Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • 04:57

    romainthomas on master

    Update section_from_{offset,va}… (compare)

  • Jun 09 14:19
    romainthomas closed #586
  • Jun 09 14:19

    romainthomas on master

    Resolve #586 (compare)

  • Jun 09 02:30
    gurachan commented #572
  • Jun 07 10:35
    jrodgut opened #586
  • Jun 07 10:35
    jrodgut assigned #586
  • Jun 07 10:25
    jrodgut commented #585
  • Jun 07 06:29

    romainthomas on abstract_pe_symbols

    (compare)

  • Jun 07 06:21
    romainthomas closed #583
  • Jun 07 06:20

    romainthomas on master

    Add PE imports/exports as abstr… (compare)

  • Jun 06 08:57

    romainthomas on abstract_pe_symbols

    WIP (compare)

  • Jun 06 04:56

    romainthomas on master

    Fix typo fix typo (compare)

  • Jun 06 04:56
    romainthomas commented #585
  • Jun 06 04:45
    romainthomas closed #584
  • Jun 06 04:45
    romainthomas commented #584
  • Jun 06 04:42

    romainthomas on master

    Handle non-ascii strings and ha… Merge pull request #584 (compare)

  • Jun 02 09:56
    jrodgut opened #585
  • Jun 02 09:55
    jrodgut assigned #585
  • Jun 02 05:28
    kohnakagawa opened #584
  • May 31 13:34

    romainthomas on master

    Add missing functions (compare)

Thin Ba Shane (Luna)
@LunaM00n
How can i install via Windows 10?
Thin Ba Shane (Luna)
@LunaM00n
I got it. I m using python 3.8.2 and installing cp36. It was my mistake. Sorry to bother you all.
Antonio Flores Montoya
@aeflores
Hi @romainthomas what is the timeline for the next bugfix release? it would be nice to have one soon
tsunekoh
@kohnakagawa
Hi @romainthomas why is mbedTLS used in LIEF to parse PE authenticode signature? mbedTLS does not support PKCS7 whilst other similar library such as OpenSSL does.
Zmurf
@5murfette
Hi guys - is there a way (or maybe a planned feature related to that), to edit raw body of a symbol?
The problem that I have is that there is a bunch of prevompiled (non-LTO) library .o files, and all function symbols lack stack cookies.
I know what needs to be changed in assembly of each function, but that obviously would expand the function size...
and technically, since all the information is there for functions to work at any address, I suppose they could be smartly repacked so there is some space between them
Zmurf
@5murfette
or perhaps convert them to LTO? then I could inline them and wrap around another funciton body in .C that has stack cookies
KaramLak
@KaramLak
image.png
can anybody help me with that ?
please
tsunekoh
@kohnakagawa
@KaramLak You might use an older version of python (2.x or lower than 3.4). So, you install lief with a newer version of python (and pip) and can resolve this issue.
Romain
@romainthomas

Hi @romainthomas why is mbedTLS used in LIEF to parse PE authenticode signature? mbedTLS does not support PKCS7 whilst other similar library such as OpenSSL does.

@kohnakagawa, I choose to use mbedtls because it is lighter than openSSL

tsunekoh
@kohnakagawa
@romainthomas Thank you for your reply :) Currently, I'm improving the Authenticode parsing logic of LIEF, so I was wondering why mbedTLS was selected.
Romain
@romainthomas
Nice @kohnakagawa !
Anton Kochkov
@XVilka
Hi! Is there any new LIEF release planned? 0.10.1 is very old :)
Antonio Flores Montoya
@aeflores
I would love to see a new release too!
lain3d
@lain3d
is there any way to get the documentation as a pdf
usually these readthedocs projs have a pdf option but dont see it here
Romain
@romainthomas
Hi sorry for the delay this year is quite busy :) I plan to do a new release soon but I'm still stuck in setting up the windows CI on Azure.
If someone is familiar with this CI let me know :)
Romain
@romainthomas
ah and thanks to @benjamb the release will contain Python 3.8 version for windows
Adrien Guinet
@aguinet
@romainthomas github actions work quite well for windows
Tom
@nyx0
@romainthomas when you do a release can you also add python 3.9 :) thank you!
Romain
@romainthomas
@nyx0 I'll setup the CI for that but it seems that Appveyor does not support Python3.9 yet: appveyor/ci#3541
Romain
@romainthomas
Adrien Guinet
@aguinet
github actions FTW @romainthomas :)
Anton Kochkov
@XVilka
Hi! How to get the LIEF::Header out of the LIEF::ELF::Binary? I need some things from the LIEF::Binary and some from LIEF::ELF::Binary in C++ API
Romain
@romainthomas
@XVilka
std::unique_ptr<LIEF::ELF::Binary> bin = ...
auto abstract = static_cast<LIEF::Binary*>(bin.get());
LIEF::Header hdr = abstract->header();
Anton Kochkov
@XVilka
aha, so static_cast then, thanks!
Anton Kochkov
@XVilka
One more question - is there any ready API to get the code parts from the executable? Rather then dealing with ELF Segments and PE Sections separately, for example?
Or I have to write the wrapper function myself?
Romain
@romainthomas
As it would be not easy to abstract, you need to implement your own wrapper
Anton Kochkov
@XVilka
I see, thanks!
Petr Novický
@pnovicky_twitter
Hi, I have a question if it's possible to use LIEF to edit(translate) all strings inside the .rsrc section of PE somehow. In the documentation I found example code how to read all the resources, but I am not sure if it's also possible to edit, specifically strings. Thank you very much...
Romain
@romainthomas
Hi @pnovicky_twitter It could be possible but it's currently not implemented
Peter Goodman
@pgoodman
Is there a way to apply relocations given a parsed PIE ELF?
e.g. there is a call disp32that appears to LIEF as a call with zeroes for the relative displacement, and thus needs to be relocated; in IDA I observe that it has applied the fixup, and I think makes this clear via the fixup target offset stuff, but anyway, is there a way to emulate this behaviour with LIEF?
or is the right way to iterate over the bytes of the instruction and query parsed.get_relocation?
Romain
@romainthomas
@pgoodman,
LIEF only provides information about relocations but does not apply them. So yes, you will need to use LIEF API to handle the relocation process :)
If you target Linux x86-64, you can find the semantics of the relocations in the glibc: sysdeps/x86_64/dl-machine.h
for Android, it's located in Bionic's linker
Peter Goodman
@pgoodman
Any plans to provide a std::string_view API for files to LIEF, rather than the const std::vector<uint8_t> &?
That would enable parsing of embedded files without having to know where they end :-P
alternatively, having the ability to provide a file name and offset
Romain
@romainthomas

@pgoodman, providing std::string_view is not planned in the short term since it raises the C++ standard to
C++17. I would ok to use C++17 internally but not in the public headers.
Nevertheless, I thought about this use case and I started to create interfaces to:

These two interfaces are not ready yet but they aims at resolving the following issues:

  • Parsing iOS/macOS dyld shared cache
  • Parsing PE in-memory and iOS app in memory (and fix the relocations stuff)
    I don't have a clear idea when they will ready but I expect to have something usable in the following months.
Peter Goodman
@pgoodman
Thanks for the update!
Is ELF::Section::file_offset the offset of the section contents in the file?
Romain
@romainthomas
yes