lief-project / lief Goto Github PK
View Code? Open in Web Editor NEWLIEF - Library to Instrument Executable Formats
Home Page: https://lief-project.github.io/
License: Apache License 2.0
LIEF - Library to Instrument Executable Formats
Home Page: https://lief-project.github.io/
License: Apache License 2.0
I'm not sure I'm doing it right, but accessing the file information of a PE is a bit difficult:
pe = lief.parse("./2805/f325970fd24bb088f1befdae5788152329e26bf3")
string_info = lief.to_json(pe.resources_manager.version.string_file_info.langcode_items[0])
# and then, json.loads, and so on
It would be very nice to be able to access all the data as a collections.abc.MutableMapping
so we could read and write the attributes directly in a pythonic way.
I may be doing it wrong ;)
PEs without ResourcesManager
will segfault:
In [1]: import lief
In [2]: a = lief.parse("/home/raphael/.viper/projects/troopers17/vt_samples/2122/1a09ce8a9210d2530d6ce1d59bfae2ac617ac89558cdcdcac15392d176e70c8d")
In [3]: a.resources_manager
Out[3]: <lief.PE.ResourcesManager at 0x7f4bf090c5a0>
In [4]: a.resources_manager.<TAB>Segmentation fault (core dumped)
Printing/to_json also fails
Many thanks for your useful project. I have a question.
I am testing 'add_new_section' example(c++) included in LIEF0.7.0, and it works well for ELF AMD 64bit Binary. But not for ELF AMD 32bit Binary or ELF ARM 32/64bit Binary.
When I add a section to the executable file(ELF ARM 32bit) with 'add_new_section' and then run it, the following error message occurs.
CANNOT LINK EXECUTABLE: empty/missing DT_HASH in "./addsection_call_arm_a" (built with —hash-style=gnu?)
I want to add a new section to the 'ELF ARM 32bit Binary' and i hope it operates normally.
I think LIEF::ELF::BINARY::add_section() seems to have a problem, please check it.
Thank you.
hi, thank you for this lib, there is support for adding and changing resources? can you consider adding some example?
Hi,
I've encountered a small issue trying to edit the source code in visual studio.
Currently the generated solution doesn't group the source files under filters.
Also the header files are put under the "External Dependencies" section.
Here is an example of the currently generated tree:
But I think it would be better, for example to have something like this:
Thanks
Binaries with empty or unprintable section names raise a UnicodeDecodeError
:
UnicodeDecodeError: 'utf-8' codec can't decode byte 0xff in position 0: invalid start byte
Examples:
https://github.com/viper-framework/pefile-tests/blob/master/tests/corkami/pocs/maxsecXP.exe
https://github.com/viper-framework/pefile-tests/blob/master/tests/corkami/pocs/maxvals.exe
The recommended fix is to use backslashreplace
when decoding: https://docs.python.org/3/library/codecs.html#error-handlers
Some parameters (like “${CMAKE_CURRENT_LIST_DIR}/utils.cpp” and “${SOURCE_DIR}/src”) are passed to CMake commands in your build scripts without enclosing them by quotation marks. I see that these places will result in build difficulties if the contents of the used variables will contain special characters like semicolons.
I would recommend to apply advices from a wiki article.
LIEF.h no where to be seen in the repo.
Both following samples are using 8G+ of ram (and OOM killer steps in ;) ):
https://github.com/viper-framework/pefile-tests/blob/master/tests/corkami/pocs/65535sects.exe
https://github.com/viper-framework/pefile-tests/blob/master/tests/corkami/pocs/manyimportsW7.exe
The binaries are definitely crafted, but you probably want to handle such cases too.
Hi,
LIEF (Python interface) is blocked on many binaries during calling parse method and produce the following messages:
Unable to find the section associated with CERTIFICATE_TABLE
Unable to find the section associated with BASE_RELOCATION_TABLE
Sample:451774a07ed807c10a67f68201540928f8cba9c4a620f5fe1062ba2da56eb552
Then the process finishes after blocking for a few minutes:
"Process finished with exit code 137"
Debugging is not also possible.
Would you please let me know how I can fix it? Thanks!!
Many thanks for the library. I am now testing LIEF
with the following piece of code
#include <LIEF/LIEF.h>
int main() {
return 0;
}
gcc -c test_lief.c
but receive errors because the redefinition of enum
types SECTION_TYPES
, SECTION_FLAGS
,... which are defined both in ELF/enums.h
and MachO/enums.h
.
Some structures and enums that are used by the public api aren't public, such as LIEF::ELF::SECTION_FLAGS which can be used with LIEF::ELF::Section::has_flag.
if I add the following include to my file the error goes away but this is less than ideal.
this problem seems to affect all three file formats from what I can tell. It's worth noting that this may just be a problem with my project however.
We should add the binary's endiness in the abstract layer as well as bitness (32 bits, 64 bits)
With the triton project, we used to have our own Elf parser.
As LIEF looks to be a good replacement for any file parsing, I tried to use lief instead of our own Parser but I had an issue with :
https://github.com/JonathanSalwan/Triton/blob/master/src/examples/python/ctf-writeups/hackover-ctf-2015-r150/rvs
Lief report this binary as corrupted (symboles not found) while we were able to parse and get symboles with out own parser. I have no idea of this issue as I don't know the Elf format but may be you can help us on it?
In order to use in an Xcode project - developer expects library to be packaged up into a framework bundle.
Especially something like the LIEF library, which comes with many header files and is written in c++.
I have found it very difficult to do it by just dropping the header files and .a file into my project, had to give up - due to the include search paths issue.
Couple things.
There are many header files existing in this project with the same name.
#include <> vs #include "" when you use it inside your own project.
Logging++ was missing
When I generated Xcode project using cmake, it included stripts trying to self-update using git. Not something you expect to happen in a building environment .
