Skip to main content

Library to instrument executable formats

Project description

About

The purpose of this project is to provide a cross platform library that can parse, modify and abstract ELF, PE and MachO formats.

Main features:

  • Parsing: LIEF can parse ELF, PE, MachO, OAT, DEX, VDEX, ART and provides an user-friendly API to access to format internals.

  • Modify: LIEF enables to modify some parts of these formats

  • Abstract: Three formats have common features like sections, symbols, entry point… LIEF factors them.

  • API: LIEF can be used in C, C++ and Python

Downloads / Install

First, make sure to have an updated version of setuptools:

$ pip install setuptools --upgrade

To install the latest version (release):

$ pip install lief

To install nightly build:

$ pip install [--user] --index-url https://lief.s3-website.fr-par.scw.cloud/latest lief

Getting started

Python

import lief

# ELF
binary = lief.parse("/usr/bin/ls")
print(binary)

# PE
binary = lief.parse("C:\\Windows\\explorer.exe")
print(binary)

# Mach-O
binary = lief.parse("/usr/bin/ls")
print(binary)

C++

#include <LIEF/LIEF.hpp>

int main(int argc, char** argv) {
  // ELF
  try {
    std::unique_ptr<LIEF::ELF::Binary> elf = LIEF::ELF::Parser::parse("/bin/ls");
    std::cout << *elf << std::endl;
  } catch (const LIEF::exception& err) {
    std::cerr << err.what() << std::endl;
  }

  // PE
  try {
    std::unique_ptr<LIEF::PE::Binary> pe = LIEF::PE::Parser::parse("C:\\Windows\\explorer.exe");
    std::cout << *pe << std::endl;
  } catch (const LIEF::exception& err) {
    std::cerr << err.what() << std::endl;
  }

  // Mach-O
  try {
    std::unique_ptr<LIEF::MachO::FatBinary> macho = LIEF::MachO::Parser::parse("/bin/ls");
    std::cout << *macho << std::endl;
  } catch (const LIEF::exception& err) {
    std::cerr << err.what() << std::endl;
  }

  return 0;
}

C (Limited API)

#include <LIEF/LIEF.h>

int main(int argc, char** argv) {
  Elf_Binary_t* elf = elf_parse("/usr/bin/ls");

  Elf_Section_t** sections = elf->sections;

  for (size_t i = 0; sections[i] != NULL; ++i) {
    printf("%s\n", sections[i]->name);
  }

  elf_binary_destroy(elf);
  return 0;
}

Documentation

Contact

Authors

Romain Thomas @rh0main - Quarkslab


LIEF is provided under the Apache 2.0 license

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distributions

lief-0.14.1-cp312-cp312-win_amd64.whl (2.2 MB view hashes)

Uploaded CPython 3.12 Windows x86-64

lief-0.14.1-cp312-cp312-win32.whl (2.0 MB view hashes)

Uploaded CPython 3.12 Windows x86

lief-0.14.1-cp312-cp312-manylinux_2_28_x86_64.manylinux_2_27_x86_64.whl (2.7 MB view hashes)

Uploaded CPython 3.12 manylinux: glibc 2.27+ x86-64 manylinux: glibc 2.28+ x86-64

lief-0.14.1-cp312-cp312-manylinux2014_aarch64.whl (2.5 MB view hashes)

Uploaded CPython 3.12

lief-0.14.1-cp312-cp312-macosx_11_0_x86_64.whl (2.0 MB view hashes)

Uploaded CPython 3.12 macOS 11.0+ x86-64

lief-0.14.1-cp312-cp312-macosx_11_0_arm64.whl (1.9 MB view hashes)

Uploaded CPython 3.12 macOS 11.0+ ARM64

lief-0.14.1-cp311-cp311-win_amd64.whl (2.2 MB view hashes)

Uploaded CPython 3.11 Windows x86-64

lief-0.14.1-cp311-cp311-win32.whl (1.9 MB view hashes)

