From 98be5bede8ee8f70e53593d0fc8c2f53492a5fa9 Mon Sep 17 00:00:00 2001 From: midipix Date: Tue, 3 Sep 2024 01:17:57 +0000 Subject: __ntapi_tt_debug_execution_flow(): close state handles opened by the system. --- src/debug/ntapi_tt_debug_execution_flow.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/src/debug/ntapi_tt_debug_execution_flow.c b/src/debug/ntapi_tt_debug_execution_flow.c index 9c74df2..c4057a3 100644 --- a/src/debug/ntapi_tt_debug_execution_flow.c +++ b/src/debug/ntapi_tt_debug_execution_flow.c @@ -92,6 +92,25 @@ int32_t __stdcall __ntapi_tt_debug_execution_flow( break; } + switch (dbgstate.state) { + case NT_DBG_STATE_CREATE_THREAD: + __ntapi->zw_close(dbgstate._u.thread_info.hthread); + break; + + case NT_DBG_STATE_CREATE_PROCESS: + __ntapi->zw_close(dbgstate._u.process_info.hprocess); + __ntapi->zw_close(dbgstate._u.process_info.hthread); + __ntapi->zw_close(dbgstate._u.process_info.image_handle); + break; + + case NT_DBG_STATE_DLL_LOAD: + __ntapi->zw_close(dbgstate._u.load_module.image_handle); + break; + + default: + break; + } + __ntapi->zw_debug_continue( hdbgobj, &dbgstate.cid, -- cgit v1.2.3