--- file-4.17/magic/Magdir/msdos.orig 2006-03-02 22:50:36.000000000 +0100 +++ file-4.17/magic/Magdir/msdos 2006-07-25 13:13:03.874440000 +0200 @@ -5,11 +5,10 @@ # .BAT files (Daniel Quinlan, quinlan@yggdrasil.com) # updated by Joerg Jenderek -0 string @ ->1 string/cB \ echo\ off MS-DOS batch file text ->1 string/cB echo\ off MS-DOS batch file text ->1 string/cB rem\ MS-DOS batch file text ->1 string/cB set\ MS-DOS batch file text +0 string/cB @\ echo\ off MS-DOS batch file text +0 string/cB @echo\ off MS-DOS batch file text +0 string/cB @rem\ MS-DOS batch file text +0 string/cB @set\ MS-DOS batch file text # OS/2 batch files are REXX. the second regex is a bit generic, oh well @@ -261,9 +260,9 @@ # Uncommenting only the first two lines will cover about 2/3 of COM files, # but it isn't feasible to match all COM files since there must be at least # two dozen different one-byte "magics". -0 byte 0xe9 DOS executable (COM) ->0x1FE leshort 0xAA55 \b, boot code ->6 string SFX\ of\ LHarc (%s) +#0 byte 0xe9 +#>0x1FE leshort 0xAA55 DOS executable (COM), boot code +#>6 string SFX\ of\ LHarc DOS executable (COM) (%s) 0 belong 0xffffffff DOS executable (device driver) #CMD640X2.SYS >10 string >\x23 @@ -285,49 +284,48 @@ >>77 string >\x40 >>>77 string <\x5B >>>>77 string x \b, name: %.8s -0 byte 0x8c DOS executable (COM) # 0xeb conflicts with "sequent" magic -0 byte 0xeb DOS executable (COM) ->0x1FE leshort 0xAA55 \b, boot code ->85 string UPX \b, UPX compressed ->4 string \ $ARX \b, ARX self-extracting archive ->4 string \ $LHarc \b, LHarc self-extracting archive ->0x20e string SFX\ by\ LARC \b, LARC self-extracting archive -0 byte 0xb8 COM executable +#0 byte 0xeb +#>0x1FE leshort 0xAA55 DOS executable (COM), boot code +#>85 string UPX DOS executable (COM), UPX compressed +#>4 string \ $ARX DOS executable (COM), ARX self-extracting archive +#>4 string \ $LHarc DOS executable (COM), LHarc self-extracting archive +#>0x20e string SFX\ by\ LARC DOS executable (COM), LARC self-extracting archive +#0 byte 0xb8 # modified by Joerg Jenderek ->1 lelong !0x21cd4cff for DOS +#>1 lelong !0x21cd4cff COM executale for DOS # http://syslinux.zytor.com/comboot.php # (32-bit COMBOOT) programs *.C32 contain 32-bit code and run in flat-memory 32-bit protected mode # start with assembler instructions mov eax,21cd4cffh ->1 lelong 0x21cd4cff (32-bit COMBOOT) +#>1 lelong 0x21cd4cff COM executable (32-bit COMBOOT) 0 string \x81\xfc >4 string \x77\x02\xcd\x20\xb9 >>36 string UPX! FREE-DOS executable (COM), UPX compressed 252 string Must\ have\ DOS\ version DR-DOS executable (COM) # GRR search is not working #2 search/28 \xcd\x21 COM executable for MS-DOS -#WHICHFAT.cOM -2 string \xcd\x21 COM executable for DOS -#DELTREE.cOM DELTREE2.cOM -4 string \xcd\x21 COM executable for DOS -#IFMEMDSK.cOM ASSIGN.cOM COMP.cOM -5 string \xcd\x21 COM executable for DOS +##WHICHFAT.cOM +#2 string \xcd\x21 COM executable for DOS +##DELTREE.cOM DELTREE2.cOM +#4 string \xcd\x21 COM executable for DOS +##IFMEMDSK.cOM ASSIGN.cOM COMP.cOM +#5 string \xcd\x21 COM executable for DOS #DELTMP.COm HASFAT32.cOM -7 string \xcd\x21 ->0 byte !0xb8 COM executable for DOS +#7 string \xcd\x21 +#>0 byte !0xb8 COM executable for DOS #COMP.cOM MORE.COm -10 string \xcd\x21 ->5 string !\xcd\x21 COM executable for DOS +#10 string \xcd\x21 +#>5 string !\xcd\x21 COM executable for DOS #comecho.com -13 string \xcd\x21 COM executable for DOS +#13 string \xcd\x21 COM executable for DOS #HELP.COm EDIT.coM -18 string \xcd\x21 COM executable for MS-DOS +#18 string \xcd\x21 COM executable for MS-DOS #NWRPLTRM.COm -23 string \xcd\x21 COM executable for MS-DOS +#23 string \xcd\x21 COM executable for MS-DOS #LOADFIX.cOm LOADFIX.cOm -30 string \xcd\x21 COM executable for MS-DOS +#30 string \xcd\x21 COM executable for MS-DOS #syslinux.com 3.11 -70 string \xcd\x21 COM executable for DOS +#70 string \xcd\x21 COM executable for DOS # many compressed/converted COMs start with a copy loop instead of a jump 0x6 search/0xa \xfc\x57\xf3\xa5\xc3 COM executable for MS-DOS 0x6 search/0xa \xfc\x57\xf3\xa4\xc3 COM executable for DOS