Library to instrument executable formats

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for rh0main from gravatar.com rh0main

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache License 2.0
  • Author: Romain Thomas
  • Tags parser, elf, pe, macho, reverse-engineering
  • Requires: Python >=3.8
Classifiers

Project description

About

The purpose of this project is to provide a cross platform library that can parse, modify and abstract ELF, PE and MachO formats.

Main features:

  • Parsing: LIEF can parse ELF, PE, MachO, OAT, DEX, VDEX, ART and provides an user-friendly API to access to format internals.

  • Modify: LIEF enables to modify some parts of these formats

  • Abstract: Three formats have common features like sections, symbols, entry point… LIEF factors them.

  • API: LIEF can be used in C, C++, Python and Rust

LIEF Extended:

  • DWARF/PDB Support

  • Objective-C Metadata

  • dyld shared cache

Checkout: https://lief.re/doc/latest/extended/intro.html for the details

Getting Started

$ pip install lief
import lief

elf = lief.ELF.parse("/bin/ls")
for section in elf.sections:
    print(section.name, len(section.content))

pe = lief.PE.parse("cmd.exe")
for imp in pe.imports:
    print(imp.name)

fat = lief.MachO.parse("/bin/dyld")
for macho in fat:
    for sym in macho.symbols:
        print(sym)

Documentation

Contact

  • Mail: contact at lief.re

  • Discord: LIEF

Authors

Romain Thomas @rh0main

LIEF is provided under the Apache 2.0 license

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page