picture_search

picture_search is a plugin that allows you to search for, and inspect pictures that are embedded in the binary.

The key feature of the plugin is the "Search for pictures" action, available in the "Search" menu, that will scan the entire binary (or the selection if there is one) for so-called "magic" numbers of well-known image types (PNG, JPEG, ...), and present the results in a tabular fashion:

                 [Address]         |[Format]
        .noptrdata:0000000000511620|GIF89a
        .noptrdata:00000000005133E0|PNG
        .noptrdata:0000000000517460|JPEG
        .noptrdata:000000000051ADA0|BMP

Note: at this point, pictures have not been decoded yet; the plugin has merely spotted what looks like the start of pictures. Decoding will only happen when triggering any of the following actions.

Double-clicking any row of that list will show the picture directly in IDA. Opening the context menu will reveal even more possibilities: open the picture in the OS's default viewer, save it, jump to its start address...

In addition to this very handy scanning feature, the plugin will add the "Open picture" action to the disassembly listing's context menu when the current position happens to be near data that matches the well-known image types' magic numbers.