ntoskrnl.exe's PEB is NULL

That's how I get the System process' (ntoskrnl.exe's) EPROCESS:

PEPROCESS process;

PsLookupProcessByProcessId((HANDLE)4, &process); // returns STATUS_SUCCESS

Output of command dt nt!_eprocess 0xffffe000 694c9040 in WinDbg (0xffffe000 694c9040 is value of the process variable):

(Peb is at 0x3e8)

+0x000 Pcb              : _KPROCESS
+0x2c8 ProcessLock      : _EX_PUSH_LOCK
+0x2d0 CreateTime       : _LARGE_INTEGER 0x01d43ca0`b7499b90
+0x2d8 RundownProtect   : _EX_RUNDOWN_REF
+0x2e0 UniqueProcessId  : 0x00000000`00000004 Void
+0x2e8 ActiveProcessLinks : _LIST_ENTRY [ 0xffffe000`6b1be328 - 0xfffff801`ebed9000 ]
+0x2f8 Flags2           : 0x202d000
+0x2f8 JobNotReallyActive : 0y0
+0x2f8 AccountingFolded : 0y0
+0x2f8 NewProcessReported : 0y0
+0x2f8 ExitProcessReported : 0y0
+0x2f8 ReportCommitChanges : 0y0
+0x2f8 LastReportMemory : 0y0
+0x2f8 ForceWakeCharge  : 0y0
+0x2f8 CrossSessionCreate : 0y0
+0x2f8 NeedsHandleRundown : 0y0
+0x2f8 RefTraceEnabled  : 0y0
+0x2f8 DisableDynamicCode : 0y0
+0x2f8 EmptyJobEvaluated : 0y0
+0x2f8 DefaultPagePriority : 0y101
+0x2f8 PrimaryTokenFrozen : 0y1
+0x2f8 ProcessVerifierTarget : 0y0
+0x2f8 StackRandomizationDisabled : 0y1
+0x2f8 AffinityPermanent : 0y0
+0x2f8 AffinityUpdateEnable : 0y0
+0x2f8 PropagateNode    : 0y0
+0x2f8 ExplicitAffinity : 0y0
+0x2f8 ProcessExecutionState : 0y00
+0x2f8 DisallowStrippedImages : 0y0
+0x2f8 HighEntropyASLREnabled : 0y1
+0x2f8 ExtensionPointDisable : 0y0
+0x2f8 ForceRelocateImages : 0y0
+0x2f8 ProcessStateChangeRequest : 0y00
+0x2f8 ProcessStateChangeInProgress : 0y0
+0x2f8 DisallowWin32kSystemCalls : 0y0
+0x2fc Flags            : 0x14040c00
+0x2fc CreateReported   : 0y0
+0x2fc NoDebugInherit   : 0y0
+0x2fc ProcessExiting   : 0y0
+0x2fc ProcessDelete    : 0y0
+0x2fc ControlFlowGuardEnabled : 0y0
+0x2fc VmDeleted        : 0y0
+0x2fc OutswapEnabled   : 0y0
+0x2fc Outswapped       : 0y0
+0x2fc ForkFailed       : 0y0
+0x2fc Wow64VaSpace4Gb  : 0y0
+0x2fc AddressSpaceInitialized : 0y11
+0x2fc SetTimerResolution : 0y0
+0x2fc BreakOnTermination : 0y0
+0x2fc DeprioritizeViews : 0y0
+0x2fc WriteWatch       : 0y0
+0x2fc ProcessInSession : 0y0
+0x2fc OverrideAddressSpace : 0y0
+0x2fc HasAddressSpace  : 0y1
+0x2fc LaunchPrefetched : 0y0
+0x2fc Background       : 0y0
+0x2fc VmTopDown        : 0y0
+0x2fc ImageNotifyDone  : 0y0
+0x2fc PdeUpdateNeeded  : 0y0
+0x2fc VdmAllowed       : 0y0
+0x2fc ProcessRundown   : 0y0
+0x2fc ProcessInserted  : 0y1
+0x2fc DefaultIoPriority : 0y010
+0x2fc ProcessSelfDelete : 0y0
+0x2fc SetTimerResolutionLink : 0y0
+0x300 ProcessQuotaUsage : [2] 0
+0x310 ProcessQuotaPeak : [2] 0
+0x320 PeakVirtualSize  : 0xc2f000
+0x328 VirtualSize      : 0x53e000
+0x330 SessionProcessLinks : _LIST_ENTRY [ 0x00000000`00000000 - 0x00000000`00000000 ]
+0x340 ExceptionPortData : (null) 
+0x340 ExceptionPortValue : 0
+0x340 ExceptionPortState : 0y000
+0x348 Token            : _EX_FAST_REF
+0x350 WorkingSetPage   : 0
+0x358 AddressCreationLock : _EX_PUSH_LOCK
+0x360 PageTableCommitmentLock : _EX_PUSH_LOCK
+0x368 RotateInProgress : (null) 
+0x370 ForkInProgress   : (null) 
+0x378 CommitChargeJob  : (null) 
+0x380 CloneRoot        : _RTL_AVL_TREE
+0x388 NumberOfPrivatePages : 0x19
+0x390 NumberOfLockedPages : 0x40
+0x398 Win32Process     : (null) 
+0x3a0 Job              : (null) 
+0x3a8 SectionObject    : (null) 
+0x3b0 SectionBaseAddress : (null) 
+0x3b8 Cookie           : 0xd4c445bf
