Abstract

Parser

class Parser

Subclassed by LIEF::ELF::Parser, LIEF::MachO::BinaryParser, LIEF::MachO::Parser, LIEF::OAT::Parser, LIEF::PE::Parser

Public Static Functions

std::unique_ptr<Binary> parse(const std::string &filename)

Construct an LIEF::Binary from the given filename.

Warning

If the target file is a FAT Mach0, it will return the last one

See

LIEF::MachO::Parser::parse

std::unique_ptr<Binary> parse(const std::vector<uint8_t> &raw, const std::string &name = "")

Construct an LIEF::Binary from the given raw data.

Warning

If the target file is a FAT Mach0, it will return the last one

See

LIEF::MachO::Parser::parse



Binary

class Binary : public LIEF::Object

Abstract binary.

Subclassed by LIEF::ELF::Binary, LIEF::MachO::Binary, LIEF::PE::Binary

Public Types

enum VA_TYPES

Type of a virtual address.

Values:

AUTO = 0

Guess if it’s relative or not.

RVA = 1

Relative.

VA = 2

Absolute.

using functions_t = std::vector<Function>

Public Functions

Binary(void)
~Binary(void)
Binary &operator=(const Binary&)
Binary(const Binary&)
EXE_FORMATS format(void) const

Executable format (ELF, PE, Mach-O) of the underlying binary.

Header header(void) const

Return the abstract header of the binary.

it_symbols symbols(void)

Return list of symbols whose elements can be modified.

it_const_symbols symbols(void) const

Return list of symbols whose elements can’t be modified.

bool has_symbol(const std::string &name) const

Check if a Symbol with the given name exists.

const Symbol &get_symbol(const std::string &name) const

Return the Symbol with the given name.

Symbol &get_symbol(const std::string &name)
it_sections sections(void)

Returns binary’s sections.

it_const_sections sections(void) const
virtual void remove_section(const std::string &name, bool clear = false) = 0
it_relocations relocations(void)

Returns binary’s relocations.

it_const_relocations relocations(void) const
virtual uint64_t entrypoint(void) const = 0

Binary’s entrypoint (if any)

const std::string &name(void) const

Binary’s name.

uint64_t original_size(void) const

Binary’s original size.

Binary::functions_t exported_functions(void) const

Return functions’s name exported by the binary.

std::vector<std::string> imported_libraries(void) const

Return libraries which are imported by the binary.

Binary::functions_t imported_functions(void) const

Return functions’s name imported by the binary.

uint64_t get_function_address(const std::string &func_name) const

Return the address of the given function name.

void accept(Visitor &visitor) const

Method so that a visitor can visit us.

std::vector<uint64_t> xref(uint64_t address) const
virtual void patch_address(uint64_t address, const std::vector<uint8_t> &patch_value, VA_TYPES addr_type = VA_TYPES::AUTO) = 0

Patch the content at virtual address address with patch_value.

Parameters
  • [in] address: Address to patch

  • [in] patch_value: Patch to apply

virtual void patch_address(uint64_t address, uint64_t patch_value, size_t size = sizeof(uint64_t), VA_TYPES addr_type = VA_TYPES::AUTO) = 0

Patch the address with the given value.

Parameters
  • [in] address: Address to patch

  • [in] patch_value: Patch to apply

  • [in] size: Size of the value in bytes (1, 2, … 8)

virtual std::vector<uint8_t> get_content_from_virtual_address(uint64_t virtual_address, uint64_t size, VA_TYPES addr_type = VA_TYPES::AUTO) const = 0

Return the content located at virtual address.

void name(const std::string &name)

Change binary’s name.

void original_size(uint64_t size)

Change binary’s original size.

Warning

Should be used carefully because some optimizations can be done with this value

virtual bool is_pie(void) const = 0

Check if the binary is position independent.

virtual bool has_nx(void) const = 0

Check if the binary uses NX protection.

virtual LIEF::Binary::functions_t ctor_functions(void) const = 0

Constructor functions that are called prior any other functions.

std::ostream &print(std::ostream &os) const
virtual void write(const std::string &name) = 0

Friends

std::ostream &operator<<(std::ostream &os, const Binary &binary)

Section

class Section : public LIEF::Object

Subclassed by LIEF::ELF::Section, LIEF::MachO::Section, LIEF::PE::Section

Public Functions

Section(void)
Section(const std::string &name)
~Section(void)
Section &operator=(const Section&)
Section(const Section&)
const std::string &name(void) const

section’s name

std::vector<uint8_t> content(void) const

section’s content

void size(uint64_t size)

section’s size (size in the binary)

uint64_t size(void) const

section’s size (size in the binary)

uint64_t offset(void) const

offset in the binary

uint64_t virtual_address(void) const

Address where the section should be mapped.

void virtual_address(uint64_t virtual_address)
void name(const std::string &name)

Set the section’s name.

void content(const std::vector<uint8_t> &data)

Set section content.

void offset(uint64_t offset)
double entropy(void) const

Section’s entropy.

