PDF Dissector is a tool for PDF malware analysis. Use cases:
- Understand the structure of malicious PDF files
- Let PDF Dissector report known vulnerabilities in PDF files
- Use and extend the built-in Adobe Reader emulator to simulate the execution environment expected by PDF malware
- Dump PDF exploit shellcode to a file for further analysis with IDA Pro
- Write scripts and plugins to extend PDF Dissector to meet your specific goals.
Here are the changes compared to PDF Dissector 1.0.0:
- Raw and decoded content of streams can now be dumped to files
- Decoded streams can now be viewed in hexadecimal view
- PDF browsing tree now shows the types of PDF objects
- Improved PDF parsing for objects that do not end with “endobj’
- Removed function names of two emulated functions from the variable inspector of the debugger
- Added the previously missing tutorials directory that contains sample files for the tutorial
- API: Made it possible to access dictionary entries, array elements, and indirect references.