文章总结: 本章详细讲解了如何构建AI驱动的二进制安全分析平台的可视化界面组件,重点实现反汇编视图、控制流图、十六进制视图等多面板协同分析系统。通过集成MonacoEditor并自定义x86-64汇编语言tokenizer,复现了IDAPro风格的四列反汇编显示效果。关键创新在于多视图联动机制,例如点击函数调用自动跳转CFG图、十六进制与反汇编视图交叉高亮,显著提升逆向工程效率。 综合评分: 78 文章分类: 二进制安全,逆向分析,安全工具,安全开发,WEB安全
原创
李北辰 李北辰
SPEEDCoding
2026年5月19日%2012:00 山西
在小说阅读器读本章
去阅读
完整docx文件关注公众号回复:从零构建AI驱动的二进制安全系统
在第十二章中,你已经搭建好了项目的骨架——多面板布局系统、深色主题框架和基础状态管理。现在,是时候为这个骨架注入血肉了。本章将逐一实现逆向工程分析平台的所有核心视图组件:展示汇编指令的反汇编视图、可视化程序控制流的CFG图、呈现原始二进制数据的十六进制视图、组织程序结构的函数列表,以及与AI%20Agent交互的智能面板。每个组件都不是孤立的存在,它们之间通过精心设计的联动机制形成有机整体——当你在反汇编视图中双击一个函数调用时,控制流图会自动展开该函数的图形化表示;当你在十六进制视图中选中一段数据时,反汇编视图中对应的指令会被高亮标记。这种多视图协同的设计理念借鉴了IDA%20Pro和Ghidra等成熟工具的成功经验11^,也是专业级逆向工程界面的核心竞争力所在。
反汇编视图是整个分析平台的中央舞台,它承担着将二进制机器码翻译为人类可读汇编指令的核心职责。在这个视图中,你需要同时展示地址、机器码字节、汇编指令和操作数等多个维度的信息,并且要确保这些信息在视觉上严格对齐。我们选择Monaco%20Editor作为反汇编视图的底层编辑器组件,这不仅因为它拥有强大的文本渲染性能,更关键的是它提供了完善的自定义语言支持和视觉装饰系统,让你能够精确复刻IDA%20Pro风格的四列反汇编显示效果2^。
要让Monaco%20Editor胜任反汇编展示的任务,第一步就是教会它识别汇编语言。Monaco采用Monarch(Monaco%20RegEx-based%20tokenizer)系统来定义语言语法,这套系统通过正则表达式将文本流切分为不同类别的token,然后为每个token类别分配颜色86^。你需要定义一套完整的汇编语言词汇表,包括x86/x64指令集、寄存器名称、汇编伪指令等。
下面的代码展示了如何注册自定义汇编语言并配置完整的Tokenizer。这个实现覆盖了x86-64架构的常用指令、Intel语法风格的寄存器命名、以及IDA%20Pro风格的地址前缀识别。
//%20utils/assemblyLanguage.ts
import*asmonacofrom'monaco-editor'
/**
*%20注册自定义汇编语言到Monaco%20Editor
*%20定义完整的x86-64汇编Tokenizer,覆盖指令/寄存器/立即数/注释/地址
*/
exportfunctionregisterAssemblyLanguage(): void {
//%20向Monaco注册新的语言ID
monaco.languages.register({ id: 'x86-assembly' })
//%20=====%20x86-64%20完整指令集定义%20=====
constinstructions= [
%20 //%20数据传输
%20 'mov','movabs','movzx','movsx','movsxd','cmove','cmovne','cmovg','cmovl',
%20 'push','pop','lea','xchg','bswap','cmpxchg',
%20 //%20算术运算
%20 'add','sub','adc','sbb','inc','dec','neg','mul','imul','div','idiv',
%20 //%20逻辑运算
%20 'and','or','xor','not','shl','shr','sal','sar','rol','ror','shld','shrd',
%20 //%20比较与测试
%20 'cmp','test',
%20 //%20跳转指令(条件/无条件)
%20 'jmp','je','jne','jz','jnz','ja','jae','jb','jbe','jg','jge','jl','jle',
%20 'jo','jno','js','jns','jp','jnp','jc','jnc',
%20 //%20子程序调用与返回
%20 'call','ret','retn','enter','leave',
%20 //%20栈操作
%20 'pusha','popa','pushad','popad','pushf','popf',
%20 //%20系统指令
%20 'nop','int','syscall','sysret','sysenter','sysexit','cli','sti','hlt',
%20 //%20浮点指令
%20 'fld','fst','fstp','fadd','fsub','fmul','fdiv','fcom','fucom',
%20 //%20SIMD指令
%20 'movdqa','movdqu','movaps','movups','movss','movsd','movd','movq',
%20 'addss','addsd','addps','addpd','mulss','mulsd','subss','subsd',
%20 'xorps','xorpd','andps','andpd','orps','orpd',
%20 'punpcklbw','punpcklwd','punpckldq','punpcklqdq',
%20 'pshufd','pshuflw','pshufhw','shufps','shufpd',
%20 'cmpss','cmpsd','cmpps','cmppd','ucomiss','ucomisd',
%20 //%20位操作
%20 'bt','bts','btr','btc','bsf','bsr','tzcnt','popcnt',
%20 //%20符号扩展与转换
%20 'cbw','cwde','cdqe','cwd','cdq','cqo',
%20 //%20串操作
%20 'movsb','movsw','movsd','movsq','stosb','stosw','stosd','stosq',
%20 'lodsb','lodsw','lodsd','lodsq','scasb','scasw','scasd','scasq',
%20 'cmpsb','cmpsw','cmpsd','cmpsq','rep','repe','repne','repz','repnz'
%20]
//%20=====%20寄存器定义(按大小分类)%20=====
constregisters= [
%20 //%2064位通用寄存器
%20 'rax','rbx','rcx','rdx','rsi','rdi','rbp','rsp','rip',
%20 'r8','r9','r10','r11','r12','r13','r14','r15',
%20 //%2032位通用寄存器
%20 'eax','ebx','ecx','edx','esi','edi','ebp','esp','eip',
%20 'r8d','r9d','r10d','r11d','r12d','r13d','r14d','r15d',
%20 //%2016位通用寄存器
%20 'ax','bx','cx','dx','si','di','bp','sp','ip',
%20 'r8w','r9w','r10w','r11w','r12w','r13w','r14w','r15w',
%20 //%208位寄存器
%20 'al','bl','cl','dl','ah','bh','ch','dh',
%20 'r8b','r9b','r10b','r11b','r12b','r13b','r14b','r15b',
%20 'spl','bpl','sil','dil',
%20 //%20段寄存器
%20 'cs','ds','es','fs','gs','ss',
%20 //%20控制与调试寄存器
%20 'cr0','cr2','cr3','cr4','cr8',
%20 'dr0','dr1','dr2','dr3','dr6','dr7',
%20 //%20浮点寄存器
%20 'st','st0','st1','st2','st3','st4','st5','st6','st7',
%20 //%20MMX寄存器
%20 'mm0','mm1','mm2','mm3','mm4','mm5','mm6','mm7',
%20 //%20SSE/AVX寄存器
%20 'xmm0','xmm1','xmm2','xmm3','xmm4','xmm5','xmm6','xmm7',
%20 'xmm8','xmm9','xmm10','xmm11','xmm12','xmm13','xmm14','xmm15',
%20 'ymm0','ymm1','ymm2','ymm3','ymm4','ymm5','ymm6','ymm7',
%20 'ymm8','ymm9','ymm10','ymm11','ymm12','ymm13','ymm14','ymm15',
%20 //%20EFLAGS
%20 'eflags','rflags','cf','pf','af','zf','sf','tf','if','df','of','nt','rf','vm','ac','vif','vip','id'
%20]
//%20=====%20汇编伪指令%20=====
constdirectives= [
%20 '.text','.data','.bss','.rodata','.rdata',
%20 '.section','.global','.globl','.extern','.extern',
%20 '.byte','.word','.long','.quad','.ascii','.asciz','.string','.zero',
%20 '.equ','.set','.align','.p2align','.type','.size','.end',
%20 '.code32','.code64','.intel_syntax','.att_syntax',
%20 //%20PE/ELF段名
%20 '.idata','.edata','.pdata','.reloc','.tls',
%20 '.init','.fini','.ctors','.dtors','.got','.plt'
%20]
//%20=====%20配置Monarch%20Tokenizer%20=====
monaco.languages.setMonarchTokensProvider('x86-assembly',%20{
%20 //%20默认不区分大小写(汇编指令通常不区分大小写)
%20 ignoreCase: true,
%20 //%20预定义的词法类别
%20 instructions,
%20 registers,
%20 directives,
%20 //%20Tokenizer规则(按优先级排列)
%20 tokenizer:%20{
%20 %20 root:%20[
%20 %20 %20 //%201.%20注释(分号开始到行尾)
%20 %20 %20 %20[/;.*$/, 'comment'],
%20 %20 %20 //%202.%20地址前缀(IDA风格:如%20".text:0000000140001000"%20或纯地址)
%20 %20 %20 %20[/^[\da-fA-F]+:/, 'annotation.address'],
%20 %20 %20 %20[/^[.\w]+:[\da-fA-F]+/, 'annotation.address'],
%20 %20 %20 //%203.%20十六进制字节序列(机器码部分:48%2089%205C%2024%2008)
%20 %20 %20 %20[/\b[\da-fA-F]{2}(?:\s+[\da-fA-F]{2}){0,15}\b/, 'keyword.hexbytes'],
%20 %20 %20 //%204.%20指令助记符(优先匹配,避免被标识符规则抢占)
%20 %20 %20 %20[/[a-zA-Z][\w]*/,%20{
%20 %20 %20 %20 cases:%20{
%20 %20 %20 %20 %20 '@directives':%20{ token: 'tag', next: '@directiveArgs' },
%20 %20 %20 %20 %20 '@instructions':%20{ token: 'keyword', next: '@operands' },
%20 %20 %20 %20 %20 '@registers': 'variable.predefined',
%20 %20 %20 %20 %20 '@default': 'identifier'
%20 %20 %20 %20 %20}
%20 %20 %20 %20}],
%20 %20 %20 //%205.%20空白字符
%20 %20 %20 %20[/\s+/, 'white']
%20 %20 %20],
%20 %20 //%20指令后的操作数上下文
%20 %20 operands:%20[
%20 %20 %20 //%20注释
%20 %20 %20 %20[/;.*$/, 'comment', '@pop'],
%20 %20 %20 //%20PTR关键字
%20 %20 %20 %20[/\b(?:byte|word|dword|qword|xmmword|ymmword)\s+ptr\b/, 'type'],
%20 %20 %20 //%20NEAR/FAR/SHORT修饰符
%20 %20 %20 %20[/\b(?:near|far|short)\b/, 'modifier'],
%20 %20 %20 //%20寄存器
%20 %20 %20 %20[/[a-zA-Z][\w]*/,%20{
%20 %20 %20 %20 cases:%20{
%20 %20 %20 %20 %20 '@registers': 'variable.predefined',
%20 %20 %20 %20 %20 '@default': 'identifier'
%20 %20 %20 %20 %20}
%20 %20 %20 %20}],
%20 %20 %20 //%20十六进制立即数(0x前缀或h后缀)
%20 %20 %20 %20[/0x[\da-fA-F]+/, 'number.hex'],
%20 %20 %20 %20[/\d+[\da-fA-F]*h\b/, 'number.hex'],
%20 %20 %20 //%20十进制/八进制数字
%20 %20 %20 %20[/\d+/, 'number'],
%20 %20 %20 //%20字符串字面量
%20 %20 %20 %20[/"[^"]*"/, 'string'],
%20 %20 %20 %20[/'[^']*'/, 'string'],
%20 %20 %20 //%20内存引用方括号
%20 %20 %20 %20[/[\[\]]/, 'delimiter.square'],
%20 %20 %20 //%20段前缀(如%20ds:,%20cs:)
%20 %20 %20 %20[/\b[csdfgs]\s*:/, 'keyword.segment'],
%20 %20 %20 //%20运算符
%20 %20 %20 %20[/[+\-*/&|^~!]|\b(?:offset|ptr|size|length|type)\b/, 'operator'],
%20 %20 %20 //%20标点
%20 %20 %20 %20[/[,;:]/, 'delimiter'],
%20 %20 %20 //%20换行返回根上下文
%20 %20 %20 %20[/[\n\r]/, 'white', '@pop'],
%20 %20 %20 //%20其他空白
%20 %20 %20 %20[/\s+/, 'white']
%20 %20 %20],
%20 %20 //%20伪指令参数上下文
%20 %20 directiveArgs:%20[
%20 %20 %20 %20[/;.*$/, 'comment', '@pop'],
%20 %20 %20 %20[/"[^"]*"/, 'string'],
%20 %20 %20 %20[/0x[\da-fA-F]+/, 'number.hex'],
%20 %20 %20 %20[/\d+/, 'number'],
%20 %20 %20 %20[/[\n\r]/, 'white', '@pop'],
%20 %20 %20 %20[/\s+/, 'white'],
%20 %20 %20 %20[/[^\s;\n]+/, 'identifier']
%20 %20 %20]
%20 %20}
%20})
//%20=====%20配置括号匹配和自动缩进%20=====
monaco.languages.setLanguageConfiguration('x86-assembly',%20{
%20 brackets:%20[
%20 %20 %20['[', ']'],
%20 %20 %20['(', ')'],
%20 %20 %20['{', '}']
%20 %20],
%20 autoClosingPairs:%20[
%20 %20 %20{ open: '[', close: ']' },
%20 %20 %20{ open: '(', close: ')' },
%20 %20 %20{ open: '"', close: '"' }
%20 %20],
%20 surroundingPairs:%20[
%20 %20 %20{ open: '[', close: ']' },
%20 %20 %20{ open: '(', close: ')' },
%20 %20 %20{ open: '"', close: '"' }
%20 %20],
%20 //%20汇编语言的行注释
%20 lineComment: ';',
%20 //%20缩进规则:以标签结尾的行(如%20"loc_401000:")%20后续内容应缩进
%20 indentationRules:%20{
%20 %20 increaseIndentPattern: /:\s*$/,
%20 %20 decreaseIndentPattern: /^\s*(end|\.end)\b/
%20 %20}
%20})
}
Tokenizer注册完成后,你还需要定义IDA%20Pro风格的深色主题来赋予这些token合适的颜色。Monaco%20Editor的主题系统基于VS%20Code的主题格式,你可以为每个token类别指定前景色、字体样式和背景色94^。下面的主题定义严格遵循IDA%20Pro的经典配色方案41^:指令使用深蓝色、寄存器使用浅蓝色、立即数使用绿色、地址使用灰色、注释使用暗绿色。
//%20themes/idaDarkTheme.ts
import%20*%20as%20monaco%20from%20'monaco-editor'
/**
*%20定义IDA%20Pro风格的深色主题
*%20配色方案参照IDA%20Pro经典配色,针对反汇编场景优化
*/
export%20function%20defineIdaDarkTheme():%20void%20{
%20monaco.editor.defineTheme('ida-dark',%20{
%20 %20//%20继承自vs-dark基础主题
%20 %20base:%20'vs-dark',
%20 %20inherit:%20true,
%20 %20//%20Token颜色规则(覆盖和扩展vs-dark的默认规则)
%20 %20rules:%20[
%20 %20 %20//%20===%20核心汇编Token%20===
%20 %20 %20//%20汇编指令:IDA蓝色(加粗显示)
%20 %20 %20{%20token:%20'keyword',%20foreground:%20'569CD6',%20fontStyle:%20'bold'%20},
%20 %20 %20//%20寄存器:浅蓝色
%20 %20 %20{%20token:%20'variable.predefined',%20foreground:%20'9CDCFE'%20},
%20 %20 %20//%20十六进制立即数:浅绿色
%20 %20 %20{%20token:%20'number.hex',%20foreground:%20'B5CEA8'%20},
%20 %20 %20//%20普通数字
%20 %20 %20{%20token:%20'number',%20foreground:%20'B5CEA8'%20},
%20 %20 %20//%20十六进制字节序列(机器码):暗绿色
%20 %20 %20{%20token:%20'keyword.hexbytes',%20foreground:%20'608B4E'%20},
%20 %20 %20//%20地址前缀:灰色
%20 %20 %20{%20token:%20'annotation.address',%20foreground:%20'808080'%20},
%20 %20 %20//%20注释:暗绿色(IDA风格)
%20 %20 %20{%20token:%20'comment',%20foreground:%20'6A9955',%20fontStyle:%20'italic'%20},
%20 %20 %20//%20字符串:橙棕色
%20 %20 %20{%20token:%20'string',%20foreground:%20'CE9178'%20},
%20 %20 %20//%20伪指令/段定义:紫色
%20 %20 %20{%20token:%20'tag',%20foreground:%20'C586C0'%20},
%20 %20 %20//%20函数名/标识符:黄色
%20 %20 %20{%20token:%20'identifier',%20foreground:%20'DCDCAA'%20},
%20 %20 %20//%20内存引用方括号:青色
%20 %20 %20{%20token:%20'delimiter.square',%20foreground:%20'4EC9B0'%20},
%20 %20 %20//%20段前缀(ds:/cs:):紫色
%20 %20 %20{%20token:%20'keyword.segment',%20foreground:%20'C586C0'%20},
%20 %20 %20//%20PTR类型修饰符:青色
%20 %20 %20{%20token:%20'type',%20foreground:%20'4EC9B0'%20},
%20 %20 %20//%20NEAR/FAR/SHORT修饰符
%20 %20 %20{%20token:%20'modifier',%20foreground:%20'C586C0'%20},
%20 %20 %20//%20运算符
%20 %20 %20{%20token:%20'operator',%20foreground:%20'D4D4D4'%20},
%20 %20 %20//%20分隔符
%20 %20 %20{%20token:%20'delimiter',%20foreground:%20'D4D4D4'%20},
%20 %20 %20//%20===%20特殊标记(通过setTokensProvider动态设置)%20===
%20 %20 %20//%20函数调用目标:粉色(导入函数)
%20 %20 %20{%20token:%20'import.func',%20foreground:%20'C586C0',%20fontStyle:%20'italic'%20},
%20 %20 %20//%20库函数:紫色
%20 %20 %20{%20token:%20'library.func',%20foreground:%20'C678DD'%20},
%20 %20 %20//%20交叉引用标记
%20 %20 %20{%20token:%20'xref.up',%20foreground:%20'569CD6'%20},
%20 %20 %20{%20token:%20'xref.down',%20foreground:%20'CE9178'%20},
%20 %20 %20//%20数据引用
%20 %20 %20{%20token:%20'data.ref',%20foreground:%20'4EC9B0'%20}
%20 %20],
%20 %20//%20编辑器Chrome区域颜色
%20 %20colors:%20{
%20 %20 %20//%20主编辑区背景:接近纯黑
%20 %20 %20'editor.background':%20'#1E1E1E',
%20 %20 %20//%20前景色
%20 %20 %20'editor.foreground':%20'#D4D4D4',
%20 %20 %20//%20当前行高亮背景
%20 %20 %20'editor.lineHighlightBackground':%20'#2D2D30',
%20 %20 %20//%20选中区域背景
%20 %20 %20'editor.selectionBackground':%20'#264F78',
%20 %20 %20//%20选中文本的对比色
%20 %20 %20'editor.selectionHighlightBackground':%20'#2D3B4D',
%20 %20 %20//%20光标颜色
%20 %20 %20'editorCursor.foreground':%20'#AEAFAD',
%20 %20 %20//%20行号颜色
%20 %20 %20'editorLineNumber.foreground':%20'#858585',
%20 %20 %20//%20当前行号颜色
%20 %20 %20'editorLineNumber.activeForeground':%20'#C6C6C6',
%20 %20 %20//%20Glyph%20margin(用于放置断点/书签图标)
%20 %20 %20'editorGlyphMargin.background':%20'#1E1E1E',
%20 %20 %20//%20概览标尺(右侧缩略图)
%20 %20 %20'editorOverviewRuler.border':%20'#3E3E42',
%20 %20 %20//%20查找匹配高亮
%20 %20 %20'editor.findMatchBackground':%20'#515C6A',
%20 %20 %20'editor.findMatchHighlightBackground':%20'#EA5C0055',
%20 %20 %20//%20链接颜色
%20 %20 %20'editorLink.activeForeground':%20'#4EC9B0',
%20 %20 %20//%20空白字符颜色
%20 %20 %20'editorWhitespace.foreground':%20'#3E3E42',
%20 %20 %20//%20缩进参考线
%20 %20 %20'editorIndentGuide.background':%20'#3E3E42',
%20 %20 %20'editorIndentGuide.activeBackground':%20'#606060'
%20 %20}
%20})
}
完成语言和主题的定义后,你可以在Vue组件中将它们装配到Monaco%20Editor实例上。monaco-editor-vue3提供了开箱即用的Vue3绑定,你可以通过editorDidMount回调在编辑器挂载后执行自定义初始化逻辑2^。对于反汇编视图来说,最关键的配置选项是将编辑器设置为只读模式(readOnly:%20true),并禁用与代码编辑相关的所有自动完成功能,因为反汇编视图的核心用途是浏览而非编辑。
组件的props接口设计需要接收反汇编数据数组和当前视图地址,emits则需要暴露用户交互事件——双击跳转、重命名请求和交叉引用查询。
<!--%20components/DisassemblyView.vue%20-->
<script%20setup%20lang="ts">
import%20{%20ref,%20watch,%20onMounted,%20onUnmounted%20}%20from%20'vue'
import%20{%20CodeEditor%20}%20from%20'monaco-editor-vue3'
import%20*%20as%20monaco%20from%20'monaco-editor'
import%20{%20registerAssemblyLanguage%20}%20from%20'@/utils/assemblyLanguage'
import%20{%20defineIdaDarkTheme%20}%20from%20'@/themes/idaDarkTheme'
import%20type%20{%20Instruction%20}%20from%20'@/types/binary'
//%20=====%20Props%20接口定义%20=====
const%20props%20=%20defineProps<{
%20/**%20当前显示的指令列表%20*/
%20instructions:%20Instruction[]
%20/**%20当前高亮地址%20*/
%20currentAddress?:%20number
%20/**%20函数起始地址(用于高亮当前函数范围)%20*/
%20functionStart?:%20number
%20/**%20函数结束地址%20*/
%20functionEnd?:%20number
}>()
//%20=====%20Emits%20接口定义%20=====
const%20emit%20=%20defineEmits<{
%20/**%20用户双击某条指令(通常跳转)%20*/
%20navigateTo:%20[address:%20number]
%20/**%20请求重命名符号%20*/
%20rename:%20[address:%20number,%20currentName:%20string]
%20/**%20请求显示交叉引用%20*/
%20showXref:%20[address:%20number]
%20/**%20请求添加/编辑注释%20*/
%20editComment:%20[address:%20number,%20currentComment?:%20string]
%20/**%20编辑器已挂载%20*/
%20editorReady:%20[editor:%20monaco.editor.IStandaloneCodeEditor]
}>()
//%20=====%20编辑器实例引用%20=====
let%20editorInstance:%20monaco.editor.IStandaloneCodeEditor%20|%20null%20=%20null
const%20editorRef%20=%20ref()
//%20=====%20编辑器配置选项%20=====
const%20editorOptions:%20monaco.editor.IStandaloneEditorConstructionOptions%20=%20{
%20//%20反汇编视图只读
%20readOnly:%20true,
%20//%20使用自定义语言和主题
%20language:%20'x86-assembly',
%20theme:%20'ida-dark',
%20//%20字体设置:等宽字体确保列对齐
%20fontSize:%2013,
%20fontFamily:%20'Consolas,%20"Courier%20New",%20"Liberation%20Mono",%20monospace',
%20lineHeight:%2020,
%20//%20行号:显示指令序号而非文件行号
%20lineNumbers:%20(lineNumber:%20number)%20=>%20{
%20 %20const%20inst%20=%20props.instructions[lineNumber%20-%201]
%20 %20return%20inst%20?%20inst.address.toString(16).toUpperCase().padStart(8,%20'0')%20:%20''
%20},
%20//%20禁用所有编辑辅助功能
%20minimap:%20{%20enabled:%20false%20},
%20folding:%20false,
%20quickSuggestions:%20false,
%20parameterHints:%20{%20enabled:%20false%20},
%20suggestOnTriggerCharacters:%20false,
%20acceptSuggestionOnEnter:%20'off',
%20tabCompletion:%20'off',
%20wordBasedSuggestions:%20'off',
%20//%20滚动行为
%20scrollBeyondLastLine:%20false,
%20renderWhitespace:%20'none',
%20wordWrap:%20'off',
%20//%20自定义滚动条样式
%20scrollbar:%20{
%20 %20vertical:%20'auto',
%20 %20horizontal:%20'auto',
%20 %20useShadows:%20false,
%20 %20verticalHasArrows:%20false,
%20 %20horizontalHasArrows:%20false,
%20 %20verticalScrollbarSize:%2010,
%20 %20horizontalScrollbarSize:%2010
%20},
%20//%20上下文菜单
%20contextmenu:%20true,
%20//%20允许glyph%20margin(放置书签/断点图标)
%20glyphMargin:%20true,
%20//%20当前行高亮
%20renderLineHighlight:%20'line'
}
//%20=====%20编辑器挂载回调%20=====
function%20handleEditorMount(editor:%20monaco.editor.IStandaloneCodeEditor)%20{
%20editorInstance%20=%20editor
%20//%20注册自定义快捷键(IDA风格)
%20registerKeybindings(editor)
%20//%20注册鼠标交互
%20registerMouseHandlers(editor)
%20emit('editorReady',%20editor)
}
/**
*%20注册IDA风格快捷键
*%20G%20=%20跳转地址,%20N%20=%20重命名,%20X%20=%20交叉引用,%20;%20=%20注释,%20Esc%20=%20返回
*/
function%20registerKeybindings(
%20editor:%20monaco.editor.IStandaloneCodeEditor
)%20{
%20//%20G键:跳转到地址
%20editor.addAction({
%20 %20id:%20'ida-goto-address',
%20 %20label:%20'跳转到地址',
%20 %20keybindings:%20[monaco.KeyCode.KeyG],
%20 %20run:%20()%20=>%20{
%20 %20 %20const%20addr%20=%20getAddressAtCursor(editor)
%20 %20 %20if%20(addr%20!==%20null)%20emit('navigateTo',%20addr)
%20 %20}
%20})
%20//%20N键:重命名
%20editor.addAction({
%20 %20id:%20'ida-rename',
%20 %20label:%20'重命名',
%20 %20keybindings:%20[monaco.KeyCode.KeyN],
%20 %20run:%20()%20=>%20{
%20 %20 %20const%20{%20address,%20text%20}%20=%20getTokenAtCursor(editor)
%20 %20 %20if%20(address%20!==%20null)%20emit('rename',%20address,%20text)
%20 %20}
%20})
%20//%20X键:交叉引用
%20editor.addAction({
%20 %20id:%20'ida-xref',
%20 %20label:%20'交叉引用',
%20 %20keybindings:%20[monaco.KeyCode.KeyX],
%20 %20run:%20()%20=>%20{
%20 %20 %20const%20addr%20=%20getAddressAtCursor(editor)
%20 %20 %20if%20(addr%20!==%20null)%20emit('showXref',%20addr)
%20 %20}
%20})
%20//%20;%20键:添加注释
%20editor.addAction({
%20 %20id:%20'ida-comment',
%20 %20label:%20'添加注释',
%20 %20keybindings:%20[monaco.KeyCode.Semicolon],
%20 %20run:%20()%20=>%20{
%20 %20 %20const%20addr%20=%20getAddressAtCursor(editor)
%20 %20 %20if%20(addr%20!==%20null)%20{
%20 %20 %20 %20const%20inst%20=%20props.instructions.find(i%20=>%20i.address%20===%20addr)
%20 %20 %20 %20emit('editComment',%20addr,%20inst?.comment)
%20 %20 %20}
%20 %20}
%20})
}
//%20辅助函数:获取光标所在行的地址
function%20getAddressAtCursor(
%20editor:%20monaco.editor.IStandaloneCodeEditor
):%20number%20|%20null%20{
%20const%20pos%20=%20editor.getPosition()
%20if%20(!pos)%20return%20null
%20const%20inst%20=%20props.instructions[pos.lineNumber%20-%201]
%20return%20inst%20?%20inst.address%20:%20null
}
//%20辅助函数:获取光标所在token
function%20getTokenAtCursor(
%20editor:%20monaco.editor.IStandaloneCodeEditor
):%20{%20address:%20number%20|%20null;%20text:%20string%20}%20{
%20const%20pos%20=%20editor.getPosition()
%20if%20(!pos)%20return%20{%20address:%20null,%20text:%20''%20}
%20const%20model%20=%20editor.getModel()!
