decompile_line_to_address

接收地址和行号参数验证地址格式并校验行号非空后调用服务端 Reverse 类的 DecompileLineToAddress 接口将反编译代码的行号映射到对应内存地址。from IDAMoles import * if __name__ __main__: configConfig(address127.0.0.1,port8000) client BaseHttpClient(config) info_page Reverse(config) print(info_page.decompile_line_to_address(0x401000,8))输出JSON格式{ status: success, result: { line_number: 8, function_address: 4198400, function_address_hex: 0x401000, memory_address: 4198437, memory_address_hex: 0x401025 }, timestamp: 26320421 }decompile_address_to_line接收地址参数验证地址格式后调用服务端 Reverse 类的 DecompileAddressToLine 接口将指定地址映射到反编译代码的行号。from IDAMoles import * if __name__ __main__: configConfig(address127.0.0.1,port8000) client BaseHttpClient(config) info_page Reverse(config) print(info_page.decompile_address_to_line(0x401025))输出JSON格式{ status: success, result: { line_number: 8, address: 4198437, address_hex: 0x401025 }, timestamp: 26457390 }get_select_decompile调用服务端 Reverse 类的 GetSelectDecompile 接口获取当前选中区域的反编译代码。from IDAMoles import * if __name__ __main__: configConfig(address127.0.0.1,port8000) client BaseHttpClient(config) info_page Reverse(config) print(info_page.get_select_decompile())输出JSON格式{ status: success, result: { start_ea: 4198502, start_ea_hex: 0x401066, end_ea: 4198535, end_ea_hex: 0x401087, function_start_ea: 4198400, function_start_ea_hex: 0x401000, filtered_pseudocode_lines: [ { line: 12, address: 4198502, address_hex: 0x401066, pseudocode: Window CreateWindowExW(0, ClassName, WindowName, 0xCF0000u, 0x80000000, 0, 0x80000000, 0, 0, 0, hInstance, 0); }, { line: 13, address: 4198508, address_hex: 0x40106C, pseudocode: v5 Window; }, { line: 14, address: 4198512, address_hex: 0x401070, pseudocode: if ( !Window ) }, { line: 16, address: 4198522, address_hex: 0x40107A, pseudocode: ShowWindow(Window, nShowCmd); }, { line: 17, address: 4198529, address_hex: 0x401081, pseudocode: UpdateWindow(v5); } ], matched_line_count: 5, has_matched: true }, timestamp: 26635062 }get_select_disassembly调用服务端 Reverse 类的 GetSelectDisassembly 接口获取当前选中区域的反汇编指令。from IDAMoles import * if __name__ __main__: configConfig(address127.0.0.1,port8000) client BaseHttpClient(config) info_page Reverse(config) print(info_page.get_select_disassembly())输出JSON格式{ status: success, result: { selected_start_address: 4198582, selected_start_address_hex: 0x4010B6, selected_end_address: 4198598, selected_end_address_hex: 0x4010C6, actual_processed_count: 5, actual_start_address_hex: 0x4010B6, actual_end_address_hex: 0x4010C6, instructions: [ { address_hex: 0x4010B6, address_dec: 4198582, opcode_hex: 8D 45 E0 , disasm_text: lea eax, [ebpMsg] }, { address_hex: 0x4010B9, address_dec: 4198585, opcode_hex: 50 , disasm_text: push eax; lpMsg }, { address_hex: 0x4010BA, address_dec: 4198586, opcode_hex: FF 75 DC , disasm_text: push [ebphAccTable]; hAccTable }, { address_hex: 0x4010BD, address_dec: 4198589, opcode_hex: FF 75 E0 , disasm_text: push [ebpMsg.hwnd]; hWnd }, { address_hex: 0x4010C0, address_dec: 4198592, opcode_hex: FF 15 70 20 40 00 , disasm_text: call ds:TranslateAcceleratorW } ], note: The selected address range has been completely disassembled. }, timestamp: 26719015 }get_select_hex调用服务端 Reverse 类的 GetSelectHex 接口获取当前选中区域的十六进制数据。from IDAMoles import * if __name__ __main__: configConfig(address127.0.0.1,port8000) client BaseHttpClient(config) info_page Reverse(config) print(info_page.get_select_hex())输出JSON格式{ status: success, result: { selected_start_address: 4198688, selected_start_address_hex: 0x401120, selected_end_address: 4198698, selected_end_address_hex: 0x40112A, actual_read_byte_count: 10, actual_start_address_hex: 0x401120, actual_end_address_hex: 0x401129, hex_bytes: [ { address_hex: 0x401120, address_dec: 4198688, byte_hex: 6A, ascii_char: j }, { address_hex: 0x401121, address_dec: 4198689, byte_hex: 6B, ascii_char: k }, { address_hex: 0x401122, address_dec: 4198690, byte_hex: 51, ascii_char: Q }, { address_hex: 0x401123, address_dec: 4198691, byte_hex: C7, ascii_char: . }, { address_hex: 0x401124, address_dec: 4198692, byte_hex: 45, ascii_char: E }, { address_hex: 0x401125, address_dec: 4198693, byte_hex: CC, ascii_char: . }, { address_hex: 0x401126, address_dec: 4198694, byte_hex: 30, ascii_char: 0 }, { address_hex: 0x401127, address_dec: 4198695, byte_hex: 00, ascii_char: . }, { address_hex: 0x401128, address_dec: 4198696, byte_hex: 00, ascii_char: . }, { address_hex: 0x401129, address_dec: 4198697, byte_hex: 00, ascii_char: . } ], hex_batch: 6A 6B 51 C7 45 CC 30 00 00 00 , ascii_batch: jkQ.E.0..., note: The selected address range has been completely read (hex bytes ASCII). }, timestamp: 26822062 }回到顶部内存操作内存操作模块提供内存数据读取、结构体解析、字符串提取、内存搜索与交叉引用查询等能力支持按字节/字/双字精准读取数据并追踪代码与数据间的引用关系实现对程序运行时状态的完整观测。get_entry_points调用服务端 Memory 类的 GetEntryPoints 接口获取程序的所有入口点地址信息。from IDAMoles import * if __name__ __main__: configConfig(address127.0.0.1,port8000) client BaseHttpClient(config) info_page Memory(config) print(info_page.get_entry_points())输出JSON格式{ status: success, result: { entry_points: [ { ordinal: 4199684, address: 4199684, address_hex: 0x401504, name: start, forwarder: , index: 0 } ], total_count: 1 }, timestamp: 35475343 }