From Collaborative RCE Tool Library

Jump to: navigation, search

PDF Stream Dumper

Tool name: PDF Stream Dumper
Rating: 0.0 (0 votes)
Author: dzzie                        
Website: http://sandsprite.com/blogs/index.php?uid=7
Current version: 0.9.170
Last updated: July 21, 2010
Direct D/L link: http://sandsprite.com/CodeStuff/PDFStreamDumper_Setup.exe
License type: unknown
Description: Full feature list
supported filters: FlateDecode, RunLengthDecode, ASCIIHEXDecode, ASCII85Decode, LZWDecode
Integrated shellcode tools:
sclog gui (Shellcode Analysis tool I wrote at iDefense)
scTest gui libemu based Shellcode analysis tool
Shellcode_2_Exe functionality
Export unescaped bytes to file
supports filter chaining (ie multiple filters applied to same stream)
supports unescaping encoded pdf headers
scriptable interface to process multiple files and generate reports
view all pdf objects
view deflated streams
view stream details such as file offsets, header, etc
save raw and deflated data
search streams for strings
scan for functions which contain pdf exploits (dumb scan)
format javascript using js beautifier (see credits in readme)
view streams as hex dumps
zlib compress/decompress arbitrary files
replace/update pdf streams with your own data
basic javascript interface so you can run parts of embedded scripts
PdfDecryptor w/source - uses iTextSharp and requires .Net Framework 2.0
Basic Javascript de-obsfuscator
can hide: header only streams, duplicate streams, selected streams
js ui also has access to a toolbox class to
simplify fragmented strings
read/write files
do hexdumps
do unicode safe unescapes
disassembler engine
replicate some common Adobe API (new)
Current Automation scripts include:
csv_stats.vbs - Builds csv file with results from lower status bar for all files in a directory
pdfbox_extract.vbs - use pdfbox to extract all images and text from current file
string_scan.vbs - scan all decompressed streams in all files in a directory for a string you enter
unsupported_filters.vbs - scan a directory and build list of all pdfs which have unsupported filters
filter_chains.vbs - recursivly scans parent dir for pdfs that use multiple encoding filters on a stream.
obsfuscated_headers.vbs - recursivly scans parent dir for pdfs that have obsfuscated object headers
pdfbox_extract_text_page_by_page.vbs - uses pdfbox to extract page data into individual files

Current Plugins include:
Build_DB.dll - Search and sort data inside multiple samples, move and organize files
obj_browser.dll - view layout and data inside pdf in text form
Related URLs: No related URLs have been submitted for this tool yet


RSS feed Feed containing all updates for this tool.

You are welcome to add your own useful notes about this tool, for others to see!



If you find that any information for the tool above is missing, outdated or incorrect, please edit it!
(please also edit it if you think it fits well in some additional category, since this can also be controlled)


Views
Category Navigation Tree
   Code Coverage Tools  (13)
   Code Ripping Tools  (2)
   Helper Tools  (3)
   Hex Editors  (13)
   Memory Patchers  (7)
   Packers  (20)
   Profiler Tools  (11)
   String Finders  (10)
   Tool Hiding Tools  (7)
   Tracers  (22)
   Needs New Category  (3)