Tryag File Manager

//proc/self/root/usr/share/magic

# Magic
# Magic data for file(1) command.
# Machine-generated from src/cmd/file/magdir/*; edit there only!
# Format is described in magic(files), where:
# files is 5 on V7 and BSD, 4 on SV, and ?? in the SVID.

#------------------------------------------------------------------------------
# Localstuff:  file(1) magic for locally observed files
#
# $Id: Localstuff,v 1.4 2003/03/23 04:17:27 christos Exp $
# Add any locally observed files here.  Remember:
# text if readable, executable if runnable binary, data if unreadable.

# File magic for Xen, the virtual machine monitor for x86
0	string		LinuxGuestRecord	Xen saved domain
#>2	regex		$name\ [^)]*$		%s
>20	search/256	(name			(name
>>&1	string		x			%s...)
#------------------------------------------------------------------------------
# acorn:  file(1) magic for files found on Acorn systems
#

# RISC OS Chunk File Format
# From RISC OS Programmer's Reference Manual, Appendix D
# We guess the file type from the type of the first chunk.
0	lelong		0xc3cbc6c5	RISC OS Chunk data
>12	string		OBJ_		\b, AOF object
>12	string		LIB_		\b, ALF library

# RISC OS AIF, contains "SWI OS_Exit" at offset 16.
16	lelong		0xef000011	RISC OS AIF executable

# RISC OS Draw files
# From RISC OS Programmer's Reference Manual, Appendix E
0	string 		Draw		RISC OS Draw file data

# RISC OS new format font files
# From RISC OS Programmer's Reference Manual, Appendix E
0	string		FONT\0		RISC OS outline font data,
>5	byte		x		version %d
0	string		FONT\1		RISC OS 1bpp font data,
>5	byte		x		version %d
0	string		FONT\4		RISC OS 4bpp font data
>5	byte		x		version %d

# RISC OS Music files
# From RISC OS Programmer's Reference Manual, Appendix E
0	string		Maestro\r	RISC OS music file
>8	byte		x		version %d

#------------------------------------------------------------------------------
# adi: file(1) magic for ADi's objects
# From Gregory McGarry <g.mcgarry@ieee.org>
#
0	leshort		0x521c		COFF DSP21k
>18	lelong		&02		executable,
>18	lelong		^02
>>18	lelong		&01		static object,
>>18	lelong		^01		relocatable object,
>18	lelong		&010		stripped
>18	lelong		^010		not stripped

#------------------------------------------------------------------------------
# adventure: file(1) magic for Adventure game files
#
# from Allen Garvin <earendil@faeryland.tamu-commerce.edu>
# Edited by Dave Chapeskie <dchapes@ddm.on.ca> Jun 28, 1998
# Edited by Chris Chittleborough <cchittleborough@yahoo.com.au>, March 2002
#
# ALAN
# I assume there are other, lower versions, but these are the only ones I
# saw in the archive.
0	beshort	0x0206	ALAN game data
>2	byte	<10	version 2.6%d

# Infocom (see z-machine)
#------------------------------------------------------------------------------
# Z-machine:  file(1) magic for Z-machine binaries.
#
# This will match ${TEX_BASE}/texmf/omega/ocp/char2uni/inbig5.ocp which
# appears to be a version-0 Z-machine binary.
#
# The (false match) message is to correct that behavior.  Perhaps it is
# not needed.
#
# The first byte is the Z-machine version number, which is always between
# 1 and 8.
0	ubyte			>0
>0	ubyte			<9
>>16	belong&0xfe00f0f0	0x3030	Infocom game data
>>>0	ubyte			0	(false match)
>>>0	ubyte			>0	(Z-machine %d,
>>>>2	ubeshort		x	Release %d /
>>>>18	string			>\0	Serial %.6s)

#------------------------------------------------------------------------------
# Glulx:  file(1) magic for Glulx binaries.
#
# I haven't checked for false matches yet.
#
0	string			Glul	Glulx game data
>4	beshort			x	(Version %d
>>6	byte			x	\b.%d
>>8	byte			x	\b.%d)
>36	string			Info	Compiled by Inform

# For Quetzal and blorb magic see iff

# TADS (Text Adventure Development System)
#  All files are machine-independent (games compile to byte-code) and are tagged
#  with a version string of the form "V2.<digit>.<digit>\0" (but TADS 3 is
#  on the way).
#  Game files start with "TADS2 bin\n\r\032\0" then the compiler version.
0	string	TADS2\ bin	TADS
>9	belong  !0x0A0D1A00	game data, CORRUPTED
>9	belong	 0x0A0D1A00
>>13	string	>\0		%s game data
#  Resource files start with "TADS2 rsc\n\r\032\0" then the compiler version.
0	string	TADS2\ rsc	TADS
>9	belong  !0x0A0D1A00	resource data, CORRUPTED
>9	belong	 0x0A0D1A00
>>13	string	>\0		%s resource data
#  Some saved game files start with "TADS2 save/g\n\r\032\0", a little-endian
#  2-byte length N, the N-char name of the game file *without* a NUL (darn!),
# "TADS2 save\n\r\032\0" and the interpreter version. 
0	string	TADS2\ save/g	TADS
>12	belong	!0x0A0D1A00	saved game data, CORRUPTED
>12	belong	 0x0A0D1A00
>>(16.s+32) string >\0		%s saved game data
#  Other saved game files start with "TADS2 save\n\r\032\0" and the interpreter
#  version.
0	string	TADS2\ save	TADS
>10	belong	!0x0A0D1A00	saved game data, CORRUPTED
>10	belong	 0x0A0D1A00
>>14	string	>\0		%s saved game data

#------------------------------------------------------------------------------
# allegro:  file(1) magic for Allegro datafiles
# Toby Deshane <hac@shoelace.digivill.net>
#
0 belong 0x736C6821   Allegro datafile (packed)
0 belong 0x736C682E   Allegro datafile (not packed/autodetect)
0 belong 0x736C682B   Allegro datafile (appended exe data)

#------------------------------------------------------------------------------
# alliant:  file(1) magic for Alliant FX series a.out files
#
# If the FX series is the one that had a processor with a 68K-derived
# instruction set, the "short" should probably become "beshort" and the
# "long" should probably become "belong".
# If it's the i860-based one, they should probably become either the
# big-endian or little-endian versions, depending on the mode they ran
# the 860 in....
#
0	short		0420		0420 Alliant virtual executable
>2	short		&0x0020		common library
>16	long		>0		not stripped
0	short		0421		0421 Alliant compact executable
>2	short		&0x0020		common library
>16	long		>0		not stripped
#------------------------------------------------------------------------------
# alpha architecture description
#

0	leshort		0603		COFF format alpha
>22	leshort&030000	!020000		executable
>24	leshort		0410		pure
>24	leshort		0413		paged
>22	leshort&020000	!0		dynamically linked
>16	lelong		!0		not stripped
>16	lelong		0		stripped
>22	leshort&030000	020000		shared library
>24	leshort		0407		object
>27	byte		x		- version %d
>26	byte		x		.%d
>28	byte		x		-%d

# Basic recognition of Digital UNIX core dumps - Mike Bremford <mike@opac.bl.uk>
#
# The actual magic number is just "Core", followed by a 2-byte version
# number; however, treating any file that begins with "Core" as a Digital
# UNIX core dump file may produce too many false hits, so we include one
# byte of the version number as well; DU 5.0 appears only to be up to
# version 2.
#
0	string		Core\001	Alpha COFF format core dump (Digital UNIX)
>24	string		>\0		\b, from '%s'
0	string		Core\002	Alpha COFF format core dump (Digital UNIX)
>24	string		>\0		\b, from '%s'

#------------------------------------------------------------------------------
# amanda:  file(1) magic for amanda file format
#
0	string	AMANDA:\ 		AMANDA 
>8	string	TAPESTART\ DATE		tape header file,
>>23	string	X
>>>25	string	>\ 			Unused %s
>>23	string	>\ 			DATE %s
>8	string	FILE\ 			dump file,
>>13	string	>\ 			DATE %s
#------------------------------------------------------------------------------
# amigaos:  file(1) magic for AmigaOS binary formats:

#
# From ignatios@cs.uni-bonn.de (Ignatios Souvatzis)
#
0	belong		0x000003fa	AmigaOS shared library
0	belong		0x000003f3	AmigaOS loadseg()ble executable/binary
0	belong		0x000003e7	AmigaOS object/library data
#
0	beshort		0xe310		Amiga Workbench
>2	beshort		1		
>>48	byte		1		disk icon
>>48	byte		2		drawer icon
>>48	byte		3		tool icon
>>48	byte		4		project icon
>>48	byte		5		garbage icon
>>48	byte		6		device icon
>>48	byte		7		kickstart icon
>>48	byte		8		workbench application icon
>2	beshort		>1		icon, vers. %d
#
# various sound formats from the Amiga
# G=F6tz Waschk <waschk@informatik.uni-rostock.de>
#
0	string		FC14		Future Composer 1.4 Module sound file
0	string		SMOD		Future Composer 1.3 Module sound file
0	string		AON4artofnoise	Art Of Noise Module sound file
1	string		MUGICIAN/SOFTEYES Mugician Module sound file
58	string		SIDMON\ II\ -\ THE	Sidmon 2.0 Module sound file
0	string		Synth4.0	Synthesis Module sound file
0	string		ARP.		The Holy Noise Module sound file
0	string		BeEp\0		JamCracker Module sound file
0	string		COSO\0		Hippel-COSO Module sound file
# Too simple (short, pure ASCII, deep), MPi
#26	string		V.3		Brian Postma's Soundmon Module sound file v3
#26	string		BPSM		Brian Postma's Soundmon Module sound file v3
#26	string		V.2		Brian Postma's Soundmon Module sound file v2

# The following are from: "Stefan A. Haubenthal" <polluks@web.de>
0	beshort		0x0f00		AmigaOS bitmap font
0	beshort		0x0f03		AmigaOS outline font
0	belong		0x80001001	AmigaOS outline tag
0	string		##\ version	catalog translation
0	string		EMOD\0		Amiga E module
8	string		ECXM\0		ECX module
0	string/c	@database	AmigaGuide file

# Amiga disk types
# 
0	string		RDSK		Rigid Disk Block
>160	string		x		on %.24s
0	string		DOS\0		Amiga DOS disk
0	string		DOS\1		Amiga FFS disk
0	string		DOS\2		Amiga Inter DOS disk
0	string		DOS\3		Amiga Inter FFS disk
0	string		DOS\4		Amiga Fastdir DOS disk
0	string		DOS\5		Amiga Fastdir FFS disk
0	string		KICK		Kickstart disk

# From: Alex Beregszaszi <alex@fsn.hu>
0	string		LZX		LZX compressed archive (Amiga)

#------------------------------------------------------------------------------
# mail.news:  file(1) magic for mail and news
#
# Unfortunately, saved netnews also has From line added in some news software.
#0	string		From 		mail text
# There are tests to ascmagic.c to cope with mail and news.
0	string		Relay-Version: 	old news text
0	string		#!\ rnews	batched news text
0	string		N#!\ rnews	mailed, batched news text
0	string		Forward\ to 	mail forwarding text
0	string		Pipe\ to 	mail piping text
0	string		Return-Path:	smtp mail text
0	string		Path:		news text
0	string		Xref:		news text
0	string		From:		news or mail text
0	string		Article 	saved news text
0	string		BABYL		Emacs RMAIL text
0	string		Received:	RFC 822 mail text
0	string		MIME-Version:	MIME entity text
#0	string		Content-	MIME entity text

# TNEF files...
0	lelong		0x223E9F78	Transport Neutral Encapsulation Format

# From: Kevin Sullivan <ksulliva@psc.edu>
0	string		*mbx*		MBX mail folder

# From: Simon Matter <simon.matter@invoca.ch>
0	string		\241\002\213\015skiplist\ file\0\0\0	Cyrus skiplist DB

# JAM(mbp) Fidonet message area databases
# JHR file
0	string	JAM\0			JAM message area header file
>12	leshort >0			(%d messages)

# Squish Fidonet message area databases
# SQD file (requires at least one message in the area)
# XXX: Weak magic
#256	leshort	0xAFAE4453		Squish message area data file
#>4	leshort	>0			(%d messages)

#------------------------------------------------------------------------------
# apl:  file(1) magic for APL (see also "pdp" and "vax" for other APL
#       workspaces)
#
0	long		0100554		APL workspace (Ken's original?)

#------------------------------------------------------------------------------
# apple:  file(1) magic for Apple file formats
#
0	string		FiLeStArTfIlEsTaRt	binscii (apple ][) text
0	string		\x0aGL			Binary II (apple ][) data
0	string		\x76\xff		Squeezed (apple ][) data
0	string		NuFile			NuFile archive (apple ][) data
0	string		N\xf5F\xe9l\xe5		NuFile archive (apple ][) data
0	belong		0x00051600		AppleSingle encoded Macintosh file
0	belong		0x00051607		AppleDouble encoded Macintosh file

# Apple Emulator 2IMG format
#
0	string		2IMG		Apple ][ 2IMG Disk Image
>4	string		XGS!		\b, XGS
>4	string		CTKG		\b, Catakig
>4	string		ShIm		\b, Sheppy's ImageMaker
>4	string		WOOF		\b, Sweet 16
>4	string		B2TR		\b, Bernie ][ the Rescue
>4	string		!nfc		\b, ASIMOV2
>4	string		x		\b, Unknown Format
>0xc	byte		00		\b, DOS 3.3 sector order
>>0x10	byte		00		\b, Volume 254
>>0x10	byte&0x7f	x		\b, Volume %u
>0xc	byte		01		\b, ProDOS sector order
>>0x14	short		x		\b, %u Blocks
>0xc	byte		02		\b, NIB data

# magic for Newton PDA package formats
# from Ruda Moura <ruda@helllabs.org>
0	string	package0	Newton package, NOS 1.x,
>12	belong	&0x80000000	AutoRemove,
>12	belong	&0x40000000	CopyProtect,
>12	belong	&0x10000000	NoCompression,
>12	belong	&0x04000000	Relocation,
>12	belong	&0x02000000	UseFasterCompression,
>16	belong	x		version %d

0	string	package1	Newton package, NOS 2.x,
>12	belong	&0x80000000	AutoRemove,
>12	belong	&0x40000000	CopyProtect,
>12	belong	&0x10000000	NoCompression,
>12	belong	&0x04000000	Relocation,
>12	belong	&0x02000000	UseFasterCompression,
>16	belong	x		version %d

0	string	package4	Newton package,
>8	byte	8		NOS 1.x,
>8	byte	9		NOS 2.x,
>12	belong	&0x80000000	AutoRemove,
>12	belong	&0x40000000	CopyProtect,
>12	belong	&0x10000000	NoCompression,

# The following entries for the Apple II are for files that have
# been transferred as raw binary data from an Apple, without having
# been encapsulated by any of the above archivers.
#
# In general, Apple II formats are hard to identify because Apple DOS
# and especially Apple ProDOS have strong typing in the file system and
# therefore programmers never felt much need to include type information
# in the files themselves.
#
# Eric Fischer <enf@pobox.com>

# AppleWorks word processor:
#
# This matches the standard tab stops for an AppleWorks file, but if
# a file has a tab stop set in the first four columns this will fail.
#
# The "O" is really the magic number, but that's so common that it's
# necessary to check the tab stops that follow it to avoid false positives.

4       string          O====   AppleWorks word processor data
>85     byte&0x01       >0      \b, zoomed
>90     byte&0x01       >0      \b, paginated
>92     byte&0x01       >0      \b, with mail merge
#>91    byte            x       \b, left margin %d

# AppleWorks database:
#
# This isn't really a magic number, but it's the closest thing to one
# that I could find.  The 1 and 2 really mean "order in which you defined
# categories" and "left to right, top to bottom," respectively; the D and R
# mean that the cursor should move either down or right when you press Return.

#30	string		\x01D	AppleWorks database data
#30	string		\x02D	AppleWorks database data
#30	string		\x01R	AppleWorks database data
#30	string		\x02R	AppleWorks database data

# AppleWorks spreadsheet:
#
# Likewise, this isn't really meant as a magic number.  The R or C means
# row- or column-order recalculation; the A or M means automatic or manual
# recalculation.

#131	string		RA	AppleWorks spreadsheet data
#131	string		RM	AppleWorks spreadsheet data
#131	string		CA	AppleWorks spreadsheet data
#131	string		CM	AppleWorks spreadsheet data

# Applesoft BASIC:
#
# This is incredibly sloppy, but will be true if the program was
# written at its usual memory location of 2048 and its first line
# number is less than 256.  Yuck.

0       belong&0xff00ff 0x80000 Applesoft BASIC program data
#>2     leshort         x       \b, first line number %d

# ORCA/EZ assembler:
# 
# This will not identify ORCA/M source files, since those have
# some sort of date code instead of the two zero bytes at 6 and 7
# XXX Conflicts with ELF
#4       belong&0xff00ffff       0x01000000      ORCA/EZ assembler source data
#>5      byte                    x               \b, build number %d

# Broderbund Fantavision
#
# I don't know what these values really mean, but they seem to recur.
# Will they cause too many conflicts?

# Probably :-)
#2	belong&0xFF00FF		0x040008	Fantavision movie data

# Some attempts at images.
#
# These are actually just bit-for-bit dumps of the frame buffer, so
# there's really no reasonably way to distinguish them except for their
# address (if preserved) -- 8192 or 16384 -- and their length -- 8192
# or, occasionally, 8184.
#
# Nevertheless this will manage to catch a lot of images that happen
# to have a solid-colored line at the bottom of the screen.

8144	string	\x7F\x7F\x7F\x7F\x7F\x7F\x7F\x7F	Apple II image with white background
8144	string	\x55\x2A\x55\x2A\x55\x2A\x55\x2A	Apple II image with purple background
8144	string	\x2A\x55\x2A\x55\x2A\x55\x2A\x55	Apple II image with green background
8144	string	\xD5\xAA\xD5\xAA\xD5\xAA\xD5\xAA	Apple II image with blue background
8144	string	\xAA\xD5\xAA\xD5\xAA\xD5\xAA\xD5	Apple II image with orange background

# Beagle Bros. Apple Mechanic fonts

0	belong&0xFF00FFFF	0x6400D000	Apple Mechanic font

# Apple Universal Disk Image Format (UDIF) - dmg files.
# From Johan Gade.
# These entries are disabled for now until we fix the following issues.
#
# Note there might be some problems with the "VAX COFF executable" 
# entry. Note this entry should be placed before the mac filesystem section, 
# particularly the "Apple Partition data" entry.
#
# The intended meaning of these tests is, that the file is only of the 
# specified type if both of the lines are correct - i.e. if the first
# line matches and the second doesn't then it is not of that type.
#
#0	long	0x7801730d
#>4	long	0x62626060	UDIF read-only zlib-compressed image (UDZO)
#
# Note that this entry is recognized correctly by the "Apple Partition 
# data" entry - however since this entry is more specific - this
# information seems to be more useful.
#0	long	0x45520200
#>0x410	string	disk\ image	UDIF read/write image (UDRW)

# From: Toby Peterson <toby@apple.com>
0	string	bplist00	Apple binary property list

# Apple binary property list (bplist)
#  Assumes version bytes are hex.
#  Provides content hints for version 0 files. Assumes that the root
#  object is the first object (true for CoreFoundation implementation).
# From: David Remahl <dremahl@apple.com>
0		string	bplist
>6		byte	x	\bCoreFoundation binary property list data, version 0x%c
>>7		byte	x	\b%c
>6		string		00		\b
>>8		byte&0xF0	0x00	\b
>>>8	byte&0x0F	0x00	\b, root type: null
>>>8	byte&0x0F	0x08	\b, root type: false boolean
>>>8	byte&0x0F	0x09	\b, root type: true boolean
>>8		byte&0xF0	0x10	\b, root type: integer
>>8		byte&0xF0	0x20	\b, root type: real
>>8		byte&0xF0	0x30	\b, root type: date
>>8		byte&0xF0	0x40    \b, root type: data
>>8		byte&0xF0	0x50	\b, root type: ascii string
>>8		byte&0xF0	0x60	\b, root type: unicode string
>>8		byte&0xF0	0x80	\b, root type: uid (CORRUPT)
>>8		byte&0xF0	0xa0	\b, root type: array
>>8		byte&0xF0	0xd0	\b, root type: dictionary

# Apple/NeXT typedstream data
#  Serialization format used by NeXT and Apple for various
#  purposes in YellowStep/Cocoa, including some nib files.
# From: David Remahl <dremahl@apple.com>
2		string		typedstream	NeXT/Apple typedstream data, big endian
>0		byte		x		\b, version %hhd
>0		byte		<5		\b
>>13	byte		0x81	\b
>>>14	ubeshort	x		\b, system %hd
2		string		streamtyped NeXT/Apple typedstream data, little endian
>0		byte		x		\b, version %hhd
>0		byte		<5		\b
>>13	byte		0x81	\b
>>>14	uleshort	x		\b, system %hd

#------------------------------------------------------------------------------
# applix:  file(1) magic for Applixware
# From: Peter Soos <sp@osb.hu>
#
0	string		*BEGIN		Applixware
>7	string		WORDS			Words Document
>7	string		GRAPHICS		Graphic
>7	string		RASTER			Bitmap
>7	string		SPREADSHEETS		Spreadsheet
>7	string		MACRO			Macro
>7	string		BUILDER			Builder Object

#------------------------------------------------------------------------------
# archive:  file(1) magic for archive formats (see also "msdos" for self-
#           extracting compressed archives)
#
# cpio, ar, arc, arj, hpack, lha/lharc, rar, squish, uc2, zip, zoo, etc.
# pre-POSIX "tar" archives are handled in the C code.

# POSIX tar archives
257	string		ustar\0		POSIX tar archive
257	string		ustar\040\040\0	GNU tar archive

# cpio archives
#
# Yes, the top two "cpio archive" formats *are* supposed to just be "short".
# The idea is to indicate archives produced on machines with the same
# byte order as the machine running "file" with "cpio archive", and
# to indicate archives produced on machines with the opposite byte order
# from the machine running "file" with "byte-swapped cpio archive".
#
# The SVR4 "cpio(4)" hints that there are additional formats, but they
# are defined as "short"s; I think all the new formats are
# character-header formats and thus are strings, not numbers.
0	short		070707		cpio archive
0	short		0143561		byte-swapped cpio archive
0	string		070707		ASCII cpio archive (pre-SVR4 or odc)
0	string		070701		ASCII cpio archive (SVR4 with no CRC)
0	string		070702		ASCII cpio archive (SVR4 with CRC)

# Debian package (needs to go before regular portable archives)
#
0	string		=!<arch>\ndebian
>8	string		debian-split	part of multipart Debian package
>8	string		debian-binary	Debian binary package
>68	string		>\0		(format %s)
# These next two lines do not work, because a bzip2 Debian archive
# still uses gzip for the control.tar (first in the archive).  Only
# data.tar varies, and the location of its filename varies too.
# file/libmagic does not current have support for ascii-string based
# (offsets) as of 2005-09-15.
#>81	string		bz2		\b, uses bzip2 compression
#>84	string		gz		\b, uses gzip compression
#>136	ledate		x		created: %s

# other archives
0	long		0177555		very old archive
0	short		0177555		very old PDP-11 archive
0	long		0177545		old archive
0	short		0177545		old PDP-11 archive
0	long		0100554		apl workspace
0	string		=<ar>		archive

# MIPS archive (needs to go before regular portable archives)
#
0	string	=!<arch>\n__________E	MIPS archive
>20	string	U			with MIPS Ucode members
>21	string	L			with MIPSEL members
>21	string	B			with MIPSEB members
>19	string	L			and an EL hash table
>19	string	B			and an EB hash table
>22	string	X			-- out of date

0	string		-h-		Software Tools format archive text

#
# XXX - why are there multiple <ar> thingies?  Note that 0x213c6172 is
# "!<ar", so, for new-style (4.xBSD/SVR2andup) archives, we have:
#
# 0	string		=!<arch>		current ar archive
# 0	long		0x213c6172	archive file
#
# and for SVR1 archives, we have:
#
# 0	string		\<ar>		System V Release 1 ar archive
# 0	string		=<ar>		archive
#
# XXX - did Aegis really store shared libraries, breakpointed modules,
# and absolute code program modules in the same format as new-style
# "ar" archives?
#
0	string		=!<arch>		current ar archive
>8	string		__.SYMDEF	random library
>0	belong		=65538		- pre SR9.5
>0	belong		=65539		- post SR9.5
>0	beshort		2		- object archive
>0	beshort		3		- shared library module
>0	beshort		4		- debug break-pointed module
>0	beshort		5		- absolute code program module
0	string		\<ar>		System V Release 1 ar archive
0	string		=<ar>		archive
#
# XXX - from "vax", which appears to collect a bunch of byte-swapped
# thingies, to help you recognize VAX files on big-endian machines;
# with "leshort", "lelong", and "string", that's no longer necessary....
#
0	belong		0x65ff0000	VAX 3.0 archive
0	belong		0x3c61723e	VAX 5.0 archive
#
0	long		0x213c6172	archive file
0	lelong		0177555		very old VAX archive
0	leshort		0177555		very old PDP-11 archive
#
# XXX - "pdp" claims that 0177545 can have an __.SYMDEF member and thus
# be a random library (it said 0xff65 rather than 0177545).
#
0	lelong		0177545		old VAX archive
>8	string		__.SYMDEF	random library
0	leshort		0177545		old PDP-11 archive
>8	string		__.SYMDEF	random library
#
# From "pdp" (but why a 4-byte quantity?)
#
0	lelong		0x39bed		PDP-11 old archive
0	lelong		0x39bee		PDP-11 4.0 archive

# ARC archiver, from Daniel Quinlan (quinlan@yggdrasil.com)
#
# The first byte is the magic (0x1a), byte 2 is the compression type for
# the first file (0x01 through 0x09), and bytes 3 to 15 are the MS-DOS
# filename of the first file (null terminated).  Since some types collide
# we only test some types on basis of frequency: 0x08 (83%), 0x09 (5%),
# 0x02 (5%), 0x03 (3%), 0x04 (2%), 0x06 (2%).  0x01 collides with terminfo.
0	lelong&0x8080ffff	0x0000081a	ARC archive data, dynamic LZW
0	lelong&0x8080ffff	0x0000091a	ARC archive data, squashed
0	lelong&0x8080ffff	0x0000021a	ARC archive data, uncompressed
0	lelong&0x8080ffff	0x0000031a	ARC archive data, packed
0	lelong&0x8080ffff	0x0000041a	ARC archive data, squeezed
0	lelong&0x8080ffff	0x0000061a	ARC archive data, crunched
# [JW] stuff taken from idarc, obviously ARC successors:
0	lelong&0x8080ffff	0x00000a1a	PAK archive data
0	lelong&0x8080ffff	0x0000141a	ARC+ archive data
0	lelong&0x8080ffff	0x0000481a	HYP archive data

# Acorn archive formats (Disaster prone simpleton, m91dps@ecs.ox.ac.uk)
# I can't create either SPARK or ArcFS archives so I have not tested this stuff
# [GRR:  the original entries collide with ARC, above; replaced with combined
#  version (not tested)]
#0	byte		0x1a		RISC OS archive (spark format)
0	string		\032archive	RISC OS archive (ArcFS format)
0       string          Archive\000     RISC OS archive (ArcFS format)

# All these were taken from idarc, many could not be verified. Unfortunately,
# there were many low-quality sigs, i.e. easy to trigger false positives.
# Please notify me of any real-world fishy/ambiguous signatures and I'll try
# to get my hands on the actual archiver and see if I find something better. [JW]
# probably many can be enhanced by finding some 0-byte or control char near the start

# idarc calls this Crush/Uncompressed... *shrug*
0	string	CRUSH Crush archive data
# Squeeze It (.sqz)
0	string	HLSQZ Squeeze It archive data
# SQWEZ
0	string	SQWEZ SQWEZ archive data
# HPack (.hpk)
0	string	HPAK HPack archive data
# HAP
0	string	\x91\x33HF HAP archive data
# MD/MDCD
0	string	MDmd MDCD archive data
# LIM
0	string	LIM\x1a LIM archive data
# SAR
3	string	LH5 SAR archive data
# BSArc/BS2
0	string	\212\3SB \0 BSArc/BS2 archive data
# MAR
2	string	=-ah MAR archive data
# ACB
0	belong&0x00f800ff	0x00800000 ACB archive data
# CPZ
# TODO, this is what idarc says: 0	string	\0\0\0 CPZ archive data
# JRC
0	string	JRchive JRC archive data
# Quantum
0	string	DS\0 Quantum archive data
# ReSOF
0	string	PK\3\6 ReSOF archive data
# QuArk
0	string	7\4 QuArk archive data
# YAC
14	string	YC YAC archive data
# X1
0	string	X1 X1 archive data
0	string	XhDr X1 archive data
# CDC Codec (.dqt)
0	belong&0xffffe000	0x76ff2000 CDC Codec archive data
# AMGC
0	string	\xad6" AMGC archive data
# NuLIB
0	string	NõFélå NuLIB archive data
# PakLeo
0	string	LEOLZW PAKLeo archive data
# ChArc
0	string	SChF ChArc archive data
# PSA
0	string	PSA PSA archive data
# CrossePAC
0	string	DSIGDCC CrossePAC archive data
# Freeze
0	string	\x1f\x9f\x4a\x10\x0a Freeze archive data
# KBoom
0	string	¨MP¨ KBoom archive data
# NSQ, must go after CDC Codec
0	string	\x76\xff NSQ archive data
# DPA
0	string	Dirk\ Paehl DPA archive data
# BA
# TODO: idarc says "bytes 0-2 == bytes 3-5"
# TTComp
0	string	\0\6 TTComp archive data
# ESP, could this conflict with Easy Software Products' (e.g.ESP ghostscript) documentation?
0	string	ESP ESP archive data
# ZPack
0	string	\1ZPK\1 ZPack archive data
# Sky
0	string	\xbc\x40 Sky archive data
# UFA
0	string	UFA UFA archive data
# Dry
0	string	=-H2O DRY archive data
# FoxSQZ
0	string	FOXSQZ FoxSQZ archive data
# AR7
0	string	,AR7 AR7 archive data
# PPMZ
0	string	PPMZ PPMZ archive data
# MS Compress
4	string	\x88\xf0\x27 MS Compress archive data
# updated by Joerg Jenderek
>9	string	\0		
>>0	string	KWAJ		
>>>7	string	\321\003	MS Compress archive data
>>>>14	ulong	>0		\b, original size: %ld bytes
>>>>18		ubyte	>0x65  	
>>>>>18		string	x    	\b, was %.8s
>>>>>(10.b-4)	string	x    	\b.%.3s
# MP3 (archiver, not lossy audio compression)
0	string	MP3\x1a MP3-Archiver archive data
# ZET
0	string	OZÝ ZET archive data
# TSComp
0	string	\x65\x5d\x13\x8c\x08\x01\x03\x00 TSComp archive data
# ARQ
0	string	gW\4\1 ARQ archive data
# Squash
3	string	OctSqu Squash archive data
# Terse
0	string	\5\1\1\0 Terse archive data
# PUCrunch
0	string	\x01\x08\x0b\x08\xef\x00\x9e\x32\x30\x36\x31 PUCrunch archive data
# UHarc
0	string	UHA UHarc archive data
# ABComp
0	string	\2AB ABComp archive data
0	string	\3AB2 ABComp archive data
# CMP
0	string	CO\0 CMP archive data
# Splint
0	string	\x93\xb9\x06 Splint archive data
# InstallShield
0	string	 \x13\x5d\x65\x8c InstallShield Z archive Data
# Gather
1	string	GTH Gather archive data
# BOA
0	string	BOA BOA archive data
# RAX
0	string	ULEB\xa RAX archive data
# Xtreme
0	string	ULEB\0 Xtreme archive data
# Pack Magic
0	string	@â\1\0 Pack Magic archive data
# BTS
0	belong&0xfeffffff	0x1a034465 BTS archive data
# ELI 5750
0	string	Ora\  ELI 5750 archive data
# QFC
0	string	\x1aFC\x1a QFC archive data
0	string	\x1aQF\x1a QFC archive data
# PRO-PACK
0	string	RNC PRO-PACK archive data
# 777
0	string	777 777 archive data
# LZS221
0	string	sTaC LZS221 archive data
# HPA
0	string	HPA HPA archive data
# Arhangel
0	string	LG Arhangel archive data
# EXP1, uses bzip2
0	string	0123456789012345BZh EXP1 archive data
# IMP
0	string	IMP\xa IMP archive data
# NRV
0	string	\x00\x9E\x6E\x72\x76\xFF NRV archive data
# Squish
0	string	\x73\xb2\x90\xf4 Squish archive data
# Par
0	string	PHILIPP Par archive data
0	string	PAR Par archive data
# HIT
0	string	UB HIT archive data
# SBX
0	belong&0xfffff000	0x53423000 SBX archive data
# NaShrink
0	string	NSK NaShrink archive data
# SAPCAR
0	string	#\ CAR\ archive\ header SAPCAR archive data
0	string	CAR\ 2.00RG SAPCAR archive data
# Disintegrator
0	string	DST Disintegrator archive data
# ASD
0	string	ASD ASD archive data
# InstallShield CAB
0	string	ISc( InstallShield CAB
# TOP4
0	string	T4\x1a TOP4 archive data
# BatComp left out: sig looks like COM executable
# so TODO: get real 4dos batcomp file and find sig
# BlakHole
0	string	BH\5\7 BlakHole archive data
# BIX
0	string	BIX0 BIX archive data
# ChiefLZA
0	string	ChfLZ ChiefLZA archive data
# Blink
0	string	Blink Blink archive data
# Logitech Compress
0	string	\xda\xfa Logitech Compress archive data
# ARS-Sfx (FIXME: really a SFX? then goto COM/EXE)
1	string	(C)\ STEPANYUK ARS-Sfx archive data
# AKT/AKT32
0	string	AKT32 AKT32 archive data
0	string	AKT AKT archive data
# NPack
0	string	MSTSM NPack archive data
# PFT
0	string	\0\x50\0\x14 PFT archive data
# SemOne
0	string	SEM SemOne archive data
# PPMD
0	string	\x8f\xaf\xac\x84 PPMD archive data
# FIZ
0	string	FIZ FIZ archive data
# MSXiE
0	belong&0xfffff0f0	0x4d530000 MSXiE archive data
# DeepFreezer
0	belong&0xfffffff0	0x797a3030 DeepFreezer archive data
# DC
0	string	=<DC- DC archive data
# TPac
0	string	\4TPAC\3 TPac archive data
# Ai
0	string	Ai\1\1\0 Ai archive data
0	string	Ai\1\0\0 Ai archive data
# Ai32
0	string	Ai\2\0 Ai32 archive data
0	string	Ai\2\1 Ai32 archive data
# SBC
0	string	SBC SBC archive data
# Ybs
0	string	YBS Ybs archive data
# DitPack
0	string	\x9e\0\0 DitPack archive data
# DMS
0	string	DMS! DMS archive data
# EPC
0	string	\x8f\xaf\xac\x8c EPC archive data
# VSARC
0	string	VS\x1a VSARC archive data
# PDZ
0	string	PDZ PDZ archive data
# ReDuq
0	string	rdqx ReDuq archive data
# GCA
0	string	GCAX GCA archive data
# PPMN
0	string	pN PPMN archive data
# WinImage
3	string	WINIMAGE WinImage archive data
# Compressia
0	string	CMP0CMP Compressia archive data
# UHBC
0	string	UHB UHBC archive data
# WinHKI
0	string	\x61\x5C\x04\x05 WinHKI archive data
# WWPack data file
0	string	WWP WWPack archive data
# BSN (BSA, PTS-DOS)
0	string	\xffBSG BSN archive data
1	string	\xffBSG BSN archive data
3	string	\xffBSG BSN archive data
1	string	\0\xae\2 BSN archive data
1	string	\0\xae\3 BSN archive data
1	string	\0\xae\7 BSN archive data
# AIN
0	string	\x33\x18 AIN archive data
0	string	\x33\x17 AIN archive data
# XPA32
0	string	xpa\0\1 XPA32 archive data
# SZip (TODO: doesn't catch all versions)
0	string	SZ\x0a\4 SZip archive data
# XPack DiskImage
0	string	jm XPack DiskImage archive data
# XPack Data
0	string	xpa XPack archive data
# XPack Single Data
0	string	Í\ jm XPack single archive data

# TODO: missing due to unknown magic/magic at end of file:
#DWC
#ARG
#ZAR
#PC/3270
#InstallIt
#RKive
#RK
#XPack Diskimage

# These were inspired by idarc, but actually verified
# Dzip archiver (.dz)
0	string	DZ Dzip archive data
>2	byte	x \b, version %i
>3	byte	x \b.%i
# ZZip archiver (.zz)
0	string	ZZ\ \0\0 ZZip archive data
0	string	ZZ0 ZZip archive data
# PAQ archiver (.paq)
0	string	\xaa\x40\x5f\x77\x1f\xe5\x82\x0d PAQ archive data
0	string	PAQ PAQ archive data
>3	byte&0xf0	0x30
>>3	byte	x (v%c)
# JAR archiver (.j), this is the successor to ARJ, not Java's JAR (which is essentially ZIP)
0xe	string	\x1aJar\x1b JAR (ARJ Software, Inc.) archive data
0	string	JARCS JAR (ARJ Software, Inc.) archive data

# ARJ archiver (jason@jarthur.Claremont.EDU)
0	leshort		0xea60		ARJ archive data
>5	byte		x		\b, v%d,
>8	byte		&0x04		multi-volume,
>8	byte		&0x10		slash-switched,
>8	byte		&0x20		backup,
>34	string		x		original name: %s,
>7	byte		0		os: MS-DOS
>7	byte		1		os: PRIMOS
>7	byte		2		os: Unix
>7	byte		3		os: Amiga
>7	byte		4		os: Macintosh
>7	byte		5		os: OS/2
>7	byte		6		os: Apple ][ GS
>7	byte		7		os: Atari ST
>7	byte		8		os: NeXT
>7	byte		9		os: VAX/VMS
>3	byte		>0		%d]
# [JW] idarc says this is also possible
2	leshort		0xea60		ARJ archive data

# HA archiver (Greg Roelofs, newt@uchicago.edu)
# This is a really bad format. A file containing HAWAII will match this...
#0	string		HA		HA archive data,
#>2	leshort		=1		1 file,
#>2	leshort		>1		%u files,
#>4	byte&0x0f	=0		first is type CPY
#>4	byte&0x0f	=1		first is type ASC
#>4	byte&0x0f	=2		first is type HSC
#>4	byte&0x0f	=0x0e		first is type DIR
#>4	byte&0x0f	=0x0f		first is type SPECIAL
# suggestion: at least identify small archives (<1024 files)
0  belong&0xffff00fc 0x48410000 HA archive data
>2	leshort		=1		1 file,
>2	leshort		>1		%u files,
>4	byte&0x0f	=0		first is type CPY
>4	byte&0x0f	=1		first is type ASC
>4	byte&0x0f	=2		first is type HSC
>4	byte&0x0f	=0x0e		first is type DIR
>4	byte&0x0f	=0x0f		first is type SPECIAL

# HPACK archiver (Peter Gutmann, pgut1@cs.aukuni.ac.nz)
0	string		HPAK		HPACK archive data

# JAM Archive volume format, by Dmitry.Kohmanyuk@UA.net
0	string		\351,\001JAM\		JAM archive,
>7	string		>\0			version %.4s
>0x26	byte		=0x27			-
>>0x2b	string          >\0			label %.11s,
>>0x27	lelong		x			serial %08x,
>>0x36	string		>\0			fstype %.8s

# LHARC/LHA archiver (Greg Roelofs, newt@uchicago.edu)
2	string		-lh0-		LHarc 1.x/ARX archive data [lh0]
2	string		-lh1-		LHarc 1.x/ARX archive data [lh1]
2	string		-lz4-		LHarc 1.x archive data [lz4]
2	string		-lz5-		LHarc 1.x archive data [lz5]
#	[never seen any but the last; -lh4- reported in comp.compression:]
2	string		-lzs-		LHa/LZS archive data [lzs]
2	string		-lh\40-		LHa 2.x? archive data [lh ]
2	string		-lhd-		LHa 2.x? archive data [lhd]
2	string		-lh2-		LHa 2.x? archive data [lh2]
2	string		-lh3-		LHa 2.x? archive data [lh3]
2	string		-lh4-		LHa (2.x) archive data [lh4]
2	string		-lh5-		LHa (2.x) archive data [lh5]
2	string		-lh6-		LHa (2.x) archive data [lh6]
2	string		-lh7-		LHa (2.x)/LHark archive data [lh7]
>20	byte		x		- header level %d
# taken from idarc [JW]
2   string      -lZ         PUT archive data
2   string      -lz         LZS archive data 
2   string      -sw1-       Swag archive data

# RAR archiver (Greg Roelofs, newt@uchicago.edu)
0	string		Rar!		RAR archive data,
>44	byte		x		v%0x,
>35	byte		0		os: MS-DOS
>35	byte		1		os: OS/2
>35	byte		2		os: Win32
>35	byte		3		os: Unix
# some old version? idarc says:
0   string      RE\x7e\x5e  RAR archive data

# SQUISH archiver (Greg Roelofs, newt@uchicago.edu)
0	string		SQSH		squished archive data (Acorn RISCOS)

# UC2 archiver (Greg Roelofs, newt@uchicago.edu)
# [JW] see exe section for self-extracting version
0	string		UC2\x1a		UC2 archive data

# ZIP archives (Greg Roelofs, c/o zip-bugs@wkuvx1.wku.edu)
0	string		PK\003\004
>4	byte            0x2d            Zip64 archive data, at least v3.0 to extract
>4	byte		0x09		Zip archive data, at least v0.9 to extract
>4	byte		0x0a		Zip archive data, at least v1.0 to extract
>4	byte		0x0b		Zip archive data, at least v1.1 to extract
>4	byte		0x14
>>30	ubelong		!0x6d696d65	Zip archive data, at least v2.0 to extract

# OpenOffice.org / KOffice / StarOffice documents
# From: Abel Cheung <abel@oaka.org>
# Listed here because they are basically zip files
>>30	string		mimetype

# KOffice (1.2 or above) formats
>>>50	string	vnd.kde.		KOffice (>=1.2)
>>>>58	string	karbon			Karbon document
>>>>58	string	kchart			KChart document
>>>>58	string	kformula		KFormula document
>>>>58	string	kivio			Kivio document
>>>>58	string	kontour			Kontour document
>>>>58	string	kpresenter		KPresenter document
>>>>58	string	kspread			KSpread document
>>>>58	string	kword			KWord document

# OpenOffice formats (for OpenOffice 1.x / StarOffice 6/7)
>>>50	string	vnd.sun.xml.		OpenOffice.org 1.x
>>>>62	string	writer			Writer
>>>>>68	byte	!0x2e			document
>>>>>68	string	.template		template
>>>>>68	string	.global			global document
>>>>62	string	calc			Calc
>>>>>66	byte	!0x2e			spreadsheet
>>>>>66	string	.template		template
>>>>62	string	draw			Draw
>>>>>66	byte	!0x2e			document
>>>>>66	string	.template		template
>>>>62	string	impress			Impress
>>>>>69	byte	!0x2e			presentation
>>>>>69	string	.template		template
>>>>62	string	math			Math document

# OpenDocument formats (for OpenOffice 2.x / StarOffice >= 8)
# http://lists.oasis-open.org/archives/office/200505/msg00006.html
>>>50	string	vnd.oasis.opendocument.	OpenDocument
>>>>73	string	text
>>>>>77	byte	!0x2d			Text
>>>>>77	string	-template		Text Template
>>>>>77	string	-web			HTML Document Template
>>>>>77	string	-master			Master Document
>>>>73	string	graphics		Drawing
>>>>>81	string	-template		Template
>>>>73	string	presentation		Presentation
>>>>>85	string	-template		Template
>>>>73	string	spreadsheet		Spreadsheet
>>>>>84	string	-template		Template
>>>>73	string	chart			Chart
>>>>>78	string	-template		Template
>>>>73	string	formula			Formula
>>>>>80	string	-template		Template
>>>>73	string	database		Database
>>>>73	string	image			Image

# Zoo archiver
20	lelong		0xfdc4a7dc	Zoo archive data
>4	byte		>48		\b, v%c.
>>6	byte		>47		\b%c
>>>7	byte		>47		\b%c
>32	byte		>0		\b, modify: v%d
>>33	byte		x		\b.%d+
>42	lelong		0xfdc4a7dc	\b,
>>70	byte		>0		extract: v%d
>>>71	byte		x		\b.%d+

# Shell archives
10	string		#\ This\ is\ a\ shell\ archive	shell archive text

#
# LBR. NB: May conflict with the questionable 
#          "binary Computer Graphics Metafile" format.
#
0       string  \0\ \ \ \ \ \ \ \ \ \ \ \0\0    LBR archive data
#
# PMA (CP/M derivative of LHA)
#
2       string          -pm0-           PMarc archive data [pm0]
2       string          -pm1-           PMarc archive data [pm1]
2       string          -pm2-           PMarc archive data [pm2]
2       string          -pms-           PMarc SFX archive (CP/M, DOS)
5       string          -pc1-           PopCom compressed executable (CP/M)

# From Rafael Laboissiere <rafael@laboissiere.net>
# The Project Revision Control System (see
# http://prcs.sourceforge.net) generates a packaged project
# file which is recognized by the following entry: 
0	leshort		0xeb81	PRCS packaged project

# Microsoft cabinets 
# by David Necas (Yeti) <yeti@physics.muni.cz>
#0	string	MSCF\0\0\0\0	Microsoft cabinet file data,
#>25	byte	x		v%d
#>24	byte	x		\b.%d
# MPi: All CABs have version 1.3, so this is pointless.
# Better magic in debian-additions.

# GTKtalog catalogs 
# by David Necas (Yeti) <yeti@physics.muni.cz>
4	string	gtktalog\ 	GTKtalog catalog data,
>13	string	3		version 3
>>14	beshort	0x677a		(gzipped)
>>14	beshort	!0x677a		(not gzipped)
>13	string	>3		version %s

############################################################################
# Parity archive reconstruction file, the 'par' file format now used on Usenet.
0       string          PAR\0	PARity archive data
>48	leshort		=0	- Index file
>48	leshort		>0	- file number %d

# Felix von Leitner <felix-file@fefe.de>
0	string	d8:announce	BitTorrent file

# Atari MSA archive - Teemu Hukkanen <tjhukkan@iki.fi>
0       beshort 0x0e0f          Atari MSA archive data
>2      beshort x       	\b, %d sectors per track
>4      beshort 0       	\b, 1 sided
>4      beshort 1       	\b, 2 sided
>6      beshort x       	\b, starting track: %d
>8      beshort x       	\b, ending track: %d

# Alternate ZIP string (amc@arwen.cs.berkeley.edu)
0	string	PK00PK\003\004	Zip archive data

# ACE archive (from http://www.wotsit.org/download.asp?f=ace)
# by Stefan `Sec` Zehl <sec@42.org>
7	string		**ACE**		ACE archive data
>15	byte	>0		version %d
>16	byte	=0x00		\b, from MS-DOS
>16	byte	=0x01		\b, from OS/2
>16	byte	=0x02		\b, from Win/32
>16	byte	=0x03		\b, from Unix
>16	byte	=0x04		\b, from MacOS
>16	byte	=0x05		\b, from WinNT
>16	byte	=0x06		\b, from Primos
>16	byte	=0x07		\b, from AppleGS
>16	byte	=0x08		\b, from Atari
>16	byte	=0x09		\b, from Vax/VMS
>16	byte	=0x0A		\b, from Amiga
>16	byte	=0x0B		\b, from Next
>14	byte	x		\b, version %d to extract
>5	leshort &0x0080		\b, multiple volumes,
>>17	byte	x		\b (part %d),
>5	leshort &0x0002		\b, contains comment
>5	leshort	&0x0200		\b, sfx
>5	leshort	&0x0400		\b, small dictionary
>5	leshort	&0x0800		\b, multi-volume
>5	leshort	&0x1000		\b, contains AV-String
>>30	string	\x16*UNREGISTERED\x20VERSION*	(unregistered)
>5	leshort &0x2000		\b, with recovery record
>5	leshort &0x4000		\b, locked
>5	leshort &0x8000		\b, solid
# Date in MS-DOS format (whatever that is)
#>18	lelong	x		Created on

# sfArk : compression program for Soundfonts (sf2) by Dirk Jagdmann
# <doj@cubic.org>
0x1A	string	sfArk		sfArk compressed Soundfont
>0x15	string	2
>>0x1	string	>\0		Version %s
>>0x2A	string	>\0		: %s

# DR-DOS 7.03 Packed File *.??_
0	string	Packed\ File\ 	Personal NetWare Packed File
>12	string	x    		\b, was "%.12s"

# EET archive
# From: Tilman Sauerbeck <tilman@code-monkey.de>
0	belong	0x1ee7ff00	EET archive

#------------------------------------------------------------------------------
# asterix:  file(1) magic for Aster*x; SunOS 5.5.1 gave the 4-character
# strings as "long" - we assume they're just strings:
# From: guy@netapp.com (Guy Harris)
#
0	string		*STA		Aster*x
>7	string		WORD			Words Document
>7	string		GRAP			Graphic
>7	string		SPRE			Spreadsheet
>7	string		MACR			Macro
0	string		2278		Aster*x Version 2
>29	byte		0x36			Words Document
>29	byte		0x35			Graphic
>29	byte		0x32			Spreadsheet
>29	byte		0x38			Macro

#------------------------------------------------------------------------------
# att3b:  file(1) magic for AT&T 3B machines
#
# The `versions' should be un-commented if they work for you.
# (Was the problem just one of endianness?)
#
# 3B20
#
# The 3B20 conflicts with SCCS.
#0	beshort		0550		3b20 COFF executable
#>12	belong		>0		not stripped
#>22	beshort		>0		- version %ld
#0	beshort		0551		3b20 COFF executable (TV)
#>12	belong		>0		not stripped
#>22	beshort		>0		- version %ld
#
# WE32K
#
0	beshort		0560		WE32000 COFF
>18	beshort		^00000020	object
>18	beshort		&00000020	executable
>12	belong		>0		not stripped
>18	beshort		^00010000	N/A on 3b2/300 w/paging
>18	beshort		&00020000	32100 required
>18	beshort		&00040000	and MAU hardware required
>20	beshort		0407		(impure)
>20	beshort		0410		(pure)
>20	beshort		0413		(demand paged)
>20	beshort		0443		(target shared library)
>22	beshort		>0		- version %ld
0	beshort		0561		WE32000 COFF executable (TV)
>12	belong		>0		not stripped
#>18	beshort		&00020000	- 32100 required
#>18	beshort		&00040000	and MAU hardware required
#>22	beshort		>0		- version %ld
#
# core file for 3b2 
0	string		\000\004\036\212\200	3b2 core file
>364	string		>\0		of '%s'

#------------------------------------------------------------------------------
# audio:  file(1) magic for sound formats (see also "iff")
#
# Jan Nicolai Langfeldt (janl@ifi.uio.no), Dan Quinlan (quinlan@yggdrasil.com),
# and others
#

# Sun/NeXT audio data
0	string		.snd		Sun/NeXT audio data:
>12	belong		1		8-bit ISDN mu-law,
>12	belong		2		8-bit linear PCM [REF-PCM],
>12	belong		3		16-bit linear PCM,
>12	belong		4		24-bit linear PCM,
>12	belong		5		32-bit linear PCM,
>12	belong		6		32-bit IEEE floating point,
>12	belong		7		64-bit IEEE floating point,
>12	belong		8		Fragmented sample data,
>12	belong		10		DSP program,
>12	belong		11		8-bit fixed point,
>12	belong		12		16-bit fixed point,
>12	belong		13		24-bit fixed point,
>12	belong		14		32-bit fixed point,
>12	belong		18		16-bit linear with emphasis,
>12	belong		19		16-bit linear compressed,
>12	belong		20		16-bit linear with emphasis and compression,
>12	belong		21		Music kit DSP commands,
>12	belong		23		8-bit ISDN mu-law compressed (CCITT G.721 ADPCM voice data encoding),
>12	belong		24		compressed (8-bit CCITT G.722 ADPCM)
>12	belong		25		compressed (3-bit CCITT G.723.3 ADPCM),
>12	belong		26		compressed (5-bit CCITT G.723.5 ADPCM),
>12	belong		27		8-bit A-law (CCITT G.711),
>20	belong		1		mono,
>20	belong		2		stereo,
>20	belong		4		quad,
>16	belong		>0		%d Hz

# DEC systems (e.g. DECstation 5000) use a variant of the Sun/NeXT format
# that uses little-endian encoding and has a different magic number
0	lelong		0x0064732E	DEC audio data:
>12	lelong		1		8-bit ISDN mu-law,
>12	lelong		2		8-bit linear PCM [REF-PCM],
>12	lelong		3		16-bit linear PCM,
>12	lelong		4		24-bit linear PCM,
>12	lelong		5		32-bit linear PCM,
>12	lelong		6		32-bit IEEE floating point,
>12	lelong		7		64-bit IEEE floating point,
>12	belong		8		Fragmented sample data,
>12	belong		10		DSP program,
>12	belong		11		8-bit fixed point,
>12	belong		12		16-bit fixed point,
>12	belong		13		24-bit fixed point,
>12	belong		14		32-bit fixed point,
>12	belong		18		16-bit linear with emphasis,
>12	belong		19		16-bit linear compressed,
>12	belong		20		16-bit linear with emphasis and compression,
>12	belong		21		Music kit DSP commands,
>12	lelong		23		8-bit ISDN mu-law compressed (CCITT G.721 ADPCM voice data encoding),
>12	belong		24		compressed (8-bit CCITT G.722 ADPCM)
>12	belong		25		compressed (3-bit CCITT G.723.3 ADPCM),
>12	belong		26		compressed (5-bit CCITT G.723.5 ADPCM),
>12	belong		27		8-bit A-law (CCITT G.711),
>20	lelong		1		mono,
>20	lelong		2		stereo,
>20	lelong		4		quad,
>16	lelong		>0		%d Hz

# Creative Labs AUDIO stuff
0	string	MThd			Standard MIDI data
>8 	beshort	x			(format %d)
>10	beshort	x			using %d track
>10	beshort		>1		\bs
>12	beshort&0x7fff	x		at 1/%d
>12	beshort&0x8000	>0		SMPTE

0	string	CTMF			Creative Music (CMF) data
0	string	SBI			SoundBlaster instrument data
0	string	Creative\ Voice\ File	Creative Labs voice data
# is this next line right?  it came this way...
>19	byte	0x1A
>23	byte	>0			- version %d
>22	byte	>0			\b.%d

# first entry is also the string "NTRK"
0	belong		0x4e54524b	MultiTrack sound data
>4	belong		x		- version %ld

# Extended MOD format (*.emd) (Greg Roelofs, newt@uchicago.edu); NOT TESTED
# [based on posting 940824 by "Dirk/Elastik", husberg@lehtori.cc.tut.fi]
0	string		EMOD		Extended MOD sound data,
>4	byte&0xf0	x		version %d
>4	byte&0x0f	x		\b.%d,
>45	byte		x		%d instruments
>83	byte		0		(module)
>83	byte		1		(song)

# Real Audio (Magic .ra\0375)
0	belong		0x2e7261fd	RealAudio sound file
0	string		.RMF		RealMedia file

# MTM/669/FAR/S3M/ULT/XM format checking [Aaron Eppert, aeppert@dialin.ind.net]
# Oct 31, 1995
# fixed by <doj@cubic.org> 2003-06-24
# Too short...
#0	string		MTM		MultiTracker Module sound file
#0	string		if		Composer 669 Module sound data
#0	string		JN		Composer 669 Module sound data (extended format)
0	string		MAS_U		ULT(imate) Module sound data

#0	string		FAR		Module sound data
#>4	string		>\15		Title: "%s"

0x2c	string		SCRM		ScreamTracker III Module sound data
>0	string		>\0		Title: "%s"

# Gravis UltraSound patches
# From <ache@nagual.ru>

0	string		GF1PATCH110\0ID#000002\0	GUS patch
0	string		GF1PATCH100\0ID#000002\0	Old GUS	patch

#
# Taken from loader code from mikmod version 2.14
# by Steve McIntyre (stevem@chiark.greenend.org.uk)
# <doj@cubic.org> added title printing on 2003-06-24
0	string	MAS_UTrack_V00
>14	string	>/0		ultratracker V1.%.1s module sound data

0	string	UN05		MikMod UNI format module sound data

0	string	Extended\ Module: Fasttracker II module sound data
>17	string	>\0		Title: "%s"

21	string/c	=!SCREAM!	Screamtracker 2 module sound data
21	string	BMOD2STM	Screamtracker 2 module sound data
1080	string	M.K.		4-channel Protracker module sound data
>0	string	>\0		Title: "%s"
1080	string	M!K!		4-channel Protracker module sound data
>0	string	>\0		Title: "%s"
1080	string	FLT4		4-channel Startracker module sound data
>0	string	>\0		Title: "%s"
1080	string	FLT8		8-channel Startracker module sound data
>0	string	>\0		Title: "%s"
1080	string	4CHN		4-channel Fasttracker module sound data
>0	string	>\0		Title: "%s"
1080	string	6CHN		6-channel Fasttracker module sound data
>0	string	>\0		Title: "%s"
1080	string	8CHN		8-channel Fasttracker module sound data
>0	string	>\0		Title: "%s"
1080	string	CD81		8-channel Octalyser module sound data
>0	string	>\0		Title: "%s"
1080	string	OKTA		8-channel Oktalyzer module sound data
>0	string	>\0		Title: "%s"
# Not good enough.
#1082	string	CH
#>1080	string	>/0		%.2s-channel Fasttracker "oktalyzer" module sound data
1080	string	16CN		16-channel Taketracker module sound data
>0	string	>\0		Title: "%s"
1080	string	32CN		32-channel Taketracker module sound data
>0	string	>\0		Title: "%s"

# TOC sound files -Trevor Johnson <trevor@jpj.net>
#
0       string          TOC             TOC sound file

# sidfiles <pooka@iki.fi>
# added name,author,(c) and new RSID type by <doj@cubic.org> 2003-06-24
0	string		SIDPLAY\ INFOFILE	Sidplay info file

0	string		PSID			PlaySID v2.2+ (AMIGA) sidtune
>4	beshort		>0			w/ header v%d,
>14	beshort		=1			single song,
>14	beshort		>1			%d songs,
>16	beshort		>0			default song: %d
>0x16	string		>\0			name: "%s"
>0x36	string		>\0			author: "%s"
>0x56	string		>\0			copyright: "%s"

0	string		RSID			RSID sidtune PlaySID compatible
>4	beshort		>0			w/ header v%d,
>14	beshort		=1			single song,
>14	beshort		>1			%d songs,
>16	beshort		>0			default song: %d
>0x16	string		>\0			name: "%s"
>0x36	string		>\0			author: "%s"
>0x56	string		>\0			copyright: "%s"

# IRCAM <mpruett@sgi.com>
# VAX and MIPS files are little-endian; Sun and NeXT are big-endian
0	belong		0x64a30100		IRCAM file (VAX)
0	belong		0x64a30200		IRCAM file (Sun)
0	belong		0x64a30300		IRCAM file (MIPS little-endian)
0	belong		0x64a30400		IRCAM file (NeXT)

# NIST SPHERE <mpruett@sgi.com>
0	string		NIST_1A\n\ \ \ 1024\n	NIST SPHERE file

# Sample Vision <mpruett@sgi.com>
0	string		SOUND\ SAMPLE\ DATA\ 	Sample Vision file

# Audio Visual Research <tonigonenstein@users.sourceforge.net>
0	string		2BIT			Audio Visual Research file,
>12	beshort		=0			mono,
>12	beshort		=-1			stereo,
>14	beshort		x			%d bits
>16	beshort		=0			unsigned,
>16	beshort		=-1			signed,
>22	belong&0x00ffffff	x		%d Hz,
>18	beshort		=0			no loop,
>18	beshort		=-1			loop,
>21	ubyte		<=127			note %d,
>22	byte		=0			replay 5.485 KHz
>22	byte		=1			replay 8.084 KHz
>22	byte		=2			replay 10.971 Khz
>22	byte		=3			replay 16.168 Khz
>22	byte		=4			replay 21.942 KHz
>22	byte		=5			replay 32.336 KHz
>22	byte		=6			replay 43.885 KHz
>22	byte		=7			replay 47.261 KHz

# SGI SoundTrack <mpruett@sgi.com>
0	string		_SGI_SoundTrack		SGI SoundTrack project file
# ID3 version 2 tags <waschk@informatik.uni-rostock.de>
0      string          ID3     Audio file with ID3 version 2
>3	ubyte	<0xff	\b%d.
>4	ubyte	<0xff	\b%d tag
>2584  string  fLaC            \b, FLAC encoding
>>2588 byte&0x7f               >0              \b, unknown version
>>2588 byte&0x7f               0               \b
# some common bits/sample values
>>>2600        beshort&0x1f0           0x030           \b, 4 bit
>>>2600        beshort&0x1f0           0x050           \b, 6 bit
>>>2600        beshort&0x1f0           0x070           \b, 8 bit
>>>2600        beshort&0x1f0           0x0b0           \b, 12 bit
>>>2600        beshort&0x1f0           0x0f0           \b, 16 bit
>>>2600        beshort&0x1f0           0x170           \b, 24 bit
>>>2600        byte&0xe                0x0             \b, mono
>>>2600        byte&0xe                0x2             \b, stereo
>>>2600        byte&0xe                0x4             \b, 3 channels
>>>2600        byte&0xe                0x6             \b, 4 channels
>>>2600        byte&0xe                0x8             \b, 5 channels
>>>2600        byte&0xe                0xa             \b, 6 channels
>>>2600        byte&0xe                0xc             \b, 7 channels
>>>2600        byte&0xe                0xe             \b, 8 channels
# some common sample rates
>>>2597        belong&0xfffff0         0x0ac440        \b, 44.1 kHz
>>>2597        belong&0xfffff0         0x0bb800        \b, 48 kHz
>>>2597        belong&0xfffff0         0x07d000        \b, 32 kHz
>>>2597        belong&0xfffff0         0x056220        \b, 22.05 kHz
>>>2597        belong&0xfffff0         0x05dc00        \b, 24 kHz
>>>2597        belong&0xfffff0         0x03e800        \b, 16 kHz
>>>2597        belong&0xfffff0         0x02b110        \b, 11.025 kHz
>>>2597        belong&0xfffff0         0x02ee00        \b, 12 kHz
>>>2597        belong&0xfffff0         0x01f400        \b, 8 kHz
>>>2597        belong&0xfffff0         0x177000        \b, 96 kHz
>>>2597        belong&0xfffff0         0x0fa000        \b, 64 kHz
>>>2601        byte&0xf                >0              \b, >4G samples
>2584  string  !fLaC           \b, MP3 encoding

# NSF (NES sound file) magic
0	string		NESM\x1a	NES Sound File
>14	string		>\0		("%s" by
>46	string		>\0		%s, copyright
>78	string		>\0		%s),
>5	byte		x		version %d,
>6	byte		x		%d tracks,
>122	byte&0x2	=1		dual PAL/NTSC
>122	byte&0x1	=1		PAL
>122	byte&0x1	=0		NTSC

# Impulse tracker module (audio/x-it)
0	string		IMPM		Impulse Tracker module sound data -
>4	string		>\0		"%s"
>40	leshort		!0		compatible w/ITv%x
>42	leshort		!0		created w/ITv%x

# Imago Orpheus module (audio/x-imf)
60	string		IM10		Imago Orpheus module sound data -
>0	string		>\0		"%s"

# From <collver1@attbi.com>
# These are the /etc/magic entries to decode modules, instruments, and
# samples in Impulse Tracker's native format.

