diff --git a/classpesieve_1_1_artefact_scanner.html b/classpesieve_1_1_artefact_scanner.html
index aa362d37e..5ae01dcc5 100644
--- a/classpesieve_1_1_artefact_scanner.html
+++ b/classpesieve_1_1_artefact_scanner.html
@@ -1299,7 +1299,7 @@ <h2 class="memtitle"><span class="permalink"><a href="#a732749d6a208c45fad90e07f
 <area shape="rect" href="namespacepesieve_1_1util.html#aecb1f3f6930e417216ee31328ef26040" title=" " alt="" coords="408,63,528,103"/>
 <area shape="poly" title=" " alt="" coords="172,78,392,80,392,85,172,84"/>
 <area shape="rect" href="classpesieve_1_1_mem_page_data.html#a62761b9f793afc9190c4be58dc7b471d" title=" " alt="" coords="744,5,902,46"/>
-<area shape="poly" title=" " alt="" coords="172,67,219,62,497,40,728,27,729,32,497,45,220,67,172,72"/>
+<area shape="poly" title=" " alt="" coords="172,66,219,60,497,39,728,27,729,32,497,44,220,66,172,71"/>
 <area shape="rect" href="namespacepesieve_1_1util.html#a398c29ba09f057c86d7e2417234db62a" title=" " alt="" coords="220,117,360,158"/>
 <area shape="poly" title=" " alt="" coords="163,99,205,111,204,116,161,104"/>
 <area shape="rect" href="namespacepesieve_1_1util.html#a64072c72d2a3391e021c9f1d6eb60e97" title=" " alt="" coords="576,67,696,107"/>
diff --git a/classpesieve_1_1_artefact_scanner_a732749d6a208c45fad90e07f0c6da609_cgraph.map b/classpesieve_1_1_artefact_scanner_a732749d6a208c45fad90e07f0c6da609_cgraph.map
index 5650185e9..4bff21ee3 100644
--- a/classpesieve_1_1_artefact_scanner_a732749d6a208c45fad90e07f0c6da609_cgraph.map
+++ b/classpesieve_1_1_artefact_scanner_a732749d6a208c45fad90e07f0c6da609_cgraph.map
@@ -3,7 +3,7 @@
 <area shape="rect" id="Node000002" href="$namespacepesieve_1_1util.html#aecb1f3f6930e417216ee31328ef26040" title=" " alt="" coords="408,63,528,103"/>
 <area shape="poly" id="edge1_Node000001_Node000002" title=" " alt="" coords="172,78,392,80,392,85,172,84"/>
 <area shape="rect" id="Node000004" href="$classpesieve_1_1_mem_page_data.html#a62761b9f793afc9190c4be58dc7b471d" title=" " alt="" coords="744,5,902,46"/>
-<area shape="poly" id="edge7_Node000001_Node000004" title=" " alt="" coords="172,67,219,62,497,40,728,27,729,32,497,45,220,67,172,72"/>
+<area shape="poly" id="edge7_Node000001_Node000004" title=" " alt="" coords="172,66,219,60,497,39,728,27,729,32,497,44,220,66,172,71"/>
 <area shape="rect" id="Node000008" href="$namespacepesieve_1_1util.html#a398c29ba09f057c86d7e2417234db62a" title=" " alt="" coords="220,117,360,158"/>
 <area shape="poly" id="edge8_Node000001_Node000008" title=" " alt="" coords="163,99,205,111,204,116,161,104"/>
 <area shape="rect" id="Node000003" href="$namespacepesieve_1_1util.html#a64072c72d2a3391e021c9f1d6eb60e97" title=" " alt="" coords="576,67,696,107"/>
diff --git a/classpesieve_1_1_artefact_scanner_a732749d6a208c45fad90e07f0c6da609_cgraph.png b/classpesieve_1_1_artefact_scanner_a732749d6a208c45fad90e07f0c6da609_cgraph.png
index 425adec35..0dc80cdac 100644
Binary files a/classpesieve_1_1_artefact_scanner_a732749d6a208c45fad90e07f0c6da609_cgraph.png and b/classpesieve_1_1_artefact_scanner_a732749d6a208c45fad90e07f0c6da609_cgraph.png differ
diff --git a/classpesieve_1_1_process_scanner.html b/classpesieve_1_1_process_scanner.html
index a43a76219..c68a8ef88 100644
--- a/classpesieve_1_1_process_scanner.html
+++ b/classpesieve_1_1_process_scanner.html
@@ -358,7 +358,7 @@ <h2 class="memtitle"><span class="permalink"><a href="#a8f5f9ef11d71f271adbb261e
 <area shape="rect" href="classpesieve_1_1_process_scan_report.html#a3c0957c36cf674677e5b6610db8703ea" title=" " alt="" coords="222,240,410,281"/>
 <area shape="poly" title=" " alt="" coords="101,441,149,375,182,337,220,302,246,286,248,290,223,306,186,340,153,378,106,444"/>
 <area shape="rect" href="classpesieve_1_1_module_scan_report.html#a56c33c5d0e75abfa8edf5e4e3c3b2e63" title=" " alt="" coords="462,299,644,339"/>
-<area shape="poly" title=" " alt="" coords="112,440,160,403,189,384,221,369,277,350,335,336,445,321,446,326,336,341,278,355,223,373,192,389,163,407,115,444"/>
+<area shape="poly" title=" " alt="" coords="111,440,159,402,189,383,221,367,277,348,335,335,445,320,446,325,336,340,278,353,223,372,192,388,162,406,115,444"/>
 <area shape="rect" href="namespacepesieve_1_1util.html#aa85f1f0a0e6bca89adf99decf129714c" title=" " alt="" coords="486,364,619,389"/>
 <area shape="poly" title=" " alt="" coords="125,440,170,418,221,399,286,386,352,377,471,372,471,377,352,383,287,391,222,404,172,422,127,445"/>
 <area shape="rect" href="namespacepesieve_1_1util.html#a43b6faf00b6a97279f2d67f4a3fd2513" title=" " alt="" coords="237,413,395,454"/>
@@ -1010,7 +1010,7 @@ <h2 class="memtitle"><span class="permalink"><a href="#a2058c6be1e628a7a46a1a5dd
 <area shape="rect" href="namespacepesieve_1_1util.html#a539f415709cc4ca711a41118bed18c1f" title=" " alt="" coords="946,413,1084,454"/>
 <area shape="poly" title=" " alt="" coords="113,549,160,515,190,498,221,484,317,458,416,438,516,426,614,419,793,416,931,423,930,428,793,422,614,424,516,431,417,444,318,463,223,490,192,502,163,519,116,554"/>
 <area shape="rect" href="namespacepesieve_1_1util.html#ac533b9c8a18228f62223a0042c40f5ae" title=" " alt="" coords="1588,446,1732,472"/>
-<area shape="poly" title=" " alt="" coords="104,550,152,496,184,468,220,445,307,404,379,383,455,375,551,374,1235,374,1338,380,1439,397,1531,418,1604,438,1602,444,1530,423,1438,402,1337,386,1234,379,551,379,455,380,380,388,309,409,223,449,188,472,156,500,108,553"/>
+<area shape="poly" title=" " alt="" coords="104,550,152,496,184,467,220,443,307,403,379,382,455,375,551,374,1235,374,1338,380,1439,397,1531,418,1604,438,1602,444,1530,423,1438,402,1337,386,1234,379,551,379,455,380,380,387,309,408,223,448,187,471,155,500,108,553"/>
 <area shape="rect" href="namespacepesieve_1_1util.html#a8c6b940f49f776606ee1c88ba5f1982d" title=" " alt="" coords="252,499,380,539"/>
 <area shape="poly" title=" " alt="" coords="174,550,237,535,238,540,175,555"/>
 <area shape="rect" href="classpesieve_1_1_process_scan_report.html#aa8f38d2fdf0ebf4f5b0131d74d03565e" title=" " alt="" coords="222,700,410,741"/>
diff --git a/classpesieve_1_1_process_scanner_a2058c6be1e628a7a46a1a5dd989c49ad_cgraph.map b/classpesieve_1_1_process_scanner_a2058c6be1e628a7a46a1a5dd989c49ad_cgraph.map
index 2ccef121b..77c522be0 100644
--- a/classpesieve_1_1_process_scanner_a2058c6be1e628a7a46a1a5dd989c49ad_cgraph.map
+++ b/classpesieve_1_1_process_scanner_a2058c6be1e628a7a46a1a5dd989c49ad_cgraph.map
@@ -5,7 +5,7 @@
 <area shape="rect" id="Node000011" href="$namespacepesieve_1_1util.html#a539f415709cc4ca711a41118bed18c1f" title=" " alt="" coords="946,413,1084,454"/>
 <area shape="poly" id="edge10_Node000001_Node000011" title=" " alt="" coords="113,549,160,515,190,498,221,484,317,458,416,438,516,426,614,419,793,416,931,423,930,428,793,422,614,424,516,431,417,444,318,463,223,490,192,502,163,519,116,554"/>
 <area shape="rect" id="Node000012" href="$namespacepesieve_1_1util.html#ac533b9c8a18228f62223a0042c40f5ae" title=" " alt="" coords="1588,446,1732,472"/>
-<area shape="poly" id="edge12_Node000001_Node000012" title=" " alt="" coords="104,550,152,496,184,468,220,445,307,404,379,383,455,375,551,374,1235,374,1338,380,1439,397,1531,418,1604,438,1602,444,1530,423,1438,402,1337,386,1234,379,551,379,455,380,380,388,309,409,223,449,188,472,156,500,108,553"/>
+<area shape="poly" id="edge12_Node000001_Node000012" title=" " alt="" coords="104,550,152,496,184,467,220,443,307,403,379,382,455,375,551,374,1235,374,1338,380,1439,397,1531,418,1604,438,1602,444,1530,423,1438,402,1337,386,1234,379,551,379,455,380,380,387,309,408,223,448,187,471,155,500,108,553"/>
 <area shape="rect" id="Node000013" href="$namespacepesieve_1_1util.html#a8c6b940f49f776606ee1c88ba5f1982d" title=" " alt="" coords="252,499,380,539"/>
 <area shape="poly" id="edge13_Node000001_Node000013" title=" " alt="" coords="174,550,237,535,238,540,175,555"/>
 <area shape="rect" id="Node000015" href="$classpesieve_1_1_process_scan_report.html#aa8f38d2fdf0ebf4f5b0131d74d03565e" title=" " alt="" coords="222,700,410,741"/>
diff --git a/classpesieve_1_1_process_scanner_a2058c6be1e628a7a46a1a5dd989c49ad_cgraph.png b/classpesieve_1_1_process_scanner_a2058c6be1e628a7a46a1a5dd989c49ad_cgraph.png
index 431ff3618..47b6f07d4 100644
Binary files a/classpesieve_1_1_process_scanner_a2058c6be1e628a7a46a1a5dd989c49ad_cgraph.png and b/classpesieve_1_1_process_scanner_a2058c6be1e628a7a46a1a5dd989c49ad_cgraph.png differ
diff --git a/classpesieve_1_1_process_scanner_a8f5f9ef11d71f271adbb261efc4453f3_cgraph.map b/classpesieve_1_1_process_scanner_a8f5f9ef11d71f271adbb261efc4453f3_cgraph.map
index c65b9e618..d79fe9ebf 100644
--- a/classpesieve_1_1_process_scanner_a8f5f9ef11d71f271adbb261efc4453f3_cgraph.map
+++ b/classpesieve_1_1_process_scanner_a8f5f9ef11d71f271adbb261efc4453f3_cgraph.map
@@ -3,7 +3,7 @@
 <area shape="rect" id="Node000002" href="$classpesieve_1_1_process_scan_report.html#a3c0957c36cf674677e5b6610db8703ea" title=" " alt="" coords="222,240,410,281"/>
 <area shape="poly" id="edge1_Node000001_Node000002" title=" " alt="" coords="101,441,149,375,182,337,220,302,246,286,248,290,223,306,186,340,153,378,106,444"/>
 <area shape="rect" id="Node000010" href="$classpesieve_1_1_module_scan_report.html#a56c33c5d0e75abfa8edf5e4e3c3b2e63" title=" " alt="" coords="462,299,644,339"/>
-<area shape="poly" id="edge11_Node000001_Node000010" title=" " alt="" coords="112,440,160,403,189,384,221,369,277,350,335,336,445,321,446,326,336,341,278,355,223,373,192,389,163,407,115,444"/>
+<area shape="poly" id="edge11_Node000001_Node000010" title=" " alt="" coords="111,440,159,402,189,383,221,367,277,348,335,335,445,320,446,325,336,340,278,353,223,372,192,388,162,406,115,444"/>
 <area shape="rect" id="Node000011" href="$namespacepesieve_1_1util.html#aa85f1f0a0e6bca89adf99decf129714c" title=" " alt="" coords="486,364,619,389"/>
 <area shape="poly" id="edge10_Node000001_Node000011" title=" " alt="" coords="125,440,170,418,221,399,286,386,352,377,471,372,471,377,352,383,287,391,222,404,172,422,127,445"/>
 <area shape="rect" id="Node000012" href="$namespacepesieve_1_1util.html#a43b6faf00b6a97279f2d67f4a3fd2513" title=" " alt="" coords="237,413,395,454"/>
diff --git a/classpesieve_1_1_process_scanner_a8f5f9ef11d71f271adbb261efc4453f3_cgraph.png b/classpesieve_1_1_process_scanner_a8f5f9ef11d71f271adbb261efc4453f3_cgraph.png
index 5e0e0bc23..d6ad7e31c 100644
Binary files a/classpesieve_1_1_process_scanner_a8f5f9ef11d71f271adbb261efc4453f3_cgraph.png and b/classpesieve_1_1_process_scanner_a8f5f9ef11d71f271adbb261efc4453f3_cgraph.png differ
diff --git a/classpesieve_1_1_thread_scanner.html b/classpesieve_1_1_thread_scanner.html
index e0f68c9c7..c8e4cf335 100644
--- a/classpesieve_1_1_thread_scanner.html
+++ b/classpesieve_1_1_thread_scanner.html
@@ -161,7 +161,7 @@
 <a name="details" id="details"></a><h2 class="groupheader">Detailed Description</h2>
 <div class="textblock"><p>A scanner for threads Stack-scan inspired by the idea presented here: <a href="https://github.com/thefLink/Hunt-Sleeping-Beacons">https://github.com/thefLink/Hunt-Sleeping-Beacons</a> </p>
 
-<p class="definition">Definition at line <a class="el" href="thread__scanner_8h_source.html#l00122">122</a> of file <a class="el" href="thread__scanner_8h_source.html">thread_scanner.h</a>.</p>
+<p class="definition">Definition at line <a class="el" href="thread__scanner_8h_source.html#l00123">123</a> of file <a class="el" href="thread__scanner_8h_source.html">thread_scanner.h</a>.</p>
 </div><h2 class="groupheader">Constructor &amp; Destructor Documentation</h2>
 <a id="a0b863bc69b85ae721666a1e3c6116937" name="a0b863bc69b85ae721666a1e3c6116937"></a>
 <h2 class="memtitle"><span class="permalink"><a href="#a0b863bc69b85ae721666a1e3c6116937">&#9670;&#160;</a></span>ThreadScanner()</h2>
@@ -210,7 +210,7 @@ <h2 class="memtitle"><span class="permalink"><a href="#a0b863bc69b85ae721666a1e3
 </table>
 </div><div class="memdoc">
 
-<p class="definition">Definition at line <a class="el" href="thread__scanner_8h_source.html#l00124">124</a> of file <a class="el" href="thread__scanner_8h_source.html">thread_scanner.h</a>.</p>
+<p class="definition">Definition at line <a class="el" href="thread__scanner_8h_source.html#l00125">125</a> of file <a class="el" href="thread__scanner_8h_source.html">thread_scanner.h</a>.</p>
 
 </div>
 </div>
@@ -288,7 +288,7 @@ <h2 class="memtitle"><span class="permalink"><a href="#ab1cc74daf162025643c225c2
 </table>
 </div><div class="memdoc">
 
-<p class="definition">Definition at line <a class="el" href="thread__scanner_8cpp_source.html#l00229">229</a> of file <a class="el" href="thread__scanner_8cpp_source.html">thread_scanner.cpp</a>.</p>
+<p class="definition">Definition at line <a class="el" href="thread__scanner_8cpp_source.html#l00230">230</a> of file <a class="el" href="thread__scanner_8cpp_source.html">thread_scanner.cpp</a>.</p>
 <div class="dynheader">
 Here is the call graph for this function:</div>
 <div class="dyncontent">
@@ -333,7 +333,7 @@ <h2 class="memtitle"><span class="permalink"><a href="#a79df00ed9c178f7eab47cbb8
 </table>
 </div><div class="memdoc">
 
-<p class="definition">Definition at line <a class="el" href="thread__scanner_8cpp_source.html#l00336">336</a> of file <a class="el" href="thread__scanner_8cpp_source.html">thread_scanner.cpp</a>.</p>
+<p class="definition">Definition at line <a class="el" href="thread__scanner_8cpp_source.html#l00337">337</a> of file <a class="el" href="thread__scanner_8cpp_source.html">thread_scanner.cpp</a>.</p>
 <div class="dynheader">
 Here is the call graph for this function:</div>
 <div class="dyncontent">
@@ -408,7 +408,7 @@ <h2 class="memtitle"><span class="permalink"><a href="#a69820b7fd6f60e4f136b6d71
 </table>
 </div><div class="memdoc">
 
-<p class="definition">Definition at line <a class="el" href="thread__scanner_8cpp_source.html#l00194">194</a> of file <a class="el" href="thread__scanner_8cpp_source.html">thread_scanner.cpp</a>.</p>
+<p class="definition">Definition at line <a class="el" href="thread__scanner_8cpp_source.html#l00195">195</a> of file <a class="el" href="thread__scanner_8cpp_source.html">thread_scanner.cpp</a>.</p>
 <div class="dynheader">
 Here is the call graph for this function:</div>
 <div class="dyncontent">
@@ -445,7 +445,7 @@ <h2 class="memtitle"><span class="permalink"><a href="#a912120f6549a8b27c3e8166c
 </table>
 </div><div class="memdoc">
 
-<p class="definition">Definition at line <a class="el" href="thread__scanner_8cpp_source.html#l00263">263</a> of file <a class="el" href="thread__scanner_8cpp_source.html">thread_scanner.cpp</a>.</p>
+<p class="definition">Definition at line <a class="el" href="thread__scanner_8cpp_source.html#l00264">264</a> of file <a class="el" href="thread__scanner_8cpp_source.html">thread_scanner.cpp</a>.</p>
 <div class="dynheader">
 Here is the call graph for this function:</div>
 <div class="dyncontent">
@@ -482,7 +482,7 @@ <h2 class="memtitle"><span class="permalink"><a href="#ac35db3f1ec2765f9dda550b0
 </table>
 </div><div class="memdoc">
 
-<p class="definition">Definition at line <a class="el" href="thread__scanner_8cpp_source.html#l00275">275</a> of file <a class="el" href="thread__scanner_8cpp_source.html">thread_scanner.cpp</a>.</p>
+<p class="definition">Definition at line <a class="el" href="thread__scanner_8cpp_source.html#l00276">276</a> of file <a class="el" href="thread__scanner_8cpp_source.html">thread_scanner.cpp</a>.</p>
 <div class="dynheader">
 Here is the call graph for this function:</div>
 <div class="dyncontent">
@@ -519,7 +519,7 @@ <h2 class="memtitle"><span class="permalink"><a href="#a75c0be0ec6ea82b700f3ca5e
 </table>
 </div><div class="memdoc">
 
-<p class="definition">Definition at line <a class="el" href="thread__scanner_8cpp_source.html#l00305">305</a> of file <a class="el" href="thread__scanner_8cpp_source.html">thread_scanner.cpp</a>.</p>
+<p class="definition">Definition at line <a class="el" href="thread__scanner_8cpp_source.html#l00306">306</a> of file <a class="el" href="thread__scanner_8cpp_source.html">thread_scanner.cpp</a>.</p>
 <div class="dynheader">
 Here is the call graph for this function:</div>
 <div class="dyncontent">
@@ -562,7 +562,7 @@ <h2 class="memtitle"><span class="permalink"><a href="#a36850edb808d4be733631fa2
 </table>
 </div><div class="memdoc">
 
-<p class="definition">Definition at line <a class="el" href="thread__scanner_8cpp_source.html#l00349">349</a> of file <a class="el" href="thread__scanner_8cpp_source.html">thread_scanner.cpp</a>.</p>
+<p class="definition">Definition at line <a class="el" href="thread__scanner_8cpp_source.html#l00350">350</a> of file <a class="el" href="thread__scanner_8cpp_source.html">thread_scanner.cpp</a>.</p>
 <div class="dynheader">
 Here is the call graph for this function:</div>
 <div class="dyncontent">
@@ -604,7 +604,7 @@ <h2 class="memtitle"><span class="permalink"><a href="#a23839353374eedcda7c92b0c
 
 <p>Implements <a class="el" href="classpesieve_1_1_process_feature_scanner.html#a8c85491f592bbfe32e4906dddea8973f">pesieve::ProcessFeatureScanner</a>.</p>
 
-<p class="definition">Definition at line <a class="el" href="thread__scanner_8cpp_source.html#l00398">398</a> of file <a class="el" href="thread__scanner_8cpp_source.html">thread_scanner.cpp</a>.</p>
+<p class="definition">Definition at line <a class="el" href="thread__scanner_8cpp_source.html#l00399">399</a> of file <a class="el" href="thread__scanner_8cpp_source.html">thread_scanner.cpp</a>.</p>
 <div class="dynheader">
 Here is the call graph for this function:</div>
 <div class="dyncontent">
@@ -644,7 +644,7 @@ <h2 class="memtitle"><span class="permalink"><a href="#aa32fde697d92f5f545c9d2fa
 </table>
 </div><div class="memdoc">
 
-<p class="definition">Definition at line <a class="el" href="thread__scanner_8h_source.html#l00146">146</a> of file <a class="el" href="thread__scanner_8h_source.html">thread_scanner.h</a>.</p>
+<p class="definition">Definition at line <a class="el" href="thread__scanner_8h_source.html#l00147">147</a> of file <a class="el" href="thread__scanner_8h_source.html">thread_scanner.h</a>.</p>
 
 </div>
 </div>
@@ -668,7 +668,7 @@ <h2 class="memtitle"><span class="permalink"><a href="#aa4261219925db9cf54c61714
 </table>
 </div><div class="memdoc">
 
-<p class="definition">Definition at line <a class="el" href="thread__scanner_8h_source.html#l00144">144</a> of file <a class="el" href="thread__scanner_8h_source.html">thread_scanner.h</a>.</p>
+<p class="definition">Definition at line <a class="el" href="thread__scanner_8h_source.html#l00145">145</a> of file <a class="el" href="thread__scanner_8h_source.html">thread_scanner.h</a>.</p>
 
 </div>
 </div>
@@ -692,7 +692,7 @@ <h2 class="memtitle"><span class="permalink"><a href="#a121637d2eb96737a16a8bd43
 </table>
 </div><div class="memdoc">
 
-<p class="definition">Definition at line <a class="el" href="thread__scanner_8h_source.html#l00143">143</a> of file <a class="el" href="thread__scanner_8h_source.html">thread_scanner.h</a>.</p>
+<p class="definition">Definition at line <a class="el" href="thread__scanner_8h_source.html#l00144">144</a> of file <a class="el" href="thread__scanner_8h_source.html">thread_scanner.h</a>.</p>
 
 </div>
 </div>
@@ -716,7 +716,7 @@ <h2 class="memtitle"><span class="permalink"><a href="#ae52ae17b09541a02b7be5c28
 </table>
 </div><div class="memdoc">
 
-<p class="definition">Definition at line <a class="el" href="thread__scanner_8h_source.html#l00145">145</a> of file <a class="el" href="thread__scanner_8h_source.html">thread_scanner.h</a>.</p>
+<p class="definition">Definition at line <a class="el" href="thread__scanner_8h_source.html#l00146">146</a> of file <a class="el" href="thread__scanner_8h_source.html">thread_scanner.h</a>.</p>
 
 </div>
 </div>
@@ -740,7 +740,7 @@ <h2 class="memtitle"><span class="permalink"><a href="#ad455f81b20ec49dc2968d6f2
 </table>
 </div><div class="memdoc">
 
-<p class="definition">Definition at line <a class="el" href="thread__scanner_8h_source.html#l00147">147</a> of file <a class="el" href="thread__scanner_8h_source.html">thread_scanner.h</a>.</p>
+<p class="definition">Definition at line <a class="el" href="thread__scanner_8h_source.html#l00148">148</a> of file <a class="el" href="thread__scanner_8h_source.html">thread_scanner.h</a>.</p>
 
 </div>
 </div>
diff --git a/doxygen_crawl.html b/doxygen_crawl.html
index 5999d4ef1..21d2234ad 100644
--- a/doxygen_crawl.html
+++ b/doxygen_crawl.html
@@ -2490,11 +2490,12 @@
 <a href="structparams.html#af64777f36a67761e327b943ab53fd797"/>
 <a href="structpesieve_1_1__ctx__details.html"/>
 <a href="structpesieve_1_1__ctx__details.html#a0934e6ecb1c6e65150bfa4d4641cb517"/>
-<a href="structpesieve_1_1__ctx__details.html#a4b5f5a030c362877e2772ab3493e0d6f"/>
+<a href="structpesieve_1_1__ctx__details.html#a44ca7a32918f0eab5a8d9cf14080e0c0"/>
 <a href="structpesieve_1_1__ctx__details.html#a5868fc0792120aa74a5fab5ab1a5eeb6"/>
 <a href="structpesieve_1_1__ctx__details.html#a6dc0bc061045467c3d71b6644adf68b4"/>
 <a href="structpesieve_1_1__ctx__details.html#a8add5038bb0b71c10646482ba2bbcaaa"/>
 <a href="structpesieve_1_1__ctx__details.html#a973d23630a3057a9e1fc500c5bccb639"/>
+<a href="structpesieve_1_1__ctx__details.html#a98c61b583bcc9251354d2e199b1c5523"/>
 <a href="structpesieve_1_1__ctx__details.html#aabca56adbcd0155923d8e6b0e62599c5"/>
 <a href="structpesieve_1_1__ctx__details.html#ab19759b888e6034d29dcaf6cedeed9bd"/>
 <a href="structpesieve_1_1__ctx__details.html#ad0c5e14eb1bb6d1bef2421752eb5e298"/>
diff --git a/functions_l.html b/functions_l.html
index 08e494e03..2b3afac52 100644
--- a/functions_l.html
+++ b/functions_l.html
@@ -89,6 +89,7 @@
 <div class="textblock">Here is a list of all class members with links to the classes they belong to:</div>
 
 <h3><a id="index_l" name="index_l"></a>- l -</h3><ul>
+<li>last_ret&#160;:&#160;<a class="el" href="structpesieve_1_1__ctx__details.html#a98c61b583bcc9251354d2e199b1c5523">pesieve::_ctx_details</a></li>
 <li>lastStr&#160;:&#160;<a class="el" href="structpesieve_1_1_chunk_stats.html#aa3dd6619cda8fd6d7e6a0471a2ab9c26">pesieve::ChunkStats</a></li>
 <li>lastUsage&#160;:&#160;<a class="el" href="structpesieve_1_1_cached_module.html#ac346042e22490dec922835547a992e05">pesieve::CachedModule</a></li>
 <li>length&#160;:&#160;<a class="el" href="struct___p_a_r_a_m___s_t_r_i_n_g.html#a7996767bb0f2ac6ccfc42d6ddb210bcf">_PARAM_STRING</a></li>
diff --git a/functions_r.html b/functions_r.html
index 38108353b..29f9a67f8 100644
--- a/functions_r.html
+++ b/functions_r.html
@@ -140,7 +140,6 @@ <h3><a id="index_r" name="index_r"></a>- r -</h3><ul>
 <li>resolveHooksTargets()&#160;:&#160;<a class="el" href="classpesieve_1_1_process_scanner.html#a90626aea47ee92aebaf55cc7cf9f3b06">pesieve::ProcessScanner</a></li>
 <li>resolveTarget()&#160;:&#160;<a class="el" href="classpesieve_1_1_hook_target_resolver.html#a608ca9968909fbbb18a07af866ea47b1">pesieve::HookTargetResolver</a></li>
 <li>ResultsDumper&#160;:&#160;<a class="el" href="classpesieve_1_1_process_dump_report.html#a0e77b9b85b41616be4cfe0745cb94549">pesieve::ProcessDumpReport</a>, <a class="el" href="classpesieve_1_1_process_scan_report.html#a0e77b9b85b41616be4cfe0745cb94549">pesieve::ProcessScanReport</a>, <a class="el" href="classpesieve_1_1_results_dumper.html#a84cedbc87af0ee8b72f06fd7c6cb9b5a">pesieve::ResultsDumper</a></li>
-<li>ret_addr&#160;:&#160;<a class="el" href="structpesieve_1_1__ctx__details.html#a4b5f5a030c362877e2772ab3493e0d6f">pesieve::_ctx_details</a></li>
 <li>returned_hndl&#160;:&#160;<a class="el" href="structpesieve_1_1util_1_1t__refl__args.html#a2039cf10734a4e3f07e94e6068122729">pesieve::util::t_refl_args</a></li>
 <li>returned_pid&#160;:&#160;<a class="el" href="structpesieve_1_1util_1_1t__refl__args.html#a7e95cffd1d650f477bb1d64377f4f6d7">pesieve::util::t_refl_args</a></li>
 <li>rip&#160;:&#160;<a class="el" href="structpesieve_1_1__ctx__details.html#a6dc0bc061045467c3d71b6644adf68b4">pesieve::_ctx_details</a></li>
diff --git a/functions_s.html b/functions_s.html
index c6c6994f6..64a3743c4 100644
--- a/functions_s.html
+++ b/functions_s.html
@@ -129,6 +129,7 @@ <h3><a id="index_s" name="index_s"></a>- s -</h3><ul>
 <li>setSuspicious()&#160;:&#160;<a class="el" href="classpesieve_1_1_scanned_module.html#a1550cf5ee7a95ec2c1c17dc8627ad0bf">pesieve::ScannedModule</a></li>
 <li>setTableInPe()&#160;:&#160;<a class="el" href="classpesieve_1_1_import_table_buffer.html#abf53ddda82d5e91d4b9e1cf02b8043d6">pesieve::ImportTableBuffer</a></li>
 <li>settings&#160;:&#160;<a class="el" href="structpesieve_1_1_chunk_stats.html#a1268301237205e183a7fd2d097c70397">pesieve::ChunkStats</a></li>
+<li>shcCandidates&#160;:&#160;<a class="el" href="structpesieve_1_1__ctx__details.html#a44ca7a32918f0eab5a8d9cf14080e0c0">pesieve::_ctx_details</a></li>
 <li>SHELLC_COUNT&#160;:&#160;<a class="el" href="classpesieve_1_1t__shellc__mode.html#abb24e6cbf35bbad15709d7b7c4d21c71">pesieve.t_shellc_mode</a></li>
 <li>SHELLC_NONE&#160;:&#160;<a class="el" href="classpesieve_1_1t__shellc__mode.html#a7d4e9c7bdc63e28079f0a663287371aa">pesieve.t_shellc_mode</a></li>
 <li>SHELLC_PATTERNS&#160;:&#160;<a class="el" href="classpesieve_1_1t__shellc__mode.html#a4371c512776afe9e6faeac818be15c14">pesieve.t_shellc_mode</a></li>
diff --git a/functions_vars_l.html b/functions_vars_l.html
index 9aa570f65..fca887d69 100644
--- a/functions_vars_l.html
+++ b/functions_vars_l.html
@@ -89,6 +89,7 @@
 <div class="textblock">Here is a list of all variables with links to the classes they belong to:</div>
 
