Open Packaging Conventions
Office files like .docx, .xlsm, ... are Office Open XML (OOXML) files: a ZIP container containing XML files and possibly other file types.
OOXML files follow the Open Packaging Conventions (OPC) format.
OPC files contain a /[Content_Types].xml file (describing the MIME format of all parts of the OPC container) and a _rels/.rels file (documenting the relationships inside the OPC container).
Like this .xlsm file:
In my experience with OOXML files, /[Content_Types].xml is the first ZIP record, and _rels/.rels is the second ZIP record.
When an OOXML file has been modified with a ZIP utility, it's often the case that that order is no longer respected: files /[Content_Types].xml and _rels/.rels are no longer first and second (this has no impact on the parsing of these altered files by Office applications).
AFAIK, the OPC standard does not require these 2 files to be the first in the ZIP container.
Please post a comment if you know of OPC examples (there are other file formats than OOXML that are based on OPC) created by applications that do not put these 2 files first inside the ZIP container.
Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com
Comments
0a74e76992fb20a3871245a26d14036f131eda3b0339db98b2ceecce5fbd90c0
5aa8791f8baedf09bd004e5305b0ba61b60faef7e281ed04fe07ef6dd571289c (.xlsx)
Anonymous
Oct 11th 2020
4 years ago
LibreOffice
(here a Python-Code to check all files of a directory could be helpfull)
Anonymous
Oct 11th 2020
4 years ago
> 0a74e76992fb20a3871245a26d14036f131eda3b0339db98b2ceecce5fbd90c0
> 5aa8791f8baedf09bd004e5305b0ba61b60faef7e281ed04fe07ef6dd571289c (.xlsx)
Do you know which applications were used to create these files?
Anonymous
Oct 11th 2020
4 years ago
Anonymous
Oct 11th 2020
4 years ago