Windows Metafile ( WMF ) is an image file format originally designed for Microsoft Windows in the 1990s. The original Windows Metafile format was not device-independent (though could be made more so with placement headers) and may contain both vector graphics and bitmap components. It acts in a similar manner to SVG files. WMF files were later superseded by Enhanced Metafiles (EMF files) which did provide for device-independence. EMF files were then themselves enhanced via EMF+ files.
53-605: Essentially, a metafile stores a list of records consisting of drawing commands, property definitions and graphics objects to display an image on screen. The drawing commands used are closely related to the commands of the Graphics Device Interface (GDI) API used for drawing in Microsoft Windows. There are three major types of metafiles – a WMF is a 16-bit format introduced in Windows 3.0 . It
106-430: A free and open-source GDI-like class library. Win2D's target audience are developers that use C++, C#, and Visual Basic.NET to develop Universal Windows Platform apps . Aldus Corporation Aldus Corporation was an American software company best known for its pioneering desktop publishing software. PageMaker , the company's most well-known product, ushered in the modern era of desktop computers such as
159-614: A Resource Meter program to allow the user to monitor how much of the total system GDI resources were in use. This resource meter consumed GDI objects itself. Later versions such as Windows 2000 and Windows XP can report GDI object usage for each program in the Task Manager, but they cannot tell the user the total GDI capacity available. Overflowing GDI capacity can affect Windows itself, preventing new windows from opening, menus from displaying, and alert boxes from appearing. The situation can be difficult to clear and can potentially require
212-530: A WMF, they are instead of complex structures. For example, the BitmapCoreHeader contains information about the dimensions and color format of a device-independent bitmap, which is itself part of a DeviceIndependentBitmap object. A graphics object, however, specifies parameters for graphics output and during playback of the WMF it sets up the playback device context. Graphics objects can be brushes (defines
265-480: A forced reset of the system, since it prevents core system programs from functioning. In Windows 8 and 8.1, a forced log-off occurs as a result of GDI capacity overflow, instead of a reboot. Direct2D is the successor of GDI and GDI+. Its sibling, DirectWrite , replaces Uniscribe . They were shipped with Windows 7 and Windows Server 2008 R2, and were available for Windows Vista and Windows Server 2008 (with Platform Update installed). Later, Microsoft developed Win2D ,
318-405: A number of control records: the header record, the aforementioned optional placeable record, and finished by an end of file record. Encapsulated by the control records are the records that make up the image itself. These records work within what is known as the playback device context , which is the collection of properties and objects that make up a device's graphical environment as the metafile
371-504: A piece of text rendering code he had written could render 99,000 glyphs per second in GDI, but the same code using GDI+ rendered 16,600 glyphs per second. GDI+ is similar (in purpose and structure) to Apple ' s QuickDraw GX subsystem, and the open-source libart and Cairo libraries. In Windows Vista, all Windows applications including GDI and GDI+ applications run in the new compositing engine, Desktop Window Manager (DWM), which
424-770: A pixel is encoded in RGBA or is an index into a color table. EmfMetafileHeaderExtension2 is a record that is inserted directly after the EmfMetafileHeaderExtension1 record, and it contains two fields with the X and Y values to measure the device surface in micrometers. Like WMF files, records can be classified by function, however there are more record types in EMF files than there are in WMF files. Records can be classified as control, bitmap, clipping, comment, drawing, escape, object creation, object manipulation, OpenGL, path bracket, state and transform records. With
477-403: A software bundle, the software would be subject to one). Over time the existence of that historic specification was largely forgotten and some alternative implementations resorted to reverse engineering to figure out the file format from existing WMF files, which was difficult and error prone. In September 2006, Microsoft again published the WMF file format specification in a more complete form in
530-483: A suitable driver, while a GDI printer requires a PC running Windows. GDI printers can be made available to computers on a network if they are connected as shared printers on a computer which is on and running Windows. Some "generic" GDI drivers such as pnm2ppa have been written; they aim to make GDI printers compatible with non-Windows operating systems such as FreeBSD , but they cannot support all printers. In order to allow simpler creation of drivers for Winprinters,