 <h3><a id="index_l" name="index_l"></a>- l -</h3><ul>
+<li>last_ret&#160;:&#160;<a class="el" href="structpesieve_1_1__ctx__details.html#a98c61b583bcc9251354d2e199b1c5523">pesieve::_ctx_details</a></li>
 <li>lastStr&#160;:&#160;<a class="el" href="structpesieve_1_1_chunk_stats.html#aa3dd6619cda8fd6d7e6a0471a2ab9c26">pesieve::ChunkStats</a></li>
 <li>lastUsage&#160;:&#160;<a class="el" href="structpesieve_1_1_cached_module.html#ac346042e22490dec922835547a992e05">pesieve::CachedModule</a></li>
 <li>length&#160;:&#160;<a class="el" href="struct___p_a_r_a_m___s_t_r_i_n_g.html#a7996767bb0f2ac6ccfc42d6ddb210bcf">_PARAM_STRING</a></li>
diff --git a/functions_vars_r.html b/functions_vars_r.html
index 48f232d77..272570b3b 100644
--- a/functions_vars_r.html
+++ b/functions_vars_r.html
@@ -108,7 +108,6 @@ <h3><a id="index_r" name="index_r"></a>- r -</h3><ul>
 <li>REPORT_NONE&#160;:&#160;<a class="el" href="classpesieve_1_1t__report__type.html#a5e5ae97a231a29dab3433dab0fcb3039">pesieve.t_report_type</a></li>
 <li>REPORT_SCANNED&#160;:&#160;<a class="el" href="classpesieve_1_1t__report__type.html#a33b01a2ea93a8cd6dec70841f1320929">pesieve.t_report_type</a></li>
 <li>reportsByType&#160;:&#160;<a class="el" href="classpesieve_1_1_process_scan_report.html#a85b6e8a39ec43b08a4f534dbd3f0589e">pesieve::ProcessScanReport</a></li>
-<li>ret_addr&#160;:&#160;<a class="el" href="structpesieve_1_1__ctx__details.html#a4b5f5a030c362877e2772ab3493e0d6f">pesieve::_ctx_details</a></li>
 <li>returned_hndl&#160;:&#160;<a class="el" href="structpesieve_1_1util_1_1t__refl__args.html#a2039cf10734a4e3f07e94e6068122729">pesieve::util::t_refl_args</a></li>
 <li>returned_pid&#160;:&#160;<a class="el" href="structpesieve_1_1util_1_1t__refl__args.html#a7e95cffd1d650f477bb1d64377f4f6d7">pesieve::util::t_refl_args</a></li>
 <li>rip&#160;:&#160;<a class="el" href="structpesieve_1_1__ctx__details.html#a6dc0bc061045467c3d71b6644adf68b4">pesieve::_ctx_details</a></li>
diff --git a/functions_vars_s.html b/functions_vars_s.html
index b7d451cf7..84e6038c8 100644
--- a/functions_vars_s.html
+++ b/functions_vars_s.html
@@ -99,6 +99,7 @@ <h3><a id="index_s" name="index_s"></a>- s -</h3><ul>
 <li>sectionRVA&#160;:&#160;<a class="el" href="classpesieve_1_1_patch_analyzer.html#a34eb7c1430a1851749e5e096e9a2dbfa">pesieve::PatchAnalyzer</a></li>
 <li>sectionToResult&#160;:&#160;<a class="el" href="classpesieve_1_1_code_scan_report.html#ade146d4d6dff33f669825e68d2d035da">pesieve::CodeScanReport</a></li>
 <li>settings&#160;:&#160;<a class="el" href="structpesieve_1_1_chunk_stats.html#a1268301237205e183a7fd2d097c70397">pesieve::ChunkStats</a></li>
+<li>shcCandidates&#160;:&#160;<a class="el" href="structpesieve_1_1__ctx__details.html#a44ca7a32918f0eab5a8d9cf14080e0c0">pesieve::_ctx_details</a></li>
 <li>SHELLC_COUNT&#160;:&#160;<a class="el" href="classpesieve_1_1t__shellc__mode.html#abb24e6cbf35bbad15709d7b7c4d21c71">pesieve.t_shellc_mode</a></li>
 <li>SHELLC_NONE&#160;:&#160;<a class="el" href="classpesieve_1_1t__shellc__mode.html#a7d4e9c7bdc63e28079f0a663287371aa">pesieve.t_shellc_mode</a></li>
 <li>SHELLC_PATTERNS&#160;:&#160;<a class="el" href="classpesieve_1_1t__shellc__mode.html#a4371c512776afe9e6faeac818be15c14">pesieve.t_shellc_mode</a></li>
diff --git a/graph_legend.png b/graph_legend.png
index 9fd8831bc..02fbdac86 100644
Binary files a/graph_legend.png and b/graph_legend.png differ
diff --git a/main_8cpp.html b/main_8cpp.html
index 5cff955d7..94bc6bc45 100644
--- a/main_8cpp.html
+++ b/main_8cpp.html
@@ -210,7 +210,7 @@ <h2 class="memtitle"><span class="permalink"><a href="#a0ddf1224851353fc92bfbff6
 <area shape="rect" href="namespacepesieve_1_1util.html#ac533b9c8a18228f62223a0042c40f5ae" title=" " alt="" coords="1030,590,1174,616"/>
 <area shape="poly" title=" " alt="" coords="901,1473,940,1405,962,1362,979,1317,1009,1217,1033,1115,1068,914,1088,743,1097,631,1102,631,1093,743,1074,915,1039,1116,1014,1219,985,1319,966,1364,945,1408,905,1475"/>
 <area shape="rect" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84" title="The string with the basic information about the scanner." alt="" coords="1056,178,1149,204"/>
-<area shape="poly" title=" " alt="" coords="206,452,259,394,335,324,437,245,486,217,552,190,669,154,718,144,764,139,861,142,982,156,1047,171,1046,176,982,162,860,147,764,145,718,149,670,159,554,195,488,222,440,249,339,328,263,398,210,456"/>
+<area shape="poly" title=" " alt="" coords="206,452,255,399,334,324,383,285,436,247,493,214,552,188,669,153,718,143,764,139,861,142,982,156,1047,171,1046,176,982,162,860,147,764,144,718,149,670,158,554,194,495,219,439,252,386,289,338,328,259,403,210,456"/>
 <area shape="rect" href="classpesieve_1_1_pattern_matcher.html#aa9f9be8560dec7e92b87ec382eced7e5" title=" " alt="" coords="340,927,502,967"/>
 <area shape="poly" title=" " alt="" coords="251,892,290,903,342,919,341,924,288,908,250,898"/>
 <area shape="rect" href="namespacepesieve.html#a524ac6f67849e07e19ece652e2d5dd4a" title=" " alt="" coords="343,992,499,1017"/>
@@ -226,7 +226,7 @@ <h2 class="memtitle"><span class="permalink"><a href="#a0ddf1224851353fc92bfbff6
 <area shape="rect" href="namespacepesieve.html#ab1f1c03c718b6eb265187467d8d37cce" title=" " alt="" coords="344,705,498,730"/>
 <area shape="poly" title=" " alt="" coords="214,866,388,738,392,742,217,870"/>
 <area shape="rect" href="namespacepesieve_1_1util.html#a7eca64fd4903e8fe4eebefd19e4a6614" title=" " alt="" coords="589,517,710,558"/>
-<area shape="poly" title=" " alt="" coords="199,868,214,824,241,762,282,695,307,664,335,637,392,600,455,574,517,555,573,544,575,549,519,560,457,579,395,605,339,641,311,668,286,698,246,764,219,826,204,869"/>
+<area shape="poly" title=" " alt="" coords="199,868,214,824,242,762,282,696,307,665,335,638,392,601,455,575,517,556,573,544,575,549,519,561,457,580,395,606,339,642,311,669,286,699,246,765,219,826,204,869"/>
 <area shape="rect" href="namespacepesieve_1_1util.html#ac39000bfb52a6dbdacb7a5b68bb21674" title=" " alt="" coords="581,583,718,623"/>
 <area shape="poly" title=" " alt="" coords="201,867,219,832,248,784,287,733,335,690,391,659,451,636,510,620,565,609,566,615,512,625,453,641,393,664,339,694,291,737,252,787,224,834,206,870"/>
 <area shape="rect" href="classpesieve_1_1_process_scanner.html#aefb7a8283826f88d60ba428fa155c0d4" title="The main function of ProcessScanner, deploying the scan. Throws exceptions in case of a failure." alt="" coords="337,861,505,902"/>
diff --git a/main_8cpp_a0ddf1224851353fc92bfbff6f499fa97_cgraph.map b/main_8cpp_a0ddf1224851353fc92bfbff6f499fa97_cgraph.map
index bca32143e..c1984e964 100644
--- a/main_8cpp_a0ddf1224851353fc92bfbff6f499fa97_cgraph.map
+++ b/main_8cpp_a0ddf1224851353fc92bfbff6f499fa97_cgraph.map
@@ -33,7 +33,7 @@
 <area shape="rect" id="Node000016" href="$namespacepesieve_1_1util.html#ac533b9c8a18228f62223a0042c40f5ae" title=" " alt="" coords="1030,590,1174,616"/>
 <area shape="poly" id="edge12_Node000015_Node000016" title=" " alt="" coords="901,1473,940,1405,962,1362,979,1317,1009,1217,1033,1115,1068,914,1088,743,1097,631,1102,631,1093,743,1074,915,1039,1116,1014,1219,985,1319,966,1364,945,1408,905,1475"/>
 <area shape="rect" id="Node000019" href="$namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84" title="The string with the basic information about the scanner." alt="" coords="1056,178,1149,204"/>
-<area shape="poly" id="edge14_Node000018_Node000019" title=" " alt="" coords="206,452,259,394,335,324,437,245,486,217,552,190,669,154,718,144,764,139,861,142,982,156,1047,171,1046,176,982,162,860,147,764,145,718,149,670,159,554,195,488,222,440,249,339,328,263,398,210,456"/>
+<area shape="poly" id="edge14_Node000018_Node000019" title=" " alt="" coords="206,452,255,399,334,324,383,285,436,247,493,214,552,188,669,153,718,143,764,139,861,142,982,156,1047,171,1046,176,982,162,860,147,764,144,718,149,670,158,554,194,495,219,439,252,386,289,338,328,259,403,210,456"/>
 <area shape="rect" id="Node000021" href="$classpesieve_1_1_pattern_matcher.html#aa9f9be8560dec7e92b87ec382eced7e5" title=" " alt="" coords="340,927,502,967"/>
 <area shape="poly" id="edge16_Node000020_Node000021" title=" " alt="" coords="251,892,290,903,342,919,341,924,288,908,250,898"/>
 <area shape="rect" id="Node000024" href="$namespacepesieve.html#a524ac6f67849e07e19ece652e2d5dd4a" title=" " alt="" coords="343,992,499,1017"/>
@@ -49,7 +49,7 @@
 <area shape="rect" id="Node000059" href="$namespacepesieve.html#ab1f1c03c718b6eb265187467d8d37cce" title=" " alt="" coords="344,705,498,730"/>
 <area shape="poly" id="edge49_Node000020_Node000059" title=" " alt="" coords="214,866,388,738,392,742,217,870"/>
 <area shape="rect" id="Node000066" href="$namespacepesieve_1_1util.html#a7eca64fd4903e8fe4eebefd19e4a6614" title=" " alt="" coords="589,517,710,558"/>
-<area shape="poly" id="edge57_Node000020_Node000066" title=" " alt="" coords="199,868,214,824,241,762,282,695,307,664,335,637,392,600,455,574,517,555,573,544,575,549,519,560,457,579,395,605,339,641,311,668,286,698,246,764,219,826,204,869"/>
+<area shape="poly" id="edge57_Node000020_Node000066" title=" " alt="" coords="199,868,214,824,242,762,282,696,307,665,335,638,392,601,455,575,517,556,573,544,575,549,519,561,457,580,395,606,339,642,311,669,286,699,246,765,219,826,204,869"/>
 <area shape="rect" id="Node000068" href="$namespacepesieve_1_1util.html#ac39000bfb52a6dbdacb7a5b68bb21674" title=" " alt="" coords="581,583,718,623"/>
 <area shape="poly" id="edge58_Node000020_Node000068" title=" " alt="" coords="201,867,219,832,248,784,287,733,335,690,391,659,451,636,510,620,565,609,566,615,512,625,453,641,393,664,339,694,291,737,252,787,224,834,206,870"/>
 <area shape="rect" id="Node000069" href="$classpesieve_1_1_process_scanner.html#aefb7a8283826f88d60ba428fa155c0d4" title="The main function of ProcessScanner, deploying the scan. Throws exceptions in case of a failure." alt="" coords="337,861,505,902"/>
diff --git a/main_8cpp_a0ddf1224851353fc92bfbff6f499fa97_cgraph.png b/main_8cpp_a0ddf1224851353fc92bfbff6f499fa97_cgraph.png
index 925ac02cc..2d7a509ee 100644
Binary files a/main_8cpp_a0ddf1224851353fc92bfbff6f499fa97_cgraph.png and b/main_8cpp_a0ddf1224851353fc92bfbff6f499fa97_cgraph.png differ
diff --git a/namespacepesieve.html b/namespacepesieve.html
index 920b0930a..5dfaa8a51 100644
--- a/namespacepesieve.html
+++ b/namespacepesieve.html
@@ -1714,7 +1714,7 @@ <h2 class="memtitle"><span class="permalink"><a href="#abbc56d07d9ca9ce478537f02
 <area shape="poly" title=" " alt="" coords="600,810,674,810,674,815,600,815"/>
 <area shape="rect" href="namespacepesieve_1_1util.html#a39356c7ae484d7b1dae7548ff4e50609" title=" " alt="" coords="681,734,854,760"/>
 <area shape="poly" title=" " alt="" coords="591,744,666,744,666,750,591,750"/>
-<area shape="poly" title=" " alt="" coords="339,436,386,455,438,471,556,500,650,518,696,521,744,518,798,510,861,495,891,484,921,470,970,438,973,442,923,474,894,489,862,500,799,515,744,524,696,526,649,523,555,506,436,476,384,460,337,441"/>
+<area shape="poly" title=" " alt="" coords="340,436,387,454,438,470,556,499,650,517,696,520,744,518,798,510,861,495,891,484,921,470,970,438,973,442,923,474,894,489,862,500,799,515,744,523,696,526,649,523,555,504,436,475,385,459,339,441"/>
 <area shape="rect" href="namespacepesieve_1_1util.html#aa85f1f0a0e6bca89adf99decf129714c" title=" " alt="" coords="701,460,834,485"/>
 <area shape="poly" title=" " alt="" coords="358,431,437,447,568,461,686,468,686,473,568,466,437,452,357,437"/>
 <area shape="rect" href="namespacepesieve_1_1util.html#a457aa5b713197197b574a0ab8c64555b" title=" " alt="" coords="456,397,606,438"/>
@@ -2273,7 +2273,7 @@ <h2 class="memtitle"><span class="permalink"><a href="#ad71d3d82e248bd37f2becabe
 <area shape="poly" title=" " alt="" coords="844,613,926,613,926,618,844,618"/>
 <area shape="rect" href="namespacepesieve_1_1util.html#ac533b9c8a18228f62223a0042c40f5ae" title=" " alt="" coords="1160,1229,1304,1255"/>
 <area shape="poly" title=" " alt="" coords="1075,631,1103,652,1129,698,1153,763,1173,842,1191,927,1217,1094,1231,1214,1225,1214,1211,1095,1185,928,1168,843,1148,765,1125,700,1099,656,1072,635"/>
-<area shape="poly" title=" " alt="" coords="597,710,677,696,743,685,802,673,905,652,954,651,1002,659,1051,680,1103,718,1117,733,1130,754,1154,810,1175,878,1192,954,1217,1104,1231,1214,1225,1214,1212,1105,1187,955,1170,880,1149,812,1126,757,1113,736,1099,721,1048,685,1000,664,953,656,906,658,803,678,744,691,678,701,598,716"/>
+<area shape="poly" title=" " alt="" coords="597,710,677,696,743,685,802,673,905,652,953,650,1001,658,1051,679,1103,716,1117,732,1131,753,1155,809,1175,877,1192,953,1217,1103,1231,1214,1225,1214,1212,1104,1187,954,1170,879,1150,810,1126,756,1113,735,1099,720,1048,684,1000,663,953,655,906,657,803,678,744,691,678,701,598,716"/>
 <area shape="rect" href="namespacepesieve_1_1util.html#aa85f1f0a0e6bca89adf99decf129714c" title=" " alt="" coords="941,1027,1074,1052"/>
 <area shape="poly" title=" " alt="" coords="565,749,679,825,773,880,867,936,978,1015,975,1019,864,940,770,885,676,830,562,753"/>
 <area shape="rect" href="namespacepesieve_1_1util.html#a457aa5b713197197b574a0ab8c64555b" title=" " alt="" coords="696,710,847,750"/>
diff --git a/namespacepesieve_abbc56d07d9ca9ce478537f02e33e9c49_cgraph.map b/namespacepesieve_abbc56d07d9ca9ce478537f02e33e9c49_cgraph.map
index 441d974fa..a3c8c87d5 100644
--- a/namespacepesieve_abbc56d07d9ca9ce478537f02e33e9c49_cgraph.map
+++ b/namespacepesieve_abbc56d07d9ca9ce478537f02e33e9c49_cgraph.map
@@ -52,7 +52,7 @@
 <area shape="poly" id="edge22_Node000019_Node000020" title=" " alt="" coords="600,810,674,810,674,815,600,815"/>
 <area shape="rect" id="Node000023" href="$namespacepesieve_1_1util.html#a39356c7ae484d7b1dae7548ff4e50609" title=" " alt="" coords="681,734,854,760"/>
 <area shape="poly" id="edge25_Node000022_Node000023" title=" " alt="" coords="591,744,666,744,666,750,591,750"/>
-<area shape="poly" id="edge29_Node000025_Node000009" title=" " alt="" coords="339,436,386,455,438,471,556,500,650,518,696,521,744,518,798,510,861,495,891,484,921,470,970,438,973,442,923,474,894,489,862,500,799,515,744,524,696,526,649,523,555,506,436,476,384,460,337,441"/>
+<area shape="poly" id="edge29_Node000025_Node000009" title=" " alt="" coords="340,436,387,454,438,470,556,499,650,517,696,520,744,518,798,510,861,495,891,484,921,470,970,438,973,442,923,474,894,489,862,500,799,515,744,523,696,526,649,523,555,504,436,475,385,459,339,441"/>
 <area shape="rect" id="Node000026" href="$namespacepesieve_1_1util.html#aa85f1f0a0e6bca89adf99decf129714c" title=" " alt="" coords="701,460,834,485"/>
 <area shape="poly" id="edge28_Node000025_Node000026" title=" " alt="" coords="358,431,437,447,568,461,686,468,686,473,568,466,437,452,357,437"/>
 <area shape="rect" id="Node000027" href="$namespacepesieve_1_1util.html#a457aa5b713197197b574a0ab8c64555b" title=" " alt="" coords="456,397,606,438"/>
diff --git a/namespacepesieve_abbc56d07d9ca9ce478537f02e33e9c49_cgraph.png b/namespacepesieve_abbc56d07d9ca9ce478537f02e33e9c49_cgraph.png
index 4b76c7f53..93550e142 100644
Binary files a/namespacepesieve_abbc56d07d9ca9ce478537f02e33e9c49_cgraph.png and b/namespacepesieve_abbc56d07d9ca9ce478537f02e33e9c49_cgraph.png differ
diff --git a/namespacepesieve_ad71d3d82e248bd37f2becabe0ca00f55_cgraph.map b/namespacepesieve_ad71d3d82e248bd37f2becabe0ca00f55_cgraph.map
index 5f56185eb..6f3b658ad 100644
--- a/namespacepesieve_ad71d3d82e248bd37f2becabe0ca00f55_cgraph.map
+++ b/namespacepesieve_ad71d3d82e248bd37f2becabe0ca00f55_cgraph.map
@@ -63,7 +63,7 @@
 <area shape="poly" id="edge19_Node000022_Node000023" title=" " alt="" coords="844,613,926,613,926,618,844,618"/>
 <area shape="rect" id="Node000015" href="$namespacepesieve_1_1util.html#ac533b9c8a18228f62223a0042c40f5ae" title=" " alt="" coords="1160,1229,1304,1255"/>
 <area shape="poly" id="edge20_Node000023_Node000015" title=" " alt="" coords="1075,631,1103,652,1129,698,1153,763,1173,842,1191,927,1217,1094,1231,1214,1225,1214,1211,1095,1185,928,1168,843,1148,765,1125,700,1099,656,1072,635"/>
-<area shape="poly" id="edge28_Node000031_Node000015" title=" " alt="" coords="597,710,677,696,743,685,802,673,905,652,954,651,1002,659,1051,680,1103,718,1117,733,1130,754,1154,810,1175,878,1192,954,1217,1104,1231,1214,1225,1214,1212,1105,1187,955,1170,880,1149,812,1126,757,1113,736,1099,721,1048,685,1000,664,953,656,906,658,803,678,744,691,678,701,598,716"/>
+<area shape="poly" id="edge28_Node000031_Node000015" title=" " alt="" coords="597,710,677,696,743,685,802,673,905,652,953,650,1001,658,1051,679,1103,716,1117,732,1131,753,1155,809,1175,877,1192,953,1217,1103,1231,1214,1225,1214,1212,1104,1187,954,1170,879,1150,810,1126,756,1113,735,1099,720,1048,684,1000,663,953,655,906,657,803,678,744,691,678,701,598,716"/>
 <area shape="rect" id="Node000032" href="$namespacepesieve_1_1util.html#aa85f1f0a0e6bca89adf99decf129714c" title=" " alt="" coords="941,1027,1074,1052"/>
 <area shape="poly" id="edge27_Node000031_Node000032" title=" " alt="" coords="565,749,679,825,773,880,867,936,978,1015,975,1019,864,940,770,885,676,830,562,753"/>
 <area shape="rect" id="Node000033" href="$namespacepesieve_1_1util.html#a457aa5b713197197b574a0ab8c64555b" title=" " alt="" coords="696,710,847,750"/>
diff --git a/namespacepesieve_ad71d3d82e248bd37f2becabe0ca00f55_cgraph.png b/namespacepesieve_ad71d3d82e248bd37f2becabe0ca00f55_cgraph.png
index 90250b03c..4d0f3edd2 100644
Binary files a/namespacepesieve_ad71d3d82e248bd37f2becabe0ca00f55_cgraph.png and b/namespacepesieve_ad71d3d82e248bd37f2becabe0ca00f55_cgraph.png differ
diff --git a/pe__sieve__api_8cpp.html b/pe__sieve__api_8cpp.html
index ece2488b4..eaf8a8e54 100644
--- a/pe__sieve__api_8cpp.html
+++ b/pe__sieve__api_8cpp.html
@@ -298,7 +298,7 @@ <h2 class="memtitle"><span class="permalink"><a href="#ab5ff4b4b18f55c344f1b946b
 <area shape="rect" href="namespacepesieve_1_1util.html#a7eca64fd4903e8fe4eebefd19e4a6614" title=" " alt="" coords="640,920,761,961"/>
 <area shape="poly" title=" " alt="" coords="323,1023,625,955,626,960,324,1028"/>
 <area shape="rect" href="namespacepesieve_1_1util.html#ac39000bfb52a6dbdacb7a5b68bb21674" title=" " alt="" coords="872,1281,1010,1322"/>
-<area shape="poly" title=" " alt="" coords="293,1050,396,1101,500,1151,605,1195,738,1241,858,1277,857,1282,736,1246,603,1200,497,1156,394,1105,290,1055"/>
+<area shape="poly" title=" " alt="" coords="293,1050,396,1099,500,1150,605,1195,738,1241,858,1277,857,1282,736,1246,603,1200,497,1155,394,1104,291,1055"/>
 <area shape="rect" href="classpesieve_1_1_process_scanner.html#aefb7a8283826f88d60ba428fa155c0d4" title="The main function of ProcessScanner, deploying the scan. Throws exceptions in case of a failure." alt="" coords="616,765,785,806"/>
 <area shape="poly" title=" " alt="" coords="286,1023,649,812,652,816,289,1028"/>
 <area shape="rect" href="namespacepesieve.html#a1b4dba41ddf56a7365eefc3cab744572" title=" " alt="" coords="618,1453,783,1478"/>
@@ -342,7 +342,7 @@ <h2 class="memtitle"><span class="permalink"><a href="#ab5ff4b4b18f55c344f1b946b
 <area shape="rect" href="namespacepesieve_1_1util.html#aa85f1f0a0e6bca89adf99decf129714c" title=" " alt="" coords="1112,937,1245,963"/>
 <area shape="poly" title=" " alt="" coords="762,893,845,922,911,933,977,940,1097,947,1097,952,977,945,910,938,844,927,760,898"/>
 <area shape="rect" href="namespacepesieve_1_1util.html#ac533b9c8a18228f62223a0042c40f5ae" title=" " alt="" coords="1320,1210,1465,1236"/>
-<area shape="poly" title=" " alt="" coords="745,852,771,836,795,816,809,792,815,769,823,747,843,727,884,714,937,710,999,714,1066,725,1131,742,1190,763,1240,788,1274,814,1309,860,1337,911,1357,965,1372,1019,1389,1120,1394,1195,1389,1195,1384,1121,1367,1020,1352,966,1332,913,1305,863,1270,818,1237,792,1188,768,1129,747,1064,730,999,719,937,715,885,719,846,732,828,750,820,771,814,795,799,819,774,840,748,856"/>
+<area shape="poly" title=" " alt="" coords="745,852,771,836,795,816,809,792,815,769,823,747,843,727,884,714,937,710,999,714,1065,725,1131,741,1190,762,1240,787,1274,813,1309,859,1337,910,1358,964,1373,1018,1389,1120,1394,1194,1389,1195,1384,1120,1368,1019,1353,965,1332,912,1305,862,1270,817,1237,791,1188,767,1129,746,1064,730,999,719,937,715,885,719,846,732,828,750,820,771,814,795,799,819,774,840,748,856"/>
 <area shape="rect" href="namespacepesieve_1_1util.html#a457aa5b713197197b574a0ab8c64555b" title=" " alt="" coords="866,872,1016,913"/>
 <area shape="poly" title=" " alt="" coords="764,877,850,883,850,888,764,882"/>
 <area shape="poly" title=" " alt="" coords="766,886,783,895,799,906,812,923,820,939,827,970,831,1003,837,1019,847,1037,871,1066,898,1090,895,1094,867,1069,842,1041,832,1022,826,1004,821,971,815,941,808,926,795,910,780,899,763,891"/>
@@ -387,7 +387,7 @@ <h2 class="memtitle"><span class="permalink"><a href="#ab5ff4b4b18f55c344f1b946b
 <area shape="rect" href="namespacepesieve_1_1util.html#a015be6a0937814caf43586043817d922" title=" " alt="" coords="862,807,1020,847"/>
 <area shape="poly" title=" " alt="" coords="786,798,846,808,845,813,785,803"/>
 <area shape="poly" title=" " alt="" coords="1012,779,1038,793,1077,823,1112,858,1162,922,1158,926,1108,862,1074,827,1036,797,1009,783"/>
-<area shape="poly" title=" " alt="" coords="1011,766,1073,779,1144,800,1213,833,1245,855,1274,880,1305,917,1329,958,1349,1002,1364,1047,1384,1131,1392,1194,1387,1195,1378,1132,1359,1048,1344,1004,1325,961,1300,920,1270,884,1242,859,1211,838,1142,805,1072,784,1010,772"/>
+<area shape="poly" title=" " alt="" coords="1011,766,1073,778,1144,799,1213,832,1245,853,1274,878,1305,915,1330,957,1349,1001,1365,1046,1384,1130,1392,1194,1387,1195,1379,1131,1359,1048,1344,1003,1325,959,1300,919,1270,882,1242,858,1211,837,1142,804,1072,783,1010,771"/>
 <area shape="poly" title=" " alt="" coords="1009,845,1038,858,1098,892,1149,925,1146,930,1095,896,1036,863,1007,850"/>
 </map>
 </div>
diff --git a/pe__sieve__api_8cpp_ab5ff4b4b18f55c344f1b946b9d9eb47b_cgraph.map b/pe__sieve__api_8cpp_ab5ff4b4b18f55c344f1b946b9d9eb47b_cgraph.map
index fb5c55e2b..ff22d33de 100644
--- a/pe__sieve__api_8cpp_ab5ff4b4b18f55c344f1b946b9d9eb47b_cgraph.map
+++ b/pe__sieve__api_8cpp_ab5ff4b4b18f55c344f1b946b9d9eb47b_cgraph.map
@@ -31,7 +31,7 @@
 <area shape="rect" id="Node000059" href="$namespacepesieve_1_1util.html#a7eca64fd4903e8fe4eebefd19e4a6614" title=" " alt="" coords="640,920,761,961"/>
 <area shape="poly" id="edge62_Node000009_Node000059" title=" " alt="" coords="323,1023,625,955,626,960,324,1028"/>
