summaryrefslogtreecommitdiffstats
path: root/contrib/file/magic/Magdir/msdos
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/file/magic/Magdir/msdos')
-rw-r--r--contrib/file/magic/Magdir/msdos74
1 files changed, 60 insertions, 14 deletions
diff --git a/contrib/file/magic/Magdir/msdos b/contrib/file/magic/Magdir/msdos
index 89c141e..7755274 100644
--- a/contrib/file/magic/Magdir/msdos
+++ b/contrib/file/magic/Magdir/msdos
@@ -1,6 +1,6 @@
#------------------------------------------------------------------------------
-# $File: msdos,v 1.101 2015/08/24 05:08:48 christos Exp $
+# $File: msdos,v 1.105 2016/03/03 18:58:14 christos Exp $
# msdos: file(1) magic for MS-DOS files
#
@@ -24,7 +24,11 @@
100 search/0xffff say
>100 regex/c =^[\ \t]{0,10}say\ ['"] OS/2 REXX batch file text
-0 leshort 0x14c MS Windows COFF Intel 80386 object file
+# updated by Joerg Jenderek at Oct 2015
+# https://de.wikipedia.org/wiki/Common_Object_File_Format
+# http://www.delorie.com/djgpp/doc/coff/filhdr.html
+# ./intel already labeled COFF type 0x14c=0514 as "80386 COFF executable"
+#0 leshort 0x14c MS Windows COFF Intel 80386 object file
#>4 ledate x stamp %s
0 leshort 0x166 MS Windows COFF MIPS R4000 object file
#>4 ledate x stamp %s
@@ -405,8 +409,31 @@
#>>10 string x %-.8s
#>4 uleshort&0x4000 0x4000 \b,control strings-support)
-# test too generic ?
-0 byte 0x8c DOS executable (COM)
+# updated by Joerg Jenderek
+# GRR: line below too general as it catches also
+# rt.lib DYADISKS.PIC and many more
+# start with assembler instruction MOV
+0 ubyte 0x8c
+# skip "AppleWorks word processor data" like ARTICLE.1 ./apple
+>4 string !O====
+# skip some unknown basic binaries like RocketRnger.SHR
+>>5 string !MAIN
+# skip "GPG symmetrically encrypted data" ./gnu
+# skip "PGP symmetric key encrypted data" ./pgp
+# openpgpdefs.h: fourth byte < 14 indicate cipher algorithm type
+>>>4 ubyte >13 DOS executable (COM, 0x8C-variant)
+# the remaining files should be DOS *.COM executables
+# dosshell.COM 8cc0 2ea35f07 e85211 e88a11 b80058 cd
+# hmload.COM 8cc8 8ec0 bbc02b 89dc 83c30f c1eb04 b4
+# UNDELETE.COM 8cca 2e8916 6503 b430 cd21 8b 2e0200 8b
+# BOOTFIX.COM 8cca 2e8916 9603 b430 cd21 8b 2e0200 8b
+# RAWRITE3.COM 8cca 2e8916 d602 b430 cd21 8b 2e0200 8b
+# SHARE.COM 8cca 2e8916 d602 b430 cd21 8b 2e0200 8b
+# validchr.COM 8cca 2e8916 9603 b430 cd21 8b 2e028b1e
+# devload.COM 8cca 8916ad01 b430 cd21 8b2e0200 892e
+!:mime application/x-dosexec
+!:ext com
+
# updated by Joerg Jenderek at Oct 2008
0 ulelong 0xffff10eb DR-DOS executable (COM)
# byte 0xeb conflicts with "sequent" magic leshort 0xn2eb
@@ -418,23 +445,41 @@
>>4 string \ $ARX DOS executable (COM), ARX self-extracting archive
>>4 string \ $LHarc DOS executable (COM), LHarc self-extracting archive
>>0x20e string SFX\ by\ LARC DOS executable (COM), LARC self-extracting archive
-# updated by Joerg Jenderek at Oct 2008
-#0 byte 0xb8 COM executable
-0 uleshort&0x80ff 0x00b8
+# updated by Joerg Jenderek at Oct 2008,2015
+# following line is too general
+0 ubyte 0xb8
+# skip 2 linux kernels like memtest.bin with "\xb8\xc0\x07\x8e" in ./linux
+>0 string !\xb8\xc0\x07\x8e
# modified by Joerg Jenderek
->1 lelong !0x21cd4cff COM executable for DOS
+# syslinux COM32 or COM32R executable
+>>1 lelong&0xFFFFFFFe 0x21CD4CFe COM executable (32-bit COMBOOT
+# http://www.syslinux.org/wiki/index.php/Comboot_API
+# Since version 5.00 c32 modules switched from the COM32 object format to ELF
+!:mime application/x-c32-comboot-syslinux-exec
+!:ext c32
# http://syslinux.zytor.com/comboot.php
+# older syslinux version ( <4 )
# (32-bit COMBOOT) programs *.C32 contain 32-bit code and run in flat-memory 32-bit protected mode
# start with assembler instructions mov eax,21cd4cffh
-0 uleshort&0xc0ff 0xc0b8
->1 lelong 0x21cd4cff COM executable (32-bit COMBOOT)
+>>>1 lelong 0x21CD4CFf \b)
# syslinux:doc/comboot.txt
# A COM32R program must start with the byte sequence B8 FE 4C CD 21 (mov
# eax,21cd4cfeh) as a magic number.
-0 string/b \xb8\xfe\x4c\xcd\x21 COM executable (COM32R)
-# start with assembler instructions mov eax,21cd4cfeh
-0 uleshort&0xc0ff 0xc0b8
->1 lelong 0x21cd4cfe COM executable (32-bit COMBOOT, relocatable)
+# syslinux version (4.x)
+# "COM executable (COM32R)" or "Syslinux COM32 module" by TrID
+>>>1 lelong 0x21CD4CFe \b, relocatable)
+# remaining are DOS COM executables starting with assembler instruction MOV
+# like FreeDOS BANNER*.COM FINDDISK.COM GIF2RAW.COM WINCHK.COM
+# MS-DOS SYS.COM RESTART.COM
+# SYSLINUX.COM (version 1.40 - 2.13)
+# GFXBOOT.COM (version 3.75)
+# COPYBS.COM POWEROFF.COM INT18.COM
+>>1 default x COM executable for DOS
+!:mime application/x-dosexec
+#!:mime application/x-ms-dos-executable
+#!:mime application/x-msdos-program
+!:ext com
+
0 string/b \x81\xfc
>4 string \x77\x02\xcd\x20\xb9
>>36 string UPX! FREE-DOS executable (COM), UPX compressed
@@ -869,6 +914,7 @@
# Windows Imaging (WIM) Image
0 string/b MSWIM\000\000\000 Windows imaging (WIM) image
+0 string/b WLPWM\000\000\000 Windows imaging (WIM) image, wimlib pipable format
# The second byte of these signatures is a file version; I don't know what,
# if anything, produced files with version numbers 0-2.
OpenPOWER on IntegriCloud