.detach (detach from the process)
Description of the '.detach' command in HyperDbg.
Previous.attach (attach to a process)Next.switch (show the list and switch between active debugging processes)
Last updated
Description of the '.detach' command in HyperDbg.
Last updated
.detach
.detach
Detaches from the currently active process.
None
Imagine we want to detach from the currently active process (a previously started program using the '' command or a process attached by using the '.' command).
The IOCTL description is the same as the '' command, but instead of Action, you should send DEBUGGER_ATTACH_DETACH_USER_MODE_PROCESS_ACTION_DETACH, only set the ProcessId to the target Process ID.
If you want to detach from a process, the process must not be in a paused state. Thus, you should remove all the break events or continue the process before detaching from them. HyperDbg will automatically continue the target process before detaching.
None
This command is logically designed to be used in . You can use the '' and the '' commands in .