 <area shape="rect" id="Node000061" href="$namespacepesieve_1_1util.html#ac39000bfb52a6dbdacb7a5b68bb21674" title=" " alt="" coords="872,1281,1010,1322"/>
-<area shape="poly" id="edge63_Node000009_Node000061" title=" " alt="" coords="293,1050,396,1101,500,1151,605,1195,738,1241,858,1277,857,1282,736,1246,603,1200,497,1156,394,1105,290,1055"/>
+<area shape="poly" id="edge63_Node000009_Node000061" title=" " alt="" coords="293,1050,396,1099,500,1150,605,1195,738,1241,858,1277,857,1282,736,1246,603,1200,497,1155,394,1104,291,1055"/>
 <area shape="rect" id="Node000062" href="$classpesieve_1_1_process_scanner.html#aefb7a8283826f88d60ba428fa155c0d4" title="The main function of ProcessScanner, deploying the scan. Throws exceptions in case of a failure." alt="" coords="616,765,785,806"/>
 <area shape="poly" id="edge66_Node000009_Node000062" title=" " alt="" coords="286,1023,649,812,652,816,289,1028"/>
 <area shape="rect" id="Node000011" href="$namespacepesieve.html#a1b4dba41ddf56a7365eefc3cab744572" title=" " alt="" coords="618,1453,783,1478"/>
@@ -75,7 +75,7 @@
 <area shape="rect" id="Node000038" href="$namespacepesieve_1_1util.html#aa85f1f0a0e6bca89adf99decf129714c" title=" " alt="" coords="1112,937,1245,963"/>
 <area shape="poly" id="edge32_Node000037_Node000038" title=" " alt="" coords="762,893,845,922,911,933,977,940,1097,947,1097,952,977,945,910,938,844,927,760,898"/>
 <area shape="rect" id="Node000023" href="$namespacepesieve_1_1util.html#ac533b9c8a18228f62223a0042c40f5ae" title=" " alt="" coords="1320,1210,1465,1236"/>
-<area shape="poly" id="edge33_Node000037_Node000023" title=" " alt="" coords="745,852,771,836,795,816,809,792,815,769,823,747,843,727,884,714,937,710,999,714,1066,725,1131,742,1190,763,1240,788,1274,814,1309,860,1337,911,1357,965,1372,1019,1389,1120,1394,1195,1389,1195,1384,1121,1367,1020,1352,966,1332,913,1305,863,1270,818,1237,792,1188,768,1129,747,1064,730,999,719,937,715,885,719,846,732,828,750,820,771,814,795,799,819,774,840,748,856"/>
+<area shape="poly" id="edge33_Node000037_Node000023" title=" " alt="" coords="745,852,771,836,795,816,809,792,815,769,823,747,843,727,884,714,937,710,999,714,1065,725,1131,741,1190,762,1240,787,1274,813,1309,859,1337,910,1358,964,1373,1018,1389,1120,1394,1194,1389,1195,1384,1120,1368,1019,1353,965,1332,912,1305,862,1270,817,1237,791,1188,767,1129,746,1064,730,999,719,937,715,885,719,846,732,828,750,820,771,814,795,799,819,774,840,748,856"/>
 <area shape="rect" id="Node000039" href="$namespacepesieve_1_1util.html#a457aa5b713197197b574a0ab8c64555b" title=" " alt="" coords="866,872,1016,913"/>
 <area shape="poly" id="edge34_Node000037_Node000039" title=" " alt="" coords="764,877,850,883,850,888,764,882"/>
 <area shape="poly" id="edge37_Node000037_Node000040" title=" " alt="" coords="766,886,783,895,799,906,812,923,820,939,827,970,831,1003,837,1019,847,1037,871,1066,898,1090,895,1094,867,1069,842,1041,832,1022,826,1004,821,971,815,941,808,926,795,910,780,899,763,891"/>
@@ -120,6 +120,6 @@
 <area shape="rect" id="Node000067" href="$namespacepesieve_1_1util.html#a015be6a0937814caf43586043817d922" title=" " alt="" coords="862,807,1020,847"/>
 <area shape="poly" id="edge71_Node000062_Node000067" title=" " alt="" coords="786,798,846,808,845,813,785,803"/>
 <area shape="poly" id="edge69_Node000063_Node000038" title=" " alt="" coords="1012,779,1038,793,1077,823,1112,858,1162,922,1158,926,1108,862,1074,827,1036,797,1009,783"/>
-<area shape="poly" id="edge70_Node000063_Node000023" title=" " alt="" coords="1011,766,1073,779,1144,800,1213,833,1245,855,1274,880,1305,917,1329,958,1349,1002,1364,1047,1384,1131,1392,1194,1387,1195,1378,1132,1359,1048,1344,1004,1325,961,1300,920,1270,884,1242,859,1211,838,1142,805,1072,784,1010,772"/>
+<area shape="poly" id="edge70_Node000063_Node000023" title=" " alt="" coords="1011,766,1073,778,1144,799,1213,832,1245,853,1274,878,1305,915,1330,957,1349,1001,1365,1046,1384,1130,1392,1194,1387,1195,1379,1131,1359,1048,1344,1003,1325,959,1300,919,1270,882,1242,858,1211,837,1142,804,1072,783,1010,771"/>
 <area shape="poly" id="edge72_Node000067_Node000038" title=" " alt="" coords="1009,845,1038,858,1098,892,1149,925,1146,930,1095,896,1036,863,1007,850"/>
 </map>
diff --git a/pe__sieve__api_8cpp_ab5ff4b4b18f55c344f1b946b9d9eb47b_cgraph.png b/pe__sieve__api_8cpp_ab5ff4b4b18f55c344f1b946b9d9eb47b_cgraph.png
index a057de138..a560f7389 100644
Binary files a/pe__sieve__api_8cpp_ab5ff4b4b18f55c344f1b946b9d9eb47b_cgraph.png and b/pe__sieve__api_8cpp_ab5ff4b4b18f55c344f1b946b9d9eb47b_cgraph.png differ
diff --git a/scanner_8cpp_source.html b/scanner_8cpp_source.html
index e493f5895..97d3f51d6 100644
--- a/scanner_8cpp_source.html
+++ b/scanner_8cpp_source.html
@@ -717,8 +717,8 @@
 <div class="ttc" id="aclasspesieve_1_1_remote_module_data_html_a10f74dddd152a0895545bd68268da7ff"><div class="ttname"><a href="classpesieve_1_1_remote_module_data.html#a10f74dddd152a0895545bd68268da7ff">pesieve::RemoteModuleData::isInitialized</a></div><div class="ttdeci">bool isInitialized()</div><div class="ttdef"><b>Definition</b> <a href="module__data_8h_source.html#l00145">module_data.h:145</a></div></div>
 <div class="ttc" id="aclasspesieve_1_1_skipped_module_report_html"><div class="ttname"><a href="classpesieve_1_1_skipped_module_report.html">pesieve::SkippedModuleReport</a></div><div class="ttdef"><b>Definition</b> <a href="module__scan__report_8h_source.html#l00116">module_scan_report.h:117</a></div></div>
 <div class="ttc" id="aclasspesieve_1_1_thread_scan_report_html"><div class="ttname"><a href="classpesieve_1_1_thread_scan_report.html">pesieve::ThreadScanReport</a></div><div class="ttdoc">A report from the thread scan, generated by ThreadScanner.</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8h_source.html#l00014">thread_scanner.h:15</a></div></div>
-<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html">pesieve::ThreadScanner</a></div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8h_source.html#l00122">thread_scanner.h:122</a></div></div>
-<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_a23839353374eedcda7c92b0c7ce6b3bf"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#a23839353374eedcda7c92b0c7ce6b3bf">pesieve::ThreadScanner::scanRemote</a></div><div class="ttdeci">virtual ThreadScanReport * scanRemote()</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8cpp_source.html#l00398">thread_scanner.cpp:398</a></div></div>
+<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html">pesieve::ThreadScanner</a></div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8h_source.html#l00123">thread_scanner.h:123</a></div></div>
+<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_a23839353374eedcda7c92b0c7ce6b3bf"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#a23839353374eedcda7c92b0c7ce6b3bf">pesieve::ThreadScanner::scanRemote</a></div><div class="ttdeci">virtual ThreadScanReport * scanRemote()</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8cpp_source.html#l00399">thread_scanner.cpp:399</a></div></div>
 <div class="ttc" id="aclasspesieve_1_1_unreachable_module_report_html"><div class="ttname"><a href="classpesieve_1_1_unreachable_module_report.html">pesieve::UnreachableModuleReport</a></div><div class="ttdef"><b>Definition</b> <a href="module__scan__report_8h_source.html#l00096">module_scan_report.h:97</a></div></div>
 <div class="ttc" id="aclasspesieve_1_1_working_set_scan_report_html"><div class="ttname"><a href="classpesieve_1_1_working_set_scan_report.html">pesieve::WorkingSetScanReport</a></div><div class="ttdoc">A report from the working set scan, generated by WorkingSetScanner.</div><div class="ttdef"><b>Definition</b> <a href="workingset__scanner_8h_source.html#l00028">workingset_scanner.h:29</a></div></div>
 <div class="ttc" id="aclasspesieve_1_1_working_set_scan_report_html_a9167635c76bcba07d274133c8af95f17"><div class="ttname"><a href="classpesieve_1_1_working_set_scan_report.html#a9167635c76bcba07d274133c8af95f17">pesieve::WorkingSetScanReport::is_listed_module</a></div><div class="ttdeci">bool is_listed_module</div><div class="ttdef"><b>Definition</b> <a href="workingset__scanner_8h_source.html#l00097">workingset_scanner.h:97</a></div></div>
diff --git a/search/all_11.js b/search/all_11.js
index 211aba5ae..090d4a117 100644
--- a/search/all_11.js
+++ b/search/all_11.js
@@ -69,23 +69,22 @@ var searchData=
   ['results_5fdumper_2ecpp_66',['results_dumper.cpp',['../results__dumper_8cpp.html',1,'']]],
   ['results_5fdumper_2eh_67',['results_dumper.h',['../results__dumper_8h.html',1,'']]],
   ['resultsdumper_68',['ResultsDumper',['../classpesieve_1_1_results_dumper.html',1,'pesieve::ResultsDumper'],['../classpesieve_1_1_process_dump_report.html#a0e77b9b85b41616be4cfe0745cb94549',1,'pesieve::ProcessDumpReport::ResultsDumper'],['../classpesieve_1_1_process_scan_report.html#a0e77b9b85b41616be4cfe0745cb94549',1,'pesieve::ProcessScanReport::ResultsDumper'],['../classpesieve_1_1_results_dumper.html#a84cedbc87af0ee8b72f06fd7c6cb9b5a',1,'pesieve::ResultsDumper::ResultsDumper()']]],
-  ['ret_5faddr_69',['ret_addr',['../structpesieve_1_1__ctx__details.html#a4b5f5a030c362877e2772ab3493e0d6f',1,'pesieve::_ctx_details']]],
-  ['returned_5fhndl_70',['returned_hndl',['../structpesieve_1_1util_1_1t__refl__args.html#a2039cf10734a4e3f07e94e6068122729',1,'pesieve::util::t_refl_args']]],
-  ['returned_5fpid_71',['returned_pid',['../structpesieve_1_1util_1_1t__refl__args.html#a7e95cffd1d650f477bb1d64377f4f6d7',1,'pesieve::util::t_refl_args']]],
-  ['rip_72',['rip',['../structpesieve_1_1__ctx__details.html#a6dc0bc061045467c3d71b6644adf68b4',1,'pesieve::_ctx_details']]],
-  ['rsp_73',['rsp',['../structpesieve_1_1__ctx__details.html#ab19759b888e6034d29dcaf6cedeed9bd',1,'pesieve::_ctx_details']]],
-  ['rtl_5fclone_5fprocess_5fflags_5fcreate_5fsuspended_74',['RTL_CLONE_PROCESS_FLAGS_CREATE_SUSPENDED',['../process__reflection_8cpp.html#a32cecac9c7a7d39eb28c815e5cfae2f2',1,'process_reflection.cpp']]],
-  ['rtl_5fclone_5fprocess_5fflags_5finherit_5fhandles_75',['RTL_CLONE_PROCESS_FLAGS_INHERIT_HANDLES',['../process__reflection_8cpp.html#a82f1405153b8ad80df8c7398d29e19f5',1,'process_reflection.cpp']]],
-  ['rtl_5fclone_5fprocess_5fflags_5fno_5fsynchronize_76',['RTL_CLONE_PROCESS_FLAGS_NO_SYNCHRONIZE',['../process__reflection_8cpp.html#a9ebf762b1a1365370dcdf4d1258447d8',1,'process_reflection.cpp']]],
-  ['rtrim_77',['rtrim',['../namespacepesieve_1_1util.html#a31052004d33cccf72236cd5bd451fa91',1,'pesieve::util']]],
-  ['rule_5fcode_78',['RULE_CODE',['../classpesieve_1_1_rule_matcher.html#a4673a0acf40a39a008489e1d74bc0c6aa6007e2701ffdcbbf8520f4decb8bee61',1,'pesieve::RuleMatcher']]],
-  ['rule_5fencrypted_79',['RULE_ENCRYPTED',['../classpesieve_1_1_rule_matcher.html#a4673a0acf40a39a008489e1d74bc0c6aabc5eb54cc64621d0c03874dae1328fe2',1,'pesieve::RuleMatcher']]],
-  ['rule_5fnone_80',['RULE_NONE',['../classpesieve_1_1_rule_matcher.html#a4673a0acf40a39a008489e1d74bc0c6aaee38ad26682344d1747c15ac203dba27',1,'pesieve::RuleMatcher']]],
-  ['rule_5fobfuscated_81',['RULE_OBFUSCATED',['../classpesieve_1_1_rule_matcher.html#a4673a0acf40a39a008489e1d74bc0c6aaff6b2161fe8136ff7a7be0fd4cf37c31',1,'pesieve::RuleMatcher']]],
-  ['rule_5ftext_82',['RULE_TEXT',['../classpesieve_1_1_rule_matcher.html#a4673a0acf40a39a008489e1d74bc0c6aa6617b4261cc4bc38519dbfa7b5d708e7',1,'pesieve::RuleMatcher']]],
-  ['rulematcher_83',['RuleMatcher',['../classpesieve_1_1_rule_matcher.html',1,'pesieve::RuleMatcher'],['../classpesieve_1_1_rule_matcher.html#a977717986c584a95b87ffd73da2e8905',1,'pesieve::RuleMatcher::RuleMatcher()']]],
-  ['rulematchersset_84',['RuleMatchersSet',['../structpesieve_1_1_rule_matchers_set.html',1,'pesieve::RuleMatchersSet'],['../structpesieve_1_1_rule_matchers_set.html#aff5025d1a45e27e0f98cb4da745b3ff8',1,'pesieve::RuleMatchersSet::RuleMatchersSet()']]],
-  ['ruletype_85',['RuleType',['../classpesieve_1_1_rule_matcher.html#a4673a0acf40a39a008489e1d74bc0c6a',1,'pesieve::RuleMatcher']]],
-  ['rva_86',['rva',['../classpesieve_1_1_pe_section.html#abb3723c684e695788cedc1654463b409',1,'pesieve::PeSection']]],
-  ['rvatova_87',['rvaToVa',['../classpesieve_1_1_module_data.html#a1227c638b7039f75d3bf31b61fe13bf9',1,'pesieve::ModuleData']]]
+  ['returned_5fhndl_69',['returned_hndl',['../structpesieve_1_1util_1_1t__refl__args.html#a2039cf10734a4e3f07e94e6068122729',1,'pesieve::util::t_refl_args']]],
+  ['returned_5fpid_70',['returned_pid',['../structpesieve_1_1util_1_1t__refl__args.html#a7e95cffd1d650f477bb1d64377f4f6d7',1,'pesieve::util::t_refl_args']]],
+  ['rip_71',['rip',['../structpesieve_1_1__ctx__details.html#a6dc0bc061045467c3d71b6644adf68b4',1,'pesieve::_ctx_details']]],
+  ['rsp_72',['rsp',['../structpesieve_1_1__ctx__details.html#ab19759b888e6034d29dcaf6cedeed9bd',1,'pesieve::_ctx_details']]],
+  ['rtl_5fclone_5fprocess_5fflags_5fcreate_5fsuspended_73',['RTL_CLONE_PROCESS_FLAGS_CREATE_SUSPENDED',['../process__reflection_8cpp.html#a32cecac9c7a7d39eb28c815e5cfae2f2',1,'process_reflection.cpp']]],
+  ['rtl_5fclone_5fprocess_5fflags_5finherit_5fhandles_74',['RTL_CLONE_PROCESS_FLAGS_INHERIT_HANDLES',['../process__reflection_8cpp.html#a82f1405153b8ad80df8c7398d29e19f5',1,'process_reflection.cpp']]],
+  ['rtl_5fclone_5fprocess_5fflags_5fno_5fsynchronize_75',['RTL_CLONE_PROCESS_FLAGS_NO_SYNCHRONIZE',['../process__reflection_8cpp.html#a9ebf762b1a1365370dcdf4d1258447d8',1,'process_reflection.cpp']]],
+  ['rtrim_76',['rtrim',['../namespacepesieve_1_1util.html#a31052004d33cccf72236cd5bd451fa91',1,'pesieve::util']]],
+  ['rule_5fcode_77',['RULE_CODE',['../classpesieve_1_1_rule_matcher.html#a4673a0acf40a39a008489e1d74bc0c6aa6007e2701ffdcbbf8520f4decb8bee61',1,'pesieve::RuleMatcher']]],
+  ['rule_5fencrypted_78',['RULE_ENCRYPTED',['../classpesieve_1_1_rule_matcher.html#a4673a0acf40a39a008489e1d74bc0c6aabc5eb54cc64621d0c03874dae1328fe2',1,'pesieve::RuleMatcher']]],
+  ['rule_5fnone_79',['RULE_NONE',['../classpesieve_1_1_rule_matcher.html#a4673a0acf40a39a008489e1d74bc0c6aaee38ad26682344d1747c15ac203dba27',1,'pesieve::RuleMatcher']]],
+  ['rule_5fobfuscated_80',['RULE_OBFUSCATED',['../classpesieve_1_1_rule_matcher.html#a4673a0acf40a39a008489e1d74bc0c6aaff6b2161fe8136ff7a7be0fd4cf37c31',1,'pesieve::RuleMatcher']]],
+  ['rule_5ftext_81',['RULE_TEXT',['../classpesieve_1_1_rule_matcher.html#a4673a0acf40a39a008489e1d74bc0c6aa6617b4261cc4bc38519dbfa7b5d708e7',1,'pesieve::RuleMatcher']]],
+  ['rulematcher_82',['RuleMatcher',['../classpesieve_1_1_rule_matcher.html',1,'pesieve::RuleMatcher'],['../classpesieve_1_1_rule_matcher.html#a977717986c584a95b87ffd73da2e8905',1,'pesieve::RuleMatcher::RuleMatcher()']]],
+  ['rulematchersset_83',['RuleMatchersSet',['../structpesieve_1_1_rule_matchers_set.html',1,'pesieve::RuleMatchersSet'],['../structpesieve_1_1_rule_matchers_set.html#aff5025d1a45e27e0f98cb4da745b3ff8',1,'pesieve::RuleMatchersSet::RuleMatchersSet()']]],
+  ['ruletype_84',['RuleType',['../classpesieve_1_1_rule_matcher.html#a4673a0acf40a39a008489e1d74bc0c6a',1,'pesieve::RuleMatcher']]],
+  ['rva_85',['rva',['../classpesieve_1_1_pe_section.html#abb3723c684e695788cedc1654463b409',1,'pesieve::PeSection']]],
+  ['rvatova_86',['rvaToVa',['../classpesieve_1_1_module_data.html#a1227c638b7039f75d3bf31b61fe13bf9',1,'pesieve::ModuleData']]]
 ];
diff --git a/search/all_12.js b/search/all_12.js
index a37e85441..5b616b637 100644
--- a/search/all_12.js
+++ b/search/all_12.js
@@ -56,57 +56,58 @@ var searchData=
   ['setsuspicious_53',['setSuspicious',['../classpesieve_1_1_scanned_module.html#a1550cf5ee7a95ec2c1c17dc8627ad0bf',1,'pesieve::ScannedModule']]],
   ['settableinpe_54',['setTableInPe',['../classpesieve_1_1_import_table_buffer.html#abf53ddda82d5e91d4b9e1cf02b8043d6',1,'pesieve::ImportTableBuffer']]],
   ['settings_55',['settings',['../structpesieve_1_1_chunk_stats.html#a1268301237205e183a7fd2d097c70397',1,'pesieve::ChunkStats']]],
-  ['shellc_5fcount_56',['SHELLC_COUNT',['../classpesieve_1_1t__shellc__mode.html#abb24e6cbf35bbad15709d7b7c4d21c71',1,'pesieve.t_shellc_mode.SHELLC_COUNT'],['../pe__sieve__types_8h.html#a440fabe616455608f0c66f6e10116e49acb31dc14f5b66f4be2d4593cb10d3385',1,'SHELLC_COUNT:&#160;pe_sieve_types.h']]],
-  ['shellc_5fmode_5fmode_5fto_5fid_57',['shellc_mode_mode_to_id',['../namespacepesieve.html#a175ef72c9fd6303f190d564e65d9614a',1,'pesieve']]],
-  ['shellc_5fnone_58',['SHELLC_NONE',['../classpesieve_1_1t__shellc__mode.html#a7d4e9c7bdc63e28079f0a663287371aa',1,'pesieve.t_shellc_mode.SHELLC_NONE'],['../pe__sieve__types_8h.html#a440fabe616455608f0c66f6e10116e49a806397db03996a9ad3582b4a5249a6b5',1,'SHELLC_NONE:&#160;pe_sieve_types.h']]],
-  ['shellc_5fpatterns_59',['SHELLC_PATTERNS',['../classpesieve_1_1t__shellc__mode.html#a4371c512776afe9e6faeac818be15c14',1,'pesieve.t_shellc_mode.SHELLC_PATTERNS'],['../pe__sieve__types_8h.html#a440fabe616455608f0c66f6e10116e49af374abe8ac723478824a06eb79fd3edb',1,'SHELLC_PATTERNS:&#160;pe_sieve_types.h']]],
-  ['shellc_5fpatterns_5fand_5fstats_60',['SHELLC_PATTERNS_AND_STATS',['../classpesieve_1_1t__shellc__mode.html#a16c88cc8e50ca3b6a8e08942d93475f1',1,'pesieve.t_shellc_mode.SHELLC_PATTERNS_AND_STATS'],['../pe__sieve__types_8h.html#a440fabe616455608f0c66f6e10116e49ae9f1a1eb467fe09be5745826fcc96987',1,'SHELLC_PATTERNS_AND_STATS:&#160;pe_sieve_types.h']]],
-  ['shellc_5fpatterns_5for_5fstats_61',['SHELLC_PATTERNS_OR_STATS',['../classpesieve_1_1t__shellc__mode.html#a7ed46ef5720148741ee3d9d1f416694a',1,'pesieve.t_shellc_mode.SHELLC_PATTERNS_OR_STATS'],['../pe__sieve__types_8h.html#a440fabe616455608f0c66f6e10116e49ab0768291981a452e0e33c42a740b97ee',1,'SHELLC_PATTERNS_OR_STATS:&#160;pe_sieve_types.h']]],
-  ['shellc_5fstats_62',['SHELLC_STATS',['../classpesieve_1_1t__shellc__mode.html#a67ddfa30a058f878421d277af59fbf2e',1,'pesieve.t_shellc_mode.SHELLC_STATS'],['../pe__sieve__types_8h.html#a440fabe616455608f0c66f6e10116e49a49155121e3f2b030dde86a3d8ed80760',1,'SHELLC_STATS:&#160;pe_sieve_types.h']]],
-  ['shellcode_63',['shellcode',['../structparams.html#a5063529cd6e6950334929d22164d3868',1,'params::shellcode'],['../namespacedemo.html#a6cdb502544cf88590852419885d95c92',1,'demo.shellcode']]],
-  ['shift_5fartefacts_64',['shift_artefacts',['../namespacepesieve.html#ab28bfe1ca7dd95f63741ac0089f5343a',1,'pesieve']]],
-  ['shiftpeheader_65',['shiftPeHeader',['../classpesieve_1_1_pe_reconstructor.html#a071ac1f5f01c749bb92fd4ac93c13774',1,'pesieve::PeReconstructor']]],
-  ['should_5fscan_5fcontext_66',['should_scan_context',['../thread__scanner_8cpp.html#acde231c42b9527dcc026402dcb8b9d87',1,'thread_scanner.cpp']]],
-  ['shouldacceptexport_67',['shouldAcceptExport',['../classpesieve_1_1_thunk_found_callback.html#ab4301142df4586549b52c8ede3666eea',1,'pesieve::ThunkFoundCallback']]],
-  ['shouldprocessva_68',['shouldProcessVA',['../classpesieve_1_1_thunk_found_callback.html#a471618623bcca031182bed49c36db30e',1,'pesieve::ThunkFoundCallback']]],
-  ['size_69',['size',['../structpesieve_1_1_chunk_stats.html#a1a99134b17150d91a46a5a3a669063bc',1,'pesieve::ChunkStats::size'],['../structpesieve_1_1__t__pattern.html#a5f8a13e6e7fa8367d83bb9306ccca9d8',1,'pesieve::_t_pattern::size'],['../structpesieve_1_1util_1_1__mem__region__info.html#a5b8ade2cf0b8931e4f81b98ae2bfdac5',1,'pesieve::util::_mem_region_info::size'],['../classpesieve_1_1_patch_list.html#ab6fc10f0853f55604093c1b1d29d60df',1,'pesieve::PatchList::size()']]],
-  ['sizeofdllsspace_70',['sizeOfDllsSpace',['../classpesieve_1_1_i_a_t_block.html#ad2ec1f1e2e0c6934a497f6f4de19ed8e',1,'pesieve::IATBlock']]],
-  ['sizeofnamesspace_71',['sizeOfNamesSpace',['../classpesieve_1_1_i_a_t_thunks_series.html#ac6382d6ee5d6eae79c47e9ff6af8806b',1,'pesieve::IATThunksSeries']]],
-  ['skipped_72',['skipped',['../structreport.html#aa49ebcf3170fe05413a02a2af0ef5d9b',1,'report']]],
-  ['skippedmodulereport_73',['SkippedModuleReport',['../classpesieve_1_1_skipped_module_report.html',1,'pesieve::SkippedModuleReport'],['../classpesieve_1_1_skipped_module_report.html#a9fde7e6d86205f7d71394ad5f533df68',1,'pesieve::SkippedModuleReport::SkippedModuleReport()']]],
-  ['snapshothandle_74',['SnapshotHandle',['../namespacepesieve_1_1util.html#a6af9e73116d4d74647d319a492b721b0',1,'pesieve::util']]],
-  ['splitseries_75',['splitSeries',['../classpesieve_1_1_i_a_t_block.html#af25037eb1bb7ea83fa7e5a24807727d7',1,'pesieve::IATBlock']]],
-  ['stack_5fframe_76',['stack_frame',['../struct__t__stack__enum__params.html#afd374d69c557b225099cff673e6ab6d7',1,'_t_stack_enum_params']]],
-  ['stackframescount_77',['stackFramesCount',['../structpesieve_1_1__ctx__details.html#aabca56adbcd0155923d8e6b0e62599c5',1,'pesieve::_ctx_details']]],
-  ['start_78',['start',['../classpesieve_1_1_scanned_module.html#a1257d00fc075f58c68a2f2f3ee2580c3',1,'pesieve::ScannedModule']]],
-  ['start_5faddr_79',['start_addr',['../structpesieve_1_1util_1_1__thread__info.html#a2d408cca43d2e48530d63c394755e96b',1,'pesieve::util::_thread_info']]],
-  ['start_5fva_80',['start_va',['../classpesieve_1_1_mem_page_data.html#aa47136298a2aecc8cc011162cf7a0571',1,'pesieve::MemPageData']]],
-  ['startcontext_81',['StartContext',['../namespacepesieve_1_1util.html#a867430ba8efef3a8f89e826a34791db1',1,'pesieve::util']]],
-  ['startoffset_82',['startOffset',['../classpesieve_1_1_i_a_t_thunks_series.html#a2c8fb26493bbda8f2c53d4b28c19531a',1,'pesieve::IATThunksSeries']]],
-  ['startroutine_83',['StartRoutine',['../namespacepesieve_1_1util.html#a243a5bb6446feaa7c25fa56debfc0384',1,'pesieve::util']]],
-  ['startrva_84',['startRva',['../classpesieve_1_1_patch_list_1_1_patch.html#a7b946d650da353c56690ff150eb4a82c',1,'pesieve::PatchList::Patch']]],
-  ['state_85',['state',['../structpesieve_1_1util_1_1__thread__info__ext.html#a64f10518106ade775aecd7f5c2caaf65',1,'pesieve::util::_thread_info_ext']]],
-  ['stats_86',['stats',['../classpesieve_1_1_thread_scan_report.html#a00f0b36826c124dc6be154f0cdeb7f83',1,'pesieve::ThreadScanReport::stats'],['../classpesieve_1_1_working_set_scan_report.html#a2b63bfed29add17e9db10f21936cedc0',1,'pesieve::WorkingSetScanReport::stats']]],
-  ['stats_2eh_87',['stats.h',['../stats_8h.html',1,'']]],
-  ['stats_5fanalyzer_2ecpp_88',['stats_analyzer.cpp',['../stats__analyzer_8cpp.html',1,'']]],
-  ['stats_5fanalyzer_2eh_89',['stats_analyzer.h',['../stats__analyzer_8h.html',1,'']]],
-  ['stats_5futil_2eh_90',['stats_util.h',['../stats__util_8h.html',1,'']]],
-  ['statssettings_91',['StatsSettings',['../structpesieve_1_1_stats_settings.html',1,'pesieve::StatsSettings'],['../structpesieve_1_1_stats_settings.html#a6cc87183e4f04394819667bd2acc00ac',1,'pesieve::StatsSettings::StatsSettings()']]],
-  ['status_92',['status',['../classpesieve_1_1_module_scan_report.html#a10b0bdf16cb9e7af32e1ab9b35532f68',1,'pesieve::ModuleScanReport']]],
-  ['std_5fdev_5fcalc_2eh_93',['std_dev_calc.h',['../std__dev__calc_8h.html',1,'']]],
-  ['stddeviationcalc_94',['StdDeviationCalc',['../classpesieve_1_1stats_1_1_std_deviation_calc.html',1,'pesieve::stats::StdDeviationCalc'],['../classpesieve_1_1stats_1_1_std_deviation_calc.html#a4ec518e853777eb643d82926f0ad6c70',1,'pesieve::stats::StdDeviationCalc::StdDeviationCalc()']]],
-  ['stop_5fva_95',['stop_va',['../classpesieve_1_1_mem_page_data.html#a7c151bd819b2444eb7e93c92fcd4f8ce',1,'pesieve::MemPageData']]],
-  ['storedfunc_96',['storedFunc',['../classpesieve_1_1_i_a_t_scan_report.html#a7a631d5a508e52d214764f5d25490b2e',1,'pesieve::IATScanReport']]],
-  ['string_5fto_5flist_97',['string_to_list',['../namespacepesieve_1_1util.html#a6bf8eed39c860ca4caf8dc081b57529e',1,'pesieve::util']]],
-  ['strings_5futil_2ecpp_98',['strings_util.cpp',['../strings__util_8cpp.html',1,'']]],
-  ['strings_5futil_2eh_99',['strings_util.h',['../strings__util_8h.html',1,'']]],
-  ['stringscount_100',['stringsCount',['../structpesieve_1_1_chunk_stats.html#a41e1a3748f347a69f1db454cb3dd2651',1,'pesieve::ChunkStats']]],
-  ['strip_5fprefix_101',['strip_prefix',['../namespacepesieve_1_1util.html#a2d19e21063f990f24ceea5c64d452cfc',1,'pesieve::util']]],
-  ['summarize_102',['summarize',['../classpesieve_1_1_area_entropy_stats.html#a55525d7498ddf04738ce1fac9332be3f',1,'pesieve::AreaEntropyStats::summarize()'],['../structpesieve_1_1_chunk_stats.html#ac68e19c8316bf003c2fbdea739176001',1,'pesieve::ChunkStats::summarize()'],['../classpesieve_1_1_area_multi_stats.html#adc0566558c7de4604692be9fec9ba0e3',1,'pesieve::AreaMultiStats::summarize()'],['../classpesieve_1_1_area_stats.html#a5b449d535857a37328518f752ab2f610',1,'pesieve::AreaStats::summarize()']]],
-  ['susp_5faddr_103',['susp_addr',['../classpesieve_1_1_thread_scan_report.html#a5a930aaa32e9de46d95b25018a373cbc',1,'pesieve::ThreadScanReport']]],
-  ['suspicious_104',['suspicious',['../structreport.html#a5ee5e4dbcf6777455b2b32b1529d4980',1,'report']]],
-  ['switchtowow64path_105',['switchToWow64Path',['../classpesieve_1_1_module_data.html#a2e919f44d71aad97bb40a77086c28e7b',1,'pesieve::ModuleData']]],
-  ['symbols_106',['symbols',['../classpesieve_1_1_process_scanner.html#ac9a6ee9cd3632a5ccd3f03742700959f',1,'pesieve::ProcessScanner::symbols'],['../classpesieve_1_1_thread_scanner.html#ad455f81b20ec49dc2968d6f2db67ae13',1,'pesieve::ThreadScanner::symbols']]],
-  ['sys_5fstart_5faddr_107',['sys_start_addr',['../structpesieve_1_1util_1_1__thread__info__ext.html#a015d9ec862bebffabeeea74cc94c6c03',1,'pesieve::util::_thread_info_ext']]],
-  ['szmodname_108',['szModName',['../classpesieve_1_1_module_data.html#ab7463bd2db1ce6343e1be66600c48cd8',1,'pesieve::ModuleData']]]
+  ['shccandidates_56',['shcCandidates',['../structpesieve_1_1__ctx__details.html#a44ca7a32918f0eab5a8d9cf14080e0c0',1,'pesieve::_ctx_details']]],
+  ['shellc_5fcount_57',['SHELLC_COUNT',['../classpesieve_1_1t__shellc__mode.html#abb24e6cbf35bbad15709d7b7c4d21c71',1,'pesieve.t_shellc_mode.SHELLC_COUNT'],['../pe__sieve__types_8h.html#a440fabe616455608f0c66f6e10116e49acb31dc14f5b66f4be2d4593cb10d3385',1,'SHELLC_COUNT:&#160;pe_sieve_types.h']]],
+  ['shellc_5fmode_5fmode_5fto_5fid_58',['shellc_mode_mode_to_id',['../namespacepesieve.html#a175ef72c9fd6303f190d564e65d9614a',1,'pesieve']]],
+  ['shellc_5fnone_59',['SHELLC_NONE',['../classpesieve_1_1t__shellc__mode.html#a7d4e9c7bdc63e28079f0a663287371aa',1,'pesieve.t_shellc_mode.SHELLC_NONE'],['../pe__sieve__types_8h.html#a440fabe616455608f0c66f6e10116e49a806397db03996a9ad3582b4a5249a6b5',1,'SHELLC_NONE:&#160;pe_sieve_types.h']]],
+  ['shellc_5fpatterns_60',['SHELLC_PATTERNS',['../classpesieve_1_1t__shellc__mode.html#a4371c512776afe9e6faeac818be15c14',1,'pesieve.t_shellc_mode.SHELLC_PATTERNS'],['../pe__sieve__types_8h.html#a440fabe616455608f0c66f6e10116e49af374abe8ac723478824a06eb79fd3edb',1,'SHELLC_PATTERNS:&#160;pe_sieve_types.h']]],
+  ['shellc_5fpatterns_5fand_5fstats_61',['SHELLC_PATTERNS_AND_STATS',['../classpesieve_1_1t__shellc__mode.html#a16c88cc8e50ca3b6a8e08942d93475f1',1,'pesieve.t_shellc_mode.SHELLC_PATTERNS_AND_STATS'],['../pe__sieve__types_8h.html#a440fabe616455608f0c66f6e10116e49ae9f1a1eb467fe09be5745826fcc96987',1,'SHELLC_PATTERNS_AND_STATS:&#160;pe_sieve_types.h']]],
+  ['shellc_5fpatterns_5for_5fstats_62',['SHELLC_PATTERNS_OR_STATS',['../classpesieve_1_1t__shellc__mode.html#a7ed46ef5720148741ee3d9d1f416694a',1,'pesieve.t_shellc_mode.SHELLC_PATTERNS_OR_STATS'],['../pe__sieve__types_8h.html#a440fabe616455608f0c66f6e10116e49ab0768291981a452e0e33c42a740b97ee',1,'SHELLC_PATTERNS_OR_STATS:&#160;pe_sieve_types.h']]],
+  ['shellc_5fstats_63',['SHELLC_STATS',['../classpesieve_1_1t__shellc__mode.html#a67ddfa30a058f878421d277af59fbf2e',1,'pesieve.t_shellc_mode.SHELLC_STATS'],['../pe__sieve__types_8h.html#a440fabe616455608f0c66f6e10116e49a49155121e3f2b030dde86a3d8ed80760',1,'SHELLC_STATS:&#160;pe_sieve_types.h']]],
+  ['shellcode_64',['shellcode',['../structparams.html#a5063529cd6e6950334929d22164d3868',1,'params::shellcode'],['../namespacedemo.html#a6cdb502544cf88590852419885d95c92',1,'demo.shellcode']]],
+  ['shift_5fartefacts_65',['shift_artefacts',['../namespacepesieve.html#ab28bfe1ca7dd95f63741ac0089f5343a',1,'pesieve']]],
+  ['shiftpeheader_66',['shiftPeHeader',['../classpesieve_1_1_pe_reconstructor.html#a071ac1f5f01c749bb92fd4ac93c13774',1,'pesieve::PeReconstructor']]],
+  ['should_5fscan_5fcontext_67',['should_scan_context',['../thread__scanner_8cpp.html#acde231c42b9527dcc026402dcb8b9d87',1,'thread_scanner.cpp']]],
+  ['shouldacceptexport_68',['shouldAcceptExport',['../classpesieve_1_1_thunk_found_callback.html#ab4301142df4586549b52c8ede3666eea',1,'pesieve::ThunkFoundCallback']]],
+  ['shouldprocessva_69',['shouldProcessVA',['../classpesieve_1_1_thunk_found_callback.html#a471618623bcca031182bed49c36db30e',1,'pesieve::ThunkFoundCallback']]],
+  ['size_70',['size',['../structpesieve_1_1_chunk_stats.html#a1a99134b17150d91a46a5a3a669063bc',1,'pesieve::ChunkStats::size'],['../structpesieve_1_1__t__pattern.html#a5f8a13e6e7fa8367d83bb9306ccca9d8',1,'pesieve::_t_pattern::size'],['../structpesieve_1_1util_1_1__mem__region__info.html#a5b8ade2cf0b8931e4f81b98ae2bfdac5',1,'pesieve::util::_mem_region_info::size'],['../classpesieve_1_1_patch_list.html#ab6fc10f0853f55604093c1b1d29d60df',1,'pesieve::PatchList::size()']]],
+  ['sizeofdllsspace_71',['sizeOfDllsSpace',['../classpesieve_1_1_i_a_t_block.html#ad2ec1f1e2e0c6934a497f6f4de19ed8e',1,'pesieve::IATBlock']]],
+  ['sizeofnamesspace_72',['sizeOfNamesSpace',['../classpesieve_1_1_i_a_t_thunks_series.html#ac6382d6ee5d6eae79c47e9ff6af8806b',1,'pesieve::IATThunksSeries']]],
+  ['skipped_73',['skipped',['../structreport.html#aa49ebcf3170fe05413a02a2af0ef5d9b',1,'report']]],
+  ['skippedmodulereport_74',['SkippedModuleReport',['../classpesieve_1_1_skipped_module_report.html',1,'pesieve::SkippedModuleReport'],['../classpesieve_1_1_skipped_module_report.html#a9fde7e6d86205f7d71394ad5f533df68',1,'pesieve::SkippedModuleReport::SkippedModuleReport()']]],
+  ['snapshothandle_75',['SnapshotHandle',['../namespacepesieve_1_1util.html#a6af9e73116d4d74647d319a492b721b0',1,'pesieve::util']]],
+  ['splitseries_76',['splitSeries',['../classpesieve_1_1_i_a_t_block.html#af25037eb1bb7ea83fa7e5a24807727d7',1,'pesieve::IATBlock']]],
+  ['stack_5fframe_77',['stack_frame',['../struct__t__stack__enum__params.html#afd374d69c557b225099cff673e6ab6d7',1,'_t_stack_enum_params']]],
+  ['stackframescount_78',['stackFramesCount',['../structpesieve_1_1__ctx__details.html#aabca56adbcd0155923d8e6b0e62599c5',1,'pesieve::_ctx_details']]],
+  ['start_79',['start',['../classpesieve_1_1_scanned_module.html#a1257d00fc075f58c68a2f2f3ee2580c3',1,'pesieve::ScannedModule']]],
+  ['start_5faddr_80',['start_addr',['../structpesieve_1_1util_1_1__thread__info.html#a2d408cca43d2e48530d63c394755e96b',1,'pesieve::util::_thread_info']]],
+  ['start_5fva_81',['start_va',['../classpesieve_1_1_mem_page_data.html#aa47136298a2aecc8cc011162cf7a0571',1,'pesieve::MemPageData']]],
+  ['startcontext_82',['StartContext',['../namespacepesieve_1_1util.html#a867430ba8efef3a8f89e826a34791db1',1,'pesieve::util']]],
+  ['startoffset_83',['startOffset',['../classpesieve_1_1_i_a_t_thunks_series.html#a2c8fb26493bbda8f2c53d4b28c19531a',1,'pesieve::IATThunksSeries']]],
+  ['startroutine_84',['StartRoutine',['../namespacepesieve_1_1util.html#a243a5bb6446feaa7c25fa56debfc0384',1,'pesieve::util']]],
+  ['startrva_85',['startRva',['../classpesieve_1_1_patch_list_1_1_patch.html#a7b946d650da353c56690ff150eb4a82c',1,'pesieve::PatchList::Patch']]],
+  ['state_86',['state',['../structpesieve_1_1util_1_1__thread__info__ext.html#a64f10518106ade775aecd7f5c2caaf65',1,'pesieve::util::_thread_info_ext']]],
+  ['stats_87',['stats',['../classpesieve_1_1_thread_scan_report.html#a00f0b36826c124dc6be154f0cdeb7f83',1,'pesieve::ThreadScanReport::stats'],['../classpesieve_1_1_working_set_scan_report.html#a2b63bfed29add17e9db10f21936cedc0',1,'pesieve::WorkingSetScanReport::stats']]],
+  ['stats_2eh_88',['stats.h',['../stats_8h.html',1,'']]],
+  ['stats_5fanalyzer_2ecpp_89',['stats_analyzer.cpp',['../stats__analyzer_8cpp.html',1,'']]],
+  ['stats_5fanalyzer_2eh_90',['stats_analyzer.h',['../stats__analyzer_8h.html',1,'']]],
+  ['stats_5futil_2eh_91',['stats_util.h',['../stats__util_8h.html',1,'']]],
+  ['statssettings_92',['StatsSettings',['../structpesieve_1_1_stats_settings.html',1,'pesieve::StatsSettings'],['../structpesieve_1_1_stats_settings.html#a6cc87183e4f04394819667bd2acc00ac',1,'pesieve::StatsSettings::StatsSettings()']]],
+  ['status_93',['status',['../classpesieve_1_1_module_scan_report.html#a10b0bdf16cb9e7af32e1ab9b35532f68',1,'pesieve::ModuleScanReport']]],
+  ['std_5fdev_5fcalc_2eh_94',['std_dev_calc.h',['../std__dev__calc_8h.html',1,'']]],
+  ['stddeviationcalc_95',['StdDeviationCalc',['../classpesieve_1_1stats_1_1_std_deviation_calc.html',1,'pesieve::stats::StdDeviationCalc'],['../classpesieve_1_1stats_1_1_std_deviation_calc.html#a4ec518e853777eb643d82926f0ad6c70',1,'pesieve::stats::StdDeviationCalc::StdDeviationCalc()']]],
+  ['stop_5fva_96',['stop_va',['../classpesieve_1_1_mem_page_data.html#a7c151bd819b2444eb7e93c92fcd4f8ce',1,'pesieve::MemPageData']]],
+  ['storedfunc_97',['storedFunc',['../classpesieve_1_1_i_a_t_scan_report.html#a7a631d5a508e52d214764f5d25490b2e',1,'pesieve::IATScanReport']]],
+  ['string_5fto_5flist_98',['string_to_list',['../namespacepesieve_1_1util.html#a6bf8eed39c860ca4caf8dc081b57529e',1,'pesieve::util']]],
+  ['strings_5futil_2ecpp_99',['strings_util.cpp',['../strings__util_8cpp.html',1,'']]],
+  ['strings_5futil_2eh_100',['strings_util.h',['../strings__util_8h.html',1,'']]],
+  ['stringscount_101',['stringsCount',['../structpesieve_1_1_chunk_stats.html#a41e1a3748f347a69f1db454cb3dd2651',1,'pesieve::ChunkStats']]],
+  ['strip_5fprefix_102',['strip_prefix',['../namespacepesieve_1_1util.html#a2d19e21063f990f24ceea5c64d452cfc',1,'pesieve::util']]],
+  ['summarize_103',['summarize',['../classpesieve_1_1_area_entropy_stats.html#a55525d7498ddf04738ce1fac9332be3f',1,'pesieve::AreaEntropyStats::summarize()'],['../structpesieve_1_1_chunk_stats.html#ac68e19c8316bf003c2fbdea739176001',1,'pesieve::ChunkStats::summarize()'],['../classpesieve_1_1_area_multi_stats.html#adc0566558c7de4604692be9fec9ba0e3',1,'pesieve::AreaMultiStats::summarize()'],['../classpesieve_1_1_area_stats.html#a5b449d535857a37328518f752ab2f610',1,'pesieve::AreaStats::summarize()']]],
+  ['susp_5faddr_104',['susp_addr',['../classpesieve_1_1_thread_scan_report.html#a5a930aaa32e9de46d95b25018a373cbc',1,'pesieve::ThreadScanReport']]],
+  ['suspicious_105',['suspicious',['../structreport.html#a5ee5e4dbcf6777455b2b32b1529d4980',1,'report']]],
+  ['switchtowow64path_106',['switchToWow64Path',['../classpesieve_1_1_module_data.html#a2e919f44d71aad97bb40a77086c28e7b',1,'pesieve::ModuleData']]],
+  ['symbols_107',['symbols',['../classpesieve_1_1_process_scanner.html#ac9a6ee9cd3632a5ccd3f03742700959f',1,'pesieve::ProcessScanner::symbols'],['../classpesieve_1_1_thread_scanner.html#ad455f81b20ec49dc2968d6f2db67ae13',1,'pesieve::ThreadScanner::symbols']]],
+  ['sys_5fstart_5faddr_108',['sys_start_addr',['../structpesieve_1_1util_1_1__thread__info__ext.html#a015d9ec862bebffabeeea74cc94c6c03',1,'pesieve::util::_thread_info_ext']]],
+  ['szmodname_109',['szModName',['../classpesieve_1_1_module_data.html#ab7463bd2db1ce6343e1be66600c48cd8',1,'pesieve::ModuleData']]]
 ];
diff --git a/search/all_b.js b/search/all_b.js
index 22a7a3c31..6c092bcdd 100644
--- a/search/all_b.js
+++ b/search/all_b.js
@@ -1,33 +1,34 @@
 var searchData=
 [
-  ['laststr_0',['lastStr',['../structpesieve_1_1_chunk_stats.html#aa3dd6619cda8fd6d7e6a0471a2ab9c26',1,'pesieve::ChunkStats']]],
-  ['lastusage_1',['lastUsage',['../structpesieve_1_1_cached_module.html#ac346042e22490dec922835547a992e05',1,'pesieve::CachedModule']]],
-  ['length_2',['length',['../struct___p_a_r_a_m___s_t_r_i_n_g.html#a7996767bb0f2ac6ccfc42d6ddb210bcf',1,'_PARAM_STRING::length'],['../namespacedemo.html#abc3711f6440e69ac690f99e61099b9d2',1,'demo.length']]],
-  ['lib_3',['lib',['../namespacepesieve.html#aca0538d4001454cd1ec5d9c2df390ac8',1,'pesieve']]],
-  ['lib_5fname_4',['LIB_NAME',['../pe__sieve__api_8cpp.html#a6e43beaa714b1bf01ce2271440786e38',1,'pe_sieve_api.cpp']]],
-  ['list_5fdumped_5fmodules_5',['list_dumped_modules',['../classpesieve_1_1_process_dump_report.html#a849cea7d3ce9eb54d1e405f35ded482c',1,'pesieve::ProcessDumpReport']]],
-  ['listmodules_6',['listModules',['../classpesieve_1_1_process_scan_report.html#afea529d36f778ea890c8c347cec57c9f',1,'pesieve::ProcessScanReport']]],
-  ['load_7',['load',['../classpesieve_1_1_mem_page_data.html#a01d3a9dc59b2965fa6defbc4dfda8524',1,'pesieve::MemPageData']]],
-  ['load_5fminidumpwritedump_8',['load_MiniDumpWriteDump',['../namespacepesieve_1_1util.html#a457aa5b713197197b574a0ab8c64555b',1,'pesieve::util']]],
-  ['load_5fpsscapturefreesnapshot_9',['load_PssCaptureFreeSnapshot',['../namespacepesieve_1_1util.html#aefec5a38617d857c79158986bf31e35d',1,'pesieve::util']]],
-  ['load_5frtlcreateprocessreflection_10',['load_RtlCreateProcessReflection',['../namespacepesieve_1_1util.html#aaa37231fc8a56358e0bc48341ac002f5',1,'pesieve::util']]],
-  ['loadcached_11',['loadCached',['../classpesieve_1_1_modules_cache.html#a9d5758c091cc26b610b52ce5b6db5207',1,'pesieve::ModulesCache']]],
-  ['loadeddata_12',['loadedData',['../classpesieve_1_1_mem_page_data.html#a1a846ed452227d685a50a72ea516d0f9',1,'pesieve::MemPageData']]],
-  ['loadedsection_13',['loadedSection',['../classpesieve_1_1_pe_section.html#a81b7086cb5282d2a4fbd7f31353d144e',1,'pesieve::PeSection']]],
-  ['loadedsize_14',['loadedSize',['../classpesieve_1_1_pe_section.html#a45e6b2d32b562e2feb8cd5bb33ac6eb2',1,'pesieve::PeSection']]],
-  ['loadfullimage_15',['loadFullImage',['../classpesieve_1_1_remote_module_data.html#aae5bff1125a636a7faf7052ae32169e4',1,'pesieve::RemoteModuleData']]],
-  ['loadheader_16',['loadHeader',['../classpesieve_1_1_remote_module_data.html#a457911397fddaf4d660cf8330a00bb20',1,'pesieve::RemoteModuleData']]],
-  ['loadimportslist_17',['loadImportsList',['../classpesieve_1_1_module_data.html#acad74839a2978c3465c09bb93a3a2dc5',1,'pesieve::ModuleData::loadImportsList()'],['../classpesieve_1_1_remote_module_data.html#a4a7d767d81581e48f429f57286462406',1,'pesieve::RemoteModuleData::loadImportsList()']]],
-  ['loadimportthunks_18',['loadImportThunks',['../classpesieve_1_1_module_data.html#af0313c259e26056468c62b7b0aee5399',1,'pesieve::ModuleData']]],
-  ['loadmappedname_19',['loadMappedName',['../classpesieve_1_1_mem_page_data.html#a0b0278c8ee2cd31e5d36cec1a08edeef',1,'pesieve::MemPageData']]],
-  ['loadmodulename_20',['loadModuleName',['../classpesieve_1_1_mem_page_data.html#a683ee088e6b736f33491d54243a5b6a4',1,'pesieve::MemPageData::loadModuleName()'],['../classpesieve_1_1_module_data.html#afe5c22949731e3387a32ce58d241df1c',1,'pesieve::ModuleData::loadModuleName()']]],
-  ['loadoriginal_21',['loadOriginal',['../classpesieve_1_1_module_data.html#a729adaeb197b9f1415ff35e98e24c203',1,'pesieve::ModuleData::loadOriginal()'],['../classpesieve_1_1_pe_section.html#ae0525b58e8fd1eb8426d5eb2ebe1d278',1,'pesieve::PeSection::loadOriginal()']]],
-  ['loadpatternfile_22',['loadPatternFile',['../classpesieve_1_1_pattern_matcher.html#a3eea8c3106af7207969fab70f2176844',1,'pesieve::PatternMatcher']]],
-  ['loadrelocatedfields_23',['loadRelocatedFields',['../classpesieve_1_1_module_data.html#a561bfce148fdcf705144537fa2739bc2',1,'pesieve::ModuleData']]],
-  ['loadremote_24',['loadRemote',['../classpesieve_1_1_pe_section.html#a2431e70802f32bfec22c3bf23a7a79d2',1,'pesieve::PeSection']]],
-  ['lock_25',['Lock',['../structpesieve_1_1util_1_1_mutex.html#a1d253302cb2cda6c5ea0b76192cd9e2f',1,'pesieve::util::Mutex']]],
-  ['long_5fpath_5fprefix_26',['LONG_PATH_PREFIX',['../path__converter_8cpp.html#a10ada049714deddcb7c882a173f62999',1,'path_converter.cpp']]],
-  ['longeststr_27',['longestStr',['../structpesieve_1_1_chunk_stats.html#a5a4a7722c336a239ceed6a087740936c',1,'pesieve::ChunkStats']]],
-  ['lpcontext_28',['lpContext',['../namespacepesieve_1_1util.html#a474e517f22ad667eca359f745537886b',1,'pesieve::util']]],
-  ['ltrim_29',['ltrim',['../namespacepesieve_1_1util.html#a0436803ad7df590457409147fa98fb1e',1,'pesieve::util']]]
+  ['last_5fret_0',['last_ret',['../structpesieve_1_1__ctx__details.html#a98c61b583bcc9251354d2e199b1c5523',1,'pesieve::_ctx_details']]],
+  ['laststr_1',['lastStr',['../structpesieve_1_1_chunk_stats.html#aa3dd6619cda8fd6d7e6a0471a2ab9c26',1,'pesieve::ChunkStats']]],
+  ['lastusage_2',['lastUsage',['../structpesieve_1_1_cached_module.html#ac346042e22490dec922835547a992e05',1,'pesieve::CachedModule']]],
+  ['length_3',['length',['../struct___p_a_r_a_m___s_t_r_i_n_g.html#a7996767bb0f2ac6ccfc42d6ddb210bcf',1,'_PARAM_STRING::length'],['../namespacedemo.html#abc3711f6440e69ac690f99e61099b9d2',1,'demo.length']]],
+  ['lib_4',['lib',['../namespacepesieve.html#aca0538d4001454cd1ec5d9c2df390ac8',1,'pesieve']]],
+  ['lib_5fname_5',['LIB_NAME',['../pe__sieve__api_8cpp.html#a6e43beaa714b1bf01ce2271440786e38',1,'pe_sieve_api.cpp']]],
+  ['list_5fdumped_5fmodules_6',['list_dumped_modules',['../classpesieve_1_1_process_dump_report.html#a849cea7d3ce9eb54d1e405f35ded482c',1,'pesieve::ProcessDumpReport']]],
+  ['listmodules_7',['listModules',['../classpesieve_1_1_process_scan_report.html#afea529d36f778ea890c8c347cec57c9f',1,'pesieve::ProcessScanReport']]],
+  ['load_8',['load',['../classpesieve_1_1_mem_page_data.html#a01d3a9dc59b2965fa6defbc4dfda8524',1,'pesieve::MemPageData']]],
+  ['load_5fminidumpwritedump_9',['load_MiniDumpWriteDump',['../namespacepesieve_1_1util.html#a457aa5b713197197b574a0ab8c64555b',1,'pesieve::util']]],
+  ['load_5fpsscapturefreesnapshot_10',['load_PssCaptureFreeSnapshot',['../namespacepesieve_1_1util.html#aefec5a38617d857c79158986bf31e35d',1,'pesieve::util']]],
+  ['load_5frtlcreateprocessreflection_11',['load_RtlCreateProcessReflection',['../namespacepesieve_1_1util.html#aaa37231fc8a56358e0bc48341ac002f5',1,'pesieve::util']]],
+  ['loadcached_12',['loadCached',['../classpesieve_1_1_modules_cache.html#a9d5758c091cc26b610b52ce5b6db5207',1,'pesieve::ModulesCache']]],
+  ['loadeddata_13',['loadedData',['../classpesieve_1_1_mem_page_data.html#a1a846ed452227d685a50a72ea516d0f9',1,'pesieve::MemPageData']]],
+  ['loadedsection_14',['loadedSection',['../classpesieve_1_1_pe_section.html#a81b7086cb5282d2a4fbd7f31353d144e',1,'pesieve::PeSection']]],
+  ['loadedsize_15',['loadedSize',['../classpesieve_1_1_pe_section.html#a45e6b2d32b562e2feb8cd5bb33ac6eb2',1,'pesieve::PeSection']]],
+  ['loadfullimage_16',['loadFullImage',['../classpesieve_1_1_remote_module_data.html#aae5bff1125a636a7faf7052ae32169e4',1,'pesieve::RemoteModuleData']]],
+  ['loadheader_17',['loadHeader',['../classpesieve_1_1_remote_module_data.html#a457911397fddaf4d660cf8330a00bb20',1,'pesieve::RemoteModuleData']]],
+  ['loadimportslist_18',['loadImportsList',['../classpesieve_1_1_module_data.html#acad74839a2978c3465c09bb93a3a2dc5',1,'pesieve::ModuleData::loadImportsList()'],['../classpesieve_1_1_remote_module_data.html#a4a7d767d81581e48f429f57286462406',1,'pesieve::RemoteModuleData::loadImportsList()']]],
+  ['loadimportthunks_19',['loadImportThunks',['../classpesieve_1_1_module_data.html#af0313c259e26056468c62b7b0aee5399',1,'pesieve::ModuleData']]],
+  ['loadmappedname_20',['loadMappedName',['../classpesieve_1_1_mem_page_data.html#a0b0278c8ee2cd31e5d36cec1a08edeef',1,'pesieve::MemPageData']]],
+  ['loadmodulename_21',['loadModuleName',['../classpesieve_1_1_mem_page_data.html#a683ee088e6b736f33491d54243a5b6a4',1,'pesieve::MemPageData::loadModuleName()'],['../classpesieve_1_1_module_data.html#afe5c22949731e3387a32ce58d241df1c',1,'pesieve::ModuleData::loadModuleName()']]],
+  ['loadoriginal_22',['loadOriginal',['../classpesieve_1_1_module_data.html#a729adaeb197b9f1415ff35e98e24c203',1,'pesieve::ModuleData::loadOriginal()'],['../classpesieve_1_1_pe_section.html#ae0525b58e8fd1eb8426d5eb2ebe1d278',1,'pesieve::PeSection::loadOriginal()']]],
+  ['loadpatternfile_23',['loadPatternFile',['../classpesieve_1_1_pattern_matcher.html#a3eea8c3106af7207969fab70f2176844',1,'pesieve::PatternMatcher']]],
+  ['loadrelocatedfields_24',['loadRelocatedFields',['../classpesieve_1_1_module_data.html#a561bfce148fdcf705144537fa2739bc2',1,'pesieve::ModuleData']]],
+  ['loadremote_25',['loadRemote',['../classpesieve_1_1_pe_section.html#a2431e70802f32bfec22c3bf23a7a79d2',1,'pesieve::PeSection']]],
+  ['lock_26',['Lock',['../structpesieve_1_1util_1_1_mutex.html#a1d253302cb2cda6c5ea0b76192cd9e2f',1,'pesieve::util::Mutex']]],
+  ['long_5fpath_5fprefix_27',['LONG_PATH_PREFIX',['../path__converter_8cpp.html#a10ada049714deddcb7c882a173f62999',1,'path_converter.cpp']]],
+  ['longeststr_28',['longestStr',['../structpesieve_1_1_chunk_stats.html#a5a4a7722c336a239ceed6a087740936c',1,'pesieve::ChunkStats']]],
+  ['lpcontext_29',['lpContext',['../namespacepesieve_1_1util.html#a474e517f22ad667eca359f745537886b',1,'pesieve::util']]],
+  ['ltrim_30',['ltrim',['../namespacepesieve_1_1util.html#a0436803ad7df590457409147fa98fb1e',1,'pesieve::util']]]
