memflow_scan/memflow_lib/docs/windbg_cheat_sheet.txt

load kernel syms:
.sympath srv*https://msdl.microsoft.com/download/symbols
.reload /f

get eprocess of a proc:
!process 0 0
or
!process calc.exe
then
dt nt!_EPROCESS <address>

vtop:
!vtop PFN VirtualAddress
!vtop 0 VirtualAddress
初始化仓库 1 year ago			`load kernel syms:`
			`.sympath srv*https://msdl.microsoft.com/download/symbols`
			`.reload /f`

			`get eprocess of a proc:`
			`!process 0 0`
			`or`
			`!process calc.exe`
			`then`
			`dt nt!_EPROCESS <address>`

			`vtop:`
			`!vtop PFN VirtualAddress`
			`!vtop 0 VirtualAddress`