GunshipPenguin
commented
3 years ago Hi there,
Kiteshield's runtime currently doesn't support multithreaded processes. Packed programs can't do a fork/vfork/clone or you'll undoubtedly get a crash. I've added a limitations section to the README in 50be70b08ec8cdefdc5749b19e5b282b343f4775 to note this. You can still (since 3ce0fadc1ab65ba3d098aa21870afc4eba19399e), pack multithreaded binaries with the -n flag (which will omit the runtime), and multithreaded programs should work.
I'm currently working on having the Kiteshield runtime support multithreaded binaries. Work is ongoing on the multithreading branch if you want to take a peek at the (currently very rough) work being done to get the runtime to work with multiple threads of execution.
Cheers, Rhys
I have attempted to obfuscate a binary that becomes a daemon (using the following skeleton).
After forking and continuing execution in the child, it can run until it returns from a function, and then the execution ends.
I can confirm that this behavior exists only in the obfuscated binary.