0	string		IMPS		Impulse Tracker Sample
>18	byte		&2		16 bit
>18	byte		^2		8 bit
>18	byte		&4		stereo
>18	byte		^4		mono
0	string		IMPI		Impulse Tracker Instrument
>28	leshort		!0		ITv%x
>30	byte		!0		%d samples

# Yamaha TX Wave:  file(1) magic for Yamaha TX Wave audio files
# From <collver1@attbi.com>
0	string		LM8953		Yamaha TX Wave
>22	byte		0x49		looped
>22	byte		0xC9		non-looped
>23	byte		1		33kHz
>23	byte		2		50kHz
>23	byte		3		16kHz

# scream tracker:  file(1) magic for Scream Tracker sample files
#
# From <collver1@attbi.com>
76	string		SCRS		Scream Tracker Sample
>0	byte		1		sample
>0	byte		2		adlib melody
>0	byte		>2		adlib drum
>31	byte		&2		stereo
>31	byte		^2		mono
>31	byte		&4		16bit little endian
>31	byte		^4		8bit
>30	byte		0		unpacked
>30	byte		1		packed

# audio
# From: Cory Dikkers <cdikkers@swbell.net>
0	string		MMD0		MED music file, version 0
0	string		MMD1		OctaMED Pro music file, version 1
0	string		MMD3		OctaMED Soundstudio music file, version 3
0	string		OctaMEDCmpr	OctaMED Soundstudio compressed file
0	string		MED		MED_Song
0	string		SymM		Symphonie SymMOD music file
#
0	string		THX		AHX version
>3	byte		=0		1 module data
>3	byte		=1		2 module data
#
0	string		OKTASONG	Oktalyzer module data
#
0	string		DIGI\ Booster\ module\0	%s
>20	byte		>0		%c
>>21	byte		>0		\b%c
>>>22	byte		>0		\b%c
>>>>23	byte		>0		\b%c
>610	string		>\0		\b, "%s"
#
0	string		DBM0	   	DIGI Booster Pro Module
>4	byte		>0		V%X.
>>5	byte		x		\b%02X
>16	string		>\0		\b, "%s"
#
0	string		FTMN		FaceTheMusic module
>16	string		>\0d		\b, "%s"

# From: <doj@cubic.org> 2003-06-24
0	string		AMShdr\32	Velvet Studio AMS Module v2.2
0	string		Extreme		Extreme Tracker AMS Module v1.3
0	string		DDMF		Xtracker DMF Module
>4	byte		x		v%i
>0xD	string		>\0		Title: "%s"
>0x2B	string		>\0		Composer: "%s"
0	string		DSM\32		Dynamic Studio Module DSM
0	string		SONG		DigiTrekker DTM Module
0	string		DMDL		DigiTrakker MDL Module
0	string		PSM\32		Protracker Studio PSM Module
44	string		PTMF		Poly Tracker PTM Module
>0	string		>\32		Title: "%s"
0	string		MT20		MadTracker 2.0 Module MT2
0	string		RAD\40by\40REALiTY!! RAD Adlib Tracker Module RAD
0	string		RTMM		RTM Module
0x426	string		MaDoKaN96	XMS Adlib Module
>0	string		>\0		Composer: "%s"
0	string		AMF		AMF Module
>4	string		>\0		Title: "%s"
0	string		MODINFO1	Open Cubic Player Module Inforation MDZ
0	string		Extended\40Instrument: Fast Tracker II Instrument

# From: Takeshi Hamasaki <hma@syd.odn.ne.jp>
# NOA Nancy Codec file
0	string		\210NOA\015\012\032	NOA Nancy Codec Movie file
# Yamaha SMAF format
0	string		MMMD		Yamaha SMAF file
# Sharp Jisaku Melody format for PDC
0	string		\001Sharp\040JisakuMelody	SHARP Cell-Phone ringing Melody
>20	string		Ver01.00	Ver. 1.00
>>32	byte		x		, %d tracks

# Free lossless audio codec <http://flac.sourceforge.net>
# From: Przemyslaw Augustyniak <silvathraec@rpg.pl>
0	string			fLaC		FLAC audio bitstream data
>4	byte&0x7f		>0		\b, unknown version
>4	byte&0x7f		0		\b
# some common bits/sample values
>>20	beshort&0x1f0		0x030		\b, 4 bit
>>20	beshort&0x1f0		0x050		\b, 6 bit
>>20	beshort&0x1f0		0x070		\b, 8 bit
>>20	beshort&0x1f0		0x0b0		\b, 12 bit
>>20	beshort&0x1f0		0x0f0		\b, 16 bit
>>20	beshort&0x1f0		0x170		\b, 24 bit
>>20	byte&0xe		0x0		\b, mono
>>20	byte&0xe		0x2		\b, stereo
>>20	byte&0xe		0x4		\b, 3 channels
>>20	byte&0xe		0x6		\b, 4 channels
>>20	byte&0xe		0x8		\b, 5 channels
>>20	byte&0xe		0xa		\b, 6 channels
>>20	byte&0xe		0xc		\b, 7 channels
>>20	byte&0xe		0xe		\b, 8 channels
# some common sample rates
>>17	belong&0xfffff0		0x0ac440	\b, 44.1 kHz
>>17	belong&0xfffff0		0x0bb800	\b, 48 kHz
>>17	belong&0xfffff0		0x07d000	\b, 32 kHz
>>17	belong&0xfffff0		0x056220	\b, 22.05 kHz
>>17	belong&0xfffff0		0x05dc00	\b, 24 kHz
>>17	belong&0xfffff0		0x03e800	\b, 16 kHz
>>17	belong&0xfffff0		0x02b110	\b, 11.025 kHz
>>17	belong&0xfffff0		0x02ee00	\b, 12 kHz
>>17	belong&0xfffff0		0x01f400	\b, 8 kHz
>>17	belong&0xfffff0		0x177000	\b, 96 kHz
>>17	belong&0xfffff0		0x0fa000	\b, 64 kHz
>>21	byte&0xf		>0		\b, >4G samples
>>21	byte&0xf		0		\b
>>>22	belong			>0		\b, %u samples
>>>22	belong			0		\b, length unknown

# (ISDN) VBOX voice message file (Wolfram Kleff)
0       string          VBOX            VBOX voice message data

# ReBorn Song Files (.rbs)
# David J. Singer <doc@deadvirgins.org.uk>
8       string          RB40             RBS Song file
>29     string          ReBorn           created by ReBorn
>37     string          Propellerhead    created by ReBirth

# Synthesizer Generator and Kimwitu share their file format
0	string		A#S#C#S#S#L#V#3	    Synthesizer Generator or Kimwitu data
# Kimwitu++ uses a slightly different magic
0	string		A#S#C#S#S#L#HUB	    Kimwitu++ data

# From "Simon Hosie
0       string  TFMX-SONG       TFMX module sound data

# Monkey's Audio compressed audio format (.ape)
# From danny.milo@gmx.net (Danny Milosavljevic)
# New version from Abel Cheung <abel (@) oaka.org>
0		string		MAC\040		Monkey's Audio compressed format
>4		uleshort	>0x0F8B		version %d
>>(0x08.l)	uleshort	=1000		with fast compression
>>(0x08.l)	uleshort	=2000		with normal compression
>>(0x08.l)	uleshort	=3000		with high compression
>>(0x08.l)	uleshort	=4000		with extra high compression
>>(0x08.l)	uleshort	=5000		with insane compression
>>(0x08.l+18)	uleshort	=1		\b, mono
>>(0x08.l+18)	uleshort	=2		\b, stereo
>>(0x08.l+20)	ulelong		x		\b, sample rate %d
>4		uleshort	<0x0F8C		version %d
>>6		uleshort	=1000		with fast compression
>>6		uleshort	=2000		with normal compression
>>6		uleshort	=3000		with high compression
>>6		uleshort	=4000		with extra high compression
>>6		uleshort	=5000		with insane compression
>>10		uleshort	=1		\b, mono
>>10		uleshort	=2		\b, stereo
>>12		ulelong		x		\b, sample rate %d

# adlib sound files
# From Gürkan Sengün <gurkan@linuks.mine.nu>, http://www.linuks.mine.nu
0    	string		RAWADATA	RdosPlay RAW

1068	string		RoR		AMUSIC Adlib Tracker

0	string		JCH		EdLib

0	string		mpu401tr	MPU-401 Trakker

0	string		SAdT		Surprise! Adlib Tracker
>4	byte		x		Version %d

0	string		XAD!		eXotic ADlib

0	string		ofTAZ!		eXtra Simple Music

# Spectrum 128 tunes (.ay files).
# From: Emanuel Haupt <ehaupt@critical.ch>
0	string		ZXAYEMUL	Spectrum 128 tune

# From: Alex Beregszaszi <alex@fsn.hu>
0	string		MP+		Musepack
>3	byte&0x0f	x		SV%d

0	string		\0BONK		BONK,
#>5	byte		x		version %d
>14	byte		x		%d channel(s),
>15	byte		=1		lossless,
>15	byte		=0		lossy,
>16	byte		x		mid-side

384	string		LockStream	LockStream Embedded file (mostly MP3 on old Nokia phones)

# format VQF (proprietary codec for sound)
# some infos on the header file available at :
# http://www.twinvq.org/english/technology_format.html
0	string		TWIN97012000	VQF data
>27	short		0		\b, Mono
>27	short		1		\b, Stereo
>31	short 		>0		\b, %d kbit/s
>35	short 		>0		\b, %d kHz

# Nelson A. de Oliveira (naoliv@gmail.com)
# .eqf
0	string	Winamp\ EQ\ library\ file	%s
# it will match only versions like v<digit>.<digit>
# Since I saw only eqf files with version v1.1 I think that it's OK
>23	string	x	\b%.4s
# .preset
0	string	\[Equalizer\ preset\]	XMMS equalizer preset
# .m3u
0	string	\#EXTM3U	M3U playlist
# .pls
0	string	\[playlist\]	PLS playlist
# licq.conf
1	string	\[licq\]	LICQ configuration file
#----------------------------------------------------------------
# basis: file(1) magic for BBx/Pro5-files
#      Oliver Dammer <dammer@olida.de>	 2005/11/07
# http://www.basis.com business-basic-files.
#
0	string		\074\074bbx\076\076	BBx
>7	string		\000			indexed file
>7	string		\001			serial file
>7	string		\002			keyed file
>>13	short		0			(sort)
>7	string		\004			program
>>18	byte		x			(LEVEL %d)
>>>23	string		>\000			psaved
>7	string		\006			mkeyed file
>>13	short		0			(sort)
>>8	string		\000			(mkey)
#------------------------------------------------------------------------------
# bFLT: file(1) magic for BFLT uclinux binary files
#
# From Philippe De Muyter <phdm@macqel.be>
#
0	string		bFLT		BFLT executable
>4	belong		x		- version %ld
>4	belong		4
>>36	belong&0x1	0x1		ram
>>36	belong&0x2	0x2		gotpic
>>36	belong&0x4	0x4		gzip
>>36	belong&0x8	0x8		gzdata
#------------------------------------------------------------------------------
# blender: file(1) magic for Blender 3D data files
#
# Coded by Guillermo S. Romero <gsromero@alumnos.euitt.upm.es> using the
# data from Ton Roosendaal <ton@blender.nl>. Ton or his company do not
# support the rule, so mail GSR if problems with it. Rule version: 1.1.
# You can get latest version with comments and details about the format
# at http://acd.asoc.euitt.upm.es/~gsromero/3d/blender/magic.blender

0	string	=BLENDER	Blender3D,
>7	string	=_		saved as 32-bits
>7      string	=-		saved as 64-bits
>8	string	=v		little endian
>8	string	=V		big endian
>9	byte	x		with version %c.
>10	byte	x		\b%c
>11	byte	x		\b%c

#------------------------------------------------------------------------------
# blit:  file(1) magic for 68K Blit stuff as seen from 680x0 machine
#
# Note that this 0407 conflicts with several other a.out formats...
#
# XXX - should this be redone with "be" and "le", so that it works on
# little-endian machines as well?  If so, what's the deal with
# "VAX-order" and "VAX-order2"?
#
#0	long		0407		68K Blit (standalone) executable
#0	short		0407		VAX-order2 68K Blit (standalone) executable
0	short		03401		VAX-order 68K Blit (standalone) executable
0	long		0406		68k Blit mpx/mux executable
0	short		0406		VAX-order2 68k Blit mpx/mux executable
0	short		03001		VAX-order 68k Blit mpx/mux executable
# Need more values for WE32 DMD executables.
# Note that 0520 is the same as COFF
#0	short		0520		tty630 layers executable
#
# i80960 b.out objects and archives
#
0	long		0x10d		i960 b.out relocatable object
>16	long		>0		not stripped
#
# b.out archive (hp-rt on i960)
0	string		=!<bout>	b.out archive
>8	string		__.SYMDEF	random library
#------------------------------------------------------------------------------
# bsdi:  file(1) magic for BSD/OS (from BSDI) objects
#

0	lelong		0314		386 compact demand paged pure executable
>16	lelong		>0		not stripped
>32	byte		0x6a		(uses shared libs)

0	lelong		0407		386 executable
>16	lelong		>0		not stripped
>32	byte		0x6a		(uses shared libs)

0	lelong		0410		386 pure executable
>16	lelong		>0		not stripped
>32	byte		0x6a		(uses shared libs)

0	lelong		0413		386 demand paged pure executable
>16	lelong		>0		not stripped
>32	byte		0x6a		(uses shared libs)

# same as in SunOS 4.x, except for static shared libraries
0	belong&077777777	0600413		sparc demand paged
>0	byte		&0x80
>>20	belong		<4096		shared library
>>20	belong		=4096		dynamically linked executable
>>20	belong		>4096		dynamically linked executable
>0	byte		^0x80		executable
>16	belong		>0		not stripped
>36	belong		0xb4100001	(uses shared libs)

0	belong&077777777	0600410		sparc pure
>0	byte		&0x80		dynamically linked executable
>0	byte		^0x80		executable
>16	belong		>0		not stripped
>36	belong		0xb4100001	(uses shared libs)

0	belong&077777777	0600407		sparc
>0	byte		&0x80		dynamically linked executable
>0	byte		^0x80		executable
>16	belong		>0		not stripped
>36	belong		0xb4100001	(uses shared libs)
#------------------------------------------------------------------------------
# BTSnoop:  file(1) magic for BTSnoop files
#
# From <marcel@holtmann.org>
0	string		btsnoop\0		BTSnoop
>8	belong		x			version %d,
>12	belong		1001			Unencapsulated HCI
>12	belong		1002			HCI UART (H4)
>12	belong		1003			HCI BCSP
>12	belong		1004			HCI Serial (H5)
>>12	belong		x			type %d

#------------------------------------------------------------------------------
# autocad:  file(1) magic for cad files
#

# AutoCAD DWG versions R13/R14 (www.autodesk.com)
# Written December 01, 2003 by Lester Hightower
# Based on the DWG File Format Specifications at http://www.opendwg.org/
0	string	       \101\103\061\060\061		   AutoCAD
>5	string	       \062\000\000\000\000		   DWG ver. R13
>5	string	       \064\000\000\000\000		   DWG ver. R14

# Microstation DGN/CIT Files (www.bentley.com)
# Last updated July 29, 2005 by Lester Hightower
# DGN is the default file extension of Microstation/Intergraph CAD files.
# CIT is the proprietary raster format (similar to TIFF) used to attach
# raster underlays to Microstation DGN (vector) drawings.
# 
# http://www.wotsit.org/search.asp
# http://filext.com/detaillist.php?extdetail=DGN
# http://filext.com/detaillist.php?extdetail=CIT
#
# http://www.bentley.com/products/default.cfm?objectid=97F351F5-9C35-4E5E-89C2
# 3F86C928&method=display&p_objectid=97F351F5-9C35-4E5E-89C280A93F86C928
# http://www.bentley.com/products/default.cfm?objectid=A5C2FD43-3AC9-4C71-B682
# 721C479F&method=display&p_objectid=A5C2FD43-3AC9-4C71-B682C7BE721C479F
0	string	\010\011\376			Microstation
>3	string	\002
>>30	string	\026\105			DGNFile
>>30	string	\034\105			DGNFile
>>30	string	\073\107			DGNFile
>>30	string	\073\110			DGNFile
>>30	string	\106\107			DGNFile
>>30	string	\110\103			DGNFile
>>30	string	\120\104			DGNFile
>>30	string	\172\104			DGNFile
>>30	string	\172\105			DGNFile
>>30	string	\234\106			DGNFile
>>30	string	\273\105			DGNFile
>>30	string	\306\106			DGNFile
>>30	string	\310\104			DGNFile
>>30	string	\341\104			DGNFile
>>30	string	\372\103			DGNFile
>>30	string	\372\104			DGNFile
>>30	string	\372\106			DGNFile
>>30	string	\376\103			DGNFile
>4	string	\030\000\000			CITFile
>4	string	\030\000\003			CITFile

# AutoCad, from Nahuel Greco
# AutoCAD DWG versions R12/R13/R14 (www.autodesk.com)
0	string AC1012	AutoCad (release 12)
0	string AC1013	AutoCad (release 13)
0	string AC1014	AutoCad (release 14)

#------------------------------------------------------------------------------
# c-lang:  file(1) magic for C programs (or REXX)
#

# XPM icons (Greg Roelofs, newt@uchicago.edu)
# if you uncomment "/*" for C/REXX below, also uncomment this entry
#0	string		/*\ XPM\ */	X pixmap image data

# this first will upset you if you're a PL/1 shop...
# in which case rm it; ascmagic will catch real C programs
#0	string		/*		C or REXX program text
#0	string		//		C++ program text

# From: Mikhail Teterin <mi@aldan.algebra.com> 
0	string		cscope		cscope reference data
>7	string		x		version %.2s
# We skip the path here, because it is often long (so file will
# truncate it) and mostly redundant.
# The inverted index functionality was added some time betwen
# versions 11 and 15, so look for -q if version is above 14:
>7	string		>14
>>10	regex		.+\ -q\		with inverted index
>10	regex		.+\ -c\		text (non-compressed)

#------------------------------------------------------------------------------
# c64:  file(1) magic for various commodore 64 related files
#
# From: Dirk Jagdmann <doj@cubic.org>

0x16500	belong		0x12014100	D64 Image
0x16500	belong		0x12014180	D71 Image
0x61800 belong		0x28034400	D81 Image
0	string		C64\40CARTRIDGE	CCS C64 Emultar Cartridge Image
0	belong		0x43154164	X64 Image

0	string		GCR-1541	GCR Image
>8	byte		x		version: %i
>9	byte		x		tracks: %i

9	string		PSUR		ARC archive (c64)
2	string		-LH1-		LHA archive (c64)

0	string		C64File		PC64 Emulator file
>8	string		>\0		"%s"
0	string		C64Image	PC64 Freezer Image

0	beshort		0x38CD		C64 PCLink Image
0	string		CBM\144\0\0	Power 64 C64 Emulator Snapshot

0	belong		0xFF424CFF	WRAptor packer (c64)

0	string		C64S\x20tape\x20file	T64 tape Image
>32	leshort		x		Version:0x%x
>36	leshort		!0		Entries:%i
>40	string		x		Name:%.24s

0	string		C64\x20tape\x20image\x20file\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0	T64 tape Image
>32	leshort		x		Version:0x%x
>36	leshort		!0		Entries:%i
>40	string		x		Name:%.24s

0	string		C64S\x20tape\x20image\x20file\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0	T64 tape Image
>32	leshort		x		Version:0x%x
>36	leshort		!0		Entries:%i
>40	string		x		Name:%.24s

#------------------------------------------------------------------------------
# CDDB: file(1) magic for CDDB(tm) format CD text data files
#
# From <steve@gracenote.com>
#
# This is the /etc/magic entry to decode datafiles as used by
# CDDB-enabled CD player applications.
#

0       string/b        #\040xmcd               CDDB(tm) format CD text data

#------------------------------------------------------------------------------
# chord: file(1) magic for Chord music sheet typesetting utility input files
#
# From Philippe De Muyter <phdm@macqel.be>
# File format is actually free, but many distributed files begin with `{title'
#
0	string		{title		Chord text file

#------------------------------------------------------------------------------
# cisco:  file(1) magic for cisco Systems routers
#
# Most cisco file-formats are covered by the generic elf code
#
# Microcode files are non-ELF, 0x8501 conflicts with NetBSD/alpha.
0	belong&0xffffff00	0x85011400  cisco IOS microcode
>7	string		>\0		    for '%s'
0	belong&0xffffff00	0x8501cb00  cisco IOS experimental microcode
>7	string		>\0		    for '%s'
#------------------------------------------------------------------------------
# citrus locale declaration
#

0	string		RuneCT		Citrus locale declaration for LC_CTYPE

#------------------------------------------------------------------------------
# claris:  file(1) magic for claris
# "H. Nanosecond" <aldomel@ix.netcom.com>
# Claris Works a word processor, etc.
# Version 3.0

# .pct claris works clip art files
#0000000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000
#*
#0001000 #010 250 377 377 377 377 000 213 000 230 000 021 002 377 014 000
#null to byte 1000 octal
514	string	\377\377\377\377\000	Claris clip art?
>0	string	\0\0\0\0\0\0\0\0\0\0\0\0\0	yes.
514	string	\377\377\377\377\001	Claris clip art?
>0	string	\0\0\0\0\0\0\0\0\0\0\0\0\0	yes.

# Claris works files
# .cwk
0	string	\002\000\210\003\102\117\102\117\000\001\206 Claris works document
# .plt
0	string	\020\341\000\000\010\010	Claris Works pallete files .plt

# .msp a dictionary file I am not sure about this I have only one .msp file
0	string	\002\271\262\000\040\002\000\164	Claris works dictionary

# .usp are user dictionary bits
# I am not sure about a magic header:
#0000000 001 123 160 146 070 125 104 040 136 123 015 012 160 157 144 151
#        soh   S   p   f   8   U   D  sp   ^   S  cr  nl   p   o   d   i
#0000020 141 164 162 151 163 164 040 136 123 015 012 144 151 166 040 043
#          a   t   r   i   s   t  sp   ^   S  cr  nl   d   i   v  sp   #

# .mth Thesaurus
# starts with \0 but no magic header

# .chy Hyphenation file
# I am not sure: 000 210 034 000 000

# other claris files
#./windows/claris/useng.ndx: data
#./windows/claris/xtndtran.l32: data
#./windows/claris/xtndtran.lst: data
#./windows/claris/clworks.lbl: data
#./windows/claris/clworks.prf: data
#./windows/claris/userd.spl: data

#------------------------------------------------------------------------------
# clipper:  file(1) magic for Intergraph (formerly Fairchild) Clipper.
#
# XXX - what byte order does the Clipper use?
#
# XXX - what's the "!" stuff:
#
# >18	short		!074000,000000	C1 R1 
# >18	short		!074000,004000	C2 R1
# >18	short		!074000,010000	C3 R1
# >18	short		!074000,074000	TEST
#
# I shall assume it's ANDing the field with the first value and
# comparing it with the second, and rewrite it as:
#
# >18	short&074000	000000		C1 R1 
# >18	short&074000	004000		C2 R1
# >18	short&074000	010000		C3 R1
# >18	short&074000	074000		TEST
#
# as SVR3.1's "file" doesn't support anything of the "!074000,000000"
# sort, nor does SunOS 4.x, so either it's something Intergraph added
# in CLIX, or something AT&T added in SVR3.2 or later, or something
# somebody else thought was a good idea; it's not documented in the
# man page for this version of "magic", nor does it appear to be
# implemented (at least not after I blew off the bogus code to turn
# old-style "&"s into new-style "&"s, which just didn't work at all).
#
0	short		0575		CLIPPER COFF executable (VAX #)
>20	short		0407		(impure)
>20	short		0410		(5.2 compatible)
>20	short		0411		(pure)
>20	short		0413		(demand paged)
>20	short		0443		(target shared library)
>12	long		>0		not stripped
>22	short		>0		- version %ld
0	short		0577		CLIPPER COFF executable
>18	short&074000	000000		C1 R1 
>18	short&074000	004000		C2 R1
>18	short&074000	010000		C3 R1
>18	short&074000	074000		TEST
>20	short		0407		(impure)
>20	short		0410		(pure)
>20	short		0411		(separate I&D)
>20	short		0413		(paged)
>20	short		0443		(target shared library)
>12	long		>0		not stripped
>22	short		>0		- version %ld
>48	long&01		01		alignment trap enabled
>52	byte		1		-Ctnc
>52	byte		2		-Ctsw
>52	byte		3		-Ctpw
>52	byte		4		-Ctcb
>53	byte		1		-Cdnc
>53	byte		2		-Cdsw
>53	byte		3		-Cdpw
>53	byte		4		-Cdcb
>54	byte		1		-Csnc
>54	byte		2		-Cssw
>54	byte		3		-Cspw
>54	byte		4		-Cscb
4	string		pipe		CLIPPER instruction trace
4	string		prof		CLIPPER instruction profile

#------------------------------------------------------------------------------
# spec:  file(1) magic for SPEC raw results (*.raw, *.rsf)
#
# Cloyce D. Spradling <cloyce@headgear.org>

0	string	spec			SPEC
>4	string	.cpu			CPU
>>8	string	<:			\b%.4s
>>12	string	.			raw result text

17	string	version=SPECjbb		SPECjbb
>32	string	<:			\b%.4s
>>37	string	<:			v%.4s raw result text

0	string	BEGIN\040SPECWEB	SPECweb
>13	string	<:			\b%.2s
>>15	string	_SSL			\b_SSL
>>>20	string	<:			v%.4s raw result text
>>16	string	<:			v%.4s raw result text

#------------------------------------------------------------------------------
# commands:  file(1) magic for various shells and interpreters
#
0	string		:			shell archive or script for antique kernel text
0	string/b	#!\ /bin/sh		Bourne shell script text executable
0	string/b	#!\ /bin/csh		C shell script text executable
# korn shell magic, sent by George Wu, gwu@clyde.att.com
0	string/b	#!\ /bin/ksh		Korn shell script text executable
0	string/b 	#!\ /bin/tcsh		Tenex C shell script text executable
0	string/b 	#!\ /usr/local/tcsh	Tenex C shell script text executable
0	string/b	#!\ /usr/local/bin/tcsh	Tenex C shell script text executable

#
# zsh/ash/ae/nawk/gawk magic from cameron@cs.unsw.oz.au (Cameron Simpson)
0	string/b	#!\ /bin/zsh		Paul Falstad's zsh script text executable
0	string/b	#!\ /usr/bin/zsh	Paul Falstad's zsh script text executable
0	string/b	#!\ /usr/local/bin/zsh	Paul Falstad's zsh script text executable
0	string/b	#!\ /usr/local/bin/ash	Neil Brown's ash script text executable
0	string/b	#!\ /usr/local/bin/ae	Neil Brown's ae script text executable
0	string/b	#!\ /bin/nawk		new awk script text executable
0	string/b	#!\ /usr/bin/nawk	new awk script text executable
0	string/b	#!\ /usr/local/bin/nawk	new awk script text executable
0	string/b	#!\ /bin/gawk		GNU awk script text executable
0	string/b	#!\ /usr/bin/gawk	GNU awk script text executable
0	string/b	#!\ /usr/local/bin/gawk	GNU awk script text executable
#
0	string/b	#!\ /bin/awk		awk script text executable
0	string/b	#!\ /usr/bin/awk	awk script text executable
# update to distinguish from *.vcf files
#0	regex		[^'"]BEGIN[[:space:]]*[{]	awk script text

# AT&T Bell Labs' Plan 9 shell
0	string/b	#!\ /bin/rc	Plan 9 rc shell script text executable

# bash shell magic, from Peter Tobias (tobias@server.et-inf.fho-emden.de)
0	string/b	#!\ /bin/bash	Bourne-Again shell script text executable
0	string/b	#!\ /usr/local/bin/bash	Bourne-Again shell script text executable

# using env
0	string		#!/usr/bin/env		a
>15	string		>\0			%s script text executable
0	string		#!\ /usr/bin/env	a
>16	string		>\0			%s script text executable

# PHP scripts
# Ulf Harnhammar <ulfh@update.uu.se>
0	string/c	=<?php			PHP script text
0	string		=<?\n			PHP script text
0	string		=<?\r			PHP script text
0	string/b	#!\ /usr/local/bin/php	PHP script text executable
0	string/b	#!\ /usr/bin/php	PHP script text executable

0	string		Zend\x00		PHP script Zend Optimizer data

#----------------------------------------------------------------------------
# communication

# TTCN is the Tree and Tabular Combined Notation described in ISO 9646-3.
# It is used for conformance testing of communication protocols.
# Added by W. Borgert <debacle@debian.org>.
0	string		$Suite			TTCN Abstract Test Suite
>&1	string		$SuiteId
>>&1	string		>\n			%s
>&2	string		$SuiteId
>>&1	string		>\n			%s
>&3	string		$SuiteId
>>&1	string		>\n			%s

# MSC (message sequence charts) are a formal description technique,
# described in ITU-T Z.120, mainly used for communication protocols.
# Added by W. Borgert <debacle@debian.org>.
0	string		mscdocument	Message Sequence Chart (document)
0	string		msc		Message Sequence Chart (chart)
0	string		submsc		Message Sequence Chart (subchart)

#------------------------------------------------------------------------------
# compress:  file(1) magic for pure-compression formats (no archives)
#
# compress, gzip, pack, compact, huf, squeeze, crunch, freeze, yabba, etc.
#
# Formats for various forms of compressed data
# Formats for "compress" proper have been moved into "compress.c",
# because it tries to uncompress it to figure out what's inside.

# standard unix compress
0	string		\037\235	compress'd data
>2	byte&0x80	>0		block compressed
>2	byte&0x1f	x		%d bits

# gzip (GNU zip, not to be confused with Info-ZIP or PKWARE zip archiver)
#   Edited by Chris Chittleborough <cchittleborough@yahoo.com.au>, March 2002
#	* Original filename is only at offset 10 if "extra field" absent
#	* Produce shorter output - notably, only report compression methods
#	  other than 8 ("deflate", the only method defined in RFC 1952).
0       string          \037\213        gzip compressed data
>2	byte		<8		\b, reserved method
>2	byte		>8		\b, unknown method
>3	byte		&0x01		\b, ASCII
>3	byte		&0x02		\b, has CRC
>3	byte		&0x04		\b, extra field
>3	byte&0xC	=0x08
>>10	string		x		\b, was "%s"
>3	byte		&0x10		\b, has comment
>9	byte		=0x00		\b, from FAT filesystem (MS-DOS, OS/2, NT)
>9	byte		=0x01		\b, from Amiga
>9	byte		=0x02		\b, from VMS
>9	byte		=0x03		\b, from Unix
>9	byte		=0x04		\b, from VM/CMS
>9	byte		=0x05		\b, from Atari
>9	byte		=0x06		\b, from HPFS filesystem (OS/2, NT)
>9	byte		=0x07		\b, from MacOS
>9	byte		=0x08		\b, from Z-System
>9	byte		=0x09		\b, from CP/M
>9	byte		=0x0A		\b, from TOPS/20
>9	byte		=0x0B		\b, from NTFS filesystem (NT)
>9	byte		=0x0C		\b, from QDOS
>9	byte		=0x0D		\b, from Acorn RISCOS
>3	byte		&0x10		\b, comment
>3	byte		&0x20		\b, encrypted
>4	ledate		>0		\b, last modified: %s
>8	byte		2		\b, max compression
>8	byte		4		\b, max speed

# packed data, Huffman (minimum redundancy) codes on a byte-by-byte basis
0	string		\037\036	packed data
>2	belong		>1		\b, %d characters originally
>2	belong		=1		\b, %d character originally
#
# This magic number is byte-order-independent.
0	short		0x1f1f		old packed data

# XXX - why *two* entries for "compacted data", one of which is
# byte-order independent, and one of which is byte-order dependent?
#
0	short		0x1fff		compacted data
# This string is valid for SunOS (BE) and a matching "short" is listed
# in the Ultrix (LE) magic file.
0	string		\377\037	compacted data
0	short		0145405		huf output

# bzip2
0	string		BZh		bzip2 compressed data
>3	byte		>47		\b, block size = %c00k

# squeeze and crunch
# Michael Haardt <michael@cantor.informatik.rwth-aachen.de>
0	beshort		0x76FF		squeezed data,
>4	string		x		original name %s
0	beshort		0x76FE		crunched data,
>2	string		x		original name %s
0	beshort		0x76FD		LZH compressed data,
>2	string		x		original name %s

# Freeze
0	string		\037\237	frozen file 2.1
0	string		\037\236	frozen file 1.0 (or gzip 0.5)

# SCO compress -H (LZH)
0	string		\037\240	SCO compress -H (LZH) data

# European GSM 06.10 is a provisional standard for full-rate speech
# transcoding, prI-ETS 300 036, which uses RPE/LTP (residual pulse
# excitation/long term prediction) coding at 13 kbit/s.
#
# There's only a magic nibble (4 bits); that nibble repeats every 33
# bytes.  This isn't suited for use, but maybe we can use it someday.
#
# This will cause very short GSM files to be declared as data and
# mismatches to be declared as data too!
#0	byte&0xF0	0xd0		data
#>33	byte&0xF0	0xd0
#>66	byte&0xF0	0xd0
#>99	byte&0xF0	0xd0
#>132	byte&0xF0	0xd0		GSM 06.10 compressed audio

# bzip	a block-sorting file compressor
#	by Julian Seward <sewardj@cs.man.ac.uk> and others
#
0	string		BZ		bzip compressed data
>2	byte		x		\b, version: %c
>3	string		=1		\b, compression block size 100k
>3	string		=2		\b, compression block size 200k
>3	string		=3		\b, compression block size 300k
>3	string		=4		\b, compression block size 400k
>3	string		=5		\b, compression block size 500k
>3	string		=6		\b, compression block size 600k
>3	string		=7		\b, compression block size 700k
>3	string		=8		\b, compression block size 800k
>3	string		=9		\b, compression block size 900k

# lzop from <markus.oberhumer@jk.uni-linz.ac.at>
0	string		\x89\x4c\x5a\x4f\x00\x0d\x0a\x1a\x0a	lzop compressed data
>9	beshort		<0x0940
>>9	byte&0xf0	=0x00		- version 0.
>>9	beshort&0x0fff	x		\b%03x,
>>13	byte		1		LZO1X-1,
>>13	byte		2		LZO1X-1(15),
>>13	byte		3		LZO1X-999,
## >>22	bedate		>0		last modified: %s,
>>14	byte		=0x00		os: MS-DOS
>>14	byte		=0x01		os: Amiga
>>14	byte		=0x02		os: VMS
>>14	byte		=0x03		os: Unix
>>14	byte		=0x05		os: Atari
>>14	byte		=0x06		os: OS/2
>>14	byte		=0x07		os: MacOS
>>14	byte		=0x0A		os: Tops/20
>>14	byte		=0x0B		os: WinNT
>>14	byte		=0x0E		os: Win32
>9	beshort		>0x0939
>>9	byte&0xf0	=0x00		- version 0.
>>9	byte&0xf0	=0x10		- version 1.
>>9	byte&0xf0	=0x20		- version 2.
>>9	beshort&0x0fff	x		\b%03x,
>>15	byte		1		LZO1X-1,
>>15	byte		2		LZO1X-1(15),
>>15	byte		3		LZO1X-999,
## >>25	bedate		>0		last modified: %s,
>>17	byte		=0x00		os: MS-DOS
>>17	byte		=0x01		os: Amiga
>>17	byte		=0x02		os: VMS
>>17	byte		=0x03		os: Unix
>>17	byte		=0x05		os: Atari
>>17	byte		=0x06		os: OS/2
>>17	byte		=0x07		os: MacOS
>>17	byte		=0x0A		os: Tops/20
>>17	byte		=0x0B		os: WinNT
>>17	byte		=0x0E		os: Win32

# 4.3BSD-Quasijarus Strong Compression
# http://minnie.tuhs.org/Quasijarus/compress.html
0	string		\037\241	Quasijarus strong compressed data

# From: Cory Dikkers <cdikkers@swbell.net>
0	string		XPKF		Amiga xpkf.library compressed data
0	string		PP11		Power Packer 1.1 compressed data
0	string		PP20		Power Packer 2.0 compressed data,
>4	belong		0x09090909	fast compression
>4	belong		0x090A0A0A	mediocre compression
>4	belong		0x090A0B0B	good compression
>4	belong		0x090A0C0C	very good compression
>4	belong		0x090A0C0D	best compression

# 7-zip archiver, from Thomas Klausner (wiz@danbala.tuwien.ac.at)
# http://www.7-zip.org or DOC/7zFormat.txt 
#
0	string		7z\274\257\047\034	7-zip archive data,
>6	byte		x			version %d
>7	byte		x			\b.%d

# AFX compressed files (Wolfram Kleff)
2	string		-afx-		AFX compressed file data

# Supplementary magic data for the file(1) command to support
# rzip(1).  The format is described in magic(5).
#
# Copyright (C) 2003 by Andrew Tridgell.  You may do whatever you want with
# this file.
#
0	string		RZIP		rzip compressed data
>4	byte		x		- version %d
>5	byte		x		\b.%d
>6	belong		x		(%d bytes)

# LZMA
0	lelong&0x00ffffff	=0x00000005d
>12	leshort		=0x00ff		LZMA compressed data,
>>5	lelong		=0xffffffff	streamed
>>5	lelong		!0xffffffff	non-streamed, size %lld

# XZ
0	string		\xFD7zXZ\x00		xz compressed data
#------------------------------------------------------------------------------
# Console game magic
# Toby Deshane <hac@shoelace.digivill.net>
#    ines:  file(1) magic for Marat's iNES Nintendo Entertainment System
#           ROM dump format

0 string NES\032 iNES ROM dump,
>4 byte  x     %dx16k PRG
>5 byte  x     \b, %dx8k CHR
>6 byte&0x01  =0x1  \b, [Vert.]
>6 byte&0x01  =0x0  \b, [Horiz.]
>6 byte&0x02  =0x2  \b, [SRAM]
>6 byte&0x04  =0x4  \b, [Trainer]
>6 byte&0x04  =0x8  \b, [4-Scr]

#------------------------------------------------------------------------------
# gameboy:  file(1) magic for the Nintendo (Color) Gameboy raw ROM format
#
0x104 belong 0xCEED6666 Gameboy ROM:
>0x134 string >\0 "%.16s"
>0x146 byte 0x03  \b,[SGB]
>0x147 byte 0x00  \b, [ROM ONLY]
>0x147 byte 0x01  \b, [ROM+MBC1]
>0x147 byte 0x02  \b, [ROM+MBC1+RAM]
>0x147 byte 0x03  \b, [ROM+MBC1+RAM+BATT]
>0x147 byte 0x05  \b, [ROM+MBC2]
>0x147 byte 0x06  \b, [ROM+MBC2+BATTERY]
>0x147 byte 0x08  \b, [ROM+RAM]
>0x147 byte 0x09  \b, [ROM+RAM+BATTERY]
>0x147 byte 0x0B  \b, [ROM+MMM01]
>0x147 byte 0x0C  \b, [ROM+MMM01+SRAM]
>0x147 byte 0x0D  \b, [ROM+MMM01+SRAM+BATT]
>0x147 byte 0x0F  \b, [ROM+MBC3+TIMER+BATT]
>0x147 byte 0x10  \b, [ROM+MBC3+TIMER+RAM+BATT]
>0x147 byte 0x11  \b, [ROM+MBC3]
>0x147 byte 0x12  \b, [ROM+MBC3+RAM]
>0x147 byte 0x13  \b, [ROM+MBC3+RAM+BATT]
>0x147 byte 0x19  \b, [ROM+MBC5]
>0x147 byte 0x1A  \b, [ROM+MBC5+RAM]
>0x147 byte 0x1B  \b, [ROM+MBC5+RAM+BATT]
>0x147 byte 0x1C  \b, [ROM+MBC5+RUMBLE]
>0x147 byte 0x1D  \b, [ROM+MBC5+RUMBLE+SRAM]
>0x147 byte 0x1E  \b, [ROM+MBC5+RUMBLE+SRAM+BATT]
>0x147 byte 0x1F  \b, [Pocket Camera]
>0x147 byte 0xFD  \b, [Bandai TAMA5]
>0x147 byte 0xFE  \b, [Hudson HuC-3]
>0x147 byte 0xFF  \b, [Hudson HuC-1]

>0x148 byte 0     \b, ROM: 256Kbit
>0x148 byte 1     \b, ROM: 512Kbit
>0x148 byte 2     \b, ROM: 1Mbit
>0x148 byte 3     \b, ROM: 2Mbit
>0x148 byte 4     \b, ROM: 4Mbit
>0x148 byte 5     \b, ROM: 8Mbit
>0x148 byte 6     \b, ROM: 16Mbit
>0x148 byte 0x52  \b, ROM: 9Mbit
>0x148 byte 0x53  \b, ROM: 10Mbit
>0x148 byte 0x54  \b, ROM: 12Mbit

>0x149 byte 1     \b, RAM: 16Kbit
>0x149 byte 2     \b, RAM: 64Kbit
>0x149 byte 3     \b, RAM: 128Kbit
>0x149 byte 4     \b, RAM: 1Mbit

#>0x14e long  x     \b, CRC: %x

#------------------------------------------------------------------------------
# genesis:  file(1) magic for the Sega MegaDrive/Genesis raw ROM format
#
0x100 string SEGA  Sega MegaDrive/Genesis raw ROM dump
>0x120 string >\0 Name: "%.16s"
>0x110 string >\0 %.16s
>0x1B0 string RA with SRAM

#------------------------------------------------------------------------------
# genesis:  file(1) magic for the Super MegaDrive ROM dump format
#
0x280 string EAGN  Super MagicDrive ROM dump
>0 byte x %dx16k blocks
>2 byte 0 \b, last in series or standalone
>2 byte >0 \b, split ROM
>8 byte 0xAA
>9 byte 0xBB

#------------------------------------------------------------------------------
# genesis:  file(1) alternate magic for the Super MegaDrive ROM dump format
#
0x280 string EAMG  Super MagicDrive ROM dump
>0 byte x %dx16k blocks
>2 byte x \b, last in series or standalone
>8 byte 0xAA
>9 byte 0xBB

#------------------------------------------------------------------------------
# smsgg:  file(1) magic for Sega Master System and Game Gear ROM dumps
#
# Does not detect all images.  Very preliminary guesswork.  Need more data
# on format.
#
# FIXME: need a little more info...;P
#
#0 byte 0xF3
#>1 byte 0xED  Sega Master System/Game Gear ROM dump
#>1 byte 0x31  Sega Master System/Game Gear ROM dump
#>1 byte 0xDB  Sega Master System/Game Gear ROM dump
#>1 byte 0xAF  Sega Master System/Game Gear ROM dump
#>1 byte 0xC3  Sega Master System/Game Gear ROM dump

#------------------------------------------------------------------------------
# dreamcast:  file(1) uncertain magic for the Sega Dreamcast VMU image format
#
0 belong 0x21068028   Sega Dreamcast VMU game image
0 string LCDi         Dream Animator file

#------------------------------------------------------------------------------
# v64: file(1) uncertain magic for the V64 format N64 ROM dumps
#
0 belong 0x37804012    V64 Nintendo 64 ROM dump

#------------------------------------------------------------------------------
# msx: file(1) magic for MSX game cartridge dumps
# Too simple - MPi
#0 beshort 0x4142 MSX game cartridge dump

#------------------------------------------------------------------------------
# Sony Playstation executables (Adam Sjoegren <asjo@diku.dk>) :
0	string	PS-X\ EXE	Sony Playstation executable
#  Area:
>113	string	x		(%s)

#------------------------------------------------------------------------------
# Microsoft Xbox executables .xbe (Esa Hyytiä <ehyytia@cc.hut.fi>)
0       string          XBEH            XBE, Microsoft Xbox executable
# probabilistic checks whether signed or not
>0x0004 ulelong =0x0
>>&2    ulelong =0x0
>>>&2   ulelong =0x0  \b, not signed
>0x0004 ulelong >0
>>&2    ulelong >0
>>>&2   ulelong >0    \b, signed
# expect base address of 0x10000
>0x0104               ulelong =0x10000
>>(0x0118-0x0FF60)    ulelong&0x80000007  0x80000007 \b, all regions
>>(0x0118-0x0FF60)    ulelong&0x80000007  !0x80000007
>>>(0x0118-0x0FF60)   ulelong >0           (regions:
>>>>(0x0118-0x0FF60)  ulelong &0x00000001  NA
>>>>(0x0118-0x0FF60)  ulelong &0x00000002  Japan
>>>>(0x0118-0x0FF60)  ulelong &0x00000004  Rest_of_World
>>>>(0x0118-0x0FF60)  ulelong &0x80000000  Manufacturer
>>>(0x0118-0x0FF60)   ulelong >0           \b)

# --------------------------------
# Microsoft Xbox data file formats
0       string          XIP0            XIP, Microsoft Xbox data
0       string          XTF0            XTF, Microsoft Xbox data

# Atari Lynx cartridge dump (EXE/BLL header)
# From: "Stefan A. Haubenthal" <polluks@web.de>

0	beshort		0x8008		Lynx cartridge,
>2	beshort		x		RAM start $%04x
>6	string		BS93

# Opera file system that is used on the 3DO console
# From: Serge van den Boom <svdb@stack.nl>
0	string		\x01ZZZZZ\x01	3DO "Opera" file system

# ----------------------------------------------------------------------------
# ctags:  file (1) magic for Exuberant Ctags files
# From: Alexander Mai <mai@migdal.ikp.physik.tu-darmstadt.de>
0       string  =!_TAG   Exuberant Ctags tag file text

#------------------------------------------------------------------------------
# dact:  file(1) magic for DACT compressed files
#
0	long		0x444354C3	DACT compressed data
>4	byte		>-1		(version %i.
>5	byte		>-1		$BS%i.
>6	byte		>-1		$BS%i)
>7	long		>0		$BS, original size: %i bytes
>15	long		>30		$BS, block size: %i bytes

#------------------------------------------------------------------------------
# database:  file(1) magic for various databases
#
# extracted from header/code files by Graeme Wilford (eep2gw@ee.surrey.ac.uk)
#
#
# GDBM magic numbers
#  Will be maintained as part of the GDBM distribution in the future.
#  <downsj@teeny.org>
0	belong	0x13579ace	GNU dbm 1.x or ndbm database, big endian
0	lelong	0x13579ace	GNU dbm 1.x or ndbm database, little endian
0	string	GDBM		GNU dbm 2.x database
#
# Berkeley DB
#
# Ian Darwin's file /etc/magic files: big/little-endian version.
#
# Hash 1.85/1.86 databases store metadata in network byte order.
# Btree 1.85/1.86 databases store the metadata in host byte order.
# Hash and Btree 2.X and later databases store the metadata in host byte order.

0	long	0x00061561	Berkeley DB
>8	belong	4321
>>4	belong	>2		1.86
>>4	belong	<3		1.85
>>4	belong	>0		(Hash, version %d, native byte-order)
>8	belong	1234
>>4	belong	>2		1.86
>>4	belong	<3		1.85
>>4	belong	>0		(Hash, version %d, little-endian)

0	belong	0x00061561	Berkeley DB
>8	belong	4321
>>4	belong	>2		1.86
>>4	belong	<3		1.85
>>4	belong	>0		(Hash, version %d, big-endian)
>8	belong	1234
>>4	belong	>2		1.86
>>4	belong	<3		1.85
>>4	belong	>0		(Hash, version %d, native byte-order)

0	long	0x00053162	Berkeley DB 1.85/1.86
>4	long	>0		(Btree, version %d, native byte-order)
0	belong	0x00053162	Berkeley DB 1.85/1.86
>4	belong	>0		(Btree, version %d, big-endian)
0	lelong	0x00053162	Berkeley DB 1.85/1.86
>4	lelong	>0		(Btree, version %d, little-endian)

12	long	0x00061561	Berkeley DB
>16	long	>0		(Hash, version %d, native byte-order)
12	belong	0x00061561	Berkeley DB
>16	belong	>0		(Hash, version %d, big-endian)
12	lelong	0x00061561	Berkeley DB
>16	lelong	>0		(Hash, version %d, little-endian)

12	long	0x00053162	Berkeley DB
>16	long	>0		(Btree, version %d, native byte-order)
12	belong	0x00053162	Berkeley DB
>16	belong	>0		(Btree, version %d, big-endian)
12	lelong	0x00053162	Berkeley DB
>16	lelong	>0		(Btree, version %d, little-endian)

12	long	0x00042253	Berkeley DB
>16	long	>0		(Queue, version %d, native byte-order)
12	belong	0x00042253	Berkeley DB
>16	belong	>0		(Queue, version %d, big-endian)
12	lelong	0x00042253	Berkeley DB
>16	lelong	>0		(Queue, version %d, little-endian)

# From Max Bowsher.
12	long	0x00040988	Berkeley DB
>16	long	>0		(Log, version %d, native byte-order)
12	belong	0x00040988	Berkeley DB 
>16	belong	>0		(Log, version %d, big-endian)
12	lelong	0x00040988	Berkeley DB
>16	lelong	>0		(Log, version %d, little-endian)

#
#
# Round Robin Database Tool by Tobias Oetiker <oetiker@ee.ethz.ch>
0	string	RRD		RRDTool DB
>4	string	x		version %s
#----------------------------------------------------------------------
# ROOT: file(1) magic for ROOT databases
#
0       string  root\0  ROOT file
>4      belong  x       Version %d
>33     belong  x       (Compression: %d)

# XXX: Weak magic.
# Alex Ott <ott@jet.msk.su>
## Paradox file formats
#2	  leshort	0x0800	Paradox 
#>0x39	  byte		3	v. 3.0 
#>0x39	  byte		4	v. 3.5 
#>0x39	  byte		9	v. 4.x 
#>0x39	  byte		10	v. 5.x 
#>0x39	  byte		11	v. 5.x 
#>0x39	  byte		12	v. 7.x 
#>>0x04	  byte		0	indexed .DB data file 
#>>0x04	  byte		1	primary index .PX file 
#>>0x04	  byte		2	non-indexed .DB data file 
#>>0x04	  byte		3	non-incrementing secondary index .Xnn file 
#>>0x04	  byte		4	secondary index .Ynn file 
#>>0x04	  byte		5	incrementing secondary index .Xnn file 
#>>0x04	  byte		6	non-incrementing secondary index .XGn file 
#>>0x04	  byte		7	secondary index .YGn file 
#>>>0x04	  byte		8	incrementing secondary index .XGn file 
## XBase database files
#0      byte       0x02	
#>8     leshort	  >0
#>>12   leshort    0	FoxBase 
#>>>0x04	lelong		0		(no records)
#>>>0x04	lelong		>0		(%ld records)
#
#0      byte       0x03	
#>8     leshort	  >0
#>>12   leshort    0	FoxBase+, FoxPro, dBaseIII+, dBaseIV, no memo 
#>>>0x04	lelong		0		(no records)
#>>>0x04	lelong		>0		(%ld records)
#
#0      byte       0x04	
#>8     leshort	  >0
#>>12   leshort    0	dBASE IV no memo file 
#>>>0x04	lelong		0		(no records)
#>>>0x04	lelong		>0		(%ld records)
#
#0      byte       0x05	
#>8     leshort	  >0
#>>12   leshort    0	dBASE V no memo file 
#>>>0x04	lelong		0		(no records)
#>>>0x04	lelong		>0		(%ld records)
#
#0      byte       0x30
#>8     leshort	  >0
#>>12   leshort    0	Visual FoxPro 
#>>>0x04	lelong		0		(no records)
#>>>0x04	lelong		>0		(%ld records)
#
#0      byte       0x43
#>8     leshort	  >0
#>>12   leshort    0	FlagShip with memo var size 
#>>>0x04	lelong		0		(no records)
#>>>0x04	lelong		>0		(%ld records)
#
#0      byte       0x7b
#>8     leshort	  >0
#>>12   leshort    0	dBASEIV with memo 
#>>>0x04	lelong		0		(no records)
#>>>0x04	lelong		>0		(%ld records)
#
#0      byte       0x83	
#>8     leshort	  >0
#>>12   leshort    0	FoxBase+, dBaseIII+ with memo 
#>>>0x04	lelong		0		(no records)
#>>>0x04	lelong		>0		(%ld records)
#
#0      byte       0x8b
#>8     leshort	  >0
#>>12   leshort    0	dBaseIV with memo 
#>>>0x04	lelong		0		(no records)
#>>>0x04	lelong		>0		(%ld records)
#
#0      byte       0x8e	
#>8     leshort	  >0
#>>12   leshort    0	dBaseIV with SQL Table 
#>>>0x04	lelong		0		(no records)
#>>>0x04	lelong		>0		(%ld records)
#
#0      byte       0xb3
#>8     leshort	  >0
#>>12   leshort    0	FlagShip with .dbt memo 
#>>>0x04	lelong		0		(no records)
#>>>0x04	lelong		>0		(%ld records)
#
#0      byte       0xf5
#>8     leshort	  >0
#>>12   leshort    0	FoxPro with memo 
#>>>0x04	lelong		0		(no records)
#>>>0x04	lelong		>0		(%ld records)
#
#0	leshort		0x0006		DBase 3 index file

# MS Access database
4	  string	Standard\ Jet\ DB	Microsoft Access Database

# TDB database from Samba et al - Martin Pool <mbp@samba.org>
0	string	TDB\ file		TDB database
>32	lelong	0x2601196D		version 6, little-endian
>>36	lelong	x			hash size %d bytes

# SE Linux policy database
0       lelong  0xf97cff8c      SE Linux policy
>16     lelong  x               v%d
>20     lelong  1      MLS
>24     lelong  x       %d symbols
>28     lelong  x       %d ocons

# ICE authority file data (Wolfram Kleff)
2	string		ICE		ICE authority data

# X11 Xauthority file (Wolfram Kleff)
10	string		MIT-MAGIC-COOKIE-1	X11 Xauthority data
11	string		MIT-MAGIC-COOKIE-1	X11 Xauthority data
12	string		MIT-MAGIC-COOKIE-1	X11 Xauthority data
13	string		MIT-MAGIC-COOKIE-1	X11 Xauthority data
14	string		MIT-MAGIC-COOKIE-1	X11 Xauthority data
15	string		MIT-MAGIC-COOKIE-1	X11 Xauthority data
16	string		MIT-MAGIC-COOKIE-1	X11 Xauthority data
17	string		MIT-MAGIC-COOKIE-1	X11 Xauthority data
18	string		MIT-MAGIC-COOKIE-1	X11 Xauthority data

# SQLite (Ty Sarna)
0	string	**\ This\ file\ contains\ an\ SQLite	SQLite Database
>&1	regex	[^\ ]+					Version %s

#------------------------------------------------------------------------------
# cracklib:  file (1) magic for cracklib v2.7

0	lelong	0x70775631	Cracklib password index, little endian
>4	long	>0		(%i words)
>4	long	0		("64-bit")
>>8	long	>-1		(%i words)
0	belong	0x70775631	Cracklib password index, big endian
>4	belong	>-1		(%i words)
# really bellong 0x0000000070775631
4	belong	0x70775631	Cracklib password index, big endian ("64-bit")
>12	belong	>0		(%i words)

#------------------------------------------------------------------------------
# diamond:  file(1) magic for Diamond system
#
# ... diamond is a multi-media mail and electronic conferencing system....
#
# XXX - I think it was either renamed Slate, or replaced by Slate....
#
#	The full deal is too long...
#0	string	<list>\n<protocol\ bbn-multimedia-format>	Diamond Multimedia Document
0	string	=<list>\n<protocol\ bbn-m	Diamond Multimedia Document

#------------------------------------------------------------------------------
# diff:  file(1) magic for diff(1) output
#
0	string		diff\ 	'diff' output text
0	string		***\ 		'diff' output text
0	string		Only\ in\ 	'diff' output text
0	string		Common\ subdirectories:\ 	'diff' output text

0	string		Index:		RCS/CVS diff output text
#  Digital UNIX - Info
#
0	string	=!<arch>\n________64E	Alpha archive
>22	string	X			-- out of date
#
# Alpha COFF Based Executables
# The stripped stuff really needs to be an 8 byte (64 bit) compare,
# but this works
0	leshort		0x183		COFF format alpha
>22	leshort&020000	&010000		sharable library,
>22	leshort&020000	^010000		dynamically linked,
>24	leshort		0410		pure
>24	leshort		0413		demand paged
>8	lelong		>0		executable or object module, not stripped
>8	lelong		0
>>12	lelong		0		executable or object module, stripped
>>12	lelong		>0		executable or object module, not stripped
>27     byte            >0              - version %d.
>26     byte            >0              %d-
>28     leshort         >0              %d
#
# The next is incomplete, we could tell more about this format,
# but its not worth it.
0	leshort		0x188	Alpha compressed COFF
0	leshort		0x18f	Alpha u-code object
#
#
# Some other interesting Digital formats,
0	string	\377\377\177		ddis/ddif
0	string	\377\377\174		ddis/dots archive
0	string	\377\377\176		ddis/dtif table data
0	string	\033c\033		LN03 output
0	long	04553207		X image
#
0	string	=!<PDF>!\n		profiling data file
#
# Locale data tables (MIPS and Alpha).
#
0	short		0x0501		locale data table
>6	short		0x24		for MIPS
>6	short		0x40		for Alpha
# ATSC A/53 aka AC-3 aka Dolby Digital <ashitaka@gmx.at>
# from http://www.atsc.org/standards/a_52a.pdf
# corrections, additions, etc. are always welcome!
#
# syncword
0       beshort         0x0b77  ATSC A/52 aka AC-3 aka Dolby Digital stream,
# fscod
>4      byte&0xc0       0x00    48 kHz,
>4      byte&0xc0       0x40    44.1 kHz,
>4      byte&0xc0       0x80    32 kHz,
# is this one used for 96 kHz?
>4      byte&0xc0       0xc0    reserved frequency,
#
>5	byte&7 = 0		\b, complete main (CM)
>5	byte&7 = 1		\b, music and effects (ME)
>5	byte&7 = 2		\b, visually impaired (VI)
>5	byte&7 = 3		\b, hearing impaired (HI)
>5	byte&7 = 4		\b, dialogue (D)
>5	byte&7 = 5		\b, commentary (C)
>5	byte&7 = 6		\b, emergency (E)
# acmod
>6      byte&0xe0       0x00    1+1 front,
>6      byte&0xe0       0x20    1 front/0 rear,
>6      byte&0xe0       0x40    2 front/0 rear,
>6      byte&0xe0       0x60    3 front/0 rear,
>6      byte&0xe0       0x80    2 front/1 rear,
>6      byte&0xe0       0xa0    3 front/1 rear,
>6      byte&0xe0       0xc0    2 front/2 rear,
>6      byte&0xe0       0xe0    3 front/2 rear,
# lfeon (these may be incorrect)
>7      byte&0x40       0x00    LFE off,
>7      byte&0x40       0x40    LFE on,
#
>4	byte&0x3e = 0x00	\b, 32 kbit/s
>4	byte&0x3e = 0x02        \b, 40 kbit/s
>4	byte&0x3e = 0x04        \b, 48 kbit/s
>4	byte&0x3e = 0x06        \b, 56 kbit/s
>4	byte&0x3e = 0x08        \b, 64 kbit/s
>4	byte&0x3e = 0x0a        \b, 80 kbit/s
>4	byte&0x3e = 0x0c        \b, 96 kbit/s
>4	byte&0x3e = 0x0e        \b, 112 kbit/s
>4	byte&0x3e = 0x10        \b, 128 kbit/s
>4	byte&0x3e = 0x12        \b, 160 kbit/s
>4	byte&0x3e = 0x14        \b, 192 kbit/s
>4	byte&0x3e = 0x16        \b, 224 kbit/s
>4	byte&0x3e = 0x18        \b, 256 kbit/s
>4	byte&0x3e = 0x1a        \b, 320 kbit/s
>4	byte&0x3e = 0x1c        \b, 384 kbit/s
>4	byte&0x3e = 0x1e        \b, 448 kbit/s
>4	byte&0x3e = 0x20        \b, 512 kbit/s
>4	byte&0x3e = 0x22        \b, 576 kbit/s
>4	byte&0x3e = 0x24        \b, 640 kbit/s
# dsurmod (these may be incorrect)
>6      beshort&0x0180  0x0000  Dolby Surround not indicated
>6      beshort&0x0180  0x0080  not Dolby Surround encoded
>6      beshort&0x0180  0x0100  Dolby Surround encoded
>6      beshort&0x0180  0x0180  reserved Dolby Surround mode

#------------------------------------------------------------------------------
# T602 editor documents 
# by David Necas <yeti@physics.muni.cz>
0	string	@CT\ 	T602 document data,
>4	string	0	Kamenicky
>4	string	1	CP 852
>4	string	2	KOI8-CS
>4	string	>2	unknown encoding

# Vi IMproved Encrypted file 
# by David Necas <yeti@physics.muni.cz>
0	string	VimCrypt~	Vim encrypted file data

#------------------------------------------------------------------------------
# linux:  file(1) magic for Linux files
#
# Values for Linux/i386 binaries, from Daniel Quinlan <quinlan@yggdrasil.com>
# The following basic Linux magic is useful for reference, but using
# "long" magic is a better practice in order to avoid collisions.
#
# 2	leshort		100		Linux/i386
# >0	leshort		0407		impure executable (OMAGIC)
# >0	leshort		0410		pure executable (NMAGIC)
# >0	leshort		0413		demand-paged executable (ZMAGIC)
# >0	leshort		0314		demand-paged executable (QMAGIC)
#
0	lelong		0x00640107	Linux/i386 impure executable (OMAGIC)
>16	lelong		0		\b, stripped
0	lelong		0x00640108	Linux/i386 pure executable (NMAGIC)
>16	lelong		0		\b, stripped
0	lelong		0x0064010b	Linux/i386 demand-paged executable (ZMAGIC)
>16	lelong		0		\b, stripped
0	lelong		0x006400cc	Linux/i386 demand-paged executable (QMAGIC)
>16	lelong		0		\b, stripped
#
0	string		\007\001\000	Linux/i386 object file
>20	lelong		>0x1020		\b, DLL library
# Linux-8086 stuff:
0	string		\01\03\020\04	Linux-8086 impure executable
>28	long		!0		not stripped
0	string		\01\03\040\04	Linux-8086 executable
>28	long		!0		not stripped
#
0	string		\243\206\001\0	Linux-8086 object file
#
0	string		\01\03\020\20	Minix-386 impure executable
>28	long		!0		not stripped
0	string		\01\03\040\20	Minix-386 executable
>28	long		!0		not stripped
# core dump file, from Bill Reynolds <bill@goshawk.lanl.gov>
216	lelong		0421		Linux/i386 core file
>220	string		>\0		of '%s'
>200	lelong		>0		(signal %d)
#
# LILO boot/chain loaders, from Daniel Quinlan <quinlan@yggdrasil.com>
# this can be overridden by the DOS executable (COM) entry
2	string		LILO		Linux/i386 LILO boot/chain loader
#
# PSF fonts, from H. Peter Anvin <hpa@yggdrasil.com>
0	leshort		0x0436		Linux/i386 PC Screen Font data,
>2	byte		0		256 characters, no directory,
>2	byte		1		512 characters, no directory,
>2	byte		2		256 characters, Unicode directory,
>2	byte		3		512 characters, Unicode directory,
>3	byte		>0		8x%d
# Linux swap file, from Daniel Quinlan <quinlan@yggdrasil.com>
4086	string		SWAP-SPACE	Linux/i386 swap file
# From: Jeff Bailey <jbailey@ubuntu.com>
# Linux swap file with swsusp1 image, from Jeff Bailey <jbailey@ubuntu.com>
4076	string		SWAPSPACE2S1SUSPEND	Linux/i386 swap file (new style) with SWSUSP1 image
# according to man page of mkswap (8) March 1999
4086	string		SWAPSPACE2	Linux/i386 swap file (new style)
>0x400	long		x		%d (4K pages)
>0x404	long		x		size %d pages
>>4086	string		SWAPSPACE2	
>>>1052	string		>\0		Label %s

65526   string          SWAPSPACE2      Linux/ppc swap file
16374   string          SWAPSPACE2      Linux/ia64 swap file

# ECOFF magic for OSF/1 and Linux (only tested under Linux though)
#
#	from Erik Troan (ewt@redhat.com) examining od dumps, so this
#		could be wrong
#      updated by David Mosberger (davidm@azstarnet.com) based on
#      GNU BFD and MIPS info found below.
#
0	leshort		0x0183		ECOFF alpha
>24	leshort		0407		executable
>24	leshort		0410		pure
>24	leshort		0413		demand paged
>8	long		>0		not stripped
>8	long		0		stripped
>23	leshort		>0		- version %ld.
#
# Linux kernel boot images, from Albert Cahalan <acahalan@cs.uml.edu>
# and others such as Axel Kohlmeyer <akohlmey@rincewind.chemie.uni-ulm.de>
# and Nicol�s Lichtmaier <nick@debian.org>
# All known start with: b8 c0 07 8e d8 b8 00 90 8e c0 b9 00 01 29 f6 29
# Linux kernel boot images (i386 arch) (Wolfram Kleff)
514	string		HdrS		Linux kernel
>510	leshort		0xAA55		x86 boot executable
>>518	leshort		>0x1ff
>>529	byte		0		zImage,
>>>529	byte		1		bzImage,
>>>(526.s+0x200) string	>\0		version %s,
>>498	leshort		1		RO-rootFS,
>>498	leshort		0		RW-rootFS,
>>508	leshort		>0		root_dev 0x%X,
>>502	leshort		>0		swap_dev 0x%X,
>>504	leshort		>0		RAMdisksize %u KB,
>>506	leshort		0xFFFF		Normal VGA
>>506	leshort		0xFFFE		Extended VGA
>>506	leshort		0xFFFD		Prompt for Videomode
>>506	leshort		>0		Video mode %d
# This also matches new kernels, which were caught above by "HdrS".
0		belong	0xb8c0078e	Linux kernel
>0x1e3		string	Loading		version 1.3.79 or older
>0x1e9		string	Loading		from prehistoric times

# System.map files - Nicol�s Lichtmaier <nick@debian.org>
8	string	\ A\ _text	Linux kernel symbol map text

# LSM entries - Nicol�s Lichtmaier <nick@debian.org>
0	string	Begin3	Linux Software Map entry text
0	string	Begin4	Linux Software Map entry text (new format)

# From Matt Zimmerman
0       belong  0x4f4f4f4d      User-mode Linux COW file
>4      belong  x               \b, version %d
>8      string  >\0             \b, backing file %s

############################################################################
# Linux kernel versions

0		string		\xb8\xc0\x07\x8e\xd8\xb8\x00\x90	Linux
>497		leshort		0		x86 boot sector
>>514		belong		0x8e	of a kernel from the dawn of time!
>>514		belong		0x908ed8b4	version 0.99-1.1.42
>>514		belong		0x908ed8b8	for memtest86

>497		leshort		!0		x86 kernel
>>504		leshort		>0		RAMdisksize=%u KB
>>502		leshort		>0		swap=0x%X
>>508		leshort		>0		root=0x%X
>>>498		leshort		1		\b-ro
>>>498		leshort		0		\b-rw
>>506		leshort		0xFFFF		vga=normal
>>506		leshort		0xFFFE		vga=extended
>>506		leshort		0xFFFD		vga=ask
>>506		leshort		>0		vga=%d
>>514		belong		0x908ed881	version 1.1.43-1.1.45
>>514		belong		0x15b281cd
>>>0xa8e	belong		0x55AA5a5a	version 1.1.46-1.2.13,1.3.0
>>>0xa99	belong		0x55AA5a5a	version 1.3.1,2
>>>0xaa3	belong		0x55AA5a5a	version 1.3.3-1.3.30
>>>0xaa6	belong		0x55AA5a5a	version 1.3.31-1.3.41
>>>0xb2b	belong		0x55AA5a5a	version 1.3.42-1.3.45
>>>0xaf7	belong		0x55AA5a5a	version 1.3.46-1.3.72
>>514		string		HdrS
>>>518		leshort		>0x1FF
>>>>529		byte		0		\b, zImage
>>>>529		byte		1		\b, bzImage
>>>>(526.s+0x200) string 	>\0		\b, version %s

# Linux boot sector thefts.
0		belong		0xb8c0078e	Linux
>0x1e6		belong		0x454c4b53	ELKS Kernel
>0x1e6		belong		!0x454c4b53	style boot sector

############################################################################
# Linux S390 executable
8 string \x02\x00\x00\x18\x60\x00\x00\x50\x02\x00\x00\x68\x60\x00\x00\x50\x40\x40\x40\x40\x40\x40\x40\x40 Linux kernel S390
>0x00010000 search/4096 \x00\x0a\x00\x00\x8b\xad\xcc\xcc
# 64bit
>>&0 string \xc1\x00\xef\xe3\xf0\x68\x00\x00 Z10 64bit kernel
>>&0 string \xc1\x00\xef\xc3\x00\x00\x00\x00 Z9-109 64bit kernel
>>&0 string \xc0\x00\x20\x00\x00\x00\x00\x00 Z990 64bit kernel
>>&0 string \x00\x00\x00\x00\x00\x00\x00\x00 Z900 64bit kernel
# 32bit
>>&0 string \x81\x00\xc8\x80\x00\x00\x00\x00 Z10 32bit kernel
>>&0 string \x81\x00\xc8\x80\x00\x00\x00\x00 Z9-109 32bit kernel
>>&0 string \x80\x00\x20\x00\x00\x00\x00\x00 Z990 32bit kernel
>>&0 string \x80\x00\x00\x00\x00\x00\x00\x00 Z900 32bit kernel

############################################################################
# Linux 8086 executable
0	lelong&0xFF0000FF 0xC30000E9	Linux-Dev86 executable, headerless
>5	string		.		
>>4	string		>\0		\b, libc version %s

0	lelong&0xFF00FFFF 0x4000301	Linux-8086 executable
>2	byte&0x01	!0		\b, unmapped zero page
>2	byte&0x20	0		\b, impure
>2	byte&0x20	!0
>>2	byte&0x10	!0		\b, A_EXEC
>2	byte&0x02	!0		\b, A_PAL
>2	byte&0x04	!0		\b, A_NSYM
>2	byte&0x08	!0		\b, A_STAND
>2	byte&0x40	!0		\b, A_PURE
>2	byte&0x80	!0		\b, A_TOVLY
>28     long            !0              \b, not stripped
>37	string		.		
>>36	string		>\0		\b, libc version %s

# 0	lelong&0xFF00FFFF 0x10000301	ld86 I80386 executable
# 0	lelong&0xFF00FFFF 0xB000301	ld86 M68K executable
# 0	lelong&0xFF00FFFF 0xC000301	ld86 NS16K executable
# 0	lelong&0xFF00FFFF 0x17000301	ld86 SPARC executable

# SYSLINUX boot logo files (from 'ppmtolss16' sources)
# http://syslinux.zytor.com/
#
0	lelong	=0x1413f33d		SYSLINUX' LSS16 image data
>4	leshort	x			\b, width %d
>6	leshort	x			\b, height %d

0	string	OOOM			User-Mode-Linux's Copy-On-Write disk image
>4	belong	x			version %d

# SE Linux policy database
# From: Mike Frysinger <vapier@gentoo.org>
0	lelong	0xf97cff8c		SE Linux policy
>16	lelong	x			v%d
>20	lelong	1			MLS
>24	lelong	x			%d symbols
>28	lelong	x			%d ocons

# Linux Logical Volume Manager (LVM) 
# Emmanuel VARAGNAT <emmanuel.varagnat@guzu.net>
#
# System ID, UUID and volume group name are 128 bytes long
# but they should never be full and initialized with zeros...
#
# LVM1
#
0x0	string	HM\001		LVM1 (Linux Logical Volume Manager), version 1
>0x12c	string	>\0		, System ID: %s

0x0	string	HM\002		LVM1 (Linux Logical Volume Manager), version 2
>0x12c	string	>\0		, System ID: %s

#  LVM2
#
# It seems that the label header can be in one the four first sector
# of the disk... (from _find_labeller in lib/label/label.c of LVM2)
#
# 0x200 seems to be the common case

0x218		 string	LVM2\ 001	LVM2 (Linux Logical Volume Manager)
# read the offset to add to the start of the header, and the header
# start in 0x200
>(0x214.l+0x200) string	>\0		, UUID: %s

0x018		 string	LVM2\ 001	LVM2 (Linux Logical Volume Manager)
>(0x014.l)	 string	>\0		, UUID: %s

0x418		 string	LVM2\ 001	LVM2 (Linux Logical Volume Manager)
>(0x414.l+0x400) string	>\0		, UUID: %s

0x618		 string	LVM2\ 001	LVM2 (Linux Logical Volume Manager)
>(0x614.l+0x600) string	>\0		, UUID: %s

