Created
September 23, 2018 21:50
-
-
Save SimonHertoge/3c8b17c08b3c470a2486fbb9732fba94 to your computer and use it in GitHub Desktop.
Dump PDFs from "protected" LockLizard PDC files, requires Cygwin and Sysinternals tools (and a registered license)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| syspath="/cygdrive/c/Users/Simon/Desktop/Tools/Nirsoft Launcher/SysInternals/" | |
| pdcpath="/cygdrive/c/Program Files (x86)/Locklizard Safeguard PDF Viewer/" | |
| IFS=$'\n' | |
| for file in $(ls *.pdc); do | |
| echo $file | |
| file=$(echo $file | sed 's/\(.*\)\.pdc/\1/') | |
| "${pdcpath}PDCViewer.exe" "$file.pdc" & | |
| sleep 6 | |
| pid=$("${syspath}/pslist" | findstr PDCViewer | tr -s ' ' | cut -f2 -d' ' | tail -n1) | |
| "${syspath}procdump" -ma $pid "${file}.dmp" | |
| taskkill.exe /F /IM "PDCViewer.exe" | |
| offset1=$(grep -oba '%PDF-1.7' "${file}.dmp" | sed 's/\([0-9]*\).*/\1/') | |
| offset2=$(grep -oba '%%EOF' "${file}.dmp" | head -n1 | sed 's/\([0-9]*\).*/\1/') | |
| ( dd bs=$offset1 count=1 of=/dev/null && dd bs=$(( $offset2 - $offset1 + 5)) count=1 of="${file}.pdf" ) < "${file}.dmp" | |
| rm "${file}.dmp" | |
| done |
For anyone wanting to try use this it works without any issues: https://gist.github.com/Camekan/6d4c9757d0156ef443aa2c3c19dc375c#file-1-txt
It removes any content inside that shows your information too.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I have the following issues:
$ ./bin_bas.sh
CCNP-ENT - v1.1 - 350-401 - Current written - 01-Dec-24.pdc
ProcDump v11.0 - Sysinternals process dump utility
Copyright (C) 2009-2022 Mark Russinovich and Andrew Richards
Sysinternals - www.sysinternals.com
No process matching the specified name can be found.
Try elevating the command prompt or using PsExec to make one as SYSTEM.
psexec.exe -s -d -i cmd.exe
procdump.exe -accepteula ...
SUCCESS: The process "PDCViewer64.exe" with PID 1928 has been terminated.
grep: CCNP-ENT - v1.1 - 350-401 - Current written - 01-Dec-24.dmp: No such file or directory
grep: CCNP-ENT - v1.1 - 350-401 - Current written - 01-Dec-24.dmp: No such file or directory
./bin_bas.sh: line 15: CCNP-ENT - v1.1 - 350-401 - Current written - 01-Dec-24.dmp: No such file or directory
rm: cannot remove 'CCNP-ENT - v1.1 - 350-401 - Current written - 01-Dec-24.dmp': No such file or directory