size_t search(uint64_t integer, size_t pos, size_t size) const
size_t search(const std::vector<uint8_t> &pattern, size_t pos = 0) const
size_t search(const std::string &pattern, size_t pos = 0) const
size_t search(uint64_t integer, size_t pos = 0) const
std::vector<size_t> search_all(uint64_t v, size_t size) const
std::vector<size_t> search_all(uint64_t v) const
std::vector<size_t> search_all(const std::string &v) const
void accept(Visitor &visitor) const

Method so that the visitor can visit us.

bool operator==(const Section &rhs) const
bool operator!=(const Section &rhs) const

Public Static Attributes

constexpr size_t npos = -1

Friends

std::ostream &operator<<(std::ostream &os, const Section &entry)

Symbol

class Symbol : public LIEF::Object

Subclassed by LIEF::ELF::Symbol, LIEF::Function, LIEF::MachO::Symbol, LIEF::PE::Symbol

Public Functions

Symbol(void)
Symbol(const std::string &name)
Symbol(const std::string &name, uint64_t value)
Symbol(const std::string &name, uint64_t value, uint64_t size)
Symbol(const Symbol&)
Symbol &operator=(const Symbol&)
~Symbol(void)
void swap(Symbol &other)
const std::string &name(void) const

Return symbol name.

std::string &name(void)
void name(const std::string &name)

Set symbol name.

uint64_t value(void) const
void value(uint64_t value)
uint64_t size(void) const
void size(uint64_t value)
void accept(Visitor &visitor) const

Method so that the visitor can visit us.

Friends

std::ostream &operator<<(std::ostream &os, const Symbol &entry)

Relocation

class Relocation : public LIEF::Object

Subclassed by LIEF::ELF::Relocation, LIEF::MachO::Relocation, LIEF::PE::RelocationEntry

Public Functions

Relocation(void)

Default CTOR.

Relocation(uint64_t address, uint8_t size)

CTOR from relocation’s address and size.

~Relocation(void)
Relocation &operator=(const Relocation&)
Relocation(const Relocation&)
void swap(Relocation &other)
uint64_t address(void) const

Relocation’s Address.

size_t size(void) const

Relocation size in bits

void address(uint64_t address)
void size(size_t size)
void accept(Visitor &visitor) const

Method so that the visitor can visit us.

bool operator==(const Relocation &rhs) const
bool operator!=(const Relocation &rhs) const
bool operator<(const Relocation &rhs) const

Comparaison based on the Relocation’s address

bool operator<=(const Relocation &rhs) const

Comparaison based on the Relocation’s address

bool operator>(const Relocation &rhs) const

Comparaison based on the Relocation’s address

bool operator>=(const Relocation &rhs) const

Comparaison based on the Relocation’s address

Friends

std::ostream &operator<<(std::ostream &os, const Relocation &entry)

Function

class Function : public LIEF::Symbol

Public Types

enum FLAGS

Values:

NONE = 0
CONSTRUCTOR
DESTRUCTOR
DEBUG
EXPORTED
IMPORTED
using flags_list_t = std::vector<FLAGS>
using flags_t = std::set<FLAGS>

Public Functions

Function(void)
Function(const std::string &name)
Function(uint64_t adress)
Function(const std::string &name, uint64_t address)
Function(const std::string &name, uint64_t address, const flags_list_t &flags)
Function(const Function&)
Function &operator=(const Function&)
~Function(void)
Function::flags_list_t flags(void) const
Function &add(FLAGS f)
uint64_t address(void) const
void address(uint64_t address)
void accept(Visitor &visitor) const

Method so that the visitor can visit us.

Friends

std::ostream &operator<<(std::ostream &os, const Function &entry)

Enums

enum LIEF::EXE_FORMATS

Values:

FORMAT_UNKNOWN = 0
FORMAT_ELF = 1
FORMAT_PE = 2
FORMAT_MACHO = 3
enum LIEF::OBJECT_TYPES

Values:

TYPE_NONE = 0
TYPE_EXECUTABLE = 1
TYPE_LIBRARY = 2
TYPE_OBJECT = 3
enum LIEF::ARCHITECTURES

Values:

ARCH_NONE = 0
ARCH_ARM = 1
ARCH_ARM64 = 2
ARCH_MIPS = 3
ARCH_X86 = 4
ARCH_PPC = 5
ARCH_SPARC = 6
ARCH_SYSZ = 7
ARCH_XCORE = 8
ARCH_INTEL = 9
enum LIEF::MODES

Values:

MODE_NONE = 0
MODE_16 = 1
MODE_32 = 2
MODE_64 = 3
MODE_ARM = 4
MODE_THUMB = 5
MODE_MCLASS = 6
MODE_MICRO = 7
MODE_MIPS3 = 8
MODE_MIPS32R6 = 9
MODE_MIPSGP64 = 10
MODE_V7 = 11
MODE_V8 = 12
MODE_V9 = 13
MODE_MIPS32 = 14
MODE_MIPS64 = 15
enum LIEF::ENDIANNESS

Values:

ENDIAN_NONE = 0
ENDIAN_BIG = 1
ENDIAN_LITTLE = 2