ionicons-v5-d 0.17.0 (9b950314)
Updated on 28/05/2025, 04:50:29.

Ghidra

Ghidra with LIEF

Similarly to the BinaryNinja plugin, LIEF can be used as a Ghidra plugin.

 Plugins

 Downloads

Installation

First, download the LIEF plugin package from here https://lief.s3.fr-par.scw.cloud/latest/plugins/index.html or from the packages listed above. Then, follow the official procedure to install extensions: GhidraDocs/GettingStarted.md

Shared Library

In addition to the previously installed package, the plugins require to install LIEF.dll, libLIEF.dylib, or libLIEF.so next to the extension directory. You can download this library from the following list:

 SDK

or from here: https://lief.s3.fr-par.scw.cloud/latest/sdk/index.html. Some plugins (like: DWARF Plugin) need the extended version that can be downloaded from https://extended.lief.re/.

Given this shared library, you must copy it in the Ghidra settings directory. For instance:

  • OSX: ~/Library/ghidra/ghidra_11.3.2_PUBLIC/Extensions/libLIEF.dylib

  • Linux: ~/.config/ghidra/ghidra_11.3.2_PUBLIC/Extensions/libLIEF.so

  • Windows: C:\Users\romain\AppData\Roaming\ghidra\ghidra_11.3.2_PUBLIC\Extensions\LIEF.dll

  • Windows: %APPDATA%\ghidra\ghidra_11.3.2_PUBLIC\Extensions\LIEF.dll

You can verify that the plugin is correctly installed by opening the CodeBrowser tool on a binary and making sure that you can see LIEF configuration in File > Configure (from the CodeBrowser, not the projects window)

Alternatively, you can try running the headless script: LiefVersionInfoScript.java which should output information about the installed version.

Troubleshooting

Couldn’t find the native library

This means that libLIEF.so, libLIEF.dylib, or LIEF.dll is not correctly installed in the Extensions/. The details of the error provide the expected path(s).

Ghidra native library issue

This feature requires LIEF extended

This error means that you need to install the extended version of the shared library. See the extended section for more information.

libLIEF.dylib can’t be opened because Apple cannot check it for malicious software

libLIEF.dylib is self-signed and does not use an Apple certificate so it’s considered as coming from an unknown developer.

You can address this issue in different ways:

  1. You can compile libLIEF.dylib by yourself and sign the compiled library with your certificate.

  2. You can add a security exception as described here: https://support.apple.com/guide/mac-help/apple-cant-check-app-for-malicious-software-mchleab3a043/mac

macOS library loading issue