#------------------------------------------------------------------------------
# elf:  file(1) magic for ELF executables
#
# We have to check the byte order flag to see what byte order all the
# other stuff in the header is in.
#
# What're the correct byte orders for the nCUBE and the Fujitsu VPP500?
#
# updated by Daniel Quinlan (quinlan@yggdrasil.com)
0	string		\177ELF		ELF
>4	byte		0		invalid class
>4	byte		1		32-bit
>4	byte		2		64-bit
>5	byte		0		invalid byte order
>5	byte		1		LSB
>>16	leshort		0		no file type,
>>16	leshort		1		relocatable,
>>16	leshort		2		executable,
>>16	leshort		3		shared object,
# Core handling from Peter Tobias <tobias@server.et-inf.fho-emden.de>
# corrections by Christian 'Dr. Disk' Hechelmann <drdisk@ds9.au.s.shuttle.de>
>>16	leshort		4		core file
# Core file detection is not reliable.
#>>>(0x38+0xcc) string	>\0		of '%s'
#>>>(0x38+0x10) lelong	>0		(signal %d),
>>16	leshort		&0xff00		processor-specific,
>>18	leshort		0		no machine,
>>18	leshort		1		AT&T WE32100 - invalid byte order,
>>18	leshort		2		SPARC - invalid byte order,
>>18	leshort		3		Intel 80386,
>>18	leshort		4		Motorola
>>>36	lelong		&0x01000000	68000 - invalid byte order,
>>>36	lelong		&0x00810000	CPU32 - invalid byte order,
>>>36	lelong		0		68020 - invalid byte order,
>>18	leshort		5		Motorola 88000 - invalid byte order,
>>18	leshort		6		Intel 80486,
>>18	leshort		7		Intel 80860,
# The official e_machine number for MIPS is now #8, regardless of endianness.
# The second number (#10) will be deprecated later. For now, we still
# say something if #10 is encountered, but only gory details for #8.
>>18	leshort		8		MIPS,
>>>36	lelong		&0x20		N32
>>18	leshort		10		MIPS,
>>>36	lelong		&0x20		N32
>>18	leshort		8
# only for 32-bit
>>>4	byte		1
>>>>36  lelong&0xf0000000	0x00000000	MIPS-I
>>>>36  lelong&0xf0000000	0x10000000	MIPS-II
>>>>36  lelong&0xf0000000	0x20000000	MIPS-III
>>>>36  lelong&0xf0000000	0x30000000	MIPS-IV
>>>>36  lelong&0xf0000000	0x40000000	MIPS-V
>>>>36  lelong&0xf0000000	0x60000000	MIPS32
>>>>36  lelong&0xf0000000	0x70000000	MIPS64
>>>>36  lelong&0xf0000000	0x80000000	MIPS32 rel2
>>>>36  lelong&0xf0000000	0x90000000	MIPS64 rel2
# only for 64-bit
>>>4	byte		2
>>>>48  lelong&0xf0000000	0x00000000	MIPS-I
>>>>48  lelong&0xf0000000	0x10000000	MIPS-II
>>>>48  lelong&0xf0000000	0x20000000	MIPS-III
>>>>48  lelong&0xf0000000	0x30000000	MIPS-IV
>>>>48  lelong&0xf0000000	0x40000000	MIPS-V
>>>>48  lelong&0xf0000000	0x60000000	MIPS32
>>>>48  lelong&0xf0000000	0x70000000	MIPS64 
>>>>48  lelong&0xf0000000	0x80000000	MIPS32 rel2
>>>>48  lelong&0xf0000000	0x90000000	MIPS64 rel2
>>18	leshort		9		Amdahl - invalid byte order,
>>18	leshort		10		MIPS (deprecated),
>>18	leshort		11		RS6000 - invalid byte order,
>>18	leshort		15		PA-RISC - invalid byte order,
>>>50	leshort		0x0214		2.0
>>>48	leshort		&0x0008		(LP64),
>>18	leshort		16		nCUBE,
>>18	leshort		17		Fujitsu VPP500,
>>18	leshort		18		SPARC32PLUS,
>>18	leshort		20		PowerPC,
>>18	leshort		22		IBM S/390,
>>18	leshort		36		NEC V800,
>>18	leshort		37		Fujitsu FR20,
>>18	leshort		38		TRW RH-32,
>>18	leshort		39		Motorola RCE,
>>18	leshort		40		ARM,
>>18	leshort		41		Alpha,
>>18	leshort		0xa390		IBM S/390 (obsolete),
>>18	leshort		42		Hitachi SH,
>>18	leshort		43		SPARC V9 - invalid byte order,
>>18	leshort		44		Siemens Tricore Embedded Processor,
>>18	leshort		45		Argonaut RISC Core, Argonaut Technologies Inc.,
>>18	leshort		46		Hitachi H8/300,
>>18	leshort		47		Hitachi H8/300H,
>>18	leshort		48		Hitachi H8S,
>>18	leshort		49		Hitachi H8/500,
>>18	leshort		50		IA-64,
>>18	leshort		51		Stanford MIPS-X,
>>18	leshort		52		Motorola Coldfire,
>>18	leshort		53		Motorola M68HC12,
>>18	leshort		62		AMD x86-64,
>>18	leshort		75		Digital VAX,
>>18	leshort		88		Renesas M32R,
>>18	leshort		97		NatSemi 32k,
>>18	leshort		0x9026		Alpha (unofficial),
>>20	lelong		0		invalid version
>>20	lelong		1		version 1
>>36	lelong		1		MathCoPro/FPU/MAU Required
>5	byte		2		MSB
>>16	beshort		0		no file type,
>>16	beshort		1		relocatable,
>>16	beshort		2		executable,
>>16	beshort		3		shared object,
>>16	beshort		4		core file,
#>>>(0x38+0xcc) string	>\0		of '%s'
#>>>(0x38+0x10) belong	>0		(signal %d),
>>16	beshort		&0xff00		processor-specific,
>>18	beshort		0		no machine,
>>18	beshort		1		AT&T WE32100,
>>18	beshort		2		SPARC,
>>18	beshort		3		Intel 80386 - invalid byte order,
>>18	beshort		4		Motorola
>>>36	belong		&0x01000000	68000,
>>>36	belong		&0x00810000	CPU32,
>>>36	belong		0		68020,
>>18	beshort		5		Motorola 88000,
>>18	beshort		6		Intel 80486 - invalid byte order,
>>18	beshort		7		Intel 80860,
# only for MIPS - see comment in little-endian section above.
>>18	beshort		8		MIPS,
>>>36	belong		&0x20		N32
>>18	beshort		10		MIPS,
>>>36	belong		&0x20		N32
>>18	beshort		8
# only for 32-bit
>>>4	byte		1
>>>>36  belong&0xf0000000	0x00000000	MIPS-I
>>>>36  belong&0xf0000000	0x10000000	MIPS-II
>>>>36  belong&0xf0000000	0x20000000	MIPS-III
>>>>36  belong&0xf0000000	0x30000000	MIPS-IV
>>>>36  belong&0xf0000000	0x40000000	MIPS-V
>>>>36  belong&0xf0000000	0x60000000	MIPS32
>>>>36  belong&0xf0000000	0x70000000	MIPS64
>>>>36  belong&0xf0000000	0x80000000	MIPS32 rel2
>>>>36  belong&0xf0000000	0x90000000	MIPS64 rel2
# only for 64-bit
>>>4	byte		2
>>>>48	belong&0xf0000000	0x00000000	MIPS-I
>>>>48	belong&0xf0000000	0x10000000	MIPS-II
>>>>48	belong&0xf0000000	0x20000000	MIPS-III
>>>>48	belong&0xf0000000	0x30000000	MIPS-IV
>>>>48	belong&0xf0000000	0x40000000	MIPS-V
>>>>48	belong&0xf0000000	0x60000000	MIPS32
>>>>48	belong&0xf0000000	0x70000000	MIPS64 
>>>>48	belong&0xf0000000	0x80000000	MIPS32 rel2
>>>>48	belong&0xf0000000	0x90000000	MIPS64 rel2
>>18	beshort		9		Amdahl,
>>18	beshort		10		MIPS (deprecated),
>>18	beshort		11		RS6000,
>>18	beshort		15		PA-RISC
>>>50	beshort		0x0214		2.0
>>>48	beshort		&0x0008		(LP64)
>>18	beshort		16		nCUBE,
>>18	beshort		17		Fujitsu VPP500,
>>18	beshort		18		SPARC32PLUS,
>>>36	belong&0xffff00	&0x000100	V8+ Required,
>>>36	belong&0xffff00	&0x000200	Sun UltraSPARC1 Extensions Required,
>>>36	belong&0xffff00	&0x000400	HaL R1 Extensions Required,
>>>36	belong&0xffff00	&0x000800	Sun UltraSPARC3 Extensions Required,
>>18	beshort		20		PowerPC or cisco 4500,
>>18	beshort		21		cisco 7500,
>>18	beshort		22		IBM S/390,
>>18	beshort		24		cisco SVIP,
>>18	beshort		25		cisco 7200,
>>18	beshort		36		NEC V800 or cisco 12000,
>>18	beshort		37		Fujitsu FR20,
>>18	beshort		38		TRW RH-32,
>>18	beshort		39		Motorola RCE,
>>18	beshort		40		ARM,
>>18	beshort		41		Alpha,
>>18	beshort		42		Hitachi SH,
>>18	beshort		43		SPARC V9,
>>18	beshort		44		Siemens Tricore Embedded Processor,
>>18	beshort		45		Argonaut RISC Core, Argonaut Technologies Inc.,
>>18	beshort		46		Hitachi H8/300,
>>18	beshort		47		Hitachi H8/300H,
>>18	beshort		48		Hitachi H8S,
>>18	beshort		49		Hitachi H8/500,
>>18	beshort		50		IA-64,
>>18	beshort		51		Stanford MIPS-X,
>>18	beshort		52		Motorola Coldfire,
>>18	beshort		53		Motorola M68HC12,
>>18	beshort		73		Cray NV1,
>>18	beshort		75		Digital VAX,
>>18	beshort		88		Renesas M32R,
>>18	beshort		97		NatSemi 32k,
>>18	beshort		0x9026		Alpha (unofficial),
>>18	beshort		0xa390		IBM S/390 (obsolete),
>>20	belong		0		invalid version
>>20	belong		1		version 1
>>36	belong		1		MathCoPro/FPU/MAU Required
# Up to now only 0, 1 and 2 are defined; I've seen a file with 0x83, it seemed
# like proper ELF, but extracting the string had bad results.
>4      byte            <0x80
>>8	string		>\0		(%s)
>8	string		\0
>>7	byte		0		(SYSV)
>>7	byte		1		(HP-UX)
>>7	byte		2		(NetBSD)
>>7	byte		3		(GNU/Linux)
>>7	byte		4		(GNU/Hurd)
>>7	byte		5		(86Open)
>>7	byte		6		(Solaris)
>>7	byte		7		(Monterey)
>>7	byte		8		(IRIX)
>>7	byte		9		(FreeBSD)
>>7	byte		10		(Tru64)
>>7	byte		11		(Novell Modesto)
>>7	byte		12		(OpenBSD)
>>7	byte		97		(ARM)
>>7	byte		255		(embedded)

#------------------------------------------------------------------------------
# dump:  file(1) magic for dump file format--for new and old dump filesystems
#
# We specify both byte orders in order to recognize byte-swapped dumps.
#
24	belong	60012		new-fs dump file (big endian),
>4	bedate	x		Previous dump %s,
>8	bedate	x		This dump %s,
>12	belong	>0		Volume %ld,
>692	belong	0		Level zero, type:
>692	belong	>0		Level %d, type:
>0	belong	1		tape header,
>0	belong	2		beginning of file record,
>0	belong	3		map of inodes on tape,
>0	belong	4		continuation of file record,
>0	belong	5		end of volume,
>0	belong	6		map of inodes deleted,
>0	belong	7		end of medium (for floppy),
>676	string	>\0		Label %s,
>696	string	>\0		Filesystem %s,
>760	string	>\0		Device %s,
>824	string	>\0		Host %s,
>888	belong	>0		Flags %x

24	belong	60011		old-fs dump file (big endian),
#>4	bedate	x		Previous dump %s,
#>8	bedate	x		This dump %s,
>12	belong	>0		Volume %ld,
>692	belong	0		Level zero, type:
>692	belong	>0		Level %d, type:
>0	belong	1		tape header,
>0	belong	2		beginning of file record,
>0	belong	3		map of inodes on tape,
>0	belong	4		continuation of file record,
>0	belong	5		end of volume,
>0	belong	6		map of inodes deleted,
>0	belong	7		end of medium (for floppy),
>676	string	>\0		Label %s,
>696	string	>\0		Filesystem %s,
>760	string	>\0		Device %s,
>824	string	>\0		Host %s,
>888	belong	>0		Flags %x

24	lelong	60012		new-fs dump file (little endian),
>4	ledate	x		This dump %s,
>8	ledate	x		Previous dump %s,
>12	lelong	>0		Volume %ld,
>692	lelong	0		Level zero, type:
>692	lelong	>0		Level %d, type:
>0	lelong	1		tape header,
>0	lelong	2		beginning of file record,
>0	lelong	3		map of inodes on tape,
>0	lelong	4		continuation of file record,
>0	lelong	5		end of volume,
>0	lelong	6		map of inodes deleted,
>0	lelong	7		end of medium (for floppy),
>676	string	>\0		Label %s,
>696	string	>\0		Filesystem %s,
>760	string	>\0		Device %s,
>824	string	>\0		Host %s,
>888	lelong	>0		Flags %x

24	lelong	60011		old-fs dump file (little endian),
#>4	ledate	x		Previous dump %s,
#>8	ledate	x		This dump %s,
>12	lelong	>0		Volume %ld,
>692	lelong	0		Level zero, type:
>692	lelong	>0		Level %d, type:
>0	lelong	1		tape header,
>0	lelong	2		beginning of file record,
>0	lelong	3		map of inodes on tape,
>0	lelong	4		continuation of file record,
>0	lelong	5		end of volume,
>0	lelong	6		map of inodes deleted,
>0	lelong	7		end of medium (for floppy),
>676	string	>\0		Label %s,
>696	string	>\0		Filesystem %s,
>760	string	>\0		Device %s,
>824	string	>\0		Host %s,
>888	lelong	>0		Flags %x

18	leshort	60011		old-fs dump file (16-bit, assuming PDP-11 endianness),
>2	medate	x		Previous dump %s,
>6	medate	x		This dump %s,
>10	leshort	>0		Volume %ld,
>0	leshort	1		tape header.
>0	leshort	2		beginning of file record.
>0	leshort	3		map of inodes on tape.
>0	leshort	4		continuation of file record.
>0	leshort	5		end of volume.
>0	leshort	6		map of inodes deleted.
>0	leshort	7		end of medium (for floppy).

#------------------------------------------------------------------------------
# encore:  file(1) magic for Encore machines
#
# XXX - needs to have the byte order specified (NS32K was little-endian,
# dunno whether they run the 88K in little-endian mode or not).
#
0	short		0x154		Encore
>20	short		0x107		executable
>20	short		0x108		pure executable
>20	short		0x10b		demand-paged executable
>20	short		0x10f		unsupported executable
>12	long		>0		not stripped
>22	short		>0		- version %ld
>22	short		0		-
#>4	date		x		stamp %s
0	short		0x155		Encore unsupported executable
>12	long		>0		not stripped
>22	short		>0		- version %ld
>22	short		0		-
#>4	date		x		stamp %s

#------------------------------------------------------------------------------
# Epoc 32 : file(1) magic for Epoc Documents [psion/osaris
# Stefan Praszalowicz (hpicollo@worldnet.fr)
#0	lelong		0x10000037	Epoc32
>4	lelong		0x1000006D
>>8	lelong		0x1000007F	Word
>>8	lelong		0x10000088	Sheet
>>8	lelong		0x1000007D	Sketch
>>8	lelong		0x10000085	TextEd

#------------------------------------------------------------------------------
# ESRI Shapefile format (.shp .shx .dbf=DBaseIII)
# Based on info from
# <URL:http://www.esri.com/library/whitepapers/pdfs/shapefile.pdf>
0	belong	9994	ESRI Shapefile
>4	belong	=0
>8	belong	=0
>12	belong	=0
>16	belong	=0
>20	belong	=0
>28	lelong	x	version %d
>24	belong	x	length %d
>32	lelong	=0	type Null Shape
>32	lelong	=1	type Point
>32	lelong	=3	type PolyLine
>32	lelong	=5	type Polygon
>32	lelong	=8	type MultiPoint
>32	lelong	=11	type PointZ
>32	lelong	=13	type PolyLineZ
>32	lelong	=15	type PolygonZ
>32	lelong	=18	type MultiPointZ
>32	lelong	=21	type PointM
>32	lelong	=23	type PolyLineM
>32	lelong	=25	type PolygonM
>32	lelong	=28	type MultiPointM
>32	lelong	=31	type MultiPatch

#------------------------------------------------------------------------------
# fcs: file(1) magic for FCS (Flow Cytometry Standard) data files
# From Roger Leigh <roger@whinlatter.uklinux.net>
0       string          FCS1.0          Flow Cytometry Standard (FCS) data, version 1.0
0       string          FCS2.0          Flow Cytometry Standard (FCS) data, version 2.0
0       string          FCS3.0          Flow Cytometry Standard (FCS) data, version 3.0

#------------------------------------------------------------------------------
# JPEG images
# SunOS 5.5.1 had
#
#	0	string		\377\330\377\340	JPEG file
#	0	string		\377\330\377\356	JPG file
#
# both of which turn into "JPEG image data" here.
#
0	beshort		0xffd8		JPEG image data
>6	string		JFIF		\b, JFIF standard
# The following added by Erik Rossen <rossen@freesurf.ch> 1999-09-06
# in a vain attempt to add image size reporting for JFIF.  Note that these
# tests are not fool-proof since some perfectly valid JPEGs are currently
# impossible to specify in magic(4) format.
# First, a little JFIF version info:
>>11	byte		x		\b %d.
>>12	byte		x		\b%02d
# Next, the resolution or aspect ratio of the image:
#>>13	byte		0		\b, aspect ratio
#>>13	byte		1		\b, resolution (DPI)
#>>13	byte		2		\b, resolution (DPCM)
#>>4	beshort		x		\b, segment length %d
# Next, show thumbnail info, if it exists:
>>18	byte		!0		\b, thumbnail %dx
>>>19	byte		x		\b%d

# EXIF moved down here to avoid reporting a bogus version number,
# and EXIF version number printing added.
#   - Patrik R=E5dman <patrik+file-magic@iki.fi>
>6	string		Exif		\b, EXIF standard
# Look for EXIF IFD offset in IFD 0, and then look for EXIF version tag in EXIF IFD.
# All possible combinations of entries have to be enumerated, since no looping
# is possible. And both endians are possible...
# The combinations included below are from real-world JPEGs.
# Little-endian
>>12	string		II		
# IFD 0 Entry #5:
>>>70	leshort		0x8769          
# EXIF IFD Entry #1:
>>>>(78.l+14)	leshort	0x9000		
>>>>>(78.l+23)	byte	x		%c
>>>>>(78.l+24)	byte	x		\b.%c
>>>>>(78.l+25)	byte	!0x30		\b%c
# IFD 0 Entry #9:
>>>118	leshort		0x8769          
# EXIF IFD Entry #3:
>>>>(126.l+38)	leshort	0x9000		
>>>>>(126.l+47)	byte	x		%c
>>>>>(126.l+48)	byte	x		\b.%c
>>>>>(126.l+49)	byte	!0x30		\b%c
# IFD 0 Entry #10
>>>130	leshort		0x8769          
# EXIF IFD Entry #3:
>>>>(138.l+38)	leshort	0x9000		
>>>>>(138.l+47)	byte	x		%c
>>>>>(138.l+48)	byte	x		\b.%c
>>>>>(138.l+49)	byte	!0x30		\b%c
# EXIF IFD Entry #4:
>>>>(138.l+50)	leshort	0x9000		
>>>>>(138.l+59)	byte	x		%c
>>>>>(138.l+60)	byte	x		\b.%c
>>>>>(138.l+61)	byte	!0x30		\b%c
# EXIF IFD Entry #5:
>>>>(138.l+62)	leshort	0x9000		
>>>>>(138.l+71)	byte	x		%c
>>>>>(138.l+72)	byte	x		\b.%c
>>>>>(138.l+73)	byte	!0x30		\b%c
# IFD 0 Entry #11
>>>142	leshort		0x8769          
# EXIF IFD Entry #3:
>>>>(150.l+38)	leshort	0x9000		
>>>>>(150.l+47)	byte	x		%c
>>>>>(150.l+48)	byte	x		\b.%c
>>>>>(150.l+49)	byte	!0x30		\b%c
# EXIF IFD Entry #4:
>>>>(150.l+50)	leshort	0x9000		
>>>>>(150.l+59)	byte	x		%c
>>>>>(150.l+60)	byte	x		\b.%c
>>>>>(150.l+61)	byte	!0x30		\b%c
# EXIF IFD Entry #5:
>>>>(150.l+62)	leshort	0x9000		
>>>>>(150.l+71)	byte	x		%c
>>>>>(150.l+72)	byte	x		\b.%c
>>>>>(150.l+73)	byte	!0x30		\b%c
# Big-endian
>>12	string		MM		
# IFD 0 Entry #9:
>>>118	beshort		0x8769          
# EXIF IFD Entry #1:
>>>>(126.L+14)	beshort	0x9000		
>>>>>(126.L+23)	byte	x		%c
>>>>>(126.L+24)	byte	x		\b.%c
>>>>>(126.L+25)	byte	!0x30		\b%c
# EXIF IFD Entry #3:
>>>>(126.L+38)	beshort	0x9000		
>>>>>(126.L+47)	byte	x		%c
>>>>>(126.L+48)	byte	x		\b.%c
>>>>>(126.L+49)	byte	!0x30		\b%c
# IFD 0 Entry #10
>>>130	beshort		0x8769          
# EXIF IFD Entry #3:
>>>>(138.L+38)	beshort	0x9000		
>>>>>(138.L+47)	byte	x		%c
>>>>>(138.L+48)	byte	x		\b.%c
>>>>>(138.L+49)	byte	!0x30		\b%c
# EXIF IFD Entry #5:
>>>>(138.L+62)	beshort	0x9000		
>>>>>(138.L+71)	byte	x		%c
>>>>>(138.L+72)	byte	x		\b.%c
>>>>>(138.L+73)	byte	!0x30		\b%c
# IFD 0 Entry #11
>>>142	beshort		0x8769          
# EXIF IFD Entry #4:
>>>>(150.L+50)	beshort	0x9000		
>>>>>(150.L+59)	byte	x		%c
>>>>>(150.L+60)	byte	x		\b.%c
>>>>>(150.L+61)	byte	!0x30		\b%c
# Here things get sticky.  We can do ONE MORE marker segment with
# indirect addressing, and that's all.  It would be great if we could
# do pointer arithemetic like in an assembler language.  Christos?
# And if there was some sort of looping construct to do searches, plus a few
# named accumulators, it would be even more effective...
# At least we can show a comment if no other segments got inserted before:
>(4.S+5)	byte		0xFE
>>(4.S+8)	string		>\0		\b, comment: "%s"
#>(4.S+5)	byte		0xFE		\b, comment
#>>(4.S+6)	beshort		x		\b length=%d
#>>(4.S+8)	string		>\0		\b, "%s"
# Or, we can show the encoding type (I've included only the three most common)
# and image dimensions if we are lucky and the SOFn (image segment) is here:
>(4.S+5)	byte		0xC0		\b, baseline
>>(4.S+6)	byte		x		\b, precision %d
>>(4.S+7)	beshort		x		\b, %dx
>>(4.S+9)	beshort		x		\b%d
>(4.S+5)	byte		0xC1		\b, extended sequential
>>(4.S+6)	byte		x		\b, precision %d
>>(4.S+7)	beshort		x		\b, %dx
>>(4.S+9)	beshort		x		\b%d
>(4.S+5)	byte		0xC2		\b, progressive
>>(4.S+6)	byte		x		\b, precision %d
>>(4.S+7)	beshort		x		\b, %dx
>>(4.S+9)	beshort		x		\b%d
# I've commented-out quantisation table reporting.  I doubt anyone cares yet.
#>(4.S+5)	byte		0xDB		\b, quantisation table
#>>(4.S+6)	beshort		x		\b length=%d
#>14	beshort		x		\b, %d x
#>16	beshort		x		\b %d

# HSI is Handmade Software's proprietary JPEG encoding scheme
0	string		hsi1		JPEG image data, HSI proprietary

# From: David Santinoli <david@santinoli.com>
0	string		\x00\x00\x00\x0C\x6A\x50\x20\x20\x0D\x0A\x87\x0A	JPEG 2000 image data

#------------------------------------------------------------------------------
# filesystems:  file(1) magic for different filesystems
#
0	string	\366\366\366\366	PC formatted floppy with no filesystem
# Sun disk labels
# From /usr/include/sun/dklabel.h:
0774	beshort		0xdabe		Sun disk label
>0	string		x		'%s
>>31  	string		>\0		\b%s
>>>63  	string		>\0		\b%s
>>>>95 	string		>\0		\b%s
>0	string		x		\b'
>0734	short		>0		%d rpm,
>0736	short		>0		%d phys cys,
>0740	short		>0		%d alts/cyl,
>0746	short		>0		%d interleave,
>0750	short		>0		%d data cyls,
>0752	short		>0		%d alt cyls,
>0754	short		>0		%d heads/partition,
>0756	short		>0		%d sectors/track,
>0764	long		>0		start cyl %ld,
>0770	long		x		%ld blocks
# Is there a boot block written 1 sector in?
>512    belong&077777777	0600407	\b, boot block present
# Joerg Jenderek: Smart Boot Manager backup file is 41 byte header + first sectors of disc
# (http://btmgr.sourceforge.net/docs/user-guide-3.html)
0		string	SBMBAKUP_	Smart Boot Manager backup file
>9		string	x		\b, version %-5.5s
>>14		string	=_		
>>>15		string	x		%-.1s
>>>>16		string	=_		\b.
>>>>>17		string	x		\b%-.1s
>>>>>>18	string	=_		\b.
>>>>>>>19	string	x		\b%-.1s
>>>22		ubyte	0		
>>>>21		ubyte	x		\b, from drive 0x%x
>>>22		ubyte	>0		
>>>>21		string	x		\b, from drive %s

# Joerg Jenderek
# DOS Emulator image is 128 byte, null right padded header + harddisc image
0	string	DOSEMU\0			
>0x27E	leshort	0xAA55			
#offset is 128
>>19	ubyte	128			
>>>(19.b-1)	ubyte	0x0	DOS Emulator image
>>>>7	ulelong	>0		\b, %u heads
>>>>11	ulelong	>0		\b, %d sectors/track
>>>>15	ulelong	>0		\b, %d cylinders

0x1FE	leshort	0xAA55			x86 boot sector
>2	string	OSBS			\b, OS/BS MBR
# J\xf6rg Jenderek <joerg dot jenderek at web dot de>
>0x8C	string	Invalid\ partition\ table	\b, MS-DOS MBR
# dr-dos with some upper-, lowercase variants
>0x9D	string	Invalid\ partition\ table$	
>>181	string	No\ Operating\ System$		
>>>201	string	Operating\ System\ load\ error$	\b, DR-DOS MBR, Version 7.01 to 7.03
>0x9D	string	Invalid\ partition\ table$	
>>181	string	No\ operating\ system$		
>>>201	string	Operating\ system\ load\ error$	\b, DR-DOS MBR, Version 7.01 to 7.03
>342	string	Invalid\ partition\ table$	
>>366	string	No\ operating\ system$		
>>>386	string	Operating\ system\ load\ error$	\b, DR-DOS MBR, version 7.01 to 7.03
>295	string	NEWLDR\0				
>>302	string	Bad\ PT\ $				
>>>310	string	No\ OS\ $				
>>>>317	string	OS\ load\ err$				
>>>>>329	string	Moved\ or\ missing\ IBMBIO.LDR\n\r	
>>>>>>358	string	Press\ any\ key\ to\ continue.\n\r$	
>>>>>>>387	string	Copyright\ (c)\ 1984,1998	
>>>>>>>>411	string	Caldera\ Inc.\0		\b, DR-DOS MBR (IBMBIO.LDR)
>0x10F	string	Ung\201ltige\ Partitionstabelle	\b, MS-DOS MBR, german version 4.10.1998, 4.10.2222
>>0x1B8	ubelong	>0				\b, Serial 0x%-.4x
>0x8B	string	Ung\201ltige\ Partitionstabelle	\b, MS-DOS MBR, german version 5.00 to 4.00.950
>271	string	Invalid\ partition\ table\0		
>>295	string	Error\ loading\ operating\ system\0	
>>>326	string	Missing\ operating\ system\0		\b, mbr
#
>139	string	Invalid\ partition\ table\0		
>>163	string	Error\ loading\ operating\ system\0	
>>>194	string	Missing\ operating\ system\0		\b, Microsoft Windows XP mbr
# http://www.heise.de/ct/05/09/006/ page 184
#HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices\DosDevices\?:=Serial4Bytes+8Bytes
>>>>0x1B8	ulelong	>0				\b,Serial 0x%-.4x
>300	string	Invalid\ partition\ table\0	
>>324	string	Error\ loading\ operating\ system\0
>>>355	string	Missing\ operating\ system\0		\b, Microsoft Windows XP MBR
#??>>>389	string	Invalid\ system\ disk		
>>>>0x1B8	ulelong	>0				\b, Serial 0x%-.4x
>300	string	Ung\201ltige\ Partitionstabelle
#split string to avoid error: String too long
>>328	string	Fehler\ beim\ Laden\ 	
>>>346	string	des\ Betriebssystems	
>>>>366	string	Betriebssystem\ nicht\ vorhanden	\b, Microsoft Windows XP MBR (german)
>>>>>0x1B8	ulelong	>0				\b, Serial 0x%-.4x
>0x145	string	Default:\ F				\b, FREE-DOS MBR
>64	string	no\ active\ partition\ found	
>>96	string	read\ error\ while\ reading\ drive	\b, FREE-DOS Beta 0.9 MBR
>271	string	Operating\ system\ loading 		
>>296	string	error\r					\b, SYSLINUX MBR (2.10)
# bootloader, bootmanager
>43	string	SMART\ BTMGRFAT12\ \ \ 		
>>430	string	SBMK\ Bad!\r			
>>>3	string	SBM				\b, Smart Boot Manager
>>>>6	string	>\0                             \b, version %s
>382	string	XOSLLOADXCF			\b, eXtended Operating System Loader
>6	string	LILO				\b, LInux i386 boot LOader
>>120	string	LILO				\b, version 22.3.4 SuSe
>>172	string	LILO				\b, version 22.5.8 Debian
>402	string	Geom\0Hard\ Disk\0Read\0\ Error\0
>>394	string	stage1				\b, GRand Unified Bootloader (0.5.95)
>343	string	Geom\0Read\0\ Error\0		
>>321	string	Loading\ stage1.5		\b, Grand Unified Bootloader
>380	string	Geom\0Hard\ Disk\0Read\0\ Error\0
>>374	string	GRUB\ \0			\b, GRand Unified Bootloader
>382	string	Geom\0Hard\ Disk\0Read\0\ Error\0
>>376	string	GRUB\ \0			\b, GRand Unified Bootloader (0.93)
>383	string	Geom\0Hard\ Disk\0Read\0\ Error\0
>>377	string	GRUB\ \0			\b, GRand Unified Bootloader (0.94)
>385	string	Geom\0Hard\ Disk\0Read\0\ Error\0
>>379	string	GRUB\ \0			\b, GRand Unified Bootloader (0.95)
>480	string	Boot\ failed\r			
>>495	string	LDLINUX\ SYS			\b, SYSLINUX bootloader (2.06)
>395	string	chksum\0\ ERROR!\0		\b, Gujin bootloader
# mbr partion table entries, if not fat boot secor, activ flag 0 or 0x80 and type > 0
>3			string		!MS	
>>3			string		!SYSLINUX
>>>82			string		!FAT32	
>>>>446			ubyte		<0x81	
>>>>>446		ubyte&0x7F	0	
>>>>>>450		ubyte		>0	\b; partition 1: ID=0x%x
>>>>>>>446		ubyte		0x80	\b, active
>>>>>>>447		ubyte		x	\b, starthead %u
#>>>>>>>448		ubyte		x	\b, start C_S: 0x%x
#>>>>>>448		ubeshort&1023	x	\b, startcylinder? %d
>>>>>>>454		ulelong		x	\b, startsector %u
>>>>>>>458		ulelong		x	\b, %u sectors
#
>>>>462			ubyte		<0x81	
>>>>>462		ubyte&0x7F	0		
>>>>>>466		ubyte		>0	\b; partition 2: ID=0x%x
>>>>>>>462		ubyte		0x80	\b, active
>>>>>>>463		ubyte		x	\b, starthead %u
#>>>>>>>464		ubyte		x	\b, start C_S: 0x%x
#>>>>>>>464		ubeshort&1023	x	\b, startcylinder? %d
>>>>>>>470		ulelong		x	\b, startsector %u
>>>>>>>474		ulelong		x	\b, %u sectors
#
>>>>478			ubyte		<0x81		
>>>>>478		ubyte&0x7F	0		
>>>>>>482		ubyte		>0	\b; partition 3: ID=0x%x
>>>>>>>478		ubyte		0x80	\b, active
>>>>>>>479		ubyte		x	\b, starthead %u
#>>>>>>>480		ubyte		x	\b, start C_S: 0x%x
#>>>>>>>481		ubyte		x	\b, start C2S: 0x%x
#>>>>>>>480		ubeshort&1023	x	\b, startcylinder? %d
>>>>>>>486		ulelong		x	\b, startsector %u
>>>>>>>490		ulelong		x	\b, %u sectors
#
>>>>494			ubyte		<0x81	
>>>>>494		ubyte&0x7F	0		
>>>>>>498		ubyte		>0	\b; partition 4: ID=0x%x
>>>>>>>494		ubyte		0x80	\b, active
>>>>>>>495		ubyte		x	\b, starthead %u
#>>>>>>>496		ubyte		x	\b, start C_S: 0x%x
#>>>>>>>496		ubeshort&1023	x	\b, startcylinder? %d
>>>>>>>502		ulelong		x	\b, startsector %u
>>>>>>>506		ulelong		x	\b, %u sectors
# mbr partion table entries end
>185	string	FDBOOT\ Version\ 			
>>204	string	\rNo\ Systemdisk.\ 			
>>>220	string	Booting\ from\ harddisk.\n\r		
>>>245	string	Cannot\ load\ from\ harddisk.\n\r	
>>>>273 string	Insert\ Systemdisk\ 			
>>>>>291 string and\ press\ any\ key.\n\r		\b, FDBOOT harddisk Bootloader
>>>>>>200 string	>\0                             \b, version %-3s
>242	string	Bootsector\ from\ C.H.\ Hochst\204	
>>278	string	No\ Systemdisk.\ 			
>>>293	string	Booting\ from\ harddisk.\n\r		
>>>441	string	Cannot\ load\ from\ harddisk.\n\r	
>>>>469 string	Insert\ Systemdisk\ 			
>>>>>487 string and\ press\ any\ key.\n\r		\b, WinImage harddisk Bootloader
>>>>>>209 string	>\0                             \b, version %-4.4s
>(1.b+2)	ubyte		0xe			
>>(1.b+3)	ubyte		0x1f			
>>>(1.b+4)	ubyte		0xbe			
>>>>(1.b+5)	ubyte		0x77			
>>>>(1.b+6)	ubyte		0x7c			
>>>>>(1.b+7)	ubyte		0xac			
>>>>>>(1.b+8)	ubyte		0x22			
>>>>>>>(1.b+9)	ubyte		0xc0			
>>>>>>>>(1.b+10)	ubyte	0x74			
>>>>>>>>>(1.b+11)	ubyte	0xb			
>>>>>>>>>>(1.b+12)	ubyte	0x56			
>>>>>>>>>>(1.b+13)	ubyte	0xb4			\b, mkdosfs boot message display
>103	string	This\ is\ not\ a\ bootable\ disk.\ 	
>>132	string	Please\ insert\ a\ bootable\ 		
>>>157	string	floppy\ and\r\n				
>>>>169	string	press\ any\ key\ to\ try\ again...\r	\b, FREE-DOS message display
#
>66	string	Solaris\ Boot\ Sector    		
>>99	string	Incomplete\ MDBoot\ load.		
>>>89	string	Version 				\b, Sun Solaris Bootloader
>>>>97	byte	x					version %c
#
>408	string	OS/2\ !!\ SYS01475\r\0			
>>429	string	OS/2\ !!\ SYS02025\r\0			
>>>450	string	OS/2\ !!\ SYS02027\r\0			
>>>469	string	OS2BOOT\ \ \ \ 				\b, IBM OS/2 Warp bootloader
#
>409	string	OS/2\ !!\ SYS01475\r\0			
>>430	string	OS/2\ !!\ SYS02025\r\0			
>>>451	string	OS/2\ !!\ SYS02027\r\0			
>>>470	string	OS2BOOT\ \ \ \ 				\b, IBM OS/2 Warp Bootloader
>112		string	This\ disk\ is\ not\ bootable\r			
>>142		string	If\ you\ wish\ to\ make\ it\ bootable		
>>>176		string	run\ the\ DOS\ program\ SYS\  			
>>>200		string	after\ the\r					
>>>>216		string	system\ has\ been\ loaded\r\n			
>>>>>242	string	Please\ insert\ a\ DOS\ diskette\ 		
>>>>>271	string	into\r\n\ the\ drive\ and\ 			
>>>>>>292	string	strike\ any\ key...\0		\b, IBM OS/2 Warp message display
# XP
>430	string	NTLDR\ is\ missing\xFF\r\n		
>>449	string	Disk\ error\xFF\r\n			
>>>462	string	Press\ any\ key\ to\ restart\r		\b, Microsoft Windows XP Bootloader
# DOS names like NTLDR,CMLDR,$LDR$ are 8 right space padded bytes+3 bytes
>>>>417		ubyte&0xDF	>0			
>>>>>417	string		x			%-.5s
>>>>>>422	ubyte&0xDF	>0			
>>>>>>>422	string		x 			\b%-.3s
>>>>>425	ubyte&0xDF	>0			
>>>>>>425	string		>\ 			\b.%-.3s
#
>>>>371		ubyte		>0x20			
>>>>>368	ubyte&0xDF	>0			
>>>>>>368	string		x 			%-.5s
>>>>>>>373	ubyte&0xDF	>0			
>>>>>>>>373	string		x 			\b%-.3s
>>>>>>376	ubyte&0xDF	>0			
>>>>>>>376	string		x 			\b.%-.3s
#
>430	string	NTLDR\ nicht\ gefunden\xFF\r\n		
>>453	string	Datentr\204gerfehler\xFF\r\n		
>>>473	string	Neustart\ mit\ beliebiger\ Taste\r	\b, Microsoft Windows XP Bootloader (german)
>>>>417		ubyte&0xDF	>0			
>>>>>417	string		x			%-.5s
>>>>>>422	ubyte&0xDF	>0			
>>>>>>>422	string		x 			\b%-.3s
>>>>>425	ubyte&0xDF	>0			
>>>>>>425	string		>\ 			\b.%-.3s
#
>>>>368		ubyte&0xDF	>0			
>>>>>368	string		x 			%-.5s
>>>>>>373	ubyte&0xDF	>0			
>>>>>>>373	string		x 			\b%-.3s
>>>>>376	ubyte&0xDF	>0			
>>>>>>376	string		x 			\b.%-.3s
#
>430	string	NTLDR\ fehlt\xFF\r\n			
>>444	string	Datentr\204gerfehler\xFF\r\n		
>>>464	string	Neustart\ mit\ beliebiger\ Taste\r	\b, Microsoft Windows XP Bootloader (2.german)
>>>>417		ubyte&0xDF	>0			
>>>>>417	string		x			%-.5s
>>>>>>422	ubyte&0xDF	>0			
>>>>>>>422	string		x 			\b%-.3s
>>>>>425	ubyte&0xDF	>0			
>>>>>>425	string		>\ 			\b.%-.3s
# variant
>>>>371		ubyte		>0x20			
>>>>>368	ubyte&0xDF	>0			
>>>>>>368	string		x 			%-.5s
>>>>>>>373	ubyte&0xDF	>0			
>>>>>>>>373	string		x 			\b%-.3s
>>>>>>376	ubyte&0xDF	>0			
>>>>>>>376	string		x 			\b.%-.3s
#
>430	string	NTLDR\ fehlt\xFF\r\n			
>>444	string	Medienfehler\xFF\r\n			
>>>459	string	Neustart:\ Taste\ dr\201cken\r		\b, Microsoft Windows XP Bootloader (3.german)
>>>>371		ubyte		>0x20			
>>>>>368	ubyte&0xDF	>0			
>>>>>>368	string		x 			%-.5s
>>>>>>>373	ubyte&0xDF	>0			
>>>>>>>>373	string		x 			\b%-.3s
>>>>>>376	ubyte&0xDF	>0			
>>>>>>>376	string		x 			\b.%-.3s
# variant
>>>>417		ubyte&0xDF	>0			
>>>>>417	string		x			%-.5s
>>>>>>422	ubyte&0xDF	>0			
>>>>>>>422	string		x 			\b%-.3s
>>>>>425	ubyte&0xDF	>0			
>>>>>>425	string		>\ 			\b.%-.3s
#
>430	string	Datentr\204ger\ entfernen\xFF\r\n	
>>454	string	Medienfehler\xFF\r\n			
>>>469	string	Neustart:\ Taste\ dr\201cken\r		\b, Microsoft Windows XP Bootloader (4.german)
>>>>368		ubyte&0xDF	>0			
>>>>>368	string		x 			%-.5s
>>>>>>373	ubyte&0xDF	>0			
>>>>>>>373	string		x 			\b%-.3s
>>>>>376	ubyte&0xDF	>0			
>>>>>>376	string		x 			\b.%-.3s
#>3	string	NTFS\ \ \ \ 				
>389	string	Fehler\ beim\ Lesen\ 
>>407	string	des\ Datentr\204gers
>>>426	string	NTLDR\ fehlt				
>>>>440	string	NTLDR\ ist\ komprimiert
>>>>>464 string	Neustart\ mit\ Strg+Alt+Entf\r		\b, Microsoft Windows XP Bootloader NTFS (german)
#>3	string	NTFS\ \ \ \ 				
>313	string	A\ disk\ read\ error\ occurred.\r
>>345	string	A\ kernel\ file\ is\ missing\ 	
>>>370	string	from\ the\ disk.\r		
>>>>484	string	NTLDR\ is\ compressed		
>>>>>429 string	Insert\ a\ system\ diskette\ 	
>>>>>>454 string and\ restart\r\nthe\ system.\r		\b, Microsoft Windows XP Bootloader NTFS
# DOS loader variants different languages,offsets
>472	ubyte&0xDF	>0
>>389	string	Invalid\ system\ disk\xFF\r\n		
>>>411	string	Disk\ I/O\ error			
>>>>428	string	Replace\ the\ disk,\ and\ 		
>>>>>455 string	press\ any\ key				\b, Microsoft Windows 98 Bootloader
#IO.SYS
>>>>>>472	ubyte&0xDF	>0			
>>>>>>>472	string		x 			\b %-.2s
>>>>>>>>474	ubyte&0xDF	>0			
>>>>>>>>>474	string		x 			\b%-.5s
>>>>>>>>>>479	ubyte&0xDF	>0			
>>>>>>>>>>>479 string		x 			\b%-.1s
>>>>>>>480	ubyte&0xDF	>0			
>>>>>>>>480	string		x 			\b.%-.3s
#MSDOS.SYS
>>>>>>>483	ubyte&0xDF	>0			\b+
>>>>>>>>483	string		x 			\b%-.5s
>>>>>>>>>488	ubyte&0xDF	>0			
>>>>>>>>>>488	string		x 			\b%-.3s
>>>>>>>>491	ubyte&0xDF	>0			
>>>>>>>>>491	string		x 			\b.%-.3s
#
>>390	string	Invalid\ system\ disk\xFF\r\n		
>>>412	string	Disk\ I/O\ error\xFF\r\n		
>>>>429	string	Replace\ the\ disk,\ and\ 		
>>>>>451 string	then\ press\ any\ key\r			\b, Microsoft Windows 98 Bootloader
>>388	string	Ungueltiges\ System\ \xFF\r\n		
>>>410	string	E/A-Fehler\ \ \ \ \xFF\r\n		
>>>>427	string	Datentraeger\ wechseln\ und\ 		
>>>>>453 string	Taste\ druecken\r			\b, Microsoft Windows 95/98/ME Bootloader (german)
#WINBOOT.SYS only not spaces (0xDF)
>>>>>>497	ubyte&0xDF	>0			
>>>>>>>497	string		x 			%-.5s
>>>>>>>>502	ubyte&0xDF	>0			
>>>>>>>>>502	string		x 			\b%-.1s
>>>>>>>>>>503	ubyte&0xDF	>0			
>>>>>>>>>>>503	string		x 			\b%-.1s
>>>>>>>>>>>>504	ubyte&0xDF	>0			
>>>>>>>>>>>>>504 string		x 			\b%-.1s
>>>>>>505	ubyte&0xDF	>0			
>>>>>>>505	string		x 			\b.%-.3s
#IO.SYS
>>>>>>472	ubyte&0xDF	>0			or
>>>>>>>472	string		x 			\b %-.2s
>>>>>>>>474	ubyte&0xDF	>0			
>>>>>>>>>474	string		x 			\b%-.5s
>>>>>>>>>>479	ubyte&0xDF	>0			
>>>>>>>>>>>479 string		x 			\b%-.1s
>>>>>>>480	ubyte&0xDF	>0			
>>>>>>>>480	string		x 			\b.%-.3s
#MSDOS.SYS
>>>>>>>483	ubyte&0xDF	>0			\b+
>>>>>>>>483	string		x 			\b%-.5s
>>>>>>>>>488	ubyte&0xDF	>0			
>>>>>>>>>>488	string		x 			\b%-.3s
>>>>>>>>491	ubyte&0xDF	>0			
>>>>>>>>>491	string		x 			\b.%-.3s
#
>>390	string	Ungueltiges\ System\ \xFF\r\n		
>>>412	string	E/A-Fehler\ \ \ \ \xFF\r\n		
>>>>429	string	Datentraeger\ wechseln\ und\ 		
>>>>>455 string	Taste\ druecken\r			\b, Microsoft Windows 95/98/ME Bootloader (German)
#WINBOOT.SYS only not spaces (0xDF)
>>>>>>497	ubyte&0xDF	>0			
>>>>>>>497	string		x 			%-.7s
>>>>>>>>504	ubyte&0xDF	>0			
>>>>>>>>>504	string		x 			\b%-.1s
>>>>>>505	ubyte&0xDF	>0			
>>>>>>>505	string		x 			\b.%-.3s
#IO.SYS
>>>>>>472	ubyte&0xDF	>0			or
>>>>>>>472	string		x 			\b %-.2s
>>>>>>>>474	ubyte&0xDF	>0			
>>>>>>>>>474	string		x 			\b%-.6s
>>>>>>>480	ubyte&0xDF	>0			
>>>>>>>>480	string		x 			\b.%-.3s
#MSDOS.SYS
>>>>>>>483	ubyte&0xDF	>0			\b+
>>>>>>>>483	string		x 			\b%-.5s
>>>>>>>>>488	ubyte&0xDF	>0			
>>>>>>>>>>488	string		x 			\b%-.3s
>>>>>>>>491	ubyte&0xDF	>0			
>>>>>>>>>491	string		x 			\b.%-.3s
#
>>389	string	Ungueltiges\ System\ \xFF\r\n		
>>>411	string	E/A-Fehler\ \ \ \ \xFF\r\n		
>>>>428	string	Datentraeger\ wechseln\ und\ 		
>>>>>454 string	Taste\ druecken\r			\b, Microsoft Windows 95/98/ME Bootloader (GERMAN)
# DOS names like IO.SYS,WINBOOT.SYS,MSDOS.SYS,WINBOOT.INI are 8 right space padded bytes+3 bytes
>>>>>>472	string		x 			%-.2s
>>>>>>>474	ubyte&0xDF	>0			
>>>>>>>>474	string		x 			\b%-.5s
>>>>>>>>479	ubyte&0xDF	>0			
>>>>>>>>>479	string		x 			\b%-.1s
>>>>>>480	ubyte&0xDF	>0			
>>>>>>>480	string		x 			\b.%-.3s
>>>>>>483	ubyte&0xDF	>0			\b+
>>>>>>>483	string		x 			\b%-.5s
>>>>>>>488	ubyte&0xDF	>0			
>>>>>>>>488	string		x 			\b%-.2s
>>>>>>>>490	ubyte&0xDF	>0			
>>>>>>>>>490	string		x 			\b%-.1s
>>>>>>>491	ubyte&0xDF	>0			
>>>>>>>>491	string		x 			\b.%-.3s
>479	ubyte&0xDF	>0
>>416	string	Kein\ System\ oder\ 			
>>>433	string	Laufwerksfehler				
>>>>450	string	Wechseln\ und\ Taste\ dr\201cken	\b, Microsoft DOS Bootloader (german)
#IO.SYS
>>>>>479	string		x 			\b %-.2s
>>>>>>481	ubyte&0xDF	>0			
>>>>>>>481	string		x 			\b%-.6s
>>>>>487	ubyte&0xDF	>0			
>>>>>>487	string		x 			\b.%-.3s
#MSDOS.SYS
>>>>>>490	ubyte&0xDF	>0			\b+
>>>>>>>490	string		x 			\b%-.5s
>>>>>>>>495	ubyte&0xDF	>0			
>>>>>>>>>495	string		x 			\b%-.3s
>>>>>>>498	ubyte&0xDF	>0			
>>>>>>>>498	string		x 			\b.%-.3s
#
>486	ubyte&0xDF	>0
>>416	string	Non-System\ disk\ or\ 			
>>>435	string	disk\ error\r				
>>>>447	string	Replace\ and\ press\ any\ key\ 		
>>>>>473 string	when\ ready\r				\b, Microsoft DOS Bootloader
>480	ubyte&0xDF	>0			
>>393	string	Non-System\ disk\ or\ 			
>>>412	string	disk\ error\r				
>>>>424	string	Replace\ and\ press\ any\ key\ 		
>>>>>450 string	when\ ready\r				\b, Microsoft DOS bootloader
#IO.SYS
>>>>>480	string		x 			\b %-.2s
>>>>>>482	ubyte&0xDF	>0			
>>>>>>>48	string		x 			\b%-.6s
>>>>>488	ubyte&0xDF	>0			
>>>>>>488	string		x 			\b.%-.3s
#MSDOS.SYS
>>>>>>491	ubyte&0xDF	>0			\b+
>>>>>>>491	string		x 			\b%-.5s
>>>>>>>>496	ubyte&0xDF	>0			
>>>>>>>>>496	string		x 			\b%-.3s
>>>>>>>499	ubyte&0xDF	>0			
>>>>>>>>499	string		x 			\b.%-.3s
#>43	string	\224R-LOADER\ \ SYS			=label					
>54	string	SYS
>>324	string	VASKK
>>>495	string	NEWLDR\0				\b, DR-DOS Bootloader (LOADER.SYS)
#
>70	string	IBMBIO\ \ COM				
>>472	string	Cannot\ load\ DOS!\ 			
>>>489	string	Any\ key\ to\ retry			\b, DR-DOS Bootloader
>>471	string	Cannot\ load\ DOS\ 			
>>487	string	press\ key\ to\ retry			\b, Open-DOS Bootloader
>444	string	KERNEL\ \ SYS					
>>314	string	BOOT\ error!				\b, FREE-DOS Bootloader
>499	string	KERNEL\ \ SYS				
>>305	string	BOOT\ err!\0				\b, Free-DOS Bootloader
>449	string	KERNEL\ \ SYS				
>>319	string	BOOT\ error!				\b, FREE-DOS 0.5 Bootloader
>125	string	Loading\ FreeDOS...\r			
>>311	string	BOOT\ error!\r				\b, FREE-DOS bootloader
>>>441		ubyte&0xDF	>0			
>>>>441		string		x 			\b %-.6s
>>>>>447	ubyte&0xDF	>0			
>>>>>>447	string		x 			\b%-.1s
>>>>>>>448	ubyte&0xDF	>0			
>>>>>>>>448	string		x 			\b%-.1s
>>>>449		ubyte&0xDF	>0			
>>>>>449	string		x 			\b.%-.3s
>124	string	FreeDOS\0				
>>331	string	\ err\0					\b, FREE-DOS BETa 0.9 Bootloader
# DOS names like KERNEL.SYS,KERNEL16.SYS,KERNEL32.SYS,METAKERN.SYS are 8 right space padded bytes+3 bytes
>>>497		ubyte&0xDF	>0			
>>>>497		string		x 			\b %-.6s
>>>>>503	ubyte&0xDF	>0			
>>>>>>503	string		x 			\b%-.1s
>>>>>>>504	ubyte&0xDF	>0			
>>>>>>>>504	string		x 			\b%-.1s
>>>>505		ubyte&0xDF	>0			
>>>>>505	string		x 			\b.%-.3s
>>333	string	\ err\0					\b, FREE-DOS BEta 0.9 Bootloader
>>>497		ubyte&0xDF	>0			
>>>>497		string		x 			\b %-.6s
>>>>>503	ubyte&0xDF	>0			
>>>>>>503	string		x 			\b%-.1s
>>>>>>>504	ubyte&0xDF	>0			
>>>>>>>>504	string		x 			\b%-.1s
>>>>505		ubyte&0xDF	>0			
>>>>>505	string		x 			\b.%-.3s
>>334	string	\ err\0					\b, FREE-DOS Beta 0.9 Bootloader
>>>497		ubyte&0xDF	>0			
>>>>497		string		x 			\b %-.6s
>>>>>503	ubyte&0xDF	>0			
>>>>>>503	string		x 			\b%-.1s
>>>>>>>504	ubyte&0xDF	>0			
>>>>>>>>504	string		x 			\b%-.1s
>>>>505		ubyte&0xDF	>0			
>>>>>505	string		x 			\b.%-.3s
>336	string	Error!\ 				
>>343	string	Hit\ a\ key\ to\ reboot.		\b, FREE-DOS Beta 0.9sr1 Bootloader
>>>497		ubyte&0xDF	>0			
>>>>497		string		x 			\b %-.6s
>>>>>503	ubyte&0xDF	>0			
>>>>>>503	string		x 			\b%-.1s
>>>>>>>504	ubyte&0xDF	>0			
>>>>>>>>504	string		x 			\b%-.1s
>>>>505		ubyte&0xDF	>0			
>>>>>505	string		x 			\b.%-.3s
# loader end
# Joerg Jenderek
>446	ubyte	0			
>>450	ubyte	>0			
>>>482	ubyte	0			
>>>>498	ubyte	0			
>>>>466	ubyte	0x05			\b, extended partition table
>>>>466	ubyte	0x0F			\b, extended partition table (LBA)
>>>>466	ubyte	0x0			\b, extended partition table (last)	
# JuMP short     bootcodeoffset NOP assembler instructions will usually be EB xx 90
# older drives may use E9 xx xx
>0		lelong&0x009000EB	0x009000EB 
>0		lelong&0x000000E9	0x000000E9 
>>1		ubyte			>37	\b, code offset 0x%x
# mtools-3.9.8/msdos.h
# usual values are marked with comments to get only informations of strange FAT systems
# valid sectorsize are from 32 to 2048
>>>11		uleshort	<2049	
>>>>11		uleshort	>31	
>>>>>3		string		>\0		\b, OEM-ID "%8.8s"
>>>>>11		uleshort	>512		\b, Bytes/sector %u
#>>>>>11	uleshort	=512		\b, Bytes/sector %u=512 (usual)
>>>>>11		uleshort	<512		\b, Bytes/sector %u
>>>>>13		ubyte		>1		\b, sectors/cluster %u
#>>>>>13	ubyte		=1		\b, sectors/cluster %u (usual on Floppies)
>>>>>14		uleshort	>32		\b, reserved sectors %u
#>>>>>14	uleshort	=32		\b, reserved sectors %u (usual Fat32)
#>>>>>14	uleshort	>1		\b, reserved sectors %u
#>>>>>14	uleshort	=1		\b, reserved sectors %u (usual FAT12,FAT16)
>>>>>14		uleshort	<1		\b, reserved sectors %u
>>>>>16		ubyte		>2		\b, FATs %u
#>>>>>16	ubyte		=2		\b, FATs %u (usual)
>>>>>16		ubyte		=1		\b, FAT  %u
>>>>>16		ubyte		>0
>>>>>17		uleshort	>0		\b, root entries %u
#>>>>>17	uleshort	=0		\b, root entries %u=0 (usual Fat32)
>>>>>19		uleshort	>0		\b, sectors %u (volumes <=32 MB) 
#>>>>>19	uleshort	=0		\b, sectors %u=0 (usual Fat32)
>>>>>21		ubyte		>0xF0		\b, Media descriptor 0x%x
#>>>>>21	ubyte		=0xF0		\b, Media descriptor 0x%x (usual floppy)
>>>>>21		ubyte		<0xF0		\b, Media descriptor 0x%x
>>>>>22		uleshort	>0		\b, sectors/FAT %u
#>>>>>22	uleshort	=0		\b, sectors/FAT %u=0 (usual Fat32)
>>>>>26		ubyte		>2		\b, heads %u
#>>>>>26	ubyte		=2		\b, heads %u (usual floppy)
>>>>>26		ubyte		=1		\b, heads %u
>>>>>28		ulelong		>0		\b, hidden sectors %u
#>>>>>28	ulelong		=0		\b, hidden sectors %u (usual floppy)
>>>>>32		ulelong		>0		\b, sectors %u (volumes > 32 MB) 
#>>>>>32	ulelong		=0		\b, sectors %u (volumes > 32 MB) 
# FAT<32 specific 
# NOT le FAT3=NOT 3TAF=0xCCABBEB9
>>>>>82		ulelong&0xCCABBEB9	>0
>>>>>>36	ubyte		>0x80		\b, physical drive 0x%x
#>>>>>>36	ubyte		=0x80		\b, physical drive 0x%x=0x80 (usual harddisk)
>>>>>>36	ubyte&0x7F	>0		\b, physical drive 0x%x
#>>>>>>36	ubyte		=0		\b, physical drive 0x%x=0 (usual floppy)
>>>>>>37	ubyte		>0		\b, reserved 0x%x
#>>>>>>37	ubyte		=0		\b, reserved 0x%x
>>>>>>38	ubyte		>0x29		\b, dos < 4.0 BootSector (0x%x)
>>>>>>38	ubyte		<0x29		\b, dos < 4.0 BootSector (0x%x)
>>>>>>38	ubyte		=0x29
>>>>>>>39	ulelong		x		\b, serial number 0x%x
>>>>>>>43	string		<NO\ NAME	\b, label: "%11.11s"
>>>>>>>43	string		>NO\ NAME	\b, label: "%11.11s"
>>>>>>>43	string		=NO\ NAME	\b, unlabeled
>>>>>>54	string		FAT		\b, FAT
>>>>>>>54	string		FAT12		\b (12 bit)
>>>>>>>54	string		FAT16		\b (16 bit)
# FAT32 specific
>>>>>82		string		FAT32		\b, FAT (32 bit)
>>>>>>36	ulelong		x		\b, sectors/FAT %u
>>>>>>40	uleshort	>0		\b, extension flags %u
#>>>>>>40	uleshort	=0		\b, extension flags %u
>>>>>>42	uleshort	>0		\b, fsVersion %u
#>>>>>>42	uleshort	=0		\b, fsVersion %u (usual)
>>>>>>44	ulelong		>2		\b, rootdir cluster %u
#>>>>>>44	ulelong		=2		\b, rootdir cluster %u
#>>>>>>44	ulelong		=1		\b, rootdir cluster %u
>>>>>>48	uleshort	>1		\b, infoSector %u
#>>>>>>48	uleshort	=1		\b, infoSector %u (usual)
>>>>>>48	uleshort	<1		\b, infoSector %u
>>>>>>50	uleshort	>6		\b, Backup boot sector %u
#>>>>>>50	uleshort	=6		\b, Backup boot sector %u (usual) 
>>>>>>50	uleshort	<6		\b, Backup boot sector %u
>>>>>>54	ulelong		>0		\b, reserved1 0x%x
>>>>>>58	ulelong		>0		\b, reserved2 0x%x
>>>>>>62	ulelong		>0		\b, reserved3 0x%x
# same structure as FAT1X 
>>>>>>64	ubyte		>0x80		\b, physical drive 0x%x
#>>>>>>64	ubyte		=0x80		\b, physical drive 0x%x=80 (usual harddisk)
>>>>>>64	ubyte&0x7F	>0		\b, physical drive 0x%x
#>>>>>>64	ubyte		=0		\b, physical drive 0x%x=0 (usual floppy)
>>>>>>65	ubyte		>0		\b, reserved 0x%x
>>>>>>66	ubyte		>0x29		\b, dos < 4.0 BootSector (0x%x)
>>>>>>66	ubyte		<0x29		\b, dos < 4.0 BootSector (0x%x)
>>>>>>66	ubyte		=0x29
>>>>>>>67	ulelong		x		\b, serial number 0x%x
>>>>>>>71	string		<NO\ NAME	\b, label: "%11.11s"
>>>>>>71	string		>NO\ NAME	\b, label: "%11.11s"
>>>>>>71	string		=NO\ NAME	\b, unlabeled
### FATs end
>0x200	lelong	0x82564557		\b, BSD disklabel
# FATX 
0		string		FATX		FATX filesystem data

# Minix filesystems - Juan Cespedes <cespedes@debian.org>
0x410	leshort		0x137f		Minix filesystem
0x410	beshort		0x137f		Minix filesystem (big endian),
>0x402	beshort		!0		\b, %d zones
>0x1e	string		minix		\b, bootable
0x410	leshort		0x138f		Minix filesystem, 30 char names
0x410	leshort		0x2468		Minix filesystem, version 2
0x410	leshort		0x2478		Minix filesystem, version 2, 30 char names

# romfs filesystems - Juan Cespedes <cespedes@debian.org>
0	string		-rom1fs-\0	romfs filesystem, version 1
>8	belong	x			%d bytes,
>16	string	x			named %s.

