aboutsummaryrefslogtreecommitdiff
path: root/contrib/file/magic/Magdir/coff
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/file/magic/Magdir/coff')
-rw-r--r--contrib/file/magic/Magdir/coff178
1 files changed, 149 insertions, 29 deletions
diff --git a/contrib/file/magic/Magdir/coff b/contrib/file/magic/Magdir/coff
index 535187c2ce9e..d42b9ebeec7a 100644
--- a/contrib/file/magic/Magdir/coff
+++ b/contrib/file/magic/Magdir/coff
@@ -1,48 +1,92 @@
#------------------------------------------------------------------------------
-# $File: coff,v 1.6 2021/04/26 15:56:00 christos Exp $
+# $File: coff,v 1.15 2024/11/10 18:54:33 christos Exp $
# coff: file(1) magic for Common Object Files not specific to known cpu types or manufactures
#
# COFF
#
-# by Joerg Jenderek at Oct 2015, Feb 2021
+# by Joerg Jenderek at Oct 2015, Feb 2021, Mar 2024
# https://en.wikipedia.org/wiki/COFF
# https://de.wikipedia.org/wiki/Common_Object_File_Format
# http://www.delorie.com/djgpp/doc/coff/filhdr.html
+# https://learn.microsoft.com/en-us/windows/win32/debug/pe-format#coff-file-header-object-and-image
+# https://formats.kaitai.io/uefi_te/index.html
+
+# Display COFF processor type, including MS COFF and PE/COFF
+0 name display-coff-processor
+# PE/COFF, DJGPP, i386 COFF executable, MS Windows COFF Intel i386 object file (./intel)
+>0 uleshort 0x014c Intel i386
+>0 uleshort 0x014d Intel i860
+>0 uleshort 0x0160 MIPS R3000 (big-endian)
+>0 uleshort 0x0162 MIPS R3000
+>0 uleshort 0x0166 MIPS R4000
+>0 uleshort 0x0168 MIPS R10000
+>0 uleshort 0x0169 MIPS WCE v2
+>0 uleshort 0x0184 Alpha 32-bit
+>0 uleshort 0x01a2 Hitachi SH3
+>0 uleshort 0x01a3 Hitachi SH3 DSP
+>0 uleshort 0x01a4 Hitachi SH4E
+>0 uleshort 0x01a6 Hitachi SH4
+>0 uleshort 0x01a8 Hitachi SH5
+>0 uleshort 0x01c0 ARMv4
+>0 uleshort 0x01c2 ARMv4T
+>0 uleshort 0x01c4 ARMv7
+>0 uleshort 0x01d3 Matsushita AM33
+# executable (RISC System/6000 V3.1) or obj module (./ibm6000 v 1.15), not PE/COFF
+>0 uleshort 0x01df RISC System/6000
+>0 uleshort 0x01f0 PowerPC 32-bit (little-endian)
+>0 uleshort 0x01f1 PowerPC 32-bit with FPU (little-endian)
+>0 uleshort 0x01f2 PowerPC 64-bit (big-endian)
+>0 uleshort 0x0200 Intel Itanium
+>0 uleshort 0x0266 MIPS16
+>0 uleshort 0x0268 Motorola 68000
+>0 uleshort 0x0284 Alpha 64-bit
+>0 uleshort 0x0290 PA-RISC
+>0 uleshort 0x0366 MIPS with FPU
+>0 uleshort 0x0466 MIPS16 with FPU
+# Hitachi SH big-endian COFF (./hitachi-sh), not PE/COFF
+>0 uleshort 0x0500 Hitachi SH (big-endian)
+>0 uleshort 0x0520 Tricore
+# Hitachi SH little-endian COFF (./hitachi-sh), not PE/COFF
+>0 uleshort 0x0550 Hitachi SH (little-endian)
+>0 uleshort 0x0601 PowerPC 32-bit (big-endian)
+# Windows CE 3.0 Common Executable Format, created by linkcef.exe with /MACHINE:CEF flag
+# https://web.archive.org/web/20000819035046/http://microsoft.com/windows/embedded/ce/downloads/cef.asp
+# https://web.archive.org/web/20000914080342/http://microsoft.com/windows/embedded/ce/developer/applications/appdevelopment/cef2.asp
+# https://web.archive.org/web/20021022055906/http://msdn.microsoft.com/library/en-us/dnce30/html/cef2.asp
