Magic File Format
Magic files define rules for identifying file types through byte-level patterns. This chapter documents the magic file format supported by libmagic-rs.
Basic Syntax
Magic files consist of rules with the following format:
offset type operator value message
Example Rules
# ELF files
0 string \x7fELF ELF
>4 byte 1 32-bit
>4 byte 2 64-bit
# ZIP archives
0 string PK\003\004 ZIP archive
# JPEG images
0 string \xff\xd8\xff JPEG image
Offset Specifications
Absolute Offsets
0 # Start of file
16 # Byte 16
0x10 # Hexadecimal offset
Relative Offsets (Hierarchical)
0 string \x7fELF ELF
>4 byte 1 32-bit # 4 bytes after ELF magic
>5 byte 1 LSB # 5 bytes after ELF magic
Indirect Offsets
(0x20.l) # Read 32-bit value at 0x20, use as offset
(0x20.l+4) # Same, but add 4 to the result
Data Types
Numeric Types
byte- 8-bit valueshort- 16-bit valuelong- 32-bit valueleshort- Little-endian 16-bitbeshort- Big-endian 16-bitlelong- Little-endian 32-bitbelong- Big-endian 32-bit
String Types
string- Null-terminated stringpstring- Pascal string (length-prefixed)
Operators
=or no operator - Equality (default)!=- Inequality&- Bitwise AND>- Greater than<- Less than
Value Formats
Numeric Values
42 # Decimal
0x2a # Hexadecimal
0377 # Octal
String Values
hello # Plain string
"hello world" # Quoted string
\x7fELF # Escape sequences
PK\003\004 # Mixed format
Byte Sequences
\x7f\x45\x4c\x46 # Hex bytes
\177ELF # Mixed octal/ASCII
Comments and Organization
# This is a comment
# Comments can appear anywhere
# Group related rules
# ELF files
0 string \x7fELF ELF
>4 byte 1 32-bit
# ZIP files
0 string PK ZIP-based format
Advanced Features (Planned)
Regular Expressions
0 regex ^#!/bin/.*sh Shell script
Conditional Logic
0 string \x7fELF ELF
>4 byte 1 32-bit
>>16 leshort >0 executable
MIME Type Mapping
0 string \x7fELF ELF application/x-executable
This format provides a flexible, human-readable way to define file type detection rules while maintaining compatibility with existing magic file databases.