Blog • Documentation • About
The purpose of this project is to provide a cross-platform library to parse, modify and abstract ELF, PE and MachO formats.
Main features:
- Parsing: LIEF can parse ELF, PE, MachO, COFF, OAT, DEX, VDEX, ART and provides an user-friendly API to access to internals.
- Modify: LIEF can use to modify some parts of these formats (adding a section, changing a symbol's name, ...)
- Abstract: Three formats have common features like sections, symbols, entry point... LIEF factors them.
- API: LIEF can be used in C++, Python, Rust and C
Extended features:
- DWARF/PDB Support
- Objective-C Metadata
- Dyld Shared Cache with support for extracting Dylib
- Disassembler: AArch64, x86/x86-64, ARM, RISC-V, Mips, PowerPC, eBPF
- Assembler: AArch64, x86/x86-64
Plugins:
find_package(LIEF REQUIRED)
target_link_libraries(my-project LIEF::LIEF)[package]
name = "my-awesome-project"
version = "0.0.1"
edition = "2021"
[dependencies]
lief = "0.17.1"To install the latest version (release):
pip install liefTo install nightly build:
pip install [--user] --force-reinstall --index-url https://lief.s3-website.fr-par.scw.cloud/latest lief==1.0.0.dev0- LIEF Extended: https://extended.lief.re (GitHub OAuth)
- Nightly:
- v0.17.1: https://github.com/lief-project/LIEF/releases/tag/0.17.1
Here are guides to install or integrate LIEF:
import lief
# ELF
binary = lief.parse("/usr/bin/ls")
for section in binary.sections:
print(section.name, section.virtual_address)
# PE
binary = lief.parse("C:\\Windows\\explorer.exe")
if rheader := pe.rich_header:
print(rheader.key)
# Mach-O
binary = lief.parse("/usr/bin/ls")
for fixup in binary.dyld_chained_fixups:
print(fixup)use lief::Binary;
use lief::pe::debug::Entries::CodeViewPDB;
if let Some(Binary::PE(pe)) = Binary::parse(path.as_str()) {
for entry in pe.debug() {
if let CodeViewPDB(pdb_view) = entry {
println!("{}", pdb_view.filename());
}
}
}#include <LIEF/LIEF.hpp>
int main(int argc, char** argv) {
// ELF
if (std::unique_ptr<const LIEF::ELF::Binary> elf = LIEF::ELF::Parser::parse("/bin/ls")) {
for (const LIEF::ELF::Section& section : elf->sections()) {
std::cout << section->name() << ' ' << section->virtual_address() << '\n';
}
}
// PE
if (std::unique_ptr<const LIEF::PE::Binary> pe = LIEF::PE::Parser::parse("C:\\Windows\\explorer.exe")) {
if (const LIEF::PE::RichHeader* rheader : pe->rich_header()) {
std::cout << rheader->key() << '\n';
}
}
// Mach-O
if (std::unique_ptr<LIEF::MachO::FatBinary> macho = LIEF::MachO::Parser::parse("/bin/ls")) {
for (const LIEF::MachO::DyldChainedFixups& fixup : macho->dyld_chained_fixups()) {
std::cout << fixup << '\n';
}
}
return 0;
}
#include <LIEF/LIEF.h>
int main(int argc, char** argv) {
Elf_Binary_t* elf = elf_parse("/usr/bin/ls");
Elf_Section_t** sections = elf->sections;
for (size_t i = 0; sections[i] != NULL; ++i) {
printf("%s\n", sections[i]->name);
}
elf_binary_destroy(elf);
return 0;
}- Mail: contact at lief re
- Discord: LIEF
Romain Thomas (@rh0main) - Formerly at Quarkslab
LIEF is provided under the Apache 2.0 license.
@MISC {LIEF,
author = "Romain Thomas",
title = "LIEF - Library to Instrument Executable Formats",
howpublished = "https://lief.quarkslab.com/",
month = "apr",
year = "2017"
}