Fix handle leak in NtQueryInformationProcess(ProcessDebugObjectHandle) (

mrexodia#30)
buldi · Apr 24, 2022 · 05c1397 · 05c1397
1 parent d844109
commit 05c1397
Showing 1 changed file with 11 additions and 0 deletions.
diff --git a/TitanHide/hooks.cpp b/TitanHide/hooks.cpp
@@ -279,6 +279,17 @@ static NTSTATUS NTAPI HookNtQueryInformationProcess(
                 {
                     BACKUP_RETURNLENGTH();
 
+                    __try
+                    {
+                        // This was a successful request and a valid handle was returned.
+                        // That means we should close it before we nuke it to prevent handle leaks.
+                        ObCloseHandle(*(PHANDLE)ProcessInformation, KernelMode);
+                    }
+                    __except(EXCEPTION_EXECUTE_HANDLER)
+                    {
+                        NOTHING;
+                    }
+
                     *(ULONG_PTR*)ProcessInformation = 0;
 
                     RESTORE_RETURNLENGTH();