_cw2k_
December 28th, 2008, 10:06 PM
Yesterday I stumbled about this in error message in PDFEdit:
This file is protected
The copyrights owner prohibits modification of this document.
Foxit PDF Editor will not allow you to print any modification.
Man what a crap.A notice is okay but isn't that cute little poggie called PDF >EDITOR< - but to edit something without being able to save, doesn't make much sence. Well I made a bugfix for that problem I'd like to share with you.
So here we go:
Do not apply - information are obsoleted ! - See Post #4 for actual ones!
1. Open PDFEdit.exe in ya favourite Hexeditor
2. Goto file offset: 000BD320
3. There you should find the following values:
8B 49 2C 85 C9 (incase you don't use Foxit Editor Build v2.0 Build 1011 ignore the offset and just try a search for these values)
Change them to
83 61 2C 00 90
4. Save and close the Hexeditor
5. Enjoy :)
__________________________________________________ _______________
Well I confess I haven't brought 'Foxit PDF Editor' yet but for sure it's worth
to buy.(Much cheaper and also much better than giving ya money to Adobe - making that poor 'dobe ppl
even more greepy.)
I the old days I patched my Acrobat - so I don't need to make use of the hard stuff (like 'ElcomSoft Advance PDF Recovery') just because a pdf requires some 'cosmetical' bugfix.
With Foxit opening pdfs makes fun again. While Acrobat 8 needs 12 sec to open
the doc, FoxIT do the job in 3Sec. And when I look a the consumed memory Acrobat 8 needs 40MB of RAM,
while FoxIT just needs 4MB ! (Measured with ProcessExplorer-Sysinternal; Processes:Private Bytes.)
Okay enough offtopic for now !
Some more background infos about the patch.
The name of the function patched was probably something like PDF::getSecurityFlagsOwner().
This function will check if there is a PDF-OwnerSecurity object in the current pdf. If there was no PDF-OwnerSecurity set it will return -1 which means something like SECURITY_OWNER_ALLOW_EVERYTHING.
If there is a PDF-OwnerSecurity object the '::GetAllowFlag()' methode so called.
The Patch will make this function to clean(set the point to 0) the PDF-OwnerSecurity object
each time it is called + return -1 (=SECURITY_OWNER_ALLOW_EVERYTHING).
A now for all da ollydebugger out there and those like me how are maybe curious what's 'behind' those cute little hexbytes you just wrote in there with ya Hexeditor.
Before the patch:004BD320 > 8B49 2C MOV ECX, [ECX+2C]
004BD323 85C9 TEST ECX, ECX
004BD325 75 04 JNZ SHORT 004BD32B
004BD327 83C8 FF OR EAX, FFFFFFFF
004BD32A C3 RETN
004BD32B 8B01 MOV EAX, [ECX]
004BD32D FF60 08 JMP [EAX+8]After the patch:004BD320 > 8361 2C 00 AND [DWORD ECX+2C], 0
004BD324 90 NOP
004BD325 75 04 JNZ SHORT 004BD32B
004BD327 83C8 FF OR EAX, FFFFFFFF
004BD32A C3 RETN
Ah well and incase you like to edit the file 'incognito' - by being able to save the file but as well keep the PDF-OwnerSecureObject(with all its password and allow/disallow flags), just use this search'n'replace pattern:
Search for:
8B 49 2C 85 C9 75 04
Replace with:
8B 49 2C 85 C9 75 00
So that's it.
Happy new year 2009!
This file is protected
The copyrights owner prohibits modification of this document.
Foxit PDF Editor will not allow you to print any modification.
Man what a crap.A notice is okay but isn't that cute little poggie called PDF >EDITOR< - but to edit something without being able to save, doesn't make much sence. Well I made a bugfix for that problem I'd like to share with you.
So here we go:
Do not apply - information are obsoleted ! - See Post #4 for actual ones!
1. Open PDFEdit.exe in ya favourite Hexeditor
2. Goto file offset: 000BD320
3. There you should find the following values:
8B 49 2C 85 C9 (incase you don't use Foxit Editor Build v2.0 Build 1011 ignore the offset and just try a search for these values)
Change them to
83 61 2C 00 90
4. Save and close the Hexeditor
5. Enjoy :)
__________________________________________________ _______________
Well I confess I haven't brought 'Foxit PDF Editor' yet but for sure it's worth
to buy.(Much cheaper and also much better than giving ya money to Adobe - making that poor 'dobe ppl
even more greepy.)
I the old days I patched my Acrobat - so I don't need to make use of the hard stuff (like 'ElcomSoft Advance PDF Recovery') just because a pdf requires some 'cosmetical' bugfix.
With Foxit opening pdfs makes fun again. While Acrobat 8 needs 12 sec to open
the doc, FoxIT do the job in 3Sec. And when I look a the consumed memory Acrobat 8 needs 40MB of RAM,
while FoxIT just needs 4MB ! (Measured with ProcessExplorer-Sysinternal; Processes:Private Bytes.)
Okay enough offtopic for now !
Some more background infos about the patch.
The name of the function patched was probably something like PDF::getSecurityFlagsOwner().
This function will check if there is a PDF-OwnerSecurity object in the current pdf. If there was no PDF-OwnerSecurity set it will return -1 which means something like SECURITY_OWNER_ALLOW_EVERYTHING.
If there is a PDF-OwnerSecurity object the '::GetAllowFlag()' methode so called.
The Patch will make this function to clean(set the point to 0) the PDF-OwnerSecurity object
each time it is called + return -1 (=SECURITY_OWNER_ALLOW_EVERYTHING).
A now for all da ollydebugger out there and those like me how are maybe curious what's 'behind' those cute little hexbytes you just wrote in there with ya Hexeditor.
Before the patch:004BD320 > 8B49 2C MOV ECX, [ECX+2C]
004BD323 85C9 TEST ECX, ECX
004BD325 75 04 JNZ SHORT 004BD32B
004BD327 83C8 FF OR EAX, FFFFFFFF
004BD32A C3 RETN
004BD32B 8B01 MOV EAX, [ECX]
004BD32D FF60 08 JMP [EAX+8]After the patch:004BD320 > 8361 2C 00 AND [DWORD ECX+2C], 0
004BD324 90 NOP
004BD325 75 04 JNZ SHORT 004BD32B
004BD327 83C8 FF OR EAX, FFFFFFFF
004BD32A C3 RETN
Ah well and incase you like to edit the file 'incognito' - by being able to save the file but as well keep the PDF-OwnerSecureObject(with all its password and allow/disallow flags), just use this search'n'replace pattern:
Search for:
8B 49 2C 85 C9 75 04
Replace with:
8B 49 2C 85 C9 75 00
So that's it.
Happy new year 2009!