Opened log file 'c:\DebuggingTV\1C-1.log'
0: kd> .symfix c:\mss
0: kd> .reload
Loading Kernel Symbols
...............................................................
................................................................
..................
Loading User Symbols
..........................
Loading unloaded module list
....................
0: kd> !process 0 0
**** NT ACTIVE PROCESS DUMP ****
PROCESS ffffe00000225900
    SessionId: none  Cid: 0004    Peb: 00000000  ParentCid: 0000
    DirBase: 001a7000  ObjectTable: ffffc00000003000  HandleCount: <Data Not Accessible>
    Image: System

PROCESS ffffe000011ff900
    SessionId: none  Cid: 011c    Peb: 7ff675033000  ParentCid: 0004
    DirBase: 0350e000  ObjectTable: ffffc0000055fd80  HandleCount: <Data Not Accessible>
    Image: smss.exe

PROCESS ffffe00001c66900
    SessionId: 0  Cid: 0188    Peb: 7ff7ab09d000  ParentCid: 0180
    DirBase: 09d5d000  ObjectTable: ffffc0000014ab00  HandleCount: <Data Not Accessible>
    Image: csrss.exe

PROCESS ffffe00001c48080
    SessionId: 0  Cid: 01c0    Peb: 7ff7ee736000  ParentCid: 0180
    DirBase: 760e3000  ObjectTable: ffffc00001270f00  HandleCount: <Data Not Accessible>
    Image: wininit.exe

PROCESS ffffe00001d3a080
    SessionId: 0  Cid: 01f0    Peb: 7ff661b77000  ParentCid: 01c0
    DirBase: 0efbc000  ObjectTable: ffffc00001301a40  HandleCount: <Data Not Accessible>
    Image: services.exe

PROCESS ffffe00001dd6080
    SessionId: 0  Cid: 0238    Peb: 7ff7f5aac000  ParentCid: 01c0
    DirBase: 10908000  ObjectTable: 00000000  HandleCount:   0.
    Image: lsass.exe

PROCESS ffffe00002010080
    SessionId: 0  Cid: 0274    Peb: 7ff6714ff000  ParentCid: 01f0
    DirBase: 0ea60000  ObjectTable: ffffc00001441900  HandleCount: <Data Not Accessible>
    Image: svchost.exe

PROCESS ffffe00001de7900
    SessionId: 0  Cid: 02a4    Peb: 7ff670db7000  ParentCid: 01f0
    DirBase: 117bc000  ObjectTable: ffffc00001492f00  HandleCount: <Data Not Accessible>
    Image: svchost.exe

PROCESS ffffe00002088500
    SessionId: 0  Cid: 0324    Peb: 7ff6708dc000  ParentCid: 01f0
    DirBase: 12bf8000  ObjectTable: ffffc000015faa80  HandleCount: <Data Not Accessible>
    Image: svchost.exe

PROCESS ffffe000020b7500
    SessionId: 0  Cid: 0344    Peb: 7ff670c9b000  ParentCid: 01f0
    DirBase: 12d58000  ObjectTable: ffffc000015fe900  HandleCount: <Data Not Accessible>
    Image: svchost.exe

PROCESS ffffe000020c0080
    SessionId: 0  Cid: 0354    Peb: 7ff670ea6000  ParentCid: 01f0
    DirBase: 13020000  ObjectTable: ffffc00001634300  HandleCount: <Data Not Accessible>
    Image: svchost.exe

PROCESS ffffe00002105900
    SessionId: 0  Cid: 039c    Peb: 7ff670efe000  ParentCid: 01f0
    DirBase: 146a5000  ObjectTable: ffffc000016ab680  HandleCount: <Data Not Accessible>
    Image: svchost.exe

PROCESS ffffe000021a4900
    SessionId: 0  Cid: 0138    Peb: 7ff6717f9000  ParentCid: 01f0
    DirBase: 18799000  ObjectTable: ffffc00001381980  HandleCount: <Data Not Accessible>
    Image: svchost.exe

PROCESS ffffe00002324900
    SessionId: 0  Cid: 0418    Peb: 7ff6f8664000  ParentCid: 01f0
    DirBase: 1c1e0000  ObjectTable: ffffc00001d1df00  HandleCount: <Data Not Accessible>
    Image: spoolsv.exe

PROCESS ffffe0000236f900
    SessionId: 0  Cid: 0498    Peb: 7ff67131a000  ParentCid: 01f0
    DirBase: 1f025000  ObjectTable: ffffc00001e2bf00  HandleCount: <Data Not Accessible>
    Image: svchost.exe

PROCESS ffffe000024af900
    SessionId: 0  Cid: 0540    Peb: 7ff79f53b000  ParentCid: 01f0
    DirBase: 211bf000  ObjectTable: ffffc00001fb8f00  HandleCount: <Data Not Accessible>
    Image: MsMpEng.exe

PROCESS ffffe000024cd900
    SessionId: 0  Cid: 059c    Peb: 7ff6c3c73000  ParentCid: 0344
    DirBase: 2234c000  ObjectTable: ffffc00002015600  HandleCount: <Data Not Accessible>
    Image: dasHost.exe

PROCESS ffffe00002609500
    SessionId: 0  Cid: 06bc    Peb: 7ff6711f4000  ParentCid: 01f0
    DirBase: 29dd2000  ObjectTable: ffffc0000216c440  HandleCount: <Data Not Accessible>
    Image: svchost.exe

