Notes on the SummaryInformation stream

General

to access it, you should know, that the actual stream name has the char 0x05 at the beginning
does not exist unless data is entered in the file property dialog
summary information is disabled in this dialog when stream is corrupt (OS assumes alternative custom usage)
properties are arranged in sections, but the SummaryInformation stream has only one section
stream can contain a lot of more properties than the dialog offers by default
only when other properties are programmatically added to the stream, they become visible and can be modified in the dialog
the meaning of a property (title, author, ...) is associated with its ID and its section's class ID, so external logic is required, the same ID has a different meaning in a differently classified section
the stream always contains a code page property and a locale specifier.
when updating values, the respective properties are deleted and reappended, so the newest values are always at the end of a section

Structure by example

For this example the author property was specified in the file property dialog. The last saved time/date property was manually added to the stream in hexadecimal mode. The other properties were added automatically by Windows.

Bold values in the table indicate fixed values, normally weighted values may vary from document to document.

Stream content

0x00	fe ff 00 00 05 01 02 00	þÿ······
0x08	00 00 00 00 00 00 00 00	········
0x10	00 00 00 00 00 00 00 00	········
0x18	01 00 00 00 e0 85 9f f2	····à…Ÿò
0x20	f9 4f 68 10 ab 91 08 00	ùOh·«‘··
0x28	2b 27 b3 d9 30 00 00 00	+'³Ù0···
0x30	6c 00 00 00 04 00 00 00	l·······
0x38	01 00 00 00 28 00 00 00	····(···
0x40	00 00 00 80 30 00 00 00	···€0···
0x48	0d 00 00 00 38 00 00 00	····8···
0x50	04 00 00 00 54 00 00 00	····T···
0x58	02 00 00 00 e4 04 00 00	····ä···
0x60	13 00 00 00 07 04 00 00	········
0x68	1e 00 00 00 14 00 00 00	········
0x70	32 30 30 37 2d 30 32 2d	2007-02-
0x78	30 31 20 30 30 3a 30 30	01 00:00
0x80	3a 30 30 00 1e 00 00 00	:00·····
0x88	10 00 00 00 41 6e 6a 61	····Anja
0x90	20 53 63 68 61 66 66 68	Schaffh
0x98	69 72 74 00	irt·

Header

Stream offset	Length	Value	Comment
0x00	word	fe ff	Byte order mark for UTF-16LE, others are not accepted
0x02	word	00 00	used for stream validation
0x04	word	05 01	OS Version: major version 5 (Windows Server 2003, Windows XP and Windows 2000), minor version 1 (Windows XP)
0x06	word	02 00	OS indicator: little endian decoded: 0x0002, possible values: 2 (Win32), 1 (Mac) or 0 (Win16). According to David Erceg this could also be the platform ID, where 2 means NT-based Windows versions, 1 stands for DOS-based ones and zero seems to be no longer supported but had the meaning Win32s on Windows 3.1.
0x08	dword + 2 words + 2 bytes + 6 bytes	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	the stream's class ID, LE decoded: 00000000-0000-0000-0000-000000000000
0x18	dword	01 00 00 00	section count, LE decoded: 0x00000001

Section declarations

Stream offset	Length	Value	Comment
0x1c	dword + 2 words + 2 bytes + 6 bytes	e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9	the first section's class ID, LE decoded: f29f85e0-4ff9-1068-ab91-08002b27b3d9 (The only section in a SummaryInformation stream. The DocumentSummaryInformation stream may contain two sections with different ids)
0x2c	dword	30 00 00 00	the first section's offset from the beginning of the stream, LE decoded 0x00000030
(More section declarations would follow here, but this stream usually has only one.)

