Skip to content

Latest commit

 

History

History
1374 lines (928 loc) · 49.1 KB

changelog.rst

File metadata and controls

1374 lines (928 loc) · 49.1 KB
Raw

Changelog

0.14.1 - February 11th, 2024

ELF
  • Fix regression in Symbol Version Definition processing (1014)
PE
  • Address 1016 by creating aliases:
    • lief.PE.ContentInfo.digest to lief.PE.SpcIndirectData.digest
    • lief.PE.ContentInfo.digest_algorithm to lief.PE.SpcIndirectData.digest_algorithm
Python
  • Fix regression in iterator's performances

0.14.0 - January 20, 2024

ELF

  • Add support for the GNU note properies (975).

    Example
    elf = lief.ELF.parse("...")
note = elf.get(lief.ELF.Note.TYPE.GNU_PROPERTY_TYPE_0)
aarch64_feat: lief.ELF.AArch64Feature = note.find(lief.ELF.NoteGnuProperty.Property.TYPE.AARCH64_FEATURES)
if lief.ELF.AArch64Feature.FEATURE.BTI in aarch64_feat.features:
    print("BTI supported")

    See:

    • lief.ELF.NoteGnuProperty
    • lief.ELF.AArch64Feature
    • lief.ELF.NoteNoCopyOnProtected
    • lief.ELF.StackSize
    • lief.ELF.X86Features
    • lief.ELF.X86ISA
  • Refactoring of the ELF note processing
  • Fix relocation issue when using -Wl,--emit-relocs (c.f. 897 / 898 by :github_user:adamjseitz)
  • Improve the computation of the dynamic symbols thanks to :github_user:adamjseitz (c.f. 922)
  • Add support for the LoongArch architecture thanks to :github_user:loongson-zn (c.f. 921)

  • Add a lief.ELF.ParserConfig interface that can be used to tweak which parts of the ELF format should be parsed.

    Example
    config = lief.ELF.ParserConfig()

# Skip parsing static and dynamic symbols
config.parse_static_symbols = False
config.parse_dyn_symbols = False

elf = lief.ELF.parse("target.elf", config)
MachO
  • The fileset name is now stored in lief.MachO.Binary.fileset_name (instead of lief.MachO.Binary.name)
PE
  • RESOURCE_SUBLANGS has been removed
  • RESOURCE_LANGS is now defined in a dedicated header: LIEF/PE/resources/langs.hpp
  • RESOURCE_TYPES is now scoped in ResourcesManager::TYPE
  • GUARD_CF_FLAGS is now scoped as ~lief.PE.LoadConfigurationV1.IMAGE_GUARD in lief.PE.LoadConfigurationV1

  • SECTION_CHARACTERISTICS is now scoped within the ~lief.PE.Section class instead of being globally defined:

    # Before
lief.PE.SECTION_CHARACTERISTICS.CNT_CODE
# Now:
lief.PE.Section.CHARACTERISTICS.CNT_CODE

  • DATA_DIRECTORY is now scoped within the ~lief.PE.DataDirectory class instead of being globally defined:

    # Before
lief.PE.DATA_DIRECTORY.IAT
# Now:
lief.PE.DataDirectory.TYPES.IAT

  • MACHINE_TYPES and HEADER_CHARACTERISTICS are now scoped within the ~lief.PE.Header class instead of being globally defined:

    # Before
lief.PE.MACHINE_TYPES.AMD64
# Now:
lief.PE.Header.MACHINE_TYPES.AMD64
  • lief.PE.Header.characteristics now returns a list/std::vector instead of a set.
  • lief.PE.OptionalHeader.dll_characteristics_lists now returns a list/std::vector instead of a set.

  • SUBSYSTEM and DLL_CHARACTERISTICS are now scoped within the ~lief.PE.OptionalHeader class instead of being globally defined:

    # Before
lief.PE.SUBSYSTEM.NATIVE
# Now:
lief.PE.OptionalHeader.SUBSYSTEM.NATIVE
  • lief.PE.DosHeader.used_bytes_in_the_last_page has been renamed in lief.PE.DosHeader.used_bytes_in_last_page

  • Refactoring of the Debug directory processing: lief.PE.Debug is now the root class of: lief.PE.CodeView / lief.PE.CodeView, lief.PE.Pogo, lief.PE.Repro.

    The parsing logic has been cleaned and the tests updated.

  • Add a lief.PE.ParserConfig interface that can be used to tweak which parts of the PE format should be parsed (839).

    Example
    config = lief.PE.ParserConfig()

# Skip parsing PE authenticode
config.parse_signature = False

pe = lief.PE.parse("pe.exe", config)
Abstraction
  • LIEF::EXE_FORMATS is now scoped in LIEF::Binary::FORMATS

  • All the Binary classes now implement `classof`:

    std::unique_ptr<LIEF::Binary> bin = LIEF::Parser::parse("...");
if (LIEF::PE::Binary::classof(bin.get())) {
  auto& pe_file = static_cast<LIEF::PE::Binary&>(*bin);
}
General Design
  • Python parser functions (like: lief.PE.parse) now accept os.PathLike arguments like pathlib.Path (974).
  • Remove the lief.Binary.name attribute
  • LIEF is now compiled with C++17 (the API remains C++11 compliant)
  • Switch to nanobind for the Python bindings.
  • CI are now more efficient.
  • The Python documentation for properties now contains the type of the property.

0.13.2 - June 17, 2023

PE

Fix authenticode inconsitency (932)

ELF

Fix missing undef (929)

0.13.1 - May 28, 2023

PE
  • Fix PE authenticode verification issue in the case of special characters (912)
Misc
  • Fix mypy stubs (909)
  • Fix missing include (918)
  • Fix C99 comments (916)
  • Fix AArch64 docker image (904)

0.13.0 - April 9, 2023

ELF
  • Fix overflow issue in segments (c.f. 845 found by :github_user:liyansong2018)
  • Fix missing relationship between symbols and sections (c.f. 841)
  • Fix coredump parsing issue (c.f. 830 found by :github_user:Lan1keA)
  • Fix and (re)enable removing dynamic symbols (c.f. 828)
  • Add support for NT_GNU_BUILD_ATTRIBUTE_OPEN and NT_GNU_BUILD_ATTRIBUTE_FUNC (c.f. 816)
  • [CVE-2022-38497] Fix ELF core parsing issue (766 found by :github_user:CCWANG19)
  • [CVE-2022-38306] Fix a heap overflow found by :github_user:CCWANG19 (763)
  • :github_user:aeflores fixed an issue when there are multiple versions associated with a symbol (see: 749 for the details).
  • Handle binaries compiled with the -static-pie flag correctly (see: 747)

  • Add support for modifying section-less binaries. The ELF ~lief.ELF.Section objects gain the lief.ELF.Section.as_frame method which defines the section as a framed section.

    A framed section is a section that concretely does not wraps data and can be corrupted.

    Example
    elf = lief.parse("/bin/ssh")
text = elf.get_section(".text").as_frame()

# We can now corrupt all the fields of the section
text.offset  = 0xdeadc0de
text.size    = 0xffffff
text.address = 0x123

elf.write("/tmp/out")

  • Add API to precisely define how the segments table should be relocated. One might want to enforce a certain ELF layout while adding sections/ segments. It is now possible to call the method: ~lief.ELF.Binary.relocate_phdr_table to define how the segments table should be relocated for welcoming the new sections/segments:

    elf = lief.parse("...")
# Enforce a specific relocation type:
# The new segments table will be shift at the end
# of the file
elf.relocate_phdr_table(Binary.PHDR_RELOC.FILE_END)

# Add sections/segments
# [...]
elf.write("out.elf")

    See:

    • lief.ELF.Binary.relocate_phdr_table
    • lief.ELF.Binary.PHDR_RELOC
MachO
  • Add ~lief.MachO.Binary.rpaths iterator (291)
  • Add support for parsing Mach-O in memory
  • Fix a memory issue (found by :github_user:bladchan via 806)
  • [CVE-2022-40923] Fix parsing issue (784 found by :github_user:bladchan)
  • [CVE-2022-40922] Fix parsing issue (781 found by :github_user:bladchan)
  • [CVE-2022-38307] Fix a segfault when the Mach-O binary does not have segments (found by :github_user:CCWANG19 via 764)
  • Enable to create exports
  • Fix the layout of the binaries modified by LIEF such as they can be (re)signed.
  • Add support for LC_DYLD_CHAINED_FIXUPS and LC_DYLD_EXPORTS_TRIE
  • Global enhancement when modifying the __LINKEDIT content
  • Add API to get a ~lief.MachO.Section from a specified segment's name and section's name.
Example
sec = bin.get_section("__DATA", "__objc_metadata")
  • Add API to remove a ~lief.MachO.Section from a specified segment's name and section's name.
Example
sec = bin.remove_section("__DATA", "__objc_metadata")
  • Add lief.MachO.Binary.page_size
PE
  • The Python API now returns bytes objects instead of List[int]
  • Remove lief.PE.ResourceNode.sort_by_id
  • Fix the ordering of children of ~lief.PE.ResourceNode
  • Remove deprecated functions related to PE hooking.
  • Add support for new PE LoadConfiguration structures.
DEX
  • Fix multiple parsing issues raised by :github_user:bladchan
Other
  • [CVE-2022-38497]: 765 found by :github_user:CCWANG19
  • [CVE-2022-38495]: 767 found by :github_user:CCWANG19
General Design
  • :github_user:ZehMatt added the support to write LIEF binaries object through a std::ostream interface (9d55f538602989c69454639565910884c5c5ac7c)
  • Remove the exceptions
  • The library contains less static initializers which should improve the loading time.
Python Bindings
  • Move to a build system compliant with pyproject.toml
  • Provide typing stubs: 650
  • PyPI releases no longer provide source distribution (sdist)
Dependencies
  • Move to spdlog 1.11.0
  • Move to Pybind11 - 2.10.1
  • Move to nlohmann/json 3.11.2
  • Move to MbedTLS 3.2.1
  • Move to utfcpp 3.2.1

0.12.3 - November 1, 2022

This release contains several security fixes:

  • [CVE-2022-38497] Fix ELF core parsing issue (766 found by :github_user:CCWANG19)
  • [CVE-2022-38306] Fix a heap overflow found by :github_user:CCWANG19 (763)
  • Fix a memory issue (found by :github_user:bladchan via 806)
  • [CVE-2022-40923] Fix parsing issue (784 found by :github_user:bladchan)
  • [CVE-2022-40922] Fix parsing issue (781 found by :github_user:bladchan)
  • [CVE-2022-38307] Fix a segfault when the Mach-O binary does not have segments (found by :github_user:CCWANG19 via 764)

0.12.1 - April 08, 2022

ELF
  • Fix section inclusion calculations (692)
PE
  • Fix parsing regressions (689, 687, 686, 685, 691, 693)
Compilation

0.12.0 - March 25, 2022

ELF
  • :github_user:ahaensler added the support to insert and assign a lief.ELF.SymbolVersionAuxRequirement (see: 670)
  • Enhance the ELF parser to support corner cases described by netspooky in :
  • New ELF Builder which is more efficient in terms of speed and in terms of number of segments added when modifying binaries (see: https://lief-project.github.io/blog/2022-01-23-new-elf-builder/)

  • :github_user:Clcanny improved (see 507 and 509) the reconstruction of the dynamic symbol table by sorting local symbols and non-exported symbols. It fixes the following warning when parsing a modified binary with readelf

    Warning: local symbol 29 found at index >= .dynsym's sh_info value of 1
MachO
  • Change the layout of the binaries generated by LIEF such as they are compliant with codesign checks

  • The API to configure the MachO parser has been redesigned to provide a better granularity

    config = lief.MachO.ParserConfig()
config.parse_dyld_bindings = False
config.parse_dyld_exports  = True
config.parse_dyld_rebases  = False

lief.MachO.parse("/tmp/big.macho", config)
  • :github_user:LucaMoroSyn added the support for the LC_FILESET_ENTRY. This command is usually found in kernel cache files
  • LIEF::MachO::Binary::get_symbol now returns a pointer (instead of a reference). If the symbol can't be found, it returns a nullptr.

  • Add API to select a ~lief.MachO.Binary from a ~lief.MachO.FatBinary by its architecture. See: lief.MachO.FatBinary.take.

    fat = lief.MachO.parse("/bin/ls")
fit = fat.take(lief.MachO.CPU_TYPES.x86_64)
  • Handle the 0x0D binding opcode (see: 524)
  • :github_user:xhochy fixed performances issues in the Mach-O parser (see 579)
PE
  • Adding lief.PE.OptionalHeader.computed_checksum that re-computes the lief.PE.OptionalHeader.checksum (c.f. issue 660)
  • Enable to recompute the ~lief.PE.RichHeader (issue: 587)
    • ~lief.PE.RichHeader.raw
    • ~lief.PE.RichHeader.hash
  • Add support for PE's delayed imports. see:
    • ~lief.PE.DelayImport / ~lief.PE.DelayImportEntry
    • ~lief.PE.Binary.delay_imports
  • lief.PE.LoadConfiguration.reserved1 has been aliased to lief.PE.LoadConfiguration.dependent_load_flags
  • lief.PE.LoadConfiguration.characteristics has been aliased to lief.PE.LoadConfiguration.size
  • Thanks to :github_user:gdesmar, we updated the PE checks to support PE files that have a corrupted lief.PE.OptionalHeader.magic (cf. 644)
DEX
  • :github_user:DanielFi added support for DEX's fields (see: 547)
Abstraction
  • Abstract binary imagebase for PE, ELF and Mach-O (lief.Binary.imagebase)
  • Add lief.Binary.offset_to_virtual_address
  • Add PE imports/exports as abstracted symbols
Compilation & Integration
  • :github_user:ekilmer updated and modernized the CMake integration files through the PR: 674

  • Enable to use a pre-compiled version of spdlog. This feature aims at improving compilation time when developing on LIEF.

    One can provide path to spdlog install through:

    $ python ./setup.py --spdlog-dir=path/to/lib/cmake/spdlog [...]
# or
$ cmake -DLIEF_EXTERNAL_SPDLOG=ON -Dspdlog_DIR=path/to/lib/cmake/spdlog ...
  • Enable to feed LIEF's dependencies externally (c.f. lief_third_party)
  • Replace the keywords and, or, not with &&, || and !.
Dependencies
  • Upgrade to MbedTLS 3.1.0
  • Upgrade Catch2 to 2.13.8
  • The different dependencies can be linked externally (cf. above and lief_third_party)
Documentation
  • New section about the errors handling (err_handling) and the upcoming deprecation of the exceptions.
  • New section about how to compile LIEF for debugging/developing. See: lief_debug
General Design
span

LIEF now exposes Section/Segment's data through a span interface. As std::span is available in the STL from C++20 and the LIEF public API aims at being C++11 compliant, we expose this span thanks to tcbrindle/span. This new interface enables to avoid copies of std::vector<uint8_t> which can be costly. With this new interface, the original std::vector<uint8_t> can be retrieved as follows:

auto bin = LIEF::ELF::Parser::parse("/bin/ls");

if (const auto* section = bin->get_section(".text")) {
  LIEF::span<const uint8_t> text_ref =  section->content();
  std::vector<uint8_t> copy = {std::begin(text_ref), std::end(text_ref)};
}

In Python, span are wrapped by a read-only memory view. The original list of bytes can be retrieved as follows:

bin = lief.parse("/bin/ls")
section = bin.get_section(".text")

if section is not None:
  memory_view = section.content
  list_of_bytes = list(memory_view)
Exceptions

Warning

We started to refactor the API and the internal design to remove C++ exceptions. These changes are described a the dedicated blog (LIEF RTTI & Exceptions)

To highlighting the content of the blog for the end users, functions that returned a reference and which threw an exception in the case of a failure are now returning a pointer that is set to nullptr in the case of a failure.

If we consider this original code:

LIEF::MachO::Binary& bin = ...;

try {
  LIEF::MachO::UUIDCommand& cmd = bin.uuid();
  std::cout << cmd << "\n";
} catch (const LIEF::not_found&) {
  // ... dedicated processing
}

// Other option with has_uuid()
if (bin.has_uuid()) {
  LIEF::MachO::UUIDCommand& cmd = bin.uuid();
  std::cout << cmd << "\n";
}

It can now be written as:

LIEF::MachO::Binary& bin = ...;

if (LIEF::MachO::UUIDCommand* cmd = bin.uuid();) {
  std::cout << *cmd << "\n";
} else {
  // ... dedicated processing as it is a nullptr
}

// Other option with has_uuid()
if (bin.has_uuid()) { // It ensures that it is not a nullptr
  LIEF::MachO::UUIDCommand& cmd = *bin.uuid();
  std::cout << cmd << "\n";
}

0.11.X - Patch Releases

0.11.5 - May 22, 2021

  • Remove usage of not in public headers (b8e825b464418de385146bb3f89ef6126f4de5d4)
ELF
  • :github_user:pdreiter fixed the issue 418
PE
  • Fix issue when computing lief.PE.Binary.sizeof_headers (ab3f073ac0c60d8453070f83dd4dc04fe60aa0a5)
MachO
  • Fix error on property lief.MachO.BuildVersion.sdk (see 533)

0.11.4 - March 09, 2021

PE
  • Fix missing bound check when computing the authentihash

0.11.3 - March 03, 2021

PE
  • Add sanity check on the signature's length that could lead to a std::bad_alloc exception

0.11.2 - February 24, 2021

PE
  • Fix regression in the behavior of the PE section's name. One can now access the full section's name (with trailing bytes) through lief.PE.Section.fullname (see: 551)

0.11.1 - February 22, 2021

PE
  • lief.PE.x509.is_trusted_by and lief.PE.x509.verify now return a better lief.PE.x509.VERIFICATION_FLAGS instead of just lief.PE.x509.VERIFICATION_FLAGS.BADCERT_NOT_TRUSTED (see: 532)
  • Fix errors in the computation of the Authentihash