%20const%20word%20=%20model.getWordAtPosition(pos)
%20const%20inst%20=%20props.instructions[pos.lineNumber%20-%201]
%20return%20{
%20 %20address:%20inst%20?%20inst.address%20:%20null,
%20 %20text:%20word%20?%20word.word%20:%20''
%20}
}
//%20鼠标双击跳转处理
function%20registerMouseHandlers(
%20editor:%20monaco.editor.IStandaloneCodeEditor
)%20{
%20editor.onMouseDown((e)%20=>%20{
%20 %20if%20(e.target.type%20===%20monaco.editor.MouseTargetType.CONTENT_TEXT
%20 %20 %20 %20&&%20e.event.detail%20===%202)%20{%20//%20双击
%20 %20 %20const%20pos%20=%20e.target.position
%20 %20 %20if%20(pos)%20{
%20 %20 %20 %20const%20inst%20=%20props.instructions[pos.lineNumber%20-%201]
%20 %20 %20 %20if%20(inst?.targetAddress)%20{
%20 %20 %20 %20 %20emit('navigateTo',%20inst.targetAddress)
%20 %20 %20 %20}
%20 %20 %20}
%20 %20}
%20})
}
//%20监听指令数据变化,更新编辑器内容
watch(()%20=>%20props.instructions,%20(newInsts)%20=>%20{
%20if%20(editorInstance%20&&%20newInsts.length%20>%200)%20{
%20 %20const%20model%20=%20editorInstance.getModel()
%20 %20if%20(model)%20{
%20 %20 %20const%20content%20=%20formatInstructionsToText(newInsts)
%20 %20 %20model.setValue(content)
%20 %20}
%20}
},%20{%20immediate:%20true%20})
//%20将指令数组格式化为编辑器文本
function%20formatInstructionsToText(instructions:%20Instruction[]):%20string%20{
%20return%20instructions.map(inst%20=>%20{
%20 %20const%20addr%20=%20inst.address.toString(16).toUpperCase().padStart(8,%20'0')
%20 %20const%20bytes%20=%20inst.bytes.map(b%20=>%20b.toString(16).padStart(2,%20'0')).join('%20')
%20 %20const%20comment%20=%20inst.comment%20?%20`%20 ;%20${inst.comment}`%20:%20''
%20 %20return%20`${addr}%20 ${bytes.padEnd(24,%20'%20')}%20 ${inst.mnemonic}%20 ${inst.operands}${comment}`
%20}).join('\n')
}
//%20初始化:注册语言和主题
onMounted(()%20=>%20{
%20registerAssemblyLanguage()
%20defineIdaDarkTheme()
})
</script>
<template>
%20<div%20class="disassembly-view">
%20 %20<CodeEditor
%20 %20 %20ref="editorRef"
%20 %20 %20v-model:value="editorContent"
%20 %20 %20:language="editorOptions.language"
%20 %20 %20:theme="editorOptions.theme"
%20 %20 %20:options="editorOptions"
%20 %20 %20@editorDidMount="handleEditorMount"
%20 %20/>
%20</div>
</template>
<style%20scoped>
.disassembly-view%20{
%20width:%20100%;
%20height:%20100%;
%20background: #1E1E1E;
}
</style>
这个组件的接口设计遵循了”数据向下传递、事件向上冒泡”的Vue最佳实践28^。instructions prop接收结构化的反汇编数据,navigateTo等emit事件则将用户的交互意图传递给父组件处理。这种解耦设计使得DisassemblyView本身不依赖任何特定的状态管理方案,既可以在Pinia%20store驱动的应用中使用,也可以独立测试。
IDA%20Pro的经典反汇编视图采用四列布局:地址列、机器码字节列、汇编指令列和操作数列。这种严格对齐的排版让分析师能够一眼扫过多个维度的信息。在Monaco%20Editor中实现这种效果,最优雅的方式是利用行内装饰器(Inline%20Decorations)和内容部件(Content%20Widgets)的组合87^。
具体来说,你可以将每一行反汇编数据的格式化为”地址%20|%20字节%20|%20指令%20|%20操作数%20|%20注释”的统一文本,然后通过Monaco的deltaDecorations%20API为不同列的区域附加CSS类名,从而实现精确的颜色控制和视觉分隔。
//%20composables/useDisassemblyDecorations.ts
import%20*%20as%20monaco%20from%20'monaco-editor'
import%20type%20{%20Instruction%20}%20from%20'@/types/binary'
import%20type%20{%20Ref%20}%20from%20'vue'
/**
*%20反汇编视图的视觉装饰系统
*%20实现IDA风格的四列对齐显示:地址/字节/指令/操作数
*/
export%20function%20useDisassemblyDecorations(
%20editor:%20Ref<monaco.editor.IStandaloneCodeEditor%20|%20null>,
%20instructions:%20Ref<Instruction[]>
)%20{
%20//%20存储当前装饰ID,用于增量更新
%20let%20decorationIds:%20string[]%20=%20[]
%20/**
%20 *%20应用完整的视觉装饰
%20 *%20包括:列着色、函数边界标记、书签标记、高亮行
%20 */
%20function%20applyDecorations(
%20 %20options:%20{
%20 %20 %20highlightedAddress?:%20number
%20 %20 %20bookmarks?:%20Set<number>
%20 %20 %20functionBoundaries?:%20{%20start:%20number;%20end:%20number%20}
%20 %20}%20=%20{}
%20)%20{
%20 %20if%20(!editor.value)%20return
%20 %20const%20decorations:%20monaco.editor.IModelDeltaDecoration[]%20=%20[]
%20 %20const%20model%20=%20editor.value.getModel()
%20 %20if%20(!model)%20return
%20 %20instructions.value.forEach((inst,%20index)%20=>%20{
%20 %20 %20const%20lineNumber%20=%20index%20+%201
%20 %20 %20//%20=====%201.%20地址列装饰(灰色背景+地址颜色)%20=====
%20 %20 %20decorations.push({
%20 %20 %20 %20range:%20new%20monaco.Range(lineNumber,%201,%20lineNumber,%209),
%20 %20 %20 %20options:%20{
%20 %20 %20 %20 %20inlineClassName:%20'asm-address-column',
%20 %20 %20 %20 %20overviewRuler:%20{
%20 %20 %20 %20 %20 %20color:%20'#808080',
%20 %20 %20 %20 %20 %20position:%20monaco.editor.OverviewRulerLane.Left
%20 %20 %20 %20 %20}
%20 %20 %20 %20}
%20 %20 %20})
%20 %20 %20//%20=====%202.%20机器码字节列(暗绿色等宽字体)%20=====
%20 %20 %20const%20bytesEnd%20=%209%20+%201%20+%20inst.bytes.length%20*%203
%20 %20 %20decorations.push({
%20 %20 %20 %20range:%20new%20monaco.Range(lineNumber,%2010,%20lineNumber,%20bytesEnd),
%20 %20 %20 %20options:%20{
%20 %20 %20 %20 %20inlineClassName:%20'asm-bytes-column'
%20 %20 %20 %20}
%20 %20 %20})
%20 %20 %20//%20=====%203.%20指令助记符列(蓝色加粗)%20=====
%20 %20 %20const%20mnemonicStart%20=%20bytesEnd%20+%202
%20 %20 %20const%20mnemonicEnd%20=%20mnemonicStart%20+%20inst.mnemonic.length
%20 %20 %20decorations.push({
%20 %20 %20 %20range:%20new%20monaco.Range(lineNumber,%20mnemonicStart,%20lineNumber,%20mnemonicEnd),
%20 %20 %20 %20options:%20{
%20 %20 %20 %20 %20inlineClassName:%20'asm-mnemonic-column',
%20 %20 %20 %20 %20hoverMessage:%20{%20value:%20`指令:%20${inst.mnemonic}`%20}
%20 %20 %20 %20}
%20 %20 %20})
%20 %20 %20//%20=====%204.%20操作数列(根据类型着色)%20=====
%20 %20 %20if%20(inst.operands.length%20>%200)%20{
%20 %20 %20 %20const%20operandClass%20=%20getOperandClassName(inst.operands,%20inst)
%20 %20 %20 %20decorations.push({
%20 %20 %20 %20 %20range:%20new%20monaco.Range(
%20 %20 %20 %20 %20 %20lineNumber,%20mnemonicEnd%20+%202,
%20 %20 %20 %20 %20 %20lineNumber,%20mnemonicEnd%20+%202%20+%20inst.operands.length
%20 %20 %20 %20 %20),
%20 %20 %20 %20 %20options:%20{
%20 %20 %20 %20 %20 %20inlineClassName:%20operandClass
%20 %20 %20 %20 %20}
%20 %20 %20 %20})
%20 %20 %20}
%20 %20 %20//%20=====%205.%20注释列(绿色斜体)%20=====
%20 %20 %20if%20(inst.comment)%20{
%20 %20 %20 %20const%20commentStart%20=%20model.getLineLength(lineNumber)%20-%20inst.comment.length%20-%203
%20 %20 %20 %20decorations.push({
%20 %20 %20 %20 %20range:%20new%20monaco.Range(lineNumber,%20commentStart,%20lineNumber,%20model.getLineLength(lineNumber)%20+%201),
%20 %20 %20 %20 %20options:%20{
%20 %20 %20 %20 %20 %20inlineClassName:%20'asm-comment-column',
%20 %20 %20 %20 %20 %20afterContentClassName:%20'asm-comment-gutter'
%20 %20 %20 %20 %20}
%20 %20 %20 %20})
%20 %20 %20}
%20 %20 %20//%20=====%206.%20函数边界标记(Glyph%20Margin图标)%20=====
%20 %20 %20if%20(options.functionBoundaries)%20{
%20 %20 %20 %20if%20(inst.address%20===%20options.functionBoundaries.start)%20{
%20 %20 %20 %20 %20decorations.push({
%20 %20 %20 %20 %20 %20range:%20new%20monaco.Range(lineNumber,%201,%20lineNumber,%201),
%20 %20 %20 %20 %20 %20options:%20{
%20 %20 %20 %20 %20 %20 %20isWholeLine:%20true,
%20 %20 %20 %20 %20 %20 %20glyphMarginClassName:%20'asm-function-start',
%20 %20 %20 %20 %20 %20 %20className:%20'asm-function-start-line',
%20 %20 %20 %20 %20 %20 %20glyphMarginHoverMessage:%20{%20value:%20`函数入口:%20${inst.address.toString(16)}`%20}
%20 %20 %20 %20 %20 %20}
%20 %20 %20 %20 %20})
%20 %20 %20 %20}
%20 %20 %20}
%20 %20 %20//%20=====%207.%20书签标记%20=====
%20 %20 %20if%20(options.bookmarks?.has(inst.address))%20{
%20 %20 %20 %20decorations.push({
%20 %20 %20 %20 %20range:%20new%20monaco.Range(lineNumber,%201,%20lineNumber,%201),
%20 %20 %20 %20 %20options:%20{
%20 %20 %20 %20 %20 %20glyphMarginClassName:%20'asm-bookmark',
%20 %20 %20 %20 %20 %20glyphMarginHoverMessage:%20{%20value:%20`书签:%200x${inst.address.toString(16)}`%20}
%20 %20 %20 %20 %20}
%20 %20 %20 %20})
%20 %20 %20}
%20 %20 %20//%20=====%208.%20当前高亮行%20=====
%20 %20 %20if%20(options.highlightedAddress%20===%20inst.address)%20{
%20 %20 %20 %20decorations.push({
%20 %20 %20 %20 %20range:%20new%20monaco.Range(lineNumber,%201,%20lineNumber,%201),
%20 %20 %20 %20 %20options:%20{
%20 %20 %20 %20 %20 %20isWholeLine:%20true,
%20 %20 %20 %20 %20 %20className:%20'asm-current-line-highlight'
%20 %20 %20 %20 %20}
%20 %20 %20 %20})
%20 %20 %20}
%20 %20})
%20 %20//%20原子性替换所有装饰
%20 %20decorationIds%20=%20editor.value.deltaDecorations(decorationIds,%20decorations)
%20}
%20/**
%20 *%20根据操作数内容推断其类型,返回对应的CSS类名
%20 *%20用于对寄存器/立即数/内存引用/函数调用等不同操作数类型着色
%20 */
%20function%20getOperandClassName(operands:%20string,%20inst:%20Instruction):%20string%20{
%20 %20//%20函数调用目标
%20 %20if%20(inst.mnemonic%20===%20'call'%20||%20inst.mnemonic%20===%20'jmp')%20{
%20 %20 %20return%20'asm-operand-call'
%20 %20}
%20 %20//%20包含寄存器的操作数
%20 %20if%20(/\b[rxe][0-9a-z]{1,3}\b/i.test(operands))%20{
%20 %20 %20return%20'asm-operand-register'
%20 %20}
%20 %20//%20内存引用%20[xxx]
%20 %20if%20(operands.includes('['))%20{
%20 %20 %20return%20'asm-operand-memory'
%20 %20}
%20 %20//%20立即数
%20 %20if%20(/0x[\da-f]+|\d+/i.test(operands))%20{
%20 %20 %20return%20'asm-operand-immediate'
%20 %20}
%20 %20return%20'asm-operand-default'
%20}
%20/**
%20 *%20清除所有装饰
%20 */
%20function%20clearDecorations()%20{
%20 %20if%20(editor.value)%20{
%20 %20 %20decorationIds%20=%20editor.value.deltaDecorations(decorationIds,%20[])
%20 %20}
%20}
%20return%20{
%20 %20applyDecorations,
%20 %20clearDecorations
%20}
}
为了让这些装饰器产生实际的视觉效果,你需要在全局CSS中定义对应的样式类。这些样式应该与你之前定义的IDA主题颜色保持一致。
/*%20styles/disassembly-decorations.css%20*/
/*%20=====%20四列颜色定义%20=====%20*/
/*%20地址列:灰色%20*/
.asm-address-column%20{
%20color: #808080 !important;
%20font-family:%20Consolas,%20monospace;
%20letter-spacing:%200.5px;
}
/*%20机器码字节列:暗绿色等宽%20*/
.asm-bytes-column%20{
%20color: #608B4E !important;
%20font-family:%20Consolas,%20monospace;
}
/*%20指令助记符列:蓝色加粗%20*/
.asm-mnemonic-column%20{
%20color: #569CD6 !important;
%20font-weight:%20bold;
%20font-family:%20Consolas,%20monospace;
}
/*%20=====%20操作数类型着色%20=====%20*/
/*%20函数调用目标:粉色(导入函数风格)%20*/
.asm-operand-call%20{
%20color: #C586C0 !important;
%20font-style:%20italic;
}
/*%20寄存器操作数:浅蓝色%20*/
.asm-operand-register%20{
%20color: #9CDCFE !important;
}
/*%20内存引用%20[xxx]:青色%20*/
.asm-operand-memory%20{
%20color: #4EC9B0 !important;
}
/*%20立即数:浅绿色%20*/
.asm-operand-immediate%20{
%20color: #B5CEA8 !important;
}
/*%20默认操作数%20*/
.asm-operand-default%20{
%20color: #D4D4D4 !important;
}
/*%20注释列:暗绿色斜体%20*/
.asm-comment-column%20{
%20color: #6A9955 !important;
%20font-style:%20italic;
}
/*%20=====%20行级装饰%20=====%20*/
/*%20函数入口行%20*/
.asm-function-start-line%20{
%20background-color: #1E3A3A;
%20border-top:%201px%20solid #4EC9B0;
}
/*%20函数入口图标(Glyph%20Margin)%20*/
.asm-function-start%20{
%20background:%20url('/icons/function-start.svg')%20no-repeat%20center%20center;
%20background-size:%2014px;
}
/*%20书签图标%20*/
.asm-bookmark%20{
%20background:%20url('/icons/bookmark.svg')%20no-repeat%20center%20center;
%20background-size:%2012px;
%20filter:%20brightness(0)%20saturate(100%)%20invert(77%)%20sepia(67%)%20saturate(538%)%20hue-rotate(359deg);
}
/*%20当前行高亮%20*/
.asm-current-line-highlight%20{
%20background-color: #2D3B4D !important;
%20border-left:%203px%20solid #569CD6;
}
四列对齐的核心挑战在于等宽字体下的精确列宽计算。每一列的宽度必须根据内容的最大长度动态调整。地址列固定为8个十六进制字符(64位地址),机器码字节列的宽度取决于最长指令的字节数(x86-64指令最长15字节,对应45个字符),指令列宽度由最长助记符决定。你可以在格式化文本时使用String.prototype.padEnd()来确保每一列的字符宽度一致,这样Monaco的等宽字体渲染就能保证视觉上的严格对齐。
一个需要注意的细节是Monaco%20Editor的Glyph%20Margin区域会占据左侧一部分空间(默认14px),这可能会影响你对列位置的计算。如果你需要在行的最左侧放置图标(如断点圆点、书签标记),应该启用glyphMargin:%20true选项并使用glyphMarginClassName装饰器属性,而不是试图用beforeContentClassName来模拟。inlineClassName和lineDecoration两种装饰器各有适用场景:前者用于行内文本片段的样式,后者用于整行级别的视觉效果。
反汇编视图的交互设计直接决定了分析师的工作效率。三个核心交互功能是:双击跳转(点击call/jmp目标跳转到对应地址)、交叉引用(Xref)查询(查看某个地址被哪些代码引用),以及函数名标签显示(将裸地址替换为可读函数名)。
双击跳转的实现逻辑相对直接:监听编辑器的onMouseDown事件,当检测到双击(event.detail%20===%202)且点击位置位于操作数区域时,解析操作数中的地址并触发导航事件。对于call%20printf这样的指令,printf操作数需要被解析为对应的函数地址。
//%20composables/useDisassemblyNavigation.ts
import%20*%20as%20monaco%20from%20'monaco-editor'
import%20{%20ref%20}%20from%20'vue'
import%20type%20{%20Instruction,%20FunctionSymbol%20}%20from%20'@/types/binary'
/**
*%20反汇编视图导航逻辑
*%20管理双击跳转、交叉引用、导航历史
*/
export%20function%20useDisassemblyNavigation(
%20instructions:%20Instruction[],
%20symbols:%20Map<number,%20FunctionSymbol>,
%20onNavigate:%20(address:%20number)%20=>%20void
)%20{
%20//%20导航历史栈(用于前进/后退)
%20const%20historyStack%20=%20ref<number[]>([])
%20const%20historyIndex%20=%20ref(-1)
%20const%20maxHistorySize%20=%20100
%20/**
%20 *%20处理双击事件
%20 *%20@returns%20是否成功处理了跳转
%20 */
%20function%20handleDoubleClick(
%20 %20editor:%20monaco.editor.IStandaloneCodeEditor,
%20 %20event:%20monaco.editor.IEditorMouseEvent
%20):%20boolean%20{
%20 %20if%20(event.target.type%20!==%20monaco.editor.MouseTargetType.CONTENT_TEXT)%20{
%20 %20 %20return%20false
%20 %20}
%20 %20const%20position%20=%20event.target.position
%20 %20if%20(!position)%20return%20false
%20 %20const%20lineNumber%20=%20position.lineNumber
%20 %20const%20instruction%20=%20instructions[lineNumber%20-%201]
%20 %20if%20(!instruction)%20return%20false
%20 %20//%20获取点击位置所在行的文本
%20 %20const%20model%20=%20editor.getModel()
%20 %20if%20(!model)%20return%20false
%20 %20const%20lineText%20=%20model.getLineContent(lineNumber)
%20 %20//%20计算点击位置相对行首的列偏移
%20 %20const%20clickColumn%20=%20position.column
%20 %20//%20判断点击是否在操作数区域(通常在第40列之后)
%20 %20const%20operandStart%20=%20getOperandStartColumn(lineText)
%20 %20if%20(clickColumn%20<%20operandStart)%20return%20false
%20 %20//%20提取操作数文本
%20 %20const%20operandText%20=%20lineText.substring(operandStart%20-%201)
%20 %20//%20解析操作数中的地址引用
%20 %20const%20targetAddr%20=%20resolveOperandAddress(operandText,%20instruction)
%20 %20if%20(targetAddr%20!==%20null)%20{
%20 %20 %20pushHistory(instruction.address)
%20 %20 %20onNavigate(targetAddr)
%20 %20 %20return%20true
%20 %20}
%20 %20return%20false
%20}
%20/**
%20 *%20解析操作数字符串,提取目标地址
%20 *%20处理多种形式:直接地址(call%200x401000)、符号名(call%20printf)、偏移(call%20[rip+0x2050])
%20 */
%20function%20resolveOperandAddress(
%20 %20operand:%20string,
%20 %20context:%20Instruction
%20):%20number%20|%20null%20{
%20 %20//%201.%20直接十六进制地址:0x401000
