diff --git a/classpesieve_1_1_thread_scan_report.html b/classpesieve_1_1_thread_scan_report.html
index 1fc49cc5e..a12f5a4ee 100644
--- a/classpesieve_1_1_thread_scan_report.html
+++ b/classpesieve_1_1_thread_scan_report.html
@@ -369,7 +369,7 @@ <h2 class="memtitle"><span class="permalink"><a href="#af30839203957e838bc299232
 </table>
 </div><div class="memdoc">
 
-<p class="definition">Definition at line <a class="el" href="thread__scanner_8cpp_source.html#l00151">151</a> of file <a class="el" href="thread__scanner_8cpp_source.html">thread_scanner.cpp</a>.</p>
+<p class="definition">Definition at line <a class="el" href="thread__scanner_8cpp_source.html#l00152">152</a> of file <a class="el" href="thread__scanner_8cpp_source.html">thread_scanner.cpp</a>.</p>
 
 </div>
 </div>
@@ -396,7 +396,7 @@ <h2 class="memtitle"><span class="permalink"><a href="#a6d190b1f19a3a9fe2c81cd18
 </table>
 </div><div class="memdoc">
 
-<p class="definition">Definition at line <a class="el" href="thread__scanner_8cpp_source.html#l00135">135</a> of file <a class="el" href="thread__scanner_8cpp_source.html">thread_scanner.cpp</a>.</p>
+<p class="definition">Definition at line <a class="el" href="thread__scanner_8cpp_source.html#l00136">136</a> of file <a class="el" href="thread__scanner_8cpp_source.html">thread_scanner.cpp</a>.</p>
 
 </div>
 </div>
diff --git a/classpesieve_1_1_thread_scanner.html b/classpesieve_1_1_thread_scanner.html
index bb07d7027..3774b6daf 100644
--- a/classpesieve_1_1_thread_scanner.html
+++ b/classpesieve_1_1_thread_scanner.html
@@ -246,7 +246,7 @@ <h2 class="memtitle"><span class="permalink"><a href="#aaaaef1f47c9746bbc346b00b
 </table>
 </div><div class="memdoc">
 
-<p class="definition">Definition at line <a class="el" href="thread__scanner_8cpp_source.html#l00212">212</a> of file <a class="el" href="thread__scanner_8cpp_source.html">thread_scanner.cpp</a>.</p>
+<p class="definition">Definition at line <a class="el" href="thread__scanner_8cpp_source.html#l00222">222</a> of file <a class="el" href="thread__scanner_8cpp_source.html">thread_scanner.cpp</a>.</p>
 <div class="dynheader">
 Here is the call graph for this function:</div>
 <div class="dyncontent">
@@ -283,23 +283,32 @@ <h2 class="memtitle"><span class="permalink"><a href="#aed5b08704f3c1e96e9d8e00b
 </table>
 </div><div class="memdoc">
 
-<p class="definition">Definition at line <a class="el" href="thread__scanner_8cpp_source.html#l00172">172</a> of file <a class="el" href="thread__scanner_8cpp_source.html">thread_scanner.cpp</a>.</p>
+<p class="definition">Definition at line <a class="el" href="thread__scanner_8cpp_source.html#l00173">173</a> of file <a class="el" href="thread__scanner_8cpp_source.html">thread_scanner.cpp</a>.</p>
 <div class="dynheader">
 Here is the call graph for this function:</div>
 <div class="dyncontent">
 <div class="center"><img src="classpesieve_1_1_thread_scanner_aed5b08704f3c1e96e9d8e00b05c7768f_cgraph.png" border="0" usemap="#aclasspesieve_1_1_thread_scanner_aed5b08704f3c1e96e9d8e00b05c7768f_cgraph" alt=""/></div>
 <map name="aclasspesieve_1_1_thread_scanner_aed5b08704f3c1e96e9d8e00b05c7768f_cgraph" id="aclasspesieve_1_1_thread_scanner_aed5b08704f3c1e96e9d8e00b05c7768f_cgraph">
-<area shape="rect" title=" " alt="" coords="5,128,179,169"/>
+<area shape="rect" title=" " alt="" coords="5,157,179,198"/>
 <area shape="rect" href="classpesieve_1_1_scanned_module.html#a032f8ad62f6bd513835a020fa8f55abb" title=" " alt="" coords="227,5,392,46"/>
-<area shape="poly" title=" " alt="" coords="119,125,168,91,225,57,238,50,240,55,228,61,171,96,122,130"/>
+<area shape="poly" title=" " alt="" coords="111,155,160,107,225,57,235,51,238,56,228,61,163,111,114,159"/>
 <area shape="rect" href="structpesieve_1_1_syscall_table.html#a8861442dc69bfcc4bdd042cee33d444b" title=" " alt="" coords="236,71,382,111"/>
-<area shape="poly" title=" " alt="" coords="171,125,220,112,222,117,172,130"/>
+<area shape="poly" title=" " alt="" coords="143,154,226,121,240,115,242,120,228,125,145,159"/>
 <area shape="rect" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84" title="The string with the basic information about the scanner." alt="" coords="263,136,356,161"/>
-<area shape="poly" title=" " alt="" coords="179,146,247,146,247,151,179,151"/>
-<area shape="rect" href="structpesieve_1_1_syscall_table.html#a88e2aaa8bdf47d29d611c198a49bcf97" title=" " alt="" coords="236,185,382,226"/>
-<area shape="poly" title=" " alt="" coords="172,167,222,180,220,185,171,172"/>
-<area shape="rect" href="structpesieve_1_1_syscall_table.html#a14a36e5a99adfc3322ab8f2b96d1faf2" title=" " alt="" coords="236,251,382,291"/>
-<area shape="poly" title=" " alt="" coords="122,167,171,201,228,235,240,241,238,246,225,240,168,205,119,171"/>
+<area shape="poly" title=" " alt="" coords="178,163,247,154,248,159,179,169"/>
+<area shape="rect" href="namespacepesieve_1_1util.html#a8d7eb7eb1b3e3c05251341d0c14d82be" title=" " alt="" coords="233,185,386,226"/>
+<area shape="poly" title=" " alt="" coords="179,186,218,191,217,197,178,191"/>
+<area shape="rect" href="structpesieve_1_1_syscall_table.html#a88e2aaa8bdf47d29d611c198a49bcf97" title=" " alt="" coords="236,251,382,291"/>
+<area shape="poly" title=" " alt="" coords="140,196,228,235,243,242,241,247,226,240,138,201"/>
+<area shape="rect" href="structpesieve_1_1_syscall_table.html#a14a36e5a99adfc3322ab8f2b96d1faf2" title=" " alt="" coords="236,316,382,357"/>
+<area shape="poly" title=" " alt="" coords="113,196,162,248,194,276,228,301,237,306,235,311,225,305,191,280,158,251,109,200"/>
+<area shape="rect" href="namespacepesieve_1_1util.html#aa85f1f0a0e6bca89adf99decf129714c" title=" " alt="" coords="646,165,779,190"/>
+<area shape="poly" title=" " alt="" coords="386,198,631,181,631,186,386,203"/>
+<area shape="rect" href="namespacepesieve_1_1util.html#a43b6faf00b6a97279f2d67f4a3fd2513" title=" " alt="" coords="440,215,598,255"/>
+<area shape="poly" title=" " alt="" coords="386,214,425,219,424,224,386,219"/>
+<area shape="poly" title=" " alt="" coords="589,212,651,193,653,198,591,217"/>
+<area shape="rect" href="namespacepesieve_1_1util.html#a86a2a1d5b1cd1861d424c2b06a3b961e" title=" " alt="" coords="656,215,769,255"/>
+<area shape="poly" title=" " alt="" coords="599,232,641,232,641,238,599,238"/>
 </map>
 </div>
 
@@ -337,7 +346,7 @@ <h2 class="memtitle"><span class="permalink"><a href="#ab1cc74daf162025643c225c2
 </table>
 </div><div class="memdoc">
 
-<p class="definition">Definition at line <a class="el" href="thread__scanner_8cpp_source.html#l00318">318</a> of file <a class="el" href="thread__scanner_8cpp_source.html">thread_scanner.cpp</a>.</p>
+<p class="definition">Definition at line <a class="el" href="thread__scanner_8cpp_source.html#l00328">328</a> of file <a class="el" href="thread__scanner_8cpp_source.html">thread_scanner.cpp</a>.</p>
 <div class="dynheader">
 Here is the call graph for this function:</div>
 <div class="dyncontent">
@@ -384,7 +393,7 @@ <h2 class="memtitle"><span class="permalink"><a href="#a79df00ed9c178f7eab47cbb8
 </table>
 </div><div class="memdoc">
 
-<p class="definition">Definition at line <a class="el" href="thread__scanner_8cpp_source.html#l00420">420</a> of file <a class="el" href="thread__scanner_8cpp_source.html">thread_scanner.cpp</a>.</p>
+<p class="definition">Definition at line <a class="el" href="thread__scanner_8cpp_source.html#l00430">430</a> of file <a class="el" href="thread__scanner_8cpp_source.html">thread_scanner.cpp</a>.</p>
 <div class="dynheader">
 Here is the call graph for this function:</div>
 <div class="dyncontent">
@@ -459,7 +468,7 @@ <h2 class="memtitle"><span class="permalink"><a href="#a4bb1f60bbf77e4faed6d288e
 </table>
 </div><div class="memdoc">
 
-<p class="definition">Definition at line <a class="el" href="thread__scanner_8cpp_source.html#l00268">268</a> of file <a class="el" href="thread__scanner_8cpp_source.html">thread_scanner.cpp</a>.</p>
+<p class="definition">Definition at line <a class="el" href="thread__scanner_8cpp_source.html#l00278">278</a> of file <a class="el" href="thread__scanner_8cpp_source.html">thread_scanner.cpp</a>.</p>
 <div class="dynheader">
 Here is the call graph for this function:</div>
 <div class="dyncontent">
@@ -496,7 +505,7 @@ <h2 class="memtitle"><span class="permalink"><a href="#a912120f6549a8b27c3e8166c
 </table>
 </div><div class="memdoc">
 
-<p class="definition">Definition at line <a class="el" href="thread__scanner_8cpp_source.html#l00357">357</a> of file <a class="el" href="thread__scanner_8cpp_source.html">thread_scanner.cpp</a>.</p>
+<p class="definition">Definition at line <a class="el" href="thread__scanner_8cpp_source.html#l00367">367</a> of file <a class="el" href="thread__scanner_8cpp_source.html">thread_scanner.cpp</a>.</p>
 <div class="dynheader">
 Here is the call graph for this function:</div>
 <div class="dyncontent">
@@ -533,7 +542,7 @@ <h2 class="memtitle"><span class="permalink"><a href="#ac35db3f1ec2765f9dda550b0
 </table>
 </div><div class="memdoc">
 
-<p class="definition">Definition at line <a class="el" href="thread__scanner_8cpp_source.html#l00369">369</a> of file <a class="el" href="thread__scanner_8cpp_source.html">thread_scanner.cpp</a>.</p>
+<p class="definition">Definition at line <a class="el" href="thread__scanner_8cpp_source.html#l00379">379</a> of file <a class="el" href="thread__scanner_8cpp_source.html">thread_scanner.cpp</a>.</p>
 <div class="dynheader">
 Here is the call graph for this function:</div>
 <div class="dyncontent">
@@ -570,7 +579,7 @@ <h2 class="memtitle"><span class="permalink"><a href="#a75c0be0ec6ea82b700f3ca5e
 </table>
 </div><div class="memdoc">
 
-<p class="definition">Definition at line <a class="el" href="thread__scanner_8cpp_source.html#l00399">399</a> of file <a class="el" href="thread__scanner_8cpp_source.html">thread_scanner.cpp</a>.</p>
+<p class="definition">Definition at line <a class="el" href="thread__scanner_8cpp_source.html#l00409">409</a> of file <a class="el" href="thread__scanner_8cpp_source.html">thread_scanner.cpp</a>.</p>
 <div class="dynheader">
 Here is the call graph for this function:</div>
 <div class="dyncontent">
@@ -615,7 +624,7 @@ <h2 class="memtitle"><span class="permalink"><a href="#a36850edb808d4be733631fa2
 </table>
 </div><div class="memdoc">
 
-<p class="definition">Definition at line <a class="el" href="thread__scanner_8cpp_source.html#l00433">433</a> of file <a class="el" href="thread__scanner_8cpp_source.html">thread_scanner.cpp</a>.</p>
+<p class="definition">Definition at line <a class="el" href="thread__scanner_8cpp_source.html#l00443">443</a> of file <a class="el" href="thread__scanner_8cpp_source.html">thread_scanner.cpp</a>.</p>
 <div class="dynheader">
 Here is the call graph for this function:</div>
 <div class="dyncontent">
@@ -657,7 +666,7 @@ <h2 class="memtitle"><span class="permalink"><a href="#a23839353374eedcda7c92b0c
 
 <p>Implements <a class="el" href="classpesieve_1_1_process_feature_scanner.html#a8c85491f592bbfe32e4906dddea8973f">pesieve::ProcessFeatureScanner</a>.</p>
 
-<p class="definition">Definition at line <a class="el" href="thread__scanner_8cpp_source.html#l00574">574</a> of file <a class="el" href="thread__scanner_8cpp_source.html">thread_scanner.cpp</a>.</p>
+<p class="definition">Definition at line <a class="el" href="thread__scanner_8cpp_source.html#l00584">584</a> of file <a class="el" href="thread__scanner_8cpp_source.html">thread_scanner.cpp</a>.</p>
 <div class="dynheader">
 Here is the call graph for this function:</div>
 <div class="dyncontent">
@@ -701,7 +710,7 @@ <h2 class="memtitle"><span class="permalink"><a href="#ae1bd5026205bae8766930b5d
 </table>
 </div><div class="memdoc">
 
-<p class="definition">Definition at line <a class="el" href="thread__scanner_8cpp_source.html#l00482">482</a> of file <a class="el" href="thread__scanner_8cpp_source.html">thread_scanner.cpp</a>.</p>
+<p class="definition">Definition at line <a class="el" href="thread__scanner_8cpp_source.html#l00492">492</a> of file <a class="el" href="thread__scanner_8cpp_source.html">thread_scanner.cpp</a>.</p>
 <div class="dynheader">
 Here is the call graph for this function:</div>
 <div class="dyncontent">
diff --git a/classpesieve_1_1_thread_scanner_aed5b08704f3c1e96e9d8e00b05c7768f_cgraph.map b/classpesieve_1_1_thread_scanner_aed5b08704f3c1e96e9d8e00b05c7768f_cgraph.map
index 1718d3f31..a35f7b629 100644
--- a/classpesieve_1_1_thread_scanner_aed5b08704f3c1e96e9d8e00b05c7768f_cgraph.map
+++ b/classpesieve_1_1_thread_scanner_aed5b08704f3c1e96e9d8e00b05c7768f_cgraph.map
@@ -1,13 +1,22 @@
 <map id="pesieve::ThreadScanner::checkReturnAddrIntegrity" name="pesieve::ThreadScanner::checkReturnAddrIntegrity">
-<area shape="rect" id="Node000001" title=" " alt="" coords="5,128,179,169"/>
+<area shape="rect" id="Node000001" title=" " alt="" coords="5,157,179,198"/>
 <area shape="rect" id="Node000002" href="$classpesieve_1_1_scanned_module.html#a032f8ad62f6bd513835a020fa8f55abb" title=" " alt="" coords="227,5,392,46"/>
-<area shape="poly" id="edge1_Node000001_Node000002" title=" " alt="" coords="119,125,168,91,225,57,238,50,240,55,228,61,171,96,122,130"/>
+<area shape="poly" id="edge1_Node000001_Node000002" title=" " alt="" coords="111,155,160,107,225,57,235,51,238,56,228,61,163,111,114,159"/>
 <area shape="rect" id="Node000003" href="$structpesieve_1_1_syscall_table.html#a8861442dc69bfcc4bdd042cee33d444b" title=" " alt="" coords="236,71,382,111"/>
-<area shape="poly" id="edge2_Node000001_Node000003" title=" " alt="" coords="171,125,220,112,222,117,172,130"/>
+<area shape="poly" id="edge2_Node000001_Node000003" title=" " alt="" coords="143,154,226,121,240,115,242,120,228,125,145,159"/>
 <area shape="rect" id="Node000004" href="$namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84" title="The string with the basic information about the scanner." alt="" coords="263,136,356,161"/>
-<area shape="poly" id="edge3_Node000001_Node000004" title=" " alt="" coords="179,146,247,146,247,151,179,151"/>
-<area shape="rect" id="Node000005" href="$structpesieve_1_1_syscall_table.html#a88e2aaa8bdf47d29d611c198a49bcf97" title=" " alt="" coords="236,185,382,226"/>
-<area shape="poly" id="edge4_Node000001_Node000005" title=" " alt="" coords="172,167,222,180,220,185,171,172"/>
-<area shape="rect" id="Node000006" href="$structpesieve_1_1_syscall_table.html#a14a36e5a99adfc3322ab8f2b96d1faf2" title=" " alt="" coords="236,251,382,291"/>
-<area shape="poly" id="edge5_Node000001_Node000006" title=" " alt="" coords="122,167,171,201,228,235,240,241,238,246,225,240,168,205,119,171"/>
+<area shape="poly" id="edge3_Node000001_Node000004" title=" " alt="" coords="178,163,247,154,248,159,179,169"/>
+<area shape="rect" id="Node000005" href="$namespacepesieve_1_1util.html#a8d7eb7eb1b3e3c05251341d0c14d82be" title=" " alt="" coords="233,185,386,226"/>
+<area shape="poly" id="edge4_Node000001_Node000005" title=" " alt="" coords="179,186,218,191,217,197,178,191"/>
+<area shape="rect" id="Node000009" href="$structpesieve_1_1_syscall_table.html#a88e2aaa8bdf47d29d611c198a49bcf97" title=" " alt="" coords="236,251,382,291"/>
+<area shape="poly" id="edge9_Node000001_Node000009" title=" " alt="" coords="140,196,228,235,243,242,241,247,226,240,138,201"/>
+<area shape="rect" id="Node000010" href="$structpesieve_1_1_syscall_table.html#a14a36e5a99adfc3322ab8f2b96d1faf2" title=" " alt="" coords="236,316,382,357"/>
+<area shape="poly" id="edge10_Node000001_Node000010" title=" " alt="" coords="113,196,162,248,194,276,228,301,237,306,235,311,225,305,191,280,158,251,109,200"/>
+<area shape="rect" id="Node000006" href="$namespacepesieve_1_1util.html#aa85f1f0a0e6bca89adf99decf129714c" title=" " alt="" coords="646,165,779,190"/>
+<area shape="poly" id="edge5_Node000005_Node000006" title=" " alt="" coords="386,198,631,181,631,186,386,203"/>
+<area shape="rect" id="Node000007" href="$namespacepesieve_1_1util.html#a43b6faf00b6a97279f2d67f4a3fd2513" title=" " alt="" coords="440,215,598,255"/>
+<area shape="poly" id="edge6_Node000005_Node000007" title=" " alt="" coords="386,214,425,219,424,224,386,219"/>
+<area shape="poly" id="edge7_Node000007_Node000006" title=" " alt="" coords="589,212,651,193,653,198,591,217"/>
+<area shape="rect" id="Node000008" href="$namespacepesieve_1_1util.html#a86a2a1d5b1cd1861d424c2b06a3b961e" title=" " alt="" coords="656,215,769,255"/>
+<area shape="poly" id="edge8_Node000007_Node000008" title=" " alt="" coords="599,232,641,232,641,238,599,238"/>
 </map>
diff --git a/classpesieve_1_1_thread_scanner_aed5b08704f3c1e96e9d8e00b05c7768f_cgraph.md5 b/classpesieve_1_1_thread_scanner_aed5b08704f3c1e96e9d8e00b05c7768f_cgraph.md5
index 6bd5c21d4..6330aec02 100644
--- a/classpesieve_1_1_thread_scanner_aed5b08704f3c1e96e9d8e00b05c7768f_cgraph.md5
+++ b/classpesieve_1_1_thread_scanner_aed5b08704f3c1e96e9d8e00b05c7768f_cgraph.md5
@@ -1 +1 @@
-590e0861206b354614b32277dad01ac6
\ No newline at end of file
+e9a506702970c7abcee018a41b985fb0
\ No newline at end of file
diff --git a/classpesieve_1_1_thread_scanner_aed5b08704f3c1e96e9d8e00b05c7768f_cgraph.png b/classpesieve_1_1_thread_scanner_aed5b08704f3c1e96e9d8e00b05c7768f_cgraph.png
index 9cb277a45..1642159a0 100644
Binary files a/classpesieve_1_1_thread_scanner_aed5b08704f3c1e96e9d8e00b05c7768f_cgraph.png and b/classpesieve_1_1_thread_scanner_aed5b08704f3c1e96e9d8e00b05c7768f_cgraph.png differ
diff --git a/doxygen_crawl.html b/doxygen_crawl.html
index 6931db666..b30fd55ba 100644
--- a/doxygen_crawl.html
+++ b/doxygen_crawl.html
@@ -2049,6 +2049,7 @@
 <a href="namespacepesieve_1_1util.html#a86a2a1d5b1cd1861d424c2b06a3b961e"/>
 <a href="namespacepesieve_1_1util.html#a8a530016bcf962946b8536574dcc5b4c"/>
 <a href="namespacepesieve_1_1util.html#a8c6b940f49f776606ee1c88ba5f1982d"/>
+<a href="namespacepesieve_1_1util.html#a8d7eb7eb1b3e3c05251341d0c14d82be"/>
 <a href="namespacepesieve_1_1util.html#a8f06122f5edbdbcd6718cd36cb96c616"/>
 <a href="namespacepesieve_1_1util.html#a905cd117f8d7e19b984bc395defc3b63"/>
 <a href="namespacepesieve_1_1util.html#a938c649e7fba6a661044faf80fe5650e"/>
@@ -2421,6 +2422,7 @@
 <a href="process__util_8h.html#a015be6a0937814caf43586043817d922"/>
 <a href="process__util_8h.html#a39cfbc887b8c190834eece6c67a4af17"/>
 <a href="process__util_8h.html#a43b6faf00b6a97279f2d67f4a3fd2513"/>
+<a href="process__util_8h.html#a8d7eb7eb1b3e3c05251341d0c14d82be"/>
 <a href="process__util_8h.html#adafdd61439fc2750cec84fb15d59ecf8"/>
 <a href="process__util_8h.html#aed4eb6ec69c30d271b4f4b6c4244f03e"/>
 <a href="report__formatter_8cpp.html"/>
diff --git a/mempage__data_8cpp_source.html b/mempage__data_8cpp_source.html
index b694457d1..cb24e69c9 100644
--- a/mempage__data_8cpp_source.html
+++ b/mempage__data_8cpp_source.html
@@ -259,8 +259,8 @@
 <div class="ttc" id="aclasspesieve_1_1_remote_module_data_html_aa7907e6b996cbdbd1b185e8d91f7cbe9"><div class="ttname"><a href="classpesieve_1_1_remote_module_data.html#aa7907e6b996cbdbd1b185e8d91f7cbe9">pesieve::RemoteModuleData::getMappedName</a></div><div class="ttdeci">static std::string getMappedName(HANDLE _processHandle, LPVOID _modBaseAddr)</div><div class="ttdef"><b>Definition</b> <a href="module__data_8cpp_source.html#l00269">module_data.cpp:269</a></div></div>
 <div class="ttc" id="amempage__data_8h_html"><div class="ttname"><a href="mempage__data_8h.html">mempage_data.h</a></div></div>
 <div class="ttc" id="amodule__data_8h_html"><div class="ttname"><a href="module__data_8h.html">module_data.h</a></div></div>
-<div class="ttc" id="anamespacepesieve_1_1util_html_a39cfbc887b8c190834eece6c67a4af17"><div class="ttname"><a href="namespacepesieve_1_1util.html#a39cfbc887b8c190834eece6c67a4af17">pesieve::util::wow64_disable_fs_redirection</a></div><div class="ttdeci">BOOL wow64_disable_fs_redirection(OUT PVOID *OldValue)</div><div class="ttdef"><b>Definition</b> <a href="process__util_8cpp_source.html#l00091">process_util.cpp:91</a></div></div>
-<div class="ttc" id="anamespacepesieve_1_1util_html_aed4eb6ec69c30d271b4f4b6c4244f03e"><div class="ttname"><a href="namespacepesieve_1_1util.html#aed4eb6ec69c30d271b4f4b6c4244f03e">pesieve::util::wow64_revert_fs_redirection</a></div><div class="ttdeci">BOOL wow64_revert_fs_redirection(IN PVOID OldValue)</div><div class="ttdef"><b>Definition</b> <a href="process__util_8cpp_source.html#l00108">process_util.cpp:108</a></div></div>
+<div class="ttc" id="anamespacepesieve_1_1util_html_a39cfbc887b8c190834eece6c67a4af17"><div class="ttname"><a href="namespacepesieve_1_1util.html#a39cfbc887b8c190834eece6c67a4af17">pesieve::util::wow64_disable_fs_redirection</a></div><div class="ttdeci">BOOL wow64_disable_fs_redirection(OUT PVOID *OldValue)</div><div class="ttdef"><b>Definition</b> <a href="process__util_8cpp_source.html#l00104">process_util.cpp:104</a></div></div>
+<div class="ttc" id="anamespacepesieve_1_1util_html_aed4eb6ec69c30d271b4f4b6c4244f03e"><div class="ttname"><a href="namespacepesieve_1_1util.html#aed4eb6ec69c30d271b4f4b6c4244f03e">pesieve::util::wow64_revert_fs_redirection</a></div><div class="ttdeci">BOOL wow64_revert_fs_redirection(IN PVOID OldValue)</div><div class="ttdef"><b>Definition</b> <a href="process__util_8cpp_source.html#l00121">process_util.cpp:121</a></div></div>
 <div class="ttc" id="anamespacepesieve_html"><div class="ttname"><a href="namespacepesieve.html">pesieve</a></div><div class="ttdef"><b>Definition</b> <a href="pesieve_8py_source.html#l00001">pesieve.py:1</a></div></div>
 <div class="ttc" id="aprocess__util_8h_html"><div class="ttname"><a href="process__util_8h.html">process_util.h</a></div></div>
 </div><!-- fragment --></div><!-- contents -->
diff --git a/module__data_8cpp_source.html b/module__data_8cpp_source.html
index a3998844e..2cc076589 100644
--- a/module__data_8cpp_source.html
+++ b/module__data_8cpp_source.html
@@ -613,7 +613,7 @@
 <div class="ttc" id="amodule__data_8h_html"><div class="ttname"><a href="module__data_8h.html">module_data.h</a></div></div>
 <div class="ttc" id="anamespacepesieve_1_1util_html"><div class="ttname"><a href="namespacepesieve_1_1util.html">pesieve::util</a></div><div class="ttdef"><b>Definition</b> <a href="artefact__scanner_8cpp_source.html#l00012">artefact_scanner.cpp:12</a></div></div>
 <div class="ttc" id="anamespacepesieve_1_1util_html_a39356c7ae484d7b1dae7548ff4e50609"><div class="ttname"><a href="namespacepesieve_1_1util.html#a39356c7ae484d7b1dae7548ff4e50609">pesieve::util::to_lowercase</a></div><div class="ttdeci">std::string to_lowercase(std::string)</div><div class="ttdef"><b>Definition</b> <a href="strings__util_8cpp_source.html#l00006">strings_util.cpp:6</a></div></div>
-<div class="ttc" id="anamespacepesieve_1_1util_html_a39cfbc887b8c190834eece6c67a4af17"><div class="ttname"><a href="namespacepesieve_1_1util.html#a39cfbc887b8c190834eece6c67a4af17">pesieve::util::wow64_disable_fs_redirection</a></div><div class="ttdeci">BOOL wow64_disable_fs_redirection(OUT PVOID *OldValue)</div><div class="ttdef"><b>Definition</b> <a href="process__util_8cpp_source.html#l00091">process_util.cpp:91</a></div></div>
+<div class="ttc" id="anamespacepesieve_1_1util_html_a39cfbc887b8c190834eece6c67a4af17"><div class="ttname"><a href="namespacepesieve_1_1util.html#a39cfbc887b8c190834eece6c67a4af17">pesieve::util::wow64_disable_fs_redirection</a></div><div class="ttdeci">BOOL wow64_disable_fs_redirection(OUT PVOID *OldValue)</div><div class="ttdef"><b>Definition</b> <a href="process__util_8cpp_source.html#l00104">process_util.cpp:104</a></div></div>
 <div class="ttc" id="anamespacepesieve_1_1util_html_a43b6faf00b6a97279f2d67f4a3fd2513"><div class="ttname"><a href="namespacepesieve_1_1util.html#a43b6faf00b6a97279f2d67f4a3fd2513">pesieve::util::is_process_wow64</a></div><div class="ttdeci">BOOL is_process_wow64(IN HANDLE processHandle, OUT BOOL *isProcWow64)</div><div class="ttdef"><b>Definition</b> <a href="process__util_8cpp_source.html#l00027">process_util.cpp:27</a></div></div>
 <div class="ttc" id="anamespacepesieve_1_1util_html_a4f8f94b209d1771e90f0b56e303cddd1"><div class="ttname"><a href="namespacepesieve_1_1util.html#a4f8f94b209d1771e90f0b56e303cddd1">pesieve::util::expand_path</a></div><div class="ttdeci">std::string expand_path(std::string path)</div><div class="ttdef"><b>Definition</b> <a href="path__converter_8cpp_source.html#l00252">path_converter.cpp:252</a></div></div>
 <div class="ttc" id="anamespacepesieve_1_1util_html_a57e9c1266c247784669f5ea0191e086d"><div class="ttname"><a href="namespacepesieve_1_1util.html#a57e9c1266c247784669f5ea0191e086d">pesieve::util::is_readable</a></div><div class="ttdeci">bool is_readable(DWORD mapping_type, DWORD protection)</div><div class="ttdef"><b>Definition</b> <a href="artefacts__util_8cpp_source.html#l00118">artefacts_util.cpp:118</a></div></div>
@@ -623,7 +623,7 @@
 <div class="ttc" id="anamespacepesieve_1_1util_html_ab5a500e51ff539294a3c71f6b95aa65b"><div class="ttname"><a href="namespacepesieve_1_1util.html#ab5a500e51ff539294a3c71f6b95aa65b">pesieve::util::is_executable</a></div><div class="ttdeci">bool is_executable(DWORD mapping_type, DWORD protection)</div><div class="ttdef"><b>Definition</b> <a href="artefacts__util_8cpp_source.html#l00109">artefacts_util.cpp:109</a></div></div>
 <div class="ttc" id="anamespacepesieve_1_1util_html_ac533b9c8a18228f62223a0042c40f5ae"><div class="ttname"><a href="namespacepesieve_1_1util.html#ac533b9c8a18228f62223a0042c40f5ae">pesieve::util::DWORD</a></div><div class="ttdeci">DWORD(__stdcall *_PssCaptureSnapshot)(HANDLE ProcessHandle</div></div>
 <div class="ttc" id="anamespacepesieve_1_1util_html_ad385849bc26716edf4e761d67a409c1d"><div class="ttname"><a href="namespacepesieve_1_1util.html#ad385849bc26716edf4e761d67a409c1d">pesieve::util::convert_to_wow64_path</a></div><div class="ttdeci">bool convert_to_wow64_path(char *szModName)</div><div class="ttdef"><b>Definition</b> <a href="path__converter_8cpp_source.html#l00195">path_converter.cpp:195</a></div></div>
-<div class="ttc" id="anamespacepesieve_1_1util_html_aed4eb6ec69c30d271b4f4b6c4244f03e"><div class="ttname"><a href="namespacepesieve_1_1util.html#aed4eb6ec69c30d271b4f4b6c4244f03e">pesieve::util::wow64_revert_fs_redirection</a></div><div class="ttdeci">BOOL wow64_revert_fs_redirection(IN PVOID OldValue)</div><div class="ttdef"><b>Definition</b> <a href="process__util_8cpp_source.html#l00108">process_util.cpp:108</a></div></div>
+<div class="ttc" id="anamespacepesieve_1_1util_html_aed4eb6ec69c30d271b4f4b6c4244f03e"><div class="ttname"><a href="namespacepesieve_1_1util.html#aed4eb6ec69c30d271b4f4b6c4244f03e">pesieve::util::wow64_revert_fs_redirection</a></div><div class="ttdeci">BOOL wow64_revert_fs_redirection(IN PVOID OldValue)</div><div class="ttdef"><b>Definition</b> <a href="process__util_8cpp_source.html#l00121">process_util.cpp:121</a></div></div>
 <div class="ttc" id="anamespacepesieve_html_a1cb84e5f71928d34d7e7169a19964a9c"><div class="ttname"><a href="namespacepesieve.html#a1cb84e5f71928d34d7e7169a19964a9c">pesieve.MAX_PATH</a></div><div class="ttdeci">int MAX_PATH</div><div class="ttdef"><b>Definition</b> <a href="pesieve_8py_source.html#l00010">pesieve.py:10</a></div></div>
 <div class="ttc" id="apath__converter_8h_html"><div class="ttname"><a href="path__converter_8h.html">path_converter.h</a></div></div>
 <div class="ttc" id="aprocess__util_8h_html"><div class="ttname"><a href="process__util_8h.html">process_util.h</a></div></div>
diff --git a/namespacemembers_func.html b/namespacemembers_func.html
index fd1212fe5..16fd5b19e 100644
--- a/namespacemembers_func.html
+++ b/namespacemembers_func.html
@@ -196,6 +196,7 @@ <h3><a id="index_i" name="index_i"></a>- i -</h3><ul>
 <li>is_by_stats()&#160;:&#160;<a class="el" href="namespacepesieve.html#aee245dc4878b8329cc82d3e93ce843e1">pesieve</a></li>
 <li>is_code()&#160;:&#160;<a class="el" href="namespacepesieve_1_1util.html#aad87136e3b6e94f105074093a97970c5">pesieve::util</a></li>
 <li>is_cstr_equal()&#160;:&#160;<a class="el" href="namespacepesieve_1_1util.html#a6211673ea221530eb4472658fdab12a6">pesieve::util</a></li>
+<li>is_current_wow64()&#160;:&#160;<a class="el" href="namespacepesieve_1_1util.html#a8d7eb7eb1b3e3c05251341d0c14d82be">pesieve::util</a></li>
 <li>is_dec()&#160;:&#160;<a class="el" href="namespacepesieve_1_1util.html#ae57bc6f959f2d79411087e1b8d3600f7">pesieve::util</a></li>
 <li>is_DEP_enabled()&#160;:&#160;<a class="el" href="namespacepesieve_1_1util.html#a4e03a2c1c527e0f0b4063f8ac12ff22d">pesieve::util</a></li>
 <li>is_disk_relative()&#160;:&#160;<a class="el" href="namespacepesieve_1_1util.html#aa402c13598449f9a1f47efb72df8f62f">pesieve::util</a></li>
diff --git a/namespacemembers_i.html b/namespacemembers_i.html
index 325d54887..d6372eca8 100644
--- a/namespacemembers_i.html
+++ b/namespacemembers_i.html
@@ -110,6 +110,7 @@ <h3><a id="index_i" name="index_i"></a>- i -</h3><ul>
 <li>is_by_stats()&#160;:&#160;<a class="el" href="namespacepesieve.html#aee245dc4878b8329cc82d3e93ce843e1">pesieve</a></li>
 <li>is_code()&#160;:&#160;<a class="el" href="namespacepesieve_1_1util.html#aad87136e3b6e94f105074093a97970c5">pesieve::util</a></li>
 <li>is_cstr_equal()&#160;:&#160;<a class="el" href="namespacepesieve_1_1util.html#a6211673ea221530eb4472658fdab12a6">pesieve::util</a></li>
+<li>is_current_wow64()&#160;:&#160;<a class="el" href="namespacepesieve_1_1util.html#a8d7eb7eb1b3e3c05251341d0c14d82be">pesieve::util</a></li>
 <li>is_dec()&#160;:&#160;<a class="el" href="namespacepesieve_1_1util.html#ae57bc6f959f2d79411087e1b8d3600f7">pesieve::util</a></li>
 <li>is_DEP_enabled()&#160;:&#160;<a class="el" href="namespacepesieve_1_1util.html#a4e03a2c1c527e0f0b4063f8ac12ff22d">pesieve::util</a></li>
 <li>is_disk_relative()&#160;:&#160;<a class="el" href="namespacepesieve_1_1util.html#aa402c13598449f9a1f47efb72df8f62f">pesieve::util</a></li>
diff --git a/namespacepesieve_1_1util.html b/namespacepesieve_1_1util.html
index 8045a4034..c403b770b 100644
--- a/namespacepesieve_1_1util.html
+++ b/namespacepesieve_1_1util.html
@@ -340,6 +340,8 @@
 <tr class="separator:a43b6faf00b6a97279f2d67f4a3fd2513"><td class="memSeparator" colspan="2">&#160;</td></tr>
 <tr class="memitem:a015be6a0937814caf43586043817d922" id="r_a015be6a0937814caf43586043817d922"><td class="memItemLeft" align="right" valign="top"><a class="el" href="pe__sieve__types_8h.html#ad5c9d4ba3dc37783a528b0925dc981a0">bool</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="#a015be6a0937814caf43586043817d922">is_process_64bit</a> (IN HANDLE process)</td></tr>
 <tr class="separator:a015be6a0937814caf43586043817d922"><td class="memSeparator" colspan="2">&#160;</td></tr>
+<tr class="memitem:a8d7eb7eb1b3e3c05251341d0c14d82be" id="r_a8d7eb7eb1b3e3c05251341d0c14d82be"><td class="memItemLeft" align="right" valign="top"><a class="el" href="pe__sieve__types_8h.html#ad5c9d4ba3dc37783a528b0925dc981a0">bool</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="#a8d7eb7eb1b3e3c05251341d0c14d82be">is_current_wow64</a> ()</td></tr>
+<tr class="separator:a8d7eb7eb1b3e3c05251341d0c14d82be"><td class="memSeparator" colspan="2">&#160;</td></tr>
 <tr class="memitem:a39cfbc887b8c190834eece6c67a4af17" id="r_a39cfbc887b8c190834eece6c67a4af17"><td class="memItemLeft" align="right" valign="top"><a class="el" href="#aa85f1f0a0e6bca89adf99decf129714c">BOOL</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="#a39cfbc887b8c190834eece6c67a4af17">wow64_disable_fs_redirection</a> (OUT PVOID *OldValue)</td></tr>
 <tr class="separator:a39cfbc887b8c190834eece6c67a4af17"><td class="memSeparator" colspan="2">&#160;</td></tr>
 <tr class="memitem:aed4eb6ec69c30d271b4f4b6c4244f03e" id="r_aed4eb6ec69c30d271b4f4b6c4244f03e"><td class="memItemLeft" align="right" valign="top"><a class="el" href="#aa85f1f0a0e6bca89adf99decf129714c">BOOL</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="#aed4eb6ec69c30d271b4f4b6c4244f03e">wow64_revert_fs_redirection</a> (IN PVOID OldValue)</td></tr>
@@ -1894,6 +1896,40 @@ <h2 class="memtitle"><span class="permalink"><a href="#a6211673ea221530eb4472658
 
 <p class="definition">Definition at line <a class="el" href="strings__util_8cpp_source.html#l00012">12</a> of file <a class="el" href="strings__util_8cpp_source.html">strings_util.cpp</a>.</p>
 
+</div>
+</div>
+<a id="a8d7eb7eb1b3e3c05251341d0c14d82be" name="a8d7eb7eb1b3e3c05251341d0c14d82be"></a>
+<h2 class="memtitle"><span class="permalink"><a href="#a8d7eb7eb1b3e3c05251341d0c14d82be">&#9670;&#160;</a></span>is_current_wow64()</h2>
+
+<div class="memitem">
+<div class="memproto">
+      <table class="memname">
+        <tr>
+          <td class="memname"><a class="el" href="pe__sieve__types_8h.html#ad5c9d4ba3dc37783a528b0925dc981a0">bool</a> pesieve::util::is_current_wow64 </td>
+          <td>(</td>
+          <td class="paramname"><span class="paramname"><em></em></span></td><td>)</td>
+          <td></td>
+        </tr>
+      </table>
+</div><div class="memdoc">
+
+<p class="definition">Definition at line <a class="el" href="process__util_8cpp_source.html#l00073">73</a> of file <a class="el" href="process__util_8cpp_source.html">process_util.cpp</a>.</p>
+<div class="dynheader">
+Here is the call graph for this function:</div>
+<div class="dyncontent">
+<div class="center"><img src="namespacepesieve_1_1util_a8d7eb7eb1b3e3c05251341d0c14d82be_cgraph.png" border="0" usemap="#anamespacepesieve_1_1util_a8d7eb7eb1b3e3c05251341d0c14d82be_cgraph" alt=""/></div>
+<map name="anamespacepesieve_1_1util_a8d7eb7eb1b3e3c05251341d0c14d82be_cgraph" id="anamespacepesieve_1_1util_a8d7eb7eb1b3e3c05251341d0c14d82be_cgraph">
+<area shape="rect" title=" " alt="" coords="5,27,158,68"/>
+<area shape="rect" href="namespacepesieve_1_1util.html#aa85f1f0a0e6bca89adf99decf129714c" title=" " alt="" coords="412,5,544,31"/>
+<area shape="poly" title=" " alt="" coords="158,39,396,21,397,27,158,45"/>
+<area shape="rect" href="namespacepesieve_1_1util.html#a43b6faf00b6a97279f2d67f4a3fd2513" title=" " alt="" coords="206,55,364,96"/>
+<area shape="poly" title=" " alt="" coords="158,55,190,60,190,65,158,61"/>
+<area shape="poly" title=" " alt="" coords="355,52,417,33,418,39,356,57"/>
+<area shape="rect" href="namespacepesieve_1_1util.html#a86a2a1d5b1cd1861d424c2b06a3b961e" title=" " alt="" coords="422,55,535,96"/>
+<area shape="poly" title=" " alt="" coords="364,73,406,73,406,78,364,78"/>
+</map>
+</div>
+
 </div>
 </div>
 <a id="ae57bc6f959f2d79411087e1b8d3600f7" name="ae57bc6f959f2d79411087e1b8d3600f7"></a>
@@ -3221,7 +3257,7 @@ <h2 class="memtitle"><span class="permalink"><a href="#a39cfbc887b8c190834eece6c
       </table>
 </div><div class="memdoc">
 
-<p class="definition">Definition at line <a class="el" href="process__util_8cpp_source.html#l00091">91</a> of file <a class="el" href="process__util_8cpp_source.html">process_util.cpp</a>.</p>
+<p class="definition">Definition at line <a class="el" href="process__util_8cpp_source.html#l00104">104</a> of file <a class="el" href="process__util_8cpp_source.html">process_util.cpp</a>.</p>
 <div class="dynheader">
 Here is the call graph for this function:</div>
 <div class="dyncontent">
@@ -3256,7 +3292,7 @@ <h2 class="memtitle"><span class="permalink"><a href="#adafdd61439fc2750cec84fb1
       </table>
 </div><div class="memdoc">
 
-<p class="definition">Definition at line <a class="el" href="process__util_8cpp_source.html#l00073">73</a> of file <a class="el" href="process__util_8cpp_source.html">process_util.cpp</a>.</p>
+<p class="definition">Definition at line <a class="el" href="process__util_8cpp_source.html#l00086">86</a> of file <a class="el" href="process__util_8cpp_source.html">process_util.cpp</a>.</p>
 <div class="dynheader">
 Here is the call graph for this function:</div>
 <div class="dyncontent">
@@ -3287,7 +3323,7 @@ <h2 class="memtitle"><span class="permalink"><a href="#aed4eb6ec69c30d271b4f4b6c
       </table>
 </div><div class="memdoc">
 
