Hello trid users,
some days ago i run trid on Windows Installer Patch Creation
Properties (*.pcp). These are misidentified as "Windows Installer Patch"
by msp.trid.xml (See appended output/trid-v-old.txt)
For comparison reason i run other file identifying tools. The newest file(1)
command has also difficulties and was not able to distinguish between
Windows Installer MSI, MSM and PCP (See appended output/file-new.txt)
On page about Windows Installer on Wikipedia is mentioned that PCP samples
are used for "Patch Creation Properties". This is now expressed by reference
URL line like:
<RefURL>
http://en.wikipedia.org/wiki/Windows_Installer</RefURL>
Furthermore i add a user defined mime type. That is expressed by line line:
<Mime>application/x-ms-pcp</Mime>
After running tridscan on misidentified samples in global string section many
long garbage phrases appear like:
<String>E'E'E'E'E'H'H'I'I'I'I'I</String>
So i delete such things.
With the new trid definition all my few PCP samples are now recognized, but
often the MSP description still appears as second. (See appended
output/trid-new-v.txt). Unfortunately the new trid definition is generated
only by 3 examples. So i do not know what phrases are required key words and
which are optional.
TrID definition, some examples and output are stored in archive pcp.zip. I
hope that my new XML file can be used in future version of triddefs.
With best wishes
Jörg Jenderek