# netboot image - Juan Cespedes <cespedes@debian.org>
0	lelong		0x1b031336L	Netboot image,
>4	lelong&0xFFFFFF00	0
>>4	lelong&0x100	0x000		mode 2
>>4	lelong&0x100	0x100		mode 3
>4	lelong&0xFFFFFF00	!0	unknown mode

0x18b	string	OS/2	OS/2 Boot Manager

9564	lelong		0x00011954	Unix Fast File system (little-endian),
>8404	string		x		last mounted on %s,
#>9504	ledate		x		last checked at %s,
>8224	ledate		x		last written at %s,
>8401	byte		x		clean flag %d,
>8228	lelong		x		number of blocks %d,
>8232	lelong		x		number of data blocks %d,
>8236	lelong		x		number of cylinder groups %d,
>8240	lelong		x		block size %d,
>8244	lelong		x		fragment size %d,
>8252	lelong		x		minimum percentage of free blocks %d,
>8256	lelong		x		rotational delay %dms,
>8260	lelong		x		disk rotational speed %drps,
>8320	lelong		0		TIME optimization
>8320	lelong		1		SPACE optimization

9564	belong		0x00011954	Unix Fast File system (big-endian),
>7168   long		0x4c41424c	Apple UFS Volume
>>7186  string		x		named %s,
>>7176  belong		x		volume label version %d,
>>7180  bedate		x		created on %s,
>8404	string		x		last mounted on %s,
#>9504	bedate		x		last checked at %s,
>8224	bedate		x		last written at %s,
>8401	byte		x		clean flag %d,
>8228	belong		x		number of blocks %d,
>8232	belong		x		number of data blocks %d,
>8236	belong		x		number of cylinder groups %d,
>8240	belong		x		block size %d,
>8244	belong		x		fragment size %d,
>8252	belong		x		minimum percentage of free blocks %d,
>8256	belong		x		rotational delay %dms,
>8260	belong		x		disk rotational speed %drps,
>8320	belong		0		TIME optimization
>8320	belong		1		SPACE optimization

# ext2/ext3 filesystems - Andreas Dilger <adilger@dilger.ca>
# ext4 filesystem - Eric Sandeen <sandeen@sandeen.net>
0x438   leshort         0xEF53          Linux
>0x44c  lelong          x               rev %d
>0x43e  leshort         x               \b.%d
# No journal?  ext2
>0x45c  lelong          ^0x0000004      ext2 filesystem data
>>0x43a leshort         ^0x0000001      (mounted or unclean)
# Has a journal?  ext3 or ext4
>0x45c  lelong          &0x0000004
#  and small INCOMPAT?
>>0x460 lelong          <0x0000040
#   and small RO_COMPAT?
>>>0x464 lelong         <0x0000008      ext3 filesystem data
#   else large RO_COMPAT?
>>>0x464 lelong         >0x0000007      ext4 filesystem data
#  else large INCOMPAT?
>>0x460 lelong          >0x000003f      ext4 filesystem data
# General flags for any ext* fs
>0x460  lelong          &0x0000004      (needs journal recovery)
>0x43a  leshort         &0x0000002      (errors)
# INCOMPAT flags
>0x460  lelong          &0x0000001      (compressed)
#>0x460 lelong          &0x0000002      (filetype)
#>0x460 lelong          &0x0000010      (meta bg)
>0x460  lelong          &0x0000040      (extents)
>0x460  lelong          &0x0000080      (64bit)
#>0x460 lelong          &0x0000100      (mmp)
#>0x460 lelong          &0x0000200      (flex bg)
# RO_INCOMPAT flags
#>0x464 lelong          &0x0000001      (sparse super)
>0x464  lelong          &0x0000002      (large files)
>0x464  lelong          &0x0000008      (huge files)
#>0x464 lelong          &0x0000010      (gdt checksum)
#>0x464 lelong          &0x0000020      (many subdirs)
#>0x463 lelong          &0x0000040      (extra isize)

# SGI disk labels - Nathan Scott <nathans@debian.org>
0	belong		0x0BE5A941	SGI disk label (volume header)

# SGI XFS filesystem - Nathan Scott <nathans@debian.org>
0	belong		0x58465342	SGI XFS filesystem data
>0x4	belong		x		(blksz %d,
>0x68	beshort		x		inosz %d,
>0x64	beshort		^0x2004		v1 dirs)
>0x64	beshort		&0x2004		v2 dirs)

############################################################################
# Minix-ST kernel floppy
0x800	belong		0x46fc2700	Atari-ST Minix kernel image
>19	string		\240\5\371\5\0\011\0\2\0	\b, 720k floppy
>19	string		\320\2\370\5\0\011\0\1\0	\b, 360k floppy

############################################################################
# Hmmm, is this a better way of detecting _standard_ floppy images ?
19	string		\320\2\360\3\0\011\0\1\0	DOS floppy 360k
>0x1FE	leshort		0xAA55		\b, x86 hard disk boot sector
19	string		\240\5\371\3\0\011\0\2\0	DOS floppy 720k
>0x1FE	leshort		0xAA55		\b, x86 hard disk boot sector
19	string		\100\013\360\011\0\022\0\2\0	DOS floppy 1440k
>0x1FE	leshort		0xAA55		\b, x86 hard disk boot sector

19	string		\240\5\371\5\0\011\0\2\0	DOS floppy 720k, IBM
>0x1FE	leshort		0xAA55		\b, x86 hard disk boot sector
19	string		\100\013\371\5\0\011\0\2\0	DOS floppy 1440k, mkdosfs
>0x1FE	leshort		0xAA55		\b, x86 hard disk boot sector

19	string		\320\2\370\5\0\011\0\1\0	Atari-ST floppy 360k
19	string		\240\5\371\5\0\011\0\2\0	Atari-ST floppy 720k

#  Valid media descriptor bytes for MS-DOS:
#
#     Byte   Capacity   Media Size and Type
#     -------------------------------------------------
#
#     F0     2.88 MB    3.5-inch, 2-sided, 36-sector
#     F0     1.44 MB    3.5-inch, 2-sided, 18-sector
#     F9     720K       3.5-inch, 2-sided, 9-sector
#     F9     1.2 MB     5.25-inch, 2-sided, 15-sector
#     FD     360K       5.25-inch, 2-sided, 9-sector
#     FF     320K       5.25-inch, 2-sided, 8-sector
#     FC     180K       5.25-inch, 1-sided, 9-sector
#     FE     160K       5.25-inch, 1-sided, 8-sector
#     FE     250K       8-inch, 1-sided, single-density
#     FD     500K       8-inch, 2-sided, single-density
#     FE     1.2 MB     8-inch, 2-sided, double-density
#     F8     -----      Fixed disk 
#
#     FC     xxxK       Apricot 70x1x9 boot disk.
#
# Originally a bitmap:
#  xxxxxxx0	Not two sided
#  xxxxxxx1	Double sided
#  xxxxxx0x	Not 8 SPT
#  xxxxxx1x	8 SPT
#  xxxxx0xx	Not Removable drive
#  xxxxx1xx	Removable drive
#  11111xxx	Must be one.
#
# But now it's rather random:
#  111111xx	Low density disk
#        00	SS, Not 8 SPT
#        01	DS, Not 8 SPT
#        10	SS, 8 SPT
#        11	DS, 8 SPT
#
#  11111001	Double density 3� floppy disk, high density 5�
#  11110000	High density 3� floppy disk
#  11111000	Hard disk any format
#

# CDROM Filesystems
32769    string    CD001     ISO 9660 CD-ROM filesystem data
# "application id" which appears to be used as a volume label
>32808	 string    >\0       '%s'
>34816	 string    \000CD001\001EL\ TORITO\ SPECIFICATION    (bootable)
37633    string    CD001     ISO 9660 CD-ROM filesystem data (raw 2352 byte sectors)
32776    string    CDROM     High Sierra CD-ROM filesystem data

# cramfs filesystem - russell@coker.com.au
0       lelong    0x28cd3d45      Linux Compressed ROM File System data, little endian
>4      lelong  x size %d
>8      lelong  &1 version #2
>8      lelong  &2 sorted_dirs
>8      lelong  &4 hole_support
>32     lelong  x CRC 0x%x,
>36     lelong  x edition %d,
>40     lelong  x %d blocks,
>44     lelong  x %d files

0       belong    0x28cd3d45      Linux Compressed ROM File System data, big endian
>4      belong  x size %d
>8      belong  &1 version #2
>8      belong  &2 sorted_dirs
>8      belong  &4 hole_support
>32     belong  x CRC 0x%x,
>36     belong  x edition %d,
>40     belong  x %d blocks,
>44     belong  x %d files

# reiserfs - russell@coker.com.au
0x10034		string	ReIsErFs	ReiserFS V3.5
0x10034		string	ReIsEr2Fs	ReiserFS V3.6
>0x1002c 	leshort	x		block size %d
>0x10032	leshort	&2		(mounted or unclean)
>0x10000	lelong	x		num blocks %d
>0x10040	lelong	1		tea hash
>0x10040	lelong	2		yura hash
>0x10040	lelong	3		r5 hash

# JFFS - russell@coker.com.au
0	lelong	0x34383931	Linux Journalled Flash File system, little endian
0	belong	0x34383931	Linux Journalled Flash File system, big endian

# EST flat binary format (which isn't, but anyway)
# From: Mark Brown <broonie@sirena.org.uk>
0	string	ESTFBINR	EST flat binary

# Aculab VoIP firmware
# From: Mark Brown <broonie@sirena.org.uk>
0	string	VoIP\ Startup\ and	Aculab VoIP firmware
>35	string	x	format %s

# PPCBoot image file
# From: Mark Brown <broonie@sirena.org.uk>
0	belong	0x27051956	PPCBoot image
>4	string  PPCBoot
>>12	string  x		version %s

# JFFS2 file system
0       leshort         0x1984                  Linux old jffs2 filesystem data little endian
0       lelong          0xe0011985              Linux jffs2 filesystem data little endian

# Squashfs
0	string	sqsh	Squashfs filesystem, big endian,
>28	beshort	x	version %d.
>30	beshort x	\b%d,
>8	belong	x	%d bytes,
>4	belong	x	%d inodes,
>28	beshort <2
>>32	beshort	x	blocksize: %d bytes,
>28	beshort >1
>>51	belong	x	blocksize: %d bytes,
>39	bedate	x	created: %s
0	string	hsqs	Squashfs filesystem, little endian,
>28	leshort	x	version %d.
>30	leshort	x	\b%d,
>8	lelong	x	%d bytes,
>4	lelong	x	%d inodes,
>28	leshort <2
>>32	leshort	x	blocksize: %d bytes,
>28	leshort >1
>>51	lelong	x	blocksize: %d bytes,
>39	ledate	x	created: %s

# AFS Dump Magic
# From: Ty Sarna <tsarna@sarna.org> 
0       string                  \x01\xb3\xa1\x13\x22    AFS Dump
>&0     belong                  x                       (v%d)
>>&0    byte                    0x76
>>>&0   belong                  x                       Vol %d,
>>>>&0  byte                    0x6e
>>>>>&0 string                  x                       %s
>>>>>>&1        byte            0x74
>>>>>>>&0       beshort         2
>>>>>>>>&4      bedate          x                       on: %s
>>>>>>>>&0      bedate          =0                      full dump
>>>>>>>>&0      bedate          !0                      incremental since: %s

# Oracle Clustered Filesystem - Aaron Botsis <redhat@digitalmafia.org>
8       string          OracleCFS       Oracle Clustered Filesystem,
>4      long            x               rev %d
>0      long            x               \b.%d,
>560    string          x               label: %.64s,
>136    string          x               mountpoint: %.128s

# Oracle ASM tagged volume - Aaron Botsis <redhat@digitalmafia.org>
32      string          ORCLDISK        Oracle ASM Volume,
>40     string          x               Disk Name: %0.12s
32      string          ORCLCLRD        Oracle ASM Volume (cleared),
>40     string          x               Disk Name: %0.12s

# GFS2
0x10000         belong          0x01161970      Linux
>0x10018        belong          0x0000051d      GFS1 Filesystem
>>0x10024        belong          x               (blocksize %d,
>>0x10060        string          >\0             lockproto %s)
>0x10018        belong          0x00000709      GFS2 Filesystem
>>0x10024        belong          x               (blocksize %d,
>>0x10060        string          >\0             lockproto %s)

#------------------------------------------------------------------------------
# animation:  file(1) magic for animation/movie formats
#
# animation formats
# MPEG, FLI, DL originally from vax@ccwf.cc.utexas.edu (VaX#n8)
# FLC, SGI, Apple originally from Daniel Quinlan (quinlan@yggdrasil.com)

# SGI and Apple formats
0	string		MOVI		Silicon Graphics movie file
4       string          moov            Apple QuickTime
>12     string          mvhd            \b movie (fast start)
>12     string          mdra            \b URL
>12     string          cmov            \b movie (fast start, compressed header)
>12     string          rmra            \b multiple URLs
4       string          mdat            Apple QuickTime movie (unoptimized)
4       string          wide            Apple QuickTime movie (unoptimized)
4       string          skip            Apple QuickTime movie (modified)
4       string          free            Apple QuickTime movie (modified)
4       string          idsc            Apple QuickTime image (fast start)
4       string          idat            Apple QuickTime image (unoptimized)
4       string          pckg            Apple QuickTime compressed archive
4	string/B	jP		JPEG 2000 image
4	string		ftyp		ISO Media
>8	string		isom		\b, MPEG v4 system, version 1
>8	string		iso2		\b, MPEG v4 system, part 12 revision
>8	string		mp41		\b, MPEG v4 system, version 1
>8	string		mp42		\b, MPEG v4 system, version 2
>8	string		mp7t		\b, MPEG v4 system, MPEG v7 XML
>8	string		mp7b		\b, MPEG v4 system, MPEG v7 binary XML
>8	string/B	jp2		\b, JPEG 2000
>8	string		3gp		\b, MPEG v4 system, 3GPP
>>11	byte		4		\b v4 (H.263/AMR GSM 6.10)
>>11	byte		5		\b v5 (H.263/AMR GSM 6.10)
>>11	byte		6		\b v6 (ITU H.264/AMR GSM 6.10)
>8	string		mmp4		\b, MPEG v4 system, 3GPP Mobile
>8	string		avc1		\b, MPEG v4 system, 3GPP JVT AVC
>8	string/B	M4A		\b, MPEG v4 system, iTunes AAC-LC
>8	string/B	M4P		\b, MPEG v4 system, iTunes AES encrypted
>8	string/B	M4B		\b, MPEG v4 system, iTunes bookmarked
>8	string/B	qt		\b, Apple QuickTime movie

# MPEG sequences
# Scans for all common MPEG header start codes
0        belong             0x00000001     JVT NAL sequence
>4       byte&0x1F          0x07           \b, H.264 video
>>5      byte               66             \b, baseline
>>5      byte               77             \b, main
>>5      byte               88             \b, extended
>>7      byte               x              \b @ L %u
0        belong&0xFFFFFF00  0x00000100     MPEG sequence
>3       byte               0xBA
>>4      byte               &0x40          \b, v2, program multiplex
>>4      byte               ^0x40          \b, v1, system multiplex
>3       byte               0xBB           \b, v1/2, multiplex (missing pack header)
>3       byte&0x1F          0x07           \b, H.264 video
>>4      byte               66             \b, baseline
>>4      byte               77             \b, main
>>4      byte               88             \b, extended
>>6      byte               x              \b @ L %u
>3       byte               0xB0           \b, v4
>>5      belong             0x000001B5
>>>9     byte               &0x80
>>>>10   byte&0xF0          16             \b, video
>>>>10   byte&0xF0          32             \b, still texture
>>>>10   byte&0xF0          48             \b, mesh
>>>>10   byte&0xF0          64             \b, face
>>>9     byte&0xF8          8              \b, video
>>>9     byte&0xF8          16             \b, still texture
>>>9     byte&0xF8          24             \b, mesh
>>>9     byte&0xF8          32             \b, face
>>4      byte               1              \b, simple @ L1
>>4      byte               2              \b, simple @ L2
>>4      byte               3              \b, simple @ L3
>>4      byte               4              \b, simple @ L0
>>4      byte               17             \b, simple scalable @ L1
>>4      byte               18             \b, simple scalable @ L2
>>4      byte               33             \b, core @ L1
>>4      byte               34             \b, core @ L2
>>4      byte               50             \b, main @ L2
>>4      byte               51             \b, main @ L3
>>4      byte               53             \b, main @ L4
>>4      byte               66             \b, n-bit @ L2
>>4      byte               81             \b, scalable texture @ L1
>>4      byte               97             \b, simple face animation @ L1
>>4      byte               98             \b, simple face animation @ L2
>>4      byte               99             \b, simple face basic animation @ L1
>>4      byte               100            \b, simple face basic animation @ L2
>>4      byte               113            \b, basic animation text @ L1
>>4      byte               114            \b, basic animation text @ L2
>>4      byte               129            \b, hybrid @ L1
>>4      byte               130            \b, hybrid @ L2
>>4      byte               145            \b, advanced RT simple @ L!
>>4      byte               146            \b, advanced RT simple @ L2
>>4      byte               147            \b, advanced RT simple @ L3
>>4      byte               148            \b, advanced RT simple @ L4
>>4      byte               161            \b, core scalable @ L1
>>4      byte               162            \b, core scalable @ L2
>>4      byte               163            \b, core scalable @ L3
>>4      byte               177            \b, advanced coding efficiency @ L1
>>4      byte               178            \b, advanced coding efficiency @ L2
>>4      byte               179            \b, advanced coding efficiency @ L3
>>4      byte               180            \b, advanced coding efficiency @ L4
>>4      byte               193            \b, advanced core @ L1
>>4      byte               194            \b, advanced core @ L2
>>4      byte               209            \b, advanced scalable texture @ L1
>>4      byte               210            \b, advanced scalable texture @ L2
>>4      byte               211            \b, advanced scalable texture @ L3
>>4      byte               225            \b, simple studio @ L1
>>4      byte               226            \b, simple studio @ L2
>>4      byte               227            \b, simple studio @ L3
>>4      byte               228            \b, simple studio @ L4
>>4      byte               229            \b, core studio @ L1
>>4      byte               230            \b, core studio @ L2
>>4      byte               231            \b, core studio @ L3
>>4      byte               232            \b, core studio @ L4
>>4      byte               240            \b, advanced simple @ L0
>>4      byte               241            \b, advanced simple @ L1
>>4      byte               242            \b, advanced simple @ L2
>>4      byte               243            \b, advanced simple @ L3
>>4      byte               244            \b, advanced simple @ L4
>>4      byte               245            \b, advanced simple @ L5
>>4      byte               247            \b, advanced simple @ L3b
>>4      byte               248            \b, FGS @ L0
>>4      byte               249            \b, FGS @ L1
>>4      byte               250            \b, FGS @ L2
>>4      byte               251            \b, FGS @ L3
>>4      byte               252            \b, FGS @ L4
>>4      byte               253            \b, FGS @ L5
>3       byte               0xB5           \b, v4
>>4      byte               &0x80
>>>5     byte&0xF0          16             \b, video (missing profile header)
>>>5     byte&0xF0          32             \b, still texture (missing profile header)
>>>5     byte&0xF0          48             \b, mesh (missing profile header)
>>>5     byte&0xF0          64             \b, face (missing profile header)
>>4      byte&0xF8          8              \b, video (missing profile header)
>>4      byte&0xF8          16             \b, still texture (missing profile header)
>>4      byte&0xF8          24             \b, mesh (missing profile header)
>>4      byte&0xF8          32             \b, face (missing profile header)
>3       byte               0xB3
>>12     belong             0x000001B8     \b, v1, progressive Y'CbCr 4:2:0 video
>>12     belong             0x000001B2     \b, v1, progressive Y'CbCr 4:2:0 video
>>12     belong             0x000001B5     \b, v2,
>>>16    byte&0x0F          1              \b HP
>>>16    byte&0x0F          2              \b Spt
>>>16    byte&0x0F          3              \b SNR
>>>16    byte&0x0F          4              \b MP
>>>16    byte&0x0F          5              \b SP
>>>17    byte&0xF0          64             \b@HL
>>>17    byte&0xF0          96             \b@H-14
>>>17    byte&0xF0          128            \b@ML
>>>17    byte&0xF0          160            \b@LL
>>>17    byte               &0x08          \b progressive
>>>17    byte               ^0x08          \b interlaced
>>>17    byte&0x06          2              \b Y'CbCr 4:2:0 video
>>>17    byte&0x06          4              \b Y'CbCr 4:2:2 video
>>>17    byte&0x06          6              \b Y'CbCr 4:4:4 video
>>11     byte               &0x02
>>>75    byte               &0x01
>>>>140  belong             0x000001B8     \b, v1, progressive Y'CbCr 4:2:0 video
>>>>140  belong             0x000001B2     \b, v1, progressive Y'CbCr 4:2:0 video
>>>>140  belong             0x000001B5     \b, v2,
>>>>>144 byte&0x0F          1              \b HP
>>>>>144 byte&0x0F          2              \b Spt
>>>>>144 byte&0x0F          3              \b SNR
>>>>>144 byte&0x0F          4              \b MP
>>>>>144 byte&0x0F          5              \b SP
>>>>>145 byte&0xF0          64             \b@HL
>>>>>145 byte&0xF0          96             \b@H-14
>>>>>145 byte&0xF0          128            \b@ML
>>>>>145 byte&0xF0          160            \b@LL
>>>>>145 byte               &0x08          \b progressive
>>>>>145 byte               ^0x08          \b interlaced
>>>>>145 byte&0x06          2              \b Y'CbCr 4:2:0 video
>>>>>145 byte&0x06          4              \b Y'CbCr 4:2:2 video
>>>>>145 byte&0x06          6              \b Y'CbCr 4:4:4 video
>>76    belong             0x000001B8     \b, v1, progressive Y'CbCr 4:2:0 video
>>76    belong             0x000001B2     \b, v1, progressive Y'CbCr 4:2:0 video
>>76    belong             0x000001B5     \b, v2,
>>>80   byte&0x0F          1              \b HP
>>>80   byte&0x0F          2              \b Spt
>>>80   byte&0x0F          3              \b SNR
>>>80   byte&0x0F          4              \b MP
>>>80   byte&0x0F          5              \b SP
>>>81   byte&0xF0          64             \b@HL
>>>81   byte&0xF0          96             \b@H-14
>>>81   byte&0xF0          128            \b@ML
>>>81   byte&0xF0          160            \b@LL
>>>81   byte               &0x08          \b progressive
>>>81   byte               ^0x08          \b interlaced
>>>81   byte&0x06          2              \b Y'CbCr 4:2:0 video
>>>81   byte&0x06          4              \b Y'CbCr 4:2:2 video
>>>81   byte&0x06          6              \b Y'CbCr 4:4:4 video
>>4      belong&0xFFFFFF00  0x78043800     \b, HD-TV 1920P
>>>7     byte&0xF0          0x10           \b, 16:9
>>4      belong&0xFFFFFF00  0x50002D00     \b, SD-TV 1280I
>>>7     byte&0xF0          0x10           \b, 16:9
>>4      belong&0xFFFFFF00  0x30024000     \b, PAL Capture
>>>7     byte&0xF0          0x10           \b, 4:3
>>4      beshort&0xFFF0     0x2C00         \b, 4CIF
>>>5     beshort&0x0FFF     0x01E0         \b NTSC
>>>5     beshort&0x0FFF     0x0240         \b PAL
>>>7     byte&0xF0          0x20           \b, 4:3
>>>7     byte&0xF0          0x30           \b, 16:9
>>>7     byte&0xF0          0x40           \b, 11:5
>>>7     byte&0xF0          0x80           \b, PAL 4:3
>>>7     byte&0xF0          0xC0           \b, NTSC 4:3
>>4      belong&0xFFFFFF00  0x2801E000     \b, LD-TV 640P
>>>7     byte&0xF0          0x10           \b, 4:3
>>4      belong&0xFFFFFF00  0x1400F000     \b, 320x240
>>>7     byte&0xF0          0x10           \b, 4:3
>>4      belong&0xFFFFFF00  0x0F00A000     \b, 240x160
>>>7     byte&0xF0          0x10           \b, 4:3
>>4      belong&0xFFFFFF00  0x0A007800     \b, 160x120
>>>7     byte&0xF0          0x10           \b, 4:3
>>4      beshort&0xFFF0     0x1600         \b, CIF
>>>5     beshort&0x0FFF     0x00F0         \b NTSC
>>>5     beshort&0x0FFF     0x0120         \b PAL
>>>7     byte&0xF0          0x20           \b, 4:3
>>>7     byte&0xF0          0x30           \b, 16:9
>>>7     byte&0xF0          0x40           \b, 11:5
>>>7     byte&0xF0          0x80           \b, PAL 4:3
>>>7     byte&0xF0          0xC0           \b, NTSC 4:3
>>>5     beshort&0x0FFF     0x0240         \b PAL 625
>>>>7    byte&0xF0          0x20           \b, 4:3
>>>>7    byte&0xF0          0x30           \b, 16:9
>>>>7    byte&0xF0          0x40           \b, 11:5
>>4      beshort&0xFFF0     0x2D00         \b, CCIR/ITU
>>>5     beshort&0x0FFF     0x01E0         \b NTSC 525
>>>5     beshort&0x0FFF     0x0240         \b PAL 625
>>>7     byte&0xF0          0x20           \b, 4:3
>>>7     byte&0xF0          0x30           \b, 16:9
>>>7     byte&0xF0          0x40           \b, 11:5
>>4      beshort&0xFFF0     0x1E00         \b, SVCD
>>>5     beshort&0x0FFF     0x01E0         \b NTSC 525
>>>5     beshort&0x0FFF     0x0240         \b PAL 625
>>>7     byte&0xF0          0x20           \b, 4:3
>>>7     byte&0xF0          0x30           \b, 16:9
>>>7     byte&0xF0          0x40           \b, 11:5
>>7      byte&0x0F          1              \b, 23.976 fps
>>7      byte&0x0F          2              \b, 24 fps
>>7      byte&0x0F          3              \b, 25 fps
>>7      byte&0x0F          4              \b, 29.97 fps
>>7      byte&0x0F          5              \b, 30 fps
>>7      byte&0x0F          6              \b, 50 fps
>>7      byte&0x0F          7              \b, 59.94 fps
>>7      byte&0x0F          8              \b, 60 fps
>>11     byte               &0x04          \b, Constrained

# MPEG ADTS Audio (*.mpx/mxa/aac)
# from dreesen@math.fu-berlin.de
# modified to fully support MPEG ADTS

# MP3, M1A
0       beshort&0xFFFE  0xFFFA         MPEG ADTS, layer III, v1
# rates
>2      byte&0xF0       0x10           \b,  32 kBits
>2      byte&0xF0       0x20           \b,  40 kBits
>2      byte&0xF0       0x30           \b,  48 kBits
>2      byte&0xF0       0x40           \b,  56 kBits
>2      byte&0xF0       0x50           \b,  64 kBits
>2      byte&0xF0       0x60           \b,  80 kBits
>2      byte&0xF0       0x70           \b,  96 kBits
>2      byte&0xF0       0x80           \b, 112 kBits
>2      byte&0xF0       0x90           \b, 128 kBits
>2      byte&0xF0       0xA0           \b, 160 kBits
>2      byte&0xF0       0xB0           \b, 192 kBits
>2      byte&0xF0       0xC0           \b, 224 kBits
>2      byte&0xF0       0xD0           \b, 256 kBits
>2      byte&0xF0       0xE0           \b, 320 kBits
# timing
>2      byte&0x0C       0x00           \b, 44.1 kHz
>2      byte&0x0C       0x04           \b, 48 kHz
>2      byte&0x0C       0x08           \b, 32 kHz
# channels/options
>3      byte&0xC0       0x00           \b, Stereo
>3      byte&0xC0       0x40           \b, JntStereo
>3      byte&0xC0       0x80           \b, 2x Monaural
>3      byte&0xC0       0xC0           \b, Monaural
#>1     byte            ^0x01          \b, Data Verify
#>2     byte            &0x02          \b, Packet Pad
#>2     byte            &0x01          \b, Custom Flag
#>3     byte            &0x08          \b, Copyrighted
#>3     byte            &0x04          \b, Original Source
#>3     byte&0x03       1              \b, NR: 50/15 ms
#>3     byte&0x03       3              \b, NR: CCIT J.17

# MP2, M1A
0       beshort&0xFFFE  0xFFFC         MPEG ADTS, layer II, v1
# rates
>2      byte&0xF0       0x10           \b,  32 kBits
>2      byte&0xF0       0x20           \b,  48 kBits
>2      byte&0xF0       0x30           \b,  56 kBits
>2      byte&0xF0       0x40           \b,  64 kBits
>2      byte&0xF0       0x50           \b,  80 kBits
>2      byte&0xF0       0x60           \b,  96 kBits
>2      byte&0xF0       0x70           \b, 112 kBits
>2      byte&0xF0       0x80           \b, 128 kBits
>2      byte&0xF0       0x90           \b, 160 kBits
>2      byte&0xF0       0xA0           \b, 192 kBits
>2      byte&0xF0       0xB0           \b, 224 kBits
>2      byte&0xF0       0xC0           \b, 256 kBits
>2      byte&0xF0       0xD0           \b, 320 kBits
>2      byte&0xF0       0xE0           \b, 384 kBits
# timing
>2      byte&0x0C       0x00           \b, 44.1 kHz
>2      byte&0x0C       0x04           \b, 48 kHz
>2      byte&0x0C       0x08           \b, 32 kHz
# channels/options
>3      byte&0xC0       0x00           \b, Stereo
>3      byte&0xC0       0x40           \b, JntStereo
>3      byte&0xC0       0x80           \b, 2x Monaural
>3      byte&0xC0       0xC0           \b, Monaural
#>1     byte            ^0x01          \b, Data Verify
#>2     byte            &0x02          \b, Packet Pad
#>2     byte            &0x01          \b, Custom Flag
#>3     byte            &0x08          \b, Copyrighted
#>3     byte            &0x04          \b, Original Source
#>3     byte&0x03       1              \b, NR: 50/15 ms
#>3     byte&0x03       3              \b, NR: CCIT J.17

# MPA, M1A
# modified by Joerg Jenderek
# GRR the original test are too common for many DOS files, so test 32 <= kbits <= 448
0	beshort&0xFFFE		0xFFFE	
>2	byte&0xF0	>0x0F		
>>2	byte&0xF0	<0xE1		MPEG ADTS, layer I, v1
# rate
>>>2      byte&0xF0       0x10           \b,  32 kBits
>>>2      byte&0xF0       0x20           \b,  64 kBits
>>>2      byte&0xF0       0x30           \b,  96 kBits
>>>2      byte&0xF0       0x40           \b, 128 kBits
>>>2      byte&0xF0       0x50           \b, 160 kBits
>>>2      byte&0xF0       0x60           \b, 192 kBits
>>>2      byte&0xF0       0x70           \b, 224 kBits
>>>2      byte&0xF0       0x80           \b, 256 kBits
>>>2      byte&0xF0       0x90           \b, 288 kBits
>>>2      byte&0xF0       0xA0           \b, 320 kBits
>>>2      byte&0xF0       0xB0           \b, 352 kBits
>>>2      byte&0xF0       0xC0           \b, 384 kBits
>>>2      byte&0xF0       0xD0           \b, 416 kBits
>>>2      byte&0xF0       0xE0           \b, 448 kBits
# timing
>>>2      byte&0x0C       0x00           \b, 44.1 kHz
>>>2      byte&0x0C       0x04           \b, 48 kHz
>>>2      byte&0x0C       0x08           \b, 32 kHz
# channels/options
>>>3      byte&0xC0       0x00           \b, Stereo
>>>3      byte&0xC0       0x40           \b, JntStereo
>>>3      byte&0xC0       0x80           \b, 2x Monaural
>>>3      byte&0xC0       0xC0           \b, Monaural
#>1     byte            ^0x01          \b, Data Verify
#>2     byte            &0x02          \b, Packet Pad
#>2     byte            &0x01          \b, Custom Flag
#>3     byte            &0x08          \b, Copyrighted
#>3     byte            &0x04          \b, Original Source
#>3     byte&0x03       1              \b, NR: 50/15 ms
#>3     byte&0x03       3              \b, NR: CCIT J.17

# MP3, M2A
0       beshort&0xFFFE  0xFFF2         MPEG ADTS, layer III, v2
# rate
>2      byte&0xF0       0x10           \b,   8 kBits
>2      byte&0xF0       0x20           \b,  16 kBits
>2      byte&0xF0       0x30           \b,  24 kBits
>2      byte&0xF0       0x40           \b,  32 kBits
>2      byte&0xF0       0x50           \b,  40 kBits
>2      byte&0xF0       0x60           \b,  48 kBits
>2      byte&0xF0       0x70           \b,  56 kBits
>2      byte&0xF0       0x80           \b,  64 kBits
>2      byte&0xF0       0x90           \b,  80 kBits
>2      byte&0xF0       0xA0           \b,  96 kBits
>2      byte&0xF0       0xB0           \b, 112 kBits
>2      byte&0xF0       0xC0           \b, 128 kBits
>2      byte&0xF0       0xD0           \b, 144 kBits
>2      byte&0xF0       0xE0           \b, 160 kBits
# timing
>2      byte&0x0C       0x00           \b, 22.05 kHz
>2      byte&0x0C       0x04           \b, 24 kHz
>2      byte&0x0C       0x08           \b, 16 kHz
# channels/options
>3      byte&0xC0       0x00           \b, Stereo
>3      byte&0xC0       0x40           \b, JntStereo
>3      byte&0xC0       0x80           \b, 2x Monaural
>3      byte&0xC0       0xC0           \b, Monaural
#>1     byte            ^0x01          \b, Data Verify
#>2     byte            &0x02          \b, Packet Pad
#>2     byte            &0x01          \b, Custom Flag
#>3     byte            &0x08          \b, Copyrighted
#>3     byte            &0x04          \b, Original Source
#>3     byte&0x03       1              \b, NR: 50/15 ms
#>3     byte&0x03       3              \b, NR: CCIT J.17

# MP2, M2A
0       beshort&0xFFFE  0xFFF4         MPEG ADTS, layer II, v2
# rate 
>2      byte&0xF0       0x10           \b,   8 kBits
>2      byte&0xF0       0x20           \b,  16 kBits 
>2      byte&0xF0       0x30           \b,  24 kBits
>2      byte&0xF0       0x40           \b,  32 kBits
>2      byte&0xF0       0x50           \b,  40 kBits
>2      byte&0xF0       0x60           \b,  48 kBits
>2      byte&0xF0       0x70           \b,  56 kBits
>2      byte&0xF0       0x80           \b,  64 kBits
>2      byte&0xF0       0x90           \b,  80 kBits
>2      byte&0xF0       0xA0           \b,  96 kBits
>2      byte&0xF0       0xB0           \b, 112 kBits
>2      byte&0xF0       0xC0           \b, 128 kBits
>2      byte&0xF0       0xD0           \b, 144 kBits
>2      byte&0xF0       0xE0           \b, 160 kBits
# timing
>2      byte&0x0C       0x00           \b, 22.05 kHz
>2      byte&0x0C       0x04           \b, 24 kHz
>2      byte&0x0C       0x08           \b, 16 kHz
# channels/options
>3      byte&0xC0       0x00           \b, Stereo
>3      byte&0xC0       0x40           \b, JntStereo
>3      byte&0xC0       0x80           \b, 2x Monaural
>3      byte&0xC0       0xC0           \b, Monaural
#>1     byte            ^0x01          \b, Data Verify
#>2     byte            &0x02          \b, Packet Pad
#>2     byte            &0x01          \b, Custom Flag
#>3     byte            &0x08          \b, Copyrighted
#>3     byte            &0x04          \b, Original Source
#>3     byte&0x03       1              \b, NR: 50/15 ms
#>3     byte&0x03       3              \b, NR: CCIT J.17

# MPA, M2A
0       beshort&0xFFFE  0xFFF6         MPEG ADTS, layer I, v2
# rate
>2      byte&0xF0       0x10           \b,  32 kBits
>2      byte&0xF0       0x20           \b,  48 kBits
>2      byte&0xF0       0x30           \b,  56 kBits
>2      byte&0xF0       0x40           \b,  64 kBits
>2      byte&0xF0       0x50           \b,  80 kBits
>2      byte&0xF0       0x60           \b,  96 kBits
>2      byte&0xF0       0x70           \b, 112 kBits
>2      byte&0xF0       0x80           \b, 128 kBits
>2      byte&0xF0       0x90           \b, 144 kBits
>2      byte&0xF0       0xA0           \b, 160 kBits
>2      byte&0xF0       0xB0           \b, 176 kBits
>2      byte&0xF0       0xC0           \b, 192 kBits
>2      byte&0xF0       0xD0           \b, 224 kBits
>2      byte&0xF0       0xE0           \b, 256 kBits
# timing
>2      byte&0x0C       0x00           \b, 22.05 kHz
>2      byte&0x0C       0x04           \b, 24 kHz
>2      byte&0x0C       0x08           \b, 16 kHz
# channels/options
>3      byte&0xC0       0x00           \b, Stereo
>3      byte&0xC0       0x40           \b, JntStereo
>3      byte&0xC0       0x80           \b, 2x Monaural
>3      byte&0xC0       0xC0           \b, Monaural
#>1     byte            ^0x01          \b, Data Verify
#>2     byte            &0x02          \b, Packet Pad
#>2     byte            &0x01          \b, Custom Flag
#>3     byte            &0x08          \b, Copyrighted
#>3     byte            &0x04          \b, Original Source
#>3     byte&0x03       1              \b, NR: 50/15 ms
#>3     byte&0x03       3              \b, NR: CCIT J.17

# MP3, M25A
0       beshort&0xFFFE  0xFFE2         MPEG ADTS, layer III,  v2.5
# rate  
>2      byte&0xF0       0x10           \b,   8 kBits
>2      byte&0xF0       0x20           \b,  16 kBits
>2      byte&0xF0       0x30           \b,  24 kBits
>2      byte&0xF0       0x40           \b,  32 kBits
>2      byte&0xF0       0x50           \b,  40 kBits
>2      byte&0xF0       0x60           \b,  48 kBits
>2      byte&0xF0       0x70           \b,  56 kBits
>2      byte&0xF0       0x80           \b,  64 kBits
>2      byte&0xF0       0x90           \b,  80 kBits
>2      byte&0xF0       0xA0           \b,  96 kBits
>2      byte&0xF0       0xB0           \b, 112 kBits
>2      byte&0xF0       0xC0           \b, 128 kBits
>2      byte&0xF0       0xD0           \b, 144 kBits
>2      byte&0xF0       0xE0           \b, 160 kBits
# timing
>2      byte&0x0C       0x00           \b, 11.025 kHz
>2      byte&0x0C       0x04           \b, 12 kHz
>2      byte&0x0C       0x08           \b, 8 kHz
# channels/options
>3      byte&0xC0       0x00           \b, Stereo
>3      byte&0xC0       0x40           \b, JntStereo
>3      byte&0xC0       0x80           \b, 2x Monaural
>3      byte&0xC0       0xC0           \b, Monaural
#>1     byte            ^0x01          \b, Data Verify
#>2     byte            &0x02          \b, Packet Pad
#>2     byte            &0x01          \b, Custom Flag
#>3     byte            &0x08          \b, Copyrighted
#>3     byte            &0x04          \b, Original Source
#>3     byte&0x03       1              \b, NR: 50/15 ms
#>3     byte&0x03       3              \b, NR: CCIT J.17

# AAC (aka MPEG-2 NBC audio) and MPEG-4 audio

# Stored AAC streams (instead of the MP4 format)
0       string          ADIF           MPEG ADIF, AAC
>4      byte            &0x80
>>13    byte            &0x10          \b, VBR
>>13    byte            ^0x10          \b, CBR
>>16    byte&0x1E       0x02           \b, single stream
>>16    byte&0x1E       0x04           \b, 2 streams
>>16    byte&0x1E       0x06           \b, 3 streams
>>16    byte            &0x08          \b, 4 or more streams
>>16    byte            &0x10          \b, 8 or more streams
>>4    byte            &0x80          \b, Copyrighted
>>13   byte            &0x40          \b, Original Source
>>13   byte            &0x20          \b, Home Flag
>4      byte            ^0x80
>>4     byte            &0x10          \b, VBR
>>4     byte            ^0x10          \b, CBR
>>7     byte&0x1E       0x02           \b, single stream
>>7     byte&0x1E       0x04           \b, 2 streams
>>7     byte&0x1E       0x06           \b, 3 streams
>>7     byte            &0x08          \b, 4 or more streams
>>7     byte            &0x10          \b, 8 or more streams
>>4    byte            &0x40          \b, Original Stream(s)
>>4    byte            &0x20          \b, Home Source

# Live or stored single AAC stream (used with MPEG-2 systems)
0       beshort&0xFFF6  0xFFF0         MPEG ADTS, AAC
>1      byte            &0x08          \b, v2
>1      byte            ^0x08          \b, v4
# profile
>>2     byte            &0xC0          \b LTP
>2      byte&0xc0       0x00           \b Main
>2      byte&0xc0       0x40           \b LC
>2      byte&0xc0       0x80           \b SSR
# timing
>2      byte&0x3c       0x00           \b, 96 kHz
>2      byte&0x3c       0x04           \b, 88.2 kHz
>2      byte&0x3c       0x08           \b, 64 kHz
>2      byte&0x3c       0x0c           \b, 48 kHz
>2      byte&0x3c       0x10           \b, 44.1 kHz
>2      byte&0x3c       0x14           \b, 32 kHz
>2      byte&0x3c       0x18           \b, 24 kHz
>2      byte&0x3c       0x1c           \b, 22.05 kHz
>2      byte&0x3c       0x20           \b, 16 kHz
>2      byte&0x3c       0x24           \b, 12 kHz
>2      byte&0x3c       0x28           \b, 11.025 kHz
>2      byte&0x3c       0x2c           \b, 8 kHz
# channels
>2      beshort&0x01c0  0x0040         \b, monaural
>2      beshort&0x01c0  0x0080         \b, stereo
>2      beshort&0x01c0  0x00c0         \b, stereo + center
>2      beshort&0x01c0  0x0100         \b, stereo+center+LFE
>2      beshort&0x01c0  0x0140         \b, surround
>2      beshort&0x01c0  0x0180         \b, surround + LFE
>2      beshort         &0x01C0        \b, surround + side
#>1     byte            ^0x01           \b, Data Verify
#>2     byte            &0x02           \b, Custom Flag
#>3     byte            &0x20           \b, Original Stream
#>3     byte            &0x10           \b, Home Source
#>3     byte            &0x08           \b, Copyrighted

# Live MPEG-4 audio streams (instead of RTP FlexMux)
0       beshort&0xFFE0  0x56E0         MPEG-4 LOAS
#>1     beshort&0x1FFF  x              \b, %u byte packet
>3      byte&0xE0       0x40
>>4     byte&0x3C       0x04           \b, single stream
>>4     byte&0x3C       0x08           \b, 2 streams
>>4     byte&0x3C       0x0C           \b, 3 streams
>>4     byte            &0x08          \b, 4 or more streams
>>4     byte            &0x20          \b, 8 or more streams
>3      byte&0xC0       0
>>4     byte&0x78       0x08           \b, single stream
>>4     byte&0x78       0x10           \b, 2 streams
>>4     byte&0x78       0x18           \b, 3 streams
>>4     byte            &0x20          \b, 4 or more streams
>>4     byte            &0x40          \b, 8 or more streams

# FLI animation format
4	leshort		0xAF11			FLI file
>6	leshort		x			- %d frames,
>8	leshort		x			width=%d pixels,
>10	leshort		x			height=%d pixels,
>12	leshort		x			depth=%d,
>16	leshort		x			ticks/frame=%d
# FLC animation format
4	leshort		0xAF12			FLC file
>6	leshort		x			- %d frames
>8	leshort		x			width=%d pixels,
>10	leshort		x			height=%d pixels,
>12	leshort		x			depth=%d,
>16	leshort		x			ticks/frame=%d

# DL animation format
# XXX - collision with most `mips' magic
#
# I couldn't find a real magic number for these, however, this
# -appears- to work.  Note that it might catch other files, too, so be
# careful!
#
# Note that title and author appear in the two 20-byte chunks
# at decimal offsets 2 and 22, respectively, but they are XOR'ed with
# 255 (hex FF)!  The DL format is really bad.
#
#0	byte	1	DL version 1, medium format (160x100, 4 images/screen)
#>42	byte	x	- %d screens,
#>43	byte	x	%d commands
#0	byte	2	DL version 2
#>1	byte	1	- large format (320x200,1 image/screen),
#>1	byte	2	- medium format (160x100,4 images/screen),
#>1	byte	>2	- unknown format,
#>42	byte	x	%d screens,
#>43	byte	x	%d commands
# Based on empirical evidence, DL version 3 have several nulls following the
# \003.  Most of them start with non-null values at hex offset 0x34 or so.
#0	string	\3\0\0\0\0\0\0\0\0\0\0\0	DL version 3

# iso 13818 transport stream
#
# from Oskar Schirmer <schirmer@scara.com> Feb 3, 2001 (ISO 13818.1)
# (the following is a little bit restrictive and works fine for a stream
#  that starts with PAT properly. it won't work for stream data, that is
#  cut from an input device data right in the middle, but this shouldn't
#  disturb)
# syncbyte      8 bit	0x47
# error_ind     1 bit	-
# payload_start 1 bit	1
# priority      1 bit	-
# PID          13 bit	0x0000
# scrambling    2 bit	-
# adaptfld_ctrl 2 bit	1 or 3
# conti_count   4 bit	0
0	belong&0xFF5FFF1F	0x47400010	MPEG transport stream data
>188	byte			!0x47		CORRUPTED

# DIF digital video file format <mpruett@sgi.com>
0	belong&0xffffff00	0x1f070000      DIF
>4	byte			&0x01		(DVCPRO) movie file
>4	byte			^0x01		(DV) movie file
>3	byte			&0x80		(PAL)
>3	byte			^0x80		(NTSC)

# Microsoft Advanced Streaming Format (ASF) <mpruett@sgi.com>
0	belong			0x3026b275	Microsoft ASF

# MNG Video Format, <URL:http://www.libpng.org/pub/mng/spec/>
0	string			\x8aMNG		MNG video data,
>4	belong			!0x0d0a1a0a	CORRUPTED,
>4	belong			0x0d0a1a0a
>>16    belong	x				%ld x
>>20    belong	x				%ld

# JNG Video Format, <URL:http://www.libpng.org/pub/mng/spec/>
0	string			\x8bJNG		JNG video data,
>4	belong			!0x0d0a1a0a	CORRUPTED,
>4	belong			0x0d0a1a0a
>>16    belong	x				%ld x
>>20    belong	x				%ld

# Vivo video (Wolfram Kleff)
3	string		\x0D\x0AVersion:Vivo	Vivo video data

# VRML (Virtual Reality Modelling Language)
0       string/b        #VRML\ V1.0\ ascii	VRML 1 file
0	string/b	#VRML\ V2.0\ utf8	ISO/IEC 14772 VRML 97 file

#---------------------------------------------------------------------------
# HVQM4: compressed movie format designed by Hudson for Nintendo GameCube
# From Mark Sheppard <msheppard@climax.co.uk>, 2002-10-03
#
0	string		HVQM4		%s
>6	string		>\0		v%s
>0	byte		x		GameCube movie,
>0x34	ubeshort	x		%d x
>0x36	ubeshort	x		%d,
>0x26	ubeshort	x		%dµs,
>0x42	ubeshort	0		no audio
>0x42	ubeshort	>0		%dHz audio

# From: "Stefan A. Haubenthal" <polluks@web.de>
0	string		DVDVIDEO-VTS	Video title set,
>0x21	byte		x		v%x
0	string		DVDVIDEO-VMG	Video manager,
>0x21	byte		x		v%x
#------------------------------------------------------------------------------
# convex:  file(1) magic for Convex boxes
#
# Convexes are big-endian.
#
# /*\
#  * Below are the magic numbers and tests added for Convex.
#  * Added at beginning, because they are expected to be used most.
# \*/
0	belong	0507	Convex old-style object
>16	belong	>0	not stripped
0	belong	0513	Convex old-style demand paged executable
>16	belong	>0	not stripped
0	belong	0515	Convex old-style pre-paged executable
>16	belong	>0	not stripped
0	belong	0517	Convex old-style pre-paged, non-swapped executable
>16	belong	>0	not stripped
0	belong	0x011257	Core file
#
# The following are a series of dump format magic numbers.  Each one
# corresponds to a drastically different dump format.  The first on is
# the original dump format on a 4.1 BSD or earlier file system.  The
# second marks the change between the 4.1 file system and the 4.2 file
# system.  The Third marks the changing of the block size from 1K
# to 2K to be compatible with an IDC file system.  The fourth indicates
# a dump that is dependent on Convex Storage Manager, because data in
# secondary storage is not physically contained within the dump.
# The restore program uses these number to determine how the data is
# to be extracted.
#
24	belong	=60011	dump format, 4.1 BSD or earlier
24	belong	=60012	dump format, 4.2 or 4.3 BSD without IDC
24	belong	=60013	dump format, 4.2 or 4.3 BSD (IDC compatible)
24	belong	=60014	dump format, Convex Storage Manager by-reference dump
#
# what follows is a bunch of bit-mask checks on the flags field of the opthdr.
# If there is no `=' sign, assume just checking for whether the bit is set?
#
0	belong	0601		Convex SOFF
>88	belong&0x000f0000	=0x00000000	c1
>88	belong			&0x00010000	c2
>88	belong			&0x00020000	c2mp
>88	belong			&0x00040000	parallel
>88	belong			&0x00080000	intrinsic
>88	belong			&0x00000001	demand paged
>88	belong			&0x00000002	pre-paged
>88	belong			&0x00000004	non-swapped
>88	belong			&0x00000008	POSIX
#
>84	belong			&0x80000000	executable
>84	belong			&0x40000000	object
>84	belong&0x20000000	=0		not stripped
>84	belong&0x18000000	=0x00000000	native fpmode
>84	belong&0x18000000	=0x10000000	ieee fpmode
>84	belong&0x18000000	=0x18000000	undefined fpmode
#
0	belong			0605		Convex SOFF core
#
0	belong			0607		Convex SOFF checkpoint
>88	belong&0x000f0000	=0x00000000	c1
>88	belong			&0x00010000	c2
>88	belong			&0x00020000	c2mp
>88	belong			&0x00040000	parallel
>88	belong			&0x00080000	intrinsic
>88	belong			&0x00000008	POSIX
#
>84	belong&0x18000000	=0x00000000	native fpmode
>84	belong&0x18000000	=0x10000000	ieee fpmode
>84	belong&0x18000000	=0x18000000	undefined fpmode

#------------------------------------------------------------------------------
# flash:	file(1) magic for Macromedia Flash file format
#
# See
#
#	http://www.macromedia.com/software/flash/open/
#
0	string		FWS		Macromedia Flash data,
>3	byte		x		version %d
0	string		CWS		Macromedia Flash data (compressed),
>3	byte		x		version %d
# From: Cal Peake <cp@absolutedigital.net>
0	string		FLV		Macromedia Flash Video

#
# From Dave Wilson
0	string AGD4\xbe\xb8\xbb\xcb\x00	Macromedia Freehand 9 Document

#------------------------------------------------------------------------------
# fonts:  file(1) magic for font data
#
0	string		FONT		ASCII vfont text
0	short		0436		Berkeley vfont data
0	short		017001		byte-swapped Berkeley vfont data

# PostScript fonts (must precede "printer" entries), quinlan@yggdrasil.com
0	string		%!PS-AdobeFont-1.	PostScript Type 1 font text
>20	string		>\0			(%s)
6	string		%!PS-AdobeFont-1.	PostScript Type 1 font program data

# X11 font files in SNF (Server Natural Format) format
0	belong		00000004		X11 SNF font data, MSB first
0	lelong		00000004		X11 SNF font data, LSB first

# X11 Bitmap Distribution Format, from Daniel Quinlan (quinlan@yggdrasil.com)
0	string		STARTFONT\040		X11 BDF font text

# X11 fonts, from Daniel Quinlan (quinlan@yggdrasil.com)
# PCF must come before SGI additions ("MIPSEL MIPS-II COFF" collides)
0	string		\001fcp			X11 Portable Compiled Font data
>12	byte		0x02			\b, LSB first
>12	byte		0x0a			\b, MSB first
0	string		D1.0\015		X11 Speedo font data

#------------------------------------------------------------------------------
# FIGlet fonts and controlfiles
# From figmagic supplied with Figlet version 2.2
# "David E. O'Brien" <obrien@FreeBSD.ORG>
0	string		flf		FIGlet font
>3	string		>2a		version %-2.2s
0	string		flc		FIGlet controlfile
>3	string		>2a		version %-2.2s

# libGrx graphics lib fonts, from Albert Cahalan (acahalan@cs.uml.edu)
# Used with djgpp (DOS Gnu C++), sometimes Linux or Turbo C++
0	belong		0x14025919	libGrx font data,
>8	leshort		x		%dx
>10	leshort		x		\b%d
>40	string		x		%s
# Misc. DOS VGA fonts, from Albert Cahalan (acahalan@cs.uml.edu)
0	belong		0xff464f4e	DOS code page font data collection
7	belong		0x00454741	DOS code page font data
7	belong		0x00564944	DOS code page font data (from Linux?)
4098	string		DOSFONT		DOSFONT2 encrypted font data

# downloadable fonts for browser (prints type) anthon@mnt.org
0	string		PFR1		PFR1 font
>102	string		>0		\b: %s

# True Type fonts
0	string	\000\001\000\000\000	TrueType font data

0	string		\007\001\001\000Copyright\ (c)\ 199	Adobe Multiple Master font
0	string		\012\001\001\000Copyright\ (c)\ 199	Adobe Multiple Master font

# Opentype font data from Avi Bercovich
0	string		OTTO		OpenType font data

#------------------------------------------------------------------------------
# frame:  file(1) magic for FrameMaker files
#
# This stuff came on a FrameMaker demo tape, most of which is
# copyright, but this file is "published" as witness the following:
#
0	string		\<MakerFile	FrameMaker document
>11	string		5.5		 (5.5
>11	string		5.0		 (5.0
>11	string		4.0		 (4.0
>11	string		3.0		 (3.0
>11	string		2.0		 (2.0
>11	string		1.0		 (1.0
>14	byte		x		  %c)
0	string		\<MIFFile	FrameMaker MIF (ASCII) file
>9	string		4.0		 (4.0)
>9	string		3.0		 (3.0)
>9	string		2.0		 (2.0)
>9	string		1.0		 (1.x)
0	string		\<MakerDictionary	FrameMaker Dictionary text
>17	string		3.0		 (3.0)
>17	string		2.0		 (2.0)
>17	string		1.0		 (1.x)
0	string		\<MakerScreenFont	FrameMaker Font file
>17	string		1.01		 (%s)
0	string		\<MML		FrameMaker MML file
0	string		\<BookFile	FrameMaker Book file
>10	string		3.0		 (3.0
>10	string		2.0		 (2.0
>10	string		1.0		 (1.0
>13	byte		x		  %c)
# XXX - this book entry should be verified, if you find one, uncomment this
#0	string		\<Book\ 	FrameMaker Book (ASCII) file
#>6	string		3.0		 (3.0)
#>6	string		2.0		 (2.0)
#>6	string		1.0		 (1.0)
0	string		\<Maker	Intermediate Print File	FrameMaker IPL file

#------------------------------------------------------------------------------
# freebsd:  file(1) magic for FreeBSD objects
#
# All new-style FreeBSD magic numbers are in host byte order (i.e.,
# little-endian on x86).
#
# XXX - this comes from the file "freebsd" in a recent FreeBSD version of
# "file"; it, and the NetBSD stuff in "netbsd", appear to use different
# schemes for distinguishing between executable images, shared libraries,
# and object files.
#
# FreeBSD says:
#
#    Regardless of whether it's pure, demand-paged, or none of the
#    above:
#
#	if the entry point is < 4096, then it's a shared library if
#	the "has run-time loader information" bit is set, and is
#	position-independent if the "is position-independent" bit
#	is set;
#
#	if the entry point is >= 4096 (or >4095, same thing), then it's
#	an executable, and is dynamically-linked if the "has run-time
#	loader information" bit is set.
#
# On x86, NetBSD says:
#
#    If it's neither pure nor demand-paged:
#
#	if it has the "has run-time loader information" bit set, it's
#	a dynamically-linked executable;
#
#	if it doesn't have that bit set, then:
#
#	    if it has the "is position-independent" bit set, it's
#	    position-independent;
#
#	    if the entry point is non-zero, it's an executable, otherwise
#	    it's an object file.
#
#    If it's pure:
#
#	if it has the "has run-time loader information" bit set, it's
#	a dynamically-linked executable, otherwise it's just an
#	executable.
#
#    If it's demand-paged:
#
#	if it has the "has run-time loader information" bit set,
#	then:
#
#	    if the entry point is < 4096, it's a shared library;
#
#	    if the entry point is = 4096 or > 4096 (i.e., >= 4096),
#	    it's a dynamically-linked executable);
#
#	if it doesn't have the "has run-time loader information" bit
#	set, then it's just an executable.
#
# (On non-x86, NetBSD does much the same thing, except that it uses
# 8192 on 68K - except for "68k4k", which is presumably "68K with 4K
# pages - SPARC, and MIPS, presumably because Sun-3's and Sun-4's
# had 8K pages; dunno about MIPS.)
#
# I suspect the two will differ only in perverse and uninteresting cases
# ("shared" libraries that aren't demand-paged and whose pages probably
# won't actually be shared, executables with entry points <4096).
#
# I leave it to those more familiar with FreeBSD and NetBSD to figure out
# what the right answer is (although using ">4095", FreeBSD-style, is
# probably better than separately checking for "=4096" and ">4096",
# NetBSD-style).  (The old "netbsd" file analyzed FreeBSD demand paged
# executables using the NetBSD technique.)
#
0	lelong&0377777777	041400407	FreeBSD/i386
>20	lelong			<4096
>>3	byte&0xC0		&0x80		shared library
>>3	byte&0xC0		0x40		PIC object
>>3	byte&0xC0		0x00		object
>20	lelong			>4095
>>3	byte&0x80		0x80		dynamically linked executable
>>3	byte&0x80		0x00		executable
>16	lelong			>0		not stripped

0	lelong&0377777777	041400410	FreeBSD/i386 pure
>20	lelong			<4096
>>3	byte&0xC0		&0x80		shared library
>>3	byte&0xC0		0x40		PIC object
>>3	byte&0xC0		0x00		object
>20	lelong			>4095
>>3	byte&0x80		0x80		dynamically linked executable
>>3	byte&0x80		0x00		executable
>16	lelong			>0		not stripped

0	lelong&0377777777	041400413	FreeBSD/i386 demand paged
>20	lelong			<4096
>>3	byte&0xC0		&0x80		shared library
>>3	byte&0xC0		0x40		PIC object
>>3	byte&0xC0		0x00		object
>20	lelong			>4095
>>3	byte&0x80		0x80		dynamically linked executable
>>3	byte&0x80		0x00		executable
>16	lelong			>0		not stripped

0	lelong&0377777777	041400314	FreeBSD/i386 compact demand paged
>20	lelong			<4096
>>3	byte&0xC0		&0x80		shared library
>>3	byte&0xC0		0x40		PIC object
>>3	byte&0xC0		0x00		object
>20	lelong			>4095
>>3	byte&0x80		0x80		dynamically linked executable
>>3	byte&0x80		0x00		executable
>16	lelong			>0		not stripped

# XXX gross hack to identify core files
# cores start with a struct tss; we take advantage of the following:
# byte 7:     highest byte of the kernel stack pointer, always 0xfe
#      8/9:   kernel (ring 0) ss value, always 0x0010
#      10 - 27: ring 1 and 2 ss/esp, unused, thus always 0
#      28:    low order byte of the current PTD entry, always 0 since the
#             PTD is page-aligned
#
7	string	\357\020\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0	FreeBSD/i386 a.out core file
>1039	string	>\0	from '%s'

# /var/run/ld.so.hints
# What are you laughing about?
0	lelong			011421044151	ld.so hints file (Little Endian
>4	lelong			>0		\b, version %d)
>4	belong			<=0		\b)
0	belong			011421044151	ld.so hints file (Big Endian
>4	belong			>0		\b, version %d)
>4	belong			<=0		\b)

#
# Files generated by FreeBSD scrshot(1)/vidcontrol(1) utilities
#
0	string	SCRSHOT_	scrshot(1) screenshot,
>8	byte	x		version %d,
>9	byte	2		%d bytes in header,
>>10	byte	x		%d chars wide by
>>11	byte	x		%d chars high

#------------------------------------------------------------------------------
# fsav:  file(1) magic for datafellows fsav virus definition files
# Anthon van der Neut (anthon@mnt.org)

# ftp://ftp.f-prot.com/pub/{macrdef2.zip,nomacro.def}
0	beshort		0x1575		fsav macro virus signatures
>8	leshort		>0		(%d-
>11	byte		>0		\b%02d-
>10	byte		>0		\b%02d)
# ftp://ftp.f-prot.com/pub/sign.zip
#10	ubyte		<12
#>9	ubyte		<32
#>>8	ubyte		0x0a
#>>>12	ubyte		0x07
#>>>>11	uleshort	>0		fsav DOS/Windows virus signatures (%d-
#>>>>10	byte		0		\b01-
#>>>>10	byte		1		\b02-
#>>>>10	byte		2		\b03-
#>>>>10	byte		3		\b04-
#>>>>10	byte		4		\b05-
#>>>>10	byte		5		\b06-
#>>>>10	byte		6		\b07-
#>>>>10	byte		7		\b08-
#>>>>10	byte		8		\b09-
#>>>>10	byte		9		\b10-
#>>>>10	byte		10		\b11-
#>>>>10	byte		11		\b12-
#>>>>9	ubyte		>0		\b%02d)
# ftp://ftp.f-prot.com/pub/sign2.zip
#0	ubyte		0x62		
#>1	ubyte		0xF5		
#>>2	ubyte		0x1		
#>>>3	ubyte		0x1		
#>>>>4	ubyte		0x0e		
#>>>>>13		ubyte	>0		fsav virus signatures
#>>>>>>11	ubyte	x		size 0x%02x
#>>>>>>12	ubyte	x		\b%02x
#>>>>>>13	ubyte	x		\b%02x bytes

# Joerg Jenderek: joerg dot jenderek at web dot de
# http://www.clamav.net/doc/latest/html/node45.html
# .cvd files start with a 512 bytes colon separated header
# ClamAV-VDB:buildDate:version:signaturesNumbers:functionalityLevelRequired:MD5:Signature:builder:buildTime
# + gzipped tarball files
0	string		ClamAV-VDB:	
>11	string		>\0		Clam AntiVirus database %-.23s
>>34	string		:		
>>>35	regex		[^:]+		\b, version 
>>>>35		string		x 	\b%-.1s
>>>>>36		string 		!:	
>>>>>>36	string		x 	\b%-.1s
>>>>>>>37	string		!:	
>>>>>>>>37	string		x 	\b%-.1s
>>>>>>>>>38	string		!:	
>>>>>>>>>>38	string		x 	\b%-.1s
>512	string		\037\213	\b, gzipped
>769	string		ustar\0		\b, tared
#------------------------------------------------------------------------------
# games:  file(1) for games

# Thomas M. Ott (ThMO)
1	string	=WAD		DOOM data,
>0	string	=I		main wad
>0	string	=P		patch wad
>0	byte	x		unknown junk

# Fabio Bonelli <fabiobonelli@libero.it>
# Quake II - III data files
0       string  IDP2        	Quake II 3D Model file,
>20     long    x               %lu skin(s),
>8      long    x               (%lu x
>12     long    x 		%lu),
>40     long    x               %lu frame(s),
>16     long    x               Frame size %lu bytes,
>24     long  	x               %lu vertices/frame,
>28     long    x            	%lu texture coordinates,
>32     long    x               %lu triangles/frame

0       string  IBSP            Quake
>4      long    0x26            II Map file (BSP)
>4      long    0x2E      	III Map file (BSP)

0       string  IDS2            Quake II SP2 sprite file

#---------------------------------------------------------------------------
# Doom and Quake
# submitted by Nicolas Patrois

# DOOM

0       string  IWAD    DOOM or DOOM ][ world
0       string  PWAD    DOOM or DOOM ][ extension world

0       string  \xcb\x1dBoom\xe6\xff\x03\x01    Boom or linuxdoom demo
# some doom lmp files don't match, I've got one beginning with \x6d\x02\x01\x01

24      string  LxD\ 203        Linuxdoom save
>0      string  x       , name=%s
>44     string  x       , world=%s

# Quake

0       string  PACK    Quake I or II world or extension

#0       string  -1\x0a  Quake I demo
#>30     string  x        version %.4s
#>61     string  x        level %s

#0       string  5\x0a   Quake I save

# The levels

# Quake 1

0	string	5\x0aIntroduction             Quake I save: start Introduction
0	string	5\x0athe_Slipgate_Complex     Quake I save: e1m1 The slipgate complex
0	string	5\x0aCastle_of_the_Damned     Quake I save: e1m2 Castle of the damned
0	string	5\x0athe_Necropolis           Quake I save: e1m3 The necropolis
0	string	5\x0athe_Grisly_Grotto        Quake I save: e1m4 The grisly grotto
0	string	5\x0aZiggurat_Vertigo         Quake I save: e1m8 Ziggurat vertigo (secret)
0	string	5\x0aGloom_Keep               Quake I save: e1m5 Gloom keep
0	string	5\x0aThe_Door_To_Chthon       Quake I save: e1m6 The door to Chthon
0	string	5\x0aThe_House_of_Chthon      Quake I save: e1m7 The house of Chthon
0	string	5\x0athe_Installation         Quake I save: e2m1 The installation
0	string	5\x0athe_Ogre_Citadel         Quake I save: e2m2 The ogre citadel
0	string	5\x0athe_Crypt_of_Decay       Quake I save: e2m3 The crypt of decay (dopefish lives!)
0	string	5\x0aUnderearth               Quake I save: e2m7 Underearth (secret)
0	string	5\x0athe_Ebon_Fortress        Quake I save: e2m4 The ebon fortress
0	string	5\x0athe_Wizard's_Manse       Quake I save: e2m5 The wizard's manse
0	string	5\x0athe_Dismal_Oubliette     Quake I save: e2m6 The dismal oubliette
0	string	5\x0aTermination_Central      Quake I save: e3m1 Termination central
0	string	5\x0aVaults_of_Zin            Quake I save: e3m2 Vaults of Zin
0	string	5\x0athe_Tomb_of_Terror       Quake I save: e3m3 The tomb of terror
0	string	5\x0aSatan's_Dark_Delight     Quake I save: e3m4 Satan's dark delight
0	string	5\x0athe_Haunted_Halls        Quake I save: e3m7 The haunted halls (secret)
0	string	5\x0aWind_Tunnels             Quake I save: e3m5 Wind tunnels
0	string	5\x0aChambers_of_Torment      Quake I save: e3m6 Chambers of torment
0	string	5\x0athe_Sewage_System        Quake I save: e4m1 The sewage system
0	string	5\x0aThe_Tower_of_Despair     Quake I save: e4m2 The tower of despair
0	string	5\x0aThe_Elder_God_Shrine     Quake I save: e4m3 The elder god shrine
0	string	5\x0athe_Palace_of_Hate       Quake I save: e4m4 The palace of hate
0	string	5\x0aHell's_Atrium            Quake I save: e4m5 Hell's atrium
0	string	5\x0athe_Nameless_City        Quake I save: e4m8 The nameless city (secret)
0	string	5\x0aThe_Pain_Maze            Quake I save: e4m6 The pain maze
0	string	5\x0aAzure_Agony              Quake I save: e4m7 Azure agony
0	string	5\x0aShub-Niggurath's_Pit     Quake I save: end Shub-Niggurath's pit

# Quake DeathMatch levels

0	string	5\x0aPlace_of_Two_Deaths	 Quake I save: dm1 Place of two deaths
0	string	5\x0aClaustrophobopolis		 Quake I save: dm2 Claustrophobopolis
0	string	5\x0aThe_Abandoned_Base		 Quake I save: dm3 The abandoned base
0	string	5\x0aThe_Bad_Place		 Quake I save: dm4 The bad place
0	string	5\x0aThe_Cistern		 Quake I save: dm5 The cistern
0	string	5\x0aThe_Dark_Zone		 Quake I save: dm6 The dark zone

# Scourge of Armagon

0	string	5\x0aCommand_HQ               Quake I save: start Command HQ
0	string	5\x0aThe_Pumping_Station      Quake I save: hip1m1 The pumping station
0	string	5\x0aStorage_Facility         Quake I save: hip1m2 Storage facility
0	string	5\x0aMilitary_Complex         Quake I save: hip1m5 Military complex (secret)
0	string	5\x0athe_Lost_Mine            Quake I save: hip1m3 The lost mine
0	string	5\x0aResearch_Facility        Quake I save: hip1m4 Research facility
0	string	5\x0aAncient_Realms           Quake I save: hip2m1 Ancient realms
0	string	5\x0aThe_Gremlin's_Domain     Quake I save: hip2m6 The gremlin's domain (secret)
0	string	5\x0aThe_Black_Cathedral      Quake I save: hip2m2 The black cathedral
0	string	5\x0aThe_Catacombs            Quake I save: hip2m3 The catacombs
0	string	5\x0athe_Crypt__              Quake I save: hip2m4 The crypt
0	string	5\x0aMortum's_Keep            Quake I save: hip2m5 Mortum's keep
0	string	5\x0aTur_Torment              Quake I save: hip3m1 Tur torment
0	string	5\x0aPandemonium              Quake I save: hip3m2 Pandemonium
0	string	5\x0aLimbo                    Quake I save: hip3m3 Limbo
0	string	5\x0athe_Edge_of_Oblivion     Quake I save: hipdm1 The edge of oblivion (secret)
0	string	5\x0aThe_Gauntlet             Quake I save: hip3m4 The gauntlet
0	string	5\x0aArmagon's_Lair           Quake I save: hipend Armagon's lair

# Malice

0	string	5\x0aThe_Academy      Quake I save: start The academy
0	string	5\x0aThe_Lab          Quake I save: d1 The lab
0	string	5\x0aArea_33          Quake I save: d1b Area 33
0	string	5\x0aSECRET_MISSIONS  Quake I save: d3b Secret missions
0	string	5\x0aThe_Hospital     Quake I save: d10 The hospital (secret)
0	string	5\x0aThe_Genetics_Lab Quake I save: d11 The genetics lab (secret)
0	string	5\x0aBACK_2_MALICE    Quake I save: d4b Back to Malice
0	string	5\x0aArea44           Quake I save: d1c Area 44
0	string	5\x0aTakahiro_Towers  Quake I save: d2 Takahiro towers
0	string	5\x0aA_Rat's_Life     Quake I save: d3 A rat's life
0	string	5\x0aInto_The_Flood   Quake I save: d4 Into the flood
0	string	5\x0aThe_Flood        Quake I save: d5 The flood
0	string	5\x0aNuclear_Plant    Quake I save: d6 Nuclear plant
0	string	5\x0aThe_Incinerator_Plant    Quake I save: d7 The incinerator plant
0	string	5\x0aThe_Foundry              Quake I save: d7b The foundry
0	string	5\x0aThe_Underwater_Base      Quake I save: d8 The underwater base
0	string	5\x0aTakahiro_Base            Quake I save: d9 Takahiro base
0	string	5\x0aTakahiro_Laboratories    Quake I save: d12 Takahiro laboratories
0	string	5\x0aStayin'_Alive    Quake I save: d13 Stayin' alive
0	string	5\x0aB.O.S.S._HQ      Quake I save: d14 B.O.S.S. HQ
0	string	5\x0aSHOWDOWN!        Quake I save: d15 Showdown!

# Malice DeathMatch levels

0	string	5\x0aThe_Seventh_Precinct	 Quake I save: ddm1 The seventh precinct
0	string	5\x0aSub_Station		 Quake I save: ddm2 Sub station
0	string	5\x0aCrazy_Eights!		 Quake I save: ddm3 Crazy eights!
0	string	5\x0aEast_Side_Invertationa	 Quake I save: ddm4 East side invertationa
0	string	5\x0aSlaughterhouse		 Quake I save: ddm5 Slaughterhouse
0	string	5\x0aDOMINO			 Quake I save: ddm6 Domino
0	string	5\x0aSANDRA'S_LADDER		 Quake I save: ddm7 Sandra's ladder

0	string	MComprHD	MAME CHD compressed hard disk image,
>12	belong	x		version %lu

#------------------------------------------------------------------------------
# GEOS files (Vidar Madsen, vidar@gimp.org)
# semi-commonly used in embedded and handheld systems.
0	belong	0xc745c153	GEOS
>40	byte	1	executable
>40	byte	2	VMFile
>40	byte	3	binary
>40	byte	4	directory label
>40	byte	<1	unknown
>40	byte	>4	unknown
>4	string	>\0	\b, name "%s"
#>44	short	x	\b, version %d
#>46	short	x	\b.%d
#>48	short	x	\b, rev %d
#>50	short	x	\b.%d
#>52	short	x	\b, proto %d
#>54	short	x	\br%d
#>168	string	>\0	\b, copyright "%s"

#------------------------------------------------------------------------------
# gcc:  file(1) magic for GCC special files
#
0	string		gpch		GCC precompiled header

# The version field is annoying.  It's 3 characters, not zero-terminated.
>5	byte		x			(version %c
>6	byte		x			\b%c
>7	byte		x			\b%c)

# 67 = 'C', 111 = 'o', 43 = '+', 79 = 'O'
>4	byte		67			for C
>4	byte		111			for Objective C
>4	byte		43			for C++
>4	byte		79			for Objective C++
#------------------------------------------------------------------------------
# GIMP Gradient: file(1) magic for the GIMP's gradient data files
# by Federico Mena <federico@nuclecu.unam.mx>

0       string          GIMP\ Gradient  GIMP gradient data

#------------------------------------------------------------------------------
# XCF:  file(1) magic for the XCF image format used in the GIMP developed
#       by Spencer Kimball and Peter Mattis
#       ('Bucky' LaDieu, nega@vt.edu)

0	string		gimp\ xcf	GIMP XCF image data,
>9	string		file		version 0,
>9	string		v		version
>>10	string		>\0		%s,
>14	belong		x		%lu x
>18	belong		x		%lu,
>22     belong          0               RGB Color
>22     belong          1               Greyscale
>22     belong          2               Indexed Color
>22	belong		>2		Unknown Image Type.

