LIEF
LIEF copied to clipboard
lief-project
Rust bindings for LIEF
Is your feature request related to a problem? Please describe. I'm considering using your library to parse raw memory from multiple sources (memory dump or a live-VM) The goal is to detect all the modules loaded into the address space, starting with the kernel.
Therefore, for each page, try to parse a PE or an ELF header. The goal is to do Virtual Machine Introspection (VMI), and this algorithm is already implemented in a library called libVMI: https://github.com/libvmi/libvmi/blob/master/libvmi/os/windows/core.c#L168
I'm rewriting the lower-level of this library in Rust: https://github.com/Wenzel/libmicrovmi
And I was interest by having Rust bindings on top of LIEF.
Describe the solution you'd like
I checked on crates.io and there is no lief or lief-sys (unsafe bindings) for LIEF available.
-> Do you plan on building a lief crate to give safe bindings for Rust ?
-> Is LIEF a suitable solution to parse ELF/PE loaded in memory ? Does your API allow to parse from a raw buffer ?
Thanks !
Hello @Wenzel
Do you plan on building a lief crate to give safe bindings for Rust ?
Rust bindings for LIEF is not the priority right now but you can check lief-sys by @tathanhdinh
Is LIEF a suitable solution to parse ELF/PE loaded in memory ? Does your API allow to parse from a raw buffer ?
ELF:
https://github.com/lief-project/LIEF/blob/f6906b1bccc6b6f741e4ca65f4432b52fac7e668/include/LIEF/ELF/Parser.hpp#L86
PE:
https://github.com/lief-project/LIEF/blob/f6906b1bccc6b6f741e4ca65f4432b52fac7e668/include/LIEF/PE/Parser.hpp#L55
Hi @romainthomas and @Wenzel IMHO, a safe binding should be quite direct thanks to a clean design of LIEF. I've planed to implement it just after lief-sys but unfortunately still cannot find any free time to do.
lief-sys wasn't updated for years. Are there any plans to update them for both Rust and LIEF changes since?
@romainthomas Just stumbled upon this when researching a new project, too. Is there like a public announcement on this somewhere? The lief-sys package is still not updated since the last discussion here.
IMHO private DMs did not help to push this forward :disappointed:
Hi! I guess it is worth sharing the current status of the Rust bindings. This is still a "work in progress" but I'm close to to have all the bindings.
Why it takes so long?
Well actually I want to provide bindings that are Rust's idiomatic AND easily maintainable. This is challenging and time consuming since I don't have a strong experience with Rust (but I enjoy this opportunity to play with this language), LIEF is pretty large with a bunch of functions which would require bindings and, last but not least, I'm doing that on my spare time.
That being said, here is what the current API looks like
use lief::Binary;
use lief::elf;
use lief::pe;
use lief::generic;
use lief::pe::DosHeader;
fn process_generic_section(section: &generic::Section) {
// ...
}
fn main() {
match Binary::parse(&path) {
Binary::ELF(elf) => {
for section in elf.sections() {
process_generic_section(section);
}
if let Some(gnu_hash) = elf.gnu_hash() {
// Process ELF GnuHash
}
},
Binary::PE(pe) => {
for imp in pe.imports() {
for entry in imp.entries() {
// ImportEntry implements the generic::Symbol traits
let sym = entry as generic::Symbol;
// ...
}
}
if let Some(rich_header) = pe.rich_header() {
// ...
}
}
}
}
Right now I miss the following points to make the public release:
- [ ] API documentation
- [ ] Packaging (and caching solution to avoid long build time)
- [ ] Binding LIEF's enums
I resolved the issue for the enums and I'm finishing exposing the binding for some functions