Library to instrument executable formats

Navigation

Project links

Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: Apache License 2.0

Author: Romain Thomas

Tags parser, elf, pe, macho, reverse-engineering

Requires: Python >=3.8

Maintainers

Avatar for rh0main from gravatar.com rh0main

Classifiers

Project description

About

The purpose of this project is to provide a cross platform library that can parse, modify and abstract ELF, PE and MachO formats.

Main features:

  • Parsing: LIEF can parse ELF, PE, MachO, OAT, DEX, VDEX, ART and provides an user-friendly API to access to format internals.

  • Modify: LIEF enables to modify some parts of these formats

  • Abstract: Three formats have common features like sections, symbols, entry point… LIEF factors them.

  • API: LIEF can be used in C, C++ and Python

Downloads / Install

First, make sure to have an updated version of setuptools:

$ pip install setuptools --upgrade

To install the latest version (release):

$ pip install lief

To install nightly build:

$ pip install [--user] --index-url https://lief.s3-website.fr-par.scw.cloud/latest lief

Getting started

Python

import lief

# ELF
binary = lief.parse("/usr/bin/ls")
print(binary)

# PE
binary = lief.parse("C:\\Windows\\explorer.exe")
print(binary)

# Mach-O
binary = lief.parse("/usr/bin/ls")
print(binary)

C++

#include <LIEF/LIEF.hpp>

int main(int argc, char** argv) {
  // ELF
  try {
    std::unique_ptr<LIEF::ELF::Binary> elf = LIEF::ELF::Parser::parse("/bin/ls");
    std::cout << *elf << std::endl;
  } catch (const LIEF::exception& err) {
    std::cerr << err.what() << std::endl;
  }

  // PE
  try {
    std::unique_ptr<LIEF::PE::Binary> pe = LIEF::PE::Parser::parse("C:\\Windows\\explorer.exe");
    std::cout << *pe << std::endl;
  } catch (const LIEF::exception& err) {
    std::cerr << err.what() << std::endl;
  }

  // Mach-O
  try {
    std::unique_ptr<LIEF::MachO::FatBinary> macho = LIEF::MachO::Parser::parse("/bin/ls");
    std::cout << *macho << std::endl;
  } catch (const LIEF::exception& err) {
    std::cerr << err.what() << std::endl;
  }

  return 0;
}

C (Limited API)

#include <LIEF/LIEF.h>

int main(int argc, char** argv) {
  Elf_Binary_t* elf = elf_parse("/usr/bin/ls");

  Elf_Section_t** sections = elf->sections;

  for (size_t i = 0; sections[i] != NULL; ++i) {
    printf("%s\n", sections[i]->name);
  }

  elf_binary_destroy(elf);
  return 0;
}

Documentation

Contact

Authors

Romain Thomas @rh0main - Quarkslab

LIEF is provided under the Apache 2.0 license

Project details

Project links

Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: Apache License 2.0

Author: Romain Thomas

Tags parser, elf, pe, macho, reverse-engineering

Requires: Python >=3.8

Maintainers

Avatar for rh0main from gravatar.com rh0main

Classifiers


Release history Release notifications | RSS feed

This version

0.13.2

0.13.1

0.13.0

0.12.3

0.12.2

0.12.1

0.12.0

0.11.5

0.11.4

0.11.3

0.11.2

0.11.1

0.11.0

0.10.1

0.10.0

0.9.0

0.8.3

0.8.2

0.8.1

0.8.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release. See tutorial on generating distribution archives.

Built Distributions

lief-0.13.2-cp311-cp311-win_amd64.whl (3.1 MB view hashes)

Uploaded cp311

lief-0.13.2-cp311-cp311-win32.whl (2.5 MB view hashes)

Uploaded cp311

lief-0.13.2-cp311-cp311-manylinux_2_24_x86_64.whl (4.0 MB view hashes)

Uploaded cp311

lief-0.13.2-cp311-cp311-manylinux2014_aarch64.whl (3.8 MB view hashes)

Uploaded cp311

lief-0.13.2-cp311-cp311-macosx_11_0_arm64.whl (3.2 MB view hashes)

Uploaded cp311

lief-0.13.2-cp311-cp311-macosx_10_14_x86_64.whl (3.4 MB view hashes)

Uploaded cp311

lief-0.13.2-cp310-cp310-win_amd64.whl (3.1 MB view hashes)

Uploaded cp310

lief-0.13.2-cp310-cp310-win32.whl (2.5 MB view hashes)

Uploaded cp310

lief-0.13.2-cp310-cp310-manylinux_2_24_x86_64.whl (4.0 MB view hashes)

Uploaded cp310

lief-0.13.2-cp310-cp310-manylinux2014_aarch64.whl (3.8 MB view hashes)

Uploaded cp310

lief-0.13.2-cp310-cp310-macosx_11_0_arm64.whl (3.2 MB view hashes)

Uploaded cp310

lief-0.13.2-cp310-cp310-macosx_10_14_x86_64.whl (3.4 MB view hashes)

Uploaded cp310

lief-0.13.2-cp39-cp39-win_amd64.whl (3.1 MB view hashes)

Uploaded cp39

lief-0.13.2-cp39-cp39-win32.whl (2.5 MB view hashes)

Uploaded cp39

lief-0.13.2-cp39-cp39-manylinux_2_24_x86_64.whl (4.1 MB view hashes)

Uploaded cp39

lief-0.13.2-cp39-cp39-manylinux2014_aarch64.whl (3.8 MB view hashes)

Uploaded cp39

lief-0.13.2-cp39-cp39-macosx_11_0_arm64.whl (3.2 MB view hashes)

Uploaded cp39

lief-0.13.2-cp39-cp39-macosx_10_14_x86_64.whl (3.4 MB view hashes)

Uploaded cp39

lief-0.13.2-cp38-cp38-win_amd64.whl (3.1 MB view hashes)

Uploaded cp38

lief-0.13.2-cp38-cp38-win32.whl (2.5 MB view hashes)

Uploaded cp38

lief-0.13.2-cp38-cp38-manylinux_2_24_x86_64.whl (4.1 MB view hashes)

Uploaded cp38

lief-0.13.2-cp38-cp38-manylinux2014_aarch64.whl (3.8 MB view hashes)

Uploaded cp38

lief-0.13.2-cp38-cp38-macosx_10_14_x86_64.whl (3.4 MB view hashes)

Uploaded cp38

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page