+>0 uleshort 0x0cef Common Executable Format
+>0 uleshort 0x0ebc EFI byte code
+>0 uleshort 0x3a64 ARM64 (i386 ABI)
+>0 uleshort 0x5032 RISC-V 32-bit
+>0 uleshort 0x5064 RISC-V 64-bit
+>0 uleshort 0x5128 RISC-V 128-bit
+>0 uleshort 0x6232 LoongArch 32-bit
+>0 uleshort 0x6264 LoongArch 64-bit
+>0 uleshort 0x8664 x86-64
+>0 uleshort 0x9041 Mitsubishi M32R
+>0 uleshort 0xa641 ARM64 (x86-64 ABI)
+>0 uleshort 0xa64e ARM64 (classic + x86-64 ABI)
+# PE/COFF ARM64 classic ABI, ARM COFF (./arm)
+>0 uleshort 0xaa64 ARM64
+>0 uleshort 0xace1 OMNI VM (omniprox.dll)
+# Processor type CEE can be only in object files (created by older ilasm.exe with /OBJECT flag), not in PE executables
+>0 uleshort 0xc0ee COM+ Execution Engine
+>0 default x Unknown processor
+>>0 uleshort x 0x%04x
# display name+variables+flags of Common Object Files Format (32bit)
# Maybe used also in adi,att3b,clipper,hitachi-sh,hp,ibm6000,intel,
# mips,motorola,msdos,osf1,sharc,varied.out,vax
0 name display-coff
-# test for unused flag bits (0x8000,0x0800,0x0400,0x0200,x0080) in f_flags
->18 uleshort&0x8E80 0
+# test for unused flag bits (0x8000,x0080) in f_flags
+# flag bits (0x0800,0x0400,0x0200) now seems to be used in RISC System/6000 V3.1
+>18 uleshort&0x8080 0
# skip DOCTOR.DAILY READER.NDA REDBOX.ROOT by looking for positive number of sections
>>2 uleshort >0
# skip ega80woa.fnt svgafix.fnt HP3FNTS1.DAT HP3FNTS2.DAT INTRO.ACT LEARN.PIF by looking for low number of sections
>>>2 uleshort <4207
->>>>0 clear x
# f_magic - magic number
-# DJGPP, 80386 COFF executable, MS Windows COFF Intel 80386 object file (./intel)
->>>>0 uleshort 0x014C Intel 80386
-# Hitachi SH big-endian COFF (./hitachi-sh)
->>>>0 uleshort 0x0500 Hitachi SH big-endian
-# Hitachi SH little-endian COFF (./hitachi-sh)
->>>>0 uleshort 0x0550 Hitachi SH little-endian
-# executable (RISC System/6000 V3.1) or obj module (./ibm6000)
-#>>>>0 uleshort 0x01DF
-# MS Windows COFF Intel Itanium, AMD64
-# https://msdn.microsoft.com/en-us/library/windows/desktop/ms680313(v=vs.85).aspx
->>>>0 uleshort 0x0200 Intel ia64
->>>>0 uleshort 0x8664 Intel amd64
-# ARM COFF (./arm)
->>>>0 uleshort 0xaa64 Aarch64
->>>>0 uleshort 0x01c0 ARM
->>>>0 uleshort 0x01c2 ARM Thumb
->>>>0 uleshort 0x01c4 ARMv7 Thumb
-# TODO for other COFFs
-#>>>>0 uleshort 0xABCD COFF_TEMPLATE
->>>>0 default x
->>>>>0 uleshort x type %#04x
+>>>>0 use display-coff-processor
>>>>0 uleshort x COFF
# F_EXEC flag bit
>>>>18 leshort ^0x0002 object file
@@ -52,6 +96,9 @@
#!:ext cof/o/obj/lib
>>>>18 leshort &0x0002 executable
#!:mime application/x-coffexec
+!:mime application/x-coff-executable
+# typically no file name suffix for executables
+!:ext /
# F_RELFLG flag bit,static object
>>>>18 leshort &0x0001 \b, no relocation info
# F_LNNO flag bit
@@ -78,16 +125,39 @@
# like: 0 2 7 9 10 11 20 35 41 63 71 80 105 146 153 158 170 208 294 572 831 1546
>>>>12 ulelong >0 \b, %d symbols
# f_opthdr - optional header size. An object file should have a value of 0
+# like: 72 (IBM\HH\HYPERHLP)
>>>>16 uleshort >0 \b, optional header size %u
-# f_timdat - file time & date stamp only for little endian
+# f_timdat - file time & date stamp
>>>>4 ledate >0 \b, created %s
# at offset 20 can be optional header, extra bytes FILHSZ-20 because
# do not rely on sizeof(FILHDR) to give the correct size for header.
# or first section header
# additional variables for other COFF files
>>>>16 uleshort =0
-# first section name s_name[8] like: .text .data .debug$S .drectve .testseg
->>>>>20 string x \b, 1st section name "%.8s"
+# most section names start with point character except samples created by "exotic" compilers
+# first section name s_name[8] like: .text .data .debug$S .drectve .testseg .rsrc .rsrc$01 .pad
+>>>>>(16.s+20) string x \b, 1st section name "%.8s"
+# physical address s_paddr like: 0
+#>>>>>(16.s+28) lelong !0 \b, s_paddr %#8.8x
+# virtual address s_vaddr like: 0
+#>>>>>(16.s+32) lelong !0 \b, s_vaddr %#8.8x
+# section size s_size
+#>>>>>(16.s+36) lelong x \b, s_size %#8.8x
+# file ptr to raw data for section s_scnpt
+#>>>>>(16.s+40) lelong x \b, s_scnpt %#8.8x
+# file ptr to relocation s_relptr like: 0
+#>>>>>(16.s+44) lelong !0 \b, s_relptr %#8.8x
+# file ptr to gp histogram s_lnnoptr like: 0
+#>>>>>(16.s+48) lelong !0 \b, s_lnnoptr %#8.8x
+# number of relocation entries s_nreloc like: 0 1 2 5 6 8 19h 26h 27h 38h 50h 5Fh 89h Dh 1Ch 69h A9h 1DCh 651h
+#>>>>>(16.s+52) uleshort x \b, s_nreloc %#4.4x
+# number of gp histogram entries s_nlnno like: 0
+#>>>>>(16.s+54) uleshort !0 \b, s_nlnno %#4.4x
+# flags s_flags
+#>>>>>(16.s+56) lelong x \b, s_flags %#8.8x
+# second section name s_name[8] like: .bss .data .debug$S .rsrc$01
+>>>>2 uleshort >1
+>>>>>(16.s+60) string x \b, 2nd section name "%.8s"
# >20 beshort 0407 (impure)
# >20 beshort 0410 (pure)
# >20 beshort 0413 (demand paged)
@@ -95,3 +165,53 @@
# >22 leshort >0 - version %d
# >168 string .lowmem Apple toolbox
+# PowerPC COFF object file or executable
+0 leshort 0x01f0
+>16 leshort 0
+>>0 use display-coff
+# can be created by: LINK.EXE /MACHINE:powerpc /ROM
+>16 leshort !0
+>>18 leshort &0x0002
+>>>20 leshort 0x010b
+>>>>0 use display-coff
+0 leshort 0x01f1
+>16 leshort 0
+>>0 use display-coff
+0 leshort 0x01f2
+>16 leshort 0
+>>0 use display-coff
+0 leshort 0x0601
+>16 leshort 0
+>>0 use display-coff
+# can be created by: LINK.EXE /MACHINE:MPPC /ROM
+>16 leshort !0
+>>18 leshort &0x0002
+>>>20 leshort 0x010b
+>>>>0 use display-coff
+
+0 name display-subsystem
+>0 ubyte 0 unknown
+>0 ubyte 1 native
+>0 ubyte 2 windows_gui
+>0 ubyte 3 windows_cui
+>0 ubyte 7 posix_cui
+>0 ubyte 9 windows_ce_gui
+>0 ubyte 10 efi_application
+>0 ubyte 11 efi_boot_service_driver
+>0 ubyte 12 efi_runtime_driver
+>0 ubyte 13 efi_rom
+>0 ubyte 14 xbox
+>0 ubyte 16 windows_boot-application
+>0 default x Unknown subsystem
+>>0 ubyte x %#x
+
+
+# https://formats.kaitai.io/uefi_te/index.html
+0 string VZ TE (Terse Executable) file
+>2 use display-coff-processor
+>4 byte x \b, sections %d
+>5 use display-subsystem
+>6 uleshort x \b, stripped-size %u
+>8 ulelong x \b, entry %#x
+>12 ulelong x \b, base_of_code %#x
+>16 ulequad x \b, image_base %#llx
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-26 19:23:36 +0000