i work on xlsb macro sheet (biff12) mal detect, read this xls code but noticed some record not in ms xls document , but macrome has

[WillDawnlll]

like id =1 , blankGraph. in ms document , record enum begin at 6................. can u guys propose some help infomation about where these record name (and field info) from.....thanks for this code inspire

[michaelweber]

XLSB has a few differences from XLS. For XLS I pulled all my records from the MS-XLS spec over at https://docs.microsoft.com/en-us/openspecs/office_file_formats/ms-xls/43684742-8fcd-4fcd-92df-157d8d7241f9.

XLSB's record enumeration is at https://docs.microsoft.com/en-us/openspecs/office_file_formats/ms-xlsb/30e2eaae-0b1e-4e8e-a465-e1ce5575868d, and you can see it contains stuff for more numbers than just XLS.

Does this answer your question?

[WillDawnlll]

thanks , i already read these ms documents, but id 1 record and its name "blankGraph" not in [ms-xls] ......google results alway back to this tool code.... my purpose is clean malware macro sheet formula content, in xls , use blankgraph replace formula , but in xlsb , no similer record name , i have to delete all record in xlsb macro sheets....

[michaelweber]

The MS-XLSB spec covers BIFF12 and it's saying that record 1 is BrtCellBlank. I don't see a blankGraph in either of the specs unfortunately, so if that's explicitly what you're looking for you might need a different naming context. Happy to keep discussing this, but I'm going to close this issue since I don't think it's a Macrome specific problem.

Cheers!

[WillDawnlll]

thanks for your help and time . actually ,at the beginning, im looking for the name of biff8 id 1 record. its not in ms document . then i found the name blankGraph here . ( b2xtranslator/Xls/XlsFileFormat/Records/BlankGraph.cs line 7). and there is some explain comment . so i thought may be you guys have some old verison document ...