0.11.0 - January 19, 2021

ELF
  • :github_user:mkomet updated enums related to Android (see: 9dd641d380a5defd0a71a9f42dde2fe9c9cb1dbd)
  • :github_user:aeflores added MIPS relocations support in the ELF parser
  • Fix ~lief.ELF.Binary.extend on a ELF section (cf. issue 477)
  • Fix issue when exporting symbols on empty-gnu-hash ELF binary (1381f9a115e6e312ac0ab3deb46a78e481b81796)
  • Fix reconstruction issue when the binary is prelinked (cf. issue 466)
  • Add DF_1_PIE flag
  • Fix parsing issue of the .eh_frame section when the base address is not 0.
  • :github_user:JanuszL enhanced the algorithm that computes the string table. It moves from a N^2 algorithm to a Nlog(N) (1e0c4e81d4a3fd7282713f111193e42f198f8967).
  • Fix .eh_frame parsing issue (b57f32333a85d0f172206bc5d20aabe2d7942738)
  • :github_user:aeflores fixed parsing issue in ELF relocations (6c53646bb790acf28f2999527eafad30db7d6b69)
  • Add PT_GNU_PROPERTY enum
  • Bug fix in the symbols table reconstruction (ELF)
PE
  • Enhance PE Authenticode. See PE Authenticode

  • ~lief.PE.get_imphash can now generate the same value as pefile and Virus Total (299)

    pe = lief.parse("example.exe")
vt_imphash = lief.PE.get_imphash(pe, lief.PE.IMPHASH_MODE.PEFILE)
lief_imphash = lief.PE.get_imphash(pe, lief.PE.IMPHASH_MODE.DEFAULT)

    lief.PE.IMPHASH_MODE and lief.PE.get_imphash

  • Remove the padding entry (0) from the rich header
  • ~lief.PE.LangCodeItem.items now returns a dictionary for which the values are bytes (instead of str object). This change is related to utf-16 support.
  • :github_user:kohnakagawa fixed wrong enums values: c03125045e32a9cd65c613585eb4d0385350c6d2, 6ee808a1e4611d09c6cf0aea82a612be69584db9, cd05f34bae681fc8af4b5e7cc28eaef816802b6f
  • :github_user:kohnakagawa fixed a bug in the PE resources parser (a7254d1ba935783f16effbc7faddf993c57e82f7)
  • Handle PE forwarded exports (issue 307)
Mach-O
  • Add API to access either LC_CODE_SIGNATURE or DYLIB_CODE_SIGN_DRS (issue 476)
  • Fix issue when parsing twice a Mach-O file (issue 479)
Dependencies
  • Replace easyloggingpp with spdlog 1.8.1
  • Upgrade frozen to 1.0.0
  • Upgrade json to 3.7.3
  • Upgrade pybind11 to 2.6.0
  • Upgrade mbedtls to 2.16.6
Documentation
  • :github_user:aguinet updated the bin2lib tutorial with the support of the new glibc versions (7884e57aa1d103f3bd37682e47f412bfe7a3aa34)
  • Global update and enable to build the documentation out-of-tree
  • Changing the theme
Misc
  • Add Python 3.9 support
  • FindLIEF.cmake deprecates LIEF_ROOT. You should use LIEF_DIR instead.
Logging

We changed the logging interface. The following log levels have been removed:

  • LOG_GLOBAL
  • LOG_FATAL
  • LOG_VERBOSE
  • LOG_UNKNOWN

We also moved from an class-interface based to functions.

Example:

lief.logging.disable()
lief.logging.enable()
lief.logging.set_level(lief.logging.LOGGING_LEVEL.INFO)

See: lief.logging.set_level

Note

The log functions now output on stderr instead of stdout

0.10.1 - November 29, 2019

  • Fix regression in parsing Python bytes
  • Add Python API to demangle strings: lief.demangle

0.10.0 - November 24, 2019

ELF
  • Add build support for ELF notes
  • Add coredump support (9fc3a8a43358f608cf18ddbe341e1d94b13cb9e0)

  • Enable to bind a relocation with a symbol (a9f3cb8f9b4a1f2cdaa95eee4568ff0b162f77cd)

    Example
    relocation = "..."

symbol = lief.ELF.Symbol()
symbol.name = "printf123"
relocation.symbol = symbol
  • Add constructors (67d924a2206c36cb9979d8b1b194b03b2d592e71)
  • Expose ELF destructors (957384cd361c4a485470f877658af2bf052dbe0a)
  • Add remove_static_symbol (c6779702b1fec3c67b0c19a36576830fe18bd9d9)
  • Add support for static relocation writing (d1b98d69ade662e2471ce2905bf3fb247dfc3143)
  • Expose function to get strings located in the .rodata section (02f4851c9f0c2bfa6fb4f51dab393a1db83b4851)
  • Export ELF ABI version (8d7ec26a93800b0729c2c05be8c55c8318ba3b20)
PE
  • Improve PE Authenticode parsing (535623de3aa4f8ddc34536331b802e2cbdc44faf)
  • Fix alignment issue when removing a PE section (04dddd371080d731fab965b127cb15a91c57d53c)
  • Parse PE debug data directory as a list of debug entries (by :github_user:1orenz0 - fcc75dd87982e52d77a1c7ee7e674741a199e41b)
  • Add support to parse POGO debug entries (by :github_user:1orenz0 - 3537440b8d0da6c9c3d00c25f7da8a04f29154d2)
Mach-O

  • Enhance Mach-O modifications by exposing an API to:

    • Add load commands
    • Add sections
    • Add segments

    See: 406115c8d097da0b61f00b2bb7b2442322ffc5d1

  • Enable write() on FAT Mach-O (16595316fd588619ea39b942817d6527e0601fbd)
  • Introduce Mach-O Build Version command (6f967238fcd369210839605ab08c30d647a09a65)
  • Enable to remove Mach-O symbols (616d739da513092e9ab7446654414b0929d5d5cf)
  • Add support for adding LC_UNIXTHREAD commands in a MachO (by :github_user:nezetic - 64d2597284149441fc734b251648ca917cd816e3)
Abstract Layer
  • Expose remove_section() in the abstract layer (918438c6bee52c8421d809bc3b42974165e5fa0b)
  • Expose write() in the abstract layer (af4d48ed2e1f1b96687644f2fc4661fcbdb979a6)
  • Expose API to list functions found in a binary (b5a08463ad63811e9e9432812406aadd74ab8c09)
Android
  • Add partial support for Android 9 (bce9ebe17064b1ca16b00dc14eebb5d5dd440184)
Misc
  • :github_user:lkollar added support for Python 3.8 in CI (Linux & OSX only)
  • Update Pybind11 dependency to v2.4.3
  • Enhance Python install (see: v10-label)
  • Thanks to :github_user:lkollar, Linux CI now produces manylinux1-compliant wheels

Many thanks to the contributors: :github_user:recvfrom, :github_user:pbrunet, :github_user:mackncheesiest, :github_user:wisk, :github_user:nezetic, :github_user:lkollar, :github_user:jbremer, :github_user:DaLynX, :github_user:1orenz0, :github_user:breadchris, :github_user:0xbf00, :github_user:unratito, :github_user:strazzere, :github_user:aguinetqb, :github_user:mingwandroid, :github_user:serge-sans-paille-qb, :github_user:yrp604, :github_user:majin42, :github_user:KOLANICH

0.9.0 - June 11, 2018

LIEF 0.9 comes with new formats related to Android: OAT, DEX, VDEX and ART. It also fixes bugs and thanks to :github_user:yd0b0N, ELF parser now supports big and little endian binaries. We also completed the JSON serialization of LIEF objects.

Features

MachO
  • Enable to configure the Mach-O parser for quick parsing: 880b99aeef825786dd65aed286d7c4d23b62f564
  • Add lief.MachO.EncryptionInfo command: f4e2d81bfe84238d463bdb65297c296635e783b1
  • Add lief.MachO.RPathCommand command: 196994dc089885ff2f1268e51f5514f7fcbc5cff
  • Add lief.MachO.DataInCode command: a16e1c4d13c7071fabe6a5a46b6d6c0fd9565b72
  • Add lief.MachO.SubFramework command: 9e3b5b45f78cc075f2192c245247af00b88b5e3c
  • Add lief.MachO.SegmentSplitInfo command: 9e3b5b45f78cc075f2192c245247af00b88b5e3c
  • Add lief.MachO.DyldEnvironment command: 9e3b5b45f78cc075f2192c245247af00b88b5e3c
  • API to show export-trie, rebase and binding opcodes: 5d56141061bfc27e3c971e9e474dc86fdaf0c6a9
PE
  • Add PE Code View: eab4a7614fdf6e9a180b1c638903310da0b83118
ELF
  • Add support for .note.android.ident section: d13db18214006ce654b723a882f70c3d7eabd20d
  • Enable to add unlimited number of dynamic entries: a40da3e3b4b985b18a6e6026d594f524b7bae963
  • Add support for PPC relocations: 08b514191f661eeabbdf8ecacd1d7dd35a67ca54
  • Endianness support: e794ac1502ee7636755bd441923368f88525a7d0

API

  • lief.breakp and lief.shell
  • lief.parse now support io streams as input
  • Parser now returns a std::unique_ptr instead of a raw pointer: cd1cc457cf3d63cfc5faa945657887200cedb8b3

Misc

  • Use frozen for some internal std::map (If C++14 is supported by the compiler)

Acknowledgements

  • :github_user:yd0b0N for 162 and 166 (Endianness support and PPC relocations)
  • :github_user:0xbf00 for 128 (LC_RPATH command)
  • :github_user:illera88 for 118

0.8.3

  • [Mach-O] Fix typo on comparison operator - abbc264833894973f601f700b3abcc109904f722

0.8.2

  • [ELF] Increase the upper limit of relocation number - 077bc329bdcc249cb8ed0b8bcb9630e1c9eede94

0.8.1 - October 18, 2017

  • Fix an alignment issue in the ELF builder. See 8db199c04e9e6bcdbda165ab5c42d88218a0beb6
  • Add assertion on the setuptools version: 62e5825e27bb637c2f42f4d05690a100213beb03

0.8.0 - October 16, 2017

LIEF 0.8.0 mainly improves the MachO parser and the ELF builder. It comes with Dockerfiles for CentOS and Android.

LibFuzzer has also been integrated in the project to enhance the parsers

Features

Abstract Layer
  • ~lief.Relocation are now abstracted from the 3 formats - 9503f2fc7b6c14bebd4c220bda4a243d87f14bd1
  • PIE and NX are abstracted through the ~lief.Binary.is_pie and ~lief.Binary.has_nx properties
  • Add the lief.Section.search and lief.Section.search_all methods to look for patterns in the section's content.
ELF
  • DT_FLAGS and DT_FLAGS_1 are now parsed into ~lief.ELF.DynamicEntryFlags - 754b8afa2b41993e6c37d2d9003cebdccc641d23
  • Handle relocations of object files (.o) - 483b8dc2eabee3da29ce5e5ff2e25c2a3c9ca297

  • Global enhancement of the ELF builder:

    One can now add multiple ~lief.ELF.Section or ~lief.ELF.Segment into an ELF:

    elf = lief.parse("/bin/cat")

for i in range(3):
  segment = Segment()
  segment.type = SEGMENT_TYPES.LOAD
  segment.content = [i & 0xFF] * 0x1000
  elf += segment


for i in range(3):
  section = Section("lief_{:02d}".format(i))
  section.content = [i & 0xFF] * 0x1000
  elf += section

elf.write("foo")
    $ readelf -l ./foo
PHDR           0x0000000000000040 0x0000000000000040 0x0000000000000040
               0x00000000000061f8 0x00000000000061f8  R E    0x8
INTERP         0x0000000000006238 0x0000000000006238 0x0000000000006238
               0x000000000000001c 0x000000000000001c  R      0x1
    [Requesting program interpreter: /lib64/ld-linux-x86-64.so.2]
LOAD           0x0000000000000000 0x0000000000000000 0x0000000000000000
               0x000000000000d6d4 0x000000000000d6d4  R E    0x200000
LOAD           0x000000000000da90 0x000000000020da90 0x000000000020da90
               0x0000000000000630 0x00000000000007d0  RW     0x200000
LOAD           0x000000000000f000 0x000000000040f000 0x000000000040f000
               0x0000000000001000 0x0000000000001000         0x1000
LOAD           0x0000000000010000 0x0000000000810000 0x0000000000810000
               0x0000000000001000 0x0000000000001000         0x1000
LOAD           0x0000000000011000 0x0000000001011000 0x0000000001011000
               0x0000000000001000 0x0000000000001000         0x1000
....