583-600: Is apparent in Windows XP components, such as Microsoft Paint , Windows Picture and Fax Viewer , Photo Printing Wizard, and the My Pictures Slideshow screensaver. Their presence in the basic graphics layer greatly simplifies implementations of vector-graphics systems such as Adobe Flash or SVG . Besides, .NET Framework provides a managed interface for GDI+ via the System.Drawing namespace . While GDI+
SECTION 10
#1732779473475636-406: Is available to the function handler — it is one of the two parameters that is passed to it (see above), and it is required in order to abort the printing. Finally, Gibson claimed that the control flow could not return to Windows. It is simply a matter of the function returning and discarding the parameters that were passed on the stack. If the record is well formed, Windows will continue to parse
689-499: Is being "played back" onto this output device. Records other than control records can be largely grouped into bitmap records, drawing records, object records, state records and escape records. Bitmap records manage and output bitmap images . Drawing records produce graphics output. Object records create and manage graphics objects. In WMF files there are two broad categories of objects – graphics objects and structure objects. Structure objects are not explicitly created or deleted in
742-612: Is hardware-accelerated. As such, the GDI itself is no longer hardware-accelerated. Because of the nature of the composition operations, window moves can be faster or more responsive because underlying content does not need to be re-rendered by the application. Windows 7 includes GDI hardware acceleration for blitting operations in the Windows Display Driver Model v1.1 . This improves GDI performance and allows DWM to use local video memory for compositing, thereby reducing system memory footprint and increasing
795-504: Is included with Windows XP and later, the GDI+ dynamic library can also be shipped with an application and used on older versions of Windows. Because of the additional text processing and resolution independence capabilities in GDI+, the CPU undertakes text rendering. The result is an order of magnitude slower than the hardware-accelerated GDI. Chris Jackson published some tests indicating that
848-519: Is inherently location-independent and Windows was never patched, so both Windows and an application could simply copy an application function into the WMF file and assume it would work when played back by the same application in a later run session. In any case, its not clear that the developers envisioned applications creating on-disk metafiles with abort procedures. Also, as Microsoft’s Stephen Toulouse pointed out in Microsoft’s rebuttal to Steve’s claims,
901-488: Is installed. With the introduction of Windows XP , GDI+ complemented GDI. GDI+ has been written in C++. It adds anti-aliased 2D graphics, floating point coordinates, gradient shading, more complex path management, intrinsic support for modern graphics-file formats like JPEG and PNG , and support for composition of affine transformations in the 2D view pipeline. GDI+ uses RGBA values to represent color. Use of these features
954-414: Is relatively hard to use for advanced animation, lacks a notion for synchronizing with individual video frames in the video card , and lacks hardware rasterization for 3D. Modern games usually use DirectX , Vulkan , or OpenGL instead. In GDI, a device context (DC) defines the attributes of text and images for the output device, e.g., screen or printer. GDI maintains the actual context. Generating
1007-661: Is the native vector format for Microsoft Office applications such as Word , PowerPoint , and Publisher . As of 2023, revision 17 of the Windows Metafile Format specification is available. EMF files, which replaced WMF files, work on the same principle only it is a 32-bit file format that also allows for the embedding of private data within "comment" records. EMF+ is an extension to EMF files and embedded in these comment records, allowing for images and text using commands, objects and properties that are similar to Windows GDI+ . The original 16 bit WMF file format
1060-485: Is the only user of the video memory, which was not tenable on multi-tasked environment , such as Windows. The BYTE magazine, in December 1983, discussed Microsoft's plans for a system to output graphics to both printers and monitors with the same code in the forthcoming first release of Windows. On Windows 3.1x and Windows 9x , GDI can use Bit blit features for 2D acceleration, if suitable graphics card driver
