Most pieces of malware and penetration testing frameworks include the capability to take screenshots against the remote target. This can help capture images, video frames, or other sensitive data that you might not see with a packet capture or keylogger. Thankfully, we can use the PyWin32 package to make native calls to the Windows API to grab them.
A screenshot grabber will use the Windows Graphics Device Interface (GDI) to determine necessary properties such as the total screen size, and to grab the image. Some screenshot software will only grab a picture of the currently active window or application, but in our case we want the entire screen.
Let’s get started. Crack open screenshotter.py and drop in the following code:
import win32gui import win32ui import win32con import win32api # grab a handle to the main desktop window hdesktop = win32gui.GetDesktopWindow()
Let’s review what this little script does. First we acquire a handle to the entire desktop, which includes the entire viewable area across multiple monitors.
# determine the size of all monitors in pixels width = win32api.GetSystemMetrics(win32con.SM_CXVIRTUALSCREEN) height = win32api.GetSystemMetrics(win32con.SM_CYVIRTUALSCREEN) left = win32api.GetSystemMetrics(win32con.SM_XVIRTUALSCREEN) top = win32api.GetSystemMetrics(win32con.SM_YVIRTUALSCREEN)
We then determine the size of the screen(s) so that we know the dimensions required for the screenshot.
# create a device context desktop_dc = win32gui.GetWindowDC(hdesktop) img_dc = win32ui.CreateDCFromHandle(desktop_dc)
We create a device context using the GetWindowDC function call and pass in a handle to our desktop.
# create a memory based device context mem_dc = img_dc.CreateCompatibleDC()
Next we need to create a memory-based device context where we will store our image capture until we store the bitmap bytes to a file.
# create a bitmap object screenshot = win32ui.CreateBitmap() screenshot.CreateCompatibleBitmap(img_dc, width, height) mem_dc.SelectObject(screenshot)
We then create a bitmap object that is set to the device context of our desktop. The SelectObject call then sets the memory-based device context to point at the bitmap object that we’re capturing.
# copy the screen into our memory device context mem_dc.BitBlt((0, 0), (width, height), img_dc, (left, top), win32con.SRCCOPY)
We use the BitBlt function to take a bit-for-bit copy of the desktop image and store it in the memory- based context. Think of this as a memcpy call for GDI objects.
# save the bitmap to a file screenshot.SaveBitmapFile(mem_dc, 'c:\\WINDOWS\\Temp\\screenshot.bmp') # free our objects mem_dc.DeleteDC() win32gui.DeleteObject(screenshot.GetHandle())
The final step is to dump this image to disk.
This script is easy to test: Just run it from the command line and check the C:\WINDOWS\Temp directory for your screenshot.bmp file.
Let’s move on to executing shellcode in the next article.
Also Check How To Make A Keylogger For Windows In Python.