+0x3c0 WorkingSetWatch  : (null) 
+0x3c8 Win32WindowStation : (null) 
+0x3d0 InheritedFromUniqueProcessId : (null) 
+0x3d8 LdtInformation   : (null) 
+0x3e0 OwnerProcessId   : 2
+0x3e8 Peb              : (null)
+0x3f0 Session          : (null) 
+0x3f8 AweInfo          : (null) 
+0x400 QuotaBlock       : 0xfffff801`ebecf600 _EPROCESS_QUOTA_BLOCK
+0x408 ObjectTable      : 0xffffc000`fc803000 _HANDLE_TABLE
+0x410 DebugPort        : (null) 
+0x418 Wow64Process     : (null) 
+0x420 DeviceMap        : 0xffffc000`fc80dfc0 Void
+0x428 EtwDataSource    : (null) 
+0x430 PageDirectoryPte : 0
+0x438 ImageFileName    : [15]  "System"
+0x447 PriorityClass    : 0x2 ''
+0x448 SecurityPort     : (null) 
+0x450 SeAuditProcessCreationInfo : _SE_AUDIT_PROCESS_CREATION_INFO
+0x458 JobLinks         : _LIST_ENTRY [ 0x00000000`00000000 - 0x00000000`00000000 ]
+0x468 HighestUserAddress : 0x00007fff`ffff0000 Void
+0x470 ThreadListHead   : _LIST_ENTRY [ 0xffffe000`69438f08 - 0xffffe000`6d4d3f08 ]
+0x480 ActiveThreads    : 0x7d
+0x484 ImagePathHash    : 0
+0x488 DefaultHardErrorProcessing : 5
+0x48c LastThreadExitStatus : 0n0
+0x490 PrefetchTrace    : _EX_FAST_REF
+0x498 LockedPagesList  : (null) 
+0x4a0 ReadOperationCount : _LARGE_INTEGER 0x63
+0x4a8 WriteOperationCount : _LARGE_INTEGER 0xc0
+0x4b0 OtherOperationCount : _LARGE_INTEGER 0x1450
+0x4b8 ReadTransferCount : _LARGE_INTEGER 0x3c32f70
+0x4c0 WriteTransferCount : _LARGE_INTEGER 0x207e400
+0x4c8 OtherTransferCount : _LARGE_INTEGER 0x2038f
+0x4d0 CommitCharge     : 0x1d
+0x4d8 Vm               : _MMSUPPORT
+0x5c0 MmProcessLinks   : _LIST_ENTRY [ 0xffffe000`6b1be600 - 0xfffff801`ebf768c0 ]
+0x5d0 ModifiedPageCount : 0x186b0
+0x5d4 ExitStatus       : 0n259
+0x5d8 VadRoot          : _RTL_AVL_TREE
+0x5e0 VadHint          : 0xffffe000`6a79f650 Void
+0x5e8 VadCount         : 0x10
+0x5f0 VadPhysicalPages : 0
+0x5f8 VadPhysicalPagesLimit : 0
+0x600 AlpcContext      : _ALPC_PROCESS_CONTEXT
+0x620 TimerResolutionLink : _LIST_ENTRY [ 0x00000000`00000000 - 0x00000000`00000000 ]
+0x630 TimerResolutionStackRecord : (null) 
+0x638 RequestedTimerResolution : 0
+0x63c SmallestTimerResolution : 0
+0x640 ExitTime         : _LARGE_INTEGER 0x0
+0x648 InvertedFunctionTable : (null) 
+0x650 InvertedFunctionTableLock : _EX_PUSH_LOCK
+0x658 ActiveThreadsHighWatermark : 0x80
+0x65c LargePrivateVadCount : 0
+0x660 ThreadListLock   : _EX_PUSH_LOCK
+0x668 WnfContext       : 0xffffc000`fc895810 Void
+0x670 Spare0           : 0
+0x678 SignatureLevel   : 0x1e ''
+0x679 SectionSignatureLevel : 0x1c ''
+0x67a Protection       : _PS_PROTECTION
+0x67b SpareByte20      : [1]  ""
+0x67c Flags3           : 0
+0x67c Minimal          : 0y0
+0x680 SvmReserved      : 0n0
+0x688 SvmReserved1     : (null) 
+0x690 SvmReserved2     : 0
+0x698 LastFreezeInterruptTime : 0
+0x6a0 DiskCounters     : 0xffffe000`694c9718 _PROCESS_DISK_COUNTERS
+0x6a8 PicoContext      : (null) 
+0x6b0 KeepAliveCounter : 0
+0x6b4 NoWakeKeepAliveCounter : 0
+0x6b8 DeepFreezeStartTime : 0
+0x6c0 CommitChargeLimit : 0
+0x6c8 CommitChargePeak : 0x59
+0x6d0 HighPriorityFaultsAllowed : 0

I need its PEB in order to obtain its base address (PEPROCESS -> PPEB -> PPEB_LDR_DATA -> LIST_ENTRY -> PLDR_DATA_TABLE_ENTRY -> DllBase) and read value of a undocumented global variable declared in the ntoskrnl.exe.

I thought I could also use SectionBaseAddress, but it's also NULL.

I use Windows 7 64 bit.

Have you any idea what I did wrong?