Both
ProcessEnvironmentBlock_VistaView
PEB.Vista
ProcessName
ProcessId
InheritedAddressSpace
ReadImageFileExecOptions
BeingDebugged
ImageUsesLargePages
IsProtectedProcess
IsLegacyProcess
IsImageDynamicallyRelocated
SkipPatchingUser32Forwarders
IsPackagedProcess
IsAppContainer
"0x$($_.Mutant.ToString("X$([IntPtr]::Size * 2)"))"
"0x$($_.ImageBaseAddress.ToString("X$([IntPtr]::Size * 2)"))"
Ldr
InLoadOrderModuleList
InMemoryOrderModuleList
InInitializationOrderModuleList
ProcessParameters
"0x$($_.SubSystemData.ToString("X$([IntPtr]::Size * 2)"))"
"0x$($_.ProcessHeap.ToString("X$([IntPtr]::Size * 2)"))"
"0x$($_.FastPebLock.ToString("X$([IntPtr]::Size * 2)"))"
"0x$($_.AtlThunkSListPtr.ToString("X$([IntPtr]::Size * 2)"))"
"0x$($_.IFEOKey.ToString("X$([IntPtr]::Size * 2)"))"
ProcessInJob
ProcessInitializing
ProcessUsingVEH
ProcessUsingVCH
ProcessUsingFTH
"0x$($_.KernelCallbackTable.ToString("X$([IntPtr]::Size * 2)"))"
SystemReserved
0x{0:X8}
AtlThunkSListPtr32
0x{0:X8}
"0x$($_.ApiSetMap.ToString("X$([IntPtr]::Size * 2)"))"
TlsExpansionCounter
0x{0:X8}
"0x$($_.TlsBitmap.ToString("X$([IntPtr]::Size * 2)"))"
($_.TlsBitmapBits | % { "0x$($_.ToString('X8'))" }) -join ','
"0x$($_.ReadOnlySharedMemoryBase.ToString("X$([IntPtr]::Size * 2)"))"
"0x$($_.HotpatchInformation.ToString("X$([IntPtr]::Size * 2)"))"
"0x$($_.ReadOnlyStaticServerData.ToString("X$([IntPtr]::Size * 2)"))"
"0x$($_.AnsiCodePageData.ToString("X$([IntPtr]::Size * 2)"))"
"0x$($_.OemCodePageData.ToString("X$([IntPtr]::Size * 2)"))"
"0x$($_.UnicodeCaseTableData.ToString("X$([IntPtr]::Size * 2)"))"
NumberOfProcessors
0x{0:X8}
NtGlobalFlag
0x{0:X8}
CriticalSectionTimeout
0x{0:X16}
"0x$($_.HeapSegmentReserve.ToString("X$([IntPtr]::Size * 2)"))"
"0x$($_.HeapSegmentCommit.ToString("X$([IntPtr]::Size * 2)"))"
"0x$($_.HeapDeCommitTotalFreeThreshold.ToString("X$([IntPtr]::Size * 2)"))"
"0x$($_.HeapDeCommitFreeBlockThreshold.ToString("X$([IntPtr]::Size * 2)"))"
NumberOfHeaps
0x{0:X8}
MaximumNumberOfHeaps
0x{0:X8}
"0x$($_.ProcessHeaps.ToString("X$([IntPtr]::Size * 2)"))"
"0x$($_.GdiSharedHandleTable.ToString("X$([IntPtr]::Size * 2)"))"
"0x$($_.ProcessStarterHelper.ToString("X$([IntPtr]::Size * 2)"))"
GdiDCAttributeList
0x{0:X8}
"0x$($_.LoaderLock.ToString("X$([IntPtr]::Size * 2)"))"
OSMajorVersion
OSMinorVersion
OSBuildNumber
OSCSDVersion
OSPlatformId
ImageSubsystem
ImageSubsystemMajorVersion
ImageSubsystemMinorVersion
"0x$($_.ActiveProcessAffinityMask.ToString("X$([IntPtr]::Size * 2)"))"
($_.GdiHandleBuffer | % { "0x$($_.ToString('X8'))" }) -join ','
"0x$($_.PostProcessInitRoutine.ToString("X$([IntPtr]::Size * 2)"))"
"0x$($_.TlsExpansionBitmap.ToString("X$([IntPtr]::Size * 2)"))"
($_.TlsExpansionBitmapBits | % { "0x$($_.ToString('X8'))" }) -join ','
SessionId
0x{0:X8}
AppCompatFlags
0x{0:X16}
AppCompatFlagsUser
0x{0:X16}
"0x$($_.pShimData.ToString("X$([IntPtr]::Size * 2)"))"
AppCompatInfo
0x{0:X8}
CSDVersion
"0x$($_.ActivationContextData.ToString("X$([IntPtr]::Size * 2)"))"
"0x$($_.ProcessAssemblyStorageMap.ToString("X$([IntPtr]::Size * 2)"))"
"0x$($_.SystemDefaultActivationContextData.ToString("X$([IntPtr]::Size * 2)"))"
"0x$($_.SystemAssemblyStorageMap.ToString("X$([IntPtr]::Size * 2)"))"
"0x$($_.MinimumStackCommit.ToString("X$([IntPtr]::Size * 2)"))"
"0x$($_.FlsCallback.ToString("X$([IntPtr]::Size * 2)"))"
FlsListHead
"0x$($_.FlsBitmap.ToString("X$([IntPtr]::Size * 2)"))"
($_.FlsBitmapBits | % { "0x$($_.ToString('X8'))" }) -join ','
FlsHighIndex
0x{0:X8}
"0x$($_.WerRegistrationData.ToString("X$([IntPtr]::Size * 2)"))"
"0x$($_.WerShipAssertPtr.ToString("X$([IntPtr]::Size * 2)"))"
"0x$($_.pUnused.ToString("X$([IntPtr]::Size * 2)"))"
"0x$($_.pImageHeaderHash.ToString("X$([IntPtr]::Size * 2)"))"
HeapTracingEnabled
CritSecTracingEnabled
LibLoaderTracingEnabled
CsrServerReadOnlySharedMemoryBase
0x{0:X16}
ProcessEnvironmentBlock_Server2003View
PEB.Server2003
ProcessName
ProcessId
if($_.InheritedAddressSpace -eq 0){$False}else{$True}
if($_.ReadImageFileExecOptions -eq 0){$False}else{$True}
if($_.BeingDebugged -eq 0){$False}else{$True}
ImageUsesLargePages
"0x$($_.Mutant.ToString("X$([IntPtr]::Size * 2)"))"
"0x$($_.ImageBaseAddress.ToString("X$([IntPtr]::Size * 2)"))"
Ldr
InLoadOrderModuleList
InMemoryOrderModuleList
InInitializationOrderModuleList
ProcessParameters
"0x$($_.SubSystemData.ToString("X$([IntPtr]::Size * 2)"))"
"0x$($_.ProcessHeap.ToString("X$([IntPtr]::Size * 2)"))"
"0x$($_.FastPebLock.ToString("X$([IntPtr]::Size * 2)"))"
"0x$($_.AtlThunkSListPtr.ToString("X$([IntPtr]::Size * 2)"))"
"0x$($_.SparePtr2.ToString("X$([IntPtr]::Size * 2)"))"
EnvironmentUpdateCount
0x{0:X8}
"0x$($_.KernelCallbackTable.ToString("X$([IntPtr]::Size * 2)"))"
SystemReserved
0x{0:X8}
AtlThunkSListPtr32
0x{0:X8}
"0x$($_.ApiSetMap.ToString("X$([IntPtr]::Size * 2)"))"
TlsExpansionCounter
0x{0:X8}
"0x$($_.TlsBitmap.ToString("X$([IntPtr]::Size * 2)"))"
($_.TlsBitmapBits | % { "0x$($_.ToString('X8'))" }) -join ','
"0x$($_.ReadOnlySharedMemoryBase.ToString("X$([IntPtr]::Size * 2)"))"
"0x$($_.ReadOnlySharedMemoryHeap.ToString("X$([IntPtr]::Size * 2)"))"
"0x$($_.ReadOnlyStaticServerData.ToString("X$([IntPtr]::Size * 2)"))"
"0x$($_.AnsiCodePageData.ToString("X$([IntPtr]::Size * 2)"))"
"0x$($_.OemCodePageData.ToString("X$([IntPtr]::Size * 2)"))"
"0x$($_.UnicodeCaseTableData.ToString("X$([IntPtr]::Size * 2)"))"
NumberOfProcessors
0x{0:X8}
NtGlobalFlag
0x{0:X8}
CriticalSectionTimeout
0x{0:X16}
"0x$($_.HeapSegmentReserve.ToString("X$([IntPtr]::Size * 2)"))"
"0x$($_.HeapSegmentCommit.ToString("X$([IntPtr]::Size * 2)"))"
"0x$($_.HeapDeCommitTotalFreeThreshold.ToString("X$([IntPtr]::Size * 2)"))"
"0x$($_.HeapDeCommitFreeBlockThreshold.ToString("X$([IntPtr]::Size * 2)"))"
NumberOfHeaps
0x{0:X8}
MaximumNumberOfHeaps
0x{0:X8}
"0x$($_.ProcessHeaps.ToString("X$([IntPtr]::Size * 2)"))"
"0x$($_.GdiSharedHandleTable.ToString("X$([IntPtr]::Size * 2)"))"
"0x$($_.ProcessStarterHelper.ToString("X$([IntPtr]::Size * 2)"))"
GdiDCAttributeList
0x{0:X8}
"0x$($_.LoaderLock.ToString("X$([IntPtr]::Size * 2)"))"
OSMajorVersion
OSMinorVersion
OSBuildNumber
OSCSDVersion
OSPlatformId
ImageSubsystem
ImageSubsystemMajorVersion
ImageSubsystemMinorVersion
"0x$($_.ActiveProcessAffinityMask.ToString("X$([IntPtr]::Size * 2)"))"
($_.GdiHandleBuffer | % { "0x$($_.ToString('X8'))" }) -join ','
"0x$($_.PostProcessInitRoutine.ToString("X$([IntPtr]::Size * 2)"))"
"0x$($_.TlsExpansionBitmap.ToString("X$([IntPtr]::Size * 2)"))"
($_.TlsExpansionBitmapBits | % { "0x$($_.ToString('X8'))" }) -join ','
SessionId
0x{0:X8}
AppCompatFlags
0x{0:X16}
AppCompatFlagsUser
0x{0:X16}
"0x$($_.pShimData.ToString("X$([IntPtr]::Size * 2)"))"
AppCompatInfo
0x{0:X8}
CSDVersion
"0x$($_.ActivationContextData.ToString("X$([IntPtr]::Size * 2)"))"
"0x$($_.ProcessAssemblyStorageMap.ToString("X$([IntPtr]::Size * 2)"))"
"0x$($_.SystemDefaultActivationContextData.ToString("X$([IntPtr]::Size * 2)"))"
"0x$($_.SystemAssemblyStorageMap.ToString("X$([IntPtr]::Size * 2)"))"
"0x$($_.MinimumStackCommit.ToString("X$([IntPtr]::Size * 2)"))"
"0x$($_.FlsCallback.ToString("X$([IntPtr]::Size * 2)"))"
FlsListHead
"0x$($_.FlsBitmap.ToString("X$([IntPtr]::Size * 2)"))"
($_.FlsBitmapBits | % { "0x$($_.ToString('X8'))" }) -join ','
FlsHighIndex
0x{0:X8}
ProcessEnvironmentBlock_XPView
PEB.XP
ProcessName
ProcessId
if($_.InheritedAddressSpace -eq 0){$False}else{$True}
if($_.ReadImageFileExecOptions -eq 0){$False}else{$True}
