A lot of testing over the extended polymorphism feature is currently taking place during my free time.
The results are so far great, and definitely this is one of the features that I can keep working on it in the future releases.
In order to have as stable releases as possible, as I have been trying since the beginning, I am not applying all possible optimizations at once
However, there will be a noticeable difference in the output in the upcoming release, and it’s definitely worth the hassle.
Furthermore, there is a design improvement in the tracing engine which will generically make the results even more reliable and accurate.
In particular, until version 5.2 Shellter will keep tracing the main thread of the target application even if more than one threads are created while the user has chosen to only trace the main one.
This could potentially cause some issues during the execution flow filtering stages on which Shellter heavily relies on in order to provide reliable dynamic injection locations.
In order to make this even better, I decided to change the behavior of the tracer regarding this matter. So from Shellter v5.3 if the user decides to only trace the main thread, then once a new thread is created, Shellter will exit the tracing stage and will proceed with the rest of the injection process.
In Auto mode All-Threads-Tracing is enabled by default, but if you use the command line, then you can disable it by using the ‘––trace main’ switch.
In Manual mode, Shellter always asks the user to choose between the two options.
Cheers,
kyREcon