Fix anti-debug detections for NtQueryInformationProcess with ProcessDebugObjectHandle

src/common/platform/status.hpp

@@ -48,6 +48,7 @@ using NTSTATUS = std::uint32_t;
 #define STATUS_CONNECTION_REFUSED         ((NTSTATUS)0xC0000236L)
 #define STATUS_TIMER_RESOLUTION_NOT_SET   ((NTSTATUS)0xC0000245L)
 #define STATUS_ADDRESS_ALREADY_ASSOCIATED ((NTSTATUS)0xC0000328L)
+#define STATUS_PORT_NOT_SET               ((NTSTATUS)0xC0000353L)
 #define STATUS_DEBUGGER_INACTIVE          ((NTSTATUS)0xC0000354L)
 
 #define STATUS_BUFFER_OVERFLOW            ((NTSTATUS)0x80000005L)

src/windows-emulator/syscalls/process.cpp

@@ -158,11 +158,6 @@ namespace syscalls
 
         if (info_class == ProcessDebugObjectHandle)
         {
-            if (return_length)
-            {
-                return_length.write(sizeof(handle));
-            }
-
             if (process_information_length != sizeof(handle))
             {
                 return STATUS_BUFFER_OVERFLOW;
@@ -171,7 +166,12 @@ namespace syscalls
             const emulator_object<handle> info{c.emu, process_information};
             info.write(NULL_HANDLE);
 
-            return STATUS_SUCCESS;
+            if (return_length)
+            {
+                return_length.write(sizeof(handle));
+            }
+
+            return STATUS_PORT_NOT_SET;
         }
 
         if (info_class == ProcessEnclaveInformation || info_class == ProcessMitigationPolicy ||