API Reference

Helpers

Shared helpers for binary parsing and value formatting.

helpers.hex_addr(value)[source]

Format an integer as a hex address string, or return None.

Parameters:

value (int | None)

Return type:

str | None

helpers.safe_str(value)[source]

Convert bytes / str / other to a plain string, or None.

Parameters:

value (Any)

Return type:

str | None

helpers.safe_enum(value)[source]

Return the .name of an enum member, or str() for everything else.

Parameters:

value (Any)

Return type:

str | None

helpers.format_name()[source]

Map LIEF format enum -> human label.

Return type:

dict[FORMATS, str]

helpers.parse_binary(file_path)[source]

Parse a binary file with LIEF, handling Mach-O fat binaries.

Returns the concrete (PE/ELF/MachO) Binary object. Raises ValueError with a user-friendly message on failure.

Parameters:

file_path (str)

Return type:

Binary

Tools

Info

Tool: get_binary_info — quick triage of a binary file.

tools.info.get_binary_info(file_path)[source]

Quick triage of a binary file.

Returns format, architecture, entry point, image base, section / import / export counts, and high-level security flags (NX, PIE).

Parameters:

file_path (str)

Return type:

dict

Headers

Tool: get_binary_headers — detailed header fields for a binary.

tools.headers.get_binary_headers(file_path)[source]

Detailed header fields for a binary.

PE: DOS header + COFF header + Optional header. ELF: ELF header. Mach-O: Mach header.

Parameters:

file_path (str)

Return type:

dict

Sections

Tool: get_binary_sections — list all sections with metadata.

tools.sections.get_binary_sections(file_path)[source]

List all sections with name, sizes, virtual address, permissions, and entropy.

Parameters:

file_path (str)

Return type:

dict

Imports

Tool: get_binary_imports — imported functions grouped by library.

tools.imports.get_binary_imports(file_path, limit=0)[source]

Imported functions, grouped by library.

For PE binaries imports are grouped by DLL. For ELF / Mach-O a flat list of imported function names is returned.

Set limit > 0 to cap the total number of entries returned.

Parameters:

  • file_path (str)

  • limit (int)

Return type:

dict

Exports

Tool: get_binary_exports — exported functions / symbols.

tools.exports.get_binary_exports(file_path, limit=0)[source]

Exported functions / symbols.

For PE files with an export table, returns name, ordinal, address, and forwarded-function info. For ELF / Mach-O returns a list of exported symbol names.

Set limit > 0 to cap the number of entries returned.

Parameters:

  • file_path (str)

  • limit (int)

Return type:

dict

Libraries

Tool: get_binary_libraries — dynamic library dependencies.

tools.libraries.get_binary_libraries(file_path)[source]

Dynamic library dependencies (DLLs / shared objects / dylibs).

Parameters:

file_path (str)

Return type:

dict

Security

Tool: get_binary_security — security features and hardening.

tools.security.get_binary_security(file_path)[source]

Security features and hardening of a binary.

PE: ASLR, DEP/NX, SEH, Control Flow Guard, code signing. ELF: NX, PIE, RELRO, stack canaries, FORTIFY_SOURCE. Mach-O: PIE, NX stack/heap, code signature, header flags.

Parameters:

file_path (str)

Return type:

dict