if($_.BeingDebugged -eq 0){$False}else{$True}
"0x$($_.Mutant.ToString("X$([IntPtr]::Size * 2)"))"
"0x$($_.ImageBaseAddress.ToString("X$([IntPtr]::Size * 2)"))"
Ldr
InLoadOrderModuleList
InMemoryOrderModuleList
InInitializationOrderModuleList
ProcessParameters
"0x$($_.SubSystemData.ToString("X$([IntPtr]::Size * 2)"))"
"0x$($_.ProcessHeap.ToString("X$([IntPtr]::Size * 2)"))"
"0x$($_.FastPebLock.ToString("X$([IntPtr]::Size * 2)"))"
"0x$($_.FastPebLockRoutine.ToString("X$([IntPtr]::Size * 2)"))"
"0x$($_.FastPebUnlockRoutine.ToString("X$([IntPtr]::Size * 2)"))"
EnvironmentUpdateCount
0x{0:X8}
"0x$($_.KernelCallbackTable.ToString("X$([IntPtr]::Size * 2)"))"
SystemReserved
0x{0:X8}
AtlThunkSListPtr32
0x{0:X8}
"0x$($_.ApiSetMap.ToString("X$([IntPtr]::Size * 2)"))"
TlsExpansionCounter
0x{0:X8}
"0x$($_.TlsBitmap.ToString("X$([IntPtr]::Size * 2)"))"
($_.TlsBitmapBits | % { "0x$($_.ToString('X8'))" }) -join ','
"0x$($_.ReadOnlySharedMemoryBase.ToString("X$([IntPtr]::Size * 2)"))"
"0x$($_.ReadOnlySharedMemoryHeap.ToString("X$([IntPtr]::Size * 2)"))"
"0x$($_.ReadOnlyStaticServerData.ToString("X$([IntPtr]::Size * 2)"))"
"0x$($_.AnsiCodePageData.ToString("X$([IntPtr]::Size * 2)"))"
"0x$($_.OemCodePageData.ToString("X$([IntPtr]::Size * 2)"))"
"0x$($_.UnicodeCaseTableData.ToString("X$([IntPtr]::Size * 2)"))"
NumberOfProcessors
0x{0:X8}
NtGlobalFlag
0x{0:X8}
CriticalSectionTimeout
0x{0:X16}
"0x$($_.HeapSegmentReserve.ToString("X$([IntPtr]::Size * 2)"))"
"0x$($_.HeapSegmentCommit.ToString("X$([IntPtr]::Size * 2)"))"
"0x$($_.HeapDeCommitTotalFreeThreshold.ToString("X$([IntPtr]::Size * 2)"))"
"0x$($_.HeapDeCommitFreeBlockThreshold.ToString("X$([IntPtr]::Size * 2)"))"
NumberOfHeaps
0x{0:X8}
MaximumNumberOfHeaps
0x{0:X8}
"0x$($_.ProcessHeaps.ToString("X$([IntPtr]::Size * 2)"))"
"0x$($_.GdiSharedHandleTable.ToString("X$([IntPtr]::Size * 2)"))"
"0x$($_.ProcessStarterHelper.ToString("X$([IntPtr]::Size * 2)"))"
GdiDCAttributeList
0x{0:X8}
"0x$($_.LoaderLock.ToString("X$([IntPtr]::Size * 2)"))"
OSMajorVersion
OSMinorVersion
OSBuildNumber
OSCSDVersion
OSPlatformId
ImageSubsystem
ImageSubsystemMajorVersion
ImageSubsystemMinorVersion
"0x$($_.ActiveProcessAffinityMask.ToString("X$([IntPtr]::Size * 2)"))"
($_.GdiHandleBuffer | % { "0x$($_.ToString('X8'))" }) -join ','
"0x$($_.PostProcessInitRoutine.ToString("X$([IntPtr]::Size * 2)"))"
"0x$($_.TlsExpansionBitmap.ToString("X$([IntPtr]::Size * 2)"))"
($_.TlsExpansionBitmapBits | % { "0x$($_.ToString('X8'))" }) -join ','
