Abstract binary that exposes an uniform API for the different executable file formats. More...

#include <Binary.hpp>

Inheritance diagram for LIEF::Binary:

[legend]

Collaboration diagram for LIEF::Binary:

Public Types
enum class	VA_TYPES { AUTO = 0 , RVA = 1 , VA = 2 }
	Type of a virtual address. More...

enum	FORMATS { UNKNOWN = 0 , ELF , PE , MACHO , OAT }

using	functions_t = std::vector<Function>

using	sections_t = std::vector<Section*>
	Internal container.

using	it_sections = ref_iterator<sections_t>
	Iterator that outputs LIEF::Section&.

using	it_const_sections = const_ref_iterator<sections_t>
	Iterator that outputs const LIEF::Section&.

using	symbols_t = std::vector<Symbol*>
	Internal container.

using	it_symbols = ref_iterator<symbols_t>
	Iterator that outputs LIEF::Symbol&.

using	it_const_symbols = const_ref_iterator<symbols_t>
	Iterator that outputs const LIEF::Symbol&.

using	relocations_t = std::vector<Relocation*>
	Internal container.

using	it_relocations = ref_iterator<relocations_t>
	Iterator that outputs LIEF::Relocation&.

using	it_const_relocations = const_ref_iterator<relocations_t>
	Iterator that outputs const LIEF::Relocation&.

using	instructions_it = iterator_range<assembly::Instruction::Iterator>
	Instruction iterator.

Public Types inherited from LIEF::Object
template<class T >
using	output_t = add_pointer_t<decay_t<T>>

template<class T >
using	output_const_t = add_pointer_t<add_const_t<decay_t<T>>>

Public Member Functions
	Binary ()

	Binary (FORMATS fmt)

	~Binary () override

Binary &	operator= (const Binary &)=delete

	Binary (const Binary &)=delete

FORMATS	format () const
	Executable format (ELF, PE, Mach-O) of the underlying binary.

Header	header () const
	Return the abstract header of the binary.

it_symbols	symbols ()
	Return an iterator over the abstracted symbols in which the elements can be modified.

it_const_symbols	symbols () const
	Return an iterator over the abstracted symbols in which the elements can't be modified.

bool	has_symbol (const std::string &name) const
	Check if a Symbol with the given name exists.

const Symbol *	get_symbol (const std::string &name) const
	Return the Symbol with the given name If the symbol does not exist, return a nullptr.

Symbol *	get_symbol (const std::string &name)

it_sections	sections ()
	Return an iterator over the binary's sections (LIEF::Section)

it_const_sections	sections () const

virtual void	remove_section (const std::string &name, bool clear=false)=0
	Remove all the sections in the underlying binary.

it_relocations	relocations ()
	Return an iterator over the binary relocation (LIEF::Relocation)

it_const_relocations	relocations () const

virtual uint64_t	entrypoint () const =0
	Binary's entrypoint (if any)

uint64_t	original_size () const
	Binary's original size.

functions_t	exported_functions () const
	Return the functions exported by the binary.

std::vector< std::string >	imported_libraries () const
	Return libraries which are imported by the binary.

functions_t	imported_functions () const
	Return functions imported by the binary.

virtual result< uint64_t >	get_function_address (const std::string &func_name) const
	Return the address of the given function name.

void	accept (Visitor &visitor) const override
	Method so that a `visitor` can visit us.

std::vector< uint64_t >	xref (uint64_t address) const

virtual void	patch_address (uint64_t address, const std::vector< uint8_t > &patch_value, VA_TYPES addr_type=VA_TYPES::AUTO)=0
	Patch the content at virtual address `address` with `patch_value`.

virtual void	patch_address (uint64_t address, uint64_t patch_value, size_t size=sizeof(uint64_t), VA_TYPES addr_type=VA_TYPES::AUTO)=0
	Patch the address with the given value.

virtual span< const uint8_t >	get_content_from_virtual_address (uint64_t virtual_address, uint64_t size, VA_TYPES addr_type=VA_TYPES::AUTO) const =0
	Return the content located at the given virtual address.

template<class T >
LIEF::result< T >	get_int_from_virtual_address (uint64_t va, VA_TYPES addr_type=VA_TYPES::AUTO) const
	Get the integer value at the given virtual address.