%20 %20const%20hexMatch%20=%20operand.match(/\b0x([\da-fA-F]+)\b/)
%20 %20if%20(hexMatch)%20{
%20 %20 %20return%20parseInt(hexMatch[1],%2016)
%20 %20}
%20 %20//%202.%20纯十六进制(无0x前缀,IDA风格):401000h
%20 %20const%20hexSuffixMatch%20=%20operand.match(/\b([\da-fA-F]+)h\b/)
%20 %20if%20(hexSuffixMatch)%20{
%20 %20 %20return%20parseInt(hexSuffixMatch[1],%2016)
%20 %20}
%20 %20//%203.%20符号名查找:call%20printf
%20 %20const%20symbolName%20=%20operand.trim().split(/[\s,]/)[0]
%20 %20if%20(symbolName)%20{
%20 %20 %20//%20在符号表中查找
%20 %20 %20for%20(const%20[addr,%20sym]%20of%20symbols)%20{
%20 %20 %20 %20if%20(sym.name%20===%20symbolName%20||%20sym.demangledName%20===%20symbolName)%20{
%20 %20 %20 %20 %20return%20addr
%20 %20 %20 %20}
%20 %20 %20}
%20 %20}
%20 %20//%204.%20RIP相对寻址:call%20[rip+0x2050]%20或%20mov%20rax,%20[rip+0x1234]
%20 %20const%20ripMatch%20=%20operand.match(/\[\s*rip\s*([+-])\s*(?:0x)?([\da-fA-F]+)\s*\]/i)
%20 %20if%20(ripMatch)%20{
%20 %20 %20const%20offset%20=%20parseInt(ripMatch[2],%2016)
%20 %20 %20const%20sign%20=%20ripMatch[1]%20===%20'+'%20?%201%20:%20-1
%20 %20 %20//%20RIP相对寻址的基址是当前指令的下一条指令地址
%20 %20 %20return%20context.address%20+%20context.size%20+%20(sign%20*%20offset)
%20 %20}
%20 %20//%205.%20导入表引用:call%20qword%20ptr%20[__imp_printf]
%20 %20const%20impMatch%20=%20operand.match(/__imp_(\w+)/)
%20 %20if%20(impMatch)%20{
%20 %20 %20for%20(const%20[addr,%20sym]%20of%20symbols)%20{
%20 %20 %20 %20if%20(sym.name%20===%20impMatch[1]%20&&%20sym.type%20===%20'import')%20{
%20 %20 %20 %20 %20return%20addr
%20 %20 %20 %20}
%20 %20 %20}
%20 %20}
%20 %20return%20null
%20}
%20/**
%20 *%20获取操作数区域的起始列号
%20 *%20基于四列布局的格式:"ADDRESS%20 BYTES%20 MNEMONIC%20 OPERANDS%20;%20COMMENT"
%20 */
%20function%20getOperandStartColumn(lineText:%20string):%20number%20{
%20 %20//%20地址:8字符%20+%202空格%20=%2010
%20 %20//%20字节:最多15字节%20*%203%20=%2045字符%20+%202空格%20=%2047
%20 %20//%20总计约57列开始操作数区域
%20 %20//%20实际通过正则匹配更精确
%20 %20const%20match%20=%20lineText.match(
%20 %20 %20/^[\da-fA-F]{8,16}\s+[\da-fA-F\s]{6,47}\s+\w+/i
%20 %20)
%20 %20if%20(match)%20{
%20 %20 %20return%20match[0].length%20+%201
%20 %20}
%20 %20return%2058%20//%20默认值
%20}
%20//%20=====%20导航历史管理%20=====
%20function%20pushHistory(address:%20number)%20{
%20 %20//%20如果当前不在历史末尾,截断后续记录
%20 %20if%20(historyIndex.value%20<%20historyStack.value.length%20-%201)%20{
%20 %20 %20historyStack.value%20=%20historyStack.value.slice(0,%20historyIndex.value%20+%201)
%20 %20}
%20 %20historyStack.value.push(address)
%20 %20//%20限制历史大小
%20 %20if%20(historyStack.value.length%20>%20maxHistorySize)%20{
%20 %20 %20historyStack.value.shift()
%20 %20}
%20 %20historyIndex.value%20=%20historyStack.value.length%20-%201
%20}
%20function%20canGoBack():%20boolean%20{
%20 %20return%20historyIndex.value%20>%200
%20}
%20function%20canGoForward():%20boolean%20{
%20 %20return%20historyIndex.value%20<%20historyStack.value.length%20-%201
%20}
%20function%20goBack():%20boolean%20{
%20 %20if%20(!canGoBack())%20return%20false
%20 %20historyIndex.value--
%20 %20onNavigate(historyStack.value[historyIndex.value])
%20 %20return%20true
%20}
%20function%20goForward():%20boolean%20{
%20 %20if%20(!canGoForward())%20return%20false
%20 %20historyIndex.value++
%20 %20onNavigate(historyStack.value[historyIndex.value])
%20 %20return%20true
%20}
%20return%20{
%20 %20handleDoubleClick,
%20 %20resolveOperandAddress,
%20 %20pushHistory,
%20 %20canGoBack,
%20 %20canGoForward,
%20 %20goBack,
%20 %20goForward,
%20 %20historyStack,
%20 %20historyIndex
%20}
}
交叉引用(Cross-Reference,%20Xref)是逆向分析中最重要的导航功能之一。当你在反汇编视图中按下X键时,系统需要查询所有引用了当前地址的指令位置,并以弹窗或侧边面板的形式展示引用列表。这个查询逻辑通常在服务端完成(通过Capstone反汇编引擎扫描所有代码段的call、jmp、lea等引用指令),前端只需要展示结果并处理点击跳转。
交叉引用弹窗组件使用Element%20Plus的el-dialog实现,内部是一个el-table表格,每行显示一条引用记录:引用类型(调用/跳转/数据引用)、引用地址、所在函数名称和指令摘要。表格按地址升序排列,支持点击跳转到对应位置。弹窗还提供一个筛选器,让用户只看特定类型的引用(比如只看call引用而忽略jmp引用),这在分析一个函数被哪些其他函数调用时特别有用。
函数名标签显示则需要在渲染阶段介入。当反汇编数据中包含裸地址(如call%200x401000)时,如果该地址在符号表中存在对应函数名,你应该将显示文本替换为函数名(如call%20printf),同时在Tooltip中保留原始地址信息。这可以通过Monaco的hoverProvider API实现——当用户将鼠标悬停在函数名上时,显示其完整地址和符号信息。
//%20utils/disassemblyHoverProvider.ts
import%20*%20as%20monaco%20from%20'monaco-editor'
import%20type%20{%20FunctionSymbol%20}%20from%20'@/types/binary'
/**
*%20注册反汇编视图的悬停提示Provider
*%20为函数名、地址、交叉引用提供详细Tooltip
*/
export%20function%20registerDisassemblyHoverProvider(
%20symbols:%20Map<number,%20FunctionSymbol>
):%20monaco.IDisposable%20{
%20return%20monaco.languages.registerHoverProvider('x86-assembly',%20{
%20 %20provideHover(model,%20position)%20{
%20 %20 %20const%20word%20=%20model.getWordAtPosition(position)
%20 %20 %20if%20(!word)%20return%20null
%20 %20 %20const%20wordText%20=%20word.word
%20 %20 %20const%20contents:%20monaco.IMarkdownString[]%20=%20[]
%20 %20 %20//%201.%20悬停在函数名上
%20 %20 %20for%20(const%20[addr,%20sym]%20of%20symbols)%20{
%20 %20 %20 %20if%20(sym.name%20===%20wordText)%20{
%20 %20 %20 %20 %20contents.push(
%20 %20 %20 %20 %20 %20{%20value:%20`**${sym.demangledName%20||%20sym.name}**`%20},
%20 %20 %20 %20 %20 %20{%20value:%20`-%20地址:%20\`0x${addr.toString(16).toUpperCase().padStart(8,%20'0')}\``%20},
%20 %20 %20 %20 %20 %20{%20value:%20`-%20类型:%20${sym.type}`%20},
%20 %20 %20 %20 %20 %20{%20value:%20`-%20大小:%20${sym.size%20||%20'未知'}%20字节`%20}
%20 %20 %20 %20 %20)
%20 %20 %20 %20 %20if%20(sym.library)%20{
%20 %20 %20 %20 %20 %20contents.push({%20value:%20`-%20所属库:%20${sym.library}`%20})
%20 %20 %20 %20 %20}
%20 %20 %20 %20 %20return%20{%20contents%20}
%20 %20 %20 %20}
%20 %20 %20}
%20 %20 %20//%202.%20悬停在十六进制地址上
%20 %20 %20const%20hexMatch%20=%20wordText.match(/^(?:0x)?([\da-fA-F]+)$/)
%20 %20 %20if%20(hexMatch)%20{
%20 %20 %20 %20const%20addr%20=%20parseInt(hexMatch[1],%2016)
%20 %20 %20 %20const%20sym%20=%20symbols.get(addr)
%20 %20 %20 %20if%20(sym)%20{
%20 %20 %20 %20 %20contents.push(
%20 %20 %20 %20 %20 %20{%20value:%20`**${sym.name}**`%20},
%20 %20 %20 %20 %20 %20{%20value:%20`-%20地址:%20\`0x${addr.toString(16).toUpperCase().padStart(8,%20'0')}\``%20},
%20 %20 %20 %20 %20 %20{%20value:%20`-%20类型:%20${sym.type}`%20}
%20 %20 %20 %20 %20)
%20 %20 %20 %20 %20return%20{%20contents%20}
%20 %20 %20 %20}
%20 %20 %20}
%20 %20 %20return%20null
%20 %20}
%20})
}
除了双击跳转和交叉引用之外,完整的反汇编导航还需要三个基础功能:主动输入地址跳转(G键)、前进/后退导航栈(Esc/Shift+Esc)以及书签标记系统。
地址跳转框是一个浮动输入对话框,当你按下G键时弹出,接受十六进制或十进制地址输入,按下Enter后跳转到目标位置。在Vue3中,你可以使用Element%20Plus的el-dialog组件快速实现这个对话框。
<!--%20components/AddressJumpDialog.vue%20-->
<script%20setup%20lang="ts">
import%20{%20ref,%20watch,%20nextTick%20}%20from%20'vue'
import%20{%20ElMessage%20}%20from%20'element-plus'
//%20=====%20Props%20&%20Emits%20=====
const%20props%20=%20defineProps<{
%20modelValue:%20boolean%20 //%20控制对话框显示/隐藏
}>()
const%20emit%20=%20defineEmits<{
%20'update:modelValue':%20[value:%20boolean]
%20jump:%20[address:%20number]%20 //%20用户确认跳转
}>()
//%20=====%20内部状态%20=====
const%20inputValue%20=%20ref('')
const%20inputRef%20=%20ref<HTMLInputElement>()
//%20对话框打开时自动聚焦输入框
watch(()%20=>%20props.modelValue,%20async%20(visible)%20=>%20{
%20if%20(visible)%20{
%20 %20inputValue.value%20=%20''
%20 %20await%20nextTick()
%20 %20inputRef.value?.focus()
%20}
})
/**
*%20解析用户输入的地址字符串
*%20支持多种格式:0x401000,%20401000h,%2000401000,%20十进制4198400
*/
function%20parseAddress(input:%20string):%20number%20|%20null%20{
%20const%20trimmed%20=%20input.trim()
%20if%20(!trimmed)%20return%20null
%20//%200x前缀十六进制
%20if%20(trimmed.toLowerCase().startsWith('0x'))%20{
%20 %20const%20val%20=%20parseInt(trimmed,%2016)
%20 %20return%20isNaN(val)%20?%20null%20:%20val
%20}
%20//%20h后缀十六进制(IDA风格)
%20if%20(trimmed.toLowerCase().endsWith('h'))%20{
%20 %20const%20val%20=%20parseInt(trimmed.slice(0,%20-1),%2016)
%20 %20return%20isNaN(val)%20?%20null%20:%20val
%20}
%20//%20纯数字:先尝试十进制,如果过大则尝试十六进制
%20if%20(/^\d+$/.test(trimmed))%20{
%20 %20const%20decVal%20=%20parseInt(trimmed,%2010)
%20 %20if%20(!isNaN(decVal)%20&&%20decVal%20<=%200xFFFFFFFF)%20return%20decVal
%20}
%20//%20纯十六进制(8位或16位,IDA常见格式)
%20if%20(/^[\da-fA-F]+$/.test(trimmed))%20{
%20 %20const%20val%20=%20parseInt(trimmed,%2016)
%20 %20return%20isNaN(val)%20?%20null%20:%20val
%20}
%20return%20null
}
function%20handleJump()%20{
%20const%20addr%20=%20parseAddress(inputValue.value)
%20if%20(addr%20!==%20null)%20{
%20 %20emit('jump',%20addr)
%20 %20emit('update:modelValue',%20false)
%20}%20else%20{
%20 %20ElMessage.warning('无效的地址格式,请使用十六进制(0x401000%20或%20401000h)或十进制')
%20}
}
function%20handleKeydown(e:%20KeyboardEvent)%20{
%20if%20(e.key%20===%20'Enter')%20{
%20 %20handleJump()
%20}%20else%20if%20(e.key%20===%20'Escape')%20{
%20 %20emit('update:modelValue',%20false)
%20}
}
</script>
<template>
%20<el-dialog
%20 %20:model-value="modelValue"
%20 %20@update:model-value="$emit('update:modelValue',%20$event)"
%20 %20title="跳转到地址"
%20 %20width="400px"
%20 %20:show-close="false"
%20 %20:close-on-click-modal="true"
%20 %20class="address-jump-dialog"
%20>
%20 %20<div%20class="jump-input-wrapper">
%20 %20 %20<el-input
%20 %20 %20 %20ref="inputRef"
%20 %20 %20 %20v-model="inputValue"
%20 %20 %20 %20placeholder="输入地址(如%200x401000%20或%20401000h)"
%20 %20 %20 %20size="large"
%20 %20 %20 %20@keydown="handleKeydown"
%20 %20 %20>
%20 %20 %20 %20<template #prefix>
%20 %20 %20 %20 %20<el-icon><Position%20/></el-icon>
%20 %20 %20 %20</template>
%20 %20 %20</el-input>
%20 %20 %20<div%20class="jump-hints">
%20 %20 %20 %20<span%20class="hint">Enter:%20确认</span>
%20 %20 %20 %20<span%20class="hint">Esc:%20取消</span>
%20 %20 %20</div>
%20 %20</div>
%20 %20<template #footer>
%20 %20 %20<el-button%20@click="$emit('update:modelValue',%20false)">取消</el-button>
%20 %20 %20<el-button%20type="primary"%20@click="handleJump">跳转</el-button>
%20 %20</template>
%20</el-dialog>
</template>
<style%20scoped>
.jump-input-wrapper%20{
%20padding:%208px%200;
}
.jump-hints%20{
%20margin-top:%208px;
%20display:%20flex;
%20gap:%2016px;
}
.hint%20{
%20font-size:%2012px;
%20color: #808080;
}
</style>
书签系统则利用Monaco%20Editor的Glyph%20Margin(左侧图标区域)来放置书签标记。每个书签关联一个地址,用户可以通过点击Glyph%20Margin区域或按下快捷键(如Ctrl+M)来切换书签状态。书签数据存储在Pinia%20store中,这样即使切换视图也不会丢失。
控制流图(Control%20Flow%20Graph,%20CFG)是理解程序执行逻辑最直观的工具。它将一个函数分解为基本块(Basic%20Block),每个基本块作为一个节点,块之间的跳转关系作为有向边,形成一个有向图(通常是无环的DAG)。在Web端实现CFG,Cytoscape.js是目前最成熟的选择——它是一个专门为图可视化设计的JavaScript库,内置了丰富的布局算法和交互功能,性能远超基于SVG的D3.js方案3^。
Cytoscape.js的核心概念与HTML5%20Canvas类似:你提供一个DOM容器,Cytoscape在其中创建Canvas元素来渲染图形。所有节点和边的数据通过JSON数组传递,样式则通过CSS-like的选择器系统定义。
对于控制流图,你需要从后端获取两种数据:基本块节点和控制流边。每个基本块节点包含起始地址、指令列表和块类型(入口/出口/普通);每条边包含源节点、目标节点和边类型(条件真分支/条件假分支/无条件跳转/顺序执行)。
Cytoscape.js的初始化过程有几个关键点需要注意。首先,布局配置必须在初始化时提供,如果之后需要更改布局,必须调用cy.layout(newOptions).run()来重新计算。其次,样式定义采用了类似CSS的选择器语法,但属性名使用驼峰命名法(如backgroundColor在Cytoscape中写作background-color)。data(label)语法表示从节点的data属性中动态获取标签内容。width:%20'label'和height:%20'label'让节点尺寸自动适应标签内容的宽高,配合padding属性确保标签与边框之间有合适的内边距。
<!--%20components/ControlFlowGraph.vue%20-->
<script%20setup%20lang="ts">
import%20{%20ref,%20onMounted,%20onUnmounted,%20watch,%20nextTick%20}%20from%20'vue'
import%20cytoscape%20from%20'cytoscape'
import%20klay%20from%20'cytoscape-klay'
import%20coseBilkent%20from%20'cytoscape-cose-bilkent'
import%20type%20{%20BasicBlock,%20ControlFlowEdge%20}%20from%20'@/types/binary'
//%20注册布局扩展
//%20Klay布局:基于KLay%20Layered的层次布局,适合DAG
//%20Cose-bilkent:复合弹簧布局,适合交互式调整
cytoscape.use(klay)
cytoscape.use(coseBilkent)
//%20=====%20Props%20接口%20=====
const%20props%20=%20defineProps<{
%20/**%20基本块数组%20*/
%20basicBlocks:%20BasicBlock[]
%20/**%20控制流边数组%20*/
%20edges:%20ControlFlowEdge[]
%20/**%20当前选中地址%20*/
%20selectedAddress?:%20number
%20/**%20高亮路径(执行追踪)%20*/
%20highlightedPath?:%20number[]
%20/**%20布局算法%20*/
%20layoutName?:%20'klay'%20|%20'cose-bilkent'%20|%20'grid'%20|%20'circle'
}>()
//%20=====%20Emits%20接口%20=====
const%20emit%20=%20defineEmits<{
%20/**%20点击节点%20*/
%20nodeClick:%20[address:%20number]
%20/**%20双击节点(进入函数)%20*/
%20nodeDoubleClick:%20[address:%20number]
%20/**%20边点击%20*/
%20edgeClick:%20[source:%20number,%20target:%20number,%20type:%20string]
%20/**%20视口变化%20*/
%20viewportChange:%20[zoom:%20number,%20pan:%20{%20x:%20number;%20y:%20number%20}]
}>()
//%20=====%20组件内部状态%20=====
const%20containerRef%20=%20ref<HTMLDivElement>()
let%20cy:%20cytoscape.Core%20|%20null%20=%20null
const%20isReady%20=%20ref(false)
const%20currentZoom%20=%20ref(1)
/**
*%20将基本块和边数据转换为Cytoscape元素格式
*%20Cytoscape使用统一的elements数组,通过group字段区分node和edge
*/
function%20buildElements(
%20blocks:%20BasicBlock[],
%20edges:%20ControlFlowEdge[]
):%20cytoscape.ElementDefinition[]%20{
%20//%20构建节点
%20const%20nodes:%20cytoscape.ElementDefinition[]%20=%20blocks.map(block%20=>%20({
%20 %20group:%20'nodes'%20as%20const,
%20 %20data:%20{
%20 %20 %20id:%20`bb_${block.address}`,
%20 %20 %20address:%20block.address,
%20 %20 %20//%20节点标签:显示地址和首条指令
%20 %20 %20label:%20formatNodeLabel(block),
%20 %20 %20//%20指令数量(用于计算节点大小)
%20 %20 %20instructionCount:%20block.instructions.length,
%20 %20 %20//%20原始数据引用
%20 %20 %20instructions:%20block.instructions
%20 %20},
%20 %20//%20CSS类:根据块类型分配不同样式
%20 %20classes:%20block.type%20===%20'entry'
%20 %20 %20?%20'entry-node'
%20 %20 %20:%20block.type%20===%20'exit'
%20 %20 %20 %20?%20'exit-node'
%20 %20 %20 %20:%20'normal-node'
%20}))
%20//%20构建边
%20const%20cyEdges:%20cytoscape.ElementDefinition[]%20=%20edges.map((edge,%20index)%20=>%20({
%20 %20group:%20'edges'%20as%20const,
%20 %20data:%20{
%20 %20 %20id:%20`edge_${edge.from}_${edge.to}_${index}`,
%20 %20 %20source:%20`bb_${edge.from}`,
%20 %20 %20target:%20`bb_${edge.to}`,
%20 %20 %20//%20边类型:conditional_true%20/%20conditional_false%20/%20unconditional%20/%20fallthrough
%20 %20 %20type:%20edge.type,
%20 %20 %20//%20条件标签(在真/假分支边上显示)
%20 %20 %20label:%20edge.type%20===%20'conditional_true'
%20 %20 %20 %20?%20'T'
%20 %20 %20 %20:%20edge.type%20===%20'conditional_false'
%20 %20 %20 %20 %20?%20'F'
%20 %20 %20 %20 %20:%20''
%20 %20},
%20 %20classes:%20edge.type
%20}))
%20return%20[...nodes,%20...cyEdges]
}
/**
*%20格式化节点标签
*%20显示格式:地址\n指令1\n指令2...
*%20限制显示前5条指令避免节点过大
*/
function%20formatNodeLabel(block:%20BasicBlock):%20string%20{
%20const%20addrStr%20=%20block.address.toString(16).toUpperCase().padStart(8,%20'0')
%20const%20maxInstructions%20=%205
%20const%20instTexts%20=%20block.instructions
%20 %20.slice(0,%20maxInstructions)
%20 %20.map(inst%20=>%20{
%20 %20 %20const%20truncated%20=%20inst.operands.length%20>%2030
%20 %20 %20 %20?%20inst.operands.substring(0,%2030)%20+%20'...'
%20 %20 %20 %20:%20inst.operands
%20 %20 %20return%20`${inst.mnemonic}%20${truncated}`
%20 %20})
%20if%20(block.instructions.length%20>%20maxInstructions)%20{
%20 %20instTexts.push('...')
%20}
%20return%20[addrStr,%20...instTexts].join('\n')
}
/**
*%20初始化Cytoscape实例
*%20这是整个CFG组件的核心,配置画布、样式、布局、交互
*/
function%20initGraph()%20{
%20if%20(!containerRef.value%20||%20props.basicBlocks.length%20===%200)%20return
%20//%20如果已存在实例,先销毁(避免内存泄漏)
%20if%20(cy)%20{
%20 %20cy.destroy()
%20}
%20const%20elements%20=%20buildElements(props.basicBlocks,%20props.edges)
%20cy%20=%20cytoscape({
%20 %20//%20渲染容器
%20 %20container:%20containerRef.value,
%20 %20//%20数据元素
%20 %20elements,
%20 %20//%20=====%20样式定义(CSS-like选择器系统)%20=====
%20 %20style:%20[
%20 %20 %20//%20---%20全局节点默认样式%20---
%20 %20 %20{
%20 %20 %20 %20selector:%20'node',
%20 %20 %20 %20style:%20{
%20 %20 %20 %20 %20//%20背景色和边框
%20 %20 %20 %20 %20'background-color':%20'#2D2D30',
%20 %20 %20 %20 %20'border-color':%20'#569CD6',
%20 %20 %20 %20 %20'border-width':%202,
%20 %20 %20 %20 %20'border-opacity':%200.8,
%20 %20 %20 %20 %20//%20节点形状:圆角矩形(类似IDA)
%20 %20 %20 %20 %20'shape':%20'roundrectangle',
%20 %20 %20 %20 %20//%20尺寸:根据内容自适应
%20 %20 %20 %20 %20'width':%20'label',
%20 %20 %20 %20 %20'height':%20'label',
%20 %20 %20 %20 %20'padding':%20'14px',
%20 %20 %20 %20 %20'min-width':%20'160px',
%20 %20 %20 %20 %20//%20标签样式
%20 %20 %20 %20 %20'label':%20'data(label)',
%20 %20 %20 %20 %20'color':%20'#D4D4D4',
%20 %20 %20 %20 %20'font-size':%20'11px',
%20 %20 %20 %20 %20'font-family':%20'Consolas,%20"Courier%20New",%20monospace',
%20 %20 %20 %20 %20'text-wrap':%20'wrap',
%20 %20 %20 %20 %20'text-max-width':%20'280px',
%20 %20 %20 %20 %20'text-valign':%20'top',
%20 %20 %20 %20 %20'text-halign':%20'left',
%20 %20 %20 %20 %20'text-margin-y':%20'8px',
%20 %20 %20 %20 %20'text-margin-x':%20'10px',
%20 %20 %20 %20 %20'line-height':%201.4,
%20 %20 %20 %20 %20//%20阴影效果
%20 %20 %20 %20 %20'shadow-blur':%208,
%20 %20 %20 %20 %20'shadow-color':%20'#000000',
%20 %20 %20 %20 %20'shadow-opacity':%200.5,
%20 %20 %20 %20 %20'shadow-offset-y':%203
%20 %20 %20 %20}
%20 %20 %20},
%20 %20 %20//%20---%20入口节点样式(函数起始)%20---
%20 %20 %20{
%20 %20 %20 %20selector:%20'.entry-node',
%20 %20 %20 %20style:%20{
%20 %20 %20 %20 %20'border-color':%20'#4EC9B0',
%20 %20 %20 %20 %20'border-width':%203,
%20 %20 %20 %20 %20'background-color':%20'#1E3A3A',
%20 %20 %20 %20 %20'shadow-color':%20'#4EC9B040'
%20 %20 %20 %20}
%20 %20 %20},
%20 %20 %20//%20---%20出口节点样式(ret/exit)%20---
%20 %20 %20{
%20 %20 %20 %20selector:%20'.exit-node',
%20 %20 %20 %20style:%20{
%20 %20 %20 %20 %20'border-color':%20'#F44747',
%20 %20 %20 %20 %20'border-width':%203,
%20 %20 %20 %20 %20'background-color':%20'#3A1E1E',
%20 %20 %20 %20 %20'shadow-color':%20'#F4474740'
%20 %20 %20 %20}
%20 %20 %20},
%20 %20 %20//%20---%20全局边默认样式%20---
%20 %20 %20{
%20 %20 %20 %20selector:%20'edge',
%20 %20 %20 %20style:%20{
%20 %20 %20 %20 %20'width':%202,
%20 %20 %20 %20 %20'line-color':%20'#6E7681',
%20 %20 %20 %20 %20'target-arrow-color':%20'#6E7681',
%20 %20 %20 %20 %20'target-arrow-shape':%20'triangle',
%20 %20 %20 %20 %20'target-arrow-fill':%20'filled',
%20 %20 %20 %20 %20//%20曲线样式:bezier适合多平行边
%20 %20 %20 %20 %20'curve-style':%20'bezier',
%20 %20 %20 %20 %20//%20多平行边时的偏移量
%20 %20 %20 %20 %20'control-point-step-size':%2020,
%20 %20 %20 %20 %20//%20边标签
%20 %20 %20 %20 %20'label':%20'data(label)',
%20 %20 %20 %20 %20'color':%20'#D4D4D4',
%20 %20 %20 %20 %20'font-size':%20'10px',
%20 %20 %20 %20 %20'font-family':%20'Consolas,%20monospace',
%20 %20 %20 %20 %20'text-background-color':%20'#1E1E1E',
%20 %20 %20 %20 %20'text-background-opacity':%201,
%20 %20 %20 %20 %20'text-background-padding':%20'2px',
%20 %20 %20 %20 %20'text-background-shape':%20'roundrectangle',
%20 %20 %20 %20 %20//%20箭头大小
%20 %20 %20 %20 %20'arrow-scale':%201.2
%20 %20 %20 %20}
%20 %20 %20},
%20 %20 %20//%20---%20条件真分支(True)---
%20 %20 %20{
%20 %20 %20 %20selector:%20'.conditional_true',
%20 %20 %20 %20style:%20{
%20 %20 %20 %20 %20'line-color':%20'#4EC9B0',
%20 %20 %20 %20 %20'target-arrow-color':%20'#4EC9B0',
%20 %20 %20 %20 %20'label':%20'T'
%20 %20 %20 %20}
%20 %20 %20},
%20 %20 %20//%20---%20条件假分支(False)---
%20 %20 %20{
%20 %20 %20 %20selector:%20'.conditional_false',
%20 %20 %20 %20style:%20{
%20 %20 %20 %20 %20'line-color':%20'#CE9178',
%20 %20 %20 %20 %20'target-arrow-color':%20'#CE9178',
%20 %20 %20 %20 %20'label':%20'F',
%20 %20 %20 %20 %20//%20假分支使用虚线区分
%20 %20 %20 %20 %20'line-style':%20'dashed'
%20 %20 %20 %20}
%20 %20 %20},
%20 %20 %20//%20---%20无条件跳转%20---
%20 %20 %20{
%20 %20 %20 %20selector:%20'.unconditional',
%20 %20 %20 %20style:%20{
%20 %20 %20 %20 %20'line-color':%20'#569CD6',
%20 %20 %20 %20 %20'target-arrow-color':%20'#569CD6',
%20 %20 %20 %20 %20'line-style':%20'solid'
%20 %20 %20 %20}
%20 %20 %20},
%20 %20 %20//%20---%20顺序执行(fall-through)%20---
%20 %20 %20{
%20 %20 %20 %20selector:%20'.fallthrough',
%20 %20 %20 %20style:%20{
%20 %20 %20 %20 %20'line-color':%20'#6E7681',
%20 %20 %20 %20 %20'target-arrow-color':%20'#6E7681',
%20 %20 %20 %20 %20'width':%201.5,
%20 %20 %20 %20 %20//%20使用虚线表示自然执行流
%20 %20 %20 %20 %20'line-style':%20'dotted'
%20 %20 %20 %20}
%20 %20 %20},
%20 %20 %20//%20---%20选中状态%20---
%20 %20 %20{
%20 %20 %20 %20selector:%20':selected',
%20 %20 %20 %20style:%20{
%20 %20 %20 %20 %20'border-color':%20'#FFD700',
%20 %20 %20 %20 %20'border-width':%203,
%20 %20 %20 %20 %20'line-color':%20'#FFD700',
%20 %20 %20 %20 %20'target-arrow-color':%20'#FFD700',
%20 %20 %20 %20 %20'shadow-color':%20'#FFD70060',
%20 %20 %20 %20 %20'shadow-blur':%2012
%20 %20 %20 %20}
%20 %20 %20},
%20 %20 %20//%20---%20悬停状态%20---
%20 %20 %20{
%20 %20 %20 %20selector:%20'node.hover',
%20 %20 %20 %20style:%20{
%20 %20 %20 %20 %20'border-color':%20'#9CDCFE',
%20 %20 %20 %20 %20'border-width':%203,
%20 %20 %20 %20 %20'background-color':%20'#3E3E42',
%20 %20 %20 %20 %20'shadow-blur':%2015,
%20 %20 %20 %20 %20'shadow-color':%20'#9CDCFE40'
%20 %20 %20 %20}
%20 %20 %20},
%20 %20 %20//%20---%20高亮路径样式%20---
%20 %20 %20{
%20 %20 %20 %20selector:%20'.path-highlight',
%20 %20 %20 %20style:%20{
%20 %20 %20 %20 %20'line-color':%20'#FFD700',
%20 %20 %20 %20 %20'target-arrow-color':%20'#FFD700',
%20 %20 %20 %20 %20'width':%203,
%20 %20 %20 %20 %20'line-style':%20'solid'
%20 %20 %20 %20}
%20 %20 %20},
%20 %20 %20{
%20 %20 %20 %20selector:%20'.node-path-highlight',
%20 %20 %20 %20style:%20{
%20 %20 %20 %20 %20'border-color':%20'#FFD700',
%20 %20 %20 %20 %20'border-width':%203,
%20 %20 %20 %20 %20'background-color':%20'#3A351E'
%20 %20 %20 %20}
%20 %20 %20}
%20 %20],
%20 %20//%20=====%20布局配置%20=====
%20 %20layout:%20getLayoutConfig(props.layoutName%20||%20'klay'),
%20 %20//%20=====%20交互配置%20=====
%20 %20//%20启用框选
%20 %20boxSelectionEnabled:%20true,
%20 %20//%20多选时显示选择框
%20 %20selectionType:%20'single',
%20 %20//%20触摸设备支持
%20 %20touchTapThreshold:%208,
%20 %20desktopTapThreshold:%204,
%20 %20//%20最小缩放比例
%20 %20minZoom:%200.1,
%20 %20//%20最大缩放比例
%20 %20maxZoom:%204,
%20 %20//%20滚轮缩放步进
%20 %20wheelSensitivity:%200.3,
%20 %20//%20启用手势
%20 %20textureOnViewport:%20false,
%20 %20//%20运动模糊(性能优化)
%20 %20motionBlur:%20true,
%20 %20motionBlurOpacity:%200.2,
%20 %20//%20像素比(Retina屏适配)
%20 %20pixelRatio:%20'auto'
%20})
%20//%20=====%20事件绑定%20=====
%20bindEvents()
%20//%20自适应视口
%20nextTick(()%20=>%20{
%20 %20cy?.fit(undefined,%2040)
%20 %20isReady.value%20=%20true
%20})
}
/**
*%20获取布局配置
*%20支持Klay(推荐用于CFG)和Cose-bilkent(适合交互式)
*/
function%20getLayoutConfig(name:%20string):%20cytoscape.LayoutOptions%20{
%20const%20configs:%20Record<string,%20cytoscape.LayoutOptions>%20=%20{
%20 %20//%20Klay布局:基于图论的分层布局,自动处理DAG结构
%20 %20//%20适合控制流图,节点按层次排列,边尽量自上而下
%20 %20klay:%20{
%20 %20 %20name:%20'klay',
%20 %20 %20nodeDimensionsIncludeLabels:%20true,
%20 %20 %20fit:%20true,
%20 %20 %20padding:%2030,
%20 %20 %20animate:%20true,
%20 %20 %20animationDuration:%20400,
%20 %20 %20animationEasing:%20'ease-out-cubic',
%20 %20 %20klay:%20{
%20 %20 %20 %20addUnnecessaryBendpoints:%20false,
%20 %20 %20 %20aspectRatio:%201.6,
%20 %20 %20 %20borderSpacing:%2020,
%20 %20 %20 %20direction:%20'DOWN',%20 %20 %20 %20 //%20自上而下排列
%20 %20 %20 %20edgeRouting:%20'ORTHOGONAL',%20//%20正交边路由(直角拐弯)
%20 %20 %20 %20edgeSpacingFactor:%200.8,
%20 %20 %20 %20inLayerSpacingFactor:%201.0,
%20 %20 %20 %20layoutHierarchy:%20false,
%20 %20 %20 %20lineSpacing:%201.1,
%20 %20 %20 %20nodeLayering:%20'NETWORK_SIMPLEX',
%20 %20 %20 %20nodePlace:%20'BRANDES_KOEPF',
%20 %20 %20 %20spacing:%2040,%20 %20 %20 %20 %20 %20 %20 //%20节点间距
%20 %20 %20 %20thoroughness:%207%20 %20 %20 %20 %20 %20//%20布局优化程度
%20 %20 %20}
%20 %20}%20as%20any,
%20 %20//%20Cose-bilkent布局:复合力导向布局
%20 %20//%20适合需要交互式调整的复杂图
%20 %20'cose-bilkent':%20{
%20 %20 %20name:%20'cose-bilkent',
%20 %20 %20fit:%20true,
%20 %20 %20padding:%2030,
%20 %20 %20animate:%20true,
%20 %20 %20animationDuration:%20500,
%20 %20 %20nodeDimensionsIncludeLabels:%20true,
%20 %20 %20idealEdgeLength:%20120,
%20 %20 %20nodeRepulsion:%204500,
%20 %20 %20edgeElasticity:%200.45,
%20 %20 %20nestingFactor:%200.1,
%20 %20 %20gravity:%200.25,
%20 %20 %20numIter:%202500,
%20 %20 %20tile:%20true,
%20 %20 %20tilingPaddingVertical:%2010,
%20 %20 %20tilingPaddingHorizontal:%2010,
%20 %20 %20gravityRangeCompound:%201.5,
%20 %20 %20gravityCompound:%201.0,
%20 %20 %20gravityRange:%203.8,
%20 %20 %20initialEnergyOnIncremental:%200.5
%20 %20}%20as%20any
%20}
%20return%20configs[name]%20||%20configs['klay']
}
/**
*%20绑定Cytoscape事件处理器
*/
function%20bindEvents()%20{
%20if%20(!cy)%20return
%20//%20节点单击:选中并触发事件
%20cy.on('tap',%20'node',%20(evt)%20=>%20{
%20 %20const%20node%20=%20evt.target
%20 %20const%20address%20=%20node.data('address')%20as%20number
%20 %20emit('nodeClick',%20address)
%20})
%20//%20节点双击:进入函数
%20cy.on('dbltap',%20'node',%20(evt)%20=>%20{
%20 %20const%20node%20=%20evt.target
%20 %20const%20address%20=%20node.data('address')%20as%20number
%20 %20emit('nodeDoubleClick',%20address)
%20})
%20//%20悬停效果(手动添加/移除CSS类)
%20cy.on('mouseover',%20'node',%20(evt)%20=>%20{
%20 %20evt.target.addClass('hover')
%20})
%20cy.on('mouseout',%20'node',%20(evt)%20=>%20{
%20 %20evt.target.removeClass('hover')
%20})
%20//%20边点击
%20cy.on('tap',%20'edge',%20(evt)%20=>%20{
%20 %20const%20edge%20=%20evt.target
%20 %20emit('edgeClick',
%20 %20 %20edge.data('source').replace('bb_',%20''),
%20 %20 %20edge.data('target').replace('bb_',%20''),
%20 %20 %20edge.data('type')
%20 %20)
%20})
%20//%20缩放/平移监听
%20cy.on('zoom%20pan',%20()%20=>%20{
%20 %20if%20(!cy)%20return
%20 %20currentZoom.value%20=%20cy.zoom()
%20 %20emit('viewportChange',%20cy.zoom(),%20cy.pan())
%20})
}
//%20监听数据变化重新渲染
watch(()%20=>%20[props.basicBlocks,%20props.edges],%20()%20=>%20{
%20if%20(props.basicBlocks.length%20>%200)%20{
%20 %20nextTick(()%20=>%20initGraph())
%20}
},%20{%20deep:%20true%20})
//%20高亮路径
watch(()%20=>%20props.highlightedPath,%20(path)%20=>%20{
%20if%20(!cy%20||%20!path%20||%20path.length%20===%200)%20return
%20//%20清除之前的高亮
%20cy.elements().removeClass('path-highlight%20node-path-highlight')
%20//%20高亮路径上的节点
%20path.forEach(addr%20=>%20{
%20 %20const%20node%20=%20cy.$(`#bb_${addr}`)
%20 %20node.addClass('node-path-highlight')
%20})
%20//%20高亮路径上的边
%20for%20(let%20i%20=%200;%20i%20<%20path.length%20-%201;%20i++)%20{
%20 %20const%20edges%20=%20cy.$(`edge[source%20=%20"bb_${path[i]}"][target%20=%20"bb_${path[i%20+%201]}"]`)
%20 %20edges.addClass('path-highlight')
%20}
},%20{%20deep:%20true%20})
onMounted(()%20=>%20{
%20if%20(props.basicBlocks.length%20>%200)%20{
%20 %20initGraph()
%20}
})
onUnmounted(()%20=>%20{
%20cy?.destroy()
%20cy%20=%20null
})
//%20暴露方法给父组件
defineExpose({
%20/**%20适配视口%20*/
%20fit:%20()%20=>%20cy?.fit(undefined,%2040),
%20/**%20居中到指定节点%20*/
%20centerOn:%20(address:%20number)%20=>%20{
%20 %20const%20node%20=%20cy?.$(`#bb_${address}`)
%20 %20if%20(node%20&&%20node.length%20>%200)%20{
%20 %20 %20cy?.animate({
%20 %20 %20 %20fit:%20{%20eles:%20node,%20padding:%2060%20},
%20 %20 %20 %20easing:%20'ease-out-cubic',
%20 %20 %20 %20duration:%20300
%20 %20 %20})
%20 %20}
%20},
%20/**%20获取当前缩放比例%20*/
%20getZoom:%20()%20=>%20cy?.zoom()%20??%201,
%20/**%20导出图片%20*/
%20exportImage:%20(options?:%20cytoscape.ExportOptions)%20=>
%20 %20cy?.png({ bg: '#1E1E1E', full: true, ...options })
})
</script>
<template>
<div class="cfg-viewport">
<div ref="containerRef" class="cfg-canvas" />
<!-- 缩放控制工具栏 -->
<div class="cfg-controls">
<el-button-group size="small">
<el-button @click="cy?.zoom(cy.zoom() * 1.2)">
<el-icon><Plus /></el-icon>
</el-button>
<el-button disabled>{{ Math.round(currentZoom * 100) }}%</el-button>
<el-button @click="cy?.zoom(cy.zoom() * 0.8)">
<el-icon><Minus /></el-icon>
</el-button>
<el-button @click="cy?.fit(undefined, 40)">
<el-icon><FullScreen /></el-icon>
</el-button>
</el-button-group>
</div>
<!-- 图例 -->
<div class="cfg-legend">
<div class="legend-item">
<span class="legend-line" style="border-color: #4EC9B0; border-style: solid;" />
<span>条件真 (True)</span>
</div>
<div class="legend-item">
<span class="legend-line" style="border-color: #CE9178; border-style: dashed;" />
<span>条件假 (False)</span>
</div>
<div class="legend-item">
<span class="legend-line" style="border-color: #569CD6; border-style: solid;" />
<span>无条件跳转</span>
</div>
<div class="legend-item">
<span class="legend-line" style="border-color: #6E7681; border-style: dotted;" />
<span>顺序执行</span>
</div>
</div>
<!-- 加载状态 -->
<div v-if="!isReady && basicBlocks.length > 0" class="cfg-loading">
<el-icon class="loading-icon"><Loading /></el-icon>
<span>正在布局...</span>
</div>
</div>
</template>
<style scoped>
.cfg-viewport {
width: 100%;
height: 100%;
position: relative;
background: #1E1E1E;
overflow: hidden;
}
.cfg-canvas {
width: 100%;
height: 100%;
}
.cfg-controls {
position: absolute;
bottom: 16px;
right: 16px;
z-index: 10;
}
.cfg-legend {
position: absolute;
top: 12px;
right: 12px;
z-index: 10;
background: rgba(30, 30, 30, 0.9);
border: 1px solid #3E3E42;
border-radius: 6px;
padding: 10px 14px;
display: flex;
flex-direction: column;
gap: 6px;
font-size: 11px;
color: #D4D4D4;
}
.legend-item {
display: flex;
align-items: center;
gap: 8px;
}
.legend-line {
width: 20px;
height: 0;
border-width: 2px 0 0 0;
}
.cfg-loading {
position: absolute;
top: 50%;
left: 50%;
transform: translate(-50%, -50%);
display: flex;
align-items: center;
gap: 8px;
color: #808080;
font-size: 14px;
}
.loading-icon {
animation: spin 1s linear infinite;
}
@keyframes spin {
from { transform: rotate(0deg); }
to { transform: rotate(360deg); }
}
</style>
这个ControlFlowGraph组件的接口设计充分考虑了可扩展性。basicBlocks和edges prop接收结构化数据,nodeClick和nodeDoubleClick emit事件支持视图间的联动,highlightedPath prop则可以接收一个地址数组来高亮显示特定的执行路径(这在展示AI Agent发现的漏洞利用路径时非常有用)。组件通过defineExpose向外暴露了fit、centerOn和exportImage方法,父组件可以调用这些方法来控制视图状态或导出图形。
13.2.2 DAG布局算法:Klay/Cose-bilkent布局、层次结构优化
控制流图本质上是一个有向无环图(DAG),因为程序执行流中不允许存在向后跳转的环。不过实际程序中循环结构会产生回边,这使得CFG成为有向图而非严格DAG。选择合适的布局算法直接影响CFG的可读性。
Klay布局算法是目前CFG可视化的首选方案85^。它基于图论中的分层布局(Layered Layout)方法,将节点分配到不同的层次(layer),使得边尽可能从上指向下。算法首先构建图的层次结构,然后对每个层次内的节点进行排序以减少交叉边数量,最后计算具体坐标。Klay特别为正交边路由(Orthogonal Edge Routing)提供了良好支持——边在节点之间以水平和垂直线段的方式行进,类似电路板的走线风格,这种布局对于理解控制流特别清晰。
Cose-bilkent布局则是一种力导向(Force-Directed)算法,它将节点间的连接视为弹簧,将节点间的排斥力视为电荷斥力,通过物理模拟找到能量最低(最美观)的布局。这种布局适合节点数量不多、需要手动调整的图,但对于大型函数的CFG来说,Klay的分层布局在可读性上明显更优90^。
在实际应用中,你可以根据基本块数量动态选择布局算法。下表对比了两种布局在不同场景下的表现:
| 特性 | Klay (分层布局) | Cose-bilkent (力导向) | | — | — | — | | 适用节点数 | 50~500个 | 10~100个 | | 布局方向 | 明确的从上到下层次 | 自然的聚类分布 | | 边交叉数 | 较少(算法优化) | 较多(物理模拟) | | 布局稳定性 | 高(确定性算法) | 中(随机初始状态) | | 动画效果 | 层次展开动画 | 弹性收敛动画 | | 循环结构 | 清晰的回边标识 | 需要额外处理 | | 初始渲染时间 | 较长(复杂计算) | 较短(渐进收敛) | | 交互调整 | 有限 | 支持拖拽后自动重平衡 |
当节点数少于50时,Cose-bilkent提供了更自然的布局;超过50个节点时,Klay的分层结构更有利于快速把握程序的整体控制结构。你也可以在工具栏中提供布局切换按钮,让用户根据偏好手动选择。
布局切换的实现需要注意Cytoscape.js的布局API使用方式:每次切换布局时,需要先保存当前的视口状态(缩放比例和平移位置),运行新布局后检查是否需要恢复用户的视口设置。对于Klay布局,正交边路由(Orthogonal Edge Routing)会产生直角拐弯的边,这在电路图风格中很常见;但对于CFG来说,贝塞尔曲线(Bezier)通常更美观,你可以在边样式配置中根据布局类型动态切换curve-style属性。
13.2.3 节点交互:点击高亮、悬停提示、双击进入函数、缩放平移
Cytoscape.js的交互系统非常完善。节点点击事件可以触发反汇编视图的同步滚动——当用户在CFG中点击一个基本块时,反汇编视图应该自动滚动到该基本块对应的第一条指令地址,并将该行高亮显示。这种双向联动需要在Pinia store中维护一个全局的selectedAddress状态,两个视图都监听这个状态的变化。
节点悬停提示(Tooltip)可以通过Cytoscape的原生qtip扩展或手动实现一个Vue浮动组件来展示。在悬停时,你需要展示基本块的完整指令列表、地址范围、前驱/后继节点数量等信息,帮助用户快速了解该基本块的上下文。Cytoscape.js提供了丰富的事件系统来支持这种交互:
// Tooltip显示逻辑示例
let tooltipTimeout: ReturnType<typeof setTimeout> | null = null
cy.on('mouseover', 'node', (evt) => {
const node = evt.target
const renderPos = node.renderedPosition()
// 防抖:延迟200ms显示,避免鼠标快速划过时频繁闪烁
tooltipTimeout = setTimeout(() => {
showTooltip({
x: renderPos.x + node.width() / 2 + 10,
y: renderPos.y - node.height() / 2,
title: `基本块 @ 0x${node.data('address').toString(16)}`,
content: formatTooltipContent(node.data())
})
}, 200)
})
cy.on('mouseout', 'node', () => {
if (tooltipTimeout) {
clearTimeout(tooltipTimeout)
tooltipTimeout = null
}
hideTooltip()
})
双击节点触发”进入函数”操作——如果该基本块包含一个call指令,双击应该导航到被调用函数的控制流图。这需要在节点数据中包含函数调用关系信息(目标函数地址)。为了避免与单击事件冲突,通常需要设置一个短暂的时间窗口(如300ms)来判断用户是单击还是双击:如果在窗口内没有第二次点击,则判定为单击;否则为双击。
缩放和平移功能由Cytoscape.js内置支持,但你仍然需要提供UI控件来增强用户体验。在组件模板中已经包含了一个缩放控制工具栏,显示当前缩放百分比并提供放大/缩小/适应按钮。你也可以添加鼠标滚轮缩放提示(当用户首次使用滚轮时显示一个短暂的提示气泡),以及键盘快捷键支持(Ctrl+0恢复100%,Ctrl++放大,Ctrl+-缩小)。
13.2.4 边和路径高亮:条件跳转真/假分支不同颜色、执行路径追踪
在CFG中,条件跳转指令(如je、jg、test后接jz)会产生两条出边:条件为真时的跳转边和条件为假时的顺序执行边。在样式设计上,真分支使用绿色实线、假分支使用橙色虚线、无条件跳转使用蓝色实线、自然执行流使用灰色点线——这种颜色编码让分析师一眼就能区分不同类型的控制流转移。
执行路径高亮功能对于展示动态分析结果或AI Agent发现的漏洞路径至关重要。你可以通过向highlightedPath prop传递一个地址数组来激活路径高亮,组件会自动计算路径上的节点和边并应用高亮样式。这在展示符号执行引擎发现的从输入点到漏洞触发点的完整攻击链时尤其有价值。
路径高亮的实现逻辑在watch(() => props.highlightedPath, ...)中已经给出:首先清除之前的高亮类,然后遍历路径数组中的每个地址,为对应的节点添加node-path-highlight类,再遍历相邻地址对找到连接边并添加path-highlight类。这个实现有一个值得注意的优化点:路径上的边查找使用了Cytoscape的选择器语法edge[source = "bb_X"][target = "bb_Y"],这比遍历所有边然后逐个匹配要高效得多。
对于大型函数(几百个基本块),你可能还会遇到性能问题。此时可以考虑以下优化策略:使用cy.batch()将多个DOM样式更新包裹为单个批量操作,避免每次都触发重绘;对路径查找使用Cytoscape的edges('#source -> #target')选择器语法;如果路径很长,只高亮路径上的节点而不高亮边也能获得不错的视觉效果。
13.3 十六进制视图
十六进制视图是逆向工程的基础工具,它以原始字节的形式展示二进制文件内容,每行显示16个字节,左侧为文件偏移量,中间为十六进制表示,右侧为ASCII字符表示。对于大型文件(几MB到几百MB),全量渲染所有行会导致严重的性能问题,因此虚拟滚动是这个组件的关键技术点。
13.3.1 数据表格渲染:偏移/十六进制/ASCII三列同步显示
十六进制视图的核心是三列数据同步显示。偏移列显示该行第一个字节在文件中的位置,十六进制列显示16个字节的十六进制值(每个字节两个字符,字节之间一个空格,共48个字符),ASCII列显示对应的可打印字符(非可打印字符用点号.替代)。
这三列的显示需要严格对齐,因为分析师经常需要在十六进制和ASCII之间快速切换查看。例如,当在ASCII列看到一个可疑字符串http://时,分析师需要能够立即在同一行的十六进制列找到对应的字节序列68 74 74 70 3A 2F 2F。这种视觉上的对应关系依赖于精确的列对齐。在等宽字体下,每个字符占据相同的水平宽度,因此你可以通过精确的CSS宽度设置来保证三列的严格对齐。偏移列固定宽度80px,十六进制列使用flex弹性布局填充中间区域,ASCII列固定宽度160px并在左侧留出12px的间距。
三列的对齐依赖于等宽字体和精确的字符宽度计算。在等宽字体下,每个十六进制字节恰好占用3个字符宽度(两个十六进制字符+一个空格),16个字节共48个字符。ASCII列每个字符占用1个宽度,16个字符。通过CSS Grid或Flex布局,你可以确保三列在视觉上严格对齐。
13.3.2 大文件虚拟滚动:自定义虚拟滚动处理MB级文件
Element Plus的el-table在处理万行级别数据时就会显著卡顿,而十六进制视图需要处理的行数动辄几十万行(1MB文件就有65536行)。因此,你需要自己实现一个基于”窗口裁剪”的虚拟滚动系统65^。
核心思路是:只渲染当前可视区域内的行加上上下各若干行的缓冲(buffer),当用户滚动时动态更新渲染的窗口位置。通过监听容器的scroll事件,计算当前滚动位置对应的起始行号,然后重新渲染窗口内的行。
<!-- components/HexView.vue -->
<script setup lang="ts">
import {
ref, computed, onMounted, onUnmounted, watch, nextTick
} from 'vue'
import type { PropType } from 'vue'
// ===== 类型定义 =====
interface HexViewProps {
/** 二进制数据(Uint8Array) */
data: Uint8Array
/** 每行显示的字节数 */
bytesPerRow?: number
/** 当前高亮偏移 */
highlightedOffset?: number
/** 选中范围(起始,结束,包含) */
selectedRange?: [number, number] | null
/** 同步滚动偏移(与反汇编视图联动) */
syncOffset?: number
}
// ===== Props & Emits =====
const props = withDefaults(defineProps<HexViewProps>(), {
bytesPerRow: 16,
highlightedOffset: -1,
selectedRange: null,
syncOffset: -1
})
const emit = defineEmits<{
/** 用户点击某个字节 */
byteClick: [offset: number, byte: number]
/** 用户选中了字节范围 */
rangeSelect: [start: number, end: number]
/** 滚动位置变化 */
scroll: [topOffset: number]
}>()
// ===== 虚拟滚动状态 =====
const viewportRef = ref<HTMLDivElement>()
const contentRef = ref<HTMLDivElement>()
// 行高(像素),必须与CSS保持一致
const ROW_HEIGHT = 22
// 可视区域外的缓冲行数
const BUFFER_ROWS = 15
// 总行数
const totalRows = computed(() =>
Math.ceil(props.data.length / props.bytesPerRow)
)
// 可视窗口状态
const viewState = ref({
startRow: 0, // 当前渲染的起始行
endRow: 0, // 当前渲染的结束行
visibleStart: 0, // 真正可见的起始行
visibleEnd: 0, // 真正可见的结束行
scrollTop: 0 // 当前滚动位置
})
// 计算渲染窗口内的行数据
const visibleRows = computed(() => {
const rows: {
rowIndex: number
offset: number
bytes: number[]
ascii: string
isHighlighted: boolean
isSelected: (byteIndex: number) => boolean
}[] = []
const start = viewState.value.startRow
const end = Math.min(viewState.value.endRow, totalRows.value)
for (let row = start; row < end; row++) {
const offset = row * props.bytesPerRow
const rowBytes: number[] = []
const asciiChars: string[] = []
for (let i = 0; i < props.bytesPerRow; i++) {
const byteOffset = offset + i
if (byteOffset >= props.data.length) break
const byte = props.data[byteOffset]
rowBytes.push(byte)
// ASCII表示:可打印字符(0x20-0x7E)显示原字符,其他显示为.
asciiChars.push(
byte >= 0x20 && byte <= 0x7E
? String.fromCharCode(byte)
: '.'
)
}
// 判断高亮状态
const isHighlighted = props.highlightedOffset >= offset &&
props.highlightedOffset < offset + props.bytesPerRow
// 判断选中状态函数
const isSelected = (byteIndex: number) => {
if (!props.selectedRange) return false
const absOffset = offset + byteIndex
return absOffset >= props.selectedRange[0] &&
absOffset <= props.selectedRange[1]
}
rows.push({
rowIndex: row,
offset,
bytes: rowBytes,
ascii: asciiChars.join(''),
isHighlighted,
isSelected
})
}
return rows
})
// 总内容高度(用于撑开滚动条)
const totalHeight = computed(() =>
totalRows.value * ROW_HEIGHT
)
// 渲染窗口的顶部偏移
const windowOffset = computed(() =>
viewState.value.startRow * ROW_HEIGHT
)
/**
* 核心:根据滚动位置更新渲染窗口
*/
function updateViewport() {
if (!viewportRef.value) return
const scrollTop = viewportRef.value.scrollTop
const viewportHeight = viewportRef.value.clientHeight
// 计算可见区域行号
const visibleStartRow = Math.floor(scrollTop / ROW_HEIGHT)
const visibleEndRow = Math.ceil((scrollTop + viewportHeight) / ROW_HEIGHT)
// 扩展缓冲区域
const startRow = Math.max(0, visibleStartRow - BUFFER_ROWS)
const endRow = Math.min(totalRows.value, visibleEndRow + BUFFER_ROWS)
viewState.value = {
startRow,
endRow,
visibleStart: visibleStartRow,
visibleEnd: visibleEndRow,
scrollTop
}
// 通知父组件滚动位置
emit('scroll', startRow * props.bytesPerRow)
}
/**
* 滚动到指定偏移
*/
function scrollToOffset(offset: number) {
if (!viewportRef.value) return
const row = Math.floor(offset / props.bytesPerRow)
viewportRef.value.scrollTop = row * ROW_HEIGHT
}
// 滚动事件处理(使用requestAnimationFrame节流)
let scrollPending = false
function handleScroll() {
if (scrollPending) return
scrollPending = true
requestAnimationFrame(() => {
updateViewport()
scrollPending = false
})
}
// 监听同步偏移(来自反汇编视图的联动)
watch(() => props.syncOffset, (offset) => {
if (offset >= 0) {
scrollToOffset(offset)
}
})
// 初始化
onMounted(() => {
updateViewport()
viewportRef.value?.addEventListener('scroll', handleScroll, { passive: true })
})
onUnmounted(() => {
viewportRef.value?.removeEventListener('scroll', handleScroll)
})
// 暴露方法
defineExpose({
scrollToOffset,
/** 获取当前可视区域起始偏移 */
getCurrentOffset: () => viewState.value.startRow * props.bytesPerRow
})
</script>
<template>
<div class="hex-view">
<!-- 表头 -->
<div class="hex-header">
<span class="header-offset">偏移</span>
<span class="header-bytes">
<span
v-for="i in bytesPerRow"
:key="i"
class="header-byte-index"
>
{{ (i - 1).toString(16).toUpperCase().padStart(2, '0') }}
</span>
</span>
<span class="header-ascii">ASCII</span>
</div>
<!-- 虚拟滚动视口 -->
<div
ref="viewportRef"
class="hex-viewport"
>
<!-- 撑开总高度的占位层 -->
<div
class="hex-content-spacer"
:style="{ height: `${totalHeight}px` }"
>
<!-- 实际渲染的窗口(绝对定位) -->
<div
ref="contentRef"
class="hex-content-window"
:style="{ transform: `translateY(${windowOffset}px)` }"
>
<div
v-for="row in visibleRows"
:key="row.rowIndex"
class="hex-row"
:class="{ 'row-highlighted': row.isHighlighted }"
:style="{ height: `${ROW_HEIGHT}px`, lineHeight: `${ROW_HEIGHT}px` }"
>
<!-- 偏移列 -->
<span class="hex-offset">
{{ row.offset.toString(16).toUpperCase().padStart(8, '0') }}
</span>
<!-- 十六进制列 -->
<span class="hex-bytes">
<span
v-for="(byte, idx) in row.bytes"
:key="idx"
class="hex-byte"
:class="{
'byte-selected': row.isSelected(idx),
'byte-highlighted': row.offset + idx === highlightedOffset
}"
@click="emit('byteClick', row.offset + idx, byte)"
@mousedown="handleMouseDown(row.offset + idx)"
@mouseover="handleMouseOver(row.offset + idx)"
@mouseup="handleMouseUp"
>
{{ byte.toString(16).toUpperCase().padStart(2, '0') }}
</span>
<!-- 填充空白(最后一行不满16字节时) -->
<span
v-for="idx in (bytesPerRow - row.bytes.length)"
:key="`pad-${idx}`"
class="hex-byte hex-byte-padding"
>
{{ ' ' }}
</span>
</span>
<!-- ASCII列 -->
<span class="hex-ascii">
<span
v-for="(char, idx) in row.ascii"
:key="idx"
class="ascii-char"
:class="{
'byte-selected': row.isSelected(idx),
'byte-highlighted': row.offset + idx === highlightedOffset
}"
>
{{ char }}
</span>
</span>
</div>
</div>
</div>
</div>
</div>
</template>
<style scoped>
.hex-view {
width: 100%;
height: 100%;
display: flex;
flex-direction: column;
background: #1E1E1E;
font-family: Consolas, "Courier New", monospace;
font-size: 13px;
color: #D4D4D4;
}
.hex-header {
display: flex;
align-items: center;
padding: 4px 8px;
border-bottom: 1px solid #3E3E42;
background: #252526;
color: #808080;
font-size: 12px;
flex-shrink: 0;
}
.header-offset {
width: 80px;
flex-shrink: 0;
}
.header-bytes {
display: flex;
flex: 1;
gap: 0;
}
.header-byte-index {
width: 27px;
text-align: center;
color: #606060;
}
.header-ascii {
width: 160px;
flex-shrink: 0;
padding-left: 12px;
}
.hex-viewport {
flex: 1;
overflow-y: auto;
overflow-x: hidden;
}
.hex-content-spacer {
position: relative;
}
.hex-content-window {
position: absolute;
top: 0;
left: 0;
right: 0;
will-change: transform;
}
.hex-row {
display: flex;
align-items: center;
padding: 0 8px;
white-space: nowrap;
transition: background-color 0.1s;
}
.hex-row:hover {
background-color: #2D2D30;
}
.hex-row.row-highlighted {
background-color: #2D3B4D;
border-left: 2px solid #569CD6;
}
.hex-offset {
width: 80px;
flex-shrink: 0;
color: #808080;
user-select: none;
}
.hex-bytes {
display: flex;
flex: 1;
gap: 1px;
}
.hex-byte {
width: 26px;
text-align: center;
cursor: pointer;
border-radius: 2px;
user-select: none;
transition: background-color 0.05s;
}
.hex-byte:hover {
background-color: #3E3E42;
}
.hex-byte.byte-selected {
background-color: #264F78;
color: #FFFFFF;
}
.hex-byte.byte-highlighted {
background-color: #569CD6;
color: #1E1E1E;
font-weight: bold;
}
.hex-byte-padding {
color: transparent;
cursor: default;
}
.hex-ascii {
width: 160px;
flex-shrink: 0;
padding-left: 12px;
color: #808080;
user-select: none;
letter-spacing: 0;
}
.ascii-char {
width: 10px;
text-align: center;
display: inline-block;
}
.ascii-char.byte-selected {
background-color: #264F78;
color: #FFFFFF;
}
.ascii-char.byte-highlighted {
background-color: #569CD6;
color: #1E1E1E;
font-weight: bold;
}
</style>
这个虚拟滚动实现的核心在于hex-content-spacer和hex-content-window的组合。spacer是一个具有totalHeight高度的占位元素,它为视口提供正确的滚动条范围;content-window则通过CSS transform: translateY()来精确定位渲染窗口,避免了DOM元素的频繁创建和销毁。这种”transform + 绝对定位”方案比传统的paddingTop方案性能更好,因为它不会触发浏览器的布局重算(Layout)69^。
对于10MB以上的文件,即使虚拟滚动只渲染可见行,单次滚动事件的处理时间仍然可能在16ms以上(超过一帧的预算),导致滚动卡顿。此时你可以引入进一步的优化:分块渲染。将虚拟窗口分成若干块(chunk),每块包含固定行数(如50行),使用IntersectionObserver只渲染进入视口的块。这类似于现代地图应用中”瓦片地图”的渲染策略——只加载和渲染当前视口内以及缓冲区中的瓦片。
// 分块虚拟滚动优化
const CHUNK_SIZE = 50 // 每块50行
const VISIBLE_CHUNKS = 3 // 同时渲染3个块(当前+上下各1个缓冲块)
const visibleChunks = computed(() => {
const currentChunk = Math.floor(viewState.value.startRow / CHUNK_SIZE)
const chunks = []
for (let i = currentChunk - 1; i <= currentChunk + 1; i++) {
if (i >= 0 && i * CHUNK_SIZE < totalRows.value) {
chunks.push({
index: i,
startRow: i * CHUNK_SIZE,
endRow: Math.min((i + 1) * CHUNK_SIZE, totalRows.value)
})
}
}
return chunks
})
这种分块策略将渲染单位从单行提升到块级别,减少了Vue的虚拟DOM比对开销。当用户快速滚动时,只有跨越块边界时才需要创建新的DOM元素,块内部的滚动仅通过CSS transform平移整个块的位置。
13.3.3 选中与高亮:鼠标选择范围高亮、与反汇编视图联动
十六进制视图中的字节选择通过鼠标拖拽实现。当用户按下鼠标时记录起始偏移,拖拽时更新结束偏移,释放鼠标时触发rangeSelect事件。选中的字节范围在UI上通过蓝色背景高亮显示,同时ASCII列中对应的字符也同步高亮。
与反汇编视图的联动机制是:当用户在十六进制视图中选中一个字节范围后,系统计算该范围对应的指令地址(通过后端API查询偏移到指令的映射),然后在反汇编视图中高亮显示包含这些字节的指令。反过来,当用户在反汇编视图中选中一条指令时,十六进制视图自动滚动到该指令对应的字节偏移并高亮显示。
鼠标选择范围的实现需要处理三个鼠标事件:mousedown记录起始字节偏移,mouseover在拖拽时更新结束偏移,mouseup时触发最终的rangeSelect事件。你需要在组件的data中维护selectStart和selectEnd两个响应式变量,在mouseover时实时更新selectedRange以提供视觉反馈,但只在mouseup时才emit确认事件。
// 鼠标选择处理逻辑(需在HexView.vue的setup中添加)
const isSelecting = ref(false)
const selectionStart = ref(-1)
const selectionEnd = ref(-1)
function handleMouseDown(offset: number) {
isSelecting.value = true
selectionStart.value = offset
selectionEnd.value = offset
// 初始选中状态
emit('rangeSelect', offset, offset)
}
function handleMouseOver(offset: number) {
if (!isSelecting.value) return
selectionEnd.value = offset
const start = Math.min(selectionStart.value, selectionEnd.value)
const end = Math.max(selectionStart.value, selectionEnd.value)
emit('rangeSelect', start, end)
}
function handleMouseUp() {
isSelecting.value = false
}
联动时还需要处理一个细节:指令地址到文件偏移的映射并非总是1:1。对于PE文件,指令在内存中的虚拟地址(VA)需要通过”减去ImageBase加上文件偏移”的公式转换为原始文件偏移。这个映射关系由后端在解析PE/ELF头部时计算得出,前端通过API获取映射表后缓存在Pinia store中。当十六进制视图触发rangeSelect时,使用这个映射表将文件偏移反查为虚拟地址,再传递给反汇编视图进行高亮。
13.3.4 数据解释面板:选中数据的多种格式解释
当用户在十六进制视图中选中若干字节后,一个数据解释面板应该展示这些字节在不同数据类型下的解释结果。这包括:有符号/无符号整数(8位/16位/32位/64位,小端序/大端序)、IEEE 754浮点数(单精度/双精度)、ASCII/UTF-8字符串、GUID/UUID等。
// composables/useDataInterpreter.ts
import { computed } from 'vue'
import type { Ref } from 'vue'
/**
* 数据解释器:将选中的字节数组解释为多种数据类型
*/
export function useDataInterpreter(selectedBytes: Ref<Uint8Array>) {
const interpretations = computed(() => {
const bytes = selectedBytes.value
if (bytes.length === 0) return []
const results: Array<{ type: string; value: string; endianness?: string }> = []
// ===== 整数类型 =====
// 8位整数
if (bytes.length >= 1) {
results.push({ type: 'int8', value: bytes[0].toString() })
results.push({ type: 'uint8', value: bytes[0].toString() })
}
// 16位整数(小端序 + 大端序)
if (bytes.length >= 2) {
const le16 = bytes[0] | (bytes[1] << 8)
const be16 = (bytes[0] << 8) | bytes[1]
results.push({ type: 'int16', value: (le16 > 0x7FFF ? le16 - 0x10000 : le16).toString(), endianness: 'LE' })
results.push({ type: 'uint16', value: le16.toString(), endianness: 'LE' })
results.push({ type: 'int16', value: (be16 > 0x7FFF ? be16 - 0x10000 : be16).toString(), endianness: 'BE' })
results.push({ type: 'uint16', value: be16.toString(), endianness: 'BE' })
}
// 32位整数
if (bytes.length >= 4) {
const le32 = (bytes[0]) | (bytes[1] << 8) | (bytes[2] << 16) | (bytes[3] << 24)
const be32 = (bytes[0] << 24) | (bytes[1] << 16) | (bytes[2] << 8) | bytes[3]
const le32Signed = le32 > 0x7FFFFFFF ? le32 - 0x100000000 : le32
const be32Signed = be32 > 0x7FFFFFFF ? be32 - 0x100000000 : be32
