Command line kung fu windows grep2/26/2024 ![]() Then I have a for loop that goes through the array, starting with the second element- this is the actual object number that follows "Referencing:". split() also returns the number of elements in the array, which we put into a variable called "max". split() breaks our input line, aka "$0", on white space and puts the various fields into an array called "a". When we hit a line like that, then we do the stuff in the curly braces. The second awk expression matches the "Referencing" lines, but notice that I added a "" at the end of the pattern match so that I only bother with lines that actually include referenced objects. The first line of awk matches the "obj" lines and puts the object number into the variable "objnum". Frankly, I thought about just calling Davide Brini and letting him write this week's Episode, but he's already getting too big for his britches. ![]() And we'd get 5 lines of output for object #4, "4 -> 3 ", "4 -> 11 ", and so on. There would be no output for object #6, since it references zero objects. So for object #5, we'd have one line of output that shows "5 -> 6 ". To make the chart with GNUplot, we need to create an input file that shows "obj -> ref " for all references. A given object can reference any number of objects from zero to many. The "Referencing" lines below show the objects referenced. The lines like "obj 5 0" give the object number and version of a particular object in the PDF. ![]() Here's a sample of the kind of output we're dealing with: To help analyze malicious PDF documents, he was trying to parse the output of Didier Stevens' pdf-parser.py and create an input file for GNUplot that would show a graph of the object references in the document. One of my students had a very interesting challenge. I even got a chance to give my " Return of Command Line Kung Fu" talk, so I got a bunch of shell questions. Whew! Just got done with another week of teaching, this time at SANS Baltimore.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |