From 97e08818bcd6cbf3065e7b4055c46022eaff71fe Mon Sep 17 00:00:00 2001
From: hasherezade <hasherezade@users.noreply.github.com>
Date: Fri, 6 Sep 2024 18:14:07 +0000
Subject: [PATCH] deploy: 9d3d31f2c421b433e6041fa779595489ffe1a835

---
 classpesieve_1_1_thread_scanner.html |   4 +-
 scanner_8cpp_source.html             |   2 +-
 thread__scanner_8cpp_source.html     | 283 ++++++++++++++-------------
 thread__scanner_8h_source.html       |   4 +-
 4 files changed, 148 insertions(+), 145 deletions(-)

diff --git a/classpesieve_1_1_thread_scanner.html b/classpesieve_1_1_thread_scanner.html
index 5348a57a0..5a2970224 100644
--- a/classpesieve_1_1_thread_scanner.html
+++ b/classpesieve_1_1_thread_scanner.html
@@ -608,7 +608,7 @@ <h2 class="memtitle"><span class="permalink"><a href="#a23839353374eedcda7c92b0c
 
 <p>Implements <a class="el" href="classpesieve_1_1_process_feature_scanner.html#a8c85491f592bbfe32e4906dddea8973f">pesieve::ProcessFeatureScanner</a>.</p>
 
-<p class="definition">Definition at line <a class="el" href="thread__scanner_8cpp_source.html#l00501">501</a> of file <a class="el" href="thread__scanner_8cpp_source.html">thread_scanner.cpp</a>.</p>
+<p class="definition">Definition at line <a class="el" href="thread__scanner_8cpp_source.html#l00504">504</a> of file <a class="el" href="thread__scanner_8cpp_source.html">thread_scanner.cpp</a>.</p>
 <div class="dynheader">
 Here is the call graph for this function:</div>
 <div class="dyncontent">
@@ -652,7 +652,7 @@ <h2 class="memtitle"><span class="permalink"><a href="#ae1bd5026205bae8766930b5d
 </table>
 </div><div class="memdoc">
 
-<p class="definition">Definition at line <a class="el" href="thread__scanner_8cpp_source.html#l00415">415</a> of file <a class="el" href="thread__scanner_8cpp_source.html">thread_scanner.cpp</a>.</p>
+<p class="definition">Definition at line <a class="el" href="thread__scanner_8cpp_source.html#l00418">418</a> of file <a class="el" href="thread__scanner_8cpp_source.html">thread_scanner.cpp</a>.</p>
 <div class="dynheader">
 Here is the call graph for this function:</div>
 <div class="dyncontent">
diff --git a/scanner_8cpp_source.html b/scanner_8cpp_source.html
index 2619d096f..3b734dd7a 100644
--- a/scanner_8cpp_source.html
+++ b/scanner_8cpp_source.html
@@ -718,7 +718,7 @@
 <div class="ttc" id="aclasspesieve_1_1_skipped_module_report_html"><div class="ttname"><a href="classpesieve_1_1_skipped_module_report.html">pesieve::SkippedModuleReport</a></div><div class="ttdef"><b>Definition</b> <a href="module__scan__report_8h_source.html#l00116">module_scan_report.h:117</a></div></div>
 <div class="ttc" id="aclasspesieve_1_1_thread_scan_report_html"><div class="ttname"><a href="classpesieve_1_1_thread_scan_report.html">pesieve::ThreadScanReport</a></div><div class="ttdoc">A report from the thread scan, generated by ThreadScanner.</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8h_source.html#l00014">thread_scanner.h:15</a></div></div>
 <div class="ttc" id="aclasspesieve_1_1_thread_scanner_html"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html">pesieve::ThreadScanner</a></div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8h_source.html#l00131">thread_scanner.h:131</a></div></div>
-<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_a23839353374eedcda7c92b0c7ce6b3bf"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#a23839353374eedcda7c92b0c7ce6b3bf">pesieve::ThreadScanner::scanRemote</a></div><div class="ttdeci">virtual ThreadScanReport * scanRemote()</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8cpp_source.html#l00501">thread_scanner.cpp:501</a></div></div>
+<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_a23839353374eedcda7c92b0c7ce6b3bf"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#a23839353374eedcda7c92b0c7ce6b3bf">pesieve::ThreadScanner::scanRemote</a></div><div class="ttdeci">virtual ThreadScanReport * scanRemote()</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8cpp_source.html#l00504">thread_scanner.cpp:504</a></div></div>
 <div class="ttc" id="aclasspesieve_1_1_unreachable_module_report_html"><div class="ttname"><a href="classpesieve_1_1_unreachable_module_report.html">pesieve::UnreachableModuleReport</a></div><div class="ttdef"><b>Definition</b> <a href="module__scan__report_8h_source.html#l00096">module_scan_report.h:97</a></div></div>
 <div class="ttc" id="aclasspesieve_1_1_working_set_scan_report_html"><div class="ttname"><a href="classpesieve_1_1_working_set_scan_report.html">pesieve::WorkingSetScanReport</a></div><div class="ttdoc">A report from the working set scan, generated by WorkingSetScanner.</div><div class="ttdef"><b>Definition</b> <a href="workingset__scanner_8h_source.html#l00028">workingset_scanner.h:29</a></div></div>
 <div class="ttc" id="aclasspesieve_1_1_working_set_scan_report_html_a9167635c76bcba07d274133c8af95f17"><div class="ttname"><a href="classpesieve_1_1_working_set_scan_report.html#a9167635c76bcba07d274133c8af95f17">pesieve::WorkingSetScanReport::is_listed_module</a></div><div class="ttdeci">bool is_listed_module</div><div class="ttdef"><b>Definition</b> <a href="workingset__scanner_8h_source.html#l00097">workingset_scanner.h:97</a></div></div>
diff --git a/thread__scanner_8cpp_source.html b/thread__scanner_8cpp_source.html
index 61c52e940..b2ada0292 100644
--- a/thread__scanner_8cpp_source.html
+++ b/thread__scanner_8cpp_source.html
@@ -524,150 +524,153 @@
 <div class="foldopen" id="foldopen00397" data-start="{" data-end="}">
 <div class="line"><a id="l00397" name="l00397"></a><span class="lineno"><a class="line" href="thread__scanner_8cpp.html#acde231c42b9527dcc026402dcb8b9d87">  397</a></span><span class="keywordtype">bool</span> <a class="code hl_function" href="thread__scanner_8cpp.html#acde231c42b9527dcc026402dcb8b9d87">should_scan_context</a>(<span class="keyword">const</span> <a class="code hl_struct" href="structpesieve_1_1util_1_1__thread__info.html">util::thread_info</a>&amp; <a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>)</div>
 <div class="line"><a id="l00398" name="l00398"></a><span class="lineno">  398</span>{</div>
-<div class="line"><a id="l00399" name="l00399"></a><span class="lineno">  399</span>    <span class="keywordflow">if</span> (!<a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.is_extended) {</div>
-<div class="line"><a id="l00400" name="l00400"></a><span class="lineno">  400</span>        <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
+<div class="line"><a id="l00399" name="l00399"></a><span class="lineno">  399</span>    <span class="keywordflow">if</span> (GetCurrentThreadId() == <a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.tid) {</div>
+<div class="line"><a id="l00400" name="l00400"></a><span class="lineno">  400</span>        <span class="keywordflow">return</span> <span class="keyword">false</span>; <span class="comment">// don&#39;t scan the current thread</span></div>
 <div class="line"><a id="l00401" name="l00401"></a><span class="lineno">  401</span>    }</div>
-<div class="line"><a id="l00402" name="l00402"></a><span class="lineno">  402</span>    <span class="keyword">const</span> KTHREAD_STATE state = (KTHREAD_STATE)<a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.ext.state;</div>
-<div class="line"><a id="l00403" name="l00403"></a><span class="lineno">  403</span>    <span class="keywordflow">if</span> (state == Ready || state == Running) {</div>
-<div class="line"><a id="l00404" name="l00404"></a><span class="lineno">  404</span>        <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
-<div class="line"><a id="l00405" name="l00405"></a><span class="lineno">  405</span>    }</div>
-<div class="line"><a id="l00406" name="l00406"></a><span class="lineno">  406</span>    <span class="keywordflow">if</span> (state == Terminated) {</div>
-<div class="line"><a id="l00407" name="l00407"></a><span class="lineno">  407</span>        <span class="keywordflow">return</span> <span class="keyword">false</span>;</div>
+<div class="line"><a id="l00402" name="l00402"></a><span class="lineno">  402</span>    <span class="keywordflow">if</span> (!<a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.is_extended) {</div>
+<div class="line"><a id="l00403" name="l00403"></a><span class="lineno">  403</span>        <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
+<div class="line"><a id="l00404" name="l00404"></a><span class="lineno">  404</span>    }</div>
+<div class="line"><a id="l00405" name="l00405"></a><span class="lineno">  405</span>    <span class="keyword">const</span> KTHREAD_STATE state = (KTHREAD_STATE)<a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.ext.state;</div>
+<div class="line"><a id="l00406" name="l00406"></a><span class="lineno">  406</span>    <span class="keywordflow">if</span> (state == Ready || state == Running) {</div>
+<div class="line"><a id="l00407" name="l00407"></a><span class="lineno">  407</span>        <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
 <div class="line"><a id="l00408" name="l00408"></a><span class="lineno">  408</span>    }</div>
-<div class="line"><a id="l00409" name="l00409"></a><span class="lineno">  409</span>    <span class="keywordflow">if</span> (state == Waiting &amp;&amp; <a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.ext.wait_reason &lt;= WrQueue) {</div>
-<div class="line"><a id="l00410" name="l00410"></a><span class="lineno">  410</span>        <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
+<div class="line"><a id="l00409" name="l00409"></a><span class="lineno">  409</span>    <span class="keywordflow">if</span> (state == Terminated) {</div>
+<div class="line"><a id="l00410" name="l00410"></a><span class="lineno">  410</span>        <span class="keywordflow">return</span> <span class="keyword">false</span>;</div>
 <div class="line"><a id="l00411" name="l00411"></a><span class="lineno">  411</span>    }</div>
-<div class="line"><a id="l00412" name="l00412"></a><span class="lineno">  412</span>    <span class="keywordflow">return</span> <span class="keyword">false</span>;</div>
-<div class="line"><a id="l00413" name="l00413"></a><span class="lineno">  413</span>}</div>
+<div class="line"><a id="l00412" name="l00412"></a><span class="lineno">  412</span>    <span class="keywordflow">if</span> (state == Waiting &amp;&amp; <a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.ext.wait_reason &lt;= WrQueue) {</div>
+<div class="line"><a id="l00413" name="l00413"></a><span class="lineno">  413</span>        <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
+<div class="line"><a id="l00414" name="l00414"></a><span class="lineno">  414</span>    }</div>
+<div class="line"><a id="l00415" name="l00415"></a><span class="lineno">  415</span>    <span class="keywordflow">return</span> <span class="keyword">false</span>;</div>
+<div class="line"><a id="l00416" name="l00416"></a><span class="lineno">  416</span>}</div>
 </div>
-<div class="line"><a id="l00414" name="l00414"></a><span class="lineno">  414</span> </div>
-<div class="foldopen" id="foldopen00415" data-start="{" data-end="}">
-<div class="line"><a id="l00415" name="l00415"></a><span class="lineno"><a class="line" href="classpesieve_1_1_thread_scanner.html#ae1bd5026205bae8766930b5d26c7cedf">  415</a></span><span class="keywordtype">bool</span> <a class="code hl_function" href="classpesieve_1_1_thread_scanner.html#ae1bd5026205bae8766930b5d26c7cedf">pesieve::ThreadScanner::scanRemoteThreadCtx</a>(HANDLE hThread, <a class="code hl_class" href="classpesieve_1_1_thread_scan_report.html">ThreadScanReport</a>* my_report)</div>
-<div class="line"><a id="l00416" name="l00416"></a><span class="lineno">  416</span>{</div>
-<div class="line"><a id="l00417" name="l00417"></a><span class="lineno">  417</span>    <span class="keyword">const</span> DWORD tid = GetThreadId(hThread);</div>
-<div class="line"><a id="l00418" name="l00418"></a><span class="lineno">  418</span>    <a class="code hl_struct" href="structpesieve_1_1__ctx__details.html">ctx_details</a> cDetails = { 0 };</div>
-<div class="line"><a id="l00419" name="l00419"></a><span class="lineno">  419</span>    <span class="keyword">const</span> <span class="keywordtype">bool</span> is_ok = fetchThreadCtxDetails(processHandle, hThread, cDetails);</div>
-<div class="line"><a id="l00420" name="l00420"></a><span class="lineno">  420</span> </div>
-<div class="line"><a id="l00421" name="l00421"></a><span class="lineno">  421</span>    DWORD exit_code = 0;</div>
-<div class="line"><a id="l00422" name="l00422"></a><span class="lineno">  422</span>    GetExitCodeThread(hThread, &amp;exit_code);</div>
+<div class="line"><a id="l00417" name="l00417"></a><span class="lineno">  417</span> </div>
+<div class="foldopen" id="foldopen00418" data-start="{" data-end="}">
+<div class="line"><a id="l00418" name="l00418"></a><span class="lineno"><a class="line" href="classpesieve_1_1_thread_scanner.html#ae1bd5026205bae8766930b5d26c7cedf">  418</a></span><span class="keywordtype">bool</span> <a class="code hl_function" href="classpesieve_1_1_thread_scanner.html#ae1bd5026205bae8766930b5d26c7cedf">pesieve::ThreadScanner::scanRemoteThreadCtx</a>(HANDLE hThread, <a class="code hl_class" href="classpesieve_1_1_thread_scan_report.html">ThreadScanReport</a>* my_report)</div>
+<div class="line"><a id="l00419" name="l00419"></a><span class="lineno">  419</span>{</div>
+<div class="line"><a id="l00420" name="l00420"></a><span class="lineno">  420</span>    <span class="keyword">const</span> DWORD tid = GetThreadId(hThread);</div>
+<div class="line"><a id="l00421" name="l00421"></a><span class="lineno">  421</span>    <a class="code hl_struct" href="structpesieve_1_1__ctx__details.html">ctx_details</a> cDetails = { 0 };</div>
+<div class="line"><a id="l00422" name="l00422"></a><span class="lineno">  422</span>    <span class="keyword">const</span> <span class="keywordtype">bool</span> is_ok = fetchThreadCtxDetails(processHandle, hThread, cDetails);</div>
 <div class="line"><a id="l00423" name="l00423"></a><span class="lineno">  423</span> </div>
-<div class="line"><a id="l00424" name="l00424"></a><span class="lineno">  424</span>    <span class="keywordflow">if</span> (exit_code != STILL_ACTIVE) {</div>
-<div class="line"><a id="l00425" name="l00425"></a><span class="lineno">  425</span><span class="preprocessor">#ifdef _DEBUG</span></div>
-<div class="line"><a id="l00426" name="l00426"></a><span class="lineno">  426</span>        std::cout &lt;&lt; <span class="stringliteral">&quot; ExitCode: &quot;</span> &lt;&lt; std::dec &lt;&lt; exit_code &lt;&lt; <span class="stringliteral">&quot;\n&quot;</span>;</div>
-<div class="line"><a id="l00427" name="l00427"></a><span class="lineno">  427</span><span class="preprocessor">#endif</span></div>
-<div class="line"><a id="l00428" name="l00428"></a><span class="lineno">  428</span>        my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a10b0bdf16cb9e7af32e1ab9b35532f68">status</a> = <a class="code hl_enumvalue" href="namespacepesieve.html#a458a4723ce4aa55fd1033f3e36381883a898214572c7aff1aca29db4a3ec9856d">SCAN_NOT_SUSPICIOUS</a>;</div>
-<div class="line"><a id="l00429" name="l00429"></a><span class="lineno">  429</span>        <span class="keywordflow">return</span> <span class="keyword">false</span>;</div>
-<div class="line"><a id="l00430" name="l00430"></a><span class="lineno">  430</span>    }</div>
-<div class="line"><a id="l00431" name="l00431"></a><span class="lineno">  431</span> </div>
-<div class="line"><a id="l00432" name="l00432"></a><span class="lineno">  432</span>    <span class="keywordflow">if</span> (!is_ok) {</div>
-<div class="line"><a id="l00433" name="l00433"></a><span class="lineno">  433</span>        <span class="comment">// could not fetch the thread context and information</span></div>
-<div class="line"><a id="l00434" name="l00434"></a><span class="lineno">  434</span>        my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a10b0bdf16cb9e7af32e1ab9b35532f68">status</a> = <a class="code hl_enumvalue" href="namespacepesieve.html#a458a4723ce4aa55fd1033f3e36381883ab619b7720957ba16403f9eb619bba747">SCAN_ERROR</a>;</div>
-<div class="line"><a id="l00435" name="l00435"></a><span class="lineno">  435</span>        <span class="keywordflow">return</span> <span class="keyword">false</span>;</div>
-<div class="line"><a id="l00436" name="l00436"></a><span class="lineno">  436</span>    }</div>
-<div class="line"><a id="l00437" name="l00437"></a><span class="lineno">  437</span> </div>
-<div class="line"><a id="l00438" name="l00438"></a><span class="lineno">  438</span>    <span class="keywordtype">bool</span> is_shc = isAddrInShellcode(cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#a6dc0bc061045467c3d71b6644adf68b4">rip</a>);</div>
-<div class="line"><a id="l00439" name="l00439"></a><span class="lineno">  439</span>    <span class="keywordflow">if</span> (is_shc) {</div>
-<div class="line"><a id="l00440" name="l00440"></a><span class="lineno">  440</span>        <span class="keywordflow">if</span> (reportSuspiciousAddr(my_report, cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#a6dc0bc061045467c3d71b6644adf68b4">rip</a>)) {</div>
-<div class="line"><a id="l00441" name="l00441"></a><span class="lineno">  441</span>            <span class="keywordflow">if</span> (my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a10b0bdf16cb9e7af32e1ab9b35532f68">status</a> == <a class="code hl_enumvalue" href="namespacepesieve.html#a458a4723ce4aa55fd1033f3e36381883aa8e008219c2ccce11f9d85b511f9b5a6">SCAN_SUSPICIOUS</a>) {</div>
-<div class="line"><a id="l00442" name="l00442"></a><span class="lineno">  442</span>                <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
-<div class="line"><a id="l00443" name="l00443"></a><span class="lineno">  443</span>            }</div>
-<div class="line"><a id="l00444" name="l00444"></a><span class="lineno">  444</span>        }</div>
