diff --git a/src/process/ntapi_tt_spawn_native_process.c b/src/process/ntapi_tt_spawn_native_process.c
index 3421fcf..6681c43 100644
--- a/src/process/ntapi_tt_spawn_native_process.c
+++ b/src/process/ntapi_tt_spawn_native_process.c
@@ -14,6 +14,10 @@
 #include <ntapi/ntapi.h>
 #include "ntapi_impl.h"
 
+#define NT_PROCESS_SPAWN_FLAG_DEBUG_MASK                \
+		(NT_PROCESS_SPAWN_FLAG_DEBUG_EXECUTION   \
+		 | NT_PROCESS_SPAWN_FLAG_DEBUG_SUSPENDED)
+
 static int32_t __stdcall __tt_spawn_return(
 	nt_runtime_data_block *	rtblock,
 	void *			hprocess,
@@ -255,6 +259,12 @@ int32_t __stdcall __ntapi_tt_spawn_native_process(nt_spawn_process_params * spar
 	else if (sparams->threadflags & NT_CREATE_SUSPENDED)
 		fsuspended = NT_CREATE_SUSPENDED;
 
+	else if (sparams->spawnflags & NT_PROCESS_SPAWN_FLAG_DEBUG_SUSPENDED)
+		fsuspended = NT_CREATE_SUSPENDED;
+
+	else if (sparams->spawnflags & NT_PROCESS_SPAWN_FLAG_DEBUG_EXECUTION)
+		fsuspended = NT_CREATE_SUSPENDED;
+
 	/* cparams */
 	__ntapi->tt_aligned_block_memset(
 		&cparams,0,sizeof(cparams));
@@ -281,6 +291,18 @@ int32_t __stdcall __ntapi_tt_spawn_native_process(nt_spawn_process_params * spar
 	if (!sparams->himage)
 		__ntapi->zw_close(hfile);
 
+	/* debug */
+	if (sparams->spawnflags & NT_PROCESS_SPAWN_FLAG_DEBUG_MASK)
+		if ((status = __ntapi->tt_debug_create_attach_object(
+				&sparams->hdbgobj,
+				cparams.hprocess,
+				NT_DEBUG_KILL_ON_EXIT)))
+			return __tt_spawn_return(
+				&rtblock,
+				cparams.hprocess,
+				cparams.hthread,
+				status);
+
 	/* additional context */
 	if (rtctx->ctx_addr) {
 		rdata->ctx_addr   = 0;