Skip to content

Latest commit

 

History

History
64 lines (50 loc) · 2.46 KB

README.md

File metadata and controls

64 lines (50 loc) · 2.46 KB

What is unlocker?

license Mentioned in Awesome Go

A header-only, fast, simple Ring3 unlocker library.

Aimed to be better than famous tool - unlocker @ Cedrick Collomb.

Advantanges

  • [UNIQUE] support operations on unacceptable-name files (reserved names or name ends with a period or a space)
  • [UNIQUE] support detection of opened memory-mapping-file (abbr as mmf) handle and map view of mmf
    • MS Office compatible mode (e.g. *.doc, *.xls, *.ppt opened by MS Office 2007+)
    • file copy by Windows Explorer
    • other scenarios
  • low resource comsuption & quick scan improvement
  • support operating files in UNC/Network drive
  • support operations cross x64 and x86 modules
  • support both UNICODE & non-UNICODE projects
  • support terminate some of the protected Ring3 processes
  • support all version of Visual C++ or Visual Studio
  • support all version of Windows OS

How it works?

Type of files

  • Non-executable files:
    • *.txt, *.jpg, *.mp3, *.zip, *.doc, etc.
  • Executable files:
    • *.exe - (Portable Executable / MS-DOS MZ executable)
    • *.dll - (Dynamic-Linked Library / COM Object)
    • *.sys - (Driver)
File Type Method Unlock Solution
* CreateFile RemoteCloseHandle
* CreateFileMapping RemoteCloseHandle
* MapViewOfFile RemoteUnmapViewOfFile
exe CreateProcess TerminateProcess
dll LoadLibrary RemoteFreeLibrary
sys CreateService/StartService StopService/DeleteService

Feedback

References

Thanks to following projects, in no particular order

About author

  var orca = {
    name  : "Zhang Wei",
    site : "http://ez8.co"
  }