PROCESS ffffe0000225f900
    SessionId: 0  Cid: 09f0    Peb: 7ff7fda25000  ParentCid: 01f0
    DirBase: 3ab2a000  ObjectTable: ffffc00002adbf00  HandleCount: <Data Not Accessible>
    Image: SearchIndexer.exe

PROCESS ffffe00005256900
    SessionId: 2  Cid: 0b30    Peb: 7ff7ab3ff000  ParentCid: 07a0
    DirBase: 71498000  ObjectTable: ffffc00011bb1a00  HandleCount: <Data Not Accessible>
    Image: csrss.exe

PROCESS ffffe00000910800
    SessionId: 2  Cid: 0e24    Peb: 7ff700846000  ParentCid: 07a0
    DirBase: 57a5d000  ObjectTable: ffffc00006c58bc0  HandleCount: <Data Not Accessible>
    Image: winlogon.exe

PROCESS ffffe000008c6380
    SessionId: 2  Cid: 0cd8    Peb: 7ff654748000  ParentCid: 0e24
    DirBase: 1dea8000  ObjectTable: ffffc00010713640  HandleCount: <Data Not Accessible>
    Image: dwm.exe

PROCESS ffffe00001c15900
    SessionId: 2  Cid: 0614    Peb: 7ff610688000  ParentCid: 0354
    DirBase: 0c463000  ObjectTable: ffffc000012fd580  HandleCount: <Data Not Accessible>
    Image: taskhostex.exe

PROCESS ffffe000013a23c0
    SessionId: 2  Cid: 0d20    Peb: 7ff648f2e000  ParentCid: 05bc
    DirBase: 25171000  ObjectTable: ffffc00002460580  HandleCount: <Data Not Accessible>
    Image: explorer.exe

PROCESS ffffe0000169f200
    SessionId: 0  Cid: 0730    Peb: 7ff61893f000  ParentCid: 01f0
    DirBase: 71139000  ObjectTable: ffffc0000171c9c0  HandleCount: <Data Not Accessible>
    Image: NisSrv.exe

PROCESS ffffe00002636080
    SessionId: 0  Cid: 0024    Peb: 7ff670aa7000  ParentCid: 01f0
    DirBase: 2e843000  ObjectTable: ffffc000118383c0  HandleCount: <Data Not Accessible>
    Image: svchost.exe

PROCESS ffffe00001da2080
    SessionId: 2  Cid: 0b90    Peb: 7ff60b6d7000  ParentCid: 0274
    DirBase: 5e913000  ObjectTable: ffffc00007882040  HandleCount: <Data Not Accessible>
    Image: WSHost.exe

PROCESS ffffe00002fdc080
    SessionId: 0  Cid: 07a8    Peb: 7ff68c5ed000  ParentCid: 0324
    DirBase: 70461000  ObjectTable: ffffc00006c27040  HandleCount: <Data Not Accessible>
    Image: audiodg.exe

PROCESS ffffe000030e3900
    SessionId: 2  Cid: 0454    Peb: 7ff7bfe34000  ParentCid: 0d20
    DirBase: 3b1b6000  ObjectTable: ffffc000117f9040  HandleCount: <Data Not Accessible>
    Image: NotMyfault.exe

PROCESS ffffe00000b1a240
    SessionId: 2  Cid: 0134    Peb: 7ff7647aa000  ParentCid: 0d20
    DirBase: 310a3000  ObjectTable: ffffc000018c9a80  HandleCount: <Data Not Accessible>
    Image: Taskmgr.exe

PROCESS ffffe00000871080
    SessionId: 2  Cid: 0c68    Peb: 7ff6f3ccc000  ParentCid: 0e24
    DirBase: 2330e000  ObjectTable: 00000000  HandleCount:   0.
    Image: wlrmdr.exe

PROCESS ffffe00004790240
    SessionId: 2  Cid: 0f28    Peb: 7ff642126000  ParentCid: 0274
    DirBase: 11bfd000  ObjectTable: ffffc000029af040  HandleCount: <Data Not Accessible>
    Image: ThumbnailExtractionHost.exe

0: kd> !process ffffe00001dd6080 3f
PROCESS ffffe00001dd6080
    SessionId: 0  Cid: 0238    Peb: 7ff7f5aac000  ParentCid: 01c0
    DirBase: 10908000  ObjectTable: 00000000  HandleCount:   0.
    Image: lsass.exe
    VadRoot 0000000000000000 Vads 0 Clone 0 Private 0. Modified 256. Locked 0.
    DeviceMap ffffc0000000c2e0
    Token                             ffffc00001413af0
    ElapsedTime                       7 Days 06:58:21.324
    UserTime                          00:00:05.875
    KernelTime                        00:00:03.828
    QuotaPoolUsage[PagedPool]         0
    QuotaPoolUsage[NonPagedPool]      0
    Working Set Sizes (now,min,max)  (5, 50, 345) (20KB, 200KB, 1380KB)
    PeakWorkingSetSize                7866
    VirtualSize                       0 Mb
    PeakVirtualSize                   37 Mb
    PageFaultCount                    9058
    MemoryPriority                    BACKGROUND
    BasePriority                      9
    CommitCharge                      0

    Setting context for this process...
.process /p /r ffffe00001dd6080
                                       
    !peb
PEB at 00007ff7f5aac000
error 1 InitTypeRead( nt!_PEB at 00007ff7f5aac000)...


No active threads

.process /p /r 0