NtRemoveProcessDebug - NtDoc

Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers

#ifndef _NTDBG_H

NTSYSCALLAPI
NTSTATUS
NTAPI
NtRemoveProcessDebug(
    _In_ HANDLE ProcessHandle,
    _In_ HANDLE DebugObjectHandle
    );

#endif
View code on GitHub

#ifndef _NTZWAPI_H

NTSYSCALLAPI
NTSTATUS
NTAPI
ZwRemoveProcessDebug(
    _In_ HANDLE ProcessHandle,
    _In_ HANDLE DebugObjectHandle
    );

#endif
View code on GitHub

Function NtRemoveProcessDebug detach debugger from process. It's reverse of NtDebugActiveProcess function.

ProcessHandle

HANDLE to process being debugged.

DebugObjectHandle

HANDLE to Debug Object.

Documented by

Tomasz Nowak

See also

Edit description on GitHub