NtRemoveProcessDebug - NtDoc

Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers

#ifndef _NTDBG_H

/**
 * Stops debugging a process.
 *
 * \param ProcessHandle A handle to the process.
 * \param DebugObjectHandle A handle to the debug object.
 * \return NTSTATUS Successful or errant status.
 */
NTSYSCALLAPI
NTSTATUS
NTAPI
NtRemoveProcessDebug(
    _In_ HANDLE ProcessHandle,
    _In_ HANDLE DebugObjectHandle
    );

#endif
View code on GitHub

#ifndef _NTZWAPI_H

NTSYSCALLAPI
NTSTATUS
NTAPI
ZwRemoveProcessDebug(
    _In_ HANDLE ProcessHandle,
    _In_ HANDLE DebugObjectHandle
    );

#endif
View code on GitHub

NtDoc

No description available.

Edit description on GitHub

NTinternals.net (undocumented.ntinternals.net)

Function NtRemoveProcessDebug detach debugger from process. It's reverse of NtDebugActiveProcess function.

ProcessHandle

HANDLE to process being debugged.

DebugObjectHandle

HANDLE to Debug Object.

Documented by

Tomasz Nowak

See also

Edit description on GitHub