#------------------------------------------------------------------------------
# XCF:  file(1) magic for the patterns used in the GIMP, developed
#       by Spencer Kimball and Peter Mattis
#       ('Bucky' LaDieu, nega@vt.edu)

20      string          GPAT            GIMP pattern data,
>24     string          x               %s

#------------------------------------------------------------------------------
# XCF:  file(1) magic for the brushes used in the GIMP, developed
#       by Spencer Kimball and Peter Mattis
#       ('Bucky' LaDieu, nega@vt.edu)

20      string          GIMP            GIMP brush data
#------------------------------------------------------------------------------
# gnu:  file(1) magic for various GNU tools
#
# GNU nlsutils message catalog file format
#
0	string		\336\22\4\225	GNU message catalog (little endian),
>4	lelong		x		revision %d,
>8	lelong		x		%d messages
0	string		\225\4\22\336	GNU message catalog (big endian),
>4	belong		x		revision %d,
>8	belong		x		%d messages
# message catalogs, from Mitchum DSouza <m.dsouza@mrc-apu.cam.ac.uk>
0	string		*nazgul*	Nazgul style compiled message catalog
>8	lelong		>0		\b, version %ld

# GnuPG
# The format is very similar to pgp
0	string          \001gpg                 GPG key trust database
>4	byte            x                       version %d
0	beshort		0x8502			GPG encrypted data
# This magic is not particularly good, as the keyrings don't have true
# magic. Nevertheless, it covers many keyrings.
0       beshort         0x9901                  GPG key public ring

# Gnumeric spreadsheet
# This entry is only semi-helpful, as Gnumeric compresses its files, so
# they will ordinarily reported as "compressed", but at least -z helps
39      string          =<gmr:Workbook           Gnumeric spreadsheet

# From: James Youngman <jay@gnu.org> 
# gnu find magic
0	string	\0LOCATE	GNU findutils locate database data
>7	string	>\0		\b, format %s
>7	string	02		\b (frcode)

#------------------------------------------------------------------------------
# ACE/gr and Grace type files - PLEASE DO NOT REMOVE THIS LINE
#
# ACE/gr binary
0	string	\000\000\0001\000\000\0000\000\000\0000\000\000\0002\000\000\0000\000\000\0000\000\000\0003		old ACE/gr binary file
>39	byte	>0			- version %c
# ACE/gr ascii
0	string	#\ xvgr\ parameter\ file	ACE/gr ascii file
0	string	#\ xmgr\ parameter\ file	ACE/gr ascii file
0	string	#\ ACE/gr\ parameter\ file	ACE/gr ascii file
# Grace projects
0	string	#\ Grace\ project\ file		Grace project file
>23	string	@version\  			(version
>>32	byte	>0 				%c
>>33	string	>\0 				\b.%.2s
>>35	string	>\0 				\b.%.2s)
# ACE/gr fit description files
0	string	#\ ACE/gr\ fit\ description\ 	ACE/gr fit description file
# end of ACE/gr and Grace type files - PLEASE DO NOT REMOVE THIS LINE

#------------------------------------------------------------------------------
# gringotts:  file(1) magic for Gringotts
# http://devel.pluto.linux.it/projects/Gringotts/
# author: Germano Rizzo <mano@pluto.linux.it>
#GRG3????Y
0	string	GRG		Gringotts data file
#file format 1
>3	string		1		v.1, MCRYPT S2K, SERPENT crypt, SHA-256 hash, ZLib lvl.9
#file format 2
>3	string		2		v.2, MCRYPT S2K, 
>>8	byte&0x70	0x00		RIJNDAEL-128 crypt,
>>8	byte&0x70	0x10		SERPENT crypt,
>>8	byte&0x70	0x20		TWOFISH crypt, 
>>8	byte&0x70	0x30		CAST-256 crypt,
>>8	byte&0x70	0x40		SAFER+ crypt,
>>8	byte&0x70	0x50		LOKI97 crypt,
>>8	byte&0x70	0x60		3DES crypt,
>>8	byte&0x70	0x70		RIJNDAEL-256 crypt,
>>8	byte&0x08	0x00		SHA1 hash,
>>8	byte&0x08	0x08		RIPEMD-160 hash,
>>8	byte&0x04	0x00		ZLib
>>8	byte&0x04	0x04		BZip2
>>8	byte&0x03	0x00		lvl.0
>>8	byte&0x03	0x01		lvl.3
>>8	byte&0x03	0x02		lvl.6
>>8	byte&0x03	0x03		lvl.9
#file format 3
>3	string		3		v.3, OpenPGP S2K, 
>>8	byte&0x70	0x00		RIJNDAEL-128 crypt,
>>8	byte&0x70	0x10		SERPENT crypt,
>>8	byte&0x70	0x20		TWOFISH crypt, 
>>8	byte&0x70	0x30		CAST-256 crypt,
>>8	byte&0x70	0x40		SAFER+ crypt,
>>8	byte&0x70	0x50		LOKI97 crypt,
>>8	byte&0x70	0x60		3DES crypt,
>>8	byte&0x70	0x70		RIJNDAEL-256 crypt,
>>8	byte&0x08	0x00		SHA1 hash,
>>8	byte&0x08	0x08		RIPEMD-160 hash,
>>8	byte&0x04	0x00		ZLib
>>8	byte&0x04	0x04		BZip2
>>8	byte&0x03	0x00		lvl.0
>>8	byte&0x03	0x01		lvl.3
>>8	byte&0x03	0x02		lvl.6
>>8	byte&0x03	0x03		lvl.9
#file format >3
>3	string		>3		v.%.1s (unknown details)

#------------------------------------------------------------------------------
# hitach-sh: file(1) magic for Hitachi Super-H
#
# Super-H COFF
#
0	beshort		0x0500		Hitachi SH big-endian COFF
>18	beshort&0x0002	=0x0000		object
>18	beshort&0x0002	=0x0002		executable
>18	beshort&0x0008	=0x0008		\b, stripped
>18	beshort&0x0008	=0x0000		\b, not stripped
#
0	leshort		0x0550		Hitachi SH little-endian COFF
>18	leshort&0x0002	=0x0000		object
>18	leshort&0x0002	=0x0002		executable
>18	leshort&0x0008	=0x0008		\b, stripped
>18	leshort&0x0008	=0x0000		\b, not stripped

#------------------------------------------------------------------------------
# hp:  file(1) magic for Hewlett Packard machines (see also "printer")
#
# XXX - somebody should figure out whether any byte order needs to be
# applied to the "TML" stuff; I'm assuming the Apollo stuff is
# big-endian as it was mostly 68K-based.
#
# I think the 500 series was the old stack-based machines, running a
# UNIX environment atop the "SUN kernel"; dunno whether it was
# big-endian or little-endian.
#
# Daniel Quinlan (quinlan@yggdrasil.com): hp200 machines are 68010 based;
# hp300 are 68020+68881 based; hp400 are also 68k.  The following basic
# HP magic is useful for reference, but using "long" magic is a better
# practice in order to avoid collisions.
#
# Guy Harris (guy@netapp.com): some additions to this list came from
# HP-UX 10.0's "/usr/include/sys/unistd.h" (68030, 68040, PA-RISC 1.1,
# 1.2, and 2.0).  The 1.2 and 2.0 stuff isn't in the HP-UX 10.0
# "/etc/magic", though, except for the "archive file relocatable library"
# stuff, and the 68030 and 68040 stuff isn't there at all - are they not
# used in executables, or have they just not yet updated "/etc/magic"
# completely?
#
# 0	beshort		200		hp200 (68010) BSD binary
# 0	beshort		300		hp300 (68020+68881) BSD binary
# 0	beshort		0x20c		hp200/300 HP-UX binary
# 0	beshort		0x20d		hp400 (68030) HP-UX binary
# 0	beshort		0x20e		hp400 (68040?) HP-UX binary
# 0	beshort		0x20b		PA-RISC1.0 HP-UX binary
# 0	beshort		0x210		PA-RISC1.1 HP-UX binary
# 0	beshort		0x211		PA-RISC1.2 HP-UX binary
# 0	beshort		0x214		PA-RISC2.0 HP-UX binary

#
# The "misc" stuff needs a byte order; the archives look suspiciously
# like the old 177545 archives (0xff65 = 0177545).
#
#### Old Apollo stuff
0	beshort		0627		Apollo m68k COFF executable
>18	beshort		^040000		not stripped
>22	beshort		>0		- version %ld
0	beshort		0624		apollo a88k COFF executable
>18	beshort		^040000		not stripped
>22	beshort		>0		- version %ld
0       long            01203604016     TML 0123 byte-order format
0       long            01702407010     TML 1032 byte-order format
0       long            01003405017     TML 2301 byte-order format
0       long            01602007412     TML 3210 byte-order format
#### PA-RISC 1.1
0	belong 		0x02100106	PA-RISC1.1 relocatable object
0	belong 		0x02100107	PA-RISC1.1 executable
>168	belong		&0x00000004	dynamically linked
>(144)	belong		0x054ef630	dynamically linked
>96	belong		>0		- not stripped

0	belong 		0x02100108	PA-RISC1.1 shared executable
>168	belong&0x4	0x4		dynamically linked
>(144)	belong		0x054ef630	dynamically linked
>96	belong		>0		- not stripped

0	belong 		0x0210010b	PA-RISC1.1 demand-load executable
>168	belong&0x4	0x4		dynamically linked
>(144)	belong		0x054ef630	dynamically linked
>96	belong		>0		- not stripped

0	belong 		0x0210010e	PA-RISC1.1 shared library
>96	belong		>0		- not stripped

0	belong 		0x0210010d	PA-RISC1.1 dynamic load library
>96	belong		>0		- not stripped

#### PA-RISC 2.0
0	belong		0x02140106	PA-RISC2.0 relocatable object

0       belong		0x02140107	PA-RISC2.0 executable
>168	belong		&0x00000004	dynamically linked
>(144)	belong		0x054ef630	dynamically linked
>96	belong		>0		- not stripped

0       belong		0x02140108	PA-RISC2.0 shared executable
>168	belong		&0x00000004	dynamically linked
>(144)	belong		0x054ef630	dynamically linked
>96	belong		>0		- not stripped

0       belong		0x0214010b	PA-RISC2.0 demand-load executable
>168	belong		&0x00000004	dynamically linked
>(144)	belong		0x054ef630	dynamically linked
>96	belong		>0		- not stripped

0       belong		0x0214010e	PA-RISC2.0 shared library
>96	belong		>0		- not stripped

0       belong		0x0214010d	PA-RISC2.0 dynamic load library
>96	belong		>0		- not stripped

#### 800
0	belong 		0x020b0106	PA-RISC1.0 relocatable object

0	belong 		0x020b0107	PA-RISC1.0 executable
>168	belong&0x4	0x4		dynamically linked
>(144)	belong		0x054ef630	dynamically linked
>96	belong		>0		- not stripped

0	belong 		0x020b0108	PA-RISC1.0 shared executable
>168	belong&0x4	0x4		dynamically linked
>(144)	belong		0x054ef630	dynamically linked
>96	belong		>0		- not stripped

0	belong 		0x020b010b	PA-RISC1.0 demand-load executable
>168	belong&0x4	0x4		dynamically linked
>(144)	belong		0x054ef630	dynamically linked
>96	belong		>0		- not stripped

0	belong 		0x020b010e	PA-RISC1.0 shared library
>96	belong		>0		- not stripped

0	belong 		0x020b010d	PA-RISC1.0 dynamic load library
>96	belong		>0		- not stripped

0	belong		0x213c6172	archive file
>68	belong 		0x020b0619	- PA-RISC1.0 relocatable library
>68	belong	 	0x02100619	- PA-RISC1.1 relocatable library
>68	belong 		0x02110619	- PA-RISC1.2 relocatable library
>68	belong 		0x02140619	- PA-RISC2.0 relocatable library

#### 500
0	long		0x02080106	HP s500 relocatable executable
>16	long		>0		- version %ld

0	long		0x02080107	HP s500 executable
>16	long		>0		- version %ld

0	long		0x02080108	HP s500 pure executable
>16	long		>0		- version %ld

#### 200
0	belong 		0x020c0108	HP s200 pure executable
>4	beshort		>0		- version %ld
>8	belong		&0x80000000	save fp regs
>8	belong		&0x40000000	dynamically linked
>8	belong		&0x20000000	debuggable
>36	belong		>0		not stripped

0	belong		0x020c0107	HP s200 executable
>4	beshort		>0		- version %ld
>8	belong		&0x80000000	save fp regs
>8	belong		&0x40000000	dynamically linked
>8	belong		&0x20000000	debuggable
>36	belong		>0		not stripped

0	belong		0x020c010b	HP s200 demand-load executable
>4	beshort		>0		- version %ld
>8	belong		&0x80000000	save fp regs
>8	belong		&0x40000000	dynamically linked
>8	belong		&0x20000000	debuggable
>36	belong		>0		not stripped

0	belong		0x020c0106	HP s200 relocatable executable
>4	beshort		>0		- version %ld
>6	beshort		>0		- highwater %d
>8	belong		&0x80000000	save fp regs
>8	belong		&0x20000000	debuggable
>8	belong		&0x10000000	PIC

0	belong 		0x020a0108	HP s200 (2.x release) pure executable
>4	beshort		>0		- version %ld
>36	belong		>0		not stripped

0	belong		0x020a0107	HP s200 (2.x release) executable
>4	beshort		>0		- version %ld
>36	belong		>0		not stripped

0	belong		0x020c010e	HP s200 shared library
>4	beshort		>0		- version %ld
>6	beshort		>0		- highwater %d
>36	belong		>0		not stripped

0	belong		0x020c010d	HP s200 dynamic load library
>4	beshort		>0		- version %ld
>6	beshort		>0		- highwater %d
>36	belong		>0		not stripped

#### MISC
0	long		0x0000ff65	HP old archive
0	long		0x020aff65	HP s200 old archive
0	long		0x020cff65	HP s200 old archive
0	long		0x0208ff65	HP s500 old archive

0	long		0x015821a6	HP core file

0	long		0x4da7eee8	HP-WINDOWS font
>8	byte		>0		- version %ld
0	string		Bitmapfile	HP Bitmapfile

0	string		IMGfile	CIS 	compimg HP Bitmapfile
# XXX - see "lif"
#0	short		0x8000		lif file
0	long		0x020c010c	compiled Lisp

0	string		msgcat01	HP NLS message catalog,
>8	long		>0		%d messages

# addendum to /etc/magic with HP-48sx file-types by phk@data.fls.dk 1jan92
0	string		HPHP48-		HP48 binary
>7	byte		>0		- Rev %c
>8	beshort		0x1129		(ADR)
>8	beshort		0x3329		(REAL)
>8	beshort		0x5529		(LREAL)
>8	beshort		0x7729		(COMPLX)
>8	beshort		0x9d29		(LCOMPLX)
>8	beshort		0xbf29		(CHAR)
>8	beshort		0xe829		(ARRAY)
>8	beshort		0x0a2a		(LNKARRAY)
>8	beshort		0x2c2a		(STRING)
>8	beshort		0x4e2a		(HXS)
>8	beshort		0x742a		(LIST)
>8	beshort		0x962a		(DIR)
>8	beshort		0xb82a		(ALG)
>8	beshort		0xda2a		(UNIT)
>8	beshort		0xfc2a		(TAGGED)
>8	beshort		0x1e2b		(GROB)
>8	beshort		0x402b		(LIB)
>8	beshort		0x622b		(BACKUP)
>8	beshort		0x882b		(LIBDATA)
>8	beshort		0x9d2d		(PROG)
>8	beshort		0xcc2d		(CODE)
>8	beshort		0x482e		(GNAME)
>8	beshort		0x6d2e		(LNAME)
>8	beshort		0x922e		(XLIB)
0	string		%%HP:		HP48 text
>6	string		T(0)		- T(0)
>6	string		T(1)		- T(1)
>6	string		T(2)		- T(2)
>6	string		T(3)		- T(3)
>10	string		A(D)		A(D)
>10	string		A(R)		A(R)
>10	string		A(G)		A(G)
>14	string		F(.)		F(.);
>14	string		F(,)		F(,);

# hpBSD magic numbers
0	beshort		200		hp200 (68010) BSD
>2	beshort		0407		impure binary
>2	beshort		0410		read-only binary
>2	beshort		0413		demand paged binary
0	beshort		300		hp300 (68020+68881) BSD
>2	beshort		0407		impure binary
>2	beshort		0410		read-only binary
>2	beshort		0413		demand paged binary
#
# From David Gero <dgero@nortelnetworks.com>
# HP-UX 10.20 core file format from /usr/include/sys/core.h
# Unfortunately, HP-UX uses corehead blocks without specifying the order
# There are four we care about:
#     CORE_KERNEL, which starts with the string "HP-UX"
#     CORE_EXEC, which contains the name of the command
#     CORE_PROC, which contains the signal number that caused the core dump
#     CORE_FORMAT, which contains the version of the core file format (== 1)
# The only observed order in real core files is KERNEL, EXEC, FORMAT, PROC
# but we include all 6 variations of the order of the first 3, and
# assume that PROC will always be last
# Order 1: KERNEL, EXEC, FORMAT, PROC
0x10		string	HP-UX
>0		belong	2
>>0xC		belong	0x3C
>>>0x4C		belong	0x100
>>>>0x58	belong	0x44
>>>>>0xA0	belong	1
>>>>>>0xAC	belong	4
>>>>>>>0xB0	belong	1
>>>>>>>>0xB4	belong	4		core file
>>>>>>>>>0x90	string	>\0		from '%s'
>>>>>>>>>0xC4	belong	3		- received SIGQUIT
>>>>>>>>>0xC4	belong	4		- received SIGILL
>>>>>>>>>0xC4	belong	5		- received SIGTRAP
>>>>>>>>>0xC4	belong	6		- received SIGABRT
>>>>>>>>>0xC4	belong	7		- received SIGEMT
>>>>>>>>>0xC4	belong	8		- received SIGFPE
>>>>>>>>>0xC4	belong	10		- received SIGBUS
>>>>>>>>>0xC4	belong	11		- received SIGSEGV
>>>>>>>>>0xC4	belong	12		- received SIGSYS
>>>>>>>>>0xC4	belong	33		- received SIGXCPU
>>>>>>>>>0xC4	belong	34		- received SIGXFSZ
# Order 2: KERNEL, FORMAT, EXEC, PROC
>>>0x4C		belong	1
>>>>0x58	belong	4
>>>>>0x5C	belong	1
>>>>>>0x60	belong	0x100
>>>>>>>0x6C	belong	0x44
>>>>>>>>0xB4	belong	4		core file
>>>>>>>>>0xA4	string	>\0		from '%s'
>>>>>>>>>0xC4	belong	3		- received SIGQUIT
>>>>>>>>>0xC4	belong	4		- received SIGILL
>>>>>>>>>0xC4	belong	5		- received SIGTRAP
>>>>>>>>>0xC4	belong	6		- received SIGABRT
>>>>>>>>>0xC4	belong	7		- received SIGEMT
>>>>>>>>>0xC4	belong	8		- received SIGFPE
>>>>>>>>>0xC4	belong	10		- received SIGBUS
>>>>>>>>>0xC4	belong	11		- received SIGSEGV
>>>>>>>>>0xC4	belong	12		- received SIGSYS
>>>>>>>>>0xC4	belong	33		- received SIGXCPU
>>>>>>>>>0xC4	belong	34		- received SIGXFSZ
# Order 3: FORMAT, KERNEL, EXEC, PROC
0x24		string	HP-UX
>0		belong	1
>>0xC		belong	4
>>>0x10		belong	1
>>>>0x14	belong	2
>>>>>0x20	belong	0x3C
>>>>>>0x60	belong	0x100
>>>>>>>0x6C	belong	0x44
>>>>>>>>0xB4	belong	4		core file
>>>>>>>>>0xA4	string	>\0		from '%s'
>>>>>>>>>0xC4	belong	3		- received SIGQUIT
>>>>>>>>>0xC4	belong	4		- received SIGILL
>>>>>>>>>0xC4	belong	5		- received SIGTRAP
>>>>>>>>>0xC4	belong	6		- received SIGABRT
>>>>>>>>>0xC4	belong	7		- received SIGEMT
>>>>>>>>>0xC4	belong	8		- received SIGFPE
>>>>>>>>>0xC4	belong	10		- received SIGBUS
>>>>>>>>>0xC4	belong	11		- received SIGSEGV
>>>>>>>>>0xC4	belong	12		- received SIGSYS
>>>>>>>>>0xC4	belong	33		- received SIGXCPU
>>>>>>>>>0xC4	belong	34		- received SIGXFSZ
# Order 4: EXEC, KERNEL, FORMAT, PROC
0x64		string	HP-UX
>0		belong	0x100
>>0xC		belong	0x44
>>>0x54		belong	2
>>>>0x60	belong	0x3C
>>>>>0xA0	belong	1
>>>>>>0xAC	belong	4
>>>>>>>0xB0	belong	1
>>>>>>>>0xB4	belong	4		core file
>>>>>>>>>0x44	string	>\0		from '%s'
>>>>>>>>>0xC4	belong	3		- received SIGQUIT
>>>>>>>>>0xC4	belong	4		- received SIGILL
>>>>>>>>>0xC4	belong	5		- received SIGTRAP
>>>>>>>>>0xC4	belong	6		- received SIGABRT
>>>>>>>>>0xC4	belong	7		- received SIGEMT
>>>>>>>>>0xC4	belong	8		- received SIGFPE
>>>>>>>>>0xC4	belong	10		- received SIGBUS
>>>>>>>>>0xC4	belong	11		- received SIGSEGV
>>>>>>>>>0xC4	belong	12		- received SIGSYS
>>>>>>>>>0xC4	belong	33		- received SIGXCPU
>>>>>>>>>0xC4	belong	34		- received SIGXFSZ
# Order 5: FORMAT, EXEC, KERNEL, PROC
0x78		string	HP-UX
>0		belong	1
>>0xC		belong	4
>>>0x10		belong	1
>>>>0x14	belong	0x100
>>>>>0x20	belong	0x44
>>>>>>0x68	belong	2
>>>>>>>0x74	belong	0x3C
>>>>>>>>0xB4	belong	4		core file
>>>>>>>>>0x58	string	>\0		from '%s'
>>>>>>>>>0xC4	belong	3		- received SIGQUIT
>>>>>>>>>0xC4	belong	4		- received SIGILL
>>>>>>>>>0xC4	belong	5		- received SIGTRAP
>>>>>>>>>0xC4	belong	6		- received SIGABRT
>>>>>>>>>0xC4	belong	7		- received SIGEMT
>>>>>>>>>0xC4	belong	8		- received SIGFPE
>>>>>>>>>0xC4	belong	10		- received SIGBUS
>>>>>>>>>0xC4	belong	11		- received SIGSEGV
>>>>>>>>>0xC4	belong	12		- received SIGSYS
>>>>>>>>>0xC4	belong	33		- received SIGXCPU
>>>>>>>>>0xC4	belong	34		- received SIGXFSZ
# Order 6: EXEC, FORMAT, KERNEL, PROC
>0		belong	0x100
>>0xC		belong	0x44
>>>0x54		belong	1
>>>>0x60	belong	4
>>>>>0x64	belong	1
>>>>>>0x68	belong	2
>>>>>>>0x74	belong	0x2C
>>>>>>>>0xB4	belong	4		core file
>>>>>>>>>0x44	string	>\0		from '%s'
>>>>>>>>>0xC4	belong	3		- received SIGQUIT
>>>>>>>>>0xC4	belong	4		- received SIGILL
>>>>>>>>>0xC4	belong	5		- received SIGTRAP
>>>>>>>>>0xC4	belong	6		- received SIGABRT
>>>>>>>>>0xC4	belong	7		- received SIGEMT
>>>>>>>>>0xC4	belong	8		- received SIGFPE
>>>>>>>>>0xC4	belong	10		- received SIGBUS
>>>>>>>>>0xC4	belong	11		- received SIGSEGV
>>>>>>>>>0xC4	belong	12		- received SIGSYS
>>>>>>>>>0xC4	belong	33		- received SIGXCPU
>>>>>>>>>0xC4	belong	34		- received SIGXFSZ

# From: AMAKAWA Shuhei <sa264@cam.ac.uk>
0	string	HPHP49-			HP49 binary

#------------------------------------------------------------------------------
# human68k:  file(1) magic for Human68k (X680x0 DOS) binary formats
# Magic too short!
#0		string	HU		Human68k
#>68		string	LZX		LZX compressed
#>>72		string	>\0		(version %s)
#>(8.L+74)	string	LZX		LZX compressed
#>>(8.L+78)	string	>\0		(version %s)
#>60		belong	>0		binded
#>(8.L+66)	string	#HUPAIR		hupair
#>0		string	HU		X executable
#>(8.L+74)	string	#LIBCV1		- linked PD LIBC ver 1
#>4		belong	>0		- base address 0x%x
#>28		belong	>0		not stripped
#>32		belong	>0		with debug information
#0		beshort	0x601a		Human68k Z executable
#0		beshort	0x6000		Human68k object file
#0		belong	0xd1000000	Human68k ar binary archive
#0		belong	0xd1010000	Human68k ar ascii archive
#0		beshort	0x0068		Human68k lib archive
#4		string	LZX		Human68k LZX compressed
#>8		string	>\0		(version %s)
#>4		string	LZX		R executable
#2		string	#HUPAIR		Human68k hupair R executable

#------------------------------------------------------------------------------
# ibm370:  file(1) magic for IBM 370 and compatibles.
#
# "ibm370" said that 0x15d == 0535 was "ibm 370 pure executable".
# What the heck *is* "USS/370"?
# AIX 4.1's "/etc/magic" has
#
#	0	short		0535		370 sysV executable 
#	>12	long		>0		not stripped
#	>22	short		>0		- version %d
#	>30	long		>0		- 5.2 format
#	0	short		0530		370 sysV pure executable 
#	>12	long		>0		not stripped
#	>22	short		>0		- version %d
#	>30	long		>0		- 5.2 format
#
# instead of the "USS/370" versions of the same magic numbers.
#
0	beshort		0537		370 XA sysV executable 
>12	belong		>0		not stripped
>22	beshort		>0		- version %d
>30	belong		>0		- 5.2 format
0	beshort		0532		370 XA sysV pure executable 
>12	belong		>0		not stripped
>22	beshort		>0		- version %d
>30	belong		>0		- 5.2 format
0	beshort		054001		370 sysV pure executable
>12	belong		>0		not stripped
0	beshort		055001		370 XA sysV pure executable
>12	belong		>0		not stripped
0	beshort		056401		370 sysV executable
>12	belong		>0		not stripped
0	beshort		057401		370 XA sysV executable
>12	belong		>0		not stripped
0       beshort		0531		SVR2 executable (Amdahl-UTS)
>12	belong		>0		not stripped
>24     belong		>0		- version %ld
0	beshort		0534		SVR2 pure executable (Amdahl-UTS)
>12	belong		>0		not stripped
>24	belong		>0		- version %ld
0	beshort		0530		SVR2 pure executable (USS/370)
>12	belong		>0		not stripped
>24	belong		>0		- version %ld
0	beshort		0535		SVR2 executable (USS/370)
>12	belong		>0		not stripped
>24	belong		>0		- version %ld

#------------------------------------------------------------------------------
# ibm6000:  file(1) magic for RS/6000 and the RT PC.
#
0	beshort		0x01df		executable (RISC System/6000 V3.1) or obj module
>12	belong		>0		not stripped
# Breaks sun4 statically linked execs.
#0      beshort		0x0103		executable (RT Version 2) or obj module
#>2	byte		0x50		pure
#>28	belong		>0		not stripped
#>6	beshort		>0		- version %ld
0	beshort		0x0104		shared library
0	beshort		0x0105		ctab data
0	beshort		0xfe04		structured file
0	string		0xabcdef	AIX message catalog
0	belong		0x000001f9	AIX compiled message catalog
0	string		\<aiaff>	archive
0	string		\<bigaf>	archive (big format)

#------------------------------------------------------------------------------
# iff:	file(1) magic for Interchange File Format (see also "audio" & "images")
#
# Daniel Quinlan (quinlan@yggdrasil.com) -- IFF was designed by Electronic
# Arts for file interchange.  It has also been used by Apple, SGI, and
# especially Commodore-Amiga.
#
# IFF files begin with an 8 byte FORM header, followed by a 4 character
# FORM type, which is followed by the first chunk in the FORM.

0	string		FORM		IFF data
#>4	belong		x		\b, FORM is %d bytes long
# audio formats
>8	string		AIFF		\b, AIFF audio
>8	string		AIFC		\b, AIFF-C compressed audio
>8	string		8SVX		\b, 8SVX 8-bit sampled sound voice
>8	string		16SV		\b, 16SV 16-bit sampled sound voice
>8	string		SAMP		\b, SAMP sampled audio
>8	string		MAUD		\b, MAUD MacroSystem audio
>8	string		SMUS		\b, SMUS simple music
>8	string		CMUS		\b, CMUS complex music
# image formats
>8	string		ILBMBMHD	\b, ILBM interleaved image
>>20	beshort		x		\b, %d x
>>22	beshort		x		%d
>8	string		RGBN		\b, RGBN 12-bit RGB image
>8	string		RGB8		\b, RGB8 24-bit RGB image
>8	string		DEEP		\b, DEEP TVPaint/XiPaint image
>8	string		DR2D		\b, DR2D 2-D object
>8	string		TDDD		\b, TDDD 3-D rendering
>8	string		LWOB		\b, LWOB 3-D object
>8	string		LWO2		\b, LWO2 3-D object, v2
>8	string		LWLO		\b, LWLO 3-D layered object
>8	string		REAL		\b, REAL Real3D rendering
>8	string		MC4D		\b, MC4D MaxonCinema4D rendering
>8	string		ANIM		\b, ANIM animation
>8	string		YAFA		\b, YAFA animation
>8	string		SSA\ 		\b, SSA super smooth animation
>8	string		ACBM		\b, ACBM continuous image
>8	string		FAXX		\b, FAXX fax image
# other formats
>8	string		FTXT		\b, FTXT formatted text
>8	string		CTLG		\b, CTLG message catalog
>8	string		PREF		\b, PREF preferences
>8	string		DTYP		\b, DTYP datatype description
>8	string		PTCH		\b, PTCH binary patch
>8	string		AMFF		\b, AMFF AmigaMetaFile format
>8	string		WZRD		\b, WZRD StormWIZARD resource
>8	string		DOC\ 		\b, DOC desktop publishing document

# These go at the end of the iff rules
#
# I don't see why these might collide with anything else.
#
# Interactive Fiction related formats
#
>8	string		IFRS		\b, Blorb Interactive Fiction
>>24	string		Exec		with executable chunk
>8	string          IFZS		\b, Z-machine or Glulx saved game file (Quetzal)

#------------------------------------------------------------------------------
# images:  file(1) magic for image formats (see also "iff")
#
# originally from jef@helios.ee.lbl.gov (Jef Poskanzer),
# additions by janl@ifi.uio.no as well as others. Jan also suggested
# merging several one- and two-line files into here.
#
# little magic: PCX (first byte is 0x0a)

# Targa - matches `povray', `ppmtotga' and `xv' outputs
# by Philippe De Muyter <phdm@macqel.be>
# at 2, byte ImgType must be 1, 2, 3, 9, 10 or 11
# at 1, byte CoMapType must be 1 if ImgType is 1 or 9, 0 otherwise
# at 3, leshort Index is 0 for povray, ppmtotga and xv outputs
# `xv' recognizes only a subset of the following (RGB with pixelsize = 24)
# `tgatoppm' recognizes a superset (Index may be anything)
1	belong&0xfff7ffff	0x01010000	Targa image data - Map
>2	byte&8			8		- RLE
>12	leshort			>0		%hd x
>14	leshort			>0		%hd
1	belong&0xfff7ffff	0x00020000	Targa image data - RGB
>2	byte&8			8		- RLE
>12	leshort			>0		%hd x
>14	leshort			>0		%hd
1	belong&0xfff7ffff	0x00030000	Targa image data - Mono
>2	byte&8			8		- RLE
>12	leshort			>0		%hd x
>14	leshort			>0		%hd

# PBMPLUS images
# The next byte following the magic is always whitespace.
0	string		P1		Netpbm PBM image text
0	string		P2		Netpbm PGM image text
0	string		P3		Netpbm PPM image text
0	string		P4		Netpbm PBM "rawbits" image data
0	string		P5		Netpbm PGM "rawbits" image data
0	string		P6		Netpbm PPM "rawbits" image data
0	string		P7		Netpbm PAM image file

# From: bryanh@giraffe-data.com (Bryan Henderson)
0	string		\117\072	Solitaire Image Recorder format
>4	string		\013		MGI Type 11
>4	string		\021		MGI Type 17
0	string		.MDA		MicroDesign data
>21	byte		48		version 2
>21	byte		51		version 3
0	string		.MDP		MicroDesign page data
>21	byte		48		version 2
>21	byte		51		version 3

# NIFF (Navy Interchange File Format, a modification of TIFF) images
0	string		IIN1		NIFF image data

# Tag Image File Format, from Daniel Quinlan (quinlan@yggdrasil.com)
# The second word of TIFF files is the TIFF version number, 42, which has
# never changed.  The TIFF specification recommends testing for it.
0	string		MM\x00\x2a	TIFF image data, big-endian
0	string		II\x2a\x00	TIFF image data, little-endian

# PNG [Portable Network Graphics, or "PNG's Not GIF"] images
# (Greg Roelofs, newt@uchicago.edu)
# (Albert Cahalan, acahalan@cs.uml.edu)
#
# 137 P N G \r \n ^Z \n [4-byte length] H E A D [HEAD data] [HEAD crc] ...
#
0	string		\x89PNG		PNG image data,
>4	belong		!0x0d0a1a0a	CORRUPTED,
>4	belong		0x0d0a1a0a
>>16	belong		x		%ld x
>>20	belong		x		%ld,
>>24	byte		x		%d-bit
>>25	byte		0		grayscale,
>>25	byte		2		\b/color RGB,
>>25	byte		3		colormap,
>>25	byte		4		gray+alpha,
>>25	byte		6		\b/color RGBA,
#>>26	byte		0		deflate/32K,
>>28	byte		0		non-interlaced
>>28	byte		1		interlaced
1	string		PNG		PNG image data, CORRUPTED

# GIF
0	string		GIF8		GIF image data
>4	string		7a		\b, version 8%s,
>4	string		9a		\b, version 8%s,
>6	leshort		>0		%hd x
>8	leshort		>0		%hd
#>10	byte		&0x80		color mapped,
#>10	byte&0x07	=0x00		2 colors
#>10	byte&0x07	=0x01		4 colors
#>10	byte&0x07	=0x02		8 colors
#>10	byte&0x07	=0x03		16 colors
#>10	byte&0x07	=0x04		32 colors
#>10	byte&0x07	=0x05		64 colors
#>10	byte&0x07	=0x06		128 colors
#>10	byte&0x07	=0x07		256 colors

# ITC (CMU WM) raster files.  It is essentially a byte-reversed Sun raster,
# 1 plane, no encoding.
0	string		\361\0\100\273	CMU window manager raster image data
>4	lelong		>0		%d x
>8	lelong		>0		%d,
>12	lelong		>0		%d-bit

# Magick Image File Format
0	string		id=ImageMagick	MIFF image data

# Artisan
0	long		1123028772	Artisan image data
>4	long		1		\b, rectangular 24-bit
>4	long		2		\b, rectangular 8-bit with colormap
>4	long		3		\b, rectangular 32-bit (24-bit with matte)

# FIG (Facility for Interactive Generation of figures), an object-based format
0	string		#FIG		FIG image text
>5	string		x		\b, version %.3s

# PHIGS
0	string		ARF_BEGARF		PHIGS clear text archive
0	string		@(#)SunPHIGS		SunPHIGS
# version number follows, in the form m.n
>40	string		SunBin			binary
>32	string		archive			archive

# GKS (Graphics Kernel System)
0	string		GKSM		GKS Metafile
>24	string		SunGKS		\b, SunGKS

# CGM image files
0	string		BEGMF		clear text Computer Graphics Metafile
# XXX - questionable magic
0	beshort&0xffe0	0x0020		binary Computer Graphics Metafile
0	beshort		0x3020		character Computer Graphics Metafile

# MGR bitmaps  (Michael Haardt, u31b3hs@pool.informatik.rwth-aachen.de)
0	string	yz	MGR bitmap, modern format, 8-bit aligned
0	string	zz	MGR bitmap, old format, 1-bit deep, 16-bit aligned
0	string	xz	MGR bitmap, old format, 1-bit deep, 32-bit aligned
0	string	yx	MGR bitmap, modern format, squeezed

# Fuzzy Bitmap (FBM) images
0	string		%bitmap\0	FBM image data
>30	long		0x31		\b, mono
>30	long		0x33		\b, color

# facsimile data
1	string		PC\ Research,\ Inc	group 3 fax data
>29	byte		0		\b, normal resolution (204x98 DPI)
>29	byte		1		\b, fine resolution (204x196 DPI)
# From: Herbert Rosmanith <herp@wildsau.idv.uni.linz.at>
0	string		Sfff		structured fax file

# PC bitmaps (OS/2, Windoze BMP files)  (Greg Roelofs, newt@uchicago.edu)
0	string		BM		PC bitmap data
>14	leshort		12		\b, OS/2 1.x format
>>18	leshort		x		\b, %d x
>>20	leshort		x		%d
>14	leshort		64		\b, OS/2 2.x format
>>18	leshort		x		\b, %d x
>>20	leshort		x		%d
>14	leshort		40		\b, Windows 3.x format
>>18	lelong		x		\b, %d x
>>22	lelong		x		%d x
>>28	leshort		x		%d
# Too simple - MPi
#0	string		IC		PC icon data
#0	string		PI		PC pointer image data
#0	string		CI		PC color icon data
#0	string		CP		PC color pointer image data
# Conflicts with other entries [BABYL]
#0	string		BA		PC bitmap array data

# XPM icons (Greg Roelofs, newt@uchicago.edu)
# note possible collision with C/REXX entry in c-lang; currently commented out
0	string		/*\ XPM\ */	X pixmap image text

# Utah Raster Toolkit RLE images (janl@ifi.uio.no)
0	leshort		0xcc52		RLE image data,
>6	leshort		x		%d x
>8	leshort		x		%d
>2	leshort		>0		\b, lower left corner: %d
>4	leshort		>0		\b, lower right corner: %d
>10	byte&0x1	=0x1		\b, clear first
>10	byte&0x2	=0x2		\b, no background
>10	byte&0x4	=0x4		\b, alpha channel
>10	byte&0x8	=0x8		\b, comment
>11	byte		>0		\b, %d color channels
>12	byte		>0		\b, %d bits per pixel
>13	byte		>0		\b, %d color map channels

# image file format (Robert Potter, potter@cs.rochester.edu)
0	string		Imagefile\ version-	iff image data
# this adds the whole header (inc. version number), informative but longish
>10	string		>\0		%s

# Sun raster images, from Daniel Quinlan (quinlan@yggdrasil.com)
0	belong		0x59a66a95	Sun raster image data
>4	belong		>0		\b, %d x
>8	belong		>0		%d,
>12	belong		>0		%d-bit,
#>16	belong		>0		%d bytes long,
>20	belong		0		old format,
#>20	belong		1		standard,
>20	belong		2		compressed,
>20	belong		3		RGB,
>20	belong		4		TIFF,
>20	belong		5		IFF,
>20	belong		0xffff		reserved for testing,
>24	belong		0		no colormap
>24	belong		1		RGB colormap
>24	belong		2		raw colormap
#>28	belong		>0		colormap is %d bytes long

# SGI image file format, from Daniel Quinlan (quinlan@yggdrasil.com)
#
# See
#	http://reality.sgi.com/grafica/sgiimage.html
#
0	beshort		474		SGI image data
#>2	byte		0		\b, verbatim
>2	byte		1		\b, RLE
#>3	byte		1		\b, normal precision
>3	byte		2		\b, high precision
>4	beshort		x		\b, %d-D
>6	beshort		x		\b, %d x
>8	beshort		x		%d
>10	beshort		x		\b, %d channel
>10	beshort		!1		\bs
>80	string		>0		\b, "%s"

0	string		IT01		FIT image data
>4	belong		x		\b, %d x
>8	belong		x		%d x
>12	belong		x		%d
#
0	string		IT02		FIT image data
>4	belong		x		\b, %d x
>8	belong		x		%d x
>12	belong		x		%d
#
2048	string		PCD_IPI		Kodak Photo CD image pack file
>0xe02	byte&0x03	0x00		, landscape mode
>0xe02	byte&0x03	0x01		, portrait mode
>0xe02	byte&0x03	0x02		, landscape mode
>0xe02	byte&0x03	0x03		, portrait mode
0	string		PCD_OPA		Kodak Photo CD overview pack file

# FITS format.  Jeff Uphoff <juphoff@tarsier.cv.nrao.edu>
# FITS is the Flexible Image Transport System, the de facto standard for
# data and image transfer, storage, etc., for the astronomical community.
# (FITS floating point formats are big-endian.)
0	string	SIMPLE\ \ =	FITS image data
>109	string	8		\b, 8-bit, character or unsigned binary integer
>108	string	16		\b, 16-bit, two's complement binary integer
>107	string	\ 32		\b, 32-bit, two's complement binary integer
>107	string	-32		\b, 32-bit, floating point, single precision
>107	string	-64		\b, 64-bit, floating point, double precision

# other images
0	string	This\ is\ a\ BitMap\ file	Lisp Machine bit-array-file
0	string		=!!		Bennet Yee's "face" format

# From SunOS 5.5.1 "/etc/magic" - appeared right before Sun raster image
# stuff.
#
0	beshort		0x1010		PEX Binary Archive

# Visio drawings
03000	string	Visio\ (TM)\ Drawing	%s

# Tgif files
0	string	\%TGIF\ x 		Tgif file version %s

# DICOM medical imaging data
128	string	DICM			DICOM medical imaging data

# XWD - X Window Dump file.
#   As described in /usr/X11R6/include/X11/XWDFile.h
#   used by the xwd program.
#   Bradford Castalia, idaeim, 1/01
4	belong	7			XWD X Window Dump image data
>100	string	>\0			\b, "%s"
>16	belong	x			\b, %dx
>20	belong	x			\b%dx
>12	belong	x			\b%d

# PDS - Planetary Data System
#   These files use Parameter Value Language in the header section.
#   Unfortunately, there is no certain magic, but the following
#   strings have been found to be most likely.
0	string	NJPL1I00		PDS (JPL) image data
2	string	NJPL1I			PDS (JPL) image data
0	string	CCSD3ZF			PDS (CCSD) image data
2	string	CCSD3Z			PDS (CCSD) image data
0	string	PDS_			PDS image data
0	string	LBLSIZE=		PDS (VICAR) image data

# pM8x: ATARI STAD compressed bitmap format
#
# from Oskar Schirmer <schirmer@scara.com> Feb 2, 2001
# p M 8 5/6 xx yy zz data...
# Atari ST STAD bitmap is always 640x400, bytewise runlength compressed.
# bytes either run horizontally (pM85) or vertically (pM86). yy is the
# most frequent byte, xx and zz are runlength escape codes, where xx is
# used for runs of yy.
#
0	string	pM85		Atari ST STAD bitmap image data (hor)
>5	byte	0x00		(white background)
>5	byte	0xFF		(black background)
0	string	pM86		Atari ST STAD bitmap image data (vert)
>5	byte	0x00		(white background)
>5	byte	0xFF		(black background)

# XXX:
# This is bad magic 0x5249 == 'RI' conflicts with RIFF and other
# magic.
# SGI RICE image file <mpruett@sgi.com>
#0	beshort	0x5249		RICE image
#>2	beshort	x		v%d
#>4	beshort	x		(%d x
#>6	beshort	x		%d)
#>8	beshort	0		8 bit
#>8	beshort	1		10 bit
#>8	beshort	2		12 bit
#>8	beshort	3		13 bit
#>10	beshort	0		4:2:2
#>10	beshort	1		4:2:2:4
#>10	beshort	2		4:4:4
#>10	beshort	3		4:4:4:4
#>12	beshort	1		RGB
#>12	beshort	2		CCIR601
#>12	beshort	3		RP175
#>12	beshort	4		YUV

#------------------------------------------------------------------------------
#
# Marco Schmidt (marcoschmidt@users.sourceforge.net) -- an image  file format
# for the EPOC operating system, which is used with PDAs like those from Psion
#
# see http://huizen.dds.nl/~frodol/psiconv/html/Index.html for a description
# of various EPOC file formats

0	string \x37\x00\x00\x10\x42\x00\x00\x10\x00\x00\x00\x00\x39\x64\x39\x47 EPOC MBM image file

# PCX image files
# From: Dan Fandrich <dan@coneharvesters.com>
0	beshort		0x0a00	PCX ver. 2.5 image data
0	beshort		0x0a02	PCX ver. 2.8 image data, with palette
0	beshort		0x0a03	PCX ver. 2.8 image data, without palette
0	beshort		0x0a04	PCX for Windows image data
0	beshort		0x0a05	PCX ver. 3.0 image data
>4	leshort		x      bounding box [%hd,
>6	leshort		x      %hd] -
>8	leshort		x      [%hd,
>10	leshort		x      %hd],
>65	byte		>1	%d planes each of
>3	byte		x	%hhd-bit
>68	byte		0	image,
>68	byte		1	colour,
>68	byte		2	grayscale,
>68	byte		>2	image,
>68	byte		<0	image,
>12	leshort		>0	%hd x
>>14	leshort		x      %hd dpi,
>2	byte		0	uncompressed
>2	byte		1	RLE compressed

# Adobe Photoshop
0	string		8BPS Adobe Photoshop Image

# XV thumbnail indicator (ThMO)
0	string		P7\ 332		XV thumbnail image data

# NITF is defined by United States MIL-STD-2500A
0	string	NITF	National Imagery Transmission Format
>25	string	>\0	dated %.14s

# GEM Image: Version 1, Headerlen 8 (Wolfram Kleff)
0	belong		0x00010008	GEM Image data
>12	beshort		x		%d x
>14	beshort		x		%d,
>4	beshort		x		%d planes,
>8	beshort		x		%d x
>10	beshort		x		%d pixelsize

# GEM Metafile (Wolfram Kleff)
0	lelong		0x0018FFFF	GEM Metafile data
>4	leshort		x		version %d

#
# SMJPEG. A custom Motion JPEG format used by Loki Entertainment
# Software Torbjorn Andersson <d91tan@Update.UU.SE>.
#
0	string	\0\nSMJPEG	SMJPEG
>8	belong	x		%d.x data
# According to the specification you could find any number of _TXT
# headers here, but I can't think of any way of handling that. None of
# the SMJPEG files I tried it on used this feature. Even if such a
# file is encountered the output should still be reasonable.
>16	string	_SND		\b,
>>24	beshort	>0		%d Hz
>>26	byte	8		8-bit
>>26	byte	16		16-bit
>>28	string	NONE		uncompressed
# >>28	string	APCM		ADPCM compressed
>>27	byte	1		mono
>>28	byte	2		stereo
# Help! Isn't there any way to avoid writing this part twice?
>>32	string	_VID		\b,
# >>>48	string	JFIF		JPEG
>>>40	belong	>0		%d frames
>>>44	beshort	>0		(%d x
>>>46	beshort	>0		%d)
>16	string	_VID		\b,
# >>32	string	JFIF		JPEG
>>24	belong	>0		%d frames
>>28	beshort	>0		(%d x
>>30	beshort	>0		%d)

0	string	Paint\ Shop\ Pro\ Image\ File	Paint Shop Pro Image File

# "thumbnail file" (icon)
# descended from "xv", but in use by other applications as well (Wolfram Kleff)
0       string          P7\ 332         XV "thumbnail file" (icon) data

# taken from fkiss: (<yav@mte.biglobe.ne.jp> ?)
0       string          KiSS            KISS/GS
>4      byte            16              color
>>5     byte            x               %d bit
>>8     leshort         x               %d colors
>>10    leshort         x               %d groups
>4      byte            32              cell
>>5     byte            x               %d bit
>>8     leshort         x               %d x
>>10    leshort         x               %d
>>12    leshort         x               +%d
>>14    leshort         x               +%d

# Webshots (www.webshots.com), by John Harrison
0       string          C\253\221g\230\0\0\0 Webshots Desktop .wbz file

# Hercules DASD image files
# From Jan Jaeger <jj@septa.nl>
0       string  CKD_P370        Hercules CKD DASD image file
>8      long    x               \b, %d heads per cylinder
>12     long    x               \b, track size %d bytes
>16     byte    x               \b, device type 33%2.2X

0       string  CKD_C370        Hercules compressed CKD DASD image file
>8      long    x               \b, %d heads per cylinder
>12     long    x               \b, track size %d bytes
>16     byte    x               \b, device type 33%2.2X

0       string  CKD_S370        Hercules CKD DASD shadow file
>8      long    x               \b, %d heads per cylinder
>12     long    x               \b, track size %d bytes
>16     byte    x               \b, device type 33%2.2X

# Squeak images and - etoffi@softhome.net
0 string \146\031\0\0  Squeak image data
0 string 'From\040Squeak  Squeak program text

# partimage: file(1) magic for PartImage files (experimental, incomplete)
# Author: Hans-Joachim Baader <hjb@pro-linux.de>
0		string	PaRtImAgE-VoLuMe	PartImage
>0x0020		string	0.6.1		file version %s
>>0x0060	lelong	>-1		volume %ld
#>>0x0064 8 byte identifier
#>>0x007c reserved
>>0x0200	string	>\0		type %s
>>0x1400	string	>\0		device %s,
>>0x1600	string	>\0		original filename %s,
# Some fields omitted
>>0x2744	lelong	0		not compressed
>>0x2744	lelong	1		gzip compressed
>>0x2744	lelong	2		bzip2 compressed
>>0x2744	lelong	>2		compressed with unknown algorithm
>0x0020		string	>0.6.1		file version %s
>0x0020		string	<0.6.1		file version %s

# DCX is multi-page PCX, using a simple header of up to 1024
# offsets for the respective PCX components.
# From: Joerg Wunsch <joerg_wunsch@uriah.heep.sax.de>
0	lelong	987654321	DCX multi-page PCX image data

# Simon Walton <simonw@matteworld.com>
# Kodak Cineon format for scanned negatives
# http://www.kodak.com/US/en/motion/support/dlad/
0	lelong  0xd75f2a80	Cineon image data
>200	belong  >0		\b, %ld x
>204	belong  >0		%ld

# Bio-Rad .PIC is an image format used by microscope control systems
# and related image processing software used by biologists.
# From: Vebjorn Ljosa <vebjorn@ljosa.com>
54	leshort 12345		Bio-Rad .PIC Image File
>0	leshort >0		%hd x
>2	leshort >0		%hd,
>4	leshort =1		1 image in file
>4	leshort >1		%hd images in file

# From Jan "Yenya" Kasprzak <kas@fi.muni.cz>
# The description of *.mrw format can be found at
# http://www.dalibor.cz/minolta/raw_file_format.htm
0	string	\000MRM			Minolta Dimage camera raw image data

# From: stephane.loeuillet@tiscali.f
# http://www.djvuzone.org/
0	string	AT&TFORM		DjVu Image file

# From: Jason Bacon <bacon@smithers.neuro.mcw.edu>
0	beshort	0x3020			character Computer Graphics Metafile

# From Marc Espie
0	lelong	20000630		OpenEXR image data

# From: Tom Hilinski <tom.hilinski@comcast.net>
# http://www.unidata.ucar.edu/packages/netcdf/
0	string	CDF\001			NetCDF Data Format data

#-----------------------------------------------------------------------
# Hierarchical Data Format, used to facilitate scientific data exchange
# specifications at http://hdf.ncsa.uiuc.edu/
0	belong	0x0e031301	Hierarchical Data Format (version 4) data
0	string	\211HDF\r\n\032	Hierarchical Data Format (version 5) data

# The boot loaders syslinux and isolinux use a RLE based image format
# called SLL16 to store splash screens.
0	lelong		0x1413f33d	Syslinux SLL16 image data,
>4	leshort		>0		%hd x
>6	leshort		>0		%hd

#------------------------------------------------------------------------------
# intel:  file(1) magic for x86 Unix
#
# Various flavors of x86 UNIX executable/object (other than Xenix, which
# is in "microsoft").  DOS is in "msdos"; the ambitious soul can do
# Windows as well.
#
# Windows NT belongs elsewhere, as you need x86 and MIPS and Alpha and
# whatever comes next (HP-PA Hummingbird?).  OS/2 may also go elsewhere
# as well, if, as, and when IBM makes it portable.
#
# The `versions' should be un-commented if they work for you.
# (Was the problem just one of endianness?)
#
0	leshort		0502		basic-16 executable
>12	lelong		>0		not stripped
#>22	leshort		>0		- version %ld
0	leshort		0503		basic-16 executable (TV)
>12	lelong		>0		not stripped
#>22	leshort		>0		- version %ld
0	leshort		0510		x86 executable
>12	lelong		>0		not stripped
0	leshort		0511		x86 executable (TV)
>12	lelong		>0		not stripped
0	leshort		=0512		iAPX 286 executable small model (COFF)
>12	lelong		>0		not stripped
#>22	leshort		>0		- version %ld
0	leshort		=0522		iAPX 286 executable large model (COFF)
>12	lelong		>0		not stripped
#>22	leshort		>0		- version %ld
# SGI labeled the next entry as "iAPX 386 executable" --Dan Quinlan
0	leshort		=0514		80386 COFF executable
>12	lelong		>0		not stripped
>22	leshort		>0		- version %ld

# rom: file(1) magic for BIOS ROM Extensions found in intel machines
#      mapped into memory between 0xC0000 and 0xFFFFF
# From Gürkan Sengün <gurkan@linuks.mine.nu>, www.linuks.mine.nu
0        beshort         0x55AA       BIOS (ia32) ROM Ext.
>5       string          USB          USB
>7       string          LDR          UNDI image
>30      string          IBM          IBM comp. Video
>26      string          Adaptec      Adaptec
>28      string          Adaptec      Adaptec
>42      string          PROMISE      Promise
>2       byte            x            (%d*512)

#------------------------------------------------------------------------------
# interleaf:  file(1) magic for InterLeaf TPS:
#
0	string		=\210OPS	Interleaf saved data
0	string		=<!OPS		Interleaf document text
>5	string		,\ Version\ =	\b, version
>>17	string		>\0		%.3s

#------------------------------------------------------------------------------
# island:  file(1) magic for IslandWite/IslandDraw, from SunOS 5.5.1
# "/etc/magic":
# From: guy@netapp.com (Guy Harris)
#
4	string		pgscriptver	IslandWrite document
13	string		DrawFile	IslandDraw document

#------------------------------------------------------------------------------
# ispell:  file(1) magic for ispell
#
# Ispell 3.0 has a magic of 0x9601 and ispell 3.1 has 0x9602.  This magic
# will match 0x9600 through 0x9603 in *both* little endian and big endian.
# (No other current magic entries collide.)
#
# Updated by Daniel Quinlan (quinlan@yggdrasil.com)
#
0	leshort&0xFFFC	0x9600		little endian ispell
>0	byte		0		hash file (?),
>0	byte		1		3.0 hash file,
>0	byte		2		3.1 hash file,
>0	byte		3		hash file (?),
>2	leshort		0x00		8-bit, no capitalization, 26 flags
>2	leshort		0x01		7-bit, no capitalization, 26 flags
>2	leshort		0x02		8-bit, capitalization, 26 flags
>2	leshort		0x03		7-bit, capitalization, 26 flags
>2	leshort		0x04		8-bit, no capitalization, 52 flags
>2	leshort		0x05		7-bit, no capitalization, 52 flags
>2	leshort		0x06		8-bit, capitalization, 52 flags
>2	leshort		0x07		7-bit, capitalization, 52 flags
>2	leshort		0x08		8-bit, no capitalization, 128 flags
>2	leshort		0x09		7-bit, no capitalization, 128 flags
>2	leshort		0x0A		8-bit, capitalization, 128 flags
>2	leshort		0x0B		7-bit, capitalization, 128 flags
>2	leshort		0x0C		8-bit, no capitalization, 256 flags
>2	leshort		0x0D		7-bit, no capitalization, 256 flags
>2	leshort		0x0E		8-bit, capitalization, 256 flags
>2	leshort		0x0F		7-bit, capitalization, 256 flags
>4	leshort		>0		and %d string characters
0	beshort&0xFFFC	0x9600		big endian ispell
>1	byte		0		hash file (?),
>1	byte		1		3.0 hash file,
>1	byte		2		3.1 hash file,
>1	byte		3		hash file (?),
>2	beshort		0x00		8-bit, no capitalization, 26 flags
>2	beshort		0x01		7-bit, no capitalization, 26 flags
>2	beshort		0x02		8-bit, capitalization, 26 flags
>2	beshort		0x03		7-bit, capitalization, 26 flags
>2	beshort		0x04		8-bit, no capitalization, 52 flags
>2	beshort		0x05		7-bit, no capitalization, 52 flags
>2	beshort		0x06		8-bit, capitalization, 52 flags
>2	beshort		0x07		7-bit, capitalization, 52 flags
>2	beshort		0x08		8-bit, no capitalization, 128 flags
>2	beshort		0x09		7-bit, no capitalization, 128 flags
>2	beshort		0x0A		8-bit, capitalization, 128 flags
>2	beshort		0x0B		7-bit, capitalization, 128 flags
>2	beshort		0x0C		8-bit, no capitalization, 256 flags
>2	beshort		0x0D		7-bit, no capitalization, 256 flags
>2	beshort		0x0E		8-bit, capitalization, 256 flags
>2	beshort		0x0F		7-bit, capitalization, 256 flags
>4	beshort		>0		and %d string characters
# ispell 4.0 hash files  kromJx <kromJx@crosswinds.net>
# Ispell 4.0
0       string          ISPL            ispell
>4      long            x               hash file version %d,
>8      long            x               lexletters %d,
>12     long            x               lexsize %d,
>16     long            x               hashsize %d,
>20     long            x               stblsize %d
#------------------------------------------------------------
# Java ByteCode
# From Larry Schwimmer (schwim@cs.stanford.edu)
# Handled in Mach now
#0	belong		0xcafebabe	compiled Java class data,
#>6	beshort x	version %d.
#>4	beshort x	\b%d
#------------------------------------------------------------
# Java serialization
# From Martin Pool (m.pool@pharos.com.au)
0	beshort		0xaced		Java serialization data
>2	beshort		>0x0004		\b, version %d

#------------------------------------------------------------------------------
# karma:  file(1) magic for Karma data files
#
# From <rgooch@atnf.csiro.au>

0	string		KarmaRHD Version	Karma Data Structure Version
>16	belong		x		%lu
#------------------------------------------------------------------------------
# DEC SRC Virtual Paper: Lectern files
# Karl M. Hegbloom <karlheg@inetarena.com>
0	string	lect	DEC SRC Virtual Paper Lectern file

#------------------------------------------------------------------------------
# lex:  file(1) magic for lex
#
#	derived empirically, your offsets may vary!
53	string		yyprevious	C program text (from lex)
>3	string		>\0		 for %s
# C program text from GNU flex, from Daniel Quinlan <quinlan@yggdrasil.com>
21	string		generated\ by\ flex	C program text (from flex)
# lex description file, from Daniel Quinlan <quinlan@yggdrasil.com>
0	string		%{		lex description text

#------------------------------------------------------------------------------
# lif:  file(1) magic for lif
#
# (Daniel Quinlan <quinlan@yggdrasil.com>)
#
0	beshort		0x8000		lif file

#------------------------------------------------------------------------------
# lisp:  file(1) magic for lisp programs
#
# various lisp types, from Daniel Quinlan (quinlan@yggdrasil.com)

# updated by Joerg Jenderek
0	string	;;			
# windows INF files often begin with semicolon and use CRLF as line end
# lisp files are mainly created on unix system with LF as line end
>2	search/2048	!\r		Lisp/Scheme program text
>2	search/2048	\r		Windows INF file
0	string	(			
>1	string	if\ 			Lisp/Scheme program text
>1	string	setq\ 			Lisp/Scheme program text
>1	string	defvar\ 		Lisp/Scheme program text
>1	string	autoload\ 		Lisp/Scheme program text
>1	string	custom-set-variables	Lisp/Scheme program text

# Emacs 18 - this is always correct, but not very magical.
0	string	\012(			Emacs v18 byte-compiled Lisp data
# Emacs 19+ - ver. recognition added by Ian Springer
# Also applies to XEmacs 19+ .elc files; could tell them apart if we had regexp
# support or similar - Chris Chittleborough <cchittleborough@yahoo.com.au>
0	string	;ELC			
>4	byte	>19			
>4	byte    <32			Emacs/XEmacs v%d byte-compiled Lisp data

# Files produced by CLISP Common Lisp From: Bruno Haible <haible@ilog.fr>
0	string	(SYSTEM::VERSION\040'	CLISP byte-compiled Lisp program text
0	long	0x70768BD2		CLISP memory image data
0	long	0xD28B7670		CLISP memory image data, other endian

# Files produced by GNU gettext
0	long	0xDE120495		GNU-format message catalog data
0	long	0x950412DE		GNU-format message catalog data

#.com and .bin for MIT scheme 
0	string	\372\372\372\372	MIT scheme (library?)

# From: David Allouche <david@allouche.net>
0	string	\<TeXmacs|	TeXmacs document text
#------------------------------------------------------------------------------
# mach file description
#
# Since Java bytecode and Mach-O fat-files have the same magic number the test
# must be preformed in the same "magic" sequence to get both right.  The long
# at offset 4 in a fat file tells the number of architectures.  The short at
# offset 4 in a Java bytecode file is the compiler minor version and the
# short at offset 6 is the compiler major version.  Since there are only 
# only 18 labeled Mach-O architectures at current, and the first released 
# Java class format was version 43.0, we can safely choose any number
# between 18 and 39 to test the number of architectures against
# (and use as a hack).
#
0	belong		0xcafebabe
>4	belong		>19		compiled Java class data,
>>6     beshort		x	        version %d.
>>4     beshort		x       	\b%d
>4	belong		1		Mach-O fat file with 1 architecture
>4	belong		>1
# The following is necessary to support java class files.
>>4	belong		<20		Mach-O fat file with %ld architectures
#>>4	belong		<0xffff		Mach-O fat file with %ld architectures
#
0	lelong&0xfeffffff	0xfeedface	Mach-O
>0	byte		0xcf		64-bit
>12	lelong		1		object
>12	lelong		2		executable
>12	lelong		3		fixed virtual memory shared library
>12	lelong		4		core
>12	lelong		5		preload executable
>12	lelong		6		dynamically linked shared library
>12	lelong		7		dynamic linker
>12	lelong		8		bundle
>12	lelong		9		dynamically linked shared library stub
>12	lelong		>9
>>12	lelong		x		filetype=%ld
>4	lelong		<0
>>4	lelong		x		architecture=%ld
>4	lelong		1		vax
>4	lelong		2		romp
>4	lelong		3		architecture=3
>4	lelong		4		ns32032
>4	lelong		5		ns32332
>4	lelong		6		m68k
>4	lelong		7		i386
>4	lelong		8		mips
>4	lelong		9		ns32532
>4	lelong		10		architecture=10
>4	lelong		11		hppa
>4	lelong		12		acorn
>4	lelong		13		m88k
>4	lelong		14		sparc
>4	lelong		15		i860-big
>4	lelong		16		i860
>4	lelong		17		rs6000
>4	lelong		18		ppc
>4	lelong		16777234	ppc64
>4	lelong		>16777234
>>4	lelong		x		architecture=%ld
#
0	belong&0xfffffffe	0xfeedface	Mach-O
>3	byte		0xcf		64-bit
>12	belong		1		object
>12	belong		2		executable
>12	belong		3		fixed virtual memory shared library
>12	belong		4		core
>12	belong		5		preload executable
>12	belong		6               dynamically linked shared library
>12	belong		7               dynamic linker
>12	belong		8		bundle
>12	belong		9		dynamically linked shared library stub
>12	belong		>9
>>12	belong		x		filetype=%ld
>4	belong		<0
>>4	belong		x		architecture=%ld
>4	belong		1		vax
>4	belong		2		romp
>4	belong		3		architecture=3
>4	belong		4		ns32032
>4	belong		5		ns32332
>4	belong		6		for m68k architecture
# from NeXTstep 3.0 <mach/machine.h>
# i.e. mc680x0_all, ignore
# >>8	belong		1		(mc68030)
>>8	belong		2		(mc68040)
>>8	belong		3		(mc68030 only)
>4	belong		7		i386
>4	belong		8		mips
>4	belong		9		ns32532
>4	belong		10		architecture=10
>4	belong		11		hppa
>4	belong		12		acorn
>4	belong		13		m88k
>4	belong		14		sparc
>4	belong		15		i860-big
>4	belong		16		i860
>4	belong		17		rs6000
>4	belong		18		ppc
>4	belong		16777234	ppc64
>4	belong		>16777234
>>4	belong		x		architecture=%ld

#------------------------------------------------------------------------------
# macintosh description
#
# BinHex is the Macintosh ASCII-encoded file format (see also "apple")
# Daniel Quinlan, quinlan@yggdrasil.com
11	string	must\ be\ converted\ with\ BinHex	BinHex binary text
>41	string	x					\b, version %.3s

# Stuffit archives are the de facto standard of compression for Macintosh
# files obtained from most archives. (franklsm@tuns.ca)
0	string		SIT!			StuffIt Archive (data)
>2	string		x			: %s
0	string		SITD			StuffIt Deluxe (data)
>2	string		x			: %s
0	string		Seg			StuffIt Deluxe Segment (data)
>2	string		x			: %s

# Newer StuffIt archives (grant@netbsd.org)
0	string		StuffIt			StuffIt Archive
#>162	string		>0			: %s

# Macintosh Applications and Installation binaries (franklsm@tuns.ca)
0	string		APPL			Macintosh Application (data)
>2	string		x			\b: %s

# Macintosh System files (franklsm@tuns.ca)
0	string		zsys			Macintosh System File (data)
0	string		FNDR			Macintosh Finder (data)
0	string		libr			Macintosh Library (data)
>2	string		x			: %s
0	string		shlb			Macintosh Shared Library (data)
>2	string		x			: %s
0	string		cdev			Macintosh Control Panel (data)
>2	string		x			: %s
0	string		INIT			Macintosh Extension (data)
>2	string		x			: %s
0	string		FFIL			Macintosh Truetype Font (data)
>2	string		x			: %s
0	string		LWFN			Macintosh Postscript Font (data)
>2	string		x			: %s

# Additional Macintosh Files (franklsm@tuns.ca)
0	string		PACT			Macintosh Compact Pro Archive (data)
>2	string		x			: %s
0	string		ttro			Macintosh TeachText File (data)
>2	string		x			: %s
0	string		TEXT			Macintosh TeachText File (data)
>2	string		x			: %s
0	string		PDF			Macintosh PDF File (data)
>2	string		x			: %s

# MacBinary format (Eric Fischer, enf@pobox.com)
#
# Unfortunately MacBinary doesn't really have a magic number prior
# to the MacBinary III format.  The checksum is really the way to
# do it, but the magic file format isn't up to the challenge.
#
# 0	byte		0
# 1	byte				# filename length
# 2	string				# filename
# 65    string				# file type
# 69	string				# file creator
# 73	byte				# Finder flags
# 74	byte		0
# 75	beshort				# vertical posn in window
# 77	beshort				# horiz posn in window
# 79	beshort				# window or folder ID
# 81    byte				# protected?
# 82	byte		0
# 83	belong				# length of data segment
# 87	belong				# length of resource segment
# 91	belong				# file creation date
# 95	belong				# file modification date
# 99	beshort				# length of comment after resource
# 101	byte				# new Finder flags
# 102	string		mBIN		# (only in MacBinary III)
# 106	byte				# char. code of file name
# 107	byte				# still more Finder flags
# 116	belong				# total file length
# 120	beshort				# length of add'l header
# 122	byte		129		# for MacBinary II
# 122	byte		130		# for MacBinary III
# 123	byte		129		# minimum version that can read fmt
# 124	beshort				# checksum
#
# This attempts to use the version numbers as a magic number, requiring
# that the first one be 0x80, 0x81, 0x82, or 0x83, and that the second
# be 0x81.  This works for the files I have, but maybe not for everyone's.