1113-583: The Macintosh seeing widespread use in the publishing industry. Paul Brainerd , the company's co-founder, coined the term desktop publishing to describe this paradigm. The company also originated the Tag Image File Format (TIFF) file format, widely used in the digital graphics profession. Aldus was founded by Brainerd (who also served as chairman of the company's board), Jeremy Jaech, Mark Sundstrom, Mike Templeman, and Dave Walter. It
SECTION 20
#17327794734751166-662: The Macintosh , including SuperPaint , Digital Darkroom , SuperCard , Super3D, and Personal Press (later renamed Adobe Home Publisher). Silicon Beach was located in San Diego , California, and became the Aldus Consumer Division. In 1993, Aldus bought After Hours Software and incorporated its products, TouchBase Pro and DateBook Pro, into the Aldus Consumer Division. In the same year, it acquired Company of Science and Art (CoSA) . In September 1994, Adobe purchased Aldus for $ 446 million. At that time, PageMaker
1219-504: The Microsoft Universal Printer Driver was created. This allows printer vendors to write Generic Printer Description (GPD) "minidrivers", which describe the printer's capabilities and command set in plaintext, rather than having to do kernel mode driver development. Microsoft has moved away from this printing model with Open XML Paper Specification . Each window consumes GDI objects. As the complexity of
1272-469: The printer driver receives, processes, and sends to the associated printer. The combination of GDI and the driver is bidirectional; they receive information from the printer such as whether it is ready to print or is out of paper. Printers that do not rely on GDI require hardware, firmware, and memory for page rendering while a GDI printer uses the host computer for this. However, a printer with its own control language can accept input from any device with
1325-457: The abort procedure code within the record itself. This affected Windows systems (see CVE - 2005-4560 ) and the Wine project (see CVE - 2006-0106 ). According to Secunia , "The vulnerability is caused due to an error in the handling of Windows Metafile files ('.wmf') containing specially crafted SETABORTPROC 'Escape' records. Such records allow arbitrary user-defined function to be executed when
1378-545: The context of the Microsoft Open Specification Promise , promising to not assert patent rights to file format implementors. Microsoft later deprecated WMF files in favour of 32-bit EMF files as WMF files had real issues with device independence, despite the use of a "placeable" file header which provided basic device independence. Microsoft found that developers who use the format were "[embedding] application, location, or scaling comments in
1431-416: The file, as before. ... Gibson admits that he was guessing about a number of things. Unfortunately, he guessed poorly. I guess we know better now. EMF files have three possible versions of headers. The original headers is just a container for images, the second and third version encapsulates the original header and contains a pixel format record and support for OpenGL records, and the third version encapsulates
1484-429: The hardware are perhaps its scaling capabilities and its abstract representation of target devices. Using GDI, it is possible to draw on multiple devices, such as a screen and a printer, and expect proper reproduction in each case. This capability is at the center of most " What You See Is What You Get " applications for Microsoft Windows. Simple games that do not require fast graphics rendering may use GDI. However, GDI
1537-555: The metafiles... Others added headers to the metafile that provided various application-specific information", causing major compatibility issues. Thus, in 1992 with Windows NT 3.1 , Microsoft introduced the Enhanced Metafile format (EMF) — a format which was based on the Win32 API and with which they built-in device independence. — these were also known as NT metafiles. With the release of Windows XP and GDI+,
1590-438: The next: Windows 9x had a limit of 1,200 total objects; Windows 2000 has a limit of 16,384 objects; and Windows XP and later have a configurable limit (via the registry) that defaults to 10,000 objects per process (but a theoretical maximum of 65,536 for the entire session). Windows 8 and later increase the GDI object limit to 65,536 per user login session. Earlier versions of Windows such as Windows 3.1 and Windows 98 included
1643-403: The object is released from the table and the identifier can be reused. Notably an object will not be used until it is specifically selected during record playback. This differs for EMF+ files, which also use an associative array via a hashmap which records the object along with an object identifier. However, unlike WMF and EMF files which can delete an object, when a new object is created that has
Windows Metafile - Misplaced Pages Continue
