- Remove usage of
not
in public headers (b8e825b464418de385146bb3f89ef6126f4de5d4
)
- ELF
- :github_user:pdreiter fixed the issue
418
- :github_user:pdreiter fixed the issue
- PE
- Fix issue when computing
lief.PE.Binary.sizeof_headers
(ab3f073ac0c60d8453070f83dd4dc04fe60aa0a5
)
- Fix issue when computing
- MachO
- Fix error on property
lief.MachO.BuildVersion.sdk
(see533
)
- Fix error on property
- PE
- Fix missing bound check when computing the authentihash
- PE
- Add sanity check on the signature's length that could lead to a
std::bad_alloc
exception
- Add sanity check on the signature's length that could lead to a
- PE
- Fix regression in the behavior of the PE section's name. One can now access the full section's name (with trailing bytes) through
lief.PE.Section.fullname
(see:551
)
- Fix regression in the behavior of the PE section's name. One can now access the full section's name (with trailing bytes) through
- PE
lief.PE.x509.is_trusted_by
andlief.PE.x509.verify
now return a betterlief.PE.x509.VERIFICATION_FLAGS
instead of justlief.PE.x509.VERIFICATION_FLAGS.BADCERT_NOT_TRUSTED
(see:532
)- Fix errors in the computation of the Authentihash
- ELF
- :github_user:mkomet updated enums related to Android (see:
9dd641d380a5defd0a71a9f42dde2fe9c9cb1dbd
) - :github_user:aeflores added MIPS relocations support in the ELF parser
- Fix
~lief.ELF.Binary.extend
on a ELF section (cf. issue477
) - Fix issue when exporting symbols on empty-gnu-hash ELF binary (
1381f9a115e6e312ac0ab3deb46a78e481b81796
) - Fix reconstruction issue when the binary is prelinked (cf. issue
466
) - Add
DF_1_PIE
flag - Fix parsing issue of the
.eh_frame
section when the base address is not 0. - :github_user:JanuszL enhanced the algorithm that computes the string table. It moves from a
N^2
algorithm to aNlog(N)
(1e0c4e81d4a3fd7282713f111193e42f198f8967
). - Fix
.eh_frame
parsing issue (b57f32333a85d0f172206bc5d20aabe2d7942738
) - :github_user:aeflores fixed parsing issue in ELF relocations (
6c53646bb790acf28f2999527eafad30db7d6b69
) - Add
PT_GNU_PROPERTY
enum - Bug fix in the symbols table reconstruction (ELF)
- :github_user:mkomet updated enums related to Android (see:
- PE
- Enhance PE Authenticode. See PE Authenticode
~lief.PE.get_imphash
can now generate the same value as pefile and Virus Total (299
)pe = lief.parse("example.exe") vt_imphash = lief.PE.get_imphash(pe, lief.PE.IMPHASH_MODE.PEFILE) lief_imphash = lief.PE.get_imphash(pe, lief.PE.IMPHASH_MODE.DEFAULT)
lief.PE.IMPHASH_MODE
andlief.PE.get_imphash
- Remove the padding entry (0) from the rich header
~lief.PE.LangCodeItem.items
now returns a dictionary whose values are bytes (instead ofstr
object). This change is related toutf-16
support.- :github_user:kohnakagawa fixed wrong enums values:
c03125045e32a9cd65c613585eb4d0385350c6d2
,6ee808a1e4611d09c6cf0aea82a612be69584db9
,cd05f34bae681fc8af4b5e7cc28eaef816802b6f
- :github_user:kohnakagawa fixed a bug in the PE resources parser (
a7254d1ba935783f16effbc7faddf993c57e82f7
) - Handle PE forwarded exports (issue
307
)
- Mach-O
- Add API to access either
LC_CODE_SIGNATURE
orDYLIB_CODE_SIGN_DRS
(issue476
) - Fix issue when parsing twice a Mach-O file (issue
479
)
- Add API to access either
- Dependencies
- Replace
easyloggingpp
with spdlog 1.8.1 - Upgrade
frozen
to 1.0.0 - Upgrade
json
to 3.7.3 - Upgrade
pybind11
to 2.6.0 - Upgrade
mbedtls
to 2.16.6
- Replace
- Documentation
- :github_user:aguinet updated the bin2lib tutorial with the support of the new glibc versions (
7884e57aa1d103f3bd37682e47f412bfe7a3aa34
) - Global update and enable to build the documentation out-of-tree
- Changing the theme
- :github_user:aguinet updated the bin2lib tutorial with the support of the new glibc versions (
- Misc
- Add Python 3.9 support
FindLIEF.cmake
deprecatesLIEF_ROOT
. You should useLIEF_DIR
instead.
- Logging
We changed the logging interface. The following log levels have been removed:
- LOG_GLOBAL
- LOG_FATAL
- LOG_VERBOSE
- LOG_UNKNOWN
We also moved from an class-interface based to functions.
Example:
lief.logging.disable() lief.logging.enable() lief.logging.set_level(lief.logging.LOGGING_LEVEL.INFO)See:
lief.logging.set_level
Note
The log functions now output on
stderr
instead ofstdout
- Fix regression in parsing Python
bytes
- Add Python API to demangle strings:
lief.demangle
- ELF
- Add build support for ELF notes
- Add coredump support (
9fc3a8a43358f608cf18ddbe341e1d94b13cb9e0
)Enable to bind a relocation with a symbol (
a9f3cb8f9b4a1f2cdaa95eee4568ff0b162f77cd
)
- Example
relocation = "..." symbol = lief.ELF.Symbol() symbol.name = "printf123" relocation.symbol = symbol- Add constructors (
67d924a2206c36cb9979d8b1b194b03b2d592e71
)- Expose ELF destructors (
957384cd361c4a485470f877658af2bf052dbe0a
)- Add
remove_static_symbol
(c6779702b1fec3c67b0c19a36576830fe18bd9d9
)- Add support for static relocation writing (
d1b98d69ade662e2471ce2905bf3fb247dfc3143
)- Expose function to get strings located in the
.rodata
section (02f4851c9f0c2bfa6fb4f51dab393a1db83b4851
)- Export ELF ABI version (
8d7ec26a93800b0729c2c05be8c55c8318ba3b20
)
- PE
- Improve PE Authenticode parsing (
535623de3aa4f8ddc34536331b802e2cbdc44faf
)- Fix alignment issue when removing a PE section (
04dddd371080d731fab965b127cb15a91c57d53c
)- Parse PE debug data directory as a list of debug entries (by :github_user:1orenz0 -
fcc75dd87982e52d77a1c7ee7e674741a199e41b
)- Add support to parse POGO debug entries (by :github_user:1orenz0 -
3537440b8d0da6c9c3d00c25f7da8a04f29154d2
)
- Mach-O
Enhance Mach-O modifications by exposing an API to:
- Add load commands
- Add sections
- Add segments
See:
406115c8d097da0b61f00b2bb7b2442322ffc5d1
- Enable
write()
on FAT Mach-O (16595316fd588619ea39b942817d6527e0601fbd
)- Introduce Mach-O Build Version command (
6f967238fcd369210839605ab08c30d647a09a65
)- Enable to remove Mach-O symbols (
616d739da513092e9ab7446654414b0929d5d5cf
)- Add support for adding
LC_UNIXTHREAD
commands in a MachO (by :github_user:nezetic -64d2597284149441fc734b251648ca917cd816e3
)
- Abstract Layer
- Expose
remove_section()
in the abstract layer (918438c6bee52c8421d809bc3b42974165e5fa0b
)- Expose
write()
in the abstract layer (af4d48ed2e1f1b96687644f2fc4661fcbdb979a6
)- Expose API to list functions found in a binary (
b5a08463ad63811e9e9432812406aadd74ab8c09
)
- Android
- Add partial support for Android 9 (
bce9ebe17064b1ca16b00dc14eebb5d5dd440184
)
- Misc
- :github_user:lkollar added support for Python 3.8 in CI (Linux & OSX only)
- Update Pybind11 dependency to
v2.4.3
- Enhance Python install (see:
v10-label
)- Thanks to :github_user:lkollar, Linux CI now produces manylinux1-compliant wheels
Many thanks to the contributors: :github_user:recvfrom, :github_user:pbrunet, :github_user:mackncheesiest, :github_user:wisk, :github_user:nezetic, :github_user:lkollar, :github_user:jbremer, :github_user:DaLynX, :github_user:1orenz0, :github_user:breadchris, :github_user:0xbf00, :github_user:unratito, :github_user:strazzere, :github_user:aguinetqb, :github_user:mingwandroid, :github_user:serge-sans-paille-qb, :github_user:yrp604, :github_user:majin42, :github_user:KOLANICH
LIEF 0.9 comes with new formats related to Android: OAT, DEX, VDEX and ART. It also fixes bugs and thanks to :github_user:yd0b0N, ELF parser now supports big and little endian binaries. We also completed the JSON serialization of LIEF objects.
- MachO
- Enable to configure the Mach-O parser for quick parsing:
880b99aeef825786dd65aed286d7c4d23b62f564
- Add
lief.MachO.EncryptionInfo
command:f4e2d81bfe84238d463bdb65297c296635e783b1
- Add
lief.MachO.RPathCommand
command:196994dc089885ff2f1268e51f5514f7fcbc5cff
- Add
lief.MachO.DataInCode
command:a16e1c4d13c7071fabe6a5a46b6d6c0fd9565b72
- Add
lief.MachO.SubFramework
command:9e3b5b45f78cc075f2192c245247af00b88b5e3c
- Add
lief.MachO.SegmentSplitInfo
command:9e3b5b45f78cc075f2192c245247af00b88b5e3c
- Add
lief.MachO.DyldEnvironment
command:9e3b5b45f78cc075f2192c245247af00b88b5e3c
- API to show export-trie, rebase and binding opcodes:
5d56141061bfc27e3c971e9e474dc86fdaf0c6a9
- PE
- Add PE Code View:
eab4a7614fdf6e9a180b1c638903310da0b83118
- ELF
- Add support for
.note.android.ident
section:d13db18214006ce654b723a882f70c3d7eabd20d
- Enable to add unlimited number of dynamic entries:
a40da3e3b4b985b18a6e6026d594f524b7bae963
- Add support for PPC relocations:
08b514191f661eeabbdf8ecacd1d7dd35a67ca54
- Endianness support:
e794ac1502ee7636755bd441923368f88525a7d0
lief.breakp
andlief.shell
lief.parse
now supportio
streams as input- Parser now returns a
std::unique_ptr
instead of a raw pointer:cd1cc457cf3d63cfc5faa945657887200cedb8b3
- Use frozen for some internal
std::map
(If C++14 is supported by the compiler)
- :github_user:yd0b0N for
162
and166
(Endianness support and PPC relocations) - :github_user:0xbf00 for
128
(LC_RPATH
command) - :github_user:illera88 for
118
- [Mach-O] Fix typo on comparison operator -
abbc264833894973f601f700b3abcc109904f722
- [ELF] Increase the upper limit of relocation number -
077bc329bdcc249cb8ed0b8bcb9630e1c9eede94
- Fix an alignment issue in the ELF builder. See
8db199c04e9e6bcdbda165ab5c42d88218a0beb6
- Add assertion on the setuptools version:
62e5825e27bb637c2f42f4d05690a100213beb03
LIEF 0.8.0 mainly improves the MachO parser and the ELF builder. It comes with Dockerfiles for CentOS and Android.
LibFuzzer has also been integrated in the project to enhance the parsers
- Abstract Layer
~lief.Relocation
are now abstracted from the 3 formats -9503f2fc7b6c14bebd4c220bda4a243d87f14bd1
PIE
andNX
are abstracted through the~lief.Binary.is_pie
and~lief.Binary.has_nx
properties- Add the
lief.Section.search
andlief.Section.search_all
methods to look for patterns in the section's content.
- ELF
DT_FLAGS
andDT_FLAGS_1
are now parsed into~lief.ELF.DynamicEntryFlags
-754b8afa2b41993e6c37d2d9003cebdccc641d23
- Handle relocations of object files (
.o
) -483b8dc2eabee3da29ce5e5ff2e25c2a3c9ca297
Global enhancement of the ELF builder:
One can now add multiple
~lief.ELF.Section
or~lief.ELF.Segment
into an ELF:elf = lief.parse("/bin/cat") for i in range(3): segment = Segment() segment.type = SEGMENT_TYPES.LOAD segment.content = [i & 0xFF] * 0x1000 elf += segment for i in range(3): section = Section("lief_{:02d}".format(i)) section.content = [i & 0xFF] * 0x1000 elf += section elf.write("foo")$ readelf -l ./foo PHDR 0x0000000000000040 0x0000000000000040 0x0000000000000040 0x00000000000061f8 0x00000000000061f8 R E 0x8 INTERP 0x0000000000006238 0x0000000000006238 0x0000000000006238 0x000000000000001c 0x000000000000001c R 0x1 [Requesting program interpreter: /lib64/ld-linux-x86-64.so.2] LOAD 0x0000000000000000 0x0000000000000000 0x0000000000000000 0x000000000000d6d4 0x000000000000d6d4 R E 0x200000 LOAD 0x000000000000da90 0x000000000020da90 0x000000000020da90 0x0000000000000630 0x00000000000007d0 RW 0x200000 LOAD 0x000000000000f000 0x000000000040f000 0x000000000040f000 0x0000000000001000 0x0000000000001000 0x1000 LOAD 0x0000000000010000 0x0000000000810000 0x0000000000810000 0x0000000000001000 0x0000000000001000 0x1000 LOAD 0x0000000000011000 0x0000000001011000 0x0000000001011000 0x0000000000001000 0x0000000000001000 0x1000 .... $ readelf -S ./foo ... [27] lief_00 PROGBITS 0000000002012000 00012000 0000000000001000 0000000000000000 0 0 4096 [28] lief_01 PROGBITS 0000000004013000 00013000 0000000000001000 0000000000000000 0 0 4096 [29] lief_02 PROGBITS 0000000008014000 00014000 0000000000001000 0000000000000000 0 0 4096Warning
There are issues with executables statically linked with libraries that use
TLS
See:
98
One can now add multiple entries in the dynamic table:
elf = lief.parse("/bin/cat") elf.add_library("libfoo.so") elf.add(DynamicEntryRunPath("$ORIGIN")) elf.add(DynamicEntry(DYNAMIC_TAGS.INIT, 123)) elf.add(DynamicSharedObject("libbar.so")) elf.write("foo")$ readelf -d foo 0x0000000000000001 (NEEDED) Shared library: [libfoo.so] 0x0000000000000001 (NEEDED) Shared library: [libc.so.6] 0x000000000000000c (INIT) 0x7b 0x000000000000000c (INIT) 0x3600 ... 0x000000000000001d (RUNPATH) Bibliothèque runpath:[$ORIGIN] 0x000000000000000e (SONAME) Bibliothèque soname: [libbar.so]See
b94900ca7f500912bfe249cd534055942e28e34b
,1e410e6c950c391f0d1a3f12cb6f8e4c9fb16539
for details.
b2d36940f60eacfa602c115cb542e11c70b6841c
enables modification of the ELF interpreter without length restrictionelf = lief.parse("/bin/cat") elf.interpreter = "/a/very/long/path/to/another/interpreter" elf.write("foo")$ readelf -l foo Program Headers: Type Offset VirtAddr PhysAddr FileSiz MemSiz Flags Align PHDR 0x0000000000000040 0x0000000000000040 0x0000000000000040 0x00000000000011f8 0x00000000000011f8 R E 0x8 INTERP 0x000000000000a000 0x000000000040a000 0x000000000040a000 0x0000000000001000 0x0000000000001000 R 0x1 [Requesting program interpreter: /a/very/long/path/to/another/interpreter] ....- Enhancement of the dynamic symbols counting -
985d1249b72494a0e62f34042b3c9cbfa0706e90
Enable editing ELF's notes:
elf = lief.parse("/bin/ls") build_id = elf[NOTE_TYPES.BUILD_ID] build_id.description = [0xFF] * 20 elf.write("foo")$ readelf -n foo Displaying notes found in: .note.gnu.build-id Owner Data size Description GNU 0x00000014 NT_GNU_BUILD_ID (unique build ID bitstring) Build ID: ffffffffffffffffffffffffffffffffffffffffSee commit
3be9dd0ff58ec68cb8813e01d6798c16b42dac22
for more details
- PE
- Add
~lief.PE.get_imphash
and~lief.PE.resolve_ordinals
functions -a89bc6df4f242d7641292acdb184927449d14fff
,dfa8e985c0561427a20088750693a004de587b1c
Parse the Load Config Table into
~lief.PE.LoadConfiguration
(up to Windows 10 SDK 15002 with hotpatch_table_offset)from lief import to_json import json pe = lief.parse("some.exe") loadconfig = to_json(pe.load_configuration)) # Using the lief.to_json function pprint(json.loads(to_json(loadconfig))){'characteristics': 248, 'code_integrity': {'catalog': 0, 'catalog_offset': 0, 'flags': 0, 'reserved': 0}, 'critical_section_default_timeout': 0, 'csd_version': 0, 'editlist': 0, ... 'guard_cf_check_function_pointer': 5368782848, 'guard_cf_dispatch_function_pointer': 5368782864, 'guard_cf_function_count': 15, 'guard_cf_function_table': 5368778752, 'guard_flags': 66816, 'guard_long_jump_target_count': 0, 'guard_long_jump_target_table': 0, 'guard_rf_failure_routine': 5368713280, 'guard_rf_failure_routine_function_pointer': 5368782880, ...For details, see commit:
0234e3b8bbb6f6f3490392f8c295fde284a99334
- MachO
The
dyld
structure is parsed (deeply) into~lief.MachO.DyldInfo
. It includes:
- Binding opcodes
- Rebases opcodes
- Export trie
See:
e2b81e0a8e187cae5f0f115241243a84ee7696b6
,0e972d69ce35731867d82c047eef7eb9ea58e3ec
,f7cc518dcfbb0557fd8d396144bf99a222d96705
,782295bfb86d2a12584c5b16a37a26d56d1ee235
,67
- Section relocations are now parsed into
lief.MachO.Section.relocations
-29c8157ecc3b308bd521cb1daee3c2e3a2cffb28
LC_FUNCTION_STARTS
is parsed into~lief.MachO.FunctionStarts
(18d89198a0cc63ff291ae9110f465354c3b8f1e6
)LC_SOURCE_VERSION
,LC_VERSION_MIN_MACOSX
andLC_VERSION_MIN_IPHONEOS
are parsed into~lief.MachO.SourceVersion
and~lief.MachO.VersionMin
(c359778194db874669884aaccb52a4b05546bc07
,0b4bb7d56520cd0ea08bbcb9530e5e0c96ac14ae
,5b993117ed391db18ba775cabefa5f3981b2f1cc
,45
)LC_THREAD
andLC_UNIXTHREAD
are now parsed into~lief.MachO.ThreadCommand
-23257830b291c40a3aed92360040f2b0b11ffa72
Fix enums conflicts(32
) - 66b4cd4550ecf6cf3adb4900e6ad7ac33f1f7f32
Fix most of the memory leaks: 88dafa8db6e752393f69d73f68d295e91963b8da
, d9b1436730b5d33a753e7dfa4301697a0c676066
, 554fa153af943b97a16fc4a52ab8459a3d0a9bc7
, 3602643f5d02a1c78c4de609cc47f193f3a8840f
- ELF
- Bug Fix when counting dynamic symbols from the GnuHash Table -
9036a2405dc44726f40cb77cab1bcbf371ab7a70
- PE
- Fix nullptr dereference in resources -
e90fe1b6c6f6a605390bcd1026435ce7503e7e6a
- Handle encoding issues in the Python API - 8c7ceaf
- Sanitize DLL names
- MachO
- Fix
87
,92
- Fix memory leaks and some performance issues:
94
In the C++ API get_XXX()
getters have been renamed into XXX()
(e.g. get_header()
becomes header()
) - a4c69f7868da1de5d09aa26e977dedb720e36cbd
, e805669865b130057413f456958a471d8f0ac0b1
- Abstract
lief.Binary
gains the~lief.Binary.format
property -9391238f114fe963890777c2d8b90f2caaa5510c
lief.parse
can now takes a list of integers -f330fa887d14d47f0683144430ac9695d3136561
- Add
~lief.Binary.has_symbol
and~lief.Binary.get_symbol
tolief.Binary
-f121af5ca61a22fd83acc5c7094b50ed1cda8226
[Python API] Enhance the access to the abstract layer through the
~lief.Binary.abstract
