From ba14dd0cb26e94e2b38a3259384eb4c97401cd5a Mon Sep 17 00:00:00 2001
From: gmestanley <agsproductionsnew@outlook.com>
Date: Sat, 26 Aug 2023 19:38:30 -0300
Subject: [PATCH] patterns: Adding IPS pattern and fixed PE magic file (#153)

* Update pe.hexpat

New improvement

* Add ips.hexpat via upload

* Add ips.hexpat.ips via upload

* Added IPS to README

* Mentioned Windows in portable_executable_magic
---
 README.md                               |   1 +
 magic/portable_executable_magic         |   2 +-
 patterns/ips.hexpat                     |  30 ++++++++++++++++++++++++
 tests/patterns/test_data/ips.hexpat.ips | Bin 0 -> 31 bytes
 4 files changed, 32 insertions(+), 1 deletion(-)
 create mode 100644 patterns/ips.hexpat
 create mode 100644 tests/patterns/test_data/ips.hexpat.ips

diff --git a/README.md b/README.md
index e8c861d3..171a156c 100644
--- a/README.md
+++ b/README.md
@@ -57,6 +57,7 @@ Everything will immediately show up in ImHex's Content Store and gets bundled wi
 | ID3 | `audio/mpeg` | [`patterns/id3.hexpat`](patterns/id3.hexpat) | ID3 tags in MP3 files |
 | Intel HEX  | | [`patterns/intel_hex.hexpat`](patterns/intel_hex.hexpat) | [Intel hexadecimal object file format definition]("https://en.wikipedia.org/wiki/Intel_HEX") |
 | IP | | [`patterns/ip.hexpat`](patterns/ip.hexpat) | Ethernet II Frames (IP Packets) |
+| IPS | | [`patterns/ips.hexpat`](patterns/ips.hexpat) | IPS (International Patching System) files |
 | ISO | | [`patterns/iso.hexpat`](patterns/iso.hexpat) | ISO 9660 file system |
 | Java Class | `application/x-java-applet` | [`patterns/java_class.hexpat`](patterns/java_class.hexpat) | Java Class files |
 | JPEG | `image/jpeg` | [`patterns/jpeg.hexpat`](patterns/jpeg.hexpat) | JPEG Image Format |
diff --git a/magic/portable_executable_magic b/magic/portable_executable_magic
index 4a3afeb2..6ec4e55a 100644
--- a/magic/portable_executable_magic
+++ b/magic/portable_executable_magic
@@ -1,4 +1,4 @@
-# A libmagic database containing definition for PE files used by MS-DOS based systems
+# A libmagic database containing definition for PE files used by MS-DOS/Windows based systems
 
 # MS-DOS Portable Executable
 0x0		    string/b	MZ      MS-DOS Binary
diff --git a/patterns/ips.hexpat b/patterns/ips.hexpat
new file mode 100644
index 00000000..bea7c465
--- /dev/null
+++ b/patterns/ips.hexpat
@@ -0,0 +1,30 @@
+#include <std/mem.pat>
+#include <std/string.pat>
+
+#pragma endian big
+
+u8 eofOffset = 3;
+
+struct Hunk {
+	u24 offset;
+	u16 length;
+	if (length == 0) {
+		u16 runCount;
+		u8 payload;
+	}
+	else {
+		u8 payload[length];
+	}
+};
+
+struct IPS {
+	char signature[5];
+	if (std::mem::read_string(std::mem::size()-3, 3) != "EOF") {
+		eofOffset += 3;
+	}
+	Hunk hunks[while($ < std::mem::size()-eofOffset)];
+	char eof[3];
+	u24 truncatedSize[eofOffset>3];
+};
+
+IPS ips @ 0x00;
\ No newline at end of file
diff --git a/tests/patterns/test_data/ips.hexpat.ips b/tests/patterns/test_data/ips.hexpat.ips
new file mode 100644
index 0000000000000000000000000000000000000000..571f1e27591169efedf8c08878e605804654f05f
GIT binary patch
literal 31
lcmWG=3~}~gVANw^v}Is)V_?)}U_8pez`&y5>JQ|d1OQ581mOSx

literal 0
HcmV?d00001