Skip to main content

Library to instrument executable formats

Project description

About

The purpose of this project is to provide a cross platform library which can parse, modify and abstract ELF, PE and MachO formats.

Main features:

  • Parsing: LIEF can parse ELF, PE, MachO, OAT, DEX, VDEX, ART and provides an user-friendly API to access to format internals.

  • Modify: LIEF enables to modify some parts of these formats

  • Abstract: Three formats have common features like sections, symbols, entry point… LIEF factors them.

  • API: LIEF can be used in C, C++ and Python

Downloads / Install

First, make sure to have an updated version of setuptools:

$ pip install setuptools --upgrade

To install the latest version (release):

$ pip install lief

To install nightlty build:

$ pip install [--user] --index-url  https://lief-project.github.io/packages lief

Getting started

Python

import lief

# ELF
binary = lief.parse("/usr/bin/ls")
print(binary)

# PE
binary = lief.parse("C:\\Windows\\explorer.exe")
print(binary)

# Mach-O
binary = lief.parse("/usr/bin/ls")
print(binary)

C++

#include <LIEF/LIEF.hpp>

int main(int argc, char** argv) {
  // ELF
  try {
    std::unique_ptr<LIEF::ELF::Binary> elf = LIEF::ELF::Parser::parse("/bin/ls");
    std::cout << *elf << std::endl;
  } catch (const LIEF::exception& err) {
    std::cerr << err.what() << std::endl;
  }

  // PE
  try {
    std::unique_ptr<LIEF::PE::Binary> pe = LIEF::PE::Parser::parse("C:\\Windows\\explorer.exe");
    std::cout << *pe << std::endl;
  } catch (const LIEF::exception& err) {
    std::cerr << err.what() << std::endl;
  }

  // Mach-O
  try {
    std::unique_ptr<LIEF::MachO::FatBinary> macho = LIEF::MachO::Parser::parse("/bin/ls");
    std::cout << *macho << std::endl;
  } catch (const LIEF::exception& err) {
    std::cerr << err.what() << std::endl;
  }

  return 0;
}

C (Limited API)

#include <LIEF/LIEF.h>

int main(int argc, char** argv) {
  Elf_Binary_t* elf = elf_parse("/usr/bin/ls");

  Elf_Section_t** sections = elf->sections;

  for (size_t i = 0; sections[i] != NULL; ++i) {
    printf("%s\n", sections[i]->name);
  }

  elf_binary_destroy(elf);
  return 0;
}

Documentation

Contact

Authors

Romain Thomas @rh0main - Quarkslab


LIEF is provided under the Apache 2.0 license

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

lief-0.11.2.zip (15.7 MB view hashes)

Uploaded Source

Built Distributions

lief-0.11.2-cp39-cp39-win_amd64.whl (4.4 MB view hashes)

Uploaded CPython 3.9 Windows x86-64

lief-0.11.2-cp39-cp39-win32.whl (3.9 MB view hashes)

Uploaded CPython 3.9 Windows x86

lief-0.11.2-cp39-cp39-manylinux2014_aarch64.whl (3.2 MB view hashes)

Uploaded CPython 3.9

lief-0.11.2-cp39-cp39-manylinux1_x86_64.whl (3.3 MB view hashes)

Uploaded CPython 3.9

lief-0.11.2-cp39-cp39-macosx_10_14_x86_64.whl (2.8 MB view hashes)

Uploaded CPython 3.9 macOS 10.14+ x86-64

lief-0.11.2-cp38-cp38-win_amd64.whl (4.4 MB view hashes)

Uploaded CPython 3.8 Windows x86-64

lief-0.11.2-cp38-cp38-win32.whl (3.9 MB view hashes)

Uploaded CPython 3.8 Windows x86

lief-0.11.2-cp38-cp38-manylinux2014_aarch64.whl (3.2 MB view hashes)

Uploaded CPython 3.8

lief-0.11.2-cp38-cp38-manylinux1_x86_64.whl (3.3 MB view hashes)

Uploaded CPython 3.8

lief-0.11.2-cp38-cp38-macosx_10_14_x86_64.whl (2.8 MB view hashes)

Uploaded CPython 3.8 macOS 10.14+ x86-64

lief-0.11.2-cp37-cp37m-win_amd64.whl (4.3 MB view hashes)

Uploaded CPython 3.7m Windows x86-64

lief-0.11.2-cp37-cp37m-win32.whl (3.9 MB view hashes)

Uploaded CPython 3.7m Windows x86

lief-0.11.2-cp37-cp37m-manylinux2014_aarch64.whl (3.3 MB view hashes)

Uploaded CPython 3.7m

lief-0.11.2-cp37-cp37m-manylinux1_x86_64.whl (3.2 MB view hashes)

Uploaded CPython 3.7m

lief-0.11.2-cp37-cp37m-macosx_10_14_x86_64.whl (2.7 MB view hashes)

Uploaded CPython 3.7m macOS 10.14+ x86-64

lief-0.11.2-cp36-cp36m-win_amd64.whl (4.3 MB view hashes)

Uploaded CPython 3.6m Windows x86-64

lief-0.11.2-cp36-cp36m-win32.whl (3.9 MB view hashes)

Uploaded CPython 3.6m Windows x86

lief-0.11.2-cp36-cp36m-manylinux1_x86_64.whl (3.2 MB view hashes)

Uploaded CPython 3.6m

lief-0.11.2-cp36-cp36m-macosx_10_14_x86_64.whl (2.7 MB view hashes)

Uploaded CPython 3.6m macOS 10.14+ x86-64

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page