Write two compound commands which will capture the “children” ofthe parent task number (pid) 1.
The first command will dump the children PIDs from /proc to anew file “task1Children.proc.hw2”.
The second command will dump the children PIDs from ‘ps’ to anew file ““task1Children.ps.hw2”.
$ vol.py –profile=Win7SP0x86 -f win7.dmp dlldump –pid=492 -D out –base=0x00680000
(use same ‘dlldump’ command bu changing the process id’s andbase address as per your system)