-<div class="line"><a id="l00445" name="l00445"></a><span class="lineno">  445</span>    }</div>
-<div class="line"><a id="l00446" name="l00446"></a><span class="lineno">  446</span> </div>
-<div class="line"><a id="l00447" name="l00447"></a><span class="lineno">  447</span>    <span class="keywordflow">for</span> (<span class="keyword">auto</span> itr = cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#a44ca7a32918f0eab5a8d9cf14080e0c0">shcCandidates</a>.begin(); itr != cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#a44ca7a32918f0eab5a8d9cf14080e0c0">shcCandidates</a>.end(); ++itr) {</div>
-<div class="line"><a id="l00448" name="l00448"></a><span class="lineno">  448</span>        <span class="keyword">const</span> ULONGLONG addr = *itr;</div>
-<div class="line"><a id="l00449" name="l00449"></a><span class="lineno">  449</span><span class="preprocessor">#ifdef _SHOW_THREAD_INFO</span></div>
-<div class="line"><a id="l00450" name="l00450"></a><span class="lineno">  450</span>        std::cout &lt;&lt; <span class="stringliteral">&quot;Checking shc candidate: &quot;</span> &lt;&lt; std::hex &lt;&lt; addr &lt;&lt; <span class="stringliteral">&quot;\n&quot;</span>;</div>
-<div class="line"><a id="l00451" name="l00451"></a><span class="lineno">  451</span><span class="preprocessor">#endif </span><span class="comment">//_SHOW_THREAD_INFO</span></div>
-<div class="line"><a id="l00452" name="l00452"></a><span class="lineno">  452</span>        <span class="comment">//automatically verifies if the address is legit:</span></div>
-<div class="line"><a id="l00453" name="l00453"></a><span class="lineno">  453</span>        <span class="keywordflow">if</span> (reportSuspiciousAddr(my_report, addr)) {</div>
-<div class="line"><a id="l00454" name="l00454"></a><span class="lineno">  454</span>            <span class="keywordflow">if</span> (my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a10b0bdf16cb9e7af32e1ab9b35532f68">status</a> == <a class="code hl_enumvalue" href="namespacepesieve.html#a458a4723ce4aa55fd1033f3e36381883aa8e008219c2ccce11f9d85b511f9b5a6">SCAN_SUSPICIOUS</a>) {</div>
-<div class="line"><a id="l00455" name="l00455"></a><span class="lineno">  455</span><span class="preprocessor">#ifdef _SHOW_THREAD_INFO</span></div>
-<div class="line"><a id="l00456" name="l00456"></a><span class="lineno">  456</span>                std::cout &lt;&lt; <span class="stringliteral">&quot;Found! &quot;</span> &lt;&lt; std::hex &lt;&lt; addr &lt;&lt; <span class="stringliteral">&quot;\n&quot;</span>;</div>
-<div class="line"><a id="l00457" name="l00457"></a><span class="lineno">  457</span><span class="preprocessor">#endif </span><span class="comment">//_SHOW_THREAD_INFO</span></div>
-<div class="line"><a id="l00458" name="l00458"></a><span class="lineno">  458</span>                <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
-<div class="line"><a id="l00459" name="l00459"></a><span class="lineno">  459</span>            }</div>
-<div class="line"><a id="l00460" name="l00460"></a><span class="lineno">  460</span>        }</div>
-<div class="line"><a id="l00461" name="l00461"></a><span class="lineno">  461</span>    }</div>
-<div class="line"><a id="l00462" name="l00462"></a><span class="lineno">  462</span> </div>
-<div class="line"><a id="l00463" name="l00463"></a><span class="lineno">  463</span>    <span class="keywordflow">if</span> (this-&gt;<a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.is_extended &amp;&amp; <a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.ext.state == Waiting</div>
-<div class="line"><a id="l00464" name="l00464"></a><span class="lineno">  464</span>        &amp;&amp; !cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#a236ccadbe7548913e6186651b56f1636">is_ret_in_frame</a>)</div>
-<div class="line"><a id="l00465" name="l00465"></a><span class="lineno">  465</span>    {</div>
-<div class="line"><a id="l00466" name="l00466"></a><span class="lineno">  466</span>        <span class="keyword">const</span> ULONGLONG ret_addr = cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#a9c9416530acb79291642a6af92a50088">ret_on_stack</a>;</div>
-<div class="line"><a id="l00467" name="l00467"></a><span class="lineno">  467</span>        is_shc = isAddrInShellcode(ret_addr);</div>
-<div class="line"><a id="l00468" name="l00468"></a><span class="lineno">  468</span><span class="preprocessor">#ifdef _SHOW_THREAD_INFO</span></div>
-<div class="line"><a id="l00469" name="l00469"></a><span class="lineno">  469</span>        std::cout &lt;&lt; <span class="stringliteral">&quot;Return addr: &quot;</span> &lt;&lt; std::hex &lt;&lt; ret_addr &lt;&lt; <span class="stringliteral">&quot;\n&quot;</span>;</div>
-<div class="line"><a id="l00470" name="l00470"></a><span class="lineno">  470</span>        printResolvedAddr(ret_addr);</div>
-<div class="line"><a id="l00471" name="l00471"></a><span class="lineno">  471</span><span class="preprocessor">#endif </span><span class="comment">//_SHOW_THREAD_INFO</span></div>
-<div class="line"><a id="l00472" name="l00472"></a><span class="lineno">  472</span>        <span class="keywordflow">if</span> (is_shc &amp;&amp; reportSuspiciousAddr(my_report, (ULONGLONG)ret_addr)) {</div>
-<div class="line"><a id="l00473" name="l00473"></a><span class="lineno">  473</span>            <span class="keywordflow">if</span> (my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a10b0bdf16cb9e7af32e1ab9b35532f68">status</a> == <a class="code hl_enumvalue" href="namespacepesieve.html#a458a4723ce4aa55fd1033f3e36381883aa8e008219c2ccce11f9d85b511f9b5a6">SCAN_SUSPICIOUS</a>) {</div>
-<div class="line"><a id="l00474" name="l00474"></a><span class="lineno">  474</span>                <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
-<div class="line"><a id="l00475" name="l00475"></a><span class="lineno">  475</span>            }</div>
-<div class="line"><a id="l00476" name="l00476"></a><span class="lineno">  476</span>            my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a10b0bdf16cb9e7af32e1ab9b35532f68">status</a> = <a class="code hl_enumvalue" href="namespacepesieve.html#a458a4723ce4aa55fd1033f3e36381883aa8e008219c2ccce11f9d85b511f9b5a6">SCAN_SUSPICIOUS</a>;</div>
-<div class="line"><a id="l00477" name="l00477"></a><span class="lineno">  477</span>            my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_thread_scan_report.html#af76335a4fb14998bd3fb0540bfd35473">stack_ptr</a> = cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#ab19759b888e6034d29dcaf6cedeed9bd">rsp</a>;</div>
-<div class="line"><a id="l00478" name="l00478"></a><span class="lineno">  478</span>            <span class="keywordflow">if</span> (my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_thread_scan_report.html#a00f0b36826c124dc6be154f0cdeb7f83">stats</a>.<a class="code hl_variable" href="classpesieve_1_1_area_entropy_stats.html#a82df077a940d6870308d72ba39cbeec2">entropy</a> &lt; 1) { <span class="comment">// discard, do not dump</span></div>
-<div class="line"><a id="l00479" name="l00479"></a><span class="lineno">  479</span>                my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a49bdf7d9e08c3b7ea427ccf1df2a15df">module</a> = 0;</div>
-<div class="line"><a id="l00480" name="l00480"></a><span class="lineno">  480</span>                my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a274ffb4b7c29b04c7b09852858540fac">moduleSize</a> = 0;</div>
-<div class="line"><a id="l00481" name="l00481"></a><span class="lineno">  481</span>            }</div>
-<div class="line"><a id="l00482" name="l00482"></a><span class="lineno">  482</span>            <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
-<div class="line"><a id="l00483" name="l00483"></a><span class="lineno">  483</span>        }</div>
-<div class="line"><a id="l00484" name="l00484"></a><span class="lineno">  484</span>    }</div>
-<div class="line"><a id="l00485" name="l00485"></a><span class="lineno">  485</span> </div>
-<div class="line"><a id="l00486" name="l00486"></a><span class="lineno">  486</span>    <span class="keyword">const</span> <span class="keywordtype">bool</span> hasEmptyGUI = <a class="code hl_function" href="thread__scanner_8cpp.html#a20dfb89b6f97369747479fad5b4e764b">has_empty_gui_info</a>(tid);</div>
-<div class="line"><a id="l00487" name="l00487"></a><span class="lineno">  487</span>    <span class="keywordflow">if</span> (hasEmptyGUI &amp;&amp;</div>
-<div class="line"><a id="l00488" name="l00488"></a><span class="lineno">  488</span>        cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#aabca56adbcd0155923d8e6b0e62599c5">stackFramesCount</a> == 1</div>
-<div class="line"><a id="l00489" name="l00489"></a><span class="lineno">  489</span>        &amp;&amp; this-&gt;info.is_extended &amp;&amp; <a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.ext.state == Waiting &amp;&amp; <a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.ext.wait_reason == UserRequest)</div>
-<div class="line"><a id="l00490" name="l00490"></a><span class="lineno">  490</span>    {</div>
-<div class="line"><a id="l00491" name="l00491"></a><span class="lineno">  491</span>        my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_thread_scan_report.html#aa4cc4cdcfd7be649a00dd57d46b70317">thread_state</a> = <a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.ext.state;</div>
-<div class="line"><a id="l00492" name="l00492"></a><span class="lineno">  492</span>        my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_thread_scan_report.html#acfe24bd84475b4de990f163e131a99e4">thread_wait_reason</a> = <a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.ext.wait_reason;</div>
-<div class="line"><a id="l00493" name="l00493"></a><span class="lineno">  493</span>        my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_thread_scan_report.html#a426ff44e71530e3f96236540d62d21e4">thread_wait_time</a> = <a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.ext.wait_time;</div>
-<div class="line"><a id="l00494" name="l00494"></a><span class="lineno">  494</span>        my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_thread_scan_report.html#af76335a4fb14998bd3fb0540bfd35473">stack_ptr</a> = cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#ab19759b888e6034d29dcaf6cedeed9bd">rsp</a>;</div>
-<div class="line"><a id="l00495" name="l00495"></a><span class="lineno">  495</span>        my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a10b0bdf16cb9e7af32e1ab9b35532f68">status</a> = <a class="code hl_enumvalue" href="namespacepesieve.html#a458a4723ce4aa55fd1033f3e36381883aa8e008219c2ccce11f9d85b511f9b5a6">SCAN_SUSPICIOUS</a>;</div>
-<div class="line"><a id="l00496" name="l00496"></a><span class="lineno">  496</span>    }</div>
-<div class="line"><a id="l00497" name="l00497"></a><span class="lineno">  497</span>    <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
-<div class="line"><a id="l00498" name="l00498"></a><span class="lineno">  498</span>}</div>
+<div class="line"><a id="l00424" name="l00424"></a><span class="lineno">  424</span>    DWORD exit_code = 0;</div>
+<div class="line"><a id="l00425" name="l00425"></a><span class="lineno">  425</span>    GetExitCodeThread(hThread, &amp;exit_code);</div>
+<div class="line"><a id="l00426" name="l00426"></a><span class="lineno">  426</span> </div>
+<div class="line"><a id="l00427" name="l00427"></a><span class="lineno">  427</span>    <span class="keywordflow">if</span> (exit_code != STILL_ACTIVE) {</div>
+<div class="line"><a id="l00428" name="l00428"></a><span class="lineno">  428</span><span class="preprocessor">#ifdef _DEBUG</span></div>
+<div class="line"><a id="l00429" name="l00429"></a><span class="lineno">  429</span>        std::cout &lt;&lt; <span class="stringliteral">&quot; ExitCode: &quot;</span> &lt;&lt; std::dec &lt;&lt; exit_code &lt;&lt; <span class="stringliteral">&quot;\n&quot;</span>;</div>
+<div class="line"><a id="l00430" name="l00430"></a><span class="lineno">  430</span><span class="preprocessor">#endif</span></div>
+<div class="line"><a id="l00431" name="l00431"></a><span class="lineno">  431</span>        my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a10b0bdf16cb9e7af32e1ab9b35532f68">status</a> = <a class="code hl_enumvalue" href="namespacepesieve.html#a458a4723ce4aa55fd1033f3e36381883a898214572c7aff1aca29db4a3ec9856d">SCAN_NOT_SUSPICIOUS</a>;</div>
+<div class="line"><a id="l00432" name="l00432"></a><span class="lineno">  432</span>        <span class="keywordflow">return</span> <span class="keyword">false</span>;</div>
+<div class="line"><a id="l00433" name="l00433"></a><span class="lineno">  433</span>    }</div>
+<div class="line"><a id="l00434" name="l00434"></a><span class="lineno">  434</span> </div>
+<div class="line"><a id="l00435" name="l00435"></a><span class="lineno">  435</span>    <span class="keywordflow">if</span> (!is_ok) {</div>
+<div class="line"><a id="l00436" name="l00436"></a><span class="lineno">  436</span>        <span class="comment">// could not fetch the thread context and information</span></div>
+<div class="line"><a id="l00437" name="l00437"></a><span class="lineno">  437</span>        my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a10b0bdf16cb9e7af32e1ab9b35532f68">status</a> = <a class="code hl_enumvalue" href="namespacepesieve.html#a458a4723ce4aa55fd1033f3e36381883ab619b7720957ba16403f9eb619bba747">SCAN_ERROR</a>;</div>
+<div class="line"><a id="l00438" name="l00438"></a><span class="lineno">  438</span>        <span class="keywordflow">return</span> <span class="keyword">false</span>;</div>
+<div class="line"><a id="l00439" name="l00439"></a><span class="lineno">  439</span>    }</div>
+<div class="line"><a id="l00440" name="l00440"></a><span class="lineno">  440</span> </div>
+<div class="line"><a id="l00441" name="l00441"></a><span class="lineno">  441</span>    <span class="keywordtype">bool</span> is_shc = isAddrInShellcode(cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#a6dc0bc061045467c3d71b6644adf68b4">rip</a>);</div>
+<div class="line"><a id="l00442" name="l00442"></a><span class="lineno">  442</span>    <span class="keywordflow">if</span> (is_shc) {</div>
+<div class="line"><a id="l00443" name="l00443"></a><span class="lineno">  443</span>        <span class="keywordflow">if</span> (reportSuspiciousAddr(my_report, cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#a6dc0bc061045467c3d71b6644adf68b4">rip</a>)) {</div>
+<div class="line"><a id="l00444" name="l00444"></a><span class="lineno">  444</span>            <span class="keywordflow">if</span> (my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a10b0bdf16cb9e7af32e1ab9b35532f68">status</a> == <a class="code hl_enumvalue" href="namespacepesieve.html#a458a4723ce4aa55fd1033f3e36381883aa8e008219c2ccce11f9d85b511f9b5a6">SCAN_SUSPICIOUS</a>) {</div>
+<div class="line"><a id="l00445" name="l00445"></a><span class="lineno">  445</span>                <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
+<div class="line"><a id="l00446" name="l00446"></a><span class="lineno">  446</span>            }</div>
+<div class="line"><a id="l00447" name="l00447"></a><span class="lineno">  447</span>        }</div>
+<div class="line"><a id="l00448" name="l00448"></a><span class="lineno">  448</span>    }</div>
+<div class="line"><a id="l00449" name="l00449"></a><span class="lineno">  449</span> </div>
+<div class="line"><a id="l00450" name="l00450"></a><span class="lineno">  450</span>    <span class="keywordflow">for</span> (<span class="keyword">auto</span> itr = cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#a44ca7a32918f0eab5a8d9cf14080e0c0">shcCandidates</a>.begin(); itr != cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#a44ca7a32918f0eab5a8d9cf14080e0c0">shcCandidates</a>.end(); ++itr) {</div>
+<div class="line"><a id="l00451" name="l00451"></a><span class="lineno">  451</span>        <span class="keyword">const</span> ULONGLONG addr = *itr;</div>
+<div class="line"><a id="l00452" name="l00452"></a><span class="lineno">  452</span><span class="preprocessor">#ifdef _SHOW_THREAD_INFO</span></div>
+<div class="line"><a id="l00453" name="l00453"></a><span class="lineno">  453</span>        std::cout &lt;&lt; <span class="stringliteral">&quot;Checking shc candidate: &quot;</span> &lt;&lt; std::hex &lt;&lt; addr &lt;&lt; <span class="stringliteral">&quot;\n&quot;</span>;</div>
+<div class="line"><a id="l00454" name="l00454"></a><span class="lineno">  454</span><span class="preprocessor">#endif </span><span class="comment">//_SHOW_THREAD_INFO</span></div>
+<div class="line"><a id="l00455" name="l00455"></a><span class="lineno">  455</span>        <span class="comment">//automatically verifies if the address is legit:</span></div>
+<div class="line"><a id="l00456" name="l00456"></a><span class="lineno">  456</span>        <span class="keywordflow">if</span> (reportSuspiciousAddr(my_report, addr)) {</div>
+<div class="line"><a id="l00457" name="l00457"></a><span class="lineno">  457</span>            <span class="keywordflow">if</span> (my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a10b0bdf16cb9e7af32e1ab9b35532f68">status</a> == <a class="code hl_enumvalue" href="namespacepesieve.html#a458a4723ce4aa55fd1033f3e36381883aa8e008219c2ccce11f9d85b511f9b5a6">SCAN_SUSPICIOUS</a>) {</div>
+<div class="line"><a id="l00458" name="l00458"></a><span class="lineno">  458</span><span class="preprocessor">#ifdef _SHOW_THREAD_INFO</span></div>
+<div class="line"><a id="l00459" name="l00459"></a><span class="lineno">  459</span>                std::cout &lt;&lt; <span class="stringliteral">&quot;Found! &quot;</span> &lt;&lt; std::hex &lt;&lt; addr &lt;&lt; <span class="stringliteral">&quot;\n&quot;</span>;</div>
+<div class="line"><a id="l00460" name="l00460"></a><span class="lineno">  460</span><span class="preprocessor">#endif </span><span class="comment">//_SHOW_THREAD_INFO</span></div>