-<p class="definition">Definition at line <a class="el" href="process__util_8cpp_source.html#l00108">108</a> of file <a class="el" href="process__util_8cpp_source.html">process_util.cpp</a>.</p>
+<p class="definition">Definition at line <a class="el" href="process__util_8cpp_source.html#l00121">121</a> of file <a class="el" href="process__util_8cpp_source.html">process_util.cpp</a>.</p>
 <div class="dynheader">
 Here is the call graph for this function:</div>
 <div class="dyncontent">
diff --git a/namespacepesieve_1_1util_a8d7eb7eb1b3e3c05251341d0c14d82be_cgraph.map b/namespacepesieve_1_1util_a8d7eb7eb1b3e3c05251341d0c14d82be_cgraph.map
new file mode 100644
index 000000000..461439442
--- /dev/null
+++ b/namespacepesieve_1_1util_a8d7eb7eb1b3e3c05251341d0c14d82be_cgraph.map
@@ -0,0 +1,10 @@
+<map id="pesieve::util::is_current_wow64" name="pesieve::util::is_current_wow64">
+<area shape="rect" id="Node000001" title=" " alt="" coords="5,27,158,68"/>
+<area shape="rect" id="Node000002" href="$namespacepesieve_1_1util.html#aa85f1f0a0e6bca89adf99decf129714c" title=" " alt="" coords="412,5,544,31"/>
+<area shape="poly" id="edge1_Node000001_Node000002" title=" " alt="" coords="158,39,396,21,397,27,158,45"/>
+<area shape="rect" id="Node000003" href="$namespacepesieve_1_1util.html#a43b6faf00b6a97279f2d67f4a3fd2513" title=" " alt="" coords="206,55,364,96"/>
+<area shape="poly" id="edge2_Node000001_Node000003" title=" " alt="" coords="158,55,190,60,190,65,158,61"/>
+<area shape="poly" id="edge3_Node000003_Node000002" title=" " alt="" coords="355,52,417,33,418,39,356,57"/>
+<area shape="rect" id="Node000004" href="$namespacepesieve_1_1util.html#a86a2a1d5b1cd1861d424c2b06a3b961e" title=" " alt="" coords="422,55,535,96"/>
+<area shape="poly" id="edge4_Node000003_Node000004" title=" " alt="" coords="364,73,406,73,406,78,364,78"/>
+</map>
diff --git a/namespacepesieve_1_1util_a8d7eb7eb1b3e3c05251341d0c14d82be_cgraph.md5 b/namespacepesieve_1_1util_a8d7eb7eb1b3e3c05251341d0c14d82be_cgraph.md5
new file mode 100644
index 000000000..23c2326e0
--- /dev/null
+++ b/namespacepesieve_1_1util_a8d7eb7eb1b3e3c05251341d0c14d82be_cgraph.md5
@@ -0,0 +1 @@
+a82b0e077cb25e664beeb02283508e7d
\ No newline at end of file
diff --git a/namespacepesieve_1_1util_a8d7eb7eb1b3e3c05251341d0c14d82be_cgraph.png b/namespacepesieve_1_1util_a8d7eb7eb1b3e3c05251341d0c14d82be_cgraph.png
new file mode 100644
index 000000000..b7297d80a
Binary files /dev/null and b/namespacepesieve_1_1util_a8d7eb7eb1b3e3c05251341d0c14d82be_cgraph.png differ
diff --git a/process__util_8cpp_source.html b/process__util_8cpp_source.html
index b266cdb5e..717037702 100644
--- a/process__util_8cpp_source.html
+++ b/process__util_8cpp_source.html
@@ -172,72 +172,88 @@
 </div>
 <div class="line"><a id="l00072" name="l00072"></a><span class="lineno">   72</span> </div>
 <div class="foldopen" id="foldopen00073" data-start="{" data-end="}">
-<div class="line"><a id="l00073" name="l00073"></a><span class="lineno"><a class="line" href="namespacepesieve_1_1util.html#adafdd61439fc2750cec84fb15d59ecf8">   73</a></span><a class="code hl_function" href="namespacepesieve_1_1util.html#aa85f1f0a0e6bca89adf99decf129714c">BOOL</a> <a class="code hl_function" href="namespacepesieve_1_1util.html#adafdd61439fc2750cec84fb15d59ecf8">pesieve::util::wow64_get_thread_context</a>(IN HANDLE hThread, IN OUT PWOW64_CONTEXT lpContext)</div>
+<div class="line"><a id="l00073" name="l00073"></a><span class="lineno"><a class="line" href="namespacepesieve_1_1util.html#a8d7eb7eb1b3e3c05251341d0c14d82be">   73</a></span><span class="keywordtype">bool</span> <a class="code hl_function" href="namespacepesieve_1_1util.html#a8d7eb7eb1b3e3c05251341d0c14d82be">pesieve::util::is_current_wow64</a>()</div>
 <div class="line"><a id="l00074" name="l00074"></a><span class="lineno">   74</span>{</div>
 <div class="line"><a id="l00075" name="l00075"></a><span class="lineno">   75</span><span class="preprocessor">#ifdef _WIN64</span></div>
-<div class="line"><a id="l00076" name="l00076"></a><span class="lineno">   76</span>    <span class="keywordflow">if</span> (!g_Wow64GetThreadContext) {</div>
-<div class="line"><a id="l00077" name="l00077"></a><span class="lineno">   77</span>        HMODULE kernelLib = <a class="code hl_function" href="namespacepesieve_1_1util.html#a86a2a1d5b1cd1861d424c2b06a3b961e">get_kernel32_hndl</a>();</div>
-<div class="line"><a id="l00078" name="l00078"></a><span class="lineno">   78</span>        <span class="keywordflow">if</span> (!kernelLib) <span class="keywordflow">return</span> FALSE;</div>
-<div class="line"><a id="l00079" name="l00079"></a><span class="lineno">   79</span> </div>
-<div class="line"><a id="l00080" name="l00080"></a><span class="lineno">   80</span>        FARPROC procPtr = GetProcAddress(<a class="code hl_function" href="namespacepesieve_1_1util.html#a86a2a1d5b1cd1861d424c2b06a3b961e">get_kernel32_hndl</a>(), <span class="stringliteral">&quot;Wow64GetThreadContext&quot;</span>);</div>
-<div class="line"><a id="l00081" name="l00081"></a><span class="lineno">   81</span>        <span class="keywordflow">if</span> (!procPtr) <span class="keywordflow">return</span> FALSE;</div>
-<div class="line"><a id="l00082" name="l00082"></a><span class="lineno">   82</span> </div>
-<div class="line"><a id="l00083" name="l00083"></a><span class="lineno">   83</span>        g_Wow64GetThreadContext = (<a class="code hl_function" href="namespacepesieve_1_1util.html#aa85f1f0a0e6bca89adf99decf129714c">BOOL</a>(WINAPI*)(IN HANDLE, IN OUT PWOW64_CONTEXT))procPtr;</div>
-<div class="line"><a id="l00084" name="l00084"></a><span class="lineno">   84</span>    }</div>
-<div class="line"><a id="l00085" name="l00085"></a><span class="lineno">   85</span>    <span class="keywordflow">return</span> g_Wow64GetThreadContext(hThread, <a class="code hl_variable" href="namespacepesieve_1_1util.html#a474e517f22ad667eca359f745537886b">lpContext</a>);</div>
-<div class="line"><a id="l00086" name="l00086"></a><span class="lineno">   86</span><span class="preprocessor">#else</span></div>
-<div class="line"><a id="l00087" name="l00087"></a><span class="lineno">   87</span>    <span class="keywordflow">return</span> FALSE;</div>
-<div class="line"><a id="l00088" name="l00088"></a><span class="lineno">   88</span><span class="preprocessor">#endif</span></div>
-<div class="line"><a id="l00089" name="l00089"></a><span class="lineno">   89</span>}</div>
+<div class="line"><a id="l00076" name="l00076"></a><span class="lineno">   76</span>    <span class="keywordflow">return</span> <span class="keyword">false</span>;</div>
+<div class="line"><a id="l00077" name="l00077"></a><span class="lineno">   77</span><span class="preprocessor">#else</span></div>
+<div class="line"><a id="l00078" name="l00078"></a><span class="lineno">   78</span>    <a class="code hl_function" href="namespacepesieve_1_1util.html#aa85f1f0a0e6bca89adf99decf129714c">BOOL</a> isWow64 = FALSE;</div>
+<div class="line"><a id="l00079" name="l00079"></a><span class="lineno">   79</span>    <span class="keywordflow">if</span> (<a class="code hl_function" href="namespacepesieve_1_1util.html#a43b6faf00b6a97279f2d67f4a3fd2513">is_process_wow64</a>(GetCurrentProcess(), &amp;isWow64)) {</div>
+<div class="line"><a id="l00080" name="l00080"></a><span class="lineno">   80</span>        <span class="keywordflow">return</span> <span class="keyword">false</span>;</div>
+<div class="line"><a id="l00081" name="l00081"></a><span class="lineno">   81</span>    }</div>
+<div class="line"><a id="l00082" name="l00082"></a><span class="lineno">   82</span>    <span class="keywordflow">return</span> (<span class="keywordtype">bool</span>)isWow64;</div>
+<div class="line"><a id="l00083" name="l00083"></a><span class="lineno">   83</span><span class="preprocessor">#endif</span></div>
+<div class="line"><a id="l00084" name="l00084"></a><span class="lineno">   84</span>}</div>
 </div>
-<div class="line"><a id="l00090" name="l00090"></a><span class="lineno">   90</span> </div>
-<div class="foldopen" id="foldopen00091" data-start="{" data-end="}">
-<div class="line"><a id="l00091" name="l00091"></a><span class="lineno"><a class="line" href="namespacepesieve_1_1util.html#a39cfbc887b8c190834eece6c67a4af17">   91</a></span><a class="code hl_function" href="namespacepesieve_1_1util.html#aa85f1f0a0e6bca89adf99decf129714c">BOOL</a> <a class="code hl_function" href="namespacepesieve_1_1util.html#a39cfbc887b8c190834eece6c67a4af17">pesieve::util::wow64_disable_fs_redirection</a>(OUT PVOID* OldValue)</div>
-<div class="line"><a id="l00092" name="l00092"></a><span class="lineno">   92</span>{</div>
-<div class="line"><a id="l00093" name="l00093"></a><span class="lineno">   93</span>    <span class="keywordflow">if</span> (!g_Wow64DisableWow64FsRedirection) {</div>
-<div class="line"><a id="l00094" name="l00094"></a><span class="lineno">   94</span>        HMODULE kernelLib = <a class="code hl_function" href="namespacepesieve_1_1util.html#a86a2a1d5b1cd1861d424c2b06a3b961e">get_kernel32_hndl</a>();</div>
-<div class="line"><a id="l00095" name="l00095"></a><span class="lineno">   95</span>        <span class="keywordflow">if</span> (!kernelLib) <span class="keywordflow">return</span> FALSE;</div>
-<div class="line"><a id="l00096" name="l00096"></a><span class="lineno">   96</span> </div>
-<div class="line"><a id="l00097" name="l00097"></a><span class="lineno">   97</span>        FARPROC procPtr = GetProcAddress(kernelLib, <span class="stringliteral">&quot;Wow64DisableWow64FsRedirection&quot;</span>);</div>
-<div class="line"><a id="l00098" name="l00098"></a><span class="lineno">   98</span>        <span class="keywordflow">if</span> (!procPtr) <span class="keywordflow">return</span> FALSE;</div>
-<div class="line"><a id="l00099" name="l00099"></a><span class="lineno">   99</span> </div>
-<div class="line"><a id="l00100" name="l00100"></a><span class="lineno">  100</span>        g_Wow64DisableWow64FsRedirection = (<a class="code hl_function" href="namespacepesieve_1_1util.html#aa85f1f0a0e6bca89adf99decf129714c">BOOL</a>(WINAPI *) (OUT PVOID*))procPtr;</div>
-<div class="line"><a id="l00101" name="l00101"></a><span class="lineno">  101</span>    }</div>
-<div class="line"><a id="l00102" name="l00102"></a><span class="lineno">  102</span>    <span class="keywordflow">if</span> (!g_Wow64DisableWow64FsRedirection) {</div>
-<div class="line"><a id="l00103" name="l00103"></a><span class="lineno">  103</span>        <span class="keywordflow">return</span> FALSE;</div>
-<div class="line"><a id="l00104" name="l00104"></a><span class="lineno">  104</span>    }</div>
-<div class="line"><a id="l00105" name="l00105"></a><span class="lineno">  105</span>    <span class="keywordflow">return</span> g_Wow64DisableWow64FsRedirection(OldValue);</div>
-<div class="line"><a id="l00106" name="l00106"></a><span class="lineno">  106</span>}</div>
+<div class="line"><a id="l00085" name="l00085"></a><span class="lineno">   85</span> </div>
+<div class="foldopen" id="foldopen00086" data-start="{" data-end="}">
+<div class="line"><a id="l00086" name="l00086"></a><span class="lineno"><a class="line" href="namespacepesieve_1_1util.html#adafdd61439fc2750cec84fb15d59ecf8">   86</a></span><a class="code hl_function" href="namespacepesieve_1_1util.html#aa85f1f0a0e6bca89adf99decf129714c">BOOL</a> <a class="code hl_function" href="namespacepesieve_1_1util.html#adafdd61439fc2750cec84fb15d59ecf8">pesieve::util::wow64_get_thread_context</a>(IN HANDLE hThread, IN OUT PWOW64_CONTEXT lpContext)</div>
+<div class="line"><a id="l00087" name="l00087"></a><span class="lineno">   87</span>{</div>
+<div class="line"><a id="l00088" name="l00088"></a><span class="lineno">   88</span><span class="preprocessor">#ifdef _WIN64</span></div>
+<div class="line"><a id="l00089" name="l00089"></a><span class="lineno">   89</span>    <span class="keywordflow">if</span> (!g_Wow64GetThreadContext) {</div>
+<div class="line"><a id="l00090" name="l00090"></a><span class="lineno">   90</span>        HMODULE kernelLib = <a class="code hl_function" href="namespacepesieve_1_1util.html#a86a2a1d5b1cd1861d424c2b06a3b961e">get_kernel32_hndl</a>();</div>
+<div class="line"><a id="l00091" name="l00091"></a><span class="lineno">   91</span>        <span class="keywordflow">if</span> (!kernelLib) <span class="keywordflow">return</span> FALSE;</div>
+<div class="line"><a id="l00092" name="l00092"></a><span class="lineno">   92</span> </div>
+<div class="line"><a id="l00093" name="l00093"></a><span class="lineno">   93</span>        FARPROC procPtr = GetProcAddress(<a class="code hl_function" href="namespacepesieve_1_1util.html#a86a2a1d5b1cd1861d424c2b06a3b961e">get_kernel32_hndl</a>(), <span class="stringliteral">&quot;Wow64GetThreadContext&quot;</span>);</div>
+<div class="line"><a id="l00094" name="l00094"></a><span class="lineno">   94</span>        <span class="keywordflow">if</span> (!procPtr) <span class="keywordflow">return</span> FALSE;</div>
+<div class="line"><a id="l00095" name="l00095"></a><span class="lineno">   95</span> </div>
+<div class="line"><a id="l00096" name="l00096"></a><span class="lineno">   96</span>        g_Wow64GetThreadContext = (<a class="code hl_function" href="namespacepesieve_1_1util.html#aa85f1f0a0e6bca89adf99decf129714c">BOOL</a>(WINAPI*)(IN HANDLE, IN OUT PWOW64_CONTEXT))procPtr;</div>
+<div class="line"><a id="l00097" name="l00097"></a><span class="lineno">   97</span>    }</div>
+<div class="line"><a id="l00098" name="l00098"></a><span class="lineno">   98</span>    <span class="keywordflow">return</span> g_Wow64GetThreadContext(hThread, <a class="code hl_variable" href="namespacepesieve_1_1util.html#a474e517f22ad667eca359f745537886b">lpContext</a>);</div>
+<div class="line"><a id="l00099" name="l00099"></a><span class="lineno">   99</span><span class="preprocessor">#else</span></div>
+<div class="line"><a id="l00100" name="l00100"></a><span class="lineno">  100</span>    <span class="keywordflow">return</span> FALSE;</div>
+<div class="line"><a id="l00101" name="l00101"></a><span class="lineno">  101</span><span class="preprocessor">#endif</span></div>
+<div class="line"><a id="l00102" name="l00102"></a><span class="lineno">  102</span>}</div>
 </div>
-<div class="line"><a id="l00107" name="l00107"></a><span class="lineno">  107</span> </div>
-<div class="foldopen" id="foldopen00108" data-start="{" data-end="}">
-<div class="line"><a id="l00108" name="l00108"></a><span class="lineno"><a class="line" href="namespacepesieve_1_1util.html#aed4eb6ec69c30d271b4f4b6c4244f03e">  108</a></span><a class="code hl_function" href="namespacepesieve_1_1util.html#aa85f1f0a0e6bca89adf99decf129714c">BOOL</a> <a class="code hl_function" href="namespacepesieve_1_1util.html#aed4eb6ec69c30d271b4f4b6c4244f03e">pesieve::util::wow64_revert_fs_redirection</a>(IN PVOID OldValue)</div>
-<div class="line"><a id="l00109" name="l00109"></a><span class="lineno">  109</span>{</div>
-<div class="line"><a id="l00110" name="l00110"></a><span class="lineno">  110</span>    <span class="keywordflow">if</span> (!g_Wow64RevertWow64FsRedirection) {</div>
-<div class="line"><a id="l00111" name="l00111"></a><span class="lineno">  111</span>        HMODULE kernelLib = <a class="code hl_function" href="namespacepesieve_1_1util.html#a86a2a1d5b1cd1861d424c2b06a3b961e">get_kernel32_hndl</a>();</div>
-<div class="line"><a id="l00112" name="l00112"></a><span class="lineno">  112</span>        <span class="keywordflow">if</span> (!kernelLib) <span class="keywordflow">return</span> FALSE;</div>
-<div class="line"><a id="l00113" name="l00113"></a><span class="lineno">  113</span> </div>
-<div class="line"><a id="l00114" name="l00114"></a><span class="lineno">  114</span>        FARPROC procPtr = GetProcAddress(kernelLib, <span class="stringliteral">&quot;Wow64RevertWow64FsRedirection&quot;</span>);</div>
-<div class="line"><a id="l00115" name="l00115"></a><span class="lineno">  115</span>        <span class="keywordflow">if</span> (!procPtr) <span class="keywordflow">return</span> FALSE;</div>
-<div class="line"><a id="l00116" name="l00116"></a><span class="lineno">  116</span> </div>
-<div class="line"><a id="l00117" name="l00117"></a><span class="lineno">  117</span>        g_Wow64RevertWow64FsRedirection = (<a class="code hl_function" href="namespacepesieve_1_1util.html#aa85f1f0a0e6bca89adf99decf129714c">BOOL</a>(WINAPI *) (IN PVOID))procPtr;</div>
-<div class="line"><a id="l00118" name="l00118"></a><span class="lineno">  118</span>    }</div>
-<div class="line"><a id="l00119" name="l00119"></a><span class="lineno">  119</span>    <span class="keywordflow">if</span> (!g_Wow64RevertWow64FsRedirection) {</div>
-<div class="line"><a id="l00120" name="l00120"></a><span class="lineno">  120</span>        <span class="keywordflow">return</span> FALSE;</div>
-<div class="line"><a id="l00121" name="l00121"></a><span class="lineno">  121</span>    }</div>
-<div class="line"><a id="l00122" name="l00122"></a><span class="lineno">  122</span>    <span class="keywordflow">return</span> g_Wow64RevertWow64FsRedirection(OldValue);</div>
-<div class="line"><a id="l00123" name="l00123"></a><span class="lineno">  123</span>}</div>
+<div class="line"><a id="l00103" name="l00103"></a><span class="lineno">  103</span> </div>
+<div class="foldopen" id="foldopen00104" data-start="{" data-end="}">
+<div class="line"><a id="l00104" name="l00104"></a><span class="lineno"><a class="line" href="namespacepesieve_1_1util.html#a39cfbc887b8c190834eece6c67a4af17">  104</a></span><a class="code hl_function" href="namespacepesieve_1_1util.html#aa85f1f0a0e6bca89adf99decf129714c">BOOL</a> <a class="code hl_function" href="namespacepesieve_1_1util.html#a39cfbc887b8c190834eece6c67a4af17">pesieve::util::wow64_disable_fs_redirection</a>(OUT PVOID* OldValue)</div>
+<div class="line"><a id="l00105" name="l00105"></a><span class="lineno">  105</span>{</div>
+<div class="line"><a id="l00106" name="l00106"></a><span class="lineno">  106</span>    <span class="keywordflow">if</span> (!g_Wow64DisableWow64FsRedirection) {</div>
+<div class="line"><a id="l00107" name="l00107"></a><span class="lineno">  107</span>        HMODULE kernelLib = <a class="code hl_function" href="namespacepesieve_1_1util.html#a86a2a1d5b1cd1861d424c2b06a3b961e">get_kernel32_hndl</a>();</div>
+<div class="line"><a id="l00108" name="l00108"></a><span class="lineno">  108</span>        <span class="keywordflow">if</span> (!kernelLib) <span class="keywordflow">return</span> FALSE;</div>
+<div class="line"><a id="l00109" name="l00109"></a><span class="lineno">  109</span> </div>
+<div class="line"><a id="l00110" name="l00110"></a><span class="lineno">  110</span>        FARPROC procPtr = GetProcAddress(kernelLib, <span class="stringliteral">&quot;Wow64DisableWow64FsRedirection&quot;</span>);</div>
+<div class="line"><a id="l00111" name="l00111"></a><span class="lineno">  111</span>        <span class="keywordflow">if</span> (!procPtr) <span class="keywordflow">return</span> FALSE;</div>
+<div class="line"><a id="l00112" name="l00112"></a><span class="lineno">  112</span> </div>
+<div class="line"><a id="l00113" name="l00113"></a><span class="lineno">  113</span>        g_Wow64DisableWow64FsRedirection = (<a class="code hl_function" href="namespacepesieve_1_1util.html#aa85f1f0a0e6bca89adf99decf129714c">BOOL</a>(WINAPI *) (OUT PVOID*))procPtr;</div>
+<div class="line"><a id="l00114" name="l00114"></a><span class="lineno">  114</span>    }</div>
+<div class="line"><a id="l00115" name="l00115"></a><span class="lineno">  115</span>    <span class="keywordflow">if</span> (!g_Wow64DisableWow64FsRedirection) {</div>
+<div class="line"><a id="l00116" name="l00116"></a><span class="lineno">  116</span>        <span class="keywordflow">return</span> FALSE;</div>
+<div class="line"><a id="l00117" name="l00117"></a><span class="lineno">  117</span>    }</div>
+<div class="line"><a id="l00118" name="l00118"></a><span class="lineno">  118</span>    <span class="keywordflow">return</span> g_Wow64DisableWow64FsRedirection(OldValue);</div>
+<div class="line"><a id="l00119" name="l00119"></a><span class="lineno">  119</span>}</div>
+</div>
+<div class="line"><a id="l00120" name="l00120"></a><span class="lineno">  120</span> </div>
+<div class="foldopen" id="foldopen00121" data-start="{" data-end="}">
+<div class="line"><a id="l00121" name="l00121"></a><span class="lineno"><a class="line" href="namespacepesieve_1_1util.html#aed4eb6ec69c30d271b4f4b6c4244f03e">  121</a></span><a class="code hl_function" href="namespacepesieve_1_1util.html#aa85f1f0a0e6bca89adf99decf129714c">BOOL</a> <a class="code hl_function" href="namespacepesieve_1_1util.html#aed4eb6ec69c30d271b4f4b6c4244f03e">pesieve::util::wow64_revert_fs_redirection</a>(IN PVOID OldValue)</div>
+<div class="line"><a id="l00122" name="l00122"></a><span class="lineno">  122</span>{</div>
+<div class="line"><a id="l00123" name="l00123"></a><span class="lineno">  123</span>    <span class="keywordflow">if</span> (!g_Wow64RevertWow64FsRedirection) {</div>
+<div class="line"><a id="l00124" name="l00124"></a><span class="lineno">  124</span>        HMODULE kernelLib = <a class="code hl_function" href="namespacepesieve_1_1util.html#a86a2a1d5b1cd1861d424c2b06a3b961e">get_kernel32_hndl</a>();</div>
+<div class="line"><a id="l00125" name="l00125"></a><span class="lineno">  125</span>        <span class="keywordflow">if</span> (!kernelLib) <span class="keywordflow">return</span> FALSE;</div>
+<div class="line"><a id="l00126" name="l00126"></a><span class="lineno">  126</span> </div>
+<div class="line"><a id="l00127" name="l00127"></a><span class="lineno">  127</span>        FARPROC procPtr = GetProcAddress(kernelLib, <span class="stringliteral">&quot;Wow64RevertWow64FsRedirection&quot;</span>);</div>
+<div class="line"><a id="l00128" name="l00128"></a><span class="lineno">  128</span>        <span class="keywordflow">if</span> (!procPtr) <span class="keywordflow">return</span> FALSE;</div>
+<div class="line"><a id="l00129" name="l00129"></a><span class="lineno">  129</span> </div>
+<div class="line"><a id="l00130" name="l00130"></a><span class="lineno">  130</span>        g_Wow64RevertWow64FsRedirection = (<a class="code hl_function" href="namespacepesieve_1_1util.html#aa85f1f0a0e6bca89adf99decf129714c">BOOL</a>(WINAPI *) (IN PVOID))procPtr;</div>
+<div class="line"><a id="l00131" name="l00131"></a><span class="lineno">  131</span>    }</div>
+<div class="line"><a id="l00132" name="l00132"></a><span class="lineno">  132</span>    <span class="keywordflow">if</span> (!g_Wow64RevertWow64FsRedirection) {</div>
+<div class="line"><a id="l00133" name="l00133"></a><span class="lineno">  133</span>        <span class="keywordflow">return</span> FALSE;</div>
+<div class="line"><a id="l00134" name="l00134"></a><span class="lineno">  134</span>    }</div>
+<div class="line"><a id="l00135" name="l00135"></a><span class="lineno">  135</span>    <span class="keywordflow">return</span> g_Wow64RevertWow64FsRedirection(OldValue);</div>
+<div class="line"><a id="l00136" name="l00136"></a><span class="lineno">  136</span>}</div>
 </div>
 <div class="ttc" id="anamespacepesieve_1_1util_html_a015be6a0937814caf43586043817d922"><div class="ttname"><a href="namespacepesieve_1_1util.html#a015be6a0937814caf43586043817d922">pesieve::util::is_process_64bit</a></div><div class="ttdeci">bool is_process_64bit(IN HANDLE process)</div><div class="ttdef"><b>Definition</b> <a href="#l00047">process_util.cpp:47</a></div></div>
-<div class="ttc" id="anamespacepesieve_1_1util_html_a39cfbc887b8c190834eece6c67a4af17"><div class="ttname"><a href="namespacepesieve_1_1util.html#a39cfbc887b8c190834eece6c67a4af17">pesieve::util::wow64_disable_fs_redirection</a></div><div class="ttdeci">BOOL wow64_disable_fs_redirection(OUT PVOID *OldValue)</div><div class="ttdef"><b>Definition</b> <a href="#l00091">process_util.cpp:91</a></div></div>
+<div class="ttc" id="anamespacepesieve_1_1util_html_a39cfbc887b8c190834eece6c67a4af17"><div class="ttname"><a href="namespacepesieve_1_1util.html#a39cfbc887b8c190834eece6c67a4af17">pesieve::util::wow64_disable_fs_redirection</a></div><div class="ttdeci">BOOL wow64_disable_fs_redirection(OUT PVOID *OldValue)</div><div class="ttdef"><b>Definition</b> <a href="#l00104">process_util.cpp:104</a></div></div>
 <div class="ttc" id="anamespacepesieve_1_1util_html_a43b6faf00b6a97279f2d67f4a3fd2513"><div class="ttname"><a href="namespacepesieve_1_1util.html#a43b6faf00b6a97279f2d67f4a3fd2513">pesieve::util::is_process_wow64</a></div><div class="ttdeci">BOOL is_process_wow64(IN HANDLE processHandle, OUT BOOL *isProcWow64)</div><div class="ttdef"><b>Definition</b> <a href="#l00027">process_util.cpp:27</a></div></div>
 <div class="ttc" id="anamespacepesieve_1_1util_html_a474e517f22ad667eca359f745537886b"><div class="ttname"><a href="namespacepesieve_1_1util.html#a474e517f22ad667eca359f745537886b">pesieve::util::lpContext</a></div><div class="ttdeci">IN OUT PWOW64_CONTEXT lpContext</div><div class="ttdef"><b>Definition</b> <a href="#l00011">process_util.cpp:11</a></div></div>
 <div class="ttc" id="anamespacepesieve_1_1util_html_a86a2a1d5b1cd1861d424c2b06a3b961e"><div class="ttname"><a href="namespacepesieve_1_1util.html#a86a2a1d5b1cd1861d424c2b06a3b961e">pesieve::util::get_kernel32_hndl</a></div><div class="ttdeci">HMODULE get_kernel32_hndl()</div><div class="ttdef"><b>Definition</b> <a href="#l00013">process_util.cpp:13</a></div></div>
+<div class="ttc" id="anamespacepesieve_1_1util_html_a8d7eb7eb1b3e3c05251341d0c14d82be"><div class="ttname"><a href="namespacepesieve_1_1util.html#a8d7eb7eb1b3e3c05251341d0c14d82be">pesieve::util::is_current_wow64</a></div><div class="ttdeci">bool is_current_wow64()</div><div class="ttdef"><b>Definition</b> <a href="#l00073">process_util.cpp:73</a></div></div>
 <div class="ttc" id="anamespacepesieve_1_1util_html_aa85f1f0a0e6bca89adf99decf129714c"><div class="ttname"><a href="namespacepesieve_1_1util.html#aa85f1f0a0e6bca89adf99decf129714c">pesieve::util::BOOL</a></div><div class="ttdeci">BOOL(CALLBACK *_MiniDumpWriteDump)(HANDLE hProcess</div></div>
 <div class="ttc" id="anamespacepesieve_1_1util_html_aacb64ab7d443d809726bde821ffd5cdc"><div class="ttname"><a href="namespacepesieve_1_1util.html#aacb64ab7d443d809726bde821ffd5cdc">pesieve::util::g_kernel32Hndl</a></div><div class="ttdeci">HMODULE g_kernel32Hndl</div><div class="ttdef"><b>Definition</b> <a href="#l00006">process_util.cpp:6</a></div></div>
 <div class="ttc" id="anamespacepesieve_1_1util_html_ad91ff983665019c0b9c5076384577817"><div class="ttname"><a href="namespacepesieve_1_1util.html#ad91ff983665019c0b9c5076384577817">pesieve::util::PBOOL</a></div><div class="ttdeci">OUT PBOOL</div><div class="ttdef"><b>Definition</b> <a href="#l00008">process_util.cpp:8</a></div></div>
-<div class="ttc" id="anamespacepesieve_1_1util_html_adafdd61439fc2750cec84fb15d59ecf8"><div class="ttname"><a href="namespacepesieve_1_1util.html#adafdd61439fc2750cec84fb15d59ecf8">pesieve::util::wow64_get_thread_context</a></div><div class="ttdeci">BOOL wow64_get_thread_context(IN HANDLE hThread, IN OUT PWOW64_CONTEXT lpContext)</div><div class="ttdef"><b>Definition</b> <a href="#l00073">process_util.cpp:73</a></div></div>
-<div class="ttc" id="anamespacepesieve_1_1util_html_aed4eb6ec69c30d271b4f4b6c4244f03e"><div class="ttname"><a href="namespacepesieve_1_1util.html#aed4eb6ec69c30d271b4f4b6c4244f03e">pesieve::util::wow64_revert_fs_redirection</a></div><div class="ttdeci">BOOL wow64_revert_fs_redirection(IN PVOID OldValue)</div><div class="ttdef"><b>Definition</b> <a href="#l00108">process_util.cpp:108</a></div></div>
+<div class="ttc" id="anamespacepesieve_1_1util_html_adafdd61439fc2750cec84fb15d59ecf8"><div class="ttname"><a href="namespacepesieve_1_1util.html#adafdd61439fc2750cec84fb15d59ecf8">pesieve::util::wow64_get_thread_context</a></div><div class="ttdeci">BOOL wow64_get_thread_context(IN HANDLE hThread, IN OUT PWOW64_CONTEXT lpContext)</div><div class="ttdef"><b>Definition</b> <a href="#l00086">process_util.cpp:86</a></div></div>
+<div class="ttc" id="anamespacepesieve_1_1util_html_aed4eb6ec69c30d271b4f4b6c4244f03e"><div class="ttname"><a href="namespacepesieve_1_1util.html#aed4eb6ec69c30d271b4f4b6c4244f03e">pesieve::util::wow64_revert_fs_redirection</a></div><div class="ttdeci">BOOL wow64_revert_fs_redirection(IN PVOID OldValue)</div><div class="ttdef"><b>Definition</b> <a href="#l00121">process_util.cpp:121</a></div></div>
 <div class="ttc" id="anamespacepesieve_html"><div class="ttname"><a href="namespacepesieve.html">pesieve</a></div><div class="ttdef"><b>Definition</b> <a href="pesieve_8py_source.html#l00001">pesieve.py:1</a></div></div>
 <div class="ttc" id="aprocess__util_8h_html"><div class="ttname"><a href="process__util_8h.html">process_util.h</a></div></div>
 </div><!-- fragment --></div><!-- contents -->
diff --git a/process__util_8h.html b/process__util_8h.html
index 0523f15ae..c0a52ff0a 100644
--- a/process__util_8h.html
+++ b/process__util_8h.html
@@ -113,6 +113,8 @@
 <tr class="separator:a43b6faf00b6a97279f2d67f4a3fd2513"><td class="memSeparator" colspan="2">&#160;</td></tr>
 <tr class="memitem:a015be6a0937814caf43586043817d922" id="r_a015be6a0937814caf43586043817d922"><td class="memItemLeft" align="right" valign="top"><a class="el" href="pe__sieve__types_8h.html#ad5c9d4ba3dc37783a528b0925dc981a0">bool</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="namespacepesieve_1_1util.html#a015be6a0937814caf43586043817d922">pesieve::util::is_process_64bit</a> (IN HANDLE process)</td></tr>
 <tr class="separator:a015be6a0937814caf43586043817d922"><td class="memSeparator" colspan="2">&#160;</td></tr>
+<tr class="memitem:a8d7eb7eb1b3e3c05251341d0c14d82be" id="r_a8d7eb7eb1b3e3c05251341d0c14d82be"><td class="memItemLeft" align="right" valign="top"><a class="el" href="pe__sieve__types_8h.html#ad5c9d4ba3dc37783a528b0925dc981a0">bool</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="namespacepesieve_1_1util.html#a8d7eb7eb1b3e3c05251341d0c14d82be">pesieve::util::is_current_wow64</a> ()</td></tr>
+<tr class="separator:a8d7eb7eb1b3e3c05251341d0c14d82be"><td class="memSeparator" colspan="2">&#160;</td></tr>
 <tr class="memitem:a39cfbc887b8c190834eece6c67a4af17" id="r_a39cfbc887b8c190834eece6c67a4af17"><td class="memItemLeft" align="right" valign="top"><a class="el" href="namespacepesieve_1_1util.html#aa85f1f0a0e6bca89adf99decf129714c">BOOL</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="namespacepesieve_1_1util.html#a39cfbc887b8c190834eece6c67a4af17">pesieve::util::wow64_disable_fs_redirection</a> (OUT PVOID *OldValue)</td></tr>
 <tr class="separator:a39cfbc887b8c190834eece6c67a4af17"><td class="memSeparator" colspan="2">&#160;</td></tr>
 <tr class="memitem:aed4eb6ec69c30d271b4f4b6c4244f03e" id="r_aed4eb6ec69c30d271b4f4b6c4244f03e"><td class="memItemLeft" align="right" valign="top"><a class="el" href="namespacepesieve_1_1util.html#aa85f1f0a0e6bca89adf99decf129714c">BOOL</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="namespacepesieve_1_1util.html#aed4eb6ec69c30d271b4f4b6c4244f03e">pesieve::util::wow64_revert_fs_redirection</a> (IN PVOID OldValue)</td></tr>
diff --git a/process__util_8h_source.html b/process__util_8h_source.html
index dc237d468..b79606292 100644
--- a/process__util_8h_source.html
+++ b/process__util_8h_source.html
@@ -103,19 +103,22 @@
 <div class="line"><a id="l00008" name="l00008"></a><span class="lineno">    8</span>        <a class="code hl_function" href="namespacepesieve_1_1util.html#aa85f1f0a0e6bca89adf99decf129714c">BOOL</a> <a class="code hl_function" href="namespacepesieve_1_1util.html#a43b6faf00b6a97279f2d67f4a3fd2513">is_process_wow64</a>(IN HANDLE processHandle, OUT <a class="code hl_function" href="namespacepesieve_1_1util.html#aa85f1f0a0e6bca89adf99decf129714c">BOOL</a>* isProcWow64);</div>
 <div class="line"><a id="l00009" name="l00009"></a><span class="lineno">    9</span>        <span class="keywordtype">bool</span> <a class="code hl_function" href="namespacepesieve_1_1util.html#a015be6a0937814caf43586043817d922">is_process_64bit</a>(IN HANDLE process);</div>
 <div class="line"><a id="l00010" name="l00010"></a><span class="lineno">   10</span> </div>
-<div class="line"><a id="l00011" name="l00011"></a><span class="lineno">   11</span>        <a class="code hl_function" href="namespacepesieve_1_1util.html#aa85f1f0a0e6bca89adf99decf129714c">BOOL</a> <a class="code hl_function" href="namespacepesieve_1_1util.html#a39cfbc887b8c190834eece6c67a4af17">wow64_disable_fs_redirection</a>(OUT PVOID* OldValue);</div>
-<div class="line"><a id="l00012" name="l00012"></a><span class="lineno">   12</span>        <a class="code hl_function" href="namespacepesieve_1_1util.html#aa85f1f0a0e6bca89adf99decf129714c">BOOL</a> <a class="code hl_function" href="namespacepesieve_1_1util.html#aed4eb6ec69c30d271b4f4b6c4244f03e">wow64_revert_fs_redirection</a>(IN PVOID  OldValue);</div>
-<div class="line"><a id="l00013" name="l00013"></a><span class="lineno">   13</span> </div>
-<div class="line"><a id="l00014" name="l00014"></a><span class="lineno">   14</span>        <a class="code hl_function" href="namespacepesieve_1_1util.html#aa85f1f0a0e6bca89adf99decf129714c">BOOL</a> <a class="code hl_function" href="namespacepesieve_1_1util.html#adafdd61439fc2750cec84fb15d59ecf8">wow64_get_thread_context</a>(IN HANDLE hThread, IN OUT PWOW64_CONTEXT <a class="code hl_variable" href="namespacepesieve_1_1util.html#a474e517f22ad667eca359f745537886b">lpContext</a>);</div>
-<div class="line"><a id="l00015" name="l00015"></a><span class="lineno">   15</span>    };</div>
-<div class="line"><a id="l00016" name="l00016"></a><span class="lineno">   16</span>};</div>
+<div class="line"><a id="l00011" name="l00011"></a><span class="lineno">   11</span>        <span class="keywordtype">bool</span> <a class="code hl_function" href="namespacepesieve_1_1util.html#a8d7eb7eb1b3e3c05251341d0c14d82be">is_current_wow64</a>();</div>
+<div class="line"><a id="l00012" name="l00012"></a><span class="lineno">   12</span> </div>
+<div class="line"><a id="l00013" name="l00013"></a><span class="lineno">   13</span>        <a class="code hl_function" href="namespacepesieve_1_1util.html#aa85f1f0a0e6bca89adf99decf129714c">BOOL</a> <a class="code hl_function" href="namespacepesieve_1_1util.html#a39cfbc887b8c190834eece6c67a4af17">wow64_disable_fs_redirection</a>(OUT PVOID* OldValue);</div>
+<div class="line"><a id="l00014" name="l00014"></a><span class="lineno">   14</span>        <a class="code hl_function" href="namespacepesieve_1_1util.html#aa85f1f0a0e6bca89adf99decf129714c">BOOL</a> <a class="code hl_function" href="namespacepesieve_1_1util.html#aed4eb6ec69c30d271b4f4b6c4244f03e">wow64_revert_fs_redirection</a>(IN PVOID  OldValue);</div>
+<div class="line"><a id="l00015" name="l00015"></a><span class="lineno">   15</span> </div>
+<div class="line"><a id="l00016" name="l00016"></a><span class="lineno">   16</span>        <a class="code hl_function" href="namespacepesieve_1_1util.html#aa85f1f0a0e6bca89adf99decf129714c">BOOL</a> <a class="code hl_function" href="namespacepesieve_1_1util.html#adafdd61439fc2750cec84fb15d59ecf8">wow64_get_thread_context</a>(IN HANDLE hThread, IN OUT PWOW64_CONTEXT <a class="code hl_variable" href="namespacepesieve_1_1util.html#a474e517f22ad667eca359f745537886b">lpContext</a>);</div>
+<div class="line"><a id="l00017" name="l00017"></a><span class="lineno">   17</span>    };</div>
+<div class="line"><a id="l00018" name="l00018"></a><span class="lineno">   18</span>};</div>
 <div class="ttc" id="anamespacepesieve_1_1util_html_a015be6a0937814caf43586043817d922"><div class="ttname"><a href="namespacepesieve_1_1util.html#a015be6a0937814caf43586043817d922">pesieve::util::is_process_64bit</a></div><div class="ttdeci">bool is_process_64bit(IN HANDLE process)</div><div class="ttdef"><b>Definition</b> <a href="process__util_8cpp_source.html#l00047">process_util.cpp:47</a></div></div>
-<div class="ttc" id="anamespacepesieve_1_1util_html_a39cfbc887b8c190834eece6c67a4af17"><div class="ttname"><a href="namespacepesieve_1_1util.html#a39cfbc887b8c190834eece6c67a4af17">pesieve::util::wow64_disable_fs_redirection</a></div><div class="ttdeci">BOOL wow64_disable_fs_redirection(OUT PVOID *OldValue)</div><div class="ttdef"><b>Definition</b> <a href="process__util_8cpp_source.html#l00091">process_util.cpp:91</a></div></div>
+<div class="ttc" id="anamespacepesieve_1_1util_html_a39cfbc887b8c190834eece6c67a4af17"><div class="ttname"><a href="namespacepesieve_1_1util.html#a39cfbc887b8c190834eece6c67a4af17">pesieve::util::wow64_disable_fs_redirection</a></div><div class="ttdeci">BOOL wow64_disable_fs_redirection(OUT PVOID *OldValue)</div><div class="ttdef"><b>Definition</b> <a href="process__util_8cpp_source.html#l00104">process_util.cpp:104</a></div></div>
 <div class="ttc" id="anamespacepesieve_1_1util_html_a43b6faf00b6a97279f2d67f4a3fd2513"><div class="ttname"><a href="namespacepesieve_1_1util.html#a43b6faf00b6a97279f2d67f4a3fd2513">pesieve::util::is_process_wow64</a></div><div class="ttdeci">BOOL is_process_wow64(IN HANDLE processHandle, OUT BOOL *isProcWow64)</div><div class="ttdef"><b>Definition</b> <a href="process__util_8cpp_source.html#l00027">process_util.cpp:27</a></div></div>
 <div class="ttc" id="anamespacepesieve_1_1util_html_a474e517f22ad667eca359f745537886b"><div class="ttname"><a href="namespacepesieve_1_1util.html#a474e517f22ad667eca359f745537886b">pesieve::util::lpContext</a></div><div class="ttdeci">IN OUT PWOW64_CONTEXT lpContext</div><div class="ttdef"><b>Definition</b> <a href="process__util_8cpp_source.html#l00011">process_util.cpp:11</a></div></div>
+<div class="ttc" id="anamespacepesieve_1_1util_html_a8d7eb7eb1b3e3c05251341d0c14d82be"><div class="ttname"><a href="namespacepesieve_1_1util.html#a8d7eb7eb1b3e3c05251341d0c14d82be">pesieve::util::is_current_wow64</a></div><div class="ttdeci">bool is_current_wow64()</div><div class="ttdef"><b>Definition</b> <a href="process__util_8cpp_source.html#l00073">process_util.cpp:73</a></div></div>
 <div class="ttc" id="anamespacepesieve_1_1util_html_aa85f1f0a0e6bca89adf99decf129714c"><div class="ttname"><a href="namespacepesieve_1_1util.html#aa85f1f0a0e6bca89adf99decf129714c">pesieve::util::BOOL</a></div><div class="ttdeci">BOOL(CALLBACK *_MiniDumpWriteDump)(HANDLE hProcess</div></div>
-<div class="ttc" id="anamespacepesieve_1_1util_html_adafdd61439fc2750cec84fb15d59ecf8"><div class="ttname"><a href="namespacepesieve_1_1util.html#adafdd61439fc2750cec84fb15d59ecf8">pesieve::util::wow64_get_thread_context</a></div><div class="ttdeci">BOOL wow64_get_thread_context(IN HANDLE hThread, IN OUT PWOW64_CONTEXT lpContext)</div><div class="ttdef"><b>Definition</b> <a href="process__util_8cpp_source.html#l00073">process_util.cpp:73</a></div></div>
-<div class="ttc" id="anamespacepesieve_1_1util_html_aed4eb6ec69c30d271b4f4b6c4244f03e"><div class="ttname"><a href="namespacepesieve_1_1util.html#aed4eb6ec69c30d271b4f4b6c4244f03e">pesieve::util::wow64_revert_fs_redirection</a></div><div class="ttdeci">BOOL wow64_revert_fs_redirection(IN PVOID OldValue)</div><div class="ttdef"><b>Definition</b> <a href="process__util_8cpp_source.html#l00108">process_util.cpp:108</a></div></div>
+<div class="ttc" id="anamespacepesieve_1_1util_html_adafdd61439fc2750cec84fb15d59ecf8"><div class="ttname"><a href="namespacepesieve_1_1util.html#adafdd61439fc2750cec84fb15d59ecf8">pesieve::util::wow64_get_thread_context</a></div><div class="ttdeci">BOOL wow64_get_thread_context(IN HANDLE hThread, IN OUT PWOW64_CONTEXT lpContext)</div><div class="ttdef"><b>Definition</b> <a href="process__util_8cpp_source.html#l00086">process_util.cpp:86</a></div></div>
+<div class="ttc" id="anamespacepesieve_1_1util_html_aed4eb6ec69c30d271b4f4b6c4244f03e"><div class="ttname"><a href="namespacepesieve_1_1util.html#aed4eb6ec69c30d271b4f4b6c4244f03e">pesieve::util::wow64_revert_fs_redirection</a></div><div class="ttdeci">BOOL wow64_revert_fs_redirection(IN PVOID OldValue)</div><div class="ttdef"><b>Definition</b> <a href="process__util_8cpp_source.html#l00121">process_util.cpp:121</a></div></div>
 <div class="ttc" id="anamespacepesieve_html"><div class="ttname"><a href="namespacepesieve.html">pesieve</a></div><div class="ttdef"><b>Definition</b> <a href="pesieve_8py_source.html#l00001">pesieve.py:1</a></div></div>
 </div><!-- fragment --></div><!-- contents -->
 <!-- start footer part -->
diff --git a/scanner_8cpp_source.html b/scanner_8cpp_source.html
index 1e219e412..1acd53f0d 100644
--- a/scanner_8cpp_source.html
+++ b/scanner_8cpp_source.html
@@ -733,7 +733,7 @@
 <div class="ttc" id="aclasspesieve_1_1_skipped_module_report_html"><div class="ttname"><a href="classpesieve_1_1_skipped_module_report.html">pesieve::SkippedModuleReport</a></div><div class="ttdef"><b>Definition</b> <a href="module__scan__report_8h_source.html#l00120">module_scan_report.h:121</a></div></div>
 <div class="ttc" id="aclasspesieve_1_1_thread_scan_report_html"><div class="ttname"><a href="classpesieve_1_1_thread_scan_report.html">pesieve::ThreadScanReport</a></div><div class="ttdoc">A report from the thread scan, generated by ThreadScanner.</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8h_source.html#l00015">thread_scanner.h:16</a></div></div>
 <div class="ttc" id="aclasspesieve_1_1_thread_scanner_html"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html">pesieve::ThreadScanner</a></div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8h_source.html#l00130">thread_scanner.h:130</a></div></div>
-<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_a23839353374eedcda7c92b0c7ce6b3bf"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#a23839353374eedcda7c92b0c7ce6b3bf">pesieve::ThreadScanner::scanRemote</a></div><div class="ttdeci">virtual ThreadScanReport * scanRemote()</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8cpp_source.html#l00574">thread_scanner.cpp:574</a></div></div>
+<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_a23839353374eedcda7c92b0c7ce6b3bf"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#a23839353374eedcda7c92b0c7ce6b3bf">pesieve::ThreadScanner::scanRemote</a></div><div class="ttdeci">virtual ThreadScanReport * scanRemote()</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8cpp_source.html#l00584">thread_scanner.cpp:584</a></div></div>
 <div class="ttc" id="aclasspesieve_1_1_unreachable_module_report_html"><div class="ttname"><a href="classpesieve_1_1_unreachable_module_report.html">pesieve::UnreachableModuleReport</a></div><div class="ttdef"><b>Definition</b> <a href="module__scan__report_8h_source.html#l00100">module_scan_report.h:101</a></div></div>
 <div class="ttc" id="aclasspesieve_1_1_working_set_scan_report_html"><div class="ttname"><a href="classpesieve_1_1_working_set_scan_report.html">pesieve::WorkingSetScanReport</a></div><div class="ttdoc">A report from the working set scan, generated by WorkingSetScanner.</div><div class="ttdef"><b>Definition</b> <a href="workingset__scanner_8h_source.html#l00028">workingset_scanner.h:29</a></div></div>
 <div class="ttc" id="aclasspesieve_1_1_working_set_scan_report_html_a9167635c76bcba07d274133c8af95f17"><div class="ttname"><a href="classpesieve_1_1_working_set_scan_report.html#a9167635c76bcba07d274133c8af95f17">pesieve::WorkingSetScanReport::is_listed_module</a></div><div class="ttdeci">bool is_listed_module</div><div class="ttdef"><b>Definition</b> <a href="workingset__scanner_8h_source.html#l00097">workingset_scanner.h:97</a></div></div>
diff --git a/search/all_9.js b/search/all_9.js
index 1b1349f52..b1beadf99 100644
--- a/search/all_9.js
+++ b/search/all_9.js
@@ -81,92 +81,93 @@ var searchData=
   ['is_5fcode_78',['is_code',['../namespacepesieve_1_1util.html#aad87136e3b6e94f105074093a97970c5',1,'pesieve::util']]],
   ['is_5fcorrupt_5fpe_79',['is_corrupt_pe',['../classpesieve_1_1_module_dump_report.html#aadf8118269fad055196034c7daeca382',1,'pesieve::ModuleDumpReport']]],
   ['is_5fcstr_5fequal_80',['is_cstr_equal',['../namespacepesieve_1_1util.html#a6211673ea221530eb4472658fdab12a6',1,'pesieve::util']]],
-  ['is_5fdec_81',['is_dec',['../namespacepesieve_1_1util.html#ae57bc6f959f2d79411087e1b8d3600f7',1,'pesieve::util']]],
-  ['is_5fdep_5fenabled_82',['is_DEP_enabled',['../namespacepesieve_1_1util.html#a4e03a2c1c527e0f0b4063f8ac12ff22d',1,'pesieve::util']]],
-  ['is_5fdevice_5fpath_83',['is_device_path',['../path__converter_8cpp.html#aa38e814828efe4c9d588eb4529ed5b1c',1,'path_converter.cpp']]],
-  ['is_5fdisk_5frelative_84',['is_disk_relative',['../namespacepesieve_1_1util.html#aa402c13598449f9a1f47efb72df8f62f',1,'pesieve::util']]],
-  ['is_5fdot_5fnet_85',['is_dot_net',['../classpesieve_1_1_module_data.html#a7f242e23b293e9741c8b4821a5df9dc4',1,'pesieve::ModuleData']]],
-  ['is_5fendline_86',['IS_ENDLINE',['../strings__util_8h.html#a08090b46d9133e90e2a8f0d326895b09',1,'strings_util.h']]],
-  ['is_5fexecutable_87',['is_executable',['../classpesieve_1_1_working_set_scan_report.html#aa036516e8290539cbb74245285805754',1,'pesieve::WorkingSetScanReport::is_executable'],['../namespacepesieve_1_1util.html#ab5a500e51ff539294a3c71f6b95aa65b',1,'pesieve::util::is_executable()']]],
-  ['is_5fextended_88',['is_extended',['../structpesieve_1_1util_1_1__thread__info.html#a8ec77c6fa5aa1dc71802d52afdc37386',1,'pesieve::util::_thread_info']]],
-  ['is_5fhex_89',['is_hex',['../namespacepesieve_1_1util.html#a23447c87ce0d32d372ca0c4e3bc6e39b',1,'pesieve::util']]],
-  ['is_5fin_5flist_90',['is_in_list',['../namespacepesieve_1_1util.html#a980992e8baccca3371865922e85925be',1,'pesieve::util']]],
-  ['is_5finfo_5ffilled_91',['is_info_filled',['../classpesieve_1_1_mem_page_data.html#aad1e7a796768c408b43162a2ec230904',1,'pesieve::MemPageData']]],
-  ['is_5flisted_5fmodule_92',['is_listed_module',['../classpesieve_1_1_mem_page_data.html#adc986006810f6248a2d7e6e568ada735',1,'pesieve::MemPageData::is_listed_module'],['../classpesieve_1_1_working_set_scan_report.html#a9167635c76bcba07d274133c8af95f17',1,'pesieve::WorkingSetScanReport::is_listed_module']]],
-  ['is_5fmanaged_93',['is_managed',['../structreport.html#ac67fcb03e111ef23c331793ba07902f5',1,'report::is_managed'],['../structpesieve_1_1__ctx__details.html#a8add5038bb0b71c10646482ba2bbcaaa',1,'pesieve::_ctx_details::is_managed']]],
-  ['is_5fmodule_5fnamed_94',['is_module_named',['../classpesieve_1_1_module_data.html#abe700fd542ce7c24cfe82028e1c49961',1,'pesieve::ModuleData']]],
-  ['is_5fnormal_5finaccessible_95',['is_normal_inaccessible',['../namespacepesieve_1_1util.html#a9bc0e707ae1cceda1678bc269f2870ea',1,'pesieve::util']]],
-  ['is_5fnumber_96',['is_number',['../namespacepesieve_1_1util.html#a282125458b003e9ab800b24552bd7242',1,'pesieve::util']]],
-  ['is_5fok_97',['is_ok',['../struct__t__stack__enum__params.html#a61d74c02774139f2cccf850af389735c',1,'_t_stack_enum_params::is_ok'],['../structpesieve_1_1util_1_1t__refl__args.html#a5bfa172f10a03190cb3dadf2e6ff623e',1,'pesieve::util::t_refl_args::is_ok']]],
-  ['is_5fprintable_98',['IS_PRINTABLE',['../strings__util_8h.html#a1a739e1f368dc1b3b122572eec3d12ab',1,'strings_util.h']]],
-  ['is_5fprivate_99',['is_private',['../classpesieve_1_1_mem_page_data.html#acccbcee56b0c039264705e102bce814d',1,'pesieve::MemPageData']]],
-  ['is_5fprocess_5f64bit_100',['is_process_64bit',['../namespacepesieve_1_1util.html#a015be6a0937814caf43586043817d922',1,'pesieve::util']]],
-  ['is_5fprocess_5frefl_101',['is_process_refl',['../classpesieve_1_1_mem_page_data.html#a4baeb4ff99b47933d66f057745b43541',1,'pesieve::MemPageData']]],
-  ['is_5fprocess_5fwow64_102',['is_process_wow64',['../namespacepesieve_1_1util.html#a43b6faf00b6a97279f2d67f4a3fd2513',1,'pesieve::util']]],
-  ['is_5freadable_103',['is_readable',['../namespacepesieve_1_1util.html#a57e9c1266c247784669f5ea0191e086d',1,'pesieve::util']]],
-  ['is_5freflection_104',['is_reflection',['../structreport.html#a31eeb7f48250fc3d175bcf9684634fb8',1,'report']]],
-  ['is_5frelative_105',['is_relative',['../namespacepesieve_1_1util.html#a970337282940a37076a16db56183c03d',1,'pesieve::util']]],
-  ['is_5fret_5fas_5fsyscall_106',['is_ret_as_syscall',['../structpesieve_1_1__ctx__details.html#af71831469a0fe507c8b6e2256dae681e',1,'pesieve::_ctx_details']]],
-  ['is_5fret_5fin_5fframe_107',['is_ret_in_frame',['../structpesieve_1_1__ctx__details.html#a236ccadbe7548913e6186651b56f1636',1,'pesieve::_ctx_details']]],
-  ['is_5frunning_108',['is_running',['../namespacepesieve.html#a5de73d5ffa8f7073fdf5fd6b7c6deea5',1,'pesieve']]],
-  ['is_5fscanner_5fcompatible_109',['is_scanner_compatible',['../namespacepesieve.html#ab939d4edad1446e418ec8fb4d33cb137',1,'pesieve']]],
-  ['is_5fshellcode_110',['is_shellcode',['../classpesieve_1_1_module_dump_report.html#a9cdd70712964e083c4c0f6257336d48d',1,'pesieve::ModuleDumpReport']]],
-  ['is_5fshown_5ftype_111',['is_shown_type',['../namespacepesieve.html#acbbeace832fb77bc16027b0371cf55d9',1,'pesieve']]],
-  ['is_5fthread_5frunning_112',['is_thread_running',['../namespacepesieve.html#a7c9c19e3f0ce1362c7e404893a1163f6',1,'pesieve']]],
-  ['is_5fvalid_5ffile_5fhdr_113',['is_valid_file_hdr',['../namespacepesieve.html#a18e59ce96d19eab91937d55a85d40d3a',1,'pesieve']]],
-  ['is_5fvalid_5fimport_5fdescriptor_114',['is_valid_import_descriptor',['../namespacepesieve.html#af856350491a23b4fba1aabf0ffb5ecdb',1,'pesieve']]],
-  ['is_5fvalid_5fsection_115',['is_valid_section',['../namespacepesieve.html#ab6eb75407c454f07ae7910a1d8b7c826',1,'pesieve']]],
-  ['isaddrinshellcode_116',['isAddrInShellcode',['../classpesieve_1_1_thread_scanner.html#a912120f6549a8b27c3e8166ccd2511cf',1,'pesieve::ThreadScanner']]],
-  ['isallprintable_117',['isAllPrintable',['../namespacepesieve_1_1stats.html#a1f38f630a729f596b4cd2b3eebd36fa2',1,'pesieve::stats']]],
-  ['iscacheavailable_118',['isCacheAvailable',['../classpesieve_1_1_modules_cache.html#a7fcdbf7fd47572a9d02c430bbf55697d',1,'pesieve::ModulesCache']]],
-  ['iscode_119',['isCode',['../classpesieve_1_1_pe_buffer.html#a39400f75a56c653e647fd7cb19724d27',1,'pesieve::PeBuffer']]],
-  ['iscontained_120',['isContained',['../classpesieve_1_1_pe_section.html#a98091942ed90ff8157039ff1008cbc25',1,'pesieve::PeSection']]],
-  ['iscoveragecomplete_121',['isCoverageComplete',['../classpesieve_1_1_i_a_t_block.html#a03ce76940ff373f9ed1a5bb56dee7d7a',1,'pesieve::IATBlock']]],
-  ['iscovered_122',['isCovered',['../classpesieve_1_1_i_a_t_thunks_series.html#afa77af01bd49d5428a03227b1d2a2283',1,'pesieve::IATThunksSeries::isCovered()'],['../classpesieve_1_1_i_a_t_block.html#a55cba9be25b9ad8c2b15073b5fb3eb17',1,'pesieve::IATBlock::isCovered()']]],
-  ['isdatacontained_123',['isDataContained',['../structpesieve_1_1util_1_1_byte_buffer.html#ad5659eccb45c518338f2b682b347041b',1,'pesieve::util::ByteBuffer']]],
-  ['isdep_124',['isDEP',['../structpesieve_1_1__process__details.html#a36de3778d1d58ed0112e70c830e98462',1,'pesieve::_process_details::isDEP'],['../classpesieve_1_1_process_scanner.html#a4420dc261297d3b67b487b5f2439a852',1,'pesieve::ProcessScanner::isDEP']]],
-  ['isdirect_125',['isDirect',['../classpesieve_1_1_patch_list_1_1_patch.html#a917c77f6c3480b170239dd0f060d80f4',1,'pesieve::PatchList::Patch']]],
-  ['isdll_126',['isDll',['../classpesieve_1_1_pe_artefacts.html#a11d5032dc934f3415900f90a46db5cbe',1,'pesieve::PeArtefacts']]],
-  ['isdotnet_127',['isDotNet',['../classpesieve_1_1_module_data.html#a669207603953e5ce9ca208a9b4b3636b',1,'pesieve::ModuleData']]],
-  ['isdotnetmanagedcode_128',['isDotNetManagedCode',['../classpesieve_1_1_module_data.html#afd198d7810e60af9584f4fc2fd90e9fa',1,'pesieve::ModuleData']]],
-  ['isdotnetmodule_129',['isDotNetModule',['../classpesieve_1_1_module_scan_report.html#a81a4088afbf84bfa89dd60969527ebca',1,'pesieve::ModuleScanReport']]],
-  ['isdumped_130',['isDumped',['../classpesieve_1_1_module_dump_report.html#a111e084a95143aeeeb7bdfae1408eb75',1,'pesieve::ModuleDumpReport']]],
-  ['isexecutable_131',['isExecutable',['../classpesieve_1_1_working_set_scanner.html#ac66d70d22a149e709998b4cf68b40ad1',1,'pesieve::WorkingSetScanner']]],
-  ['isfilled_132',['isFilled',['../classpesieve_1_1_process_dump_report.html#ab5df52d208711d1ae9c2084d459c9211',1,'pesieve::ProcessDumpReport::isFilled()'],['../classpesieve_1_1_pe_buffer.html#a2d59396064feb956755694ddb6b4df07',1,'pesieve::PeBuffer::isFilled()'],['../structpesieve_1_1_multi_stats_settings.html#aa6d2351e57b5cdb71e63e9985a83fb13',1,'pesieve::MultiStatsSettings::isFilled()'],['../classpesieve_1_1_area_multi_stats.html#a211c3964f9d24a9d31673e2581e4b632',1,'pesieve::AreaMultiStats::isFilled()'],['../structpesieve_1_1_stats_settings.html#a4754111ab8c574eaf58d73fe0b2e7422',1,'pesieve::StatsSettings::isFilled()'],['../classpesieve_1_1_area_stats.html#a3005dfc8cd36c15290a724a29ee09a63',1,'pesieve::AreaStats::isFilled()'],['../structpesieve_1_1util_1_1_basic_buffer.html#a62c880c7daca719d983e9fc638518fca',1,'pesieve::util::BasicBuffer::isFilled()']]],
-  ['isfullimageloaded_133',['isFullImageLoaded',['../classpesieve_1_1_remote_module_data.html#a1bbfb7e3bcb6136909a1cf812da2a955',1,'pesieve::RemoteModuleData']]],
-  ['ishdrreplaced_134',['isHdrReplaced',['../classpesieve_1_1_headers_scan_report.html#af04c1c2f3d532acf4bd980f23422f134',1,'pesieve::HeadersScanReport']]],
-  ['isinfofilled_135',['isInfoFilled',['../classpesieve_1_1_mem_page_data.html#a92b303ba4c9abaffa472a57bb943bec9',1,'pesieve::MemPageData']]],
-  ['isinit_136',['isInit',['../class_process_symbols_manager.html#a4c2130eb0673ab159d260c63d56aee23',1,'ProcessSymbolsManager']]],
-  ['isinitialized_137',['IsInitialized',['../class_process_symbols_manager.html#ad6b1d880d0b5ae9618c8ac5452823704',1,'ProcessSymbolsManager']]],
-  ['isinitialized_138',['isInitialized',['../classpesieve_1_1_module_data.html#aa3717faf0b70606705752321f8efe254',1,'pesieve::ModuleData::isInitialized()'],['../classpesieve_1_1_remote_module_data.html#a10f74dddd152a0895545bd68268da7ff',1,'pesieve::RemoteModuleData::isInitialized()'],['../classpesieve_1_1_pe_section.html#a6ab5831f0e1542427793f151f2746f78',1,'pesieve::PeSection::isInitialized()']]],
-  ['isinmain_139',['isInMain',['../classpesieve_1_1_i_a_t_block.html#a090236dac85527e386c7a8d509a07116',1,'pesieve::IATBlock']]],
-  ['isinpeb_140',['isInPEB',['../classpesieve_1_1_headers_scan_report.html#aebdeeae678d69ca403aa6b16e4d08ec0',1,'pesieve::HeadersScanReport']]],
-  ['islongmodifier_141',['isLongModifier',['../classpesieve_1_1_patch_analyzer.html#ab001e027c9dba6e06ff4c6b06996455e',1,'pesieve::PatchAnalyzer']]],
-  ['ismanaged_142',['isManaged',['../classpesieve_1_1_process_scan_report.html#a69437e618cbea7083a39c78f6391ef24',1,'pesieve::ProcessScanReport']]],
-  ['ismanagedprocess_143',['isManagedProcess',['../classpesieve_1_1_process_scan_report.html#a20f7307ba415bb75748eff0d9d60930f',1,'pesieve::ProcessScanReport']]],
-  ['ismatched_144',['isMatched',['../classpesieve_1_1_rule_matcher.html#ae15f8e5d971163e6156b858f50ff0b4d',1,'pesieve::RuleMatcher']]],
-  ['ismatching_145',['isMatching',['../classpesieve_1_1_rule_matcher.html#a14f2cd3fb316465b0f5f9d770312aaeb',1,'pesieve::RuleMatcher']]],
-  ['ismodule64bit_146',['isModule64bit',['../classpesieve_1_1_patch_analyzer.html#a7e6ec6e872a4854c22134fa65c39d136',1,'pesieve::PatchAnalyzer']]],
-  ['ismoduleinpeblist_147',['isModuleInPEBList',['../classpesieve_1_1_module_data.html#a16a3fa21a9c517e2d69b080fb9544773',1,'pesieve::ModuleData']]],
-  ['ismodulereplaced_148',['isModuleReplaced',['../classpesieve_1_1_process_scan_report.html#a3c12c6b6913421538450af514b67a641',1,'pesieve::ProcessScanReport']]],
-  ['ismzpefound_149',['isMzPeFound',['../classpesieve_1_1_pe_artefacts.html#a96aa7a9827fffeaad69a5c7bb7334534',1,'pesieve::PeArtefacts::isMzPeFound'],['../classpesieve_1_1_artefact_scanner_1_1_artefacts_mapping.html#a66e0b7bd90ffce6274c4c278816d0750',1,'pesieve::ArtefactScanner::ArtefactsMapping::isMzPeFound']]],
-  ['ispebconnected_150',['isPEBConnected',['../classpesieve_1_1_module_data.html#a4c6bdfac3eeef79c206e3f959ea0519b',1,'pesieve::ModuleData']]],
-  ['ispotentiallyexecutable_151',['isPotentiallyExecutable',['../classpesieve_1_1_working_set_scanner.html#a1ceb025397c65bc550c7fbad5b74ac38',1,'pesieve::WorkingSetScanner']]],
-  ['isprocess64bit_152',['isProcess64bit',['../classpesieve_1_1_artefact_scanner.html#a39a2da104ed77f5bb62f30521ef41f92',1,'pesieve::ArtefactScanner']]],
-  ['isready_153',['isReady',['../classpesieve_1_1_pattern_matcher.html#afa900e521f8021190efd3cd7840c051f',1,'pesieve::PatternMatcher::isReady()'],['../structpesieve_1_1_syscall_table.html#a88e2aaa8bdf47d29d611c198a49bcf97',1,'pesieve::SyscallTable::isReady()']]],
-  ['isrealmapping_154',['isRealMapping',['../classpesieve_1_1_mem_page_data.html#ab431925c7d4bd5c61c377a4995f8169a',1,'pesieve::MemPageData']]],
-  ['isrefl_155',['isRefl',['../classpesieve_1_1_pe_buffer.html#aa0c0b360dfa543106539d573e3abd86d',1,'pesieve::PeBuffer::isRefl'],['../classpesieve_1_1_mem_page_data.html#a97f1d9da9fd37db4b847aa89e7170901',1,'pesieve::MemPageData::isRefl()']]],
-  ['isreflection_156',['isReflection',['../classpesieve_1_1_remote_module_data.html#ae569cea9480c24784e2831e16a18dc87',1,'pesieve::RemoteModuleData::isReflection'],['../structpesieve_1_1__process__details.html#a6198a4f50d86dcc0b2a1b2242205cf72',1,'pesieve::_process_details::isReflection'],['../classpesieve_1_1_process_scan_report.html#a13cb114f188c2d84d9d1682a302539e1',1,'pesieve::ProcessScanReport::isReflection'],['../classpesieve_1_1_process_scanner.html#a2b64b6548b346669f8de4907dca24041',1,'pesieve::ProcessScanner::isReflection'],['../classpesieve_1_1_thread_scanner.html#a121637d2eb96737a16a8bd43d5017d2a',1,'pesieve::ThreadScanner::isReflection']]],
-  ['isreportdumped_157',['isReportDumped',['../classpesieve_1_1_module_dump_report.html#ac28ccaf7ec4d2d63019c04fda207a99c',1,'pesieve::ModuleDumpReport']]],
-  ['issamesyscallfunc_158',['isSameSyscallFunc',['../structpesieve_1_1_syscall_table.html#a14a36e5a99adfc3322ab8f2b96d1faf2',1,'pesieve::SyscallTable']]],
-  ['isscannedasmodule_159',['isScannedAsModule',['../classpesieve_1_1_working_set_scanner.html#a98fe3023305ff14521c6d7098873fce4',1,'pesieve::WorkingSetScanner']]],
-  ['issectionentry_160',['isSectionEntry',['../classpesieve_1_1_remote_module_data.html#ad9f27c0872806491dbcb729d27e04bce',1,'pesieve::RemoteModuleData']]],
-  ['issectionexecutable_161',['isSectionExecutable',['../classpesieve_1_1_remote_module_data.html#a98f87651ef4162967b54bb662bd8e0b7',1,'pesieve::RemoteModuleData']]],
-  ['issuspicious_162',['isSuspicious',['../classpesieve_1_1_scanned_module.html#a107e7818470321b79edd89bae3940a93',1,'pesieve::ScannedModule']]],
-  ['issyscallfunc_163',['isSyscallFunc',['../namespacepesieve_1_1util.html#a1f7e69ed521ed2a4d2c4887a4c4a7323',1,'pesieve::util']]],
-  ['istargetsuspicious_164',['isTargetSuspicious',['../classpesieve_1_1_patch_list_1_1_patch.html#ac6ce416e0c43e1d33fcab1dfe51e2aae',1,'pesieve::PatchList::Patch']]],
-  ['isterminated_165',['isTerminated',['../classpesieve_1_1_i_a_t_block.html#af4886702574e1d355616fe4b62ef45b6',1,'pesieve::IATBlock']]],
-  ['isvalid_166',['isValid',['../classpesieve_1_1_i_a_t_block.html#a51f4f94343508d1acc169ef1b1fcb617',1,'pesieve::IATBlock']]],
-  ['isvalidpe_167',['isValidPe',['../classpesieve_1_1_pe_buffer.html#a314ac1c88e3eb95becd89ae75c92b67f',1,'pesieve::PeBuffer']]],
-  ['isvalidptr_168',['isValidPtr',['../structpesieve_1_1util_1_1_byte_buffer.html#a7a2f937740d14222bbaf70bb28865fe9',1,'pesieve::util::ByteBuffer']]]
+  ['is_5fcurrent_5fwow64_81',['is_current_wow64',['../namespacepesieve_1_1util.html#a8d7eb7eb1b3e3c05251341d0c14d82be',1,'pesieve::util']]],
+  ['is_5fdec_82',['is_dec',['../namespacepesieve_1_1util.html#ae57bc6f959f2d79411087e1b8d3600f7',1,'pesieve::util']]],
+  ['is_5fdep_5fenabled_83',['is_DEP_enabled',['../namespacepesieve_1_1util.html#a4e03a2c1c527e0f0b4063f8ac12ff22d',1,'pesieve::util']]],
+  ['is_5fdevice_5fpath_84',['is_device_path',['../path__converter_8cpp.html#aa38e814828efe4c9d588eb4529ed5b1c',1,'path_converter.cpp']]],
+  ['is_5fdisk_5frelative_85',['is_disk_relative',['../namespacepesieve_1_1util.html#aa402c13598449f9a1f47efb72df8f62f',1,'pesieve::util']]],
+  ['is_5fdot_5fnet_86',['is_dot_net',['../classpesieve_1_1_module_data.html#a7f242e23b293e9741c8b4821a5df9dc4',1,'pesieve::ModuleData']]],
+  ['is_5fendline_87',['IS_ENDLINE',['../strings__util_8h.html#a08090b46d9133e90e2a8f0d326895b09',1,'strings_util.h']]],
+  ['is_5fexecutable_88',['is_executable',['../classpesieve_1_1_working_set_scan_report.html#aa036516e8290539cbb74245285805754',1,'pesieve::WorkingSetScanReport::is_executable'],['../namespacepesieve_1_1util.html#ab5a500e51ff539294a3c71f6b95aa65b',1,'pesieve::util::is_executable()']]],
+  ['is_5fextended_89',['is_extended',['../structpesieve_1_1util_1_1__thread__info.html#a8ec77c6fa5aa1dc71802d52afdc37386',1,'pesieve::util::_thread_info']]],
+  ['is_5fhex_90',['is_hex',['../namespacepesieve_1_1util.html#a23447c87ce0d32d372ca0c4e3bc6e39b',1,'pesieve::util']]],
+  ['is_5fin_5flist_91',['is_in_list',['../namespacepesieve_1_1util.html#a980992e8baccca3371865922e85925be',1,'pesieve::util']]],
+  ['is_5finfo_5ffilled_92',['is_info_filled',['../classpesieve_1_1_mem_page_data.html#aad1e7a796768c408b43162a2ec230904',1,'pesieve::MemPageData']]],
+  ['is_5flisted_5fmodule_93',['is_listed_module',['../classpesieve_1_1_mem_page_data.html#adc986006810f6248a2d7e6e568ada735',1,'pesieve::MemPageData::is_listed_module'],['../classpesieve_1_1_working_set_scan_report.html#a9167635c76bcba07d274133c8af95f17',1,'pesieve::WorkingSetScanReport::is_listed_module']]],
+  ['is_5fmanaged_94',['is_managed',['../structreport.html#ac67fcb03e111ef23c331793ba07902f5',1,'report::is_managed'],['../structpesieve_1_1__ctx__details.html#a8add5038bb0b71c10646482ba2bbcaaa',1,'pesieve::_ctx_details::is_managed']]],
+  ['is_5fmodule_5fnamed_95',['is_module_named',['../classpesieve_1_1_module_data.html#abe700fd542ce7c24cfe82028e1c49961',1,'pesieve::ModuleData']]],
+  ['is_5fnormal_5finaccessible_96',['is_normal_inaccessible',['../namespacepesieve_1_1util.html#a9bc0e707ae1cceda1678bc269f2870ea',1,'pesieve::util']]],
+  ['is_5fnumber_97',['is_number',['../namespacepesieve_1_1util.html#a282125458b003e9ab800b24552bd7242',1,'pesieve::util']]],
+  ['is_5fok_98',['is_ok',['../struct__t__stack__enum__params.html#a61d74c02774139f2cccf850af389735c',1,'_t_stack_enum_params::is_ok'],['../structpesieve_1_1util_1_1t__refl__args.html#a5bfa172f10a03190cb3dadf2e6ff623e',1,'pesieve::util::t_refl_args::is_ok']]],
+  ['is_5fprintable_99',['IS_PRINTABLE',['../strings__util_8h.html#a1a739e1f368dc1b3b122572eec3d12ab',1,'strings_util.h']]],
+  ['is_5fprivate_100',['is_private',['../classpesieve_1_1_mem_page_data.html#acccbcee56b0c039264705e102bce814d',1,'pesieve::MemPageData']]],
+  ['is_5fprocess_5f64bit_101',['is_process_64bit',['../namespacepesieve_1_1util.html#a015be6a0937814caf43586043817d922',1,'pesieve::util']]],
+  ['is_5fprocess_5frefl_102',['is_process_refl',['../classpesieve_1_1_mem_page_data.html#a4baeb4ff99b47933d66f057745b43541',1,'pesieve::MemPageData']]],
+  ['is_5fprocess_5fwow64_103',['is_process_wow64',['../namespacepesieve_1_1util.html#a43b6faf00b6a97279f2d67f4a3fd2513',1,'pesieve::util']]],
+  ['is_5freadable_104',['is_readable',['../namespacepesieve_1_1util.html#a57e9c1266c247784669f5ea0191e086d',1,'pesieve::util']]],
+  ['is_5freflection_105',['is_reflection',['../structreport.html#a31eeb7f48250fc3d175bcf9684634fb8',1,'report']]],
+  ['is_5frelative_106',['is_relative',['../namespacepesieve_1_1util.html#a970337282940a37076a16db56183c03d',1,'pesieve::util']]],
+  ['is_5fret_5fas_5fsyscall_107',['is_ret_as_syscall',['../structpesieve_1_1__ctx__details.html#af71831469a0fe507c8b6e2256dae681e',1,'pesieve::_ctx_details']]],
+  ['is_5fret_5fin_5fframe_108',['is_ret_in_frame',['../structpesieve_1_1__ctx__details.html#a236ccadbe7548913e6186651b56f1636',1,'pesieve::_ctx_details']]],
+  ['is_5frunning_109',['is_running',['../namespacepesieve.html#a5de73d5ffa8f7073fdf5fd6b7c6deea5',1,'pesieve']]],
+  ['is_5fscanner_5fcompatible_110',['is_scanner_compatible',['../namespacepesieve.html#ab939d4edad1446e418ec8fb4d33cb137',1,'pesieve']]],
+  ['is_5fshellcode_111',['is_shellcode',['../classpesieve_1_1_module_dump_report.html#a9cdd70712964e083c4c0f6257336d48d',1,'pesieve::ModuleDumpReport']]],
+  ['is_5fshown_5ftype_112',['is_shown_type',['../namespacepesieve.html#acbbeace832fb77bc16027b0371cf55d9',1,'pesieve']]],
+  ['is_5fthread_5frunning_113',['is_thread_running',['../namespacepesieve.html#a7c9c19e3f0ce1362c7e404893a1163f6',1,'pesieve']]],
+  ['is_5fvalid_5ffile_5fhdr_114',['is_valid_file_hdr',['../namespacepesieve.html#a18e59ce96d19eab91937d55a85d40d3a',1,'pesieve']]],
+  ['is_5fvalid_5fimport_5fdescriptor_115',['is_valid_import_descriptor',['../namespacepesieve.html#af856350491a23b4fba1aabf0ffb5ecdb',1,'pesieve']]],
+  ['is_5fvalid_5fsection_116',['is_valid_section',['../namespacepesieve.html#ab6eb75407c454f07ae7910a1d8b7c826',1,'pesieve']]],
+  ['isaddrinshellcode_117',['isAddrInShellcode',['../classpesieve_1_1_thread_scanner.html#a912120f6549a8b27c3e8166ccd2511cf',1,'pesieve::ThreadScanner']]],
+  ['isallprintable_118',['isAllPrintable',['../namespacepesieve_1_1stats.html#a1f38f630a729f596b4cd2b3eebd36fa2',1,'pesieve::stats']]],
+  ['iscacheavailable_119',['isCacheAvailable',['../classpesieve_1_1_modules_cache.html#a7fcdbf7fd47572a9d02c430bbf55697d',1,'pesieve::ModulesCache']]],
+  ['iscode_120',['isCode',['../classpesieve_1_1_pe_buffer.html#a39400f75a56c653e647fd7cb19724d27',1,'pesieve::PeBuffer']]],
+  ['iscontained_121',['isContained',['../classpesieve_1_1_pe_section.html#a98091942ed90ff8157039ff1008cbc25',1,'pesieve::PeSection']]],
+  ['iscoveragecomplete_122',['isCoverageComplete',['../classpesieve_1_1_i_a_t_block.html#a03ce76940ff373f9ed1a5bb56dee7d7a',1,'pesieve::IATBlock']]],
+  ['iscovered_123',['isCovered',['../classpesieve_1_1_i_a_t_thunks_series.html#afa77af01bd49d5428a03227b1d2a2283',1,'pesieve::IATThunksSeries::isCovered()'],['../classpesieve_1_1_i_a_t_block.html#a55cba9be25b9ad8c2b15073b5fb3eb17',1,'pesieve::IATBlock::isCovered()']]],
+  ['isdatacontained_124',['isDataContained',['../structpesieve_1_1util_1_1_byte_buffer.html#ad5659eccb45c518338f2b682b347041b',1,'pesieve::util::ByteBuffer']]],
+  ['isdep_125',['isDEP',['../structpesieve_1_1__process__details.html#a36de3778d1d58ed0112e70c830e98462',1,'pesieve::_process_details::isDEP'],['../classpesieve_1_1_process_scanner.html#a4420dc261297d3b67b487b5f2439a852',1,'pesieve::ProcessScanner::isDEP']]],
+  ['isdirect_126',['isDirect',['../classpesieve_1_1_patch_list_1_1_patch.html#a917c77f6c3480b170239dd0f060d80f4',1,'pesieve::PatchList::Patch']]],
+  ['isdll_127',['isDll',['../classpesieve_1_1_pe_artefacts.html#a11d5032dc934f3415900f90a46db5cbe',1,'pesieve::PeArtefacts']]],
+  ['isdotnet_128',['isDotNet',['../classpesieve_1_1_module_data.html#a669207603953e5ce9ca208a9b4b3636b',1,'pesieve::ModuleData']]],
+  ['isdotnetmanagedcode_129',['isDotNetManagedCode',['../classpesieve_1_1_module_data.html#afd198d7810e60af9584f4fc2fd90e9fa',1,'pesieve::ModuleData']]],
+  ['isdotnetmodule_130',['isDotNetModule',['../classpesieve_1_1_module_scan_report.html#a81a4088afbf84bfa89dd60969527ebca',1,'pesieve::ModuleScanReport']]],
+  ['isdumped_131',['isDumped',['../classpesieve_1_1_module_dump_report.html#a111e084a95143aeeeb7bdfae1408eb75',1,'pesieve::ModuleDumpReport']]],
+  ['isexecutable_132',['isExecutable',['../classpesieve_1_1_working_set_scanner.html#ac66d70d22a149e709998b4cf68b40ad1',1,'pesieve::WorkingSetScanner']]],
+  ['isfilled_133',['isFilled',['../classpesieve_1_1_process_dump_report.html#ab5df52d208711d1ae9c2084d459c9211',1,'pesieve::ProcessDumpReport::isFilled()'],['../classpesieve_1_1_pe_buffer.html#a2d59396064feb956755694ddb6b4df07',1,'pesieve::PeBuffer::isFilled()'],['../structpesieve_1_1_multi_stats_settings.html#aa6d2351e57b5cdb71e63e9985a83fb13',1,'pesieve::MultiStatsSettings::isFilled()'],['../classpesieve_1_1_area_multi_stats.html#a211c3964f9d24a9d31673e2581e4b632',1,'pesieve::AreaMultiStats::isFilled()'],['../structpesieve_1_1_stats_settings.html#a4754111ab8c574eaf58d73fe0b2e7422',1,'pesieve::StatsSettings::isFilled()'],['../classpesieve_1_1_area_stats.html#a3005dfc8cd36c15290a724a29ee09a63',1,'pesieve::AreaStats::isFilled()'],['../structpesieve_1_1util_1_1_basic_buffer.html#a62c880c7daca719d983e9fc638518fca',1,'pesieve::util::BasicBuffer::isFilled()']]],
+  ['isfullimageloaded_134',['isFullImageLoaded',['../classpesieve_1_1_remote_module_data.html#a1bbfb7e3bcb6136909a1cf812da2a955',1,'pesieve::RemoteModuleData']]],
+  ['ishdrreplaced_135',['isHdrReplaced',['../classpesieve_1_1_headers_scan_report.html#af04c1c2f3d532acf4bd980f23422f134',1,'pesieve::HeadersScanReport']]],
+  ['isinfofilled_136',['isInfoFilled',['../classpesieve_1_1_mem_page_data.html#a92b303ba4c9abaffa472a57bb943bec9',1,'pesieve::MemPageData']]],
+  ['isinit_137',['isInit',['../class_process_symbols_manager.html#a4c2130eb0673ab159d260c63d56aee23',1,'ProcessSymbolsManager']]],
+  ['isinitialized_138',['IsInitialized',['../class_process_symbols_manager.html#ad6b1d880d0b5ae9618c8ac5452823704',1,'ProcessSymbolsManager']]],
+  ['isinitialized_139',['isInitialized',['../classpesieve_1_1_module_data.html#aa3717faf0b70606705752321f8efe254',1,'pesieve::ModuleData::isInitialized()'],['../classpesieve_1_1_remote_module_data.html#a10f74dddd152a0895545bd68268da7ff',1,'pesieve::RemoteModuleData::isInitialized()'],['../classpesieve_1_1_pe_section.html#a6ab5831f0e1542427793f151f2746f78',1,'pesieve::PeSection::isInitialized()']]],
+  ['isinmain_140',['isInMain',['../classpesieve_1_1_i_a_t_block.html#a090236dac85527e386c7a8d509a07116',1,'pesieve::IATBlock']]],
+  ['isinpeb_141',['isInPEB',['../classpesieve_1_1_headers_scan_report.html#aebdeeae678d69ca403aa6b16e4d08ec0',1,'pesieve::HeadersScanReport']]],
+  ['islongmodifier_142',['isLongModifier',['../classpesieve_1_1_patch_analyzer.html#ab001e027c9dba6e06ff4c6b06996455e',1,'pesieve::PatchAnalyzer']]],
+  ['ismanaged_143',['isManaged',['../classpesieve_1_1_process_scan_report.html#a69437e618cbea7083a39c78f6391ef24',1,'pesieve::ProcessScanReport']]],
+  ['ismanagedprocess_144',['isManagedProcess',['../classpesieve_1_1_process_scan_report.html#a20f7307ba415bb75748eff0d9d60930f',1,'pesieve::ProcessScanReport']]],
+  ['ismatched_145',['isMatched',['../classpesieve_1_1_rule_matcher.html#ae15f8e5d971163e6156b858f50ff0b4d',1,'pesieve::RuleMatcher']]],
+  ['ismatching_146',['isMatching',['../classpesieve_1_1_rule_matcher.html#a14f2cd3fb316465b0f5f9d770312aaeb',1,'pesieve::RuleMatcher']]],
+  ['ismodule64bit_147',['isModule64bit',['../classpesieve_1_1_patch_analyzer.html#a7e6ec6e872a4854c22134fa65c39d136',1,'pesieve::PatchAnalyzer']]],
+  ['ismoduleinpeblist_148',['isModuleInPEBList',['../classpesieve_1_1_module_data.html#a16a3fa21a9c517e2d69b080fb9544773',1,'pesieve::ModuleData']]],
+  ['ismodulereplaced_149',['isModuleReplaced',['../classpesieve_1_1_process_scan_report.html#a3c12c6b6913421538450af514b67a641',1,'pesieve::ProcessScanReport']]],
+  ['ismzpefound_150',['isMzPeFound',['../classpesieve_1_1_pe_artefacts.html#a96aa7a9827fffeaad69a5c7bb7334534',1,'pesieve::PeArtefacts::isMzPeFound'],['../classpesieve_1_1_artefact_scanner_1_1_artefacts_mapping.html#a66e0b7bd90ffce6274c4c278816d0750',1,'pesieve::ArtefactScanner::ArtefactsMapping::isMzPeFound']]],
+  ['ispebconnected_151',['isPEBConnected',['../classpesieve_1_1_module_data.html#a4c6bdfac3eeef79c206e3f959ea0519b',1,'pesieve::ModuleData']]],
+  ['ispotentiallyexecutable_152',['isPotentiallyExecutable',['../classpesieve_1_1_working_set_scanner.html#a1ceb025397c65bc550c7fbad5b74ac38',1,'pesieve::WorkingSetScanner']]],
+  ['isprocess64bit_153',['isProcess64bit',['../classpesieve_1_1_artefact_scanner.html#a39a2da104ed77f5bb62f30521ef41f92',1,'pesieve::ArtefactScanner']]],
+  ['isready_154',['isReady',['../classpesieve_1_1_pattern_matcher.html#afa900e521f8021190efd3cd7840c051f',1,'pesieve::PatternMatcher::isReady()'],['../structpesieve_1_1_syscall_table.html#a88e2aaa8bdf47d29d611c198a49bcf97',1,'pesieve::SyscallTable::isReady()']]],
+  ['isrealmapping_155',['isRealMapping',['../classpesieve_1_1_mem_page_data.html#ab431925c7d4bd5c61c377a4995f8169a',1,'pesieve::MemPageData']]],
+  ['isrefl_156',['isRefl',['../classpesieve_1_1_pe_buffer.html#aa0c0b360dfa543106539d573e3abd86d',1,'pesieve::PeBuffer::isRefl'],['../classpesieve_1_1_mem_page_data.html#a97f1d9da9fd37db4b847aa89e7170901',1,'pesieve::MemPageData::isRefl()']]],
+  ['isreflection_157',['isReflection',['../classpesieve_1_1_remote_module_data.html#ae569cea9480c24784e2831e16a18dc87',1,'pesieve::RemoteModuleData::isReflection'],['../structpesieve_1_1__process__details.html#a6198a4f50d86dcc0b2a1b2242205cf72',1,'pesieve::_process_details::isReflection'],['../classpesieve_1_1_process_scan_report.html#a13cb114f188c2d84d9d1682a302539e1',1,'pesieve::ProcessScanReport::isReflection'],['../classpesieve_1_1_process_scanner.html#a2b64b6548b346669f8de4907dca24041',1,'pesieve::ProcessScanner::isReflection'],['../classpesieve_1_1_thread_scanner.html#a121637d2eb96737a16a8bd43d5017d2a',1,'pesieve::ThreadScanner::isReflection']]],
+  ['isreportdumped_158',['isReportDumped',['../classpesieve_1_1_module_dump_report.html#ac28ccaf7ec4d2d63019c04fda207a99c',1,'pesieve::ModuleDumpReport']]],
+  ['issamesyscallfunc_159',['isSameSyscallFunc',['../structpesieve_1_1_syscall_table.html#a14a36e5a99adfc3322ab8f2b96d1faf2',1,'pesieve::SyscallTable']]],
+  ['isscannedasmodule_160',['isScannedAsModule',['../classpesieve_1_1_working_set_scanner.html#a98fe3023305ff14521c6d7098873fce4',1,'pesieve::WorkingSetScanner']]],
+  ['issectionentry_161',['isSectionEntry',['../classpesieve_1_1_remote_module_data.html#ad9f27c0872806491dbcb729d27e04bce',1,'pesieve::RemoteModuleData']]],
+  ['issectionexecutable_162',['isSectionExecutable',['../classpesieve_1_1_remote_module_data.html#a98f87651ef4162967b54bb662bd8e0b7',1,'pesieve::RemoteModuleData']]],
+  ['issuspicious_163',['isSuspicious',['../classpesieve_1_1_scanned_module.html#a107e7818470321b79edd89bae3940a93',1,'pesieve::ScannedModule']]],
+  ['issyscallfunc_164',['isSyscallFunc',['../namespacepesieve_1_1util.html#a1f7e69ed521ed2a4d2c4887a4c4a7323',1,'pesieve::util']]],
+  ['istargetsuspicious_165',['isTargetSuspicious',['../classpesieve_1_1_patch_list_1_1_patch.html#ac6ce416e0c43e1d33fcab1dfe51e2aae',1,'pesieve::PatchList::Patch']]],
+  ['isterminated_166',['isTerminated',['../classpesieve_1_1_i_a_t_block.html#af4886702574e1d355616fe4b62ef45b6',1,'pesieve::IATBlock']]],
+  ['isvalid_167',['isValid',['../classpesieve_1_1_i_a_t_block.html#a51f4f94343508d1acc169ef1b1fcb617',1,'pesieve::IATBlock']]],
+  ['isvalidpe_168',['isValidPe',['../classpesieve_1_1_pe_buffer.html#a314ac1c88e3eb95becd89ae75c92b67f',1,'pesieve::PeBuffer']]],
+  ['isvalidptr_169',['isValidPtr',['../structpesieve_1_1util_1_1_byte_buffer.html#a7a2f937740d14222bbaf70bb28865fe9',1,'pesieve::util::ByteBuffer']]]
 ];
diff --git a/search/functions_9.js b/search/functions_9.js
index 7323d9f83..9727362d3 100644
--- a/search/functions_9.js
+++ b/search/functions_9.js
@@ -24,59 +24,60 @@ var searchData=
   ['is_5fby_5fstats_21',['is_by_stats',['../namespacepesieve.html#aee245dc4878b8329cc82d3e93ce843e1',1,'pesieve']]],
   ['is_5fcode_22',['is_code',['../namespacepesieve_1_1util.html#aad87136e3b6e94f105074093a97970c5',1,'pesieve::util']]],
   ['is_5fcstr_5fequal_23',['is_cstr_equal',['../namespacepesieve_1_1util.html#a6211673ea221530eb4472658fdab12a6',1,'pesieve::util']]],
-  ['is_5fdec_24',['is_dec',['../namespacepesieve_1_1util.html#ae57bc6f959f2d79411087e1b8d3600f7',1,'pesieve::util']]],
-  ['is_5fdep_5fenabled_25',['is_DEP_enabled',['../namespacepesieve_1_1util.html#a4e03a2c1c527e0f0b4063f8ac12ff22d',1,'pesieve::util']]],
-  ['is_5fdevice_5fpath_26',['is_device_path',['../path__converter_8cpp.html#aa38e814828efe4c9d588eb4529ed5b1c',1,'path_converter.cpp']]],
-  ['is_5fdisk_5frelative_27',['is_disk_relative',['../namespacepesieve_1_1util.html#aa402c13598449f9a1f47efb72df8f62f',1,'pesieve::util']]],
-  ['is_5fexecutable_28',['is_executable',['../namespacepesieve_1_1util.html#ab5a500e51ff539294a3c71f6b95aa65b',1,'pesieve::util']]],
-  ['is_5fhex_29',['is_hex',['../namespacepesieve_1_1util.html#a23447c87ce0d32d372ca0c4e3bc6e39b',1,'pesieve::util']]],
-  ['is_5fin_5flist_30',['is_in_list',['../namespacepesieve_1_1util.html#a980992e8baccca3371865922e85925be',1,'pesieve::util']]],
-  ['is_5fnormal_5finaccessible_31',['is_normal_inaccessible',['../namespacepesieve_1_1util.html#a9bc0e707ae1cceda1678bc269f2870ea',1,'pesieve::util']]],
-  ['is_5fnumber_32',['is_number',['../namespacepesieve_1_1util.html#a282125458b003e9ab800b24552bd7242',1,'pesieve::util']]],
-  ['is_5fprocess_5f64bit_33',['is_process_64bit',['../namespacepesieve_1_1util.html#a015be6a0937814caf43586043817d922',1,'pesieve::util']]],
-  ['is_5fprocess_5fwow64_34',['is_process_wow64',['../namespacepesieve_1_1util.html#a43b6faf00b6a97279f2d67f4a3fd2513',1,'pesieve::util']]],
-  ['is_5freadable_35',['is_readable',['../namespacepesieve_1_1util.html#a57e9c1266c247784669f5ea0191e086d',1,'pesieve::util']]],
-  ['is_5frelative_36',['is_relative',['../namespacepesieve_1_1util.html#a970337282940a37076a16db56183c03d',1,'pesieve::util']]],
-  ['is_5frunning_37',['is_running',['../namespacepesieve.html#a5de73d5ffa8f7073fdf5fd6b7c6deea5',1,'pesieve']]],
-  ['is_5fscanner_5fcompatible_38',['is_scanner_compatible',['../namespacepesieve.html#ab939d4edad1446e418ec8fb4d33cb137',1,'pesieve']]],
-  ['is_5fshown_5ftype_39',['is_shown_type',['../namespacepesieve.html#acbbeace832fb77bc16027b0371cf55d9',1,'pesieve']]],
-  ['is_5fthread_5frunning_40',['is_thread_running',['../namespacepesieve.html#a7c9c19e3f0ce1362c7e404893a1163f6',1,'pesieve']]],
-  ['is_5fvalid_5ffile_5fhdr_41',['is_valid_file_hdr',['../namespacepesieve.html#a18e59ce96d19eab91937d55a85d40d3a',1,'pesieve']]],
-  ['is_5fvalid_5fimport_5fdescriptor_42',['is_valid_import_descriptor',['../namespacepesieve.html#af856350491a23b4fba1aabf0ffb5ecdb',1,'pesieve']]],
-  ['is_5fvalid_5fsection_43',['is_valid_section',['../namespacepesieve.html#ab6eb75407c454f07ae7910a1d8b7c826',1,'pesieve']]],
-  ['isaddrinshellcode_44',['isAddrInShellcode',['../classpesieve_1_1_thread_scanner.html#a912120f6549a8b27c3e8166ccd2511cf',1,'pesieve::ThreadScanner']]],
-  ['isallprintable_45',['isAllPrintable',['../namespacepesieve_1_1stats.html#a1f38f630a729f596b4cd2b3eebd36fa2',1,'pesieve::stats']]],
-  ['iscacheavailable_46',['isCacheAvailable',['../classpesieve_1_1_modules_cache.html#a7fcdbf7fd47572a9d02c430bbf55697d',1,'pesieve::ModulesCache']]],
-  ['iscode_47',['isCode',['../classpesieve_1_1_pe_buffer.html#a39400f75a56c653e647fd7cb19724d27',1,'pesieve::PeBuffer']]],
-  ['iscontained_48',['isContained',['../classpesieve_1_1_pe_section.html#a98091942ed90ff8157039ff1008cbc25',1,'pesieve::PeSection']]],
-  ['iscovered_49',['isCovered',['../classpesieve_1_1_i_a_t_thunks_series.html#afa77af01bd49d5428a03227b1d2a2283',1,'pesieve::IATThunksSeries::isCovered()'],['../classpesieve_1_1_i_a_t_block.html#a55cba9be25b9ad8c2b15073b5fb3eb17',1,'pesieve::IATBlock::isCovered()']]],
-  ['isdatacontained_50',['isDataContained',['../structpesieve_1_1util_1_1_byte_buffer.html#ad5659eccb45c518338f2b682b347041b',1,'pesieve::util::ByteBuffer']]],
-  ['isdotnet_51',['isDotNet',['../classpesieve_1_1_module_data.html#a669207603953e5ce9ca208a9b4b3636b',1,'pesieve::ModuleData']]],
-  ['isdotnetmanagedcode_52',['isDotNetManagedCode',['../classpesieve_1_1_module_data.html#afd198d7810e60af9584f4fc2fd90e9fa',1,'pesieve::ModuleData']]],
-  ['isexecutable_53',['isExecutable',['../classpesieve_1_1_working_set_scanner.html#ac66d70d22a149e709998b4cf68b40ad1',1,'pesieve::WorkingSetScanner']]],
-  ['isfilled_54',['isFilled',['../classpesieve_1_1_process_dump_report.html#ab5df52d208711d1ae9c2084d459c9211',1,'pesieve::ProcessDumpReport::isFilled()'],['../classpesieve_1_1_pe_buffer.html#a2d59396064feb956755694ddb6b4df07',1,'pesieve::PeBuffer::isFilled()'],['../structpesieve_1_1_multi_stats_settings.html#aa6d2351e57b5cdb71e63e9985a83fb13',1,'pesieve::MultiStatsSettings::isFilled()'],['../classpesieve_1_1_area_multi_stats.html#a211c3964f9d24a9d31673e2581e4b632',1,'pesieve::AreaMultiStats::isFilled()'],['../structpesieve_1_1_stats_settings.html#a4754111ab8c574eaf58d73fe0b2e7422',1,'pesieve::StatsSettings::isFilled()'],['../classpesieve_1_1_area_stats.html#a3005dfc8cd36c15290a724a29ee09a63',1,'pesieve::AreaStats::isFilled()'],['../structpesieve_1_1util_1_1_basic_buffer.html#a62c880c7daca719d983e9fc638518fca',1,'pesieve::util::BasicBuffer::isFilled()']]],
-  ['isfullimageloaded_55',['isFullImageLoaded',['../classpesieve_1_1_remote_module_data.html#a1bbfb7e3bcb6136909a1cf812da2a955',1,'pesieve::RemoteModuleData']]],
-  ['ishdrreplaced_56',['isHdrReplaced',['../classpesieve_1_1_headers_scan_report.html#af04c1c2f3d532acf4bd980f23422f134',1,'pesieve::HeadersScanReport']]],
-  ['isinfofilled_57',['isInfoFilled',['../classpesieve_1_1_mem_page_data.html#a92b303ba4c9abaffa472a57bb943bec9',1,'pesieve::MemPageData']]],
-  ['isinitialized_58',['IsInitialized',['../class_process_symbols_manager.html#ad6b1d880d0b5ae9618c8ac5452823704',1,'ProcessSymbolsManager']]],
-  ['isinitialized_59',['isInitialized',['../classpesieve_1_1_module_data.html#aa3717faf0b70606705752321f8efe254',1,'pesieve::ModuleData::isInitialized()'],['../classpesieve_1_1_remote_module_data.html#a10f74dddd152a0895545bd68268da7ff',1,'pesieve::RemoteModuleData::isInitialized()'],['../classpesieve_1_1_pe_section.html#a6ab5831f0e1542427793f151f2746f78',1,'pesieve::PeSection::isInitialized()']]],
-  ['islongmodifier_60',['isLongModifier',['../classpesieve_1_1_patch_analyzer.html#ab001e027c9dba6e06ff4c6b06996455e',1,'pesieve::PatchAnalyzer']]],
-  ['ismanagedprocess_61',['isManagedProcess',['../classpesieve_1_1_process_scan_report.html#a20f7307ba415bb75748eff0d9d60930f',1,'pesieve::ProcessScanReport']]],
-  ['ismatched_62',['isMatched',['../classpesieve_1_1_rule_matcher.html#ae15f8e5d971163e6156b858f50ff0b4d',1,'pesieve::RuleMatcher']]],
-  ['ismatching_63',['isMatching',['../classpesieve_1_1_rule_matcher.html#a14f2cd3fb316465b0f5f9d770312aaeb',1,'pesieve::RuleMatcher']]],
-  ['ismoduleinpeblist_64',['isModuleInPEBList',['../classpesieve_1_1_module_data.html#a16a3fa21a9c517e2d69b080fb9544773',1,'pesieve::ModuleData']]],
-  ['ismodulereplaced_65',['isModuleReplaced',['../classpesieve_1_1_process_scan_report.html#a3c12c6b6913421538450af514b67a641',1,'pesieve::ProcessScanReport']]],
-  ['ispotentiallyexecutable_66',['isPotentiallyExecutable',['../classpesieve_1_1_working_set_scanner.html#a1ceb025397c65bc550c7fbad5b74ac38',1,'pesieve::WorkingSetScanner']]],
-  ['isready_67',['isReady',['../classpesieve_1_1_pattern_matcher.html#afa900e521f8021190efd3cd7840c051f',1,'pesieve::PatternMatcher::isReady()'],['../structpesieve_1_1_syscall_table.html#a88e2aaa8bdf47d29d611c198a49bcf97',1,'pesieve::SyscallTable::isReady()']]],
-  ['isrealmapping_68',['isRealMapping',['../classpesieve_1_1_mem_page_data.html#ab431925c7d4bd5c61c377a4995f8169a',1,'pesieve::MemPageData']]],
-  ['isrefl_69',['isRefl',['../classpesieve_1_1_mem_page_data.html#a97f1d9da9fd37db4b847aa89e7170901',1,'pesieve::MemPageData']]],
-  ['issamesyscallfunc_70',['isSameSyscallFunc',['../structpesieve_1_1_syscall_table.html#a14a36e5a99adfc3322ab8f2b96d1faf2',1,'pesieve::SyscallTable']]],
-  ['isscannedasmodule_71',['isScannedAsModule',['../classpesieve_1_1_working_set_scanner.html#a98fe3023305ff14521c6d7098873fce4',1,'pesieve::WorkingSetScanner']]],
-  ['issectionentry_72',['isSectionEntry',['../classpesieve_1_1_remote_module_data.html#ad9f27c0872806491dbcb729d27e04bce',1,'pesieve::RemoteModuleData']]],
-  ['issectionexecutable_73',['isSectionExecutable',['../classpesieve_1_1_remote_module_data.html#a98f87651ef4162967b54bb662bd8e0b7',1,'pesieve::RemoteModuleData']]],
-  ['issuspicious_74',['isSuspicious',['../classpesieve_1_1_scanned_module.html#a107e7818470321b79edd89bae3940a93',1,'pesieve::ScannedModule']]],
-  ['issyscallfunc_75',['isSyscallFunc',['../namespacepesieve_1_1util.html#a1f7e69ed521ed2a4d2c4887a4c4a7323',1,'pesieve::util']]],
-  ['isvalid_76',['isValid',['../classpesieve_1_1_i_a_t_block.html#a51f4f94343508d1acc169ef1b1fcb617',1,'pesieve::IATBlock']]],
-  ['isvalidpe_77',['isValidPe',['../classpesieve_1_1_pe_buffer.html#a314ac1c88e3eb95becd89ae75c92b67f',1,'pesieve::PeBuffer']]],
-  ['isvalidptr_78',['isValidPtr',['../structpesieve_1_1util_1_1_byte_buffer.html#a7a2f937740d14222bbaf70bb28865fe9',1,'pesieve::util::ByteBuffer']]]
+  ['is_5fcurrent_5fwow64_24',['is_current_wow64',['../namespacepesieve_1_1util.html#a8d7eb7eb1b3e3c05251341d0c14d82be',1,'pesieve::util']]],
+  ['is_5fdec_25',['is_dec',['../namespacepesieve_1_1util.html#ae57bc6f959f2d79411087e1b8d3600f7',1,'pesieve::util']]],
+  ['is_5fdep_5fenabled_26',['is_DEP_enabled',['../namespacepesieve_1_1util.html#a4e03a2c1c527e0f0b4063f8ac12ff22d',1,'pesieve::util']]],
+  ['is_5fdevice_5fpath_27',['is_device_path',['../path__converter_8cpp.html#aa38e814828efe4c9d588eb4529ed5b1c',1,'path_converter.cpp']]],
+  ['is_5fdisk_5frelative_28',['is_disk_relative',['../namespacepesieve_1_1util.html#aa402c13598449f9a1f47efb72df8f62f',1,'pesieve::util']]],
+  ['is_5fexecutable_29',['is_executable',['../namespacepesieve_1_1util.html#ab5a500e51ff539294a3c71f6b95aa65b',1,'pesieve::util']]],
+  ['is_5fhex_30',['is_hex',['../namespacepesieve_1_1util.html#a23447c87ce0d32d372ca0c4e3bc6e39b',1,'pesieve::util']]],
+  ['is_5fin_5flist_31',['is_in_list',['../namespacepesieve_1_1util.html#a980992e8baccca3371865922e85925be',1,'pesieve::util']]],
+  ['is_5fnormal_5finaccessible_32',['is_normal_inaccessible',['../namespacepesieve_1_1util.html#a9bc0e707ae1cceda1678bc269f2870ea',1,'pesieve::util']]],
+  ['is_5fnumber_33',['is_number',['../namespacepesieve_1_1util.html#a282125458b003e9ab800b24552bd7242',1,'pesieve::util']]],
+  ['is_5fprocess_5f64bit_34',['is_process_64bit',['../namespacepesieve_1_1util.html#a015be6a0937814caf43586043817d922',1,'pesieve::util']]],
+  ['is_5fprocess_5fwow64_35',['is_process_wow64',['../namespacepesieve_1_1util.html#a43b6faf00b6a97279f2d67f4a3fd2513',1,'pesieve::util']]],
+  ['is_5freadable_36',['is_readable',['../namespacepesieve_1_1util.html#a57e9c1266c247784669f5ea0191e086d',1,'pesieve::util']]],
+  ['is_5frelative_37',['is_relative',['../namespacepesieve_1_1util.html#a970337282940a37076a16db56183c03d',1,'pesieve::util']]],
+  ['is_5frunning_38',['is_running',['../namespacepesieve.html#a5de73d5ffa8f7073fdf5fd6b7c6deea5',1,'pesieve']]],
+  ['is_5fscanner_5fcompatible_39',['is_scanner_compatible',['../namespacepesieve.html#ab939d4edad1446e418ec8fb4d33cb137',1,'pesieve']]],
+  ['is_5fshown_5ftype_40',['is_shown_type',['../namespacepesieve.html#acbbeace832fb77bc16027b0371cf55d9',1,'pesieve']]],
+  ['is_5fthread_5frunning_41',['is_thread_running',['../namespacepesieve.html#a7c9c19e3f0ce1362c7e404893a1163f6',1,'pesieve']]],
+  ['is_5fvalid_5ffile_5fhdr_42',['is_valid_file_hdr',['../namespacepesieve.html#a18e59ce96d19eab91937d55a85d40d3a',1,'pesieve']]],
+  ['is_5fvalid_5fimport_5fdescriptor_43',['is_valid_import_descriptor',['../namespacepesieve.html#af856350491a23b4fba1aabf0ffb5ecdb',1,'pesieve']]],
+  ['is_5fvalid_5fsection_44',['is_valid_section',['../namespacepesieve.html#ab6eb75407c454f07ae7910a1d8b7c826',1,'pesieve']]],
+  ['isaddrinshellcode_45',['isAddrInShellcode',['../classpesieve_1_1_thread_scanner.html#a912120f6549a8b27c3e8166ccd2511cf',1,'pesieve::ThreadScanner']]],
+  ['isallprintable_46',['isAllPrintable',['../namespacepesieve_1_1stats.html#a1f38f630a729f596b4cd2b3eebd36fa2',1,'pesieve::stats']]],
+  ['iscacheavailable_47',['isCacheAvailable',['../classpesieve_1_1_modules_cache.html#a7fcdbf7fd47572a9d02c430bbf55697d',1,'pesieve::ModulesCache']]],
+  ['iscode_48',['isCode',['../classpesieve_1_1_pe_buffer.html#a39400f75a56c653e647fd7cb19724d27',1,'pesieve::PeBuffer']]],
+  ['iscontained_49',['isContained',['../classpesieve_1_1_pe_section.html#a98091942ed90ff8157039ff1008cbc25',1,'pesieve::PeSection']]],
+  ['iscovered_50',['isCovered',['../classpesieve_1_1_i_a_t_thunks_series.html#afa77af01bd49d5428a03227b1d2a2283',1,'pesieve::IATThunksSeries::isCovered()'],['../classpesieve_1_1_i_a_t_block.html#a55cba9be25b9ad8c2b15073b5fb3eb17',1,'pesieve::IATBlock::isCovered()']]],
+  ['isdatacontained_51',['isDataContained',['../structpesieve_1_1util_1_1_byte_buffer.html#ad5659eccb45c518338f2b682b347041b',1,'pesieve::util::ByteBuffer']]],
+  ['isdotnet_52',['isDotNet',['../classpesieve_1_1_module_data.html#a669207603953e5ce9ca208a9b4b3636b',1,'pesieve::ModuleData']]],
+  ['isdotnetmanagedcode_53',['isDotNetManagedCode',['../classpesieve_1_1_module_data.html#afd198d7810e60af9584f4fc2fd90e9fa',1,'pesieve::ModuleData']]],
+  ['isexecutable_54',['isExecutable',['../classpesieve_1_1_working_set_scanner.html#ac66d70d22a149e709998b4cf68b40ad1',1,'pesieve::WorkingSetScanner']]],
+  ['isfilled_55',['isFilled',['../classpesieve_1_1_process_dump_report.html#ab5df52d208711d1ae9c2084d459c9211',1,'pesieve::ProcessDumpReport::isFilled()'],['../classpesieve_1_1_pe_buffer.html#a2d59396064feb956755694ddb6b4df07',1,'pesieve::PeBuffer::isFilled()'],['../structpesieve_1_1_multi_stats_settings.html#aa6d2351e57b5cdb71e63e9985a83fb13',1,'pesieve::MultiStatsSettings::isFilled()'],['../classpesieve_1_1_area_multi_stats.html#a211c3964f9d24a9d31673e2581e4b632',1,'pesieve::AreaMultiStats::isFilled()'],['../structpesieve_1_1_stats_settings.html#a4754111ab8c574eaf58d73fe0b2e7422',1,'pesieve::StatsSettings::isFilled()'],['../classpesieve_1_1_area_stats.html#a3005dfc8cd36c15290a724a29ee09a63',1,'pesieve::AreaStats::isFilled()'],['../structpesieve_1_1util_1_1_basic_buffer.html#a62c880c7daca719d983e9fc638518fca',1,'pesieve::util::BasicBuffer::isFilled()']]],
+  ['isfullimageloaded_56',['isFullImageLoaded',['../classpesieve_1_1_remote_module_data.html#a1bbfb7e3bcb6136909a1cf812da2a955',1,'pesieve::RemoteModuleData']]],
+  ['ishdrreplaced_57',['isHdrReplaced',['../classpesieve_1_1_headers_scan_report.html#af04c1c2f3d532acf4bd980f23422f134',1,'pesieve::HeadersScanReport']]],
+  ['isinfofilled_58',['isInfoFilled',['../classpesieve_1_1_mem_page_data.html#a92b303ba4c9abaffa472a57bb943bec9',1,'pesieve::MemPageData']]],
+  ['isinitialized_59',['IsInitialized',['../class_process_symbols_manager.html#ad6b1d880d0b5ae9618c8ac5452823704',1,'ProcessSymbolsManager']]],
+  ['isinitialized_60',['isInitialized',['../classpesieve_1_1_module_data.html#aa3717faf0b70606705752321f8efe254',1,'pesieve::ModuleData::isInitialized()'],['../classpesieve_1_1_remote_module_data.html#a10f74dddd152a0895545bd68268da7ff',1,'pesieve::RemoteModuleData::isInitialized()'],['../classpesieve_1_1_pe_section.html#a6ab5831f0e1542427793f151f2746f78',1,'pesieve::PeSection::isInitialized()']]],
+  ['islongmodifier_61',['isLongModifier',['../classpesieve_1_1_patch_analyzer.html#ab001e027c9dba6e06ff4c6b06996455e',1,'pesieve::PatchAnalyzer']]],
+  ['ismanagedprocess_62',['isManagedProcess',['../classpesieve_1_1_process_scan_report.html#a20f7307ba415bb75748eff0d9d60930f',1,'pesieve::ProcessScanReport']]],
+  ['ismatched_63',['isMatched',['../classpesieve_1_1_rule_matcher.html#ae15f8e5d971163e6156b858f50ff0b4d',1,'pesieve::RuleMatcher']]],
+  ['ismatching_64',['isMatching',['../classpesieve_1_1_rule_matcher.html#a14f2cd3fb316465b0f5f9d770312aaeb',1,'pesieve::RuleMatcher']]],
+  ['ismoduleinpeblist_65',['isModuleInPEBList',['../classpesieve_1_1_module_data.html#a16a3fa21a9c517e2d69b080fb9544773',1,'pesieve::ModuleData']]],
+  ['ismodulereplaced_66',['isModuleReplaced',['../classpesieve_1_1_process_scan_report.html#a3c12c6b6913421538450af514b67a641',1,'pesieve::ProcessScanReport']]],
+  ['ispotentiallyexecutable_67',['isPotentiallyExecutable',['../classpesieve_1_1_working_set_scanner.html#a1ceb025397c65bc550c7fbad5b74ac38',1,'pesieve::WorkingSetScanner']]],
+  ['isready_68',['isReady',['../classpesieve_1_1_pattern_matcher.html#afa900e521f8021190efd3cd7840c051f',1,'pesieve::PatternMatcher::isReady()'],['../structpesieve_1_1_syscall_table.html#a88e2aaa8bdf47d29d611c198a49bcf97',1,'pesieve::SyscallTable::isReady()']]],
+  ['isrealmapping_69',['isRealMapping',['../classpesieve_1_1_mem_page_data.html#ab431925c7d4bd5c61c377a4995f8169a',1,'pesieve::MemPageData']]],
+  ['isrefl_70',['isRefl',['../classpesieve_1_1_mem_page_data.html#a97f1d9da9fd37db4b847aa89e7170901',1,'pesieve::MemPageData']]],
+  ['issamesyscallfunc_71',['isSameSyscallFunc',['../structpesieve_1_1_syscall_table.html#a14a36e5a99adfc3322ab8f2b96d1faf2',1,'pesieve::SyscallTable']]],
+  ['isscannedasmodule_72',['isScannedAsModule',['../classpesieve_1_1_working_set_scanner.html#a98fe3023305ff14521c6d7098873fce4',1,'pesieve::WorkingSetScanner']]],
+  ['issectionentry_73',['isSectionEntry',['../classpesieve_1_1_remote_module_data.html#ad9f27c0872806491dbcb729d27e04bce',1,'pesieve::RemoteModuleData']]],
+  ['issectionexecutable_74',['isSectionExecutable',['../classpesieve_1_1_remote_module_data.html#a98f87651ef4162967b54bb662bd8e0b7',1,'pesieve::RemoteModuleData']]],
+  ['issuspicious_75',['isSuspicious',['../classpesieve_1_1_scanned_module.html#a107e7818470321b79edd89bae3940a93',1,'pesieve::ScannedModule']]],
+  ['issyscallfunc_76',['isSyscallFunc',['../namespacepesieve_1_1util.html#a1f7e69ed521ed2a4d2c4887a4c4a7323',1,'pesieve::util']]],
+  ['isvalid_77',['isValid',['../classpesieve_1_1_i_a_t_block.html#a51f4f94343508d1acc169ef1b1fcb617',1,'pesieve::IATBlock']]],
+  ['isvalidpe_78',['isValidPe',['../classpesieve_1_1_pe_buffer.html#a314ac1c88e3eb95becd89ae75c92b67f',1,'pesieve::PeBuffer']]],
+  ['isvalidptr_79',['isValidPtr',['../structpesieve_1_1util_1_1_byte_buffer.html#a7a2f937740d14222bbaf70bb28865fe9',1,'pesieve::util::ByteBuffer']]]
 ];
diff --git a/syscall__extractor_8cpp_source.html b/syscall__extractor_8cpp_source.html
index c53817008..12ea18b68 100644
--- a/syscall__extractor_8cpp_source.html
+++ b/syscall__extractor_8cpp_source.html
@@ -209,12 +209,12 @@
 <div class="line"><a id="l00107" name="l00107"></a><span class="lineno">  107</span>}</div>
 </div>
 <div class="ttc" id="anamespacepesieve_1_1util_html_a1f7e69ed521ed2a4d2c4887a4c4a7323"><div class="ttname"><a href="namespacepesieve_1_1util.html#a1f7e69ed521ed2a4d2c4887a4c4a7323">pesieve::util::isSyscallFunc</a></div><div class="ttdeci">bool isSyscallFunc(const std::string &amp;funcName)</div><div class="ttdef"><b>Definition</b> <a href="#l00011">syscall_extractor.cpp:11</a></div></div>
-<div class="ttc" id="anamespacepesieve_1_1util_html_a39cfbc887b8c190834eece6c67a4af17"><div class="ttname"><a href="namespacepesieve_1_1util.html#a39cfbc887b8c190834eece6c67a4af17">pesieve::util::wow64_disable_fs_redirection</a></div><div class="ttdeci">BOOL wow64_disable_fs_redirection(OUT PVOID *OldValue)</div><div class="ttdef"><b>Definition</b> <a href="process__util_8cpp_source.html#l00091">process_util.cpp:91</a></div></div>
+<div class="ttc" id="anamespacepesieve_1_1util_html_a39cfbc887b8c190834eece6c67a4af17"><div class="ttname"><a href="namespacepesieve_1_1util.html#a39cfbc887b8c190834eece6c67a4af17">pesieve::util::wow64_disable_fs_redirection</a></div><div class="ttdeci">BOOL wow64_disable_fs_redirection(OUT PVOID *OldValue)</div><div class="ttdef"><b>Definition</b> <a href="process__util_8cpp_source.html#l00104">process_util.cpp:104</a></div></div>
 <div class="ttc" id="anamespacepesieve_1_1util_html_a9a0b78302afec18f94651ab7426d847a"><div class="ttname"><a href="namespacepesieve_1_1util.html#a9a0b78302afec18f94651ab7426d847a">pesieve::util::extract_from_dll</a></div><div class="ttdeci">size_t extract_from_dll(IN const std::string &amp;path, size_t startSyscallID, OUT std::map&lt; DWORD, std::string &gt; &amp;syscallToName)</div><div class="ttdef"><b>Definition</b> <a href="#l00055">syscall_extractor.cpp:55</a></div></div>
 <div class="ttc" id="anamespacepesieve_1_1util_html_ac533b9c8a18228f62223a0042c40f5ae"><div class="ttname"><a href="namespacepesieve_1_1util.html#ac533b9c8a18228f62223a0042c40f5ae">pesieve::util::DWORD</a></div><div class="ttdeci">DWORD(__stdcall *_PssCaptureSnapshot)(HANDLE ProcessHandle</div></div>
 <div class="ttc" id="anamespacepesieve_1_1util_html_ac95cf6c6c1068bc672275290965c0350"><div class="ttname"><a href="namespacepesieve_1_1util.html#ac95cf6c6c1068bc672275290965c0350">pesieve::util::extract_syscall_table</a></div><div class="ttdeci">size_t extract_syscall_table(OUT std::map&lt; DWORD, std::string &gt; &amp;syscallToName)</div><div class="ttdef"><b>Definition</b> <a href="#l00082">syscall_extractor.cpp:82</a></div></div>
 <div class="ttc" id="anamespacepesieve_1_1util_html_ac99548a60414e711aa8bace85438cd15"><div class="ttname"><a href="namespacepesieve_1_1util.html#ac99548a60414e711aa8bace85438cd15">pesieve::util::extract_syscalls</a></div><div class="ttdeci">size_t extract_syscalls(BYTE *pe_buf, size_t pe_size, std::map&lt; DWORD, std::string &gt; &amp;syscallToName, size_t startID=0)</div><div class="ttdef"><b>Definition</b> <a href="#l00029">syscall_extractor.cpp:29</a></div></div>
-<div class="ttc" id="anamespacepesieve_1_1util_html_aed4eb6ec69c30d271b4f4b6c4244f03e"><div class="ttname"><a href="namespacepesieve_1_1util.html#aed4eb6ec69c30d271b4f4b6c4244f03e">pesieve::util::wow64_revert_fs_redirection</a></div><div class="ttdeci">BOOL wow64_revert_fs_redirection(IN PVOID OldValue)</div><div class="ttdef"><b>Definition</b> <a href="process__util_8cpp_source.html#l00108">process_util.cpp:108</a></div></div>
+<div class="ttc" id="anamespacepesieve_1_1util_html_aed4eb6ec69c30d271b4f4b6c4244f03e"><div class="ttname"><a href="namespacepesieve_1_1util.html#aed4eb6ec69c30d271b4f4b6c4244f03e">pesieve::util::wow64_revert_fs_redirection</a></div><div class="ttdeci">BOOL wow64_revert_fs_redirection(IN PVOID OldValue)</div><div class="ttdef"><b>Definition</b> <a href="process__util_8cpp_source.html#l00121">process_util.cpp:121</a></div></div>
 <div class="ttc" id="anamespacepesieve_html"><div class="ttname"><a href="namespacepesieve.html">pesieve</a></div><div class="ttdef"><b>Definition</b> <a href="pesieve_8py_source.html#l00001">pesieve.py:1</a></div></div>
 <div class="ttc" id="anamespacepesieve_html_a1cb84e5f71928d34d7e7169a19964a9c"><div class="ttname"><a href="namespacepesieve.html#a1cb84e5f71928d34d7e7169a19964a9c">pesieve.MAX_PATH</a></div><div class="ttdeci">int MAX_PATH</div><div class="ttdef"><b>Definition</b> <a href="pesieve_8py_source.html#l00010">pesieve.py:10</a></div></div>
 <div class="ttc" id="aprocess__util_8h_html"><div class="ttname"><a href="process__util_8h.html">process_util.h</a></div></div>
diff --git a/thread__scanner_8cpp.html b/thread__scanner_8cpp.html
index 7cfa2c8cd..b67f00f4c 100644
--- a/thread__scanner_8cpp.html
+++ b/thread__scanner_8cpp.html
@@ -200,7 +200,7 @@ <h2 class="memtitle"><span class="permalink"><a href="#aae9f172c5997c8651c566511
       </table>
 </div><div class="memdoc">
 
-<p class="definition">Definition at line <a class="el" href="thread__scanner_8cpp_source.html#l00069">69</a> of file <a class="el" href="thread__scanner_8cpp_source.html">thread_scanner.cpp</a>.</p>
+<p class="definition">Definition at line <a class="el" href="thread__scanner_8cpp_source.html#l00070">70</a> of file <a class="el" href="thread__scanner_8cpp_source.html">thread_scanner.cpp</a>.</p>
 
 </div>
 </div>
@@ -228,7 +228,7 @@ <h2 class="memtitle"><span class="permalink"><a href="#a7b9ade21d4de016d2a048bf6
       </table>
 </div><div class="memdoc">
 
-<p class="definition">Definition at line <a class="el" href="thread__scanner_8cpp_source.html#l00056">56</a> of file <a class="el" href="thread__scanner_8cpp_source.html">thread_scanner.cpp</a>.</p>
+<p class="definition">Definition at line <a class="el" href="thread__scanner_8cpp_source.html#l00057">57</a> of file <a class="el" href="thread__scanner_8cpp_source.html">thread_scanner.cpp</a>.</p>
 
 </div>
 </div>
@@ -247,7 +247,7 @@ <h2 class="memtitle"><span class="permalink"><a href="#a20dfb89b6f97369747479fad
       </table>
 </div><div class="memdoc">
 
-<p class="definition">Definition at line <a class="el" href="thread__scanner_8cpp_source.html#l00118">118</a> of file <a class="el" href="thread__scanner_8cpp_source.html">thread_scanner.cpp</a>.</p>
+<p class="definition">Definition at line <a class="el" href="thread__scanner_8cpp_source.html#l00119">119</a> of file <a class="el" href="thread__scanner_8cpp_source.html">thread_scanner.cpp</a>.</p>
 
 </div>
 </div>
@@ -272,7 +272,7 @@ <h2 class="memtitle"><span class="permalink"><a href="#a8df4a00bf9eb5dfebad5cfe6
       </table>
 </div><div class="memdoc">
 
-<p class="definition">Definition at line <a class="el" href="thread__scanner_8cpp_source.html#l00308">308</a> of file <a class="el" href="thread__scanner_8cpp_source.html">thread_scanner.cpp</a>.</p>
+<p class="definition">Definition at line <a class="el" href="thread__scanner_8cpp_source.html#l00318">318</a> of file <a class="el" href="thread__scanner_8cpp_source.html">thread_scanner.cpp</a>.</p>
 
 </div>
 </div>
@@ -291,7 +291,7 @@ <h2 class="memtitle"><span class="permalink"><a href="#acde231c42b9527dcc026402d
       </table>
 </div><div class="memdoc">
 
-<p class="definition">Definition at line <a class="el" href="thread__scanner_8cpp_source.html#l00464">464</a> of file <a class="el" href="thread__scanner_8cpp_source.html">thread_scanner.cpp</a>.</p>
+<p class="definition">Definition at line <a class="el" href="thread__scanner_8cpp_source.html#l00474">474</a> of file <a class="el" href="thread__scanner_8cpp_source.html">thread_scanner.cpp</a>.</p>
 <div class="dynheader">
 Here is the call graph for this function:</div>
 <div class="dyncontent">
diff --git a/thread__scanner_8cpp_source.html b/thread__scanner_8cpp_source.html
index 907e0919f..90aada013 100644
--- a/thread__scanner_8cpp_source.html
+++ b/thread__scanner_8cpp_source.html
@@ -152,603 +152,613 @@
 <div class="line"><a id="l00052" name="l00052"></a><span class="lineno">   52</span>        <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
 <div class="line"><a id="l00053" name="l00053"></a><span class="lineno">   53</span>    }</div>
 </div>
-<div class="line"><a id="l00054" name="l00054"></a><span class="lineno">   54</span>};</div>
-<div class="line"><a id="l00055" name="l00055"></a><span class="lineno">   55</span> </div>
-<div class="foldopen" id="foldopen00056" data-start="{" data-end="}">
-<div class="line"><a id="l00056" name="l00056"></a><span class="lineno"><a class="line" href="thread__scanner_8cpp.html#a7b9ade21d4de016d2a048bf6cc42dbc0">   56</a></span><span class="keywordtype">bool</span> <a class="code hl_function" href="thread__scanner_8cpp.html#a7b9ade21d4de016d2a048bf6cc42dbc0">get_page_details</a>(HANDLE processHandle, LPVOID start_va, MEMORY_BASIC_INFORMATION&amp; page_info)</div>
-<div class="line"><a id="l00057" name="l00057"></a><span class="lineno">   57</span>{</div>
-<div class="line"><a id="l00058" name="l00058"></a><span class="lineno">   58</span>    <span class="keywordtype">size_t</span> page_info_size = <span class="keyword">sizeof</span>(MEMORY_BASIC_INFORMATION);</div>
-<div class="line"><a id="l00059" name="l00059"></a><span class="lineno">   59</span>    <span class="keyword">const</span> SIZE_T out = VirtualQueryEx(processHandle, (LPCVOID)start_va, &amp;page_info, page_info_size);</div>
-<div class="line"><a id="l00060" name="l00060"></a><span class="lineno">   60</span>    <span class="keyword">const</span> <span class="keywordtype">bool</span> is_read = (out == page_info_size) ? <span class="keyword">true</span> : <span class="keyword">false</span>;</div>
-<div class="line"><a id="l00061" name="l00061"></a><span class="lineno">   61</span>    <span class="keyword">const</span> DWORD error = is_read ? ERROR_SUCCESS : GetLastError();</div>
-<div class="line"><a id="l00062" name="l00062"></a><span class="lineno">   62</span>    <span class="keywordflow">if</span> (error != ERROR_SUCCESS) {</div>
-<div class="line"><a id="l00063" name="l00063"></a><span class="lineno">   63</span>        <span class="comment">//nothing to read</span></div>
-<div class="line"><a id="l00064" name="l00064"></a><span class="lineno">   64</span>        <span class="keywordflow">return</span> <span class="keyword">false</span>;</div>
-<div class="line"><a id="l00065" name="l00065"></a><span class="lineno">   65</span>    }</div>
-<div class="line"><a id="l00066" name="l00066"></a><span class="lineno">   66</span>    <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
-<div class="line"><a id="l00067" name="l00067"></a><span class="lineno">   67</span>}</div>
+<div class="line"><a id="l00054" name="l00054"></a><span class="lineno">   54</span> </div>
+<div class="line"><a id="l00055" name="l00055"></a><span class="lineno">   55</span>};</div>
+<div class="line"><a id="l00056" name="l00056"></a><span class="lineno">   56</span> </div>
+<div class="foldopen" id="foldopen00057" data-start="{" data-end="}">
+<div class="line"><a id="l00057" name="l00057"></a><span class="lineno"><a class="line" href="thread__scanner_8cpp.html#a7b9ade21d4de016d2a048bf6cc42dbc0">   57</a></span><span class="keywordtype">bool</span> <a class="code hl_function" href="thread__scanner_8cpp.html#a7b9ade21d4de016d2a048bf6cc42dbc0">get_page_details</a>(HANDLE processHandle, LPVOID start_va, MEMORY_BASIC_INFORMATION&amp; page_info)</div>
+<div class="line"><a id="l00058" name="l00058"></a><span class="lineno">   58</span>{</div>
+<div class="line"><a id="l00059" name="l00059"></a><span class="lineno">   59</span>    <span class="keywordtype">size_t</span> page_info_size = <span class="keyword">sizeof</span>(MEMORY_BASIC_INFORMATION);</div>
+<div class="line"><a id="l00060" name="l00060"></a><span class="lineno">   60</span>    <span class="keyword">const</span> SIZE_T out = VirtualQueryEx(processHandle, (LPCVOID)start_va, &amp;page_info, page_info_size);</div>
+<div class="line"><a id="l00061" name="l00061"></a><span class="lineno">   61</span>    <span class="keyword">const</span> <span class="keywordtype">bool</span> is_read = (out == page_info_size) ? <span class="keyword">true</span> : <span class="keyword">false</span>;</div>
+<div class="line"><a id="l00062" name="l00062"></a><span class="lineno">   62</span>    <span class="keyword">const</span> DWORD error = is_read ? ERROR_SUCCESS : GetLastError();</div>
+<div class="line"><a id="l00063" name="l00063"></a><span class="lineno">   63</span>    <span class="keywordflow">if</span> (error != ERROR_SUCCESS) {</div>
+<div class="line"><a id="l00064" name="l00064"></a><span class="lineno">   64</span>        <span class="comment">//nothing to read</span></div>
+<div class="line"><a id="l00065" name="l00065"></a><span class="lineno">   65</span>        <span class="keywordflow">return</span> <span class="keyword">false</span>;</div>
+<div class="line"><a id="l00066" name="l00066"></a><span class="lineno">   66</span>    }</div>
+<div class="line"><a id="l00067" name="l00067"></a><span class="lineno">   67</span>    <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
+<div class="line"><a id="l00068" name="l00068"></a><span class="lineno">   68</span>}</div>
 </div>
-<div class="line"><a id="l00068" name="l00068"></a><span class="lineno">   68</span> </div>
-<div class="foldopen" id="foldopen00069" data-start="{" data-end="}">
-<div class="line"><a id="l00069" name="l00069"></a><span class="lineno"><a class="line" href="thread__scanner_8cpp.html#aae9f172c5997c8651c566511823bb19e">   69</a></span>DWORD WINAPI <a class="code hl_function" href="thread__scanner_8cpp.html#aae9f172c5997c8651c566511823bb19e">enum_stack_thread</a>(LPVOID lpParam)</div>
-<div class="line"><a id="l00070" name="l00070"></a><span class="lineno">   70</span>{</div>
-<div class="line"><a id="l00071" name="l00071"></a><span class="lineno">   71</span>    <a class="code hl_struct" href="struct__t__stack__enum__params.html">t_stack_enum_params</a>* args = <span class="keyword">static_cast&lt;</span><a class="code hl_struct" href="struct__t__stack__enum__params.html">t_stack_enum_params</a>*<span class="keyword">&gt;</span>(lpParam);</div>
-<div class="line"><a id="l00072" name="l00072"></a><span class="lineno">   72</span>    <span class="keywordflow">if</span> (!args || !args-&gt;<a class="code hl_variable" href="struct__t__stack__enum__params.html#a4826590c344fedd647d5f87817432471">cDetails</a> || !args-&gt;<a class="code hl_variable" href="struct__t__stack__enum__params.html#ae7d2f75acd71c92407abb34baba79e86">ctx</a>) {</div>
-<div class="line"><a id="l00073" name="l00073"></a><span class="lineno">   73</span>        <span class="keywordflow">return</span> STATUS_INVALID_PARAMETER;</div>
-<div class="line"><a id="l00074" name="l00074"></a><span class="lineno">   74</span>    }</div>
-<div class="line"><a id="l00075" name="l00075"></a><span class="lineno">   75</span>    <span class="keywordtype">size_t</span> fetched = 0;</div>
-<div class="line"><a id="l00076" name="l00076"></a><span class="lineno">   76</span>    <span class="keyword">const</span> <a class="code hl_struct" href="structpesieve_1_1__ctx__details.html">pesieve::ctx_details</a>&amp; cDetails = *(args-&gt;<a class="code hl_variable" href="struct__t__stack__enum__params.html#a4826590c344fedd647d5f87817432471">cDetails</a>);</div>
-<div class="line"><a id="l00077" name="l00077"></a><span class="lineno">   77</span><span class="preprocessor">#ifdef _WIN64</span></div>
-<div class="line"><a id="l00078" name="l00078"></a><span class="lineno">   78</span>    <span class="keywordflow">if</span> (cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#ad0c5e14eb1bb6d1bef2421752eb5e298">is64b</a>) {</div>
-<div class="line"><a id="l00079" name="l00079"></a><span class="lineno">   79</span>        STACKFRAME64 frame = { 0 };</div>
-<div class="line"><a id="l00080" name="l00080"></a><span class="lineno">   80</span> </div>
-<div class="line"><a id="l00081" name="l00081"></a><span class="lineno">   81</span>        frame.AddrPC.Offset = cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#a6dc0bc061045467c3d71b6644adf68b4">rip</a>;</div>
-<div class="line"><a id="l00082" name="l00082"></a><span class="lineno">   82</span>        frame.AddrPC.Mode = AddrModeFlat;</div>
-<div class="line"><a id="l00083" name="l00083"></a><span class="lineno">   83</span>        frame.AddrStack.Offset = cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#ab19759b888e6034d29dcaf6cedeed9bd">rsp</a>;</div>
-<div class="line"><a id="l00084" name="l00084"></a><span class="lineno">   84</span>        frame.AddrStack.Mode = AddrModeFlat;</div>
-<div class="line"><a id="l00085" name="l00085"></a><span class="lineno">   85</span>        frame.AddrFrame.Offset = cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#a5868fc0792120aa74a5fab5ab1a5eeb6">rbp</a>;</div>
-<div class="line"><a id="l00086" name="l00086"></a><span class="lineno">   86</span>        frame.AddrFrame.Mode = AddrModeFlat;</div>
-<div class="line"><a id="l00087" name="l00087"></a><span class="lineno">   87</span> </div>
-<div class="line"><a id="l00088" name="l00088"></a><span class="lineno">   88</span>        <span class="keywordflow">while</span> (StackWalk64(IMAGE_FILE_MACHINE_AMD64, args-&gt;<a class="code hl_variable" href="struct__t__stack__enum__params.html#a657834de8b3a9b7525907db521be6552">hProcess</a>, args-&gt;<a class="code hl_variable" href="struct__t__stack__enum__params.html#af39d9900e3d580fea3a16440f979bcef">hThread</a>, &amp;frame, args-&gt;<a class="code hl_variable" href="struct__t__stack__enum__params.html#ae7d2f75acd71c92407abb34baba79e86">ctx</a>, NULL, SymFunctionTableAccess64, SymGetModuleBase64, NULL)) {</div>
-<div class="line"><a id="l00089" name="l00089"></a><span class="lineno">   89</span>            <span class="keyword">const</span> ULONGLONG next_addr = frame.AddrPC.Offset;</div>
-<div class="line"><a id="l00090" name="l00090"></a><span class="lineno">   90</span>            args-&gt;<a class="code hl_variable" href="struct__t__stack__enum__params.html#ade3c904e419340c15bfc284f19e82f7a">callStack</a>.push_back(next_addr);</div>
-<div class="line"><a id="l00091" name="l00091"></a><span class="lineno">   91</span>            fetched++;</div>
-<div class="line"><a id="l00092" name="l00092"></a><span class="lineno">   92</span>        }</div>
-<div class="line"><a id="l00093" name="l00093"></a><span class="lineno">   93</span>    }</div>
-<div class="line"><a id="l00094" name="l00094"></a><span class="lineno">   94</span><span class="preprocessor">#endif</span></div>
-<div class="line"><a id="l00095" name="l00095"></a><span class="lineno">   95</span>    <span class="keywordflow">if</span> (!cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#ad0c5e14eb1bb6d1bef2421752eb5e298">is64b</a>) {</div>
-<div class="line"><a id="l00096" name="l00096"></a><span class="lineno">   96</span>        STACKFRAME frame = { 0 };</div>
-<div class="line"><a id="l00097" name="l00097"></a><span class="lineno">   97</span> </div>
-<div class="line"><a id="l00098" name="l00098"></a><span class="lineno">   98</span>        frame.AddrPC.Offset = cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#a6dc0bc061045467c3d71b6644adf68b4">rip</a>;</div>
-<div class="line"><a id="l00099" name="l00099"></a><span class="lineno">   99</span>        frame.AddrPC.Mode = AddrModeFlat;</div>
-<div class="line"><a id="l00100" name="l00100"></a><span class="lineno">  100</span>        frame.AddrStack.Offset = cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#ab19759b888e6034d29dcaf6cedeed9bd">rsp</a>;</div>
-<div class="line"><a id="l00101" name="l00101"></a><span class="lineno">  101</span>        frame.AddrStack.Mode = AddrModeFlat;</div>
-<div class="line"><a id="l00102" name="l00102"></a><span class="lineno">  102</span>        frame.AddrFrame.Offset = cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#a5868fc0792120aa74a5fab5ab1a5eeb6">rbp</a>;</div>
-<div class="line"><a id="l00103" name="l00103"></a><span class="lineno">  103</span>        frame.AddrFrame.Mode = AddrModeFlat;</div>
-<div class="line"><a id="l00104" name="l00104"></a><span class="lineno">  104</span> </div>
-<div class="line"><a id="l00105" name="l00105"></a><span class="lineno">  105</span>        <span class="keywordflow">while</span> (StackWalk(IMAGE_FILE_MACHINE_I386, args-&gt;<a class="code hl_variable" href="struct__t__stack__enum__params.html#a657834de8b3a9b7525907db521be6552">hProcess</a>, args-&gt;<a class="code hl_variable" href="struct__t__stack__enum__params.html#af39d9900e3d580fea3a16440f979bcef">hThread</a>, &amp;frame, args-&gt;<a class="code hl_variable" href="struct__t__stack__enum__params.html#ae7d2f75acd71c92407abb34baba79e86">ctx</a>, NULL, SymFunctionTableAccess, SymGetModuleBase, NULL)) {</div>
-<div class="line"><a id="l00106" name="l00106"></a><span class="lineno">  106</span>            <span class="keyword">const</span> ULONGLONG next_return = frame.AddrPC.Offset;</div>
-<div class="line"><a id="l00107" name="l00107"></a><span class="lineno">  107</span>            args-&gt;<a class="code hl_variable" href="struct__t__stack__enum__params.html#ade3c904e419340c15bfc284f19e82f7a">callStack</a>.push_back(next_return);</div>
-<div class="line"><a id="l00108" name="l00108"></a><span class="lineno">  108</span>            fetched++;</div>
-<div class="line"><a id="l00109" name="l00109"></a><span class="lineno">  109</span>        }</div>
-<div class="line"><a id="l00110" name="l00110"></a><span class="lineno">  110</span>    }</div>
-<div class="line"><a id="l00111" name="l00111"></a><span class="lineno">  111</span>    <span class="keywordflow">if</span> (fetched) {</div>
-<div class="line"><a id="l00112" name="l00112"></a><span class="lineno">  112</span>        args-&gt;<a class="code hl_variable" href="struct__t__stack__enum__params.html#a61d74c02774139f2cccf850af389735c">is_ok</a> = <span class="keyword">true</span>;</div>
-<div class="line"><a id="l00113" name="l00113"></a><span class="lineno">  113</span>        <span class="keywordflow">return</span> STATUS_SUCCESS;</div>
-<div class="line"><a id="l00114" name="l00114"></a><span class="lineno">  114</span>    }</div>
-<div class="line"><a id="l00115" name="l00115"></a><span class="lineno">  115</span>    <span class="keywordflow">return</span> STATUS_UNSUCCESSFUL;</div>
-<div class="line"><a id="l00116" name="l00116"></a><span class="lineno">  116</span>}</div>
+<div class="line"><a id="l00069" name="l00069"></a><span class="lineno">   69</span> </div>
+<div class="foldopen" id="foldopen00070" data-start="{" data-end="}">
+<div class="line"><a id="l00070" name="l00070"></a><span class="lineno"><a class="line" href="thread__scanner_8cpp.html#aae9f172c5997c8651c566511823bb19e">   70</a></span>DWORD WINAPI <a class="code hl_function" href="thread__scanner_8cpp.html#aae9f172c5997c8651c566511823bb19e">enum_stack_thread</a>(LPVOID lpParam)</div>
+<div class="line"><a id="l00071" name="l00071"></a><span class="lineno">   71</span>{</div>
+<div class="line"><a id="l00072" name="l00072"></a><span class="lineno">   72</span>    <a class="code hl_struct" href="struct__t__stack__enum__params.html">t_stack_enum_params</a>* args = <span class="keyword">static_cast&lt;</span><a class="code hl_struct" href="struct__t__stack__enum__params.html">t_stack_enum_params</a>*<span class="keyword">&gt;</span>(lpParam);</div>
+<div class="line"><a id="l00073" name="l00073"></a><span class="lineno">   73</span>    <span class="keywordflow">if</span> (!args || !args-&gt;<a class="code hl_variable" href="struct__t__stack__enum__params.html#a4826590c344fedd647d5f87817432471">cDetails</a> || !args-&gt;<a class="code hl_variable" href="struct__t__stack__enum__params.html#ae7d2f75acd71c92407abb34baba79e86">ctx</a>) {</div>
+<div class="line"><a id="l00074" name="l00074"></a><span class="lineno">   74</span>        <span class="keywordflow">return</span> STATUS_INVALID_PARAMETER;</div>
+<div class="line"><a id="l00075" name="l00075"></a><span class="lineno">   75</span>    }</div>
+<div class="line"><a id="l00076" name="l00076"></a><span class="lineno">   76</span>    <span class="keywordtype">size_t</span> fetched = 0;</div>
+<div class="line"><a id="l00077" name="l00077"></a><span class="lineno">   77</span>    <span class="keyword">const</span> <a class="code hl_struct" href="structpesieve_1_1__ctx__details.html">pesieve::ctx_details</a>&amp; cDetails = *(args-&gt;<a class="code hl_variable" href="struct__t__stack__enum__params.html#a4826590c344fedd647d5f87817432471">cDetails</a>);</div>
+<div class="line"><a id="l00078" name="l00078"></a><span class="lineno">   78</span><span class="preprocessor">#ifdef _WIN64</span></div>
+<div class="line"><a id="l00079" name="l00079"></a><span class="lineno">   79</span>    <span class="keywordflow">if</span> (cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#ad0c5e14eb1bb6d1bef2421752eb5e298">is64b</a>) {</div>
+<div class="line"><a id="l00080" name="l00080"></a><span class="lineno">   80</span>        STACKFRAME64 frame = { 0 };</div>
+<div class="line"><a id="l00081" name="l00081"></a><span class="lineno">   81</span> </div>
+<div class="line"><a id="l00082" name="l00082"></a><span class="lineno">   82</span>        frame.AddrPC.Offset = cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#a6dc0bc061045467c3d71b6644adf68b4">rip</a>;</div>
+<div class="line"><a id="l00083" name="l00083"></a><span class="lineno">   83</span>        frame.AddrPC.Mode = AddrModeFlat;</div>
+<div class="line"><a id="l00084" name="l00084"></a><span class="lineno">   84</span>        frame.AddrStack.Offset = cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#ab19759b888e6034d29dcaf6cedeed9bd">rsp</a>;</div>
+<div class="line"><a id="l00085" name="l00085"></a><span class="lineno">   85</span>        frame.AddrStack.Mode = AddrModeFlat;</div>
+<div class="line"><a id="l00086" name="l00086"></a><span class="lineno">   86</span>        frame.AddrFrame.Offset = cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#a5868fc0792120aa74a5fab5ab1a5eeb6">rbp</a>;</div>
+<div class="line"><a id="l00087" name="l00087"></a><span class="lineno">   87</span>        frame.AddrFrame.Mode = AddrModeFlat;</div>
+<div class="line"><a id="l00088" name="l00088"></a><span class="lineno">   88</span> </div>
+<div class="line"><a id="l00089" name="l00089"></a><span class="lineno">   89</span>        <span class="keywordflow">while</span> (StackWalk64(IMAGE_FILE_MACHINE_AMD64, args-&gt;<a class="code hl_variable" href="struct__t__stack__enum__params.html#a657834de8b3a9b7525907db521be6552">hProcess</a>, args-&gt;<a class="code hl_variable" href="struct__t__stack__enum__params.html#af39d9900e3d580fea3a16440f979bcef">hThread</a>, &amp;frame, args-&gt;<a class="code hl_variable" href="struct__t__stack__enum__params.html#ae7d2f75acd71c92407abb34baba79e86">ctx</a>, NULL, SymFunctionTableAccess64, SymGetModuleBase64, NULL)) {</div>
+<div class="line"><a id="l00090" name="l00090"></a><span class="lineno">   90</span>            <span class="keyword">const</span> ULONGLONG next_addr = frame.AddrPC.Offset;</div>
+<div class="line"><a id="l00091" name="l00091"></a><span class="lineno">   91</span>            args-&gt;<a class="code hl_variable" href="struct__t__stack__enum__params.html#ade3c904e419340c15bfc284f19e82f7a">callStack</a>.push_back(next_addr);</div>
+<div class="line"><a id="l00092" name="l00092"></a><span class="lineno">   92</span>            fetched++;</div>
+<div class="line"><a id="l00093" name="l00093"></a><span class="lineno">   93</span>        }</div>
+<div class="line"><a id="l00094" name="l00094"></a><span class="lineno">   94</span>    }</div>
+<div class="line"><a id="l00095" name="l00095"></a><span class="lineno">   95</span><span class="preprocessor">#endif</span></div>
+<div class="line"><a id="l00096" name="l00096"></a><span class="lineno">   96</span>    <span class="keywordflow">if</span> (!cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#ad0c5e14eb1bb6d1bef2421752eb5e298">is64b</a>) {</div>
+<div class="line"><a id="l00097" name="l00097"></a><span class="lineno">   97</span>        STACKFRAME frame = { 0 };</div>
+<div class="line"><a id="l00098" name="l00098"></a><span class="lineno">   98</span> </div>
+<div class="line"><a id="l00099" name="l00099"></a><span class="lineno">   99</span>        frame.AddrPC.Offset = cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#a6dc0bc061045467c3d71b6644adf68b4">rip</a>;</div>
+<div class="line"><a id="l00100" name="l00100"></a><span class="lineno">  100</span>        frame.AddrPC.Mode = AddrModeFlat;</div>
+<div class="line"><a id="l00101" name="l00101"></a><span class="lineno">  101</span>        frame.AddrStack.Offset = cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#ab19759b888e6034d29dcaf6cedeed9bd">rsp</a>;</div>
+<div class="line"><a id="l00102" name="l00102"></a><span class="lineno">  102</span>        frame.AddrStack.Mode = AddrModeFlat;</div>
+<div class="line"><a id="l00103" name="l00103"></a><span class="lineno">  103</span>        frame.AddrFrame.Offset = cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#a5868fc0792120aa74a5fab5ab1a5eeb6">rbp</a>;</div>
+<div class="line"><a id="l00104" name="l00104"></a><span class="lineno">  104</span>        frame.AddrFrame.Mode = AddrModeFlat;</div>
+<div class="line"><a id="l00105" name="l00105"></a><span class="lineno">  105</span> </div>
+<div class="line"><a id="l00106" name="l00106"></a><span class="lineno">  106</span>        <span class="keywordflow">while</span> (StackWalk(IMAGE_FILE_MACHINE_I386, args-&gt;<a class="code hl_variable" href="struct__t__stack__enum__params.html#a657834de8b3a9b7525907db521be6552">hProcess</a>, args-&gt;<a class="code hl_variable" href="struct__t__stack__enum__params.html#af39d9900e3d580fea3a16440f979bcef">hThread</a>, &amp;frame, args-&gt;<a class="code hl_variable" href="struct__t__stack__enum__params.html#ae7d2f75acd71c92407abb34baba79e86">ctx</a>, NULL, SymFunctionTableAccess, SymGetModuleBase, NULL)) {</div>
+<div class="line"><a id="l00107" name="l00107"></a><span class="lineno">  107</span>            <span class="keyword">const</span> ULONGLONG next_return = frame.AddrPC.Offset;</div>
+<div class="line"><a id="l00108" name="l00108"></a><span class="lineno">  108</span>            args-&gt;<a class="code hl_variable" href="struct__t__stack__enum__params.html#ade3c904e419340c15bfc284f19e82f7a">callStack</a>.push_back(next_return);</div>
+<div class="line"><a id="l00109" name="l00109"></a><span class="lineno">  109</span>            fetched++;</div>
+<div class="line"><a id="l00110" name="l00110"></a><span class="lineno">  110</span>        }</div>
+<div class="line"><a id="l00111" name="l00111"></a><span class="lineno">  111</span>    }</div>
+<div class="line"><a id="l00112" name="l00112"></a><span class="lineno">  112</span>    <span class="keywordflow">if</span> (fetched) {</div>
+<div class="line"><a id="l00113" name="l00113"></a><span class="lineno">  113</span>        args-&gt;<a class="code hl_variable" href="struct__t__stack__enum__params.html#a61d74c02774139f2cccf850af389735c">is_ok</a> = <span class="keyword">true</span>;</div>
+<div class="line"><a id="l00114" name="l00114"></a><span class="lineno">  114</span>        <span class="keywordflow">return</span> STATUS_SUCCESS;</div>
+<div class="line"><a id="l00115" name="l00115"></a><span class="lineno">  115</span>    }</div>
+<div class="line"><a id="l00116" name="l00116"></a><span class="lineno">  116</span>    <span class="keywordflow">return</span> STATUS_UNSUCCESSFUL;</div>
+<div class="line"><a id="l00117" name="l00117"></a><span class="lineno">  117</span>}</div>
 </div>
-<div class="line"><a id="l00117" name="l00117"></a><span class="lineno">  117</span> </div>
-<div class="foldopen" id="foldopen00118" data-start="{" data-end="}">
-<div class="line"><a id="l00118" name="l00118"></a><span class="lineno"><a class="line" href="thread__scanner_8cpp.html#a20dfb89b6f97369747479fad5b4e764b">  118</a></span><span class="keywordtype">bool</span> <a class="code hl_function" href="thread__scanner_8cpp.html#a20dfb89b6f97369747479fad5b4e764b">has_empty_gui_info</a>(DWORD tid)</div>
-<div class="line"><a id="l00119" name="l00119"></a><span class="lineno">  119</span>{</div>
-<div class="line"><a id="l00120" name="l00120"></a><span class="lineno">  120</span>    GUITHREADINFO gui = { 0 };</div>
-<div class="line"><a id="l00121" name="l00121"></a><span class="lineno">  121</span>    gui.cbSize = <span class="keyword">sizeof</span>(GUITHREADINFO);</div>
-<div class="line"><a id="l00122" name="l00122"></a><span class="lineno">  122</span>    <span class="keywordflow">if</span> (!GetGUIThreadInfo(tid, &amp;gui)) {</div>
-<div class="line"><a id="l00123" name="l00123"></a><span class="lineno">  123</span>        <span class="keywordflow">return</span> <span class="keyword">false</span>;</div>
-<div class="line"><a id="l00124" name="l00124"></a><span class="lineno">  124</span>    }</div>
-<div class="line"><a id="l00125" name="l00125"></a><span class="lineno">  125</span>    <span class="keywordtype">bool</span> hasWindows = gui.hwndActive || gui.hwndCapture || gui.hwndCaret || gui.hwndMenuOwner || gui.hwndMoveSize;</div>
-<div class="line"><a id="l00126" name="l00126"></a><span class="lineno">  126</span>    <span class="keywordtype">bool</span> hasRcCaret = gui.rcCaret.left || gui.rcCaret.right || gui.rcCaret.bottom || gui.rcCaret.top;</div>
-<div class="line"><a id="l00127" name="l00127"></a><span class="lineno">  127</span>    <span class="keywordflow">if</span> (hasWindows || hasRcCaret) {</div>
-<div class="line"><a id="l00128" name="l00128"></a><span class="lineno">  128</span>        <span class="keywordflow">return</span> <span class="keyword">false</span>;</div>
-<div class="line"><a id="l00129" name="l00129"></a><span class="lineno">  129</span>    }</div>
-<div class="line"><a id="l00130" name="l00130"></a><span class="lineno">  130</span>    <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
-<div class="line"><a id="l00131" name="l00131"></a><span class="lineno">  131</span>}</div>
+<div class="line"><a id="l00118" name="l00118"></a><span class="lineno">  118</span> </div>
+<div class="foldopen" id="foldopen00119" data-start="{" data-end="}">
+<div class="line"><a id="l00119" name="l00119"></a><span class="lineno"><a class="line" href="thread__scanner_8cpp.html#a20dfb89b6f97369747479fad5b4e764b">  119</a></span><span class="keywordtype">bool</span> <a class="code hl_function" href="thread__scanner_8cpp.html#a20dfb89b6f97369747479fad5b4e764b">has_empty_gui_info</a>(DWORD tid)</div>
+<div class="line"><a id="l00120" name="l00120"></a><span class="lineno">  120</span>{</div>
+<div class="line"><a id="l00121" name="l00121"></a><span class="lineno">  121</span>    GUITHREADINFO gui = { 0 };</div>
+<div class="line"><a id="l00122" name="l00122"></a><span class="lineno">  122</span>    gui.cbSize = <span class="keyword">sizeof</span>(GUITHREADINFO);</div>
+<div class="line"><a id="l00123" name="l00123"></a><span class="lineno">  123</span>    <span class="keywordflow">if</span> (!GetGUIThreadInfo(tid, &amp;gui)) {</div>
+<div class="line"><a id="l00124" name="l00124"></a><span class="lineno">  124</span>        <span class="keywordflow">return</span> <span class="keyword">false</span>;</div>
+<div class="line"><a id="l00125" name="l00125"></a><span class="lineno">  125</span>    }</div>
+<div class="line"><a id="l00126" name="l00126"></a><span class="lineno">  126</span>    <span class="keywordtype">bool</span> hasWindows = gui.hwndActive || gui.hwndCapture || gui.hwndCaret || gui.hwndMenuOwner || gui.hwndMoveSize;</div>
+<div class="line"><a id="l00127" name="l00127"></a><span class="lineno">  127</span>    <span class="keywordtype">bool</span> hasRcCaret = gui.rcCaret.left || gui.rcCaret.right || gui.rcCaret.bottom || gui.rcCaret.top;</div>
+<div class="line"><a id="l00128" name="l00128"></a><span class="lineno">  128</span>    <span class="keywordflow">if</span> (hasWindows || hasRcCaret) {</div>
+<div class="line"><a id="l00129" name="l00129"></a><span class="lineno">  129</span>        <span class="keywordflow">return</span> <span class="keyword">false</span>;</div>
+<div class="line"><a id="l00130" name="l00130"></a><span class="lineno">  130</span>    }</div>
+<div class="line"><a id="l00131" name="l00131"></a><span class="lineno">  131</span>    <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
+<div class="line"><a id="l00132" name="l00132"></a><span class="lineno">  132</span>}</div>
 </div>
-<div class="line"><a id="l00132" name="l00132"></a><span class="lineno">  132</span> </div>
-<div class="line"><a id="l00133" name="l00133"></a><span class="lineno">  133</span><span class="comment">//---</span></div>
-<div class="line"><a id="l00134" name="l00134"></a><span class="lineno">  134</span> </div>
-<div class="foldopen" id="foldopen00135" data-start="{" data-end="}">
-<div class="line"><a id="l00135" name="l00135"></a><span class="lineno"><a class="line" href="classpesieve_1_1_thread_scan_report.html#a6d190b1f19a3a9fe2c81cd18abb6a72f">  135</a></span>std::string <a class="code hl_function" href="classpesieve_1_1_thread_scan_report.html#a6d190b1f19a3a9fe2c81cd18abb6a72f">ThreadScanReport::translate_wait_reason</a>(DWORD thread_wait_reason)</div>
-<div class="line"><a id="l00136" name="l00136"></a><span class="lineno">  136</span>{</div>
-<div class="line"><a id="l00137" name="l00137"></a><span class="lineno">  137</span>    <span class="keywordflow">switch</span> (<a class="code hl_variable" href="classpesieve_1_1_thread_scan_report.html#acfe24bd84475b4de990f163e131a99e4">thread_wait_reason</a>) {</div>
-<div class="line"><a id="l00138" name="l00138"></a><span class="lineno">  138</span>        <span class="keywordflow">case</span> DelayExecution: <span class="keywordflow">return</span> <span class="stringliteral">&quot;DelayExecution&quot;</span>;</div>
-<div class="line"><a id="l00139" name="l00139"></a><span class="lineno">  139</span>        <span class="keywordflow">case</span> Suspended: <span class="keywordflow">return</span> <span class="stringliteral">&quot;Suspended&quot;</span>;</div>
-<div class="line"><a id="l00140" name="l00140"></a><span class="lineno">  140</span>        <span class="keywordflow">case</span> Executive: <span class="keywordflow">return</span> <span class="stringliteral">&quot;Executive&quot;</span>;</div>
-<div class="line"><a id="l00141" name="l00141"></a><span class="lineno">  141</span>        <span class="keywordflow">case</span> UserRequest: <span class="keywordflow">return</span> <span class="stringliteral">&quot;UserRequest&quot;</span>;</div>
-<div class="line"><a id="l00142" name="l00142"></a><span class="lineno">  142</span>        <span class="keywordflow">case</span> WrUserRequest: <span class="keywordflow">return</span> <span class="stringliteral">&quot;WrUserRequest&quot;</span>;</div>
-<div class="line"><a id="l00143" name="l00143"></a><span class="lineno">  143</span>        <span class="keywordflow">case</span> WrEventPair: <span class="keywordflow">return</span> <span class="stringliteral">&quot;WrEventPair&quot;</span>;</div>
-<div class="line"><a id="l00144" name="l00144"></a><span class="lineno">  144</span>        <span class="keywordflow">case</span> WrQueue: <span class="keywordflow">return</span> <span class="stringliteral">&quot;WrQueue&quot;</span>;</div>
-<div class="line"><a id="l00145" name="l00145"></a><span class="lineno">  145</span>    }</div>
-<div class="line"><a id="l00146" name="l00146"></a><span class="lineno">  146</span>    std::stringstream ss;</div>
-<div class="line"><a id="l00147" name="l00147"></a><span class="lineno">  147</span>    ss &lt;&lt; <span class="stringliteral">&quot;Other: &quot;</span> &lt;&lt; std::dec &lt;&lt; <a class="code hl_variable" href="classpesieve_1_1_thread_scan_report.html#acfe24bd84475b4de990f163e131a99e4">thread_wait_reason</a>;</div>
-<div class="line"><a id="l00148" name="l00148"></a><span class="lineno">  148</span>    <span class="keywordflow">return</span> ss.str();</div>
-<div class="line"><a id="l00149" name="l00149"></a><span class="lineno">  149</span>}</div>
+<div class="line"><a id="l00133" name="l00133"></a><span class="lineno">  133</span> </div>
+<div class="line"><a id="l00134" name="l00134"></a><span class="lineno">  134</span><span class="comment">//---</span></div>
+<div class="line"><a id="l00135" name="l00135"></a><span class="lineno">  135</span> </div>
+<div class="foldopen" id="foldopen00136" data-start="{" data-end="}">
+<div class="line"><a id="l00136" name="l00136"></a><span class="lineno"><a class="line" href="classpesieve_1_1_thread_scan_report.html#a6d190b1f19a3a9fe2c81cd18abb6a72f">  136</a></span>std::string <a class="code hl_function" href="classpesieve_1_1_thread_scan_report.html#a6d190b1f19a3a9fe2c81cd18abb6a72f">ThreadScanReport::translate_wait_reason</a>(DWORD thread_wait_reason)</div>
+<div class="line"><a id="l00137" name="l00137"></a><span class="lineno">  137</span>{</div>
+<div class="line"><a id="l00138" name="l00138"></a><span class="lineno">  138</span>    <span class="keywordflow">switch</span> (<a class="code hl_variable" href="classpesieve_1_1_thread_scan_report.html#acfe24bd84475b4de990f163e131a99e4">thread_wait_reason</a>) {</div>
+<div class="line"><a id="l00139" name="l00139"></a><span class="lineno">  139</span>        <span class="keywordflow">case</span> DelayExecution: <span class="keywordflow">return</span> <span class="stringliteral">&quot;DelayExecution&quot;</span>;</div>
+<div class="line"><a id="l00140" name="l00140"></a><span class="lineno">  140</span>        <span class="keywordflow">case</span> Suspended: <span class="keywordflow">return</span> <span class="stringliteral">&quot;Suspended&quot;</span>;</div>
+<div class="line"><a id="l00141" name="l00141"></a><span class="lineno">  141</span>        <span class="keywordflow">case</span> Executive: <span class="keywordflow">return</span> <span class="stringliteral">&quot;Executive&quot;</span>;</div>
+<div class="line"><a id="l00142" name="l00142"></a><span class="lineno">  142</span>        <span class="keywordflow">case</span> UserRequest: <span class="keywordflow">return</span> <span class="stringliteral">&quot;UserRequest&quot;</span>;</div>
+<div class="line"><a id="l00143" name="l00143"></a><span class="lineno">  143</span>        <span class="keywordflow">case</span> WrUserRequest: <span class="keywordflow">return</span> <span class="stringliteral">&quot;WrUserRequest&quot;</span>;</div>
+<div class="line"><a id="l00144" name="l00144"></a><span class="lineno">  144</span>        <span class="keywordflow">case</span> WrEventPair: <span class="keywordflow">return</span> <span class="stringliteral">&quot;WrEventPair&quot;</span>;</div>
+<div class="line"><a id="l00145" name="l00145"></a><span class="lineno">  145</span>        <span class="keywordflow">case</span> WrQueue: <span class="keywordflow">return</span> <span class="stringliteral">&quot;WrQueue&quot;</span>;</div>
+<div class="line"><a id="l00146" name="l00146"></a><span class="lineno">  146</span>    }</div>
+<div class="line"><a id="l00147" name="l00147"></a><span class="lineno">  147</span>    std::stringstream ss;</div>
+<div class="line"><a id="l00148" name="l00148"></a><span class="lineno">  148</span>    ss &lt;&lt; <span class="stringliteral">&quot;Other: &quot;</span> &lt;&lt; std::dec &lt;&lt; <a class="code hl_variable" href="classpesieve_1_1_thread_scan_report.html#acfe24bd84475b4de990f163e131a99e4">thread_wait_reason</a>;</div>
+<div class="line"><a id="l00149" name="l00149"></a><span class="lineno">  149</span>    <span class="keywordflow">return</span> ss.str();</div>
+<div class="line"><a id="l00150" name="l00150"></a><span class="lineno">  150</span>}</div>
 </div>
-<div class="line"><a id="l00150" name="l00150"></a><span class="lineno">  150</span> </div>
-<div class="foldopen" id="foldopen00151" data-start="{" data-end="}">
-<div class="line"><a id="l00151" name="l00151"></a><span class="lineno"><a class="line" href="classpesieve_1_1_thread_scan_report.html#af30839203957e838bc299232e05ab735">  151</a></span>std::string <a class="code hl_function" href="classpesieve_1_1_thread_scan_report.html#af30839203957e838bc299232e05ab735">ThreadScanReport::translate_thread_state</a>(DWORD thread_state)</div>
-<div class="line"><a id="l00152" name="l00152"></a><span class="lineno">  152</span>{</div>
-<div class="line"><a id="l00153" name="l00153"></a><span class="lineno">  153</span>    <span class="keywordflow">switch</span> (<a class="code hl_variable" href="classpesieve_1_1_thread_scan_report.html#aa4cc4cdcfd7be649a00dd57d46b70317">thread_state</a>) {</div>
-<div class="line"><a id="l00154" name="l00154"></a><span class="lineno">  154</span>        <span class="keywordflow">case</span> Initialized: <span class="keywordflow">return</span> <span class="stringliteral">&quot;Initialized&quot;</span>;</div>
-<div class="line"><a id="l00155" name="l00155"></a><span class="lineno">  155</span>        <span class="keywordflow">case</span> Ready: <span class="keywordflow">return</span> <span class="stringliteral">&quot;Ready&quot;</span>;</div>
-<div class="line"><a id="l00156" name="l00156"></a><span class="lineno">  156</span>        <span class="keywordflow">case</span> Running: <span class="keywordflow">return</span> <span class="stringliteral">&quot;Running&quot;</span>;</div>
-<div class="line"><a id="l00157" name="l00157"></a><span class="lineno">  157</span>        <span class="keywordflow">case</span> Standby: <span class="keywordflow">return</span> <span class="stringliteral">&quot;Standby&quot;</span>;</div>
-<div class="line"><a id="l00158" name="l00158"></a><span class="lineno">  158</span>        <span class="keywordflow">case</span> Terminated: <span class="keywordflow">return</span> <span class="stringliteral">&quot;Terminated&quot;</span>;</div>
-<div class="line"><a id="l00159" name="l00159"></a><span class="lineno">  159</span>        <span class="keywordflow">case</span> Waiting: <span class="keywordflow">return</span> <span class="stringliteral">&quot;Waiting&quot;</span>;</div>
-<div class="line"><a id="l00160" name="l00160"></a><span class="lineno">  160</span>        <span class="keywordflow">case</span> Transition: <span class="keywordflow">return</span> <span class="stringliteral">&quot;Transition&quot;</span>;</div>
-<div class="line"><a id="l00161" name="l00161"></a><span class="lineno">  161</span>        <span class="keywordflow">case</span> DeferredReady: <span class="keywordflow">return</span> <span class="stringliteral">&quot;DeferredReady&quot;</span>;</div>
-<div class="line"><a id="l00162" name="l00162"></a><span class="lineno">  162</span>        <span class="keywordflow">case</span> GateWaitObsolete: <span class="keywordflow">return</span> <span class="stringliteral">&quot;GateWaitObsolete&quot;</span>;</div>
-<div class="line"><a id="l00163" name="l00163"></a><span class="lineno">  163</span>        <span class="keywordflow">case</span> WaitingForProcessInSwap: <span class="keywordflow">return</span> <span class="stringliteral">&quot;WaitingForProcessInSwap&quot;</span>;</div>
-<div class="line"><a id="l00164" name="l00164"></a><span class="lineno">  164</span>    }</div>
-<div class="line"><a id="l00165" name="l00165"></a><span class="lineno">  165</span>    std::stringstream ss;</div>
-<div class="line"><a id="l00166" name="l00166"></a><span class="lineno">  166</span>    ss &lt;&lt; <span class="stringliteral">&quot;Other: &quot;</span> &lt;&lt; std::dec &lt;&lt; <a class="code hl_variable" href="classpesieve_1_1_thread_scan_report.html#aa4cc4cdcfd7be649a00dd57d46b70317">thread_state</a>;</div>
-<div class="line"><a id="l00167" name="l00167"></a><span class="lineno">  167</span>    <span class="keywordflow">return</span> ss.str();</div>
-<div class="line"><a id="l00168" name="l00168"></a><span class="lineno">  168</span>}</div>
+<div class="line"><a id="l00151" name="l00151"></a><span class="lineno">  151</span> </div>
+<div class="foldopen" id="foldopen00152" data-start="{" data-end="}">
+<div class="line"><a id="l00152" name="l00152"></a><span class="lineno"><a class="line" href="classpesieve_1_1_thread_scan_report.html#af30839203957e838bc299232e05ab735">  152</a></span>std::string <a class="code hl_function" href="classpesieve_1_1_thread_scan_report.html#af30839203957e838bc299232e05ab735">ThreadScanReport::translate_thread_state</a>(DWORD thread_state)</div>
+<div class="line"><a id="l00153" name="l00153"></a><span class="lineno">  153</span>{</div>
+<div class="line"><a id="l00154" name="l00154"></a><span class="lineno">  154</span>    <span class="keywordflow">switch</span> (<a class="code hl_variable" href="classpesieve_1_1_thread_scan_report.html#aa4cc4cdcfd7be649a00dd57d46b70317">thread_state</a>) {</div>
+<div class="line"><a id="l00155" name="l00155"></a><span class="lineno">  155</span>        <span class="keywordflow">case</span> Initialized: <span class="keywordflow">return</span> <span class="stringliteral">&quot;Initialized&quot;</span>;</div>
+<div class="line"><a id="l00156" name="l00156"></a><span class="lineno">  156</span>        <span class="keywordflow">case</span> Ready: <span class="keywordflow">return</span> <span class="stringliteral">&quot;Ready&quot;</span>;</div>
+<div class="line"><a id="l00157" name="l00157"></a><span class="lineno">  157</span>        <span class="keywordflow">case</span> Running: <span class="keywordflow">return</span> <span class="stringliteral">&quot;Running&quot;</span>;</div>
+<div class="line"><a id="l00158" name="l00158"></a><span class="lineno">  158</span>        <span class="keywordflow">case</span> Standby: <span class="keywordflow">return</span> <span class="stringliteral">&quot;Standby&quot;</span>;</div>
+<div class="line"><a id="l00159" name="l00159"></a><span class="lineno">  159</span>        <span class="keywordflow">case</span> Terminated: <span class="keywordflow">return</span> <span class="stringliteral">&quot;Terminated&quot;</span>;</div>
+<div class="line"><a id="l00160" name="l00160"></a><span class="lineno">  160</span>        <span class="keywordflow">case</span> Waiting: <span class="keywordflow">return</span> <span class="stringliteral">&quot;Waiting&quot;</span>;</div>
+<div class="line"><a id="l00161" name="l00161"></a><span class="lineno">  161</span>        <span class="keywordflow">case</span> Transition: <span class="keywordflow">return</span> <span class="stringliteral">&quot;Transition&quot;</span>;</div>
+<div class="line"><a id="l00162" name="l00162"></a><span class="lineno">  162</span>        <span class="keywordflow">case</span> DeferredReady: <span class="keywordflow">return</span> <span class="stringliteral">&quot;DeferredReady&quot;</span>;</div>
+<div class="line"><a id="l00163" name="l00163"></a><span class="lineno">  163</span>        <span class="keywordflow">case</span> GateWaitObsolete: <span class="keywordflow">return</span> <span class="stringliteral">&quot;GateWaitObsolete&quot;</span>;</div>
+<div class="line"><a id="l00164" name="l00164"></a><span class="lineno">  164</span>        <span class="keywordflow">case</span> WaitingForProcessInSwap: <span class="keywordflow">return</span> <span class="stringliteral">&quot;WaitingForProcessInSwap&quot;</span>;</div>
+<div class="line"><a id="l00165" name="l00165"></a><span class="lineno">  165</span>    }</div>
+<div class="line"><a id="l00166" name="l00166"></a><span class="lineno">  166</span>    std::stringstream ss;</div>
+<div class="line"><a id="l00167" name="l00167"></a><span class="lineno">  167</span>    ss &lt;&lt; <span class="stringliteral">&quot;Other: &quot;</span> &lt;&lt; std::dec &lt;&lt; <a class="code hl_variable" href="classpesieve_1_1_thread_scan_report.html#aa4cc4cdcfd7be649a00dd57d46b70317">thread_state</a>;</div>
+<div class="line"><a id="l00168" name="l00168"></a><span class="lineno">  168</span>    <span class="keywordflow">return</span> ss.str();</div>
+<div class="line"><a id="l00169" name="l00169"></a><span class="lineno">  169</span>}</div>
 </div>
-<div class="line"><a id="l00169" name="l00169"></a><span class="lineno">  169</span> </div>
-<div class="line"><a id="l00170" name="l00170"></a><span class="lineno">  170</span><span class="comment">//---</span></div>
-<div class="line"><a id="l00171" name="l00171"></a><span class="lineno">  171</span> </div>
-<div class="foldopen" id="foldopen00172" data-start="{" data-end="}">
-<div class="line"><a id="l00172" name="l00172"></a><span class="lineno"><a class="line" href="classpesieve_1_1_thread_scanner.html#aed5b08704f3c1e96e9d8e00b05c7768f">  172</a></span><span class="keywordtype">bool</span> <a class="code hl_function" href="classpesieve_1_1_thread_scanner.html#aed5b08704f3c1e96e9d8e00b05c7768f">pesieve::ThreadScanner::checkReturnAddrIntegrity</a>(IN <span class="keyword">const</span> std::vector&lt;ULONGLONG&gt;&amp; callStack)</div>
-<div class="line"><a id="l00173" name="l00173"></a><span class="lineno">  173</span>{</div>
-<div class="line"><a id="l00174" name="l00174"></a><span class="lineno">  174</span>    <span class="keywordflow">if</span> (this-&gt;<a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.last_syscall == <a class="code hl_define" href="threads__util_8h.html#aab88471ac182a9537e03a6724162d96d">INVALID_SYSCALL</a> || !symbols || !callStack.size() || !<a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.is_extended || !<a class="code hl_variable" href="pe__sieve_8cpp.html#ad9b41a5c4eaa3b01ef3ad5301c987c77">g_SyscallTable</a>.<a class="code hl_function" href="structpesieve_1_1_syscall_table.html#a88e2aaa8bdf47d29d611c198a49bcf97">isReady</a>()) {</div>
-<div class="line"><a id="l00175" name="l00175"></a><span class="lineno">  175</span>        <span class="keywordflow">return</span> <span class="keyword">true</span>; <span class="comment">// skip the check</span></div>
-<div class="line"><a id="l00176" name="l00176"></a><span class="lineno">  176</span>    }</div>
-<div class="line"><a id="l00177" name="l00177"></a><span class="lineno">  177</span>    <span class="keyword">const</span> std::string syscallFuncName = <a class="code hl_variable" href="pe__sieve_8cpp.html#ad9b41a5c4eaa3b01ef3ad5301c987c77">g_SyscallTable</a>.<a class="code hl_function" href="structpesieve_1_1_syscall_table.html#a8861442dc69bfcc4bdd042cee33d444b">getSyscallName</a>(this-&gt;<a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.last_syscall);</div>
-<div class="line"><a id="l00178" name="l00178"></a><span class="lineno">  178</span> </div>
-<div class="line"><a id="l00179" name="l00179"></a><span class="lineno">  179</span>    <span class="keyword">const</span> ULONGLONG lastCalled = *callStack.begin();</div>
-<div class="line"><a id="l00180" name="l00180"></a><span class="lineno">  180</span>    <span class="keyword">const</span> std::string lastFuncCalled = symbols-&gt;funcNameFromAddr(lastCalled);</div>
-<div class="line"><a id="l00181" name="l00181"></a><span class="lineno">  181</span> </div>
-<div class="line"><a id="l00182" name="l00182"></a><span class="lineno">  182</span>    <span class="keywordflow">if</span> (<a class="code hl_function" href="structpesieve_1_1_syscall_table.html#a14a36e5a99adfc3322ab8f2b96d1faf2">SyscallTable::isSameSyscallFunc</a>(syscallFuncName, lastFuncCalled)) {</div>
-<div class="line"><a id="l00183" name="l00183"></a><span class="lineno">  183</span>        <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
-<div class="line"><a id="l00184" name="l00184"></a><span class="lineno">  184</span>    }</div>
-<div class="line"><a id="l00185" name="l00185"></a><span class="lineno">  185</span>    <span class="keywordflow">if</span> (this-&gt;<a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.ext.wait_reason == Suspended &amp;&amp; callStack.size() == 1 &amp;&amp; lastFuncCalled == <span class="stringliteral">&quot;RtlUserThreadStart&quot;</span> &amp;&amp; this-&gt;info.last_syscall == 0) {</div>
-<div class="line"><a id="l00186" name="l00186"></a><span class="lineno">  186</span>        <span class="keywordflow">return</span> <span class="keyword">true</span>; <span class="comment">//normal for suspended threads</span></div>
+<div class="line"><a id="l00170" name="l00170"></a><span class="lineno">  170</span> </div>
+<div class="line"><a id="l00171" name="l00171"></a><span class="lineno">  171</span><span class="comment">//---</span></div>
+<div class="line"><a id="l00172" name="l00172"></a><span class="lineno">  172</span> </div>
+<div class="foldopen" id="foldopen00173" data-start="{" data-end="}">
+<div class="line"><a id="l00173" name="l00173"></a><span class="lineno"><a class="line" href="classpesieve_1_1_thread_scanner.html#aed5b08704f3c1e96e9d8e00b05c7768f">  173</a></span><span class="keywordtype">bool</span> <a class="code hl_function" href="classpesieve_1_1_thread_scanner.html#aed5b08704f3c1e96e9d8e00b05c7768f">pesieve::ThreadScanner::checkReturnAddrIntegrity</a>(IN <span class="keyword">const</span> std::vector&lt;ULONGLONG&gt;&amp; callStack)</div>
+<div class="line"><a id="l00174" name="l00174"></a><span class="lineno">  174</span>{</div>
+<div class="line"><a id="l00175" name="l00175"></a><span class="lineno">  175</span>    <span class="keywordflow">if</span> (this-&gt;<a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.last_syscall == <a class="code hl_define" href="threads__util_8h.html#aab88471ac182a9537e03a6724162d96d">INVALID_SYSCALL</a> || !symbols || !callStack.size() || !<a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.is_extended || !<a class="code hl_variable" href="pe__sieve_8cpp.html#ad9b41a5c4eaa3b01ef3ad5301c987c77">g_SyscallTable</a>.<a class="code hl_function" href="structpesieve_1_1_syscall_table.html#a88e2aaa8bdf47d29d611c198a49bcf97">isReady</a>()) {</div>
+<div class="line"><a id="l00176" name="l00176"></a><span class="lineno">  176</span>        <span class="keywordflow">return</span> <span class="keyword">true</span>; <span class="comment">// skip the check</span></div>
+<div class="line"><a id="l00177" name="l00177"></a><span class="lineno">  177</span>    }</div>
+<div class="line"><a id="l00178" name="l00178"></a><span class="lineno">  178</span>    <span class="keyword">const</span> std::string syscallFuncName = <a class="code hl_variable" href="pe__sieve_8cpp.html#ad9b41a5c4eaa3b01ef3ad5301c987c77">g_SyscallTable</a>.<a class="code hl_function" href="structpesieve_1_1_syscall_table.html#a8861442dc69bfcc4bdd042cee33d444b">getSyscallName</a>(this-&gt;<a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.last_syscall);</div>
+<div class="line"><a id="l00179" name="l00179"></a><span class="lineno">  179</span> </div>
+<div class="line"><a id="l00180" name="l00180"></a><span class="lineno">  180</span>    <span class="keyword">const</span> ULONGLONG lastCalled = *callStack.begin();</div>
+<div class="line"><a id="l00181" name="l00181"></a><span class="lineno">  181</span>    <span class="keyword">const</span> std::string lastFuncCalled = symbols-&gt;funcNameFromAddr(lastCalled);</div>
+<div class="line"><a id="l00182" name="l00182"></a><span class="lineno">  182</span>    <span class="keywordflow">if</span> (callStack.size() == 1) {</div>
+<div class="line"><a id="l00183" name="l00183"></a><span class="lineno">  183</span>        <span class="keywordflow">if</span> (this-&gt;<a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.ext.wait_reason == Suspended &amp;&amp; lastFuncCalled == <span class="stringliteral">&quot;RtlUserThreadStart&quot;</span> &amp;&amp; this-&gt;info.last_syscall == 0) {</div>
+<div class="line"><a id="l00184" name="l00184"></a><span class="lineno">  184</span>            <span class="keywordflow">return</span> <span class="keyword">true</span>; <span class="comment">//normal for suspended threads</span></div>
+<div class="line"><a id="l00185" name="l00185"></a><span class="lineno">  185</span>        }</div>
+<div class="line"><a id="l00186" name="l00186"></a><span class="lineno">  186</span>        <span class="keywordflow">return</span> <span class="keyword">false</span>; <span class="comment">// otherwise it is an anomaly</span></div>
 <div class="line"><a id="l00187" name="l00187"></a><span class="lineno">  187</span>    }</div>
-<div class="line"><a id="l00188" name="l00188"></a><span class="lineno">  188</span>    <span class="keywordflow">if</span> (this-&gt;<a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.ext.wait_reason == UserRequest &amp;&amp; syscallFuncName == <span class="stringliteral">&quot;NtWaitForSingleObject&quot;</span>) {</div>
-<div class="line"><a id="l00189" name="l00189"></a><span class="lineno">  189</span>        <span class="keywordflow">if</span> (lastFuncCalled.rfind(<span class="stringliteral">&quot;NtQuery&quot;</span>, 0) == 0 || lastFuncCalled.rfind(<span class="stringliteral">&quot;ZwQuery&quot;</span>, 0) == 0) {</div>
-<div class="line"><a id="l00190" name="l00190"></a><span class="lineno">  190</span>            <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
-<div class="line"><a id="l00191" name="l00191"></a><span class="lineno">  191</span>        }</div>
+<div class="line"><a id="l00188" name="l00188"></a><span class="lineno">  188</span><span class="preprocessor">#ifndef _WIN64</span></div>
+<div class="line"><a id="l00189" name="l00189"></a><span class="lineno">  189</span>    <span class="keyword">static</span> <span class="keywordtype">bool</span> isWow64 = <a class="code hl_function" href="namespacepesieve_1_1util.html#a8d7eb7eb1b3e3c05251341d0c14d82be">util::is_current_wow64</a>();</div>
+<div class="line"><a id="l00190" name="l00190"></a><span class="lineno">  190</span>    <span class="keywordflow">if</span> (!isWow64 &amp;&amp; lastFuncCalled == <span class="stringliteral">&quot;KiFastSystemCallRet&quot;</span>) {</div>
+<div class="line"><a id="l00191" name="l00191"></a><span class="lineno">  191</span>        <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
 <div class="line"><a id="l00192" name="l00192"></a><span class="lineno">  192</span>    }</div>
-<div class="line"><a id="l00193" name="l00193"></a><span class="lineno">  193</span>    <span class="keywordflow">if</span> (syscallFuncName == <span class="stringliteral">&quot;NtCallbackReturn&quot;</span>) {</div>
-<div class="line"><a id="l00194" name="l00194"></a><span class="lineno">  194</span>        <span class="keyword">const</span> <a class="code hl_class" href="classpesieve_1_1_scanned_module.html">ScannedModule</a>* mod = modulesInfo.findModuleContaining(lastCalled);</div>
-<div class="line"><a id="l00195" name="l00195"></a><span class="lineno">  195</span>        <span class="keywordflow">if</span> (mod &amp;&amp; mod-&gt;<a class="code hl_function" href="classpesieve_1_1_scanned_module.html#a032f8ad62f6bd513835a020fa8f55abb">getModName</a>() == <span class="stringliteral">&quot;win32u.dll&quot;</span>) <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
+<div class="line"><a id="l00193" name="l00193"></a><span class="lineno">  193</span><span class="preprocessor">#endif</span></div>
+<div class="line"><a id="l00194" name="l00194"></a><span class="lineno">  194</span>    <span class="keywordflow">if</span> (<a class="code hl_function" href="structpesieve_1_1_syscall_table.html#a14a36e5a99adfc3322ab8f2b96d1faf2">SyscallTable::isSameSyscallFunc</a>(syscallFuncName, lastFuncCalled)) {</div>
+<div class="line"><a id="l00195" name="l00195"></a><span class="lineno">  195</span>        <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
 <div class="line"><a id="l00196" name="l00196"></a><span class="lineno">  196</span>    }</div>
-<div class="line"><a id="l00197" name="l00197"></a><span class="lineno">  197</span><span class="preprocessor">#ifdef _SHOW_THREAD_INFO</span></div>
-<div class="line"><a id="l00198" name="l00198"></a><span class="lineno">  198</span>    std::cout &lt;&lt; <span class="stringliteral">&quot;\n#### TID=&quot;</span> &lt;&lt; std::dec &lt;&lt;<a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.tid &lt;&lt; <span class="stringliteral">&quot; &quot;</span> &lt;&lt; syscallFuncName &lt;&lt; <span class="stringliteral">&quot; VS &quot;</span> &lt;&lt; lastFuncCalled &lt;&lt; <span class="stringliteral">&quot; DIFFERENT&quot;</span>&lt;&lt; std::endl;</div>
-<div class="line"><a id="l00199" name="l00199"></a><span class="lineno">  199</span>    printThreadInfo(<a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>);</div>
-<div class="line"><a id="l00200" name="l00200"></a><span class="lineno">  200</span>    std::cout &lt;&lt; <span class="stringliteral">&quot;STACK:\n&quot;</span>;</div>
-<div class="line"><a id="l00201" name="l00201"></a><span class="lineno">  201</span>    <span class="keywordflow">for</span> (<span class="keyword">auto</span> itr = callStack.rbegin(); itr != callStack.rend(); ++itr) {</div>
-<div class="line"><a id="l00202" name="l00202"></a><span class="lineno">  202</span>        ULONGLONG next_return = *itr;</div>
-<div class="line"><a id="l00203" name="l00203"></a><span class="lineno">  203</span>        symbols-&gt;dumpSymbolInfo(next_return);</div>
-<div class="line"><a id="l00204" name="l00204"></a><span class="lineno">  204</span>        std::cout &lt;&lt; <span class="stringliteral">&quot;\t&quot;</span>;</div>
-<div class="line"><a id="l00205" name="l00205"></a><span class="lineno">  205</span>        printResolvedAddr(next_return);</div>
+<div class="line"><a id="l00197" name="l00197"></a><span class="lineno">  197</span> </div>
+<div class="line"><a id="l00198" name="l00198"></a><span class="lineno">  198</span>    <span class="keywordflow">if</span> (this-&gt;<a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.ext.wait_reason == UserRequest &amp;&amp; syscallFuncName == <span class="stringliteral">&quot;NtWaitForSingleObject&quot;</span>) {</div>
+<div class="line"><a id="l00199" name="l00199"></a><span class="lineno">  199</span>        <span class="keywordflow">if</span> (lastFuncCalled.rfind(<span class="stringliteral">&quot;NtQuery&quot;</span>, 0) == 0 || lastFuncCalled.rfind(<span class="stringliteral">&quot;ZwQuery&quot;</span>, 0) == 0) {</div>
+<div class="line"><a id="l00200" name="l00200"></a><span class="lineno">  200</span>            <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
+<div class="line"><a id="l00201" name="l00201"></a><span class="lineno">  201</span>        }</div>
+<div class="line"><a id="l00202" name="l00202"></a><span class="lineno">  202</span>    }</div>
+<div class="line"><a id="l00203" name="l00203"></a><span class="lineno">  203</span>    <span class="keywordflow">if</span> (syscallFuncName == <span class="stringliteral">&quot;NtCallbackReturn&quot;</span>) {</div>
+<div class="line"><a id="l00204" name="l00204"></a><span class="lineno">  204</span>        <span class="keyword">const</span> <a class="code hl_class" href="classpesieve_1_1_scanned_module.html">ScannedModule</a>* mod = modulesInfo.findModuleContaining(lastCalled);</div>
+<div class="line"><a id="l00205" name="l00205"></a><span class="lineno">  205</span>        <span class="keywordflow">if</span> (mod &amp;&amp; mod-&gt;<a class="code hl_function" href="classpesieve_1_1_scanned_module.html#a032f8ad62f6bd513835a020fa8f55abb">getModName</a>() == <span class="stringliteral">&quot;win32u.dll&quot;</span>) <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
 <div class="line"><a id="l00206" name="l00206"></a><span class="lineno">  206</span>    }</div>
-<div class="line"><a id="l00207" name="l00207"></a><span class="lineno">  207</span>    std::cout &lt;&lt; std::endl;</div>
-<div class="line"><a id="l00208" name="l00208"></a><span class="lineno">  208</span><span class="preprocessor">#endif </span><span class="comment">//_SHOW_THREAD_INFO</span></div>
-<div class="line"><a id="l00209" name="l00209"></a><span class="lineno">  209</span>    <span class="keywordflow">return</span> <span class="keyword">false</span>;</div>
-<div class="line"><a id="l00210" name="l00210"></a><span class="lineno">  210</span>}</div>
+<div class="line"><a id="l00207" name="l00207"></a><span class="lineno">  207</span><span class="preprocessor">#ifdef _SHOW_THREAD_INFO</span></div>
+<div class="line"><a id="l00208" name="l00208"></a><span class="lineno">  208</span>    std::cout &lt;&lt; <span class="stringliteral">&quot;\n#### TID=&quot;</span> &lt;&lt; std::dec &lt;&lt;<a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.tid &lt;&lt; <span class="stringliteral">&quot; &quot;</span> &lt;&lt; syscallFuncName &lt;&lt; <span class="stringliteral">&quot; VS &quot;</span> &lt;&lt; lastFuncCalled &lt;&lt; <span class="stringliteral">&quot; DIFFERENT&quot;</span>&lt;&lt; std::endl;</div>
+<div class="line"><a id="l00209" name="l00209"></a><span class="lineno">  209</span>    printThreadInfo(<a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>);</div>
+<div class="line"><a id="l00210" name="l00210"></a><span class="lineno">  210</span>    std::cout &lt;&lt; <span class="stringliteral">&quot;STACK:\n&quot;</span>;</div>
+<div class="line"><a id="l00211" name="l00211"></a><span class="lineno">  211</span>    <span class="keywordflow">for</span> (<span class="keyword">auto</span> itr = callStack.rbegin(); itr != callStack.rend(); ++itr) {</div>
+<div class="line"><a id="l00212" name="l00212"></a><span class="lineno">  212</span>        ULONGLONG next_return = *itr;</div>
+<div class="line"><a id="l00213" name="l00213"></a><span class="lineno">  213</span>        symbols-&gt;dumpSymbolInfo(next_return);</div>
+<div class="line"><a id="l00214" name="l00214"></a><span class="lineno">  214</span>        std::cout &lt;&lt; <span class="stringliteral">&quot;\t&quot;</span>;</div>
+<div class="line"><a id="l00215" name="l00215"></a><span class="lineno">  215</span>        printResolvedAddr(next_return);</div>
+<div class="line"><a id="l00216" name="l00216"></a><span class="lineno">  216</span>    }</div>
+<div class="line"><a id="l00217" name="l00217"></a><span class="lineno">  217</span>    std::cout &lt;&lt; std::endl;</div>
+<div class="line"><a id="l00218" name="l00218"></a><span class="lineno">  218</span><span class="preprocessor">#endif </span><span class="comment">//_SHOW_THREAD_INFO</span></div>
+<div class="line"><a id="l00219" name="l00219"></a><span class="lineno">  219</span>    <span class="keywordflow">return</span> <span class="keyword">false</span>;</div>
+<div class="line"><a id="l00220" name="l00220"></a><span class="lineno">  220</span>}</div>
 </div>
-<div class="line"><a id="l00211" name="l00211"></a><span class="lineno">  211</span> </div>
-<div class="foldopen" id="foldopen00212" data-start="{" data-end="}">
-<div class="line"><a id="l00212" name="l00212"></a><span class="lineno"><a class="line" href="classpesieve_1_1_thread_scanner.html#aaaaef1f47c9746bbc346b00b7da57f6b">  212</a></span><span class="keywordtype">size_t</span> <a class="code hl_function" href="classpesieve_1_1_thread_scanner.html#aaaaef1f47c9746bbc346b00b7da57f6b">pesieve::ThreadScanner::analyzeCallStack</a>(IN <span class="keyword">const</span> std::vector&lt;ULONGLONG&gt; call_stack, IN OUT <a class="code hl_struct" href="structpesieve_1_1__ctx__details.html">ctx_details</a>&amp; cDetails)</div>
-<div class="line"><a id="l00213" name="l00213"></a><span class="lineno">  213</span>{</div>
-<div class="line"><a id="l00214" name="l00214"></a><span class="lineno">  214</span>    <span class="keywordtype">size_t</span> processedCntr = 0;</div>
-<div class="line"><a id="l00215" name="l00215"></a><span class="lineno">  215</span> </div>
-<div class="line"><a id="l00216" name="l00216"></a><span class="lineno">  216</span>    cDetails.is_managed = <span class="keyword">false</span>;</div>
-<div class="line"><a id="l00217" name="l00217"></a><span class="lineno">  217</span>    cDetails.stackFramesCount = call_stack.size();</div>
-<div class="line"><a id="l00218" name="l00218"></a><span class="lineno">  218</span>    cDetails.is_ret_in_frame = <span class="keyword">false</span>;</div>
-<div class="line"><a id="l00219" name="l00219"></a><span class="lineno">  219</span><span class="preprocessor">#ifdef _SHOW_THREAD_INFO</span></div>
-<div class="line"><a id="l00220" name="l00220"></a><span class="lineno">  220</span>    std::cout &lt;&lt; <span class="stringliteral">&quot;\n&quot;</span> &lt;&lt; <span class="stringliteral">&quot;Stack frame Size: &quot;</span> &lt;&lt; std::dec &lt;&lt; call_stack.size() &lt;&lt; <span class="stringliteral">&quot;\n===\n&quot;</span>;</div>
-<div class="line"><a id="l00221" name="l00221"></a><span class="lineno">  221</span><span class="preprocessor">#endif </span><span class="comment">//_SHOW_THREAD_INFO</span></div>
-<div class="line"><a id="l00222" name="l00222"></a><span class="lineno">  222</span>    <span class="keywordflow">for</span> (<span class="keyword">auto</span> itr = call_stack.rbegin(); itr != call_stack.rend() ;++itr, ++processedCntr) {</div>
-<div class="line"><a id="l00223" name="l00223"></a><span class="lineno">  223</span>        <span class="keyword">const</span> ULONGLONG next_return = *itr;</div>
-<div class="line"><a id="l00224" name="l00224"></a><span class="lineno">  224</span>        <span class="keywordflow">if</span> (cDetails.ret_on_stack == next_return) {</div>
-<div class="line"><a id="l00225" name="l00225"></a><span class="lineno">  225</span>            cDetails.is_ret_in_frame = <span class="keyword">true</span>;</div>
-<div class="line"><a id="l00226" name="l00226"></a><span class="lineno">  226</span>        }</div>
-<div class="line"><a id="l00227" name="l00227"></a><span class="lineno">  227</span><span class="preprocessor">#ifdef _SHOW_THREAD_INFO</span></div>
-<div class="line"><a id="l00228" name="l00228"></a><span class="lineno">  228</span>        <span class="keywordflow">if</span> (symbols) {</div>
-<div class="line"><a id="l00229" name="l00229"></a><span class="lineno">  229</span>            symbols-&gt;dumpSymbolInfo(next_return);</div>
-<div class="line"><a id="l00230" name="l00230"></a><span class="lineno">  230</span>        }</div>
-<div class="line"><a id="l00231" name="l00231"></a><span class="lineno">  231</span>        std::cout &lt;&lt; <span class="stringliteral">&quot;\t&quot;</span>;</div>
-<div class="line"><a id="l00232" name="l00232"></a><span class="lineno">  232</span>        printResolvedAddr(next_return);</div>
-<div class="line"><a id="l00233" name="l00233"></a><span class="lineno">  233</span><span class="preprocessor">#endif </span><span class="comment">//_SHOW_THREAD_INFO</span></div>
-<div class="line"><a id="l00234" name="l00234"></a><span class="lineno">  234</span>        <span class="keywordtype">bool</span> is_curr_shc = <span class="keyword">false</span>;</div>
-<div class="line"><a id="l00235" name="l00235"></a><span class="lineno">  235</span>        <span class="keyword">const</span> <a class="code hl_class" href="classpesieve_1_1_scanned_module.html">ScannedModule</a>* mod = modulesInfo.findModuleContaining(next_return);</div>
-<div class="line"><a id="l00236" name="l00236"></a><span class="lineno">  236</span>        <span class="keyword">const</span> std::string mod_name = mod ? mod-&gt;<a class="code hl_function" href="classpesieve_1_1_scanned_module.html#a032f8ad62f6bd513835a020fa8f55abb">getModName</a>() : <span class="stringliteral">&quot;&quot;</span>;</div>
-<div class="line"><a id="l00237" name="l00237"></a><span class="lineno">  237</span>        <span class="keywordflow">if</span> (mod_name.length() == 0) {</div>
-<div class="line"><a id="l00238" name="l00238"></a><span class="lineno">  238</span>            <span class="keywordflow">if</span> (!cDetails.is_managed) {</div>
-<div class="line"><a id="l00239" name="l00239"></a><span class="lineno">  239</span>                is_curr_shc = <span class="keyword">true</span>;</div>
-<div class="line"><a id="l00240" name="l00240"></a><span class="lineno">  240</span>                cDetails.shcCandidates.insert(next_return);</div>
-<div class="line"><a id="l00241" name="l00241"></a><span class="lineno">  241</span><span class="preprocessor">#ifdef _SHOW_THREAD_INFO</span></div>
-<div class="line"><a id="l00242" name="l00242"></a><span class="lineno">  242</span>                std::cout &lt;&lt; <span class="stringliteral">&quot;\t&quot;</span> &lt;&lt; std::hex &lt;&lt; next_return &lt;&lt; <span class="stringliteral">&quot; &lt;=== SHELLCODE\n&quot;</span>;</div>
+<div class="line"><a id="l00221" name="l00221"></a><span class="lineno">  221</span> </div>
+<div class="foldopen" id="foldopen00222" data-start="{" data-end="}">
+<div class="line"><a id="l00222" name="l00222"></a><span class="lineno"><a class="line" href="classpesieve_1_1_thread_scanner.html#aaaaef1f47c9746bbc346b00b7da57f6b">  222</a></span><span class="keywordtype">size_t</span> <a class="code hl_function" href="classpesieve_1_1_thread_scanner.html#aaaaef1f47c9746bbc346b00b7da57f6b">pesieve::ThreadScanner::analyzeCallStack</a>(IN <span class="keyword">const</span> std::vector&lt;ULONGLONG&gt; call_stack, IN OUT <a class="code hl_struct" href="structpesieve_1_1__ctx__details.html">ctx_details</a>&amp; cDetails)</div>
+<div class="line"><a id="l00223" name="l00223"></a><span class="lineno">  223</span>{</div>
+<div class="line"><a id="l00224" name="l00224"></a><span class="lineno">  224</span>    <span class="keywordtype">size_t</span> processedCntr = 0;</div>
+<div class="line"><a id="l00225" name="l00225"></a><span class="lineno">  225</span> </div>
+<div class="line"><a id="l00226" name="l00226"></a><span class="lineno">  226</span>    cDetails.is_managed = <span class="keyword">false</span>;</div>
+<div class="line"><a id="l00227" name="l00227"></a><span class="lineno">  227</span>    cDetails.stackFramesCount = call_stack.size();</div>
+<div class="line"><a id="l00228" name="l00228"></a><span class="lineno">  228</span>    cDetails.is_ret_in_frame = <span class="keyword">false</span>;</div>
+<div class="line"><a id="l00229" name="l00229"></a><span class="lineno">  229</span><span class="preprocessor">#ifdef _SHOW_THREAD_INFO</span></div>
+<div class="line"><a id="l00230" name="l00230"></a><span class="lineno">  230</span>    std::cout &lt;&lt; <span class="stringliteral">&quot;\n&quot;</span> &lt;&lt; <span class="stringliteral">&quot;Stack frame Size: &quot;</span> &lt;&lt; std::dec &lt;&lt; call_stack.size() &lt;&lt; <span class="stringliteral">&quot;\n===\n&quot;</span>;</div>
+<div class="line"><a id="l00231" name="l00231"></a><span class="lineno">  231</span><span class="preprocessor">#endif </span><span class="comment">//_SHOW_THREAD_INFO</span></div>
+<div class="line"><a id="l00232" name="l00232"></a><span class="lineno">  232</span>    <span class="keywordflow">for</span> (<span class="keyword">auto</span> itr = call_stack.rbegin(); itr != call_stack.rend() ;++itr, ++processedCntr) {</div>
+<div class="line"><a id="l00233" name="l00233"></a><span class="lineno">  233</span>        <span class="keyword">const</span> ULONGLONG next_return = *itr;</div>
+<div class="line"><a id="l00234" name="l00234"></a><span class="lineno">  234</span>        <span class="keywordflow">if</span> (cDetails.ret_on_stack == next_return) {</div>
+<div class="line"><a id="l00235" name="l00235"></a><span class="lineno">  235</span>            cDetails.is_ret_in_frame = <span class="keyword">true</span>;</div>
+<div class="line"><a id="l00236" name="l00236"></a><span class="lineno">  236</span>        }</div>
+<div class="line"><a id="l00237" name="l00237"></a><span class="lineno">  237</span><span class="preprocessor">#ifdef _SHOW_THREAD_INFO</span></div>
+<div class="line"><a id="l00238" name="l00238"></a><span class="lineno">  238</span>        <span class="keywordflow">if</span> (symbols) {</div>
+<div class="line"><a id="l00239" name="l00239"></a><span class="lineno">  239</span>            symbols-&gt;dumpSymbolInfo(next_return);</div>
+<div class="line"><a id="l00240" name="l00240"></a><span class="lineno">  240</span>        }</div>
+<div class="line"><a id="l00241" name="l00241"></a><span class="lineno">  241</span>        std::cout &lt;&lt; <span class="stringliteral">&quot;\t&quot;</span>;</div>
+<div class="line"><a id="l00242" name="l00242"></a><span class="lineno">  242</span>        printResolvedAddr(next_return);</div>
 <div class="line"><a id="l00243" name="l00243"></a><span class="lineno">  243</span><span class="preprocessor">#endif </span><span class="comment">//_SHOW_THREAD_INFO</span></div>
-<div class="line"><a id="l00244" name="l00244"></a><span class="lineno">  244</span>            } <span class="keywordflow">else</span> {</div>
-<div class="line"><a id="l00245" name="l00245"></a><span class="lineno">  245</span><span class="preprocessor">#ifdef _SHOW_THREAD_INFO</span></div>
-<div class="line"><a id="l00246" name="l00246"></a><span class="lineno">  246</span>                std::cout &lt;&lt; <span class="stringliteral">&quot;\t&quot;</span> &lt;&lt; std::hex &lt;&lt; next_return &lt;&lt; <span class="stringliteral">&quot; &lt;=== .NET JIT\n&quot;</span>;</div>
-<div class="line"><a id="l00247" name="l00247"></a><span class="lineno">  247</span><span class="preprocessor">#endif </span><span class="comment">//_SHOW_THREAD_INFO</span></div>
-<div class="line"><a id="l00248" name="l00248"></a><span class="lineno">  248</span>            }</div>
-<div class="line"><a id="l00249" name="l00249"></a><span class="lineno">  249</span>        }</div>
-<div class="line"><a id="l00250" name="l00250"></a><span class="lineno">  250</span>        <span class="keywordflow">if</span> (!is_curr_shc) {</div>
-<div class="line"><a id="l00251" name="l00251"></a><span class="lineno">  251</span>            <span class="comment">// store the last address, till the first called shellcode:</span></div>
-<div class="line"><a id="l00252" name="l00252"></a><span class="lineno">  252</span>            cDetails.last_ret = next_return;</div>
-<div class="line"><a id="l00253" name="l00253"></a><span class="lineno">  253</span>        }</div>
-<div class="line"><a id="l00254" name="l00254"></a><span class="lineno">  254</span>        <span class="comment">// check if the found shellcode is a .NET JIT:</span></div>
-<div class="line"><a id="l00255" name="l00255"></a><span class="lineno">  255</span>        <span class="keywordflow">if</span> (mod_name == <span class="stringliteral">&quot;clr.dll&quot;</span> || mod_name == <span class="stringliteral">&quot;coreclr.dll&quot;</span>) {</div>
-<div class="line"><a id="l00256" name="l00256"></a><span class="lineno">  256</span>            cDetails.is_managed = <span class="keyword">true</span>;</div>
-<div class="line"><a id="l00257" name="l00257"></a><span class="lineno">  257</span><span class="preprocessor">#ifdef _SHOW_THREAD_INFO</span></div>
-<div class="line"><a id="l00258" name="l00258"></a><span class="lineno">  258</span>            std::cout &lt;&lt; <span class="stringliteral">&quot;\t&quot;</span> &lt;&lt; std::hex &lt;&lt; next_return &lt;&lt; <span class="stringliteral">&quot; &lt;--- .NET\n&quot;</span>;</div>
-<div class="line"><a id="l00259" name="l00259"></a><span class="lineno">  259</span><span class="preprocessor">#endif </span><span class="comment">//_SHOW_THREAD_INFO</span></div>
-<div class="line"><a id="l00260" name="l00260"></a><span class="lineno">  260</span>        }</div>
-<div class="line"><a id="l00261" name="l00261"></a><span class="lineno">  261</span>    }</div>
-<div class="line"><a id="l00262" name="l00262"></a><span class="lineno">  262</span><span class="preprocessor">#ifdef _SHOW_THREAD_INFO</span></div>
-<div class="line"><a id="l00263" name="l00263"></a><span class="lineno">  263</span>    std::cout &lt;&lt; <span class="stringliteral">&quot;\n===\n&quot;</span>;</div>
-<div class="line"><a id="l00264" name="l00264"></a><span class="lineno">  264</span><span class="preprocessor">#endif </span><span class="comment">//_SHOW_THREAD_INFO</span></div>
-<div class="line"><a id="l00265" name="l00265"></a><span class="lineno">  265</span>    <span class="keywordflow">return</span> processedCntr;</div>
-<div class="line"><a id="l00266" name="l00266"></a><span class="lineno">  266</span>}</div>
+<div class="line"><a id="l00244" name="l00244"></a><span class="lineno">  244</span>        <span class="keywordtype">bool</span> is_curr_shc = <span class="keyword">false</span>;</div>
+<div class="line"><a id="l00245" name="l00245"></a><span class="lineno">  245</span>        <span class="keyword">const</span> <a class="code hl_class" href="classpesieve_1_1_scanned_module.html">ScannedModule</a>* mod = modulesInfo.findModuleContaining(next_return);</div>
+<div class="line"><a id="l00246" name="l00246"></a><span class="lineno">  246</span>        <span class="keyword">const</span> std::string mod_name = mod ? mod-&gt;<a class="code hl_function" href="classpesieve_1_1_scanned_module.html#a032f8ad62f6bd513835a020fa8f55abb">getModName</a>() : <span class="stringliteral">&quot;&quot;</span>;</div>
+<div class="line"><a id="l00247" name="l00247"></a><span class="lineno">  247</span>        <span class="keywordflow">if</span> (mod_name.length() == 0) {</div>
+<div class="line"><a id="l00248" name="l00248"></a><span class="lineno">  248</span>            <span class="keywordflow">if</span> (!cDetails.is_managed) {</div>
+<div class="line"><a id="l00249" name="l00249"></a><span class="lineno">  249</span>                is_curr_shc = <span class="keyword">true</span>;</div>
+<div class="line"><a id="l00250" name="l00250"></a><span class="lineno">  250</span>                cDetails.shcCandidates.insert(next_return);</div>
+<div class="line"><a id="l00251" name="l00251"></a><span class="lineno">  251</span><span class="preprocessor">#ifdef _SHOW_THREAD_INFO</span></div>
+<div class="line"><a id="l00252" name="l00252"></a><span class="lineno">  252</span>                std::cout &lt;&lt; <span class="stringliteral">&quot;\t&quot;</span> &lt;&lt; std::hex &lt;&lt; next_return &lt;&lt; <span class="stringliteral">&quot; &lt;=== SHELLCODE\n&quot;</span>;</div>
+<div class="line"><a id="l00253" name="l00253"></a><span class="lineno">  253</span><span class="preprocessor">#endif </span><span class="comment">//_SHOW_THREAD_INFO</span></div>
+<div class="line"><a id="l00254" name="l00254"></a><span class="lineno">  254</span>            } <span class="keywordflow">else</span> {</div>
+<div class="line"><a id="l00255" name="l00255"></a><span class="lineno">  255</span><span class="preprocessor">#ifdef _SHOW_THREAD_INFO</span></div>
+<div class="line"><a id="l00256" name="l00256"></a><span class="lineno">  256</span>                std::cout &lt;&lt; <span class="stringliteral">&quot;\t&quot;</span> &lt;&lt; std::hex &lt;&lt; next_return &lt;&lt; <span class="stringliteral">&quot; &lt;=== .NET JIT\n&quot;</span>;</div>
+<div class="line"><a id="l00257" name="l00257"></a><span class="lineno">  257</span><span class="preprocessor">#endif </span><span class="comment">//_SHOW_THREAD_INFO</span></div>
+<div class="line"><a id="l00258" name="l00258"></a><span class="lineno">  258</span>            }</div>
+<div class="line"><a id="l00259" name="l00259"></a><span class="lineno">  259</span>        }</div>
+<div class="line"><a id="l00260" name="l00260"></a><span class="lineno">  260</span>        <span class="keywordflow">if</span> (!is_curr_shc) {</div>
+<div class="line"><a id="l00261" name="l00261"></a><span class="lineno">  261</span>            <span class="comment">// store the last address, till the first called shellcode:</span></div>
+<div class="line"><a id="l00262" name="l00262"></a><span class="lineno">  262</span>            cDetails.last_ret = next_return;</div>
+<div class="line"><a id="l00263" name="l00263"></a><span class="lineno">  263</span>        }</div>
+<div class="line"><a id="l00264" name="l00264"></a><span class="lineno">  264</span>        <span class="comment">// check if the found shellcode is a .NET JIT:</span></div>
+<div class="line"><a id="l00265" name="l00265"></a><span class="lineno">  265</span>        <span class="keywordflow">if</span> (mod_name == <span class="stringliteral">&quot;clr.dll&quot;</span> || mod_name == <span class="stringliteral">&quot;coreclr.dll&quot;</span>) {</div>
+<div class="line"><a id="l00266" name="l00266"></a><span class="lineno">  266</span>            cDetails.is_managed = <span class="keyword">true</span>;</div>
+<div class="line"><a id="l00267" name="l00267"></a><span class="lineno">  267</span><span class="preprocessor">#ifdef _SHOW_THREAD_INFO</span></div>
+<div class="line"><a id="l00268" name="l00268"></a><span class="lineno">  268</span>            std::cout &lt;&lt; <span class="stringliteral">&quot;\t&quot;</span> &lt;&lt; std::hex &lt;&lt; next_return &lt;&lt; <span class="stringliteral">&quot; &lt;--- .NET\n&quot;</span>;</div>
+<div class="line"><a id="l00269" name="l00269"></a><span class="lineno">  269</span><span class="preprocessor">#endif </span><span class="comment">//_SHOW_THREAD_INFO</span></div>
+<div class="line"><a id="l00270" name="l00270"></a><span class="lineno">  270</span>        }</div>
+<div class="line"><a id="l00271" name="l00271"></a><span class="lineno">  271</span>    }</div>
+<div class="line"><a id="l00272" name="l00272"></a><span class="lineno">  272</span><span class="preprocessor">#ifdef _SHOW_THREAD_INFO</span></div>
+<div class="line"><a id="l00273" name="l00273"></a><span class="lineno">  273</span>    std::cout &lt;&lt; <span class="stringliteral">&quot;\n===\n&quot;</span>;</div>
+<div class="line"><a id="l00274" name="l00274"></a><span class="lineno">  274</span><span class="preprocessor">#endif </span><span class="comment">//_SHOW_THREAD_INFO</span></div>
+<div class="line"><a id="l00275" name="l00275"></a><span class="lineno">  275</span>    <span class="keywordflow">return</span> processedCntr;</div>
+<div class="line"><a id="l00276" name="l00276"></a><span class="lineno">  276</span>}</div>
 </div>
-<div class="line"><a id="l00267" name="l00267"></a><span class="lineno">  267</span> </div>
-<div class="foldopen" id="foldopen00268" data-start="{" data-end="}">
-<div class="line"><a id="l00268" name="l00268"></a><span class="lineno"><a class="line" href="classpesieve_1_1_thread_scanner.html#a4bb1f60bbf77e4faed6d288ef3e83b9f">  268</a></span><span class="keywordtype">size_t</span> <a class="code hl_function" href="classpesieve_1_1_thread_scanner.html#a4bb1f60bbf77e4faed6d288ef3e83b9f">pesieve::ThreadScanner::fillCallStackInfo</a>(IN HANDLE hProcess, IN HANDLE hThread, IN LPVOID ctx, IN OUT <a class="code hl_struct" href="structpesieve_1_1__ctx__details.html">ctx_details</a>&amp; cDetails)</div>
-<div class="line"><a id="l00269" name="l00269"></a><span class="lineno">  269</span>{</div>
-<div class="line"><a id="l00270" name="l00270"></a><span class="lineno">  270</span>    <span class="comment">// do it in a new thread to prevent stucking...</span></div>
-<div class="line"><a id="l00271" name="l00271"></a><span class="lineno">  271</span>    <a class="code hl_struct" href="struct__t__stack__enum__params.html">t_stack_enum_params</a> args(hProcess, hThread, ctx, &amp;cDetails);</div>
-<div class="line"><a id="l00272" name="l00272"></a><span class="lineno">  272</span> </div>
-<div class="line"><a id="l00273" name="l00273"></a><span class="lineno">  273</span>    <span class="keyword">const</span> <span class="keywordtype">size_t</span> max_wait = 1000;</div>
-<div class="line"><a id="l00274" name="l00274"></a><span class="lineno">  274</span>    {</div>
-<div class="line"><a id="l00275" name="l00275"></a><span class="lineno">  275</span>        HANDLE enumThread = CreateThread(</div>
-<div class="line"><a id="l00276" name="l00276"></a><span class="lineno">  276</span>            NULL,                   <span class="comment">// default security attributes</span></div>
-<div class="line"><a id="l00277" name="l00277"></a><span class="lineno">  277</span>            0,                      <span class="comment">// use default stack size  </span></div>
-<div class="line"><a id="l00278" name="l00278"></a><span class="lineno">  278</span>            <a class="code hl_function" href="thread__scanner_8cpp.html#aae9f172c5997c8651c566511823bb19e">enum_stack_thread</a>,       <span class="comment">// thread function name</span></div>
-<div class="line"><a id="l00279" name="l00279"></a><span class="lineno">  279</span>            &amp;args,          <span class="comment">// argument to thread function </span></div>
-<div class="line"><a id="l00280" name="l00280"></a><span class="lineno">  280</span>            0,                      <span class="comment">// use default creation flags </span></div>
-<div class="line"><a id="l00281" name="l00281"></a><span class="lineno">  281</span>            0);   <span class="comment">// returns the thread identifiee</span></div>
+<div class="line"><a id="l00277" name="l00277"></a><span class="lineno">  277</span> </div>
+<div class="foldopen" id="foldopen00278" data-start="{" data-end="}">
+<div class="line"><a id="l00278" name="l00278"></a><span class="lineno"><a class="line" href="classpesieve_1_1_thread_scanner.html#a4bb1f60bbf77e4faed6d288ef3e83b9f">  278</a></span><span class="keywordtype">size_t</span> <a class="code hl_function" href="classpesieve_1_1_thread_scanner.html#a4bb1f60bbf77e4faed6d288ef3e83b9f">pesieve::ThreadScanner::fillCallStackInfo</a>(IN HANDLE hProcess, IN HANDLE hThread, IN LPVOID ctx, IN OUT <a class="code hl_struct" href="structpesieve_1_1__ctx__details.html">ctx_details</a>&amp; cDetails)</div>
+<div class="line"><a id="l00279" name="l00279"></a><span class="lineno">  279</span>{</div>
+<div class="line"><a id="l00280" name="l00280"></a><span class="lineno">  280</span>    <span class="comment">// do it in a new thread to prevent stucking...</span></div>
+<div class="line"><a id="l00281" name="l00281"></a><span class="lineno">  281</span>    <a class="code hl_struct" href="struct__t__stack__enum__params.html">t_stack_enum_params</a> args(hProcess, hThread, ctx, &amp;cDetails);</div>
 <div class="line"><a id="l00282" name="l00282"></a><span class="lineno">  282</span> </div>
-<div class="line"><a id="l00283" name="l00283"></a><span class="lineno">  283</span>        <span class="keywordflow">if</span> (enumThread) {</div>
-<div class="line"><a id="l00284" name="l00284"></a><span class="lineno">  284</span>            DWORD wait_result = WaitForSingleObject(enumThread, max_wait);</div>
-<div class="line"><a id="l00285" name="l00285"></a><span class="lineno">  285</span>            <span class="keywordflow">if</span> (wait_result == WAIT_TIMEOUT) {</div>
-<div class="line"><a id="l00286" name="l00286"></a><span class="lineno">  286</span>                std::cerr &lt;&lt; <span class="stringliteral">&quot;[!] Cannot retrieve stack frame: timeout passed!\n&quot;</span>;</div>
-<div class="line"><a id="l00287" name="l00287"></a><span class="lineno">  287</span>                TerminateThread(enumThread, 0);</div>
-<div class="line"><a id="l00288" name="l00288"></a><span class="lineno">  288</span>                CloseHandle(enumThread);</div>
-<div class="line"><a id="l00289" name="l00289"></a><span class="lineno">  289</span>                <span class="keywordflow">return</span> 0;</div>
-<div class="line"><a id="l00290" name="l00290"></a><span class="lineno">  290</span>            }</div>
-<div class="line"><a id="l00291" name="l00291"></a><span class="lineno">  291</span>            CloseHandle(enumThread);</div>
-<div class="line"><a id="l00292" name="l00292"></a><span class="lineno">  292</span>        }</div>
-<div class="line"><a id="l00293" name="l00293"></a><span class="lineno">  293</span>    }</div>
-<div class="line"><a id="l00294" name="l00294"></a><span class="lineno">  294</span>    <span class="keywordflow">if</span> (!args.<a class="code hl_variable" href="struct__t__stack__enum__params.html#a61d74c02774139f2cccf850af389735c">is_ok</a>) {</div>
-<div class="line"><a id="l00295" name="l00295"></a><span class="lineno">  295</span>        <span class="keywordflow">return</span> 0;</div>
-<div class="line"><a id="l00296" name="l00296"></a><span class="lineno">  296</span>    }</div>
-<div class="line"><a id="l00297" name="l00297"></a><span class="lineno">  297</span><span class="preprocessor">#ifdef _SHOW_THREAD_INFO</span></div>
-<div class="line"><a id="l00298" name="l00298"></a><span class="lineno">  298</span>    std::cout &lt;&lt; <span class="stringliteral">&quot;\n=== TID &quot;</span> &lt;&lt; std::dec &lt;&lt; GetThreadId(hThread) &lt;&lt; <span class="stringliteral">&quot; ===\n&quot;</span>;</div>
-<div class="line"><a id="l00299" name="l00299"></a><span class="lineno">  299</span><span class="preprocessor">#endif </span><span class="comment">//_SHOW_THREAD_INFO</span></div>
-<div class="line"><a id="l00300" name="l00300"></a><span class="lineno">  300</span>    <span class="keyword">const</span> <span class="keywordtype">size_t</span> analyzedCount = analyzeCallStack(args.<a class="code hl_variable" href="struct__t__stack__enum__params.html#ade3c904e419340c15bfc284f19e82f7a">callStack</a>, cDetails);</div>
-<div class="line"><a id="l00301" name="l00301"></a><span class="lineno">  301</span>    <span class="keywordflow">if</span> (!cDetails.is_managed) {</div>
-<div class="line"><a id="l00302" name="l00302"></a><span class="lineno">  302</span>        cDetails.is_ret_as_syscall = checkReturnAddrIntegrity(args.<a class="code hl_variable" href="struct__t__stack__enum__params.html#ade3c904e419340c15bfc284f19e82f7a">callStack</a>);</div>
+<div class="line"><a id="l00283" name="l00283"></a><span class="lineno">  283</span>    <span class="keyword">const</span> <span class="keywordtype">size_t</span> max_wait = 1000;</div>
+<div class="line"><a id="l00284" name="l00284"></a><span class="lineno">  284</span>    {</div>
+<div class="line"><a id="l00285" name="l00285"></a><span class="lineno">  285</span>        HANDLE enumThread = CreateThread(</div>
+<div class="line"><a id="l00286" name="l00286"></a><span class="lineno">  286</span>            NULL,                   <span class="comment">// default security attributes</span></div>
+<div class="line"><a id="l00287" name="l00287"></a><span class="lineno">  287</span>            0,                      <span class="comment">// use default stack size  </span></div>
+<div class="line"><a id="l00288" name="l00288"></a><span class="lineno">  288</span>            <a class="code hl_function" href="thread__scanner_8cpp.html#aae9f172c5997c8651c566511823bb19e">enum_stack_thread</a>,       <span class="comment">// thread function name</span></div>
+<div class="line"><a id="l00289" name="l00289"></a><span class="lineno">  289</span>            &amp;args,          <span class="comment">// argument to thread function </span></div>
+<div class="line"><a id="l00290" name="l00290"></a><span class="lineno">  290</span>            0,                      <span class="comment">// use default creation flags </span></div>
+<div class="line"><a id="l00291" name="l00291"></a><span class="lineno">  291</span>            0);   <span class="comment">// returns the thread identifiee</span></div>
+<div class="line"><a id="l00292" name="l00292"></a><span class="lineno">  292</span> </div>
+<div class="line"><a id="l00293" name="l00293"></a><span class="lineno">  293</span>        <span class="keywordflow">if</span> (enumThread) {</div>
+<div class="line"><a id="l00294" name="l00294"></a><span class="lineno">  294</span>            DWORD wait_result = WaitForSingleObject(enumThread, max_wait);</div>
+<div class="line"><a id="l00295" name="l00295"></a><span class="lineno">  295</span>            <span class="keywordflow">if</span> (wait_result == WAIT_TIMEOUT) {</div>
+<div class="line"><a id="l00296" name="l00296"></a><span class="lineno">  296</span>                std::cerr &lt;&lt; <span class="stringliteral">&quot;[!] Cannot retrieve stack frame: timeout passed!\n&quot;</span>;</div>
+<div class="line"><a id="l00297" name="l00297"></a><span class="lineno">  297</span>                TerminateThread(enumThread, 0);</div>
+<div class="line"><a id="l00298" name="l00298"></a><span class="lineno">  298</span>                CloseHandle(enumThread);</div>
+<div class="line"><a id="l00299" name="l00299"></a><span class="lineno">  299</span>                <span class="keywordflow">return</span> 0;</div>
+<div class="line"><a id="l00300" name="l00300"></a><span class="lineno">  300</span>            }</div>
+<div class="line"><a id="l00301" name="l00301"></a><span class="lineno">  301</span>            CloseHandle(enumThread);</div>
+<div class="line"><a id="l00302" name="l00302"></a><span class="lineno">  302</span>        }</div>
 <div class="line"><a id="l00303" name="l00303"></a><span class="lineno">  303</span>    }</div>
-<div class="line"><a id="l00304" name="l00304"></a><span class="lineno">  304</span>    <span class="keywordflow">return</span> analyzedCount;</div>
-<div class="line"><a id="l00305" name="l00305"></a><span class="lineno">  305</span>}</div>
+<div class="line"><a id="l00304" name="l00304"></a><span class="lineno">  304</span>    <span class="keywordflow">if</span> (!args.<a class="code hl_variable" href="struct__t__stack__enum__params.html#a61d74c02774139f2cccf850af389735c">is_ok</a>) {</div>
+<div class="line"><a id="l00305" name="l00305"></a><span class="lineno">  305</span>        <span class="keywordflow">return</span> 0;</div>
+<div class="line"><a id="l00306" name="l00306"></a><span class="lineno">  306</span>    }</div>
+<div class="line"><a id="l00307" name="l00307"></a><span class="lineno">  307</span><span class="preprocessor">#ifdef _SHOW_THREAD_INFO</span></div>
+<div class="line"><a id="l00308" name="l00308"></a><span class="lineno">  308</span>    std::cout &lt;&lt; <span class="stringliteral">&quot;\n=== TID &quot;</span> &lt;&lt; std::dec &lt;&lt; GetThreadId(hThread) &lt;&lt; <span class="stringliteral">&quot; ===\n&quot;</span>;</div>
+<div class="line"><a id="l00309" name="l00309"></a><span class="lineno">  309</span><span class="preprocessor">#endif </span><span class="comment">//_SHOW_THREAD_INFO</span></div>
+<div class="line"><a id="l00310" name="l00310"></a><span class="lineno">  310</span>    <span class="keyword">const</span> <span class="keywordtype">size_t</span> analyzedCount = analyzeCallStack(args.<a class="code hl_variable" href="struct__t__stack__enum__params.html#ade3c904e419340c15bfc284f19e82f7a">callStack</a>, cDetails);</div>
+<div class="line"><a id="l00311" name="l00311"></a><span class="lineno">  311</span>    <span class="keywordflow">if</span> (!cDetails.is_managed) {</div>
+<div class="line"><a id="l00312" name="l00312"></a><span class="lineno">  312</span>        cDetails.is_ret_as_syscall = checkReturnAddrIntegrity(args.<a class="code hl_variable" href="struct__t__stack__enum__params.html#ade3c904e419340c15bfc284f19e82f7a">callStack</a>);</div>
+<div class="line"><a id="l00313" name="l00313"></a><span class="lineno">  313</span>    }</div>
+<div class="line"><a id="l00314" name="l00314"></a><span class="lineno">  314</span>    <span class="keywordflow">return</span> analyzedCount;</div>
+<div class="line"><a id="l00315" name="l00315"></a><span class="lineno">  315</span>}</div>
 </div>
-<div class="line"><a id="l00306" name="l00306"></a><span class="lineno">  306</span> </div>
-<div class="line"><a id="l00307" name="l00307"></a><span class="lineno">  307</span><span class="keyword">template</span> &lt;<span class="keyword">typename</span> PTR_T&gt;</div>
-<div class="foldopen" id="foldopen00308" data-start="{" data-end="}">
-<div class="line"><a id="l00308" name="l00308"></a><span class="lineno"><a class="line" href="thread__scanner_8cpp.html#a8df4a00bf9eb5dfebad5cfe6c4248ffc">  308</a></span><span class="keywordtype">bool</span> <a class="code hl_function" href="thread__scanner_8cpp.html#a8df4a00bf9eb5dfebad5cfe6c4248ffc">read_return_ptr</a>(IN HANDLE hProcess, IN OUT <a class="code hl_struct" href="structpesieve_1_1__ctx__details.html">ctx_details</a>&amp; cDetails) {</div>
-<div class="line"><a id="l00309" name="l00309"></a><span class="lineno">  309</span>    PTR_T ret_addr = 0;</div>
-<div class="line"><a id="l00310" name="l00310"></a><span class="lineno">  310</span>    cDetails.ret_on_stack = 0;</div>
-<div class="line"><a id="l00311" name="l00311"></a><span class="lineno">  311</span>    <span class="keywordflow">if</span> (peconv::read_remote_memory(hProcess, (LPVOID)cDetails.rsp, (BYTE*)&amp;ret_addr, <span class="keyword">sizeof</span>(ret_addr)) == <span class="keyword">sizeof</span>(ret_addr)) {</div>
-<div class="line"><a id="l00312" name="l00312"></a><span class="lineno">  312</span>        cDetails.ret_on_stack = (ULONGLONG)ret_addr;</div>
-<div class="line"><a id="l00313" name="l00313"></a><span class="lineno">  313</span>        <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
-<div class="line"><a id="l00314" name="l00314"></a><span class="lineno">  314</span>    }</div>
-<div class="line"><a id="l00315" name="l00315"></a><span class="lineno">  315</span>    <span class="keywordflow">return</span> <span class="keyword">false</span>;</div>
-<div class="line"><a id="l00316" name="l00316"></a><span class="lineno">  316</span>}</div>
-</div>
-<div class="line"><a id="l00317" name="l00317"></a><span class="lineno">  317</span> </div>
+<div class="line"><a id="l00316" name="l00316"></a><span class="lineno">  316</span> </div>
+<div class="line"><a id="l00317" name="l00317"></a><span class="lineno">  317</span><span class="keyword">template</span> &lt;<span class="keyword">typename</span> PTR_T&gt;</div>
 <div class="foldopen" id="foldopen00318" data-start="{" data-end="}">
-<div class="line"><a id="l00318" name="l00318"></a><span class="lineno"><a class="line" href="classpesieve_1_1_thread_scanner.html#ab1cc74daf162025643c225c29cd8225b">  318</a></span><span class="keywordtype">bool</span> <a class="code hl_function" href="classpesieve_1_1_thread_scanner.html#ab1cc74daf162025643c225c29cd8225b">pesieve::ThreadScanner::fetchThreadCtxDetails</a>(IN HANDLE hProcess, IN HANDLE hThread, OUT <a class="code hl_struct" href="structpesieve_1_1__ctx__details.html">ctx_details</a>&amp; cDetails)</div>
-<div class="line"><a id="l00319" name="l00319"></a><span class="lineno">  319</span>{</div>
-<div class="line"><a id="l00320" name="l00320"></a><span class="lineno">  320</span>    <span class="keywordtype">bool</span> is_ok = <span class="keyword">false</span>;</div>
-<div class="line"><a id="l00321" name="l00321"></a><span class="lineno">  321</span>    BOOL is_wow64 = FALSE;</div>
-<div class="line"><a id="l00322" name="l00322"></a><span class="lineno">  322</span>    <span class="keywordtype">size_t</span> retrieved = 0;</div>
-<div class="line"><a id="l00323" name="l00323"></a><span class="lineno">  323</span><span class="preprocessor">#ifdef _WIN64</span></div>
-<div class="line"><a id="l00324" name="l00324"></a><span class="lineno">  324</span>    <a class="code hl_function" href="namespacepesieve_1_1util.html#a43b6faf00b6a97279f2d67f4a3fd2513">pesieve::util::is_process_wow64</a>(hProcess, &amp;is_wow64);</div>
-<div class="line"><a id="l00325" name="l00325"></a><span class="lineno">  325</span> </div>
-<div class="line"><a id="l00326" name="l00326"></a><span class="lineno">  326</span>    <span class="keywordflow">if</span> (is_wow64) {</div>
-<div class="line"><a id="l00327" name="l00327"></a><span class="lineno">  327</span>        WOW64_CONTEXT ctx = { 0 };</div>
-<div class="line"><a id="l00328" name="l00328"></a><span class="lineno">  328</span>        ctx.ContextFlags = CONTEXT_INTEGER | CONTEXT_CONTROL;</div>
-<div class="line"><a id="l00329" name="l00329"></a><span class="lineno">  329</span>        <span class="keywordflow">if</span> (<a class="code hl_function" href="namespacepesieve_1_1util.html#adafdd61439fc2750cec84fb15d59ecf8">pesieve::util::wow64_get_thread_context</a>(hThread, &amp;ctx)) {</div>
-<div class="line"><a id="l00330" name="l00330"></a><span class="lineno">  330</span>            is_ok = <span class="keyword">true</span>;</div>
-<div class="line"><a id="l00331" name="l00331"></a><span class="lineno">  331</span>            cDetails.init(<span class="keyword">false</span>, ctx.Eip, ctx.Esp, ctx.Ebp);</div>
-<div class="line"><a id="l00332" name="l00332"></a><span class="lineno">  332</span>            <a class="code hl_function" href="thread__scanner_8cpp.html#a8df4a00bf9eb5dfebad5cfe6c4248ffc">read_return_ptr&lt;DWORD&gt;</a>(hProcess, cDetails);</div>
-<div class="line"><a id="l00333" name="l00333"></a><span class="lineno">  333</span>            retrieved = fillCallStackInfo(hProcess, hThread, &amp;ctx, cDetails);</div>
-<div class="line"><a id="l00334" name="l00334"></a><span class="lineno">  334</span>        }</div>
-<div class="line"><a id="l00335" name="l00335"></a><span class="lineno">  335</span>    }</div>
-<div class="line"><a id="l00336" name="l00336"></a><span class="lineno">  336</span><span class="preprocessor">#endif</span></div>
-<div class="line"><a id="l00337" name="l00337"></a><span class="lineno">  337</span>    <span class="keywordflow">if</span> (!is_ok) {</div>
-<div class="line"><a id="l00338" name="l00338"></a><span class="lineno">  338</span> </div>
-<div class="line"><a id="l00339" name="l00339"></a><span class="lineno">  339</span>        CONTEXT ctx = { 0 };</div>
-<div class="line"><a id="l00340" name="l00340"></a><span class="lineno">  340</span>        ctx.ContextFlags = CONTEXT_INTEGER | CONTEXT_CONTROL;</div>
-<div class="line"><a id="l00341" name="l00341"></a><span class="lineno">  341</span>        <span class="keywordflow">if</span> (GetThreadContext(hThread, &amp;ctx)) {</div>
-<div class="line"><a id="l00342" name="l00342"></a><span class="lineno">  342</span>            is_ok = <span class="keyword">true</span>;</div>
-<div class="line"><a id="l00343" name="l00343"></a><span class="lineno">  343</span><span class="preprocessor">#ifdef _WIN64</span></div>
-<div class="line"><a id="l00344" name="l00344"></a><span class="lineno">  344</span>            cDetails.init(<span class="keyword">true</span>, ctx.Rip, ctx.Rsp, ctx.Rbp);</div>
-<div class="line"><a id="l00345" name="l00345"></a><span class="lineno">  345</span>            <a class="code hl_function" href="thread__scanner_8cpp.html#a8df4a00bf9eb5dfebad5cfe6c4248ffc">read_return_ptr&lt;ULONGLONG&gt;</a>(hProcess, cDetails);</div>
-<div class="line"><a id="l00346" name="l00346"></a><span class="lineno">  346</span><span class="preprocessor">#else</span></div>
-<div class="line"><a id="l00347" name="l00347"></a><span class="lineno">  347</span>            cDetails.init(<span class="keyword">false</span>, ctx.Eip, ctx.Esp, ctx.Ebp);</div>
-<div class="line"><a id="l00348" name="l00348"></a><span class="lineno">  348</span>            <a class="code hl_function" href="thread__scanner_8cpp.html#a8df4a00bf9eb5dfebad5cfe6c4248ffc">read_return_ptr&lt;DWORD&gt;</a>(hProcess, cDetails);</div>
-<div class="line"><a id="l00349" name="l00349"></a><span class="lineno">  349</span><span class="preprocessor">#endif</span></div>
-<div class="line"><a id="l00350" name="l00350"></a><span class="lineno">  350</span>            retrieved = fillCallStackInfo(hProcess, hThread, &amp;ctx, cDetails);</div>
-<div class="line"><a id="l00351" name="l00351"></a><span class="lineno">  351</span>        }</div>
-<div class="line"><a id="l00352" name="l00352"></a><span class="lineno">  352</span>    }</div>
-<div class="line"><a id="l00353" name="l00353"></a><span class="lineno">  353</span>    <span class="keywordflow">if</span> (!retrieved) is_ok = <span class="keyword">false</span>;</div>
-<div class="line"><a id="l00354" name="l00354"></a><span class="lineno">  354</span>    <span class="keywordflow">return</span> is_ok;</div>
-<div class="line"><a id="l00355" name="l00355"></a><span class="lineno">  355</span>}</div>
+<div class="line"><a id="l00318" name="l00318"></a><span class="lineno"><a class="line" href="thread__scanner_8cpp.html#a8df4a00bf9eb5dfebad5cfe6c4248ffc">  318</a></span><span class="keywordtype">bool</span> <a class="code hl_function" href="thread__scanner_8cpp.html#a8df4a00bf9eb5dfebad5cfe6c4248ffc">read_return_ptr</a>(IN HANDLE hProcess, IN OUT <a class="code hl_struct" href="structpesieve_1_1__ctx__details.html">ctx_details</a>&amp; cDetails) {</div>
+<div class="line"><a id="l00319" name="l00319"></a><span class="lineno">  319</span>    PTR_T ret_addr = 0;</div>
+<div class="line"><a id="l00320" name="l00320"></a><span class="lineno">  320</span>    cDetails.ret_on_stack = 0;</div>
+<div class="line"><a id="l00321" name="l00321"></a><span class="lineno">  321</span>    <span class="keywordflow">if</span> (peconv::read_remote_memory(hProcess, (LPVOID)cDetails.rsp, (BYTE*)&amp;ret_addr, <span class="keyword">sizeof</span>(ret_addr)) == <span class="keyword">sizeof</span>(ret_addr)) {</div>
+<div class="line"><a id="l00322" name="l00322"></a><span class="lineno">  322</span>        cDetails.ret_on_stack = (ULONGLONG)ret_addr;</div>
+<div class="line"><a id="l00323" name="l00323"></a><span class="lineno">  323</span>        <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
+<div class="line"><a id="l00324" name="l00324"></a><span class="lineno">  324</span>    }</div>
+<div class="line"><a id="l00325" name="l00325"></a><span class="lineno">  325</span>    <span class="keywordflow">return</span> <span class="keyword">false</span>;</div>
+<div class="line"><a id="l00326" name="l00326"></a><span class="lineno">  326</span>}</div>
 </div>
-<div class="line"><a id="l00356" name="l00356"></a><span class="lineno">  356</span> </div>
-<div class="foldopen" id="foldopen00357" data-start="{" data-end="}">
-<div class="line"><a id="l00357" name="l00357"></a><span class="lineno"><a class="line" href="classpesieve_1_1_thread_scanner.html#a912120f6549a8b27c3e8166ccd2511cf">  357</a></span><span class="keywordtype">bool</span> <a class="code hl_function" href="classpesieve_1_1_thread_scanner.html#a912120f6549a8b27c3e8166ccd2511cf">pesieve::ThreadScanner::isAddrInShellcode</a>(<span class="keyword">const</span> ULONGLONG addr)</div>
-<div class="line"><a id="l00358" name="l00358"></a><span class="lineno">  358</span>{</div>
-<div class="line"><a id="l00359" name="l00359"></a><span class="lineno">  359</span>    <a class="code hl_class" href="classpesieve_1_1_scanned_module.html">ScannedModule</a>* mod = modulesInfo.findModuleContaining(addr);</div>
-<div class="line"><a id="l00360" name="l00360"></a><span class="lineno">  360</span>    <span class="keywordflow">if</span> (!mod) <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
-<div class="line"><a id="l00361" name="l00361"></a><span class="lineno">  361</span> </div>
-<div class="line"><a id="l00362" name="l00362"></a><span class="lineno">  362</span>    <span class="comment">//the module is named</span></div>
-<div class="line"><a id="l00363" name="l00363"></a><span class="lineno">  363</span>    <span class="keywordflow">if</span> (mod-&gt;<a class="code hl_function" href="classpesieve_1_1_scanned_module.html#a032f8ad62f6bd513835a020fa8f55abb">getModName</a>().length() &gt; 0) {</div>
-<div class="line"><a id="l00364" name="l00364"></a><span class="lineno">  364</span>        <span class="keywordflow">return</span> <span class="keyword">false</span>;</div>
-<div class="line"><a id="l00365" name="l00365"></a><span class="lineno">  365</span>    }</div>
-<div class="line"><a id="l00366" name="l00366"></a><span class="lineno">  366</span>    <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
-<div class="line"><a id="l00367" name="l00367"></a><span class="lineno">  367</span>}</div>
+<div class="line"><a id="l00327" name="l00327"></a><span class="lineno">  327</span> </div>
+<div class="foldopen" id="foldopen00328" data-start="{" data-end="}">
+<div class="line"><a id="l00328" name="l00328"></a><span class="lineno"><a class="line" href="classpesieve_1_1_thread_scanner.html#ab1cc74daf162025643c225c29cd8225b">  328</a></span><span class="keywordtype">bool</span> <a class="code hl_function" href="classpesieve_1_1_thread_scanner.html#ab1cc74daf162025643c225c29cd8225b">pesieve::ThreadScanner::fetchThreadCtxDetails</a>(IN HANDLE hProcess, IN HANDLE hThread, OUT <a class="code hl_struct" href="structpesieve_1_1__ctx__details.html">ctx_details</a>&amp; cDetails)</div>
+<div class="line"><a id="l00329" name="l00329"></a><span class="lineno">  329</span>{</div>
+<div class="line"><a id="l00330" name="l00330"></a><span class="lineno">  330</span>    <span class="keywordtype">bool</span> is_ok = <span class="keyword">false</span>;</div>
+<div class="line"><a id="l00331" name="l00331"></a><span class="lineno">  331</span>    BOOL is_wow64 = FALSE;</div>
+<div class="line"><a id="l00332" name="l00332"></a><span class="lineno">  332</span>    <span class="keywordtype">size_t</span> retrieved = 0;</div>
+<div class="line"><a id="l00333" name="l00333"></a><span class="lineno">  333</span><span class="preprocessor">#ifdef _WIN64</span></div>
+<div class="line"><a id="l00334" name="l00334"></a><span class="lineno">  334</span>    <a class="code hl_function" href="namespacepesieve_1_1util.html#a43b6faf00b6a97279f2d67f4a3fd2513">pesieve::util::is_process_wow64</a>(hProcess, &amp;is_wow64);</div>
+<div class="line"><a id="l00335" name="l00335"></a><span class="lineno">  335</span> </div>
+<div class="line"><a id="l00336" name="l00336"></a><span class="lineno">  336</span>    <span class="keywordflow">if</span> (is_wow64) {</div>
+<div class="line"><a id="l00337" name="l00337"></a><span class="lineno">  337</span>        WOW64_CONTEXT ctx = { 0 };</div>
+<div class="line"><a id="l00338" name="l00338"></a><span class="lineno">  338</span>        ctx.ContextFlags = CONTEXT_INTEGER | CONTEXT_CONTROL;</div>
+<div class="line"><a id="l00339" name="l00339"></a><span class="lineno">  339</span>        <span class="keywordflow">if</span> (<a class="code hl_function" href="namespacepesieve_1_1util.html#adafdd61439fc2750cec84fb15d59ecf8">pesieve::util::wow64_get_thread_context</a>(hThread, &amp;ctx)) {</div>
+<div class="line"><a id="l00340" name="l00340"></a><span class="lineno">  340</span>            is_ok = <span class="keyword">true</span>;</div>
+<div class="line"><a id="l00341" name="l00341"></a><span class="lineno">  341</span>            cDetails.init(<span class="keyword">false</span>, ctx.Eip, ctx.Esp, ctx.Ebp);</div>
+<div class="line"><a id="l00342" name="l00342"></a><span class="lineno">  342</span>            <a class="code hl_function" href="thread__scanner_8cpp.html#a8df4a00bf9eb5dfebad5cfe6c4248ffc">read_return_ptr&lt;DWORD&gt;</a>(hProcess, cDetails);</div>
+<div class="line"><a id="l00343" name="l00343"></a><span class="lineno">  343</span>            retrieved = fillCallStackInfo(hProcess, hThread, &amp;ctx, cDetails);</div>
+<div class="line"><a id="l00344" name="l00344"></a><span class="lineno">  344</span>        }</div>
+<div class="line"><a id="l00345" name="l00345"></a><span class="lineno">  345</span>    }</div>
+<div class="line"><a id="l00346" name="l00346"></a><span class="lineno">  346</span><span class="preprocessor">#endif</span></div>
+<div class="line"><a id="l00347" name="l00347"></a><span class="lineno">  347</span>    <span class="keywordflow">if</span> (!is_ok) {</div>
+<div class="line"><a id="l00348" name="l00348"></a><span class="lineno">  348</span> </div>
+<div class="line"><a id="l00349" name="l00349"></a><span class="lineno">  349</span>        CONTEXT ctx = { 0 };</div>
+<div class="line"><a id="l00350" name="l00350"></a><span class="lineno">  350</span>        ctx.ContextFlags = CONTEXT_INTEGER | CONTEXT_CONTROL;</div>
+<div class="line"><a id="l00351" name="l00351"></a><span class="lineno">  351</span>        <span class="keywordflow">if</span> (GetThreadContext(hThread, &amp;ctx)) {</div>
+<div class="line"><a id="l00352" name="l00352"></a><span class="lineno">  352</span>            is_ok = <span class="keyword">true</span>;</div>
+<div class="line"><a id="l00353" name="l00353"></a><span class="lineno">  353</span><span class="preprocessor">#ifdef _WIN64</span></div>
+<div class="line"><a id="l00354" name="l00354"></a><span class="lineno">  354</span>            cDetails.init(<span class="keyword">true</span>, ctx.Rip, ctx.Rsp, ctx.Rbp);</div>
+<div class="line"><a id="l00355" name="l00355"></a><span class="lineno">  355</span>            <a class="code hl_function" href="thread__scanner_8cpp.html#a8df4a00bf9eb5dfebad5cfe6c4248ffc">read_return_ptr&lt;ULONGLONG&gt;</a>(hProcess, cDetails);</div>
+<div class="line"><a id="l00356" name="l00356"></a><span class="lineno">  356</span><span class="preprocessor">#else</span></div>
+<div class="line"><a id="l00357" name="l00357"></a><span class="lineno">  357</span>            cDetails.init(<span class="keyword">false</span>, ctx.Eip, ctx.Esp, ctx.Ebp);</div>
+<div class="line"><a id="l00358" name="l00358"></a><span class="lineno">  358</span>            <a class="code hl_function" href="thread__scanner_8cpp.html#a8df4a00bf9eb5dfebad5cfe6c4248ffc">read_return_ptr&lt;DWORD&gt;</a>(hProcess, cDetails);</div>
+<div class="line"><a id="l00359" name="l00359"></a><span class="lineno">  359</span><span class="preprocessor">#endif</span></div>
+<div class="line"><a id="l00360" name="l00360"></a><span class="lineno">  360</span>            retrieved = fillCallStackInfo(hProcess, hThread, &amp;ctx, cDetails);</div>
+<div class="line"><a id="l00361" name="l00361"></a><span class="lineno">  361</span>        }</div>
+<div class="line"><a id="l00362" name="l00362"></a><span class="lineno">  362</span>    }</div>
+<div class="line"><a id="l00363" name="l00363"></a><span class="lineno">  363</span>    <span class="keywordflow">if</span> (!retrieved) is_ok = <span class="keyword">false</span>;</div>
+<div class="line"><a id="l00364" name="l00364"></a><span class="lineno">  364</span>    <span class="keywordflow">return</span> is_ok;</div>
+<div class="line"><a id="l00365" name="l00365"></a><span class="lineno">  365</span>}</div>
 </div>
-<div class="line"><a id="l00368" name="l00368"></a><span class="lineno">  368</span> </div>
-<div class="foldopen" id="foldopen00369" data-start="{" data-end="}">
-<div class="line"><a id="l00369" name="l00369"></a><span class="lineno"><a class="line" href="classpesieve_1_1_thread_scanner.html#ac35db3f1ec2765f9dda550b04f0cb9ee">  369</a></span><span class="keywordtype">bool</span> <a class="code hl_function" href="classpesieve_1_1_thread_scanner.html#ac35db3f1ec2765f9dda550b04f0cb9ee">pesieve::ThreadScanner::printResolvedAddr</a>(<span class="keyword">const</span> ULONGLONG addr)</div>
-<div class="line"><a id="l00370" name="l00370"></a><span class="lineno">  370</span>{</div>
-<div class="line"><a id="l00371" name="l00371"></a><span class="lineno">  371</span>    <span class="keywordtype">bool</span> is_resolved = <span class="keyword">false</span>;</div>
-<div class="line"><a id="l00372" name="l00372"></a><span class="lineno">  372</span>    std::cout &lt;&lt; std::hex &lt;&lt; addr;</div>
-<div class="line"><a id="l00373" name="l00373"></a><span class="lineno">  373</span>    <a class="code hl_class" href="classpesieve_1_1_scanned_module.html">ScannedModule</a>* mod = modulesInfo.findModuleContaining(addr);</div>
-<div class="line"><a id="l00374" name="l00374"></a><span class="lineno">  374</span>    <span class="keywordflow">if</span> (mod) {</div>
-<div class="line"><a id="l00375" name="l00375"></a><span class="lineno">  375</span>        std::cout &lt;&lt; <span class="stringliteral">&quot; : &quot;</span> &lt;&lt; mod-&gt;<a class="code hl_function" href="classpesieve_1_1_scanned_module.html#a032f8ad62f6bd513835a020fa8f55abb">getModName</a>();</div>
-<div class="line"><a id="l00376" name="l00376"></a><span class="lineno">  376</span>        is_resolved = <span class="keyword">true</span>;</div>
-<div class="line"><a id="l00377" name="l00377"></a><span class="lineno">  377</span>    }</div>
-<div class="line"><a id="l00378" name="l00378"></a><span class="lineno">  378</span>    <span class="keywordflow">if</span> (exportsMap &amp;&amp; is_resolved) {</div>
-<div class="line"><a id="l00379" name="l00379"></a><span class="lineno">  379</span>        <span class="keywordtype">bool</span> search_name = <span class="keyword">false</span>;</div>
-<div class="line"><a id="l00380" name="l00380"></a><span class="lineno">  380</span>        <span class="keywordflow">if</span> (mod-&gt;<a class="code hl_function" href="classpesieve_1_1_scanned_module.html#a032f8ad62f6bd513835a020fa8f55abb">getModName</a>() == <span class="stringliteral">&quot;ntdll.dll&quot;</span> || mod-&gt;<a class="code hl_function" href="classpesieve_1_1_scanned_module.html#a032f8ad62f6bd513835a020fa8f55abb">getModName</a>() == <span class="stringliteral">&quot;win32u.dll&quot;</span>) {</div>
-<div class="line"><a id="l00381" name="l00381"></a><span class="lineno">  381</span>            search_name = <span class="keyword">true</span>;</div>
-<div class="line"><a id="l00382" name="l00382"></a><span class="lineno">  382</span>        }</div>
-<div class="line"><a id="l00383" name="l00383"></a><span class="lineno">  383</span>        <span class="keywordflow">for</span> (<span class="keywordtype">size_t</span> i = 0; i &lt; 25; i++) {</div>
-<div class="line"><a id="l00384" name="l00384"></a><span class="lineno">  384</span>            <span class="keyword">const</span> peconv::ExportedFunc* exp = exportsMap-&gt;find_export_by_va(addr - i);</div>
-<div class="line"><a id="l00385" name="l00385"></a><span class="lineno">  385</span>            <span class="keywordflow">if</span> (exp) {</div>
-<div class="line"><a id="l00386" name="l00386"></a><span class="lineno">  386</span>                std::cout &lt;&lt; <span class="stringliteral">&quot; : &quot;</span> &lt;&lt; exp-&gt;toString();</div>
-<div class="line"><a id="l00387" name="l00387"></a><span class="lineno">  387</span>                is_resolved = <span class="keyword">true</span>;</div>
-<div class="line"><a id="l00388" name="l00388"></a><span class="lineno">  388</span>                <span class="keywordflow">break</span>;</div>
-<div class="line"><a id="l00389" name="l00389"></a><span class="lineno">  389</span>            }</div>
-<div class="line"><a id="l00390" name="l00390"></a><span class="lineno">  390</span>            <span class="keywordflow">if</span> (!search_name) {</div>
-<div class="line"><a id="l00391" name="l00391"></a><span class="lineno">  391</span>                <span class="keywordflow">break</span>;</div>
-<div class="line"><a id="l00392" name="l00392"></a><span class="lineno">  392</span>            }</div>
-<div class="line"><a id="l00393" name="l00393"></a><span class="lineno">  393</span>        }</div>
-<div class="line"><a id="l00394" name="l00394"></a><span class="lineno">  394</span>    }</div>
-<div class="line"><a id="l00395" name="l00395"></a><span class="lineno">  395</span>    std::cout &lt;&lt; std::endl;</div>
-<div class="line"><a id="l00396" name="l00396"></a><span class="lineno">  396</span>    <span class="keywordflow">return</span> is_resolved;</div>
-<div class="line"><a id="l00397" name="l00397"></a><span class="lineno">  397</span>}</div>
+<div class="line"><a id="l00366" name="l00366"></a><span class="lineno">  366</span> </div>
+<div class="foldopen" id="foldopen00367" data-start="{" data-end="}">
+<div class="line"><a id="l00367" name="l00367"></a><span class="lineno"><a class="line" href="classpesieve_1_1_thread_scanner.html#a912120f6549a8b27c3e8166ccd2511cf">  367</a></span><span class="keywordtype">bool</span> <a class="code hl_function" href="classpesieve_1_1_thread_scanner.html#a912120f6549a8b27c3e8166ccd2511cf">pesieve::ThreadScanner::isAddrInShellcode</a>(<span class="keyword">const</span> ULONGLONG addr)</div>
+<div class="line"><a id="l00368" name="l00368"></a><span class="lineno">  368</span>{</div>
+<div class="line"><a id="l00369" name="l00369"></a><span class="lineno">  369</span>    <a class="code hl_class" href="classpesieve_1_1_scanned_module.html">ScannedModule</a>* mod = modulesInfo.findModuleContaining(addr);</div>
+<div class="line"><a id="l00370" name="l00370"></a><span class="lineno">  370</span>    <span class="keywordflow">if</span> (!mod) <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
+<div class="line"><a id="l00371" name="l00371"></a><span class="lineno">  371</span> </div>
+<div class="line"><a id="l00372" name="l00372"></a><span class="lineno">  372</span>    <span class="comment">//the module is named</span></div>
+<div class="line"><a id="l00373" name="l00373"></a><span class="lineno">  373</span>    <span class="keywordflow">if</span> (mod-&gt;<a class="code hl_function" href="classpesieve_1_1_scanned_module.html#a032f8ad62f6bd513835a020fa8f55abb">getModName</a>().length() &gt; 0) {</div>
+<div class="line"><a id="l00374" name="l00374"></a><span class="lineno">  374</span>        <span class="keywordflow">return</span> <span class="keyword">false</span>;</div>
+<div class="line"><a id="l00375" name="l00375"></a><span class="lineno">  375</span>    }</div>
+<div class="line"><a id="l00376" name="l00376"></a><span class="lineno">  376</span>    <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
+<div class="line"><a id="l00377" name="l00377"></a><span class="lineno">  377</span>}</div>
 </div>
-<div class="line"><a id="l00398" name="l00398"></a><span class="lineno">  398</span> </div>
-<div class="foldopen" id="foldopen00399" data-start="{" data-end="}">
-<div class="line"><a id="l00399" name="l00399"></a><span class="lineno"><a class="line" href="classpesieve_1_1_thread_scanner.html#a75c0be0ec6ea82b700f3ca5e846a0675">  399</a></span><span class="keywordtype">void</span> <a class="code hl_function" href="classpesieve_1_1_thread_scanner.html#a75c0be0ec6ea82b700f3ca5e846a0675">pesieve::ThreadScanner::printThreadInfo</a>(<span class="keyword">const</span> <a class="code hl_struct" href="structpesieve_1_1util_1_1__thread__info.html">pesieve::util::thread_info</a>&amp; threadi)</div>
-<div class="line"><a id="l00400" name="l00400"></a><span class="lineno">  400</span>{</div>
-<div class="line"><a id="l00401" name="l00401"></a><span class="lineno">  401</span>    std::cout &lt;&lt; std::dec &lt;&lt; <span class="stringliteral">&quot;TID: &quot;</span> &lt;&lt; threadi.<a class="code hl_variable" href="structpesieve_1_1util_1_1__thread__info.html#a390c3d14815d2aaaf625f9fc16f6f01b">tid</a> &lt;&lt; <span class="stringliteral">&quot;\n&quot;</span>;</div>
-<div class="line"><a id="l00402" name="l00402"></a><span class="lineno">  402</span>    std::cout &lt;&lt; std::hex &lt;&lt; <span class="stringliteral">&quot;\tStart   : &quot;</span>;</div>
-<div class="line"><a id="l00403" name="l00403"></a><span class="lineno">  403</span>    printResolvedAddr(threadi.<a class="code hl_variable" href="structpesieve_1_1util_1_1__thread__info.html#a2d408cca43d2e48530d63c394755e96b">start_addr</a>);</div>
-<div class="line"><a id="l00404" name="l00404"></a><span class="lineno">  404</span> </div>
-<div class="line"><a id="l00405" name="l00405"></a><span class="lineno">  405</span>    <span class="keywordflow">if</span> (threadi.<a class="code hl_variable" href="structpesieve_1_1util_1_1__thread__info.html#a8ec77c6fa5aa1dc71802d52afdc37386">is_extended</a>) {</div>
-<div class="line"><a id="l00406" name="l00406"></a><span class="lineno">  406</span>        std::cout &lt;&lt; std::hex &lt;&lt; <span class="stringliteral">&quot;\tSysStart: &quot;</span>;</div>
-<div class="line"><a id="l00407" name="l00407"></a><span class="lineno">  407</span>        printResolvedAddr(threadi.<a class="code hl_variable" href="structpesieve_1_1util_1_1__thread__info.html#aa8f037bcc48e97319145006c5ceef188">ext</a>.<a class="code hl_variable" href="structpesieve_1_1util_1_1__thread__info__ext.html#a015d9ec862bebffabeeea74cc94c6c03">sys_start_addr</a>);</div>
-<div class="line"><a id="l00408" name="l00408"></a><span class="lineno">  408</span>        <span class="keywordflow">if</span> (threadi.<a class="code hl_variable" href="structpesieve_1_1util_1_1__thread__info.html#a86d6cd2d927a54e2541f0915ffdc03c1">last_syscall</a> != <a class="code hl_define" href="threads__util_8h.html#aab88471ac182a9537e03a6724162d96d">INVALID_SYSCALL</a>) {</div>
-<div class="line"><a id="l00409" name="l00409"></a><span class="lineno">  409</span>            std::cout &lt;&lt; <span class="stringliteral">&quot;\tLast Syscall: &quot;</span> &lt;&lt; std::hex &lt;&lt; threadi.<a class="code hl_variable" href="structpesieve_1_1util_1_1__thread__info.html#a86d6cd2d927a54e2541f0915ffdc03c1">last_syscall</a> &lt;&lt; <span class="stringliteral">&quot; Func: &quot;</span> &lt;&lt; <a class="code hl_variable" href="pe__sieve_8cpp.html#ad9b41a5c4eaa3b01ef3ad5301c987c77">g_SyscallTable</a>.<a class="code hl_function" href="structpesieve_1_1_syscall_table.html#a8861442dc69bfcc4bdd042cee33d444b">getSyscallName</a>(threadi.<a class="code hl_variable" href="structpesieve_1_1util_1_1__thread__info.html#a86d6cd2d927a54e2541f0915ffdc03c1">last_syscall</a>) &lt;&lt; std::endl;</div>
-<div class="line"><a id="l00410" name="l00410"></a><span class="lineno">  410</span>        }</div>
-<div class="line"><a id="l00411" name="l00411"></a><span class="lineno">  411</span>        std::cout &lt;&lt; <span class="stringliteral">&quot;\tState: [&quot;</span> &lt;&lt; <a class="code hl_function" href="classpesieve_1_1_thread_scan_report.html#af30839203957e838bc299232e05ab735">ThreadScanReport::translate_thread_state</a>(threadi.<a class="code hl_variable" href="structpesieve_1_1util_1_1__thread__info.html#aa8f037bcc48e97319145006c5ceef188">ext</a>.<a class="code hl_variable" href="structpesieve_1_1util_1_1__thread__info__ext.html#a64f10518106ade775aecd7f5c2caaf65">state</a>) &lt;&lt; <span class="stringliteral">&quot;]&quot;</span>;</div>
-<div class="line"><a id="l00412" name="l00412"></a><span class="lineno">  412</span>        <span class="keywordflow">if</span> (threadi.<a class="code hl_variable" href="structpesieve_1_1util_1_1__thread__info.html#aa8f037bcc48e97319145006c5ceef188">ext</a>.<a class="code hl_variable" href="structpesieve_1_1util_1_1__thread__info__ext.html#a64f10518106ade775aecd7f5c2caaf65">state</a> == Waiting) {</div>
-<div class="line"><a id="l00413" name="l00413"></a><span class="lineno">  413</span>            std::cout &lt;&lt; <span class="stringliteral">&quot; Reason: [&quot;</span> &lt;&lt; <a class="code hl_function" href="classpesieve_1_1_thread_scan_report.html#a6d190b1f19a3a9fe2c81cd18abb6a72f">ThreadScanReport::translate_wait_reason</a>(threadi.<a class="code hl_variable" href="structpesieve_1_1util_1_1__thread__info.html#aa8f037bcc48e97319145006c5ceef188">ext</a>.<a class="code hl_variable" href="structpesieve_1_1util_1_1__thread__info__ext.html#a389b5fb210ec491e9a7db99db5544928">wait_reason</a>) &lt;&lt; <span class="stringliteral">&quot;] Time: &quot;</span> &lt;&lt; threadi.<a class="code hl_variable" href="structpesieve_1_1util_1_1__thread__info.html#aa8f037bcc48e97319145006c5ceef188">ext</a>.<a class="code hl_variable" href="structpesieve_1_1util_1_1__thread__info__ext.html#adfe41a5fa3df04475f55ae54bf615e58">wait_time</a>;</div>
-<div class="line"><a id="l00414" name="l00414"></a><span class="lineno">  414</span>        }</div>
-<div class="line"><a id="l00415" name="l00415"></a><span class="lineno">  415</span>        std::cout &lt;&lt; <span class="stringliteral">&quot;\n&quot;</span>;</div>
-<div class="line"><a id="l00416" name="l00416"></a><span class="lineno">  416</span>    }</div>
-<div class="line"><a id="l00417" name="l00417"></a><span class="lineno">  417</span>    std::cout &lt;&lt; <span class="stringliteral">&quot;\n&quot;</span>;</div>
-<div class="line"><a id="l00418" name="l00418"></a><span class="lineno">  418</span>}</div>
+<div class="line"><a id="l00378" name="l00378"></a><span class="lineno">  378</span> </div>
+<div class="foldopen" id="foldopen00379" data-start="{" data-end="}">
+<div class="line"><a id="l00379" name="l00379"></a><span class="lineno"><a class="line" href="classpesieve_1_1_thread_scanner.html#ac35db3f1ec2765f9dda550b04f0cb9ee">  379</a></span><span class="keywordtype">bool</span> <a class="code hl_function" href="classpesieve_1_1_thread_scanner.html#ac35db3f1ec2765f9dda550b04f0cb9ee">pesieve::ThreadScanner::printResolvedAddr</a>(<span class="keyword">const</span> ULONGLONG addr)</div>
+<div class="line"><a id="l00380" name="l00380"></a><span class="lineno">  380</span>{</div>
+<div class="line"><a id="l00381" name="l00381"></a><span class="lineno">  381</span>    <span class="keywordtype">bool</span> is_resolved = <span class="keyword">false</span>;</div>
+<div class="line"><a id="l00382" name="l00382"></a><span class="lineno">  382</span>    std::cout &lt;&lt; std::hex &lt;&lt; addr;</div>
+<div class="line"><a id="l00383" name="l00383"></a><span class="lineno">  383</span>    <a class="code hl_class" href="classpesieve_1_1_scanned_module.html">ScannedModule</a>* mod = modulesInfo.findModuleContaining(addr);</div>
+<div class="line"><a id="l00384" name="l00384"></a><span class="lineno">  384</span>    <span class="keywordflow">if</span> (mod) {</div>
+<div class="line"><a id="l00385" name="l00385"></a><span class="lineno">  385</span>        std::cout &lt;&lt; <span class="stringliteral">&quot; : &quot;</span> &lt;&lt; mod-&gt;<a class="code hl_function" href="classpesieve_1_1_scanned_module.html#a032f8ad62f6bd513835a020fa8f55abb">getModName</a>();</div>
+<div class="line"><a id="l00386" name="l00386"></a><span class="lineno">  386</span>        is_resolved = <span class="keyword">true</span>;</div>
+<div class="line"><a id="l00387" name="l00387"></a><span class="lineno">  387</span>    }</div>
+<div class="line"><a id="l00388" name="l00388"></a><span class="lineno">  388</span>    <span class="keywordflow">if</span> (exportsMap &amp;&amp; is_resolved) {</div>
+<div class="line"><a id="l00389" name="l00389"></a><span class="lineno">  389</span>        <span class="keywordtype">bool</span> search_name = <span class="keyword">false</span>;</div>
+<div class="line"><a id="l00390" name="l00390"></a><span class="lineno">  390</span>        <span class="keywordflow">if</span> (mod-&gt;<a class="code hl_function" href="classpesieve_1_1_scanned_module.html#a032f8ad62f6bd513835a020fa8f55abb">getModName</a>() == <span class="stringliteral">&quot;ntdll.dll&quot;</span> || mod-&gt;<a class="code hl_function" href="classpesieve_1_1_scanned_module.html#a032f8ad62f6bd513835a020fa8f55abb">getModName</a>() == <span class="stringliteral">&quot;win32u.dll&quot;</span>) {</div>
+<div class="line"><a id="l00391" name="l00391"></a><span class="lineno">  391</span>            search_name = <span class="keyword">true</span>;</div>
+<div class="line"><a id="l00392" name="l00392"></a><span class="lineno">  392</span>        }</div>
+<div class="line"><a id="l00393" name="l00393"></a><span class="lineno">  393</span>        <span class="keywordflow">for</span> (<span class="keywordtype">size_t</span> i = 0; i &lt; 25; i++) {</div>
+<div class="line"><a id="l00394" name="l00394"></a><span class="lineno">  394</span>            <span class="keyword">const</span> peconv::ExportedFunc* exp = exportsMap-&gt;find_export_by_va(addr - i);</div>
+<div class="line"><a id="l00395" name="l00395"></a><span class="lineno">  395</span>            <span class="keywordflow">if</span> (exp) {</div>
+<div class="line"><a id="l00396" name="l00396"></a><span class="lineno">  396</span>                std::cout &lt;&lt; <span class="stringliteral">&quot; : &quot;</span> &lt;&lt; exp-&gt;toString();</div>
+<div class="line"><a id="l00397" name="l00397"></a><span class="lineno">  397</span>                is_resolved = <span class="keyword">true</span>;</div>
+<div class="line"><a id="l00398" name="l00398"></a><span class="lineno">  398</span>                <span class="keywordflow">break</span>;</div>
+<div class="line"><a id="l00399" name="l00399"></a><span class="lineno">  399</span>            }</div>
+<div class="line"><a id="l00400" name="l00400"></a><span class="lineno">  400</span>            <span class="keywordflow">if</span> (!search_name) {</div>
+<div class="line"><a id="l00401" name="l00401"></a><span class="lineno">  401</span>                <span class="keywordflow">break</span>;</div>
+<div class="line"><a id="l00402" name="l00402"></a><span class="lineno">  402</span>            }</div>
+<div class="line"><a id="l00403" name="l00403"></a><span class="lineno">  403</span>        }</div>
+<div class="line"><a id="l00404" name="l00404"></a><span class="lineno">  404</span>    }</div>
+<div class="line"><a id="l00405" name="l00405"></a><span class="lineno">  405</span>    std::cout &lt;&lt; std::endl;</div>
+<div class="line"><a id="l00406" name="l00406"></a><span class="lineno">  406</span>    <span class="keywordflow">return</span> is_resolved;</div>
+<div class="line"><a id="l00407" name="l00407"></a><span class="lineno">  407</span>}</div>
 </div>
-<div class="line"><a id="l00419" name="l00419"></a><span class="lineno">  419</span> </div>
-<div class="foldopen" id="foldopen00420" data-start="{" data-end="}">
-<div class="line"><a id="l00420" name="l00420"></a><span class="lineno"><a class="line" href="classpesieve_1_1_thread_scanner.html#a79df00ed9c178f7eab47cbb8ee43dd42">  420</a></span><span class="keywordtype">bool</span> <a class="code hl_function" href="classpesieve_1_1_thread_scanner.html#a79df00ed9c178f7eab47cbb8ee43dd42">pesieve::ThreadScanner::fillAreaStats</a>(<a class="code hl_class" href="classpesieve_1_1_thread_scan_report.html">ThreadScanReport</a>* my_report)</div>
-<div class="line"><a id="l00421" name="l00421"></a><span class="lineno">  421</span>{</div>
-<div class="line"><a id="l00422" name="l00422"></a><span class="lineno">  422</span>    <span class="keywordflow">if</span> (!my_report) <span class="keywordflow">return</span> <span class="keyword">false</span>;</div>
-<div class="line"><a id="l00423" name="l00423"></a><span class="lineno">  423</span> </div>
-<div class="line"><a id="l00424" name="l00424"></a><span class="lineno">  424</span>    ULONG_PTR end_va = (ULONG_PTR)my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a49bdf7d9e08c3b7ea427ccf1df2a15df">module</a> + my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a274ffb4b7c29b04c7b09852858540fac">moduleSize</a>;</div>
-<div class="line"><a id="l00425" name="l00425"></a><span class="lineno">  425</span>    <a class="code hl_class" href="classpesieve_1_1_mem_page_data.html">MemPageData</a> mem(this-&gt;processHandle, this-&gt;isReflection, (ULONG_PTR)my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a49bdf7d9e08c3b7ea427ccf1df2a15df">module</a>, end_va);</div>
-<div class="line"><a id="l00426" name="l00426"></a><span class="lineno">  426</span>    <span class="keywordflow">if</span> (!mem.<a class="code hl_function" href="classpesieve_1_1_mem_page_data.html#a59ed1087d268c1742139c7240ab5854f">fillInfo</a>() || !mem.<a class="code hl_function" href="classpesieve_1_1_mem_page_data.html#a01d3a9dc59b2965fa6defbc4dfda8524">load</a>()) {</div>
-<div class="line"><a id="l00427" name="l00427"></a><span class="lineno">  427</span>        <span class="keywordflow">return</span> <span class="keyword">false</span>;</div>
-<div class="line"><a id="l00428" name="l00428"></a><span class="lineno">  428</span>    }</div>
-<div class="line"><a id="l00429" name="l00429"></a><span class="lineno">  429</span>    <a class="code hl_class" href="classpesieve_1_1_area_stats_calculator.html">AreaStatsCalculator</a> calc(mem.<a class="code hl_variable" href="classpesieve_1_1_mem_page_data.html#a1a846ed452227d685a50a72ea516d0f9">loadedData</a>);</div>
-<div class="line"><a id="l00430" name="l00430"></a><span class="lineno">  430</span>    <span class="keywordflow">return</span> calc.<a class="code hl_function" href="classpesieve_1_1_area_stats_calculator.html#a5f85d093b7ddc31bb358a19917f6b4c2">fill</a>(my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_thread_scan_report.html#a00f0b36826c124dc6be154f0cdeb7f83">stats</a>, <span class="keyword">nullptr</span>);</div>
-<div class="line"><a id="l00431" name="l00431"></a><span class="lineno">  431</span>}</div>
+<div class="line"><a id="l00408" name="l00408"></a><span class="lineno">  408</span> </div>
+<div class="foldopen" id="foldopen00409" data-start="{" data-end="}">
+<div class="line"><a id="l00409" name="l00409"></a><span class="lineno"><a class="line" href="classpesieve_1_1_thread_scanner.html#a75c0be0ec6ea82b700f3ca5e846a0675">  409</a></span><span class="keywordtype">void</span> <a class="code hl_function" href="classpesieve_1_1_thread_scanner.html#a75c0be0ec6ea82b700f3ca5e846a0675">pesieve::ThreadScanner::printThreadInfo</a>(<span class="keyword">const</span> <a class="code hl_struct" href="structpesieve_1_1util_1_1__thread__info.html">pesieve::util::thread_info</a>&amp; threadi)</div>
+<div class="line"><a id="l00410" name="l00410"></a><span class="lineno">  410</span>{</div>
+<div class="line"><a id="l00411" name="l00411"></a><span class="lineno">  411</span>    std::cout &lt;&lt; std::dec &lt;&lt; <span class="stringliteral">&quot;TID: &quot;</span> &lt;&lt; threadi.<a class="code hl_variable" href="structpesieve_1_1util_1_1__thread__info.html#a390c3d14815d2aaaf625f9fc16f6f01b">tid</a> &lt;&lt; <span class="stringliteral">&quot;\n&quot;</span>;</div>
+<div class="line"><a id="l00412" name="l00412"></a><span class="lineno">  412</span>    std::cout &lt;&lt; std::hex &lt;&lt; <span class="stringliteral">&quot;\tStart   : &quot;</span>;</div>
+<div class="line"><a id="l00413" name="l00413"></a><span class="lineno">  413</span>    printResolvedAddr(threadi.<a class="code hl_variable" href="structpesieve_1_1util_1_1__thread__info.html#a2d408cca43d2e48530d63c394755e96b">start_addr</a>);</div>
+<div class="line"><a id="l00414" name="l00414"></a><span class="lineno">  414</span> </div>
+<div class="line"><a id="l00415" name="l00415"></a><span class="lineno">  415</span>    <span class="keywordflow">if</span> (threadi.<a class="code hl_variable" href="structpesieve_1_1util_1_1__thread__info.html#a8ec77c6fa5aa1dc71802d52afdc37386">is_extended</a>) {</div>
+<div class="line"><a id="l00416" name="l00416"></a><span class="lineno">  416</span>        std::cout &lt;&lt; std::hex &lt;&lt; <span class="stringliteral">&quot;\tSysStart: &quot;</span>;</div>
+<div class="line"><a id="l00417" name="l00417"></a><span class="lineno">  417</span>        printResolvedAddr(threadi.<a class="code hl_variable" href="structpesieve_1_1util_1_1__thread__info.html#aa8f037bcc48e97319145006c5ceef188">ext</a>.<a class="code hl_variable" href="structpesieve_1_1util_1_1__thread__info__ext.html#a015d9ec862bebffabeeea74cc94c6c03">sys_start_addr</a>);</div>
+<div class="line"><a id="l00418" name="l00418"></a><span class="lineno">  418</span>        <span class="keywordflow">if</span> (threadi.<a class="code hl_variable" href="structpesieve_1_1util_1_1__thread__info.html#a86d6cd2d927a54e2541f0915ffdc03c1">last_syscall</a> != <a class="code hl_define" href="threads__util_8h.html#aab88471ac182a9537e03a6724162d96d">INVALID_SYSCALL</a>) {</div>
+<div class="line"><a id="l00419" name="l00419"></a><span class="lineno">  419</span>            std::cout &lt;&lt; <span class="stringliteral">&quot;\tLast Syscall: &quot;</span> &lt;&lt; std::hex &lt;&lt; threadi.<a class="code hl_variable" href="structpesieve_1_1util_1_1__thread__info.html#a86d6cd2d927a54e2541f0915ffdc03c1">last_syscall</a> &lt;&lt; <span class="stringliteral">&quot; Func: &quot;</span> &lt;&lt; <a class="code hl_variable" href="pe__sieve_8cpp.html#ad9b41a5c4eaa3b01ef3ad5301c987c77">g_SyscallTable</a>.<a class="code hl_function" href="structpesieve_1_1_syscall_table.html#a8861442dc69bfcc4bdd042cee33d444b">getSyscallName</a>(threadi.<a class="code hl_variable" href="structpesieve_1_1util_1_1__thread__info.html#a86d6cd2d927a54e2541f0915ffdc03c1">last_syscall</a>) &lt;&lt; std::endl;</div>
+<div class="line"><a id="l00420" name="l00420"></a><span class="lineno">  420</span>        }</div>
+<div class="line"><a id="l00421" name="l00421"></a><span class="lineno">  421</span>        std::cout &lt;&lt; <span class="stringliteral">&quot;\tState: [&quot;</span> &lt;&lt; <a class="code hl_function" href="classpesieve_1_1_thread_scan_report.html#af30839203957e838bc299232e05ab735">ThreadScanReport::translate_thread_state</a>(threadi.<a class="code hl_variable" href="structpesieve_1_1util_1_1__thread__info.html#aa8f037bcc48e97319145006c5ceef188">ext</a>.<a class="code hl_variable" href="structpesieve_1_1util_1_1__thread__info__ext.html#a64f10518106ade775aecd7f5c2caaf65">state</a>) &lt;&lt; <span class="stringliteral">&quot;]&quot;</span>;</div>
+<div class="line"><a id="l00422" name="l00422"></a><span class="lineno">  422</span>        <span class="keywordflow">if</span> (threadi.<a class="code hl_variable" href="structpesieve_1_1util_1_1__thread__info.html#aa8f037bcc48e97319145006c5ceef188">ext</a>.<a class="code hl_variable" href="structpesieve_1_1util_1_1__thread__info__ext.html#a64f10518106ade775aecd7f5c2caaf65">state</a> == Waiting) {</div>
+<div class="line"><a id="l00423" name="l00423"></a><span class="lineno">  423</span>            std::cout &lt;&lt; <span class="stringliteral">&quot; Reason: [&quot;</span> &lt;&lt; <a class="code hl_function" href="classpesieve_1_1_thread_scan_report.html#a6d190b1f19a3a9fe2c81cd18abb6a72f">ThreadScanReport::translate_wait_reason</a>(threadi.<a class="code hl_variable" href="structpesieve_1_1util_1_1__thread__info.html#aa8f037bcc48e97319145006c5ceef188">ext</a>.<a class="code hl_variable" href="structpesieve_1_1util_1_1__thread__info__ext.html#a389b5fb210ec491e9a7db99db5544928">wait_reason</a>) &lt;&lt; <span class="stringliteral">&quot;] Time: &quot;</span> &lt;&lt; threadi.<a class="code hl_variable" href="structpesieve_1_1util_1_1__thread__info.html#aa8f037bcc48e97319145006c5ceef188">ext</a>.<a class="code hl_variable" href="structpesieve_1_1util_1_1__thread__info__ext.html#adfe41a5fa3df04475f55ae54bf615e58">wait_time</a>;</div>
+<div class="line"><a id="l00424" name="l00424"></a><span class="lineno">  424</span>        }</div>
+<div class="line"><a id="l00425" name="l00425"></a><span class="lineno">  425</span>        std::cout &lt;&lt; <span class="stringliteral">&quot;\n&quot;</span>;</div>
+<div class="line"><a id="l00426" name="l00426"></a><span class="lineno">  426</span>    }</div>
+<div class="line"><a id="l00427" name="l00427"></a><span class="lineno">  427</span>    std::cout &lt;&lt; <span class="stringliteral">&quot;\n&quot;</span>;</div>
+<div class="line"><a id="l00428" name="l00428"></a><span class="lineno">  428</span>}</div>
 </div>
-<div class="line"><a id="l00432" name="l00432"></a><span class="lineno">  432</span> </div>
-<div class="foldopen" id="foldopen00433" data-start="{" data-end="}">
-<div class="line"><a id="l00433" name="l00433"></a><span class="lineno"><a class="line" href="classpesieve_1_1_thread_scanner.html#a36850edb808d4be733631fa2bcd3b7b4">  433</a></span><span class="keywordtype">bool</span> <a class="code hl_function" href="classpesieve_1_1_thread_scanner.html#a36850edb808d4be733631fa2bcd3b7b4">pesieve::ThreadScanner::reportSuspiciousAddr</a>(<a class="code hl_class" href="classpesieve_1_1_thread_scan_report.html">ThreadScanReport</a>* my_report, ULONGLONG susp_addr)</div>
-<div class="line"><a id="l00434" name="l00434"></a><span class="lineno">  434</span>{</div>
-<div class="line"><a id="l00435" name="l00435"></a><span class="lineno">  435</span>    MEMORY_BASIC_INFORMATION page_info = { 0 };</div>
-<div class="line"><a id="l00436" name="l00436"></a><span class="lineno">  436</span>    <span class="keywordflow">if</span> (!<a class="code hl_function" href="thread__scanner_8cpp.html#a7b9ade21d4de016d2a048bf6cc42dbc0">get_page_details</a>(processHandle, (LPVOID)susp_addr, page_info)) {</div>
+<div class="line"><a id="l00429" name="l00429"></a><span class="lineno">  429</span> </div>
+<div class="foldopen" id="foldopen00430" data-start="{" data-end="}">
+<div class="line"><a id="l00430" name="l00430"></a><span class="lineno"><a class="line" href="classpesieve_1_1_thread_scanner.html#a79df00ed9c178f7eab47cbb8ee43dd42">  430</a></span><span class="keywordtype">bool</span> <a class="code hl_function" href="classpesieve_1_1_thread_scanner.html#a79df00ed9c178f7eab47cbb8ee43dd42">pesieve::ThreadScanner::fillAreaStats</a>(<a class="code hl_class" href="classpesieve_1_1_thread_scan_report.html">ThreadScanReport</a>* my_report)</div>
+<div class="line"><a id="l00431" name="l00431"></a><span class="lineno">  431</span>{</div>
+<div class="line"><a id="l00432" name="l00432"></a><span class="lineno">  432</span>    <span class="keywordflow">if</span> (!my_report) <span class="keywordflow">return</span> <span class="keyword">false</span>;</div>
+<div class="line"><a id="l00433" name="l00433"></a><span class="lineno">  433</span> </div>
+<div class="line"><a id="l00434" name="l00434"></a><span class="lineno">  434</span>    ULONG_PTR end_va = (ULONG_PTR)my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a49bdf7d9e08c3b7ea427ccf1df2a15df">module</a> + my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a274ffb4b7c29b04c7b09852858540fac">moduleSize</a>;</div>
+<div class="line"><a id="l00435" name="l00435"></a><span class="lineno">  435</span>    <a class="code hl_class" href="classpesieve_1_1_mem_page_data.html">MemPageData</a> mem(this-&gt;processHandle, this-&gt;isReflection, (ULONG_PTR)my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a49bdf7d9e08c3b7ea427ccf1df2a15df">module</a>, end_va);</div>
+<div class="line"><a id="l00436" name="l00436"></a><span class="lineno">  436</span>    <span class="keywordflow">if</span> (!mem.<a class="code hl_function" href="classpesieve_1_1_mem_page_data.html#a59ed1087d268c1742139c7240ab5854f">fillInfo</a>() || !mem.<a class="code hl_function" href="classpesieve_1_1_mem_page_data.html#a01d3a9dc59b2965fa6defbc4dfda8524">load</a>()) {</div>
 <div class="line"><a id="l00437" name="l00437"></a><span class="lineno">  437</span>        <span class="keywordflow">return</span> <span class="keyword">false</span>;</div>
 <div class="line"><a id="l00438" name="l00438"></a><span class="lineno">  438</span>    }</div>
-<div class="line"><a id="l00439" name="l00439"></a><span class="lineno">  439</span>    <span class="keywordflow">if</span> (page_info.State &amp; MEM_FREE) {</div>
-<div class="line"><a id="l00440" name="l00440"></a><span class="lineno">  440</span>        <span class="keywordflow">return</span> <span class="keyword">false</span>;</div>
-<div class="line"><a id="l00441" name="l00441"></a><span class="lineno">  441</span>    }</div>
-<div class="line"><a id="l00442" name="l00442"></a><span class="lineno">  442</span>    ULONGLONG base = (ULONGLONG)page_info.BaseAddress;</div>
-<div class="line"><a id="l00443" name="l00443"></a><span class="lineno">  443</span>    <span class="keywordflow">if</span> (this-&gt;<a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.is_extended) {</div>
-<div class="line"><a id="l00444" name="l00444"></a><span class="lineno">  444</span>        my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_thread_scan_report.html#aa4cc4cdcfd7be649a00dd57d46b70317">thread_state</a> = <a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.ext.state;</div>
-<div class="line"><a id="l00445" name="l00445"></a><span class="lineno">  445</span>        my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_thread_scan_report.html#acfe24bd84475b4de990f163e131a99e4">thread_wait_reason</a> = <a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.ext.wait_reason;</div>
-<div class="line"><a id="l00446" name="l00446"></a><span class="lineno">  446</span>        my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_thread_scan_report.html#a426ff44e71530e3f96236540d62d21e4">thread_wait_time</a> = <a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.ext.wait_time;</div>
-<div class="line"><a id="l00447" name="l00447"></a><span class="lineno">  447</span>    }</div>
-<div class="line"><a id="l00448" name="l00448"></a><span class="lineno">  448</span>    my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a49bdf7d9e08c3b7ea427ccf1df2a15df">module</a> = (HMODULE)base;</div>
-<div class="line"><a id="l00449" name="l00449"></a><span class="lineno">  449</span>    my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a274ffb4b7c29b04c7b09852858540fac">moduleSize</a> = page_info.RegionSize;</div>
-<div class="line"><a id="l00450" name="l00450"></a><span class="lineno">  450</span>    my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_thread_scan_report.html#a5419a44653c87acb8b8b49a53a2e67eb">protection</a> = page_info.AllocationProtect;</div>
-<div class="line"><a id="l00451" name="l00451"></a><span class="lineno">  451</span> </div>
-<div class="line"><a id="l00452" name="l00452"></a><span class="lineno">  452</span>    my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_thread_scan_report.html#a5a930aaa32e9de46d95b25018a373cbc">susp_addr</a> = susp_addr;</div>
-<div class="line"><a id="l00453" name="l00453"></a><span class="lineno">  453</span>    my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a10b0bdf16cb9e7af32e1ab9b35532f68">status</a> = <a class="code hl_enumvalue" href="namespacepesieve.html#a458a4723ce4aa55fd1033f3e36381883aa8e008219c2ccce11f9d85b511f9b5a6">SCAN_SUSPICIOUS</a>;</div>
-<div class="line"><a id="l00454" name="l00454"></a><span class="lineno">  454</span>    <span class="keyword">const</span> <span class="keywordtype">bool</span> isStatFilled = fillAreaStats(my_report);</div>
-<div class="line"><a id="l00455" name="l00455"></a><span class="lineno">  455</span><span class="preprocessor">#ifndef NO_ENTROPY_CHECK</span></div>
-<div class="line"><a id="l00456" name="l00456"></a><span class="lineno">  456</span>    <span class="keywordflow">if</span> (isStatFilled &amp;&amp; (my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_thread_scan_report.html#a00f0b36826c124dc6be154f0cdeb7f83">stats</a>.<a class="code hl_variable" href="classpesieve_1_1_area_entropy_stats.html#a82df077a940d6870308d72ba39cbeec2">entropy</a> &lt; <a class="code hl_define" href="thread__scanner_8cpp.html#acaf6cb2ff8299b9b3c55905f936d38a9">ENTROPY_TRESHOLD</a>)) {</div>
-<div class="line"><a id="l00457" name="l00457"></a><span class="lineno">  457</span>        my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a10b0bdf16cb9e7af32e1ab9b35532f68">status</a> = <a class="code hl_enumvalue" href="namespacepesieve.html#a458a4723ce4aa55fd1033f3e36381883a898214572c7aff1aca29db4a3ec9856d">SCAN_NOT_SUSPICIOUS</a>;</div>
-<div class="line"><a id="l00458" name="l00458"></a><span class="lineno">  458</span>    }</div>
-<div class="line"><a id="l00459" name="l00459"></a><span class="lineno">  459</span><span class="preprocessor">#endif</span></div>
-<div class="line"><a id="l00460" name="l00460"></a><span class="lineno">  460</span>    <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
-<div class="line"><a id="l00461" name="l00461"></a><span class="lineno">  461</span>}</div>
+<div class="line"><a id="l00439" name="l00439"></a><span class="lineno">  439</span>    <a class="code hl_class" href="classpesieve_1_1_area_stats_calculator.html">AreaStatsCalculator</a> calc(mem.<a class="code hl_variable" href="classpesieve_1_1_mem_page_data.html#a1a846ed452227d685a50a72ea516d0f9">loadedData</a>);</div>
+<div class="line"><a id="l00440" name="l00440"></a><span class="lineno">  440</span>    <span class="keywordflow">return</span> calc.<a class="code hl_function" href="classpesieve_1_1_area_stats_calculator.html#a5f85d093b7ddc31bb358a19917f6b4c2">fill</a>(my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_thread_scan_report.html#a00f0b36826c124dc6be154f0cdeb7f83">stats</a>, <span class="keyword">nullptr</span>);</div>
+<div class="line"><a id="l00441" name="l00441"></a><span class="lineno">  441</span>}</div>
 </div>
-<div class="line"><a id="l00462" name="l00462"></a><span class="lineno">  462</span> </div>
-<div class="line"><a id="l00463" name="l00463"></a><span class="lineno">  463</span><span class="comment">// if extended info given, allow to filter out from the scan basing on the thread state and conditions</span></div>
-<div class="foldopen" id="foldopen00464" data-start="{" data-end="}">
-<div class="line"><a id="l00464" name="l00464"></a><span class="lineno"><a class="line" href="thread__scanner_8cpp.html#acde231c42b9527dcc026402dcb8b9d87">  464</a></span><span class="keywordtype">bool</span> <a class="code hl_function" href="thread__scanner_8cpp.html#acde231c42b9527dcc026402dcb8b9d87">should_scan_context</a>(<span class="keyword">const</span> <a class="code hl_struct" href="structpesieve_1_1util_1_1__thread__info.html">util::thread_info</a>&amp; <a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>)</div>
-<div class="line"><a id="l00465" name="l00465"></a><span class="lineno">  465</span>{</div>
-<div class="line"><a id="l00466" name="l00466"></a><span class="lineno">  466</span>    <span class="keywordflow">if</span> (!<a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.is_extended) {</div>
-<div class="line"><a id="l00467" name="l00467"></a><span class="lineno">  467</span>        <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
+<div class="line"><a id="l00442" name="l00442"></a><span class="lineno">  442</span> </div>
+<div class="foldopen" id="foldopen00443" data-start="{" data-end="}">
+<div class="line"><a id="l00443" name="l00443"></a><span class="lineno"><a class="line" href="classpesieve_1_1_thread_scanner.html#a36850edb808d4be733631fa2bcd3b7b4">  443</a></span><span class="keywordtype">bool</span> <a class="code hl_function" href="classpesieve_1_1_thread_scanner.html#a36850edb808d4be733631fa2bcd3b7b4">pesieve::ThreadScanner::reportSuspiciousAddr</a>(<a class="code hl_class" href="classpesieve_1_1_thread_scan_report.html">ThreadScanReport</a>* my_report, ULONGLONG susp_addr)</div>
+<div class="line"><a id="l00444" name="l00444"></a><span class="lineno">  444</span>{</div>
+<div class="line"><a id="l00445" name="l00445"></a><span class="lineno">  445</span>    MEMORY_BASIC_INFORMATION page_info = { 0 };</div>
+<div class="line"><a id="l00446" name="l00446"></a><span class="lineno">  446</span>    <span class="keywordflow">if</span> (!<a class="code hl_function" href="thread__scanner_8cpp.html#a7b9ade21d4de016d2a048bf6cc42dbc0">get_page_details</a>(processHandle, (LPVOID)susp_addr, page_info)) {</div>
+<div class="line"><a id="l00447" name="l00447"></a><span class="lineno">  447</span>        <span class="keywordflow">return</span> <span class="keyword">false</span>;</div>
+<div class="line"><a id="l00448" name="l00448"></a><span class="lineno">  448</span>    }</div>
+<div class="line"><a id="l00449" name="l00449"></a><span class="lineno">  449</span>    <span class="keywordflow">if</span> (page_info.State &amp; MEM_FREE) {</div>
+<div class="line"><a id="l00450" name="l00450"></a><span class="lineno">  450</span>        <span class="keywordflow">return</span> <span class="keyword">false</span>;</div>
+<div class="line"><a id="l00451" name="l00451"></a><span class="lineno">  451</span>    }</div>
+<div class="line"><a id="l00452" name="l00452"></a><span class="lineno">  452</span>    ULONGLONG base = (ULONGLONG)page_info.BaseAddress;</div>
+<div class="line"><a id="l00453" name="l00453"></a><span class="lineno">  453</span>    <span class="keywordflow">if</span> (this-&gt;<a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.is_extended) {</div>
+<div class="line"><a id="l00454" name="l00454"></a><span class="lineno">  454</span>        my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_thread_scan_report.html#aa4cc4cdcfd7be649a00dd57d46b70317">thread_state</a> = <a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.ext.state;</div>
+<div class="line"><a id="l00455" name="l00455"></a><span class="lineno">  455</span>        my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_thread_scan_report.html#acfe24bd84475b4de990f163e131a99e4">thread_wait_reason</a> = <a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.ext.wait_reason;</div>
+<div class="line"><a id="l00456" name="l00456"></a><span class="lineno">  456</span>        my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_thread_scan_report.html#a426ff44e71530e3f96236540d62d21e4">thread_wait_time</a> = <a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.ext.wait_time;</div>
+<div class="line"><a id="l00457" name="l00457"></a><span class="lineno">  457</span>    }</div>
+<div class="line"><a id="l00458" name="l00458"></a><span class="lineno">  458</span>    my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a49bdf7d9e08c3b7ea427ccf1df2a15df">module</a> = (HMODULE)base;</div>
+<div class="line"><a id="l00459" name="l00459"></a><span class="lineno">  459</span>    my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a274ffb4b7c29b04c7b09852858540fac">moduleSize</a> = page_info.RegionSize;</div>
+<div class="line"><a id="l00460" name="l00460"></a><span class="lineno">  460</span>    my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_thread_scan_report.html#a5419a44653c87acb8b8b49a53a2e67eb">protection</a> = page_info.AllocationProtect;</div>
+<div class="line"><a id="l00461" name="l00461"></a><span class="lineno">  461</span> </div>
+<div class="line"><a id="l00462" name="l00462"></a><span class="lineno">  462</span>    my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_thread_scan_report.html#a5a930aaa32e9de46d95b25018a373cbc">susp_addr</a> = susp_addr;</div>
+<div class="line"><a id="l00463" name="l00463"></a><span class="lineno">  463</span>    my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a10b0bdf16cb9e7af32e1ab9b35532f68">status</a> = <a class="code hl_enumvalue" href="namespacepesieve.html#a458a4723ce4aa55fd1033f3e36381883aa8e008219c2ccce11f9d85b511f9b5a6">SCAN_SUSPICIOUS</a>;</div>
+<div class="line"><a id="l00464" name="l00464"></a><span class="lineno">  464</span>    <span class="keyword">const</span> <span class="keywordtype">bool</span> isStatFilled = fillAreaStats(my_report);</div>
+<div class="line"><a id="l00465" name="l00465"></a><span class="lineno">  465</span><span class="preprocessor">#ifndef NO_ENTROPY_CHECK</span></div>
+<div class="line"><a id="l00466" name="l00466"></a><span class="lineno">  466</span>    <span class="keywordflow">if</span> (isStatFilled &amp;&amp; (my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_thread_scan_report.html#a00f0b36826c124dc6be154f0cdeb7f83">stats</a>.<a class="code hl_variable" href="classpesieve_1_1_area_entropy_stats.html#a82df077a940d6870308d72ba39cbeec2">entropy</a> &lt; <a class="code hl_define" href="thread__scanner_8cpp.html#acaf6cb2ff8299b9b3c55905f936d38a9">ENTROPY_TRESHOLD</a>)) {</div>
+<div class="line"><a id="l00467" name="l00467"></a><span class="lineno">  467</span>        my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a10b0bdf16cb9e7af32e1ab9b35532f68">status</a> = <a class="code hl_enumvalue" href="namespacepesieve.html#a458a4723ce4aa55fd1033f3e36381883a898214572c7aff1aca29db4a3ec9856d">SCAN_NOT_SUSPICIOUS</a>;</div>
 <div class="line"><a id="l00468" name="l00468"></a><span class="lineno">  468</span>    }</div>
-<div class="line"><a id="l00469" name="l00469"></a><span class="lineno">  469</span>    <span class="keyword">const</span> KTHREAD_STATE state = (KTHREAD_STATE)<a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.ext.state;</div>
-<div class="line"><a id="l00470" name="l00470"></a><span class="lineno">  470</span>    <span class="keywordflow">if</span> (state == Ready) {</div>
-<div class="line"><a id="l00471" name="l00471"></a><span class="lineno">  471</span>        <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
-<div class="line"><a id="l00472" name="l00472"></a><span class="lineno">  472</span>    }</div>
-<div class="line"><a id="l00473" name="l00473"></a><span class="lineno">  473</span>    <span class="keywordflow">if</span> (state == Terminated) {</div>
-<div class="line"><a id="l00474" name="l00474"></a><span class="lineno">  474</span>        <span class="keywordflow">return</span> <span class="keyword">false</span>;</div>
-<div class="line"><a id="l00475" name="l00475"></a><span class="lineno">  475</span>    }</div>
-<div class="line"><a id="l00476" name="l00476"></a><span class="lineno">  476</span>    <span class="keywordflow">if</span> (state == Waiting &amp;&amp; <a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.ext.wait_reason &lt;= WrQueue) {</div>
+<div class="line"><a id="l00469" name="l00469"></a><span class="lineno">  469</span><span class="preprocessor">#endif</span></div>
+<div class="line"><a id="l00470" name="l00470"></a><span class="lineno">  470</span>    <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
+<div class="line"><a id="l00471" name="l00471"></a><span class="lineno">  471</span>}</div>
+</div>
+<div class="line"><a id="l00472" name="l00472"></a><span class="lineno">  472</span> </div>
+<div class="line"><a id="l00473" name="l00473"></a><span class="lineno">  473</span><span class="comment">// if extended info given, allow to filter out from the scan basing on the thread state and conditions</span></div>
+<div class="foldopen" id="foldopen00474" data-start="{" data-end="}">
+<div class="line"><a id="l00474" name="l00474"></a><span class="lineno"><a class="line" href="thread__scanner_8cpp.html#acde231c42b9527dcc026402dcb8b9d87">  474</a></span><span class="keywordtype">bool</span> <a class="code hl_function" href="thread__scanner_8cpp.html#acde231c42b9527dcc026402dcb8b9d87">should_scan_context</a>(<span class="keyword">const</span> <a class="code hl_struct" href="structpesieve_1_1util_1_1__thread__info.html">util::thread_info</a>&amp; <a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>)</div>
+<div class="line"><a id="l00475" name="l00475"></a><span class="lineno">  475</span>{</div>
+<div class="line"><a id="l00476" name="l00476"></a><span class="lineno">  476</span>    <span class="keywordflow">if</span> (!<a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.is_extended) {</div>
 <div class="line"><a id="l00477" name="l00477"></a><span class="lineno">  477</span>        <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
 <div class="line"><a id="l00478" name="l00478"></a><span class="lineno">  478</span>    }</div>
-<div class="line"><a id="l00479" name="l00479"></a><span class="lineno">  479</span>    <span class="keywordflow">return</span> <span class="keyword">false</span>;</div>
-<div class="line"><a id="l00480" name="l00480"></a><span class="lineno">  480</span>}</div>
-</div>
-<div class="line"><a id="l00481" name="l00481"></a><span class="lineno">  481</span> </div>
-<div class="foldopen" id="foldopen00482" data-start="{" data-end="}">
-<div class="line"><a id="l00482" name="l00482"></a><span class="lineno"><a class="line" href="classpesieve_1_1_thread_scanner.html#ae1bd5026205bae8766930b5d26c7cedf">  482</a></span><span class="keywordtype">bool</span> <a class="code hl_function" href="classpesieve_1_1_thread_scanner.html#ae1bd5026205bae8766930b5d26c7cedf">pesieve::ThreadScanner::scanRemoteThreadCtx</a>(HANDLE hThread, <a class="code hl_class" href="classpesieve_1_1_thread_scan_report.html">ThreadScanReport</a>* my_report)</div>
-<div class="line"><a id="l00483" name="l00483"></a><span class="lineno">  483</span>{</div>
-<div class="line"><a id="l00484" name="l00484"></a><span class="lineno">  484</span>    <span class="keyword">const</span> DWORD tid = GetThreadId(hThread);</div>
-<div class="line"><a id="l00485" name="l00485"></a><span class="lineno">  485</span>    <a class="code hl_struct" href="structpesieve_1_1__ctx__details.html">ctx_details</a> cDetails = { 0 };</div>
-<div class="line"><a id="l00486" name="l00486"></a><span class="lineno">  486</span>    <span class="keyword">const</span> <span class="keywordtype">bool</span> is_ok = fetchThreadCtxDetails(processHandle, hThread, cDetails);</div>
-<div class="line"><a id="l00487" name="l00487"></a><span class="lineno">  487</span> </div>
-<div class="line"><a id="l00488" name="l00488"></a><span class="lineno">  488</span>    <span class="keywordflow">if</span> (!<a class="code hl_function" href="namespacepesieve.html#a7c9c19e3f0ce1362c7e404893a1163f6">pesieve::is_thread_running</a>(hThread)) {</div>
-<div class="line"><a id="l00489" name="l00489"></a><span class="lineno">  489</span>        my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a10b0bdf16cb9e7af32e1ab9b35532f68">status</a> = <a class="code hl_enumvalue" href="namespacepesieve.html#a458a4723ce4aa55fd1033f3e36381883a898214572c7aff1aca29db4a3ec9856d">SCAN_NOT_SUSPICIOUS</a>;</div>
-<div class="line"><a id="l00490" name="l00490"></a><span class="lineno">  490</span>        <span class="keywordflow">return</span> <span class="keyword">false</span>;</div>
-<div class="line"><a id="l00491" name="l00491"></a><span class="lineno">  491</span>    }</div>
-<div class="line"><a id="l00492" name="l00492"></a><span class="lineno">  492</span> </div>
-<div class="line"><a id="l00493" name="l00493"></a><span class="lineno">  493</span>    <span class="keywordflow">if</span> (!is_ok) {</div>
-<div class="line"><a id="l00494" name="l00494"></a><span class="lineno">  494</span>        <span class="comment">// could not fetch the thread context and information</span></div>
-<div class="line"><a id="l00495" name="l00495"></a><span class="lineno">  495</span>        my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a10b0bdf16cb9e7af32e1ab9b35532f68">status</a> = <a class="code hl_enumvalue" href="namespacepesieve.html#a458a4723ce4aa55fd1033f3e36381883ab619b7720957ba16403f9eb619bba747">SCAN_ERROR</a>;</div>
-<div class="line"><a id="l00496" name="l00496"></a><span class="lineno">  496</span>        <span class="keywordflow">return</span> <span class="keyword">false</span>;</div>
-<div class="line"><a id="l00497" name="l00497"></a><span class="lineno">  497</span>    }</div>
-<div class="line"><a id="l00498" name="l00498"></a><span class="lineno">  498</span> </div>
-<div class="line"><a id="l00499" name="l00499"></a><span class="lineno">  499</span>    <span class="keywordtype">bool</span> is_shc = isAddrInShellcode(cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#a6dc0bc061045467c3d71b6644adf68b4">rip</a>);</div>
-<div class="line"><a id="l00500" name="l00500"></a><span class="lineno">  500</span>    <span class="keywordflow">if</span> (is_shc) {</div>
-<div class="line"><a id="l00501" name="l00501"></a><span class="lineno">  501</span>        <span class="keywordflow">if</span> (reportSuspiciousAddr(my_report, cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#a6dc0bc061045467c3d71b6644adf68b4">rip</a>)) {</div>
-<div class="line"><a id="l00502" name="l00502"></a><span class="lineno">  502</span>            <span class="keywordflow">if</span> (my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a10b0bdf16cb9e7af32e1ab9b35532f68">status</a> == <a class="code hl_enumvalue" href="namespacepesieve.html#a458a4723ce4aa55fd1033f3e36381883aa8e008219c2ccce11f9d85b511f9b5a6">SCAN_SUSPICIOUS</a>) {</div>
-<div class="line"><a id="l00503" name="l00503"></a><span class="lineno">  503</span>                <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
-<div class="line"><a id="l00504" name="l00504"></a><span class="lineno">  504</span>            }</div>
-<div class="line"><a id="l00505" name="l00505"></a><span class="lineno">  505</span>        }</div>
-<div class="line"><a id="l00506" name="l00506"></a><span class="lineno">  506</span>    }</div>
-<div class="line"><a id="l00507" name="l00507"></a><span class="lineno">  507</span> </div>
-<div class="line"><a id="l00508" name="l00508"></a><span class="lineno">  508</span>    <span class="keywordflow">for</span> (<span class="keyword">auto</span> itr = cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#a44ca7a32918f0eab5a8d9cf14080e0c0">shcCandidates</a>.begin(); itr != cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#a44ca7a32918f0eab5a8d9cf14080e0c0">shcCandidates</a>.end(); ++itr) {</div>
-<div class="line"><a id="l00509" name="l00509"></a><span class="lineno">  509</span>        <span class="keyword">const</span> ULONGLONG addr = *itr;</div>
-<div class="line"><a id="l00510" name="l00510"></a><span class="lineno">  510</span><span class="preprocessor">#ifdef _SHOW_THREAD_INFO</span></div>
-<div class="line"><a id="l00511" name="l00511"></a><span class="lineno">  511</span>        std::cout &lt;&lt; <span class="stringliteral">&quot;Checking shc candidate: &quot;</span> &lt;&lt; std::hex &lt;&lt; addr &lt;&lt; <span class="stringliteral">&quot;\n&quot;</span>;</div>
-<div class="line"><a id="l00512" name="l00512"></a><span class="lineno">  512</span><span class="preprocessor">#endif </span><span class="comment">//_SHOW_THREAD_INFO</span></div>
-<div class="line"><a id="l00513" name="l00513"></a><span class="lineno">  513</span>        <span class="comment">//automatically verifies if the address is legit:</span></div>
-<div class="line"><a id="l00514" name="l00514"></a><span class="lineno">  514</span>        <span class="keywordflow">if</span> (reportSuspiciousAddr(my_report, addr)) {</div>
-<div class="line"><a id="l00515" name="l00515"></a><span class="lineno">  515</span>            <span class="keywordflow">if</span> (my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a10b0bdf16cb9e7af32e1ab9b35532f68">status</a> == <a class="code hl_enumvalue" href="namespacepesieve.html#a458a4723ce4aa55fd1033f3e36381883aa8e008219c2ccce11f9d85b511f9b5a6">SCAN_SUSPICIOUS</a>) {</div>
-<div class="line"><a id="l00516" name="l00516"></a><span class="lineno">  516</span><span class="preprocessor">#ifdef _SHOW_THREAD_INFO</span></div>
-<div class="line"><a id="l00517" name="l00517"></a><span class="lineno">  517</span>                std::cout &lt;&lt; <span class="stringliteral">&quot;Found! &quot;</span> &lt;&lt; std::hex &lt;&lt; addr &lt;&lt; <span class="stringliteral">&quot;\n&quot;</span>;</div>
-<div class="line"><a id="l00518" name="l00518"></a><span class="lineno">  518</span><span class="preprocessor">#endif </span><span class="comment">//_SHOW_THREAD_INFO</span></div>
-<div class="line"><a id="l00519" name="l00519"></a><span class="lineno">  519</span>                <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
-<div class="line"><a id="l00520" name="l00520"></a><span class="lineno">  520</span>            }</div>
-<div class="line"><a id="l00521" name="l00521"></a><span class="lineno">  521</span>        }</div>
-<div class="line"><a id="l00522" name="l00522"></a><span class="lineno">  522</span>    }</div>
-<div class="line"><a id="l00523" name="l00523"></a><span class="lineno">  523</span> </div>
-<div class="line"><a id="l00524" name="l00524"></a><span class="lineno">  524</span>    <span class="keyword">const</span> <span class="keywordtype">bool</span> hasEmptyGUI = <a class="code hl_function" href="thread__scanner_8cpp.html#a20dfb89b6f97369747479fad5b4e764b">has_empty_gui_info</a>(tid);</div>
-<div class="line"><a id="l00525" name="l00525"></a><span class="lineno">  525</span> </div>
-<div class="line"><a id="l00526" name="l00526"></a><span class="lineno">  526</span>    <span class="keywordflow">if</span> (this-&gt;<a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.is_extended &amp;&amp; <a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.ext.state == Waiting &amp;&amp; !cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#a236ccadbe7548913e6186651b56f1636">is_ret_in_frame</a>)</div>
-<div class="line"><a id="l00527" name="l00527"></a><span class="lineno">  527</span>    {</div>
-<div class="line"><a id="l00528" name="l00528"></a><span class="lineno">  528</span>        <span class="keyword">const</span> ULONGLONG ret_addr = cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#a9c9416530acb79291642a6af92a50088">ret_on_stack</a>;</div>
-<div class="line"><a id="l00529" name="l00529"></a><span class="lineno">  529</span>        is_shc = isAddrInShellcode(ret_addr);</div>
-<div class="line"><a id="l00530" name="l00530"></a><span class="lineno">  530</span><span class="preprocessor">#ifdef _SHOW_THREAD_INFO</span></div>
-<div class="line"><a id="l00531" name="l00531"></a><span class="lineno">  531</span>        std::cout &lt;&lt; <span class="stringliteral">&quot;Return addr: &quot;</span> &lt;&lt; std::hex &lt;&lt; ret_addr &lt;&lt; <span class="stringliteral">&quot;\n&quot;</span>;</div>
-<div class="line"><a id="l00532" name="l00532"></a><span class="lineno">  532</span>        printResolvedAddr(ret_addr);</div>
-<div class="line"><a id="l00533" name="l00533"></a><span class="lineno">  533</span><span class="preprocessor">#endif </span><span class="comment">//_SHOW_THREAD_INFO</span></div>
-<div class="line"><a id="l00534" name="l00534"></a><span class="lineno">  534</span>        <span class="keywordflow">if</span> (is_shc &amp;&amp; reportSuspiciousAddr(my_report, (ULONGLONG)ret_addr)) {</div>
-<div class="line"><a id="l00535" name="l00535"></a><span class="lineno">  535</span>            <span class="keywordflow">if</span> (my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a10b0bdf16cb9e7af32e1ab9b35532f68">status</a> == <a class="code hl_enumvalue" href="namespacepesieve.html#a458a4723ce4aa55fd1033f3e36381883aa8e008219c2ccce11f9d85b511f9b5a6">SCAN_SUSPICIOUS</a>) {</div>
-<div class="line"><a id="l00536" name="l00536"></a><span class="lineno">  536</span>                <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
-<div class="line"><a id="l00537" name="l00537"></a><span class="lineno">  537</span>            }</div>
-<div class="line"><a id="l00538" name="l00538"></a><span class="lineno">  538</span>            my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a10b0bdf16cb9e7af32e1ab9b35532f68">status</a> = <a class="code hl_enumvalue" href="namespacepesieve.html#a458a4723ce4aa55fd1033f3e36381883aa8e008219c2ccce11f9d85b511f9b5a6">SCAN_SUSPICIOUS</a>;</div>
-<div class="line"><a id="l00539" name="l00539"></a><span class="lineno">  539</span>            my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_thread_scan_report.html#af76335a4fb14998bd3fb0540bfd35473">stack_ptr</a> = cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#ab19759b888e6034d29dcaf6cedeed9bd">rsp</a>;</div>
-<div class="line"><a id="l00540" name="l00540"></a><span class="lineno">  540</span>            <span class="keywordflow">if</span> (my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_thread_scan_report.html#a00f0b36826c124dc6be154f0cdeb7f83">stats</a>.<a class="code hl_variable" href="classpesieve_1_1_area_entropy_stats.html#a82df077a940d6870308d72ba39cbeec2">entropy</a> &lt; 1) { <span class="comment">// discard, do not dump</span></div>
-<div class="line"><a id="l00541" name="l00541"></a><span class="lineno">  541</span>                my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a49bdf7d9e08c3b7ea427ccf1df2a15df">module</a> = 0;</div>
-<div class="line"><a id="l00542" name="l00542"></a><span class="lineno">  542</span>                my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a274ffb4b7c29b04c7b09852858540fac">moduleSize</a> = 0;</div>
-<div class="line"><a id="l00543" name="l00543"></a><span class="lineno">  543</span>            }</div>
-<div class="line"><a id="l00544" name="l00544"></a><span class="lineno">  544</span>            <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
-<div class="line"><a id="l00545" name="l00545"></a><span class="lineno">  545</span>        }</div>
-<div class="line"><a id="l00546" name="l00546"></a><span class="lineno">  546</span>    }</div>
-<div class="line"><a id="l00547" name="l00547"></a><span class="lineno">  547</span>    <span class="comment">// other indicators of stack being corrupt:</span></div>
-<div class="line"><a id="l00548" name="l00548"></a><span class="lineno">  548</span>    </div>
-<div class="line"><a id="l00549" name="l00549"></a><span class="lineno">  549</span>    <span class="keywordtype">bool</span> isStackCorrupt = <span class="keyword">false</span>;</div>
-<div class="line"><a id="l00550" name="l00550"></a><span class="lineno">  550</span> </div>
-<div class="line"><a id="l00551" name="l00551"></a><span class="lineno">  551</span>    <span class="keywordflow">if</span> (this-&gt;<a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.is_extended &amp;&amp; !cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#a8add5038bb0b71c10646482ba2bbcaaa">is_managed</a> &amp;&amp; !cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#af71831469a0fe507c8b6e2256dae681e">is_ret_as_syscall</a>)</div>
-<div class="line"><a id="l00552" name="l00552"></a><span class="lineno">  552</span>    {</div>
-<div class="line"><a id="l00553" name="l00553"></a><span class="lineno">  553</span>        isStackCorrupt = <span class="keyword">true</span>;</div>
-<div class="line"><a id="l00554" name="l00554"></a><span class="lineno">  554</span>    }</div>
-<div class="line"><a id="l00555" name="l00555"></a><span class="lineno">  555</span> </div>
-<div class="line"><a id="l00556" name="l00556"></a><span class="lineno">  556</span>    <span class="keywordflow">if</span> (hasEmptyGUI &amp;&amp;</div>
-<div class="line"><a id="l00557" name="l00557"></a><span class="lineno">  557</span>        cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#aabca56adbcd0155923d8e6b0e62599c5">stackFramesCount</a> == 1</div>
-<div class="line"><a id="l00558" name="l00558"></a><span class="lineno">  558</span>        &amp;&amp; this-&gt;info.is_extended &amp;&amp; <a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.ext.state == Waiting &amp;&amp; <a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.ext.wait_reason == UserRequest)</div>
-<div class="line"><a id="l00559" name="l00559"></a><span class="lineno">  559</span>    {</div>
-<div class="line"><a id="l00560" name="l00560"></a><span class="lineno">  560</span>        isStackCorrupt = <span class="keyword">true</span>;</div>
-<div class="line"><a id="l00561" name="l00561"></a><span class="lineno">  561</span>    }</div>
-<div class="line"><a id="l00562" name="l00562"></a><span class="lineno">  562</span> </div>
-<div class="line"><a id="l00563" name="l00563"></a><span class="lineno">  563</span>    <span class="keywordflow">if</span> (isStackCorrupt) {</div>
-<div class="line"><a id="l00564" name="l00564"></a><span class="lineno">  564</span>        my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_thread_scan_report.html#aa4cc4cdcfd7be649a00dd57d46b70317">thread_state</a> = <a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.ext.state;</div>
-<div class="line"><a id="l00565" name="l00565"></a><span class="lineno">  565</span>        my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_thread_scan_report.html#acfe24bd84475b4de990f163e131a99e4">thread_wait_reason</a> = <a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.ext.wait_reason;</div>
-<div class="line"><a id="l00566" name="l00566"></a><span class="lineno">  566</span>        my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_thread_scan_report.html#a426ff44e71530e3f96236540d62d21e4">thread_wait_time</a> = <a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.ext.wait_time;</div>
-<div class="line"><a id="l00567" name="l00567"></a><span class="lineno">  567</span>        my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_thread_scan_report.html#af76335a4fb14998bd3fb0540bfd35473">stack_ptr</a> = cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#ab19759b888e6034d29dcaf6cedeed9bd">rsp</a>;</div>
-<div class="line"><a id="l00568" name="l00568"></a><span class="lineno">  568</span>        my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a10b0bdf16cb9e7af32e1ab9b35532f68">status</a> = <a class="code hl_enumvalue" href="namespacepesieve.html#a458a4723ce4aa55fd1033f3e36381883aa8e008219c2ccce11f9d85b511f9b5a6">SCAN_SUSPICIOUS</a>;</div>
-<div class="line"><a id="l00569" name="l00569"></a><span class="lineno">  569</span>    }</div>
-<div class="line"><a id="l00570" name="l00570"></a><span class="lineno">  570</span>    <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
-<div class="line"><a id="l00571" name="l00571"></a><span class="lineno">  571</span>}</div>
+<div class="line"><a id="l00479" name="l00479"></a><span class="lineno">  479</span>    <span class="keyword">const</span> KTHREAD_STATE state = (KTHREAD_STATE)<a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.ext.state;</div>
+<div class="line"><a id="l00480" name="l00480"></a><span class="lineno">  480</span>    <span class="keywordflow">if</span> (state == Ready) {</div>
+<div class="line"><a id="l00481" name="l00481"></a><span class="lineno">  481</span>        <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
+<div class="line"><a id="l00482" name="l00482"></a><span class="lineno">  482</span>    }</div>
+<div class="line"><a id="l00483" name="l00483"></a><span class="lineno">  483</span>    <span class="keywordflow">if</span> (state == Terminated) {</div>
+<div class="line"><a id="l00484" name="l00484"></a><span class="lineno">  484</span>        <span class="keywordflow">return</span> <span class="keyword">false</span>;</div>
+<div class="line"><a id="l00485" name="l00485"></a><span class="lineno">  485</span>    }</div>
+<div class="line"><a id="l00486" name="l00486"></a><span class="lineno">  486</span>    <span class="keywordflow">if</span> (state == Waiting &amp;&amp; <a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.ext.wait_reason &lt;= WrQueue) {</div>
+<div class="line"><a id="l00487" name="l00487"></a><span class="lineno">  487</span>        <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
+<div class="line"><a id="l00488" name="l00488"></a><span class="lineno">  488</span>    }</div>
+<div class="line"><a id="l00489" name="l00489"></a><span class="lineno">  489</span>    <span class="keywordflow">return</span> <span class="keyword">false</span>;</div>
+<div class="line"><a id="l00490" name="l00490"></a><span class="lineno">  490</span>}</div>
 </div>
+<div class="line"><a id="l00491" name="l00491"></a><span class="lineno">  491</span> </div>
+<div class="foldopen" id="foldopen00492" data-start="{" data-end="}">
+<div class="line"><a id="l00492" name="l00492"></a><span class="lineno"><a class="line" href="classpesieve_1_1_thread_scanner.html#ae1bd5026205bae8766930b5d26c7cedf">  492</a></span><span class="keywordtype">bool</span> <a class="code hl_function" href="classpesieve_1_1_thread_scanner.html#ae1bd5026205bae8766930b5d26c7cedf">pesieve::ThreadScanner::scanRemoteThreadCtx</a>(HANDLE hThread, <a class="code hl_class" href="classpesieve_1_1_thread_scan_report.html">ThreadScanReport</a>* my_report)</div>
+<div class="line"><a id="l00493" name="l00493"></a><span class="lineno">  493</span>{</div>
+<div class="line"><a id="l00494" name="l00494"></a><span class="lineno">  494</span>    <span class="keyword">const</span> DWORD tid = GetThreadId(hThread);</div>
+<div class="line"><a id="l00495" name="l00495"></a><span class="lineno">  495</span>    <a class="code hl_struct" href="structpesieve_1_1__ctx__details.html">ctx_details</a> cDetails = { 0 };</div>
+<div class="line"><a id="l00496" name="l00496"></a><span class="lineno">  496</span>    <span class="keyword">const</span> <span class="keywordtype">bool</span> is_ok = fetchThreadCtxDetails(processHandle, hThread, cDetails);</div>
+<div class="line"><a id="l00497" name="l00497"></a><span class="lineno">  497</span> </div>
+<div class="line"><a id="l00498" name="l00498"></a><span class="lineno">  498</span>    <span class="keywordflow">if</span> (!<a class="code hl_function" href="namespacepesieve.html#a7c9c19e3f0ce1362c7e404893a1163f6">pesieve::is_thread_running</a>(hThread)) {</div>
+<div class="line"><a id="l00499" name="l00499"></a><span class="lineno">  499</span>        my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a10b0bdf16cb9e7af32e1ab9b35532f68">status</a> = <a class="code hl_enumvalue" href="namespacepesieve.html#a458a4723ce4aa55fd1033f3e36381883a898214572c7aff1aca29db4a3ec9856d">SCAN_NOT_SUSPICIOUS</a>;</div>
+<div class="line"><a id="l00500" name="l00500"></a><span class="lineno">  500</span>        <span class="keywordflow">return</span> <span class="keyword">false</span>;</div>
+<div class="line"><a id="l00501" name="l00501"></a><span class="lineno">  501</span>    }</div>
+<div class="line"><a id="l00502" name="l00502"></a><span class="lineno">  502</span> </div>
+<div class="line"><a id="l00503" name="l00503"></a><span class="lineno">  503</span>    <span class="keywordflow">if</span> (!is_ok) {</div>
+<div class="line"><a id="l00504" name="l00504"></a><span class="lineno">  504</span>        <span class="comment">// could not fetch the thread context and information</span></div>
+<div class="line"><a id="l00505" name="l00505"></a><span class="lineno">  505</span>        my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a10b0bdf16cb9e7af32e1ab9b35532f68">status</a> = <a class="code hl_enumvalue" href="namespacepesieve.html#a458a4723ce4aa55fd1033f3e36381883ab619b7720957ba16403f9eb619bba747">SCAN_ERROR</a>;</div>
+<div class="line"><a id="l00506" name="l00506"></a><span class="lineno">  506</span>        <span class="keywordflow">return</span> <span class="keyword">false</span>;</div>
+<div class="line"><a id="l00507" name="l00507"></a><span class="lineno">  507</span>    }</div>
+<div class="line"><a id="l00508" name="l00508"></a><span class="lineno">  508</span> </div>
+<div class="line"><a id="l00509" name="l00509"></a><span class="lineno">  509</span>    <span class="keywordtype">bool</span> is_shc = isAddrInShellcode(cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#a6dc0bc061045467c3d71b6644adf68b4">rip</a>);</div>
+<div class="line"><a id="l00510" name="l00510"></a><span class="lineno">  510</span>    <span class="keywordflow">if</span> (is_shc) {</div>
+<div class="line"><a id="l00511" name="l00511"></a><span class="lineno">  511</span>        <span class="keywordflow">if</span> (reportSuspiciousAddr(my_report, cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#a6dc0bc061045467c3d71b6644adf68b4">rip</a>)) {</div>
+<div class="line"><a id="l00512" name="l00512"></a><span class="lineno">  512</span>            <span class="keywordflow">if</span> (my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a10b0bdf16cb9e7af32e1ab9b35532f68">status</a> == <a class="code hl_enumvalue" href="namespacepesieve.html#a458a4723ce4aa55fd1033f3e36381883aa8e008219c2ccce11f9d85b511f9b5a6">SCAN_SUSPICIOUS</a>) {</div>
+<div class="line"><a id="l00513" name="l00513"></a><span class="lineno">  513</span>                <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
+<div class="line"><a id="l00514" name="l00514"></a><span class="lineno">  514</span>            }</div>
+<div class="line"><a id="l00515" name="l00515"></a><span class="lineno">  515</span>        }</div>
+<div class="line"><a id="l00516" name="l00516"></a><span class="lineno">  516</span>    }</div>
+<div class="line"><a id="l00517" name="l00517"></a><span class="lineno">  517</span> </div>
+<div class="line"><a id="l00518" name="l00518"></a><span class="lineno">  518</span>    <span class="keywordflow">for</span> (<span class="keyword">auto</span> itr = cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#a44ca7a32918f0eab5a8d9cf14080e0c0">shcCandidates</a>.begin(); itr != cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#a44ca7a32918f0eab5a8d9cf14080e0c0">shcCandidates</a>.end(); ++itr) {</div>
+<div class="line"><a id="l00519" name="l00519"></a><span class="lineno">  519</span>        <span class="keyword">const</span> ULONGLONG addr = *itr;</div>
+<div class="line"><a id="l00520" name="l00520"></a><span class="lineno">  520</span><span class="preprocessor">#ifdef _SHOW_THREAD_INFO</span></div>
+<div class="line"><a id="l00521" name="l00521"></a><span class="lineno">  521</span>        std::cout &lt;&lt; <span class="stringliteral">&quot;Checking shc candidate: &quot;</span> &lt;&lt; std::hex &lt;&lt; addr &lt;&lt; <span class="stringliteral">&quot;\n&quot;</span>;</div>
+<div class="line"><a id="l00522" name="l00522"></a><span class="lineno">  522</span><span class="preprocessor">#endif </span><span class="comment">//_SHOW_THREAD_INFO</span></div>
+<div class="line"><a id="l00523" name="l00523"></a><span class="lineno">  523</span>        <span class="comment">//automatically verifies if the address is legit:</span></div>
+<div class="line"><a id="l00524" name="l00524"></a><span class="lineno">  524</span>        <span class="keywordflow">if</span> (reportSuspiciousAddr(my_report, addr)) {</div>
+<div class="line"><a id="l00525" name="l00525"></a><span class="lineno">  525</span>            <span class="keywordflow">if</span> (my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a10b0bdf16cb9e7af32e1ab9b35532f68">status</a> == <a class="code hl_enumvalue" href="namespacepesieve.html#a458a4723ce4aa55fd1033f3e36381883aa8e008219c2ccce11f9d85b511f9b5a6">SCAN_SUSPICIOUS</a>) {</div>
+<div class="line"><a id="l00526" name="l00526"></a><span class="lineno">  526</span><span class="preprocessor">#ifdef _SHOW_THREAD_INFO</span></div>
+<div class="line"><a id="l00527" name="l00527"></a><span class="lineno">  527</span>                std::cout &lt;&lt; <span class="stringliteral">&quot;Found! &quot;</span> &lt;&lt; std::hex &lt;&lt; addr &lt;&lt; <span class="stringliteral">&quot;\n&quot;</span>;</div>
+<div class="line"><a id="l00528" name="l00528"></a><span class="lineno">  528</span><span class="preprocessor">#endif </span><span class="comment">//_SHOW_THREAD_INFO</span></div>
+<div class="line"><a id="l00529" name="l00529"></a><span class="lineno">  529</span>                <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
+<div class="line"><a id="l00530" name="l00530"></a><span class="lineno">  530</span>            }</div>
+<div class="line"><a id="l00531" name="l00531"></a><span class="lineno">  531</span>        }</div>
+<div class="line"><a id="l00532" name="l00532"></a><span class="lineno">  532</span>    }</div>
+<div class="line"><a id="l00533" name="l00533"></a><span class="lineno">  533</span> </div>
+<div class="line"><a id="l00534" name="l00534"></a><span class="lineno">  534</span>    <span class="keyword">const</span> <span class="keywordtype">bool</span> hasEmptyGUI = <a class="code hl_function" href="thread__scanner_8cpp.html#a20dfb89b6f97369747479fad5b4e764b">has_empty_gui_info</a>(tid);</div>
+<div class="line"><a id="l00535" name="l00535"></a><span class="lineno">  535</span> </div>
+<div class="line"><a id="l00536" name="l00536"></a><span class="lineno">  536</span>    <span class="keywordflow">if</span> (this-&gt;<a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.is_extended &amp;&amp; <a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.ext.state == Waiting &amp;&amp; !cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#a236ccadbe7548913e6186651b56f1636">is_ret_in_frame</a>)</div>
+<div class="line"><a id="l00537" name="l00537"></a><span class="lineno">  537</span>    {</div>
+<div class="line"><a id="l00538" name="l00538"></a><span class="lineno">  538</span>        <span class="keyword">const</span> ULONGLONG ret_addr = cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#a9c9416530acb79291642a6af92a50088">ret_on_stack</a>;</div>
+<div class="line"><a id="l00539" name="l00539"></a><span class="lineno">  539</span>        is_shc = isAddrInShellcode(ret_addr);</div>
+<div class="line"><a id="l00540" name="l00540"></a><span class="lineno">  540</span><span class="preprocessor">#ifdef _SHOW_THREAD_INFO</span></div>
+<div class="line"><a id="l00541" name="l00541"></a><span class="lineno">  541</span>        std::cout &lt;&lt; <span class="stringliteral">&quot;Return addr: &quot;</span> &lt;&lt; std::hex &lt;&lt; ret_addr &lt;&lt; <span class="stringliteral">&quot;\n&quot;</span>;</div>
+<div class="line"><a id="l00542" name="l00542"></a><span class="lineno">  542</span>        printResolvedAddr(ret_addr);</div>
+<div class="line"><a id="l00543" name="l00543"></a><span class="lineno">  543</span><span class="preprocessor">#endif </span><span class="comment">//_SHOW_THREAD_INFO</span></div>
+<div class="line"><a id="l00544" name="l00544"></a><span class="lineno">  544</span>        <span class="keywordflow">if</span> (is_shc &amp;&amp; reportSuspiciousAddr(my_report, (ULONGLONG)ret_addr)) {</div>
+<div class="line"><a id="l00545" name="l00545"></a><span class="lineno">  545</span>            <span class="keywordflow">if</span> (my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a10b0bdf16cb9e7af32e1ab9b35532f68">status</a> == <a class="code hl_enumvalue" href="namespacepesieve.html#a458a4723ce4aa55fd1033f3e36381883aa8e008219c2ccce11f9d85b511f9b5a6">SCAN_SUSPICIOUS</a>) {</div>
+<div class="line"><a id="l00546" name="l00546"></a><span class="lineno">  546</span>                <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
+<div class="line"><a id="l00547" name="l00547"></a><span class="lineno">  547</span>            }</div>
+<div class="line"><a id="l00548" name="l00548"></a><span class="lineno">  548</span>            my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a10b0bdf16cb9e7af32e1ab9b35532f68">status</a> = <a class="code hl_enumvalue" href="namespacepesieve.html#a458a4723ce4aa55fd1033f3e36381883aa8e008219c2ccce11f9d85b511f9b5a6">SCAN_SUSPICIOUS</a>;</div>
+<div class="line"><a id="l00549" name="l00549"></a><span class="lineno">  549</span>            my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_thread_scan_report.html#af76335a4fb14998bd3fb0540bfd35473">stack_ptr</a> = cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#ab19759b888e6034d29dcaf6cedeed9bd">rsp</a>;</div>
+<div class="line"><a id="l00550" name="l00550"></a><span class="lineno">  550</span>            <span class="keywordflow">if</span> (my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_thread_scan_report.html#a00f0b36826c124dc6be154f0cdeb7f83">stats</a>.<a class="code hl_variable" href="classpesieve_1_1_area_entropy_stats.html#a82df077a940d6870308d72ba39cbeec2">entropy</a> &lt; 1) { <span class="comment">// discard, do not dump</span></div>
+<div class="line"><a id="l00551" name="l00551"></a><span class="lineno">  551</span>                my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a49bdf7d9e08c3b7ea427ccf1df2a15df">module</a> = 0;</div>
+<div class="line"><a id="l00552" name="l00552"></a><span class="lineno">  552</span>                my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a274ffb4b7c29b04c7b09852858540fac">moduleSize</a> = 0;</div>
+<div class="line"><a id="l00553" name="l00553"></a><span class="lineno">  553</span>            }</div>
+<div class="line"><a id="l00554" name="l00554"></a><span class="lineno">  554</span>            <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
+<div class="line"><a id="l00555" name="l00555"></a><span class="lineno">  555</span>        }</div>
+<div class="line"><a id="l00556" name="l00556"></a><span class="lineno">  556</span>    }</div>
+<div class="line"><a id="l00557" name="l00557"></a><span class="lineno">  557</span>    <span class="comment">// other indicators of stack being corrupt:</span></div>
+<div class="line"><a id="l00558" name="l00558"></a><span class="lineno">  558</span>    </div>
+<div class="line"><a id="l00559" name="l00559"></a><span class="lineno">  559</span>    <span class="keywordtype">bool</span> isStackCorrupt = <span class="keyword">false</span>;</div>
+<div class="line"><a id="l00560" name="l00560"></a><span class="lineno">  560</span> </div>
+<div class="line"><a id="l00561" name="l00561"></a><span class="lineno">  561</span>    <span class="keywordflow">if</span> (this-&gt;<a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.is_extended &amp;&amp; !cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#a8add5038bb0b71c10646482ba2bbcaaa">is_managed</a> &amp;&amp; !cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#af71831469a0fe507c8b6e2256dae681e">is_ret_as_syscall</a>)</div>
+<div class="line"><a id="l00562" name="l00562"></a><span class="lineno">  562</span>    {</div>
+<div class="line"><a id="l00563" name="l00563"></a><span class="lineno">  563</span>        isStackCorrupt = <span class="keyword">true</span>;</div>
+<div class="line"><a id="l00564" name="l00564"></a><span class="lineno">  564</span>    }</div>
+<div class="line"><a id="l00565" name="l00565"></a><span class="lineno">  565</span> </div>
+<div class="line"><a id="l00566" name="l00566"></a><span class="lineno">  566</span>    <span class="keywordflow">if</span> (hasEmptyGUI &amp;&amp;</div>
+<div class="line"><a id="l00567" name="l00567"></a><span class="lineno">  567</span>        cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#aabca56adbcd0155923d8e6b0e62599c5">stackFramesCount</a> == 1</div>
+<div class="line"><a id="l00568" name="l00568"></a><span class="lineno">  568</span>        &amp;&amp; this-&gt;info.is_extended &amp;&amp; <a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.ext.state == Waiting &amp;&amp; <a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.ext.wait_reason == UserRequest)</div>
+<div class="line"><a id="l00569" name="l00569"></a><span class="lineno">  569</span>    {</div>
+<div class="line"><a id="l00570" name="l00570"></a><span class="lineno">  570</span>        isStackCorrupt = <span class="keyword">true</span>;</div>
+<div class="line"><a id="l00571" name="l00571"></a><span class="lineno">  571</span>    }</div>
 <div class="line"><a id="l00572" name="l00572"></a><span class="lineno">  572</span> </div>
-<div class="line"><a id="l00573" name="l00573"></a><span class="lineno">  573</span> </div>
-<div class="foldopen" id="foldopen00574" data-start="{" data-end="}">
-<div class="line"><a id="l00574" name="l00574"></a><span class="lineno"><a class="line" href="classpesieve_1_1_thread_scanner.html#a23839353374eedcda7c92b0c7ce6b3bf">  574</a></span><a class="code hl_class" href="classpesieve_1_1_thread_scan_report.html">ThreadScanReport</a>* <a class="code hl_function" href="classpesieve_1_1_thread_scanner.html#a23839353374eedcda7c92b0c7ce6b3bf">pesieve::ThreadScanner::scanRemote</a>()</div>
-<div class="line"><a id="l00575" name="l00575"></a><span class="lineno">  575</span>{</div>
-<div class="line"><a id="l00576" name="l00576"></a><span class="lineno">  576</span>    <span class="keywordflow">if</span> (GetCurrentThreadId() == <a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.tid) {</div>
-<div class="line"><a id="l00577" name="l00577"></a><span class="lineno">  577</span>        <span class="keywordflow">return</span> <span class="keyword">nullptr</span>; <span class="comment">// do not scan your own thread</span></div>
-<div class="line"><a id="l00578" name="l00578"></a><span class="lineno">  578</span>    }</div>
-<div class="line"><a id="l00579" name="l00579"></a><span class="lineno">  579</span>    <a class="code hl_class" href="classpesieve_1_1_thread_scan_report.html">ThreadScanReport</a>* my_report = <span class="keyword">new</span> (std::nothrow) <a class="code hl_class" href="classpesieve_1_1_thread_scan_report.html">ThreadScanReport</a>(<a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.tid);</div>
-<div class="line"><a id="l00580" name="l00580"></a><span class="lineno">  580</span>    <span class="keywordflow">if</span> (!my_report) {</div>
-<div class="line"><a id="l00581" name="l00581"></a><span class="lineno">  581</span>        <span class="keywordflow">return</span> <span class="keyword">nullptr</span>;</div>
-<div class="line"><a id="l00582" name="l00582"></a><span class="lineno">  582</span>    }</div>
-<div class="line"><a id="l00583" name="l00583"></a><span class="lineno">  583</span><span class="preprocessor">#ifdef _SHOW_THREAD_INFO</span></div>
-<div class="line"><a id="l00584" name="l00584"></a><span class="lineno">  584</span>    printThreadInfo(<a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>);</div>
-<div class="line"><a id="l00585" name="l00585"></a><span class="lineno">  585</span><span class="preprocessor">#endif </span><span class="comment">// _SHOW_THREAD_INFO</span></div>
-<div class="line"><a id="l00586" name="l00586"></a><span class="lineno">  586</span> </div>
-<div class="line"><a id="l00587" name="l00587"></a><span class="lineno">  587</span>    <span class="keywordtype">bool</span> is_shc = isAddrInShellcode(<a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.start_addr);</div>
-<div class="line"><a id="l00588" name="l00588"></a><span class="lineno">  588</span>    <span class="keywordflow">if</span> (is_shc) {</div>
-<div class="line"><a id="l00589" name="l00589"></a><span class="lineno">  589</span>        <span class="keywordflow">if</span> (reportSuspiciousAddr(my_report, <a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.start_addr)) {</div>
-<div class="line"><a id="l00590" name="l00590"></a><span class="lineno">  590</span>            <span class="keywordflow">if</span> (my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a10b0bdf16cb9e7af32e1ab9b35532f68">status</a> == <a class="code hl_enumvalue" href="namespacepesieve.html#a458a4723ce4aa55fd1033f3e36381883aa8e008219c2ccce11f9d85b511f9b5a6">SCAN_SUSPICIOUS</a>) {</div>
-<div class="line"><a id="l00591" name="l00591"></a><span class="lineno">  591</span>                <span class="keywordflow">return</span> my_report;</div>
-<div class="line"><a id="l00592" name="l00592"></a><span class="lineno">  592</span>            }</div>
-<div class="line"><a id="l00593" name="l00593"></a><span class="lineno">  593</span>        }</div>
-<div class="line"><a id="l00594" name="l00594"></a><span class="lineno">  594</span>    }</div>
-<div class="line"><a id="l00595" name="l00595"></a><span class="lineno">  595</span>    <span class="keywordflow">if</span> (!<a class="code hl_function" href="thread__scanner_8cpp.html#acde231c42b9527dcc026402dcb8b9d87">should_scan_context</a>(<a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>)) {</div>
-<div class="line"><a id="l00596" name="l00596"></a><span class="lineno">  596</span>        my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a10b0bdf16cb9e7af32e1ab9b35532f68">status</a> = <a class="code hl_enumvalue" href="namespacepesieve.html#a458a4723ce4aa55fd1033f3e36381883a898214572c7aff1aca29db4a3ec9856d">SCAN_NOT_SUSPICIOUS</a>;</div>
-<div class="line"><a id="l00597" name="l00597"></a><span class="lineno">  597</span>        <span class="keywordflow">return</span> my_report;</div>
-<div class="line"><a id="l00598" name="l00598"></a><span class="lineno">  598</span>    }</div>
-<div class="line"><a id="l00599" name="l00599"></a><span class="lineno">  599</span>    <span class="comment">// proceed with detailed checks:</span></div>
-<div class="line"><a id="l00600" name="l00600"></a><span class="lineno">  600</span>    HANDLE hThread = OpenThread(</div>
-<div class="line"><a id="l00601" name="l00601"></a><span class="lineno">  601</span>        THREAD_GET_CONTEXT | THREAD_QUERY_INFORMATION | SYNCHRONIZE,</div>
-<div class="line"><a id="l00602" name="l00602"></a><span class="lineno">  602</span>        FALSE,</div>
-<div class="line"><a id="l00603" name="l00603"></a><span class="lineno">  603</span>        <a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.tid</div>
-<div class="line"><a id="l00604" name="l00604"></a><span class="lineno">  604</span>    );</div>
-<div class="line"><a id="l00605" name="l00605"></a><span class="lineno">  605</span>    <span class="keywordflow">if</span> (!hThread) {</div>
-<div class="line"><a id="l00606" name="l00606"></a><span class="lineno">  606</span><span class="preprocessor">#ifdef _DEBUG</span></div>
-<div class="line"><a id="l00607" name="l00607"></a><span class="lineno">  607</span>        std::cerr &lt;&lt; <span class="stringliteral">&quot;[-] Could not OpenThread. Error: &quot;</span> &lt;&lt; GetLastError() &lt;&lt; std::endl;</div>
-<div class="line"><a id="l00608" name="l00608"></a><span class="lineno">  608</span><span class="preprocessor">#endif</span></div>
-<div class="line"><a id="l00609" name="l00609"></a><span class="lineno">  609</span>        my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a10b0bdf16cb9e7af32e1ab9b35532f68">status</a> = <a class="code hl_enumvalue" href="namespacepesieve.html#a458a4723ce4aa55fd1033f3e36381883ab619b7720957ba16403f9eb619bba747">SCAN_ERROR</a>;</div>
-<div class="line"><a id="l00610" name="l00610"></a><span class="lineno">  610</span>        <span class="keywordflow">return</span> my_report;</div>
-<div class="line"><a id="l00611" name="l00611"></a><span class="lineno">  611</span>    }</div>
-<div class="line"><a id="l00612" name="l00612"></a><span class="lineno">  612</span>    scanRemoteThreadCtx(hThread, my_report);</div>
-<div class="line"><a id="l00613" name="l00613"></a><span class="lineno">  613</span>    CloseHandle(hThread);</div>
-<div class="line"><a id="l00614" name="l00614"></a><span class="lineno">  614</span>    <span class="keywordflow">return</span> my_report;</div>
-<div class="line"><a id="l00615" name="l00615"></a><span class="lineno">  615</span>}</div>
+<div class="line"><a id="l00573" name="l00573"></a><span class="lineno">  573</span>    <span class="keywordflow">if</span> (isStackCorrupt) {</div>
+<div class="line"><a id="l00574" name="l00574"></a><span class="lineno">  574</span>        my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_thread_scan_report.html#aa4cc4cdcfd7be649a00dd57d46b70317">thread_state</a> = <a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.ext.state;</div>
+<div class="line"><a id="l00575" name="l00575"></a><span class="lineno">  575</span>        my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_thread_scan_report.html#acfe24bd84475b4de990f163e131a99e4">thread_wait_reason</a> = <a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.ext.wait_reason;</div>
+<div class="line"><a id="l00576" name="l00576"></a><span class="lineno">  576</span>        my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_thread_scan_report.html#a426ff44e71530e3f96236540d62d21e4">thread_wait_time</a> = <a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.ext.wait_time;</div>
+<div class="line"><a id="l00577" name="l00577"></a><span class="lineno">  577</span>        my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_thread_scan_report.html#af76335a4fb14998bd3fb0540bfd35473">stack_ptr</a> = cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#ab19759b888e6034d29dcaf6cedeed9bd">rsp</a>;</div>
+<div class="line"><a id="l00578" name="l00578"></a><span class="lineno">  578</span>        my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a10b0bdf16cb9e7af32e1ab9b35532f68">status</a> = <a class="code hl_enumvalue" href="namespacepesieve.html#a458a4723ce4aa55fd1033f3e36381883aa8e008219c2ccce11f9d85b511f9b5a6">SCAN_SUSPICIOUS</a>;</div>
+<div class="line"><a id="l00579" name="l00579"></a><span class="lineno">  579</span>    }</div>
+<div class="line"><a id="l00580" name="l00580"></a><span class="lineno">  580</span>    <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
+<div class="line"><a id="l00581" name="l00581"></a><span class="lineno">  581</span>}</div>
+</div>
+<div class="line"><a id="l00582" name="l00582"></a><span class="lineno">  582</span> </div>
+<div class="line"><a id="l00583" name="l00583"></a><span class="lineno">  583</span> </div>
+<div class="foldopen" id="foldopen00584" data-start="{" data-end="}">
+<div class="line"><a id="l00584" name="l00584"></a><span class="lineno"><a class="line" href="classpesieve_1_1_thread_scanner.html#a23839353374eedcda7c92b0c7ce6b3bf">  584</a></span><a class="code hl_class" href="classpesieve_1_1_thread_scan_report.html">ThreadScanReport</a>* <a class="code hl_function" href="classpesieve_1_1_thread_scanner.html#a23839353374eedcda7c92b0c7ce6b3bf">pesieve::ThreadScanner::scanRemote</a>()</div>
+<div class="line"><a id="l00585" name="l00585"></a><span class="lineno">  585</span>{</div>
+<div class="line"><a id="l00586" name="l00586"></a><span class="lineno">  586</span>    <span class="keywordflow">if</span> (GetCurrentThreadId() == <a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.tid) {</div>
+<div class="line"><a id="l00587" name="l00587"></a><span class="lineno">  587</span>        <span class="keywordflow">return</span> <span class="keyword">nullptr</span>; <span class="comment">// do not scan your own thread</span></div>
+<div class="line"><a id="l00588" name="l00588"></a><span class="lineno">  588</span>    }</div>
+<div class="line"><a id="l00589" name="l00589"></a><span class="lineno">  589</span>    <a class="code hl_class" href="classpesieve_1_1_thread_scan_report.html">ThreadScanReport</a>* my_report = <span class="keyword">new</span> (std::nothrow) <a class="code hl_class" href="classpesieve_1_1_thread_scan_report.html">ThreadScanReport</a>(<a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.tid);</div>
+<div class="line"><a id="l00590" name="l00590"></a><span class="lineno">  590</span>    <span class="keywordflow">if</span> (!my_report) {</div>
+<div class="line"><a id="l00591" name="l00591"></a><span class="lineno">  591</span>        <span class="keywordflow">return</span> <span class="keyword">nullptr</span>;</div>
+<div class="line"><a id="l00592" name="l00592"></a><span class="lineno">  592</span>    }</div>
+<div class="line"><a id="l00593" name="l00593"></a><span class="lineno">  593</span><span class="preprocessor">#ifdef _SHOW_THREAD_INFO</span></div>
+<div class="line"><a id="l00594" name="l00594"></a><span class="lineno">  594</span>    printThreadInfo(<a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>);</div>
+<div class="line"><a id="l00595" name="l00595"></a><span class="lineno">  595</span><span class="preprocessor">#endif </span><span class="comment">// _SHOW_THREAD_INFO</span></div>
+<div class="line"><a id="l00596" name="l00596"></a><span class="lineno">  596</span> </div>
+<div class="line"><a id="l00597" name="l00597"></a><span class="lineno">  597</span>    <span class="keywordtype">bool</span> is_shc = isAddrInShellcode(<a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.start_addr);</div>
+<div class="line"><a id="l00598" name="l00598"></a><span class="lineno">  598</span>    <span class="keywordflow">if</span> (is_shc) {</div>
+<div class="line"><a id="l00599" name="l00599"></a><span class="lineno">  599</span>        <span class="keywordflow">if</span> (reportSuspiciousAddr(my_report, <a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.start_addr)) {</div>
+<div class="line"><a id="l00600" name="l00600"></a><span class="lineno">  600</span>            <span class="keywordflow">if</span> (my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a10b0bdf16cb9e7af32e1ab9b35532f68">status</a> == <a class="code hl_enumvalue" href="namespacepesieve.html#a458a4723ce4aa55fd1033f3e36381883aa8e008219c2ccce11f9d85b511f9b5a6">SCAN_SUSPICIOUS</a>) {</div>
+<div class="line"><a id="l00601" name="l00601"></a><span class="lineno">  601</span>                <span class="keywordflow">return</span> my_report;</div>
+<div class="line"><a id="l00602" name="l00602"></a><span class="lineno">  602</span>            }</div>
+<div class="line"><a id="l00603" name="l00603"></a><span class="lineno">  603</span>        }</div>
+<div class="line"><a id="l00604" name="l00604"></a><span class="lineno">  604</span>    }</div>
+<div class="line"><a id="l00605" name="l00605"></a><span class="lineno">  605</span>    <span class="keywordflow">if</span> (!<a class="code hl_function" href="thread__scanner_8cpp.html#acde231c42b9527dcc026402dcb8b9d87">should_scan_context</a>(<a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>)) {</div>
+<div class="line"><a id="l00606" name="l00606"></a><span class="lineno">  606</span>        my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a10b0bdf16cb9e7af32e1ab9b35532f68">status</a> = <a class="code hl_enumvalue" href="namespacepesieve.html#a458a4723ce4aa55fd1033f3e36381883a898214572c7aff1aca29db4a3ec9856d">SCAN_NOT_SUSPICIOUS</a>;</div>
+<div class="line"><a id="l00607" name="l00607"></a><span class="lineno">  607</span>        <span class="keywordflow">return</span> my_report;</div>
+<div class="line"><a id="l00608" name="l00608"></a><span class="lineno">  608</span>    }</div>
+<div class="line"><a id="l00609" name="l00609"></a><span class="lineno">  609</span>    <span class="comment">// proceed with detailed checks:</span></div>
+<div class="line"><a id="l00610" name="l00610"></a><span class="lineno">  610</span>    HANDLE hThread = OpenThread(</div>
+<div class="line"><a id="l00611" name="l00611"></a><span class="lineno">  611</span>        THREAD_GET_CONTEXT | THREAD_QUERY_INFORMATION | SYNCHRONIZE,</div>
+<div class="line"><a id="l00612" name="l00612"></a><span class="lineno">  612</span>        FALSE,</div>
+<div class="line"><a id="l00613" name="l00613"></a><span class="lineno">  613</span>        <a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.tid</div>
+<div class="line"><a id="l00614" name="l00614"></a><span class="lineno">  614</span>    );</div>
+<div class="line"><a id="l00615" name="l00615"></a><span class="lineno">  615</span>    <span class="keywordflow">if</span> (!hThread) {</div>
+<div class="line"><a id="l00616" name="l00616"></a><span class="lineno">  616</span><span class="preprocessor">#ifdef _DEBUG</span></div>
+<div class="line"><a id="l00617" name="l00617"></a><span class="lineno">  617</span>        std::cerr &lt;&lt; <span class="stringliteral">&quot;[-] Could not OpenThread. Error: &quot;</span> &lt;&lt; GetLastError() &lt;&lt; std::endl;</div>
+<div class="line"><a id="l00618" name="l00618"></a><span class="lineno">  618</span><span class="preprocessor">#endif</span></div>
+<div class="line"><a id="l00619" name="l00619"></a><span class="lineno">  619</span>        my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a10b0bdf16cb9e7af32e1ab9b35532f68">status</a> = <a class="code hl_enumvalue" href="namespacepesieve.html#a458a4723ce4aa55fd1033f3e36381883ab619b7720957ba16403f9eb619bba747">SCAN_ERROR</a>;</div>
+<div class="line"><a id="l00620" name="l00620"></a><span class="lineno">  620</span>        <span class="keywordflow">return</span> my_report;</div>
+<div class="line"><a id="l00621" name="l00621"></a><span class="lineno">  621</span>    }</div>
+<div class="line"><a id="l00622" name="l00622"></a><span class="lineno">  622</span>    scanRemoteThreadCtx(hThread, my_report);</div>
+<div class="line"><a id="l00623" name="l00623"></a><span class="lineno">  623</span>    CloseHandle(hThread);</div>
+<div class="line"><a id="l00624" name="l00624"></a><span class="lineno">  624</span>    <span class="keywordflow">return</span> my_report;</div>
+<div class="line"><a id="l00625" name="l00625"></a><span class="lineno">  625</span>}</div>
 </div>
 <div class="ttc" id="aclasspesieve_1_1_area_entropy_stats_html_a82df077a940d6870308d72ba39cbeec2"><div class="ttname"><a href="classpesieve_1_1_area_entropy_stats.html#a82df077a940d6870308d72ba39cbeec2">pesieve::AreaEntropyStats::entropy</a></div><div class="ttdeci">double entropy</div><div class="ttdef"><b>Definition</b> <a href="entropy__stats_8h_source.html#l00035">entropy_stats.h:35</a></div></div>
 <div class="ttc" id="aclasspesieve_1_1_area_stats_calculator_html"><div class="ttname"><a href="classpesieve_1_1_area_stats_calculator.html">pesieve::AreaStatsCalculator</a></div><div class="ttdoc">A class responsible for filling in the statistics with the data from the particular buffer.</div><div class="ttdef"><b>Definition</b> <a href="stats_8h_source.html#l00073">stats.h:73</a></div></div>
@@ -767,25 +777,26 @@
 <div class="ttc" id="aclasspesieve_1_1_thread_scan_report_html_a426ff44e71530e3f96236540d62d21e4"><div class="ttname"><a href="classpesieve_1_1_thread_scan_report.html#a426ff44e71530e3f96236540d62d21e4">pesieve::ThreadScanReport::thread_wait_time</a></div><div class="ttdeci">DWORD thread_wait_time</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8h_source.html#l00092">thread_scanner.h:92</a></div></div>
 <div class="ttc" id="aclasspesieve_1_1_thread_scan_report_html_a5419a44653c87acb8b8b49a53a2e67eb"><div class="ttname"><a href="classpesieve_1_1_thread_scan_report.html#a5419a44653c87acb8b8b49a53a2e67eb">pesieve::ThreadScanReport::protection</a></div><div class="ttdeci">DWORD protection</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8h_source.html#l00088">thread_scanner.h:88</a></div></div>
 <div class="ttc" id="aclasspesieve_1_1_thread_scan_report_html_a5a930aaa32e9de46d95b25018a373cbc"><div class="ttname"><a href="classpesieve_1_1_thread_scan_report.html#a5a930aaa32e9de46d95b25018a373cbc">pesieve::ThreadScanReport::susp_addr</a></div><div class="ttdeci">ULONGLONG susp_addr</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8h_source.html#l00087">thread_scanner.h:87</a></div></div>
-<div class="ttc" id="aclasspesieve_1_1_thread_scan_report_html_a6d190b1f19a3a9fe2c81cd18abb6a72f"><div class="ttname"><a href="classpesieve_1_1_thread_scan_report.html#a6d190b1f19a3a9fe2c81cd18abb6a72f">pesieve::ThreadScanReport::translate_wait_reason</a></div><div class="ttdeci">static std::string translate_wait_reason(DWORD thread_wait_reason)</div><div class="ttdef"><b>Definition</b> <a href="#l00135">thread_scanner.cpp:135</a></div></div>
+<div class="ttc" id="aclasspesieve_1_1_thread_scan_report_html_a6d190b1f19a3a9fe2c81cd18abb6a72f"><div class="ttname"><a href="classpesieve_1_1_thread_scan_report.html#a6d190b1f19a3a9fe2c81cd18abb6a72f">pesieve::ThreadScanReport::translate_wait_reason</a></div><div class="ttdeci">static std::string translate_wait_reason(DWORD thread_wait_reason)</div><div class="ttdef"><b>Definition</b> <a href="#l00136">thread_scanner.cpp:136</a></div></div>
 <div class="ttc" id="aclasspesieve_1_1_thread_scan_report_html_aa4cc4cdcfd7be649a00dd57d46b70317"><div class="ttname"><a href="classpesieve_1_1_thread_scan_report.html#aa4cc4cdcfd7be649a00dd57d46b70317">pesieve::ThreadScanReport::thread_state</a></div><div class="ttdeci">DWORD thread_state</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8h_source.html#l00090">thread_scanner.h:90</a></div></div>
 <div class="ttc" id="aclasspesieve_1_1_thread_scan_report_html_acfe24bd84475b4de990f163e131a99e4"><div class="ttname"><a href="classpesieve_1_1_thread_scan_report.html#acfe24bd84475b4de990f163e131a99e4">pesieve::ThreadScanReport::thread_wait_reason</a></div><div class="ttdeci">DWORD thread_wait_reason</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8h_source.html#l00091">thread_scanner.h:91</a></div></div>
-<div class="ttc" id="aclasspesieve_1_1_thread_scan_report_html_af30839203957e838bc299232e05ab735"><div class="ttname"><a href="classpesieve_1_1_thread_scan_report.html#af30839203957e838bc299232e05ab735">pesieve::ThreadScanReport::translate_thread_state</a></div><div class="ttdeci">static std::string translate_thread_state(DWORD thread_state)</div><div class="ttdef"><b>Definition</b> <a href="#l00151">thread_scanner.cpp:151</a></div></div>
+<div class="ttc" id="aclasspesieve_1_1_thread_scan_report_html_af30839203957e838bc299232e05ab735"><div class="ttname"><a href="classpesieve_1_1_thread_scan_report.html#af30839203957e838bc299232e05ab735">pesieve::ThreadScanReport::translate_thread_state</a></div><div class="ttdeci">static std::string translate_thread_state(DWORD thread_state)</div><div class="ttdef"><b>Definition</b> <a href="#l00152">thread_scanner.cpp:152</a></div></div>
 <div class="ttc" id="aclasspesieve_1_1_thread_scan_report_html_af76335a4fb14998bd3fb0540bfd35473"><div class="ttname"><a href="classpesieve_1_1_thread_scan_report.html#af76335a4fb14998bd3fb0540bfd35473">pesieve::ThreadScanReport::stack_ptr</a></div><div class="ttdeci">ULONGLONG stack_ptr</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8h_source.html#l00089">thread_scanner.h:89</a></div></div>
-<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_a23839353374eedcda7c92b0c7ce6b3bf"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#a23839353374eedcda7c92b0c7ce6b3bf">pesieve::ThreadScanner::scanRemote</a></div><div class="ttdeci">virtual ThreadScanReport * scanRemote()</div><div class="ttdef"><b>Definition</b> <a href="#l00574">thread_scanner.cpp:574</a></div></div>
-<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_a36850edb808d4be733631fa2bcd3b7b4"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#a36850edb808d4be733631fa2bcd3b7b4">pesieve::ThreadScanner::reportSuspiciousAddr</a></div><div class="ttdeci">bool reportSuspiciousAddr(ThreadScanReport *my_report, ULONGLONG susp_addr)</div><div class="ttdef"><b>Definition</b> <a href="#l00433">thread_scanner.cpp:433</a></div></div>
-<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_a4bb1f60bbf77e4faed6d288ef3e83b9f"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#a4bb1f60bbf77e4faed6d288ef3e83b9f">pesieve::ThreadScanner::fillCallStackInfo</a></div><div class="ttdeci">size_t fillCallStackInfo(IN HANDLE hProcess, IN HANDLE hThread, IN LPVOID ctx, IN OUT ctx_details &amp;cDetails)</div><div class="ttdef"><b>Definition</b> <a href="#l00268">thread_scanner.cpp:268</a></div></div>
-<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_a75c0be0ec6ea82b700f3ca5e846a0675"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#a75c0be0ec6ea82b700f3ca5e846a0675">pesieve::ThreadScanner::printThreadInfo</a></div><div class="ttdeci">void printThreadInfo(const util::thread_info &amp;threadi)</div><div class="ttdef"><b>Definition</b> <a href="#l00399">thread_scanner.cpp:399</a></div></div>
-<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_a79df00ed9c178f7eab47cbb8ee43dd42"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#a79df00ed9c178f7eab47cbb8ee43dd42">pesieve::ThreadScanner::fillAreaStats</a></div><div class="ttdeci">bool fillAreaStats(ThreadScanReport *my_report)</div><div class="ttdef"><b>Definition</b> <a href="#l00420">thread_scanner.cpp:420</a></div></div>
-<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_a912120f6549a8b27c3e8166ccd2511cf"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#a912120f6549a8b27c3e8166ccd2511cf">pesieve::ThreadScanner::isAddrInShellcode</a></div><div class="ttdeci">bool isAddrInShellcode(ULONGLONG addr)</div><div class="ttdef"><b>Definition</b> <a href="#l00357">thread_scanner.cpp:357</a></div></div>
-<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_aaaaef1f47c9746bbc346b00b7da57f6b"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#aaaaef1f47c9746bbc346b00b7da57f6b">pesieve::ThreadScanner::analyzeCallStack</a></div><div class="ttdeci">size_t analyzeCallStack(IN const std::vector&lt; ULONGLONG &gt; stack_frame, IN OUT ctx_details &amp;cDetails)</div><div class="ttdef"><b>Definition</b> <a href="#l00212">thread_scanner.cpp:212</a></div></div>
-<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_ab1cc74daf162025643c225c29cd8225b"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#ab1cc74daf162025643c225c29cd8225b">pesieve::ThreadScanner::fetchThreadCtxDetails</a></div><div class="ttdeci">bool fetchThreadCtxDetails(IN HANDLE hProcess, IN HANDLE hThread, OUT ctx_details &amp;c)</div><div class="ttdef"><b>Definition</b> <a href="#l00318">thread_scanner.cpp:318</a></div></div>
-<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_ac35db3f1ec2765f9dda550b04f0cb9ee"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#ac35db3f1ec2765f9dda550b04f0cb9ee">pesieve::ThreadScanner::printResolvedAddr</a></div><div class="ttdeci">bool printResolvedAddr(ULONGLONG addr)</div><div class="ttdef"><b>Definition</b> <a href="#l00369">thread_scanner.cpp:369</a></div></div>
-<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_ae1bd5026205bae8766930b5d26c7cedf"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#ae1bd5026205bae8766930b5d26c7cedf">pesieve::ThreadScanner::scanRemoteThreadCtx</a></div><div class="ttdeci">bool scanRemoteThreadCtx(HANDLE hThread, ThreadScanReport *my_report)</div><div class="ttdef"><b>Definition</b> <a href="#l00482">thread_scanner.cpp:482</a></div></div>
-<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_aed5b08704f3c1e96e9d8e00b05c7768f"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#aed5b08704f3c1e96e9d8e00b05c7768f">pesieve::ThreadScanner::checkReturnAddrIntegrity</a></div><div class="ttdeci">bool checkReturnAddrIntegrity(IN const std::vector&lt; ULONGLONG &gt; &amp;callStack)</div><div class="ttdef"><b>Definition</b> <a href="#l00172">thread_scanner.cpp:172</a></div></div>
+<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_a23839353374eedcda7c92b0c7ce6b3bf"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#a23839353374eedcda7c92b0c7ce6b3bf">pesieve::ThreadScanner::scanRemote</a></div><div class="ttdeci">virtual ThreadScanReport * scanRemote()</div><div class="ttdef"><b>Definition</b> <a href="#l00584">thread_scanner.cpp:584</a></div></div>
+<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_a36850edb808d4be733631fa2bcd3b7b4"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#a36850edb808d4be733631fa2bcd3b7b4">pesieve::ThreadScanner::reportSuspiciousAddr</a></div><div class="ttdeci">bool reportSuspiciousAddr(ThreadScanReport *my_report, ULONGLONG susp_addr)</div><div class="ttdef"><b>Definition</b> <a href="#l00443">thread_scanner.cpp:443</a></div></div>
+<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_a4bb1f60bbf77e4faed6d288ef3e83b9f"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#a4bb1f60bbf77e4faed6d288ef3e83b9f">pesieve::ThreadScanner::fillCallStackInfo</a></div><div class="ttdeci">size_t fillCallStackInfo(IN HANDLE hProcess, IN HANDLE hThread, IN LPVOID ctx, IN OUT ctx_details &amp;cDetails)</div><div class="ttdef"><b>Definition</b> <a href="#l00278">thread_scanner.cpp:278</a></div></div>
+<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_a75c0be0ec6ea82b700f3ca5e846a0675"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#a75c0be0ec6ea82b700f3ca5e846a0675">pesieve::ThreadScanner::printThreadInfo</a></div><div class="ttdeci">void printThreadInfo(const util::thread_info &amp;threadi)</div><div class="ttdef"><b>Definition</b> <a href="#l00409">thread_scanner.cpp:409</a></div></div>
+<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_a79df00ed9c178f7eab47cbb8ee43dd42"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#a79df00ed9c178f7eab47cbb8ee43dd42">pesieve::ThreadScanner::fillAreaStats</a></div><div class="ttdeci">bool fillAreaStats(ThreadScanReport *my_report)</div><div class="ttdef"><b>Definition</b> <a href="#l00430">thread_scanner.cpp:430</a></div></div>
+<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_a912120f6549a8b27c3e8166ccd2511cf"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#a912120f6549a8b27c3e8166ccd2511cf">pesieve::ThreadScanner::isAddrInShellcode</a></div><div class="ttdeci">bool isAddrInShellcode(ULONGLONG addr)</div><div class="ttdef"><b>Definition</b> <a href="#l00367">thread_scanner.cpp:367</a></div></div>
+<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_aaaaef1f47c9746bbc346b00b7da57f6b"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#aaaaef1f47c9746bbc346b00b7da57f6b">pesieve::ThreadScanner::analyzeCallStack</a></div><div class="ttdeci">size_t analyzeCallStack(IN const std::vector&lt; ULONGLONG &gt; stack_frame, IN OUT ctx_details &amp;cDetails)</div><div class="ttdef"><b>Definition</b> <a href="#l00222">thread_scanner.cpp:222</a></div></div>
+<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_ab1cc74daf162025643c225c29cd8225b"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#ab1cc74daf162025643c225c29cd8225b">pesieve::ThreadScanner::fetchThreadCtxDetails</a></div><div class="ttdeci">bool fetchThreadCtxDetails(IN HANDLE hProcess, IN HANDLE hThread, OUT ctx_details &amp;c)</div><div class="ttdef"><b>Definition</b> <a href="#l00328">thread_scanner.cpp:328</a></div></div>
+<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_ac35db3f1ec2765f9dda550b04f0cb9ee"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#ac35db3f1ec2765f9dda550b04f0cb9ee">pesieve::ThreadScanner::printResolvedAddr</a></div><div class="ttdeci">bool printResolvedAddr(ULONGLONG addr)</div><div class="ttdef"><b>Definition</b> <a href="#l00379">thread_scanner.cpp:379</a></div></div>
+<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_ae1bd5026205bae8766930b5d26c7cedf"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#ae1bd5026205bae8766930b5d26c7cedf">pesieve::ThreadScanner::scanRemoteThreadCtx</a></div><div class="ttdeci">bool scanRemoteThreadCtx(HANDLE hThread, ThreadScanReport *my_report)</div><div class="ttdef"><b>Definition</b> <a href="#l00492">thread_scanner.cpp:492</a></div></div>
+<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_aed5b08704f3c1e96e9d8e00b05c7768f"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#aed5b08704f3c1e96e9d8e00b05c7768f">pesieve::ThreadScanner::checkReturnAddrIntegrity</a></div><div class="ttdeci">bool checkReturnAddrIntegrity(IN const std::vector&lt; ULONGLONG &gt; &amp;callStack)</div><div class="ttdef"><b>Definition</b> <a href="#l00173">thread_scanner.cpp:173</a></div></div>
 <div class="ttc" id="amempage__data_8h_html"><div class="ttname"><a href="mempage__data_8h.html">mempage_data.h</a></div></div>
 <div class="ttc" id="anamespacepesieve_1_1util_html_a43b6faf00b6a97279f2d67f4a3fd2513"><div class="ttname"><a href="namespacepesieve_1_1util.html#a43b6faf00b6a97279f2d67f4a3fd2513">pesieve::util::is_process_wow64</a></div><div class="ttdeci">BOOL is_process_wow64(IN HANDLE processHandle, OUT BOOL *isProcWow64)</div><div class="ttdef"><b>Definition</b> <a href="process__util_8cpp_source.html#l00027">process_util.cpp:27</a></div></div>
-<div class="ttc" id="anamespacepesieve_1_1util_html_adafdd61439fc2750cec84fb15d59ecf8"><div class="ttname"><a href="namespacepesieve_1_1util.html#adafdd61439fc2750cec84fb15d59ecf8">pesieve::util::wow64_get_thread_context</a></div><div class="ttdeci">BOOL wow64_get_thread_context(IN HANDLE hThread, IN OUT PWOW64_CONTEXT lpContext)</div><div class="ttdef"><b>Definition</b> <a href="process__util_8cpp_source.html#l00073">process_util.cpp:73</a></div></div>
+<div class="ttc" id="anamespacepesieve_1_1util_html_a8d7eb7eb1b3e3c05251341d0c14d82be"><div class="ttname"><a href="namespacepesieve_1_1util.html#a8d7eb7eb1b3e3c05251341d0c14d82be">pesieve::util::is_current_wow64</a></div><div class="ttdeci">bool is_current_wow64()</div><div class="ttdef"><b>Definition</b> <a href="process__util_8cpp_source.html#l00073">process_util.cpp:73</a></div></div>
+<div class="ttc" id="anamespacepesieve_1_1util_html_adafdd61439fc2750cec84fb15d59ecf8"><div class="ttname"><a href="namespacepesieve_1_1util.html#adafdd61439fc2750cec84fb15d59ecf8">pesieve::util::wow64_get_thread_context</a></div><div class="ttdeci">BOOL wow64_get_thread_context(IN HANDLE hThread, IN OUT PWOW64_CONTEXT lpContext)</div><div class="ttdef"><b>Definition</b> <a href="process__util_8cpp_source.html#l00086">process_util.cpp:86</a></div></div>
 <div class="ttc" id="anamespacepesieve_html"><div class="ttname"><a href="namespacepesieve.html">pesieve</a></div><div class="ttdef"><b>Definition</b> <a href="pesieve_8py_source.html#l00001">pesieve.py:1</a></div></div>
 <div class="ttc" id="anamespacepesieve_html_a458a4723ce4aa55fd1033f3e36381883a898214572c7aff1aca29db4a3ec9856d"><div class="ttname"><a href="namespacepesieve.html#a458a4723ce4aa55fd1033f3e36381883a898214572c7aff1aca29db4a3ec9856d">pesieve::SCAN_NOT_SUSPICIOUS</a></div><div class="ttdeci">@ SCAN_NOT_SUSPICIOUS</div><div class="ttdef"><b>Definition</b> <a href="module__scan__report_8h_source.html#l00020">module_scan_report.h:20</a></div></div>
 <div class="ttc" id="anamespacepesieve_html_a458a4723ce4aa55fd1033f3e36381883aa8e008219c2ccce11f9d85b511f9b5a6"><div class="ttname"><a href="namespacepesieve.html#a458a4723ce4aa55fd1033f3e36381883aa8e008219c2ccce11f9d85b511f9b5a6">pesieve::SCAN_SUSPICIOUS</a></div><div class="ttdeci">@ SCAN_SUSPICIOUS</div><div class="ttdef"><b>Definition</b> <a href="module__scan__report_8h_source.html#l00022">module_scan_report.h:21</a></div></div>
@@ -830,13 +841,13 @@
 <div class="ttc" id="astructpesieve_1_1util_1_1__thread__info_html_a8ec77c6fa5aa1dc71802d52afdc37386"><div class="ttname"><a href="structpesieve_1_1util_1_1__thread__info.html#a8ec77c6fa5aa1dc71802d52afdc37386">pesieve::util::_thread_info::is_extended</a></div><div class="ttdeci">bool is_extended</div><div class="ttdef"><b>Definition</b> <a href="threads__util_8h_source.html#l00041">threads_util.h:41</a></div></div>
 <div class="ttc" id="astructpesieve_1_1util_1_1__thread__info_html_aa8f037bcc48e97319145006c5ceef188"><div class="ttname"><a href="structpesieve_1_1util_1_1__thread__info.html#aa8f037bcc48e97319145006c5ceef188">pesieve::util::_thread_info::ext</a></div><div class="ttdeci">thread_info_ext ext</div><div class="ttdef"><b>Definition</b> <a href="threads__util_8h_source.html#l00042">threads_util.h:42</a></div></div>
 <div class="ttc" id="asyscall__extractor_8h_html"><div class="ttname"><a href="syscall__extractor_8h.html">syscall_extractor.h</a></div></div>
-<div class="ttc" id="athread__scanner_8cpp_html_a20dfb89b6f97369747479fad5b4e764b"><div class="ttname"><a href="thread__scanner_8cpp.html#a20dfb89b6f97369747479fad5b4e764b">has_empty_gui_info</a></div><div class="ttdeci">bool has_empty_gui_info(DWORD tid)</div><div class="ttdef"><b>Definition</b> <a href="#l00118">thread_scanner.cpp:118</a></div></div>
+<div class="ttc" id="athread__scanner_8cpp_html_a20dfb89b6f97369747479fad5b4e764b"><div class="ttname"><a href="thread__scanner_8cpp.html#a20dfb89b6f97369747479fad5b4e764b">has_empty_gui_info</a></div><div class="ttdeci">bool has_empty_gui_info(DWORD tid)</div><div class="ttdef"><b>Definition</b> <a href="#l00119">thread_scanner.cpp:119</a></div></div>
 <div class="ttc" id="athread__scanner_8cpp_html_a5fd1bfb68319bb2bf608046d60a2e7a0"><div class="ttname"><a href="thread__scanner_8cpp.html#a5fd1bfb68319bb2bf608046d60a2e7a0">t_stack_enum_params</a></div><div class="ttdeci">struct _t_stack_enum_params t_stack_enum_params</div></div>
-<div class="ttc" id="athread__scanner_8cpp_html_a7b9ade21d4de016d2a048bf6cc42dbc0"><div class="ttname"><a href="thread__scanner_8cpp.html#a7b9ade21d4de016d2a048bf6cc42dbc0">get_page_details</a></div><div class="ttdeci">bool get_page_details(HANDLE processHandle, LPVOID start_va, MEMORY_BASIC_INFORMATION &amp;page_info)</div><div class="ttdef"><b>Definition</b> <a href="#l00056">thread_scanner.cpp:56</a></div></div>
-<div class="ttc" id="athread__scanner_8cpp_html_a8df4a00bf9eb5dfebad5cfe6c4248ffc"><div class="ttname"><a href="thread__scanner_8cpp.html#a8df4a00bf9eb5dfebad5cfe6c4248ffc">read_return_ptr</a></div><div class="ttdeci">bool read_return_ptr(IN HANDLE hProcess, IN OUT ctx_details &amp;cDetails)</div><div class="ttdef"><b>Definition</b> <a href="#l00308">thread_scanner.cpp:308</a></div></div>
-<div class="ttc" id="athread__scanner_8cpp_html_aae9f172c5997c8651c566511823bb19e"><div class="ttname"><a href="thread__scanner_8cpp.html#aae9f172c5997c8651c566511823bb19e">enum_stack_thread</a></div><div class="ttdeci">DWORD WINAPI enum_stack_thread(LPVOID lpParam)</div><div class="ttdef"><b>Definition</b> <a href="#l00069">thread_scanner.cpp:69</a></div></div>
+<div class="ttc" id="athread__scanner_8cpp_html_a7b9ade21d4de016d2a048bf6cc42dbc0"><div class="ttname"><a href="thread__scanner_8cpp.html#a7b9ade21d4de016d2a048bf6cc42dbc0">get_page_details</a></div><div class="ttdeci">bool get_page_details(HANDLE processHandle, LPVOID start_va, MEMORY_BASIC_INFORMATION &amp;page_info)</div><div class="ttdef"><b>Definition</b> <a href="#l00057">thread_scanner.cpp:57</a></div></div>
+<div class="ttc" id="athread__scanner_8cpp_html_a8df4a00bf9eb5dfebad5cfe6c4248ffc"><div class="ttname"><a href="thread__scanner_8cpp.html#a8df4a00bf9eb5dfebad5cfe6c4248ffc">read_return_ptr</a></div><div class="ttdeci">bool read_return_ptr(IN HANDLE hProcess, IN OUT ctx_details &amp;cDetails)</div><div class="ttdef"><b>Definition</b> <a href="#l00318">thread_scanner.cpp:318</a></div></div>
+<div class="ttc" id="athread__scanner_8cpp_html_aae9f172c5997c8651c566511823bb19e"><div class="ttname"><a href="thread__scanner_8cpp.html#aae9f172c5997c8651c566511823bb19e">enum_stack_thread</a></div><div class="ttdeci">DWORD WINAPI enum_stack_thread(LPVOID lpParam)</div><div class="ttdef"><b>Definition</b> <a href="#l00070">thread_scanner.cpp:70</a></div></div>
 <div class="ttc" id="athread__scanner_8cpp_html_acaf6cb2ff8299b9b3c55905f936d38a9"><div class="ttname"><a href="thread__scanner_8cpp.html#acaf6cb2ff8299b9b3c55905f936d38a9">ENTROPY_TRESHOLD</a></div><div class="ttdeci">#define ENTROPY_TRESHOLD</div><div class="ttdef"><b>Definition</b> <a href="#l00012">thread_scanner.cpp:12</a></div></div>
-<div class="ttc" id="athread__scanner_8cpp_html_acde231c42b9527dcc026402dcb8b9d87"><div class="ttname"><a href="thread__scanner_8cpp.html#acde231c42b9527dcc026402dcb8b9d87">should_scan_context</a></div><div class="ttdeci">bool should_scan_context(const util::thread_info &amp;info)</div><div class="ttdef"><b>Definition</b> <a href="#l00464">thread_scanner.cpp:464</a></div></div>
+<div class="ttc" id="athread__scanner_8cpp_html_acde231c42b9527dcc026402dcb8b9d87"><div class="ttname"><a href="thread__scanner_8cpp.html#acde231c42b9527dcc026402dcb8b9d87">should_scan_context</a></div><div class="ttdeci">bool should_scan_context(const util::thread_info &amp;info)</div><div class="ttdef"><b>Definition</b> <a href="#l00474">thread_scanner.cpp:474</a></div></div>
 <div class="ttc" id="athread__scanner_8cpp_html_ad9b41a5c4eaa3b01ef3ad5301c987c77"><div class="ttname"><a href="thread__scanner_8cpp.html#ad9b41a5c4eaa3b01ef3ad5301c987c77">g_SyscallTable</a></div><div class="ttdeci">pesieve::SyscallTable g_SyscallTable</div><div class="ttdef"><b>Definition</b> <a href="pe__sieve_8cpp_source.html#l00024">pe_sieve.cpp:24</a></div></div>
 <div class="ttc" id="athread__scanner_8h_html"><div class="ttname"><a href="thread__scanner_8h.html">thread_scanner.h</a></div></div>
 <div class="ttc" id="athreads__util_8h_html_aab88471ac182a9537e03a6724162d96d"><div class="ttname"><a href="threads__util_8h.html#aab88471ac182a9537e03a6724162d96d">INVALID_SYSCALL</a></div><div class="ttdeci">#define INVALID_SYSCALL</div><div class="ttdef"><b>Definition</b> <a href="threads__util_8h_source.html#l00006">threads_util.h:6</a></div></div>
diff --git a/thread__scanner_8h_source.html b/thread__scanner_8h_source.html
index 9155499ca..bb320319c 100644
--- a/thread__scanner_8h_source.html
+++ b/thread__scanner_8h_source.html
@@ -284,32 +284,32 @@
 <div class="ttc" id="aclasspesieve_1_1_thread_scan_report_html_a55f35dcaff1d2c423b6425c75f9074ab"><div class="ttname"><a href="classpesieve_1_1_thread_scan_report.html#a55f35dcaff1d2c423b6425c75f9074ab">pesieve::ThreadScanReport::fieldsToJSON</a></div><div class="ttdeci">virtual const void fieldsToJSON(std::stringstream &amp;outs, size_t level, const pesieve::t_json_level &amp;jdetails)</div><div class="ttdef"><b>Definition</b> <a href="#l00034">thread_scanner.h:34</a></div></div>
 <div class="ttc" id="aclasspesieve_1_1_thread_scan_report_html_a5a930aaa32e9de46d95b25018a373cbc"><div class="ttname"><a href="classpesieve_1_1_thread_scan_report.html#a5a930aaa32e9de46d95b25018a373cbc">pesieve::ThreadScanReport::susp_addr</a></div><div class="ttdeci">ULONGLONG susp_addr</div><div class="ttdef"><b>Definition</b> <a href="#l00087">thread_scanner.h:87</a></div></div>
 <div class="ttc" id="aclasspesieve_1_1_thread_scan_report_html_a5f807639cdc90411a6a4575c2091344d"><div class="ttname"><a href="classpesieve_1_1_thread_scan_report.html#a5f807639cdc90411a6a4575c2091344d">pesieve::ThreadScanReport::ThreadScanReport</a></div><div class="ttdeci">ThreadScanReport(DWORD _tid)</div><div class="ttdef"><b>Definition</b> <a href="#l00026">thread_scanner.h:26</a></div></div>
-<div class="ttc" id="aclasspesieve_1_1_thread_scan_report_html_a6d190b1f19a3a9fe2c81cd18abb6a72f"><div class="ttname"><a href="classpesieve_1_1_thread_scan_report.html#a6d190b1f19a3a9fe2c81cd18abb6a72f">pesieve::ThreadScanReport::translate_wait_reason</a></div><div class="ttdeci">static std::string translate_wait_reason(DWORD thread_wait_reason)</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8cpp_source.html#l00135">thread_scanner.cpp:135</a></div></div>
+<div class="ttc" id="aclasspesieve_1_1_thread_scan_report_html_a6d190b1f19a3a9fe2c81cd18abb6a72f"><div class="ttname"><a href="classpesieve_1_1_thread_scan_report.html#a6d190b1f19a3a9fe2c81cd18abb6a72f">pesieve::ThreadScanReport::translate_wait_reason</a></div><div class="ttdeci">static std::string translate_wait_reason(DWORD thread_wait_reason)</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8cpp_source.html#l00136">thread_scanner.cpp:136</a></div></div>
 <div class="ttc" id="aclasspesieve_1_1_thread_scan_report_html_a90299c6b3068c89765aad328825995c7"><div class="ttname"><a href="classpesieve_1_1_thread_scan_report.html#a90299c6b3068c89765aad328825995c7">pesieve::ThreadScanReport::THREAD_STATE_UNKNOWN</a></div><div class="ttdeci">static const DWORD THREAD_STATE_UNKNOWN</div><div class="ttdef"><b>Definition</b> <a href="#l00018">thread_scanner.h:18</a></div></div>
 <div class="ttc" id="aclasspesieve_1_1_thread_scan_report_html_aa0252899aa2dcf8aebb105a3b141f171"><div class="ttname"><a href="classpesieve_1_1_thread_scan_report.html#aa0252899aa2dcf8aebb105a3b141f171">pesieve::ThreadScanReport::THREAD_STATE_WAITING</a></div><div class="ttdeci">static const DWORD THREAD_STATE_WAITING</div><div class="ttdef"><b>Definition</b> <a href="#l00019">thread_scanner.h:19</a></div></div>
 <div class="ttc" id="aclasspesieve_1_1_thread_scan_report_html_aa4cc4cdcfd7be649a00dd57d46b70317"><div class="ttname"><a href="classpesieve_1_1_thread_scan_report.html#aa4cc4cdcfd7be649a00dd57d46b70317">pesieve::ThreadScanReport::thread_state</a></div><div class="ttdeci">DWORD thread_state</div><div class="ttdef"><b>Definition</b> <a href="#l00090">thread_scanner.h:90</a></div></div>
 <div class="ttc" id="aclasspesieve_1_1_thread_scan_report_html_acfe24bd84475b4de990f163e131a99e4"><div class="ttname"><a href="classpesieve_1_1_thread_scan_report.html#acfe24bd84475b4de990f163e131a99e4">pesieve::ThreadScanReport::thread_wait_reason</a></div><div class="ttdeci">DWORD thread_wait_reason</div><div class="ttdef"><b>Definition</b> <a href="#l00091">thread_scanner.h:91</a></div></div>
 <div class="ttc" id="aclasspesieve_1_1_thread_scan_report_html_af00f4e4ed6eb563a6e55c651e1bb552f"><div class="ttname"><a href="classpesieve_1_1_thread_scan_report.html#af00f4e4ed6eb563a6e55c651e1bb552f">pesieve::ThreadScanReport::toJSON</a></div><div class="ttdeci">virtual const bool toJSON(std::stringstream &amp;outs, size_t level, const pesieve::t_json_level &amp;jdetails)</div><div class="ttdef"><b>Definition</b> <a href="#l00077">thread_scanner.h:77</a></div></div>
-<div class="ttc" id="aclasspesieve_1_1_thread_scan_report_html_af30839203957e838bc299232e05ab735"><div class="ttname"><a href="classpesieve_1_1_thread_scan_report.html#af30839203957e838bc299232e05ab735">pesieve::ThreadScanReport::translate_thread_state</a></div><div class="ttdeci">static std::string translate_thread_state(DWORD thread_state)</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8cpp_source.html#l00151">thread_scanner.cpp:151</a></div></div>
+<div class="ttc" id="aclasspesieve_1_1_thread_scan_report_html_af30839203957e838bc299232e05ab735"><div class="ttname"><a href="classpesieve_1_1_thread_scan_report.html#af30839203957e838bc299232e05ab735">pesieve::ThreadScanReport::translate_thread_state</a></div><div class="ttdeci">static std::string translate_thread_state(DWORD thread_state)</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8cpp_source.html#l00152">thread_scanner.cpp:152</a></div></div>
 <div class="ttc" id="aclasspesieve_1_1_thread_scan_report_html_af76335a4fb14998bd3fb0540bfd35473"><div class="ttname"><a href="classpesieve_1_1_thread_scan_report.html#af76335a4fb14998bd3fb0540bfd35473">pesieve::ThreadScanReport::stack_ptr</a></div><div class="ttdeci">ULONGLONG stack_ptr</div><div class="ttdef"><b>Definition</b> <a href="#l00089">thread_scanner.h:89</a></div></div>
 <div class="ttc" id="aclasspesieve_1_1_thread_scanner_html"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html">pesieve::ThreadScanner</a></div><div class="ttdef"><b>Definition</b> <a href="#l00130">thread_scanner.h:130</a></div></div>
 <div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_a0b863bc69b85ae721666a1e3c6116937"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#a0b863bc69b85ae721666a1e3c6116937">pesieve::ThreadScanner::ThreadScanner</a></div><div class="ttdeci">ThreadScanner(HANDLE hProc, bool _isReflection, const util::thread_info &amp;_info, ModulesInfo &amp;_modulesInfo, peconv::ExportsMapper *_exportsMap, ProcessSymbolsManager *_symbols)</div><div class="ttdef"><b>Definition</b> <a href="#l00132">thread_scanner.h:132</a></div></div>
 <div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_a121637d2eb96737a16a8bd43d5017d2a"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#a121637d2eb96737a16a8bd43d5017d2a">pesieve::ThreadScanner::isReflection</a></div><div class="ttdeci">bool isReflection</div><div class="ttdef"><b>Definition</b> <a href="#l00152">thread_scanner.h:152</a></div></div>
-<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_a23839353374eedcda7c92b0c7ce6b3bf"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#a23839353374eedcda7c92b0c7ce6b3bf">pesieve::ThreadScanner::scanRemote</a></div><div class="ttdeci">virtual ThreadScanReport * scanRemote()</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8cpp_source.html#l00574">thread_scanner.cpp:574</a></div></div>
-<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_a36850edb808d4be733631fa2bcd3b7b4"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#a36850edb808d4be733631fa2bcd3b7b4">pesieve::ThreadScanner::reportSuspiciousAddr</a></div><div class="ttdeci">bool reportSuspiciousAddr(ThreadScanReport *my_report, ULONGLONG susp_addr)</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8cpp_source.html#l00433">thread_scanner.cpp:433</a></div></div>
-<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_a4bb1f60bbf77e4faed6d288ef3e83b9f"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#a4bb1f60bbf77e4faed6d288ef3e83b9f">pesieve::ThreadScanner::fillCallStackInfo</a></div><div class="ttdeci">size_t fillCallStackInfo(IN HANDLE hProcess, IN HANDLE hThread, IN LPVOID ctx, IN OUT ctx_details &amp;cDetails)</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8cpp_source.html#l00268">thread_scanner.cpp:268</a></div></div>
-<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_a75c0be0ec6ea82b700f3ca5e846a0675"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#a75c0be0ec6ea82b700f3ca5e846a0675">pesieve::ThreadScanner::printThreadInfo</a></div><div class="ttdeci">void printThreadInfo(const util::thread_info &amp;threadi)</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8cpp_source.html#l00399">thread_scanner.cpp:399</a></div></div>
-<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_a79df00ed9c178f7eab47cbb8ee43dd42"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#a79df00ed9c178f7eab47cbb8ee43dd42">pesieve::ThreadScanner::fillAreaStats</a></div><div class="ttdeci">bool fillAreaStats(ThreadScanReport *my_report)</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8cpp_source.html#l00420">thread_scanner.cpp:420</a></div></div>
-<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_a912120f6549a8b27c3e8166ccd2511cf"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#a912120f6549a8b27c3e8166ccd2511cf">pesieve::ThreadScanner::isAddrInShellcode</a></div><div class="ttdeci">bool isAddrInShellcode(ULONGLONG addr)</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8cpp_source.html#l00357">thread_scanner.cpp:357</a></div></div>
+<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_a23839353374eedcda7c92b0c7ce6b3bf"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#a23839353374eedcda7c92b0c7ce6b3bf">pesieve::ThreadScanner::scanRemote</a></div><div class="ttdeci">virtual ThreadScanReport * scanRemote()</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8cpp_source.html#l00584">thread_scanner.cpp:584</a></div></div>
+<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_a36850edb808d4be733631fa2bcd3b7b4"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#a36850edb808d4be733631fa2bcd3b7b4">pesieve::ThreadScanner::reportSuspiciousAddr</a></div><div class="ttdeci">bool reportSuspiciousAddr(ThreadScanReport *my_report, ULONGLONG susp_addr)</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8cpp_source.html#l00443">thread_scanner.cpp:443</a></div></div>
+<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_a4bb1f60bbf77e4faed6d288ef3e83b9f"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#a4bb1f60bbf77e4faed6d288ef3e83b9f">pesieve::ThreadScanner::fillCallStackInfo</a></div><div class="ttdeci">size_t fillCallStackInfo(IN HANDLE hProcess, IN HANDLE hThread, IN LPVOID ctx, IN OUT ctx_details &amp;cDetails)</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8cpp_source.html#l00278">thread_scanner.cpp:278</a></div></div>
+<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_a75c0be0ec6ea82b700f3ca5e846a0675"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#a75c0be0ec6ea82b700f3ca5e846a0675">pesieve::ThreadScanner::printThreadInfo</a></div><div class="ttdeci">void printThreadInfo(const util::thread_info &amp;threadi)</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8cpp_source.html#l00409">thread_scanner.cpp:409</a></div></div>
+<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_a79df00ed9c178f7eab47cbb8ee43dd42"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#a79df00ed9c178f7eab47cbb8ee43dd42">pesieve::ThreadScanner::fillAreaStats</a></div><div class="ttdeci">bool fillAreaStats(ThreadScanReport *my_report)</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8cpp_source.html#l00430">thread_scanner.cpp:430</a></div></div>
+<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_a912120f6549a8b27c3e8166ccd2511cf"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#a912120f6549a8b27c3e8166ccd2511cf">pesieve::ThreadScanner::isAddrInShellcode</a></div><div class="ttdeci">bool isAddrInShellcode(ULONGLONG addr)</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8cpp_source.html#l00367">thread_scanner.cpp:367</a></div></div>
 <div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_aa32fde697d92f5f545c9d2faa5ade268"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#aa32fde697d92f5f545c9d2faa5ade268">pesieve::ThreadScanner::exportsMap</a></div><div class="ttdeci">peconv::ExportsMapper * exportsMap</div><div class="ttdef"><b>Definition</b> <a href="#l00155">thread_scanner.h:155</a></div></div>
 <div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_aa4261219925db9cf54c61714dc5234b9"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#aa4261219925db9cf54c61714dc5234b9">pesieve::ThreadScanner::info</a></div><div class="ttdeci">const util::thread_info &amp; info</div><div class="ttdef"><b>Definition</b> <a href="#l00153">thread_scanner.h:153</a></div></div>
-<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_aaaaef1f47c9746bbc346b00b7da57f6b"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#aaaaef1f47c9746bbc346b00b7da57f6b">pesieve::ThreadScanner::analyzeCallStack</a></div><div class="ttdeci">size_t analyzeCallStack(IN const std::vector&lt; ULONGLONG &gt; stack_frame, IN OUT ctx_details &amp;cDetails)</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8cpp_source.html#l00212">thread_scanner.cpp:212</a></div></div>
-<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_ab1cc74daf162025643c225c29cd8225b"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#ab1cc74daf162025643c225c29cd8225b">pesieve::ThreadScanner::fetchThreadCtxDetails</a></div><div class="ttdeci">bool fetchThreadCtxDetails(IN HANDLE hProcess, IN HANDLE hThread, OUT ctx_details &amp;c)</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8cpp_source.html#l00318">thread_scanner.cpp:318</a></div></div>
-<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_ac35db3f1ec2765f9dda550b04f0cb9ee"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#ac35db3f1ec2765f9dda550b04f0cb9ee">pesieve::ThreadScanner::printResolvedAddr</a></div><div class="ttdeci">bool printResolvedAddr(ULONGLONG addr)</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8cpp_source.html#l00369">thread_scanner.cpp:369</a></div></div>
+<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_aaaaef1f47c9746bbc346b00b7da57f6b"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#aaaaef1f47c9746bbc346b00b7da57f6b">pesieve::ThreadScanner::analyzeCallStack</a></div><div class="ttdeci">size_t analyzeCallStack(IN const std::vector&lt; ULONGLONG &gt; stack_frame, IN OUT ctx_details &amp;cDetails)</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8cpp_source.html#l00222">thread_scanner.cpp:222</a></div></div>
+<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_ab1cc74daf162025643c225c29cd8225b"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#ab1cc74daf162025643c225c29cd8225b">pesieve::ThreadScanner::fetchThreadCtxDetails</a></div><div class="ttdeci">bool fetchThreadCtxDetails(IN HANDLE hProcess, IN HANDLE hThread, OUT ctx_details &amp;c)</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8cpp_source.html#l00328">thread_scanner.cpp:328</a></div></div>
+<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_ac35db3f1ec2765f9dda550b04f0cb9ee"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#ac35db3f1ec2765f9dda550b04f0cb9ee">pesieve::ThreadScanner::printResolvedAddr</a></div><div class="ttdeci">bool printResolvedAddr(ULONGLONG addr)</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8cpp_source.html#l00379">thread_scanner.cpp:379</a></div></div>
 <div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_ad455f81b20ec49dc2968d6f2db67ae13"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#ad455f81b20ec49dc2968d6f2db67ae13">pesieve::ThreadScanner::symbols</a></div><div class="ttdeci">ProcessSymbolsManager * symbols</div><div class="ttdef"><b>Definition</b> <a href="#l00156">thread_scanner.h:156</a></div></div>
-<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_ae1bd5026205bae8766930b5d26c7cedf"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#ae1bd5026205bae8766930b5d26c7cedf">pesieve::ThreadScanner::scanRemoteThreadCtx</a></div><div class="ttdeci">bool scanRemoteThreadCtx(HANDLE hThread, ThreadScanReport *my_report)</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8cpp_source.html#l00482">thread_scanner.cpp:482</a></div></div>
+<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_ae1bd5026205bae8766930b5d26c7cedf"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#ae1bd5026205bae8766930b5d26c7cedf">pesieve::ThreadScanner::scanRemoteThreadCtx</a></div><div class="ttdeci">bool scanRemoteThreadCtx(HANDLE hThread, ThreadScanReport *my_report)</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8cpp_source.html#l00492">thread_scanner.cpp:492</a></div></div>
 <div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_ae52ae17b09541a02b7be5c288eb220fd"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#ae52ae17b09541a02b7be5c288eb220fd">pesieve::ThreadScanner::modulesInfo</a></div><div class="ttdeci">ModulesInfo &amp; modulesInfo</div><div class="ttdef"><b>Definition</b> <a href="#l00154">thread_scanner.h:154</a></div></div>
-<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_aed5b08704f3c1e96e9d8e00b05c7768f"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#aed5b08704f3c1e96e9d8e00b05c7768f">pesieve::ThreadScanner::checkReturnAddrIntegrity</a></div><div class="ttdeci">bool checkReturnAddrIntegrity(IN const std::vector&lt; ULONGLONG &gt; &amp;callStack)</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8cpp_source.html#l00172">thread_scanner.cpp:172</a></div></div>
+<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_aed5b08704f3c1e96e9d8e00b05c7768f"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#aed5b08704f3c1e96e9d8e00b05c7768f">pesieve::ThreadScanner::checkReturnAddrIntegrity</a></div><div class="ttdeci">bool checkReturnAddrIntegrity(IN const std::vector&lt; ULONGLONG &gt; &amp;callStack)</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8cpp_source.html#l00173">thread_scanner.cpp:173</a></div></div>
 <div class="ttc" id="aclasspesieve_1_1t__json__level_html"><div class="ttname"><a href="classpesieve_1_1t__json__level.html">pesieve.t_json_level</a></div><div class="ttdef"><b>Definition</b> <a href="pesieve_8py_source.html#l00082">pesieve.py:82</a></div></div>
 <div class="ttc" id="aentropy__stats_8h_html"><div class="ttname"><a href="entropy__stats_8h.html">entropy_stats.h</a></div></div>
 <div class="ttc" id="aformat__util_8h_html_af8c1dc1f3ee7d070821c2490bba01a84"><div class="ttname"><a href="format__util_8h.html#af8c1dc1f3ee7d070821c2490bba01a84">OUT_PADDED</a></div><div class="ttdeci">#define OUT_PADDED(stream, field_size, str)</div><div class="ttdef"><b>Definition</b> <a href="format__util_8h_source.html#l00012">format_util.h:12</a></div></div>