1696-400: The original header. EmfMetafileHeaderExtension1 is a record that is inserted directly after the original EMF header, specifies whether there is a pixel format descriptor and the offset to the descriptor object within the header, as well as a field that specifies if OpenGL records exist in the metafile. The pixel format descriptor specifies the capabilities of the drawing surface and whether
1749-502: The output requires a handle to the device context (HDC). After generating the output, the handle could be released. GDI uses Bresenham's line drawing algorithm to draw aliased lines. GDI was present in the initial release of Windows. MS-DOS programs had manipulated the graphics hardware using software interrupts (sometimes via the Video BIOS ) and by manipulating video memory directly. Code written in this way expects that it
1802-416: The parser, and the parser has to wait until the callback returns, otherwise the whole point of the function (to abort the printing) is lost. By his own admission, Gibson did not read the documentation (in fact, he claimed that he couldn’t find it, although it is freely available on Microsoft’s Web site), and he claimed that the device context is not available to the function handler. Of course the device context
1855-461: The performance of graphics operations. Most primitive GDI operations are still not hardware-accelerated, unlike Direct2D . GDI+ continues to rely on software rendering in Windows 7. A GDI printer or Winprinter (analogous to a Winmodem ) is a printer designed to accept output from a host computer running Windows. The host computer does all print processing: GDI renders a page as a bitmap, which
1908-458: The playback device context. Escape records are a means to extend metafile functionality via records that are not otherwise defined as a WMF record type. Each escape record contains a record function, an escape function and potentially escape data. The following escape records make up a WMF file. There was a major vulnerability found in escape records around the Abort escape record, which stores
1961-608: The release of Windows XP , the Enhanced Metafile Format Plus Extensions (EMF+) format was introduced. EMF+ provides a way to serialize calls to the GDI+ API in the same way that WMF/EMF stores calls to GDI. There are also compressed versions of Windows Metafiles known as Compressed Windows Metafile (WMZ) and Compressed Windows Enhanced Metafile (EMZ), which are basically gzip compressed WMF and EMF files correspondingly. The WMF format
2014-483: The rendering of a WMF file fails." According to the Windows 3.1 SDK documentation, the SETABORTPROC escape was obsoleted and replaced by the function of the same name in Windows 3.1, long before the WMF vulnerability was discovered. However the obsoleted escape code was retained for compatibility with 16 bit programs written for (or at least backwards compatible with) Windows 3.0. This change happened at approximately
2067-410: The same index as an existing object, the entry in the table is replaced with the new object. An EMF file also does not need to specifically select an object before it is used. WMF files were not originally designed to be device independent, meaning that a file could not be played back on output devices that differed from the original device on which the file was recorded. A partial solution to this issue
2120-421: The same time as Microsoft was creating the 32 bit reimplementation of GDI for Windows NT, and it is likely that the vulnerability occurred during this effort. After Steve Gibson accused Microsoft of deliberately implementing a backdoor into their code, Mark Russinovich provided a rebuttal, and stated that: ...things were different when the format was architected. In the Windows 3.1 “large” memory model code
2173-468: The second header extension and increases EMF accuracy and scalability of EMFs as it adds the ability to measure distances of device surfaces using the metric system. Each EMF header starts with an EMR_HEADER record, and records the relevant properties of the device on which the metafile image was recorded. The original EMF header has an 80 byte header and an optional variable length description string. Other metafiles contain extension fields, which encapsulate
Windows Metafile - Misplaced Pages Continue
2226-460: The security landscape in the early 1990s was very different than today and all code, including that stored in a WMF file, was inherently trusted. Peter Ferrie of Symantec Security Response, USA also disagreed with Gibson, noting that: Gibson claimed that a thread is created to run the SetAbortProc handler. In fact, no thread is created to run the handler – it is a callback, which is called by
