search
DownloadResearchTutorialhwdbg
githubEdit

.detach (detach from the process)

Description of the '.detach' command in HyperDbg.

hashtag
Command

.detach

hashtag
Syntax

.detach

hashtag
Description

Detaches from the currently active process.

hashtag
Parameters

None

hashtag
Examples

Imagine we want to detach from the currently active process (a previously started program using the '.startarrow-up-right' command or a process attached by using the '.attacharrow-up-right' command).

1b08:1290 u64HyperDbg> .detach

hashtag
IOCTL

The IOCTL description is the same as the '.startarrow-up-right' command, but instead of Action, you should send DEBUGGER_ATTACH_DETACH_USER_MODE_PROCESS_ACTION_DETACH, only set the ProcessId to the target Process ID.

hashtag
Remarks

If you want to detach from a process, the process must not be in a paused state. Thus, you should remove all the break events or continue the process before detaching from them. HyperDbg will automatically continue the target process before detaching.

This command is logically designed to be used in VMI Modearrow-up-right. You can use the '.processarrow-up-right' and the '.threadarrow-up-right' commands in Debugger Modearrow-up-right.

hashtag
Requirements

None

hashtag
Related

.start (start a new process)arrow-up-right

.restart (restart the process)arrow-up-right

.attach (attach to a process)arrow-up-right

.switch (show the list and switch between active debugging threads)arrow-up-right

.kill (terminate the process)arrow-up-right

Previous.attach (attach to a process)Next.switch (show the list and switch between active debugging processes)

Last updated