docmedia.newplayerHow to verify if I had typed it in correctly? There was obviously no confirmation that I had blacklisted docmedia.newplayer. I went through the options of Adobe Reader and nowhere was there a mention that docmedia.newplayer was blacklisted. What was I going to do to next? Wait until I received a PDF that had code to exploit the vulnerability to see if the blacklist worked as it was supposed to? I decided to create a simple, harmless PDF that invoked that function to see if the API call would get blocked. I could successfully open the file without the function being blocked. This time, I quickly pinpointed the reason for that: API functions are case-sensitive and entering docmedia.newplayer is not the same as entering DocMedia.newPlayer.
- obfuscation function names, function contents
- lexical transformation
- control transformation
- data transformation (data structure)