# Unfortunately, this magic is quite weak - MPi
#122	beshort&0xFCFF	0x8081		Macintosh MacBinary data

# MacBinary I doesn't have the version number field at all, but MacBinary II
# has been in use since 1987 so I hope there aren't many really old files
# floating around that this will miss.  The original spec calls for using
# the nulls in 0, 74, and 82 as the magic number.
#
# Another possibility, that would also work for MacBinary I, is to use
# the assumption that 65-72 will all be ASCII (0x20-0x7F), that 73 will
# have bits 1 (changed), 2 (busy), 3 (bozo), and 6 (invisible) unset,
# and that 74 will be 0.  So something like
# 
# 71 	belong&0x80804EFF 0x00000000 	Macintosh MacBinary data
# 
# >73	byte&0x01	0x01		\b, inited
# >73	byte&0x02	0x02		\b, changed
# >73	byte&0x04	0x04		\b, busy
# >73	byte&0x08	0x08		\b, bozo
# >73	byte&0x10	0x10		\b, system
# >73	byte&0x10	0x20		\b, bundle
# >73	byte&0x10	0x40		\b, invisible
# >73	byte&0x10	0x80		\b, locked

#>65	string		x		\b, type "%4.4s"

#>65	string		8BIM		(PhotoShop)
#>65	string		ALB3		(PageMaker 3)
#>65	string		ALB4		(PageMaker 4)
#>65	string		ALT3		(PageMaker 3)
#>65	string		APPL		(application)
#>65	string		AWWP		(AppleWorks word processor)
#>65	string		CIRC		(simulated circuit)
#>65	string		DRWG		(MacDraw)
#>65	string		EPSF		(Encapsulated PostScript)
#>65	string		FFIL		(font suitcase)
#>65	string		FKEY		(function key)
#>65	string		FNDR		(Macintosh Finder)
#>65	string		GIFf		(GIF image)
#>65	string		Gzip		(GNU gzip)
#>65	string		INIT		(system extension)
#>65	string		LIB\ 		(library)
#>65	string		LWFN		(PostScript font)
#>65	string		MSBC		(Microsoft BASIC)
#>65	string		PACT		(Compact Pro archive)
#>65	string		PDF\ 		(Portable Document Format)
#>65	string		PICT		(picture)
#>65	string		PNTG		(MacPaint picture)
#>65	string		PREF		(preferences)
#>65	string		PROJ		(Think C project)
#>65	string		QPRJ		(Think Pascal project)
#>65	string		SCFL		(Defender scores)
#>65	string		SCRN		(startup screen)
#>65	string		SITD		(StuffIt Deluxe)
#>65	string		SPn3		(SuperPaint)
#>65	string		STAK		(HyperCard stack)
#>65	string		Seg\ 		(StuffIt segment)
#>65	string		TARF		(Unix tar archive)
#>65	string		TEXT		(ASCII)
#>65	string		TIFF		(TIFF image)
#>65	string		TOVF		(Eudora table of contents)
#>65	string		WDBN		(Microsoft Word word processor)
#>65	string		WORD		(MacWrite word processor)
#>65	string		XLS\ 		(Microsoft Excel)
#>65	string		ZIVM		(compress (.Z))
#>65	string		ZSYS		(Pre-System 7 system file)
#>65	string		acf3		(Aldus FreeHand)
#>65	string		cdev		(control panel)
#>65	string		dfil		(Desk Acessory suitcase)
#>65	string		libr		(library)
#>65	string		nX^d		(WriteNow word processor)
#>65	string		nX^w		(WriteNow dictionary)
#>65	string		rsrc		(resource)
#>65	string		scbk		(Scrapbook)
#>65	string		shlb		(shared library)
#>65	string		ttro		(SimpleText read-only)
#>65	string		zsys		(system file)

#>69	string		x		\b, creator "%4.4s"

# Somewhere, Apple has a repository of registered Creator IDs.  These are
# just the ones that I happened to have files from and was able to identify.

#>69	string		8BIM		(Adobe Photoshop)
#>69	string		ALD3		(PageMaker 3)
#>69	string		ALD4		(PageMaker 4)
#>69	string		ALFA		(Alpha editor)
#>69	string		APLS		(Apple Scanner)
#>69	string		APSC		(Apple Scanner)
#>69	string		BRKL		(Brickles)
#>69	string		BTFT		(BitFont)
#>69	string		CCL2 		(Common Lisp 2)
#>69	string		CCL\ 		(Common Lisp)
#>69	string		CDmo		(The Talking Moose)
#>69	string		CPCT		(Compact Pro)
#>69	string		CSOm		(Eudora)
#>69	string		DMOV		(Font/DA Mover)
#>69	string		DSIM		(DigSim)
#>69	string		EDIT		(Macintosh Edit)
#>69	string		ERIK		(Macintosh Finder)
#>69	string		EXTR		(self-extracting archive)
#>69	string		Gzip		(GNU gzip)
#>69	string		KAHL		(Think C)
#>69	string		LWFU		(LaserWriter Utility)
#>69	string		LZIV		(compress)
#>69	string		MACA		(MacWrite)
#>69	string		MACS		(Macintosh operating system)
#>69	string		MAcK		(MacKnowledge terminal emulator)
#>69	string		MLND		(Defender)
#>69	string		MPNT		(MacPaint)
#>69	string		MSBB		(Microsoft BASIC (binary))
#>69	string		MSWD		(Microsoft Word)
#>69	string		NCSA		(NCSA Telnet)
#>69	string		PJMM		(Think Pascal)
#>69	string		PSAL		(Hunt the Wumpus)
#>69	string		PSI2		(Apple File Exchange)
#>69	string		R*ch		(BBEdit)
#>69	string		RMKR		(Resource Maker)
#>69	string		RSED		(Resource Editor)
#>69	string		Rich		(BBEdit)
#>69	string		SIT!		(StuffIt)
#>69	string		SPNT		(SuperPaint)
#>69	string		Unix		(NeXT Mac filesystem)
#>69	string		VIM!		(Vim editor)
#>69	string		WILD		(HyperCard)
#>69	string		XCEL		(Microsoft Excel)
#>69	string		aCa2		(Fontographer)
#>69	string		aca3		(Aldus FreeHand)
#>69	string		dosa		(Macintosh MS-DOS file system)
#>69	string		movr		(Font/DA Mover)
#>69	string		nX^n		(WriteNow)
#>69	string		pdos		(Apple ProDOS file system)
#>69	string		scbk		(Scrapbook)
#>69	string		ttxt		(SimpleText)
#>69	string		ufox		(Foreign File Access)

# Just in case...

102	string		mBIN		MacBinary III data with surprising version number

# sas magic from Bruce Foster (bef@nwu.edu)
#
#0	string		SAS		SAS
#>8	string		x		%s
0	string		SAS		SAS
>24	string		DATA		data file
>24	string		CATALOG		catalog
>24	string		INDEX		data file index
>24	string		VIEW		data view
# sas 7+ magic from Reinhold Koch (reinhold.koch@roche.com)
#
0x54    string          SAS             SAS 7+
>0x9C   string          DATA            data file
>0x9C   string          CATALOG         catalog
>0x9C   string          INDEX           data file index
>0x9C   string          VIEW            data view

# spss magic for SPSS system and portable files, 
#	 from Bruce Foster (bef@nwu.edu).

0	long		0xc1e2c3c9	SPSS Portable File
>40	string 		x		%s

0	string		$FL2		SPSS System File
>24	string		x		%s

# Macintosh filesystem data
# From "Tom N Harris" <telliamed@mac.com>
# Fixed HFS+ and Partition map magic: Ethan Benson <erbenson@alaska.net>
# The MacOS epoch begins on 1 Jan 1904 instead of 1 Jan 1970, so these
# entries depend on the data arithmetic added after v.35
# There's also some Pascal strings in here, ditto...

# The boot block signature, according to IM:Files, is 
# "for HFS volumes, this field always contains the value 0x4C4B."
# But if this is true for MFS or HFS+ volumes, I don't know.
# Alternatively, the boot block is supposed to be zeroed if it's
# unused, so a simply >0 should suffice.

0x400	beshort			0xD2D7		Macintosh MFS data
>0	beshort			0x4C4B		(bootable)
>0x40a	beshort			&0x8000		(locked)
>0x402	beldate-0x7C25B080	x		created: %s,
>0x406	beldate-0x7C25B080	>0		last backup: %s,
>0x414	belong			x		block size: %d,
>0x412	beshort			x		number of blocks: %d,
>0x424	pstring			x		volume name: %s

# "BD" is has many false positives
#0x400	beshort			0x4244		Macintosh HFS data
#>0	beshort			0x4C4B		(bootable)
#>0x40a	beshort			&0x8000		(locked)
#>0x40a	beshort			^0x0100		(mounted)
#>0x40a	beshort			&0x0200		(spared blocks)
#>0x40a	beshort			&0x0800		(unclean)
#>0x47C	beshort			0x482B		(Embedded HFS+ Volume)
#>0x402	beldate-0x7C25B080	x		created: %s,
#>0x406	beldate-0x7C25B080	x		last modified: %s,
#>0x440	beldate-0x7C25B080	>0		last backup: %s,
#>0x414	belong			x		block size: %d,
#>0x412	beshort			x		number of blocks: %d,
#>0x424	pstring			x		volume name: %s

0x400	beshort			0x482B		Macintosh HFS Extended
>&0	beshort			x		version %d data
>0	beshort			0x4C4B		(bootable)
>0x404	belong			^0x00000100	(mounted)
>&2	belong			&0x00000200	(spared blocks)
>&2	belong			&0x00000800	(unclean)
>&2	belong			&0x00008000	(locked)
>&6	string			x		last mounted by: '%.4s',
# really, that should be treated as a belong and we print a string
# based on the value. TN1150 only mentions '8.10' for "MacOS 8.1"
>&14	beldate-0x7C25B080	x		created: %s,
# only the creation date is local time, all other timestamps in HFS+ are UTC.
>&18	bedate-0x7C25B080	x		last modified: %s,
>&22	bedate-0x7C25B080	>0		last backup: %s,
>&26	bedate-0x7C25B080	>0		last checked: %s,
>&38	belong			x		block size: %d,
>&42	belong			x		number of blocks: %d,
>&46	belong			x		free blocks: %d

# I don't think this is really necessary since it doesn't do much and 
# anything with a valid driver descriptor will also have a valid
# partition map
#0		beshort		0x4552		Apple Device Driver data
#>&24		beshort		=1		\b, MacOS

# Is that the partition type a cstring or a pstring? Well, IM says "strings 
# shorter than 32 bytes must be terminated with NULL" so I'll treat it as a 
# cstring. Of course, partitions can contain more than four entries, but 
# what're you gonna do?
0x200		beshort		0x504D		Apple Partition data
>0x2		beshort		x		block size: %d,
>0x230		string		x		first type: %s,
>0x210		string		x		name: %s,
>0x254		belong		x		number of blocks: %d,
>0x400		beshort		0x504D		
>>0x430		string		x		second type: %s,
>>0x410		string		x		name: %s,
>>0x454		belong		x		number of blocks: %d,
>>0x800		beshort		0x504D		
>>>0x830	string		x		third type: %s,
>>>0x810	string		x		name: %s,
>>>0x854	belong		x		number of blocks: %d,
>>>0xa00	beshort		0x504D		
>>>>0xa30	string		x		fourth type: %s,
>>>>0xa10	string		x		name: %s,
>>>>0xa54	belong		x		number of blocks: %d
# AFAIK, only the signature is different
0x200		beshort		0x5453		Apple Old Partition data
>0x2		beshort		x		block size: %d,
>0x230		string		x		first type: %s,
>0x210		string		x		name: %s,
>0x254		belong		x		number of blocks: %d,
>0x400		beshort		0x504D		
>>0x430		string		x		second type: %s,
>>0x410		string		x		name: %s,
>>0x454		belong		x		number of blocks: %d,
>>0x800		beshort		0x504D		
>>>0x830	string		x		third type: %s,
>>>0x810	string		x		name: %s,
>>>0x854	belong		x		number of blocks: %d,
>>>0xa00	beshort		0x504D		
>>>>0xa30	string		x		fourth type: %s,
>>>>0xa10	string		x		name: %s,
>>>>0xa54	belong		x		number of blocks: %d

# From: Remi Mommsen <mommsen@slac.stanford.edu>
0		string		BOMStore	Mac OS X bill of materials (BOM) fil

#------------------------------------------------------------------------------
# magic:  file(1) magic for magic files
#
0	string		#\ Magic	magic text file for file(1) cmd
0	lelong		0xF11E041C	magic binary file for file(1) cmd
>4	lelong		x		(version %d) (little endian)
0	belong		0xF11E041C	magic binary file for file(1) cmd
>4	belong		x		(version %d) (big endian)

#------------------------------------------------------------------------------
# maple:  file(1) magic for maple files
# "H. Nanosecond" <aldomel@ix.netcom.com>
# Maple V release 4, a multi-purpose math program
#

# maple library .lib
0	string	\000MVR4\nI	MapleVr4 library

# .ind
# no magic for these :-(
# they are compiled indexes for maple files

# .hdb 
0	string	\000\004\000\000	Maple help database

# .mhp
# this has the form <PACKAGE=name>
0	string	\<PACKAGE=	Maple help file
0	string	\<HELP\ NAME=	Maple help file
0	string	\n\<HELP\ NAME=	Maple help file with extra carriage return at start (yuck)
#0	string	#\ Newton	Maple help file, old style
0	string	#\ daub	Maple help file, old style
#0	string	#===========	Maple help file, old style

# .mws
0	string	\000\000\001\044\000\221	Maple worksheet
#this is anomalous
0	string	WriteNow\000\002\000\001\000\000\000\000\100\000\000\000\000\000	Maple worksheet, but weird
# this has the form {VERSION 2 3 "IBM INTEL NT" "2.3" }\n
# that is {VERSION major_version miunor_version computer_type version_string}
0	string	{VERSION\ 	Maple worksheet
>9	string	>\0	version %.1s.
>>>11	string	>\0	%.1s

# .mps
0	string	\0\0\001$	Maple something
# from byte 4 it is either 'nul E' or 'soh R'
# I think 'nul E' means a file that was saved as  a different name
# a sort of revision marking
# 'soh R' means new 
>4	string	\000\105	An old revision
>4	string	\001\122	The latest save

# .mpl
# some of these are the same as .mps above
#0000000 000 000 001 044 000 105 same as .mps
#0000000 000 000 001 044 001 122 same as .mps

0	string	#\n##\ <SHAREFILE=	Maple something
0	string	\n#\n##\ <SHAREFILE=	Maple something
0	string	##\ <SHAREFILE=	Maple something
0	string	#\r##\ <SHAREFILE=	Maple something
0	string	\r#\r##\ <SHAREFILE=	Maple something
0	string	#\ \r##\ <DESCRIBE>	Maple something anomalous.

#------------------------------------------------------------------------------
# mathematica:  file(1) magic for mathematica files
# "H. Nanosecond" <aldomel@ix.netcom.com>
# Mathematica a multi-purpose math program
# versions 2.2 and 3.0

#mathematica .mb
0	string	\064\024\012\000\035\000\000\000	Mathematica version 2 notebook
0	string	\064\024\011\000\035\000\000\000	Mathematica version 2 notebook

# .ma
# multiple possibilites:

0	string	(*^\n\n::[\011frontEndVersion\ =\ 	Mathematica notebook
#>41	string	>\0	%s

#0	string	(*^\n\n::[\011palette	Mathematica notebook version 2.x

#0	string	(*^\n\n::[\011Information	Mathematica notebook version 2.x
#>675	string	>\0	%s #doesn't work well

# there may be 'cr' instread of 'nl' in some does this matter?

# generic:
0	string	(*^\r\r::[\011	Mathematica notebook version 2.x
0	string	\(\*\^\r\n\r\n\:\:\[\011	Mathematica notebook version 2.x
0	string	(*^\015			Mathematica notebook version 2.x
0	string	(*^\n\r\n\r::[\011	Mathematica notebook version 2.x
0	string	(*^\r::[\011	Mathematica notebook version 2.x
0	string	(*^\r\n::[\011	Mathematica notebook version 2.x
0	string	(*^\n\n::[\011	Mathematica notebook version 2.x
0	string	(*^\n::[\011	Mathematica notebook version 2.x

# Mathematica .mx files

#0	string	(*This\ is\ a\ Mathematica\ binary\ dump\ file.\ It\ can\ be\ loaded\ with\ Get.*)	Mathematica binary file
0	string	(*This\ is\ a\ Mathematica\ binary\ 	Mathematica binary file
#>71	string \000\010\010\010\010\000\000\000\000\000\000\010\100\010\000\000\000	
# >71... is optional
>88	string	>\0	from %s

# Mathematica files PBF:
# 115 115 101 120 102 106 000 001 000 000 000 203 000 001 000
0	string	MMAPBF\000\001\000\000\000\203\000\001\000	Mathematica PBF (fonts I think)

# .ml files  These are menu resources I think
# these start with "[0-9][0-9][0-9]\ A~[0-9][0-9][0-9]\ 
# how to put that into a magic rule?
4	string	\ A~	MAthematica .ml file

# .nb files
#too long 0	string	(***********************************************************************\n\n\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ Mathematica-Compatible Notebook	Mathematica 3.0 notebook
0	string	(***********************	Mathematica 3.0 notebook

# other (* matches it is a comment start in these langs
0	string	(*	Mathematica, or Pascal,  Modula-2 or 3 code text

#########################
# MatLab v5
0       string  MATLAB  Matlab v5 mat-file
>126    short   0x494d  (big endian)
>>124   beshort x       version 0x%04x
>126    short   0x4d49  (little endian)
>>124   leshort x       version 0x%04x

#------------------------------------------------------------------------------
# matroska:  file(1) magic for Matroska files
#
# See http://www.matroska.org/
#

# EBML id:
0		belong		0x1a45dfa3
# DocType id:
>0		search/4096 	\x42\x82
# DocType contents:
>>&1		string		matroska	Matroska data
>>&1		string		webm	WebM

#------------------------------------------------------------------------------
# Mavroyanopoulos Nikos <nmav@hellug.gr>
# mcrypt:   file(1) magic for mcrypt 2.2.x;
0	string		\0m\3		mcrypt 2.5 encrypted data,
>4	string		>\0		algorithm: %s,
>>&1	leshort		>0		keysize: %d bytes,
>>>&0	string		>\0		mode: %s,

0	string		\0m\2		mcrypt 2.2 encrypted data,
>3	byte		0		algorithm: blowfish-448,
>3	byte		1		algorithm: DES,
>3	byte		2		algorithm: 3DES,
>3	byte		3		algorithm: 3-WAY,
>3	byte		4		algorithm: GOST,
>3	byte		6		algorithm: SAFER-SK64,
>3	byte		7		algorithm: SAFER-SK128,
>3	byte		8		algorithm: CAST-128,
>3	byte		9		algorithm: xTEA,
>3	byte		10		algorithm: TWOFISH-128,
>3	byte		11		algorithm: RC2,
>3	byte		12		algorithm: TWOFISH-192,
>3	byte		13		algorithm: TWOFISH-256,
>3	byte		14		algorithm: blowfish-128,
>3	byte		15		algorithm: blowfish-192,
>3	byte		16		algorithm: blowfish-256,
>3	byte		100		algorithm: RC6,
>3	byte		101		algorithm: IDEA,
>4	byte		0		mode: CBC,
>4	byte		1		mode: ECB,
>4	byte		2		mode: CFB,
>4	byte		3		mode: OFB,
>4	byte		4		mode: nOFB,
>5	byte		0		keymode: 8bit
>5	byte		1		keymode: 4bit
>5	byte		2		keymode: SHA-1 hash
>5	byte		3		keymode: MD5 hash
#------------------------------------------------------------------------------
# mime:  file(1) magic for MIME encoded files
#
0	string		Content-Type:\
>14	string		>\0		%s
0	string		Content-Type:
>13	string		>\0		%s

#------------------------------------------------------------------------------
# mips:  file(1) magic for Silicon Graphics (MIPS, IRIS, IRIX, etc.)
#                         Dec Ultrix (MIPS)
# all of SGI's *current* machines and OSes run in big-endian mode on the
# MIPS machines, as far as I know.
#
# XXX - what is the blank "-" line?
#
# kbd file definitions
0	string	kbd!map		kbd map file
>8	byte	>0		Ver %d:
>10	short	>0		with %d table(s)
0	belong	0407		old SGI 68020 executable
0	belong	0410		old SGI 68020 pure executable
0	beshort	0x8765		disk quotas file
0	beshort	0x0506		IRIS Showcase file
>2	byte	0x49		-
>3	byte	x		- version %ld
0	beshort	0x0226		IRIS Showcase template
>2	byte	0x63		-
>3	byte	x		- version %ld
0	belong	0x5343464d	IRIS Showcase file
>4	byte	x		- version %ld
0	belong	0x5443464d	IRIS Showcase template
>4	byte	x		- version %ld
0	belong	0xdeadbabe	IRIX Parallel Arena
>8	belong	>0		- version %ld
#
0	beshort	0x0160		MIPSEB ECOFF executable
>20	beshort	0407		(impure)
>20	beshort	0410		(swapped)
>20	beshort	0413		(paged)
>8	belong	>0		not stripped
>8	belong	0		stripped
>22	byte	x		- version %ld
>23	byte	x		.%ld
#
0	beshort	0x0162		MIPSEL-BE ECOFF executable
>20	beshort	0407		(impure)
>20	beshort	0410		(swapped)
>20	beshort	0413		(paged)
>8	belong	>0		not stripped
>8	belong	0		stripped
>23	byte	x		- version %d
>22	byte	x		.%ld
#
0	beshort	0x6001		MIPSEB-LE ECOFF executable
>20	beshort	03401		(impure)
>20	beshort	04001		(swapped)
>20	beshort	05401		(paged)
>8	belong	>0		not stripped
>8	belong	0		stripped
>23	byte	x		- version %d
>22	byte	x		.%ld
#
0	beshort	0x6201		MIPSEL ECOFF executable
>20	beshort	03401		(impure)
>20	beshort	04001		(swapped)
>20	beshort	05401		(paged)
>8	belong	>0		not stripped
>8	belong	0		stripped
>23	byte	x		- version %ld
>22	byte	x		.%ld
#
# MIPS 2 additions
#
0	beshort	0x0163		MIPSEB MIPS-II ECOFF executable
>20	beshort	0407		(impure)
>20	beshort	0410		(swapped)
>20	beshort	0413		(paged)
>8	belong	>0		not stripped
>8	belong	0		stripped
>22	byte	x		- version %ld
>23	byte	x		.%ld
#
0	beshort	0x0166		MIPSEL-BE MIPS-II ECOFF executable
>20	beshort	0407		(impure)
>20	beshort	0410		(swapped)
>20	beshort	0413		(paged)
>8	belong	>0		not stripped
>8	belong	0		stripped
>22	byte	x		- version %ld
>23	byte	x		.%ld
#
0	beshort	0x6301		MIPSEB-LE MIPS-II ECOFF executable
>20	beshort	03401		(impure)
>20	beshort	04001		(swapped)
>20	beshort	05401		(paged)
>8	belong	>0		not stripped
>8	belong	0		stripped
>23	byte	x		- version %ld
>22	byte	x		.%ld
#
0	beshort	0x6601		MIPSEL MIPS-II ECOFF executable
>20	beshort	03401		(impure)
>20	beshort	04001		(swapped)
>20	beshort	05401		(paged)
>8	belong	>0		not stripped
>8	belong	0		stripped
>23	byte	x		- version %ld
>22	byte	x		.%ld
#
# MIPS 3 additions
#
0	beshort	0x0140		MIPSEB MIPS-III ECOFF executable
>20	beshort	0407		(impure)
>20	beshort	0410		(swapped)
>20	beshort	0413		(paged)
>8	belong	>0		not stripped
>8	belong	0		stripped
>22	byte	x		- version %ld
>23	byte	x		.%ld
#
0	beshort	0x0142		MIPSEL-BE MIPS-III ECOFF executable
>20	beshort	0407		(impure)
>20	beshort	0410		(swapped)
>20	beshort	0413		(paged)
>8	belong	>0		not stripped
>8	belong	0		stripped
>22	byte	x		- version %ld
>23	byte	x		.%ld
#
0	beshort	0x4001		MIPSEB-LE MIPS-III ECOFF executable
>20	beshort	03401		(impure)
>20	beshort	04001		(swapped)
>20	beshort	05401		(paged)
>8	belong	>0		not stripped
>8	belong	0		stripped
>23	byte	x		- version %ld
>22	byte	x		.%ld
#
0	beshort	0x4201		MIPSEL MIPS-III ECOFF executable
>20	beshort	03401		(impure)
>20	beshort	04001		(swapped)
>20	beshort	05401		(paged)
>8	belong	>0		not stripped
>8	belong	0		stripped
>23	byte	x		- version %ld
>22	byte	x		.%ld
#
0	beshort	0x180		MIPSEB Ucode
0	beshort	0x182		MIPSEL-BE Ucode
# 32bit core file
0	belong	0xdeadadb0	IRIX core dump
>4	belong	1		of
>16	string	>\0		'%s'
# 64bit core file
0	belong	0xdeadad40	IRIX 64-bit core dump
>4	belong	1		of
>16	string	>\0		'%s'
# N32bit core file
0       belong	0xbabec0bb	IRIX N32 core dump
>4      belong	1               of
>16     string	>\0             '%s'
# New style crash dump file
0	string	\x43\x72\x73\x68\x44\x75\x6d\x70	IRIX vmcore dump of
>36	string	>\0					'%s'
# Trusted IRIX info
0	string	SGIAUDIT	SGI Audit file
>8	byte	x		- version %d
>9	byte	x		.%ld
#
0	string	WNGZWZSC	Wingz compiled script
0	string	WNGZWZSS	Wingz spreadsheet
0	string	WNGZWZHP	Wingz help file
#
0	string	\#Inventor V	IRIS Inventor 1.0 file
0	string	\#Inventor V2	Open Inventor 2.0 file
# GLF is OpenGL stream encoding
0	string	glfHeadMagic();		GLF_TEXT
4	belong	0x7d000000		GLF_BINARY_LSB_FIRST
4	belong	0x0000007d		GLF_BINARY_MSB_FIRST
# GLS is OpenGL stream encoding; GLS is the successor of GLF
0	string	glsBeginGLS(		GLS_TEXT
4	belong	0x10000000		GLS_BINARY_LSB_FIRST
4	belong	0x00000010		GLS_BINARY_MSB_FIRST

#------------------------------------------------------------------------------
# mirage:  file(1) magic for Mirage executables
#
# XXX - byte order?
#
0	long	31415		Mirage Assembler m.out executable
#-----------------------------------------------------------------------------
# misctools:  file(1) magic for miscelanous UNIX tools.
#
0	string	%%!!			X-Post-It-Note text
0	string	BEGIN:VCALENDAR		vCalendar calendar file
0	string	BEGIN:VCARD		vCard visiting card

# From: Alex Beregszaszi <alex@fsn.hu>
4	string	gtktalog		GNOME Catalogue (gtktalog)
>13	string	>\0			version %s

#------------------------------------------------------------------------------
# mkid:  file(1) magic for mkid(1) databases
#
# ID is the binary tags database produced by mkid(1).
#
# XXX - byte order?
#
0	string		\311\304	ID tags data
>2	short		>0		version %d

#------------------------------------------------------------------------------
# mlssa: file(1) magic for MLSSA datafiles
#
0		lelong		0xffffabcd	MLSSA datafile,
>4		leshort		x		algorithm %d,
>10		lelong		x		%d samples

#------------------------------------------------------------------------------
# mmdf:  file(1) magic for MMDF mail files
#
0	string	\001\001\001\001	MMDF mailbox
#------------------------------------------------------------------------------
# modem:  file(1) magic for modem programs
#
# From: Florian La Roche <florian@knorke.saar.de>
4	string		Research,	Digifax-G3-File
>29	byte		1		, fine resolution
>29	byte		0		, normal resolution

0	short		0x0100		raw G3 data, byte-padded
0	short		0x1400		raw G3 data
#
# Magic data for vgetty voice formats
# (Martin Seine & Marc Eberhard)

#
# raw modem data version 1
#
0    string    RMD1      raw modem data
>4   string    >\0       (%s /
>20  short     >0        compression type 0x%04x)

#
# portable voice format 1
#
0    string    PVF1\n         portable voice format
>5   string    >\0       (binary %s)

#
# portable voice format 2
#
0    string    PVF2\n         portable voice format
>5   string >\0          (ascii %s)

#------------------------------------------------------------------------------
# motorola:  file(1) magic for Motorola 68K and 88K binaries
#
# 68K
#
0	beshort		0520		mc68k COFF
>18	beshort		^00000020	object
>18	beshort		&00000020	executable
>12	belong		>0		not stripped
>168	string		.lowmem		Apple toolbox
>20	beshort		0407		(impure)
>20	beshort		0410		(pure)
>20	beshort		0413		(demand paged)
>20	beshort		0421		(standalone)
0	beshort		0521		mc68k executable (shared)
>12	belong		>0		not stripped
0	beshort		0522		mc68k executable (shared demand paged)
>12	belong		>0		not stripped
#
# Motorola/UniSoft 68K Binary Compatibility Standard (BCS)
#
0	beshort		0554		68K BCS executable
#
# 88K
#
# Motorola/88Open BCS
#
0	beshort		0555		88K BCS executable
#
# Motorola S-Records, from Gerd Truschinski <gt@freebsd.first.gmd.de>
0   string      S0          Motorola S-Record; binary data in text format

# ATARI ST relocatable PRG
#
# from Oskar Schirmer <schirmer@scara.com> Feb 3, 2001
# (according to Roland Waldi, Oct 21, 1987)
# besides the magic 0x601a, the text segment size is checked to be
# not larger than 1 MB (which is a lot on ST).
# The additional 0x601b distinction I took from Doug Lee's magic.
0	belong&0xFFFFFFF0	0x601A0000	Atari ST M68K contiguous executable
>2	belong			x		(txt=%ld,
>6	belong			x		dat=%ld,
>10	belong			x		bss=%ld,
>14	belong			x		sym=%ld)
0	belong&0xFFFFFFF0	0x601B0000	Atari ST M68K non-contig executable
>2	belong			x		(txt=%ld,
>6	belong			x		dat=%ld,
>10	belong			x		bss=%ld,
>14	belong			x		sym=%ld)

# Atari ST/TT... program format (sent by Wolfram Kleff <kleff@cs.uni-bonn.de>)
0       beshort         0x601A          Atari 68xxx executable,
>2      belong          x               text len %lu,
>6      belong          x               data len %lu,
>10     belong          x               BSS len %lu,
>14     belong          x               symboltab len %lu,
>18     belong          0
>22     belong          &0x01           fastload flag,
>22     belong          &0x02           may be loaded to alternate RAM,
>22     belong          &0x04           malloc may be from alternate RAM,
>22     belong          x               flags: 0x%lX,
>26     beshort         0               no relocation tab
>26     beshort         !0              + relocation tab
>30     string          SFX             [Self-Extracting LZH SFX archive]
>38     string          SFX             [Self-Extracting LZH SFX archive]
>44     string          ZIP!            [Self-Extracting ZIP SFX archive]

0       beshort         0x0064          Atari 68xxx CPX file
>8      beshort         x               (version %04lx)

#------------------------------------------------------------------------------
# msdos:  file(1) magic for MS-DOS files
#

# .BAT files (Daniel Quinlan, quinlan@yggdrasil.com)
# updated by Joerg Jenderek
0	string	@			
>1	string/cB	\ echo\ off	MS-DOS batch file text
>1	string/cB	echo\ off	MS-DOS batch file text
>1	string/cB	rem\ 		MS-DOS batch file text
>1	string/cB	set\ 		MS-DOS batch file text

# OS/2 batch files are REXX. the second regex is a bit generic, oh well
# the matched commands seem to be common in REXX and uncommon elsewhere
100 regex/c =^\\s*call\s+rxfuncadd.*sysloadfu OS/2 REXX batch file text
100 regex/c =^\\s*say\ ['"] OS/2 REXX batch file text

0	leshort		0x14c	MS Windows COFF Intel 80386 object file
#>4	ledate		x	stamp %s
0	leshort		0x166	MS Windows COFF MIPS R4000 object file
#>4	ledate		x	stamp %s
0	leshort		0x184	MS Windows COFF Alpha object file
#>4	ledate		x	stamp %s
0	leshort		0x268	MS Windows COFF Motorola 68000 object file
#>4	ledate		x	stamp %s
0	leshort		0x1f0	MS Windows COFF PowerPC object file
#>4	ledate		x	stamp %s
0	leshort		0x290	MS Windows COFF PA-RISC object file
#>4	ledate		x	stamp %s

# XXX - according to Microsoft's spec, at an offset of 0x3c in a
# PE-format executable is the offset in the file of the PE header;
# unfortunately, that's a little-endian offset, and there's no way
# to specify an indirect offset with a specified byte order.
# So, for now, we assume the standard MS-DOS stub, which puts the
# PE header at 0x80 = 128.
#
# Required OS version and subsystem version were 4.0 on some NT 3.51
# executables built with Visual C++ 4.0, so it's not clear that
# they're interesting.  The user version was 0.0, but there's
# probably some linker directive to set it.  The linker version was
# 3.0, except for one ".exe" which had it as 4.20 (same damn linker!).
#
# many of the compressed formats were extraced from IDARC 1.23 source code
#
0	string	MZ
>0x18  leshort <0x40 MS-DOS executable
>0 string MZ\0\0\0\0\0\0\0\0\0\0PE\0\0 \b, PE for MS Windows
>>&18	leshort&0x2000	>0	(DLL)
>>&88	leshort		0	(unknown subsystem)
>>&88	leshort		1	(native)
>>&88	leshort		2	(GUI)
>>&88	leshort		3	(console)
>>&88	leshort		7	(POSIX)
>>&0	leshort		0x0	unknown processor
>>&0	leshort		0x14c	Intel 80386
>>&0	leshort		0x166	MIPS R4000
>>&0	leshort		0x184	Alpha
>>&0	leshort		0x268	Motorola 68000
>>&0	leshort		0x1f0	PowerPC
>>&0	leshort		0x290	PA-RISC
>>&18	leshort&0x0100	>0	32-bit
>>&18	leshort&0x1000	>0	system file
>>&0xf4 search/0x140 \x0\x40\x1\x0
>>>(&0.l+(4)) string MSCF \b, WinHKI CAB self-extracting archive

>0x18  leshort >0x3f
>>(0x3c.l) string PE\0\0 PE
>>>(0x3c.l+25) byte 		1 \b32 executable
>>>(0x3c.l+25) byte 		2 \b32+ executable
>>>(0x3c.l+92)	leshort		<10
# hooray, there's a DOS extender using the PE format, with a valid PE
# executable inside (which just prints a message and exits if run in win)
>>>>(8.s*16) string 32STUB for MS-DOS, 32rtm DOS extender
>>>>(8.s*16) string !32STUB for MS Windows
>>>>>(0x3c.l+22)	leshort&0x2000	>0	(DLL)
>>>>>(0x3c.l+92)	leshort		0	(unknown subsystem)
>>>>>(0x3c.l+92)	leshort		1	(native)
>>>>>(0x3c.l+92)	leshort		2	(GUI)
>>>>>(0x3c.l+92)	leshort		3	(console)
>>>>>(0x3c.l+92)	leshort		7	(POSIX)
>>>(0x3c.l+92)	leshort		10	(EFI application)
>>>(0x3c.l+92)	leshort		11	(EFI boot service driver)
>>>(0x3c.l+92)	leshort		12	(EFI runtime driver)
>>>(0x3c.l+4)	leshort		0x0	unknown processor
>>>(0x3c.l+4)	leshort		0x14c	Intel 80386
>>>(0x3c.l+4)	leshort		0x166	MIPS R4000
>>>(0x3c.l+4)	leshort		0x184	Alpha
>>>(0x3c.l+4)	leshort		0x268	Motorola 68000
>>>(0x3c.l+4)	leshort		0x1f0	PowerPC
>>>(0x3c.l+4)	leshort		0x290	PA-RISC
>>>(0x3c.l+4)	leshort		0x200	Intel Itanium
>>>(0x3c.l+22)	leshort&0x0100	>0	32-bit
>>>(0x3c.l+22)	leshort&0x1000	>0	system file

>>>>(0x3c.l+0xf8)	string		UPX0 \b, UPX compressed
>>>>(0x3c.l+0xf8)	search/0x140	PEC2 \b, PECompact2 compressed
>>>>(0x3c.l+0xf8)	search/0x140	UPX2
>>>>>(&0x10.l+(-4))	string		PK\3\4 \b, ZIP self-extracting archive (Info-Zip)
>>>>(0x3c.l+0xf8)	search/0x140	.idata
>>>>>(&0xe.l+(-4))	string		PK\3\4 \b, ZIP self-extracting archive (Info-Zip)
>>>>>(&0xe.l+(-4))	string		ZZ0 \b, ZZip self-extracting archive
>>>>>(&0xe.l+(-4))	string		ZZ1 \b, ZZip self-extracting archive
>>>>(0x3c.l+0xf8)	search/0x140	.rsrc
>>>>>(&0x0f.l+(-4))	string		a\\\4\5 \b, WinHKI self-extracting archive
>>>>>(&0x0f.l+(-4))	string		Rar! \b, RAR self-extracting archive
>>>>>(&0x0f.l+(-4))	search/0x3000	MSCF \b, InstallShield self-extracting archive
>>>>>(&0x0f.l+(-4))	search/32	Nullsoft \b, Nullsoft Installer self-extracting archive
>>>>(0x3c.l+0xf8)	search/0x140	.data
>>>>>(&0x0f.l)		string		WEXTRACT \b, MS CAB-Installer self-extracting archive
>>>>(0x3c.l+0xf8)	search/0x140	.petite\0 \b, Petite compressed
>>>>>(0x3c.l+0xf7)	byte		x
>>>>>>(&0x104.l+(-4))	string		=!sfx! \b, ACE self-extracting archive
>>>>(0x3c.l+0xf8)	search/0x140	.WISE \b, WISE installer self-extracting archive
>>>>(0x3c.l+0xf8)	search/0x140	.dz\0\0\0 \b, Dzip self-extracting archive
>>>>(0x3c.l+0xf8)	search/0x140	.reloc
>>>>>(&0xe.l+(-4))	search/0x180	PK\3\4 \b, ZIP self-extracting archive (WinZip)

>>>>&(0x3c.l+0xf8)	search/0x100	_winzip_ \b, ZIP self-extracting archive (WinZip)
>>>>&(0x3c.l+0xf8)	search/0x100	SharedD \b, Microsoft Installer self-extracting archive
>>>>0x30		string		Inno \b, InnoSetup self-extracting archive

>>(0x3c.l) string !PE\0\0 MS-DOS executable

>>(0x3c.l)		string		NE \b, NE
>>>(0x3c.l+0x36)	byte		0 (unknown OS)
>>>(0x3c.l+0x36)	byte		1 for OS/2 1.x
>>>(0x3c.l+0x36)	byte		2 for MS Windows 3.x
>>>(0x3c.l+0x36)	byte		3 for MS-DOS
>>>(0x3c.l+0x36)	byte		>3 (unknown OS)
>>>(0x3c.l+0x36)	byte		0x81 for MS-DOS, Phar Lap DOS extender
>>>(0x3c.l+0x0c)	leshort&0x8003	0x8002 (DLL)
>>>(0x3c.l+0x0c)	leshort&0x8003	0x8001 (driver)
>>>&(&0x24.s-1)		string		ARJSFX \b, ARJ self-extracting archive
>>>(0x3c.l+0x70)	search/0x80	WinZip(R)\ Self-Extractor \b, ZIP self-extracting archive (WinZip)

>>(0x3c.l)		string		LX\0\0 \b, LX
>>>(0x3c.l+0x0a)	leshort		<1 (unknown OS)
>>>(0x3c.l+0x0a)	leshort		1 for OS/2
>>>(0x3c.l+0x0a)	leshort		2 for MS Windows
>>>(0x3c.l+0x0a)	leshort		3 for DOS
>>>(0x3c.l+0x0a)	leshort		>3 (unknown OS)
>>>(0x3c.l+0x10)	lelong&0x28000	=0x8000 (DLL)
>>>(0x3c.l+0x10)	lelong&0x20000	>0 (device driver)
>>>(0x3c.l+0x10)	lelong&0x300	0x300 (GUI)
>>>(0x3c.l+0x10)	lelong&0x28300	<0x300 (console)
>>>(0x3c.l+0x08)	leshort		1 i80286
>>>(0x3c.l+0x08)	leshort		2 i80386
>>>(0x3c.l+0x08)	leshort		3 i80486
>>>(8.s*16)		string		emx \b, emx
>>>>&1			string		x %s
>>>&(&0x54.l-3)		string		arjsfx \b, ARJ self-extracting archive

# MS Windows system file, supposedly a collection of LE executables
>>(0x3c.l)		string		W3 \b, W3 for MS Windows

>>(0x3c.l)		string		LE\0\0 \b, LE executable
>>>(0x3c.l+0x0a)	leshort		1
# some DOS extenders use LE files with OS/2 header
>>>>0x240		search/0x100	DOS/4G for MS-DOS, DOS4GW DOS extender
>>>>0x240		search/0x200	WATCOM\ C/C++ for MS-DOS, DOS4GW DOS extender
>>>>0x440		search/0x100	CauseWay\ DOS\ Extender for MS-DOS, CauseWay DOS extender
>>>>0x40		search/0x40	PMODE/W for MS-DOS, PMODE/W DOS extender
>>>>0x40		search/0x40	STUB/32A for MS-DOS, DOS/32A DOS extender (stub)
>>>>0x40		search/0x80	STUB/32C for MS-DOS, DOS/32A DOS extender (configurable stub)
>>>>0x40		search/0x80	DOS/32A for MS-DOS, DOS/32A DOS extender (embedded)
# this is a wild guess; hopefully it is a specific signature
>>>>&0x24		lelong		<0x50
>>>>>(&0x4c.l)		string		\xfc\xb8WATCOM
>>>>>>&0		search/8	3\xdbf\xb9 \b, 32Lite compressed
# another wild guess: if real OS/2 LE executables exist, they probably have higher start EIP
#>>>>(0x3c.l+0x1c)	lelong		>0x10000 for OS/2
# fails with DOS-Extenders.
>>>(0x3c.l+0x0a)	leshort		2 for MS Windows
>>>(0x3c.l+0x0a)	leshort		3 for DOS
>>>(0x3c.l+0x0a)	leshort		4 for MS Windows (VxD)
>>>(&0x7c.l+0x26)	string		UPX \b, UPX compressed
>>>&(&0x54.l-3)		string		UNACE \b, ACE self-extracting archive

# looks like ASCII, probably some embedded copyright message.
# and definitely not NE/LE/LX/PE
>>0x3c		lelong	>0x20000000
>>>(4.s*512)	leshort !0x014c \b, MZ for MS-DOS
# header data too small for extended executable
>2		long	!0
>>0x18		leshort	<0x40
>>>(4.s*512)	leshort !0x014c

>>>>&(2.s-514)	string	!LE
>>>>>&-2	string	!BW \b, MZ for MS-DOS
>>>>&(2.s-514)	string	LE \b, LE
>>>>>0x240	search/0x100	DOS/4G for MS-DOS, DOS4GW DOS extender
# educated guess since indirection is still not capable enough for complex offset
# calculations (next embedded executable would be at &(&2*512+&0-2)
# I suspect there are only LE executables in these multi-exe files
>>>>&(2.s-514)	string	BW
>>>>>0x240	search/0x100	DOS/4G ,\b LE for MS-DOS, DOS4GW DOS extender (embedded)
>>>>>0x240	search/0x100	!DOS/4G ,\b BW collection for MS-DOS

# This sequence skips to the first COFF segment, usually .text
>(4.s*512)	leshort		0x014c \b, COFF
>>(8.s*16)	string		go32stub for MS-DOS, DJGPP go32 DOS extender
>>(8.s*16)	string		emx
>>>&1		string		x for DOS, Win or OS/2, emx %s
>>&(&0x42.l-3)	byte		x 
>>>&0x26	string		UPX \b, UPX compressed
# and yet another guess: small .text, and after large .data is unusal, could be 32lite
>>&0x2c		search/0xa0	.text
>>>&0x0b	lelong		<0x2000
>>>>&0		lelong		>0x6000 \b, 32lite compressed

>(8.s*16) string $WdX \b, WDos/X DOS extender

# .EXE formats (Greg Roelofs, newt@uchicago.edu)
#
>0x35   string  \x8e\xc0\xb9\x08\x00\xf3\xa5\x4a\x75\xeb\x8e\xc3\x8e\xd8\x33\xff\xbe\x30\x00\x05 \b, aPack compressed
>0xe7	string	LH/2\ Self-Extract \b, %s
>0x1c	string	diet \b, diet compressed
>0x1c	string	LZ09 \b, LZEXE v0.90 compressed
>0x1c	string	LZ91 \b, LZEXE v0.91 compressed
>0x1c   string  tz \b, TinyProg compressed
>0x1e	string	PKLITE \b, %s compressed
>0x64   string  W\ Collis\0\0 \b, Compack compressed
>0x24	string	LHa's\ SFX \b, LHa self-extracting archive
>0x24	string	LHA's\ SFX \b, LHa self-extracting archive
>0x24   string  \ $ARX \b, ARX self-extracting archive
>0x24   string  \ $LHarc \b, LHarc self-extracting archive
>0x20   string  SFX\ by\ LARC \b, LARC self-extracting archive
>1638	string	-lh5- \b, LHa self-extracting archive v2.13S
>0x17888 string	Rar! \b, RAR self-extracting archive
>0x40   string aPKG \b, aPackage self-extracting archive

>32      string AIN
>>35     string 2              \b, AIN 2.x compressed
>>35     string <2             \b, AIN 1.x compressed
>>35     string >2             \b, AIN 1.x compressed
>28      string UC2X           \b, UCEXE compressed
>28      string WWP\           \b, WWPACK compressed

# skip to the end of the exe
>(4.s*512)	long	x 
>>&(2.s-517)	byte	x 
>>>&0	string		PK\3\4 \b, ZIP self-extracting archive
>>>&0	string		Rar! \b, RAR self-extracting archive
>>>&0	string		=!\x11 \b, AIN 2.x self-extracting archive
>>>&0	string		=!\x12 \b, AIN 2.x self-extracting archive
>>>&0	string		=!\x17 \b, AIN 1.x self-extracting archive
>>>&0	string		=!\x18 \b, AIN 1.x self-extracting archive
>>>&7	search/400	**ACE** \b, ACE self-extracting archive
>>>&0	search/0x480	UC2SFX\ Header \b, UC2 self-extracting archive

>0x1c	string		RJSX \b, ARJ self-extracting archive
# winarj stores a message in the stub instead of the sig in the MZ header
>0x20	search/0xe0	aRJsfX \b, ARJ self-extracting archive

# a few unknown ZIP sfxes, no idea if they are needed or if they are
# already captured by the generic patterns above
>122		string		Windows\ self-extracting\ ZIP	\b, ZIP self-extracting archive
>(8.s*16)	search/0x20	PKSFX \b, ZIP self-extracting archive (PKZIP)
# TODO: how to add this? >FileSize-34 string Windows\ Self-Installing\ Executable \b, ZIP self-extracting archive
#

# TELVOX Teleinformatica CODEC self-extractor for OS/2:
>49801	string	\x79\xff\x80\xff\x76\xff	\b, CODEC archive v3.21
>>49824	leshort		=1			\b, 1 file
>>49824	leshort		>1			\b, %u files

# .COM formats (Daniel Quinlan, quinlan@yggdrasil.com)
# Uncommenting only the first two lines will cover about 2/3 of COM files,
# but it isn't feasible to match all COM files since there must be at least
# two dozen different one-byte "magics".
#0	byte		0xe9		DOS executable (COM)
#>0x1FE	leshort		0xAA55		\b, boot code
#>6	string		SFX\ of\ LHarc	(%s)
#0	belong	0xffffffff		DOS executable (device driver)
#CMD640X2.SYS
#>10	string	>\x23			
#>>10	string	!\x2e			
#>>>17	string	<\x5B			
#>>>>10	string	x			\b, name: %.8s
#UDMA.SYS KEYB.SYS CMD640X2.SYS
#>10	string	<\x41			
#>>12	string	>\x40			
#>>>10	string	!$			
#>>>>12	string	x			\b, name: %.8s
#BTCDROM.SYS ASPICD.SYS
#>22	string	>\x40			
#>>22	string	<\x5B			
#>>>23	string	<\x5B			
#>>>>22	string	x			\b, name: %.8s
#ATAPICD.SYS
#>76	string	\0			
#>>77	string	>\x40			
#>>>77	string	<\x5B			
#>>>>77	string	x			\b, name: %.8s
#0	byte		0x8c		DOS executable (COM)
# 0xeb conflicts with "sequent" magic
#0	byte		0xeb		DOS executable (COM)
#>0x1FE	leshort		0xAA55		\b, boot code
#>85	string		UPX		\b, UPX compressed
#>4	string		\ $ARX		\b, ARX self-extracting archive
#>4	string		\ $LHarc	\b, LHarc self-extracting archive
#>0x20e	string		SFX\ by\ LARC	\b, LARC self-extracting archive
0	byte		0xb8		
# modified by Joerg Jenderek
#>1	lelong          !0x21cd4cff	for DOS
# http://syslinux.zytor.com/comboot.php
# (32-bit COMBOOT) programs *.C32 contain 32-bit code and run in flat-memory 32-bit protected mode
# start with assembler instructions mov eax,21cd4cffh
>1	lelong          0x21cd4cff	COM executable (32-bit COMBOOT)
#0	string	\x81\xfc		
#>4	string	\x77\x02\xcd\x20\xb9	
#>>36	string	UPX! 			FREE-DOS executable (COM), UPX compressed
252	string Must\ have\ DOS\ version	DR-DOS executable (COM)
# GRR search is not working
#2	search/28	\xcd\x21	COM executable for MS-DOS
#WHICHFAT.cOM
#2	string	\xcd\x21		COM executable for DOS
#DELTREE.cOM DELTREE2.cOM
#4	string	\xcd\x21		COM executable for DOS
#IFMEMDSK.cOM ASSIGN.cOM COMP.cOM
#5	string	\xcd\x21		COM executable for DOS
#DELTMP.COm HASFAT32.cOM
#7	string	\xcd\x21		
#>0	byte	!0xb8			COM executable for DOS
#COMP.cOM MORE.COm
#10	string	\xcd\x21		
#>5	string	!\xcd\x21		COM executable for DOS
#comecho.com
#13	string	\xcd\x21		COM executable for DOS
#HELP.COm EDIT.coM
#18	string	\xcd\x21		COM executable for MS-DOS
#NWRPLTRM.COm
#23	string	\xcd\x21		COM executable for MS-DOS
#LOADFIX.cOm LOADFIX.cOm
#30	string	\xcd\x21		COM executable for MS-DOS
#syslinux.com 3.11
#70	string	\xcd\x21		COM executable for DOS
# many compressed/converted COMs start with a copy loop instead of a jump
0x6	search/0xa	\xfc\x57\xf3\xa5\xc3	COM executable for MS-DOS
0x6	search/0xa	\xfc\x57\xf3\xa4\xc3	COM executable for DOS
>0x18	search/0x10	\x50\xa4\xff\xd5\x73	\b, aPack compressed
0x3c	string		W\ Collis\0\0		COM executable for MS-DOS, Compack compressed
# FIXME: missing diet .com compression

# miscellaneous formats
0	string		LZ		MS-DOS executable (built-in)
#0	byte		0xf0		MS-DOS program library data
#

#
# Windows Registry files.
# updated by Joerg Jenderek
0	string		regf		Windows NT/XP registry file
0	string		CREG		Windows 95/98/ME registry file
0	string		SHCC3		Windows 3.1 registry file

# AAF files:
# <stuartc@rd.bbc.co.uk> Stuart Cunningham
0	string	\320\317\021\340\241\261\032\341AAFB\015\000OM\006\016\053\064\001\001\001\377			AAF legacy file using MS Structured Storage
>30	byte	9		(512B sectors)
>30	byte	12		(4kB sectors)
0	string	\320\317\021\340\241\261\032\341\001\002\001\015\000\002\000\000\006\016\053\064\003\002\001\001			AAF file using MS Structured Storage
>30	byte	9		(512B sectors)
>30	byte	12		(4kB sectors)

# Popular applications
2080	string	Microsoft\ Word\ 6.0\ Document	%s
2080	string	Documento\ Microsoft\ Word\ 6 Spanish Microsoft Word 6 document data
# Pawel Wiecek <coven@i17linuxb.ists.pwr.wroc.pl> (for polish Word)
2112	string	MSWordDoc			Microsoft Word document data
#
0	belong	0x31be0000			Microsoft Word Document
#
0       string  PO^Q`				Microsoft Word 6.0 Document
#
0	string	\376\067\0\043			Microsoft Office Document
0	string	\320\317\021\340\241\261\032\341	Microsoft Office Document
0	string	\333\245-\0\0\0			Microsoft Office Document
#
2080	string	Microsoft\ Excel\ 5.0\ Worksheet	%s
2080	string	Foglio\ di\ lavoro\ Microsoft\ Exce	%s
#
# Pawel Wiecek <coven@i17linuxb.ists.pwr.wroc.pl> (for polish Excel)
2114	string	Biff5		Microsoft Excel 5.0 Worksheet
# Italian MS-Excel
2121	string	Biff5		Microsoft Excel 5.0 Worksheet
0	string	\x09\x04\x06\x00\x00\x00\x10\x00	Microsoft Excel Worksheet
#
0	belong	0x00001a00	Lotus 1-2-3
>4	belong	0x00100400	wk3 document data
>4	belong	0x02100400	wk4 document data
>4	belong	0x07800100	fm3 or fmb document data
>4	belong	0x07800000	fm3 or fmb document data
#
0	belong	0x00000200 	Lotus 1-2-3
>4	belong	0x06040600	wk1 document data
>4	belong	0x06800200	fmt document data

# Help files
0	string	?_\3\0		MS Windows Help Data

#  DeIsL1.isu what this is I don't know
0	string	\161\250\000\000\001\002	DeIsL1.isu whatever that is

# Winamp .avs
#0	string	Nullsoft\ AVS\ Preset\ \060\056\061\032	A plug in for Winamp ms-windows Freeware media player
0	string	Nullsoft\ AVS\ Preset\ 	Winamp plug in

# Hyper terminal:
0	string	HyperTerminal\ 	hyperterm
>15	string	1.0\ --\ HyperTerminal\ data\ file	MS-windows Hyperterminal

# Windows Metafont .WMF
0       string  \327\315\306\232        ms-windows metafont .wmf
0       string  \002\000\011\000        ms-windows metafont .wmf
0       string  \001\000\011\000        ms-windows metafont .wmf

#tz3 files whatever that is (MS Works files)
0	string	\003\001\001\004\070\001\000\000	tz3 ms-works file
0	string	\003\002\001\004\070\001\000\000	tz3 ms-works file
0	string	\003\003\001\004\070\001\000\000	tz3 ms-works file

# PGP sig files .sig
#0 string \211\000\077\003\005\000\063\237\127 065 to  \027\266\151\064\005\045\101\233\021\002 PGP sig
0 string \211\000\077\003\005\000\063\237\127\065\027\266\151\064\005\045\101\233\021\002 PGP sig
0 string \211\000\077\003\005\000\063\237\127\066\027\266\151\064\005\045\101\233\021\002 PGP sig
0 string \211\000\077\003\005\000\063\237\127\067\027\266\151\064\005\045\101\233\021\002 PGP sig
0 string \211\000\077\003\005\000\063\237\127\070\027\266\151\064\005\045\101\233\021\002 PGP sig
0 string \211\000\077\003\005\000\063\237\127\071\027\266\151\064\005\045\101\233\021\002 PGP sig
0 string \211\000\225\003\005\000\062\122\207\304\100\345\042 PGP sig

# windows zips files .dmf
0	string	MDIF\032\000\010\000\000\000\372\046\100\175\001\000\001\036\001\000 MS Windows special zipped file

# Windows help file FTG FTS
0	string	\164\146\115\122\012\000\000\000\001\000\000\000	MS Windows help cache

# grp old windows 3.1 group files
0 string  \120\115\103\103	MS Windows 3.1 group files

# lnk files windows symlinks
0	string	\114\000\000\000\001\024\002\000\000\000\000\000\300\000\000\000\000\000\000\106	MS Windows shortcut

#ico files
0	string	\102\101\050\000\000\000\056\000\000\000\000\000\000\000	Icon for MS Windows

# Windows icons (Ian Springer <ips@fpk.hp.com>)
0	string	\000\000\001\000	MS Windows icon resource
>4	byte	1			- 1 icon
>4	byte	>1			- %d icons
>>6	byte	>0			\b, %dx
>>>7	byte	>0			\b%d
>>8	byte	0			\b, 256-colors
>>8	byte	>0			\b, %d-colors

# .chr files
0	string	PK\010\010BGI	Borland font 
>4	string	>\0	%s
# then there is a copyright notice

# .bgi files
0	string	pk\010\010BGI	Borland device 
>4	string	>\0	%s
# then there is a copyright notice

# recycled/info the windows trash bin index
9	string	\000\000\000\030\001\000\000\000 MS Windows recycled bin info

##### put in Either Magic/font or Magic/news
# Acroread or something  files wrongly identified as G3  .pfm
# these have the form \000 \001 any? \002 \000 \000
# or \000 \001 any? \022 \000 \000
#0	string  \000\001 pfm?
#>3	string  \022\000\000Copyright\  yes
#>3	string  \002\000\000Copyright\  yes
#>3	string  >\0     oops, not a font file. Cancel that.
#it clashes with ttf files so put it lower down.

# From Doug Lee via a FreeBSD pr
9	string		GERBILDOC	First Choice document
9	string		GERBILDB	First Choice database
9	string		GERBILCLIP	First Choice database
0	string		GERBIL		First Choice device file
9	string		RABBITGRAPH	RabbitGraph file
0	string		DCU1		Borland Delphi .DCU file
0	string		=!<spell>	MKS Spell hash list (old format)
0	string		=!<spell2>	MKS Spell hash list
# Too simple - MPi
#0	string		AH		Halo(TM) bitmapped font file
0	lelong		0x08086b70	TurboC BGI file
0	lelong		0x08084b50	TurboC Font file

# WARNING: below line conflicts with Infocom game data Z-machine 3
0	byte		0x03		DBase 3 data file
>0x04	lelong		0		(no records)
>0x04	lelong		>0		(%ld records)
0	byte		0x83		DBase 3 data file with memo(s)
>0x04	lelong		0		(no records)
>0x04	lelong		>0		(%ld records)
0	leshort		0x0006		DBase 3 index file
0	string		PMCC		Windows 3.x .GRP file
1	string		RDC-meg		MegaDots 
>8	byte		>0x2F		version %c
>9	byte		>0x2F		\b.%c file
0	lelong		0x4C
>4	lelong		0x00021401	Windows shortcut file

# TNEF magic From "Joomy" <joomy@se-ed.net> 
0	leshort		0x223e9f78	TNEF

# HtmlHelp files (.chm)
0	string  ITSF\003\000\000\000\x60\000\000\000\001\000\000\000	MS Windows HtmlHelp Data

# GFA-BASIC (Wolfram Kleff)
2	string		GFA-BASIC3	GFA-BASIC 3 data

#------------------------------------------------------------------------------
# From Stuart Caie <kyzer@4u.net> (developer of cabextract)
# Microsoft Cabinet files
0	string		MSCF\0\0\0\0	Microsoft Cabinet archive data
>8	lelong		x		\b, %u bytes
>28	leshort		1		\b, 1 file
>28	leshort		>1		\b, %u files

# InstallShield Cabinet files
0	string		ISc(		InstallShield Cabinet archive data
>5	byte&0xf0	=0x60 		version 6,
>5	byte&0xf0	!0x60 		version 4/5,
>(12.l+40)	lelong	x		%u files

# Windows CE package files
0	string		MSCE\0\0\0\0	Microsoft WinCE install header
>20	lelong		0		\b, architecture-independent
>20	lelong		103		\b, Hitachi SH3
>20	lelong		104		\b, Hitachi SH4
>20	lelong		0xA11		\b, StrongARM
>20	lelong		4000		\b, MIPS R4000
>20	lelong		10003		\b, Hitachi SH3
>20	lelong		10004		\b, Hitachi SH3E
>20	lelong		10005		\b, Hitachi SH4
>20	lelong		70001		\b, ARM 7TDMI
>52	leshort		1 		\b, 1 file
>52	leshort		>1 		\b, %u files
>56	leshort		1 		\b, 1 registry entry
>56	leshort		>1 		\b, %u registry entries

# Outlook Personal Folders
0	lelong	0x4E444221	Microsoft Outlook binary email folder

# From: Dirk Jagdmann <doj@cubic.org>
0	lelong	0x00035f3f	Windows 3.x help file

# Christophe Monniez
0	string	Client\ UrlCache\ MMF 	Microsoft Internet Explorer Cache File
>20	string	>\0			Version %s
0	string	\xCF\xAD\x12\xFE	Microsoft Outlook Express DBX File
>4	byte	=0xC5			Message database
>4	byte	=0xC6			Folder database
>4	byte	=0xC7			Accounts informations
>4	byte	=0x30			Offline database

# Windows Enhanced Metafile (EMF)
# See msdn.microsoft.com/archive/en-us/dnargdi/html/msdn_enhmeta.asp 
# for further information. Note that "0 lelong 1" should be true i.e.
# the first double word in the file should be 1. With the extended
# syntax available by some file commands you could write:
# 0 lelong 1
# &40 ulelong 0x464D4520 Windows Enhanced Metafile (EMF) image data
40	ulelong 0x464D4520	Windows Enhanced Metafile (EMF) image data
>44	ulelong x		version 0x%x.
# If the description has a length greater than zero, it exists and is 
# found at offset (*64).
>64	ulelong >0		Description available at offset 0x%x
>>60	ulelong	>0		(length 0x%x)
# Note it would be better to print out the description, which is found 
# as below. Unfortunately the following only prints out the first couple
# of characters instead of all the "description length"
# number of characters -- indicated by the ulelong at offset 60.
>>(64.l)  lestring16 >0 Description: %15.15s

# From: Alex Beregszaszi <alex@fsn.hu>
0	string	COWD		VMWare3 disk image
>12	belong	x		%d bytes

0	string	VMDK		 VMware4 disk image

0	belong	0x514649fb	QEMU Copy-On-Write disk image
>4	belong	x		version %d,
>24	belong	x		size %d +
>28	belong	x		%d

0	string	QEVM		QEMU's suspend to disk image

0	string	Bochs\ Virtual\ HD\ Image	Bochs disk image,
>32	string	x				type %s,
>48	string	x				subtype %s

0	lelong	0x02468ace			Bochs Sparse disk image

# Dell system BIOS
0     string          $RBU
>23   string          Dell            %s system BIOS
>5    byte            2
>>48  byte            x               version %d.
>>49  byte            x               \b%d.
>>50  byte            x               \b%d
>5    byte            <2
>>48  string          x               version %.3s

#------------------------------------------------------------------------------
# msvc:  file(1) magic for msvc
# "H. Nanosecond" <aldomel@ix.netcom.com>
# Microsoft visual C
# 
# I have version 1.0

# .aps
0	string	HWB\000\377\001\000\000\000	Microsoft Visual C .APS file

# .ide
#too long 0	string	\102\157\162\154\141\156\144\040\103\053\053\040\120\162\157\152\145\143\164\040\106\151\154\145\012\000\032\000\002\000\262\000\272\276\372\316	MSVC .ide
0	string	\102\157\162\154\141\156\144\040\103\053\053\040\120\162\157	MSVC .ide

# .res
0	string	\000\000\000\000\040\000\000\000\377	MSVC .res
0	string	\377\003\000\377\001\000\020\020\350	MSVC .res
0	string	\377\003\000\377\001\000\060\020\350	MSVC .res

#.lib
0	string	\360\015\000\000	Microsoft Visual C library
0	string	\360\075\000\000	Microsoft Visual C library
0	string	\360\175\000\000	Microsoft Visual C library

#.pch
0	string	DTJPCH0\000\022\103\006\200	Microsoft Visual C .pch

# .pdb
# too long 0	string	Microsoft\ C/C++\ program\ database\ 
0	string	Microsoft\ C/C++\ 	MSVC program database
>18	string	program\ database\ 	
>33	string	>\0	ver %s

#.sbr
0	string	\000\002\000\007\000	MSVC .sbr
>5	string 	>\0	%s

#.bsc
0	string	\002\000\002\001	MSVC .bsc

#.wsp
0	string	1.00\ .0000.0000\000\003	MSVC .wsp version 1.0000.0000
# these seem to start with the version and contain menus
# ------------------------------------------------------------------------
# mup: file(1) magic for Mup (Music Publisher) input file.
#
# From: Abel Cheung <abel (@) oaka.org>
#
# NOTE: This header is mainly proposed in the Arkkra mailing list,
# and is not a mandatory header because of old mup input file
# compatibility. Noteedit also use mup format, but is not forcing
# user to use any header as well.
#
0		string		//!Mup		Mup music publication program input text
>6		string		-Arkkra		(Arkkra)
>>13		string		-		
>>>16		string		.		
>>>>14		string		x		\b, need V%.4s
>>>15		string		.		
>>>>14		string		x		\b, need V%.3s
>6		string		-		
>>9		string		.		
>>>7		string		x		\b, need V%.4s
>>8		string		.		
>>>7		string		x		\b, need V%.3s

#-----------------------------------------------------------------------------
# natinst:  file(1) magic for National Instruments Code Files

#
# From <egamez@fcfm.buap.mx> Enrique G�mez-Flores
# version 1
# Many formats still missing, we use, for the moment LabVIEW
# We guess VXI format file. VISA, LabWindowsCVI, BridgeVIEW, etc, are missing
#
0       string          RSRC            National Instruments,
# Check if it's a LabVIEW File
>8      string          LV              LabVIEW File,
# Check wich kind of file is
>>10    string          SB              Code Resource File, data
>>10    string          IN              Virtual Instrument Program, data
>>10    string          AR              VI Library, data
# This is for Menu Libraries
>8      string          LMNULBVW        Portable File Names, data
# This is for General Resources
>8      string          rsc             Resources File, data
# This is for VXI Package
0       string          VMAP            National Instruments, VXI File, data

#------------------------------------------------------------------------------
# ncr:  file(1) magic for NCR Tower objects
#
# contributed by
# Michael R. Wayne  ***  TMC & Associates  ***  INTERNET: wayne@ford-vax.arpa
# uucp: {philabs | pyramid} !fmsrl7!wayne   OR   wayne@fmsrl7.UUCP
#
0	beshort		000610	Tower/XP rel 2 object
>12	   belong		>0	not stripped
>20	   beshort		0407	executable
>20	   beshort		0410	pure executable
>22	   beshort		>0	- version %ld
0	beshort		000615	Tower/XP rel 2 object
>12	   belong		>0	not stripped
>20	   beshort		0407	executable
>20	   beshort		0410	pure executable
>22	   beshort		>0	- version %ld
0	beshort		000620	Tower/XP rel 3 object
>12	   belong		>0	not stripped
>20	   beshort		0407	executable
>20	   beshort		0410	pure executable
>22	   beshort		>0	- version %ld
0	beshort		000625	Tower/XP rel 3 object
>12	   belong		>0	not stripped
>20	   beshort		0407	executable
>20	   beshort		0410	pure executable
>22	   beshort		>0	- version %ld
0	beshort		000630	Tower32/600/400 68020 object
>12	   belong		>0	not stripped
>20	   beshort		0407	executable
>20	   beshort		0410	pure executable
>22	   beshort		>0	- version %ld
0	beshort		000640	Tower32/800 68020
>18	   beshort		&020000	w/68881 object
>18	   beshort		&040000	compatible object
>18	   beshort		&060000	object
>20	   beshort		0407	executable
>20	   beshort		0413	pure executable
>12	   belong		>0	not stripped
>22	   beshort		>0	- version %ld
0	beshort		000645	Tower32/800 68010
>18	   beshort		&040000	compatible object
>18	   beshort		&060000 object
>20	   beshort		0407	executable
>20	   beshort		0413	pure executable
>12	   belong		>0	not stripped
>22	   beshort		>0	- version %ld

#------------------------------------------------------------------------------
# netbsd:  file(1) magic for NetBSD objects
#
# All new-style magic numbers are in network byte order.
#

0	lelong			000000407	a.out NetBSD little-endian object file
>16	lelong			>0		not stripped
0	belong			000000407	a.out NetBSD big-endian object file
>16	belong			>0		not stripped

0	belong&0377777777	041400413	a.out NetBSD/i386 demand paged
>0	byte			&0x80		
>>20	lelong			<4096		shared library
>>20	lelong			=4096		dynamically linked executable
>>20	lelong			>4096		dynamically linked executable
>0	byte			^0x80		executable
>16	lelong			>0		not stripped
0	belong&0377777777	041400410	a.out NetBSD/i386 pure
>0	byte			&0x80		dynamically linked executable
>0	byte			^0x80		executable
>16	lelong			>0		not stripped
0	belong&0377777777	041400407	a.out NetBSD/i386
>0	byte			&0x80		dynamically linked executable
>0	byte			^0x80
>>0	byte			&0x40		position independent
>>20	lelong			!0		executable
>>20	lelong			=0		object file
>16	lelong			>0		not stripped
0	belong&0377777777	041400507	a.out NetBSD/i386 core
>12	string			>\0		from '%s'
>32	lelong			!0		(signal %d)

