Add an AntiDebugHandle test (and make sure it doesn't trigger)

References: - x64dbg/x64dbg#2749 - x64dbg/x64dbg#1364 - x64dbg/TitanEngine#5 - x64dbg/x64dbg#2504
mrexodia · Oct 5, 2023 · 869617a · 869617a
1 parent 74e1c7c
commit 869617a
Show file tree

Hide file tree

Showing 4 changed files with 62 additions and 0 deletions.
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -142,6 +142,40 @@ target_link_options(MemoryTest PRIVATE
 unset(CMKR_TARGET)
 unset(CMKR_SOURCES)
 
+# Target AntiDebugHandle
+set(CMKR_TARGET AntiDebugHandle)
+set(AntiDebugHandle_SOURCES "")
+
+list(APPEND AntiDebugHandle_SOURCES
+	"src/AntiDebugHandle/AntiDebugHandle.cpp"
+)
+
+list(APPEND AntiDebugHandle_SOURCES
+	cmake.toml
+)
+
+set(CMKR_SOURCES ${AntiDebugHandle_SOURCES})
+add_executable(AntiDebugHandle)
+
+if(AntiDebugHandle_SOURCES)
+	target_sources(AntiDebugHandle PRIVATE ${AntiDebugHandle_SOURCES})
+endif()
+
+get_directory_property(CMKR_VS_STARTUP_PROJECT DIRECTORY ${PROJECT_SOURCE_DIR} DEFINITION VS_STARTUP_PROJECT)
+if(NOT CMKR_VS_STARTUP_PROJECT)
+	set_property(DIRECTORY ${PROJECT_SOURCE_DIR} PROPERTY VS_STARTUP_PROJECT AntiDebugHandle)
+endif()
+
+source_group(TREE ${CMAKE_CURRENT_SOURCE_DIR} FILES ${AntiDebugHandle_SOURCES})
+
+target_link_options(AntiDebugHandle PRIVATE
+	"/DYNAMICBASE:NO"
+	"/INCREMENTAL:NO"
+)
+
+unset(CMKR_TARGET)
+unset(CMKR_SOURCES)
+
 # Target TestTitanEngine
 set(CMKR_TARGET TestTitanEngine)
 set(TestTitanEngine_SOURCES "")

diff --git a/cmake.toml b/cmake.toml
@@ -23,6 +23,10 @@ sources = ["src/DebugMe/*.cpp"]
 type = "test"
 sources = ["src/MemoryTest/*.cpp"]
 
+[target.AntiDebugHandle]
+type = "test"
+sources = ["src/AntiDebugHandle/*.cpp"]
+
 [target.TestTitanEngine]
 type = "executable"
 sources = ["src/TestTitanEngine/*.cpp", "src/TestTitanEngine/*.h"]

diff --git a/src/AntiDebugHandle/AntiDebugHandle.cpp b/src/AntiDebugHandle/AntiDebugHandle.cpp
@@ -0,0 +1,19 @@
+#include <Windows.h>
+#include <cstdio>
+#include <cinttypes>
+
+int main()
+{
+    puts("");
+
+    wchar_t executablePath[MAX_PATH] = L"";
+    GetModuleFileNameW(0, executablePath, _countof(executablePath));
+
+    auto hNtdll = CreateFileW(L"C:\\Windows\\system32\\ntdll.dll", GENERIC_READ, 0, nullptr, OPEN_EXISTING, 0, nullptr);
+    printf("[AntiDebugHandle] ntdll: 0x%zX (LastError: %u)\n", (uintptr_t)hNtdll, GetLastError());
+
+    auto hExe = CreateFileW(executablePath, GENERIC_READ, 0, nullptr, OPEN_EXISTING, 0, nullptr);
+    printf("[AntiDebugHandle] exe: 0x%zX (LastError: %u)\n", (uintptr_t)hExe, GetLastError());
+
+    puts("");
+}
diff --git a/src/DebugLoop/DebugLoop.cpp b/src/DebugLoop/DebugLoop.cpp
@@ -295,6 +295,11 @@ int main(int argc, char** argv)
 
 		case LOAD_DLL_DEBUG_EVENT:
 		{
+			const auto& dll = debugEvent.u.LoadDll;
+			if (dll.hFile)
+			{
+				CloseHandle(dll.hFile);
+			}
 		}
 		break;