.detach (detach from the process)

Description of the '.detach' command in HyperDbg.

Command
.detach
Syntax
.detach
Description
Detaches from the currently active process.
Parameters
None
Examples
Imagine we want to detach from the currently active process (a previously started program using the '.start' command or a process attached by using the '.attach' command).
1b08:1290 u64HyperDbg> .detach
IOCTL
The IOCTL description is the same as the '.start' command, but instead of Action, you should send DEBUGGER_ATTACH_DETACH_USER_MODE_PROCESS_ACTION_DETACH, only set the ProcessId to the target Process ID.
Remarks
If you want to detach from a process, the process must not be in a paused state. Thus, you should remove all the break events or continue the process before detaching from them. HyperDbg will automatically continue the target process before detaching.
This command is logically designed to be used in VMI Mode. You can use the '.process' and the '.thread' commands in Debugger Mode.
Requirements
None
Related
​.start (start a new process)​
​.restart (restart the process)​
​.attach (attach to a process)​
​.switch (show the list and switch between active debugging threads)​
​.kill (terminate the process)​

.attach (attach to a process)

.switch (show the list and switch between active debugging processes)

Last modified 1yr ago