0	belong&0377777777	041600413	a.out NetBSD/m68k demand paged
>0	byte			&0x80		
>>20	belong			<8192		shared library
>>20	belong			=8192		dynamically linked executable
>>20	belong			>8192		dynamically linked executable
>0	byte			^0x80		executable
>16	belong			>0		not stripped
0	belong&0377777777	041600410	a.out NetBSD/m68k pure
>0	byte			&0x80		dynamically linked executable
>0	byte			^0x80		executable
>16	belong			>0		not stripped
0	belong&0377777777	041600407	a.out NetBSD/m68k
>0	byte			&0x80		dynamically linked executable
>0	byte			^0x80
>>0	byte			&0x40		position independent
>>20	belong			!0		executable
>>20	belong			=0		object file
>16	belong			>0		not stripped
0	belong&0377777777	041600507	a.out NetBSD/m68k core
>12	string			>\0		from '%s'
>32	belong			!0		(signal %d)

0	belong&0377777777	042000413	a.out NetBSD/m68k4k demand paged
>0	byte			&0x80		
>>20	belong			<4096		shared library
>>20	belong			=4096		dynamically linked executable
>>20	belong			>4096		dynamically linked executable
>0	byte			^0x80		executable
>16	belong			>0		not stripped
0	belong&0377777777	042000410	a.out NetBSD/m68k4k pure
>0	byte			&0x80		dynamically linked executable
>0	byte			^0x80		executable
>16	belong			>0		not stripped
0	belong&0377777777	042000407	a.out NetBSD/m68k4k
>0	byte			&0x80		dynamically linked executable
>0	byte			^0x80
>>0	byte			&0x40		position independent
>>20	belong			!0		executable
>>20	belong			=0		object file
>16	belong			>0		not stripped
0	belong&0377777777	042000507	a.out NetBSD/m68k4k core
>12	string			>\0		from '%s'
>32	belong			!0		(signal %d)

0	belong&0377777777	042200413	a.out NetBSD/ns32532 demand paged
>0	byte			&0x80		
>>20	lelong			<4096		shared library
>>20	lelong			=4096		dynamically linked executable
>>20	lelong			>4096		dynamically linked executable
>0	byte			^0x80		executable
>16	lelong			>0		not stripped
0	belong&0377777777	042200410	a.out NetBSD/ns32532 pure
>0	byte			&0x80		dynamically linked executable
>0	byte			^0x80		executable
>16	lelong			>0		not stripped
0	belong&0377777777	042200407	a.out NetBSD/ns32532
>0	byte			&0x80		dynamically linked executable
>0	byte			^0x80
>>0	byte			&0x40		position independent
>>20	lelong			!0		executable
>>20	lelong			=0		object file
>16	lelong			>0		not stripped
0	belong&0377777777	042200507	a.out NetBSD/ns32532 core
>12	string			>\0		from '%s'
>32	lelong			!0		(signal %d)

0	belong&0377777777	045200507	a.out NetBSD/powerpc core
>12	string			>\0		from '%s'

0	belong&0377777777	042400413	a.out NetBSD/sparc demand paged
>0	byte			&0x80		
>>20	belong			<8192		shared library
>>20	belong			=8192		dynamically linked executable
>>20	belong			>8192		dynamically linked executable
>0	byte			^0x80		executable
>16	belong			>0		not stripped
0	belong&0377777777	042400410	a.out NetBSD/sparc pure
>0	byte			&0x80		dynamically linked executable
>0	byte			^0x80		executable
>16	belong			>0		not stripped
0	belong&0377777777	042400407	a.out NetBSD/sparc
>0	byte			&0x80		dynamically linked executable
>0	byte			^0x80
>>0	byte			&0x40		position independent
>>20	belong			!0		executable
>>20	belong			=0		object file
>16	belong			>0		not stripped
0	belong&0377777777	042400507	a.out NetBSD/sparc core
>12	string			>\0		from '%s'
>32	belong			!0		(signal %d)

0	belong&0377777777	042600413	a.out NetBSD/pmax demand paged
>0	byte			&0x80		
>>20	lelong			<4096		shared library
>>20	lelong			=4096		dynamically linked executable
>>20	lelong			>4096		dynamically linked executable
>0	byte			^0x80		executable
>16	lelong			>0		not stripped
0	belong&0377777777	042600410	a.out NetBSD/pmax pure
>0	byte			&0x80		dynamically linked executable
>0	byte			^0x80		executable
>16	lelong			>0		not stripped
0	belong&0377777777	042600407	a.out NetBSD/pmax
>0	byte			&0x80		dynamically linked executable
>0	byte			^0x80
>>0	byte			&0x40		position independent
>>20	lelong			!0		executable
>>20	lelong			=0		object file
>16	lelong			>0		not stripped
0	belong&0377777777	042600507	a.out NetBSD/pmax core
>12	string			>\0		from '%s'
>32	lelong			!0		(signal %d)

0	belong&0377777777	043000413	a.out NetBSD/vax 1k demand paged
>0	byte			&0x80		
>>20	lelong			<4096		shared library
>>20	lelong			=4096		dynamically linked executable
>>20	lelong			>4096		dynamically linked executable
>0	byte			^0x80		executable
>16	lelong			>0		not stripped
0	belong&0377777777	043000410	a.out NetBSD/vax 1k pure
>0	byte			&0x80		dynamically linked executable
>0	byte			^0x80		executable
>16	lelong			>0		not stripped
0	belong&0377777777	043000407	a.out NetBSD/vax 1k
>0	byte			&0x80		dynamically linked executable
>0	byte			^0x80
>>0	byte			&0x40		position independent
>>20	lelong			!0		executable
>>20	lelong			=0		object file
>16	lelong			>0		not stripped
0	belong&0377777777	043000507	a.out NetBSD/vax 1k core
>12	string			>\0		from '%s'
>32	lelong			!0		(signal %d)

0	belong&0377777777	045400413	a.out NetBSD/vax 4k demand paged
>0	byte			&0x80		
>>20	lelong			<4096		shared library
>>20	lelong			=4096		dynamically linked executable
>>20	lelong			>4096		dynamically linked executable
>0	byte			^0x80		executable
>16	lelong			>0		not stripped
0	belong&0377777777	045400410	a.out NetBSD/vax 4k pure
>0	byte			&0x80		dynamically linked executable
>0	byte			^0x80		executable
>16	lelong			>0		not stripped
0	belong&0377777777	045400407	a.out NetBSD/vax 4k
>0	byte			&0x80		dynamically linked executable
>0	byte			^0x80
>>0	byte			&0x40		position independent
>>20	lelong			!0		executable
>>20	lelong			=0		object file
>16	lelong			>0		not stripped
0	belong&0377777777	045400507	a.out NetBSD/vax 4k core
>12	string			>\0		from '%s'
>32	lelong			!0		(signal %d)

# NetBSD/alpha does not support (and has never supported) a.out objects,
# so no rules are provided for them.  NetBSD/alpha ELF objects are 
# dealt with in "elf".
0	lelong		0x00070185		ECOFF NetBSD/alpha binary
>10	leshort		0x0001			not stripped
>10	leshort		0x0000			stripped
0	belong&0377777777	043200507	a.out NetBSD/alpha core
>12	string			>\0		from '%s'
>32	lelong			!0		(signal %d)

0	belong&0377777777	043400413	a.out NetBSD/mips demand paged
>0	byte			&0x80		
>>20	belong			<8192		shared library
>>20	belong			=8192		dynamically linked executable
>>20	belong			>8192		dynamically linked executable
>0	byte			^0x80		executable
>16	belong			>0		not stripped
0	belong&0377777777	043400410	a.out NetBSD/mips pure
>0	byte			&0x80		dynamically linked executable
>0	byte			^0x80		executable
>16	belong			>0		not stripped
0	belong&0377777777	043400407	a.out NetBSD/mips
>0	byte			&0x80		dynamically linked executable
>0	byte			^0x80
>>0	byte			&0x40		position independent
>>20	belong			!0		executable
>>20	belong			=0		object file
>16	belong			>0		not stripped
0	belong&0377777777	043400507	a.out NetBSD/mips core
>12	string			>\0		from '%s'
>32	belong			!0		(signal %d)

0	belong&0377777777	043600413	a.out NetBSD/arm32 demand paged
>0	byte			&0x80
>>20	lelong			<4096		shared library
>>20	lelong			=4096		dynamically linked executable
>>20	lelong			>4096		dynamically linked executable
>0	byte			^0x80		executable
>16	lelong			>0		not stripped
0	belong&0377777777	043600410	a.out NetBSD/arm32 pure
>0	byte			&0x80		dynamically linked executable
>0	byte			^0x80		executable
>16	lelong			>0		not stripped
0	belong&0377777777	043600407	a.out NetBSD/arm32
>0	byte			&0x80		dynamically linked executable
>0	byte			^0x80
>>0	byte			&0x40		position independent
>>20	lelong			!0		executable
>>20	lelong			=0		object file
>16	lelong			>0		not stripped
# NetBSD/arm26 has always used ELF objects, but it shares a core file
# format with NetBSD/arm32.
0	belong&0377777777	043600507	a.out NetBSD/arm core
>12	string			>\0		from '%s'
>32	lelong			!0		(signal %d)

#------------------------------------------------------------------------------
# netscape:  file(1) magic for Netscape files
# "H. Nanosecond" <aldomel@ix.netcom.com>
# version 3 and 4 I think
#

# Netscape Address book  .nab
0	string \000\017\102\104\000\000\000\000\000\000\001\000\000\000\000\002\000\000\000\002\000\000\004\000 Netscape Address book

# Netscape Communicator address book
0   string   \000\017\102\111 Netscape Communicator address book

# .snm Caches
0	string		#\ Netscape\ folder\ cache	Netscape folder cache
0	string	\000\036\204\220\000	Netscape folder cache
# .n2p 
# Net 2 Phone 
#0	string	123\130\071\066\061\071\071\071\060\070\061\060\061\063\060
0	string	SX961999	Net2phone

#
#This is files ending in .art, FIXME add more rules
0       string          JG\004\016\0\0\0\0      ART

#------------------------------------------------------------------------------
# news:  file(1) magic for SunOS NeWS fonts (not "news" as in "netnews")
#
0	string		StartFontMetrics	ASCII font metrics
0	string		StartFont	ASCII font bits
0	belong		0x137A2944	NeWS bitmap font
0	belong		0x137A2947	NeWS font family
0	belong		0x137A2950	scalable OpenFont binary
0	belong		0x137A2951	encrypted scalable OpenFont binary
8	belong		0x137A2B45	X11/NeWS bitmap font
8	belong		0x137A2B48	X11/NeWS font family
#------------------------------------------------------------------------------
# nitpicker:  file(1) magic for Flowfiles.
# From: Christian Jachmann <C.Jachmann@gmx.net> http://www.nitpicker.de
0	string	NPFF	NItpicker Flow File 
>4	byte	x	V%d.
>5	byte	x	%d
>6	bedate	x	started: %s
>10	bedate	x	stopped: %s
>14	belong	x	Bytes: %u
>18	belong	x	Bytes1: %u
>22	belong	x	Flows: %u
>26	belong	x	Pkts: %u

#------------------------------------------------------------------------------
# ocaml: file(1) magic for Objective Caml files.
0	string	Caml1999	Objective caml
>8	string	X		exec file
>8	string	I		interface file (.cmi)
>8	string	O		object file (.cmo)
>8	string	A		library file (.cma)
>8	string	Y		native object file (.cmx)
>8	string	Z		native library file (.cmxa)
>8	string	M		abstract syntax tree implementation file
>8	string	N		abstract syntax tree interface file
>9	string	>\0		(Version %3.3s).
#------------------------------------------------------------------------------
# octave binary data file(1) magic, from Dirk Eddelbuettel <edd@debian.org>
0	string		Octave-1-L	Octave binary data (little endian)
0	string		Octave-1-B	Octave binary data (big endian)

#------------------------------------------------------------------------------
# olf:  file(1) magic for OLF executables
#
# We have to check the byte order flag to see what byte order all the
# other stuff in the header is in.
#
# MIPS R3000 may also be for MIPS R2000.
# What're the correct byte orders for the nCUBE and the Fujitsu VPP500?
#
# Created by Erik Theisen <etheisen@openbsd.org>
# Based on elf from Daniel Quinlan <quinlan@yggdrasil.com>
0	string		\177OLF		OLF
>4	byte		0		invalid class
>4	byte		1		32-bit
>4	byte		2		64-bit
>7	byte		0		invalid os
>7	byte		1		OpenBSD
>7	byte		2		NetBSD
>7	byte		3		FreeBSD
>7	byte		4		4.4BSD
>7	byte		5		Linux
>7	byte		6		SVR4
>7	byte		7		esix
>7	byte		8		Solaris
>7	byte		9		Irix
>7	byte		10		SCO
>7	byte		11		Dell
>7	byte		12		NCR
>5	byte		0		invalid byte order
>5	byte		1		LSB
>>16	leshort		0		no file type,
>>16	leshort		1		relocatable,
>>16	leshort		2		executable,
>>16	leshort		3		shared object,
# Core handling from Peter Tobias <tobias@server.et-inf.fho-emden.de>
# corrections by Christian 'Dr. Disk' Hechelmann <drdisk@ds9.au.s.shuttle.de>
>>16	leshort		4		core file
>>>(0x38+0xcc) string	>\0		of '%s'
>>>(0x38+0x10) lelong	>0		(signal %d),
>>16	leshort		&0xff00		processor-specific,
>>18	leshort		0		no machine,
>>18	leshort		1		AT&T WE32100 - invalid byte order,
>>18	leshort		2		SPARC - invalid byte order,
>>18	leshort		3		Intel 80386,
>>18	leshort		4		Motorola 68000 - invalid byte order,
>>18	leshort		5		Motorola 88000 - invalid byte order,
>>18	leshort		6		Intel 80486,
>>18	leshort		7		Intel 80860,
>>18	leshort		8		MIPS R3000_BE - invalid byte order,
>>18	leshort		9		Amdahl - invalid byte order,
>>18	leshort		10		MIPS R3000_LE,
>>18	leshort		11		RS6000 - invalid byte order,
>>18	leshort		15		PA-RISC - invalid byte order,
>>18	leshort		16		nCUBE,
>>18	leshort		17		VPP500,
>>18	leshort		18		SPARC32PLUS,
>>18	leshort		20		PowerPC,
>>18	leshort		0x9026		Alpha,
>>20	lelong		0		invalid version
>>20	lelong		1		version 1
>>36	lelong		1		MathCoPro/FPU/MAU Required
>8	string		>\0		(%s)
>5	byte		2		MSB
>>16	beshort		0		no file type,
>>16	beshort		1		relocatable,
>>16	beshort		2		executable,
>>16	beshort		3		shared object,
>>16	beshort		4		core file,
>>>(0x38+0xcc) string	>\0		of '%s'
>>>(0x38+0x10) belong	>0		(signal %d),
>>16	beshort		&0xff00		processor-specific,
>>18	beshort		0		no machine,
>>18	beshort		1		AT&T WE32100,
>>18	beshort		2		SPARC,
>>18	beshort		3		Intel 80386 - invalid byte order,
>>18	beshort		4		Motorola 68000,
>>18	beshort		5		Motorola 88000,
>>18	beshort		6		Intel 80486 - invalid byte order,
>>18	beshort		7		Intel 80860,
>>18	beshort		8		MIPS R3000_BE,
>>18	beshort		9		Amdahl,
>>18	beshort		10		MIPS R3000_LE - invalid byte order,
>>18	beshort		11		RS6000,
>>18	beshort		15		PA-RISC,
>>18	beshort		16		nCUBE,
>>18	beshort		17		VPP500,
>>18	beshort		18		SPARC32PLUS,
>>18	beshort		20		PowerPC or cisco 4500,
>>18	beshort		21		cisco 7500,
>>18	beshort		24		cisco SVIP,
>>18	beshort		25		cisco 7200,
>>18	beshort		36		cisco 12000,
>>18	beshort		0x9026		Alpha,
>>20	belong		0		invalid version
>>20	belong		1		version 1
>>36	belong		1		MathCoPro/FPU/MAU Required

#------------------------------------------------------------------------------
# os2:  file(1) magic for OS/2 files
#

# Provided 1998/08/22 by
# David Mediavilla <davidme.news@REMOVEIFNOTSPAMusa.net>
1	string	InternetShortcut	MS Windows 95 Internet shortcut text
>24	string	>\			(URL=<%s>)

# OS/2 URL objects
# Provided 1998/08/22 by
# David Mediavilla <davidme.news@REMOVEIFNOTSPAMusa.net>
#0	string	http:			OS/2 URL object text
#>5	string	>\			(WWW) <http:%s>
#0	string	mailto:			OS/2 URL object text
#>7	string	>\			(email) <%s>
#0	string	news:			OS/2 URL object text
#>5	string	>\			(Usenet) <%s>
#0	string	ftp:			OS/2 URL object text
#>4	string	>\			(FTP) <ftp:%s>
#0	string	file:			OS/2 URL object text
#>5	string	>\			(Local file) <%s>

# >>>>> OS/2 INF/HLP <<<<<  (source: Daniel Dissett ddissett@netcom.com)
# Carl Hauser (chauser.parc@xerox.com) and 
# Marcus Groeber (marcusg@ph-cip.uni-koeln.de)
# list the following header format in inf02a.doc:
#
#  int16 ID;           // ID magic word (5348h = "HS")
#  int8  unknown1;     // unknown purpose, could be third letter of ID
#  int8  flags;        // probably a flag word...
#                      //  bit 0: set if INF style file
#                      //  bit 4: set if HLP style file
#                      // patching this byte allows reading HLP files
#                      // using the VIEW command, while help files 
#                      // seem to work with INF settings here as well.
#  int16 hdrsize;      // total size of header
#  int16 unknown2;     // unknown purpose
# 
0   string  HSP\x01\x9b\x00 OS/2 INF
>107 string >0                      (%s)
0   string  HSP\x10\x9b\x00     OS/2 HLP
>107 string >0                      (%s)

# OS/2 INI (this is a guess)
0  string   \xff\xff\xff\xff\x14\0\0\0  OS/2 INI
#
# Copyright (c) 1996 Ignatios Souvatzis. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
#    notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
#    notice, this list of conditions and the following disclaimer in the
#    documentation and/or other materials provided with the distribution.
# 3. All advertising materials mentioning features or use of this software
#    must display the following acknowledgement:
#      This product includes software developed by Ignatios Souvatzis for
#      the NetBSD project.
# 4. The name of the author may not be used to endorse or promote products
#    derived from this software without specific prior written permission.
#
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  
# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
#
#
# OS9/6809 module descriptions:
#
0	beshort		0x87CD	OS9/6809 module:
#
>6	byte&0x0f	0x00	non-executable
>6	byte&0x0f	0x01	machine language
>6	byte&0x0f	0x02	BASIC I-code
>6	byte&0x0f	0x03	Pascal P-code
>6	byte&0x0f	0x04	C I-code
>6	byte&0x0f	0x05	COBOL I-code
>6	byte&0x0f	0x06	Fortran I-code
#
>6	byte&0xf0	0x10	program executable
>6	byte&0xf0	0x20	subroutine
>6	byte&0xf0	0x30	multi-module
>6	byte&0xf0	0x40	data module
#
>6	byte&0xf0	0xC0	system module
>6	byte&0xf0	0xD0	file manager
>6	byte&0xf0	0xE0	device driver
>6	byte&0xf0	0xF0	device descriptor
#
# OS9/m68k stuff (to be continued)
#
0	beshort		0x4AFC	OS9/68K module:
#
# attr
>0x14	byte&0x80	0x80	re-entrant
>0x14	byte&0x40	0x40	ghost
>0x14	byte&0x20	0x20	system-state
#
# lang:
#
>0x13	byte		1	machine language
>0x13	byte		2	BASIC I-code
>0x13	byte		3	Pascal P-code
>0x13	byte		4	C I-code
>0x13	byte		5	COBOL I-code
>0x13	byte		6	Fortran I-code
#
#
# type:
#
>0x12	byte		1	program executable
>0x12	byte		2	subroutine
>0x12	byte		3	multi-module
>0x12	byte		4	data module
>0x12	byte		11	trap library
>0x12	byte		12	system module
>0x12	byte		13	file manager
>0x12	byte		14	device driver
>0x12	byte		15	device descriptor
#
# Mach magic number info
#
0	long		0xefbe	OSF/Rose object
# I386 magic number info
#
0	short		0565	i386 COFF object

#------------------------------------------------------------------------------
# palm:  file(1) magic for PalmOS {.prc,.pdb}: applications, docfiles, and hacks
#
# Brian Lalor <blalor@hcirisc.cs.binghamton.edu>

# appl
60      belong                  0x6170706c      PalmOS application
>0      string                  >\0             "%s"
# TEXt
60      belong                  0x54455874      AportisDoc file
>0      string                  >\0             "%s"
# HACK
60      belong                  0x4841434b      HackMaster hack
>0      string                  >\0             "%s"

# Variety of PalmOS document types
# Michael-John Turner <mj@debian.org>
# Thanks to Hasan Umit Ezerce <humit@tr-net.net.tr> for his DocType
60	string	                BVokBDIC	BDicty PalmOS document
>0	string                  >\0             "%s"
60	string	                DB99DBOS	DB PalmOS document
>0	string                  >\0             "%s"
60	string	                vIMGView	FireViewer/ImageViewer PalmOS document
>0	string                  >\0             "%s"
60	string	                PmDBPmDB	HanDBase PalmOS document
>0	string                  >\0             "%s"
60	string	                InfoINDB	InfoView PalmOS document
>0	string                  >\0             "%s"
60	string	                ToGoToGo	iSilo PalmOS document
>0	string                  >\0             "%s"
60	string	                JfDbJBas	JFile PalmOS document
>0	string                  >\0             "%s"
60	string	                JfDbJFil	JFile Pro PalmOS document
>0	string                  >\0             "%s"
60	string	                DATALSdb	List PalmOS document
>0	string                  >\0             "%s"
60	string	                Mdb1Mdb1	MobileDB PalmOS document
>0	string                  >\0             "%s"
60	string	                PNRdPPrs	PeanutPress PalmOS document
>0	string                  >\0             "%s"
60	string	                DataPlkr	Plucker PalmOS document
>0	string                  >\0             "%s"
60	string	                DataSprd	QuickSheet PalmOS document
>0	string                  >\0             "%s"
60	string	                SM01SMem	SuperMemo PalmOS document
>0	string                  >\0             "%s"
60	string	                DataTlPt	TealDoc PalmOS document
>0	string                  >\0             "%s"
60	string	                InfoTlIf	TealInfo PalmOS document
>0	string                  >\0             "%s"
60	string	                DataTlMl	TealMeal PalmOS document
>0	string                  >\0             "%s"
60	string	                DataTlPt	TealPaint PalmOS document
>0	string                  >\0             "%s"
60	string	                dataTDBP	ThinkDB PalmOS document
>0	string                  >\0             "%s"
60	string	                TdatTide	Tides PalmOS document
>0	string                  >\0             "%s"
60	string	                ToRaTRPW	TomeRaider PalmOS document
>0	string                  >\0             "%s"

# A GutenPalm zTXT etext for use on Palm Pilots (http://gutenpalm.sf.net)
# For version 1.xx zTXTs, outputs version and numbers of bookmarks and
#   annotations.
# For other versions, just outputs version.
#
60		string		zTXT		A GutenPalm zTXT e-book
>0		string		>\0		"%s"
>(0x4E.L)	byte		0
>>(0x4E.L+1)	byte		x		(v0.%02d)
>(0x4E.L)	byte		1
>>(0x4E.L+1)	byte		x		(v1.%02d)
>>>(0x4E.L+10)	beshort		>0
>>>>(0x4E.L+10) beshort		<2		- 1 bookmark
>>>>(0x4E.L+10) beshort		>1		- %d bookmarks
>>>(0x4E.L+14)	beshort		>0
>>>>(0x4E.L+14) beshort		<2		- 1 annotation
>>>>(0x4E.L+14) beshort		>1		- %d annotations
>(0x4E.L)	byte		>1		(v%d.
>>(0x4E.L+1)	byte		x		%02d)

# Palm OS .prc file types
60		string		libr		Palm OS dynamic library data
>0		string		>\0		"%s"
60		string		ptch		Palm OS operating system patch data
>0		string		>\0		"%s"

# Mobipocket (www.mobipocket.com), donated by Carl Witty
60	string	                BOOKMOBI	Mobipocket E-book
>0	string                  >\0             "%s"

#------------------------------------------------------------------------------
#
# Parix COFF executables
# From: Ignatios Souvatzis <ignatios@cs.uni-bonn.de>
#
0	beshort&0xfff	0xACE	PARIX
>0	byte&0xf0	0x80	T800
>0	byte&0xf0	0x90	T9000
>19	byte&0x02	0x02	executable
>19	byte&0x02	0x00	object
>19	byte&0x0c	0x00	not stripped

#------------------------------------------------------------------------------
# pbm:  file(1) magic for Portable Bitmap files
#
# XXX - byte order?
#
0	short	0x2a17	"compact bitmap" format (Poskanzer)
#------------------------------------------------------------------------------
# pdf:  file(1) magic for Portable Document Format
#

0	string		%PDF-		PDF document
>5	byte		x		\b, version %c
>7	byte		x		\b.%c

#------------------------------------------------------------------------------
# pdp:  file(1) magic for PDP-11 executable/object and APL workspace
#
0	lelong		0101555		PDP-11 single precision APL workspace
0	lelong		0101554		PDP-11 double precision APL workspace
#
# PDP-11 a.out
#
0	leshort		0407		PDP-11 executable
>8	leshort		>0		not stripped
>15	byte		>0		- version %ld

0	leshort		0401		PDP-11 UNIX/RT ldp
0	leshort		0405		PDP-11 old overlay

0	leshort		0410		PDP-11 pure executable
>8	leshort		>0		not stripped
>15	byte		>0		- version %ld

0	leshort		0411		PDP-11 separate I&D executable
>8	leshort		>0		not stripped
>15	byte		>0		- version %ld

0	leshort		0437		PDP-11 kernel overlay

# These last three are derived from 2.11BSD file(1)
0	leshort		0413		PDP-11 demand-paged pure executable
>8	leshort		>0		not stripped

0	leshort		0430		PDP-11 overlaid pure executable
>8	leshort		>0		not stripped

0	leshort		0431		PDP-11 overlaid separate executable
>8	leshort		>0		not stripped

#------------------------------------------------------------------------------
# perl:  file(1) magic for Larry Wall's perl language.
#
# The ``eval'' line recognizes an outrageously clever hack for USG systems.
# Keith Waclena <keith@cerberus.uchicago.edu>
# Send additions to <perl5-porters@perl.org>
0	string/b	#!\ /bin/perl			perl script text executable
0	string		eval\ "exec\ /bin/perl		perl script text
0	string/b	#!\ /usr/bin/perl		perl script text executable
0	string		eval\ "exec\ /usr/bin/perl	perl script text
0	string/b	#!\ /usr/local/bin/perl		perl script text
0	string		eval\ "exec\ /usr/local/bin/perl	perl script text executable
0	string		eval\ '(exit\ $?0)'\ &&\ eval\ 'exec	perl script text

# a couple more, by me
# XXX: christos matches
#0	regex		package		Perl5 module source text (via regex)
0	string		package		Perl5 module source text

# Perl POD documents
# From: Tom Hukins <tom@eborcom.com>
0	string/B	\=pod\n		Perl POD document
0	string/B	\n\=pod\n	Perl POD document
0	string/B	\=head1\ 	Perl POD document
0	string/B	\n\=head1\ 	Perl POD document
0	string/B	\=head2\ 	Perl POD document
0	string/B	\n\=head2\ 	Perl POD document

# Perl Storable data files.
0	string	perl-store	perl Storable(v0.6) data
>4	byte	>0	(net-order %d)
>>4	byte	&01	(network-ordered)
>>4	byte	=3	(major 1)
>>4	byte	=2	(major 1)

0	string	pst0	perl Storable(v0.7) data
>4	byte	>0
>>4	byte	&01	(network-ordered)
>>4	byte	=5	(major 2)
>>4	byte	=4	(major 2)
>>5	byte	>0	(minor %d)

#------------------------------------------------------------------------------
# pgp:  file(1) magic for Pretty Good Privacy
#
0       beshort         0x9900                  PGP key public ring
0       beshort         0x9501                  PGP key security ring
0       beshort         0x9500                  PGP key security ring
0	beshort		0xa600			PGP encrypted data
0       string          -----BEGIN\040PGP       PGP armored data
>15     string          PUBLIC\040KEY\040BLOCK- public key block
>15     string          MESSAGE-                message
>15     string          SIGNED\040MESSAGE-      signed message
>15     string          PGP\040SIGNATURE-       signature

#------------------------------------------------------------------------------
# pkgadd:  file(1) magic for SysV R4 PKG Datastreams
#
0       string          #\ PaCkAgE\ DaTaStReAm  pkg Datastream (SVR4)

#------------------------------------------------------------------------------
# plan9:  file(1) magic for AT&T Bell Labs' Plan 9 executables
# From: "Stefan A. Haubenthal" <polluks@web.de>
#
0	belong		0x00000107	Plan 9 executable, Motorola 68k
0	belong		0x000001EB	Plan 9 executable, Intel 386
0	belong		0x00000247	Plan 9 executable, Intel 960
0	belong		0x000002AB	Plan 9 executable, SPARC
0	belong		0x00000407	Plan 9 executable, MIPS R3000
0	belong		0x0000048B	Plan 9 executable, AT&T DSP 3210
0	belong		0x00000517	Plan 9 executable, MIPS R4000 BE
0	belong		0x000005AB	Plan 9 executable, AMD 29000
0	belong		0x00000647	Plan 9 executable, ARM 7-something
0	belong		0x000006EB	Plan 9 executable, PowerPC
0	belong		0x00000797	Plan 9 executable, MIPS R4000 LE
0	belong		0x0000084B	Plan 9 executable, DEC Alpha

#------------------------------------------------------------------------------
# plus5:  file(1) magic for Plus Five's UNIX MUMPS
#
# XXX - byte order?  Paging Hokey....
#
0	short		0x259		mumps avl global
>2	byte		>0		(V%d)
>6	byte		>0		with %d byte name
>7	byte		>0		and %d byte data cells
0	short		0x25a		mumps blt global
>2	byte		>0		(V%d)
>8	short		>0		- %d byte blocks
>15	byte		0x00		- P/D format
>15	byte		0x01		- P/K/D format
>15	byte		0x02		- K/D format
>15	byte		>0x02		- Bad Flags

#------------------------------------------------------------------------------
# printer:  file(1) magic for printer-formatted files
#

# PostScript, updated by Daniel Quinlan (quinlan@yggdrasil.com)
0	string		%!		PostScript document text
>2	string		PS-Adobe-	conforming
>>11	string		>\0		at level %.3s
>>>15	string		EPS		- type %s
>>>15	string		Query		- type %s
>>>15	string		ExitServer	- type %s
# Some PCs have the annoying habit of adding a ^D as a document separator
0	string		\004%!		PostScript document text
>3	string		PS-Adobe-	conforming
>>12	string		>\0		at level %.3s
>>>16	string		EPS		- type %s
>>>16	string		Query		- type %s
>>>16	string		ExitServer	- type %s
0	string		\033%-12345X%!PS	PostScript document

# DOS EPS Binary File Header
# From: Ed Sznyter <ews@Black.Market.NET>
0       belong          0xC5D0D3C6      DOS EPS Binary File
>4      long            >0              Postscript starts at byte %d
>>8     long            >0              length %d
>>>12   long            >0              Metafile starts at byte %d
>>>>16  long            >0              length %d
>>>20   long            >0              TIFF starts at byte %d
>>>>24  long            >0              length %d

# Adobe's PostScript Printer Description (PPD) files
#       Yves Arrouye <arrouye@marin.fdn.fr>
#
0	string		*PPD-Adobe:\x20	PPD file
>&0	string		x		\b, version %s

# HP Printer Job Language
0	string		\033%-12345X@PJL	HP Printer Job Language data
# HP Printer Job Language
# The header found on Win95 HP plot files is the "Silliest Thing possible" 
# (TM)
# Every driver puts the language at some random position, with random case
# (LANGUAGE and Language)
# For example the LaserJet 5L driver puts the "PJL ENTER LANGUAGE" in line 10
# From: Uwe Bonnes <bon@elektron.ikp.physik.th-darmstadt.de>
# 
0	string		\033%-12345X@PJL	HP Printer Job Language data
>&0	string		>\0			%s			
>>&0	string		>\0			%s			
>>>&0	string		>\0			%s		
>>>>&0	string		>\0			%s		
#>15	string		\ ENTER\ LANGUAGE\ =
#>31	string		PostScript		PostScript

# HP Printer Control Language, Daniel Quinlan (quinlan@yggdrasil.com)
0	string		\033E\033	HP PCL printer data
>3	string		\&l0A		- default page size
>3	string		\&l1A		- US executive page size
>3	string		\&l2A		- US letter page size
>3	string		\&l3A		- US legal page size
>3	string		\&l26A		- A4 page size
>3	string		\&l80A		- Monarch envelope size
>3	string		\&l81A		- No. 10 envelope size
>3	string		\&l90A		- Intl. DL envelope size
>3	string		\&l91A		- Intl. C5 envelope size
>3	string		\&l100A		- Intl. B5 envelope size
>3	string		\&l-81A		- No. 10 envelope size (landscape)
>3	string		\&l-90A		- Intl. DL envelope size (landscape)

# IMAGEN printer-ready files:
0	string	@document(		Imagen printer
# this only works if "language xxx" is first item in Imagen header.
>10	string	language\ impress	(imPRESS data)
>10	string	language\ daisy		(daisywheel text)
>10	string	language\ diablo	(daisywheel text)
>10	string	language\ printer	(line printer emulation)
>10	string	language\ tektronix	(Tektronix 4014 emulation)
# Add any other languages that your Imagen uses - remember
# to keep the word `text' if the file is human-readable.
# [GRR 950115:  missing "postscript" or "ultrascript" (whatever it was called)]
#
# Now magic for IMAGEN font files...
0	string		Rast		RST-format raster font data
>45	string		>0		face %s
# From Jukka Ukkonen
0	string		\033[K\002\0\0\017\033(a\001\0\001\033(g	Canon Bubble Jet BJC formatted data

# From <mike@flyn.org>
# These are the /etc/magic entries to decode data sent to an Epson printer.
0       string          \x1B\x40\x1B\x28\x52\x08\x00\x00REMOTE1P        Epson Stylus Color 460 data

#------------------------------------------------------------------------------
# zenographics:  file(1) magic for Zenographics ZjStream printer data
# Rick Richardson  rickr@mn.rr.com
0	string		JZJZ
>0x12	string		ZZ		Zenographics ZjStream printer data (big-endian)
0	string		ZJZJ
>0x12	string		ZZ		Zenographics ZjStream printer data (little-endian)

#------------------------------------------------------------------------------
# Oak Technologies printer stream
# Rick Richardson <rickr@mn.rr.com>
0       string          OAK
>0x07	byte		0
>0x0b	byte		0	Oak Technologies printer stream

# This would otherwise be recognized as PostScript - nick@debian.org
0	string		%!VMF 		SunClock's Vector Map Format data

#------------------------------------------------------------------------------
# HP LaserJet 1000 series downloadable firmware file
0	string	\xbe\xefABCDEFGH	HP LaserJet 1000 series downloadable firmware

# From: Paolo <oopla@users.sf.net>
# Epson ESC/Page, ESC/PageColor 
0	string	\x1b\x01@EJL	Epson ESC/Page language printer data

#------------------------------------------------------------------------------
# project:  file(1) magic for Project management
# 
# Magic strings for ftnchek project files. Alexander Mai
0	string	FTNCHEK_\ P	project file for ftnchek
>10	string	1		version 2.7
>10	string	2		version 2.8 to 2.10
>10	string	3		version 2.11 or later

#------------------------------------------------------------------------------
# psdbms:  file(1) magic for psdatabase
#
0	belong&0xff00ffff	0x56000000	ps database
>1	string	>\0	version %s
>4	string	>\0	from kernel %s

#------------------------------------------------------------------------------
# psion:  file(1) magic for Psion handhelds data
# from: Peter Breitenlohner <peb@mppmu.mpg.de>
#
0	lelong		0x10000037	Psion Series 5
>4	lelong		0x10000039	font file
>4	lelong		0x1000003A	printer driver
>4	lelong		0x1000003B	clipboard
>4	lelong		0x10000042	multi-bitmap image
>4	lelong		0x1000006A	application information file
>4	lelong		0x1000006D
>>8	lelong		0x1000007D	sketch image
>>8	lelong		0x1000007E	voice note
>>8	lelong		0x1000007F	word file
>>8	lelong		0x10000085	OPL program
>>8	lelong		0x10000088	sheet file
>>8	lelong		0x100001C4	EasyFax initialisation file
>4	lelong		0x10000073	OPO module
>4	lelong		0x10000074	OPL application
>4	lelong		0x1000008A	exported multi-bitmap image

0	lelong		0x10000041	Psion Series 5 ROM multi-bitmap image

0	lelong		0x10000050	Psion Series 5
>4	lelong		0x1000006D	database
>4	lelong		0x100000E4	ini file

0	lelong		0x10000079	Psion Series 5 binary:
>4	lelong		0x00000000	DLL
>4	lelong		0x10000049	comms hardware library
>4	lelong		0x1000004A	comms protocol library
>4	lelong		0x1000005D	OPX
>4	lelong		0x1000006C	application
>4	lelong		0x1000008D	DLL
>4	lelong		0x100000AC	logical device driver
>4	lelong		0x100000AD	physical device driver
>4	lelong		0x100000E5	file transfer protocol
>4	lelong		0x100000E5	file transfer protocol
>4	lelong		0x10000140	printer definition
>4	lelong		0x10000141	printer definition

0	lelong		0x1000007A	Psion Series 5 executable

#------------------------------------------------------------------------------
# pulsar:  file(1) magic for Pulsar POP3 daemon binary files
#
# http://pulsar.sourceforge.net
# mailto:rok.papez@lugos.si
#

0	belong	0x1ee7f11e	Pulsar POP3 daemon mailbox cache file.
>4	ubelong	x		Version: %d.
>8	ubelong	x		\b%d

#------------------------------------------------------------------------------
# pyramid:  file(1) magic for Pyramids
#
# XXX - byte order?
#
0	long		0x50900107	Pyramid 90x family executable
0	long		0x50900108	Pyramid 90x family pure executable
>16	long		>0		not stripped
0	long		0x5090010b	Pyramid 90x family demand paged pure executable
>16	long		>0		not stripped

#------------------------------------------------------------------------------
# python:  file(1) magic for python
#
# From: David Necas <yeti@physics.muni.cz>
# often the module starts with a multiline string
0	string		"""	a python script text executable
# MAGIC as specified in Python/import.c (1.5 to 2.3.0a)
# 20121  ( YEAR - 1995 ) + MONTH  + DAY (little endian followed by "\r\n"
0	belong		0x994e0d0a	python 1.5/1.6 byte-compiled
0	belong		0x87c60d0a	python 2.0 byte-compiled
0	belong		0x2aeb0d0a	python 2.1 byte-compiled
0	belong		0x2ded0d0a	python 2.2 byte-compiled
0	belong		0x3bf20d0a	python 2.3 byte-compiled
0	belong		0x6df20d0a	python 2.4 byte-compiled

0	string/b  #!\ /usr/bin/python	python script text executable

#------------------------------------------------------------------------------
# file(1) magic for revision control files
# From Hendrik Scholz <hendrik@scholz.net>
0   string /1\ :pserver:    cvs password text file

# Subversion (SVN) dumps
# Uwe Zeisberger <zeisberg@informatik.uni-freiburg.de>
0       string  SVN-fs-dump-format-version:     Subversion dumpfile
>28     string  >\0                             (version: %s)

#------------------------------------------------------------------------------
# riff:  file(1) magic for RIFF format
# See
#
#	http://www.seanet.com/users/matts/riffmci/riffmci.htm
#
# AVI section extended by Patrik R�dman <patrik+file-magic@iki.fi>
#
0	string		RIFF		RIFF (little-endian) data
# RIFF Palette format
>8	string		PAL		\b, palette
>>16	leshort		x		\b, version %d
>>18	leshort		x		\b, %d entries
# RIFF Device Independent Bitmap format
>8	string		RDIB		\b, device-independent bitmap
>>16	string		BM		
>>>30	leshort		12		\b, OS/2 1.x format
>>>>34	leshort		x		\b, %d x
>>>>36	leshort		x		%d
>>>30	leshort		64		\b, OS/2 2.x format
>>>>34	leshort		x		\b, %d x
>>>>36	leshort		x		%d
>>>30	leshort		40		\b, Windows 3.x format
>>>>34	lelong		x		\b, %d x
>>>>38	lelong		x		%d x
>>>>44	leshort		x		%d
# RIFF MIDI format
>8	string		RMID		\b, MIDI
# RIFF Multimedia Movie File format
>8	string		RMMP		\b, multimedia movie
# Microsoft WAVE format (*.wav)
>8	string		WAVE		\b, WAVE audio
>>20	leshort		1		\b, Microsoft PCM
>>>34	leshort		>0		\b, %d bit
>>20	leshort		2		\b, Microsoft ADPCM
>>20	leshort		6		\b, ITU G.711 A-law
>>20	leshort		7		\b, ITU G.711 mu-law
>>20	leshort		17		\b, IMA ADPCM
>>20	leshort		20		\b, ITU G.723 ADPCM (Yamaha)
>>20	leshort		49		\b, GSM 6.10
>>20	leshort		64		\b, ITU G.721 ADPCM
>>20	leshort		80		\b, MPEG
>>20	leshort		85		\b, MPEG Layer 3
>>22	leshort		=1		\b, mono
>>22	leshort		=2		\b, stereo
>>22	leshort		>2		\b, %d channels
>>24	lelong		>0		%d Hz
# Corel Draw Picture
>8	string		CDRA		\b, Corel Draw Picture
# AVI == Audio Video Interleave
>8	string		AVI\040		\b, AVI
>>12    string          LIST
>>>20   string          hdrlavih
>>>>&36 lelong          x               \b, %lu x
>>>>&40 lelong          x               %lu,
>>>>&4  lelong          >1000000        <1 fps,
>>>>&4  lelong          1000000         1.00 fps,
>>>>&4  lelong          500000          2.00 fps,
>>>>&4  lelong          333333          3.00 fps,
>>>>&4  lelong          250000          4.00 fps,
>>>>&4  lelong          200000          5.00 fps,
>>>>&4  lelong          166667          6.00 fps,
>>>>&4  lelong          142857          7.00 fps,
>>>>&4  lelong          125000          8.00 fps,
>>>>&4  lelong          111111          9.00 fps,
>>>>&4  lelong          100000          10.00 fps,
# ]9.9,10.1[
>>>>&4  lelong          <101010
>>>>>&-4        lelong  >99010
>>>>>>&-4       lelong  !100000         ~10 fps,
>>>>&4  lelong          83333           12.00 fps,
# ]11.9,12.1[
>>>>&4  lelong          <84034
>>>>>&-4        lelong  >82645
>>>>>>&-4       lelong  !83333          ~12 fps,
>>>>&4  lelong          66667           15.00 fps,
# ]14.9,15.1[
>>>>&4  lelong          <67114
>>>>>&-4        lelong  >66225
>>>>>>&-4       lelong  !66667          ~15 fps,
>>>>&4  lelong          50000           20.00 fps,
>>>>&4  lelong          41708           23.98 fps,
>>>>&4  lelong          41667           24.00 fps,
# ]23.9,24.1[
>>>>&4  lelong          <41841
>>>>>&-4        lelong  >41494
>>>>>>&-4       lelong  !41708
>>>>>>>&-4      lelong  !41667          ~24 fps,
>>>>&4  lelong          40000           25.00 fps,
# ]24.9,25.1[
>>>>&4  lelong          <40161
>>>>>&-4        lelong  >39841
>>>>>>&-4       lelong  !40000          ~25 fps,
>>>>&4  lelong          33367           29.97 fps,
>>>>&4  lelong          33333           30.00 fps,
# ]29.9,30.1[
>>>>&4  lelong          <33445
>>>>>&-4        lelong  >33223
>>>>>>&-4       lelong  !33367
>>>>>>>&-4      lelong  !33333          ~30 fps,
>>>>&4  lelong          <32224          >30 fps,
##>>>>&4  lelong          x               (%lu)
##>>>>&20 lelong          x               %lu frames,
# Note: The tests below assume that the AVI has 1 or 2 streams,
#       "vids" optionally followed by "auds".
#       (Should cover 99.9% of all AVIs.)
# assuming avih length = 56
>>>88   string  LIST
>>>>96  string  strlstrh
>>>>>108        string  vids    video:
>>>>>>&0        lelong  0               uncompressed
# skip past vids strh
>>>>>>(104.l+108)       string  strf
>>>>>>>(104.l+132)      lelong          1       RLE 8bpp
>>>>>>>(104.l+132)      string/c        cvid    Cinepak
>>>>>>>(104.l+132)      string/c        i263    Intel I.263
>>>>>>>(104.l+132)      string/c        iv32    Indeo 3.2
>>>>>>>(104.l+132)      string/c        iv41    Indeo 4.1
>>>>>>>(104.l+132)      string/c        iv50    Indeo 5.0
>>>>>>>(104.l+132)      string/c        mp42    Microsoft MPEG-4 v2
>>>>>>>(104.l+132)      string/c        mp43    Microsoft MPEG-4 v3
>>>>>>>(104.l+132)      string/c        mjpg    Motion JPEG
>>>>>>>(104.l+132)      string/c        div3    DivX 3
>>>>>>>>112             string/c        div3    Low-Motion
>>>>>>>>112             string/c        div4    Fast-Motion
>>>>>>>(104.l+132)      string/c        divx    DivX 4
>>>>>>>(104.l+132)      string/c        dx50    DivX 5
>>>>>>>(104.l+132)      string/c        xvid    XviD
>>>>>>>(104.l+132)      string/c        h264    X.264
>>>>>>>(104.l+132)      lelong  0
##>>>>>>>(104.l+132)      string  x       (%.4s)
# skip past first (video) LIST
>>>>(92.l+96)   string  LIST
>>>>>(92.l+104) string  strlstrh
>>>>>>(92.l+116)        string          auds    \b, audio:
# auds strh length = 56:
>>>>>>>(92.l+172)       string          strf
>>>>>>>>(92.l+180)      leshort 0x0001  uncompressed PCM
>>>>>>>>(92.l+180)      leshort 0x0002  ADPCM
>>>>>>>>(92.l+180)      leshort 0x0055  MPEG-1 Layer 3
>>>>>>>>(92.l+180)      leshort 0x2000  Dolby AC3
>>>>>>>>(92.l+180)      leshort 0x0161  DivX
##>>>>>>>>(92.l+180)      leshort x       (0x%.4x)
>>>>>>>>(92.l+182)      leshort 1       (mono,
>>>>>>>>(92.l+182)      leshort 2       (stereo,
>>>>>>>>(92.l+182)      leshort >2      (%d channels,
>>>>>>>>(92.l+184)      lelong  x       %d Hz)
# auds strh length = 64:
>>>>>>>(92.l+180)       string          strf
>>>>>>>>(92.l+188)      leshort 0x0001  uncompressed PCM
>>>>>>>>(92.l+188)      leshort 0x0002  ADPCM
>>>>>>>>(92.l+188)      leshort 0x0055  MPEG-1 Layer 3
>>>>>>>>(92.l+188)      leshort 0x2000  Dolby AC3
>>>>>>>>(92.l+188)      leshort 0x0161  DivX
##>>>>>>>>(92.l+188)      leshort x       (0x%.4x)
>>>>>>>>(92.l+190)      leshort 1       (mono,
>>>>>>>>(92.l+190)      leshort 2       (stereo,
>>>>>>>>(92.l+190)      leshort >2      (%d channels,
>>>>>>>>(92.l+192)      lelong  x       %d Hz)
# Animated Cursor format
>8	string		ACON		\b, animated cursor
# SoundFont 2 <mpruett@sgi.com>
>8	string		sfbk		SoundFont/Bank
# MPEG-1 wrapped in a RIFF, apparently
>8      string          CDXA            \b, wrapped MPEG-1 (CDXA)
>8	string		4XMV		\b, 4X Movie file

#
# XXX - some of the below may only appear in little-endian form.
#
# Also "MV93" appears to be for one form of Macromedia Director
# files, and "GDMF" appears to be another multimedia format.
#
0	string		RIFX		RIFF (big-endian) data
# RIFF Palette format
>8	string		PAL		\b, palette
>>16	beshort		x		\b, version %d
>>18	beshort		x		\b, %d entries
# RIFF Device Independent Bitmap format
>8	string		RDIB		\b, device-independent bitmap
>>16	string		BM		
>>>30	beshort		12		\b, OS/2 1.x format
>>>>34	beshort		x		\b, %d x
>>>>36	beshort		x		%d
>>>30	beshort		64		\b, OS/2 2.x format
>>>>34	beshort		x		\b, %d x
>>>>36	beshort		x		%d
>>>30	beshort		40		\b, Windows 3.x format
>>>>34	belong		x		\b, %d x
>>>>38	belong		x		%d x
>>>>44	beshort		x		%d
# RIFF MIDI format
>8	string		RMID		\b, MIDI
# RIFF Multimedia Movie File format
>8	string		RMMP		\b, multimedia movie
# Microsoft WAVE format (*.wav)
>8	string		WAVE		\b, WAVE audio
>>20	leshort		1		\b, Microsoft PCM
>>>34	leshort		>0		\b, %d bit
>>22	beshort		=1		\b, mono
>>22	beshort		=2		\b, stereo
>>22	beshort		>2		\b, %d channels
>>24	belong		>0		%d Hz
# Corel Draw Picture
>8	string		CDRA		\b, Corel Draw Picture
# AVI == Audio Video Interleave
>8	string		AVI\040		\b, AVI
# Animated Cursor format
>8	string		ACON		\b, animated cursor
# Notation Interchange File Format (big-endian only)
>8	string		NIFF		\b, Notation Interchange File Format
# SoundFont 2 <mpruett@sgi.com>
>8	string		sfbk		SoundFont/Bank

#------------------------------------------------------------------------------
# $File: rpm,v 1.9 2009/11/06 13:53:52 christos Exp $
#
# RPM: file(1) magic for Red Hat Packages   Erik Troan (ewt@redhat.com)
#
0	belong		0xedabeedb	RPM
>4	byte		x		v%d
>5	byte		x		\b.%d
>6	beshort		1		src
>6	beshort		0		bin
>>8	beshort		1		i386/x86_64
>>8	beshort		2		Alpha/Sparc64
>>8	beshort		3		Sparc
>>8	beshort		4		MIPS
>>8	beshort		5		PowerPC
>>8	beshort		6		68000
>>8	beshort		7		SGI
>>8	beshort		8		RS6000
>>8	beshort		9		IA64
>>8	beshort		10		Sparc64
>>8	beshort		11		MIPSel
>>8	beshort		12		ARM
>>8	beshort		13		MiNT
>>8	beshort		14		S/390
>>8	beshort		15		S/390x
>>8	beshort		16		PowerPC64
>>8	beshort		17		SuperH
>>8	beshort		18		Xtensa
>>8	beshort		255		noarch
>>10	string		x		%s

#delta RPM    Daniel Novotny (dnovotny@redhat.com)
0	string	drpm	Delta RPM
>12	string 	x	%s

>>>8	beshort		11		MIPSel
>>>8	beshort		12		ARM
>>>8	beshort		13		MiNT
>>>8	beshort		14		S/390
>>>8	beshort		15		S/390x
>>>8	beshort		16		PowerPC64
>>>8	beshort		17		SuperH
>>>8	beshort		18		Xtensa
>>10	string		x		%s

#------------------------------------------------------------------------------
# rtf:	file(1) magic for Rich Text Format (RTF)
#
# Duncan P. Simpson, D.P.Simpson@dcs.warwick.ac.uk
#
0	string		{\\rtf		Rich Text Format data,
>5	byte		x		version %c,
>6	string		\\ansi		ANSI
>6	string		\\mac		Apple Macintosh
>6	string		\\pc		IBM PC, code page 437
>6	string		\\pca		IBM PS/2, code page 850

#------------------------------------------------------------------------------
# sc:  file(1) magic for "sc" spreadsheet
#
38	string		Spreadsheet	sc spreadsheet file

#------------------------------------------------------------------------------
# sccs:  file(1) magic for SCCS archives
#
# SCCS archive structure:
# \001h01207
# \001s 00276/00000/00000
# \001d D 1.1 87/09/23 08:09:20 ian 1 0
# \001c date and time created 87/09/23 08:09:20 by ian
# \001e
# \001u
# \001U
# ... etc.
# Now '\001h' happens to be the same as the 3B20's a.out magic number (0550).
# *Sigh*. And these both came from various parts of the USG.
# Maybe we should just switch everybody from SCCS to RCS!
# Further, you can't just say '\001h0', because the five-digit number
# is a checksum that could (presumably) have any leading digit,
# and we don't have regular expression matching yet. 
# Hence the following official kludge:
8	string		\001s\ 			SCCS archive data

#------------------------------------------------------------------------------
# sendmail:  file(1) magic for sendmail config files
#
# XXX - byte order?
#
0	byte	046	  Sendmail frozen configuration 
>16	string	>\0	  - version %s
0	short	0x271c	  Sendmail frozen configuration
>16	string	>\0	  - version %s

#------------------------------------------------------------------------------
# sendmail:  file(1) magic for sendmail m4(1) files
#
# From Hendrik Scholz <hendrik@scholz.net>
# i.e. files in /usr/share/sendmail/cf/
#
0   string  divert(-1)\n    sendmail m4 text file

#------------------------------------------------------------------------------
# sequent:  file(1) magic for Sequent machines
#
# Sequent information updated by Don Dwiggins <atsun!dwiggins>.
# For Sequent's multiprocessor systems (incomplete).
0	lelong	0x00ea        	BALANCE NS32000 .o
>16	lelong	>0		not stripped
>124	lelong	>0		version %ld
0	lelong	0x10ea        	BALANCE NS32000 executable (0 @ 0)
>16	lelong  >0            	not stripped
>124	lelong	>0		version %ld
0	lelong	0x20ea        	BALANCE NS32000 executable (invalid @ 0)
>16	lelong  >0            	not stripped
>124	lelong	>0		version %ld
0	lelong	0x30ea        	BALANCE NS32000 standalone executable
>16	lelong  >0          	not stripped
>124	lelong	>0		version %ld
#
# Symmetry information added by Jason Merrill <jason@jarthur.claremont.edu>.
# Symmetry magic nums will not be reached if DOS COM comes before them;
# byte 0xeb is matched before these get a chance.
0	leshort	0x12eb		SYMMETRY i386 .o
>16	lelong	>0		not stripped
>124	lelong	>0		version %ld
0	leshort	0x22eb		SYMMETRY i386 executable (0 @ 0)
>16	lelong	>0		not stripped
>124	lelong	>0		version %ld
0	leshort	0x32eb		SYMMETRY i386 executable (invalid @ 0)
>16	lelong	>0		not stripped
>124	lelong	>0		version %ld
0	leshort	0x42eb		SYMMETRY i386 standalone executable
>16	lelong	>0		not stripped
>124	lelong	>0		version %ld

#------------------------------------------------------------------------------
# sgi:  file(1) magic for Silicon Graphics applications

#
#
# Performance Co-Pilot file types
0	string	PmNs				PCP compiled namespace (V.0)
0	string	PmN				PCP compiled namespace
>3	string	>\0				(V.%1.1s)
3	lelong	0x84500526			PCP archive
>7	byte	x				(V.%d)
>20	lelong	-2				temporal index
>20	lelong	-1				metadata
>20	lelong	0				log volume #0
>20	lelong	>0				log volume #%ld
>24	string	>\0				host: %s
0	string	PCPFolio			PCP 
>9	string	Version:			Archive Folio
>18	string	>\0				(V.%s)
0	string	#pmchart			PCP pmchart view
>9	string	Version
>17	string	>\0				(V%-3.3s)
0	string	pmview				PCP pmview config
>7	string	Version
>15	string	>\0				(V%-3.3s)
0	string	#pmlogger			PCP pmlogger config
>10	string	Version
>18	string	>\0				(V%1.1s)
0	string	PcPh				PCP Help 
>4	string	1				Index
>4	string	2				Text
>5	string	>\0				(V.%1.1s)
0	string	#pmieconf-rules			PCP pmieconf rules
>16	string	>\0				(V.%1.1s)
3	string	pmieconf-pmie			PCP pmie config
>17	string	>\0				(V.%1.1s)

# SpeedShop data files
0	lelong	0x13130303			SpeedShop data file

# mdbm files
0	lelong	0x01023962			mdbm file, version 0 (obsolete)
0	string	mdbm				mdbm file,
>5	byte	x				version %d,
>6	byte	x				2^%d pages,
>7	byte	x				pagesize 2^%d,
>17	byte	x				hash %d,
>11	byte	x				dataformat %d

# Alias Maya files
0	string	//Maya ASCII	Alias Maya Ascii File,
>13	string	>\0	version %s
8	string	MAYAFOR4	Alias Maya Binary File,
>32	string	>\0	version %s scene
8	string	MayaFOR4	Alias Maya Binary File,
>32	string	>\0	version %s scene
8	string	CIMG		Alias Maya Image File
8	string	DEEP		Alias Maya Image File

#------------------------------------------------------------------------------
# sgml:  file(1) magic for Standard Generalized Markup Language
# HyperText Markup Language (HTML) is an SGML document type,
# from Daniel Quinlan (quinlan@yggdrasil.com)
# adapted to string extenstions by Anthon van der Neut <anthon@mnt.org)
0   string/cB	\<!DOCTYPE\ html	HTML document text
0   string/cb	\<head			HTML document text
0   string/cb	\<title			HTML document text
0   string/cb	\<html			HTML document text

# Extensible markup language (XML), a subset of SGML
# from Marc Prud'hommeaux (marc@apocalypse.org)
0	string/cb	\<?xml			XML document text
0	string		\<?xml\ version "	XML
0	string		\<?xml\ version="	XML
>15	string		>\0			%.3s document text
>>23	string		\<xsl:stylesheet	(XSL stylesheet)
>>24	string		\<xsl:stylesheet	(XSL stylesheet)
0	string/b	\<?xml			XML document text
0	string/cb	\<?xml			broken XML document text

0	string \x3C\x00\x3F\x00\x78\x00\x6D\x00\x6C\x00 XML document text (little endian)
0	string \xFF\xFE\x3C\x00\x3F\x00\x78\x00\x6D\x00\x6C\x00 XML document text (little endian with byte order mark)

# SGML, mostly from rph@sq
0   string/cb	\<!doctype		exported SGML document text
0   string/cb	\<!subdoc		exported SGML subdocument text
0   string/cb	\<!--			exported SGML document text

# Web browser cookie files
# (Mozilla, Galeon, Netscape 4, Konqueror..)
# Ulf Harnhammar <ulfh@update.uu.se>
0	string	#\ HTTP\ Cookie\ File	Web browser cookie text
0	string	#\ Netscape\ HTTP\ Cookie\ File	Netscape cookie text
0	string	#\ KDE\ Cookie\ File	Konqueror cookie text

#------------------------------------------------------------------------
# file(1) magic for sharc files
#
# SHARC DSP, MIDI SysEx and RiscOS filetype definitions added by 
# FutureGroove Music (dsp@futuregroove.de)

#------------------------------------------------------------------------
0	string			Draw		RiscOS Drawfile
0	string			PACK		RiscOS PackdDir archive

#------------------------------------------------------------------------
# SHARC DSP stuff (based on the FGM SHARC DSP SDK)

0	string			=!		Assembler source
0	string			Analog		ADi asm listing file
0	string			.SYSTEM		SHARC architecture file
0	string			.system		SHARC architecture file

0	leshort			0x521C		SHARC COFF binary
>2	leshort			>1		, %hd sections
>>12	lelong			>0		, not stripped

#------------------------------------------------------------------------------
# sinclair:  file(1) sinclair QL

# additions to /etc/magic by Thomas M. Ott (ThMO)

# Sinclair QL floppy disk formats (ThMO)
0	string	=QL5		QL disk dump data,
>3	string	=A		720 KB,
>3	string	=B		1.44 MB,
>3	string	=C		3.2 MB,
>4	string	>\0		label:%.10s

# Sinclair QL OS dump (ThMO)
# (NOTE: if `file' would be able to use indirect references in a endian format
#	 differing from the natural host format, this could be written more
#	 reliably and faster...)
#
# we *can't* lookup QL OS code dumps, because `file' is UNABLE to read more
# than the first 8K of a file... #-(
#
#0		belong	=0x30000
#>49124		belong	<47104
#>>49128		belong	<47104
#>>>49132	belong	<47104
#>>>>49136	belong	<47104	QL OS dump data,
#>>>>>49148	string	>\0	type %.3s,
#>>>>>49142	string	>\0	version %.4s

# Sinclair QL firmware executables (ThMO)
0	string	NqNqNq`\004	QL firmware executable (BCPL)

# Sinclair QL libraries (was ThMO)
0	beshort	0xFB01		QDOS object
>2	pstring	x		'%s'

# Sinclair QL executables (was ThMO)
4	belong	0x4AFB		QDOS executable
>9	pstring	x		'%s'

# Sinclair QL ROM (ThMO)
0	belong	=0x4AFB0001	QL plugin-ROM data,
>9	pstring	=\0		un-named
>9	pstring	>\0		named: %s

#------------------------------------------------------------------------------
# Sketch Drawings: http://sketch.sourceforge.net/ 
# From: Edwin Mons <e@ik.nu>
0	string	##Sketch	Sketch document text

#-----------------------------------------------
# GNU Smalltalk image, starting at version 1.6.2
# From: catull_us@yahoo.com
#
0	string	GSTIm\0\0	GNU SmallTalk
# little-endian
>7	byte&1	=0		LE image version
>>10	byte	x		%d.
>>9	byte	x		\b%d.
>>8	byte	x		\b%d
#>>12	lelong	x		, data: %ld
#>>16	lelong	x		, table: %ld
#>>20	lelong	x		, memory: %ld
# big-endian
>7	byte&1	=1		BE image version
>>8	byte	x		%d.
>>9	byte	x		\b%d.
>>10	byte	x		\b%d
#>>12	belong	x		, data: %ld
#>>16	belong	x		, table: %ld
#>>20	belong	x		, memory: %ld

#------------------------------------------------------------------------------
# sniffer:  file(1) magic for packet capture files
#
# From: guy@alum.mit.edu (Guy Harris)
#

#
# Microsoft Network Monitor 1.x capture files.
#
0	string		RTSS		NetMon capture file
>5	byte		x		- version %d
>4	byte		x		\b.%d
>6	leshort		0		(Unknown)
>6	leshort		1		(Ethernet)
>6	leshort		2		(Token Ring)
>6	leshort		3		(FDDI)
>6	leshort		4		(ATM)

#
# Microsoft Network Monitor 2.x capture files.
#
0	string		GMBU		NetMon capture file
>5	byte		x		- version %d
>4	byte		x		\b.%d
>6	leshort		0		(Unknown)
>6	leshort		1		(Ethernet)
>6	leshort		2		(Token Ring)
>6	leshort		3		(FDDI)
>6	leshort		4		(ATM)

#
# Network General Sniffer capture files.
# Sorry, make that "Network Associates Sniffer capture files."
# Sorry, make that "Network General old DOS Sniffer capture files."
#
0	string		TRSNIFF\ data\ \ \ \ \032	Sniffer capture file
>33	byte		2		(compressed)
>23	leshort		x		- version %d
>25	leshort		x		\b.%d
>32	byte		0		(Token Ring)
>32	byte		1		(Ethernet)
>32	byte		2		(ARCNET)
>32	byte		3		(StarLAN)
>32	byte		4		(PC Network broadband)
>32	byte		5		(LocalTalk)
>32	byte		6		(Znet)
>32	byte		7		(Internetwork Analyzer)
>32	byte		9		(FDDI)
>32	byte		10		(ATM)

#
# Cinco Networks NetXRay capture files.
# Sorry, make that "Network General Sniffer Basic capture files."
# Sorry, make that "Network Associates Sniffer Basic capture files."
# Sorry, make that "Network Associates Sniffer Basic, and Windows
# Sniffer Pro", capture files."
# Sorry, make that "Network General Sniffer capture files."
#
0	string		XCP\0		NetXRay capture file
>4	string		>\0		- version %s
>44	leshort		0		(Ethernet)
>44	leshort		1		(Token Ring)
>44	leshort		2		(FDDI)
>44	leshort		3		(WAN)
>44	leshort		8		(ATM)
>44	leshort		9		(802.11)

#
# "libpcap" capture files.
# (We call them "tcpdump capture file(s)" for now, as "tcpdump" is
# the main program that uses that format, but there are other programs
# that use "libpcap", or that use the same capture file format.)
#
0	ubelong		0xa1b2c3d4	tcpdump capture file (big-endian)
>4	beshort		x		- version %d
>6	beshort		x		\b.%d
>20	belong		0		(No link-layer encapsulation
>20	belong		1		(Ethernet
>20	belong		2		(3Mb Ethernet
>20	belong		3		(AX.25
>20	belong		4		(ProNET
>20	belong		5		(CHAOS
>20	belong		6		(Token Ring
>20	belong		7		(BSD ARCNET
>20	belong		8		(SLIP
>20	belong		9		(PPP
>20	belong		10		(FDDI
>20	belong		11		(RFC 1483 ATM
>20	belong		12		(raw IP
>20	belong		13		(BSD/OS SLIP
>20	belong		14		(BSD/OS PPP
>20	belong		19		(Linux ATM Classical IP
>20	belong		50		(PPP or Cisco HDLC
>20	belong		51		(PPP-over-Ethernet
>20	belong		99		(Symantec Enterprise Firewall
>20	belong		100		(RFC 1483 ATM
>20	belong		101		(raw IP
>20	belong		102		(BSD/OS SLIP
>20	belong		103		(BSD/OS PPP
>20	belong		104		(BSD/OS Cisco HDLC
>20	belong		105		(802.11
>20	belong		106		(Linux Classical IP over ATM
>20	belong		107		(Frame Relay
>20	belong		108		(OpenBSD loopback
>20	belong		109		(OpenBSD IPsec encrypted
>20	belong		112		(Cisco HDLC
>20	belong		113		(Linux "cooked"
>20	belong		114		(LocalTalk
>20	belong		117		(OpenBSD PFLOG
>20	belong		119		(802.11 with Prism header
>20	belong		122		(RFC 2625 IP over Fibre Channel
>20	belong		123		(SunATM
>20	belong		127		(802.11 with radiotap header
>20	belong		129		(Linux ARCNET
>20	belong		138		(Apple IP over IEEE 1394
>20	belong		140		(MTP2
>20	belong		141		(MTP3
>20	belong		143		(DOCSIS
>20	belong		144		(IrDA
>20	belong		147		(Private use 0
>20	belong		148		(Private use 1
>20	belong		149		(Private use 2
>20	belong		150		(Private use 3
>20	belong		151		(Private use 4
>20	belong		152		(Private use 5
>20	belong		153		(Private use 6
>20	belong		154		(Private use 7
>20	belong		155		(Private use 8
>20	belong		156		(Private use 9
>20	belong		157		(Private use 10
>20	belong		158		(Private use 11
>20	belong		159		(Private use 12
>20	belong		160		(Private use 13
>20	belong		161		(Private use 14
>20	belong		162		(Private use 15
>20	belong		163		(802.11 with AVS header
>16	belong		x		\b, capture length %d)
0	ulelong		0xa1b2c3d4	tcpdump capture file (little-endian)
>4	leshort		x		- version %d
>6	leshort		x		\b.%d
>20	lelong		0		(No link-layer encapsulation
>20	lelong		1		(Ethernet
>20	lelong		2		(3Mb Ethernet
>20	lelong		3		(AX.25
>20	lelong		4		(ProNET
>20	lelong		5		(CHAOS
>20	lelong		6		(Token Ring
>20	lelong		7		(ARCNET
>20	lelong		8		(SLIP
>20	lelong		9		(PPP
>20	lelong		10		(FDDI
>20	lelong		11		(RFC 1483 ATM
>20	lelong		12		(raw IP
>20	lelong		13		(BSD/OS SLIP
>20	lelong		14		(BSD/OS PPP
>20	lelong		19		(Linux ATM Classical IP
>20	lelong		50		(PPP or Cisco HDLC
>20	lelong		51		(PPP-over-Ethernet
>20	lelong		99		(Symantec Enterprise Firewall
>20	lelong		100		(RFC 1483 ATM
>20	lelong		101		(raw IP
>20	lelong		102		(BSD/OS SLIP
>20	lelong		103		(BSD/OS PPP
>20	lelong		104		(BSD/OS Cisco HDLC
>20	lelong		105		(802.11
>20	lelong		106		(Linux Classical IP over ATM
>20	lelong		107		(Frame Relay
>20	lelong		108		(OpenBSD loopback
>20	lelong		109		(OpenBSD IPsec encrypted
>20	lelong		112		(Cisco HDLC
>20	lelong		113		(Linux "cooked"
>20	lelong		114		(LocalTalk
>20	lelong		117		(OpenBSD PFLOG
>20	lelong		119		(802.11 with Prism header
>20	lelong		122		(RFC 2625 IP over Fibre Channel
>20	lelong		123		(SunATM
>20	lelong		127		(802.11 with radiotap header
>20	lelong		129		(Linux ARCNET
>20	lelong		138		(Apple IP over IEEE 1394
>20	lelong		140		(MTP2
>20	lelong		141		(MTP3
>20	lelong		143		(DOCSIS
>20	lelong		144		(IrDA
>20	lelong		147		(Private use 0
>20	lelong		148		(Private use 1
>20	lelong		149		(Private use 2
>20	lelong		150		(Private use 3
>20	lelong		151		(Private use 4
>20	lelong		152		(Private use 5
>20	lelong		153		(Private use 6
>20	lelong		154		(Private use 7
>20	lelong		155		(Private use 8
>20	lelong		156		(Private use 9
>20	lelong		157		(Private use 10
>20	lelong		158		(Private use 11
>20	lelong		159		(Private use 12
>20	lelong		160		(Private use 13
>20	lelong		161		(Private use 14
>20	lelong		162		(Private use 15
>20	lelong		163		(802.11 with AVS header
>16	lelong		x		\b, capture length %d)