 ];
diff --git a/search/variables_11.js b/search/variables_11.js
index 8697c2a11..a218f74b0 100644
--- a/search/variables_11.js
+++ b/search/variables_11.js
@@ -24,10 +24,9 @@ var searchData=
   ['report_5fnone_21',['REPORT_NONE',['../classpesieve_1_1t__report__type.html#a5e5ae97a231a29dab3433dab0fcb3039',1,'pesieve::t_report_type']]],
   ['report_5fscanned_22',['REPORT_SCANNED',['../classpesieve_1_1t__report__type.html#a33b01a2ea93a8cd6dec70841f1320929',1,'pesieve::t_report_type']]],
   ['reportsbytype_23',['reportsByType',['../classpesieve_1_1_process_scan_report.html#a85b6e8a39ec43b08a4f534dbd3f0589e',1,'pesieve::ProcessScanReport']]],
-  ['ret_5faddr_24',['ret_addr',['../structpesieve_1_1__ctx__details.html#a4b5f5a030c362877e2772ab3493e0d6f',1,'pesieve::_ctx_details']]],
-  ['returned_5fhndl_25',['returned_hndl',['../structpesieve_1_1util_1_1t__refl__args.html#a2039cf10734a4e3f07e94e6068122729',1,'pesieve::util::t_refl_args']]],
-  ['returned_5fpid_26',['returned_pid',['../structpesieve_1_1util_1_1t__refl__args.html#a7e95cffd1d650f477bb1d64377f4f6d7',1,'pesieve::util::t_refl_args']]],
-  ['rip_27',['rip',['../structpesieve_1_1__ctx__details.html#a6dc0bc061045467c3d71b6644adf68b4',1,'pesieve::_ctx_details']]],
-  ['rsp_28',['rsp',['../structpesieve_1_1__ctx__details.html#ab19759b888e6034d29dcaf6cedeed9bd',1,'pesieve::_ctx_details']]],
-  ['rva_29',['rva',['../classpesieve_1_1_pe_section.html#abb3723c684e695788cedc1654463b409',1,'pesieve::PeSection']]]
+  ['returned_5fhndl_24',['returned_hndl',['../structpesieve_1_1util_1_1t__refl__args.html#a2039cf10734a4e3f07e94e6068122729',1,'pesieve::util::t_refl_args']]],
+  ['returned_5fpid_25',['returned_pid',['../structpesieve_1_1util_1_1t__refl__args.html#a7e95cffd1d650f477bb1d64377f4f6d7',1,'pesieve::util::t_refl_args']]],
+  ['rip_26',['rip',['../structpesieve_1_1__ctx__details.html#a6dc0bc061045467c3d71b6644adf68b4',1,'pesieve::_ctx_details']]],
+  ['rsp_27',['rsp',['../structpesieve_1_1__ctx__details.html#ab19759b888e6034d29dcaf6cedeed9bd',1,'pesieve::_ctx_details']]],
+  ['rva_28',['rva',['../classpesieve_1_1_pe_section.html#abb3723c684e695788cedc1654463b409',1,'pesieve::PeSection']]]
 ];
diff --git a/search/variables_12.js b/search/variables_12.js
index 96dd9d984..76f353a1b 100644
--- a/search/variables_12.js
+++ b/search/variables_12.js
@@ -10,34 +10,35 @@ var searchData=
   ['sectionrva_7',['sectionRVA',['../classpesieve_1_1_patch_analyzer.html#a34eb7c1430a1851749e5e096e9a2dbfa',1,'pesieve::PatchAnalyzer']]],
   ['sectiontoresult_8',['sectionToResult',['../classpesieve_1_1_code_scan_report.html#ade146d4d6dff33f669825e68d2d035da',1,'pesieve::CodeScanReport']]],
   ['settings_9',['settings',['../structpesieve_1_1_chunk_stats.html#a1268301237205e183a7fd2d097c70397',1,'pesieve::ChunkStats']]],
-  ['shellc_5fcount_10',['SHELLC_COUNT',['../classpesieve_1_1t__shellc__mode.html#abb24e6cbf35bbad15709d7b7c4d21c71',1,'pesieve::t_shellc_mode']]],
-  ['shellc_5fnone_11',['SHELLC_NONE',['../classpesieve_1_1t__shellc__mode.html#a7d4e9c7bdc63e28079f0a663287371aa',1,'pesieve::t_shellc_mode']]],
-  ['shellc_5fpatterns_12',['SHELLC_PATTERNS',['../classpesieve_1_1t__shellc__mode.html#a4371c512776afe9e6faeac818be15c14',1,'pesieve::t_shellc_mode']]],
-  ['shellc_5fpatterns_5fand_5fstats_13',['SHELLC_PATTERNS_AND_STATS',['../classpesieve_1_1t__shellc__mode.html#a16c88cc8e50ca3b6a8e08942d93475f1',1,'pesieve::t_shellc_mode']]],
-  ['shellc_5fpatterns_5for_5fstats_14',['SHELLC_PATTERNS_OR_STATS',['../classpesieve_1_1t__shellc__mode.html#a7ed46ef5720148741ee3d9d1f416694a',1,'pesieve::t_shellc_mode']]],
-  ['shellc_5fstats_15',['SHELLC_STATS',['../classpesieve_1_1t__shellc__mode.html#a67ddfa30a058f878421d277af59fbf2e',1,'pesieve::t_shellc_mode']]],
-  ['shellcode_16',['shellcode',['../structparams.html#a5063529cd6e6950334929d22164d3868',1,'params::shellcode'],['../namespacedemo.html#a6cdb502544cf88590852419885d95c92',1,'demo.shellcode']]],
-  ['size_17',['size',['../structpesieve_1_1_chunk_stats.html#a1a99134b17150d91a46a5a3a669063bc',1,'pesieve::ChunkStats::size'],['../structpesieve_1_1__t__pattern.html#a5f8a13e6e7fa8367d83bb9306ccca9d8',1,'pesieve::_t_pattern::size'],['../structpesieve_1_1util_1_1__mem__region__info.html#a5b8ade2cf0b8931e4f81b98ae2bfdac5',1,'pesieve::util::_mem_region_info::size']]],
-  ['skipped_18',['skipped',['../structreport.html#aa49ebcf3170fe05413a02a2af0ef5d9b',1,'report']]],
-  ['snapshothandle_19',['SnapshotHandle',['../namespacepesieve_1_1util.html#a6af9e73116d4d74647d319a492b721b0',1,'pesieve::util']]],
-  ['stack_5fframe_20',['stack_frame',['../struct__t__stack__enum__params.html#afd374d69c557b225099cff673e6ab6d7',1,'_t_stack_enum_params']]],
-  ['stackframescount_21',['stackFramesCount',['../structpesieve_1_1__ctx__details.html#aabca56adbcd0155923d8e6b0e62599c5',1,'pesieve::_ctx_details']]],
-  ['start_22',['start',['../classpesieve_1_1_scanned_module.html#a1257d00fc075f58c68a2f2f3ee2580c3',1,'pesieve::ScannedModule']]],
-  ['start_5faddr_23',['start_addr',['../structpesieve_1_1util_1_1__thread__info.html#a2d408cca43d2e48530d63c394755e96b',1,'pesieve::util::_thread_info']]],
-  ['start_5fva_24',['start_va',['../classpesieve_1_1_mem_page_data.html#aa47136298a2aecc8cc011162cf7a0571',1,'pesieve::MemPageData']]],
-  ['startcontext_25',['StartContext',['../namespacepesieve_1_1util.html#a867430ba8efef3a8f89e826a34791db1',1,'pesieve::util']]],
-  ['startoffset_26',['startOffset',['../classpesieve_1_1_i_a_t_thunks_series.html#a2c8fb26493bbda8f2c53d4b28c19531a',1,'pesieve::IATThunksSeries']]],
-  ['startroutine_27',['StartRoutine',['../namespacepesieve_1_1util.html#a243a5bb6446feaa7c25fa56debfc0384',1,'pesieve::util']]],
-  ['startrva_28',['startRva',['../classpesieve_1_1_patch_list_1_1_patch.html#a7b946d650da353c56690ff150eb4a82c',1,'pesieve::PatchList::Patch']]],
-  ['state_29',['state',['../structpesieve_1_1util_1_1__thread__info__ext.html#a64f10518106ade775aecd7f5c2caaf65',1,'pesieve::util::_thread_info_ext']]],
-  ['stats_30',['stats',['../classpesieve_1_1_thread_scan_report.html#a00f0b36826c124dc6be154f0cdeb7f83',1,'pesieve::ThreadScanReport::stats'],['../classpesieve_1_1_working_set_scan_report.html#a2b63bfed29add17e9db10f21936cedc0',1,'pesieve::WorkingSetScanReport::stats']]],
-  ['status_31',['status',['../classpesieve_1_1_module_scan_report.html#a10b0bdf16cb9e7af32e1ab9b35532f68',1,'pesieve::ModuleScanReport']]],
-  ['stop_5fva_32',['stop_va',['../classpesieve_1_1_mem_page_data.html#a7c151bd819b2444eb7e93c92fcd4f8ce',1,'pesieve::MemPageData']]],
-  ['storedfunc_33',['storedFunc',['../classpesieve_1_1_i_a_t_scan_report.html#a7a631d5a508e52d214764f5d25490b2e',1,'pesieve::IATScanReport']]],
-  ['stringscount_34',['stringsCount',['../structpesieve_1_1_chunk_stats.html#a41e1a3748f347a69f1db454cb3dd2651',1,'pesieve::ChunkStats']]],
-  ['susp_5faddr_35',['susp_addr',['../classpesieve_1_1_thread_scan_report.html#a5a930aaa32e9de46d95b25018a373cbc',1,'pesieve::ThreadScanReport']]],
-  ['suspicious_36',['suspicious',['../structreport.html#a5ee5e4dbcf6777455b2b32b1529d4980',1,'report']]],
-  ['symbols_37',['symbols',['../classpesieve_1_1_process_scanner.html#ac9a6ee9cd3632a5ccd3f03742700959f',1,'pesieve::ProcessScanner::symbols'],['../classpesieve_1_1_thread_scanner.html#ad455f81b20ec49dc2968d6f2db67ae13',1,'pesieve::ThreadScanner::symbols']]],
-  ['sys_5fstart_5faddr_38',['sys_start_addr',['../structpesieve_1_1util_1_1__thread__info__ext.html#a015d9ec862bebffabeeea74cc94c6c03',1,'pesieve::util::_thread_info_ext']]],
-  ['szmodname_39',['szModName',['../classpesieve_1_1_module_data.html#ab7463bd2db1ce6343e1be66600c48cd8',1,'pesieve::ModuleData']]]
+  ['shccandidates_10',['shcCandidates',['../structpesieve_1_1__ctx__details.html#a44ca7a32918f0eab5a8d9cf14080e0c0',1,'pesieve::_ctx_details']]],
+  ['shellc_5fcount_11',['SHELLC_COUNT',['../classpesieve_1_1t__shellc__mode.html#abb24e6cbf35bbad15709d7b7c4d21c71',1,'pesieve::t_shellc_mode']]],
+  ['shellc_5fnone_12',['SHELLC_NONE',['../classpesieve_1_1t__shellc__mode.html#a7d4e9c7bdc63e28079f0a663287371aa',1,'pesieve::t_shellc_mode']]],
+  ['shellc_5fpatterns_13',['SHELLC_PATTERNS',['../classpesieve_1_1t__shellc__mode.html#a4371c512776afe9e6faeac818be15c14',1,'pesieve::t_shellc_mode']]],
+  ['shellc_5fpatterns_5fand_5fstats_14',['SHELLC_PATTERNS_AND_STATS',['../classpesieve_1_1t__shellc__mode.html#a16c88cc8e50ca3b6a8e08942d93475f1',1,'pesieve::t_shellc_mode']]],
+  ['shellc_5fpatterns_5for_5fstats_15',['SHELLC_PATTERNS_OR_STATS',['../classpesieve_1_1t__shellc__mode.html#a7ed46ef5720148741ee3d9d1f416694a',1,'pesieve::t_shellc_mode']]],
+  ['shellc_5fstats_16',['SHELLC_STATS',['../classpesieve_1_1t__shellc__mode.html#a67ddfa30a058f878421d277af59fbf2e',1,'pesieve::t_shellc_mode']]],
+  ['shellcode_17',['shellcode',['../structparams.html#a5063529cd6e6950334929d22164d3868',1,'params::shellcode'],['../namespacedemo.html#a6cdb502544cf88590852419885d95c92',1,'demo.shellcode']]],
+  ['size_18',['size',['../structpesieve_1_1_chunk_stats.html#a1a99134b17150d91a46a5a3a669063bc',1,'pesieve::ChunkStats::size'],['../structpesieve_1_1__t__pattern.html#a5f8a13e6e7fa8367d83bb9306ccca9d8',1,'pesieve::_t_pattern::size'],['../structpesieve_1_1util_1_1__mem__region__info.html#a5b8ade2cf0b8931e4f81b98ae2bfdac5',1,'pesieve::util::_mem_region_info::size']]],
+  ['skipped_19',['skipped',['../structreport.html#aa49ebcf3170fe05413a02a2af0ef5d9b',1,'report']]],
+  ['snapshothandle_20',['SnapshotHandle',['../namespacepesieve_1_1util.html#a6af9e73116d4d74647d319a492b721b0',1,'pesieve::util']]],
+  ['stack_5fframe_21',['stack_frame',['../struct__t__stack__enum__params.html#afd374d69c557b225099cff673e6ab6d7',1,'_t_stack_enum_params']]],
+  ['stackframescount_22',['stackFramesCount',['../structpesieve_1_1__ctx__details.html#aabca56adbcd0155923d8e6b0e62599c5',1,'pesieve::_ctx_details']]],
+  ['start_23',['start',['../classpesieve_1_1_scanned_module.html#a1257d00fc075f58c68a2f2f3ee2580c3',1,'pesieve::ScannedModule']]],
+  ['start_5faddr_24',['start_addr',['../structpesieve_1_1util_1_1__thread__info.html#a2d408cca43d2e48530d63c394755e96b',1,'pesieve::util::_thread_info']]],
+  ['start_5fva_25',['start_va',['../classpesieve_1_1_mem_page_data.html#aa47136298a2aecc8cc011162cf7a0571',1,'pesieve::MemPageData']]],
+  ['startcontext_26',['StartContext',['../namespacepesieve_1_1util.html#a867430ba8efef3a8f89e826a34791db1',1,'pesieve::util']]],
+  ['startoffset_27',['startOffset',['../classpesieve_1_1_i_a_t_thunks_series.html#a2c8fb26493bbda8f2c53d4b28c19531a',1,'pesieve::IATThunksSeries']]],
+  ['startroutine_28',['StartRoutine',['../namespacepesieve_1_1util.html#a243a5bb6446feaa7c25fa56debfc0384',1,'pesieve::util']]],
+  ['startrva_29',['startRva',['../classpesieve_1_1_patch_list_1_1_patch.html#a7b946d650da353c56690ff150eb4a82c',1,'pesieve::PatchList::Patch']]],
+  ['state_30',['state',['../structpesieve_1_1util_1_1__thread__info__ext.html#a64f10518106ade775aecd7f5c2caaf65',1,'pesieve::util::_thread_info_ext']]],
+  ['stats_31',['stats',['../classpesieve_1_1_thread_scan_report.html#a00f0b36826c124dc6be154f0cdeb7f83',1,'pesieve::ThreadScanReport::stats'],['../classpesieve_1_1_working_set_scan_report.html#a2b63bfed29add17e9db10f21936cedc0',1,'pesieve::WorkingSetScanReport::stats']]],
+  ['status_32',['status',['../classpesieve_1_1_module_scan_report.html#a10b0bdf16cb9e7af32e1ab9b35532f68',1,'pesieve::ModuleScanReport']]],
+  ['stop_5fva_33',['stop_va',['../classpesieve_1_1_mem_page_data.html#a7c151bd819b2444eb7e93c92fcd4f8ce',1,'pesieve::MemPageData']]],
+  ['storedfunc_34',['storedFunc',['../classpesieve_1_1_i_a_t_scan_report.html#a7a631d5a508e52d214764f5d25490b2e',1,'pesieve::IATScanReport']]],
+  ['stringscount_35',['stringsCount',['../structpesieve_1_1_chunk_stats.html#a41e1a3748f347a69f1db454cb3dd2651',1,'pesieve::ChunkStats']]],
+  ['susp_5faddr_36',['susp_addr',['../classpesieve_1_1_thread_scan_report.html#a5a930aaa32e9de46d95b25018a373cbc',1,'pesieve::ThreadScanReport']]],
+  ['suspicious_37',['suspicious',['../structreport.html#a5ee5e4dbcf6777455b2b32b1529d4980',1,'report']]],
+  ['symbols_38',['symbols',['../classpesieve_1_1_process_scanner.html#ac9a6ee9cd3632a5ccd3f03742700959f',1,'pesieve::ProcessScanner::symbols'],['../classpesieve_1_1_thread_scanner.html#ad455f81b20ec49dc2968d6f2db67ae13',1,'pesieve::ThreadScanner::symbols']]],
+  ['sys_5fstart_5faddr_39',['sys_start_addr',['../structpesieve_1_1util_1_1__thread__info__ext.html#a015d9ec862bebffabeeea74cc94c6c03',1,'pesieve::util::_thread_info_ext']]],
+  ['szmodname_40',['szModName',['../classpesieve_1_1_module_data.html#ab7463bd2db1ce6343e1be66600c48cd8',1,'pesieve::ModuleData']]]
 ];
diff --git a/search/variables_b.js b/search/variables_b.js
index 0c143b96e..62c663236 100644
--- a/search/variables_b.js
+++ b/search/variables_b.js
@@ -1,12 +1,13 @@
 var searchData=
 [
-  ['laststr_0',['lastStr',['../structpesieve_1_1_chunk_stats.html#aa3dd6619cda8fd6d7e6a0471a2ab9c26',1,'pesieve::ChunkStats']]],
-  ['lastusage_1',['lastUsage',['../structpesieve_1_1_cached_module.html#ac346042e22490dec922835547a992e05',1,'pesieve::CachedModule']]],
-  ['length_2',['length',['../struct___p_a_r_a_m___s_t_r_i_n_g.html#a7996767bb0f2ac6ccfc42d6ddb210bcf',1,'_PARAM_STRING::length'],['../namespacedemo.html#abc3711f6440e69ac690f99e61099b9d2',1,'demo.length']]],
-  ['lib_3',['lib',['../namespacepesieve.html#aca0538d4001454cd1ec5d9c2df390ac8',1,'pesieve']]],
-  ['loadeddata_4',['loadedData',['../classpesieve_1_1_mem_page_data.html#a1a846ed452227d685a50a72ea516d0f9',1,'pesieve::MemPageData']]],
-  ['loadedsection_5',['loadedSection',['../classpesieve_1_1_pe_section.html#a81b7086cb5282d2a4fbd7f31353d144e',1,'pesieve::PeSection']]],
-  ['loadedsize_6',['loadedSize',['../classpesieve_1_1_pe_section.html#a45e6b2d32b562e2feb8cd5bb33ac6eb2',1,'pesieve::PeSection']]],
-  ['longeststr_7',['longestStr',['../structpesieve_1_1_chunk_stats.html#a5a4a7722c336a239ceed6a087740936c',1,'pesieve::ChunkStats']]],
-  ['lpcontext_8',['lpContext',['../namespacepesieve_1_1util.html#a474e517f22ad667eca359f745537886b',1,'pesieve::util']]]
+  ['last_5fret_0',['last_ret',['../structpesieve_1_1__ctx__details.html#a98c61b583bcc9251354d2e199b1c5523',1,'pesieve::_ctx_details']]],
+  ['laststr_1',['lastStr',['../structpesieve_1_1_chunk_stats.html#aa3dd6619cda8fd6d7e6a0471a2ab9c26',1,'pesieve::ChunkStats']]],
+  ['lastusage_2',['lastUsage',['../structpesieve_1_1_cached_module.html#ac346042e22490dec922835547a992e05',1,'pesieve::CachedModule']]],
+  ['length_3',['length',['../struct___p_a_r_a_m___s_t_r_i_n_g.html#a7996767bb0f2ac6ccfc42d6ddb210bcf',1,'_PARAM_STRING::length'],['../namespacedemo.html#abc3711f6440e69ac690f99e61099b9d2',1,'demo.length']]],
+  ['lib_4',['lib',['../namespacepesieve.html#aca0538d4001454cd1ec5d9c2df390ac8',1,'pesieve']]],
+  ['loadeddata_5',['loadedData',['../classpesieve_1_1_mem_page_data.html#a1a846ed452227d685a50a72ea516d0f9',1,'pesieve::MemPageData']]],
+  ['loadedsection_6',['loadedSection',['../classpesieve_1_1_pe_section.html#a81b7086cb5282d2a4fbd7f31353d144e',1,'pesieve::PeSection']]],
+  ['loadedsize_7',['loadedSize',['../classpesieve_1_1_pe_section.html#a45e6b2d32b562e2feb8cd5bb33ac6eb2',1,'pesieve::PeSection']]],
+  ['longeststr_8',['longestStr',['../structpesieve_1_1_chunk_stats.html#a5a4a7722c336a239ceed6a087740936c',1,'pesieve::ChunkStats']]],
+  ['lpcontext_9',['lpContext',['../namespacepesieve_1_1util.html#a474e517f22ad667eca359f745537886b',1,'pesieve::util']]]
 ];
diff --git a/structpesieve_1_1__ctx__details-members.html b/structpesieve_1_1__ctx__details-members.html
index cb8e952a6..f65e4e227 100644
--- a/structpesieve_1_1__ctx__details-members.html
+++ b/structpesieve_1_1__ctx__details-members.html
@@ -100,11 +100,12 @@
   <tr class="odd"><td class="entry"><a class="el" href="structpesieve_1_1__ctx__details.html#a0934e6ecb1c6e65150bfa4d4641cb517">init</a>(bool _is64b=false, ULONGLONG _rip=0, ULONGLONG _rsp=0, ULONGLONG _rbp=0, ULONGLONG _ret_addr=0)</td><td class="entry"><a class="el" href="structpesieve_1_1__ctx__details.html">pesieve::_ctx_details</a></td><td class="entry"><span class="mlabel">inline</span></td></tr>
   <tr class="even"><td class="entry"><a class="el" href="structpesieve_1_1__ctx__details.html#ad0c5e14eb1bb6d1bef2421752eb5e298">is64b</a></td><td class="entry"><a class="el" href="structpesieve_1_1__ctx__details.html">pesieve::_ctx_details</a></td><td class="entry"></td></tr>
   <tr class="odd"><td class="entry"><a class="el" href="structpesieve_1_1__ctx__details.html#a8add5038bb0b71c10646482ba2bbcaaa">is_managed</a></td><td class="entry"><a class="el" href="structpesieve_1_1__ctx__details.html">pesieve::_ctx_details</a></td><td class="entry"></td></tr>
-  <tr class="even"><td class="entry"><a class="el" href="structpesieve_1_1__ctx__details.html#a5868fc0792120aa74a5fab5ab1a5eeb6">rbp</a></td><td class="entry"><a class="el" href="structpesieve_1_1__ctx__details.html">pesieve::_ctx_details</a></td><td class="entry"></td></tr>
-  <tr class="odd"><td class="entry"><a class="el" href="structpesieve_1_1__ctx__details.html#a4b5f5a030c362877e2772ab3493e0d6f">ret_addr</a></td><td class="entry"><a class="el" href="structpesieve_1_1__ctx__details.html">pesieve::_ctx_details</a></td><td class="entry"></td></tr>
+  <tr class="even"><td class="entry"><a class="el" href="structpesieve_1_1__ctx__details.html#a98c61b583bcc9251354d2e199b1c5523">last_ret</a></td><td class="entry"><a class="el" href="structpesieve_1_1__ctx__details.html">pesieve::_ctx_details</a></td><td class="entry"></td></tr>
+  <tr class="odd"><td class="entry"><a class="el" href="structpesieve_1_1__ctx__details.html#a5868fc0792120aa74a5fab5ab1a5eeb6">rbp</a></td><td class="entry"><a class="el" href="structpesieve_1_1__ctx__details.html">pesieve::_ctx_details</a></td><td class="entry"></td></tr>
   <tr class="even"><td class="entry"><a class="el" href="structpesieve_1_1__ctx__details.html#a6dc0bc061045467c3d71b6644adf68b4">rip</a></td><td class="entry"><a class="el" href="structpesieve_1_1__ctx__details.html">pesieve::_ctx_details</a></td><td class="entry"></td></tr>
   <tr class="odd"><td class="entry"><a class="el" href="structpesieve_1_1__ctx__details.html#ab19759b888e6034d29dcaf6cedeed9bd">rsp</a></td><td class="entry"><a class="el" href="structpesieve_1_1__ctx__details.html">pesieve::_ctx_details</a></td><td class="entry"></td></tr>
-  <tr class="even"><td class="entry"><a class="el" href="structpesieve_1_1__ctx__details.html#aabca56adbcd0155923d8e6b0e62599c5">stackFramesCount</a></td><td class="entry"><a class="el" href="structpesieve_1_1__ctx__details.html">pesieve::_ctx_details</a></td><td class="entry"></td></tr>
+  <tr class="even"><td class="entry"><a class="el" href="structpesieve_1_1__ctx__details.html#a44ca7a32918f0eab5a8d9cf14080e0c0">shcCandidates</a></td><td class="entry"><a class="el" href="structpesieve_1_1__ctx__details.html">pesieve::_ctx_details</a></td><td class="entry"></td></tr>
+  <tr class="odd"><td class="entry"><a class="el" href="structpesieve_1_1__ctx__details.html#aabca56adbcd0155923d8e6b0e62599c5">stackFramesCount</a></td><td class="entry"><a class="el" href="structpesieve_1_1__ctx__details.html">pesieve::_ctx_details</a></td><td class="entry"></td></tr>
 </table></div><!-- contents -->
 <!-- start footer part -->
 <hr class="footer"/><address class="footer"><small>
diff --git a/structpesieve_1_1__ctx__details.html b/structpesieve_1_1__ctx__details.html
index 3fe251a13..99c5aa70b 100644
--- a/structpesieve_1_1__ctx__details.html
+++ b/structpesieve_1_1__ctx__details.html
@@ -120,12 +120,14 @@
 <tr class="separator:ab19759b888e6034d29dcaf6cedeed9bd"><td class="memSeparator" colspan="2">&#160;</td></tr>
 <tr class="memitem:a5868fc0792120aa74a5fab5ab1a5eeb6" id="r_a5868fc0792120aa74a5fab5ab1a5eeb6"><td class="memItemLeft" align="right" valign="top">ULONGLONG&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="#a5868fc0792120aa74a5fab5ab1a5eeb6">rbp</a></td></tr>
 <tr class="separator:a5868fc0792120aa74a5fab5ab1a5eeb6"><td class="memSeparator" colspan="2">&#160;</td></tr>
-<tr class="memitem:a4b5f5a030c362877e2772ab3493e0d6f" id="r_a4b5f5a030c362877e2772ab3493e0d6f"><td class="memItemLeft" align="right" valign="top">ULONGLONG&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="#a4b5f5a030c362877e2772ab3493e0d6f">ret_addr</a></td></tr>
-<tr class="separator:a4b5f5a030c362877e2772ab3493e0d6f"><td class="memSeparator" colspan="2">&#160;</td></tr>
+<tr class="memitem:a98c61b583bcc9251354d2e199b1c5523" id="r_a98c61b583bcc9251354d2e199b1c5523"><td class="memItemLeft" align="right" valign="top">ULONGLONG&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="#a98c61b583bcc9251354d2e199b1c5523">last_ret</a></td></tr>
+<tr class="separator:a98c61b583bcc9251354d2e199b1c5523"><td class="memSeparator" colspan="2">&#160;</td></tr>
 <tr class="memitem:a8add5038bb0b71c10646482ba2bbcaaa" id="r_a8add5038bb0b71c10646482ba2bbcaaa"><td class="memItemLeft" align="right" valign="top"><a class="el" href="pe__sieve__types_8h.html#ad5c9d4ba3dc37783a528b0925dc981a0">bool</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="#a8add5038bb0b71c10646482ba2bbcaaa">is_managed</a></td></tr>
 <tr class="separator:a8add5038bb0b71c10646482ba2bbcaaa"><td class="memSeparator" colspan="2">&#160;</td></tr>
 <tr class="memitem:aabca56adbcd0155923d8e6b0e62599c5" id="r_aabca56adbcd0155923d8e6b0e62599c5"><td class="memItemLeft" align="right" valign="top">size_t&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="#aabca56adbcd0155923d8e6b0e62599c5">stackFramesCount</a></td></tr>
 <tr class="separator:aabca56adbcd0155923d8e6b0e62599c5"><td class="memSeparator" colspan="2">&#160;</td></tr>
+<tr class="memitem:a44ca7a32918f0eab5a8d9cf14080e0c0" id="r_a44ca7a32918f0eab5a8d9cf14080e0c0"><td class="memItemLeft" align="right" valign="top">std::set&lt; ULONGLONG &gt;&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="#a44ca7a32918f0eab5a8d9cf14080e0c0">shcCandidates</a></td></tr>
+<tr class="separator:a44ca7a32918f0eab5a8d9cf14080e0c0"><td class="memSeparator" colspan="2">&#160;</td></tr>
 </table>
 <a name="details" id="details"></a><h2 class="groupheader">Detailed Description</h2>
 <div class="textblock"><p>A custom structure keeping a fragment of a thread context. </p>
@@ -174,7 +176,7 @@ <h2 class="memtitle"><span class="permalink"><a href="#a973d23630a3057a9e1fc500c
 </table>
 </div><div class="memdoc">
 
