Friday, November 14, 2025

Trouble reading PDF file? Solution to reading malformed damaged PDF files


Sometimes PDF files can get scrambled and you are stuck not being able to open a PDF file. Most PDF software cannot open the test file below. Adobe Acrobat Reader issues the pop-up screen could not open because it's not a supported file type or the file has been damaged.




Solution: 



Get XpdfReader PDF software which can open a malformed PDF files!


Test 1:

In the following sample file, the file starts with malformed PDF file signature 

%P!F- which is incorrect and should be %PDF-, as seen in FRHED editor. 

XpdfReader is the only app I came across that could open this file with this first malformed change.

Test 2: 
 
Then I remove leading angle bracket < where there should be two for <<Lineralired, and it opened! 

Source

The original unadulterated file header is

%PDF-1.5%<bh:e2><bh:e3><bh:cf><bh:d3>10 0 obj\<</Linearized 1/L 105981/O 12/E 101484/N 1/T 105677/H [ 502 173]>>endobj

Opened File



Posted by metadataconsulting (profile) at 7:30 AM 0 comments

Thursday, November 13, 2025

Sysinternals Process Explorer 16.43 is last working final version for Windows 7


Process Explorer v17.07

By Mark Russinovich




Published: November 11, 2025

no longer works on Windows 7.   Windows 7 support is finally dead buy why? 


Windows OS has over 1.5 billion active users globally as of 2025, and @2.5% thus 37.5 million are still active Windows 7 users! 









Last know version to work on Windows 7 is Process Explorer v16.43 back in November 22, 2021. 

Get it here Process Explorer 16.43 | System Monitors (fileeagle.com)

Posted by metadataconsulting (profile) at 10:57 AM 0 comments

Wednesday, November 12, 2025

Detecting Glassworm malware hidden characters fast using file regex search with grepWin

A number of Visual Studio Code extensions have been infected with Glassworm and here's a fast way to check if your repo is infected using grepWin - Stefans Tools (stefankueng.com) a fast C open-source grep UI tool for Windows.


How GlassWorm wormed its way back into developers’ code — and what it says about open source security | InfoWorld  Nov 10 Nov 2025

According to article above, this repo is infected with Glassworm

ai-driven-dev/vscode (github.com) 

The article below lists Unicode characters that are deployed using Glassworm 

Defending Against Glassworm: The Invisible Malware That's Rewriting Supply Chain Security | Snyk - 3 Nov 2025


The 277 explicit confusable characters used by Glassworm;

  • Bidirectional Unicode controls (U+202A-U+202E, U+2066-U+2069)
  • Zero-width characters (U+200B, U+200C, U+200D)
  • Variation selectors (U+FE00-U+FE0F) — the base 16 selectors
  • Extended Variation Selectors (U+E0100-U+E01EF) — 240 additional characters used in Glassworm
  • No-break space (U+00A0)
  • Word joiner, soft hyphen, and other invisible characters


Here's the grepWin regex for: 

  • Bidirectional Unicode controls (U+202A-U+202E, U+2066-U+2069)
  • Zero-width characters (U+200B, U+200C, U+200D)
  • Variation selectors (U+FE00-U+FE0F) — the base 16 selectors

    [\x202A\x202B\x202C\x202D\x202E\x2066\x2067\x2068\x2069\x200B\x200C\x200D\xFE00\xFE01\xFE02\xFE03\xFE04\xFE05\xFE06\xFE07\xFE08\xFE09\xFE0A\xFE0B\xFE0C\xFE0D\xFE0E\xFE0F]
Here's the grepWin regex for: 
  • Extended Variation Selectors (U+E0100-U+E01EF) — 240 additional characters used in Glassworm

    [\\xE0100-\\xE01EF]

GrepWin uses Perl regular expression syntax. Test at https://regex101.com/r/VNSYwc/2 choose PCRE2.

Here's the result using grepWin with regex search. 




















































GrepWin with Content View selected.  represents found Unicode characters. 


Posted by metadataconsulting (profile) at 7:30 AM 0 comments
Subscribe to: Comments (Atom)