#
# "libpcap"-with-Alexey-Kuznetsov's-patches capture files.
# (We call them "tcpdump capture file(s)" for now, as "tcpdump" is
# the main program that uses that format, but there are other programs
# that use "libpcap", or that use the same capture file format.)
#
0	ubelong		0xa1b2cd34	extended tcpdump capture file (big-endian)
>4	beshort		x		- version %d
>6	beshort		x		\b.%d
>20	belong		0		(No link-layer encapsulation
>20	belong		1		(Ethernet
>20	belong		2		(3Mb Ethernet
>20	belong		3		(AX.25
>20	belong		4		(ProNET
>20	belong		5		(CHAOS
>20	belong		6		(Token Ring
>20	belong		7		(ARCNET
>20	belong		8		(SLIP
>20	belong		9		(PPP
>20	belong		10		(FDDI
>20	belong		11		(RFC 1483 ATM
>20	belong		12		(raw IP
>20	belong		13		(BSD/OS SLIP
>20	belong		14		(BSD/OS PPP
>16	belong		x		\b, capture length %d)
0	ulelong		0xa1b2cd34	extended tcpdump capture file (little-endian)
>4	leshort		x		- version %d
>6	leshort		x		\b.%d
>20	lelong		0		(No link-layer encapsulation
>20	lelong		1		(Ethernet
>20	lelong		2		(3Mb Ethernet
>20	lelong		3		(AX.25
>20	lelong		4		(ProNET
>20	lelong		5		(CHAOS
>20	lelong		6		(Token Ring
>20	lelong		7		(ARCNET
>20	lelong		8		(SLIP
>20	lelong		9		(PPP
>20	lelong		10		(FDDI
>20	lelong		11		(RFC 1483 ATM
>20	lelong		12		(raw IP
>20	lelong		13		(BSD/OS SLIP
>20	lelong		14		(BSD/OS PPP
>16	lelong		x		\b, capture length %d)

#
# AIX "iptrace" capture files.
#
0	string		iptrace\ 1.0	"iptrace" capture file
0	string		iptrace\ 2.0	"iptrace" capture file

#
# Novell LANalyzer capture files.
#
0	leshort		0x1001		LANalyzer capture file
0	leshort		0x1007		LANalyzer capture file

#
# HP-UX "nettl" capture files.
#
0	string		\x54\x52\x00\x64\x00	"nettl" capture file

#
# RADCOM WAN/LAN Analyzer capture files.
#
0	string		\x42\xd2\x00\x34\x12\x66\x22\x88	RADCOM WAN/LAN Analyzer capture file

#
# NetStumbler log files.  Not really packets, per se, but about as
# close as you can get.  These are log files from NetStumbler, a
# Windows program, that scans for 802.11b networks.
#
0	string		NetS		NetStumbler log file
>8	lelong		x		\b, %d stations found

#
# EtherPeek/AiroPeek "version 9" capture files.
#
0	string		\177ver		EtherPeek/AiroPeek capture file

#
# Visual Networks traffic capture files.
#
0	string		\x05VNF		Visual Networks traffic capture file

#
# Network Instruments Observer capture files.
#
0	string		ObserverPktBuffe	Network Instruments Observer capture file

#
# Files from Accellent Group's 5View products.
#
0	string		\xaa\xaa\xaa\xaa	5View capture file

#------------------------------------------------------------------------------
# Dyadic: file(1) magic for Dyalog APL.
#
0 	byte	0xaa
>1	byte	<4		Dyalog APL
>>1	byte	0x00		incomplete workspace
>>1	byte	0x01		component file
>>1	byte	0x02		external variable
>>1	byte	0x03		workspace
>>2	byte	x		version %d
>>3	byte	x		.%d

#------------------------------------------------------------------------------
# scientific:  file(1) magic for scientific formats 
#
# From: Joe Krahn <krahn@niehs.nih.gov>

########################################################
# CCP4 data and plot files:
0	string		MTZ\040		MTZ reflection file

92	string		PLOT%%84	Plot84 plotting file
>52	byte		1		, Little-endian
>55	byte		1		, Big-endian

########################################################
# Electron density MAP/MASK formats

0	string		EZD_MAP	NEWEZD Electron Density Map
109	string		MAP\040(  Old EZD Electron Density Map

0	string/c	:-)\040Origin	BRIX Electron Density Map
>170	string		>0	, Sigma:%.12s
#>4	string		>0	%.178s
#>4	addr		x	%.178s

7	string		18\040!NTITLE	XPLOR ASCII Electron Density Map
9	string		\040!NTITLE\012\040REMARK	CNS ASCII electron density map

208	string		MAP\040	CCP4 Electron Density Map
# Assumes same stamp for float and double (normal case)
>212	byte		17	\b, Big-endian
>212	byte		34	\b, VAX format
>212	byte		68	\b, Little-endian
>212	byte		85	\b, Convex native

############################################################
# X-Ray Area Detector images
0	string	R-AXIS4\ \ \ 	R-Axis Area Detector Image:
>796	lelong	<20		Little-endian, IP #%d,
>>768	lelong	>0		Size=%dx
>>772	lelong	>0		\b%d
>796	belong	<20		Big-endian, IP #%d,
>>768	belong	>0		Size=%dx
>>772	belong	>0		\b%d

0	string	RAXIS\ \ \ \ \ 	R-Axis Area Detector Image, Win32:
>796	lelong	<20		Little-endian, IP #%d,
>>768	lelong	>0		Size=%dx
>>772	lelong	>0		\b%d
>796	belong	<20		Big-endian, IP #%d,
>>768	belong	>0		Size=%dx
>>772	belong	>0		\b%d

1028	string	MMX\000\000\000\000\000\000\000\000\000\000\000\000\000	MAR Area Detector Image,
>1072	ulong	>1		Compressed(%d),
>1100	ulong	>1		%d headers,
>1104	ulong	>0		%d x
>1108	ulong	>0		%d,
>1120	ulong	>0		%d bits/pixel

#------------------------------------------------------------------------------
# softquad:  file(1) magic for SoftQuad Publishing Software
#
# Author/Editor and RulesBuilder
#
# XXX - byte order?
#
0	string		\<!SQ\ DTD>	Compiled SGML rules file
>9	string		>\0		 Type %s
0	string		\<!SQ\ A/E>	A/E SGML Document binary
>9	string		>\0		 Type %s
0	string		\<!SQ\ STS>	A/E SGML binary styles file
>9	string		>\0		 Type %s
0	short		0xc0de		Compiled PSI (v1) data
0	short		0xc0da		Compiled PSI (v2) data
>3	string		>\0		(%s)
# Binary sqtroff font/desc files...
0	short		0125252		SoftQuad DESC or font file binary
>2	short		>0		- version %d
# Bitmaps...
0	string		SQ\ BITMAP1	SoftQuad Raster Format text
#0	string		SQ\ BITMAP2	SoftQuad Raster Format data
# sqtroff intermediate language (replacement for ditroff int. lang.)
0	string		X\ 		SoftQuad troff Context intermediate
>2	string		495		for AT&T 495 laser printer
>2	string		hp		for Hewlett-Packard LaserJet
>2	string		impr		for IMAGEN imPRESS
>2	string		ps		for PostScript

#------------------------------------------------------------------------------
# spectrum:  file(1) magic for Spectrum emulator files.
#
# John Elliott <jce@seasip.demon.co.uk>

#
# Spectrum +3DOS header
#
0       string          PLUS3DOS\032    Spectrum +3 data
>15     byte            0               - BASIC program
>15     byte            1               - number array
>15     byte            2               - character array
>15     byte            3               - memory block
>>16    belong          0x001B0040      (screen)
>15     byte            4               - Tasword document
>15     string          TAPEFILE        - ZXT tapefile
#
# Tape file. This assumes the .TAP starts with a Spectrum-format header,
# which nearly all will.
#
0       string          \023\000\000    Spectrum .TAP data
>4      string          x               "%-10.10s"
>3      byte            0               - BASIC program
>3      byte            1               - number array
>3      byte            2               - character array
>3      byte            3               - memory block
>>14    belong          0x001B0040      (screen)

# The following three blocks are from pak21-spectrum@srcf.ucam.org
# TZX tape images
0      string          ZXTape!\x1a     Spectrum .TZX data
>8     byte            x               version %d
>9     byte            x               .%d

# RZX input recording files
0      string          RZX!            Spectrum .RZX data
>4     byte            x               version %d
>5     byte            x               .%d

# And three sorts of disk image
0      string          MV\ -\ CPCEMU\ Disk-Fil Amstrad/Spectrum .DSK data
0      string          MV\ -\ CPC\ format\ Dis Amstrad/Spectrum DU54 .DSK data
0      string          EXTENDED\ CPC\ DSK\ Fil Amstrad/Spectrum Extended .DSK data

#------------------------------------------------------------------------------
# sql:  file(1) magic for SQL files
#
# From: "Marty Leisner" <mleisner@eng.mc.xerox.com>
# Recognize some MySQL files.
#
0	beshort			0xfe01		MySQL table definition file
>2	byte			x		Version %d
0	belong&0xffffff00	0xfefe0300	MySQL MISAM index file
>3	byte			x		Version %d
0	belong&0xffffff00	0xfefe0700	MySQL MISAM compressed data file
>3	byte			x		Version %d
0	belong&0xffffff00	0xfefe0500	MySQL ISAM index file
>3	byte			x		Version %d
0	belong&0xffffff00	0xfefe0600	MySQL ISAM compressed data file
>3	byte			x		Version %d
0	string		 	\376bin		MySQL replication log

#------------------------------------------------------------------------------
# iRiver H Series database file 
# From Ken Guest <ken@linux.ie>
# As observed from iRivNavi.iDB and unencoded firmware
#
0   string		iRivDB	iRiver Database file
>11  string	>\0	Version %s
>39  string		iHP-100	[H Series]

#------------------------------------------------------------------------------
# SQLite database file 
# From Ken Guest <ken@linux.ie>
#
0   string  SQLite  SQLite database
>14 string >\0  (Version %s)

#------------------------------------------------------------------------------
# sun:  file(1) magic for Sun machines
#
# Values for big-endian Sun (MC680x0, SPARC) binaries on pre-5.x
# releases.  (5.x uses ELF.)
#
0	belong&077777777	0600413		sparc demand paged
>0	byte		&0x80
>>20	belong		<4096		shared library
>>20	belong		=4096		dynamically linked executable
>>20	belong		>4096		dynamically linked executable
>0	byte		^0x80		executable
>16	belong		>0		not stripped
0	belong&077777777	0600410		sparc pure
>0	byte		&0x80		dynamically linked executable
>0	byte		^0x80		executable
>16	belong		>0		not stripped
0	belong&077777777	0600407		sparc
>0	byte		&0x80		dynamically linked executable
>0	byte		^0x80		executable
>16	belong		>0		not stripped

0	belong&077777777	0400413		mc68020 demand paged
>0	byte		&0x80
>>20	belong		<4096		shared library
>>20	belong		=4096		dynamically linked executable
>>20	belong		>4096		dynamically linked executable
>16	belong		>0		not stripped
0	belong&077777777	0400410		mc68020 pure
>0	byte		&0x80		dynamically linked executable
>0	byte		^0x80		executable
>16	belong		>0		not stripped
0	belong&077777777	0400407		mc68020
>0	byte		&0x80		dynamically linked executable
>0	byte		^0x80		executable
>16	belong		>0		not stripped

0	belong&077777777	0200413		mc68010 demand paged
>0	byte		&0x80
>>20	belong		<4096		shared library
>>20	belong		=4096		dynamically linked executable
>>20	belong		>4096		dynamically linked executable
>16	belong		>0		not stripped
0	belong&077777777	0200410		mc68010 pure
>0	byte		&0x80		dynamically linked executable
>0	byte		^0x80		executable
>16	belong		>0		not stripped
0	belong&077777777	0200407		mc68010
>0	byte		&0x80		dynamically linked executable
>0	byte		^0x80		executable
>16	belong		>0		not stripped

# reworked these to avoid anything beginning with zero becoming "old sun-2"
0	belong		0407		old sun-2 executable
>16	belong		>0		not stripped
0	belong		0410		old sun-2 pure executable
>16	belong		>0		not stripped
0	belong		0413		old sun-2 demand paged executable
>16	belong		>0		not stripped

#
# Core files.  "SPARC 4.x BCP" means "core file from a SunOS 4.x SPARC
# binary executed in compatibility mode under SunOS 5.x".
#
0	belong		0x080456	SunOS core file
>4	belong		432		(SPARC)
>>132	string		>\0		from '%s'
>>116	belong		=3		(quit)
>>116	belong		=4		(illegal instruction)
>>116	belong		=5		(trace trap)
>>116	belong		=6		(abort)
>>116	belong		=7		(emulator trap)
>>116	belong		=8		(arithmetic exception)
>>116	belong		=9		(kill)
>>116	belong		=10		(bus error)
>>116	belong		=11		(segmentation violation)
>>116	belong		=12		(bad argument to system call)
>>116	belong		=29		(resource lost)
>>120	belong		x		(T=%dK,
>>124	belong		x		D=%dK,
>>128	belong		x		S=%dK)
>4	belong		826		(68K)
>>128	string		>\0		from '%s'
>4	belong		456		(SPARC 4.x BCP)
>>152	string		>\0		from '%s'
# Sun SunPC
0	long		0xfa33c08e	SunPC 4.0 Hard Disk
0	string		#SUNPC_CONFIG	SunPC 4.0 Properties Values
# Sun snoop (see RFC 1761, which describes the capture file format).
#
0	string		snoop		Snoop capture file
>8	belong		>0		- version %ld
>12	belong		0		(IEEE 802.3)
>12	belong		1		(IEEE 802.4)
>12	belong		2		(IEEE 802.5)
>12	belong		3		(IEEE 802.6)
>12	belong		4		(Ethernet)
>12	belong		5		(HDLC)
>12	belong		6		(Character synchronous)
>12	belong		7		(IBM channel-to-channel adapter)
>12	belong		8		(FDDI)
>12	belong		9		(Unknown)

# Microsoft ICM color profile
36	string		acspMSFT	Microsoft ICM Color Profile
# Sun KCMS
36	string		acsp		Kodak Color Management System, ICC Profile

#---------------------------------------------------------------------------
# The following entries have been tested by Duncan Laurie <duncan@sun.com> (a
# lead Sun/Cobalt developer) who agrees that they are good and worthy of
# inclusion.

# Boot ROM images for Sun/Cobalt Linux server appliances
0       string  Cobalt\ Networks\ Inc.\nFirmware\ v     Paged COBALT boot rom
>38     string x        V%.4s

# New format for Sun/Cobalt boot ROMs is annoying, it stores the version code
# at the very end where file(1) can't get it.
0       string CRfs     COBALT boot rom data (Flat boot rom or file system)

#------------------------------------------------------------------------
# sysex: file(1) magic for MIDI sysex files
#
# 
0	byte			0xF0		SysEx File -

# North American Group
>1	byte			0x01		Sequential
>1	byte			0x02		IDP
>1	byte			0x03		OctavePlateau
>1	byte			0x04		Moog
>1	byte			0x05		Passport
>1	byte			0x06		Lexicon
>1	byte			0x07		Kurzweil
>1	byte			0x08		Fender
>1	byte			0x09		Gulbransen
>1	byte			0x0a		AKG
>1	byte			0x0b		Voyce
>1	byte			0x0c		Waveframe
>1	byte			0x0d		ADA
>1	byte			0x0e		Garfield
>1	byte			0x0f		Ensoniq
>1	byte			0x10		Oberheim
>1	byte			0x11		Apple
>1	byte			0x12		GreyMatter
>1	byte			0x14		PalmTree
>1	byte			0x15		JLCooper
>1	byte			0x16		Lowrey
>1	byte			0x17		AdamsSmith
>1	byte			0x18		E-mu
>1	byte			0x19		Harmony
>1	byte			0x1a		ART
>1	byte			0x1b		Baldwin
>1	byte			0x1c		Eventide
>1	byte			0x1d		Inventronics
>1	byte			0x1f		Clarity

# European Group
>1	byte			0x21		SIEL
>1	byte			0x22		Synthaxe
>1	byte			0x24		Hohner
>1	byte			0x25		Twister
>1	byte			0x26		Solton
>1	byte			0x27		Jellinghaus
>1	byte			0x28		Southworth
>1	byte			0x29		PPG
>1	byte			0x2a		JEN
>1	byte			0x2b		SSL
>1	byte			0x2c		AudioVertrieb

>1	byte			0x2f		ELKA
>>3	byte			0x09		EK-44

>1	byte			0x30		Dynacord
>1	byte			0x33		Clavia
>1	byte			0x39		Soundcraft

>1	byte			0x3e		Waldorf
>>3	byte			0x7f		Microwave I

# Japanese Group
>1	byte			0x40		Kawai
>>3	byte			0x20		K1
>>3	byte			0x22		K4

>1	byte			0x41		Roland
>>3	byte			0x14		D-50
>>3	byte			0x2b		U-220
>>3	byte			0x02		TR-707

>1	byte			0x42		Korg
>>3	byte			0x19		M1

>1	byte			0x43		Yamaha
>1	byte			0x44		Casio
>1	byte			0x46		Kamiya
>1	byte			0x47		Akai
>1	byte			0x48		Victor
>1	byte			0x49		Mesosha
>1	byte			0x4b		Fujitsu
>1	byte			0x4c		Sony
>1	byte			0x4e		Teac
>1	byte			0x50		Matsushita
>1	byte			0x51		Fostex
>1	byte			0x52		Zoom
>1	byte			0x54		Matsushita
>1	byte			0x57		Acoustic tech. lab.

>1	belong&0xffffff00	0x00007400	Ta Horng
>1	belong&0xffffff00	0x00007500	e-Tek
>1	belong&0xffffff00	0x00007600	E-Voice
>1	belong&0xffffff00	0x00007700	Midisoft
>1	belong&0xffffff00	0x00007800	Q-Sound
>1	belong&0xffffff00	0x00007900	Westrex
>1	belong&0xffffff00	0x00007a00	Nvidia*
>1	belong&0xffffff00	0x00007b00	ESS
>1	belong&0xffffff00	0x00007c00	Mediatrix
>1	belong&0xffffff00	0x00007d00	Brooktree
>1	belong&0xffffff00	0x00007e00	Otari
>1	belong&0xffffff00	0x00007f00	Key Electronics
>1	belong&0xffffff00	0x00010000	Shure
>1	belong&0xffffff00	0x00010100	AuraSound
>1	belong&0xffffff00	0x00010200	Crystal
>1	belong&0xffffff00	0x00010300	Rockwell
>1	belong&0xffffff00	0x00010400	Silicon Graphics
>1	belong&0xffffff00	0x00010500	Midiman
>1	belong&0xffffff00	0x00010600	PreSonus
>1	belong&0xffffff00	0x00010800	Topaz
>1	belong&0xffffff00	0x00010900	Cast Lightning
>1	belong&0xffffff00	0x00010a00	Microsoft
>1	belong&0xffffff00	0x00010b00	Sonic Foundry
>1	belong&0xffffff00	0x00010c00	Line 6
>1	belong&0xffffff00	0x00010d00	Beatnik Inc.
>1	belong&0xffffff00	0x00010e00	Van Koerving
>1	belong&0xffffff00	0x00010f00	Altech Systems
>1	belong&0xffffff00	0x00011000	S & S Research
>1	belong&0xffffff00	0x00011100	VLSI Technology
>1	belong&0xffffff00	0x00011200	Chromatic
>1	belong&0xffffff00	0x00011300	Sapphire
>1	belong&0xffffff00	0x00011400	IDRC
>1	belong&0xffffff00	0x00011500	Justonic Tuning
>1	belong&0xffffff00	0x00011600	TorComp
>1	belong&0xffffff00	0x00011700	Newtek Inc.
>1	belong&0xffffff00	0x00011800	Sound Sculpture
>1	belong&0xffffff00	0x00011900	Walker Technical
>1	belong&0xffffff00	0x00011a00	Digital Harmony
>1	belong&0xffffff00	0x00011b00	InVision
>1	belong&0xffffff00	0x00011c00	T-Square
>1	belong&0xffffff00	0x00011d00	Nemesys
>1	belong&0xffffff00	0x00011e00	DBX
>1	belong&0xffffff00	0x00011f00	Syndyne
>1	belong&0xffffff00	0x00012000	Bitheadz	
>1	belong&0xffffff00	0x00012100	Cakewalk
>1	belong&0xffffff00	0x00012200	Staccato
>1	belong&0xffffff00	0x00012300	National Semicon.
>1	belong&0xffffff00	0x00012400	Boom Theory
>1	belong&0xffffff00	0x00012500	Virtual DSP Corp
>1	belong&0xffffff00	0x00012600	Antares
>1	belong&0xffffff00	0x00012700	Angel Software
>1	belong&0xffffff00	0x00012800	St Louis Music
>1	belong&0xffffff00	0x00012900	Lyrrus dba G-VOX
>1	belong&0xffffff00	0x00012a00	Ashley Audio
>1	belong&0xffffff00	0x00012b00	Vari-Lite
>1	belong&0xffffff00	0x00012c00	Summit Audio
>1	belong&0xffffff00	0x00012d00	Aureal Semicon.
>1	belong&0xffffff00	0x00012e00	SeaSound
>1	belong&0xffffff00	0x00012f00	U.S. Robotics
>1	belong&0xffffff00	0x00013000	Aurisis
>1	belong&0xffffff00	0x00013100	Nearfield Multimedia
>1	belong&0xffffff00	0x00013200	FM7 Inc.
>1	belong&0xffffff00	0x00013300	Swivel Systems
>1	belong&0xffffff00	0x00013400	Hyperactive
>1	belong&0xffffff00	0x00013500	MidiLite
>1	belong&0xffffff00	0x00013600	Radical
>1	belong&0xffffff00	0x00013700	Roger Linn
>1	belong&0xffffff00	0x00013800	Helicon
>1	belong&0xffffff00	0x00013900	Event
>1	belong&0xffffff00	0x00013a00	Sonic Network
>1	belong&0xffffff00	0x00013b00	Realtime Music
>1	belong&0xffffff00	0x00013c00	Apogee Digital

>1	belong&0xffffff00	0x00202b00	Medeli Electronics
>1	belong&0xffffff00	0x00202c00	Charlie Lab
>1	belong&0xffffff00	0x00202d00	Blue Chip Music
>1	belong&0xffffff00	0x00202e00	BEE OH Corp
>1	belong&0xffffff00	0x00202f00	LG Semicon America
>1	belong&0xffffff00	0x00203000	TESI
>1	belong&0xffffff00	0x00203100	EMAGIC
>1	belong&0xffffff00	0x00203200	Behringer
>1	belong&0xffffff00	0x00203300	Access Music
>1	belong&0xffffff00	0x00203400	Synoptic
>1	belong&0xffffff00	0x00203500	Hanmesoft Corp
>1	belong&0xffffff00	0x00203600	Terratec
>1	belong&0xffffff00	0x00203700	Proel SpA
>1	belong&0xffffff00	0x00203800	IBK MIDI
>1	belong&0xffffff00	0x00203900	IRCAM
>1	belong&0xffffff00	0x00203a00	Propellerhead Software
>1	belong&0xffffff00	0x00203b00	Red Sound Systems
>1	belong&0xffffff00	0x00203c00	Electron ESI AB
>1	belong&0xffffff00	0x00203d00	Sintefex Audio
>1	belong&0xffffff00	0x00203e00	Music and More
>1	belong&0xffffff00	0x00203f00	Amsaro
>1	belong&0xffffff00	0x00204000	CDS Advanced Technology
>1	belong&0xffffff00	0x00204100	Touched by Sound
>1	belong&0xffffff00	0x00204200	DSP Arts
>1	belong&0xffffff00	0x00204300	Phil Rees Music
>1	belong&0xffffff00	0x00204400	Stamer Musikanlagen GmbH
>1	belong&0xffffff00	0x00204500	Soundart
>1	belong&0xffffff00	0x00204600	C-Mexx Software
>1	belong&0xffffff00	0x00204700	Klavis Tech.
>1	belong&0xffffff00	0x00204800	Noteheads AB

0	string			T707		Roland TR-707 Data
#------------------------------------------------------------------------------
# teapot:  file(1) magic for "teapot" spreadsheet
#
0       string          #!teapot\012xdr      teapot work sheet (XDR format)

#------------------------------------------------------------------------------
# terminfo:  file(1) magic for terminfo
#
# XXX - byte order for screen images?
#
0	string		\032\001	Compiled terminfo entry
0	short		0433		Curses screen image
0	short		0434		Curses screen image

#------------------------------------------------------------------------------
# tex:  file(1) magic for TeX files
#
# From <conklin@talisman.kaleida.com>

# Although we may know the offset of certain text fields in TeX DVI
# and font files, we can't use them reliably because they are not
# zero terminated. [but we do anyway, christos]
0	string		\367\002	TeX DVI file
>16	string		>\0		(%s)
0	string		\367\203	TeX generic font data
0	string		\367\131	TeX packed font data
>3	string		>\0		(%s)
0	string		\367\312	TeX virtual font data
0	string		This\ is\ TeX,	TeX transcript text
0	string		This\ is\ METAFONT,	METAFONT transcript text

# There is no way to detect TeX Font Metric (*.tfm) files without
# breaking them apart and reading the data.  The following patterns
# match most *.tfm files generated by METAFONT or afm2tfm.
2	string		\000\021	TeX font metric data
>33	string		>\0		(%s)
2	string		\000\022	TeX font metric data
>33	string		>\0		(%s)

# Texinfo and GNU Info, from Daniel Quinlan (quinlan@yggdrasil.com)
0	string		\\input\ texinfo	Texinfo source text
0	string		This\ is\ Info\ file	GNU Info text

# TeX documents, from Daniel Quinlan (quinlan@yggdrasil.com)
0	string		\\input		TeX document text
0	string		\\section	LaTeX document text
0	string		\\setlength	LaTeX document text
0	string		\\documentstyle	LaTeX document text
0	string		\\chapter	LaTeX document text
0	string		\\documentclass	LaTeX 2e document text
0	string		\\relax		LaTeX auxiliary file
0	string		\\contentsline	LaTeX  table of contents
0	string		%\ -*-latex-*-	LaTeX document text

# Tex document, from Hendrik Scholz <hendrik@scholz.net>
0   string      \\ifx       TeX document text

# Index and glossary files
0	string		\\indexentry	LaTeX raw index file
0	string		\\begin{theindex}	LaTeX sorted index
0	string		\\glossaryentry	LaTeX raw glossary
0	string		\\begin{theglossary}	LaTeX sorted glossary
0	string		This\ is\ makeindex	Makeindex log file

# End of TeX

#------------------------------------------------------------------------------
# file(1) magic for BibTex text files
# From Hendrik Scholz <hendrik@scholz.net>

0   string/c @article{        BibTeX text file
0   string/c @book{           BibTeX text file
0   string/c @inbook{         BibTeX text file
0   string/c @incollection{   BibTeX text file
0   string/c @inproceedings{  BibTeX text file
0   string/c @manual{         BibTeX text file
0   string/c @misc{           BibTeX text file
0   string/c @preamble{       BibTeX text file
0   string/c @phdthesis{      BibTeX text file
0   string/c @techreport{     BibTeX text file
0   string/c @unpublished{    BibTeX text file

73  string %%%\ \ BibTeX-file{ BibTex text file (with full header)

73  string %%%\ \ @BibTeX-style-file{   BibTeX style text file (with full header)

0   string %\ BibTeX\ standard\ bibliography\      BibTeX standard bibliography style text file

0   string %\ BibTeX\ `     BibTeX custom bibliography style text file

0   string  @c\ @mapfile{   TeX font aliases text file

#------------------------------------------------------------------------------
# file(1) magic for tgif(1) files
# From Hendrik Scholz <hendrik@scholz.net>

0   string  %TGIF\ 4   tgif version 4 object file

# ------------------------------------------------------------------------
# ti-8x: file(1) magic for the TI-8x and TI-9x Graphing Calculators.
#
# From: Ryan McGuire (rmcguire@freenet.columbus.oh.us).
#
# Update: Romain Lievin (roms@lpg.ticalc.org).
#
# NOTE: This list is not complete.
# Files for the TI-80 and TI-81 are pretty rare. I'm not going to put the
# program/group magic numbers in here because I cannot find any.
0		string		**TI80**	TI-80 Graphing Calculator File.
0		string		**TI81**	TI-81 Graphing Calculator File.
#
# Magic Numbers for the TI-73
#
0		string		**TI73**	TI-73 Graphing Calculator
>0x00003B	byte		0x00		(real number)
>0x00003B	byte		0x01		(list)
>0x00003B	byte		0x02		(matrix)
>0x00003B	byte		0x03		(equation)
>0x00003B	byte		0x04		(string)
>0x00003B	byte		0x05		(program)
>0x00003B	byte		0x06		(assembly program)
>0x00003B	byte		0x07		(picture)
>0x00003B	byte		0x08		(gdb)
>0x00003B	byte		0x0C		(complex number)
>0x00003B	byte		0x0F		(window settings)
>0x00003B	byte		0x10		(zoom)
>0x00003B	byte		0x11		(table setup)
>0x00003B	byte		0x13		(backup)

# Magic Numbers for the TI-82
#
0		string		**TI82**	TI-82 Graphing Calculator
>0x00003B	byte		0x00		(real)
>0x00003B	byte		0x01		(list)
>0x00003B	byte		0x02		(matrix)
>0x00003B	byte		0x03		(Y-variable)
>0x00003B	byte		0x05		(program)
>0x00003B	byte		0x06		(protected prgm)
>0x00003B	byte		0x07		(picture)
>0x00003B	byte		0x08		(gdb)
>0x00003B	byte		0x0B		(window settings)
>0x00003B	byte		0x0C		(window settings)
>0x00003B	byte		0x0D		(table setup)
>0x00003B	byte		0x0E		(screenshot)
>0x00003B	byte		0x0F		(backup)
#
# Magic Numbers for the TI-83
#
0		string		**TI83**	TI-83 Graphing Calculator
>0x00003B	byte		0x00		(real)
>0x00003B	byte		0x01		(list)
>0x00003B	byte		0x02		(matrix)
>0x00003B	byte		0x03		(Y-variable)
>0x00003B	byte		0x04		(string)
>0x00003B	byte		0x05		(program)
>0x00003B	byte		0x06		(protected prgm)
>0x00003B	byte		0x07		(picture)
>0x00003B	byte		0x08		(gdb)
>0x00003B	byte		0x0B		(window settings)
>0x00003B	byte		0x0C		(window settings)
>0x00003B	byte		0x0D		(table setup)
>0x00003B	byte		0x0E		(screenshot)
>0x00003B	byte		0x13		(backup)
#
# Magic Numbers for the TI-83+
#
0		string		**TI83F*	TI-83+ Graphing Calculator
>0x00003B	byte		0x00		(real number)
>0x00003B	byte		0x01		(list)
>0x00003B	byte		0x02		(matrix)
>0x00003B	byte		0x03		(equation)
>0x00003B	byte		0x04		(string)
>0x00003B	byte		0x05		(program)
>0x00003B	byte		0x06		(assembly program)
>0x00003B	byte		0x07		(picture)
>0x00003B	byte		0x08		(gdb)
>0x00003B	byte		0x0C		(complex number)
>0x00003B	byte		0x0F		(window settings)
>0x00003B	byte		0x10		(zoom)
>0x00003B	byte		0x11		(table setup)
>0x00003B	byte		0x13		(backup)
>0x00003B	byte		0x15		(application variable)
>0x00003B	byte		0x17		(group of variable)

#
# Magic Numbers for the TI-85
#
0		string		**TI85**	TI-85 Graphing Calculator
>0x00003B	byte		0x00		(real number)
>0x00003B	byte		0x01		(complex number)
>0x00003B	byte		0x02		(real vector)
>0x00003B	byte		0x03		(complex vector)
>0x00003B	byte		0x04		(real list)
>0x00003B	byte		0x05		(complex list)
>0x00003B	byte		0x06		(real matrix)
>0x00003B	byte		0x07		(complex matrix)
>0x00003B	byte		0x08		(real constant)
>0x00003B	byte		0x09		(complex constant)
>0x00003B	byte		0x0A		(equation)
>0x00003B	byte		0x0C		(string)
>0x00003B	byte		0x0D		(function GDB)
>0x00003B	byte		0x0E		(polar GDB)
>0x00003B	byte		0x0F		(parametric GDB)
>0x00003B	byte		0x10		(diffeq GDB)
>0x00003B	byte		0x11		(picture)
>0x00003B	byte		0x12		(program)
>0x00003B	byte		0x13		(range)
>0x00003B	byte		0x17		(window settings)
>0x00003B	byte		0x18		(window settings)
>0x00003B	byte		0x19		(window settings)
>0x00003B	byte		0x1A		(window settings)
>0x00003B	byte		0x1B		(zoom)
>0x00003B	byte		0x1D		(backup)
>0x00003B	byte		0x1E		(unknown)
>0x00003B	byte		0x2A		(equation)
>0x000032	string		ZS4		- ZShell Version 4 File.
>0x000032	string		ZS3		- ZShell Version 3 File.
#
# Magic Numbers for the TI-86
#
0		string		**TI86**	TI-86 Graphing Calculator
>0x00003B	byte		0x00		(real number)
>0x00003B	byte		0x01		(complex number)
>0x00003B	byte		0x02		(real vector)
>0x00003B	byte		0x03		(complex vector)
>0x00003B	byte		0x04		(real list)
>0x00003B	byte		0x05		(complex list)
>0x00003B	byte		0x06		(real matrix)
>0x00003B	byte		0x07		(complex matrix)
>0x00003B	byte		0x08		(real constant)
>0x00003B	byte		0x09		(complex constant)
>0x00003B	byte		0x0A		(equation)
>0x00003B	byte		0x0C		(string)
>0x00003B	byte		0x0D		(function GDB)
>0x00003B	byte		0x0E		(polar GDB)
>0x00003B	byte		0x0F		(parametric GDB)
>0x00003B	byte		0x10		(diffeq GDB)
>0x00003B	byte		0x11		(picture)
>0x00003B	byte		0x12		(program)
>0x00003B	byte		0x13		(range)
>0x00003B	byte		0x17		(window settings)
>0x00003B	byte		0x18		(window settings)
>0x00003B	byte		0x19		(window settings)
>0x00003B	byte		0x1A		(window settings)
>0x00003B	byte		0x1B		(zoom)
>0x00003B	byte		0x1D		(backup)
>0x00003B	byte		0x1E		(unknown)
>0x00003B	byte		0x2A		(equation)
#
# Magic Numbers for the TI-89
#
0		string		**TI89**	TI-89 Graphing Calculator
>0x000048	byte		0x00		(expression)
>0x000048	byte		0x04		(list)
>0x000048	byte		0x06		(matrix)
>0x000048	byte		0x0A		(data)
>0x000048	byte		0x0B		(text)
>0x000048	byte		0x0C		(string)
>0x000048	byte		0x0D		(graphic data base)
>0x000048	byte		0x0E		(figure)
>0x000048	byte		0x10		(picture)
>0x000048	byte		0x12		(program)
>0x000048	byte		0x13		(function)
>0x000048	byte		0x14		(macro)
>0x000048	byte		0x1C		(zipped)
>0x000048	byte		0x21		(assembler)
#
# Magic Numbers for the TI-92
#
0		string		**TI92**	TI-92 Graphing Calculator
>0x000048	byte		0x00		(expression)
>0x000048	byte		0x04		(list)
>0x000048	byte		0x06		(matrix)
>0x000048	byte		0x0A		(data)
>0x000048	byte		0x0B		(text)
>0x000048	byte		0x0C		(string)
>0x000048	byte		0x0D		(graphic data base)
>0x000048	byte		0x0E		(figure)
>0x000048	byte		0x10		(picture)
>0x000048	byte		0x12		(program)
>0x000048	byte		0x13		(function)
>0x000048	byte		0x14		(macro)
>0x000048	byte		0x1D		(backup)
#
# Magic Numbers for the TI-92+/V200
#
0		string		**TI92P*	TI-92+/V200 Graphing Calculator
>0x000048	byte		0x00		(expression)
>0x000048	byte		0x04		(list)
>0x000048	byte		0x06		(matrix)
>0x000048	byte		0x0A		(data)
>0x000048	byte		0x0B		(text)
>0x000048	byte		0x0C		(string)
>0x000048	byte		0x0D		(graphic data base)
>0x000048	byte		0x0E		(figure)
>0x000048	byte		0x10		(picture)
>0x000048	byte		0x12		(program)
>0x000048	byte		0x13		(function)
>0x000048	byte		0x14		(macro)
>0x000048	byte		0x1C		(zipped)
>0x000048	byte		0x21		(assembler)
#
# Magic Numbers for the TI-73/83+/89/92+/V200 FLASH upgrades
#
0x0000016	string		Advanced	TI-XX Graphing Calculator (FLASH)
0		string		**TIFL**	TI-XX Graphing Calculator (FLASH)
>8		byte		>0		- Revision %d
>>9 		byte		x		\b.%d,
>12		byte		>0		Revision date %02x
>>13		byte		x		\b/%02x
>>14		beshort		x		\b/%04x,
>17		string		>/0		name: '%s',
>48		byte		0x74		device: TI-73,
>48		byte		0x73		device: TI-83+,
>48		byte		0x98		device: TI-89,
>48		byte		0x88		device: TI-92+,
>49		byte		0x23		type: OS upgrade,
>49		byte		0x24		type: application,
>49		byte		0x25		type: certificate,
>49		byte		0x3e		type: license,
>74		lelong		>0		size: %ld bytes

# VTi & TiEmu skins (TI Graphing Calculators).
# From: Romain Lievin (roms@lpg.ticalc.org).
# Magic Numbers for the VTi skins
0               string          VTI		Virtual TI skin
>3		string		v		- Version
>>4		byte		>0		\b %c
>>6		byte		x		\b.%c
# Magic Numbers for the TiEmu skins
0		string		TiEmu		TiEmu skin
>6              string          v               - Version
>>7             byte            >0              \b %c
>>9             byte            x               \b.%c
>>10		byte		x		\b%c

#------------------------------------------------------------------------------
# timezone:  file(1) magic for timezone data
#
# from Daniel Quinlan (quinlan@yggdrasil.com)
# this should work on Linux, SunOS, and maybe others
# Added new official magic number for recent versions of the Olson code
0	string	TZif	timezone data
0	string	\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\1\0	old timezone data
0	string	\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0	old timezone data
0	string  \0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\3\0	old timezone data
0	string	\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\4\0	old timezone data
0	string	\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\5\0	old timezone data
0	string	\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\6\0	old timezone data

#------------------------------------------------------------------------------
# troff:  file(1) magic for *roff
#
# updated by Daniel Quinlan (quinlan@yggdrasil.com)

# troff input
0	string		.\\"		troff or preprocessor input text
0	string		'\\"		troff or preprocessor input text
0	string		'.\\"		troff or preprocessor input text
0	string		\\"		troff or preprocessor input text
0	string		'''		troff or preprocessor input text

# ditroff intermediate output text
0	string		x\ T		ditroff output text
>4	string		cat		for the C/A/T phototypesetter
>4	string		ps		for PostScript
>4	string		dvi		for DVI
>4	string		ascii		for ASCII
>4	string		lj4		for LaserJet 4
>4	string		latin1		for ISO 8859-1 (Latin 1)
>4	string		X75		for xditview at 75dpi
>>7	string		-12		(12pt)
>4	string		X100		for xditview at 100dpi
>>8	string		-12		(12pt)

# output data formats
0	string		\100\357	very old (C/A/T) troff output data
#
#------------------------------------------------------------------------------
# tuxedo:	file(1) magic for BEA TUXEDO data files
#
# from Ian Springer <ispringer@hotmail.com>
#
0	string		\0\0\1\236\0\0\0\0\0\0\0\0\0\0\0\0	BEA TUXEDO DES mask data

#------------------------------------------------------------------------------
# typeset:  file(1) magic for other typesetting
#
0	string		Interpress/Xerox	Xerox InterPress data
>16	string		/			(version
>>17	string		>\0			%s)

#------------------------------------------------------------------------------
# unknown:  file(1) magic for unknown machines
#
# XXX - this probably should be pruned, as it'll match PDP-11 and
# VAX image formats.
#
# 0x107 is 0407; 0x108 is 0410; both are PDP-11 (executable and pure,
# respectively).
#
# 0x109 is 0411; that's PDP-11 split I&D, but the PDP-11 version doesn't
# have the "version %ld", which may be a bogus COFFism (I don't think
# there ever was COFF for the PDP-11).
#
# 0x10B is 0413; that's VAX demand-paged, but this is a short, not a
# long, as it would be on a VAX.
#
# 0x10C is 0414 and 0x10E is 416; those *are* unknown.
#
0	short		0x107		unknown machine executable
>8	short		>0		not stripped
>15	byte		>0		- version %ld
0	short		0x108		unknown pure executable
>8	short		>0		not stripped
>15	byte		>0		- version %ld
0	short		0x109		PDP-11 separate I&D
>8	short		>0		not stripped
>15	byte		>0		- version %ld
0	short		0x10b		unknown pure executable
>8	short		>0		not stripped
>15	byte		>0		- version %ld
0	long		0x10c		unknown demand paged pure executable
>16	long		>0		not stripped
0	long		0x10e		unknown readable demand paged pure executable

#------------------------------------------------------------------------------
# uuencode:  file(1) magic for ASCII-encoded files
#

# GRR:  the first line of xxencoded files is identical to that in uuencoded
# files, but the first character in most subsequent lines is 'h' instead of
# 'M'.  (xxencoding uses lowercase letters in place of most of uuencode's
# punctuation and survives BITNET gateways better.)  If regular expressions
# were supported, this entry could possibly be split into two with
# "begin\040\.\*\012M" or "begin\040\.\*\012h" (where \. and \* are REs).
0	string		begin\040	uuencoded or xxencoded text

# btoa(1) is an alternative to uuencode that requires less space.
0	string		xbtoa\ Begin	btoa'd text

# ship(1) is another, much cooler alternative to uuencode.
# Greg Roelofs, newt@uchicago.edu
0	string		$\012ship	ship'd binary text

# bencode(8) is used to encode compressed news batches (Bnews/Cnews only?)
# Greg Roelofs, newt@uchicago.edu
0	string	Decode\ the\ following\ with\ bdeco	bencoded News text

# BinHex is the Macintosh ASCII-encoded file format (see also "apple")
# Daniel Quinlan, quinlan@yggdrasil.com
11	string	must\ be\ converted\ with\ BinHex	BinHex binary text
>41	string	x					\b, version %.3s

# GRR:  is MIME BASE64 encoding handled somewhere?

#------------------------------------------------------------------------------
# varied.out:  file(1) magic for various USG systems
#
#	Herewith many of the object file formats used by USG systems.
#	Most have been moved to files for a particular processor,
#	and deleted if they duplicate other entries.
#
0	short		0610		Perkin-Elmer executable
# AMD 29K
0	beshort		0572		amd 29k coff noprebar executable
0	beshort		01572		amd 29k coff prebar executable
0	beshort		0160007		amd 29k coff archive
# Cray
6	beshort		0407		unicos (cray) executable
# Ultrix 4.3
596	string		\130\337\377\377	Ultrix core file
>600	string		>\0		from '%s'
# BeOS and MAcOS PEF executables
# From: hplus@zilker.net (Jon Watte)
0	string		Joy!peffpwpc	header for PowerPC PEF executable
#
# ava assembler/linker Uros Platise <uros.platise@ijs.si>
0       string          avaobj  AVR assembler object code
>7      string          >\0     version '%s'
# gnu gmon magic From: Eugen Dedu <dedu@ese-metz.fr>
0	string		gmon		GNU prof performance data
>4	long		x		- version %ld
# From: Dave Pearson <davep@davep.org>
# Harbour <URL:http://www.harbour-project.org/> HRB files.
0	string		\xc0HRB		Harbour HRB file
>4	short		x		version %d

# From: Alex Beregszaszi <alex@fsn.hu>
# 0	string		exec 		BugOS executable
# 0	string		pack		BugOS archive
#------------------------------------------------------------------------------
# varied.script:  file(1) magic for various interpreter scripts

0	string		#!\ /			a
>3	string		>\0			%s script text executable
0	string		#!\	/		a
>3	string		>\0			%s script text executable
0	string		#!/			a
>2	string		>\0			%s script text executable
0	string		#!\ 			script text executable
>3	string		>\0			for %s

#------------------------------------------------------------------------------
# vax:  file(1) magic for VAX executable/object and APL workspace
#
0	lelong		0101557		VAX single precision APL workspace
0	lelong		0101556		VAX double precision APL workspace

#
# VAX a.out (32V, BSD)
#
0	lelong		0407		VAX executable
>16	lelong		>0		not stripped

0	lelong		0410		VAX pure executable
>16	lelong		>0		not stripped

0	lelong		0413		VAX demand paged pure executable
>16	lelong		>0		not stripped

0	lelong		0420		VAX demand paged (first page unmapped) pure executable
>16	lelong		>0		not stripped

#
# VAX COFF
#
# The `versions' should be un-commented if they work for you.
# (Was the problem just one of endianness?)
#
0	leshort		0570		VAX COFF executable
>12	lelong		>0		not stripped
>22	leshort		>0		- version %ld
0	leshort		0575		VAX COFF pure executable
>12	lelong		>0		not stripped
>22	leshort		>0		- version %ld

#------------------------------------------------------------------------------
# vicar:  file(1) magic for VICAR files.
#
# From: Ossama Othman <othman@astrosun.tn.cornell.edu
# VICAR is JPL's in-house spacecraft image processing program
# VICAR image
0	string	LBLSIZE=	VICAR image data
>32	string	BYTE		\b, 8 bits  = VAX byte
>32	string	HALF		\b, 16 bits = VAX word     = Fortran INTEGER*2
>32	string	FULL		\b, 32 bits = VAX longword = Fortran INTEGER*4
>32	string	REAL		\b, 32 bits = VAX longword = Fortran REAL*4
>32	string	DOUB		\b, 64 bits = VAX quadword = Fortran REAL*8
>32	string	COMPLEX		\b, 64 bits = VAX quadword = Fortran COMPLEX*8
# VICAR label file
43	string	SFDU_LABEL	VICAR label file
#------------------------------------------------------------------------------
# Virtutech Compressed Random Access File Format
#
# From <gustav@virtutech.com>
0      string          \211\277\036\203        Virtutech CRAFF
>4     belong          x               v%d
>20    belong          0               uncompressed
>20    belong          1               bzipp2ed
>20    belong          2               gzipped
>24    belong          0               not clean

#------------------------------------------------------------------------------
# visx:  file(1) magic for Visx format files
#
0	short		0x5555		VISX image file
>2	byte		0		(zero)
>2	byte		1		(unsigned char)
>2	byte		2		(short integer)
>2	byte		3		(float 32)
>2	byte		4		(float 64)
>2	byte		5		(signed char)
>2	byte		6		(bit-plane)
>2	byte		7		(classes)
>2	byte		8		(statistics)
>2	byte		10		(ascii text)
>2	byte		15		(image segments)
>2	byte		100		(image set)
>2	byte		101		(unsigned char vector)
>2	byte		102		(short integer vector)
>2	byte		103		(float 32 vector)
>2	byte		104		(float 64 vector)
>2	byte		105		(signed char vector)
>2	byte		106		(bit plane vector)
>2	byte		121		(feature vector)
>2	byte		122		(feature vector library)
>2	byte		124		(chain code)
>2	byte		126		(bit vector)
>2	byte		130		(graph)
>2	byte		131		(adjacency graph)
>2	byte		132		(adjacency graph library)
>2	string		.VISIX		(ascii text)

#------------------------------------------------------------------------------
# vms:  file(1) magic for VMS executables (experimental)
#
# VMS .exe formats, both VAX and AXP (Greg Roelofs, newt@uchicago.edu)

# GRR 950122:  I'm just guessing on these, based on inspection of the headers
# of three executables each for Alpha and VAX architectures.  The VAX files
# all had headers similar to this:
#
#   00000  b0 00 30 00 44 00 60 00  00 00 00 00 30 32 30 35  ..0.D.`.....0205
#   00010  01 01 00 00 ff ff ff ff  ff ff ff ff 00 00 00 00  ................
#
0	string	\xb0\0\x30\0	VMS VAX executable
>44032	string	PK\003\004	\b, Info-ZIP SFX archive v5.12 w/decryption
#
# The AXP files all looked like this, except that the byte at offset 0x22
# was 06 in some of them and 07 in others:
#
#   00000  03 00 00 00 00 00 00 00  ec 02 00 00 10 01 00 00  ................
#   00010  68 00 00 00 98 00 00 00  b8 00 00 00 00 00 00 00  h...............
#   00020  00 00 07 00 00 00 00 00  00 00 00 00 00 00 00 00  ................
#   00030  00 00 00 00 01 00 00 00  00 00 00 00 00 00 00 00  ................
#   00040  00 00 00 00 ff ff ff ff  ff ff ff ff 02 00 00 00  ................
#
0	belong	0x03000000	VMS Alpha executable
>75264	string	PK\003\004	\b, Info-ZIP SFX archive v5.12 w/decryption

# -----------------------------------------------------------
# VMware specific files (deducted from version 1.1 and log file entries)
# Anthon van der Neut (anthon@mnt.org)
0	belong	0x4d52564e	VMware nvram 
0	belong	0x434f5744	VMware
>4	byte	3	 	virtual disk 
>>32	lelong	x		(%d/
>>36	lelong	x		\b%d/
>>40	lelong	x		\b%d)
>4	byte	2	 	undoable disk
>>32	string  >\0		(%s)

#------------------------------------------------------------------------------
# vorbis:  file(1) magic for Ogg/Vorbis files
#
# From Felix von Leitner <leitner@fefe.de>
# Extended by Beni Cherniavsky <cben@crosswinds.net>
# Further extended by Greg Wooledge <greg@wooledge.org>
#
# Most (everything but the number of channels and bitrate) is commented
# out with `##' as it's not interesting to the average user.  The most
# probable things advanced users would want to uncomment are probably
# the number of comments and the encoder version.
#
# --- Ogg Framing ---
0		string		OggS		Ogg data
>4		byte		!0		UNKNOWN REVISION %u
##>4		byte		0		revision 0
>4		byte		0
##>>14		lelong		x		(Serial %lX)
# non-Vorbis content: FLAC (Free Lossless Audio Codec, http://flac.sourceforge.net)
>>28		string		fLaC		\b, FLAC audio
# non-Vorbis content: Theora
>>28		string		\x80theora	\b, Theora video
# non-Vorbis content: Speex
>>28		string		Speex\ \ \ 	\b, Speex audio
# non-Vorbis content: OGM
>>28		string		\x01video\0\0\0	\b, OGM video
>>>37		string/c	div3		(DivX 3)
>>>37		string/c	divx		(DivX 4)
>>>37		string/c	dx50		(DivX 5)
>>>37		string/c	xvid		(XviD)
# --- First vorbis packet - general header ---
>>28		string		\x01vorbis	\b, Vorbis audio,
>>>35		lelong		!0		UNKNOWN VERSION %lu,
##>>>35		lelong		0		version 0,
>>>35		lelong		0
>>>>39		ubyte		1		mono,
>>>>39		ubyte		2		stereo,
>>>>39		ubyte		>2		%u channels,
>>>>40		lelong		x		%lu Hz
# Minimal, nominal and maximal bitrates specified when encoding
>>>>48		string		<\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff	\b,
# The above tests if at least one of these is specified:
>>>>>52		lelong		!-1
# Vorbis RC2 has a bug which puts -1000 in the min/max bitrate fields
# instead of -1.
# Vorbis 1.0 uses 0 instead of -1.
>>>>>>52	lelong		!0
>>>>>>>52	lelong		!-1000
>>>>>>>>52	lelong		x		<%lu
>>>>>48		lelong		!-1
>>>>>>48	lelong		x		~%lu
>>>>>44		lelong		!-1
>>>>>>44	lelong		!-1000
>>>>>>>44	lelong		!0
>>>>>>>>44	lelong		x		>%lu
>>>>>48		string		<\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff	bps
# -- Second vorbis header packet - the comments
# A kludge to read the vendor string.  It's a counted string, not a
# zero-terminated one, so file(1) can't read it in a generic way.
# libVorbis is the only one existing currently, so I detect specifically
# it.  The interesting value is the cvs date (8 digits decimal).
# Post-RC1 Ogg files have the second header packet (and thus the version)
# in a different place, so we must use an indirect offset.
>>>(84.b+85)		string		\x03vorbis
>>>>(84.b+96)		string/c	Xiphophorus\ libVorbis\ I	\b, created by: Xiphophorus libVorbis I
>>>>>(84.b+120)		string		>00000000	
# Map to beta version numbers:
>>>>>>(84.b+120)	string		<20000508	(<beta1, prepublic)
>>>>>>(84.b+120)	string		20000508	(1.0 beta 1 or beta 2)
>>>>>>(84.b+120)	string		>20000508
>>>>>>>(84.b+120)	string		<20001031	(beta2-3)
>>>>>>(84.b+120)	string		20001031	(1.0 beta 3)
>>>>>>(84.b+120)	string		>20001031
>>>>>>>(84.b+120)	string		<20010225	(beta3-4)
>>>>>>(84.b+120)	string		20010225	(1.0 beta 4)
>>>>>>(84.b+120)	string		>20010225
>>>>>>>(84.b+120)	string		<20010615	(beta4-RC1)
>>>>>>(84.b+120)	string		20010615	(1.0 RC1)
>>>>>>(84.b+120)	string		20010813	(1.0 RC2)
>>>>>>(84.b+120)	string		20010816	(RC2 - Garf tuned v1)
>>>>>>(84.b+120)	string		20011014	(RC2 - Garf tuned v2)
>>>>>>(84.b+120)	string		20011217	(1.0 RC3)
>>>>>>(84.b+120)	string		20011231	(1.0 RC3)
# Some pre-1.0 CVS snapshots still had "Xiphphorus"...
>>>>>>(84.b+120)	string		>20011231	(pre-1.0 CVS)
# For the 1.0 release, Xiphophorus is replaced by Xiph.Org
>>>>(84.b+96)		string/c	Xiph.Org\ libVorbis\ I	\b, created by: Xiph.Org libVorbis I
>>>>>(84.b+117)		string		>00000000	
>>>>>>(84.b+117)	string		<20020717	(pre-1.0 CVS)
>>>>>>(84.b+117)	string		20020717	(1.0)
>>>>>>(84.b+117)	string		20030909	(1.0.1)
>>>>>>(84.b+117)	string		20040629	(1.1.0 RC1)

#------------------------------------------------------------------------------
# VXL: file(1) magic for VXL binary IO data files
#
# from Ian Scott <scottim@sf.net>
#
# VXL is a collection of C++ libraries for Computer Vision.
# See the vsl chapter in the VXL Book for more info
# http://www.isbe.man.ac.uk/public_vxl_doc/books/vxl/book.html
# http:/vxl.sf.net

2	lelong	0x472b2c4e	VXL data file,
>0	leshort	>0		schema version no %d

#------------------------------------------------------------------------------
# wordprocessors:  file(1) magic fo word processors.
#
####### PWP file format used on Smith Corona Personal Word Processors:
2	string	\040\040\040\040\040\040\040\040\040\040\040ML4D\040\'92	Smith Corona PWP
>24	byte	2	\b, single spaced
>24	byte	3	\b, 1.5 spaced
>24	byte	4	\b, double spaced
>25	byte	0x42	\b, letter
>25	byte	0x54	\b, legal
>26	byte	0x46	\b, A4

#WordPerfect type files Version 1.6 - PLEASE DO NOT REMOVE THIS LINE
0	string	\377WPC\020\000\000\000\022\012\001\001\000\000\000\000	(WP) loadable text
>15	byte	0	Optimized for Intel
>15	byte	1	Optimized for Non-Intel
1	string	WPC	(Corel/WP)
>8	short	257	WordPerfect macro
>8	short	258	WordPerfect help file
>8	short	259	WordPerfect keyboard file
>8	short	266	WordPerfect document
>8	short	267	WordPerfect dictionary
>8	short	268	WordPerfect thesaurus
>8	short	269	WordPerfect block
>8	short	270	WordPerfect rectangular block
>8	short	271	WordPerfect column block
>8	short	272	WordPerfect printer data
>8	short	275	WordPerfect printer data
>8	short	276	WordPerfect driver resource data
>8	short	279	WordPerfect hyphenation code
>8	short	280	WordPerfect hyphenation data
>8	short	281	WordPerfect macro resource data
>8	short	283	WordPerfect hyphenation lex
>8	short	285	WordPerfect wordlist
>8	short	286	WordPerfect equation resource data
>8	short	289	WordPerfect spell rules
>8	short	290	WordPerfect dictionary rules
>8	short	295	WordPerfect spell rules (Microlytics)
>8	short	299	WordPerfect settings file
>8	short	301	WordPerfect 4.2 document
>8	short	325	WordPerfect dialog file
>8	short	332	WordPerfect button bar
>8	short	513	Shell macro
>8	short	522	Shell definition
>8	short	769	Notebook macro
>8	short	770	Notebook help file
>8	short	771	Notebook keyboard file
>8	short	778	Notebook definition
>8	short	1026	Calculator help file
>8	short 	1538	Calendar help file
>8	short 	1546	Calendar data file
>8	short	1793	Editor macro
>8	short	1794	Editor help file
>8	short	1795	Editor keyboard file
>8	short	1817	Editor macro resource file
>8	short 	2049	Macro editor macro
>8	short 	2050	Macro editor help file
>8	short	2051	Macro editor keyboard file
>8	short	2305	PlanPerfect macro
>8	short	2306	PlanPerfect help file
>8	short	2307	PlanPerfect keyboard file
>8	short	2314	PlanPerfect worksheet
>8	short	2319	PlanPerfect printer definition
>8	short	2322	PlanPerfect graphic definition
>8	short	2323	PlanPerfect data
>8	short	2324	PlanPerfect temporary printer
>8	short	2329	PlanPerfect macro resource data
>8	byte	11	Mail
>8	short	2818	help file
>8	short	2821	distribution list
>8	short	2826	out box
>8	short	2827	in box
>8	short	2836	users archived mailbox
>8	short	2837	archived message database
>8	short	2838	archived attachments
>8	short	3083	Printer temporary file
>8	short	3330	Scheduler help file
>8	short	3338	Scheduler in file
>8	short	3339	Scheduler out file
>8	short	3594	GroupWise settings file
>8	short	3601	GroupWise directory services
>8	short	3627	GroupWise settings file
>8	short	4362	Terminal resource data
>8	short	4363	Terminal resource data
>8	short	4395	Terminal resource data
>8	short	4619	GUI loadable text
>8	short	4620	graphics resource data
>8	short	4621	printer settings file
>8	short	4622	port definition file
>8	short	4623	print queue parameters
>8	short	4624	compressed file
>8	short	5130	Network service msg file
>8	short	5131	Network service msg file
>8	short	5132	Async gateway login msg
>8	short	5134	GroupWise message file
>8	short	7956	GroupWise admin domain database
>8	short	7957	GroupWise admin host database
>8	short	7959	GroupWise admin remote host database
>8	short	7960	GroupWise admin ADS deferment data file
>8	short	8458	IntelliTAG (SGML) compiled DTD
>8	long	18219264	WordPerfect graphic image (1.0)
>8	long	18219520	WordPerfect graphic image (2.0)
#end of WordPerfect type files Version 1.6 - PLEASE DO NOT REMOVE THIS LINE

# Hangul (Korean) Word Processor File
0	string	HWP\ Document\ File	Hangul (Korean) Word Processor File

# CosmicBook, from Beno�t Rouits
0       string  CSBK    Ted Neslson's CosmicBook hypertext file

2       string  EYWR    AmigaWriter file

# chi:  file(1) magic for ChiWriter files
0       string          \\1cw\          ChiWriter file
>5      string          >\0             version %s
0       string          \\1cw           ChiWriter file

#------------------------------------------------------------------------------
# file(1) magic(5) data for xdelta  Josh MacDonald <jmacd@CS.Berkeley.EDU>
#
0	string	%XDELTA%	XDelta binary patch file 0.14
0	string	%XDZ000%	XDelta binary patch file 0.18
0	string	%XDZ001%	XDelta binary patch file 0.20
0	string	%XDZ002%	XDelta binary patch file 1.0
0	string	%XDZ003%	XDelta binary patch file 1.0.4
0	string	%XDZ004%	XDelta binary patch file 1.1

#------------------------------------------------------------------------------
# xenix:  file(1) magic for Microsoft Xenix
#
# "Middle model" stuff, and "Xenix 8086 relocatable or 80286 small
# model" lifted from "magic.xenix", with comment "derived empirically;
# treat as folklore until proven"
#
# "small model", "large model", "huge model" stuff lifted from XXX
#
# XXX - "x.out" collides with PDP-11 archives
#
0	string		core		core file (Xenix)
0	byte		0x80		8086 relocatable (Microsoft)
0	leshort		0xff65		x.out
>2	string		__.SYMDEF	 randomized
>0	byte		x		archive
0	leshort		0x206		Microsoft a.out
>8	leshort		1		Middle model
>0x1e	leshort		&0x10		overlay
>0x1e	leshort		&0x2		separate
>0x1e	leshort		&0x4		pure
>0x1e	leshort		&0x800		segmented
>0x1e	leshort		&0x400		standalone
>0x1e	leshort		&0x8		fixed-stack
>0x1c	byte		&0x80		byte-swapped
>0x1c	byte		&0x40		word-swapped
>0x10	lelong		>0		not-stripped
>0x1e	leshort		^0xc000		pre-SysV
>0x1e	leshort		&0x4000		V2.3
>0x1e	leshort		&0x8000		V3.0
>0x1c	byte		&0x4		86
>0x1c	byte		&0xb		186
>0x1c	byte		&0x9		286
>0x1c	byte		&0xa		386
>0x1f	byte		<0x040		small model
>0x1f	byte		=0x048		large model	
>0x1f	byte		=0x049		huge model 
>0x1e	leshort		&0x1		executable
>0x1e	leshort		^0x1		object file
>0x1e	leshort		&0x40		Large Text
>0x1e	leshort		&0x20		Large Data
>0x1e	leshort		&0x120		Huge Objects Enabled
>0x10	lelong		>0		not stripped

0	leshort		0x140		old Microsoft 8086 x.out
>0x3	byte		&0x4		separate
>0x3	byte		&0x2		pure
>0	byte		&0x1		executable
>0	byte		^0x1		relocatable
>0x14	lelong		>0		not stripped

0	lelong		0x206		b.out
>0x1e	leshort		&0x10		overlay
>0x1e	leshort		&0x2		separate
>0x1e	leshort		&0x4		pure
>0x1e	leshort		&0x800		segmented
>0x1e	leshort		&0x400		standalone
>0x1e	leshort		&0x1		executable
>0x1e	leshort		^0x1		object file
>0x1e	leshort		&0x4000		V2.3
>0x1e	leshort		&0x8000		V3.0
>0x1c	byte		&0x4		86
>0x1c	byte		&0xb		186
>0x1c	byte		&0x9		286
>0x1c	byte		&0x29		286
>0x1c	byte		&0xa		386
>0x1e	leshort		&0x4		Large Text
>0x1e	leshort		&0x2		Large Data
>0x1e	leshort		&0x102		Huge Objects Enabled

0	leshort		0x580		XENIX 8086 relocatable or 80286 small model

#------------------------------------------------------------------------------
# xo65 object files
# From: "Ullrich von Bassewitz" <uz@cc65.org>
#
0	string		\x55\x7A\x6E\x61	xo65 object,
>4	leshort		x			version %d,
>6	leshort&0x0001 =0x0001			with debug info
>6	leshort&0x0001 =0x0000			no debug info

# xo65 library files
0	string		\x6E\x61\x55\x7A	xo65 library,
>4	leshort		x			version %d

# o65 object files
0	string		\x01\x00\x6F\x36\x35	o65
>6	leshort&0x1000	=0x0000			executable,
>6	leshort&0x1000	=0x1000			object,
>5	byte		x			version %d,
>6	leshort&0x8000	=0x8000			65816,
>6	leshort&0x8000	=0x0000			6502,
>6	leshort&0x2000	=0x2000			32 bit,
>6	leshort&0x2000	=0x0000			16 bit,
>6	leshort&0x4000	=0x4000			page reloc,
>6	leshort&0x4000	=0x0000			byte reloc,
>6	leshort&0x0003	=0x0000			alignment 1
>6	leshort&0x0003	=0x0001			alignment 2
>6	leshort&0x0003	=0x0002			alignment 4
>6	leshort&0x0003	=0x0003			alignment 256

#------------------------------------------------------------------------------
# xwindows:  file(1) magic for various X/Window system file formats.

# Compiled X Keymap 
# XKM (compiled X keymap) files (including version and byte ordering)
1	string	mkx				Compiled XKB Keymap: lsb,
>0	byte	>0				version %d
>0	byte	=0				obsolete
0	string	xkm				Compiled XKB Keymap: msb,
>3	byte	>0				version %d
>0	byte	=0				obsolete

# xfsdump archive
0	string	xFSdump0			xfsdump archive
>8	long	x	(version %d)

# Jaleo XFS files
0	long	395726				Jaleo XFS file
>4	long	x				- version %ld
>8	long	x				- [%ld -
>20	long	x				%ldx
>24	long	x				%ldx
>28	long	1008				YUV422]
>28	long	1000				RGB24]

#------------------------------------------------------------------------------
# zilog:  file(1) magic for Zilog Z8000.
#
# Was it big-endian or little-endian?  My Product Specification doesn't
# say.
#
0	long		0xe807		object file (z8000 a.out)
0	long		0xe808		pure object file (z8000 a.out)
0	long		0xe809		separate object file (z8000 a.out)
0	long		0xe805		overlay object file (z8000 a.out)

#------------------------------------------------------------------------------
# zyxel:  file(1) magic for ZyXEL modems
#
# From <rob@pe1chl.ampr.org>
# These are the /etc/magic entries to decode datafiles as used for the
# ZyXEL U-1496E DATA/FAX/VOICE modems.  (This header conforms to a
# ZyXEL-defined standard)

0	string		ZyXEL\002	ZyXEL voice data
>10	byte		0		- CELP encoding
>10	byte&0x0B	1		- ADPCM2 encoding
>10	byte&0x0B	2		- ADPCM3 encoding
>10	byte&0x0B	3		- ADPCM4 encoding
>10	byte&0x0B	8		- New ADPCM3 encoding
>10	byte&0x04	4		with resync