The purpose of this project is to provide a cross platform library which can parse, modify and abstract ELF, PE and MachO formats.
Main features:
- Parsing: LIEF can parse ELF, PE, MachO, OAT, DEX, VDEX, ART and provides an user-friendly API to access to format internals.
- Modify: LIEF enables to modify some parts of these formats
- Abstract: Three formats have common features like sections, symbols, entry point... LIEF factors them.
- API: LIEF can be used in C, C++ and Python
Downloads / Install
First, make sure to have an updated version of setuptools:
pip install setuptools --upgradeTo install the latest version (release):
To install nightlty build:
pip install [--user] --index-url https://lief-project.github.io/packages liefPackages
 | |||
| Linux | Windows - x86 | Windows - x86-64 | OSX |
|---|---|---|---|
| SDK | SDK | SDK | SDK |
| |||||
| Linux | Windows | OSX | Documentation | ||
|---|---|---|---|---|---|
| SDK |
SDK - x86
SDK - x86-64 |
SDK | Sphinx + Doxygen | ||
Here are guides to install or integrate LIEF:
Getting started
Python
import lief # ELF binary = lief.parse("/usr/bin/ls") print(binary) # PE binary = lief.parse("C:\\Windows\\explorer.exe") print(binary) # Mach-O binary = lief.parse("/usr/bin/ls") print(binary)
C++
#include <LIEF/LIEF.hpp> int main(int argc, char** argv) { // ELF try { std::unique_ptr<LIEF::ELF::Binary> elf = LIEF::ELF::Parser::parse("/bin/ls"); std::cout << *elf << std::endl; } catch (const LIEF::exception& err) { std::cerr << err.what() << std::endl; } // PE try { std::unique_ptr<LIEF::PE::Binary> pe = LIEF::PE::Parser::parse("C:\\Windows\\explorer.exe"); std::cout << *pe << std::endl; } catch (const LIEF::exception& err) { std::cerr << err.what() << std::endl; } // Mach-O try { std::unique_ptr<LIEF::MachO::FatBinary> macho = LIEF::MachO::Parser::parse("/bin/ls"); std::cout << *macho << std::endl; } catch (const LIEF::exception& err) { std::cerr << err.what() << std::endl; } return 0; }
C (Limited API)
#include <LIEF/LIEF.h> int main(int argc, char** argv) { Elf_Binary_t* elf = elf_parse("/usr/bin/ls"); Elf_Section_t** sections = elf->sections; for (size_t i = 0; sections[i] != NULL; ++i) { printf("%s\n", sections[i]->name); } elf_binary_destroy(elf); return 0; }
Documentation
Contact
- Mail: lief at quarkslab com
- Gitter: lief-project
About
Authors
Romain Thomas (@rh0main) - Quarkslab
License
LIEF is provided under the Apache 2.0 license.
Bibtex
@MISC {LIEF,
author = "Romain Thomas",
title = "LIEF - Library to Instrument Executable Formats",
howpublished = "https://lief.quarkslab.com/",
month = "April",
year = "2017",
}
