/tf-article2-windbg-19.txt
Secret
Created Aug 13, 2017
| kd> !process 0 0 | |
| **** NT ACTIVE PROCESS DUMP **** | |
| PROCESS ffffa50dcea99040 | |
| SessionId: none Cid: 0004 Peb: 00000000 ParentCid: 0000 | |
| DirBase: 001aa000 ObjectTable: ffffd385360012c0 HandleCount: 2376. | |
| Image: System | |
| PROCESS ffffa50dcee27140 | |
| SessionId: none Cid: 01f4 Peb: dbfb731000 ParentCid: 0004 | |
| DirBase: 138ab8000 ObjectTable: ffffd38536339d40 HandleCount: 52. | |
| Image: smss.exe | |
| PROCESS ffffa50dcfb467c0 | |
| SessionId: 0 Cid: 0248 Peb: 5faaf3c000 ParentCid: 0240 | |
| DirBase: 138f83000 ObjectTable: ffffd385363d0f00 HandleCount: 531. | |
| Image: csrss.exe | |
| ... | |
| PROCESS ffffa50dd1070380 | |
| SessionId: 1 Cid: 097c Peb: 6f29798000 ParentCid: 02b4 | |
| DirBase: 1500d000 ObjectTable: ffffd3853d7ed380 HandleCount: 37. | |
| Image: memdemo.exe |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment