Introduction

The purpose of this project is to provide a cross platform library to parse, modify and abstract ELF, PE and MachO formats.

It turns out that many projects need to parse executable formats and they usually re-implement their own parser. Moreover these parsers are usually bound to one language.

LIEF attempts to fill this void.

Features

Merge Format Characteristics

LIEF is designed to factor common characteristics in the formats like entry point, sections, symbols...

Code injection

LIEF provides APIs to inject code or data into a binary. This injection could be used to hook some functions or to redirect control flow.

More

Python/C++/C API

Parse PE Authenticode

Cross formats nm

... in 4 lines

The following snippet prints binary symbols as nm would do. Thanks to LIEF abstraction, this script works for PE, ELF as well as MachO formats.

import lief
binary = lief.parse("elf_pe_macho_file")
for symbol in binary.symbols:
    print(symbol)
            

Output:

# PE
__imp__GetStartup...          128
__IAT_end__                   1d4

# ELF
__ctype_toupper_loc           FUNC
__uflow                       FUNC

# MachO
_write                        EXT
dyld_stub_binder              EXT
            

Download

Get prebuilt packages

Linux version (64-bits)

0.10.1

SDK

Python 3.5 - 3.6 - 3.7 - 3.8

Windows version

0.10.1

SDK (32-bits)
SDK (64-bits)

Python 3.5 - 3.6 - 3.7

OSX version (64-bits)

0.10.1

SDK

Python 3.5 - 3.6 - 3.7 - 3.8

Source

master

Sources

Documentation - Sphinx / Doxygen

Documentation

LIEF Documentation

Main documentation

Sphinx documentation - master

Sphinx documentation - 0.10.1

Doxygen documentation

Doxygen documentation - master

Qt help book - master

About

LIEF is currently developed and sponsored by Quarkslab under the Apache 2.0 license.

This project is still young so feel free to open an issue or join us on gitter for any questions.