-<p class="definition">Definition at line <a class="el" href="thread__scanner_8h_source.html#l00102">102</a> of file <a class="el" href="thread__scanner_8h_source.html">thread_scanner.h</a>.</p>
+<p class="definition">Definition at line <a class="el" href="thread__scanner_8h_source.html#l00103">103</a> of file <a class="el" href="thread__scanner_8h_source.html">thread_scanner.h</a>.</p>
 
 </div>
 </div>
@@ -221,7 +223,7 @@ <h2 class="memtitle"><span class="permalink"><a href="#a0934e6ecb1c6e65150bfa4d4
 </table>
 </div><div class="memdoc">
 
-<p class="definition">Definition at line <a class="el" href="thread__scanner_8h_source.html#l00109">109</a> of file <a class="el" href="thread__scanner_8h_source.html">thread_scanner.h</a>.</p>
+<p class="definition">Definition at line <a class="el" href="thread__scanner_8h_source.html#l00110">110</a> of file <a class="el" href="thread__scanner_8h_source.html">thread_scanner.h</a>.</p>
 
 </div>
 </div>
@@ -258,35 +260,35 @@ <h2 class="memtitle"><span class="permalink"><a href="#a8add5038bb0b71c10646482b
 
 </div>
 </div>
-<a id="a5868fc0792120aa74a5fab5ab1a5eeb6" name="a5868fc0792120aa74a5fab5ab1a5eeb6"></a>
-<h2 class="memtitle"><span class="permalink"><a href="#a5868fc0792120aa74a5fab5ab1a5eeb6">&#9670;&#160;</a></span>rbp</h2>
+<a id="a98c61b583bcc9251354d2e199b1c5523" name="a98c61b583bcc9251354d2e199b1c5523"></a>
+<h2 class="memtitle"><span class="permalink"><a href="#a98c61b583bcc9251354d2e199b1c5523">&#9670;&#160;</a></span>last_ret</h2>
 
 <div class="memitem">
 <div class="memproto">
       <table class="memname">
         <tr>
-          <td class="memname">ULONGLONG pesieve::_ctx_details::rbp</td>
+          <td class="memname">ULONGLONG pesieve::_ctx_details::last_ret</td>
         </tr>
       </table>
 </div><div class="memdoc">
 
-<p class="definition">Definition at line <a class="el" href="thread__scanner_8h_source.html#l00097">97</a> of file <a class="el" href="thread__scanner_8h_source.html">thread_scanner.h</a>.</p>
+<p class="definition">Definition at line <a class="el" href="thread__scanner_8h_source.html#l00098">98</a> of file <a class="el" href="thread__scanner_8h_source.html">thread_scanner.h</a>.</p>
 
 </div>
 </div>
-<a id="a4b5f5a030c362877e2772ab3493e0d6f" name="a4b5f5a030c362877e2772ab3493e0d6f"></a>
-<h2 class="memtitle"><span class="permalink"><a href="#a4b5f5a030c362877e2772ab3493e0d6f">&#9670;&#160;</a></span>ret_addr</h2>
+<a id="a5868fc0792120aa74a5fab5ab1a5eeb6" name="a5868fc0792120aa74a5fab5ab1a5eeb6"></a>
+<h2 class="memtitle"><span class="permalink"><a href="#a5868fc0792120aa74a5fab5ab1a5eeb6">&#9670;&#160;</a></span>rbp</h2>
 
 <div class="memitem">
 <div class="memproto">
       <table class="memname">
         <tr>
-          <td class="memname">ULONGLONG pesieve::_ctx_details::ret_addr</td>
+          <td class="memname">ULONGLONG pesieve::_ctx_details::rbp</td>
         </tr>
       </table>
 </div><div class="memdoc">
 
-<p class="definition">Definition at line <a class="el" href="thread__scanner_8h_source.html#l00098">98</a> of file <a class="el" href="thread__scanner_8h_source.html">thread_scanner.h</a>.</p>
+<p class="definition">Definition at line <a class="el" href="thread__scanner_8h_source.html#l00097">97</a> of file <a class="el" href="thread__scanner_8h_source.html">thread_scanner.h</a>.</p>
 
 </div>
 </div>
@@ -320,6 +322,22 @@ <h2 class="memtitle"><span class="permalink"><a href="#ab19759b888e6034d29dcaf6c
 
 <p class="definition">Definition at line <a class="el" href="thread__scanner_8h_source.html#l00096">96</a> of file <a class="el" href="thread__scanner_8h_source.html">thread_scanner.h</a>.</p>
 
+</div>
+</div>
+<a id="a44ca7a32918f0eab5a8d9cf14080e0c0" name="a44ca7a32918f0eab5a8d9cf14080e0c0"></a>
+<h2 class="memtitle"><span class="permalink"><a href="#a44ca7a32918f0eab5a8d9cf14080e0c0">&#9670;&#160;</a></span>shcCandidates</h2>
+
+<div class="memitem">
+<div class="memproto">
+      <table class="memname">
+        <tr>
+          <td class="memname">std::set&lt;ULONGLONG&gt; pesieve::_ctx_details::shcCandidates</td>
+        </tr>
+      </table>
+</div><div class="memdoc">
+
+<p class="definition">Definition at line <a class="el" href="thread__scanner_8h_source.html#l00101">101</a> of file <a class="el" href="thread__scanner_8h_source.html">thread_scanner.h</a>.</p>
+
 </div>
 </div>
 <a id="aabca56adbcd0155923d8e6b0e62599c5" name="aabca56adbcd0155923d8e6b0e62599c5"></a>
diff --git a/thread__scanner_8cpp.html b/thread__scanner_8cpp.html
index 3e486e40f..d884a3dde 100644
--- a/thread__scanner_8cpp.html
+++ b/thread__scanner_8cpp.html
@@ -210,7 +210,7 @@ <h2 class="memtitle"><span class="permalink"><a href="#a7b9ade21d4de016d2a048bf6
       </table>
 </div><div class="memdoc">
 
-<p class="definition">Definition at line <a class="el" href="thread__scanner_8cpp_source.html#l00323">323</a> of file <a class="el" href="thread__scanner_8cpp_source.html">thread_scanner.cpp</a>.</p>
+<p class="definition">Definition at line <a class="el" href="thread__scanner_8cpp_source.html#l00324">324</a> of file <a class="el" href="thread__scanner_8cpp_source.html">thread_scanner.cpp</a>.</p>
 
 </div>
 </div>
@@ -248,7 +248,7 @@ <h2 class="memtitle"><span class="permalink"><a href="#acde231c42b9527dcc026402d
       </table>
 </div><div class="memdoc">
 
