kd> !process 0 0
**** NT ACTIVE PROCESS DUMP ****
PROCESS fffffa801a89e060
SessionId: 1 Cid: 026c Peb: 7fffffd3000 ParentCid: 0200
DirBase: 66362000 ObjectTable: fffff8a00111c4d0 HandleCount: 584.
Image: explorer.exe
kd> dt _PEB 7fffffd3000
nt!_PEB
+0x000 InheritedAddressSpace : 0 ''
+0x001 ReadImageFileExecOptions : 0 ''
+0x002 BeingDebugged : 0 ''
+0x003 BitField : 0x8 ''
+0x003 ImageUsesLargePages : 0y0
+0x003 IsProtectedProcess : 0y0
+0x003 IsLegacyProcess : 0y0
+0x003 IsImageDynamicallyRelocated : 0y1
+0x003 SkipPatchingUser32Forwarders : 0y0
+0x003 SpareBits : 0y000
+0x008 Mutant : 0xffffffff`ffffffff Void
+0x010 ImageBaseAddress : 0x00000000`ffe60000 Void
+0x018 Ldr : 0x00000000`77943640 _PEB_LDR_DATA
+0x020 ProcessParameters : 0x00000000`00321c70 _RTL_USER_PROCESS_PARAMETERS
+0x028 SubSystemData : (null)
+0x030 ProcessHeap : 0x00000000`00320000 Void
+0x038 FastPebLock : 0x00000000`7794b8a0 _RTL_CRITICAL_SECTION
+0x040 AtlThunkSListPtr : 0x00000000`03b4b5e0 Void
+0x048 IFEOKey : (null)
+0x050 CrossProcessFlags : 0
+0x050 ProcessInJob : 0y0
+0x050 ProcessInitializing : 0y0
+0x050 ProcessUsingVEH : 0y0
+0x050 ProcessUsingVCH : 0y0
+0x050 ProcessUsingFTH : 0y0
+0x050 ReservedBits0 : 0y000000000000000000000000000 (0)
+0x058 KernelCallbackTable : 0x00000000`77799480 Void
+0x058 UserSharedInfoPtr : 0x00000000`77799480 Void
+0x060 SystemReserved : [1] 0
+0x064 AtlThunkSListPtr32 : 0
+0x068 ApiSetMap : 0x000007fe`ffb30000 Void
+0x070 TlsExpansionCounter : 0
+0x078 TlsBitmap : 0x00000000`77943590 Void
+0x080 TlsBitmapBits : [2] 0xffffffff
+0x088 ReadOnlySharedMemoryBase : 0x00000000`7efe0000 Void
+0x090 HotpatchInformation : (null)
+0x098 ReadOnlyStaticServerData : 0x00000000`7efe0a90 -> (null)
+0x0a0 AnsiCodePageData : 0x000007ff`fffa0000 Void
+0x0a8 OemCodePageData : 0x000007ff`fffa0000 Void
+0x0b0 UnicodeCaseTableData : 0x000007ff`fffd0028 Void
+0x0b8 NumberOfProcessors : 1
+0x0bc NtGlobalFlag : 0
+0x0c0 CriticalSectionTimeout : _LARGE_INTEGER 0xffffe86d`079b8000
+0x0c8 HeapSegmentReserve : 0x100000
+0x0d0 HeapSegmentCommit : 0x2000
+0x0d8 HeapDeCommitTotalFreeThreshold : 0x10000
+0x0e0 HeapDeCommitFreeBlockThreshold : 0x1000
+0x0e8 NumberOfHeaps : 0xf
+0x0ec MaximumNumberOfHeaps : 0x10
+0x0f0 ProcessHeaps : 0x00000000`7794b780 -> 0x00000000`00320000 Void
+0x0f8 GdiSharedHandleTable : 0x00000000`006b0000 Void
+0x100 ProcessStarterHelper : (null)
+0x108 GdiDCAttributeList : 0x14
+0x110 LoaderLock : 0x00000000`77948490 _RTL_CRITICAL_SECTION
+0x118 OSMajorVersion : 6
+0x11c OSMinorVersion : 1
+0x120 OSBuildNumber : 0x1db0
+0x122 OSCSDVersion : 0
+0x124 OSPlatformId : 2
+0x128 ImageSubsystem : 2
+0x12c ImageSubsystemMajorVersion : 6
+0x130 ImageSubsystemMinorVersion : 1
+0x138 ActiveProcessAffinityMask : 1
+0x140 GdiHandleBuffer : [60] 0
+0x230 PostProcessInitRoutine : (null)
+0x238 TlsExpansionBitmap : 0x00000000`77943580 Void
+0x240 TlsExpansionBitmapBits : [32] 1
+0x2c0 SessionId : 1
+0x2c8 AppCompatFlags : _ULARGE_INTEGER 0x0
+0x2d0 AppCompatFlagsUser : _ULARGE_INTEGER 0x0
+0x2d8 pShimData : (null)
+0x2e0 AppCompatInfo : (null)
+0x2e8 CSDVersion : _UNICODE_STRING ""
+0x2f8 ActivationContextData : 0x00000000`00040000 _ACTIVATION_CONTEXT_DATA
+0x300 ProcessAssemblyStorageMap : 0x00000000`0035c6e0 _ASSEMBLY_STORAGE_MAP
+0x308 SystemDefaultActivationContextData : 0x00000000`00030000 _ACTIVATION_CONTEXT_DATA
