How to use the lief.parse function in lief
To help you get started, we’ve selected a few lief examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
lief-project / LIEF / tests / elf / test_notes.py View on Github 
def test_change_note(self):
_, output = tempfile.mkstemp(prefix="change_note_")
etterlog = lief.parse(get_sample('ELF/ELF64_x86-64_binary_etterlog.bin'))
build_id = etterlog[lief.ELF.NOTE_TYPES.BUILD_ID]
new_desc = [i & 0xFF for i in range(500)]
build_id.description = new_desc
etterlog.write(output)
etterlog_updated = lief.parse(output)
self.assertEqual(etterlog[lief.ELF.NOTE_TYPES.BUILD_ID], etterlog_updated[lief.ELF.NOTE_TYPES.BUILD_ID])
self.safe_delete(output)def test_pgo(self):
path = get_sample("PE/PE32_x86_binary_PGO-LTCG.exe")
sample = lief.parse(path)
debugs = sample.debug
self.assertEqual(len(debugs), 3)
debug_entry = debugs[2]
self.assertTrue(debug_entry.has_pogo)
pogo = debug_entry.pogo
self.assertEqual(pogo.signature, lief.PE.POGO_SIGNATURES.LCTG)
pogo_entries = pogo.entries
self.assertEqual(len(pogo_entries), 33)
self.assertEqual(pogo_entries[23].name, ".xdata$x")
self.assertEqual(pogo_entries[23].start_rva, 0x8200)
self.assertEqual(pogo_entries[23].size, 820)with open(binaddc, 'w') as f:
f.write(BINADD)
with open(libaddc, 'w') as f:
f.write(LIBADD)
compiler = get_compiler()
# Compile libadd
r = self.run_cmd("{compiler} -Wl,--export-dynamic -mcmodel=large -fPIE -pie -o {output} {input}".format(
compiler=compiler,
output=libadd,
input=libaddc))
self.assertTrue(r, msg="Unable to compile libadd")
libadd = lief.parse(libadd)
add_hidden_static = libadd.get_static_symbol("add_hidden")
libadd.add_exported_function(add_hidden_static.value, add_hidden_static.name)
libadd.write(libadd2)
lib_directory = os.path.dirname(libadd2)
libname = os.path.basename(libadd2)[3:-3] # libadd.so ---> add
r = self.run_cmd("{compiler} -Wl,--export-dynamic -mcmodel=large -fPIE -pie -Wl,-rpath={libdir} -L{libdir} -o {output} {input} -l{libadd2}".format(
compiler=compiler,
libdir=lib_directory,
libadd2=libname,
output=binadd,
input=binaddc))
self.assertTrue(r, msg="Unable to compile binadd")
os.close(fd)def test_exports_trie(self):
target = lief.parse(get_sample('MachO/MachO64_x86-64_binary_exports-trie-LLVM.bin'))
self.assertTrue(target.has_dyld_info)
exports = target.dyld_info.exports
self.assertEqual(len(exports), 6)
self.assertEqual(exports[0].address, 0)
self.assertEqual(exports[0].symbol.name, "_malloc")
self.assertEqual(exports[1].address, 0)
self.assertEqual(exports[1].symbol.name, "_myfree")
self.assertEqual(exports[2].address, 0xf70)
self.assertEqual(exports[2].symbol.name, "_myWeak")
self.assertEqual(exports[3].address, 0x1018)
self.assertEqual(exports[3].symbol.name, "_myTLV")def test_change_libname(self):
sample = LibAddSample()
libadd = lief.parse(sample.libadd)
binadd = lief.parse(sample.binadd)
new_name = "libwhichhasalongverylongname.so"
self.assertIn(lief.ELF.DYNAMIC_TAGS.SONAME, libadd)
so_name = libadd[lief.ELF.DYNAMIC_TAGS.SONAME]
self.logger.debug("DT_SONAME: {}".format(so_name.name))
so_name.name = new_name
libfoo_path = os.path.join(sample.directory, new_name)
self.logger.debug(libfoo_path)
libadd.write(libfoo_path)
libfoo = lief.parse(libfoo_path)if not OS_list:
print("Could not match provided options with any available Windows\
os/architecture, exiting.")
sys.exit(1)
target = []
if options.file is not None:
target.append(options.file)
elif path.isdir(options.directory):
target = glob(path.join(options.directory, '*'))
else:
print("Error while opening file/dir, exiting.")
sys.exit(1)
for myfile in target:
content = get_text_section_content(myfile)
results = bruteforce_offsets(content, OS_list)
pe_parsed = lief.parse(myfile)
resource = pe_parsed.resources_manager
file_info = resource.version.fixed_file_info
file_version = get_version(file_info.signature, file_info.file_version_MS,
file_info.file_version_LS)
product_version = get_version(file_info.signature, file_info.product_version_MS,
file_info.product_version_LS)
print("dll name: %s" % myfile)
print(" file version: %s" % file_version)
print(" product version: %s\n" % product_version)
with open(myfile, 'rb') as f:
raw_content = f.read()
print(" MD5: %s" % hashlib.new("md5", raw_content).hexdigest())
print(" SHA1: %s" % hashlib.new("sha1", raw_content).hexdigest())
print(" SHA256: %s\n" % hashlib.new("sha256", raw_content).hexdigest())
display_bruteforce_results(results)def imp_exp_functions(filepath):
try:
imp_functions = lief.parse(filepath).imported_functions
exp_functions = lief.parse(filepath).exported_functions
except Exception as e:
imp_functions = ''
exp_functions = ''
imp_exp_function_str = ''
for imp in imp_functions:
imp_exp_function_str += imp
for exp in exp_functions:
imp_exp_function_str += exp
return imp_exp_function_strdef _parse_binary(self):
"""
Use LIEF to get details regarding the executable binary
"""
self._binary = lief.parse(self.name)def func6():
pefile="a1303f026b713fbe7fe165cc8609847f5ec46bb2dfdbe86cff4b12deae728ca3"
binary = lief.parse(pefile)
#print(binary.dos_header)
print(binary.header)
#print(binary.optional_header)
Popular lief functions
- lief.ELF
- lief.ELF.ARCH
- lief.ELF.DYNAMIC_TAGS
- lief.ELF.MIPS_EFLAGS
- lief.ELF.OS_ABI
- lief.ELF.parse
- lief.ELF.SECTION_TYPES
- lief.ELF.SEGMENT_TYPES
- lief.Logger.set_level
- lief.MachO
- lief.MachO.LOAD_COMMAND_TYPES
- lief.MachO.SECTION_TYPES
- lief.parse
- lief.PE
- lief.PE.Builder
- lief.PE.parse
- lief.PE.RESOURCE_LANGS
- lief.PE.RESOURCE_SUBLANGS
- lief.PE.RESOURCE_TYPES
- lief.PE.Section