Dumping fields of a structure
dt STRUCT_NAME FIELD.
Ex. dt _EPROCESS Protection.
dt _EPROCESS Protection.Signer.
Tip learned today
you can rebase the program in IDA and use dt in windbg, windbg will locate the symbol name and type for you
dx -g @$cursession.Processes.Select(p => new {p.Name, Type = p.KernelObject}
dx -r1 Debugger.LastEvent.Thread.Registers.User
dx -r5 Debugger