First (and only) section

Section header

Stream offset	Section offset	Length	Value	Comment
0x30	0x00	dword	6c 00 00 00	section length, LE decoded: 0x0000006c
0x34	0x04	dword	04 00 00 00	property count, LE decoded: 0x00000004

Property declarations

Stream offset	Section offset	Length	Value	Comment
0x38	0x08	dword	01 00 00 00	first property's ID, LE decoded: 0x00000001 (Code page)
0x3c	0x0c	dword	28 00 00 00	first property's offset from the beginning of the section, LE decoded: 0x00000028
0x40	0x10	dword	00 00 00 80	second property's ID, LE decoded: 0x80000000 (locale ID)
0x44	0x14	dword	30 00 00 00	second property's offset from the beginning of the section, LE decoded: 0x00000030
0x48	0x18	dword	0d 00 00 00	third property's ID, LE decoded: 0x0000000d (last saved time/date)
0x4c	0x1c	dword	38 00 00 00	third property's offset from the beginning of the section, LE decoded: 0x00000038
0x50	0x20	dword	04 00 00 00	fourth property's ID, LE decoded: 0x00000004 (author)
0x54	0x24	dword	54 00 00 00	fourth property's offset from the beginning of the section, LE decoded: 0x00000054

First property

Stream offset	Section offset	Length	Value	Comment
0x58	0x28	dword	02 00 00 00	property type, LE decoded: 0x00000002 (2 byte signed int)
0x5c	0x2c	word	e4 04	property value, LE decoded: 0x04e4 = 1252 (Windows 1252)
0x5e	0x2e	word	00 00	values are null-padded to extend to a multiple of four bytes

Second property

Stream offset	Section offset	Length	Value	Comment
0x60	0x30	dword	13 00 00 00	property type, LE decoded: 0x00000013 (4 byte unsigned int)
0x64	0x34	dword	07 04 00 00	property value, LE decoded: 0x00000407 = 1031 (locale: German-Germany)

Third property

Stream offset	Section offset	Length	Value	Comment
0x68	0x38	dword	1e 00 00 00	property type, LE decoded: 0x0000001e (null-terminated string prepended by dword string length)
0x6c	0x3c	dword	14 00 00 00	string length, LE decoded: 0x00000014 = 20 (length of the following string including null terminator)
0x70	0x40	20 (see above)	"2007-02-01 00:00:00" + [NUL]	property string value, null-terminated (actually this property requires a Filetime type value)

Fourth property

Stream offset	Section offset	Length	Value	Comment
0x84	0x54	dword	1e 00 00 00	property type, LE decoded: 0x0000001e (null-terminated string prepended by dword string length)
0x88	0x58	dword	10 00 00 00	string length, LE decoded: 0x00000010 = 16 (length of the following string including null terminator)
0x8c	0x5c	16 (see above)	"Anja Schaffhirt" + [NUL]	property string value, null-terminated

Further information

Property IDs for the section {f29f85e0-4ff9-1068-ab91-08002b27b3d9}

01	Code page (02)	0b	Last Printed (40)
02	Title (1e)	0c	Create Time/Date (40)
03	Subject (1e)	0d	Last Saved Time/Date (40)
04	Author (1e)	0e	Number of Pages (03)
05	Keywords (1e)	0f	Number of Words (03)
06	Comments (1e)	10	Number of Characters (03)
07	Template (1e)	11	Thumbnail (47)
08	Last Saved By (1e)	12	Name of Creating Application (1e)
09	Revision Number (1e)	13	Security (03)
0a	Total Editing Time (40)	8000 0000	Locale ID (13)

Property types used in SummaryInformation streams

02	2 byte signed integer
03	4 byte signed integer
13	4 byte unsigned integer
1e	null-terminated string prepended by dword string length
40	Filetime (64-bit value representing the number of 100-nanosecond intervals since January 1, 1601)
47	Clipboard format

nach oben

References

NTFS Alternate Data Streams (ADS) by Tim Slattery
Variant Type Definitions
FILETIME
MSDN: Manage Summary Information
MSDN: Summary Information Stream Property Set
MSDN: Reserved Property Identifiers (d.e.)
MSDN: Property Set Display Name Dictionary (d.e.)
MSDN: Locale ID (LCID) Chart (d.e.)
MSDN: OSVERSIONINFO Structure (d.e.)

Credits

Thanks to Tim Slattery for linking back to this page.

Thanks to David Erceg (his mailbox at hotmail dot com is: 'dave' underscore one five four) for corrections and for providing the resources marked with (d.e.) above.

Feedback

Please send questions or comments to .