2279-500: The set of records had to be significantly increased and so Microsoft released EMF+ as an extension to the existing EMF file format. WMF, EMF and EMF+ files all consist of a series of records that are played back to produce graphical output. Some records define objects which can specify graphical objects used to determine how graphics should be drawn (e.g. pens specify the color and width of lines). Each of these objects are stored in metafiles and are placed into an object table, which tracks
2332-422: The style, color and pattern of a brush which defines how to paint an area of the graphic), fonts (defines properties that affect how text is displayed), palettes (specifies colors as device-independent values, defined by an application), pens (specifies the graphical attributes of a line), and regions (which specify line and curve segments that define a shape). State records manage the graphics properties of
2385-400: The usage of graphic objects while processing the metafile. The object table is an associative array of indexes to graphical object structures defined within the metafile. WMF and EMF files handle object processing differently to EMF+ records in EMF files. As a WMF and EMF file is being processed, the records are read into an object table once an object is defined. If an object is deleted then
2438-467: The window increases, with additional features such as buttons and images, its GDI object usage also increases. When too many objects are in use, Windows is unable to draw any more GDI objects, leading to misbehaving software and frozen and unresponsive program operation. Many applications are also incorrectly coded and fail to release GDI objects after use, which further adds to the problem. The total available GDI objects varies from one version of Windows to
2491-624: Was designed to be executed by the Windows GDI layer in order to restore the image , but as the WMF binary files contain the definition of the GDI graphic primitives that constitute this image, it is possible to design alternative libraries that render WMF binary files or convert them into other graphic formats. Graphics Device Interface The Graphics Device Interface ( GDI ) is a legacy component of Microsoft Windows responsible for representing graphical objects and transmitting them to output devices such as monitors and printers . It
2544-676: Was founded in Seattle , in 1984 and was acquired by Adobe Systems a decade later. The company was named after 15th-century Venetian printer Aldus Manutius . PageMaker was released in July 1985 and relied on Adobe 's PostScript page description language. For output, it used the Apple LaserWriter , a PostScript laser printer . PageMaker for the PC was released in 1986. In 1988, Aldus released an illustration program, FreeHand , which
2597-433: Was fully specified in volume 4 of the 1992 Windows 3.1 SDK documentation (at least if combined with the descriptions of the individual functions and structures in the other volumes), but that specification was vague about a few details. These manuals were published as printed books available in bookstores with no click through EULA or other unusual licensing restrictions (just a general warning that if purchased as part of
2650-424: Was invented by Aldus Corporation , who added an additional "placeable" header, called the "APM header", which added a bounding rectangle, a metafile version, metafile size, number of objects in the metafile and the size of the largest single record in the metafile. This was later incorporated into the WMF format by Microsoft , starting in Windows 2000 . WMF files are structured by a series of records, starting with
2703-515: Was licensed from Fontographer developer Altsys . FreeHand competed directly with Adobe Illustrator , which had been released a year earlier. The rivalry continued for years, even after Adobe acquired Aldus in 1994, because FreeHand was not included, but Adobe eventually acquired Freehand in 2005 with its acquisition of Macromedia . FreeHand MX was the last version offered by Adobe but is no longer sold or updated. In early 1990, Aldus bought Silicon Beach Software , acquiring many consumer titles for
SECTION 50
#17327794734752756-450: Was steadily losing market share to QuarkXPress , but Adobe was still five years from launching their own desktop publisher, InDesign . In 2001, after two major releases under Adobe, PageMaker was discontinued and users were urged to switch to the two-year-old InDesign. Aldus developed the TIFF and OPI industry standards. The three founders of Visio Corporation left Aldus in 1990 to create
2809-524: Was superseded by DirectDraw API and later Direct2D API. Windows apps use Windows API to interact with GDI, for such tasks as drawing lines and curves, rendering fonts , and handling palettes . The Windows USER subsystem uses GDI to render such UI elements as window frames and menus. Other systems have components that are similar to GDI; for example: Mac OS has QuickDraw , and Linux and Unix have X Window System core protocol. GDI's most significant advantages over more direct methods of accessing
#474525