$ readelf -S ./foo
...
[27] lief_00           PROGBITS         0000000002012000  00012000
     0000000000001000  0000000000000000           0     0     4096
[28] lief_01           PROGBITS         0000000004013000  00013000
     0000000000001000  0000000000000000           0     0     4096
[29] lief_02           PROGBITS         0000000008014000  00014000
     0000000000001000  0000000000000000           0     0     4096

    Warning

    There are issues with executables statically linked with libraries that use TLS

    See: 98

    One can now add multiple entries in the dynamic table:

    elf = lief.parse("/bin/cat")

elf.add_library("libfoo.so")
elf.add(DynamicEntryRunPath("$ORIGIN"))
elf.add(DynamicEntry(DYNAMIC_TAGS.INIT, 123))
elf.add(DynamicSharedObject("libbar.so"))

elf.write("foo")
    $ readelf -d foo
  0x0000000000000001 (NEEDED)  Shared library: [libfoo.so]
  0x0000000000000001 (NEEDED)  Shared library: [libc.so.6]
  0x000000000000000c (INIT)    0x7b
  0x000000000000000c (INIT)    0x3600
  ...
  0x000000000000001d (RUNPATH) Bibliothèque runpath:[$ORIGIN]
  0x000000000000000e (SONAME)  Bibliothèque soname: [libbar.so]

    See b94900ca7f500912bfe249cd534055942e28e34b, 1e410e6c950c391f0d1a3f12cb6f8e4c9fb16539 for details.

  • b2d36940f60eacfa602c115cb542e11c70b6841c enables modification of the ELF interpreter without length restriction

    elf = lief.parse("/bin/cat")
elf.interpreter = "/a/very/long/path/to/another/interpreter"
elf.write("foo")
    $ readelf -l foo
Program Headers:
Type           Offset             VirtAddr           PhysAddr
               FileSiz            MemSiz              Flags  Align
PHDR           0x0000000000000040 0x0000000000000040 0x0000000000000040
               0x00000000000011f8 0x00000000000011f8  R E    0x8
INTERP         0x000000000000a000 0x000000000040a000 0x000000000040a000
               0x0000000000001000 0x0000000000001000  R      0x1
    [Requesting program interpreter: /a/very/long/path/to/another/interpreter]
....
  • Enhancement of the dynamic symbols counting - 985d1249b72494a0e62f34042b3c9cbfa0706e90

  • Enable editing ELF's notes:

    elf = lief.parse("/bin/ls")
build_id = elf[NOTE_TYPES.BUILD_ID]
build_id.description = [0xFF] * 20
elf.write("foo")
    $ readelf -n foo
Displaying notes found in: .note.gnu.build-id
Owner                 Data size Description
GNU                  0x00000014 NT_GNU_BUILD_ID (unique build ID bitstring)
  Build ID: ffffffffffffffffffffffffffffffffffffffff

    See commit 3be9dd0ff58ec68cb8813e01d6798c16b42dac22 for more details

PE
  • Add ~lief.PE.get_imphash and ~lief.PE.resolve_ordinals functions - a89bc6df4f242d7641292acdb184927449d14fff, dfa8e985c0561427a20088750693a004de587b1c

  • Parse the Load Config Table into ~lief.PE.LoadConfiguration (up to Windows 10 SDK 15002 with hotpatch_table_offset)

    from lief import to_json
import json
pe = lief.parse("some.exe")
loadconfig = to_json(pe.load_configuration)) # Using the lief.to_json function
pprint(json.loads(to_json(loadconfig)))
    {'characteristics': 248,
 'code_integrity': {'catalog': 0,
                    'catalog_offset': 0,
                    'flags': 0,
                    'reserved': 0},
 'critical_section_default_timeout': 0,
 'csd_version': 0,
 'editlist': 0,
 ...
 'guard_cf_check_function_pointer': 5368782848,
 'guard_cf_dispatch_function_pointer': 5368782864,
 'guard_cf_function_count': 15,
 'guard_cf_function_table': 5368778752,
 'guard_flags': 66816,
 'guard_long_jump_target_count': 0,
 'guard_long_jump_target_table': 0,
 'guard_rf_failure_routine': 5368713280,
 'guard_rf_failure_routine_function_pointer': 5368782880,
 ...

    For details, see commit: 0234e3b8bbb6f6f3490392f8c295fde284a99334

MachO

  • The dyld structure is parsed (deeply) into ~lief.MachO.DyldInfo. It includes:

    • Binding opcodes
    • Rebases opcodes
    • Export trie

    See: e2b81e0a8e187cae5f0f115241243a84ee7696b6, 0e972d69ce35731867d82c047eef7eb9ea58e3ec, f7cc518dcfbb0557fd8d396144bf99a222d96705, 782295bfb86d2a12584c5b16a37a26d56d1ee235, 67