attribute -07138549a46db87c7b924fd072356030b1d5c6bc
One can now do:
elf = lief.ELF.parse("/bin/ls") # Could be lief.MachO / lief.PE abstract = elf.abstract # Return the lief.Binary object
- ELF
- Relocation gains the
~lief.ELF.Relocation.purpose
property -b7b0bde4d51c54d8d226e5320b1b0d2cc48137c4
- Add
lief.ELF.Binary.symbols
which return an iterator over all symbols (static and dynamic) -af6ab65dc91169627f4fbb87cda92093eb699a1e
Header.sizeof_section_header
has been renamed into~lief.ELF.Header.section_header_size
-d96971b0c3f8ff50add349957f571b8daa00708a
Segment.flag
has been renamed into~lief.ELF.Segment.flags
-20a5f666deb89b06b79a1c4418ac938497fb658c
Add:
~lief.ELF.Header.arm_flags_list
,~lief.ELF.Header.mips_flags_list
~lief.ELF.Header.ppc64_flags_list
~lief.ELF.Header.hexagon_flags_list
to
~lief.ELF.Header
-730d045e05dca7ef3cd6a51d1175f280be356c70
To check if a given flag is set, one can do:
>>> if lief.ELF.ARM_EFLAGS.EABI_VER5 in lief.ELF.Header "yes" else "no"- [Python] Segment flags:
PF_X
,PF_W
,PF_X
has been renamed into~lief.ELF.SEGMENT_FLAGS.X
,~lief.ELF.SEGMENT_FLAGS.W
,~lief.ELF.SEGMENT_FLAGS.X
-d70ef9ec2c42619434352dbd7b74a835ebad7569
- Add
lief.ELF.Section.flags_list
-4937b7193a5760df85d0ac1567afc011a22cdb98
- Enhancement for
~lief.ELF.DynamicEntryRpath
and~lief.ELF.DynamicEntryRunPath
:c375a47da7c4c524e886f9238f8dd51a44501087
- Enhancement for
~lief.ELF.DynamicEntryArray
:81440ce00cdfc793161a0dc394ada345307dc24b
- Add some operators
3b200b30503847be4779447c76f5207d18daf77f
,43bd06f8f32196454ee2305201f4e27b3a3c8a1e
- PE
- Add some operators
5666351e07b7bf4a9624033f670d02b8806d2663
- Add some operators
- MachO
lief.MachO.parse
can now takes a list of integers -f330fa887d14d47f0683144430ac9695d3136561
lief.MachO.parse
now returns a~lief.MachO.FatBinary
instead of alist
of~lief.MachO.Binary
.~lief.MachO.FatBinary
has a similar API as a list -3602643f5d02a1c78c4de609cc47f193f3a8840f
- Add some operators:
cbe835484751396daffe7f8d238cbb85d66470ab
- Logging
Add an API to configure the logger -
4600c2ba8d7d17b5965c2b74faeb7e4d2128de17
Example:
from lief import Logger Logger.disable() Logger.enable() Logger.set_level(lief.LOGGING_LEVEL.INFO)See:
lief.Logger
- Add FindLIEF.cmake -
6dd8b10325e832a7520bf5ae3a588b9e022d0345
- Add ASAN, TSAN, USAN, LSAN -
7f6aeb0d0d74eae886f4b312e12e8f71e1d5da6a
- Add LibFuzzer -
7a0dc28ea29a30209e944ebcde27f7c0ab234651
- References
- recomposer, bearparser, IAT_patcher, PEframe, Manalyze, MachOView, elf-dissector
- :github_user:alvarofe for
47
- :github_user:aguinet for
55
,61
,65
,77
- :github_user:jevinskie for
75
- :github_user:liumuqing for
80
- :github_user:Manouchehri for
106
- Abstract Layer
- Add bitness (32bits / 64bits) -
78d1adb41e8b0d21a6f6fe94014753ce68e0ffa1
- Add object type (Library, executable etc) -
78d1adb41e8b0d21a6f6fe94014753ce68e0ffa1
- Add mode Thumbs, 16bits etc -
78d1adb41e8b0d21a6f6fe94014753ce68e0ffa1
- Add endianness -
7ea08f72c43212f2e3f401b5c2c2614bc9aab8de
,29
- ELF
- Enable dynamic symbols permutation -
2dea7cb6d631b69995567e056a97e526f588b8ff
- Fully handle section-less binaries -
de40c068316b3334e4c8d81ecb3efc177ab24c3b
- Parse ELF notes -
241aac7bedaf18ab5e3f0c9775a8a51cb0b40a3e
- Parse SYSV hash table -
afa74cee88f730acef84fe6d9c984455a28463e7
,36
- Add relocation size -
f1766f2c297caed636c7f32730cd10b62bfcc757
- PE
- Parse PE Overlay -
e0634c1cf6d12fbdc5bcc1745059005e46e5d805