SessionId
0x{0:X8}
AppCompatFlags
0x{0:X16}
AppCompatFlagsUser
0x{0:X16}
"0x$($_.pShimData.ToString("X$([IntPtr]::Size * 2)"))"
AppCompatInfo
0x{0:X8}
CSDVersion
"0x$($_.ActivationContextData.ToString("X$([IntPtr]::Size * 2)"))"
"0x$($_.ProcessAssemblyStorageMap.ToString("X$([IntPtr]::Size * 2)"))"
"0x$($_.SystemDefaultActivationContextData.ToString("X$([IntPtr]::Size * 2)"))"
"0x$($_.SystemAssemblyStorageMap.ToString("X$([IntPtr]::Size * 2)"))"
"0x$($_.MinimumStackCommit.ToString("X$([IntPtr]::Size * 2)"))"
ProcessEnvironmentBlock_ModuleEntryView
PEB.ModuleEntry
InLoadOrderModuleList
InMemoryOrderModuleList
InInitializationOrderModuleList
"0x$($_.BaseAddress.ToString("X$([IntPtr]::Size * 2)"))"
"0x$($_.EntryPoint.ToString("X$([IntPtr]::Size * 2)"))"
SizeOfImage
0x{0:X8}
FullDllName
BaseDllName
PackagedBinary
ImageDll
LoadNotificationsSent
TelemetryEntryProcessed
ProcessStaticImport
InLegacyLists
InIndexes
ShimDll
InExceptionTable
LoadInProgress
EntryProcessed
DontCallForThreads
ProcessAttachCalled
ProcessAttachFailed
CorDeferredValidate
CorImage
DontRelocate
CorILOnly
Redirected
CompatDatabaseProcessed
ObsoleteLoadCount
0x{0:X4}
TlsIndex
0x{0:X4}
HashLinks
TimeDateStamp
"0x$($_.EntryPointActivationContext.ToString("X$([IntPtr]::Size * 2)"))"
"0x$($_.PatchInformation.ToString("X$([IntPtr]::Size * 2)"))"
"0x$($_.DdagNode.ToString("X$([IntPtr]::Size * 2)"))"
NodeModuleLink
"0x$($_.SnapContext.ToString("X$([IntPtr]::Size * 2)"))"
"0x$($_.ParentDllBase.ToString("X$([IntPtr]::Size * 2)"))"
"0x$($_.SwitchBackContext.ToString("X$([IntPtr]::Size * 2)"))"
BaseAddressIndexNode
MappingInfoIndexNode
"0x$($_.OriginalBase.ToString("X$([IntPtr]::Size * 2)"))"
LoadTime
0x{0:X16}
BaseNameHashValue
0x{0:X8}
LoadReason
ProcessParameters
PEB.ProcessParameters
MaximumLength
0x{0:X8}
Length
0x{0:X8}
Flags
0x{0:X8}
DebugFlags
0x{0:X8}
"0x$($_.ConsoleHandle.ToString("X$([IntPtr]::Size * 2)"))"
ConsoleFlags
0x{0:X8}
"0x$($_.StandardInput.ToString("X$([IntPtr]::Size * 2)"))"
"0x$($_.StandardOutput.ToString("X$([IntPtr]::Size * 2)"))"
"0x$($_.StandardError.ToString("X$([IntPtr]::Size * 2)"))"
CurrentDirectory
DllPath
ImagePathName
CommandLine
"0x$($_.Environment.ToString("X$([IntPtr]::Size * 2)"))"
StartingX
0x{0:X8}
StartingY
0x{0:X8}
CountX
0x{0:X8}
CountY
0x{0:X8}
CountCharsX
0x{0:X8}
CountCharsY
0x{0:X8}
FillAttribute
0x{0:X8}
WindowFlags
0x{0:X8}
ShowWindowFlags
0x{0:X8}
WindowTitle
DesktopInfo
ShellInfo
RuntimeData