This is my main.cpp (no errors; so I assume it's not the source):
#include <iostream>
#include <LIEF/LIEF.hpp>
int main(int argc, const char** argv) {
LIEF::PE::Binary* openedExe = LIEF::PE::Parser::parse("C:\\Windows\\explorer.exe");
std::cout << *openedExe << std::endl;
delete openedExe;
}
These are the error codes; MSDN didn't really provide potencial fixes.
Note: I translated the error messages manually, so they might not be a 1:1 translation.
They appear 7 times each, all in "iterators.hpp"
./include/LIEF/iterators.hpp(125): error C2065: "not": undeclared identifier
./include/LIEF/iterators.hpp(228): note: See reference to class Template instantiation "LIEF::ref_iterator", that is compiled.
./include/LIEF/iterators.hpp(125): error C2059: Syntax error: "std::is_pointer<_Uty>::value"
./include/LIEF/iterators.hpp(125): error C2975: "_Test": Invalid Templete argument for "std::enable_if", constant compile time expression expected.
./include/xtr1common(56): note: See declaration of "_Test"
I'm not sure it is something you want to do in lief directly, but it would be nice to compute the imhash for the PEs.
There is a sample code here: https://github.com/erocarrera/pefile/blob/8d60469de3b70109ac603c68c48fb3e7b84261e8/pefile.py#L3747
Does this library support CentOS? I've gotten the prebuilt packages to work without issue on OSX and Ubuntu but am having trouble getting them to work on CentOS 6 and 7. I get this error when trying to import from python:
ImportError: /lib64/libstdc++.so.6: version 'GLIBCXX_3.4.20' not found (required by ./lief.so)
I also had issues building from source on centos as it ships with gcc 4.8 and there are build dependencies for LIEF that rely on gcc 4.9. After compiling and building gcc 4.9.2 I was able to build LIEF successfully from source but I still get the issue noted above. Running ldd on lief.so I get the same error.
Any insights?
Thanks!
~Brian
Hi,
I forget to say it before but downloading the tgz file for python 2.7 (at least) and using python setup.py install
do not work. I have to move lief.so
by hand in the correct directory.
Some projects don't need the json api. Could be nice to have a cmake option such as:
$ cmake -DLIEF_JSON=off/on
It would be very useful to be able to pass a bytestream (BytesIO) instead of a path to the lief.parse
function.
Hi,
Thanks for making this available. Any chance to have Ruby API?
LIEF fails to parse resources on this this sample:
https://virustotal.com/en/file/60d15b094219e72a52012c246b9e7d72272003970dcb01742f152d4b1865a7d3/analysis/
Writing a simple script using python to list the exports and I get this error when dumping kernl32.dll exports:
UnicodeDecodeError: 'utf8' codec can't decode byte 0xba in position 0: invalid start byte
this occurs when using either the list from binary.exported_functions
or the binary.get_export()/export.entries
combination.
I tried adding a string.encode('utf-8') but that doesnt work. Not sure how these strings are being encoded for python.
Actually for FAT Mach-Ovirtual_address_to_offset
return a relative offset of the current binary.
It could be useful to have the absolute one within the FAT binary
I got this error probably due to using ucs4 as default unicode encoding while compiling lief.so
`pip install osx_lief-0.6.0_py2.7.tar.gz
import lief
Traceback (most recent call last):
File "", line 1, in
ImportError: dlopen(/usr/local/lib/python2.7/site-packages/lief.so, 2): Symbol not found: _PyUnicodeUCS4_AsUTF8String
Referenced from: /usr/local/lib/python2.7/site-packages/lief.so
Expected in: flat namespace
in /usr/local/lib/python2.7/site-packages/lief.so`
Hello,
I tried installing the Python package on macOS 10.12.5, but got an error:
$ pip --version
pip 9.0.1 from /Library/Python/2.7/site-packages (python 2.7)
$ pip install osx_lief-0.6.1_py2.7.tar.gz
Processing ./osx_lief-0.6.1_py2.7.tar.gz
Building wheels for collected packages: lief
Running setup.py bdist_wheel for lief ... error
Complete output from command /usr/bin/python -u -c "import setuptools, tokenize;__file__='/private/var/folders/5z/wl83cz4x2blcfrfcw9s82cfr0000gn/T/pip-cKrzdw-build/setup.py';f=getattr(tokenize, 'open', open)(__file__);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, __file__, 'exec'))" bdist_wheel -d /var/folders/5z/wl83cz4x2blcfrfcw9s82cfr0000gn/T/tmpqQbF4jpip-wheel- --python-tag cp27:
WARNING: '' not a valid package name; please use only.-separated package names in setup.py
running bdist_wheel
running build
running build_py
creating build
creating build/lib
copying __init__.py -> build/lib
copying setup.py -> build/lib
error: can't copy 'ief.so': doesn't exist or not a regular file
----------------------------------------
Failed building wheel for lief
Am I doing something wrong? The lief.so
file in the package does work fine when imported in Python.
Thanks!
LIEF fails to parse some PE signatures.
In the PE API, get_content_from_virtual_address
takes a relative virtual address.
I was trying out the python2 version and print (binary) doesn't work due to ASCII encoding issues.
Seems like
import sys
reload(sys)
sys.setdefaultencoding('utf8')
can solve this (at least for me on MacOS X). Thus I opened a issue here so fellow users might find this useful
maybe it's better to add this to README (or python code) to warn py2 users?
Hey,
lief::ELF::Section::content
and lief::ELF::Section::data
are cool but return a list. Is it possible to get something like lief::ELF::Section::raw
which returns raw bytes? Same with segments.
Binaries are available here: https://github.com/radare/radare2-regressions/tree/master/bins
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.