GunshipPenguin / kiteshield

Packer/Protector for x86-64 ELF binaries on Linux
MIT License
139 stars 30 forks source link

Child process exits after forking #2

Closed BigB00st closed 3 years ago

BigB00st commented 3 years ago

I have attempted to obfuscate a binary that becomes a daemon (using the following skeleton).

After forking and continuing execution in the child, it can run until it returns from a function, and then the execution ends.

I can confirm that this behavior exists only in the obfuscated binary.

GunshipPenguin commented 3 years ago

Hi there,

Kiteshield's runtime currently doesn't support multithreaded processes. Packed programs can't do a fork/vfork/clone or you'll undoubtedly get a crash. I've added a limitations section to the README in 50be70b08ec8cdefdc5749b19e5b282b343f4775 to note this. You can still (since 3ce0fadc1ab65ba3d098aa21870afc4eba19399e), pack multithreaded binaries with the -n flag (which will omit the runtime), and multithreaded programs should work.

I'm currently working on having the Kiteshield runtime support multithreaded binaries. Work is ongoing on the multithreading branch if you want to take a peek at the (currently very rough) work being done to get the runtime to work with multiple threads of execution.

Cheers, Rhys

GunshipPenguin commented 3 years ago

Hi there,

Just to let you know, the master branch now has full runtime support for multithreaded and multi-process binaries.

Cheers, Rhys