-<p class="definition">Definition at line <a class="el" href="thread__scanner_8cpp_source.html#l00380">380</a> of file <a class="el" href="thread__scanner_8cpp_source.html">thread_scanner.cpp</a>.</p>
+<p class="definition">Definition at line <a class="el" href="thread__scanner_8cpp_source.html#l00381">381</a> of file <a class="el" href="thread__scanner_8cpp_source.html">thread_scanner.cpp</a>.</p>
 <div class="dynheader">
 Here is the call graph for this function:</div>
 <div class="dyncontent">
diff --git a/thread__scanner_8cpp_source.html b/thread__scanner_8cpp_source.html
index 4deae2e9c..74d2cf0d2 100644
--- a/thread__scanner_8cpp_source.html
+++ b/thread__scanner_8cpp_source.html
@@ -247,7 +247,7 @@
 <div class="line"><a id="l00139" name="l00139"></a><span class="lineno"><a class="line" href="classpesieve_1_1_thread_scanner.html#ae67285f50239657076a865f1b2d82ed7">  139</a></span><span class="keywordtype">size_t</span> <a class="code hl_function" href="classpesieve_1_1_thread_scanner.html#ae67285f50239657076a865f1b2d82ed7">pesieve::ThreadScanner::analyzeStackFrames</a>(IN <span class="keyword">const</span> std::vector&lt;ULONGLONG&gt; stack_frame, IN OUT <a class="code hl_struct" href="structpesieve_1_1__ctx__details.html">ctx_details</a>&amp; cDetails)</div>
 <div class="line"><a id="l00140" name="l00140"></a><span class="lineno">  140</span>{</div>
 <div class="line"><a id="l00141" name="l00141"></a><span class="lineno">  141</span>    <span class="keywordtype">size_t</span> processedCntr = 0;</div>
-<div class="line"><a id="l00142" name="l00142"></a><span class="lineno">  142</span>    <span class="keywordtype">bool</span> has_shellcode = <span class="keyword">false</span>;</div>
+<div class="line"><a id="l00142" name="l00142"></a><span class="lineno">  142</span> </div>
 <div class="line"><a id="l00143" name="l00143"></a><span class="lineno">  143</span>    cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#a8add5038bb0b71c10646482ba2bbcaaa">is_managed</a> = <span class="keyword">false</span>;</div>
 <div class="line"><a id="l00144" name="l00144"></a><span class="lineno">  144</span>    cDetails.stackFramesCount = stack_frame.size();</div>
 <div class="line"><a id="l00145" name="l00145"></a><span class="lineno">  145</span><span class="preprocessor">#ifdef _SHOW_THREAD_INFO</span></div>
@@ -255,7 +255,7 @@
 <div class="line"><a id="l00147" name="l00147"></a><span class="lineno">  147</span><span class="preprocessor">#endif </span><span class="comment">//_SHOW_THREAD_INFO</span></div>
 <div class="line"><a id="l00148" name="l00148"></a><span class="lineno">  148</span>    <span class="keywordflow">for</span> (<span class="keyword">auto</span> itr = stack_frame.rbegin();</div>
 <div class="line"><a id="l00149" name="l00149"></a><span class="lineno">  149</span>        itr != stack_frame.rend() </div>
-<div class="line"><a id="l00150" name="l00150"></a><span class="lineno">  150</span>        &amp;&amp; (!cDetails.is_managed &amp;&amp; !has_shellcode) <span class="comment">// break on first found shellcode, (for now) discontinue analysis if the module is .NET to avoid FP</span></div>
+<div class="line"><a id="l00150" name="l00150"></a><span class="lineno">  150</span>        &amp;&amp; (!cDetails.is_managed) <span class="comment">// discontinue analysis if the module is .NET to avoid FP</span></div>
 <div class="line"><a id="l00151" name="l00151"></a><span class="lineno">  151</span>        ;++itr, ++processedCntr)</div>
 <div class="line"><a id="l00152" name="l00152"></a><span class="lineno">  152</span>    {</div>
 <div class="line"><a id="l00153" name="l00153"></a><span class="lineno">  153</span>        <span class="keyword">const</span> ULONGLONG next_return = *itr;</div>
@@ -271,355 +271,371 @@
 <div class="line"><a id="l00163" name="l00163"></a><span class="lineno">  163</span>        <span class="keyword">const</span> std::string mod_name = mod ? mod-&gt;<a class="code hl_function" href="classpesieve_1_1_scanned_module.html#a032f8ad62f6bd513835a020fa8f55abb">getModName</a>() : <span class="stringliteral">&quot;&quot;</span>;</div>
 <div class="line"><a id="l00164" name="l00164"></a><span class="lineno">  164</span>        <span class="keywordflow">if</span> (mod_name.length() == 0) {</div>
 <div class="line"><a id="l00165" name="l00165"></a><span class="lineno">  165</span>            <span class="keywordflow">if</span> (!cDetails.is_managed) {</div>
-<div class="line"><a id="l00166" name="l00166"></a><span class="lineno">  166</span>                has_shellcode = is_curr_shc = <span class="keyword">true</span>;</div>
-<div class="line"><a id="l00167" name="l00167"></a><span class="lineno">  167</span><span class="preprocessor">#ifdef _SHOW_THREAD_INFO</span></div>
-<div class="line"><a id="l00168" name="l00168"></a><span class="lineno">  168</span>                std::cout &lt;&lt; <span class="stringliteral">&quot;\t&quot;</span> &lt;&lt; std::hex &lt;&lt; next_return &lt;&lt; <span class="stringliteral">&quot; &lt;=== SHELLCODE\n&quot;</span>;</div>
-<div class="line"><a id="l00169" name="l00169"></a><span class="lineno">  169</span><span class="preprocessor">#endif </span><span class="comment">//_SHOW_THREAD_INFO</span></div>
-<div class="line"><a id="l00170" name="l00170"></a><span class="lineno">  170</span>            } <span class="keywordflow">else</span> {</div>
-<div class="line"><a id="l00171" name="l00171"></a><span class="lineno">  171</span><span class="preprocessor">#ifdef _SHOW_THREAD_INFO</span></div>
-<div class="line"><a id="l00172" name="l00172"></a><span class="lineno">  172</span>                std::cout &lt;&lt; <span class="stringliteral">&quot;\t&quot;</span> &lt;&lt; std::hex &lt;&lt; next_return &lt;&lt; <span class="stringliteral">&quot; &lt;=== .NET JIT\n&quot;</span>;</div>
-<div class="line"><a id="l00173" name="l00173"></a><span class="lineno">  173</span><span class="preprocessor">#endif </span><span class="comment">//_SHOW_THREAD_INFO</span></div>
-<div class="line"><a id="l00174" name="l00174"></a><span class="lineno">  174</span>            }</div>
-<div class="line"><a id="l00175" name="l00175"></a><span class="lineno">  175</span>        }</div>
-<div class="line"><a id="l00176" name="l00176"></a><span class="lineno">  176</span>        <span class="keywordflow">if</span> (!has_shellcode || is_curr_shc) {</div>
-<div class="line"><a id="l00177" name="l00177"></a><span class="lineno">  177</span>            <span class="comment">// store the last address, till the first called shellcode:</span></div>
-<div class="line"><a id="l00178" name="l00178"></a><span class="lineno">  178</span>            cDetails.ret_addr = next_return;</div>
-<div class="line"><a id="l00179" name="l00179"></a><span class="lineno">  179</span>        }</div>
-<div class="line"><a id="l00180" name="l00180"></a><span class="lineno">  180</span>        <span class="comment">// check if the found shellcode is a .NET JIT:</span></div>
-<div class="line"><a id="l00181" name="l00181"></a><span class="lineno">  181</span>        <span class="keywordflow">if</span> (mod_name == <span class="stringliteral">&quot;clr.dll&quot;</span>) {</div>
-<div class="line"><a id="l00182" name="l00182"></a><span class="lineno">  182</span>            cDetails.is_managed = <span class="keyword">true</span>;</div>
-<div class="line"><a id="l00183" name="l00183"></a><span class="lineno">  183</span><span class="preprocessor">#ifdef _SHOW_THREAD_INFO</span></div>
-<div class="line"><a id="l00184" name="l00184"></a><span class="lineno">  184</span>            std::cout &lt;&lt; <span class="stringliteral">&quot;\t&quot;</span> &lt;&lt; std::hex &lt;&lt; next_return &lt;&lt; <span class="stringliteral">&quot; &lt;--- .NET\n&quot;</span>;</div>
-<div class="line"><a id="l00185" name="l00185"></a><span class="lineno">  185</span><span class="preprocessor">#endif </span><span class="comment">//_SHOW_THREAD_INFO</span></div>
-<div class="line"><a id="l00186" name="l00186"></a><span class="lineno">  186</span>        }</div>
-<div class="line"><a id="l00187" name="l00187"></a><span class="lineno">  187</span>    }</div>
-<div class="line"><a id="l00188" name="l00188"></a><span class="lineno">  188</span><span class="preprocessor">#ifdef _SHOW_THREAD_INFO</span></div>
-<div class="line"><a id="l00189" name="l00189"></a><span class="lineno">  189</span>    std::cout &lt;&lt; <span class="stringliteral">&quot;\n===\n&quot;</span>;</div>
-<div class="line"><a id="l00190" name="l00190"></a><span class="lineno">  190</span><span class="preprocessor">#endif </span><span class="comment">//_SHOW_THREAD_INFO</span></div>
-<div class="line"><a id="l00191" name="l00191"></a><span class="lineno">  191</span>    <span class="keywordflow">return</span> processedCntr;</div>
-<div class="line"><a id="l00192" name="l00192"></a><span class="lineno">  192</span>}</div>
+<div class="line"><a id="l00166" name="l00166"></a><span class="lineno">  166</span>                is_curr_shc = <span class="keyword">true</span>;</div>
+<div class="line"><a id="l00167" name="l00167"></a><span class="lineno">  167</span>                cDetails.shcCandidates.insert(next_return);</div>
+<div class="line"><a id="l00168" name="l00168"></a><span class="lineno">  168</span><span class="preprocessor">#ifdef _SHOW_THREAD_INFO</span></div>
+<div class="line"><a id="l00169" name="l00169"></a><span class="lineno">  169</span>                std::cout &lt;&lt; <span class="stringliteral">&quot;\t&quot;</span> &lt;&lt; std::hex &lt;&lt; next_return &lt;&lt; <span class="stringliteral">&quot; &lt;=== SHELLCODE\n&quot;</span>;</div>
+<div class="line"><a id="l00170" name="l00170"></a><span class="lineno">  170</span><span class="preprocessor">#endif </span><span class="comment">//_SHOW_THREAD_INFO</span></div>
+<div class="line"><a id="l00171" name="l00171"></a><span class="lineno">  171</span>            } <span class="keywordflow">else</span> {</div>
+<div class="line"><a id="l00172" name="l00172"></a><span class="lineno">  172</span><span class="preprocessor">#ifdef _SHOW_THREAD_INFO</span></div>
+<div class="line"><a id="l00173" name="l00173"></a><span class="lineno">  173</span>                std::cout &lt;&lt; <span class="stringliteral">&quot;\t&quot;</span> &lt;&lt; std::hex &lt;&lt; next_return &lt;&lt; <span class="stringliteral">&quot; &lt;=== .NET JIT\n&quot;</span>;</div>
+<div class="line"><a id="l00174" name="l00174"></a><span class="lineno">  174</span><span class="preprocessor">#endif </span><span class="comment">//_SHOW_THREAD_INFO</span></div>
+<div class="line"><a id="l00175" name="l00175"></a><span class="lineno">  175</span>            }</div>
+<div class="line"><a id="l00176" name="l00176"></a><span class="lineno">  176</span>        }</div>
+<div class="line"><a id="l00177" name="l00177"></a><span class="lineno">  177</span>        <span class="keywordflow">if</span> (!is_curr_shc) {</div>
+<div class="line"><a id="l00178" name="l00178"></a><span class="lineno">  178</span>            <span class="comment">// store the last address, till the first called shellcode:</span></div>
+<div class="line"><a id="l00179" name="l00179"></a><span class="lineno">  179</span>            cDetails.last_ret = next_return;</div>
+<div class="line"><a id="l00180" name="l00180"></a><span class="lineno">  180</span>        }</div>
+<div class="line"><a id="l00181" name="l00181"></a><span class="lineno">  181</span>        <span class="comment">// check if the found shellcode is a .NET JIT:</span></div>
+<div class="line"><a id="l00182" name="l00182"></a><span class="lineno">  182</span>        <span class="keywordflow">if</span> (mod_name == <span class="stringliteral">&quot;clr.dll&quot;</span>) {</div>
+<div class="line"><a id="l00183" name="l00183"></a><span class="lineno">  183</span>            cDetails.is_managed = <span class="keyword">true</span>;</div>
+<div class="line"><a id="l00184" name="l00184"></a><span class="lineno">  184</span><span class="preprocessor">#ifdef _SHOW_THREAD_INFO</span></div>
+<div class="line"><a id="l00185" name="l00185"></a><span class="lineno">  185</span>            std::cout &lt;&lt; <span class="stringliteral">&quot;\t&quot;</span> &lt;&lt; std::hex &lt;&lt; next_return &lt;&lt; <span class="stringliteral">&quot; &lt;--- .NET\n&quot;</span>;</div>
+<div class="line"><a id="l00186" name="l00186"></a><span class="lineno">  186</span><span class="preprocessor">#endif </span><span class="comment">//_SHOW_THREAD_INFO</span></div>
+<div class="line"><a id="l00187" name="l00187"></a><span class="lineno">  187</span>        }</div>
+<div class="line"><a id="l00188" name="l00188"></a><span class="lineno">  188</span>    }</div>
+<div class="line"><a id="l00189" name="l00189"></a><span class="lineno">  189</span><span class="preprocessor">#ifdef _SHOW_THREAD_INFO</span></div>
+<div class="line"><a id="l00190" name="l00190"></a><span class="lineno">  190</span>    std::cout &lt;&lt; <span class="stringliteral">&quot;\n===\n&quot;</span>;</div>
+<div class="line"><a id="l00191" name="l00191"></a><span class="lineno">  191</span><span class="preprocessor">#endif </span><span class="comment">//_SHOW_THREAD_INFO</span></div>
+<div class="line"><a id="l00192" name="l00192"></a><span class="lineno">  192</span>    <span class="keywordflow">return</span> processedCntr;</div>
+<div class="line"><a id="l00193" name="l00193"></a><span class="lineno">  193</span>}</div>
 </div>
-<div class="line"><a id="l00193" name="l00193"></a><span class="lineno">  193</span> </div>
-<div class="foldopen" id="foldopen00194" data-start="{" data-end="}">
-<div class="line"><a id="l00194" name="l00194"></a><span class="lineno"><a class="line" href="classpesieve_1_1_thread_scanner.html#a69820b7fd6f60e4f136b6d71e03cb28d">  194</a></span><span class="keywordtype">size_t</span> <a class="code hl_function" href="classpesieve_1_1_thread_scanner.html#a69820b7fd6f60e4f136b6d71e03cb28d">pesieve::ThreadScanner::fillStackFrameInfo</a>(IN HANDLE hProcess, IN HANDLE hThread, IN LPVOID ctx, IN OUT <a class="code hl_struct" href="structpesieve_1_1__ctx__details.html">ctx_details</a>&amp; cDetails)</div>
-<div class="line"><a id="l00195" name="l00195"></a><span class="lineno">  195</span>{</div>
-<div class="line"><a id="l00196" name="l00196"></a><span class="lineno">  196</span>    <span class="comment">// do it in a new thread to prevent stucking...</span></div>
-<div class="line"><a id="l00197" name="l00197"></a><span class="lineno">  197</span>    <a class="code hl_struct" href="struct__t__stack__enum__params.html">t_stack_enum_params</a> args(hProcess, hThread, ctx, &amp;cDetails);</div>
-<div class="line"><a id="l00198" name="l00198"></a><span class="lineno">  198</span> </div>
-<div class="line"><a id="l00199" name="l00199"></a><span class="lineno">  199</span>    <span class="keyword">const</span> <span class="keywordtype">size_t</span> max_wait = 1000;</div>
-<div class="line"><a id="l00200" name="l00200"></a><span class="lineno">  200</span>    {</div>
-<div class="line"><a id="l00201" name="l00201"></a><span class="lineno">  201</span>        HANDLE enumThread = CreateThread(</div>
-<div class="line"><a id="l00202" name="l00202"></a><span class="lineno">  202</span>            NULL,                   <span class="comment">// default security attributes</span></div>
-<div class="line"><a id="l00203" name="l00203"></a><span class="lineno">  203</span>            0,                      <span class="comment">// use default stack size  </span></div>
-<div class="line"><a id="l00204" name="l00204"></a><span class="lineno">  204</span>            <a class="code hl_function" href="thread__scanner_8cpp.html#aae9f172c5997c8651c566511823bb19e">enum_stack_thread</a>,       <span class="comment">// thread function name</span></div>
-<div class="line"><a id="l00205" name="l00205"></a><span class="lineno">  205</span>            &amp;args,          <span class="comment">// argument to thread function </span></div>
-<div class="line"><a id="l00206" name="l00206"></a><span class="lineno">  206</span>            0,                      <span class="comment">// use default creation flags </span></div>
-<div class="line"><a id="l00207" name="l00207"></a><span class="lineno">  207</span>            0);   <span class="comment">// returns the thread identifiee</span></div>
-<div class="line"><a id="l00208" name="l00208"></a><span class="lineno">  208</span> </div>
-<div class="line"><a id="l00209" name="l00209"></a><span class="lineno">  209</span>        <span class="keywordflow">if</span> (enumThread) {</div>
-<div class="line"><a id="l00210" name="l00210"></a><span class="lineno">  210</span>            DWORD wait_result = WaitForSingleObject(enumThread, max_wait);</div>
-<div class="line"><a id="l00211" name="l00211"></a><span class="lineno">  211</span>            <span class="keywordflow">if</span> (wait_result == WAIT_TIMEOUT) {</div>
-<div class="line"><a id="l00212" name="l00212"></a><span class="lineno">  212</span>                std::cerr &lt;&lt; <span class="stringliteral">&quot;[!] Cannot retrieve stack frame: timeout passed!\n&quot;</span>;</div>
-<div class="line"><a id="l00213" name="l00213"></a><span class="lineno">  213</span>                TerminateThread(enumThread, 0);</div>
-<div class="line"><a id="l00214" name="l00214"></a><span class="lineno">  214</span>                CloseHandle(enumThread);</div>
-<div class="line"><a id="l00215" name="l00215"></a><span class="lineno">  215</span>                <span class="keywordflow">return</span> 0;</div>
-<div class="line"><a id="l00216" name="l00216"></a><span class="lineno">  216</span>            }</div>
-<div class="line"><a id="l00217" name="l00217"></a><span class="lineno">  217</span>            CloseHandle(enumThread);</div>
-<div class="line"><a id="l00218" name="l00218"></a><span class="lineno">  218</span>        }</div>
-<div class="line"><a id="l00219" name="l00219"></a><span class="lineno">  219</span>    }</div>
-<div class="line"><a id="l00220" name="l00220"></a><span class="lineno">  220</span>    <span class="keywordflow">if</span> (!args.<a class="code hl_variable" href="struct__t__stack__enum__params.html#a61d74c02774139f2cccf850af389735c">is_ok</a>) {</div>
-<div class="line"><a id="l00221" name="l00221"></a><span class="lineno">  221</span>        <span class="keywordflow">return</span> 0;</div>
-<div class="line"><a id="l00222" name="l00222"></a><span class="lineno">  222</span>    }</div>
-<div class="line"><a id="l00223" name="l00223"></a><span class="lineno">  223</span><span class="preprocessor">#ifdef _SHOW_THREAD_INFO</span></div>
-<div class="line"><a id="l00224" name="l00224"></a><span class="lineno">  224</span>    std::cout &lt;&lt; <span class="stringliteral">&quot;\n=== TID &quot;</span> &lt;&lt; std::dec &lt;&lt; GetThreadId(hThread) &lt;&lt; <span class="stringliteral">&quot; ===\n&quot;</span>;</div>
-<div class="line"><a id="l00225" name="l00225"></a><span class="lineno">  225</span><span class="preprocessor">#endif </span><span class="comment">//_SHOW_THREAD_INFO</span></div>
-<div class="line"><a id="l00226" name="l00226"></a><span class="lineno">  226</span>    <span class="keywordflow">return</span> analyzeStackFrames(args.<a class="code hl_variable" href="struct__t__stack__enum__params.html#afd374d69c557b225099cff673e6ab6d7">stack_frame</a>, cDetails);</div>
-<div class="line"><a id="l00227" name="l00227"></a><span class="lineno">  227</span>}</div>
+<div class="line"><a id="l00194" name="l00194"></a><span class="lineno">  194</span> </div>
+<div class="foldopen" id="foldopen00195" data-start="{" data-end="}">
+<div class="line"><a id="l00195" name="l00195"></a><span class="lineno"><a class="line" href="classpesieve_1_1_thread_scanner.html#a69820b7fd6f60e4f136b6d71e03cb28d">  195</a></span><span class="keywordtype">size_t</span> <a class="code hl_function" href="classpesieve_1_1_thread_scanner.html#a69820b7fd6f60e4f136b6d71e03cb28d">pesieve::ThreadScanner::fillStackFrameInfo</a>(IN HANDLE hProcess, IN HANDLE hThread, IN LPVOID ctx, IN OUT <a class="code hl_struct" href="structpesieve_1_1__ctx__details.html">ctx_details</a>&amp; cDetails)</div>
+<div class="line"><a id="l00196" name="l00196"></a><span class="lineno">  196</span>{</div>
+<div class="line"><a id="l00197" name="l00197"></a><span class="lineno">  197</span>    <span class="comment">// do it in a new thread to prevent stucking...</span></div>
+<div class="line"><a id="l00198" name="l00198"></a><span class="lineno">  198</span>    <a class="code hl_struct" href="struct__t__stack__enum__params.html">t_stack_enum_params</a> args(hProcess, hThread, ctx, &amp;cDetails);</div>
+<div class="line"><a id="l00199" name="l00199"></a><span class="lineno">  199</span> </div>
+<div class="line"><a id="l00200" name="l00200"></a><span class="lineno">  200</span>    <span class="keyword">const</span> <span class="keywordtype">size_t</span> max_wait = 1000;</div>
+<div class="line"><a id="l00201" name="l00201"></a><span class="lineno">  201</span>    {</div>
+<div class="line"><a id="l00202" name="l00202"></a><span class="lineno">  202</span>        HANDLE enumThread = CreateThread(</div>
+<div class="line"><a id="l00203" name="l00203"></a><span class="lineno">  203</span>            NULL,                   <span class="comment">// default security attributes</span></div>
+<div class="line"><a id="l00204" name="l00204"></a><span class="lineno">  204</span>            0,                      <span class="comment">// use default stack size  </span></div>
+<div class="line"><a id="l00205" name="l00205"></a><span class="lineno">  205</span>            <a class="code hl_function" href="thread__scanner_8cpp.html#aae9f172c5997c8651c566511823bb19e">enum_stack_thread</a>,       <span class="comment">// thread function name</span></div>
+<div class="line"><a id="l00206" name="l00206"></a><span class="lineno">  206</span>            &amp;args,          <span class="comment">// argument to thread function </span></div>
+<div class="line"><a id="l00207" name="l00207"></a><span class="lineno">  207</span>            0,                      <span class="comment">// use default creation flags </span></div>
+<div class="line"><a id="l00208" name="l00208"></a><span class="lineno">  208</span>            0);   <span class="comment">// returns the thread identifiee</span></div>
+<div class="line"><a id="l00209" name="l00209"></a><span class="lineno">  209</span> </div>
+<div class="line"><a id="l00210" name="l00210"></a><span class="lineno">  210</span>        <span class="keywordflow">if</span> (enumThread) {</div>
+<div class="line"><a id="l00211" name="l00211"></a><span class="lineno">  211</span>            DWORD wait_result = WaitForSingleObject(enumThread, max_wait);</div>
+<div class="line"><a id="l00212" name="l00212"></a><span class="lineno">  212</span>            <span class="keywordflow">if</span> (wait_result == WAIT_TIMEOUT) {</div>
+<div class="line"><a id="l00213" name="l00213"></a><span class="lineno">  213</span>                std::cerr &lt;&lt; <span class="stringliteral">&quot;[!] Cannot retrieve stack frame: timeout passed!\n&quot;</span>;</div>
+<div class="line"><a id="l00214" name="l00214"></a><span class="lineno">  214</span>                TerminateThread(enumThread, 0);</div>
+<div class="line"><a id="l00215" name="l00215"></a><span class="lineno">  215</span>                CloseHandle(enumThread);</div>
+<div class="line"><a id="l00216" name="l00216"></a><span class="lineno">  216</span>                <span class="keywordflow">return</span> 0;</div>
+<div class="line"><a id="l00217" name="l00217"></a><span class="lineno">  217</span>            }</div>
+<div class="line"><a id="l00218" name="l00218"></a><span class="lineno">  218</span>            CloseHandle(enumThread);</div>
+<div class="line"><a id="l00219" name="l00219"></a><span class="lineno">  219</span>        }</div>
+<div class="line"><a id="l00220" name="l00220"></a><span class="lineno">  220</span>    }</div>
+<div class="line"><a id="l00221" name="l00221"></a><span class="lineno">  221</span>    <span class="keywordflow">if</span> (!args.<a class="code hl_variable" href="struct__t__stack__enum__params.html#a61d74c02774139f2cccf850af389735c">is_ok</a>) {</div>
+<div class="line"><a id="l00222" name="l00222"></a><span class="lineno">  222</span>        <span class="keywordflow">return</span> 0;</div>
+<div class="line"><a id="l00223" name="l00223"></a><span class="lineno">  223</span>    }</div>
+<div class="line"><a id="l00224" name="l00224"></a><span class="lineno">  224</span><span class="preprocessor">#ifdef _SHOW_THREAD_INFO</span></div>
+<div class="line"><a id="l00225" name="l00225"></a><span class="lineno">  225</span>    std::cout &lt;&lt; <span class="stringliteral">&quot;\n=== TID &quot;</span> &lt;&lt; std::dec &lt;&lt; GetThreadId(hThread) &lt;&lt; <span class="stringliteral">&quot; ===\n&quot;</span>;</div>
+<div class="line"><a id="l00226" name="l00226"></a><span class="lineno">  226</span><span class="preprocessor">#endif </span><span class="comment">//_SHOW_THREAD_INFO</span></div>
+<div class="line"><a id="l00227" name="l00227"></a><span class="lineno">  227</span>    <span class="keywordflow">return</span> analyzeStackFrames(args.<a class="code hl_variable" href="struct__t__stack__enum__params.html#afd374d69c557b225099cff673e6ab6d7">stack_frame</a>, cDetails);</div>
+<div class="line"><a id="l00228" name="l00228"></a><span class="lineno">  228</span>}</div>
 </div>
-<div class="line"><a id="l00228" name="l00228"></a><span class="lineno">  228</span> </div>
-<div class="foldopen" id="foldopen00229" data-start="{" data-end="}">
-<div class="line"><a id="l00229" name="l00229"></a><span class="lineno"><a class="line" href="classpesieve_1_1_thread_scanner.html#ab1cc74daf162025643c225c29cd8225b">  229</a></span><span class="keywordtype">bool</span> <a class="code hl_function" href="classpesieve_1_1_thread_scanner.html#ab1cc74daf162025643c225c29cd8225b">pesieve::ThreadScanner::fetchThreadCtxDetails</a>(IN HANDLE hProcess, IN HANDLE hThread, OUT <a class="code hl_struct" href="structpesieve_1_1__ctx__details.html">ctx_details</a>&amp; cDetails)</div>
-<div class="line"><a id="l00230" name="l00230"></a><span class="lineno">  230</span>{</div>
-<div class="line"><a id="l00231" name="l00231"></a><span class="lineno">  231</span>    <span class="keywordtype">bool</span> is_ok = <span class="keyword">false</span>;</div>
-<div class="line"><a id="l00232" name="l00232"></a><span class="lineno">  232</span>    BOOL is_wow64 = FALSE;</div>
-<div class="line"><a id="l00233" name="l00233"></a><span class="lineno">  233</span><span class="preprocessor">#ifdef _WIN64</span></div>
-<div class="line"><a id="l00234" name="l00234"></a><span class="lineno">  234</span>    <a class="code hl_function" href="namespacepesieve_1_1util.html#a43b6faf00b6a97279f2d67f4a3fd2513">pesieve::util::is_process_wow64</a>(hProcess, &amp;is_wow64);</div>
-<div class="line"><a id="l00235" name="l00235"></a><span class="lineno">  235</span> </div>
-<div class="line"><a id="l00236" name="l00236"></a><span class="lineno">  236</span>    <span class="keywordflow">if</span> (is_wow64) {</div>
-<div class="line"><a id="l00237" name="l00237"></a><span class="lineno">  237</span>        WOW64_CONTEXT ctx = { 0 };</div>
-<div class="line"><a id="l00238" name="l00238"></a><span class="lineno">  238</span>        ctx.ContextFlags = CONTEXT_INTEGER | CONTEXT_CONTROL;</div>
-<div class="line"><a id="l00239" name="l00239"></a><span class="lineno">  239</span>        <span class="keywordflow">if</span> (<a class="code hl_function" href="namespacepesieve_1_1util.html#adafdd61439fc2750cec84fb15d59ecf8">pesieve::util::wow64_get_thread_context</a>(hThread, &amp;ctx)) {</div>
-<div class="line"><a id="l00240" name="l00240"></a><span class="lineno">  240</span>            is_ok = <span class="keyword">true</span>;</div>
-<div class="line"><a id="l00241" name="l00241"></a><span class="lineno">  241</span>            cDetails.init(<span class="keyword">false</span>, ctx.Eip, ctx.Esp, ctx.Ebp);</div>
-<div class="line"><a id="l00242" name="l00242"></a><span class="lineno">  242</span>            fillStackFrameInfo(hProcess, hThread, &amp;ctx, cDetails);</div>
-<div class="line"><a id="l00243" name="l00243"></a><span class="lineno">  243</span>        }</div>
-<div class="line"><a id="l00244" name="l00244"></a><span class="lineno">  244</span>    }</div>
-<div class="line"><a id="l00245" name="l00245"></a><span class="lineno">  245</span><span class="preprocessor">#endif</span></div>
-<div class="line"><a id="l00246" name="l00246"></a><span class="lineno">  246</span>    <span class="keywordflow">if</span> (!is_ok) {</div>
-<div class="line"><a id="l00247" name="l00247"></a><span class="lineno">  247</span> </div>
-<div class="line"><a id="l00248" name="l00248"></a><span class="lineno">  248</span>        CONTEXT ctx = { 0 };</div>
-<div class="line"><a id="l00249" name="l00249"></a><span class="lineno">  249</span>        ctx.ContextFlags = CONTEXT_INTEGER | CONTEXT_CONTROL;</div>
-<div class="line"><a id="l00250" name="l00250"></a><span class="lineno">  250</span>        <span class="keywordflow">if</span> (GetThreadContext(hThread, &amp;ctx)) {</div>
-<div class="line"><a id="l00251" name="l00251"></a><span class="lineno">  251</span>            is_ok = <span class="keyword">true</span>;</div>
-<div class="line"><a id="l00252" name="l00252"></a><span class="lineno">  252</span><span class="preprocessor">#ifdef _WIN64</span></div>
-<div class="line"><a id="l00253" name="l00253"></a><span class="lineno">  253</span>            cDetails.init(<span class="keyword">true</span>, ctx.Rip, ctx.Rsp, ctx.Rbp);</div>
-<div class="line"><a id="l00254" name="l00254"></a><span class="lineno">  254</span><span class="preprocessor">#else</span></div>
-<div class="line"><a id="l00255" name="l00255"></a><span class="lineno">  255</span>            cDetails.init(<span class="keyword">false</span>, ctx.Eip, ctx.Esp, ctx.Ebp);</div>
-<div class="line"><a id="l00256" name="l00256"></a><span class="lineno">  256</span><span class="preprocessor">#endif</span></div>
-<div class="line"><a id="l00257" name="l00257"></a><span class="lineno">  257</span>            fillStackFrameInfo(hProcess, hThread, &amp;ctx, cDetails);</div>
-<div class="line"><a id="l00258" name="l00258"></a><span class="lineno">  258</span>        }</div>
-<div class="line"><a id="l00259" name="l00259"></a><span class="lineno">  259</span>    }</div>
-<div class="line"><a id="l00260" name="l00260"></a><span class="lineno">  260</span>    <span class="keywordflow">return</span> is_ok;</div>
-<div class="line"><a id="l00261" name="l00261"></a><span class="lineno">  261</span>}</div>
+<div class="line"><a id="l00229" name="l00229"></a><span class="lineno">  229</span> </div>
+<div class="foldopen" id="foldopen00230" data-start="{" data-end="}">
+<div class="line"><a id="l00230" name="l00230"></a><span class="lineno"><a class="line" href="classpesieve_1_1_thread_scanner.html#ab1cc74daf162025643c225c29cd8225b">  230</a></span><span class="keywordtype">bool</span> <a class="code hl_function" href="classpesieve_1_1_thread_scanner.html#ab1cc74daf162025643c225c29cd8225b">pesieve::ThreadScanner::fetchThreadCtxDetails</a>(IN HANDLE hProcess, IN HANDLE hThread, OUT <a class="code hl_struct" href="structpesieve_1_1__ctx__details.html">ctx_details</a>&amp; cDetails)</div>
+<div class="line"><a id="l00231" name="l00231"></a><span class="lineno">  231</span>{</div>
+<div class="line"><a id="l00232" name="l00232"></a><span class="lineno">  232</span>    <span class="keywordtype">bool</span> is_ok = <span class="keyword">false</span>;</div>
+<div class="line"><a id="l00233" name="l00233"></a><span class="lineno">  233</span>    BOOL is_wow64 = FALSE;</div>
+<div class="line"><a id="l00234" name="l00234"></a><span class="lineno">  234</span><span class="preprocessor">#ifdef _WIN64</span></div>
+<div class="line"><a id="l00235" name="l00235"></a><span class="lineno">  235</span>    <a class="code hl_function" href="namespacepesieve_1_1util.html#a43b6faf00b6a97279f2d67f4a3fd2513">pesieve::util::is_process_wow64</a>(hProcess, &amp;is_wow64);</div>
+<div class="line"><a id="l00236" name="l00236"></a><span class="lineno">  236</span> </div>
+<div class="line"><a id="l00237" name="l00237"></a><span class="lineno">  237</span>    <span class="keywordflow">if</span> (is_wow64) {</div>
+<div class="line"><a id="l00238" name="l00238"></a><span class="lineno">  238</span>        WOW64_CONTEXT ctx = { 0 };</div>
+<div class="line"><a id="l00239" name="l00239"></a><span class="lineno">  239</span>        ctx.ContextFlags = CONTEXT_INTEGER | CONTEXT_CONTROL;</div>
+<div class="line"><a id="l00240" name="l00240"></a><span class="lineno">  240</span>        <span class="keywordflow">if</span> (<a class="code hl_function" href="namespacepesieve_1_1util.html#adafdd61439fc2750cec84fb15d59ecf8">pesieve::util::wow64_get_thread_context</a>(hThread, &amp;ctx)) {</div>
+<div class="line"><a id="l00241" name="l00241"></a><span class="lineno">  241</span>            is_ok = <span class="keyword">true</span>;</div>
+<div class="line"><a id="l00242" name="l00242"></a><span class="lineno">  242</span>            cDetails.init(<span class="keyword">false</span>, ctx.Eip, ctx.Esp, ctx.Ebp);</div>
+<div class="line"><a id="l00243" name="l00243"></a><span class="lineno">  243</span>            fillStackFrameInfo(hProcess, hThread, &amp;ctx, cDetails);</div>
+<div class="line"><a id="l00244" name="l00244"></a><span class="lineno">  244</span>        }</div>
+<div class="line"><a id="l00245" name="l00245"></a><span class="lineno">  245</span>    }</div>
+<div class="line"><a id="l00246" name="l00246"></a><span class="lineno">  246</span><span class="preprocessor">#endif</span></div>
+<div class="line"><a id="l00247" name="l00247"></a><span class="lineno">  247</span>    <span class="keywordflow">if</span> (!is_ok) {</div>
+<div class="line"><a id="l00248" name="l00248"></a><span class="lineno">  248</span> </div>
+<div class="line"><a id="l00249" name="l00249"></a><span class="lineno">  249</span>        CONTEXT ctx = { 0 };</div>
+<div class="line"><a id="l00250" name="l00250"></a><span class="lineno">  250</span>        ctx.ContextFlags = CONTEXT_INTEGER | CONTEXT_CONTROL;</div>
+<div class="line"><a id="l00251" name="l00251"></a><span class="lineno">  251</span>        <span class="keywordflow">if</span> (GetThreadContext(hThread, &amp;ctx)) {</div>
+<div class="line"><a id="l00252" name="l00252"></a><span class="lineno">  252</span>            is_ok = <span class="keyword">true</span>;</div>
+<div class="line"><a id="l00253" name="l00253"></a><span class="lineno">  253</span><span class="preprocessor">#ifdef _WIN64</span></div>
+<div class="line"><a id="l00254" name="l00254"></a><span class="lineno">  254</span>            cDetails.init(<span class="keyword">true</span>, ctx.Rip, ctx.Rsp, ctx.Rbp);</div>
+<div class="line"><a id="l00255" name="l00255"></a><span class="lineno">  255</span><span class="preprocessor">#else</span></div>
+<div class="line"><a id="l00256" name="l00256"></a><span class="lineno">  256</span>            cDetails.init(<span class="keyword">false</span>, ctx.Eip, ctx.Esp, ctx.Ebp);</div>
+<div class="line"><a id="l00257" name="l00257"></a><span class="lineno">  257</span><span class="preprocessor">#endif</span></div>
+<div class="line"><a id="l00258" name="l00258"></a><span class="lineno">  258</span>            fillStackFrameInfo(hProcess, hThread, &amp;ctx, cDetails);</div>
+<div class="line"><a id="l00259" name="l00259"></a><span class="lineno">  259</span>        }</div>
+<div class="line"><a id="l00260" name="l00260"></a><span class="lineno">  260</span>    }</div>
+<div class="line"><a id="l00261" name="l00261"></a><span class="lineno">  261</span>    <span class="keywordflow">return</span> is_ok;</div>
+<div class="line"><a id="l00262" name="l00262"></a><span class="lineno">  262</span>}</div>
 </div>
-<div class="line"><a id="l00262" name="l00262"></a><span class="lineno">  262</span> </div>
-<div class="foldopen" id="foldopen00263" data-start="{" data-end="}">
-<div class="line"><a id="l00263" name="l00263"></a><span class="lineno"><a class="line" href="classpesieve_1_1_thread_scanner.html#a912120f6549a8b27c3e8166ccd2511cf">  263</a></span><span class="keywordtype">bool</span> <a class="code hl_function" href="classpesieve_1_1_thread_scanner.html#a912120f6549a8b27c3e8166ccd2511cf">pesieve::ThreadScanner::isAddrInShellcode</a>(<span class="keyword">const</span> ULONGLONG addr)</div>
-<div class="line"><a id="l00264" name="l00264"></a><span class="lineno">  264</span>{</div>
-<div class="line"><a id="l00265" name="l00265"></a><span class="lineno">  265</span>    <a class="code hl_class" href="classpesieve_1_1_scanned_module.html">ScannedModule</a>* mod = modulesInfo.findModuleContaining(addr);</div>
-<div class="line"><a id="l00266" name="l00266"></a><span class="lineno">  266</span>    <span class="keywordflow">if</span> (!mod) <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
-<div class="line"><a id="l00267" name="l00267"></a><span class="lineno">  267</span> </div>
-<div class="line"><a id="l00268" name="l00268"></a><span class="lineno">  268</span>    <span class="comment">//the module is named</span></div>
-<div class="line"><a id="l00269" name="l00269"></a><span class="lineno">  269</span>    <span class="keywordflow">if</span> (mod-&gt;<a class="code hl_function" href="classpesieve_1_1_scanned_module.html#a032f8ad62f6bd513835a020fa8f55abb">getModName</a>().length() &gt; 0) {</div>
-<div class="line"><a id="l00270" name="l00270"></a><span class="lineno">  270</span>        <span class="keywordflow">return</span> <span class="keyword">false</span>;</div>
-<div class="line"><a id="l00271" name="l00271"></a><span class="lineno">  271</span>    }</div>
-<div class="line"><a id="l00272" name="l00272"></a><span class="lineno">  272</span>    <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
-<div class="line"><a id="l00273" name="l00273"></a><span class="lineno">  273</span>}</div>
+<div class="line"><a id="l00263" name="l00263"></a><span class="lineno">  263</span> </div>
+<div class="foldopen" id="foldopen00264" data-start="{" data-end="}">
+<div class="line"><a id="l00264" name="l00264"></a><span class="lineno"><a class="line" href="classpesieve_1_1_thread_scanner.html#a912120f6549a8b27c3e8166ccd2511cf">  264</a></span><span class="keywordtype">bool</span> <a class="code hl_function" href="classpesieve_1_1_thread_scanner.html#a912120f6549a8b27c3e8166ccd2511cf">pesieve::ThreadScanner::isAddrInShellcode</a>(<span class="keyword">const</span> ULONGLONG addr)</div>
+<div class="line"><a id="l00265" name="l00265"></a><span class="lineno">  265</span>{</div>
+<div class="line"><a id="l00266" name="l00266"></a><span class="lineno">  266</span>    <a class="code hl_class" href="classpesieve_1_1_scanned_module.html">ScannedModule</a>* mod = modulesInfo.findModuleContaining(addr);</div>
+<div class="line"><a id="l00267" name="l00267"></a><span class="lineno">  267</span>    <span class="keywordflow">if</span> (!mod) <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
+<div class="line"><a id="l00268" name="l00268"></a><span class="lineno">  268</span> </div>
+<div class="line"><a id="l00269" name="l00269"></a><span class="lineno">  269</span>    <span class="comment">//the module is named</span></div>
