Skip to content
/ LIEF Public
forked fromlief-project/LIEF

LIEF - Library to Instrument Executable Formats

lief.re

License

Apache-2.0 license
0 stars 623 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

stonedre/LIEF

BranchesTags

Repository files navigation


Linux x86-64 CI status Linux AArch64 CI status Android CI status macOS CI status iOS CI status Windows CI status Twitter Follow


BlogDocumentationAbout


About

The purpose of this project is to provide a cross platform library which can parse, modify and abstract ELF, PE and MachO formats.

Main features:

  • Parsing:LIEF can parse ELF, PE, MachO, OAT, DEX, VDEX, ART and provides an user-friendly API to access to format internals.
  • Modify:LIEF enables to modify some parts of these formats
  • Abstract:Three formats have common features like sections, symbols, entry point... LIEF factors them.
  • API:LIEF can be used in C++, Python, Rust and C

Content

Downloads / Install

First, make sure to have an updated version of setuptools:

pip install setuptools --upgrade

To install the latestversion(release):

pip install lief

To install nightly build:

pip install [--user] --index-url https://lief.s3-website.fr-par.scw.cloud/latest lief==0.16.0.dev0

Packages

Here are guides to install or integrate LIEF:

Getting started

Python

importlief

# ELF
binary=lief.parse("/usr/bin/ls")
forsectioninbinary.sections:
print(section.name,section.virtual_address)

# PE
binary=lief.parse("C:\\Windows\\explorer.exe ")

ifrheader:=pe.rich_header:
print(rheader.key)

# Mach-O
binary=lief.parse("/usr/bin/ls")
forfixupinbinary.dyld_chained_fixups:
print(fixup)

Rust

uselief::Binary;
uselief::pe::debug::Entries::CodeViewPDB;

ifletSome(Binary::PE(pe))=Binary::parse(path.as_str()){
forentryinpe.debug(){
ifletCodeViewPDB(pdb_view)= entry{
println!("{}",pdb_view.filename());
}
}
}

C++

#include<LIEF/LIEF.hpp>

intmain(intargc,char** argv) {
//ELF
if(std::unique_ptr<constLIEF::ELF::Binary> elf =LIEF::ELF::Parser::parse("/bin/ls")) {
for(constLIEF::ELF::Section& section: elf->sections()) {
std::cout << section->name() <<''<< section->virtual_address() <<'\n';
}
}

//PE
if(std::unique_ptr<constLIEF::PE::Binary> pe =LIEF::PE::Parser::parse("C:\\Windows\\explorer.exe")) {
if(constLIEF::PE::RichHeader* rheader: pe->rich_header()) {
std::cout << rheader->key() <<'\n';
}
}

//Mach-O
if(std::unique_ptr<LIEF::MachO::FatBinary> macho =LIEF::MachO::Parser::parse("/bin/ls")) {
for(constLIEF::MachO::DyldChainedFixups& fixup: macho->dyld_chained_fixups()) {
std::cout << fixup <<'\n';
}
}

return0;
}

C (Limited API)

#include<LIEF/LIEF.h>

intmain(intargc,char** argv) {
Elf_Binary_t* elf =elf_parse("/usr/bin/ls");

Elf_Section_t** sections = elf->sections;

for(size_ti =0;sections[i]!=NULL;++i) {
printf("%s\n",sections[i]->name);
}

elf_binary_destroy(elf);
return0;
}

Documentation

Contact

  • Mail:contact at lief re
  • Discord:LIEF

About

Authors

Romain Thomas (@rh0main) -Quarkslab

License

LIEF is provided under theApache 2.0 license.

Bibtex

@MISC{LIEF,
author="Romain Thomas",
title="LIEF - Library to Instrument Executable Formats",
howpublished="https://lief.quarkslab.com/",
month="apr",
year="2017"
}

About

LIEF - Library to Instrument Executable Formats

lief.re

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • C++ 75.1%
  • Python 12.3%
  • Rust 8.6%
  • C 2.2%
  • CMake 1.5%
  • Shell 0.3%