📄 magic.c
字号:
/* magic.c Network application protocol identification, based on file(1) magic. Copyright (c) 2000 Dug Song <dugsong@monkey.org> Copyright (c) 1987 Ian F. Darwin This software is not subject to any license of the American Telephone and Telegraph Company or of the Regents of the University of California. Permission is granted to anyone to use this software for any purpose on any computer system, and to alter it and redistribute it freely, subject to the following restrictions: 1. The author is not responsible for the consequences of use of this software, no matter how awful, even if they arise from flaws in it. 2. The origin of this software must not be misrepresented, either by explicit claim or by omission. Since few users ever read sources, credits must appear in the documentation. 3. Altered versions must be plainly marked as such, and must not be misrepresented as being the original software. Since few users ever read sources, credits must appear in the documentation. 4. This notice may not be removed or altered. $Id: magic.c,v 1.8 2000/11/19 21:39:40 dugsong Exp $*/#include "config.h"#include <sys/types.h>#include <stdio.h>#include <stdlib.h>#include <string.h>#include <ctype.h>#include <time.h>#include <err.h>#include "options.h"#include "magic.h"#define LOWCASE(p) (isupper((u_char) (p)) ? tolower((u_char) (p)) : (p))#define INDIR 1 /* if '>(...)' appears, */#define UNSIGNED 2 /* comparison is unsigned */#define ADD 4 /* if '>&' appears, */#define BYTE 1#define SHORT 2#define LONG 4#define STRING 5#define DATE 6#define BESHORT 7#define BELONG 8#define BEDATE 9#define LESHORT 10#define LELONG 11#define LEDATE 12struct magic { short flag; short cont_level; struct { int8_t type; /* byte short long */ int32_t offset; /* offset from indirection */ } in; int32_t offset; /* offset to magic number. */ u_char reln; /* relation (0=eq, '>'=gt, etc.) */ int8_t type; /* int, short, long or string */ char vallen; /* length of string value, if any */ union VALUETYPE { u_char b; u_short h; u_int32_t l; char s[32]; u_char hs[2]; /* 2 bytes of a fixed-endian "short" */ u_char hl[4]; /* 4 bytes of a fixed-endian "long" */ } value; /* either number or string */ u_int32_t mask; /* mask before comparison with value */ char desc[50]; /* description */};static char *Magictypes[12] = { "byte", "short", "null", "long", "string", "date", "beshort", "belong", "bedate", "leshort", "lelong", "ledate",};static struct magic Magic[512];static int Magiccnt = 0;static int Magicmax = sizeof(Magic) / sizeof(Magic[0]);static char Match[128];static voideatsize(char **p){ char *l = *p; if (LOWCASE(*l) == 'u') l++; switch (LOWCASE(*l)) { case 'l': /* long */ case 's': /* short */ case 'h': /* short */ case 'b': /* char/byte */ case 'c': /* char/byte */ l++; /*FALLTHROUGH*/ default: break; } *p = l;}/* Single hex char to int; -1 if not a hex char. */static inthextoint(int c){ if (!isascii((u_char) c)) return (-1); if (isdigit((u_char) c)) return (c - '0'); if ((c >= 'a') && (c <= 'f')) return (c + 10 - 'a'); if ((c >= 'A') && (c <= 'F')) return (c + 10 - 'A'); return (-1);}/* * Convert a string containing C character escapes. Stop at an unescaped * space or tab. * Copy the converted version to "p", returning its length in *slen. * Return updated scan pointer as function result. */static char *getstr(char *s, char *p, int plen, int *slen){ char *origs = s, *origp = p; char *pmax = p + plen - 1; int c; int val; while ((c = *s++) != '\0') { if (isspace((u_char) c)) break; if (p >= pmax) { warnx("getstr: string too long: %s", origs); break; } if (c == '\\') { switch ((c = *s++)) { case '\0': goto out; default: *p++ = (char) c; break; case 'n': *p++ = '\n'; break; case 'r': *p++ = '\r'; break; case 'b': *p++ = '\b'; break; case 't': *p++ = '\t'; break; case 'f': *p++ = '\f'; break; case 'v': *p++ = '\v'; break; /* \ and up to 3 octal digits */ case '0': case '1': case '2': case '3': case '4': case '5': case '6': case '7': val = c - '0'; c = *s++; /* try for 2 */ if (c >= '0' && c <= '7') { val = (val << 3) | (c - '0'); c = *s++; /* try for 3 */ if (c >= '0' && c <= '7') val = (val << 3) | (c - '0'); else --s; } else --s; *p++ = (char) val; break; /* \x and up to 2 hex digits */ case 'x': val = 'x'; /* Default if no digits */ c = hextoint(*s++); /* Get next char */ if (c >= 0) { val = c; c = hextoint(*s++); if (c >= 0) val = (val << 4) + c; else --s; } else --s; *p++ = (char) val; break; } } else *p++ = (char) c; } out: *p = '\0'; *slen = p - origp; return (s);}/* Extend the sign bit if the comparison is to be signed. */u_int32_tsignextend(struct magic *m, u_int32_t v){ if (!