ELF¶

API

Introduction¶

ELF binaries can be parsed with LIEF using the function:

import lief

# Using filepath
elf: lief.ELF.Binary = lief.ELF.parse("/bin/ls")

# Using a Path from pathlib
elf: lief.ELF.Binary = lief.ELF.parse(pathlib.Path(r"C:\Users\test.elf"))

# Using a io object
with open("/bin/ssh", 'rb') as f:
  elf: lief.ELF.Binary = lief.ELF.parse(f)

#include <LIEF/ELF.hpp>

// Using a file path as a std::string
std::unique_ptr<LIEF::ELF::Binary> elf = LIEF::ELF::Parser::parse("/bin/ls");

// Using a vector
std::vector<uint8_t> my_raw_elf;
std::unique_ptr<LIEF::ELF::Binary> elf = LIEF::ELF::Parser::parse(my_raw_elf);

let elf: lief::elf::Binary = lief::elf::Binary::parse("/bin/ls");

Note

In Python, you can also use lief.parse() which returns a lief.ELF.Binary object.

From this parsed ELF binary you can use all the API exposed by the object to inspect or modify the binary itself.

elf: lief.ELF.Binary = ...

print(elf.header.entrypoint)

for section in elf.sections:
    print(section.name, len(section.content))

std::unique_ptr<LIEF::ELF::Binary> elf;

std::cout << elf->header().entrypoint();

for (const LIEF::ELF::Section& section : elf->sections()) {
  std::cout << section.name() << section.content().size() << '\n'
}

let elf: lief::elf::Binary;

println!("{}", elf.header().entrypoint());

for section in elf.sections() {
    println!("{} {}", section.name(), section.content().len());
}

Upon a modification, one can use the method to write back the ELF binary object into a raw ELF file.

elf: lief.ELF.Binary = ...

elf.add_library("libdemo.so")
elf.write("new.elf")

std::unique_ptr<LIEF::ELF::Binary> elf;
elf->add_library("libdemo.so");
elf->write("new.elf");

Advance Parsing/Writing¶

can take an extra parameter to specify some parts of the ELF format to skip during parsing.

Warning

Generally speaking, requires a complete initial parsing of the ELF file.

Similarly, can also take an extra to specify which parts of the ELF should be re-built or not.

parser_config = lief.ELF.ParserConfig()
parser_config.parse_overlay = False

elf: lief.ELF.Binary = lief.ELF.parse("my.elf", parser_config)

builder_config = lief.ELF.Builder.config_t()
builder_config.gnu_hash = False

elf.write("new.elf", builder_config)

LIEF::ELF::ParserConfig parser_config;
parser_config.parse_overlay = false;

auto elf = LIEF::ELF::Parser::parse("my.elf", parser_config);
LIEF::ELF::Builder::config_t builder_config;

builder_config.gnu_hash = false;
elf->write("new.elf", builder_config);

DWARF Support¶

If the binary embeds DWARF debug info, one can use to access the underlying object.

Note that this support is only available in the extended version of LIEF.