Skip to content

Latest commit

 

History

History
55 lines (30 loc) · 2.05 KB

.detach.md

File metadata and controls

55 lines (30 loc) · 2.05 KB
Raw
description
Description of the '.detach' command in HyperDbg.

.detach (detach from the process)

Command

.detach

Syntax

.detach

Description

Detaches from the currently active process.

Parameters

None

Examples

Imagine we want to detach from the currently active process (a previously started program using the '.start' command or a process attached by using the '.attach' command).

1b08:1290 u64HyperDbg> .detach

IOCTL

The IOCTL description is the same as the '.start' command, but instead of Action, you should send DEBUGGER_ATTACH_DETACH_USER_MODE_PROCESS_ACTION_DETACH, only set the ProcessId to the target Process ID.

Remarks

If you want to detach from a process, the process must not be in a paused state. Thus, you should remove all the break events or continue the process before detaching from them. HyperDbg will automatically continue the target process before detaching.

This command is logically designed to be used in VMI Mode. You can use the '.process' and the '.thread' commands in Debugger Mode.

Requirements

None

Related

.start (start a new process)

.restart (restart the process)

.attach (attach to a process)

.switch (show the list and switch between active debugging threads)

.kill (terminate the process)