  • Section relocations are now parsed into lief.MachO.Section.relocations - 29c8157ecc3b308bd521cb1daee3c2e3a2cffb28
  • LC_FUNCTION_STARTS is parsed into ~lief.MachO.FunctionStarts (18d89198a0cc63ff291ae9110f465354c3b8f1e6)
  • LC_SOURCE_VERSION, LC_VERSION_MIN_MACOSX and LC_VERSION_MIN_IPHONEOS are parsed into ~lief.MachO.SourceVersion and ~lief.MachO.VersionMin (c359778194db874669884aaccb52a4b05546bc07, 0b4bb7d56520cd0ea08bbcb9530e5e0c96ac14ae, 5b993117ed391db18ba775cabefa5f3981b2f1cc, 45)
  • LC_THREAD and LC_UNIXTHREAD are now parsed into ~lief.MachO.ThreadCommand - 23257830b291c40a3aed92360040f2b0b11ffa72

Fixes

Fix enums conflicts(32) - 66b4cd4550ecf6cf3adb4900e6ad7ac33f1f7f32

Fix most of the memory leaks: 88dafa8db6e752393f69d73f68d295e91963b8da, d9b1436730b5d33a753e7dfa4301697a0c676066, 554fa153af943b97a16fc4a52ab8459a3d0a9bc7, 3602643f5d02a1c78c4de609cc47f193f3a8840f

ELF
  • Bug Fix when counting dynamic symbols from the GnuHash Table - 9036a2405dc44726f40cb77cab1bcbf371ab7a70
PE
  • Fix nullptr dereference in resources - e90fe1b6c6f6a605390bcd1026435ce7503e7e6a
  • Handle encoding issues in the Python API - 8c7ceaf
  • Sanitize DLL names
MachO
  • Fix 87, 92
  • Fix memory leaks and some performance issues: 94

API

In the C++ API get_XXX() getters have been renamed into XXX() (e.g. get_header() becomes header()) - a4c69f7868da1de5d09aa26e977dedb720e36cbd, e805669865b130057413f456958a471d8f0ac0b1

Abstract
  • lief.Binary gains the ~lief.Binary.format property - 9391238f114fe963890777c2d8b90f2caaa5510c
  • lief.parse can now takes a list of integers - f330fa887d14d47f0683144430ac9695d3136561
  • Add ~lief.Binary.has_symbol and ~lief.Binary.get_symbol to lief.Binary - f121af5ca61a22fd83acc5c7094b50ed1cda8226

  • [Python API] Enhance the access to the abstract layer through the ~lief.Binary.abstract attribute - 07138549a46db87c7b924fd072356030b1d5c6bc

    One can now do:

    elf = lief.ELF.parse("/bin/ls") # Could be lief.MachO / lief.PE
abstract = elf.abstract # Return the lief.Binary object
ELF
  • Relocation gains the ~lief.ELF.Relocation.purpose property - b7b0bde4d51c54d8d226e5320b1b0d2cc48137c4
  • Add lief.ELF.Binary.symbols which return an iterator over all symbols (static and dynamic) - af6ab65dc91169627f4fbb87cda92093eb699a1e
  • Header.sizeof_section_header has been renamed into ~lief.ELF.Header.section_header_size - d96971b0c3f8ff50add349957f571b8daa00708a
  • Segment.flag has been renamed into ~lief.ELF.Segment.flags - 20a5f666deb89b06b79a1c4418ac938497fb658c

  • Add:

    • ~lief.ELF.Header.arm_flags_list,
    • ~lief.ELF.Header.mips_flags_list
    • ~lief.ELF.Header.ppc64_flags_list
    • ~lief.ELF.Header.hexagon_flags_list

    to ~lief.ELF.Header - 730d045e05dca7ef3cd6a51d1175f280be356c70

    To check if a given flag is set, one can do:

    >>> if lief.ELF.ARM_EFLAGS.EABI_VER5 in lief.ELF.Header "yes" else "no"
  • [Python] Segment flags: PF_X, PF_W, PF_X has been renamed into ~lief.ELF.SEGMENT_FLAGS.X, ~lief.ELF.SEGMENT_FLAGS.W, ~lief.ELF.SEGMENT_FLAGS.X - d70ef9ec2c42619434352dbd7b74a835ebad7569
  • Add lief.ELF.Section.flags_list - 4937b7193a5760df85d0ac1567afc011a22cdb98
  • Enhancement for ~lief.ELF.DynamicEntryRpath and ~lief.ELF.DynamicEntryRunPath: c375a47da7c4c524e886f9238f8dd51a44501087
  • Enhancement for ~lief.ELF.DynamicEntryArray: 81440ce00cdfc793161a0dc394ada345307dc24b
  • Add some operators 3b200b30503847be4779447c76f5207d18daf77f, 43bd06f8f32196454ee2305201f4e27b3a3c8a1e
PE
  • Add some operators 5666351e07b7bf4a9624033f670d02b8806d2663
MachO
  • lief.MachO.parse can now takes a list of integers - f330fa887d14d47f0683144430ac9695d3136561
  • lief.MachO.parse now returns a ~lief.MachO.FatBinary instead of a list of ~lief.MachO.Binary. ~lief.MachO.FatBinary has a similar API as a list - 3602643f5d02a1c78c4de609cc47f193f3a8840f
  • Add some operators: cbe835484751396daffe7f8d238cbb85d66470ab
Logging

Add an API to configure the logger - 4600c2ba8d7d17b5965c2b74faeb7e4d2128de17

Example:

from lief import Logger
Logger.disable()
Logger.enable()
Logger.set_level(lief.LOGGING_LEVEL.INFO)

See: lief.Logger

Build system

  • Add FindLIEF.cmake - 6dd8b10325e832a7520bf5ae3a588b9e022d0345
  • Add ASAN, TSAN, USAN, LSAN - 7f6aeb0d0d74eae886f4b312e12e8f71e1d5da6a
  • Add LibFuzzer - 7a0dc28ea29a30209e944ebcde27f7c0ab234651

Documentation

References
  • recomposer, bearparser, IAT_patcher, PEframe, Manalyze, MachOView, elf-dissector

Acknowledgements

  • :github_user:alvarofe for 47
  • :github_user:aguinet for 55, 61, 65, 77
  • :github_user:jevinskie for 75
  • :github_user:liumuqing for 80
  • :github_user:Manouchehri for 106

