From dce12f452b5d452f460427efd40f254a5c441eb3 Mon Sep 17 00:00:00 2001
From: midipix <writeonce@midipix.org>
Date: May 28 2019 03:05:42 +0000
Subject: __ntapi_tt_debug_execution_flow(): impl. NT_DBG_FLOW_MASK_DETACH_AND_CLOSE.


---

diff --git a/include/ntapi/nt_debug.h b/include/ntapi/nt_debug.h
index 9f90f7e..f555416 100644
--- a/include/ntapi/nt_debug.h
+++ b/include/ntapi/nt_debug.h
@@ -344,6 +344,7 @@ typedef int32_t __stdcall ntapi_tt_create_attach_debug_object(
 
 typedef int32_t	__stdcall ntapi_tt_debug_execution_flow(
 	__in	void *		hdbgobj,
+	__in	void *		hprocess,
 	__in	void *		hserver,
 	__in	void *		hlogfile,
 	__in	uint32_t	evtmask,
diff --git a/src/debug/ntapi_tt_debug_execution_flow.c b/src/debug/ntapi_tt_debug_execution_flow.c
index f4e9f1c..aee3b22 100644
--- a/src/debug/ntapi_tt_debug_execution_flow.c
+++ b/src/debug/ntapi_tt_debug_execution_flow.c
@@ -43,6 +43,7 @@ static int32_t __log_exception_to_server(
 
 int32_t __stdcall __ntapi_tt_debug_execution_flow(
 	__in	void *		hdbgobj,
+	__in	void *		hprocess,
 	__in	void *		hserver,
 	__in	void *		hlogfile,
 	__in	uint32_t	evtmask,
@@ -91,5 +92,13 @@ int32_t __stdcall __ntapi_tt_debug_execution_flow(
 			response);
 	}
 
+	if (evtmask & NT_DBG_FLOW_MASK_DETACH_AND_CLOSE) {
+		__ntapi->zw_remove_process_debug(
+			hprocess,hdbgobj);
+
+		__ntapi->zw_close(
+			hdbgobj);
+	}
+
 	return NT_STATUS_SUCCESS;
 }