results.push({ type: 'int32', value: le32Signed.toString(), endianness: 'LE' })
results.push({ type: 'uint32', value: `0x${(le32 >>> 0).toString(16).toUpperCase()}`, endianness: 'LE' })
results.push({ type: 'int32', value: be32Signed.toString(), endianness: 'BE' })
results.push({ type: 'uint32', value: `0x${be32.toString(16).toUpperCase()}`, endianness: 'BE' })
}
// 64位整数
if (bytes.length >= 8) {
const le64 = BigInt.asUintN(64,
BigInt(bytes[0]) |
(BigInt(bytes[1]) << 8n) |
(BigInt(bytes[2]) << 16n) |
(BigInt(bytes[3]) << 24n) |
(BigInt(bytes[4]) << 32n) |
(BigInt(bytes[5]) << 40n) |
(BigInt(bytes[6]) << 48n) |
(BigInt(bytes[7]) << 56n)
)
results.push({ type: 'int64', value: `0x${le64.toString(16).toUpperCase().padStart(16, '0')}`, endianness: 'LE' })
}
// ===== 浮点数 =====
// 32位单精度浮点
if (bytes.length >= 4) {
const leFloatBuf = new ArrayBuffer(4)
const leFloatArr = new Uint8Array(leFloatBuf)
leFloatArr.set(bytes.slice(0, 4))
const leFloat = new Float32Array(leFloatBuf)[0]
results.push({ type: 'float32', value: leFloat.toString(), endianness: 'LE' })
const beFloatBuf = new ArrayBuffer(4)
const beFloatArr = new Uint8Array(beFloatBuf)
beFloatArr.set([bytes[3], bytes[2], bytes[1], bytes[0]])
const beFloat = new Float32Array(beFloatBuf)[0]
results.push({ type: 'float32', value: beFloat.toString(), endianness: 'BE' })
}
// 64位双精度浮点
if (bytes.length >= 8) {
const leDoubleBuf = new ArrayBuffer(8)
const leDoubleArr = new Uint8Array(leDoubleBuf)
leDoubleArr.set(bytes.slice(0, 8))
const leDouble = new Float64Array(leDoubleBuf)[0]
results.push({ type: 'float64', value: leDouble.toString(), endianness: 'LE' })
}
// ===== 字符串 =====
// ASCII字符串
const asciiStr = Array.from(bytes)
.map(b => b >= 0x20 && b <= 0x7E ? String.fromCharCode(b) : '\\x' + b.toString(16).padStart(2, '0'))
.join('')
results.push({ type: 'ASCII', value: asciiStr.substring(0, 100) })
// UTF-16LE字符串(Windows常用)
if (bytes.length >= 2) {
try {
const utf16Str = new TextDecoder('utf-16le').decode(bytes.slice(0, Math.min(bytes.length, 64)))
results.push({ type: 'UTF-16LE', value: utf16Str.replace(/\x00/g, '\\0').substring(0, 100) })
} catch { /* ignore decode errors */ }
}
return results
})
return { interpretations }
}
数据解释面板可以作为一个浮动小部件放在十六进制视图旁边,当选中数据时自动更新显示。对于安全分析师来说,这个功能在检查可疑数据时非常有用——比如一段看似随机的数据在32位浮点解释下可能揭示出坐标信息,或者UTF-16LE解码后暴露出一个Windows注册表路径。
解释面板的UI设计应该采用紧凑的键值对表格形式,每行展示一种数据类型的解释结果。使用Element Plus的el-descriptions组件可以快速实现这个布局。面板顶部显示当前选中的字节数和字节序列的十六进制摘要,下方按类别分组展示整数、浮点数和字符串的解释结果。对于多字节整数值,小端序(Little-Endian)和大端序(Big-Endian)两种解释都要显示——x86/x64架构使用小端序,而网络协议和某些文件格式使用大端序。面板应该实时更新:当用户在十六进制视图中拖拽选择不同范围时,解释结果立即跟随变化,无需额外点击操作。
13.4 函数列表与符号树
函数列表是逆向工程的导航地图。它以树形结构组织程序中的所有函数,按类型(导入函数/库函数/内部函数)分组,支持搜索过滤和点击跳转。Element Plus的el-tree组件提供了完善的树形控件支持,包括虚拟滚动、懒加载和自定义节点渲染118^。
13.4.1 函数树组件:el-tree展示函数层级、导入/导出/内部函数分类
函数树的核心数据结构是一个分层树,根节点是分类(导入函数、导出函数、内部函数、库函数等),叶节点是具体的函数条目。每个函数条目包含地址、名称、大小、类型等元数据。
<!-- components/FunctionTree.vue -->
<script setup lang="ts">
import { ref, computed, watch } from 'vue'
import type { TreeNode } from 'element-plus'
import { Search, Link, Collection, Cpu, OfficeBuilding } from '@element-plus/icons-vue'
import type { FunctionInfo } from '@/types/binary'
// ===== Props =====
const props = defineProps<{
/** 函数列表 */
functions: FunctionInfo[]
/** 当前选中的函数地址 */
selectedAddress?: number
}>()
// ===== Emits =====
const emit = defineEmits<{
select: [func: FunctionInfo]
contextMenu: [func: FunctionInfo, event: MouseEvent]
}>()
// ===== 搜索状态 =====
const searchQuery = ref('')
const treeRef = ref()
// ===== 将函数列表转换为树形数据 =====
const treeData = computed(() => {
const query = searchQuery.value.toLowerCase()
// 按类型分组
const groups: Record<string, FunctionInfo[]> = {
import: [],
export: [],
internal: [],
library: [],
thunk: []
}
props.functions.forEach(func => {
const type = func.type || 'internal'
if (!groups[type]) groups[type] = []
groups[type].push(func)
})
// 构建树节点
const nodes = []
// 导入函数组
if (groups.import.length > 0 && (!query || groups.import.some(f => f.name.toLowerCase().includes(query)))) {
nodes.push({
label: `导入函数 (${groups.import.length})`,
icon: 'Link',
type: 'group',
children: groups.import
.filter(f => !query || f.name.toLowerCase().includes(query))
.map(func => ({
label: func.name,
address: func.address,
size: func.size,
type: func.type,
library: func.library,
icon: 'Link',
leaf: true,
data: func
}))
.sort((a, b) => a.address - b.address)
})
}
// 导出函数组
if (groups.export.length > 0 && (!query || groups.export.some(f => f.name.toLowerCase().includes(query)))) {
nodes.push({
label: `导出函数 (${groups.export.length})`,
icon: 'OfficeBuilding',
type: 'group',
children: groups.export
.filter(f => !query || f.name.toLowerCase().includes(query))
.map(func => ({
label: func.name,
address: func.address,
size: func.size,
type: func.type,
icon: 'OfficeBuilding',
leaf: true,
data: func
}))
.sort((a, b) => a.address - b.address)
})
}
// 内部函数组
if (groups.internal.length > 0 && (!query || groups.internal.some(f => f.name.toLowerCase().includes(query)))) {
nodes.push({
label: `内部函数 (${groups.internal.length})`,
icon: 'Cpu',
type: 'group',
children: groups.internal
.filter(f => !query || f.name.toLowerCase().includes(query))
.map(func => ({
label: func.name,
address: func.address,
size: func.size,
type: func.type,
icon: 'Cpu',
leaf: true,
data: func
}))
.sort((a, b) => a.address - b.address)
})
}
// 库函数组
if (groups.library.length > 0 && (!query || groups.library.some(f => f.name.toLowerCase().includes(query)))) {
// 库函数可以按DLL进一步分组
const byLibrary: Record<string, typeof groups.library> = {}
groups.library.forEach(func => {
const lib = func.library || 'unknown'
if (!byLibrary[lib]) byLibrary[lib] = []
byLibrary[lib].push(func)
})
const libChildren = Object.entries(byLibrary).map(([libName, funcs]) => ({
label: libName,
icon: 'Collection',
type: 'subgroup',
children: funcs
.filter(f => !query || f.name.toLowerCase().includes(query))
.map(func => ({
label: func.name,
address: func.address,
size: func.size,
type: func.type,
library: func.library,
icon: 'Collection',
leaf: true,
data: func
}))
.sort((a, b) => a.address - b.address)
}))
nodes.push({
label: `库函数 (${groups.library.length})`,
icon: 'Collection',
type: 'group',
children: libChildren
})
}
return nodes
})
// ===== 节点样式 =====
function getNodeClass(node: TreeNode) {
const classes: string[] = []
if (node.data?.type === 'import') classes.push('node-import')
if (node.data?.type === 'export') classes.push('node-export')
if (node.data?.type === 'internal') classes.push('node-internal')
if (node.address === props.selectedAddress) classes.push('node-selected')
return classes.join(' ')
}
function getNodeColor(node: TreeNode) {
switch (node.data?.type) {
case 'import': return '#C586C0' // 紫色
case 'export': return '#DCDCAA' // 黄色
case 'internal': return '#ABB2BF' // 灰色
case 'library': return '#C678DD' // 洋红
case 'thunk': return '#4EC9B0' // 青色
default: return '#D4D4D4'
}
}
// ===== 事件处理 =====
function handleNodeClick(node: TreeNode) {
if (node.data?.leaf && node.data?.data) {
emit('select', node.data.data as FunctionInfo)
}
}
function handleContextMenu(event: MouseEvent, node: TreeNode) {
if (node.data?.leaf && node.data?.data) {
emit('contextMenu', node.data.data as FunctionInfo, event)
}
}
// 搜索时自动展开匹配的节点
watch(searchQuery, (query) => {
if (query && treeRef.value) {
treeRef.value.expandAll()
}
})
</script>
<template>
<div class="function-tree">
<!-- 搜索框 -->
<div class="tree-search">
<el-input
v-model="searchQuery"
placeholder="搜索函数..."
size="small"
clearable
>
<template #prefix>
<el-icon><Search /></el-icon>
</template>
</el-input>
</div>
<!-- 函数树 -->
<el-tree-v2
ref="treeRef"
:data="treeData"
:height="treeHeight"
:item-size="26"
:props="{ children: 'children', label: 'label', value: 'address' }"
:highlight-current="true"
:expand-on-click-node="false"
:default-expand-all="false"
:filter-node-method="filterNode"
@node-click="handleNodeClick"
@node-contextmenu="handleContextMenu"
>
<template #default="{ node }">
<span
class="tree-node"
:class="getNodeClass(node)"
>
<el-icon v-if="node.icon === 'Link'" :size="14" class="node-icon">
<Link />
</el-icon>
<el-icon v-else-if="node.icon === 'Cpu'" :size="14" class="node-icon">
<Cpu />
</el-icon>
<el-icon v-else-if="node.icon === 'Collection'" :size="14" class="node-icon">
<Collection />
</el-icon>
<el-icon v-else-if="node.icon === 'OfficeBuilding'" :size="14" class="node-icon">
<OfficeBuilding />
</el-icon>
<span
class="node-label"
:style="{ color: getNodeColor(node) }"
:title="node.data?.library ? `${node.data.library}.${node.label}` : node.label"
>
{{ node.label }}
</span>
<span v-if="node.data?.address && node.data?.leaf" class="node-address">
{{ node.data.address.toString(16).toUpperCase().padStart(8, '0') }}
</span>
<span v-if="node.data?.size && node.data?.leaf" class="node-size">
{{ node.data.size }}B
</span>
</span>
</template>
</el-tree-v2>
</div>
</template>
<style scoped>
.function-tree {
width: 100%;
height: 100%;
display: flex;
flex-direction: column;
background: #1E1E1E;
}
.tree-search {
padding: 8px;
border-bottom: 1px solid #3E3E42;
flex-shrink: 0;
}
.tree-node {
display: flex;
align-items: center;
gap: 6px;
font-family: Consolas, "Courier New", monospace;
font-size: 12px;
width: 100%;
}
.node-icon {
color: #606060;
flex-shrink: 0;
}
.node-label {
flex: 1;
overflow: hidden;
text-overflow: ellipsis;
white-space: nowrap;
}
.node-address {
color: #808080;
font-size: 11px;
flex-shrink: 0;
margin-left: 4px;
}
.node-size {
color: #606060;
font-size: 11px;
flex-shrink: 0;
margin-left: 4px;
}
.node-selected .node-label {
color: #569CD6 !important;
font-weight: bold;
}
:deep(.el-tree-node.is-current > .el-tree-node__content) {
background-color: #2D3B4D !important;
}
</style>
这个函数树组件使用了Element Plus的el-tree-v2(虚拟树)组件来处理大量函数的情况119^。虚拟树只渲染可见的节点行,即使函数列表有上万个条目也能保持流畅滚动。treeData计算属性将扁平的函数列表转换为按类型分组的树形结构,搜索过滤在分组前进行,确保搜索结果包含所有匹配的函数。
13.4.2 字符串列表组件:可筛选、可搜索、可跳转到引用的字符串表
字符串列表组件展示从二进制文件中提取的所有可读字符串,包括ASCII字符串和Unicode字符串。每条记录包含字符串内容、文件偏移、长度和类型(ASCII/Unicode)。分析师可以通过搜索框快速定位感兴趣的字符串(如URL、文件路径、注册表键、IP地址等),双击某行可以跳转到引用该字符串的代码位置。
<!-- components/StringList.vue -->
<script setup lang="ts">
import { ref, computed } from 'vue'
import type { BinaryString } from '@/types/binary'
const props = defineProps<{
strings: BinaryString[]
}>()
const emit = defineEmits<{
navigate: [offset: number]
}>()
const searchQuery = ref('')
const typeFilter = ref<'all' | 'ascii' | 'unicode'>('all')
const filteredStrings = computed(() => {
const query = searchQuery.value.toLowerCase()
return props.strings.filter(s => {
const matchesQuery = !query || s.value.toLowerCase().includes(query)
const matchesType = typeFilter.value === 'all' || s.type === typeFilter.value
return matchesQuery && matchesType
})
})
function getRowClass(row: BinaryString) {
// 高亮可疑字符串
if (/https?:\/\//i.test(row.value)) return 'string-url'
if (/[A-Za-z]:\\/i.test(row.value)) return 'string-path'
if (/HKEY_/i.test(row.value)) return 'string-registry'
if (/\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b/.test(row.value)) return 'string-ip'
return ''
}
</script>
<template>
<div class="string-list">
<div class="string-toolbar">
<el-input v-model="searchQuery" placeholder="搜索字符串..." size="small" clearable />
<el-select v-model="typeFilter" size="small" style="width: 100px">
<el-option label="全部" value="all" />
<el-option label="ASCII" value="ascii" />
<el-option label="Unicode" value="unicode" />
</el-select>
</div>
<el-table-v2
:columns="columns"
:data="filteredStrings"
:width="width"
:height="height"
:row-class="getRowClass"
@row-dblclick="(row) => emit('navigate', row.offset)"
/>
</div>
</template>
字符串列表的一个重要特性是可疑模式高亮。通过正则表达式匹配,你可以自动识别并高亮以下类型的字符串:URL(https?://...)、文件路径(C:\Windows\...)、注册表键(HKEY_...)、IP地址、电子邮件地址和Base64编码数据。这些模式在安全分析中特别有价值——恶意软件常常将C2服务器地址、持久化路径或加密的payload隐藏在二进制文件的字符串表中。使用Element Plus表格的row-class属性,你可以为不同类型的可疑字符串分配不同的行背景色,让分析师一眼就能发现潜在威胁指标。
13.4.3 导入/导出表:DLL依赖和API调用的树形展示
导入表展示程序依赖的所有DLL及其导入的API函数,按DLL分组。每个导入项显示函数名、序号、导入地址表(Import Address Table, IAT)入口地址。导出表则展示程序导出的函数,包括函数名、序号、导出地址。这两个表使用el-tree组件按DLL/模块分组展示,点击函数名可跳转到对应的反汇编位置。
<!-- components/ImportExportTable.vue -->
<script setup lang="ts">
import type { ImportEntry, ExportEntry } from '@/types/binary'
const props = defineProps<{
imports: ImportEntry[]
exports: ExportEntry[]
}>()
const emit = defineEmits<{
navigate: [address: number]
}>()
// 按DLL分组的导入表数据
const importTree = computed(() => {
const groups: Record<string, ImportEntry[]> = {}
props.imports.forEach(imp => {
if (!groups[imp.dll]) groups[imp.dll] = []
groups[imp.dll].push(imp)
})
return Object.entries(groups).map(([dll, functions]) => ({
label: dll,
children: functions.map(f => ({
label: f.name || `Ordinal #${f.ordinal}`,
address: f.address,
ordinal: f.ordinal,
hint: f.hint,
leaf: true,
data: f
}))
}))
})
// 导出表数据(扁平列表)
const exportList = computed(() =>
props.exports.map(exp => ({
label: exp.name || `Ordinal #${exp.ordinal}`,
address: exp.address,
ordinal: exp.ordinal,
leaf: true,
data: exp
}))
)
function getImportNodeColor(node: any) {
if (!node.data?.leaf) return '#D4D4D4' // DLL名称
const func = node.data.data
// 高风险API标记为红色
const dangerousAPIs = ['strcpy', 'sprintf', 'gets', 'scanf', 'memcpy', 'system', 'execve', 'WinExec', 'CreateProcess', 'ShellExecute']
if (dangerousAPIs.some(api => func.name?.toLowerCase().includes(api))) {
return '#F44747'
}
return '#C586C0' // 普通导入函数
}
</script>
<template>
<div class="import-export-table">
<el-tabs type="border-card">
<!-- 导入表 -->
<el-tab-pane :label="`导入 (${imports.length})`">
<el-tree-v2
:data="importTree"
:height="treeHeight"
:item-size="24"
@node-click="(node) => node.address && emit('navigate', node.address)"
>
<template #default="{ node }">
<span :style="{ color: getImportNodeColor(node) }">
{{ node.label }}
</span>
<span v-if="node.address" class="node-addr">
{{ node.address.toString(16).toUpperCase() }}
</span>
</template>
</el-tree-v2>
</el-tab-pane>
<!-- 导出表 -->
<el-tab-pane :label="`导出 (${exports.length})`">
<el-virtual-list
:data="exportList"
:height="treeHeight"
:item-size="24"
>
<template #default="{ item }">
<div
class="export-item"
@click="emit('navigate', item.address)"
>
<span>{{ item.label }}</span>
<span class="node-addr">
{{ item.address.toString(16).toUpperCase() }}
</span>
</div>
</template>
</el-virtual-list>
</el-tab-pane>
</el-tabs>
</div>
</template>
导入表组件的一个亮点是危险API自动标记——通过预定义的危险函数列表(如strcpy、sprintf、system等),在渲染时自动将匹配到的API名称显示为红色。这让安全分析师在查看导入表时能够立即识别潜在的安全风险。导入表中每个节点点击后都会触发navigate事件,在反汇编视图中跳转到对应的IAT入口 thunk 代码位置,分析师可以进一步追踪该API在程序中的所有调用点。
13.4.4 搜索与过滤:全文搜索、类型过滤、正则匹配
所有列表视图(函数、字符串、导入/导出)共享一个统一的搜索组件,支持三种搜索模式:普通文本匹配(不区分大小写)、正则表达式匹配和类型过滤(只显示特定类型的条目)。搜索组件使用Element Plus的el-input配合el-select模式选择器,搜索结果实时高亮匹配文本。
<!-- components/SearchBar.vue -->
<script setup lang="ts">
import { ref, watch, computed } from 'vue'
import { Search } from '@element-plus/icons-vue'
const props = defineProps<{
modelValue: string
mode?: 'text' | 'regex'
typeFilters?: Array<{ label: string; value: string }>
}>()
const emit = defineEmits<{
'update:modelValue': [value: string]
'update:mode': [mode: string]
filterType: [type: string]
}>()
const searchMode = ref(props.mode || 'text')
const typeFilter = ref('all')
// 验证正则表达式合法性
const isRegexValid = computed(() => {
if (searchMode.value !== 'regex') return true
try {
new RegExp(props.modelValue)
return true
} catch {
return false
}
})
function handleInput(value: string) {
emit('update:modelValue', value)
}
</script>
<template>
<div class="search-bar">
<el-input
:model-value="modelValue"
:class="{ 'regex-error': !isRegexValid }"
placeholder="搜索..."
