Changelog

0.11.X - Patch Releases

0.11.5 - May 22, 2021

Remove usage of not in public headers (b8e825b464418de385146bb3f89ef6126f4de5d4)

ELF

:github_user:pdreiter fixed the issue 418

PE

Fix issue when computing lief.PE.Binary.sizeof_headers (ab3f073ac0c60d8453070f83dd4dc04fe60aa0a5)

MachO

Fix error on property lief.MachO.BuildVersion.sdk (see 533)

0.11.4 - March 09, 2021

PE

Fix missing bound check when computing the authentihash

0.11.3 - March 03, 2021

PE

Add sanity check on the signature's length that could lead to a std::bad_alloc exception

0.11.2 - February 24, 2021

PE

Fix regression in the behavior of the PE section's name. One can now access the full section's name (with trailing bytes) through lief.PE.Section.fullname (see: 551)

0.11.1 - February 22, 2021

PE

lief.PE.x509.is_trusted_by and lief.PE.x509.verify now return a better lief.PE.x509.VERIFICATION_FLAGS instead of just lief.PE.x509.VERIFICATION_FLAGS.BADCERT_NOT_TRUSTED (see: 532)
Fix errors in the computation of the Authentihash

0.11.0 - January 19, 2021

ELF

:github_user:mkomet updated enums related to Android (see: 9dd641d380a5defd0a71a9f42dde2fe9c9cb1dbd)
:github_user:aeflores added MIPS relocations support in the ELF parser
Fix ~lief.ELF.Binary.extend on a ELF section (cf. issue 477)
Fix issue when exporting symbols on empty-gnu-hash ELF binary (1381f9a115e6e312ac0ab3deb46a78e481b81796)
Fix reconstruction issue when the binary is prelinked (cf. issue 466)
Add DF_1_PIE flag
Fix parsing issue of the .eh_frame section when the base address is not 0.
:github_user:JanuszL enhanced the algorithm that computes the string table. It moves from a N^2 algorithm to a Nlog(N) (1e0c4e81d4a3fd7282713f111193e42f198f8967).
Fix .eh_frame parsing issue (b57f32333a85d0f172206bc5d20aabe2d7942738)
:github_user:aeflores fixed parsing issue in ELF relocations (6c53646bb790acf28f2999527eafad30db7d6b69)
Add PT_GNU_PROPERTY enum
Bug fix in the symbols table reconstruction (ELF)

PE

Enhance PE Authenticode. See PE Authenticode

~lief.PE.get_imphash can now generate the same value as pefile and Virus Total (299)

pe = lief.parse("example.exe")
vt_imphash = lief.PE.get_imphash(pe, lief.PE.IMPHASH_MODE.PEFILE)
lief_imphash = lief.PE.get_imphash(pe, lief.PE.IMPHASH_MODE.DEFAULT)

lief.PE.IMPHASH_MODE and lief.PE.get_imphash

Remove the padding entry (0) from the rich header
~lief.PE.LangCodeItem.items now returns a dictionary whose values are bytes (instead of str object). This change is related to utf-16 support.
:github_user:kohnakagawa fixed wrong enums values: c03125045e32a9cd65c613585eb4d0385350c6d2, 6ee808a1e4611d09c6cf0aea82a612be69584db9, cd05f34bae681fc8af4b5e7cc28eaef816802b6f
:github_user:kohnakagawa fixed a bug in the PE resources parser (a7254d1ba935783f16effbc7faddf993c57e82f7)
Handle PE forwarded exports (issue 307)

Mach-O

Add API to access either LC_CODE_SIGNATURE or DYLIB_CODE_SIGN_DRS (issue 476)
Fix issue when parsing twice a Mach-O file (issue 479)

Dependencies

Replace easyloggingpp with spdlog 1.8.1
Upgrade frozen to 1.0.0
Upgrade json to 3.7.3
Upgrade pybind11 to 2.6.0
Upgrade mbedtls to 2.16.6

Documentation

:github_user:aguinet updated the bin2lib tutorial with the support of the new glibc versions (7884e57aa1d103f3bd37682e47f412bfe7a3aa34)
Global update and enable to build the documentation out-of-tree
Changing the theme

Misc

Add Python 3.9 support
FindLIEF.cmake deprecates LIEF_ROOT. You should use LIEF_DIR instead.

