Library to instrument executable formats

Navigation

Project links

Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: Apache License 2.0

Author: Romain Thomas

Tags parser, elf, pe, macho, reverse-engineering

Requires: Python >=3.6

Maintainers

Avatar for rh0main from gravatar.com rh0main

Classifiers

Project description

About

The purpose of this project is to provide a cross platform library which can parse, modify and abstract ELF, PE and MachO formats.

Main features:

  • Parsing: LIEF can parse ELF, PE, MachO, OAT, DEX, VDEX, ART and provides an user-friendly API to access to format internals.
  • Modify: LIEF enables to modify some parts of these formats
  • Abstract: Three formats have common features like sections, symbols, entry point… LIEF factors them.
  • API: LIEF can be used in C, C++ and Python

Downloads / Install

First, make sure to have an updated version of setuptools:

$ pip install setuptools --upgrade

To install the latest version (release):

$ pip install lief

To install nightlty build:

$ pip install [--user] --index-url  https://lief-project.github.io/packages lief

Getting started

Python

import lief

# ELF
binary = lief.parse("/usr/bin/ls")
print(binary)

# PE
binary = lief.parse("C:\\Windows\\explorer.exe")
print(binary)

# Mach-O
binary = lief.parse("/usr/bin/ls")
print(binary)

C++

#include <LIEF/LIEF.hpp>

int main(int argc, char** argv) {
  // ELF
  try {
    std::unique_ptr<LIEF::ELF::Binary> elf = LIEF::ELF::Parser::parse("/bin/ls");
    std::cout << *elf << std::endl;
  } catch (const LIEF::exception& err) {
    std::cerr << err.what() << std::endl;
  }

  // PE
  try {
    std::unique_ptr<LIEF::PE::Binary> pe = LIEF::PE::Parser::parse("C:\\Windows\\explorer.exe");
    std::cout << *pe << std::endl;
  } catch (const LIEF::exception& err) {
    std::cerr << err.what() << std::endl;
  }

  // Mach-O
  try {
    std::unique_ptr<LIEF::MachO::FatBinary> macho = LIEF::MachO::Parser::parse("/bin/ls");
    std::cout << *macho << std::endl;
  } catch (const LIEF::exception& err) {
    std::cerr << err.what() << std::endl;
  }

  return 0;
}

C (Limited API)

#include <LIEF/LIEF.h>

int main(int argc, char** argv) {
  Elf_Binary_t* elf = elf_parse("/usr/bin/ls");

  Elf_Section_t** sections = elf->sections;

  for (size_t i = 0; sections[i] != NULL; ++i) {
    printf("%s\n", sections[i]->name);
  }

  elf_binary_destroy(elf);
  return 0;
}

Contact

Authors

Romain Thomas @rh0main - Quarkslab

LIEF is provided under the Apache 2.0 license

Project details

Project links

Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: Apache License 2.0

Author: Romain Thomas

Tags parser, elf, pe, macho, reverse-engineering

Requires: Python >=3.6

Maintainers

Avatar for rh0main from gravatar.com rh0main

Classifiers


Release history Release notifications | RSS feed

This version

0.11.5

0.11.4

0.11.3

0.11.2

0.11.1

0.11.0

0.10.1

0.10.0

0.9.0

0.8.3

0.8.2

0.8.1

0.8.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for lief, version 0.11.5
Filename, size File type Python version Upload date Hashes
Filename, size lief-0.11.5-cp36-cp36m-macosx_10_14_x86_64.whl (2.8 MB) File type Wheel Python version cp36 Upload date Hashes View
Filename, size lief-0.11.5-cp36-cp36m-manylinux1_x86_64.whl (3.2 MB) File type Wheel Python version cp36 Upload date Hashes View
Filename, size lief-0.11.5-cp36-cp36m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (3.9 MB) File type Wheel Python version cp36 Upload date Hashes View
Filename, size lief-0.11.5-cp36-cp36m-win32.whl (3.9 MB) File type Wheel Python version cp36 Upload date Hashes View
Filename, size lief-0.11.5-cp36-cp36m-win_amd64.whl (4.3 MB) File type Wheel Python version cp36 Upload date Hashes View
Filename, size lief-0.11.5-cp37-cp37m-macosx_10_14_x86_64.whl (2.8 MB) File type Wheel Python version cp37 Upload date Hashes View
Filename, size lief-0.11.5-cp37-cp37m-manylinux1_x86_64.whl (3.2 MB) File type Wheel Python version cp37 Upload date Hashes View
Filename, size lief-0.11.5-cp37-cp37m-manylinux2014_aarch64.whl (3.3 MB) File type Wheel Python version cp37 Upload date Hashes View
Filename, size lief-0.11.5-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (3.9 MB) File type Wheel Python version cp37 Upload date Hashes View
Filename, size lief-0.11.5-cp37-cp37m-win32.whl (3.9 MB) File type Wheel Python version cp37 Upload date Hashes View
Filename, size lief-0.11.5-cp37-cp37m-win_amd64.whl (4.3 MB) File type Wheel Python version cp37 Upload date Hashes View
Filename, size lief-0.11.5-cp38-cp38-macosx_10_14_x86_64.whl (2.9 MB) File type Wheel Python version cp38 Upload date Hashes View
Filename, size lief-0.11.5-cp38-cp38-macosx_11_0_arm64.whl (2.8 MB) File type Wheel Python version cp38 Upload date Hashes View
Filename, size lief-0.11.5-cp38-cp38-manylinux1_x86_64.whl (3.3 MB) File type Wheel Python version cp38 Upload date Hashes View
Filename, size lief-0.11.5-cp38-cp38-manylinux2014_aarch64.whl (3.2 MB) File type Wheel Python version cp38 Upload date Hashes View
Filename, size lief-0.11.5-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (4.0 MB) File type Wheel Python version cp38 Upload date Hashes View
Filename, size lief-0.11.5-cp38-cp38-win32.whl (3.9 MB) File type Wheel Python version cp38 Upload date Hashes View
Filename, size lief-0.11.5-cp38-cp38-win_amd64.whl (4.4 MB) File type Wheel Python version cp38 Upload date Hashes View
Filename, size lief-0.11.5-cp39-cp39-macosx_10_14_x86_64.whl (2.9 MB) File type Wheel Python version cp39 Upload date Hashes View
Filename, size lief-0.11.5-cp39-cp39-macosx_11_0_arm64.whl (2.8 MB) File type Wheel Python version cp39 Upload date Hashes View
Filename, size lief-0.11.5-cp39-cp39-manylinux1_x86_64.whl (3.3 MB) File type Wheel Python version cp39 Upload date Hashes View
Filename, size lief-0.11.5-cp39-cp39-manylinux2014_aarch64.whl (3.2 MB) File type Wheel Python version cp39 Upload date Hashes View
Filename, size lief-0.11.5-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (4.0 MB) File type Wheel Python version cp39 Upload date Hashes View
Filename, size lief-0.11.5-cp39-cp39-win32.whl (3.9 MB) File type Wheel Python version cp39 Upload date Hashes View
Filename, size lief-0.11.5-cp39-cp39-win_amd64.whl (4.4 MB) File type Wheel Python version cp39 Upload date Hashes View
Filename, size lief-0.11.5.zip (15.7 MB) File type Source Python version None Upload date Hashes View

Supported by

AWS AWS Cloud computing Datadog Datadog Monitoring DigiCert DigiCert EV certificate Facebook / Instagram Facebook / Instagram PSF Sponsor Fastly Fastly CDN Google Google Object Storage and Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Salesforce Salesforce PSF Sponsor Sentry Sentry Error logging StatusPage StatusPage Status page