This project helps you dump graphics drawn by Windows applicatin which use the DrawDibDraw API. It uses Frida and Pymem to hook the method and dump the bitmap from memory.
- Install Frida
- Install Pymem
pip install pymem
- Clone this repo
- Edit
invoke_frida.py
: ChangeTARGET_PROCESS = "my_target.exe"
to the name of your target. - Run the python script.
- Interact with your target to make it draw the bitmap(s) you'd like to dump.
Images will be dumped to the CWD where you ran python.
Optional: If you app has a lot of small bitmaps (usually UI stuff: button, scroll bars...) you can set a size threshold to filter those out. Uncomment this code in the .js file + change the threshold as your target requires:
// ------------------------------------------------------------------------------
// Uncomment to filter SMALL BITMAPS (change bytes limit as your target requires)
// ------------------------------------------------------------------------------
// Read raw bytes of BITMAPINFOHEADER structure
// let biSizeImageAddress = new NativePointer(lpbi).add(20);
// let biSizeImage = biSizeImageAddress.readInt();
// if (biSizeImage < 29000 /* bytes */) {
// return;
// }