- Enable PE Hooking -
24f6b7213647469e269ead9441d78204162d08ec
- Parse and rebuilt dos stub -
3f0639712617007e2e0431cb5eeb9be204c5d74b
- Add a resources manager to provide an enhanced API over the resources -
8473c8e126f2a8f14728ad3f8ebb59c45ac55d2d
- Serialize PE objects into JSON -
673f5a36f0d339ad9390427292fa6e725b8fd907
,18
- Parse Rich Header -
0893bd9b08f2248ae8f656ccd81b1be12e8ae57e
,15
- ELF
- Bug fix when a GNU hash has empty buckets - 21a6c30
- PE
- Bug fix in the signature parser:
30
,4af0256ce7c5577e0b1010c6f9b566634f0a3993
- Bug fix in the resources parser: Infinite loop -
a569cc13d99354ff96932460f5b1fd859378f252
- Add more out-of-bounds checks on relocations and exports -
9364f644e937a6a5d69c64c2ef4eaa1fbdd2cfad
- Use
min(SizeOfRawData, VirtualSize)
for the section's size and truncate the size to the file size -61bf14ba1182fe458453599ff014de5d71d25680
- MachO
- Bug fix when a binary hasn't a
LC_MAIN
command -957501fe76596e0396c66d08540884876cea049c
- Abstract Layer
lief.Header.is_32
andlief.Header.is_64
lief.Header.object_type
lief.Header.modes
lief.Header.endianness
- ELF
lief.ELF.Binary.permute_dynamic_symbols
lief.ELF.Segment.data
has been renamed tolief.ELF.Segment.content
lief.ELF.parse
takes an optional parameters: symbol counting -lief.ELF.DYNSYM_COUNT_METHODS
lief.ELF.Relocation.size
- Notes
lief.ELF.Note
lief.ELF.Binary.has_notes
lief.ELF.Binary.notes
- Hash Tables
lief.ELF.SysvHash
lief.ELF.Binary.use_gnu_hash
lief.ELF.Binary.use_sysv_hash
lief.ELF.Binary.sysv_hash
- PE
lief.PE.Symbol.has_section
lief.PE.Binary.hook_function
lief.PE.Binary.get_content_from_virtual_address
takes either an Absolute virtual address or a Relative virtual addresslief.PE.Binary.section_from_virtual_address
has been renamed tolief.PE.Binary.section_from_rva
.lief.PE.parse_from_raw
has been removed. One can uselief.PE.parse
.lief.PE.Section.data
has been removed. Please uselief.PE.Section.content
- Dos Stub
lief.PE.Binary.dos_stub
lief.PE.Builder.build_dos_stub
- Rich Header
lief.PE.Binary.rich_header
lief.PE.Binary.has_rich_header
lief.PE.RichHeader
lief.PE.RichEntry
- Overlay
lief.PE.Binary.overlay
lief.PE.Builder.build_overlay
- Imports
lief.PE.Binary.has_import
lief.PE.Binary.get_import
- Resources
lief.PE.Binary.resources
lief.PE.ResourceData
lief.PE.ResourceDirectory
lief.PE.ResourceNode
lief.PE.LangCodeItem
lief.PE.ResourceDialog
lief.PE.ResourceDialogItem
lief.PE.ResourceFixedFileInfo
lief.PE.ResourceIcon
lief.PE.ResourceStringFileInfo
lief.PE.ResourceVarFileInfo
lief.PE.ResourceVersion
- MachO
lief.MachO.Binary.has_entrypoint
lief.MachO.Symbol.demangled_name
- UUID
lief.MachO.Binary.has_uuid
lief.MachO.Binary.uuid
lief.MachO.UUIDCommand
- Main Command
lief.MachO.Binary.has_main_command
lief.MachO.Binary.main_command
lief.MachO.MainCommand
- Dylinker
lief.MachO.Binary.has_dylinker
lief.MachO.Binary.dylinker
lief.MachO.DylinkerCommand
- References
- elfsteem, pelook, PortEx, elfsharp, metasm, amoco, Goblin
- Tutorials
- Integration
- ek0:
24
- ACSC-CyberLab:
33
,34
,37
,39
- Hyrum Anderson who pointed bugs in the PE parser
- My collegues for the feedbacks and suggestions (Adrien, SebK, Pierrick)
- ELF
- Don't rely on
lief.ELF.Section.entry_size
to count symbols -004c6769bec37e303bbe7aaceb49f4b05c8eec84
- PE
lief.PE.TLS.has_section
lief.PE.TLS.has_data_directory
- Integration
- Philippe for the proofreading.
First public release