void	original_size (uint64_t size)
	Change binary's original size.

virtual bool	is_pie () const =0
	Check if the binary is position independent.

virtual bool	has_nx () const =0
	Check if the binary uses `NX` protection.

virtual uint64_t	imagebase () const =0
	Default image base address if the ASLR is not enabled.

virtual functions_t	ctor_functions () const =0
	Constructor functions that are called prior any other functions.

virtual result< uint64_t >	offset_to_virtual_address (uint64_t offset, uint64_t slide=0) const =0
	Convert the given offset into a virtual address.

virtual std::ostream &	print (std::ostream &os) const

virtual void	write (const std::string &name)=0
	Build & transform the Binary object representation into a real executable.

virtual void	write (std::ostream &os)=0

DebugInfo *	debug_info () const
	Return the debug info if present. It can be either a LIEF::dwarf::DebugInfo or a LIEF::pdb::DebugInfo.

instructions_it	disassemble (uint64_t address, size_t size) const
	Disassemble code starting a the given virtual address and with the given size.

instructions_it	disassemble (uint64_t address) const
	Disassemble code starting a the given virtual address.

instructions_it	disassemble (const std::string &function) const
	Disassemble code for the given symbol name.

instructions_it	disassemble (const uint8_t *buffer, size_t size, uint64_t address=0) const
	Disassemble code provided by the given buffer at the specified `address` parameter.

instructions_it	disassemble (const std::vector< uint8_t > &buffer, uint64_t address=0) const
	Disassemble code provided by the given vector of bytes at the specified `address` parameter.

instructions_it	disassemble (LIEF::span< const uint8_t > buffer, uint64_t address=0) const

instructions_it	disassemble (LIEF::span< uint8_t > buffer, uint64_t address=0) const

Public Member Functions inherited from LIEF::Object
	Object ()

	Object (const Object &other)

Object &	operator= (const Object &other)

template<class T >
output_t< T >	as ()

template<class T >
output_const_t< T >	as () const

virtual bool	operator== (const Object &other) const

virtual bool	operator!= (const Object &other) const

virtual	~Object ()

Detailed Description

Abstract binary that exposes an uniform API for the different executable file formats.

Member Typedef Documentation

◆ functions_t

using LIEF::Binary::functions_t = std::vector<Function>

◆ instructions_it

using LIEF::Binary::instructions_it = iterator_range<assembly::Instruction::Iterator>

Instruction iterator.

◆ it_const_relocations

using LIEF::Binary::it_const_relocations = const_ref_iterator<relocations_t>

Iterator that outputs const LIEF::Relocation&.

◆ it_const_sections

using LIEF::Binary::it_const_sections = const_ref_iterator<sections_t>

Iterator that outputs const LIEF::Section&.

◆ it_const_symbols

using LIEF::Binary::it_const_symbols = const_ref_iterator<symbols_t>

Iterator that outputs const LIEF::Symbol&.

◆ it_relocations

using LIEF::Binary::it_relocations = ref_iterator<relocations_t>

Iterator that outputs LIEF::Relocation&.

◆ it_sections

using LIEF::Binary::it_sections = ref_iterator<sections_t>

Iterator that outputs LIEF::Section&.

◆ it_symbols

using LIEF::Binary::it_symbols = ref_iterator<symbols_t>

Iterator that outputs LIEF::Symbol&.

◆ relocations_t

using LIEF::Binary::relocations_t = std::vector<Relocation*>

Internal container.

◆ sections_t

using LIEF::Binary::sections_t = std::vector<Section*>

Internal container.

◆ symbols_t

using LIEF::Binary::symbols_t = std::vector<Symbol*>

Internal container.

Member Enumeration Documentation

◆ FORMATS

enum LIEF::Binary::FORMATS

Enumerator
UNKNOWN
ELF
PE
MACHO
OAT

◆ VA_TYPES

enum class LIEF::Binary::VA_TYPES

strong

Type of a virtual address.

Enumerator
AUTO	Try to guess if it's relative or not.
RVA	Relative.
VA	Absolute.

