Shub-Nigurrath, the information is actually gathered from kernel memory, at least its the case for DebugPort, only way to reset this is, by writing to kernel memory, which in some cases could be bad, take a look at:

http://illhostit.com/files/1787442368222872/Winject%201.5c%20(exe).rar

Last time i checked it was able to reset DebugPort from user mode, the way i think they are doing it is by getting the _EPROCESS struct for that particular process id, then doing some hacking to read/write to the memory of ->DebugPort and resetting it, which would be in kernel memory.

Atm iam solving with a kmd the DebugObject problem, but a usermode solution would be preferable.