HyperDbg Documentation
HyperDbgResearchDownloadSource code
Search…
HyperDbg
Getting Started
Quick Start
FAQ
Build & Install
Attach to HyperDbg
Using HyperDbg
Prerequisites
User-mode Debugging
Kernel-mode Debugging
Commands
Debugging Commands
Meta Commands
.help (show the help of commands)
.debug (prepare and connect to debugger)
.connect (connect to a session)
.disconnect (disconnect from a session)
.listen (listen on a port and wait for the debugger to connect)
.status (show the debugger status)
.start (start a new process)
.restart (restart the process)
.attach (attach to a process)
.detach (detach from the process)
.switch (show the list and switch between active debugging processes)
.kill (terminate the process)
.process, .process2 (show the current process and switch to another process)
.thread, .thread2 (show the current thread and switch to another thread)
.formats (show number formats)
.script (run batch script commands)
.sympath (set the symbol server)
.sym (load pdb symbols)
.pe (parse PE file)
.logopen (open log file)
.logclose (close log file)
.cls (clear the screen)
Extension Commands
Scripting Language
Commands Map
Tips & Tricks
Considerations
Nested-Virtualization Environments
Misc
Contribution
Style Guide
Logo & Artworks
Design
Features
Debugger Internals
Links
Twitter
YouTube
Doxygen
Contribution
Powered By GitBook
.detach (detach from the process)
Description of the '.detach' command in HyperDbg.

Command

.detach

Syntax

.detach

Description

Detaches from the currently active process.

Parameters

None

Examples

Imagine we want to detach from the currently active process (a previously started program using the '.start' command or a process attached by using the '.attach' command).
1b08:1290 u64HyperDbg> .detach

IOCTL

The IOCTL description is the same as the '.start' command, but instead of Action, you should send DEBUGGER_ATTACH_DETACH_USER_MODE_PROCESS_ACTION_DETACH, only set the ProcessId to the target Process ID.

Remarks

If you want to detach from a process, the process must not be in a paused state. Thus, you should remove all the break events or continue the process before detaching from them. HyperDbg will automatically continue the target process before detaching.
This command is logically designed to be used in VMI Mode. You can use the '.process' and the '.thread' commands in Debugger Mode.

Requirements

None
Previous
.attach (attach to a process)
Next
.switch (show the list and switch between active debugging processes)
Last modified 5mo ago
Copy link
Edit on GitHub
On this page
Command
Syntax
Description
Parameters
Examples
IOCTL
Remarks
Requirements
Related