Logging

We changed the logging interface. The following log levels have been removed:

LOG_GLOBAL

LOG_FATAL

LOG_VERBOSE

LOG_UNKNOWN

We also moved from an class-interface based to functions.

Example:
lief.logging.disable()
lief.logging.enable()
lief.logging.set_level(lief.logging.LOGGING_LEVEL.INFO)
See: lief.logging.set_level

Note

The log functions now output on stderr instead of stdout

0.10.1 - November 29, 2019

Fix regression in parsing Python bytes
Add Python API to demangle strings: lief.demangle

0.10.0 - November 24, 2019

ELF

Add build support for ELF notes

Add coredump support (9fc3a8a43358f608cf18ddbe341e1d94b13cb9e0)
Enable to bind a relocation with a symbol (a9f3cb8f9b4a1f2cdaa95eee4568ff0b162f77cd)

Example
relocation = "..."

symbol = lief.ELF.Symbol()
symbol.name = "printf123"
relocation.symbol = symbol
Add constructors (67d924a2206c36cb9979d8b1b194b03b2d592e71)

Expose ELF destructors (957384cd361c4a485470f877658af2bf052dbe0a)

Add remove_static_symbol (c6779702b1fec3c67b0c19a36576830fe18bd9d9)

Add support for static relocation writing (d1b98d69ade662e2471ce2905bf3fb247dfc3143)

Expose function to get strings located in the .rodata section (02f4851c9f0c2bfa6fb4f51dab393a1db83b4851)

Export ELF ABI version (8d7ec26a93800b0729c2c05be8c55c8318ba3b20)

PE

Improve PE Authenticode parsing (535623de3aa4f8ddc34536331b802e2cbdc44faf)

Fix alignment issue when removing a PE section (04dddd371080d731fab965b127cb15a91c57d53c)

Parse PE debug data directory as a list of debug entries (by :github_user:1orenz0 - fcc75dd87982e52d77a1c7ee7e674741a199e41b)

Add support to parse POGO debug entries (by :github_user:1orenz0 - 3537440b8d0da6c9c3d00c25f7da8a04f29154d2)

Mach-O

Enhance Mach-O modifications by exposing an API to:

Add load commands

Add sections

Add segments

See: 406115c8d097da0b61f00b2bb7b2442322ffc5d1

Enable write() on FAT Mach-O (16595316fd588619ea39b942817d6527e0601fbd)

Introduce Mach-O Build Version command (6f967238fcd369210839605ab08c30d647a09a65)

Enable to remove Mach-O symbols (616d739da513092e9ab7446654414b0929d5d5cf)

Add support for adding LC_UNIXTHREAD commands in a MachO (by :github_user:nezetic - 64d2597284149441fc734b251648ca917cd816e3)

Abstract Layer

Expose remove_section() in the abstract layer (918438c6bee52c8421d809bc3b42974165e5fa0b)

Expose write() in the abstract layer (af4d48ed2e1f1b96687644f2fc4661fcbdb979a6)

Expose API to list functions found in a binary (b5a08463ad63811e9e9432812406aadd74ab8c09)

Android

Add partial support for Android 9 (bce9ebe17064b1ca16b00dc14eebb5d5dd440184)

Misc

:github_user:lkollar added support for Python 3.8 in CI (Linux & OSX only)

Update Pybind11 dependency to v2.4.3

Enhance Python install (see: v10-label)

Thanks to :github_user:lkollar, Linux CI now produces manylinux1-compliant wheels

Many thanks to the contributors: :github_user:recvfrom, :github_user:pbrunet, :github_user:mackncheesiest, :github_user:wisk, :github_user:nezetic, :github_user:lkollar, :github_user:jbremer, :github_user:DaLynX, :github_user:1orenz0, :github_user:breadchris, :github_user:0xbf00, :github_user:unratito, :github_user:strazzere, :github_user:aguinetqb, :github_user:mingwandroid, :github_user:serge-sans-paille-qb, :github_user:yrp604, :github_user:majin42, :github_user:KOLANICH

0.9.0 - June 11, 2018

LIEF 0.9 comes with new formats related to Android: OAT, DEX, VDEX and ART. It also fixes bugs and thanks to :github_user:yd0b0N, ELF parser now supports big and little endian binaries. We also completed the JSON serialization of LIEF objects.

Features

MachO

Enable to configure the Mach-O parser for quick parsing: 880b99aeef825786dd65aed286d7c4d23b62f564

Add lief.MachO.EncryptionInfo command: f4e2d81bfe84238d463bdb65297c296635e783b1

Add lief.MachO.RPathCommand command: 196994dc089885ff2f1268e51f5514f7fcbc5cff

Add lief.MachO.DataInCode command: a16e1c4d13c7071fabe6a5a46b6d6c0fd9565b72

Add lief.MachO.SubFramework command: 9e3b5b45f78cc075f2192c245247af00b88b5e3c

Add lief.MachO.SegmentSplitInfo command: 9e3b5b45f78cc075f2192c245247af00b88b5e3c

Add lief.MachO.DyldEnvironment command: 9e3b5b45f78cc075f2192c245247af00b88b5e3c

API to show export-trie, rebase and binding opcodes: 5d56141061bfc27e3c971e9e474dc86fdaf0c6a9

PE

Add PE Code View: eab4a7614fdf6e9a180b1c638903310da0b83118

ELF

Add support for .note.android.ident section: d13db18214006ce654b723a882f70c3d7eabd20d

Enable to add unlimited number of dynamic entries: a40da3e3b4b985b18a6e6026d594f524b7bae963

Add support for PPC relocations: 08b514191f661eeabbdf8ecacd1d7dd35a67ca54

Endianness support: e794ac1502ee7636755bd441923368f88525a7d0

API

lief.breakp and lief.shell

lief.parse now support io streams as input

Parser now returns a std::unique_ptr instead of a raw pointer: cd1cc457cf3d63cfc5faa945657887200cedb8b3

Misc

Use frozen for some internal std::map (If C++14 is supported by the compiler)

Acknowledgements

:github_user:yd0b0N for 162 and 166 (Endianness support and PPC relocations)
:github_user:0xbf00 for 128 (LC_RPATH command)
:github_user:illera88 for 118

0.8.3

[Mach-O] Fix typo on comparison operator - abbc264833894973f601f700b3abcc109904f722

0.8.2

[ELF] Increase the upper limit of relocation number - 077bc329bdcc249cb8ed0b8bcb9630e1c9eede94

0.8.1 - October 18, 2017

Fix an alignment issue in the ELF builder. See 8db199c04e9e6bcdbda165ab5c42d88218a0beb6
Add assertion on the setuptools version: 62e5825e27bb637c2f42f4d05690a100213beb03

0.8.0 - October 16, 2017

LIEF 0.8.0 mainly improves the MachO parser and the ELF builder. It comes with Dockerfiles for CentOS and Android.

LibFuzzer has also been integrated in the project to enhance the parsers

Features

Abstract Layer

~lief.Relocation are now abstracted from the 3 formats - 9503f2fc7b6c14bebd4c220bda4a243d87f14bd1

PIE and NX are abstracted through the ~lief.Binary.is_pie and ~lief.Binary.has_nx properties

Add the lief.Section.search and lief.Section.search_all methods to look for patterns in the section's content.

ELF

DT_FLAGS and DT_FLAGS_1 are now parsed into ~lief.ELF.DynamicEntryFlags - 754b8afa2b41993e6c37d2d9003cebdccc641d23
Handle relocations of object files (.o) - 483b8dc2eabee3da29ce5e5ff2e25c2a3c9ca297

Global enhancement of the ELF builder:

One can now add multiple ~lief.ELF.Section or ~lief.ELF.Segment into an ELF:

elf = lief.parse("/bin/cat")

for i in range(3):
  segment = Segment()
  segment.type = SEGMENT_TYPES.LOAD
  segment.content = [i & 0xFF] * 0x1000
  elf += segment


for i in range(3):
  section = Section("lief_{:02d}".format(i))
  section.content = [i & 0xFF] * 0x1000
  elf += section

elf.write("foo")

$ readelf -l ./foo
PHDR           0x0000000000000040 0x0000000000000040 0x0000000000000040
               0x00000000000061f8 0x00000000000061f8  R E    0x8
INTERP         0x0000000000006238 0x0000000000006238 0x0000000000006238
               0x000000000000001c 0x000000000000001c  R      0x1
    [Requesting program interpreter: /lib64/ld-linux-x86-64.so.2]
LOAD           0x0000000000000000 0x0000000000000000 0x0000000000000000
               0x000000000000d6d4 0x000000000000d6d4  R E    0x200000
LOAD           0x000000000000da90 0x000000000020da90 0x000000000020da90
               0x0000000000000630 0x00000000000007d0  RW     0x200000
LOAD           0x000000000000f000 0x000000000040f000 0x000000000040f000
               0x0000000000001000 0x0000000000001000         0x1000
LOAD           0x0000000000010000 0x0000000000810000 0x0000000000810000
               0x0000000000001000 0x0000000000001000         0x1000
LOAD           0x0000000000011000 0x0000000001011000 0x0000000001011000
               0x0000000000001000 0x0000000000001000         0x1000
....

$ readelf -S ./foo
...
[27] lief_00           PROGBITS         0000000002012000  00012000
     0000000000001000  0000000000000000           0     0     4096
[28] lief_01           PROGBITS         0000000004013000  00013000
     0000000000001000  0000000000000000           0     0     4096
[29] lief_02           PROGBITS         0000000008014000  00014000
     0000000000001000  0000000000000000           0     0     4096

Warning

There are issues with executables statically linked with libraries that use TLS

See: 98

One can now add multiple entries in the dynamic table:

elf = lief.parse("/bin/cat")

elf.add_library("libfoo.so")
elf.add(DynamicEntryRunPath("$ORIGIN"))
elf.add(DynamicEntry(DYNAMIC_TAGS.INIT, 123))
elf.add(DynamicSharedObject("libbar.so"))

elf.write("foo")

$ readelf -d foo
  0x0000000000000001 (NEEDED)  Shared library: [libfoo.so]
  0x0000000000000001 (NEEDED)  Shared library: [libc.so.6]
  0x000000000000000c (INIT)    0x7b
  0x000000000000000c (INIT)    0x3600
  ...
  0x000000000000001d (RUNPATH) Bibliothèque runpath:[$ORIGIN]
  0x000000000000000e (SONAME)  Bibliothèque soname: [libbar.so]

See b94900ca7f500912bfe249cd534055942e28e34b, 1e410e6c950c391f0d1a3f12cb6f8e4c9fb16539 for details.

b2d36940f60eacfa602c115cb542e11c70b6841c enables modification of the ELF interpreter without length restriction

elf = lief.parse("/bin/cat")
elf.interpreter = "/a/very/long/path/to/another/interpreter"
elf.write("foo")

$ readelf -l foo
Program Headers:
Type           Offset             VirtAddr           PhysAddr
               FileSiz            MemSiz              Flags  Align
PHDR           0x0000000000000040 0x0000000000000040 0x0000000000000040
               0x00000000000011f8 0x00000000000011f8  R E    0x8
INTERP         0x000000000000a000 0x000000000040a000 0x000000000040a000
               0x0000000000001000 0x0000000000001000  R      0x1
    [Requesting program interpreter: /a/very/long/path/to/another/interpreter]
....

Enhancement of the dynamic symbols counting - 985d1249b72494a0e62f34042b3c9cbfa0706e90

Enable editing ELF's notes:

elf = lief.parse("/bin/ls")
build_id = elf[NOTE_TYPES.BUILD_ID]
build_id.description = [0xFF] * 20
elf.write("foo")

$ readelf -n foo
Displaying notes found in: .note.gnu.build-id
Owner                 Data size   Description
GNU                  0x00000014   NT_GNU_BUILD_ID (unique build ID bitstring)
  Build ID: ffffffffffffffffffffffffffffffffffffffff

See commit 3be9dd0ff58ec68cb8813e01d6798c16b42dac22 for more details

PE

Add ~lief.PE.get_imphash and ~lief.PE.resolve_ordinals functions - a89bc6df4f242d7641292acdb184927449d14fff, dfa8e985c0561427a20088750693a004de587b1c

Parse the Load Config Table into ~lief.PE.LoadConfiguration (up to Windows 10 SDK 15002 with hotpatch_table_offset)

from lief import to_json
import json
pe = lief.parse("some.exe")
loadconfig = to_json(pe.load_configuration)) # Using the lief.to_json function
pprint(json.loads(to_json(loadconfig)))

{'characteristics': 248,
 'code_integrity': {'catalog': 0,
                    'catalog_offset': 0,
                    'flags': 0,
                    'reserved': 0},
 'critical_section_default_timeout': 0,
 'csd_version': 0,
 'editlist': 0,
 ...
 'guard_cf_check_function_pointer': 5368782848,
 'guard_cf_dispatch_function_pointer': 5368782864,
 'guard_cf_function_count': 15,
 'guard_cf_function_table': 5368778752,
 'guard_flags': 66816,
 'guard_long_jump_target_count': 0,
 'guard_long_jump_target_table': 0,
 'guard_rf_failure_routine': 5368713280,
 'guard_rf_failure_routine_function_pointer': 5368782880,
 ...

For details, see commit: 0234e3b8bbb6f6f3490392f8c295fde284a99334

MachO

The dyld structure is parsed (deeply) into ~lief.MachO.DyldInfo. It includes:

Binding opcodes

Rebases opcodes

Export trie

See: e2b81e0a8e187cae5f0f115241243a84ee7696b6, 0e972d69ce35731867d82c047eef7eb9ea58e3ec, f7cc518dcfbb0557fd8d396144bf99a222d96705, 782295bfb86d2a12584c5b16a37a26d56d1ee235, 67

Section relocations are now parsed into lief.MachO.Section.relocations - 29c8157ecc3b308bd521cb1daee3c2e3a2cffb28

LC_FUNCTION_STARTS is parsed into ~lief.MachO.FunctionStarts (18d89198a0cc63ff291ae9110f465354c3b8f1e6)

LC_SOURCE_VERSION, LC_VERSION_MIN_MACOSX and LC_VERSION_MIN_IPHONEOS are parsed into ~lief.MachO.SourceVersion and ~lief.MachO.VersionMin (c359778194db874669884aaccb52a4b05546bc07, 0b4bb7d56520cd0ea08bbcb9530e5e0c96ac14ae, 5b993117ed391db18ba775cabefa5f3981b2f1cc, 45)

LC_THREAD and LC_UNIXTHREAD are now parsed into ~lief.MachO.ThreadCommand - 23257830b291c40a3aed92360040f2b0b11ffa72

Fixes

Fix enums conflicts(32) - 66b4cd4550ecf6cf3adb4900e6ad7ac33f1f7f32

Fix most of the memory leaks: 88dafa8db6e752393f69d73f68d295e91963b8da, d9b1436730b5d33a753e7dfa4301697a0c676066, 554fa153af943b97a16fc4a52ab8459a3d0a9bc7, 3602643f5d02a1c78c4de609cc47f193f3a8840f

ELF

Bug Fix when counting dynamic symbols from the GnuHash Table - 9036a2405dc44726f40cb77cab1bcbf371ab7a70

PE

Fix nullptr dereference in resources - e90fe1b6c6f6a605390bcd1026435ce7503e7e6a

Handle encoding issues in the Python API - 8c7ceaf

Sanitize DLL names

MachO

Fix 87, 92

Fix memory leaks and some performance issues: 94

API

In the C++ API get_XXX() getters have been renamed into XXX() (e.g. get_header() becomes header()) - a4c69f7868da1de5d09aa26e977dedb720e36cbd, e805669865b130057413f456958a471d8f0ac0b1

Abstract

lief.Binary gains the ~lief.Binary.format property - 9391238f114fe963890777c2d8b90f2caaa5510c

lief.parse can now takes a list of integers - f330fa887d14d47f0683144430ac9695d3136561

Add ~lief.Binary.has_symbol and ~lief.Binary.get_symbol to lief.Binary - f121af5ca61a22fd83acc5c7094b50ed1cda8226
[Python API] Enhance the access to the abstract layer through the ~lief.Binary.abstract attribute - 07138549a46db87c7b924fd072356030b1d5c6bc

One can now do:
elf = lief.ELF.parse("/bin/ls") # Could be lief.MachO / lief.PE
abstract = elf.abstract # Return the lief.Binary object

ELF

Relocation gains the ~lief.ELF.Relocation.purpose property - b7b0bde4d51c54d8d226e5320b1b0d2cc48137c4

Add lief.ELF.Binary.symbols which return an iterator over all symbols (static and dynamic) - af6ab65dc91169627f4fbb87cda92093eb699a1e

Header.sizeof_section_header has been renamed into ~lief.ELF.Header.section_header_size - d96971b0c3f8ff50add349957f571b8daa00708a

Segment.flag has been renamed into ~lief.ELF.Segment.flags - 20a5f666deb89b06b79a1c4418ac938497fb658c
Add:

~lief.ELF.Header.arm_flags_list,

~lief.ELF.Header.mips_flags_list

~lief.ELF.Header.ppc64_flags_list

~lief.ELF.Header.hexagon_flags_list

to ~lief.ELF.Header - 730d045e05dca7ef3cd6a51d1175f280be356c70

To check if a given flag is set, one can do:
>>> if lief.ELF.ARM_EFLAGS.EABI_VER5 in lief.ELF.Header "yes" else "no"
[Python] Segment flags: PF_X, PF_W, PF_X has been renamed into ~lief.ELF.SEGMENT_FLAGS.X, ~lief.ELF.SEGMENT_FLAGS.W, ~lief.ELF.SEGMENT_FLAGS.X - d70ef9ec2c42619434352dbd7b74a835ebad7569

Add lief.ELF.Section.flags_list - 4937b7193a5760df85d0ac1567afc011a22cdb98

Enhancement for ~lief.ELF.DynamicEntryRpath and ~lief.ELF.DynamicEntryRunPath: c375a47da7c4c524e886f9238f8dd51a44501087

Enhancement for ~lief.ELF.DynamicEntryArray: 81440ce00cdfc793161a0dc394ada345307dc24b

Add some operators 3b200b30503847be4779447c76f5207d18daf77f, 43bd06f8f32196454ee2305201f4e27b3a3c8a1e

PE

Add some operators 5666351e07b7bf4a9624033f670d02b8806d2663

MachO

lief.MachO.parse can now takes a list of integers - f330fa887d14d47f0683144430ac9695d3136561

lief.MachO.parse now returns a ~lief.MachO.FatBinary instead of a list of ~lief.MachO.Binary. ~lief.MachO.FatBinary has a similar API as a list - 3602643f5d02a1c78c4de609cc47f193f3a8840f

Add some operators: cbe835484751396daffe7f8d238cbb85d66470ab

Logging

Add an API to configure the logger - 4600c2ba8d7d17b5965c2b74faeb7e4d2128de17

Example:
from lief import Logger
Logger.disable()
Logger.enable()
Logger.set_level(lief.LOGGING_LEVEL.INFO)
See: lief.Logger

Build system

Add FindLIEF.cmake - 6dd8b10325e832a7520bf5ae3a588b9e022d0345
Add ASAN, TSAN, USAN, LSAN - 7f6aeb0d0d74eae886f4b312e12e8f71e1d5da6a
Add LibFuzzer - 7a0dc28ea29a30209e944ebcde27f7c0ab234651

Documentation

References

recomposer, bearparser, IAT_patcher, PEframe, Manalyze, MachOView, elf-dissector

Acknowledgements

:github_user:alvarofe for 47
:github_user:aguinet for 55, 61, 65, 77
:github_user:jevinskie for 75
:github_user:liumuqing for 80
:github_user:Manouchehri for 106

0.7.0 - July 3, 2017

Features

Abstract Layer

Add bitness (32bits / 64bits) - 78d1adb41e8b0d21a6f6fe94014753ce68e0ffa1

Add object type (Library, executable etc) - 78d1adb41e8b0d21a6f6fe94014753ce68e0ffa1

Add mode Thumbs, 16bits etc - 78d1adb41e8b0d21a6f6fe94014753ce68e0ffa1

Add endianness - 7ea08f72c43212f2e3f401b5c2c2614bc9aab8de, 29

ELF

Enable dynamic symbols permutation - 2dea7cb6d631b69995567e056a97e526f588b8ff

Fully handle section-less binaries - de40c068316b3334e4c8d81ecb3efc177ab24c3b

Parse ELF notes - 241aac7bedaf18ab5e3f0c9775a8a51cb0b40a3e

Parse SYSV hash table - afa74cee88f730acef84fe6d9c984455a28463e7, 36

Add relocation size - f1766f2c297caed636c7f32730cd10b62bfcc757

PE

Parse PE Overlay - e0634c1cf6d12fbdc5bcc1745059005e46e5d805

Enable PE Hooking - 24f6b7213647469e269ead9441d78204162d08ec

Parse and rebuilt dos stub - 3f0639712617007e2e0431cb5eeb9be204c5d74b

Add a resources manager to provide an enhanced API over the resources - 8473c8e126f2a8f14728ad3f8ebb59c45ac55d2d

Serialize PE objects into JSON - 673f5a36f0d339ad9390427292fa6e725b8fd907, 18

Parse Rich Header - 0893bd9b08f2248ae8f656ccd81b1be12e8ae57e, 15

Bug Fixes

ELF

Bug fix when a GNU hash has empty buckets - 21a6c30

PE

Bug fix in the signature parser: 30, 4af0256ce7c5577e0b1010c6f9b566634f0a3993

Bug fix in the resources parser: Infinite loop - a569cc13d99354ff96932460f5b1fd859378f252

Add more out-of-bounds checks on relocations and exports - 9364f644e937a6a5d69c64c2ef4eaa1fbdd2cfad

Use min(SizeOfRawData, VirtualSize) for the section's size and truncate the size to the file size - 61bf14ba1182fe458453599ff014de5d71d25680

MachO

Bug fix when a binary hasn't a LC_MAIN command - 957501fe76596e0396c66d08540884876cea049c