Constructor & Destructor Documentation

◆ Binary() [1/3]

LIEF::Binary::Binary ( )

◆ Binary() [2/3]

LIEF::Binary::Binary ( FORMATS fmt )

◆ ~Binary()

LIEF::Binary::~Binary ( )

override

◆ Binary() [3/3]

LIEF::Binary::Binary ( const Binary & )

delete

Member Function Documentation

◆ accept()

void LIEF::Binary::accept ( Visitor & visitor ) const

overridevirtual

Method so that a visitor can visit us.

Implements LIEF::Object.

Reimplemented in LIEF::ELF::Binary, LIEF::MachO::Binary, LIEF::OAT::Binary, and LIEF::PE::Binary.

◆ ctor_functions()

virtual functions_t LIEF::Binary::ctor_functions ( ) const

pure virtual

Constructor functions that are called prior any other functions.

Implemented in LIEF::ELF::Binary, LIEF::MachO::Binary, and LIEF::PE::Binary.

◆ debug_info()

DebugInfo * LIEF::Binary::debug_info ( ) const

Return the debug info if present. It can be either a LIEF::dwarf::DebugInfo or a LIEF::pdb::DebugInfo.

For ELF and Mach-O binaries, it returns the given DebugInfo object only if the binary embeds the DWARF debug info in the binary itself.

For PE file, this function tries to find the external PDB using the LIEF::PE::CodeViewPDB::filename() output (if present). One can also use LIEF::pdb::load() or LIEF::pdb::DebugInfo::from_file() to get PDB debug info.

Warning: This function requires LIEF's extended version otherwise it always return a nullptr

◆ disassemble() [1/7]

instructions_it LIEF::Binary::disassemble ( const std::string & function ) const

Disassemble code for the given symbol name.

auto insts = binary->disassemble("__libc_start_main");
for (std::unique_ptr<assembly::Instruction> inst : insts) {
  std::cout << inst->to_string() << '\n';
}

See also: LIEF::assembly::Instruction

◆ disassemble() [2/7]

instructions_it LIEF::Binary::disassemble	(	const std::vector< uint8_t > &	buffer,
		uint64_t	address = 0 ) const

inline

Disassemble code provided by the given vector of bytes at the specified address parameter.

See also: LIEF::assembly::Instruction

◆ disassemble() [3/7]

instructions_it LIEF::Binary::disassemble	(	const uint8_t *	buffer,
		size_t	size,
		uint64_t	address = 0 ) const

Disassemble code provided by the given buffer at the specified address parameter.

See also: LIEF::assembly::Instruction

◆ disassemble() [4/7]

instructions_it LIEF::Binary::disassemble	(	LIEF::span< const uint8_t >	buffer,
		uint64_t	address = 0 ) const

inline

◆ disassemble() [5/7]

instructions_it LIEF::Binary::disassemble	(	LIEF::span< uint8_t >	buffer,
		uint64_t	address = 0 ) const

inline

◆ disassemble() [6/7]

instructions_it LIEF::Binary::disassemble ( uint64_t address ) const

Disassemble code starting a the given virtual address.

auto insts = binary->disassemble(0xacde);
for (std::unique_ptr<assembly::Instruction> inst : insts) {
  std::cout << inst->to_string() << '\n';
}

See also: LIEF::assembly::Instruction

◆ disassemble() [7/7]

instructions_it LIEF::Binary::disassemble	(	uint64_t	address,
		size_t	size ) const

Disassemble code starting a the given virtual address and with the given size.

auto insts = binary->disassemble(0xacde, 100);
for (std::unique_ptr<assembly::Instruction> inst : insts) {
  std::cout << inst->to_string() << '\n';
}

See also: LIEF::assembly::Instruction

◆ entrypoint()

virtual uint64_t LIEF::Binary::entrypoint ( ) const

pure virtual

Binary's entrypoint (if any)

Implemented in LIEF::ELF::Binary, LIEF::MachO::Binary, and LIEF::PE::Binary.

◆ exported_functions()

functions_t LIEF::Binary::exported_functions ( ) const

inline

Return the functions exported by the binary.

◆ format()

FORMATS LIEF::Binary::format ( ) const

inline

Executable format (ELF, PE, Mach-O) of the underlying binary.

Referenced by LIEF::ELF::Binary::classof(), LIEF::MachO::Binary::classof(), LIEF::OAT::Binary::classof(), and LIEF::PE::Binary::classof().

