The purpose of this project is to provide a cross platform library which can parse, modify and abstract ELF, PE and MachO formats.
Main features:
- Parsing: LIEF can parse ELF, PE, MachO, OAT, DEX, VDEX, ART and provides an user-friendly API to access to format internals.
- Modify: LIEF enables to modify some parts of these formats
- Abstract: Three formats have common features like sections, symbols, entry point... LIEF factors them.
- API: LIEF can be used in C, C++ and Python
First, make sure to have an updated version of setuptools:
$ pip install setuptools --upgradeTo install the latest version (release):
$ pip install liefTo install nightlty build:
$ pip install [--user] --index-url https://lief-project.github.io/packages liefimport lief
# ELF
binary = lief.parse("/usr/bin/ls")
print(binary)
# PE
binary = lief.parse("C:\\Windows\\explorer.exe")
print(binary)
# Mach-O
binary = lief.parse("/usr/bin/ls")
print(binary)#include <LIEF/LIEF.hpp>
int main(int argc, char** argv) {
// ELF
try {
std::unique_ptr<LIEF::ELF::Binary> elf = LIEF::ELF::Parser::parse("/bin/ls");
std::cout << *elf << std::endl;
} catch (const LIEF::exception& err) {
std::cerr << err.what() << std::endl;
}
// PE
try {
std::unique_ptr<LIEF::PE::Binary> pe = LIEF::PE::Parser::parse("C:\\Windows\\explorer.exe");
std::cout << *pe << std::endl;
} catch (const LIEF::exception& err) {
std::cerr << err.what() << std::endl;
}
// Mach-O
try {
std::unique_ptr<LIEF::MachO::FatBinary> macho = LIEF::MachO::Parser::parse("/bin/ls");
std::cout << *macho << std::endl;
} catch (const LIEF::exception& err) {
std::cerr << err.what() << std::endl;
}
return 0;
}#include <LIEF/LIEF.h>
int main(int argc, char** argv) {
Elf_Binary_t* elf = elf_parse("/usr/bin/ls");
Elf_Section_t** sections = elf->sections;
for (size_t i = 0; sections[i] != NULL; ++i) {
printf("%s\n", sections[i]->name);
}
elf_binary_destroy(elf);
return 0;
}- Mail: lief at quarkslab com
- Gitter: lief-project
Romain Thomas @rh0main - Quarkslab
LIEF is provided under the Apache 2.0 license