Blog • Documentation • About

The purpose of this project is to provide a cross platform library which can parse, modify and abstract ELF, PE and MachO formats.

Main features:

• Parsing: LIEF can parse ELF, PE, MachO, OAT, DEX, VDEX, ART and provides an user-friendly API to access to format internals.
• Modify: LIEF enables to modify some parts of these formats
• Abstract: Three formats have common features like sections, symbols, entry point... LIEF factors them.
• API: LIEF can be used in C, C++ and Python

• About
• Download / Install
• Getting started
• Documentation
  • Sphinx
  • Doxygen
  • Tutorials:
    • Parse and manipulate formats
    • Create a PE from scratch
    • Play with ELF symbols
    • ELF Hooking
    • Infecting the plt/got
    • PE Hooking
    • PE Resources
    • Transforming an ELF executable into a library
    • How to use frida on a non-rooted device
    • Android formats
    • Mach-O modification
    • ELF Coredump
    • PE Authenticode
• Contact
• About
  • Authors
  • License
  • Bibtex

First, make sure to have an updated version of setuptools:

pip install setuptools --upgrade

To install the latest version (release):

pip install lief

To install nightly build:

pip install [--user] --index-url https://lief.s3-website.fr-par.scw.cloud/latest lief==0.14.0.dev0

• Nightly:
  • SDK: https://lief.s3-website.fr-par.scw.cloud/latest/sdk
  • Python Wheels: https://lief.s3-website.fr-par.scw.cloud/latest/lief
• v0.13.2: https://github.com/lief-project/LIEF/releases/tag/0.13.2

Here are guides to install or integrate LIEF:

• Python
• VisualStudio
• XCode
• CMake

import lief

# ELF
binary = lief.parse("/usr/bin/ls")
print(binary)

# PE
binary = lief.parse("C:\\Windows\\explorer.exe")
print(binary)

# Mach-O
binary = lief.parse("/usr/bin/ls")
print(binary)

#include <LIEF/LIEF.hpp>

int main(int argc, char** argv) {
  // ELF
  if (std::unique_ptr<const LIEF::ELF::Binary> elf = LIEF::ELF::Parser::parse("/bin/ls")) {
    std::cout << *elf << '\n';
  }

  // PE
  if (std::unique_ptr<const LIEF::PE::Binary> pe = LIEF::PE::Parser::parse("C:\\Windows\\explorer.exe")) {
    std::cout << *pe << '\n';
  }

  // Mach-O
  if (std::unique_ptr<LIEF::MachO::FatBinary> macho = LIEF::MachO::Parser::parse("/bin/ls")) {
    std::cout << *macho << '\n';
  }

  return 0;
}

#include <LIEF/LIEF.h>

int main(int argc, char** argv) {
  Elf_Binary_t* elf = elf_parse("/usr/bin/ls");

  Elf_Section_t** sections = elf->sections;

  for (size_t i = 0; sections[i] != NULL; ++i) {
    printf("%s\n", sections[i]->name);
  }

  elf_binary_destroy(elf);
  return 0;
}

• Main documentation
• Tutorial
• API
• Doxygen

• Mail: contact at lief re
• Discord: LIEF

Romain Thomas (@rh0main) - Quarkslab

LIEF is provided under the Apache 2.0 license.

@MISC {LIEF,
  author       = "Romain Thomas",
  title        = "LIEF - Library to Instrument Executable Formats",
  howpublished = "https://lief.quarkslab.com/",
  month        = "apr",
  year         = "2017"
}