0:014> .process Implicit process is now 7fe5f000 0:014> dt _PEB 7fe5f000 ntdll!_PEB +0x000 InheritedAddressSpace : 0 '' +0x001 ReadImageFileExecOptions : 0 '' +0x002 BeingDebugged : 0 '' +0x003 BitField : 0x4 '' +0x003 ImageUsesLargePages : 0y0 +0x003 IsProtectedProcess : 0y0 +0x003 IsImageDynamicallyRelocated : 0y1 +0x003 SkipPatchingUser32Forwarders : 0y0 +0x003 IsPackagedProcess : 0y0 +0x003 IsAppContainer : 0y0 +0x003 IsProtectedProcessLight : 0y0 +0x003 SpareBits : 0y0 +0x004 Mutant : 0xffffffff Void +0x008 ImageBaseAddress : 0x011c0000 Void +0x00c Ldr : 0x77ab8440 _PEB_LDR_DATA +0x010 ProcessParameters : 0x005f0da8 _RTL_USER_PROCESS_PARAMETERS +0x014 SubSystemData : (null) +0x018 ProcessHeap : 0x005f0000 Void +0x01c FastPebLock : 0x77ab83a0 _RTL_CRITICAL_SECTION +0x020 AtlThunkSListPtr : (null) +0x024 IFEOKey : (null) +0x028 CrossProcessFlags : 0 +0x028 ProcessInJob : 0y0 +0x028 ProcessInitializing : 0y0 +0x028 ProcessUsingVEH : 0y0 +0x028 ProcessUsingVCH : 0y0 +0x028 ProcessUsingFTH : 0y0 +0x028 ReservedBits0 : 0y000000000000000000000000000 (0) +0x02c KernelCallbackTable : 0x77896428 Void +0x02c UserSharedInfoPtr : 0x77896428 Void +0x030 SystemReserved : [1] 0 +0x034 AtlThunkSListPtr32 : 0 +0x038 ApiSetMap : 0x00530000 Void +0x03c TlsExpansionCounter : 0 +0x040 TlsBitmap : 0x77ab83e0 Void +0x044 TlsBitmapBits : [2] 0x1ffffff +0x04c ReadOnlySharedMemoryBase : 0x7fd20000 Void +0x050 SparePvoid0 : (null) +0x054 ReadOnlyStaticServerData : 0x7fd204a0 -> (null) +0x058 AnsiCodePageData : 0x7fe20000 Void +0x05c OemCodePageData : 0x7fe20000 Void +0x060 UnicodeCaseTableData : 0x7fe50024 Void +0x064 NumberOfProcessors : 4 +0x068 NtGlobalFlag : 0 +0x070 CriticalSectionTimeout : _LARGE_INTEGER 0xffffe86d`079b8000 +0x078 HeapSegmentReserve : 0x100000 +0x07c HeapSegmentCommit : 0x2000 +0x080 HeapDeCommitTotalFreeThreshold : 0x10000 +0x084 HeapDeCommitFreeBlockThreshold : 0x1000 +0x088 NumberOfHeaps : 5 +0x08c MaximumNumberOfHeaps : 0x10 +0x090 ProcessHeaps : 0x77ab7520 -> 0x005f0000 Void +0x094 GdiSharedHandleTable : 0x00c10000 Void +0x098 ProcessStarterHelper : (null) +0x09c GdiDCAttributeList : 0x14 +0x0a0 LoaderLock : 0x77ab43c8 _RTL_CRITICAL_SECTION +0x0a4 OSMajorVersion : 6 +0x0a8 OSMinorVersion : 3 +0x0ac OSBuildNumber : 0x2580 +0x0ae OSCSDVersion : 0 +0x0b0 OSPlatformId : 2 +0x0b4 ImageSubsystem : 2 +0x0b8 ImageSubsystemMajorVersion : 6 +0x0bc ImageSubsystemMinorVersion : 3 +0x0c0 ActiveProcessAffinityMask : 0xf +0x0c4 GdiHandleBuffer : [34] 0 +0x14c PostProcessInitRoutine : (null) +0x150 TlsExpansionBitmap : 0x77ab83f8 Void +0x154 TlsExpansionBitmapBits : [32] 1 +0x1d4 SessionId : 0 +0x1d8 AppCompatFlags : _ULARGE_INTEGER 0x0 +0x1e0 AppCompatFlagsUser : _ULARGE_INTEGER 0x0 +0x1e8 pShimData : 0x005a0000 Void +0x1ec AppCompatInfo : (null) +0x1f0 CSDVersion : _UNICODE_STRING "" +0x1f8 ActivationContextData : 0x00590000 _ACTIVATION_CONTEXT_DATA +0x1fc ProcessAssemblyStorageMap : (null) +0x200 SystemDefaultActivationContextData : 0x00580000 _ACTIVATION_CONTEXT_DATA +0x204 SystemAssemblyStorageMap : 0x006786e8 _ASSEMBLY_STORAGE_MAP +0x208 MinimumStackCommit : 0 +0x20c FlsCallback : 0x005fc068 _FLS_CALLBACK_INFO +0x210 FlsListHead : _LIST_ENTRY [ 0x5fbe58 - 0x6285b8 ] +0x218 FlsBitmap : 0x77ab8420 Void +0x21c FlsBitmapBits : [4] 7 +0x22c FlsHighIndex : 2 +0x230 WerRegistrationData : (null) +0x234 WerShipAssertPtr : (null) +0x238 pUnused : (null) +0x23c pImageHeaderHash : (null) +0x240 TracingFlags : 0 +0x240 HeapTracingEnabled : 0y0 +0x240 CritSecTracingEnabled : 0y0 +0x240 LibLoaderTracingEnabled : 0y0 +0x240 SpareTracingBits : 0y00000000000000000000000000000 (0) +0x248 CsrServerReadOnlySharedMemoryBase : 0x7f800000
0×18 默认堆的地址
0×78 默认堆的默认大小
0x7c 默认堆的初始提交大小
0×80 与堆释放有关的阈值
0×84 与堆释放有关的阈值
0×88 程序中堆的数量
0x8c 程序中最大的堆的数量
0×90 存储所有堆地址的数组