(m->flag & UNSIGNED)) return (v); switch(m->type) { /* * Do not remove the casts below. They are * vital. When later compared with the data, * the sign extension must have happened. */ case BYTE: v = (char) v; break; case SHORT: case BESHORT: case LESHORT: v = (short) v; break; case DATE: case BEDATE: case LEDATE: case LONG: case BELONG: case LELONG: v = (int32_t) v; break; case STRING: break; default: warnx("sign_extend: can't happen: m->type = %d", m->type); return (-1); } return (v);}/* * Read a numeric value from a pointer, into the value union of a magic * pointer, according to the magic type. Update the string pointer to point * just after the number read. Return 0 for success, non-zero for failure. */static intgetvalue(struct magic *m, char **p){ int slen; if (m->type == STRING) { *p = getstr(*p, m->value.s, sizeof(m->value.s), &slen); m->vallen = slen; } else if (m->reln != 'x') { m->value.l = signextend(m, strtoul(*p, p, 0)); eatsize(p); } return (0);}#define SZOF(a) (sizeof(a) / sizeof(a[0]))voidmdump(struct magic *m){ static char *typ[] = { "invalid", "byte", "short", "invalid", "long", "string", "date", "beshort", "belong", "bedate", "leshort", "lelong", "ledate" }; (void) fputc('[', stderr); (void) fprintf(stderr, ">>>>>>>> %d" + 8 - (m->cont_level & 7), m->offset); if (m->flag & INDIR) (void) fprintf(stderr, "(%s,%d),", (m->in.type >= 0 && m->in.type < SZOF(typ)) ? typ[(unsigned char) m->in.type] : "*bad*", m->in.offset); (void) fprintf(stderr, " %s%s", (m->flag & UNSIGNED) ? "u" : "", (m->type >= 0 && m->type < SZOF(typ)) ? typ[(unsigned char) m->type] : "*bad*"); if (m->mask != ~0) (void) fprintf(stderr, " & %.8x", m->mask); (void) fprintf(stderr, ",%c", m->reln); if (m->reln != 'x') { switch (m->type) { case BYTE: case SHORT: case LONG: case LESHORT: case LELONG: case BESHORT: case BELONG: (void) fprintf(stderr, "%d", m->value.l); break; case STRING: fprintf(stderr, "%s", m->value.s); break; case DATE: case LEDATE: case BEDATE: { char *rt, *pp = ctime((time_t*) &m->value.l); if ((rt = strchr(pp, '\n')) != NULL) *rt = '\0'; (void) fprintf(stderr, "%s,", pp); if (rt) *rt = '\n'; } break; default: (void) fputs("*bad*", stderr); break; } } (void) fprintf(stderr, ",\"%s\"]\n", m->desc);}static intmagic_parse(char *p){ struct magic *m; char *t, *s; int i, j; if (Magiccnt + 1 > Magicmax) errx(1, "magic_parse: magic table full"); m = &Magic[Magiccnt]; m->flag = 0; m->cont_level = 0; while (*p == '>') { p++; /* step over */ m->cont_level++; } if (m->cont_level != 0 && *p == '(') { p++; /* step over */ m->flag |= INDIR; } if (m->cont_level != 0 && *p == '&') { p++; /* step over */ m->flag |= ADD; } /* Get offset, then skip over it. */ m->offset = (int) strtoul(p, &t, 0); if (p == t) errx(1, "magic_parse: offset %s invalid", p); p = t; if (m->flag & INDIR) { m->in.type = LONG; m->in.offset = 0; /* read [.lbs][+-]nnnnn) */ if (*p == '.') { p++; switch (LOWCASE(*p)) { case 'l': m->in.type = LONG; break; case 'h': case 's': m->in.type = SHORT; break; case 'c': case 'b': m->in.type = BYTE; break; default: errx(1, "magic_parse: indirect offset " "type '%c' invalid", *p); break; } p++; } s = p; if (*p == '+' || *p == '-') p++; if (isdigit((u_char) *p)) { m->in.offset = strtoul(p, &t, 0); if (*s == '-') m->in.offset = - m->in.offset; } else t = p; if (*t++ != ')') errx(1, "magic_parse: missing ')' in indirect offset"); p = t; } while (isascii((u_char) *p) && isdigit((u_char) *p)) p++;⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -