Comparing Office Documents with WinMerge
Sometimes I have to compare the internals of Office documents (OOXML files, e.g. ZIP container with XML files, …). Since they are ZIP containers, I have to compare the files within. I used to do this with with zipdump.py tool, but recently, I started to use WinMerge because of its graphical user interface.
WinMerge is a free Windows tool to compare files.
It is capable of comparing files stored inside archives: this is exactly what Office documents like .docx, .xlsm, … are.
First I have to change a setting so that WinMerge will recognize archive files like ZIP files based on their content too, and not only their extension.
Then I open the 2 Word documents. The first .docx file is a Word document with the text "This is test 1", the second Word document is an edited copy with the text "This is test 2".
I make sure that all comparisons are visible, and expand all subfolders:
It is not a surprise that document.xml is one of the files that is different: it contains the words I typed into the document and then altered:
WinMerge can also be used to compare XML files:
And then it is easier to see the changes I made:
Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com
Comments
At June 12 your wrote about 'nicely' obfuscated malware.
Today there was a similar type, but now as a xlsx!
https://bazaar.abuse.ch/sample/11335112bd99bba097839f78c98c46bd409ab63074b1eb038bd5134f39c49ed7/
How a xlsx can contains VBA?
Anonymous
Jun 23rd 2020
4 years ago