Merge pull request #3234 from x64dbg/handle-anti-debug

Fix an anti-debug trick used by GuLoader
2023-10-05 13:33:02 +02:00 · 2023-10-05 13:33:02 +02:00 · a4be9f87f5
parent 56ee888a0b ffb6de5b56
commit a4be9f87f5
1 changed files with 4 additions and 0 deletions
--- a/src/dbg/module.cpp
+++ b/src/dbg/module.cpp
@ -864,6 +864,10 @@ bool ModLoad(duint Base, duint Size, const char* FullPath, bool loadSymbols)
        // Load the physical module from disk
        if(StaticFileLoadW(wszFullPath.c_str(), UE_ACCESS_READ, false, &info.fileHandle, &info.loadedSize, &info.fileMap, &info.fileMapVA))
        {
+            // Fix an anti-debug trick, which opens exclusive access to the file
+            CloseHandle(info.fileHandle);
+            info.fileHandle = (HANDLE)1; // Set to non-zero for TitanEngine compatibility
+
            GetModuleInfo(info, info.fileMapVA);

            Size = GetPE32DataFromMappedFile(info.fileMapVA, 0, UE_SIZEOFIMAGE);