+<div class="line"><a id="l00461" name="l00461"></a><span class="lineno">  461</span>                <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
+<div class="line"><a id="l00462" name="l00462"></a><span class="lineno">  462</span>            }</div>
+<div class="line"><a id="l00463" name="l00463"></a><span class="lineno">  463</span>        }</div>
+<div class="line"><a id="l00464" name="l00464"></a><span class="lineno">  464</span>    }</div>
+<div class="line"><a id="l00465" name="l00465"></a><span class="lineno">  465</span> </div>
+<div class="line"><a id="l00466" name="l00466"></a><span class="lineno">  466</span>    <span class="keywordflow">if</span> (this-&gt;<a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.is_extended &amp;&amp; <a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.ext.state == Waiting</div>
+<div class="line"><a id="l00467" name="l00467"></a><span class="lineno">  467</span>        &amp;&amp; !cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#a236ccadbe7548913e6186651b56f1636">is_ret_in_frame</a>)</div>
+<div class="line"><a id="l00468" name="l00468"></a><span class="lineno">  468</span>    {</div>
+<div class="line"><a id="l00469" name="l00469"></a><span class="lineno">  469</span>        <span class="keyword">const</span> ULONGLONG ret_addr = cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#a9c9416530acb79291642a6af92a50088">ret_on_stack</a>;</div>
+<div class="line"><a id="l00470" name="l00470"></a><span class="lineno">  470</span>        is_shc = isAddrInShellcode(ret_addr);</div>
+<div class="line"><a id="l00471" name="l00471"></a><span class="lineno">  471</span><span class="preprocessor">#ifdef _SHOW_THREAD_INFO</span></div>
+<div class="line"><a id="l00472" name="l00472"></a><span class="lineno">  472</span>        std::cout &lt;&lt; <span class="stringliteral">&quot;Return addr: &quot;</span> &lt;&lt; std::hex &lt;&lt; ret_addr &lt;&lt; <span class="stringliteral">&quot;\n&quot;</span>;</div>
+<div class="line"><a id="l00473" name="l00473"></a><span class="lineno">  473</span>        printResolvedAddr(ret_addr);</div>
+<div class="line"><a id="l00474" name="l00474"></a><span class="lineno">  474</span><span class="preprocessor">#endif </span><span class="comment">//_SHOW_THREAD_INFO</span></div>
+<div class="line"><a id="l00475" name="l00475"></a><span class="lineno">  475</span>        <span class="keywordflow">if</span> (is_shc &amp;&amp; reportSuspiciousAddr(my_report, (ULONGLONG)ret_addr)) {</div>
+<div class="line"><a id="l00476" name="l00476"></a><span class="lineno">  476</span>            <span class="keywordflow">if</span> (my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a10b0bdf16cb9e7af32e1ab9b35532f68">status</a> == <a class="code hl_enumvalue" href="namespacepesieve.html#a458a4723ce4aa55fd1033f3e36381883aa8e008219c2ccce11f9d85b511f9b5a6">SCAN_SUSPICIOUS</a>) {</div>
+<div class="line"><a id="l00477" name="l00477"></a><span class="lineno">  477</span>                <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
+<div class="line"><a id="l00478" name="l00478"></a><span class="lineno">  478</span>            }</div>
+<div class="line"><a id="l00479" name="l00479"></a><span class="lineno">  479</span>            my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a10b0bdf16cb9e7af32e1ab9b35532f68">status</a> = <a class="code hl_enumvalue" href="namespacepesieve.html#a458a4723ce4aa55fd1033f3e36381883aa8e008219c2ccce11f9d85b511f9b5a6">SCAN_SUSPICIOUS</a>;</div>
+<div class="line"><a id="l00480" name="l00480"></a><span class="lineno">  480</span>            my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_thread_scan_report.html#af76335a4fb14998bd3fb0540bfd35473">stack_ptr</a> = cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#ab19759b888e6034d29dcaf6cedeed9bd">rsp</a>;</div>
+<div class="line"><a id="l00481" name="l00481"></a><span class="lineno">  481</span>            <span class="keywordflow">if</span> (my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_thread_scan_report.html#a00f0b36826c124dc6be154f0cdeb7f83">stats</a>.<a class="code hl_variable" href="classpesieve_1_1_area_entropy_stats.html#a82df077a940d6870308d72ba39cbeec2">entropy</a> &lt; 1) { <span class="comment">// discard, do not dump</span></div>
+<div class="line"><a id="l00482" name="l00482"></a><span class="lineno">  482</span>                my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a49bdf7d9e08c3b7ea427ccf1df2a15df">module</a> = 0;</div>
+<div class="line"><a id="l00483" name="l00483"></a><span class="lineno">  483</span>                my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a274ffb4b7c29b04c7b09852858540fac">moduleSize</a> = 0;</div>
+<div class="line"><a id="l00484" name="l00484"></a><span class="lineno">  484</span>            }</div>
+<div class="line"><a id="l00485" name="l00485"></a><span class="lineno">  485</span>            <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
+<div class="line"><a id="l00486" name="l00486"></a><span class="lineno">  486</span>        }</div>
+<div class="line"><a id="l00487" name="l00487"></a><span class="lineno">  487</span>    }</div>
+<div class="line"><a id="l00488" name="l00488"></a><span class="lineno">  488</span> </div>
+<div class="line"><a id="l00489" name="l00489"></a><span class="lineno">  489</span>    <span class="keyword">const</span> <span class="keywordtype">bool</span> hasEmptyGUI = <a class="code hl_function" href="thread__scanner_8cpp.html#a20dfb89b6f97369747479fad5b4e764b">has_empty_gui_info</a>(tid);</div>
+<div class="line"><a id="l00490" name="l00490"></a><span class="lineno">  490</span>    <span class="keywordflow">if</span> (hasEmptyGUI &amp;&amp;</div>
+<div class="line"><a id="l00491" name="l00491"></a><span class="lineno">  491</span>        cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#aabca56adbcd0155923d8e6b0e62599c5">stackFramesCount</a> == 1</div>
+<div class="line"><a id="l00492" name="l00492"></a><span class="lineno">  492</span>        &amp;&amp; this-&gt;info.is_extended &amp;&amp; <a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.ext.state == Waiting &amp;&amp; <a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.ext.wait_reason == UserRequest)</div>
+<div class="line"><a id="l00493" name="l00493"></a><span class="lineno">  493</span>    {</div>
+<div class="line"><a id="l00494" name="l00494"></a><span class="lineno">  494</span>        my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_thread_scan_report.html#aa4cc4cdcfd7be649a00dd57d46b70317">thread_state</a> = <a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.ext.state;</div>
+<div class="line"><a id="l00495" name="l00495"></a><span class="lineno">  495</span>        my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_thread_scan_report.html#acfe24bd84475b4de990f163e131a99e4">thread_wait_reason</a> = <a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.ext.wait_reason;</div>
+<div class="line"><a id="l00496" name="l00496"></a><span class="lineno">  496</span>        my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_thread_scan_report.html#a426ff44e71530e3f96236540d62d21e4">thread_wait_time</a> = <a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.ext.wait_time;</div>
+<div class="line"><a id="l00497" name="l00497"></a><span class="lineno">  497</span>        my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_thread_scan_report.html#af76335a4fb14998bd3fb0540bfd35473">stack_ptr</a> = cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#ab19759b888e6034d29dcaf6cedeed9bd">rsp</a>;</div>
+<div class="line"><a id="l00498" name="l00498"></a><span class="lineno">  498</span>        my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a10b0bdf16cb9e7af32e1ab9b35532f68">status</a> = <a class="code hl_enumvalue" href="namespacepesieve.html#a458a4723ce4aa55fd1033f3e36381883aa8e008219c2ccce11f9d85b511f9b5a6">SCAN_SUSPICIOUS</a>;</div>
+<div class="line"><a id="l00499" name="l00499"></a><span class="lineno">  499</span>    }</div>
+<div class="line"><a id="l00500" name="l00500"></a><span class="lineno">  500</span>    <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
+<div class="line"><a id="l00501" name="l00501"></a><span class="lineno">  501</span>}</div>
 </div>
-<div class="line"><a id="l00499" name="l00499"></a><span class="lineno">  499</span> </div>
-<div class="line"><a id="l00500" name="l00500"></a><span class="lineno">  500</span> </div>
-<div class="foldopen" id="foldopen00501" data-start="{" data-end="}">
-<div class="line"><a id="l00501" name="l00501"></a><span class="lineno"><a class="line" href="classpesieve_1_1_thread_scanner.html#a23839353374eedcda7c92b0c7ce6b3bf">  501</a></span><a class="code hl_class" href="classpesieve_1_1_thread_scan_report.html">ThreadScanReport</a>* <a class="code hl_function" href="classpesieve_1_1_thread_scanner.html#a23839353374eedcda7c92b0c7ce6b3bf">pesieve::ThreadScanner::scanRemote</a>()</div>
-<div class="line"><a id="l00502" name="l00502"></a><span class="lineno">  502</span>{</div>
-<div class="line"><a id="l00503" name="l00503"></a><span class="lineno">  503</span>    <a class="code hl_class" href="classpesieve_1_1_thread_scan_report.html">ThreadScanReport</a>* my_report = <span class="keyword">new</span> <a class="code hl_class" href="classpesieve_1_1_thread_scan_report.html">ThreadScanReport</a>(<a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.tid);</div>
-<div class="line"><a id="l00504" name="l00504"></a><span class="lineno">  504</span>    <span class="keywordflow">if</span> (!my_report) <span class="keywordflow">return</span> <span class="keyword">nullptr</span>;</div>
-<div class="line"><a id="l00505" name="l00505"></a><span class="lineno">  505</span> </div>
-<div class="line"><a id="l00506" name="l00506"></a><span class="lineno">  506</span><span class="preprocessor">#ifdef _SHOW_THREAD_INFO</span></div>
-<div class="line"><a id="l00507" name="l00507"></a><span class="lineno">  507</span>    printThreadInfo(<a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>);</div>
-<div class="line"><a id="l00508" name="l00508"></a><span class="lineno">  508</span><span class="preprocessor">#endif </span><span class="comment">// _SHOW_THREAD_INFO</span></div>
-<div class="line"><a id="l00509" name="l00509"></a><span class="lineno">  509</span> </div>
-<div class="line"><a id="l00510" name="l00510"></a><span class="lineno">  510</span>    <span class="keywordtype">bool</span> is_shc = isAddrInShellcode(<a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.start_addr);</div>
-<div class="line"><a id="l00511" name="l00511"></a><span class="lineno">  511</span>    <span class="keywordflow">if</span> (is_shc) {</div>
-<div class="line"><a id="l00512" name="l00512"></a><span class="lineno">  512</span>        <span class="keywordflow">if</span> (reportSuspiciousAddr(my_report, <a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.start_addr)) {</div>
-<div class="line"><a id="l00513" name="l00513"></a><span class="lineno">  513</span>            <span class="keywordflow">if</span> (my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a10b0bdf16cb9e7af32e1ab9b35532f68">status</a> == <a class="code hl_enumvalue" href="namespacepesieve.html#a458a4723ce4aa55fd1033f3e36381883aa8e008219c2ccce11f9d85b511f9b5a6">SCAN_SUSPICIOUS</a>) {</div>
-<div class="line"><a id="l00514" name="l00514"></a><span class="lineno">  514</span>                <span class="keywordflow">return</span> my_report;</div>
-<div class="line"><a id="l00515" name="l00515"></a><span class="lineno">  515</span>            }</div>
-<div class="line"><a id="l00516" name="l00516"></a><span class="lineno">  516</span>        }</div>
-<div class="line"><a id="l00517" name="l00517"></a><span class="lineno">  517</span>    }</div>
-<div class="line"><a id="l00518" name="l00518"></a><span class="lineno">  518</span>    <span class="keywordflow">if</span> (!<a class="code hl_function" href="thread__scanner_8cpp.html#acde231c42b9527dcc026402dcb8b9d87">should_scan_context</a>(<a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>)) {</div>
-<div class="line"><a id="l00519" name="l00519"></a><span class="lineno">  519</span>        my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a10b0bdf16cb9e7af32e1ab9b35532f68">status</a> = <a class="code hl_enumvalue" href="namespacepesieve.html#a458a4723ce4aa55fd1033f3e36381883a898214572c7aff1aca29db4a3ec9856d">SCAN_NOT_SUSPICIOUS</a>;</div>
-<div class="line"><a id="l00520" name="l00520"></a><span class="lineno">  520</span>        <span class="keywordflow">return</span> my_report;</div>
-<div class="line"><a id="l00521" name="l00521"></a><span class="lineno">  521</span>    }</div>
-<div class="line"><a id="l00522" name="l00522"></a><span class="lineno">  522</span>    <span class="comment">// proceed with detailed checks:</span></div>
-<div class="line"><a id="l00523" name="l00523"></a><span class="lineno">  523</span>    HANDLE hThread = OpenThread(</div>
-<div class="line"><a id="l00524" name="l00524"></a><span class="lineno">  524</span>        THREAD_GET_CONTEXT | THREAD_QUERY_INFORMATION | SYNCHRONIZE,</div>
-<div class="line"><a id="l00525" name="l00525"></a><span class="lineno">  525</span>        FALSE,</div>
-<div class="line"><a id="l00526" name="l00526"></a><span class="lineno">  526</span>        <a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.tid</div>
-<div class="line"><a id="l00527" name="l00527"></a><span class="lineno">  527</span>    );</div>
-<div class="line"><a id="l00528" name="l00528"></a><span class="lineno">  528</span>    <span class="keywordflow">if</span> (!hThread) {</div>
-<div class="line"><a id="l00529" name="l00529"></a><span class="lineno">  529</span><span class="preprocessor">#ifdef _DEBUG</span></div>
-<div class="line"><a id="l00530" name="l00530"></a><span class="lineno">  530</span>        std::cerr &lt;&lt; <span class="stringliteral">&quot;[-] Could not OpenThread. Error: &quot;</span> &lt;&lt; GetLastError() &lt;&lt; std::endl;</div>
-<div class="line"><a id="l00531" name="l00531"></a><span class="lineno">  531</span><span class="preprocessor">#endif</span></div>
-<div class="line"><a id="l00532" name="l00532"></a><span class="lineno">  532</span>        my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a10b0bdf16cb9e7af32e1ab9b35532f68">status</a> = <a class="code hl_enumvalue" href="namespacepesieve.html#a458a4723ce4aa55fd1033f3e36381883ab619b7720957ba16403f9eb619bba747">SCAN_ERROR</a>;</div>
-<div class="line"><a id="l00533" name="l00533"></a><span class="lineno">  533</span>        <span class="keywordflow">return</span> my_report;</div>
-<div class="line"><a id="l00534" name="l00534"></a><span class="lineno">  534</span>    }</div>
-<div class="line"><a id="l00535" name="l00535"></a><span class="lineno">  535</span>    scanRemoteThreadCtx(hThread, my_report);</div>
-<div class="line"><a id="l00536" name="l00536"></a><span class="lineno">  536</span>    CloseHandle(hThread);</div>
-<div class="line"><a id="l00537" name="l00537"></a><span class="lineno">  537</span>    <span class="keywordflow">return</span> my_report;</div>
-<div class="line"><a id="l00538" name="l00538"></a><span class="lineno">  538</span>}</div>
+<div class="line"><a id="l00502" name="l00502"></a><span class="lineno">  502</span> </div>
+<div class="line"><a id="l00503" name="l00503"></a><span class="lineno">  503</span> </div>
+<div class="foldopen" id="foldopen00504" data-start="{" data-end="}">
+<div class="line"><a id="l00504" name="l00504"></a><span class="lineno"><a class="line" href="classpesieve_1_1_thread_scanner.html#a23839353374eedcda7c92b0c7ce6b3bf">  504</a></span><a class="code hl_class" href="classpesieve_1_1_thread_scan_report.html">ThreadScanReport</a>* <a class="code hl_function" href="classpesieve_1_1_thread_scanner.html#a23839353374eedcda7c92b0c7ce6b3bf">pesieve::ThreadScanner::scanRemote</a>()</div>
+<div class="line"><a id="l00505" name="l00505"></a><span class="lineno">  505</span>{</div>
+<div class="line"><a id="l00506" name="l00506"></a><span class="lineno">  506</span>    <a class="code hl_class" href="classpesieve_1_1_thread_scan_report.html">ThreadScanReport</a>* my_report = <span class="keyword">new</span> <a class="code hl_class" href="classpesieve_1_1_thread_scan_report.html">ThreadScanReport</a>(<a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.tid);</div>
+<div class="line"><a id="l00507" name="l00507"></a><span class="lineno">  507</span>    <span class="keywordflow">if</span> (!my_report) <span class="keywordflow">return</span> <span class="keyword">nullptr</span>;</div>
+<div class="line"><a id="l00508" name="l00508"></a><span class="lineno">  508</span> </div>
+<div class="line"><a id="l00509" name="l00509"></a><span class="lineno">  509</span><span class="preprocessor">#ifdef _SHOW_THREAD_INFO</span></div>
+<div class="line"><a id="l00510" name="l00510"></a><span class="lineno">  510</span>    printThreadInfo(<a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>);</div>
+<div class="line"><a id="l00511" name="l00511"></a><span class="lineno">  511</span><span class="preprocessor">#endif </span><span class="comment">// _SHOW_THREAD_INFO</span></div>
+<div class="line"><a id="l00512" name="l00512"></a><span class="lineno">  512</span> </div>
+<div class="line"><a id="l00513" name="l00513"></a><span class="lineno">  513</span>    <span class="keywordtype">bool</span> is_shc = isAddrInShellcode(<a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.start_addr);</div>
+<div class="line"><a id="l00514" name="l00514"></a><span class="lineno">  514</span>    <span class="keywordflow">if</span> (is_shc) {</div>
+<div class="line"><a id="l00515" name="l00515"></a><span class="lineno">  515</span>        <span class="keywordflow">if</span> (reportSuspiciousAddr(my_report, <a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.start_addr)) {</div>
+<div class="line"><a id="l00516" name="l00516"></a><span class="lineno">  516</span>            <span class="keywordflow">if</span> (my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a10b0bdf16cb9e7af32e1ab9b35532f68">status</a> == <a class="code hl_enumvalue" href="namespacepesieve.html#a458a4723ce4aa55fd1033f3e36381883aa8e008219c2ccce11f9d85b511f9b5a6">SCAN_SUSPICIOUS</a>) {</div>
+<div class="line"><a id="l00517" name="l00517"></a><span class="lineno">  517</span>                <span class="keywordflow">return</span> my_report;</div>
+<div class="line"><a id="l00518" name="l00518"></a><span class="lineno">  518</span>            }</div>
+<div class="line"><a id="l00519" name="l00519"></a><span class="lineno">  519</span>        }</div>
+<div class="line"><a id="l00520" name="l00520"></a><span class="lineno">  520</span>    }</div>
+<div class="line"><a id="l00521" name="l00521"></a><span class="lineno">  521</span>    <span class="keywordflow">if</span> (!<a class="code hl_function" href="thread__scanner_8cpp.html#acde231c42b9527dcc026402dcb8b9d87">should_scan_context</a>(<a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>)) {</div>
+<div class="line"><a id="l00522" name="l00522"></a><span class="lineno">  522</span>        my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a10b0bdf16cb9e7af32e1ab9b35532f68">status</a> = <a class="code hl_enumvalue" href="namespacepesieve.html#a458a4723ce4aa55fd1033f3e36381883a898214572c7aff1aca29db4a3ec9856d">SCAN_NOT_SUSPICIOUS</a>;</div>
+<div class="line"><a id="l00523" name="l00523"></a><span class="lineno">  523</span>        <span class="keywordflow">return</span> my_report;</div>
+<div class="line"><a id="l00524" name="l00524"></a><span class="lineno">  524</span>    }</div>
+<div class="line"><a id="l00525" name="l00525"></a><span class="lineno">  525</span>    <span class="comment">// proceed with detailed checks:</span></div>
+<div class="line"><a id="l00526" name="l00526"></a><span class="lineno">  526</span>    HANDLE hThread = OpenThread(</div>
+<div class="line"><a id="l00527" name="l00527"></a><span class="lineno">  527</span>        THREAD_GET_CONTEXT | THREAD_QUERY_INFORMATION | SYNCHRONIZE,</div>
+<div class="line"><a id="l00528" name="l00528"></a><span class="lineno">  528</span>        FALSE,</div>
+<div class="line"><a id="l00529" name="l00529"></a><span class="lineno">  529</span>        <a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.tid</div>
+<div class="line"><a id="l00530" name="l00530"></a><span class="lineno">  530</span>    );</div>
+<div class="line"><a id="l00531" name="l00531"></a><span class="lineno">  531</span>    <span class="keywordflow">if</span> (!hThread) {</div>
+<div class="line"><a id="l00532" name="l00532"></a><span class="lineno">  532</span><span class="preprocessor">#ifdef _DEBUG</span></div>
+<div class="line"><a id="l00533" name="l00533"></a><span class="lineno">  533</span>        std::cerr &lt;&lt; <span class="stringliteral">&quot;[-] Could not OpenThread. Error: &quot;</span> &lt;&lt; GetLastError() &lt;&lt; std::endl;</div>
+<div class="line"><a id="l00534" name="l00534"></a><span class="lineno">  534</span><span class="preprocessor">#endif</span></div>
+<div class="line"><a id="l00535" name="l00535"></a><span class="lineno">  535</span>        my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a10b0bdf16cb9e7af32e1ab9b35532f68">status</a> = <a class="code hl_enumvalue" href="namespacepesieve.html#a458a4723ce4aa55fd1033f3e36381883ab619b7720957ba16403f9eb619bba747">SCAN_ERROR</a>;</div>
+<div class="line"><a id="l00536" name="l00536"></a><span class="lineno">  536</span>        <span class="keywordflow">return</span> my_report;</div>
+<div class="line"><a id="l00537" name="l00537"></a><span class="lineno">  537</span>    }</div>
+<div class="line"><a id="l00538" name="l00538"></a><span class="lineno">  538</span>    scanRemoteThreadCtx(hThread, my_report);</div>
+<div class="line"><a id="l00539" name="l00539"></a><span class="lineno">  539</span>    CloseHandle(hThread);</div>
+<div class="line"><a id="l00540" name="l00540"></a><span class="lineno">  540</span>    <span class="keywordflow">return</span> my_report;</div>
+<div class="line"><a id="l00541" name="l00541"></a><span class="lineno">  541</span>}</div>
 </div>
 <div class="ttc" id="aclasspesieve_1_1_area_entropy_stats_html_a82df077a940d6870308d72ba39cbeec2"><div class="ttname"><a href="classpesieve_1_1_area_entropy_stats.html#a82df077a940d6870308d72ba39cbeec2">pesieve::AreaEntropyStats::entropy</a></div><div class="ttdeci">double entropy</div><div class="ttdef"><b>Definition</b> <a href="entropy__stats_8h_source.html#l00036">entropy_stats.h:36</a></div></div>
 <div class="ttc" id="aclasspesieve_1_1_area_stats_calculator_html"><div class="ttname"><a href="classpesieve_1_1_area_stats_calculator.html">pesieve::AreaStatsCalculator</a></div><div class="ttdoc">A class responsible for filling in the statistics with the data from the particular buffer.</div><div class="ttdef"><b>Definition</b> <a href="stats_8h_source.html#l00073">stats.h:73</a></div></div>
@@ -691,7 +694,7 @@
 <div class="ttc" id="aclasspesieve_1_1_thread_scan_report_html_acfe24bd84475b4de990f163e131a99e4"><div class="ttname"><a href="classpesieve_1_1_thread_scan_report.html#acfe24bd84475b4de990f163e131a99e4">pesieve::ThreadScanReport::thread_wait_reason</a></div><div class="ttdeci">DWORD thread_wait_reason</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8h_source.html#l00093">thread_scanner.h:93</a></div></div>
 <div class="ttc" id="aclasspesieve_1_1_thread_scan_report_html_af30839203957e838bc299232e05ab735"><div class="ttname"><a href="classpesieve_1_1_thread_scan_report.html#af30839203957e838bc299232e05ab735">pesieve::ThreadScanReport::translate_thread_state</a></div><div class="ttdeci">static std::string translate_thread_state(DWORD thread_state)</div><div class="ttdef"><b>Definition</b> <a href="#l00118">thread_scanner.cpp:118</a></div></div>
 <div class="ttc" id="aclasspesieve_1_1_thread_scan_report_html_af76335a4fb14998bd3fb0540bfd35473"><div class="ttname"><a href="classpesieve_1_1_thread_scan_report.html#af76335a4fb14998bd3fb0540bfd35473">pesieve::ThreadScanReport::stack_ptr</a></div><div class="ttdeci">ULONGLONG stack_ptr</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8h_source.html#l00091">thread_scanner.h:91</a></div></div>
-<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_a23839353374eedcda7c92b0c7ce6b3bf"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#a23839353374eedcda7c92b0c7ce6b3bf">pesieve::ThreadScanner::scanRemote</a></div><div class="ttdeci">virtual ThreadScanReport * scanRemote()</div><div class="ttdef"><b>Definition</b> <a href="#l00501">thread_scanner.cpp:501</a></div></div>
+<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_a23839353374eedcda7c92b0c7ce6b3bf"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#a23839353374eedcda7c92b0c7ce6b3bf">pesieve::ThreadScanner::scanRemote</a></div><div class="ttdeci">virtual ThreadScanReport * scanRemote()</div><div class="ttdef"><b>Definition</b> <a href="#l00504">thread_scanner.cpp:504</a></div></div>
 <div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_a36850edb808d4be733631fa2bcd3b7b4"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#a36850edb808d4be733631fa2bcd3b7b4">pesieve::ThreadScanner::reportSuspiciousAddr</a></div><div class="ttdeci">bool reportSuspiciousAddr(ThreadScanReport *my_report, ULONGLONG susp_addr)</div><div class="ttdef"><b>Definition</b> <a href="#l00366">thread_scanner.cpp:366</a></div></div>
 <div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_a4bb1f60bbf77e4faed6d288ef3e83b9f"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#a4bb1f60bbf77e4faed6d288ef3e83b9f">pesieve::ThreadScanner::fillCallStackInfo</a></div><div class="ttdeci">size_t fillCallStackInfo(IN HANDLE hProcess, IN HANDLE hThread, IN LPVOID ctx, IN OUT ctx_details &amp;cDetails)</div><div class="ttdef"><b>Definition</b> <a href="#l00195">thread_scanner.cpp:195</a></div></div>
 <div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_a75c0be0ec6ea82b700f3ca5e846a0675"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#a75c0be0ec6ea82b700f3ca5e846a0675">pesieve::ThreadScanner::printThreadInfo</a></div><div class="ttdeci">void printThreadInfo(const util::thread_info &amp;threadi)</div><div class="ttdef"><b>Definition</b> <a href="#l00322">thread_scanner.cpp:322</a></div></div>
@@ -700,7 +703,7 @@
 <div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_aaaaef1f47c9746bbc346b00b7da57f6b"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#aaaaef1f47c9746bbc346b00b7da57f6b">pesieve::ThreadScanner::analyzeCallStack</a></div><div class="ttdeci">size_t analyzeCallStack(IN const std::vector&lt; ULONGLONG &gt; stack_frame, IN OUT ctx_details &amp;cDetails)</div><div class="ttdef"><b>Definition</b> <a href="#l00139">thread_scanner.cpp:139</a></div></div>
