v0.17.2

Author: xaitax

CHANGELOG.md

@@ -2,6 +2,11 @@
 
 ## 🆕 Changelog
 
+### v0.17.2
+- **Browser Process Termination**: Added `-k/--kill` flag to terminate all running browser processes before extraction.
+  - Uses direct syscalls (`NtTerminateProcess`, `NtGetNextProcess`, `NtOpenProcess`) for process termination.
+  - Automatically terminates child processes to release file locks on SQLite databases.
+
 ### v0.17.1
 - **Google Auth Token Extraction**: Added support for extracting Google OAuth2 Refresh Tokens.
   - Extracts and decrypts tokens used for Chrome Sync and Google services.
@@ -157,4 +162,4 @@
 - **New**: auto‑start the browser if not running (`--start-browser`)
 - **New**: verbose debug output (`--verbose`)
 - **New**: automatically terminate the browser after decryption
-- **Improved**: Injector code refactoring
+- **Improved**: Injector code refactoring

README.md

@@ -149,13 +149,14 @@ _________ .__                         ___________.__                       __
  \______  /___|  /__|   \____/|__|_|  /_______  /|____/\___  >\_/  (____  /__|  \____/|__|
         \/     \/                   \/        \/           \/           \/
  Direct Syscall-Based Reflective Hollowing
- x64 & ARM64 | v0.17.1 by @xaitax
+ x64 & ARM64 | v0.17.2 by @xaitax
 
   Usage: chromelevator.exe [options] <chrome|edge|brave|all>
 
   Options:
     -v, --verbose      Show detailed output
     -f, --fingerprint  Extract browser fingerprint
+    -k, --kill         Kill all browser processes before extraction
     -o, --output-path  Custom output directory
 ```
 
@@ -173,6 +174,9 @@ _________ .__                         ___________.__                       __
   Extract comprehensive browser fingerprinting data including version, extensions, security settings, and system information.
   Results saved to `fingerprint.json` in the browser's output directory.
 
+- `--kill` or `-k`
+  **Kill all browser processes before extraction.** Uses direct syscalls (`NtTerminateProcess`) to terminate all running instances of the target browser(s) before attempting data extraction. This is useful when browsers are running and holding locks on database files, preventing the tool from accessing cookies or other encrypted data.
+
 - `--help` or `-h`
   Show this help message.
 
@@ -188,7 +192,7 @@ _________ .__                         ___________.__                       __
  \______  /___|  /__|   \____/|__|_|  /_______  /|____/\___  >\_/  (____  /__|  \____/|__|
         \/     \/                   \/        \/           \/           \/
  Direct Syscall-Based Reflective Hollowing
- x64 & ARM64 | v0.17.1 by @xaitax
+ x64 & ARM64 | v0.17.2 by @xaitax
 
   ┌──── Brave ──────────────────────────────────────
   │
@@ -252,7 +256,7 @@ _________ .__                         ___________.__                       __
  \______  /___|  /__|   \____/|__|_|  /_______  /|____/\___  >\_/  (____  /__|  \____/|__|
         \/     \/                   \/        \/           \/           \/
  Direct Syscall-Based Reflective Hollowing
- x64 & ARM64 | v0.17.1 by @xaitax
+ x64 & ARM64 | v0.17.2 by @xaitax
 
   ┌──── Chrome ──────────────────────────────────────
   │ Terminating browser network services...

make.bat

@@ -124,17 +124,18 @@ if "%VSCMD_ARG_TGT_ARCH%"=="arm64" (
 
 cl %CFLAGS_COMMON% %CFLAGS_CPP% /c "%SRC_DIR%\injector\injector_main.cpp" /Fo"%BUILD_DIR%\injector_main.obj"
 cl %CFLAGS_COMMON% %CFLAGS_CPP% /c "%SRC_DIR%\injector\browser_discovery.cpp" /Fo"%BUILD_DIR%\browser_discovery.obj"
+cl %CFLAGS_COMMON% %CFLAGS_CPP% /c "%SRC_DIR%\injector\browser_terminator.cpp" /Fo"%BUILD_DIR%\browser_terminator.obj"
 cl %CFLAGS_COMMON% %CFLAGS_CPP% /c "%SRC_DIR%\injector\process_manager.cpp" /Fo"%BUILD_DIR%\process_manager.obj"
 cl %CFLAGS_COMMON% %CFLAGS_CPP% /c "%SRC_DIR%\injector\pipe_server.cpp" /Fo"%BUILD_DIR%\pipe_server.obj"
 cl %CFLAGS_COMMON% %CFLAGS_CPP% /c "%SRC_DIR%\injector\injector.cpp" /Fo"%BUILD_DIR%\injector.obj"
 cl %CFLAGS_COMMON% %CFLAGS_CPP% /c "%SRC_DIR%\sys\internal_api.cpp" /Fo"%BUILD_DIR%\internal_api.obj"
 
 link %LFLAGS_COMMON% %LFLAGS_MERGE% /OUT:".\%FINAL_EXE_NAME%" ^
     "%BUILD_DIR%\injector_main.obj" "%BUILD_DIR%\browser_discovery.obj" ^
-    "%BUILD_DIR%\process_manager.obj" "%BUILD_DIR%\pipe_server.obj" ^
-    "%BUILD_DIR%\injector.obj" "%BUILD_DIR%\internal_api.obj" ^
-    "%BUILD_DIR%\chacha20.obj" "%BUILD_DIR%\syscall_trampoline.obj" ^
-    "%BUILD_DIR%\resource.res" ^
+    "%BUILD_DIR%\browser_terminator.obj" "%BUILD_DIR%\process_manager.obj" ^
+    "%BUILD_DIR%\pipe_server.obj" "%BUILD_DIR%\injector.obj" ^
+    "%BUILD_DIR%\internal_api.obj" "%BUILD_DIR%\chacha20.obj" ^
+    "%BUILD_DIR%\syscall_trampoline.obj" "%BUILD_DIR%\resource.res" ^
     version.lib shell32.lib advapi32.lib user32.lib bcrypt.lib
 goto :eof
 

src/core/version.hpp

@@ -6,9 +6,9 @@
 namespace Core {
 
     // Main version string - shown in banner
-    constexpr const char* VERSION = "0.17.1";
+    constexpr const char* VERSION = "0.17.2";
 
     // Full version for build identification (update for releases)
-    constexpr const char* BUILD_TAG = "v0.17.1";
+    constexpr const char* BUILD_TAG = "v0.17.2";
 
 }