+0x310 SystemAssemblyStorageMap : 0x00000000`003382e0 _ASSEMBLY_STORAGE_MAP
+0x318 MinimumStackCommit : 0
+0x320 FlsCallback : 0x00000000`0033b1a0 _FLS_CALLBACK_INFO
+0x328 FlsListHead : _LIST_ENTRY [ 0x00000000`0033ad80 - 0x3b73a80 ]
+0x338 FlsBitmap : 0x00000000`77943570 Void
+0x340 FlsBitmapBits : [4] 0xf
+0x350 FlsHighIndex : 3
+0x358 WerRegistrationData : 0x00000000`022a0000 Void
+0x360 WerShipAssertPtr : (null)
+0x368 pContextData : 0x00000000`00050000 Void
+0x370 pImageHeaderHash : (null)
+0x378 TracingFlags : 0
+0x378 HeapTracingEnabled : 0y0
+0x378 CritSecTracingEnabled : 0y0
+0x378 SpareTracingBits : 0y000000000000000000000000000000 (0)
kd> dt 0x00000000`77943640 _PEB_LDR_DATA
nt!_PEB_LDR_DATA
+0x000 Length : 0x58
+0x004 Initialized : 0x1 ''
+0x008 SsHandle : (null)
+0x010 InLoadOrderModuleList : _LIST_ENTRY [ 0x00000000`00322540 - 0x62e93b0 ]
+0x020 InMemoryOrderModuleList : _LIST_ENTRY [ 0x00000000`00322550 - 0x62e93c0 ]
+0x030 InInitializationOrderModuleList : _LIST_ENTRY [ 0x00000000`00322650 - 0x62e93d0 ]
+0x040 EntryInProgress : (null)
+0x048 ShutdownInProgress : 0 ''
+0x050 ShutdownThreadId : (null)
kd> dd 0x00000000`00322650
00000000`00322650 00322b40 00000000 77943670 00000000
00000000`00322660 77810000 00000000 00000000 00000000
00000000`00322670 001ab000 00000000 003c003a 00000000
00000000`00322680 003224b0 00000000 00140012 00000000
00000000`00322690 77927270 00000000 00004004 0000ffff
00000000`003226a0 00379510 00000000 7794ba60 00000000
00000000`003226b0 4a5be02b 00000000 00000000 00000000
00000000`003226c0 00000000 00000000 003226c8 00000000
kd> dd 00000000`00322b40
00000000`00322b40 003229d0 00000000 00322650 00000000
00000000`00322b50 fd820000 000007fe fd8233e0 000007fe
00000000`00322b60 0006b000 00000000 00460044 00000000
00000000`00322b70 00322ad0 00000000 001e001c 00000000
00000000`00322b80 00322af8 00000000 00084004 0000ffff
00000000`00322b90 00335e40 00000000 7794ba80 00000000
00000000`00322ba0 4a5bdfe0 00000000 00000000 00000000
00000000`00322bb0 00000000 00000000 00322bb8 00000000
kd> dt _LDR_DATA_TABLE_ENTRY (00000000`003229d0 - 0x20)
nt!_LDR_DATA_TABLE_ENTRY
+0x000 InLoadOrderLinks : _LIST_ENTRY [ 0x00000000`00322b20 - 0x322630 ]
+0x010 InMemoryOrderLinks : _LIST_ENTRY [ 0x00000000`00322b30 - 0x322640 ]
+0x020 InInitializationOrderLinks : _LIST_ENTRY [ 0x00000000`00323960 - 0x322b40 ]
+0x030 DllBase : 0x00000000`775f0000 Void
+0x038 EntryPoint : 0x00000000`7760eff0 Void
+0x040 SizeOfImage : 0x11f000
+0x048 FullDllName : _UNICODE_STRING "C:\Windows\system32\kernel32.dll"
+0x058 BaseDllName : _UNICODE_STRING "kernel32.dll"
+0x068 Flags : 0x84004
+0x06c LoadCount : 0xffff
+0x06e TlsIndex : 0
+0x070 HashLinks : _LIST_ENTRY [ 0x00000000`0345a120 - 0x7794b9e0 ]
+0x070 SectionPointer : 0x00000000`0345a120 Void
+0x078 CheckSum : 0x7794b9e0
+0x080 TimeDateStamp : 0x4a5bdfdf
+0x080 LoadedImports : 0x00000000`4a5bdfdf Void
+0x088 EntryPointActivationContext : (null)
+0x090 PatchInformation : (null)
+0x098 ForwarderLinks : _LIST_ENTRY [ 0x00000000`00323f80 - 0x323f80 ]
+0x0a8 ServiceTagLinks : _LIST_ENTRY [ 0x00000000`00322a58 - 0x322a58 ]
+0x0b8 StaticLinks : _LIST_ENTRY [ 0x00000000`00322c40 - 0x322aa0 ]
+0x0c8 ContextInformation : 0x00000000`77914de4 Void
+0x0d0 OriginalBase : 0x78d20000
+0x0d8 LoadTime : _LARGE_INTEGER 0x1d491e0`1ef707c6