 <div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_ab1cc74daf162025643c225c29cd8225b"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#ab1cc74daf162025643c225c29cd8225b">pesieve::ThreadScanner::fetchThreadCtxDetails</a></div><div class="ttdeci">bool fetchThreadCtxDetails(IN HANDLE hProcess, IN HANDLE hThread, OUT ctx_details &amp;c)</div><div class="ttdef"><b>Definition</b> <a href="#l00241">thread_scanner.cpp:241</a></div></div>
 <div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_ac35db3f1ec2765f9dda550b04f0cb9ee"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#ac35db3f1ec2765f9dda550b04f0cb9ee">pesieve::ThreadScanner::printResolvedAddr</a></div><div class="ttdeci">bool printResolvedAddr(ULONGLONG addr)</div><div class="ttdef"><b>Definition</b> <a href="#l00292">thread_scanner.cpp:292</a></div></div>
-<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_ae1bd5026205bae8766930b5d26c7cedf"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#ae1bd5026205bae8766930b5d26c7cedf">pesieve::ThreadScanner::scanRemoteThreadCtx</a></div><div class="ttdeci">bool scanRemoteThreadCtx(HANDLE hThread, ThreadScanReport *my_report)</div><div class="ttdef"><b>Definition</b> <a href="#l00415">thread_scanner.cpp:415</a></div></div>
+<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_ae1bd5026205bae8766930b5d26c7cedf"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#ae1bd5026205bae8766930b5d26c7cedf">pesieve::ThreadScanner::scanRemoteThreadCtx</a></div><div class="ttdeci">bool scanRemoteThreadCtx(HANDLE hThread, ThreadScanReport *my_report)</div><div class="ttdef"><b>Definition</b> <a href="#l00418">thread_scanner.cpp:418</a></div></div>
 <div class="ttc" id="amempage__data_8h_html"><div class="ttname"><a href="mempage__data_8h.html">mempage_data.h</a></div></div>
 <div class="ttc" id="anamespacepesieve_1_1util_html_a43b6faf00b6a97279f2d67f4a3fd2513"><div class="ttname"><a href="namespacepesieve_1_1util.html#a43b6faf00b6a97279f2d67f4a3fd2513">pesieve::util::is_process_wow64</a></div><div class="ttdeci">BOOL is_process_wow64(IN HANDLE processHandle, OUT BOOL *isProcWow64)</div><div class="ttdef"><b>Definition</b> <a href="process__util_8cpp_source.html#l00027">process_util.cpp:27</a></div></div>
 <div class="ttc" id="anamespacepesieve_1_1util_html_adafdd61439fc2750cec84fb15d59ecf8"><div class="ttname"><a href="namespacepesieve_1_1util.html#adafdd61439fc2750cec84fb15d59ecf8">pesieve::util::wow64_get_thread_context</a></div><div class="ttdeci">BOOL wow64_get_thread_context(IN HANDLE hThread, IN OUT PWOW64_CONTEXT lpContext)</div><div class="ttdef"><b>Definition</b> <a href="process__util_8cpp_source.html#l00073">process_util.cpp:73</a></div></div>
diff --git a/thread__scanner_8h_source.html b/thread__scanner_8h_source.html
index af547eae2..41d8a629c 100644
--- a/thread__scanner_8h_source.html
+++ b/thread__scanner_8h_source.html
@@ -295,7 +295,7 @@
 <div class="ttc" id="aclasspesieve_1_1_thread_scanner_html"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html">pesieve::ThreadScanner</a></div><div class="ttdef"><b>Definition</b> <a href="#l00131">thread_scanner.h:131</a></div></div>
 <div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_a0b863bc69b85ae721666a1e3c6116937"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#a0b863bc69b85ae721666a1e3c6116937">pesieve::ThreadScanner::ThreadScanner</a></div><div class="ttdeci">ThreadScanner(HANDLE hProc, bool _isReflection, const util::thread_info &amp;_info, ModulesInfo &amp;_modulesInfo, peconv::ExportsMapper *_exportsMap, ProcessSymbolsManager *_symbols)</div><div class="ttdef"><b>Definition</b> <a href="#l00133">thread_scanner.h:133</a></div></div>
 <div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_a121637d2eb96737a16a8bd43d5017d2a"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#a121637d2eb96737a16a8bd43d5017d2a">pesieve::ThreadScanner::isReflection</a></div><div class="ttdeci">bool isReflection</div><div class="ttdef"><b>Definition</b> <a href="#l00152">thread_scanner.h:152</a></div></div>
-<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_a23839353374eedcda7c92b0c7ce6b3bf"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#a23839353374eedcda7c92b0c7ce6b3bf">pesieve::ThreadScanner::scanRemote</a></div><div class="ttdeci">virtual ThreadScanReport * scanRemote()</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8cpp_source.html#l00501">thread_scanner.cpp:501</a></div></div>
+<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_a23839353374eedcda7c92b0c7ce6b3bf"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#a23839353374eedcda7c92b0c7ce6b3bf">pesieve::ThreadScanner::scanRemote</a></div><div class="ttdeci">virtual ThreadScanReport * scanRemote()</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8cpp_source.html#l00504">thread_scanner.cpp:504</a></div></div>
 <div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_a36850edb808d4be733631fa2bcd3b7b4"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#a36850edb808d4be733631fa2bcd3b7b4">pesieve::ThreadScanner::reportSuspiciousAddr</a></div><div class="ttdeci">bool reportSuspiciousAddr(ThreadScanReport *my_report, ULONGLONG susp_addr)</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8cpp_source.html#l00366">thread_scanner.cpp:366</a></div></div>
 <div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_a4bb1f60bbf77e4faed6d288ef3e83b9f"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#a4bb1f60bbf77e4faed6d288ef3e83b9f">pesieve::ThreadScanner::fillCallStackInfo</a></div><div class="ttdeci">size_t fillCallStackInfo(IN HANDLE hProcess, IN HANDLE hThread, IN LPVOID ctx, IN OUT ctx_details &amp;cDetails)</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8cpp_source.html#l00195">thread_scanner.cpp:195</a></div></div>
 <div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_a75c0be0ec6ea82b700f3ca5e846a0675"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#a75c0be0ec6ea82b700f3ca5e846a0675">pesieve::ThreadScanner::printThreadInfo</a></div><div class="ttdeci">void printThreadInfo(const util::thread_info &amp;threadi)</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8cpp_source.html#l00322">thread_scanner.cpp:322</a></div></div>
@@ -307,7 +307,7 @@
 <div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_ab1cc74daf162025643c225c29cd8225b"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#ab1cc74daf162025643c225c29cd8225b">pesieve::ThreadScanner::fetchThreadCtxDetails</a></div><div class="ttdeci">bool fetchThreadCtxDetails(IN HANDLE hProcess, IN HANDLE hThread, OUT ctx_details &amp;c)</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8cpp_source.html#l00241">thread_scanner.cpp:241</a></div></div>
 <div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_ac35db3f1ec2765f9dda550b04f0cb9ee"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#ac35db3f1ec2765f9dda550b04f0cb9ee">pesieve::ThreadScanner::printResolvedAddr</a></div><div class="ttdeci">bool printResolvedAddr(ULONGLONG addr)</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8cpp_source.html#l00292">thread_scanner.cpp:292</a></div></div>
 <div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_ad455f81b20ec49dc2968d6f2db67ae13"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#ad455f81b20ec49dc2968d6f2db67ae13">pesieve::ThreadScanner::symbols</a></div><div class="ttdeci">ProcessSymbolsManager * symbols</div><div class="ttdef"><b>Definition</b> <a href="#l00156">thread_scanner.h:156</a></div></div>
-<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_ae1bd5026205bae8766930b5d26c7cedf"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#ae1bd5026205bae8766930b5d26c7cedf">pesieve::ThreadScanner::scanRemoteThreadCtx</a></div><div class="ttdeci">bool scanRemoteThreadCtx(HANDLE hThread, ThreadScanReport *my_report)</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8cpp_source.html#l00415">thread_scanner.cpp:415</a></div></div>
+<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_ae1bd5026205bae8766930b5d26c7cedf"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#ae1bd5026205bae8766930b5d26c7cedf">pesieve::ThreadScanner::scanRemoteThreadCtx</a></div><div class="ttdeci">bool scanRemoteThreadCtx(HANDLE hThread, ThreadScanReport *my_report)</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8cpp_source.html#l00418">thread_scanner.cpp:418</a></div></div>
 <div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_ae52ae17b09541a02b7be5c288eb220fd"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#ae52ae17b09541a02b7be5c288eb220fd">pesieve::ThreadScanner::modulesInfo</a></div><div class="ttdeci">ModulesInfo &amp; modulesInfo</div><div class="ttdef"><b>Definition</b> <a href="#l00154">thread_scanner.h:154</a></div></div>
 <div class="ttc" id="aclasspesieve_1_1t__json__level_html"><div class="ttname"><a href="classpesieve_1_1t__json__level.html">pesieve.t_json_level</a></div><div class="ttdef"><b>Definition</b> <a href="pesieve_8py_source.html#l00082">pesieve.py:82</a></div></div>
 <div class="ttc" id="aentropy__stats_8h_html"><div class="ttname"><a href="entropy__stats_8h.html">entropy_stats.h</a></div></div>