lkd> !dml_proc
Address PID Image file name
84be5020 4 System
85c26bc0 104 smss.exe
86529a38 150 csrss.exe
84be9200 180 wininit.exe
85cb4d40 188 csrss.exe
859d9d40 1bc winlogon.exe
865023d0 1ec services.exe
86516158 1fc lsass.exe
86520030 204 lsm.exe
865cc6c0 274 svchost.exe
864b6730 2c0 svchost.exe
865f66d8 304 LogonUI.exe
86613d40 32c svchost.exe
86651b80 374 svchost.exe
866578a0 390 svchost.exe
8668c438 444 svchost.exe
866a9bd0 4d8 svchost.exe
866e76a0 564 spoolsv.exe
866f5030 580 svchost.exe
8673cd40 5e8 svchost.exe
8644c030 60c csrss.exe
865d3128 6f8 winlogon.exe
85aed820 128 rdpclip.exe
85b10ad0 1f4 taskhost.exe
8683d030 36c dwm.exe
86837030 6bc explorer.exe
84cf4a58 80c GoogleCrashHan
8651d720 8a8 SearchIndexer.
84d8b370 adc sppsvc.exe
84ca2370 b00 svchost.exe
84d0da28 c08 windbg.exe
84cd7588 49c cmd.exe
8680f798 c58 conhost.exe
lkd> dt nt!_EX_FAST_REF 84be5020+f8
+0x000 Object : 0x8b80155d Void
+0x000 RefCnt : 0y101
+0x000 Value : 0x8b80155d
lkd> dt nt!_EX_FAST_REF 84cd7588+f8
+0x000 Object : 0x9ae989e7 Void
+0x000 RefCnt : 0y111
+0x000 Value : 0x9ae989e7
lkd> ?8b80155d & 0xfffffff8
Evaluate expression: -1954540200 = 8b801558
lkd> ?8b801558 | 0y111
Evaluate expression: -1954540193 = 8b80155f
lkd> ed 84cd7588+f8 8b80155f
Created
September 26, 2019 04:37
-
-
Save MinhKMA/0cf5bc9b93a06a8b356fd421503575f2 to your computer and use it in GitHub Desktop.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment