"File format vulnerability" Microsoft ANI cursor file a thorough analysis of exploits

Source: Internet
Author: User
Tags file handling

ANI file handling Vulnerability in Windows Vulnerability--user32.dll

ANI file format

ANI (Applicedon startins Hour Glass) file is an animated cursor file for MS Windows that can be used as a mouse pointer with the file name extension ". Ani". ANI files are composed of "blocks" (chunk). It is generally composed of five parts: The sign area, the text description area, the information area, the time control area and the data area, namely Riff-acon,list-info,anih,rate,list-fram. Ani file in the form of animation effect, is actually a picture of the cursor or icon image in a certain order to draw to the screen, and retain the specified time (see the Time Control area description) sequentially loop the results of the display. An ANI file begins with 12 bytes, the first 4 bytes are riff, the last 4 bytes are Acon, and the middle 4 bytes is the length of the Ani file (in bytes). With Riff and Acon, it can be concluded that the file is an ANI file, that is, Acon is a symbol of an animated cursor file.
In an ANI file, there are several blocks that must be identified:
? riff-Multimedia File Identification code
? Acon-ani File Identification code
? Anih-ani File Information Area Identification code
? List-list List form (Form fcctype= "Fram")
? Icon-icon Identification Code
In an ANI file, there may also be one or more of the following block identities:
? Inam-ani file Title Area identification code
? Iart-ani File description Information Area identification code
? Rate-ani file Time Control data area identification code
? Seq-ani file image display frame sequence control area identification code
The logical hierarchy between these blocks can be expressed as follows:
"RIFF" {Length of File}
"ACON"
"List" {Length of List}
"INAM" {Length of Title} {Data}
"Iart" {Length of Author} {Data}
"Fram"
"Icon" {Length of Icon} {Data}; 1st in List
...
"Icon" {Length of Icon} {Data}; Last in list (1 to Cframes)
"Anih" {Length of ANI Header (bytes)} {Data}; (see ANI Header TypeDef)
' Rate ' {Length of rate block} {Data}; ea. rate was a long (length is 1 to csteps)
"seq" {Length of sequence block} {Data}; ea. seq is a long (length are 1 to csteps)
-end-

The above is a conclusive description of the ANI file format, to fully understand the role and meaning of these blocks, as well as the logical relationship between blocks and blocks, it really takes some effort.

"File format vulnerability" Microsoft ANI cursor file a thorough analysis of exploits

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.