Interessant die Meldung C0000235:
Hier handelt es sich um einen Anti-Debugger Trick, der eigentlich AntiVir schützen soll, aber leider in allen Prozessen zum Einsatz kommt.
Zitat:
2.1.4 CloseHandle
As with an invalid
handle, if a protected
handle is passed
to the kernel32 CloseHandle() function (or directly to
the ntdll NtClose() function) and no debugger is present,
then an error code is returned. However, if a debugger is
present, an EXCEPTION_HANDLE_NOT_CLOSABLE
(0xC0000235)
exception will be raised. This
exception can
be intercepted by an
exception handler, and is an indication
that a debugger is running.