This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: UPX & The "file" Command


> Anyway, I was wondering if someone who knows what the proper magic file 
> entries should be for detecting a UPX-compressed binary could supply 
> them (assuming there is a discernable signature for these files)?
> 
> Likewise, if the magic file entry (-ies) could be added or submitted to 
> the appropriate maintainer for inclusion in the Cygwin or the primary 
> "file" distribution, that would great.

Just by messing around with od, I was able to add a line to 
/usr/share/magic that detects UPX compressed PE-format executables.
Since this is the cygwin list, I assume you care only about PE-format 
executables.

My patch assumes (possibly incorrectly) that the UPX header always 
begins at offset 0640 (416 decimal)  in the file.  This is not so bad as 
the magic file that comes with the file package itself assumes 
incorrectly that the PE header always begins at offset 128.

The patch is attached.  The patch adds a single line to 
/usr/share/magic.  To apply it, execute EITHER

cd /; patch -p0 <magic-upx.patch
-OR-
cd /usr/share; patch -p2 <magic-upx.patch

Also note that for the change to take effect, you will also have to 
disable or rebuild the pre-compiled version of the magic file at 
/usr/share/magic.mgc.  You can disable it by renaming it.  Discovering 
how to rebuild this file is left as an exercise to the reader.

					-Mark
--- usr/share/magic.orig	2002-05-15 15:30:05.000000000 -0700
+++ usr/share/magic	2002-05-15 15:30:34.000000000 -0700
@@ -4485,6 +4485,7 @@
 #>>>198	leshort		x	\b.%d,
 #>>>200	leshort		x	subsystem version %d
 #>>>202	leshort		x	\b.%d,
+>416	string		UPX1\0	UPX-compressed
 0	leshort		0x14c	MS Windows COFF Intel 80386 object file
 #>4	ledate		x	stamp %s
 0	leshort		0x166	MS Windows COFF MIPS R4000 object file

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]