About
The purpose of this project is to provide a cross platform library which can parse, modify and abstract ELF, PE and MachO formats.
Main features:
- Parsing: LIEF can parse ELF, PE, MachO, OAT, DEX, VDEX, ART and provides an user-friendly API to access to format internals.
- Modify: LIEF enables to modify some parts of these formats
- Abstract: Three formats have common features like sections, symbols, entry point... LIEF factors them.
- API: LIEF can be used in C, C++ and Python
Content
Downloads / Install
First, make sure to have an updated version of setuptools:
pip install setuptools --upgrade
To install the latest version (release):
pip install lief
To install nightlty build:
pip install [--user] --index-url https://lief.quarkslab.com/packages lief==0.12.0.dev0
Packages
- Nightly: https://github.com/lief-project/packages/tree/gh-pages
- v0.11.4: https://github.com/lief-project/LIEF/releases/tag/0.11.4
Here are guides to install or integrate LIEF:
Getting started
Python
import lief
# ELF
binary = lief.parse("/usr/bin/ls")
print(binary)
# PE
binary = lief.parse("C:\\Windows\\explorer.exe")
print(binary)
# Mach-O
binary = lief.parse("/usr/bin/ls")
print(binary)
C++
#include <LIEF/LIEF.hpp>
int main(int argc, char** argv) {
// ELF
try {
std::unique_ptr<LIEF::ELF::Binary> elf = LIEF::ELF::Parser::parse("/bin/ls");
std::cout << *elf << std::endl;
} catch (const LIEF::exception& err) {
std::cerr << err.what() << std::endl;
}
// PE
try {
std::unique_ptr<LIEF::PE::Binary> pe = LIEF::PE::Parser::parse("C:\\Windows\\explorer.exe");
std::cout << *pe << std::endl;
} catch (const LIEF::exception& err) {
std::cerr << err.what() << std::endl;
}
// Mach-O
try {
std::unique_ptr<LIEF::MachO::FatBinary> macho = LIEF::MachO::Parser::parse("/bin/ls");
std::cout << *macho << std::endl;
} catch (const LIEF::exception& err) {
std::cerr << err.what() << std::endl;
}
return 0;
}
C (Limited API)
#include <LIEF/LIEF.h>
int main(int argc, char** argv) {
Elf_Binary_t* elf = elf_parse("/usr/bin/ls");
Elf_Section_t** sections = elf->sections;
for (size_t i = 0; sections[i] != NULL; ++i) {
printf("%s\n", sections[i]->name);
}
elf_binary_destroy(elf);
return 0;
}
Documentation
Contact
- Mail: lief at quarkslab com
- Gitter: lief-project
About
Authors
Romain Thomas (@rh0main) - Quarkslab
License
LIEF is provided under the Apache 2.0 license.
Bibtex
@MISC {LIEF,
author = "Romain Thomas",
title = "LIEF - Library to Instrument Executable Formats",
howpublished = "https://lief.quarkslab.com/",
month = "April",
year = "2017",
}
-
1. 什么是LIEF LIEF是一个能够用于对各种类型的可执行文件(包括Linux ELF文件、Windows exe文件、Android Dex文件等)进行转换、提取、修改的项目,能够在Python、C++和C语言中调用其API进行简单便捷的可执行文件相关操作。 在AWD pwn中,我们常常需要对官方给出的ELF文件进行修补(称为Patch),当不能简单地通过在IDA中修改指令的方式patch时
-
箒木 日向子 反対(賛成) ◆セーブ01 図書館へ向かう ◆セーブ02 日向子 食べてあげない もちろん、おいしかったよ コミュニケーション (汉化版显示为:交流) 日向子END ※回想2個目に追加Hシーン有 大舘 流花 流花 ◆セーブ02から 食べてあげない ミリャちゃんと同じ感想かな 変化に置いていかれないこと(汉化版显示为:跟进变化不落下) 流花END ※回想2個目に追加Hシーン有
-
使用lief模块解析pe文件信息 简介 lief是一个测试可执行格式的库 安装 pip install lief 用法 import json import lief pe_file = r"D:\Program Files\JetBrains\PyCharm 2022.3\bin\pycharm64.exe" binary = lief.parse(open(pe_file, 'rb'))
-
我的程序是在google云盘里面的colaboratory中运行的,程序开头引入import lief模块儿运行时报错,python ImportError:No Module named 'lief' 我又重新安装了一下 !pip install lief 然后再运行python程序,就可以了 最后再提供一个 lief 安装包下载的链接:https://www.cnpython.com/py