Comparing Office Documents with WinMerge

Published: 2020-06-22. Last Updated: 2020-06-22 17:58:18 UTC
by Didier Stevens (Version: 1)
1 comment(s)

Sometimes I have to compare the internals of Office documents (OOXML files, e.g. ZIP container with XML files, …). Since they are ZIP containers, I have to compare the files within. I used to do this with with zipdump.py tool, but recently, I started to use WinMerge because of its graphical user interface.

WinMerge is a free Windows tool to compare files.

It is capable of comparing files stored inside archives: this is exactly what Office documents like .docx, .xlsm, … are.

First I have to change a setting so that WinMerge will recognize archive files like ZIP files based on their content too, and not only their extension.

Then I open the 2 Word documents. The first .docx file is a Word document with the text "This is test 1", the second Word document is an edited copy with the text "This is test 2".

I make sure that all comparisons are visible, and expand all subfolders:

It is not a surprise that document.xml is one of the files that is different: it contains the words I typed into the document and then altered:

WinMerge can also be used to compare XML files:

And then it is easier to see the changes I made:

 

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com

Keywords:
1 comment(s)

Comments

sorry for misusing this diary.

At June 12 your wrote about 'nicely' obfuscated malware.

Today there was a similar type, but now as a xlsx!

https://bazaar.abuse.ch/sample/11335112bd99bba097839f78c98c46bd409ab63074b1eb038bd5134f39c49ed7/

How a xlsx can contains VBA?

Anonymous

Jun 23rd 2020
5 years ago

Login here to join the discussion.


Top of page
Diary Archives