Tool to expand an OLE Compound File into a structure of folders and files on disk, or to create a new OLE Compound File via the inverse operation.
One use of this tool is in fuzzing operations. You can:
- Use this tool to expand a seed file, then:
- Examine and mutate the resulting folders and/or files on disk, then:
- Use this tool again, to turn the mutated folder structure back into an OLE Compound File that can be consumed by the application being tested.
To expand a Compound Document file:
CompoundFileTool /e <src> /o <dst_folder> [/f]
The folder <dst_folder> must not exist beforehand, unless you specify /f (/force).
If you do specify /f, <dst_folder> will first be deleted in its entirety.
To create a Compound Document file from a folder structure:
CompoundFileTool /c <src_folder> /o <dst_path> [/s <sector_size>]
The filesystem representation of a Compound Document file is mostly straightforward. The top folder corresponds the root storage, and subfolders correspond to substorages, hierarchically. Streams are represented by files.
There are a few subtleties, however:
- If a storage or stream name contains a character that is invalid in an NTFS filename, the character is escaped as
!u0000, where0000is the 4-digit hex representation of the character.- If the name is a special reserved name, such as
NUL, that cannot exist in the filesystem, then the entire name will be escaped.
- If the name is a special reserved name, such as
- If a storage has an associated non-NULL class, the CLSID appears in a file named
!CLSIDwithin the corresponding folder. Format is ASCII. - If a storage has associated non-zero state bits, the state bits are written in ASCII hex to a file named
!STATEBITSwithin the corresponding folder. - Note that
!is not a valid character in storage and stream names in compound files, so the above uses of the!character create no ambiguities.