 |
Stub
This article is a stub, an article too short to provide more than rudimentary information about a subject. You can help the Microsoft Wiki by expanding it.
|
|---|
Windows Metafile (WMF) is an image file format originally designed for Microsoft Windows in the early 1990s. The original Windows Metafile format was not device-independent (though it could be made more so with placement headers) and may contain both vector graphics and bitmap components. It acts in a similar manner to SVG files. WMF files were later superseded by Enhanced Metafiles (EMF files) which did provide for device independence. EMF files were themselves enhanced via the EMF+ files.
Essentially, a metafile stores a list of records consisting of drawing commands, property definitions, and graphics objects to display an image on screen. The drawing commands used are closely related to the commands of the Graphics Device Interface (GDI) API used for drawing in Windows.
There are three major types of metafiles – WMF is a 16-bit format introduced in Windows 3.0. It is a native vector format for Microsoft Office applications such as Word, PowerPoint, and Publisher. As of April 2024, revision 18 of the Windows Metafile specification is available. EMF files, which replaced WMF files, work on the same principle, only it is a 32-bit file format that allows for embedding of private data within "comment" records. EMF+ is an extension to EMF files and embedded in these comment records, allowing for images and text using commands, objects, and properties that are similar to Windows GDI+
The format is somewhat similar in purpose and design to the PostScript format used in Unix systems.
History
The original 16-bit WMF file format was fully specified in volume 4 of the 1992 Windows 3.1 SDK documentation (at least if combined with the descriptions of the individual functions and structures in the other volumes), but that specification was vague about a few details. These manuals were published as printed books available in bookstores with no click-through EULA or other unusual licensing restrictions (just a general warning that if purchased as part of a software bundle, the software would be subject to one).
Over time, the existence of that historic specification was largely forgotten, and some alternative implementations resorted to reverse engineering to figure out the file format from existing WMF files, which was difficult and error-prone. In September 2006, Microsoft again published the WMF file format specification in a more complete form in the context of the Microsoft Open Specification Promise, promising not to assert patent rights to file format implementors.
Microsoft later deprecated WMF Files in favor of 32-bit EMF files, as WMF files had real issues with device independence, despite the use of a "placeable" file header which provided basic device independence. Microsoft found that the developers who use the format were "[embedding] application, location, or scaling comments in the metafiles... Others added headers to the metafile that provided various application-specific information," causing major compatibility issues. Thus, in 1992, with Windows NT 3.1, Microsoft introduced the Enhanced Metafile format (EMF) – a format which was based on the Win32 API and with which they built in device independence. These were also known as NT metafiles. With the release of the Windows XP and GDI+, the set of records had to be significantly increased and so Microsoft released EMF+ as an extension to the existing EMF file format.
SetAbortProc exploit
- Main article: Windows Metafile vulnerability
Exploits using the "SetAbortProc" GDI function were discovered in December 2005. The function, which registers an error handler normally intended for use when a print job is cancelled during spooling, allows arbitrary code added to a WMF image to be executed without the permission of the user.
Alternative implementations
The WMF format was designed to be executed by the Windows graphics layer GDI to restore the image, but as the WMF binary files contain the definition of the GDI graphic primitives that constitute this image, it is possible to design alternative libraries that render WMF binary files, or convert them in other graphic formats.
For example, the Batik library is able to render WMF files and convert them to their SVG equivalent. The Vector Graphics package of the FreeHEP Java library allows to save Java2D drawings as EMF files.
Currently, the only programme that directly unpacks EMZ and WMZ files into EMF and WMF files is SpeedCommander 12.