mimidrv kkll_m_process_protect _eprocess location not correct on some version of windows(winserver 1607 old version)

[oicu0619]

mimidrv judge windows version by nt!ntbuildnumber. In Winserver 1607x64, OS build 14393.0, a pretty old version, nt!ntbuildnumber is 14393(ntoskrnl.exe pdb file http://msdl.microsoft.com/download/symbols/ntkrnlmp.pdb/DD08DD42692B43F199A079D60E79D2171/ntkrnlmp.pdb) , the _PS_protection is at _eprocess+ 0x6c2

In Winserver 1607x64, OS build 14393.3930, nt!ntbuildnumber is 14393(ntoskrnl.exe pdb file http://msdl.microsoft.com/download/symbols/ntkrnlmp.pdb/7B15ACBE08404536BFE3A8C7BEBE5DDA1/ntkrnlmp.pdb) , the SignatureLevel is at _eprocess+ 0x6c8

mimikatz always set _eprocess+0x6c8 to 0 on !processprotect /remove, which will not work on the former one.