View Issue Details

IDProjectCategoryView StatusLast Update
0000498fileGeneralpublic2024-01-30 21:46
Reporterjsummers Assigned Tochristos  
Status assignedResolutionopen 
Product Version5.45 
Summary0000498: PKLITE-compressed executable files
DescriptionHi, I'd like to discuss whether PKLITE-compressed (MS-DOS) executable files could or should be identified by 'file', and what it would take to do it. There are EXE and COM-based formats, which could be considered separately.

I've done some work on this. The main rules I'm working on are at in the "pklite" subdirectory. Some alternatives are in the "pklite_simple" and "pklite_hdronly" subdirectories.

Side note: I've written a script: - - that analyzes and fingerprints such files.

PKLITE-compressed files contain a signature-like copyright string, but if you ask me, it shouldn't be relied upon. This was a very hacked-on format, and the copyright string was often modified.

Even without the copyright string, identifying PKLITE files is doable. But I guess it may be tricky to integrate it into the existing EXE rules without breaking something. Also note that many self-extracting ZIP archives have the executable part PKLITE-compressed. Such files ought to be identified as Self-Extracting ZIP, or, preferably, both PKLITE-compressed and Self-Extracting ZIP.
TagsNo tags attached.



2024-01-30 21:46

manager   ~0003993

Yes, that would be the tricky part (integrating it in the com/exe magic which is far too complicated). Joerg Jenderek who is in the mailing list has made a lot of changes recently to this entry, so perhaps discuss it there.

Issue History

Date Modified Username Field Change
2024-01-17 16:04 jsummers New Issue
2024-01-30 21:45 christos Assigned To => christos
2024-01-30 21:45 christos Status new => assigned
2024-01-30 21:46 christos Note Added: 0003993