NtDebugActiveProcess - NtDoc

Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers

#ifndef _NTDBG_H

/**
 * Attaches a debugger to an active process.
 *
 * \param ProcessHandle A handle to the process to be debugged.
 * \param DebugObjectHandle A handle to the debug object.
 * \return NTSTATUS Successful or errant status.
 */
NTSYSCALLAPI
NTSTATUS
NTAPI
NtDebugActiveProcess(
    _In_ HANDLE ProcessHandle,
    _In_ HANDLE DebugObjectHandle
    );

#endif
View code on GitHub

#ifndef _NTZWAPI_H

NTSYSCALLAPI
NTSTATUS
NTAPI
ZwDebugActiveProcess(
    _In_ HANDLE ProcessHandle,
    _In_ HANDLE DebugObjectHandle
    );

#endif
View code on GitHub

NtDoc

No description available.

Edit description on GitHub

NTinternals.net (undocumented.ntinternals.net)

Function NtDebugActiveProcess is used to attach Debug Object to any non-debugged process.

ProcessHandle

HANDLE to process being debugged (opened with enough access rights

see NtOpenProcess).

DebugObjectHandle

HANDLE to previously created Debug Object.

Documented by

Tomasz Nowak

See also

Edit description on GitHub