Library to instrument executable formats

Navigation

Project links

Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: Apache License 2.0

Author: Romain Thomas

Tags parser, elf, pe, macho, reverse-engineering

Requires: Python >=3.6

Maintainers

Avatar for rh0main from gravatar.com rh0main

Classifiers

Project description

About

The purpose of this project is to provide a cross platform library which can parse, modify and abstract ELF, PE and MachO formats.

Main features:

  • Parsing: LIEF can parse ELF, PE, MachO, OAT, DEX, VDEX, ART and provides an user-friendly API to access to format internals.
  • Modify: LIEF enables to modify some parts of these formats
  • Abstract: Three formats have common features like sections, symbols, entry point… LIEF factors them.
  • API: LIEF can be used in C, C++ and Python

Downloads / Install

First, make sure to have an updated version of setuptools:

$ pip install setuptools --upgrade

To install the latest version (release):

$ pip install lief

To install nightly build:

$ pip install [--user] --index-url  https://lief-project.github.io/packages lief

Getting started

Python

import lief

# ELF
binary = lief.parse("/usr/bin/ls")
print(binary)

# PE
binary = lief.parse("C:\\Windows\\explorer.exe")
print(binary)

# Mach-O
binary = lief.parse("/usr/bin/ls")
print(binary)

C++

#include <LIEF/LIEF.hpp>

int main(int argc, char** argv) {
  // ELF
  try {
    std::unique_ptr<LIEF::ELF::Binary> elf = LIEF::ELF::Parser::parse("/bin/ls");
    std::cout << *elf << std::endl;
  } catch (const LIEF::exception& err) {
    std::cerr << err.what() << std::endl;
  }

  // PE
  try {
    std::unique_ptr<LIEF::PE::Binary> pe = LIEF::PE::Parser::parse("C:\\Windows\\explorer.exe");
    std::cout << *pe << std::endl;
  } catch (const LIEF::exception& err) {
    std::cerr << err.what() << std::endl;
  }

  // Mach-O
  try {
    std::unique_ptr<LIEF::MachO::FatBinary> macho = LIEF::MachO::Parser::parse("/bin/ls");
    std::cout << *macho << std::endl;
  } catch (const LIEF::exception& err) {
    std::cerr << err.what() << std::endl;
  }

  return 0;
}

C (Limited API)

#include <LIEF/LIEF.h>

int main(int argc, char** argv) {
  Elf_Binary_t* elf = elf_parse("/usr/bin/ls");

  Elf_Section_t** sections = elf->sections;

  for (size_t i = 0; sections[i] != NULL; ++i) {
    printf("%s\n", sections[i]->name);
  }

  elf_binary_destroy(elf);
  return 0;
}

Contact

Authors

Romain Thomas @rh0main - Quarkslab

LIEF is provided under the Apache 2.0 license

Project details

Project links

Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: Apache License 2.0

Author: Romain Thomas

Tags parser, elf, pe, macho, reverse-engineering

Requires: Python >=3.6

Maintainers

Avatar for rh0main from gravatar.com rh0main

Classifiers


Release history Release notifications | RSS feed

This version

0.12.1

0.12.0

0.11.5

0.11.4

0.11.3

0.11.2

0.11.1

0.11.0

0.10.1

0.10.0

0.9.0

0.8.3

0.8.2

0.8.1

0.8.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

lief-0.12.1.zip (15.0 MB view hashes)

Uploaded source

Built Distributions

lief-0.12.1-cp310-cp310-win_amd64.whl (4.9 MB view hashes)

Uploaded cp310

lief-0.12.1-cp310-cp310-win32.whl (3.9 MB view hashes)

Uploaded cp310

lief-0.12.1-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (4.1 MB view hashes)

Uploaded cp310

lief-0.12.1-cp310-cp310-macosx_10_14_x86_64.whl (3.3 MB view hashes)

Uploaded cp310

lief-0.12.1-cp39-cp39-win_amd64.whl (4.9 MB view hashes)

Uploaded cp39

lief-0.12.1-cp39-cp39-win32.whl (3.9 MB view hashes)

Uploaded cp39

lief-0.12.1-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (4.2 MB view hashes)

Uploaded cp39

lief-0.12.1-cp39-cp39-manylinux2014_aarch64.whl (4.1 MB view hashes)

Uploaded cp39

lief-0.12.1-cp39-cp39-macosx_10_14_x86_64.whl (3.3 MB view hashes)

Uploaded cp39

lief-0.12.1-cp38-cp38-win_amd64.whl (4.9 MB view hashes)

Uploaded cp38

lief-0.12.1-cp38-cp38-win32.whl (3.9 MB view hashes)

Uploaded cp38

lief-0.12.1-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (4.1 MB view hashes)

Uploaded cp38

lief-0.12.1-cp38-cp38-manylinux2014_aarch64.whl (4.1 MB view hashes)

Uploaded cp38

lief-0.12.1-cp38-cp38-macosx_10_14_x86_64.whl (3.3 MB view hashes)

Uploaded cp38

lief-0.12.1-cp37-cp37m-win_amd64.whl (4.8 MB view hashes)

Uploaded cp37

lief-0.12.1-cp37-cp37m-win32.whl (3.9 MB view hashes)

Uploaded cp37

lief-0.12.1-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (4.0 MB view hashes)

Uploaded cp37

lief-0.12.1-cp37-cp37m-manylinux2014_aarch64.whl (4.2 MB view hashes)

Uploaded cp37

lief-0.12.1-cp37-cp37m-macosx_10_14_x86_64.whl (3.2 MB view hashes)

Uploaded cp37

lief-0.12.1-cp36-cp36m-win_amd64.whl (4.8 MB view hashes)

Uploaded cp36

lief-0.12.1-cp36-cp36m-win32.whl (3.9 MB view hashes)

Uploaded cp36

lief-0.12.1-cp36-cp36m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (4.0 MB view hashes)

Uploaded cp36

lief-0.12.1-cp36-cp36m-macosx_10_14_x86_64.whl (3.2 MB view hashes)

Uploaded cp36

Supported by

AWS AWS Cloud computing Datadog Datadog Monitoring Facebook / Instagram Facebook / Instagram PSF Sponsor Fastly Fastly CDN Google Google Object Storage and Download Analytics Huawei Huawei PSF Sponsor Microsoft Microsoft PSF Sponsor NVIDIA NVIDIA PSF Sponsor Pingdom Pingdom Monitoring Salesforce Salesforce PSF Sponsor Sentry Sentry Error logging StatusPage StatusPage Status page