At 02:38 PM 1/4/2006, Rick Glazier wrote:
>
>Clear as mud...
>
>From: "Bill Kingsbury"
>>Factoid:
>>File Type Extension Header (HEX) Offset
>>Graphics Metafile wmf 0xD7CDC69A 0
>>Enhanced Metafile emf 0x0100000058000000 0
Search for the HEX string "D7 CD C6 9A" (with the spaces,
and without the quotes) in any file.
If that string is there, chances are, it's an embedded Windows
Metafile. Without it, Windows would need some other way to
identify the code -- in order detect and render the "wmf".
For example, using ZTree, I searched in the following files,
for hex string "D7 CD C6 9A" (ZTree>S,F4 =Search for hex) :
All from MS Office 2000 :
Program Files\Microsoft Office\Office\POWERPNT.EXE - 2 wmfs
Program Files\Microsoft Office\Office\MSACCESS.EXE - 1 wmf
Program Files\Microsoft Office\OFFICE11\GDIPLUS.DLL - 6 wmfs
Program Files\Common Files\Microsoft Shared\Artgalry\ARTGALRY.EXE
- 3 wmfs
Program Files\Common Files\Microsoft Shared\Clipart\ - 317 wmfs
I couldn't find this "wmf header string" anywhere else, except
within a few other MS Office files, and three IrfanView Plugins.
Anyway, it might be a way to "catch one" before it bites.
Sounds too easy though. Why are they claiming it's so hard
to protect against rogue wmfs?
Bill
At 12:02 PM 1/4/2006, Bill Kingsbury wrote:
>
> However, MS Word (MS Office) uses WMF clip art (317 files):
>
> C:\Program Files\Common Files\Microsoft Shared\Clipart\
>
> In MS Word: Alt-Insert, Picture > Clipart
>
> On my patched W2k system, this opens the Clipart Browser, which
> then immediately disappears -- probably due to the "wmffix" fix.
>
> Other MS Office programs may access these same wmf files.
>
>
>
--
----------------------------------------
WIN-HOME Archives: http://PEACH.EASE.LSOFT.COM/archives/WIN-HOME.html
Contact the List Owner about anything: [EMAIL PROTECTED]
Official Win-Home List Members Profiles Page
http://www.besteffort.com/winhome/Profiles.html