◆ get_content_from_virtual_address()

virtual span< const uint8_t > LIEF::Binary::get_content_from_virtual_address	(	uint64_t	virtual_address,
		uint64_t	size,
		VA_TYPES	addr_type = VA_TYPES::AUTO ) const

pure virtual

Return the content located at the given virtual address.

Implemented in LIEF::ELF::Binary, LIEF::MachO::Binary, and LIEF::PE::Binary.

◆ get_function_address()

virtual result< uint64_t > LIEF::Binary::get_function_address ( const std::string & func_name ) const

virtual

Return the address of the given function name.

Reimplemented in LIEF::ELF::Binary.

◆ get_int_from_virtual_address()

template<class T >

LIEF::result< T > LIEF::Binary::get_int_from_virtual_address	(	uint64_t	va,
		VA_TYPES	addr_type = VA_TYPES::AUTO ) const

inline

Get the integer value at the given virtual address.

References make_error_code(), and read_error.

◆ get_symbol() [1/2]

Symbol * LIEF::Binary::get_symbol ( const std::string & name )

inline

◆ get_symbol() [2/2]

const Symbol * LIEF::Binary::get_symbol ( const std::string & name ) const

Return the Symbol with the given name If the symbol does not exist, return a nullptr.

◆ has_nx()

virtual bool LIEF::Binary::has_nx ( ) const

pure virtual

Check if the binary uses NX protection.

Implemented in LIEF::ELF::Binary, LIEF::MachO::Binary, and LIEF::PE::Binary.

◆ has_symbol()

bool LIEF::Binary::has_symbol ( const std::string & name ) const

inline

Check if a Symbol with the given name exists.

◆ header()

Header LIEF::Binary::header ( ) const

inline

Return the abstract header of the binary.

◆ imagebase()

virtual uint64_t LIEF::Binary::imagebase ( ) const

pure virtual

Default image base address if the ASLR is not enabled.

Implemented in LIEF::ELF::Binary, LIEF::MachO::Binary, and LIEF::PE::Binary.

◆ imported_functions()

functions_t LIEF::Binary::imported_functions ( ) const

inline

Return functions imported by the binary.

◆ imported_libraries()

std::vector< std::string > LIEF::Binary::imported_libraries ( ) const

inline

Return libraries which are imported by the binary.

◆ is_pie()

virtual bool LIEF::Binary::is_pie ( ) const

pure virtual

Check if the binary is position independent.

Implemented in LIEF::ELF::Binary, LIEF::MachO::Binary, and LIEF::PE::Binary.

◆ offset_to_virtual_address()

virtual result< uint64_t > LIEF::Binary::offset_to_virtual_address	(	uint64_t	offset,
		uint64_t	slide = 0 ) const

pure virtual

Convert the given offset into a virtual address.

Parameters

[in]	offset	The offset to convert.
[in]	slide	If not 0, it will replace the default base address (if any)

Implemented in LIEF::ELF::Binary, LIEF::MachO::Binary, and LIEF::PE::Binary.

◆ operator=()

Binary & LIEF::Binary::operator= ( const Binary & )

delete

◆ original_size() [1/2]

uint64_t LIEF::Binary::original_size ( ) const

inline

Binary's original size.

◆ original_size() [2/2]

void LIEF::Binary::original_size ( uint64_t size )

inline

Change binary's original size.

Warning: This function should be used carefully as some optimizations can be performed with this value

◆ patch_address() [1/2]

virtual void LIEF::Binary::patch_address	(	uint64_t	address,
		const std::vector< uint8_t > &	patch_value,
		VA_TYPES	addr_type = VA_TYPES::AUTO )

pure virtual

Patch the content at virtual address address with patch_value.

Parameters

[in]	address	Address to patch
[in]	patch_value	Patch to apply
[in]	addr_type	Specify if the address should be used as an absolute virtual address or a RVA

Implemented in LIEF::ELF::Binary, LIEF::MachO::Binary, and LIEF::PE::Binary.

◆ patch_address() [2/2]

virtual void LIEF::Binary::patch_address	(	uint64_t	address,
		uint64_t	patch_value,
		size_t	size = sizeof(uint64_t),
		VA_TYPES	addr_type = VA_TYPES::AUTO )

pure virtual

Patch the address with the given value.

