV memo field
->0 ubelong =0xFFFF0800
+>0 ubelong =0xFFFF0800
# length of memo field
>>4 lelong x \b, field length %d
>>>8 string >\0 \b, 1st used item "%s"
-# Print the information of FoxPro FPT memo file
+# Print the information of FoxPro FPT memo file
0 name foxpro-memo-print
>0 belong x FoxPro FPT
# Size of blocks for FoxPro ( 64,256 )
@@ -441,14 +441,14 @@
# next available block
#>0 belong =0 \b, next free block index %u
>0 belong !0 \b, next free block index %u
-# field type ( 0~picture, 1~memo, 2~object )
+# field type ( 0~picture, 1~memo, 2~object )
>512 ubelong <3 \b, field type %u
# length of memo field
->512 ubelong 1
+>512 ubelong 1
>>516 belong >0 \b, field length %d
>>>520 string >\0 \b, 1st item "%s"
-# TODO:
+# TODO:
# DBASE index file *.NDX
# DBASE Compound Index file *.CDX
# dBASE IV Printer Driver *.PRF
@@ -465,9 +465,9 @@
# Reference: https://github.com/libyal/libesedb/archive/master.zip
# libesedb-master/documentation/
# Extensible Storage Engine (ESE) Database File (EDB) format.asciidoc
-# Note: also known as "JET Blue". Used by numerous Windows components such as
+# Note: also known as "JET Blue". Used by numerous Windows components such as
# Windows Search, Mail, Exchange and Active Directory.
-4 ubelong 0xefcdab89
+4 ubelong 0xefcdab89
# unknown1
>132 ubelong 0 Extensible storage engine
!:mime application/x-ms-ese
@@ -497,8 +497,8 @@
# From: Joerg Jenderek
# URL: http://forensicswiki.org/wiki/Windows_Application_Compatibility
# Note: files contain application compatibility fixes, application compatibility modes and application help messages.
-8 string sdbf
->7 ubyte 0
+8 string sdbf
+>7 ubyte 0
# TAG_TYPE_LIST+TAG_INDEXES
>>12 uleshort 0x7802 Windows application compatibility Shim DataBase
# version? 2 3
@@ -600,10 +600,10 @@
# Reference: http://www.provue.com/Panorama/
# From: Joerg Jenderek
# NOTE: test only versions 4 and 6.0 with Windows
-# length of Panorama database name
-5 ubyte >0
+# length of Panorama database name
+5 ubyte >0
# look after database name for "some" null bits
->(5.B+7) ubelong&0xF3ffF000 0
+>(5.B+7) ubelong&0xF3ffF000 0
# look for first keyword
>>&1 search/2 DESIGN Panorama database
#!:mime application/x-panorama-database
@@ -622,3 +622,13 @@
# MUIbase Database Tool by Stefan A. Haubenthal <polluks@web.de>
0 string MBSTV\040 MUIbase DB
>6 string x version %s
+
+#
+# CDB database
+0 string NBCDB\012 NetBSD Constant Database
+>7 byte x \b, version %d
+>8 string x \b, for '%s'
+>24 lelong x \b, datasize %d
+>28 lelong x \b, entries %d
+>32 lelong x \b, index %d
+>36 lelong x \b, seed %#x
OpenPOWER on IntegriCloud