企业官网建设流程全解析

接收地址和行号参数，验证地址格式并校验行号非空后，调用服务端 Reverse 类的 DecompileLineToAddress 接口，将反编译代码的行号映射到对应内存地址。

from IDAMoles import * if __name__ == '__main__': config=Config(address="127.0.0.1",port=8000) client = BaseHttpClient(config) info_page = Reverse(config) print(info_page.decompile_line_to_address("0x401000","8"))

输出JSON格式：

{ "status": "success", "result": { "line_number": 8, "function_address": 4198400, "function_address_hex": "0x401000", "memory_address": 4198437, "memory_address_hex": "0x401025" }, "timestamp": 26320421 }

decompile_address_to_line

接收地址参数，验证地址格式后，调用服务端 Reverse 类的 DecompileAddressToLine 接口，将指定地址映射到反编译代码的行号。

from IDAMoles import * if __name__ == '__main__': config=Config(address="127.0.0.1",port=8000) client = BaseHttpClient(config) info_page = Reverse(config) print(info_page.decompile_address_to_line("0x401025"))

输出JSON格式：

{ "status": "success", "result": { "line_number": 8, "address": 4198437, "address_hex": "0x401025" }, "timestamp": 26457390 }

get_select_decompile

调用服务端 Reverse 类的 GetSelectDecompile 接口，获取当前选中区域的反编译代码。

from IDAMoles import * if __name__ == '__main__': config=Config(address="127.0.0.1",port=8000) client = BaseHttpClient(config) info_page = Reverse(config) print(info_page.get_select_decompile())

输出JSON格式：

{ "status": "success", "result": { "start_ea": 4198502, "start_ea_hex": "0x401066", "end_ea": 4198535, "end_ea_hex": "0x401087", "function_start_ea": 4198400, "function_start_ea_hex": "0x401000", "filtered_pseudocode_lines": [ { "line": 12, "address": 4198502, "address_hex": "0x401066", "pseudocode": " Window = CreateWindowExW(0, &ClassName, &WindowName, 0xCF0000u, 0x80000000, 0, 0x80000000, 0, 0, 0, hInstance, 0);" }, { "line": 13, "address": 4198508, "address_hex": "0x40106C", "pseudocode": " v5 = Window;" }, { "line": 14, "address": 4198512, "address_hex": "0x401070", "pseudocode": " if ( !Window )" }, { "line": 16, "address": 4198522, "address_hex": "0x40107A", "pseudocode": " ShowWindow(Window, nShowCmd);" }, { "line": 17, "address": 4198529, "address_hex": "0x401081", "pseudocode": " UpdateWindow(v5);" } ], "matched_line_count": 5, "has_matched": true }, "timestamp": 26635062 }

get_select_disassembly

调用服务端 Reverse 类的 GetSelectDisassembly 接口，获取当前选中区域的反汇编指令。

from IDAMoles import * if __name__ == '__main__': config=Config(address="127.0.0.1",port=8000) client = BaseHttpClient(config) info_page = Reverse(config) print(info_page.get_select_disassembly())

输出JSON格式：

{ "status": "success", "result": { "selected_start_address": 4198582, "selected_start_address_hex": "0x4010B6", "selected_end_address": 4198598, "selected_end_address_hex": "0x4010C6", "actual_processed_count": 5, "actual_start_address_hex": "0x4010B6", "actual_end_address_hex": "0x4010C6", "instructions": [ { "address_hex": "0x4010B6", "address_dec": 4198582, "opcode_hex": "8D 45 E0 ", "disasm_text": "lea eax, [ebp+Msg]" }, { "address_hex": "0x4010B9", "address_dec": 4198585, "opcode_hex": "50 ", "disasm_text": "push eax; lpMsg" }, { "address_hex": "0x4010BA", "address_dec": 4198586, "opcode_hex": "FF 75 DC ", "disasm_text": "push [ebp+hAccTable]; hAccTable" }, { "address_hex": "0x4010BD", "address_dec": 4198589, "opcode_hex": "FF 75 E0 ", "disasm_text": "push [ebp+Msg.hwnd]; hWnd" }, { "address_hex": "0x4010C0", "address_dec": 4198592, "opcode_hex": "FF 15 70 20 40 00 ", "disasm_text": "call ds:TranslateAcceleratorW" } ], "note": "The selected address range has been completely disassembled." }, "timestamp": 26719015 }

get_select_hex

调用服务端 Reverse 类的 GetSelectHex 接口，获取当前选中区域的十六进制数据。

from IDAMoles import * if __name__ == '__main__': config=Config(address="127.0.0.1",port=8000) client = BaseHttpClient(config) info_page = Reverse(config) print(info_page.get_select_hex())

输出JSON格式：

{ "status": "success", "result": { "selected_start_address": 4198688, "selected_start_address_hex": "0x401120", "selected_end_address": 4198698, "selected_end_address_hex": "0x40112A", "actual_read_byte_count": 10, "actual_start_address_hex": "0x401120", "actual_end_address_hex": "0x401129", "hex_bytes": [ { "address_hex": "0x401120", "address_dec": 4198688, "byte_hex": "6A", "ascii_char": "j" }, { "address_hex": "0x401121", "address_dec": 4198689, "byte_hex": "6B", "ascii_char": "k" }, { "address_hex": "0x401122", "address_dec": 4198690, "byte_hex": "51", "ascii_char": "Q" }, { "address_hex": "0x401123", "address_dec": 4198691, "byte_hex": "C7", "ascii_char": "." }, { "address_hex": "0x401124", "address_dec": 4198692, "byte_hex": "45", "ascii_char": "E" }, { "address_hex": "0x401125", "address_dec": 4198693, "byte_hex": "CC", "ascii_char": "." }, { "address_hex": "0x401126", "address_dec": 4198694, "byte_hex": "30", "ascii_char": "0" }, { "address_hex": "0x401127", "address_dec": 4198695, "byte_hex": "00", "ascii_char": "." }, { "address_hex": "0x401128", "address_dec": 4198696, "byte_hex": "00", "ascii_char": "." }, { "address_hex": "0x401129", "address_dec": 4198697, "byte_hex": "00", "ascii_char": "." } ], "hex_batch": "6A 6B 51 C7 45 CC 30 00 00 00 ", "ascii_batch": "jkQ.E.0...", "note": "The selected address range has been completely read (hex bytes + ASCII)." }, "timestamp": 26822062 }

回到顶部

内存操作

内存操作模块提供内存数据读取、结构体解析、字符串提取、内存搜索与交叉引用查询等能力，支持按字节/字/双字精准读取数据，并追踪代码与数据间的引用关系，实现对程序运行时状态的完整观测。

get_entry_points

调用服务端 Memory 类的 GetEntryPoints 接口，获取程序的所有入口点地址信息。

from IDAMoles import * if __name__ == '__main__': config=Config(address="127.0.0.1",port=8000) client = BaseHttpClient(config) info_page = Memory(config) print(info_page.get_entry_points())

输出JSON格式：

{ "status": "success", "result": { "entry_points": [ { "ordinal": 4199684, "address": 4199684, "address_hex": "0x401504", "name": "start", "forwarder": "", "index": 0 } ], "total_count": 1 }, "timestamp": 35475343 }