Adding Your Own Keywords To My PDF Tools

Published: 2022-07-18. Last Updated: 2022-07-18 05:38:13 UTC
by Didier Stevens (Version: 1)
0 comment(s)

On some rare occasions, when Xavier Mertens teaches "FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques", he will DM me during class with a very specific question from a student.

Last time this happened, was end of June 2022.

A student wanted to know if it was possible to have statistics for the /Annots keyword with pdf-parser.py

When you run pdf-parser with option -a, you get statistics for the PDF file under analysis. Example:

Statistics for keyword /Annots are not included.

But you can add them, just by editing file pdfid.ini. Like this:

And then run pdf-parser again:

pdfid.ini has to be located in the same folder as my pdf tools pdfid.py and pdf-parser.py (on my machines, they are in a bin folder).

pdfid.py uses pdfid.ini too:

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com

Keywords: analysis pdf
0 comment(s)
ISC Stormcast For Monday, July 18th, 2022 https://isc.sans.edu/podcastdetail.html?id=8090

Comments


Diary Archives