x64dbg/x64dbg
x64dbg
/
x64dbg
1
0
Fork 0
Code Releases 2 Activity

Merge pull request #3234 from x64dbg/handle-anti-debug 

Fix an anti-debug trick used by GuLoader
This commit is contained in:
Duncan Ogilvie 2023-10-05 13:33:02 +02:00 committed by GitHub
parent 56ee888a0b ffb6de5b56
commit a4be9f87f5
Signed by: GitHub
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/dbg/module.cpp
View File

@ -864,6 +864,10 @@ bool ModLoad(duint Base, duint Size, const char* FullPath, bool loadSymbols)
// Load the physical module from disk // Load the physical module from disk
if(StaticFileLoadW(wszFullPath.c_str(), UE_ACCESS_READ, false, &info.fileHandle, &info.loadedSize, &info.fileMap, &info.fileMapVA)) if(StaticFileLoadW(wszFullPath.c_str(), UE_ACCESS_READ, false, &info.fileHandle, &info.loadedSize, &info.fileMap, &info.fileMapVA))
{ {
// Fix an anti-debug trick, which opens exclusive access to the file
CloseHandle(info.fileHandle);
info.fileHandle = (HANDLE)1; // Set to non-zero for TitanEngine compatibility
GetModuleInfo(info, info.fileMapVA); GetModuleInfo(info, info.fileMapVA);
Size = GetPE32DataFromMappedFile(info.fileMapVA, 0, UE_SIZEOFIMAGE); Size = GetPE32DataFromMappedFile(info.fileMapVA, 0, UE_SIZEOFIMAGE);