LIEF

LIEF - Library to Instrument Executable Formats (C++, Python, Rust)

lief-project
4581
636
C++


  Linux x86-64 CI status   Linux AArch64 CI status   Android CI status   macOS CI status   iOS CI status   Windows CI status     Twitter Follow  


BlogDocumentationAbout


About

The purpose of this project is to provide a cross-platform library to parse,
modify and abstract ELF, PE and MachO formats.

Main features:

  • Parsing: LIEF can parse ELF, PE, MachO, OAT, DEX, VDEX, ART and provides an user-friendly API to access to internals.
  • Modify: LIEF can use to modify some parts of these formats (adding a section, changing a symbol’s name, …)
  • Abstract: Three formats have common features like sections, symbols, entry point… LIEF factors them.
  • API: LIEF can be used in C++, Python, Rust and C

Extended features:

Content

Downloads / Install

C++

find_package(LIEF REQUIRED)
target_link_libraries(my-project LIEF::LIEF)

Rust

[package]
name    = "my-awesome-project"
version = "0.0.1"
edition = "2021"

[dependencies]
lief = "0.16.2"

Python

To install the latest version (release):

pip install lief

To install nightly build:

pip install [--user] --force-reinstall --index-url https://lief.s3-website.fr-par.scw.cloud/latest lief==0.17.0.dev0

Packages

Here are guides to install or integrate LIEF:

Getting started

Python

import lief

# ELF
binary = lief.parse("/usr/bin/ls")
for section in binary.sections:
    print(section.name, section.virtual_address)

# PE
binary = lief.parse("C:\\Windows\\explorer.exe")

if rheader := pe.rich_header:
    print(rheader.key)

# Mach-O
binary = lief.parse("/usr/bin/ls")
for fixup in binary.dyld_chained_fixups:
    print(fixup)

Rust

use lief::Binary;
use lief::pe::debug::Entries::CodeViewPDB;

if let Some(Binary::PE(pe)) = Binary::parse(path.as_str()) {
    for entry in pe.debug() {
        if let CodeViewPDB(pdb_view) = entry {
            println!("{}", pdb_view.filename());
        }
    }
}

C++

#include <LIEF/LIEF.hpp>

int main(int argc, char** argv) {
  // ELF
  if (std::unique_ptr<const LIEF::ELF::Binary> elf = LIEF::ELF::Parser::parse("/bin/ls")) {
    for (const LIEF::ELF::Section& section : elf->sections()) {
      std::cout << section->name() << ' ' << section->virtual_address() << '\n';
    }
  }

  // PE
  if (std::unique_ptr<const LIEF::PE::Binary> pe = LIEF::PE::Parser::parse("C:\\Windows\\explorer.exe")) {
    if (const LIEF::PE::RichHeader* rheader : pe->rich_header()) {
      std::cout << rheader->key() << '\n';
    }
  }

  // Mach-O
  if (std::unique_ptr<LIEF::MachO::FatBinary> macho = LIEF::MachO::Parser::parse("/bin/ls")) {
    for (const LIEF::MachO::DyldChainedFixups& fixup : macho->dyld_chained_fixups()) {
      std::cout << fixup << '\n';
    }
  }

  return 0;
}

C (Limited API)

#include <LIEF/LIEF.h>

int main(int argc, char** argv) {
  Elf_Binary_t* elf = elf_parse("/usr/bin/ls");

  Elf_Section_t** sections = elf->sections;

  for (size_t i = 0; sections[i] != NULL; ++i) {
    printf("%s\n", sections[i]->name);
  }

  elf_binary_destroy(elf);
  return 0;
}

Documentation

Contact

  • Mail: contact at lief re
  • Discord: LIEF

About

Authors

Romain Thomas (@rh0main) - Formerly at Quarkslab

License

LIEF is provided under the Apache 2.0 license.

Bibtex

@MISC {LIEF,
  author       = "Romain Thomas",
  title        = "LIEF - Library to Instrument Executable Formats",
  howpublished = "https://lief.quarkslab.com/",
  month        = "apr",
  year         = "2017"
}