API

Abstract Layer

lief.Header.is_32 and lief.Header.is_64

lief.Header.object_type

lief.Header.modes

lief.Header.endianness

ELF

lief.ELF.Binary.permute_dynamic_symbols

lief.ELF.Segment.data has been renamed to lief.ELF.Segment.content

lief.ELF.parse takes an optional parameters: symbol counting - lief.ELF.DYNSYM_COUNT_METHODS

lief.ELF.Relocation.size

Notes

lief.ELF.Note

lief.ELF.Binary.has_notes

lief.ELF.Binary.notes

Hash Tables

lief.ELF.SysvHash

lief.ELF.Binary.use_gnu_hash

lief.ELF.Binary.use_sysv_hash

lief.ELF.Binary.sysv_hash

PE

lief.PE.Symbol.has_section

lief.PE.Binary.hook_function

lief.PE.Binary.get_content_from_virtual_address takes either an Absolute virtual address or a Relative virtual address

lief.PE.Binary.section_from_virtual_address has been renamed to lief.PE.Binary.section_from_rva.

lief.PE.parse_from_raw has been removed. One can use lief.PE.parse.

lief.PE.Section.data has been removed. Please use lief.PE.Section.content

Dos Stub

lief.PE.Binary.dos_stub

lief.PE.Builder.build_dos_stub

Rich Header

lief.PE.Binary.rich_header

lief.PE.Binary.has_rich_header

lief.PE.RichHeader

lief.PE.RichEntry

Overlay

lief.PE.Binary.overlay

lief.PE.Builder.build_overlay

Imports

lief.PE.Binary.has_import

lief.PE.Binary.get_import

Resources

lief.PE.Binary.resources

lief.PE.ResourceData

lief.PE.ResourceDirectory

lief.PE.ResourceNode

lief.PE.LangCodeItem

lief.PE.ResourceDialog

lief.PE.ResourceDialogItem

lief.PE.ResourceFixedFileInfo

lief.PE.ResourceIcon

lief.PE.ResourceStringFileInfo

lief.PE.ResourceVarFileInfo

lief.PE.ResourceVersion

MachO

lief.MachO.Binary.has_entrypoint

lief.MachO.Symbol.demangled_name

UUID

lief.MachO.Binary.has_uuid

lief.MachO.Binary.uuid

lief.MachO.UUIDCommand

Main Command

lief.MachO.Binary.has_main_command

lief.MachO.Binary.main_command

lief.MachO.MainCommand

Dylinker

lief.MachO.Binary.has_dylinker

lief.MachO.Binary.dylinker

lief.MachO.DylinkerCommand

Documentation

References

elfsteem, pelook, PortEx, elfsharp, metasm, amoco, Goblin

Tutorials

PE Hooking, Resources Manipulation

Integration

XCode, CMake

Acknowledgements

ek0: 24
ACSC-CyberLab: 33, 34, 37, 39
Hyrum Anderson who pointed bugs in the PE parser
My collegues for the feedbacks and suggestions (Adrien, SebK, Pierrick)

0.6.1 - April 6, 2017

Bug Fixes

ELF

Don't rely on lief.ELF.Section.entry_size to count symbols - 004c6769bec37e303bbe7aaceb49f4b05c8eec84

API

PE

lief.PE.TLS.has_section

lief.PE.TLS.has_data_directory

Documentation

Integration

Visual Studio

Acknowledgements

Philippe for the proofreading.

0.6.0 - March 30, 2017

First public release

Files

changelog.rst

Latest commit

History

changelog.rst

File metadata and controls

Changelog

0.11.X - Patch Releases

0.11.5 - May 22, 2021

0.11.4 - March 09, 2021

0.11.3 - March 03, 2021

0.11.2 - February 24, 2021

0.11.1 - February 22, 2021

0.11.0 - January 19, 2021

0.10.1 - November 29, 2019

0.10.0 - November 24, 2019

0.9.0 - June 11, 2018

Features

API

Misc

Acknowledgements

0.8.3

0.8.2

0.8.1 - October 18, 2017

0.8.0 - October 16, 2017

Features

Fixes

API

Build system

Documentation

Acknowledgements

0.7.0 - July 3, 2017

Features

Bug Fixes

API

Documentation

Acknowledgements

0.6.1 - April 6, 2017

Bug Fixes

API

Documentation

Acknowledgements

0.6.0 - March 30, 2017