size="small"
clearable
@update:model-value="handleInput"
>
<template #prefix>
<el-icon><Search /></el-icon>
</template>
<template #suffix>
<el-tooltip
v-if="searchMode === 'regex' && !isRegexValid"
content="无效的正则表达式"
placement="top"
>
<el-icon color="#F44747"><Warning /></el-icon>
</el-tooltip>
</template>
<template #append>
<el-select
v-model="searchMode"
style="width: 80px"
size="small"
@change="emit('update:mode', $event)"
>
<el-option label="文本" value="text" />
<el-option label="正则" value="regex" />
</el-select>
</template>
</el-input>
<!-- 类型过滤器 -->
<el-select
v-if="typeFilters"
v-model="typeFilter"
style="width: 100px"
size="small"
@change="emit('filterType', $event)"
>
<el-option
v-for="filter in [{ label: '全部', value: 'all' }, ...typeFilters]"
:key="filter.value"
:label="filter.label"
:value="filter.value"
/>
</el-select>
</div>
</template>
<style scoped>
.search-bar {
display: flex;
gap: 8px;
align-items: center;
}
.regex-error :deep(.el-input__wrapper) {
box-shadow: 0 0 0 1px #F44747 inset;
}
</style>
在搜索实现上,普通文本模式使用String.prototype.includes()进行不区分大小写的匹配;正则表达式模式使用RegExp.prototype.test(),但需要先验证正则的合法性以避免运行时错误。对于大数据量(如上万个函数名),搜索操作应该在Web Worker中进行以避免阻塞UI主线程。不过在实际测试中,Element Plus的el-tree-v2虚拟树在接收过滤后的数据时表现得相当高效,即使在10万条记录中搜索也不会造成明显的卡顿119^。搜索结果的实时高亮通过el-highlight指令或手动包裹<span class="highlight">标签来实现,匹配的文本使用黄色背景色(#EA5C00)突出显示。
13.5 AI Agent交互面板
AI Agent交互面板是本项目的差异化功能,它将传统逆向工程工具与大语言模型(LLM)的深度分析能力结合起来。这个面板需要实现三个核心功能:类似ChatGPT的对话式交互界面、Agent执行状态的实时展示、以及结构化漏洞报告的渲染。
13.5.1 对话界面:类ChatGPT的对话式交互、Markdown渲染、代码高亮
对话界面是用户与AI Agent交流的主要渠道。它采用经典的聊天界面设计:消息气泡按发送者分组排列(用户消息右对齐,AI消息左对齐),支持Markdown格式渲染(包括标题、列表、表格、代码块等),代码块使用Monaco Editor或Prism.js进行语法高亮。
<!-- components/AgentChatPanel.vue -->
<script setup lang="ts">
import { ref, watch, nextTick, onMounted } from 'vue'
import { marked } from 'marked'
import { User, MagicStick, Loading } from '@element-plus/icons-vue'
import type { ChatMessage } from '@/types/agent'
// ===== Props =====
const props = defineProps<{
messages: ChatMessage[]
isLoading: boolean
agentStatus?: string
}>()
// ===== Emits =====
const emit = defineEmits<{
sendMessage: [content: string]
stopGeneration: []
}>()
// ===== 内部状态 =====
const inputText = ref('')
const messagesContainer = ref<HTMLDivElement>()
const isTyping = ref(false)
// ===== Markdown渲染配置 =====
marked.setOptions({
breaks: true, // 转换换行符为<br>
gfm: true, // GitHub Flavored Markdown
headerIds: false // 不生成header ID
})
/**
* 将Markdown文本渲染为HTML
* 使用DOMPurify清理以防止XSS攻击
*/
function renderMarkdown(content: string): string {
return marked.parse(content) as string
}
/**
* 提取代码块的语言标识
*/
function getCodeLanguage(className: string): string {
const match = className.match(/language-(\w+)/)
return match ? match[1] : 'text'
}
// 发送消息
function handleSend() {
const text = inputText.value.trim()
if (!text || props.isLoading) return
emit('sendMessage', text)
inputText.value = ''
}
// 滚动到底部
function scrollToBottom() {
nextTick(() => {
if (messagesContainer.value) {
messagesContainer.value.scrollTop = messagesContainer.value.scrollHeight
}
})
}
// 新消息到达时自动滚动
watch(() => props.messages.length, scrollToBottom)
watch(() => props.isLoading, scrollToBottom)
onMounted(() => {
scrollToBottom()
})
</script>
<template>
<div class="agent-chat-panel">
<!-- 消息列表区域 -->
<div ref="messagesContainer" class="chat-messages">
<!-- 欢迎消息 -->
<div v-if="messages.length === 0" class="welcome-message">
<el-icon :size="48" class="welcome-icon"><MagicStick /></el-icon>
<h3>AI 逆向分析助手</h3>
<p>我可以帮你分析二进制文件,识别漏洞,解释代码逻辑。</p>
<div class="quick-prompts">
<el-button
v-for="prompt in quickPrompts"
:key="prompt"
size="small"
text
@click="emit('sendMessage', prompt)"
>
{{ prompt }}
</el-button>
</div>
</div>
<!-- 消息列表 -->
<div
v-for="(msg, index) in messages"
:key="index"
class="message-wrapper"
:class="msg.role"
>
<!-- 头像 -->
<div class="message-avatar">
<el-icon v-if="msg.role === 'user'" :size="20"><User /></el-icon>
<el-icon v-else-if="msg.role === 'assistant'" :size="20"><MagicStick /></el-icon>
<el-icon v-else-if="msg.role === 'system'" :size="20"><Info /></el-icon>
</div>
<!-- 消息气泡 -->
<div class="message-bubble">
<!-- 消息头部 -->
<div class="message-header">
<span class="message-role">
{{ msg.role === 'user' ? '你' : msg.role === 'assistant' ? 'AI Agent' : '系统' }}
</span>
<span class="message-time">{{ formatTime(msg.timestamp) }}</span>
</div>
<!-- 消息内容(Markdown渲染) -->
<div
class="message-content"
v-html="renderMarkdown(msg.content)"
/>
<!-- 工具调用展示(如果消息包含工具调用) -->
<div v-if="msg.toolCalls && msg.toolCalls.length > 0" class="tool-calls">
<div
v-for="tool in msg.toolCalls"
:key="tool.id"
class="tool-call-item"
>
<el-icon><Tools /></el-icon>
<span class="tool-name">{{ tool.name }}</span>
<el-tag
:type="tool.status === 'completed' ? 'success' : tool.status === 'error' ? 'danger' : 'warning'"
size="small"
>
{{ tool.status === 'completed' ? '已完成' : tool.status === 'error' ? '失败' : '执行中' }}
</el-tag>
</div>
</div>
</div>
</div>
<!-- AI正在输入指示器 -->
<div v-if="isLoading" class="message-wrapper assistant typing">
<div class="message-avatar">
<el-icon :size="20" class="typing-icon"><Loading /></el-icon>
</div>
<div class="message-bubble typing-bubble">
<span class="typing-dot" />
<span class="typing-dot" />
<span class="typing-dot" />
</div>
</div>
</div>
<!-- 输入区域 -->
<div class="chat-input-area">
<el-input
v-model="inputText"
type="textarea"
:rows="3"
placeholder="输入你的问题,按Enter发送,Shift+Enter换行..."
resize="none"
@keydown="handleKeydown"
/>
<div class="input-actions">
<el-button
v-if="isLoading"
type="warning"
size="small"
@click="emit('stopGeneration')"
>
<el-icon><VideoPause /></el-icon>
停止
</el-button>
<el-button
type="primary"
size="small"
:disabled="!inputText.trim() || isLoading"
@click="handleSend"
>
<el-icon><Promotion /></el-icon>
发送
</el-button>
</div>
</div>
</div>
</template>
<style scoped>
.agent-chat-panel {
width: 100%;
height: 100%;
display: flex;
flex-direction: column;
background: #1E1E1E;
}
.chat-messages {
flex: 1;
overflow-y: auto;
padding: 16px;
display: flex;
flex-direction: column;
gap: 12px;
}
/* 欢迎消息 */
.welcome-message {
text-align: center;
padding: 40px 20px;
color: #808080;
}
.welcome-icon {
color: #569CD6;
margin-bottom: 16px;
}
.welcome-message h3 {
color: #D4D4D4;
margin: 0 0 8px 0;
font-size: 18px;
}
.quick-prompts {
display: flex;
flex-wrap: wrap;
gap: 8px;
justify-content: center;
margin-top: 20px;
}
/* 消息气泡 */
.message-wrapper {
display: flex;
gap: 10px;
align-items: flex-start;
}
.message-wrapper.user {
flex-direction: row-reverse;
}
.message-avatar {
width: 32px;
height: 32px;
border-radius: 50%;
display: flex;
align-items: center;
justify-content: center;
background: #2D2D30;
border: 1px solid #3E3E42;
flex-shrink: 0;
color: #808080;
}
.message-wrapper.assistant .message-avatar {
background: #1E3A3A;
border-color: #4EC9B0;
color: #4EC9B0;
}
.message-bubble {
max-width: 85%;
padding: 10px 14px;
border-radius: 8px;
background: #252526;
border: 1px solid #3E3E42;
}
.message-wrapper.user .message-bubble {
background: #264F78;
border-color: #569CD6;
}
.message-wrapper.assistant .message-bubble {
background: #252526;
border-color: #4EC9B040;
}
.message-header {
display: flex;
gap: 8px;
margin-bottom: 6px;
font-size: 11px;
}
.message-role {
font-weight: bold;
color: #D4D4D4;
}
.message-time {
color: #606060;
}
/* Markdown内容样式 */
.message-content :deep(h1),
.message-content :deep(h2),
.message-content :deep(h3) {
color: #D4D4D4;
margin: 8px 0 4px 0;
}
.message-content :deep(code) {
background: #3E3E42;
padding: 2px 6px;
border-radius: 3px;
font-family: Consolas, monospace;
font-size: 12px;
color: #CE9178;
}
.message-content :deep(pre) {
background: #1A1A1A;
border: 1px solid #3E3E42;
border-radius: 6px;
padding: 12px;
overflow-x: auto;
margin: 8px 0;
}
.message-content :deep(pre code) {
background: transparent;
padding: 0;
color: #D4D4D4;
}
.message-content :deep(ul),
.message-content :deep(ol) {
margin: 4px 0;
padding-left: 20px;
}
.message-content :deep(li) {
margin: 2px 0;
color: #D4D4D4;
}
.message-content :deep(table) {
border-collapse: collapse;
margin: 8px 0;
width: 100%;
}
.message-content :deep(th),
.message-content :deep(td) {
border: 1px solid #3E3E42;
padding: 6px 10px;
text-align: left;
}
.message-content :deep(th) {
background: #2D2D30;
color: #9CDCFE;
}
/* 工具调用展示 */
.tool-calls {
margin-top: 8px;
padding-top: 8px;
border-top: 1px solid #3E3E42;
display: flex;
flex-direction: column;
gap: 4px;
}
.tool-call-item {
display: flex;
align-items: center;
gap: 8px;
font-size: 12px;
color: #9CDCFE;
}
.tool-name {
font-family: Consolas, monospace;
}
/* 正在输入指示器 */
.typing-bubble {
display: flex;
gap: 4px;
align-items: center;
padding: 14px 18px;
}
.typing-icon {
animation: spin 1.5s linear infinite;
color: #4EC9B0;
}
.typing-dot {
width: 8px;
height: 8px;
border-radius: 50%;
background: #808080;
animation: typingBounce 1.4s ease-in-out infinite;
}
.typing-dot:nth-child(2) { animation-delay: 0.2s; }
.typing-dot:nth-child(3) { animation-delay: 0.4s; }
@keyframes typingBounce {
0%, 60%, 100% { transform: translateY(0); }
30% { transform: translateY(-6px); }
}
@keyframes spin {
from { transform: rotate(0deg); }
to { transform: rotate(360deg); }
}
/* 输入区域 */
.chat-input-area {
padding: 12px;
border-top: 1px solid #3E3E42;
background: #252526;
flex-shrink: 0;
}
.input-actions {
display: flex;
justify-content: flex-end;
gap: 8px;
margin-top: 8px;
}
</style>
这个聊天面板组件的核心是renderMarkdown函数,它使用marked库将AI返回的Markdown格式文本转换为HTML。所有消息内容都通过v-html渲染,这在功能上是必要的,因为AI的输出包含格式化的Markdown(标题、表格、代码块等)。在生产环境中,你应该使用DOMPurify等库对HTML进行XSS过滤。组件还包含了一个工具调用展示区域,当AI调用外部工具(如反汇编、符号执行)时,这些工具的执行状态会实时显示在对应消息下方。
为了提供更好的用户体验,AI Agent的回复可以采用打字机效果(Typewriter Effect)——逐字显示回复内容,模拟人类打字的过程。这不仅让界面更有”生命力”,也让用户有时间逐步消化AI输出的分析内容。实现打字机效果的关键是在接收AI流式响应时,逐步追加到消息内容中:
// 打字机效果:逐字追加AI响应
async function streamTypewriterResponse(
reader: ReadableStreamDefaultReader<Uint8Array>,
messageIndex: number
) {
const decoder = new TextDecoder()
let buffer = ''
while (true) {
const { done, value } = await reader.read()
if (done) break
buffer += decoder.decode(value, { stream: true })
// 逐字追加到当前消息
const chars = buffer.split('')
for (let i = 0; i < chars.length; i++) {
await new Promise(resolve => setTimeout(resolve, 8)) // 每字符8ms延迟
messages.value[messageIndex].content += chars[i]
// 触发滚动到底部
scrollToBottom()
}
buffer = ''
}
}
打字机效果的延迟时间需要仔细调校:8毫秒/字符相当于约125字符/秒,这个速度既不会让用户觉得太慢,又能营造出”正在思考”的感觉。对于代码块,你应该关闭打字机效果(直接整块插入),因为代码的语法高亮需要完整内容才能正确渲染,逐字显示会导致中间状态的渲染错误。
13.5.2 Agent状态显示:当前Agent思考过程、工具调用展示、进度指示
当AI Agent执行复杂分析任务时,它通常不会立即返回最终答案,而是经历一个”思考-行动-观察”的循环过程(即ReAct模式)。Agent状态显示组件负责可视化这个内部过程,让用户了解AI正在做什么、已经完成了哪些步骤。
状态显示采用时间线(Timeline)的形式,每个步骤作为一个节点,状态包括:等待中(灰色)、执行中(蓝色旋转动画)、已完成(绿色对勾)、失败(红色叉号)。对于工具调用步骤,还显示输入参数和输出结果的摘要。
这种时间线可视化借鉴了LangChain和AutoGPT等流行AI Agent框架的调试界面设计,让用户能够”透视”AI的思考过程。当AI Agent决定调用反汇编工具时,你可以看到它传递给工具的具体参数(如起始地址和指令数量);当工具返回结果后,你可以看到AI如何消化这些信息并调整后续策略。这种透明度不仅帮助用户理解AI的行为逻辑,也为调试提供了宝贵的上下文——当AI给出错误分析结论时,你可以通过检查中间步骤定位问题的根源。
<!-- components/AgentStatusTimeline.vue -->
<script setup lang="ts">
import type { AgentStep } from '@/types/agent'
// ===== Props =====
defineProps<{
steps: AgentStep[]
currentStep: number
}>()
// 步骤类型图标映射
function getStepIcon(type: string): string {
const icons: Record<string, string> = {
think: 'Brain',
tool_call: 'Tools',
observe: 'View',
respond: 'Chat',
error: 'Warning'
}
return icons[type] || 'CircleCheck'
}
function getStepTypeLabel(type: string): string {
const labels: Record<string, string> = {
think: '思考',
tool_call: '工具调用',
observe: '观察结果',
respond: '生成回复',
error: '错误'
}
return labels[type] || type
}
function getStepStatusType(status: string): 'primary' | 'success' | 'danger' | 'warning' | 'info' {
const types: Record<string, any> = {
pending: 'info',
running: 'primary',
completed: 'success',
error: 'danger'
}
return types[status] || 'info'
}
</script>
<template>
<div class="agent-status-timeline">
<div class="timeline-header">
<span class="header-title">Agent 执行状态</span>
<el-tag
:type="steps[currentStep]?.status === 'running' ? 'primary' : 'success'"
size="small"
>
{{ steps[currentStep]?.status === 'running' ? '执行中' : '已完成' }}
</el-tag>
</div>
<el-timeline>
<el-timeline-item
v-for="(step, index) in steps"
:key="index"
:type="getStepStatusType(step.status)"
:icon="getStepIcon(step.type)"
:timestamp="step.duration ? `${step.duration}ms` : undefined"
>
<div class="timeline-step">
<span class="step-type">{{ getStepTypeLabel(step.type) }}</span>
<p v-if="step.description" class="step-desc">{{ step.description }}</p>
<!-- 工具调用详情 -->
<div v-if="step.type === 'tool_call' && step.toolInput" class="tool-details">
<el-collapse>
<el-collapse-item title="输入参数">
<pre class="code-block">{{ JSON.stringify(step.toolInput, null, 2) }}</pre>
</el-collapse-item>
<el-collapse-item v-if="step.toolOutput" title="输出结果">
<pre class="code-block">{{ JSON.stringify(step.toolOutput, null, 2) }}</pre>
</el-collapse-item>
</el-collapse>
</div>
</div>
</el-timeline-item>
</el-timeline>
</div>
</template>
<style scoped>
.agent-status-timeline {
padding: 12px;
background: #1E1E1E;
border-right: 1px solid #3E3E42;
overflow-y: auto;
height: 100%;
}
.timeline-header {
display: flex;
justify-content: space-between;
align-items: center;
margin-bottom: 16px;
padding-bottom: 8px;
border-bottom: 1px solid #3E3E42;
}
.header-title {
font-weight: bold;
color: #D4D4D4;
}
.timeline-step {
font-size: 12px;
}
.step-type {
font-weight: bold;
color: #D4D4D4;
}
.step-desc {
margin: 4px 0 0 0;
color: #808080;
line-height: 1.4;
}
.tool-details {
margin-top: 8px;
}
.code-block {
background: #1A1A1A;
border: 1px solid #3E3E42;
border-radius: 4px;
padding: 8px;
font-family: Consolas, monospace;
font-size: 11px;
color: #D4D4D4;
overflow-x: auto;
margin: 0;
}
:deep(.el-timeline-item__node) {
background-color: transparent;
border: 2px solid var(--el-color-primary);
}
:deep(.el-timeline-item__node--success) {
border-color: var(--el-color-success);
}
:deep(.el-timeline-item__node--danger) {
border-color: var(--el-color-danger);
}
</style>
13.5.3 漏洞报告展示:结构化漏洞卡片、风险评级、修复建议
当AI Agent完成漏洞分析后,结果以结构化的漏洞卡片形式展示。每张卡片包含漏洞标题、CVE编号(如果有)、风险等级(使用颜色编码:Critical红色/High橙色/Medium黄色/Low蓝色/Info灰色)、漏洞描述、受影响的代码位置(可点击跳转到反汇编视图)、利用条件和修复建议。
漏洞卡片使用Element Plus的el-card组件构建,每张卡片代表一个独立的安全发现。卡片头部包含漏洞名称和风险等级标签,主体部分展开详细的分析内容。修复建议部分使用Markdown渲染,可能包含代码示例和配置修改建议。
<!-- components/VulnerabilityCard.vue -->
<script setup lang="ts">
import { ref } from 'vue'
import type { VulnerabilityReport } from '@/types/agent'
import { WarningFilled, ArrowDown, ArrowUp } from '@element-plus/icons-vue'
const props = defineProps<{
vulnerability: VulnerabilityReport
}>()
const emit = defineEmits<{
navigateToCode: [address: number]
applyFix: [vuln: VulnerabilityReport]
}>()
const isExpanded = ref(false)
// 风险等级映射
const severityConfig: Record<string, { color: string; label: string; icon: any }> = {
critical: { color: '#F44747', label: '严重', icon: WarningFilled },
high: { color: '#CE9178', label: '高危', icon: WarningFilled },
medium: { color: '#FFD700', label: '中危', icon: WarningFilled },
low: { color: '#569CD6', label: '低危', icon: WarningFilled },
info: { color: '#808080', label: '信息', icon: WarningFilled }
}
const config = computed(() =>
severityConfig[props.vulnerability.severity] || severityConfig.info
)
</script>
<template>
<el-card
class="vulnerability-card"
:class="`severity-${vulnerability.severity}`"
shadow="never"
>
<!-- 卡片头部 -->
<template #header>
<div class="card-header">
<div class="header-left">
<el-icon :size="18" :color="config.color">
<component :is="config.icon" />
</el-icon>
<span class="vuln-title">{{ vulnerability.title }}</span>
</div>
<el-tag :color="config.color" effect="dark" size="small">
{{ config.label }}
</el-tag>
</div>
</template>
<!-- 主体内容 -->
<div class="card-body">
<!-- CVE编号 -->
<div v-if="vulnerability.cveId" class="cve-row">
<el-tag type="danger" size="small">{{ vulnerability.cveId }}</el-tag>
<el-link
v-if="vulnerability.cveUrl"
:href="vulnerability.cveUrl"
target="_blank"
type="primary"
:icon="Link"
>
查看详情
</el-link>
</div>
<!-- 受影响地址 -->
<div class="location-row">
