//查看指定的进程信息
kd> !process 0 0 explorer.exe
PROCESS 88adb2b0 SessionId: 1 Cid: 0534 Peb: 7ffdd000 ParentCid: 0520
DirBase: 3eb99280 ObjectTable: 8c033088 HandleCount: 674.
Image: explorer.exe
//附加到指定的进程
.process /p /r 88adb2b0
//查看EPROCESS
dt _EPROCESS 88adb2b0
//查看PEB的信息 +0x1a8 Peb : 0x7ffdd000 _PEB
dt _PEB 0x7ffdd000
//查看_PEB_LDR_DATA
dt _PEB_LDR_DATA 0x77327880
dt _LDR_DATA_TABLE_ENTRY 0x241838