Uploaded CPython 3.11 Windows x86

lief-0.14.1-cp311-cp311-manylinux_2_28_x86_64.manylinux_2_27_x86_64.whl (2.7 MB view hashes)

Uploaded CPython 3.11 manylinux: glibc 2.27+ x86-64 manylinux: glibc 2.28+ x86-64

lief-0.14.1-cp311-cp311-manylinux2014_aarch64.whl (2.5 MB view hashes)

Uploaded CPython 3.11

lief-0.14.1-cp311-cp311-macosx_11_0_x86_64.whl (2.0 MB view hashes)

Uploaded CPython 3.11 macOS 11.0+ x86-64

lief-0.14.1-cp311-cp311-macosx_11_0_arm64.whl (1.9 MB view hashes)

Uploaded CPython 3.11 macOS 11.0+ ARM64

lief-0.14.1-cp310-cp310-win_amd64.whl (2.2 MB view hashes)

Uploaded CPython 3.10 Windows x86-64

lief-0.14.1-cp310-cp310-win32.whl (1.9 MB view hashes)

Uploaded CPython 3.10 Windows x86

lief-0.14.1-cp310-cp310-manylinux_2_28_x86_64.manylinux_2_27_x86_64.whl (2.7 MB view hashes)

Uploaded CPython 3.10 manylinux: glibc 2.27+ x86-64 manylinux: glibc 2.28+ x86-64

lief-0.14.1-cp310-cp310-manylinux2014_aarch64.whl (2.5 MB view hashes)

Uploaded CPython 3.10

lief-0.14.1-cp310-cp310-macosx_11_0_x86_64.whl (2.0 MB view hashes)

Uploaded CPython 3.10 macOS 11.0+ x86-64

lief-0.14.1-cp310-cp310-macosx_11_0_arm64.whl (1.9 MB view hashes)

Uploaded CPython 3.10 macOS 11.0+ ARM64

lief-0.14.1-cp39-cp39-win_amd64.whl (2.2 MB view hashes)

Uploaded CPython 3.9 Windows x86-64

lief-0.14.1-cp39-cp39-win32.whl (1.9 MB view hashes)

Uploaded CPython 3.9 Windows x86

lief-0.14.1-cp39-cp39-manylinux_2_28_x86_64.manylinux_2_27_x86_64.whl (2.7 MB view hashes)

Uploaded CPython 3.9 manylinux: glibc 2.27+ x86-64 manylinux: glibc 2.28+ x86-64

lief-0.14.1-cp39-cp39-manylinux2014_aarch64.whl (2.5 MB view hashes)

Uploaded CPython 3.9

lief-0.14.1-cp39-cp39-macosx_11_0_x86_64.whl (2.0 MB view hashes)

Uploaded CPython 3.9 macOS 11.0+ x86-64

lief-0.14.1-cp39-cp39-macosx_11_0_arm64.whl (1.9 MB view hashes)

Uploaded CPython 3.9 macOS 11.0+ ARM64

lief-0.14.1-cp38-cp38-win_amd64.whl (2.2 MB view hashes)

Uploaded CPython 3.8 Windows x86-64

lief-0.14.1-cp38-cp38-win32.whl (1.9 MB view hashes)

Uploaded CPython 3.8 Windows x86

lief-0.14.1-cp38-cp38-manylinux_2_28_x86_64.manylinux_2_27_x86_64.whl (2.7 MB view hashes)

Uploaded CPython 3.8 manylinux: glibc 2.27+ x86-64 manylinux: glibc 2.28+ x86-64

lief-0.14.1-cp38-cp38-manylinux2014_aarch64.whl (2.5 MB view hashes)

Uploaded CPython 3.8

lief-0.14.1-cp38-cp38-macosx_11_0_x86_64.whl (2.0 MB view hashes)

Uploaded CPython 3.8 macOS 11.0+ x86-64

lief-0.14.1-cp38-cp38-macosx_11_0_arm64.whl (1.9 MB view hashes)

Uploaded CPython 3.8 macOS 11.0+ ARM64

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page