0.7.0 - July 3, 2017

Features

Abstract Layer
  • Add bitness (32bits / 64bits) - 78d1adb41e8b0d21a6f6fe94014753ce68e0ffa1
  • Add object type (Library, executable etc) - 78d1adb41e8b0d21a6f6fe94014753ce68e0ffa1
  • Add mode Thumbs, 16bits etc - 78d1adb41e8b0d21a6f6fe94014753ce68e0ffa1
  • Add endianness - 7ea08f72c43212f2e3f401b5c2c2614bc9aab8de, 29
ELF
  • Enable dynamic symbols permutation - 2dea7cb6d631b69995567e056a97e526f588b8ff
  • Fully handle section-less binaries - de40c068316b3334e4c8d81ecb3efc177ab24c3b
  • Parse ELF notes - 241aac7bedaf18ab5e3f0c9775a8a51cb0b40a3e
  • Parse SYSV hash table - afa74cee88f730acef84fe6d9c984455a28463e7, 36
  • Add relocation size - f1766f2c297caed636c7f32730cd10b62bfcc757
PE
  • Parse PE Overlay - e0634c1cf6d12fbdc5bcc1745059005e46e5d805
  • Enable PE Hooking - 24f6b7213647469e269ead9441d78204162d08ec
  • Parse and rebuilt dos stub - 3f0639712617007e2e0431cb5eeb9be204c5d74b
  • Add a resources manager to provide an enhanced API over the resources - 8473c8e126f2a8f14728ad3f8ebb59c45ac55d2d
  • Serialize PE objects into JSON - 673f5a36f0d339ad9390427292fa6e725b8fd907, 18
  • Parse Rich Header - 0893bd9b08f2248ae8f656ccd81b1be12e8ae57e, 15

Bug Fixes

ELF
  • Bug fix when a GNU hash has empty buckets - 21a6c30
PE
  • Bug fix in the signature parser: 30, 4af0256ce7c5577e0b1010c6f9b566634f0a3993
  • Bug fix in the resources parser: Infinite loop - a569cc13d99354ff96932460f5b1fd859378f252
  • Add more out-of-bounds checks on relocations and exports - 9364f644e937a6a5d69c64c2ef4eaa1fbdd2cfad
  • Use min(SizeOfRawData, VirtualSize) for the section's size and truncate the size to the file size - 61bf14ba1182fe458453599ff014de5d71d25680
MachO
  • Bug fix when a binary hasn't a LC_MAIN command - 957501fe76596e0396c66d08540884876cea049c

API

Abstract Layer
  • lief.Header.is_32 and lief.Header.is_64
  • lief.Header.object_type
  • lief.Header.modes
  • lief.Header.endianness
ELF
  • lief.ELF.Binary.permute_dynamic_symbols
  • lief.ELF.Segment.data has been renamed to lief.ELF.Segment.content
  • lief.ELF.parse takes an optional parameters: symbol counting - lief.ELF.DYNSYM_COUNT_METHODS
  • lief.ELF.Relocation.size
Notes
  • lief.ELF.Note
  • lief.ELF.Binary.has_notes
  • lief.ELF.Binary.notes
Hash Tables
  • lief.ELF.SysvHash
  • lief.ELF.Binary.use_gnu_hash
  • lief.ELF.Binary.use_sysv_hash
  • lief.ELF.Binary.sysv_hash
PE
  • lief.PE.Symbol.has_section
  • lief.PE.Binary.hook_function
  • lief.PE.Binary.get_content_from_virtual_address takes either an Absolute virtual address or a Relative virtual address
  • lief.PE.Binary.section_from_virtual_address has been renamed to lief.PE.Binary.section_from_rva.
  • lief.PE.parse_from_raw has been removed. One can use lief.PE.parse.
  • lief.PE.Section.data has been removed. Please use lief.PE.Section.content
Dos Stub
  • lief.PE.Binary.dos_stub
  • lief.PE.Builder.build_dos_stub
Rich Header
  • lief.PE.Binary.rich_header
  • lief.PE.Binary.has_rich_header
  • lief.PE.RichHeader
  • lief.PE.RichEntry
Overlay
  • lief.PE.Binary.overlay
  • lief.PE.Builder.build_overlay
Imports
  • lief.PE.Binary.has_import
  • lief.PE.Binary.get_import
Resources
  • lief.PE.Binary.resources
  • lief.PE.ResourceData
  • lief.PE.ResourceDirectory
  • lief.PE.ResourceNode
  • lief.PE.LangCodeItem
  • lief.PE.ResourceDialog
  • lief.PE.ResourceDialogItem
  • lief.PE.ResourceFixedFileInfo
  • lief.PE.ResourceIcon
  • lief.PE.ResourceStringFileInfo
  • lief.PE.ResourceVarFileInfo
  • lief.PE.ResourceVersion
MachO
  • lief.MachO.Binary.has_entrypoint
  • lief.MachO.Symbol.demangled_name
UUID
  • lief.MachO.Binary.has_uuid
  • lief.MachO.Binary.uuid
  • lief.MachO.UUIDCommand
Main Command
  • lief.MachO.Binary.has_main_command
  • lief.MachO.Binary.main_command
  • lief.MachO.MainCommand
Dylinker
  • lief.MachO.Binary.has_dylinker
  • lief.MachO.Binary.dylinker
  • lief.MachO.DylinkerCommand

Documentation

References
  • elfsteem, pelook, PortEx, elfsharp, metasm, amoco, Goblin
Tutorials
Integration

Acknowledgements

  • ek0: 24
  • ACSC-CyberLab: 33, 34, 37, 39
  • Hyrum Anderson who pointed bugs in the PE parser
  • My collegues for the feedbacks and suggestions (Adrien, SebK, Pierrick)

0.6.1 - April 6, 2017

Bug Fixes

ELF
  • Don't rely on lief.ELF.Section.entry_size to count symbols - 004c6769bec37e303bbe7aaceb49f4b05c8eec84

API

PE
  • lief.PE.TLS.has_section
  • lief.PE.TLS.has_data_directory

Documentation

Integration

Acknowledgements

0.6.0 - March 30, 2017

First public release