diff options
-rw-r--r-- | include/ntapi/nt_debug.h | 1 | ||||
-rw-r--r-- | src/debug/ntapi_tt_debug_execution_flow.c | 9 |
2 files changed, 10 insertions, 0 deletions
diff --git a/include/ntapi/nt_debug.h b/include/ntapi/nt_debug.h index 9f90f7e..f555416 100644 --- a/include/ntapi/nt_debug.h +++ b/include/ntapi/nt_debug.h @@ -344,6 +344,7 @@ typedef int32_t __stdcall ntapi_tt_create_attach_debug_object( typedef int32_t __stdcall ntapi_tt_debug_execution_flow( __in void * hdbgobj, + __in void * hprocess, __in void * hserver, __in void * hlogfile, __in uint32_t evtmask, diff --git a/src/debug/ntapi_tt_debug_execution_flow.c b/src/debug/ntapi_tt_debug_execution_flow.c index f4e9f1c..aee3b22 100644 --- a/src/debug/ntapi_tt_debug_execution_flow.c +++ b/src/debug/ntapi_tt_debug_execution_flow.c @@ -43,6 +43,7 @@ static int32_t __log_exception_to_server( int32_t __stdcall __ntapi_tt_debug_execution_flow( __in void * hdbgobj, + __in void * hprocess, __in void * hserver, __in void * hlogfile, __in uint32_t evtmask, @@ -91,5 +92,13 @@ int32_t __stdcall __ntapi_tt_debug_execution_flow( response); } + if (evtmask & NT_DBG_FLOW_MASK_DETACH_AND_CLOSE) { + __ntapi->zw_remove_process_debug( + hprocess,hdbgobj); + + __ntapi->zw_close( + hdbgobj); + } + return NT_STATUS_SUCCESS; } |