File handle remains open after call to MapFileEx()

[arxhendz]

When loading a new executable file for debugging, MapFileEx() is used to map it to memory after opening a handle to the file. The resulting handle is not closed afterwards and left open during further execution.

TitanEngine/TitanEngine/TitanEngine.Static.cpp

Lines 13 to 16 in 7976be4

	if(MapFileEx(szFileName, DesiredAccess, FileHandle, LoadedSize, FileMap, FileMapVA, NULL))
	{
	return true;
	}

This enables an anti-debugging technique where the process can attempt to open its own executable file for exclusive access, but will fail receiving an INVALID_HANDLE_VALUE instead of a valid handle.

My suggestion would be to close the handle before returning. But since I am not familiar with the code base, I decided to open an issue first.

[mrexodia]

It appears to be possible to close the file handle before unmapping (https://stackoverflow.com/a/36495309) however this does not actually solve the real issue which is that x64dbg needs file mappings to read contents of the module (I think you will still be able to enumerate handles and you will see something has a handle open to your file).

In the grand scheme of things however, it is not really a good anti-debug trick to expect that you will be able to open an exclusive handle to your own executable mostly because some random process (think AV for instance) might have a handle open and you would get a false detection.