<span class="label">位置:</span>
<el-link
type="primary"
@click="emit('navigateToCode', vulnerability.address)"
>
0x{{ vulnerability.address.toString(16).toUpperCase().padStart(8, '0') }}
</el-link>
<span v-if="vulnerability.functionName" class="func-name">
({{ vulnerability.functionName }})
</span>
</div>
<!-- 漏洞描述 -->
<p class="vuln-description">{{ vulnerability.description }}</p>
<!-- 展开/收起详情 -->
<el-button
text
size="small"
@click="isExpanded = !isExpanded"
>
<el-icon><component :is="isExpanded ? ArrowUp : ArrowDown" /></el-icon>
{{ isExpanded ? '收起' : '查看详情' }}
</el-button>
<div v-show="isExpanded" class="expanded-content">
<!-- 漏洞类型 -->
<div class="detail-section">
<h4>漏洞类型</h4>
<el-tag>{{ vulnerability.category }}</el-tag>
<p>{{ vulnerability.categoryDescription }}</p>
</div>
<!-- 根因分析 -->
<div class="detail-section">
<h4>根因分析</h4>
<div class="markdown-content" v-html="renderMarkdown(vulnerability.rootCause)" />
</div>
<!-- 利用条件 -->
<div class="detail-section">
<h4>利用条件</h4>
<ul>
<li v-for="condition in vulnerability.exploitConditions" :key="condition">
{{ condition }}
</li>
</ul>
</div>
<!-- 修复建议 -->
<div class="detail-section">
<h4>修复建议</h4>
<div class="markdown-content" v-html="renderMarkdown(vulnerability.recommendation)" />
<el-button
v-if="vulnerability.suggestedFix"
type="primary"
size="small"
@click="emit('applyFix', vulnerability)"
>
应用修复建议
</el-button>
</div>
<!-- 参考链接 -->
<div v-if="vulnerability.references?.length" class="detail-section">
<h4>参考链接</h4>
<ul>
<li v-for="ref in vulnerability.references" :key="ref">
<el-link :href="ref" target="_blank" type="primary">{{ ref }}</el-link>
</li>
</ul>
</div>
</div>
</div>
</el-card>
</template>
<style scoped>
.vulnerability-card {
margin-bottom: 12px;
background: #252526;
border: 1px solid #3E3E42;
}
.vulnerability-card.severity-critical {
border-left: 4px solid #F44747;
}
.vulnerability-card.severity-high {
border-left: 4px solid #CE9178;
}
.vulnerability-card.severity-medium {
border-left: 4px solid #FFD700;
}
.card-header {
display: flex;
justify-content: space-between;
align-items: center;
}
.header-left {
display: flex;
align-items: center;
gap: 8px;
}
.vuln-title {
font-weight: bold;
color: #D4D4D4;
}
.cve-row {
display: flex;
gap: 8px;
align-items: center;
margin-bottom: 8px;
}
.location-row {
margin-bottom: 8px;
font-size: 13px;
}
.label {
color: #808080;
}
.func-name {
color: #9CDCFE;
font-family: Consolas, monospace;
}
.vuln-description {
color: #D4D4D4;
line-height: 1.6;
margin: 8px 0;
}
.detail-section {
margin-top: 12px;
padding-top: 12px;
border-top: 1px solid #3E3E42;
}
.detail-section h4 {
color: #9CDCFE;
margin: 0 0 8px 0;
font-size: 14px;
}
.markdown-content :deep(code) {
background: #3E3E42;
padding: 2px 6px;
border-radius: 3px;
font-family: Consolas, monospace;
font-size: 12px;
}
.markdown-content :deep(pre) {
background: #1A1A1A;
border: 1px solid #3E3E42;
border-radius: 6px;
padding: 12px;
overflow-x: auto;
}
</style>
漏洞卡片的设计遵循了安全审计报告的最佳实践:首先用颜色和标签让用户快速了解风险等级,然后提供可点击的代码位置导航,接着是清晰的漏洞描述,最后通过可展开的区域展示详细的根因分析和修复建议。renderMarkdown函数使用marked库来渲染修复建议中的格式化文本和代码示例。每张卡片的左侧边框颜色对应风险等级,这种视觉编码让用户在滚动浏览大量漏洞时能够迅速定位高危问题。
13.5.4 一键分析按钮:触发完整分析流程、实时显示进度
一键分析按钮位于工具栏的显著位置,点击后触发完整的AI分析流程:反汇编扫描→危险函数检测→控制流分析→符号执行验证→漏洞报告生成。整个流程通过WebSocket实时推送进度更新,前端通过进度条和状态文本展示当前分析阶段。
<!-- components/OneClickAnalyze.vue -->
<script setup lang="ts">
import { ref } from 'vue'
import { Cpu } from '@element-plus/icons-vue'
const emit = defineEmits<{
analyze: []
}>()
const isAnalyzing = ref(false)
const progress = ref(0)
const currentPhase = ref('')
const phaseDetail = ref('')
const phases = [
{ name: '正在反汇编...', detail: '使用Capstone引擎解析.text段指令' },
{ name: '检测危险函数...', detail: '扫描strcpy/sprintf等高风险API调用' },
{ name: '分析控制流...', detail: '构建CFG并识别循环和分支结构' },
{ name: '执行符号分析...', detail: '追踪用户输入到危险函数的可达路径' },
{ name: '生成漏洞报告...', detail: '聚合发现并生成结构化报告' }
]
async function handleAnalyze() {
isAnalyzing.value = true
progress.value = 0
currentPhase.value = phases[0].name
phaseDetail.value = phases[0].detail
emit('analyze')
}
// 由父组件调用更新进度
function updateProgress(value: number, phaseIndex?: number) {
progress.value = Math.min(value, 100)
if (phaseIndex !== undefined && phaseIndex < phases.length) {
currentPhase.value = phases[phaseIndex].name
phaseDetail.value = phases[phaseIndex].detail
}
}
function finish() {
isAnalyzing.value = false
progress.value = 100
currentPhase.value = '分析完成'
phaseDetail.value = `发现 ${vulnCount} 个问题`
}
let vulnCount = 0
function setVulnCount(count: number) {
vulnCount = count
}
defineExpose({ updateProgress, finish, setVulnCount })
</script>
<template>
<div class="one-click-analyze">
<el-button
v-if="!isAnalyzing"
type="primary"
size="large"
:icon="Cpu"
@click="handleAnalyze"
>
AI 一键分析
</el-button>
<div v-else class="progress-area">
<el-progress
:percentage="progress"
:status="progress === 100 ? 'success' : ''"
:stroke-width="16"
striped
striped-flow
/>
<div class="phase-info">
<span class="phase-name">{{ currentPhase }}</span>
<span class="phase-detail">{{ phaseDetail }}</span>
</div>
</div>
</div>
</template>
<style scoped>
.one-click-analyze {
padding: 8px 12px;
}
.progress-area {
display: flex;
flex-direction: column;
gap: 6px;
width: 300px;
}
.phase-info {
display: flex;
flex-direction: column;
gap: 2px;
}
.phase-name {
font-size: 13px;
color: #D4D4D4;
font-weight: 500;
}
.phase-detail {
font-size: 11px;
color: #808080;
}
</style>
在父组件中,你需要通过WebSocket连接监听后端发送的进度事件。后端在每个分析阶段完成后向前端推送一个JSON消息,包含当前阶段索引、总体进度百分比和可选的中间结果。前端接收到这些消息后调用updateProgress方法更新UI。
<!-- components/OneClickAnalyze.vue -->
<script setup lang="ts">
import { ref } from 'vue'
import { Cpu } from '@element-plus/icons-vue'
const emit = defineEmits<{
analyze: []
}>()
const isAnalyzing = ref(false)
const progress = ref(0)
const currentPhase = ref('')
const phases = [
'正在反汇编...',
'检测危险函数...',
'分析控制流...',
'执行符号分析...',
'生成漏洞报告...'
]
async function handleAnalyze() {
isAnalyzing.value = true
progress.value = 0
emit('analyze')
}
// 由父组件调用更新进度
function updateProgress(value: number, phase?: string) {
progress.value = value
if (phase) currentPhase.value = phase
}
function finish() {
isAnalyzing.value = false
progress.value = 100
}
defineExpose({ updateProgress, finish })
</script>
<template>
<div class="one-click-analyze">
<el-button
v-if="!isAnalyzing"
type="primary"
size="large"
:icon="Cpu"
@click="handleAnalyze"
>
AI 一键分析
</el-button>
<div v-else class="progress-area">
<el-progress
:percentage="progress"
:status="progress === 100 ? 'success' : ''"
:stroke-width="16"
striped
striped-flow
/>
<span class="phase-text">{{ currentPhase }}</span>
</div>
</div>
</template>
<style scoped>
.one-click-analyze {
padding: 8px 12px;
}
.progress-area {
display: flex;
flex-direction: column;
gap: 6px;
}
.phase-text {
font-size: 12px;
color: #808080;
text-align: center;
}
</style>
13.6 项目里程碑:分析工作台
13.6.1 完整分析界面:所有面板的集成和联动
至此,所有核心视图组件都已实现完毕。现在你需要将它们集成到一个统一的分析工作台中。工作台的布局沿用第十二章设计的多面板结构:左侧函数树、中央主视图区(反汇编/CFG标签页)、右侧AI Agent面板、底部十六进制视图。
面板之间的联动通过Pinia store中的共享状态实现。当用户在函数树中双击一个函数时,selectedFunction状态被更新,中央视图区的反汇编视图和CFG视图分别监听这个状态并加载对应数据。当用户在反汇编视图中双击一个调用指令时,navigateAddress状态被设置,所有视图同步响应这个地址变化。
工作台的整体布局采用splitpanes组件实现可拖拽调整的分割面板。左侧边栏宽度默认为280px,右侧AI面板默认为350px,底部十六进制视图高度默认为200px。用户可以自由调整这些面板的大小,splitpanes会自动将尺寸变化持久化到localStorage,下次打开页面时恢复上次的布局偏好。中央主视图区使用el-tabs组件支持反汇编视图和CFG视图之间的切换(呼应IDA Pro的Space键切换功能),两个标签页共享同一组数据但提供不同的可视化形式。
// stores/analysisWorkbench.ts
import { defineStore } from 'pinia'
import { ref, computed, watch } from 'vue'
import type { Instruction, BasicBlock, ControlFlowEdge, FunctionInfo } from '@/types/binary'
/**
* 分析工作台状态管理
* 协调所有视图组件的联动状态
*/
export const useWorkbenchStore = defineStore('workbench', () => {
// ===== 核心状态 =====
const currentFile = ref<string | null>(null)
const functions = ref<FunctionInfo[]>([])
const selectedFunction = ref<FunctionInfo | null>(null)
const selectedAddress = ref<number>(0)
const activeMainTab = ref<'disassembly' | 'cfg'>('disassembly')
// ===== 反汇编视图状态 =====
const disassemblyInstructions = ref<Instruction[]>([])
const currentDisasmAddress = ref<number>(0)
// ===== CFG视图状态 =====
const cfgBlocks = ref<BasicBlock[]>([])
const cfgEdges = ref<ControlFlowEdge[]>([])
const highlightedPath = ref<number[]>([])
// ===== 十六进制视图状态 =====
const binaryData = ref<Uint8Array>(new Uint8Array())
const hexSelectedRange = ref<[number, number] | null>(null)
const hexSyncOffset = ref<number>(-1)
// ===== AI Agent状态 =====
const agentMessages = ref<any[]>([])
const isAgentWorking = ref(false)
const agentSteps = ref<any[]>([])
const vulnerabilities = ref<any[]>([])
// ===== 导航历史 =====
const navigationHistory = ref<number[]>([])
const historyIndex = ref(-1)
// ===== Getters =====
const hasFile = computed(() => currentFile.value !== null)
const functionCount = computed(() => functions.value.length)
// ===== Actions =====
/**
* 导航到指定地址
* 所有视图组件监听selectedAddress的变化
*/
function navigateTo(address: number) {
// 记录历史
if (historyIndex.value < navigationHistory.value.length - 1) {
navigationHistory.value = navigationHistory.value.slice(0, historyIndex.value + 1)
}
navigationHistory.value.push(address)
if (navigationHistory.value.length > 100) {
navigationHistory.value.shift()
}
historyIndex.value = navigationHistory.value.length - 1
selectedAddress.value = address
// 同步十六进制视图
hexSyncOffset.value = address
// 查找包含该地址的函数
const func = functions.value.find(f =>
address >= f.address && address < f.address + (f.size || 0)
)
if (func) {
selectedFunction.value = func
}
}
function goBack(): boolean {
if (historyIndex.value <= 0) return false
historyIndex.value--
selectedAddress.value = navigationHistory.value[historyIndex.value]
return true
}
function goForward(): boolean {
if (historyIndex.value >= navigationHistory.value.length - 1) return false
historyIndex.value++
selectedAddress.value = navigationHistory.value[historyIndex.value]
return true
}
/**
* 选择函数
*/
function selectFunction(func: FunctionInfo) {
selectedFunction.value = func
navigateTo(func.address)
// 加载该函数的反汇编和CFG数据
loadFunctionData(func.address)
}
/**
* 加载函数数据(实际项目中调用API)
*/
async function loadFunctionData(address: number) {
// 这里应该调用后端API
// const data = await api.getFunctionData(address)
// disassemblyInstructions.value = data.instructions
// cfgBlocks.value = data.basicBlocks
// cfgEdges.value = data.edges
}
/**
* 从反汇编视图同步到十六进制视图
*/
function syncDisasmToHex(instructionAddress: number, instructionSize: number) {
hexSyncOffset.value = instructionAddress
hexSelectedRange.value = [instructionAddress, instructionAddress + instructionSize - 1]
}
/**
* 从十六进制视图同步到反汇编视图
*/
function syncHexToDisasm(offset: number) {
// 查找包含该偏移的指令
const inst = disassemblyInstructions.value.find(i =>
offset >= i.address && offset < i.address + i.size
)
if (inst) {
selectedAddress.value = inst.address
}
}
/**
* 在CFG视图中高亮路径
*/
function highlightExecutionPath(path: number[]) {
highlightedPath.value = path
activeMainTab.value = 'cfg'
}
/**
* 添加AI Agent消息
*/
function addAgentMessage(role: string, content: string, toolCalls?: any[]) {
agentMessages.value.push({
role,
content,
toolCalls,
timestamp: Date.now()
})
}
/**
* 添加漏洞报告
*/
function addVulnerability(vuln: any) {
vulnerabilities.value.push(vuln)
}
return {
// State
currentFile,
functions,
selectedFunction,
selectedAddress,
activeMainTab,
disassemblyInstructions,
cfgBlocks,
cfgEdges,
highlightedPath,
binaryData,
hexSelectedRange,
agentMessages,
isAgentWorking,
agentSteps,
vulnerabilities,
// Getters
hasFile,
functionCount,
// Actions
navigateTo,
goBack,
goForward,
selectFunction,
syncDisasmToHex,
syncHexToDisasm,
highlightExecutionPath,
addAgentMessage,
addVulnerability
}
})
13.6.2 交互流畅性:各视图间的同步滚动和跳转
多视图联动的关键在于避免”级联更新”导致的性能问题。当一个视图的状态变化触发其他视图更新时,必须确保更新是单向的,不会出现A更新B、B又更新A的死循环。在上述store设计中,navigateTo是唯一的状态变更入口,所有视图组件都作为这个状态的消费者(通过watch或computed),而不是双向绑定。
对于滚动同步,十六进制视图和反汇编视图之间需要保持滚动位置的大致对应。这可以通过监听滚动事件并计算对应偏移来实现,但需要使用requestAnimationFrame或throttle来限制更新频率,避免滚动时的卡顿70^。
一个实用的同步策略是”主从模式”:指定其中一个视图为主视图(通常是反汇编视图),当主视图滚动时,十六进制视图被动跟随;但十六进制视图的独立滚动不会触发反汇编视图的变化。这样避免了双向同步导致的抖动问题。具体实现上,反汇编视图在滚动时计算当前居中的指令地址,然后通过store的syncDisasmToHex方法通知十六进制视图滚动到对应偏移。
视图间的另一个重要交互是交叉选择高亮。当用户在函数树中单击一个函数时,该函数在CFG中的对应节点应该被选中并居中显示,同时反汇编视图滚动到函数入口地址。这种多视图同步需要在store中使用一个selectedFunction状态作为单一事实来源,所有视图组件都监听这个状态的变更。你可以使用Vue的watchEffect来简化这种监听逻辑:
// 在DisassemblyView.vue中
watchEffect(() => {
const func = workbenchStore.selectedFunction
if (func && editorInstance) {
// 加载该函数的反汇编数据
loadFunctionDisassembly(func.address)
// 滚动到函数入口
revealAddress(func.address)
}
})
// 在ControlFlowGraph.vue中
watchEffect(() => {
const func = workbenchStore.selectedFunction
if (func && cy) {
// 居中到函数入口节点
const nodeId = `bb_${func.address}`
const node = cy.$(`#${nodeId}`)
if (node.length > 0) {
cy.animate({ fit: { eles: node, padding: 60 }, duration: 300 })
node.select()
}
}
})
这种基于响应式状态的联动设计比命令式的事件总线更加可靠和可维护。每个视图组件只需要声明”当selectedFunction变化时我应该做什么”,而不需要关心其他视图组件的存在。当新的视图组件被添加时,它只需要接入相同的store状态即可自动获得联动能力。
13.6.3 响应式适配:不同屏幕尺寸下的布局调整
在较小屏幕上(如笔记本的1366×768分辨率),需要自动隐藏右侧AI Agent面板和底部十六进制视图,通过工具栏按钮手动切换显示。在超大屏幕(如4K显示器)上,则可以采用三列布局:左侧函数树、中央主视图、右侧同时显示AI面板和详细信息面板。
响应式适配不仅仅是CSS媒体查询的问题,还涉及到JavaScript层面的布局状态管理。当用户从大屏切换到小屏时,被隐藏的Panel不应该丢失其状态(如AI Agent的对话历史、十六进制视图的滚动位置)。实现这一点的最佳方式是将Panel的显示/隐藏与组件的挂载/卸载解耦——使用v-show代替v-if来控制Panel的可见性,这样组件实例始终存在,只是不参与布局。
// 响应式布局状态管理
import { useBreakpoints } from '@vueuse/core'
export function useResponsiveLayout() {
const breakpoints = useBreakpoints({
mobile: 0,
tablet: 768,
laptop: 1280,
desktop: 1920
})
const isMobile = breakpoints.smaller('tablet')
const isLaptop = breakpoints.between('laptop', 'desktop')
const isDesktop = breakpoints.greater('desktop')
// 根据屏幕尺寸自动调整面板可见性
const sidebarVisible = ref(true)
const rightPanelVisible = ref(true)
const bottomPanelVisible = ref(true)
watch(isLaptop, (val) => {
if (val) rightPanelVisible.value = false
})
watch(isMobile, (val) => {
if (val) {
sidebarVisible.value = false
bottomPanelVisible.value = false
rightPanelVisible.value = false
}
})
watch(isDesktop, (val) => {
if (val) {
sidebarVisible.value = true
rightPanelVisible.value = true
bottomPanelVisible.value = true
}
})
return {
isMobile, isLaptop, isDesktop,
sidebarVisible, rightPanelVisible, bottomPanelVisible
}
}
这里使用了VueUse库的useBreakpoints工具来响应式地检测屏幕尺寸变化69^。这种方法比手动监听window.resize事件更加简洁和可靠,因为它内部使用了matchMedia API,性能更好且能处理DPI缩放等边界情况。布局状态存储在独立的composable中,各个面板组件通过v-show绑定对应的可见性状态,从而在屏幕尺寸变化时自动调整布局而无需重新加载数据或丢失用户操作状态。
/* layouts/responsive.css */
/* 大屏:完整布局 */
@media (min-width: 1920px) {
.workbench-layout {
--sidebar-width: 300px;
--right-panel-width: 400px;
--bottom-height: 250px;
}
}
/* 中屏:标准布局 */
@media (min-width: 1280px) and (max-width: 1919px) {
.workbench-layout {
--sidebar-width: 260px;
--right-panel-width: 350px;
--bottom-height: 200px;
}
}
/* 小屏:精简布局(隐藏右侧面板) */
@media (max-width: 1279px) {
.workbench-layout {
--sidebar-width: 240px;
--right-panel-width: 0px;
--bottom-height: 180px;
}
.right-panel {
display: none;
}
}
/* 超小屏(平板/手机):仅保留主视图 */
@media (max-width: 768px) {
.workbench-layout {
--sidebar-width: 0px;
--bottom-height: 0px;
}
.sidebar, .bottom-panel {
display: none;
}
}
至此,你已经完成了所有核心分析视图组件的实现。从反汇编视图的Monaco Editor语法高亮和四列对齐,到控制流图的Cytoscape.js渲染和DAG布局,再到十六进制视图的自定义虚拟滚动,以及AI Agent交互面板的对话式界面和漏洞报告展示——每一个组件都经过精心设计,既保证了功能的完整性,又注重视觉体验的一致性(统一的IDA Pro深色主题配色)。这些组件通过Pinia store的状态管理实现了紧密的视图联动,构成了一个专业级的逆向工程分析工作台。
回顾本章的核心收获:你掌握了Monaco Editor的自定义语言Tokenizer和主题系统,学会了使用Cytoscape.js构建交互式控制流图,实现了高性能的虚拟滚动十六进制视图,设计了大语言模型的对话式交互界面,以及将多个专业视图组件集成为统一工作台的关键技巧。这些能力不仅适用于逆向工程工具的开发,也可以迁移到任何需要复杂数据可视化和专业领域UI的Web应用中。组件化的架构设计让每个视图可以独立开发、测试和复用,而Pinia store提供的集中式状态管理则确保了视图间联动的可靠性和可预测性。你已经拥有了一个功能完备、交互流畅、视觉专业的二进制分析前端系统。
在下一章中,你将学习如何将这些前端组件与后端分析服务集成起来,通过RESTful API和WebSocket实现前后端的数据流和实时通信。你将掌握Axios请求封装、WebSocket长连接管理、二进制数据的流式传输,以及前后端协同的进度推送机制——让这个分析工作台真正”活”起来,具备处理真实二进制文件分析任务的完整能力。
免责声明:
本文所载程序、技术方法仅面向合法合规的安全研究与教学场景,旨在提升网络安全防护能力,具有明确的技术研究属性。
任何单位或个人未经授权,将本文内容用于攻击、破坏等非法用途的,由此引发的全部法律责任、民事赔偿及连带责任,均由行为人独立承担,本站不承担任何连带责任。
本站内容均为技术交流与知识分享目的发布,若存在版权侵权或其他异议,请通过邮件联系处理,具体联系方式可点击页面上方的联系我。
本文转载自:SPEEDCoding 李北辰 李北辰《13. 分析界面与可视化组件》
版权声明
本站仅做备份收录,仅供研究与教学参考之用。
读者将信息用于其他用途的,全部法律及连带责任由读者自行承担,本站不承担任何责任。
评论