Parameters

[in]	address	Address to patch
[in]	patch_value	Patch to apply
[in]	size	Size of the value in bytes (1, 2, ... 8)
[in]	addr_type	Specify if the address should be used as an absolute virtual address or an RVA

Implemented in LIEF::ELF::Binary, LIEF::MachO::Binary, and LIEF::PE::Binary.

◆ print()

virtual std::ostream & LIEF::Binary::print ( std::ostream & os ) const

inlinevirtual

Reimplemented in LIEF::ELF::Binary, LIEF::MachO::Binary, and LIEF::PE::Binary.

Referenced by operator<<.

◆ relocations() [1/2]

it_relocations LIEF::Binary::relocations ( )

inline

Return an iterator over the binary relocation (LIEF::Relocation)

◆ relocations() [2/2]

it_const_relocations LIEF::Binary::relocations ( ) const

inline

◆ remove_section()

virtual void LIEF::Binary::remove_section	(	const std::string &	name,
		bool	clear = false )

pure virtual

Remove all the sections in the underlying binary.

Implemented in LIEF::ELF::Binary, LIEF::MachO::Binary, and LIEF::PE::Binary.

◆ sections() [1/2]

it_sections LIEF::Binary::sections ( )

inline

Return an iterator over the binary's sections (LIEF::Section)

◆ sections() [2/2]

it_const_sections LIEF::Binary::sections ( ) const

inline

◆ symbols() [1/2]

it_symbols LIEF::Binary::symbols ( )

inline

Return an iterator over the abstracted symbols in which the elements can be modified.

◆ symbols() [2/2]

it_const_symbols LIEF::Binary::symbols ( ) const

inline

Return an iterator over the abstracted symbols in which the elements can't be modified.

◆ write() [1/2]

virtual void LIEF::Binary::write ( const std::string & name )

pure virtual

Build & transform the Binary object representation into a real executable.

Implemented in LIEF::ELF::Binary, LIEF::MachO::Binary, and LIEF::PE::Binary.

◆ write() [2/2]

virtual void LIEF::Binary::write ( std::ostream & os )

pure virtual

Implemented in LIEF::ELF::Binary, LIEF::MachO::Binary, and LIEF::PE::Binary.

◆ xref()

std::vector< uint64_t > LIEF::Binary::xref ( uint64_t address ) const

The documentation for this class was generated from the following file:

Abstract/Binary.hpp

Public Types

Public Member Functions

Detailed Description

Member Typedef Documentation

◆ functions_t

◆ instructions_it

◆ it_const_relocations

◆ it_const_sections

◆ it_const_symbols

◆ it_relocations

◆ it_sections

◆ it_symbols

◆ relocations_t

◆ sections_t

◆ symbols_t

Member Enumeration Documentation

◆ FORMATS

◆ VA_TYPES

Constructor & Destructor Documentation

◆ Binary() [1/3]

◆ Binary() [2/3]

◆ ~Binary()

◆ Binary() [3/3]

Member Function Documentation

◆ accept()

◆ ctor_functions()

◆ debug_info()

◆ disassemble() [1/7]

◆ disassemble() [2/7]

◆ disassemble() [3/7]

◆ disassemble() [4/7]

◆ disassemble() [5/7]

◆ disassemble() [6/7]

◆ disassemble() [7/7]

◆ entrypoint()

◆ exported_functions()

◆ format()

◆ get_content_from_virtual_address()

◆ get_function_address()

◆ get_int_from_virtual_address()

◆ get_symbol() [1/2]

◆ get_symbol() [2/2]

◆ has_nx()

◆ has_symbol()

◆ header()

◆ imagebase()

◆ imported_functions()

◆ imported_libraries()

◆ is_pie()

◆ offset_to_virtual_address()

◆ operator=()

◆ original_size() [1/2]

◆ original_size() [2/2]

◆ patch_address() [1/2]

◆ patch_address() [2/2]

◆ print()

◆ relocations() [1/2]

◆ relocations() [2/2]

◆ remove_section()

◆ sections() [1/2]

◆ sections() [2/2]

◆ symbols() [1/2]

◆ symbols() [2/2]

◆ write() [1/2]

◆ write() [2/2]

◆ xref()