[File] [PATCH] of Magdir/ole2compounddocs for Corel Gallery *.gal

Jörg Jenderek joerg.jen.der.ek at gmx.net
Tue Jun 30 15:10:18 UTC 2020 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,
some months ago i send patches to handle OLE 2 Compound Document.
Some days ago i handle newer Corel Gallery with file name extension
gal. These are based on OLE 2 Compound Document format.
When running file command version 5.39 on such Corel galleries with
- -e cdf option i get an output like:

CHARITY.GAL:  OLE 2 Compound Document, v3.62, SecID 0x1,
	      3 FAT sectors, Mini FAT start sector 0x2 : UNKNOWN
CORP.GAL:     OLE 2 Compound Document, v3.62, SecID 0x1,
	      36 FAT sectors, Mini FAT start sector 0x2 : UNKNOWN
LAND.GAL:     OLE 2 Compound Document, v3.62, SecID 0x1,
	      75 FAT sectors, Mini FAT start sector 0x2 : UNKNOWN
PEOPLE.GAL:   OLE 2 Compound Document, v3.62, SecID 0x1,
	      81 FAT sectors, Mini FAT start sector 0x2 : UNKNOWN
PRODUCTS.GAL: OLE 2 Compound Document, v3.62, SecID 0x1,
	      37 FAT sectors, Mini FAT start sector 0x2 : UNKNOWN
SPECIAL.GAL:  OLE 2 Compound Document, v3.62, SecID 0x1,
	      50 FAT sectors, Mini FAT start sector 0x2 : UNKNOWN
WINNERS.GAL:  OLE 2 Compound Document, v3.62, SecID 0x1,
	      12 FAT sectors, Mini FAT start sector 0x2 : UNKNOWN


Some information about Corel Gallery is found on file formats
archive team site. So i add to Magdir/ole2compounddocs a comment
line like:
 # URL:	http://fileformats.archiveteam.org/wiki/Corel_Gallery

For the unknown Corel galleries clsid is zero. So i look at
directory name entries, which seems to have often specific
directory entry names names (_ITEM_, _DATA_ and _INFO_). The names
_ALBUM_ and _THUMBNAIL_ follow later.
So i add after Corel PrintHouse image to check for third directory
entry name _INFO_ by lines like:
 >>>>256 	lestring16	_INFO_		: Corel Gallery
 !:mime	application/x-corel-gal
 !:ext	gal

After applying the above mentioned modifications by patch
file-5.39-ole2compounddocs-gal.diff then the above mentioned
Corel examples are now identified like:

CHARITY.GAL:  OLE 2 Compound Document, v3.62, SecID 0x1,
	      3 FAT sectors, Mini FAT start sector 0x2 :
	      Corel Gallery
CORP.GAL:     OLE 2 Compound Document, v3.62, SecID 0x1,
	      36 FAT sectors, Mini FAT start sector 0x2 :
	      Corel Gallery
LAND.GAL:     OLE 2 Compound Document, v3.62, SecID 0x1,
	      75 FAT sectors, Mini FAT start sector 0x2 :
	      Corel Gallery
PEOPLE.GAL:   OLE 2 Compound Document, v3.62, SecID 0x1,
	      81 FAT sectors, Mini FAT start sector 0x2 :
	      Corel Gallery
PRODUCTS.GAL: OLE 2 Compound Document, v3.62, SecID 0x1,
	      37 FAT sectors, Mini FAT start sector 0x2 :
	      Corel Gallery
SPECIAL.GAL:  OLE 2 Compound Document, v3.62, SecID 0x1,
	      50 FAT sectors, Mini FAT start sector 0x2 :
	      Corel Gallery
WINNERS.GAL:  OLE 2 Compound Document, v3.62, SecID 0x1,
	      12 FAT sectors, Mini FAT start sector 0x2 :
	      Corel Gallery

Because i want to show more information for possible unknown OLE
based samples with clsid 0 i add lines to show the first 3
directory name entries (which are often characteristic) after line
with UNKNOWN phrase by more lines like:
 >>>>>128	lestring16	x with names %.20s
 >>>>>256	lestring16	x %.20s
 >>>>>384	lestring16	x %.20s

I hope that my 2 diff files can be applied in future version of file
utility.

With best wishes
Jörg Jenderek
- --
Jörg Jenderek

-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iF0EARECAB0WIQS5/qNWKD4ASGOJGL+v8rHJQhrU1gUCXvtVswAKCRCv8rHJQhrU
1lYsAKDW+/DDqW9OrLC6HpzRmGg80bP6vQCfc3k+DVRKO13lXOJxSOZH5uBWE98=
=AqPE
-----END PGP SIGNATURE-----
-------------- next part --------------
--- file-5.39/magic/Magdir/ole2compounddocs.old	2020-05-31 10:34:40 +0000
+++ file-5.39/magic/Magdir/ole2compounddocs	2020-06-30 13:57:20 +0000
@@ -210,6 +210,15 @@
 >>>>256 	lestring16	Thumbnail		: Corel PrintHouse image
 !:mime	application/x-corel-cph
 !:ext	cph
+# URL:	http://fileformats.archiveteam.org/wiki/Corel_Gallery
+# Note:	format since Gallery 2; sometimes called Corel Multimedia Manager Album
+# third directory entry name _INFO_
+>>>>256 	lestring16	_INFO_			: Corel Gallery
+# second directory entry name _ITEM_ or _DATA_
+# later directory entry names: _ALBUM_ _THUMBNAIL_
+#!:mime	application/x-ole-storage
+!:mime	application/x-corel-gal
+!:ext	gal
 #
 # URL:	https://en.wikipedia.org/wiki/Hangul_(word_processor)
 # Note:	"HWP Document File" signature found in FileHeader
-------------- next part --------------
--- file-5.39/magic/Magdir/ole2compounddocs.old	2020-05-31 10:34:40 +0000
+++ file-5.39/magic/Magdir/ole2compounddocs	2020-06-30 14:51:02 +0000
@@ -252,4 +252,10 @@
 #	remaining null clsid
 >>>>128 	default		x			: UNKNOWN
+# second directory entry name like VisioDocument Control000
+>>>>>128	lestring16	x with names %.20s
+# third directory entry like WordDocument
+>>>>>256	lestring16	x %.20s
+# forth
+>>>>>384	lestring16	x %.20s
 !:mime	application/x-ole-storage
 #	look for known clsid GUID
-------------- next part --------------
A non-text attachment was scrubbed...
Name: file-5.39-ole2compounddocs-gal.diff.sig
Type: application/octet-stream
Size: 95 bytes
Desc: not available
URL: <https://mailman.astron.com/pipermail/file/attachments/20200630/e574bb47/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: file-5.39-ole2compounddocs-clsid0.diff.sig
Type: application/octet-stream
Size: 95 bytes
Desc: not available
URL: <https://mailman.astron.com/pipermail/file/attachments/20200630/e574bb47/attachment-0001.obj>

More information about the File mailing list