[File] [PATCH] of Magdir/windows for Windows Error Report (*.wer)

Fri Jan 11 18:08:29 UTC 2019

Hello,

some days ago i run file command version 5.35 on Windows Error Report
files (Report.wer) usually located under sub directories ReportArchive
and ReportQueue found on Windows systems in directories
%ProgramData%\Microsoft\Windows\WER and
%LOCALAPPDATA%\Microsoft\Windows\WER. These files are described as "data".

The File identifying utility TrID ( See
http://mark0.net/soft-trid-e.html) identifies such WER-files correctly
as "Windows Error Report".
by definition wer.trid.xml.

So i add magic lines to Magdir/windows to identify such files. Microsoft
claim to support Open Source, but i found no official or un-official
documentation about WER file format on their servers.
On Wikipedia page there exist a page about Windows Error Reporting, but
unfortunately the information there gives no relations to generated WER
text files, but at least i use that site as URL:
	https://en.wikipedia.org/wiki/Windows_Error_Reporting
Because normally user just want to know what is this file type used
for and can i delete such files. So i add link to nirsoft utility
AppCrashView, that is a nice viewer for Windows Error report files and
has the opportunity to delete such WER files by reference URL:
	https://www.nirsoft.net/utils/app_crash_view.html
Apparently such files seems to start with same expressions like
Version=1
EventType=
Furthermore these files seems to be always encoded as UTF-16 little
endian. This is now expressed by magic lines like
 0	lestring16	Version=	
 >22	lestring16	EventType	Windows Error Report
Because such Windows Error Report are just simple text files i choose
for mime type "text/plain" expressed by line:
 !:mime	text/plain
The name for such Windows Error Report seems to be always "Report.wer".
So file name extension is "wer". That is now expressed by line
 !:ext	wer

After applying the above mentioned modifications by patch
file-5.35-windows-wer.diff then all inspected examples are now
described as "Windows Error Report".

I hope my diff file can be applied in future version of file utility.

With best wishes
Jörg Jenderek
-- 
Jörg Jenderek






-------------- next part --------------

--- file-5.35/magic/Magdir/windows.old	2018-02-16 15:44:00 +0000
+++ file-5.35/magic/Magdir/windows	2019-01-11 01:07:21 +0000
@@ -57,4 +57,15 @@
 >0x78	lelong		&2		\b, FULL
 
+# Summary:	Windows Error Report text files
+# URL:		https://en.wikipedia.org/wiki/Windows_Error_Reporting
+# Reference:	https://www.nirsoft.net/utils/app_crash_view.html
+# Created by:	Joerg Jenderek
+# Note:		in directories	%ProgramData%\Microsoft\Windows\WER\{ReportArchive,ReportQueue}
+#				%LOCALAPPDATA%\Microsoft\Windows\WER\{ReportArchive,ReportQueue}
+0	lestring16	Version=	
+>22	lestring16	EventType	Windows Error Report
+!:mime	text/plain
+# Report.wer
+!:ext	wer
 
 # Summary: Windows 3.1 group files
