Changelog¶

0.14.0 - Not Released Yet¶

ELF:

• Fix relocation issue when using -Wl,–emit-relocs (c.f. #897 / #898 by adamjseitz)

• Improve the computation of the dynamic symbols thanks to adamjseitz (c.f. #922)

• Add support for the LoongArch architecture thanks to loongson-zn (c.f. #921)

MachO:

• The fileset name is now stored in lief.MachO.Binary.fileset_name (instead of lief.MachO.Binary.name)

PE:

• Add a lief.PE.ParserConfig interface that can be used to tweak which parts of the PE format should be parsed (#839).

  Example:

  config = lief.PE.ParserConfig()
  
  # Skip parsing PE authenticode
  config.parse_signature = False
  
  pe = lief.PE.parse("pe.exe", config)
  

General Design:

• Remove the lief.Binary.name attribute

• LIEF is now compiled with C++17 (the API remains C++11 compliant)

0.13.1 - May 28, 2023¶

PE:

• Fix PE authenticode verification issue in the case of special characters (#912)

Misc:

• Fix mypy stubs (#909)

• Fix missing include (#918)

• Fix C99 comments (#916)

• Fix AArch64 docker image (#904)

0.13.0 - April 9, 2023¶

ELF:

• Fix overflow issue in segments (c.f. #845 found by liyansong2018)

• Fix missing relationship between symbols and sections (c.f. #841)

• Fix coredump parsing issue (c.f. #830 found by Lan1keA)

• Fix and (re)enable removing dynamic symbols (c.f. #828)

• Add support for NT_GNU_BUILD_ATTRIBUTE_OPEN and NT_GNU_BUILD_ATTRIBUTE_FUNC (c.f. #816)

• [CVE-2022-38497] Fix ELF core parsing issue (#766 found by CCWANG19)

• [CVE-2022-38306] Fix a heap overflow found by CCWANG19 (#763)

• aeflores fixed an issue when there are multiple versions associated with a symbol (see: #749 for the details).

• Handle binaries compiled with the -static-pie flag correctly (see: #747)

• Add support for modifying section-less binaries. The ELF Section objects gain the lief.ELF.Section.as_frame() method which defines the section as a framed section.

  A framed section is a section that concretely does not wraps data and can be corrupted.

  Example:

  elf = lief.parse("/bin/ssh")
  text = elf.get_section(".text").as_frame()
  
  # We can now corrupt all the fields of the section
  text.offset  = 0xdeadc0de
  text.size    = 0xffffff
  text.address = 0x123
  
  elf.write("/tmp/out")
  

• Add API to precisely define how the segments table should be relocated. One might want to enforce a certain ELF layout while adding sections/ segments. It is now possible to call the method: relocate_phdr_table() to define how the segments table should be relocated for welcoming the new sections/segments:

  elf = lief.parse("...")
  # Enforce a specific relocation type:
  # The new segments table will be shift at the end
  # of the file
  elf.relocate_phdr_table(Binary.PHDR_RELOC.FILE_END)
  
  # Add sections/segments
  # [...]
  elf.write("out.elf")
  

  See:

  • lief.ELF.Binary.relocate_phdr_table()

  • lief.ELF.Binary.PHDR_RELOC

MachO:

• Add rpaths iterator (#291)

• Add support for parsing Mach-O in memory

• Fix a memory issue (found by bladchan via #806)

• [CVE-2022-40923] Fix parsing issue (#784 found by bladchan)

• [CVE-2022-40922] Fix parsing issue (#781 found by bladchan)

• [CVE-2022-38307] Fix a segfault when the Mach-O binary does not have segments (found by CCWANG19 via #764)

• Enable to create exports

• Fix the layout of the binaries modified by LIEF such as they can be (re)signed.

• Add support for LC_DYLD_CHAINED_FIXUPS and LC_DYLD_EXPORTS_TRIE

• Global enhancement when modifying the __LINKEDIT content

• Add API to get a Section from a specified segment’s name and section’s name.

Example:

sec = bin.get_section("__DATA", "__objc_metadata")

• Add API to remove a Section from a specified segment’s name and section’s name.

Example:

sec = bin.remove_section("__DATA", "__objc_metadata")

• Add lief.MachO.Binary.page_size

PE:

• The Python API now returns bytes objects instead of List[int]

• Remove lief.PE.ResourceNode.sort_by_id()

• Fix the ordering of children of ResourceNode

• Remove deprecated functions related to PE hooking.

• Add support for new PE LoadConfiguration structures.

DEX:

• Fix multiple parsing issues raised by bladchan

Other:

• [CVE-2022-38497]: #765 found by CCWANG19

• [CVE-2022-38495]: #767 found by CCWANG19

General Design:

• ZehMatt added the support to write LIEF binaries object through a std::ostream interface (9d55f53)

• Remove the exceptions

• The library contains less static initializers which should improve the loading time.

Python Bindings:

• Move to a build system compliant with pyproject.toml

• Provide typing stubs: #650

• PyPI releases no longer provide source distribution (sdist)

Dependencies:

• Move to spdlog 1.11.0

• Move to Pybind11 - 2.10.1

• Move to nlohmann/json 3.11.2

• Move to MbedTLS 3.2.1

• Move to utfcpp 3.2.1

0.12.3 - November 1, 2022¶

This release contains several security fixes:

• [CVE-2022-38497] Fix ELF core parsing issue (#766 found by CCWANG19)

• [CVE-2022-38306] Fix a heap overflow found by CCWANG19 (#763)

• Fix a memory issue (found by bladchan via #806)

• [CVE-2022-40923] Fix parsing issue (#784 found by bladchan)

• [CVE-2022-40922] Fix parsing issue (#781 found by bladchan)

• [CVE-2022-38307] Fix a segfault when the Mach-O binary does not have segments (found by CCWANG19 via #764)

0.12.1 - April 08, 2022¶

ELF:

• Fix section inclusion calculations (#692)

PE:

• Fix parsing regressions (#689, #687, #686, #685, #691, #693)

Compilation:

• Nightly builds are now upload to Saleway’s S3 server:

  • https://lief.s3-website.fr-par.scw.cloud/latest/lief

  • https://lief.s3-website.fr-par.scw.cloud/latest/sdk

• Fix GLIBCXX_USE_CXX11_ABI=1 ABI issue (see: #683)

0.12.0 - March 25, 2022¶

ELF:

• ahaensler added the support to insert and assign a lief.ELF.SymbolVersionAuxRequirement (see: #670)

• Enhance the ELF parser to support corner cases described by netspooky in :

  • https://tmpout.sh/2/14.html (84 byte aarch64 ELF)

  • https://tmpout.sh/2/3.html (Some ELF Parser Bugs)

• New ELF Builder which is more efficient in terms of speed and in terms of number of segments added when modifying binaries (see: https://lief-project.github.io/blog/2022-01-23-new-elf-builder/)

• Clcanny improved (see #507 and #509) the reconstruction of the dynamic symbol table by sorting local symbols and non-exported symbols. It fixes the following warning when parsing a modified binary with readelf

  Warning: local symbol 29 found at index >= .dynsym's sh_info value of 1
  

MachO:

• Change the layout of the binaries generated by LIEF such as they are compliant with codesign checks

• The API to configure the MachO parser has been redesigned to provide a better granularity

  config = lief.MachO.ParserConfig()
  config.parse_dyld_bindings = False
  config.parse_dyld_exports  = True
  config.parse_dyld_rebases  = False
  
  lief.MachO.parse("/tmp/big.macho", config)
  

• LucaMoroSyn added the support for the LC_FILESET_ENTRY. This command is usually found in kernel cache files

• LIEF::MachO::Binary::get_symbol now returns a pointer (instead of a reference). If the symbol can’t be found, it returns a nullptr.

• Add API to select a Binary from a FatBinary by its architecture. See: lief.MachO.FatBinary.take().

  fat = lief.MachO.parse("/bin/ls")
  fit = fat.take(lief.MachO.CPU_TYPES.x86_64)
  

• Handle the 0x0D binding opcode (see: #524)

• xhochy fixed performances issues in the Mach-O parser (see #579)

PE:

• Adding lief.PE.OptionalHeader.computed_checksum that re-computes the lief.PE.OptionalHeader.checksum (c.f. issue #660)

• Enable to recompute the RichHeader (issue: #587)

  • raw()

  • hash()

• Add support for PE’s delayed imports. see:

  • DelayImport / DelayImportEntry

  • delay_imports

• lief.PE.LoadConfiguration.reserved1 has been aliased to lief.PE.LoadConfiguration.dependent_load_flags

• lief.PE.LoadConfiguration.characteristics has been aliased to lief.PE.LoadConfiguration.size

• Thanks to gdesmar, we updated the PE checks to support PE files that have a corrupted lief.PE.OptionalHeader.magic (cf. #644)

DEX:

• DanielFi added support for DEX’s fields (see: #547)

Abstraction:

• Abstract binary imagebase for PE, ELF and Mach-O (lief.Binary.imagebase)

• Add lief.Binary.offset_to_virtual_address()

• Add PE imports/exports as abstracted symbols

Compilation & Integration:

• ekilmer updated and modernized the CMake integration files through the PR: #674

• Enable to use a pre-compiled version of spdlog. This feature aims at improving compilation time when developing on LIEF.

  One can provide path to spdlog install through:

  $ python ./setup.py --spdlog-dir=path/to/lib/cmake/spdlog [...]
  # or
  $ cmake -DLIEF_EXTERNAL_SPDLOG=ON -Dspdlog_DIR=path/to/lib/cmake/spdlog ...
  

• Enable to feed LIEF’s dependencies externally (c.f. Third Party)

• Replace the keywords and, or, not with &&, || and !.

Dependencies:

• Upgrade to MbedTLS 3.1.0

• Upgrade Catch2 to 2.13.8

• The different dependencies can be linked externally (cf. above and Third Party)

Documentation:

• New section about the errors handling (Error Handling) and the upcoming deprecation of the exceptions.

• New section about how to compile LIEF for debugging/developing. See: Debugging

General Design:

span:

LIEF now exposes Section/Segment’s data through a span interface. As std::span is available in the STL from C++20 and the LIEF public API aims at being C++11 compliant, we expose this span thanks to tcbrindle/span. This new interface enables to avoid copies of std::vector<uint8_t> which can be costly. With this new interface, the original std::vector<uint8_t> can be retrieved as follows:

auto bin = LIEF::ELF::Parser::parse("/bin/ls");

if (const auto* section = bin->get_section(".text")) {
  LIEF::span<const uint8_t> text_ref =  section->content();
  std::vector<uint8_t> copy = {std::begin(text_ref), std::end(text_ref)};
}

In Python, span are wrapped by a read-only memory view. The original list of bytes can be retrieved as follows:

bin = lief.parse("/bin/ls")
section = bin.get_section(".text")

if section is not None:
  memory_view = section.content
  list_of_bytes = list(memory_view)

Exceptions:

Warning

We started to refactor the API and the internal design to remove C++ exceptions. These changes are described a the dedicated blog (LIEF RTTI & Exceptions)

To highlighting the content of the blog for the end users, functions that returned a reference and which threw an exception in the case of a failure are now returning a pointer that is set to nullptr in the case of a failure.

If we consider this original code:

LIEF::MachO::Binary& bin = ...;

try {
  LIEF::MachO::UUIDCommand& cmd = bin.uuid();
  std::cout << cmd << "\n";
} catch (const LIEF::not_found&) {
  // ... dedicated processing
}

// Other option with has_uuid()
if (bin.has_uuid()) {
  LIEF::MachO::UUIDCommand& cmd = bin.uuid();
  std::cout << cmd << "\n";
}

It can now be written as:

LIEF::MachO::Binary& bin = ...;

if (LIEF::MachO::UUIDCommand* cmd = bin.uuid();) {
  std::cout << *cmd << "\n";
} else {
  // ... dedicated processing as it is a nullptr
}

// Other option with has_uuid()
if (bin.has_uuid()) { // It ensures that it is not a nullptr
  LIEF::MachO::UUIDCommand& cmd = *bin.uuid();
  std::cout << cmd << "\n";
}

See also

• C++ API for errors handling

• Python API for errors handling

• List of the functions that changed

0.11.X - Patch Releases¶

0.11.0 - January 19, 2021¶

ELF:

• mkomet updated enums related to Android (see: 9dd641d)

• aeflores added MIPS relocations support in the ELF parser

• Fix extend() on a ELF section (cf. issue #477)

• Fix issue when exporting symbols on empty-gnu-hash ELF binary (1381f9a)

• Fix reconstruction issue when the binary is prelinked (cf. issue #466)

• Add DF_1_PIE flag

• Fix parsing issue of the .eh_frame section when the base address is not 0.

• JanuszL enhanced the algorithm that computes the string table. It moves from a N^2 algorithm to a Nlog(N) (1e0c4e8).

• Fix .eh_frame parsing issue (b57f323)

• aeflores fixed parsing issue in ELF relocations (6c53646)

• Add PT_GNU_PROPERTY enum

• Bug fix in the symbols table reconstruction (ELF)

PE:

• Enhance PE Authenticode. See PE Authenticode

• get_imphash() can now generate the same value as pefile and Virus Total (#299)

  pe = lief.parse("example.exe")
  vt_imphash = lief.PE.get_imphash(pe, lief.PE.IMPHASH_MODE.PEFILE)
  lief_imphash = lief.PE.get_imphash(pe, lief.PE.IMPHASH_MODE.DEFAULT)
  

  See also

  lief.PE.IMPHASH_MODE and lief.PE.get_imphash()

• Remove the padding entry (0) from the rich header

• items now returns a dictionary for which the values are bytes (instead of str object). This change is related to utf-16 support.

• kohnakagawa fixed wrong enums values: c031250, 6ee808a, cd05f34

• kohnakagawa fixed a bug in the PE resources parser (a7254d1)

• Handle PE forwarded exports (issue #307)

Mach-O:

• Add API to access either LC_CODE_SIGNATURE or DYLIB_CODE_SIGN_DRS (issue #476)

• Fix issue when parsing twice a Mach-O file (issue #479)

Dependencies:

• Replace easyloggingpp with spdlog 1.8.1

• Upgrade frozen to 1.0.0

• Upgrade json to 3.7.3

• Upgrade pybind11 to 2.6.0

• Upgrade mbedtls to 2.16.6

Documentation:

• aguinet updated the bin2lib tutorial with the support of the new glibc versions (7884e57)

• Global update and enable to build the documentation out-of-tree

• Changing the theme

Misc:

• Add Python 3.9 support

• FindLIEF.cmake deprecates LIEF_ROOT. You should use LIEF_DIR instead.

Logging:

We changed the logging interface. The following log levels have been removed:

• LOG_GLOBAL

• LOG_FATAL

• LOG_VERBOSE

• LOG_UNKNOWN

We also moved from an class-interface based to functions.

Example:

lief.logging.disable()
lief.logging.enable()
lief.logging.set_level(lief.logging.LOGGING_LEVEL.INFO)

See: lief.logging.set_level()

Note

The log functions now output on stderr instead of stdout

0.10.1 - November 29, 2019¶

• Fix regression in parsing Python bytes

• Add Python API to demangle strings: lief.demangle

0.10.0 - November 24, 2019¶

ELF:

• Add build support for ELF notes

• Add coredump support (9fc3a8a)

• Enable to bind a relocation with a symbol (a9f3cb8)

  Example:

  relocation = "..."
  
  symbol = lief.ELF.Symbol()
  symbol.name = "printf123"
  relocation.symbol = symbol
  

• Add constructors (67d924a)

• Expose ELF destructors (957384c)

• Add remove_static_symbol (c677970)

• Add support for static relocation writing (d1b98d6)

• Expose function to get strings located in the .rodata section (02f4851)

• Export ELF ABI version (8d7ec26)

PE:

• Improve PE Authenticode parsing (535623d)

• Fix alignment issue when removing a PE section (04dddd3)

• Parse PE debug data directory as a list of debug entries (by 1orenz0 - fcc75dd)

• Add support to parse POGO debug entries (by 1orenz0 - 3537440)

Mach-O:

• Enhance Mach-O modifications by exposing an API to:

  • Add load commands

  • Add sections

  • Add segments

  See: 406115c

• Enable write() on FAT Mach-O (1659531)

• Introduce Mach-O Build Version command (6f96723)

• Enable to remove Mach-O symbols (616d739)

• Add support for adding LC_UNIXTHREAD commands in a MachO (by nezetic - 64d2597)

Abstract Layer:

• Expose remove_section() in the abstract layer (918438c)

• Expose write() in the abstract layer (af4d48e)

• Expose API to list functions found in a binary (b5a0846)

Android:

• Add partial support for Android 9 (bce9ebe)

Misc:

• lkollar added support for Python 3.8 in CI (Linux & OSX only)

• Update Pybind11 dependency to v2.4.3

• Enhance Python install (see: Since 0.10.0)

• Thanks to lkollar, Linux CI now produces manylinux1-compliant wheels

Many thanks to the contributors: recvfrom, pbrunet, mackncheesiest, wisk, nezetic, lkollar, jbremer, DaLynX, 1orenz0, breadchris, 0xbf00, unratito, strazzere, aguinetqb, mingwandroid, serge-sans-paille-qb, yrp604, majin42, KOLANICH

0.9.0 - June 11, 2018¶

LIEF 0.9 comes with new formats related to Android: OAT, DEX, VDEX and ART. It also fixes bugs and thanks to yd0b0N, ELF parser now supports big and little endian binaries. We also completed the JSON serialization of LIEF objects.

0.8.3¶

• [Mach-O] Fix typo on comparison operator - abbc264

0.8.2¶

• [ELF] Increase the upper limit of relocation number - 077bc32

0.8.1 - October 18, 2017¶

• Fix an alignment issue in the ELF builder. See 8db199c

• Add assertion on the setuptools version: 62e5825

0.8.0 - October 16, 2017¶

LIEF 0.8.0 mainly improves the MachO parser and the ELF builder. It comes with Dockerfiles for CentOS and Android.

LibFuzzer has also been integrated in the project to enhance the parsers

0.7.0 - July 3, 2017¶

0.6.1 - April 6, 2017¶

0.6.0 - March 30, 2017¶

First public release