+<div class="line"><a id="l00270" name="l00270"></a><span class="lineno">  270</span>    <span class="keywordflow">if</span> (mod-&gt;<a class="code hl_function" href="classpesieve_1_1_scanned_module.html#a032f8ad62f6bd513835a020fa8f55abb">getModName</a>().length() &gt; 0) {</div>
+<div class="line"><a id="l00271" name="l00271"></a><span class="lineno">  271</span>        <span class="keywordflow">return</span> <span class="keyword">false</span>;</div>
+<div class="line"><a id="l00272" name="l00272"></a><span class="lineno">  272</span>    }</div>
+<div class="line"><a id="l00273" name="l00273"></a><span class="lineno">  273</span>    <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
+<div class="line"><a id="l00274" name="l00274"></a><span class="lineno">  274</span>}</div>
 </div>
-<div class="line"><a id="l00274" name="l00274"></a><span class="lineno">  274</span> </div>
-<div class="foldopen" id="foldopen00275" data-start="{" data-end="}">
-<div class="line"><a id="l00275" name="l00275"></a><span class="lineno"><a class="line" href="classpesieve_1_1_thread_scanner.html#ac35db3f1ec2765f9dda550b04f0cb9ee">  275</a></span><span class="keywordtype">bool</span> <a class="code hl_function" href="classpesieve_1_1_thread_scanner.html#ac35db3f1ec2765f9dda550b04f0cb9ee">pesieve::ThreadScanner::printResolvedAddr</a>(<span class="keyword">const</span> ULONGLONG addr)</div>
-<div class="line"><a id="l00276" name="l00276"></a><span class="lineno">  276</span>{</div>
-<div class="line"><a id="l00277" name="l00277"></a><span class="lineno">  277</span>    <span class="keywordtype">bool</span> is_resolved = <span class="keyword">false</span>;</div>
-<div class="line"><a id="l00278" name="l00278"></a><span class="lineno">  278</span>    std::cout &lt;&lt; std::hex &lt;&lt; addr;</div>
-<div class="line"><a id="l00279" name="l00279"></a><span class="lineno">  279</span>    <a class="code hl_class" href="classpesieve_1_1_scanned_module.html">ScannedModule</a>* mod = modulesInfo.findModuleContaining(addr);</div>
-<div class="line"><a id="l00280" name="l00280"></a><span class="lineno">  280</span>    <span class="keywordflow">if</span> (mod) {</div>
-<div class="line"><a id="l00281" name="l00281"></a><span class="lineno">  281</span>        std::cout &lt;&lt; <span class="stringliteral">&quot; : &quot;</span> &lt;&lt; mod-&gt;<a class="code hl_function" href="classpesieve_1_1_scanned_module.html#a032f8ad62f6bd513835a020fa8f55abb">getModName</a>();</div>
-<div class="line"><a id="l00282" name="l00282"></a><span class="lineno">  282</span>        is_resolved = <span class="keyword">true</span>;</div>
-<div class="line"><a id="l00283" name="l00283"></a><span class="lineno">  283</span>    }</div>
-<div class="line"><a id="l00284" name="l00284"></a><span class="lineno">  284</span>    <span class="keywordflow">if</span> (exportsMap &amp;&amp; is_resolved) {</div>
-<div class="line"><a id="l00285" name="l00285"></a><span class="lineno">  285</span>        <span class="keywordtype">bool</span> search_name = <span class="keyword">false</span>;</div>
-<div class="line"><a id="l00286" name="l00286"></a><span class="lineno">  286</span>        <span class="keywordflow">if</span> (mod-&gt;<a class="code hl_function" href="classpesieve_1_1_scanned_module.html#a032f8ad62f6bd513835a020fa8f55abb">getModName</a>() == <span class="stringliteral">&quot;ntdll.dll&quot;</span> || mod-&gt;<a class="code hl_function" href="classpesieve_1_1_scanned_module.html#a032f8ad62f6bd513835a020fa8f55abb">getModName</a>() == <span class="stringliteral">&quot;win32u.dll&quot;</span>) {</div>
-<div class="line"><a id="l00287" name="l00287"></a><span class="lineno">  287</span>            search_name = <span class="keyword">true</span>;</div>
-<div class="line"><a id="l00288" name="l00288"></a><span class="lineno">  288</span>        }</div>
-<div class="line"><a id="l00289" name="l00289"></a><span class="lineno">  289</span>        <span class="keywordflow">for</span> (<span class="keywordtype">size_t</span> i = 0; i &lt; 25; i++) {</div>
-<div class="line"><a id="l00290" name="l00290"></a><span class="lineno">  290</span>            <span class="keyword">const</span> peconv::ExportedFunc* exp = exportsMap-&gt;find_export_by_va(addr - i);</div>
-<div class="line"><a id="l00291" name="l00291"></a><span class="lineno">  291</span>            <span class="keywordflow">if</span> (exp) {</div>
-<div class="line"><a id="l00292" name="l00292"></a><span class="lineno">  292</span>                std::cout &lt;&lt; <span class="stringliteral">&quot; : &quot;</span> &lt;&lt; exp-&gt;toString();</div>
-<div class="line"><a id="l00293" name="l00293"></a><span class="lineno">  293</span>                is_resolved = <span class="keyword">true</span>;</div>
-<div class="line"><a id="l00294" name="l00294"></a><span class="lineno">  294</span>                <span class="keywordflow">break</span>;</div>
-<div class="line"><a id="l00295" name="l00295"></a><span class="lineno">  295</span>            }</div>
-<div class="line"><a id="l00296" name="l00296"></a><span class="lineno">  296</span>            <span class="keywordflow">if</span> (!search_name) {</div>
-<div class="line"><a id="l00297" name="l00297"></a><span class="lineno">  297</span>                <span class="keywordflow">break</span>;</div>
-<div class="line"><a id="l00298" name="l00298"></a><span class="lineno">  298</span>            }</div>
-<div class="line"><a id="l00299" name="l00299"></a><span class="lineno">  299</span>        }</div>
-<div class="line"><a id="l00300" name="l00300"></a><span class="lineno">  300</span>    }</div>
-<div class="line"><a id="l00301" name="l00301"></a><span class="lineno">  301</span>    std::cout &lt;&lt; std::endl;</div>
-<div class="line"><a id="l00302" name="l00302"></a><span class="lineno">  302</span>    <span class="keywordflow">return</span> is_resolved;</div>
-<div class="line"><a id="l00303" name="l00303"></a><span class="lineno">  303</span>}</div>
+<div class="line"><a id="l00275" name="l00275"></a><span class="lineno">  275</span> </div>
+<div class="foldopen" id="foldopen00276" data-start="{" data-end="}">
+<div class="line"><a id="l00276" name="l00276"></a><span class="lineno"><a class="line" href="classpesieve_1_1_thread_scanner.html#ac35db3f1ec2765f9dda550b04f0cb9ee">  276</a></span><span class="keywordtype">bool</span> <a class="code hl_function" href="classpesieve_1_1_thread_scanner.html#ac35db3f1ec2765f9dda550b04f0cb9ee">pesieve::ThreadScanner::printResolvedAddr</a>(<span class="keyword">const</span> ULONGLONG addr)</div>
+<div class="line"><a id="l00277" name="l00277"></a><span class="lineno">  277</span>{</div>
+<div class="line"><a id="l00278" name="l00278"></a><span class="lineno">  278</span>    <span class="keywordtype">bool</span> is_resolved = <span class="keyword">false</span>;</div>
+<div class="line"><a id="l00279" name="l00279"></a><span class="lineno">  279</span>    std::cout &lt;&lt; std::hex &lt;&lt; addr;</div>
+<div class="line"><a id="l00280" name="l00280"></a><span class="lineno">  280</span>    <a class="code hl_class" href="classpesieve_1_1_scanned_module.html">ScannedModule</a>* mod = modulesInfo.findModuleContaining(addr);</div>
+<div class="line"><a id="l00281" name="l00281"></a><span class="lineno">  281</span>    <span class="keywordflow">if</span> (mod) {</div>
+<div class="line"><a id="l00282" name="l00282"></a><span class="lineno">  282</span>        std::cout &lt;&lt; <span class="stringliteral">&quot; : &quot;</span> &lt;&lt; mod-&gt;<a class="code hl_function" href="classpesieve_1_1_scanned_module.html#a032f8ad62f6bd513835a020fa8f55abb">getModName</a>();</div>
+<div class="line"><a id="l00283" name="l00283"></a><span class="lineno">  283</span>        is_resolved = <span class="keyword">true</span>;</div>
+<div class="line"><a id="l00284" name="l00284"></a><span class="lineno">  284</span>    }</div>
+<div class="line"><a id="l00285" name="l00285"></a><span class="lineno">  285</span>    <span class="keywordflow">if</span> (exportsMap &amp;&amp; is_resolved) {</div>
+<div class="line"><a id="l00286" name="l00286"></a><span class="lineno">  286</span>        <span class="keywordtype">bool</span> search_name = <span class="keyword">false</span>;</div>
+<div class="line"><a id="l00287" name="l00287"></a><span class="lineno">  287</span>        <span class="keywordflow">if</span> (mod-&gt;<a class="code hl_function" href="classpesieve_1_1_scanned_module.html#a032f8ad62f6bd513835a020fa8f55abb">getModName</a>() == <span class="stringliteral">&quot;ntdll.dll&quot;</span> || mod-&gt;<a class="code hl_function" href="classpesieve_1_1_scanned_module.html#a032f8ad62f6bd513835a020fa8f55abb">getModName</a>() == <span class="stringliteral">&quot;win32u.dll&quot;</span>) {</div>
+<div class="line"><a id="l00288" name="l00288"></a><span class="lineno">  288</span>            search_name = <span class="keyword">true</span>;</div>
+<div class="line"><a id="l00289" name="l00289"></a><span class="lineno">  289</span>        }</div>
+<div class="line"><a id="l00290" name="l00290"></a><span class="lineno">  290</span>        <span class="keywordflow">for</span> (<span class="keywordtype">size_t</span> i = 0; i &lt; 25; i++) {</div>
+<div class="line"><a id="l00291" name="l00291"></a><span class="lineno">  291</span>            <span class="keyword">const</span> peconv::ExportedFunc* exp = exportsMap-&gt;find_export_by_va(addr - i);</div>
+<div class="line"><a id="l00292" name="l00292"></a><span class="lineno">  292</span>            <span class="keywordflow">if</span> (exp) {</div>
+<div class="line"><a id="l00293" name="l00293"></a><span class="lineno">  293</span>                std::cout &lt;&lt; <span class="stringliteral">&quot; : &quot;</span> &lt;&lt; exp-&gt;toString();</div>
+<div class="line"><a id="l00294" name="l00294"></a><span class="lineno">  294</span>                is_resolved = <span class="keyword">true</span>;</div>
+<div class="line"><a id="l00295" name="l00295"></a><span class="lineno">  295</span>                <span class="keywordflow">break</span>;</div>
+<div class="line"><a id="l00296" name="l00296"></a><span class="lineno">  296</span>            }</div>
+<div class="line"><a id="l00297" name="l00297"></a><span class="lineno">  297</span>            <span class="keywordflow">if</span> (!search_name) {</div>
+<div class="line"><a id="l00298" name="l00298"></a><span class="lineno">  298</span>                <span class="keywordflow">break</span>;</div>
+<div class="line"><a id="l00299" name="l00299"></a><span class="lineno">  299</span>            }</div>
+<div class="line"><a id="l00300" name="l00300"></a><span class="lineno">  300</span>        }</div>
+<div class="line"><a id="l00301" name="l00301"></a><span class="lineno">  301</span>    }</div>
+<div class="line"><a id="l00302" name="l00302"></a><span class="lineno">  302</span>    std::cout &lt;&lt; std::endl;</div>
+<div class="line"><a id="l00303" name="l00303"></a><span class="lineno">  303</span>    <span class="keywordflow">return</span> is_resolved;</div>
+<div class="line"><a id="l00304" name="l00304"></a><span class="lineno">  304</span>}</div>
 </div>
-<div class="line"><a id="l00304" name="l00304"></a><span class="lineno">  304</span> </div>
-<div class="foldopen" id="foldopen00305" data-start="{" data-end="}">
-<div class="line"><a id="l00305" name="l00305"></a><span class="lineno"><a class="line" href="classpesieve_1_1_thread_scanner.html#a75c0be0ec6ea82b700f3ca5e846a0675">  305</a></span><span class="keywordtype">void</span> <a class="code hl_function" href="classpesieve_1_1_thread_scanner.html#a75c0be0ec6ea82b700f3ca5e846a0675">pesieve::ThreadScanner::printThreadInfo</a>(<span class="keyword">const</span> <a class="code hl_struct" href="structpesieve_1_1util_1_1__thread__info.html">pesieve::util::thread_info</a>&amp; threadi)</div>
-<div class="line"><a id="l00306" name="l00306"></a><span class="lineno">  306</span>{</div>
-<div class="line"><a id="l00307" name="l00307"></a><span class="lineno">  307</span>    std::cout &lt;&lt; std::dec &lt;&lt; <span class="stringliteral">&quot;TID: &quot;</span> &lt;&lt; threadi.<a class="code hl_variable" href="structpesieve_1_1util_1_1__thread__info.html#a390c3d14815d2aaaf625f9fc16f6f01b">tid</a> &lt;&lt; <span class="stringliteral">&quot;\n&quot;</span>;</div>
-<div class="line"><a id="l00308" name="l00308"></a><span class="lineno">  308</span>    std::cout &lt;&lt; std::hex &lt;&lt; <span class="stringliteral">&quot;\tStart   : &quot;</span>;</div>
-<div class="line"><a id="l00309" name="l00309"></a><span class="lineno">  309</span>    printResolvedAddr(threadi.<a class="code hl_variable" href="structpesieve_1_1util_1_1__thread__info.html#a2d408cca43d2e48530d63c394755e96b">start_addr</a>);</div>
-<div class="line"><a id="l00310" name="l00310"></a><span class="lineno">  310</span> </div>
-<div class="line"><a id="l00311" name="l00311"></a><span class="lineno">  311</span>    <span class="keywordflow">if</span> (threadi.<a class="code hl_variable" href="structpesieve_1_1util_1_1__thread__info.html#a8ec77c6fa5aa1dc71802d52afdc37386">is_extended</a>) {</div>
-<div class="line"><a id="l00312" name="l00312"></a><span class="lineno">  312</span>        std::cout &lt;&lt; std::hex &lt;&lt; <span class="stringliteral">&quot;\tSysStart: &quot;</span>;</div>
-<div class="line"><a id="l00313" name="l00313"></a><span class="lineno">  313</span>        printResolvedAddr(threadi.<a class="code hl_variable" href="structpesieve_1_1util_1_1__thread__info.html#aa8f037bcc48e97319145006c5ceef188">ext</a>.<a class="code hl_variable" href="structpesieve_1_1util_1_1__thread__info__ext.html#a015d9ec862bebffabeeea74cc94c6c03">sys_start_addr</a>);</div>
-<div class="line"><a id="l00314" name="l00314"></a><span class="lineno">  314</span>        std::cout &lt;&lt; <span class="stringliteral">&quot;\tState: [&quot;</span> &lt;&lt; <a class="code hl_function" href="classpesieve_1_1_thread_scan_report.html#af30839203957e838bc299232e05ab735">ThreadScanReport::translate_thread_state</a>(threadi.<a class="code hl_variable" href="structpesieve_1_1util_1_1__thread__info.html#aa8f037bcc48e97319145006c5ceef188">ext</a>.<a class="code hl_variable" href="structpesieve_1_1util_1_1__thread__info__ext.html#a64f10518106ade775aecd7f5c2caaf65">state</a>) &lt;&lt; <span class="stringliteral">&quot;]&quot;</span>;</div>
-<div class="line"><a id="l00315" name="l00315"></a><span class="lineno">  315</span>        <span class="keywordflow">if</span> (threadi.<a class="code hl_variable" href="structpesieve_1_1util_1_1__thread__info.html#aa8f037bcc48e97319145006c5ceef188">ext</a>.<a class="code hl_variable" href="structpesieve_1_1util_1_1__thread__info__ext.html#a64f10518106ade775aecd7f5c2caaf65">state</a> == Waiting) {</div>
-<div class="line"><a id="l00316" name="l00316"></a><span class="lineno">  316</span>            std::cout &lt;&lt; <span class="stringliteral">&quot; Reason: [&quot;</span> &lt;&lt; <a class="code hl_function" href="classpesieve_1_1_thread_scan_report.html#a6d190b1f19a3a9fe2c81cd18abb6a72f">ThreadScanReport::translate_wait_reason</a>(threadi.<a class="code hl_variable" href="structpesieve_1_1util_1_1__thread__info.html#aa8f037bcc48e97319145006c5ceef188">ext</a>.<a class="code hl_variable" href="structpesieve_1_1util_1_1__thread__info__ext.html#a389b5fb210ec491e9a7db99db5544928">wait_reason</a>) &lt;&lt; <span class="stringliteral">&quot;] Time: &quot;</span> &lt;&lt; threadi.<a class="code hl_variable" href="structpesieve_1_1util_1_1__thread__info.html#aa8f037bcc48e97319145006c5ceef188">ext</a>.<a class="code hl_variable" href="structpesieve_1_1util_1_1__thread__info__ext.html#adfe41a5fa3df04475f55ae54bf615e58">wait_time</a>;</div>
-<div class="line"><a id="l00317" name="l00317"></a><span class="lineno">  317</span>        }</div>
-<div class="line"><a id="l00318" name="l00318"></a><span class="lineno">  318</span>        std::cout &lt;&lt; <span class="stringliteral">&quot;\n&quot;</span>;</div>
-<div class="line"><a id="l00319" name="l00319"></a><span class="lineno">  319</span>    }</div>
-<div class="line"><a id="l00320" name="l00320"></a><span class="lineno">  320</span>    std::cout &lt;&lt; <span class="stringliteral">&quot;\n&quot;</span>;</div>
-<div class="line"><a id="l00321" name="l00321"></a><span class="lineno">  321</span>}</div>
+<div class="line"><a id="l00305" name="l00305"></a><span class="lineno">  305</span> </div>
+<div class="foldopen" id="foldopen00306" data-start="{" data-end="}">
+<div class="line"><a id="l00306" name="l00306"></a><span class="lineno"><a class="line" href="classpesieve_1_1_thread_scanner.html#a75c0be0ec6ea82b700f3ca5e846a0675">  306</a></span><span class="keywordtype">void</span> <a class="code hl_function" href="classpesieve_1_1_thread_scanner.html#a75c0be0ec6ea82b700f3ca5e846a0675">pesieve::ThreadScanner::printThreadInfo</a>(<span class="keyword">const</span> <a class="code hl_struct" href="structpesieve_1_1util_1_1__thread__info.html">pesieve::util::thread_info</a>&amp; threadi)</div>
+<div class="line"><a id="l00307" name="l00307"></a><span class="lineno">  307</span>{</div>
+<div class="line"><a id="l00308" name="l00308"></a><span class="lineno">  308</span>    std::cout &lt;&lt; std::dec &lt;&lt; <span class="stringliteral">&quot;TID: &quot;</span> &lt;&lt; threadi.<a class="code hl_variable" href="structpesieve_1_1util_1_1__thread__info.html#a390c3d14815d2aaaf625f9fc16f6f01b">tid</a> &lt;&lt; <span class="stringliteral">&quot;\n&quot;</span>;</div>
+<div class="line"><a id="l00309" name="l00309"></a><span class="lineno">  309</span>    std::cout &lt;&lt; std::hex &lt;&lt; <span class="stringliteral">&quot;\tStart   : &quot;</span>;</div>
+<div class="line"><a id="l00310" name="l00310"></a><span class="lineno">  310</span>    printResolvedAddr(threadi.<a class="code hl_variable" href="structpesieve_1_1util_1_1__thread__info.html#a2d408cca43d2e48530d63c394755e96b">start_addr</a>);</div>
+<div class="line"><a id="l00311" name="l00311"></a><span class="lineno">  311</span> </div>
+<div class="line"><a id="l00312" name="l00312"></a><span class="lineno">  312</span>    <span class="keywordflow">if</span> (threadi.<a class="code hl_variable" href="structpesieve_1_1util_1_1__thread__info.html#a8ec77c6fa5aa1dc71802d52afdc37386">is_extended</a>) {</div>
+<div class="line"><a id="l00313" name="l00313"></a><span class="lineno">  313</span>        std::cout &lt;&lt; std::hex &lt;&lt; <span class="stringliteral">&quot;\tSysStart: &quot;</span>;</div>
+<div class="line"><a id="l00314" name="l00314"></a><span class="lineno">  314</span>        printResolvedAddr(threadi.<a class="code hl_variable" href="structpesieve_1_1util_1_1__thread__info.html#aa8f037bcc48e97319145006c5ceef188">ext</a>.<a class="code hl_variable" href="structpesieve_1_1util_1_1__thread__info__ext.html#a015d9ec862bebffabeeea74cc94c6c03">sys_start_addr</a>);</div>
+<div class="line"><a id="l00315" name="l00315"></a><span class="lineno">  315</span>        std::cout &lt;&lt; <span class="stringliteral">&quot;\tState: [&quot;</span> &lt;&lt; <a class="code hl_function" href="classpesieve_1_1_thread_scan_report.html#af30839203957e838bc299232e05ab735">ThreadScanReport::translate_thread_state</a>(threadi.<a class="code hl_variable" href="structpesieve_1_1util_1_1__thread__info.html#aa8f037bcc48e97319145006c5ceef188">ext</a>.<a class="code hl_variable" href="structpesieve_1_1util_1_1__thread__info__ext.html#a64f10518106ade775aecd7f5c2caaf65">state</a>) &lt;&lt; <span class="stringliteral">&quot;]&quot;</span>;</div>
+<div class="line"><a id="l00316" name="l00316"></a><span class="lineno">  316</span>        <span class="keywordflow">if</span> (threadi.<a class="code hl_variable" href="structpesieve_1_1util_1_1__thread__info.html#aa8f037bcc48e97319145006c5ceef188">ext</a>.<a class="code hl_variable" href="structpesieve_1_1util_1_1__thread__info__ext.html#a64f10518106ade775aecd7f5c2caaf65">state</a> == Waiting) {</div>
+<div class="line"><a id="l00317" name="l00317"></a><span class="lineno">  317</span>            std::cout &lt;&lt; <span class="stringliteral">&quot; Reason: [&quot;</span> &lt;&lt; <a class="code hl_function" href="classpesieve_1_1_thread_scan_report.html#a6d190b1f19a3a9fe2c81cd18abb6a72f">ThreadScanReport::translate_wait_reason</a>(threadi.<a class="code hl_variable" href="structpesieve_1_1util_1_1__thread__info.html#aa8f037bcc48e97319145006c5ceef188">ext</a>.<a class="code hl_variable" href="structpesieve_1_1util_1_1__thread__info__ext.html#a389b5fb210ec491e9a7db99db5544928">wait_reason</a>) &lt;&lt; <span class="stringliteral">&quot;] Time: &quot;</span> &lt;&lt; threadi.<a class="code hl_variable" href="structpesieve_1_1util_1_1__thread__info.html#aa8f037bcc48e97319145006c5ceef188">ext</a>.<a class="code hl_variable" href="structpesieve_1_1util_1_1__thread__info__ext.html#adfe41a5fa3df04475f55ae54bf615e58">wait_time</a>;</div>
+<div class="line"><a id="l00318" name="l00318"></a><span class="lineno">  318</span>        }</div>
+<div class="line"><a id="l00319" name="l00319"></a><span class="lineno">  319</span>        std::cout &lt;&lt; <span class="stringliteral">&quot;\n&quot;</span>;</div>
+<div class="line"><a id="l00320" name="l00320"></a><span class="lineno">  320</span>    }</div>
+<div class="line"><a id="l00321" name="l00321"></a><span class="lineno">  321</span>    std::cout &lt;&lt; <span class="stringliteral">&quot;\n&quot;</span>;</div>
+<div class="line"><a id="l00322" name="l00322"></a><span class="lineno">  322</span>}</div>
 </div>
-<div class="line"><a id="l00322" name="l00322"></a><span class="lineno">  322</span> </div>
-<div class="foldopen" id="foldopen00323" data-start="{" data-end="}">
-<div class="line"><a id="l00323" name="l00323"></a><span class="lineno"><a class="line" href="thread__scanner_8cpp.html#a7b9ade21d4de016d2a048bf6cc42dbc0">  323</a></span><span class="keywordtype">bool</span> <a class="code hl_function" href="thread__scanner_8cpp.html#a7b9ade21d4de016d2a048bf6cc42dbc0">get_page_details</a>(HANDLE processHandle, LPVOID start_va, MEMORY_BASIC_INFORMATION &amp;page_info)</div>
-<div class="line"><a id="l00324" name="l00324"></a><span class="lineno">  324</span>{</div>
-<div class="line"><a id="l00325" name="l00325"></a><span class="lineno">  325</span>    <span class="keywordtype">size_t</span> page_info_size = <span class="keyword">sizeof</span>(MEMORY_BASIC_INFORMATION);</div>
-<div class="line"><a id="l00326" name="l00326"></a><span class="lineno">  326</span>    <span class="keyword">const</span> SIZE_T out = VirtualQueryEx(processHandle, (LPCVOID)start_va, &amp;page_info, page_info_size);</div>
-<div class="line"><a id="l00327" name="l00327"></a><span class="lineno">  327</span>    <span class="keyword">const</span> <span class="keywordtype">bool</span> is_read = (out == page_info_size) ? <span class="keyword">true</span> : <span class="keyword">false</span>;</div>
-<div class="line"><a id="l00328" name="l00328"></a><span class="lineno">  328</span>    <span class="keyword">const</span> DWORD error = is_read ? ERROR_SUCCESS : GetLastError();</div>
-<div class="line"><a id="l00329" name="l00329"></a><span class="lineno">  329</span>    <span class="keywordflow">if</span> (error != ERROR_SUCCESS) {</div>
-<div class="line"><a id="l00330" name="l00330"></a><span class="lineno">  330</span>        <span class="comment">//nothing to read</span></div>
-<div class="line"><a id="l00331" name="l00331"></a><span class="lineno">  331</span>        <span class="keywordflow">return</span> <span class="keyword">false</span>;</div>
-<div class="line"><a id="l00332" name="l00332"></a><span class="lineno">  332</span>    }</div>
-<div class="line"><a id="l00333" name="l00333"></a><span class="lineno">  333</span>    <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
-<div class="line"><a id="l00334" name="l00334"></a><span class="lineno">  334</span>}</div>
+<div class="line"><a id="l00323" name="l00323"></a><span class="lineno">  323</span> </div>
+<div class="foldopen" id="foldopen00324" data-start="{" data-end="}">
+<div class="line"><a id="l00324" name="l00324"></a><span class="lineno"><a class="line" href="thread__scanner_8cpp.html#a7b9ade21d4de016d2a048bf6cc42dbc0">  324</a></span><span class="keywordtype">bool</span> <a class="code hl_function" href="thread__scanner_8cpp.html#a7b9ade21d4de016d2a048bf6cc42dbc0">get_page_details</a>(HANDLE processHandle, LPVOID start_va, MEMORY_BASIC_INFORMATION &amp;page_info)</div>
+<div class="line"><a id="l00325" name="l00325"></a><span class="lineno">  325</span>{</div>
+<div class="line"><a id="l00326" name="l00326"></a><span class="lineno">  326</span>    <span class="keywordtype">size_t</span> page_info_size = <span class="keyword">sizeof</span>(MEMORY_BASIC_INFORMATION);</div>
+<div class="line"><a id="l00327" name="l00327"></a><span class="lineno">  327</span>    <span class="keyword">const</span> SIZE_T out = VirtualQueryEx(processHandle, (LPCVOID)start_va, &amp;page_info, page_info_size);</div>
+<div class="line"><a id="l00328" name="l00328"></a><span class="lineno">  328</span>    <span class="keyword">const</span> <span class="keywordtype">bool</span> is_read = (out == page_info_size) ? <span class="keyword">true</span> : <span class="keyword">false</span>;</div>
+<div class="line"><a id="l00329" name="l00329"></a><span class="lineno">  329</span>    <span class="keyword">const</span> DWORD error = is_read ? ERROR_SUCCESS : GetLastError();</div>
+<div class="line"><a id="l00330" name="l00330"></a><span class="lineno">  330</span>    <span class="keywordflow">if</span> (error != ERROR_SUCCESS) {</div>
+<div class="line"><a id="l00331" name="l00331"></a><span class="lineno">  331</span>        <span class="comment">//nothing to read</span></div>
+<div class="line"><a id="l00332" name="l00332"></a><span class="lineno">  332</span>        <span class="keywordflow">return</span> <span class="keyword">false</span>;</div>
+<div class="line"><a id="l00333" name="l00333"></a><span class="lineno">  333</span>    }</div>
+<div class="line"><a id="l00334" name="l00334"></a><span class="lineno">  334</span>    <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
+<div class="line"><a id="l00335" name="l00335"></a><span class="lineno">  335</span>}</div>
 </div>
-<div class="line"><a id="l00335" name="l00335"></a><span class="lineno">  335</span> </div>
-<div class="foldopen" id="foldopen00336" data-start="{" data-end="}">
-<div class="line"><a id="l00336" name="l00336"></a><span class="lineno"><a class="line" href="classpesieve_1_1_thread_scanner.html#a79df00ed9c178f7eab47cbb8ee43dd42">  336</a></span><span class="keywordtype">bool</span> <a class="code hl_function" href="classpesieve_1_1_thread_scanner.html#a79df00ed9c178f7eab47cbb8ee43dd42">pesieve::ThreadScanner::fillAreaStats</a>(<a class="code hl_class" href="classpesieve_1_1_thread_scan_report.html">ThreadScanReport</a>* my_report)</div>
-<div class="line"><a id="l00337" name="l00337"></a><span class="lineno">  337</span>{</div>
-<div class="line"><a id="l00338" name="l00338"></a><span class="lineno">  338</span>    <span class="keywordflow">if</span> (!my_report) <span class="keywordflow">return</span> <span class="keyword">false</span>;</div>
-<div class="line"><a id="l00339" name="l00339"></a><span class="lineno">  339</span> </div>
-<div class="line"><a id="l00340" name="l00340"></a><span class="lineno">  340</span>    ULONG_PTR end_va = (ULONG_PTR)my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a49bdf7d9e08c3b7ea427ccf1df2a15df">module</a> + my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a274ffb4b7c29b04c7b09852858540fac">moduleSize</a>;</div>
-<div class="line"><a id="l00341" name="l00341"></a><span class="lineno">  341</span>    <a class="code hl_class" href="classpesieve_1_1_mem_page_data.html">MemPageData</a> mem(this-&gt;processHandle, this-&gt;isReflection, (ULONG_PTR)my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a49bdf7d9e08c3b7ea427ccf1df2a15df">module</a>, end_va);</div>
-<div class="line"><a id="l00342" name="l00342"></a><span class="lineno">  342</span>    <span class="keywordflow">if</span> (!mem.<a class="code hl_function" href="classpesieve_1_1_mem_page_data.html#a59ed1087d268c1742139c7240ab5854f">fillInfo</a>() || !mem.<a class="code hl_function" href="classpesieve_1_1_mem_page_data.html#a01d3a9dc59b2965fa6defbc4dfda8524">load</a>()) {</div>
-<div class="line"><a id="l00343" name="l00343"></a><span class="lineno">  343</span>        <span class="keywordflow">return</span> <span class="keyword">false</span>;</div>
-<div class="line"><a id="l00344" name="l00344"></a><span class="lineno">  344</span>    }</div>
-<div class="line"><a id="l00345" name="l00345"></a><span class="lineno">  345</span>    <a class="code hl_class" href="classpesieve_1_1_area_stats_calculator.html">AreaStatsCalculator</a> calc(mem.<a class="code hl_variable" href="classpesieve_1_1_mem_page_data.html#a1a846ed452227d685a50a72ea516d0f9">loadedData</a>);</div>
-<div class="line"><a id="l00346" name="l00346"></a><span class="lineno">  346</span>    <span class="keywordflow">return</span> calc.<a class="code hl_function" href="classpesieve_1_1_area_stats_calculator.html#a5f85d093b7ddc31bb358a19917f6b4c2">fill</a>(my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_thread_scan_report.html#a00f0b36826c124dc6be154f0cdeb7f83">stats</a>, <span class="keyword">nullptr</span>);</div>
-<div class="line"><a id="l00347" name="l00347"></a><span class="lineno">  347</span>}</div>
+<div class="line"><a id="l00336" name="l00336"></a><span class="lineno">  336</span> </div>
+<div class="foldopen" id="foldopen00337" data-start="{" data-end="}">
+<div class="line"><a id="l00337" name="l00337"></a><span class="lineno"><a class="line" href="classpesieve_1_1_thread_scanner.html#a79df00ed9c178f7eab47cbb8ee43dd42">  337</a></span><span class="keywordtype">bool</span> <a class="code hl_function" href="classpesieve_1_1_thread_scanner.html#a79df00ed9c178f7eab47cbb8ee43dd42">pesieve::ThreadScanner::fillAreaStats</a>(<a class="code hl_class" href="classpesieve_1_1_thread_scan_report.html">ThreadScanReport</a>* my_report)</div>
+<div class="line"><a id="l00338" name="l00338"></a><span class="lineno">  338</span>{</div>
+<div class="line"><a id="l00339" name="l00339"></a><span class="lineno">  339</span>    <span class="keywordflow">if</span> (!my_report) <span class="keywordflow">return</span> <span class="keyword">false</span>;</div>
+<div class="line"><a id="l00340" name="l00340"></a><span class="lineno">  340</span> </div>
+<div class="line"><a id="l00341" name="l00341"></a><span class="lineno">  341</span>    ULONG_PTR end_va = (ULONG_PTR)my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a49bdf7d9e08c3b7ea427ccf1df2a15df">module</a> + my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a274ffb4b7c29b04c7b09852858540fac">moduleSize</a>;</div>
+<div class="line"><a id="l00342" name="l00342"></a><span class="lineno">  342</span>    <a class="code hl_class" href="classpesieve_1_1_mem_page_data.html">MemPageData</a> mem(this-&gt;processHandle, this-&gt;isReflection, (ULONG_PTR)my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a49bdf7d9e08c3b7ea427ccf1df2a15df">module</a>, end_va);</div>
+<div class="line"><a id="l00343" name="l00343"></a><span class="lineno">  343</span>    <span class="keywordflow">if</span> (!mem.<a class="code hl_function" href="classpesieve_1_1_mem_page_data.html#a59ed1087d268c1742139c7240ab5854f">fillInfo</a>() || !mem.<a class="code hl_function" href="classpesieve_1_1_mem_page_data.html#a01d3a9dc59b2965fa6defbc4dfda8524">load</a>()) {</div>
+<div class="line"><a id="l00344" name="l00344"></a><span class="lineno">  344</span>        <span class="keywordflow">return</span> <span class="keyword">false</span>;</div>
+<div class="line"><a id="l00345" name="l00345"></a><span class="lineno">  345</span>    }</div>
+<div class="line"><a id="l00346" name="l00346"></a><span class="lineno">  346</span>    <a class="code hl_class" href="classpesieve_1_1_area_stats_calculator.html">AreaStatsCalculator</a> calc(mem.<a class="code hl_variable" href="classpesieve_1_1_mem_page_data.html#a1a846ed452227d685a50a72ea516d0f9">loadedData</a>);</div>
+<div class="line"><a id="l00347" name="l00347"></a><span class="lineno">  347</span>    <span class="keywordflow">return</span> calc.<a class="code hl_function" href="classpesieve_1_1_area_stats_calculator.html#a5f85d093b7ddc31bb358a19917f6b4c2">fill</a>(my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_thread_scan_report.html#a00f0b36826c124dc6be154f0cdeb7f83">stats</a>, <span class="keyword">nullptr</span>);</div>
+<div class="line"><a id="l00348" name="l00348"></a><span class="lineno">  348</span>}</div>
 </div>
-<div class="line"><a id="l00348" name="l00348"></a><span class="lineno">  348</span> </div>
-<div class="foldopen" id="foldopen00349" data-start="{" data-end="}">
-<div class="line"><a id="l00349" name="l00349"></a><span class="lineno"><a class="line" href="classpesieve_1_1_thread_scanner.html#a36850edb808d4be733631fa2bcd3b7b4">  349</a></span><span class="keywordtype">bool</span> <a class="code hl_function" href="classpesieve_1_1_thread_scanner.html#a36850edb808d4be733631fa2bcd3b7b4">pesieve::ThreadScanner::reportSuspiciousAddr</a>(<a class="code hl_class" href="classpesieve_1_1_thread_scan_report.html">ThreadScanReport</a>* my_report, ULONGLONG susp_addr)</div>
-<div class="line"><a id="l00350" name="l00350"></a><span class="lineno">  350</span>{</div>
-<div class="line"><a id="l00351" name="l00351"></a><span class="lineno">  351</span>    MEMORY_BASIC_INFORMATION page_info = { 0 };</div>
-<div class="line"><a id="l00352" name="l00352"></a><span class="lineno">  352</span>    <span class="keywordflow">if</span> (!<a class="code hl_function" href="thread__scanner_8cpp.html#a7b9ade21d4de016d2a048bf6cc42dbc0">get_page_details</a>(processHandle, (LPVOID)susp_addr, page_info)) {</div>
-<div class="line"><a id="l00353" name="l00353"></a><span class="lineno">  353</span>        <span class="keywordflow">return</span> <span class="keyword">false</span>;</div>
-<div class="line"><a id="l00354" name="l00354"></a><span class="lineno">  354</span>    }</div>
-<div class="line"><a id="l00355" name="l00355"></a><span class="lineno">  355</span>    <span class="keywordflow">if</span> (page_info.State &amp; MEM_FREE) {</div>
-<div class="line"><a id="l00356" name="l00356"></a><span class="lineno">  356</span>        <span class="keywordflow">return</span> <span class="keyword">false</span>;</div>
-<div class="line"><a id="l00357" name="l00357"></a><span class="lineno">  357</span>    }</div>
-<div class="line"><a id="l00358" name="l00358"></a><span class="lineno">  358</span>    ULONGLONG base = (ULONGLONG)page_info.BaseAddress;</div>
-<div class="line"><a id="l00359" name="l00359"></a><span class="lineno">  359</span>    <span class="keywordflow">if</span> (this-&gt;<a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.is_extended) {</div>
-<div class="line"><a id="l00360" name="l00360"></a><span class="lineno">  360</span>        my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_thread_scan_report.html#aa4cc4cdcfd7be649a00dd57d46b70317">thread_state</a> = <a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.ext.state;</div>
-<div class="line"><a id="l00361" name="l00361"></a><span class="lineno">  361</span>        my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_thread_scan_report.html#acfe24bd84475b4de990f163e131a99e4">thread_wait_reason</a> = <a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.ext.wait_reason;</div>
-<div class="line"><a id="l00362" name="l00362"></a><span class="lineno">  362</span>        my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_thread_scan_report.html#a426ff44e71530e3f96236540d62d21e4">thread_wait_time</a> = <a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.ext.wait_time;</div>
-<div class="line"><a id="l00363" name="l00363"></a><span class="lineno">  363</span>    }</div>
-<div class="line"><a id="l00364" name="l00364"></a><span class="lineno">  364</span>    my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a49bdf7d9e08c3b7ea427ccf1df2a15df">module</a> = (HMODULE)base;</div>
-<div class="line"><a id="l00365" name="l00365"></a><span class="lineno">  365</span>    my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a274ffb4b7c29b04c7b09852858540fac">moduleSize</a> = page_info.RegionSize;</div>
-<div class="line"><a id="l00366" name="l00366"></a><span class="lineno">  366</span>    my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_thread_scan_report.html#a5419a44653c87acb8b8b49a53a2e67eb">protection</a> = page_info.AllocationProtect;</div>
-<div class="line"><a id="l00367" name="l00367"></a><span class="lineno">  367</span> </div>
-<div class="line"><a id="l00368" name="l00368"></a><span class="lineno">  368</span>    my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_thread_scan_report.html#a5a930aaa32e9de46d95b25018a373cbc">susp_addr</a> = susp_addr;</div>
-<div class="line"><a id="l00369" name="l00369"></a><span class="lineno">  369</span>    my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a10b0bdf16cb9e7af32e1ab9b35532f68">status</a> = <a class="code hl_enumvalue" href="namespacepesieve.html#a458a4723ce4aa55fd1033f3e36381883aa8e008219c2ccce11f9d85b511f9b5a6">SCAN_SUSPICIOUS</a>;</div>
-<div class="line"><a id="l00370" name="l00370"></a><span class="lineno">  370</span>    <span class="keyword">const</span> <span class="keywordtype">bool</span> isStatFilled = fillAreaStats(my_report);</div>
-<div class="line"><a id="l00371" name="l00371"></a><span class="lineno">  371</span><span class="preprocessor">#ifndef NO_ENTROPY_CHECK</span></div>
-<div class="line"><a id="l00372" name="l00372"></a><span class="lineno">  372</span>    <span class="keywordflow">if</span> (isStatFilled &amp;&amp; (my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_thread_scan_report.html#a00f0b36826c124dc6be154f0cdeb7f83">stats</a>.<a class="code hl_variable" href="classpesieve_1_1_area_entropy_stats.html#a82df077a940d6870308d72ba39cbeec2">entropy</a> &lt; <a class="code hl_define" href="thread__scanner_8cpp.html#acaf6cb2ff8299b9b3c55905f936d38a9">ENTROPY_TRESHOLD</a>)) {</div>
-<div class="line"><a id="l00373" name="l00373"></a><span class="lineno">  373</span>        my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a10b0bdf16cb9e7af32e1ab9b35532f68">status</a> = <a class="code hl_enumvalue" href="namespacepesieve.html#a458a4723ce4aa55fd1033f3e36381883a898214572c7aff1aca29db4a3ec9856d">SCAN_NOT_SUSPICIOUS</a>;</div>
-<div class="line"><a id="l00374" name="l00374"></a><span class="lineno">  374</span>    }</div>
-<div class="line"><a id="l00375" name="l00375"></a><span class="lineno">  375</span><span class="preprocessor">#endif</span></div>
-<div class="line"><a id="l00376" name="l00376"></a><span class="lineno">  376</span>    <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
-<div class="line"><a id="l00377" name="l00377"></a><span class="lineno">  377</span>}</div>
+<div class="line"><a id="l00349" name="l00349"></a><span class="lineno">  349</span> </div>
+<div class="foldopen" id="foldopen00350" data-start="{" data-end="}">
+<div class="line"><a id="l00350" name="l00350"></a><span class="lineno"><a class="line" href="classpesieve_1_1_thread_scanner.html#a36850edb808d4be733631fa2bcd3b7b4">  350</a></span><span class="keywordtype">bool</span> <a class="code hl_function" href="classpesieve_1_1_thread_scanner.html#a36850edb808d4be733631fa2bcd3b7b4">pesieve::ThreadScanner::reportSuspiciousAddr</a>(<a class="code hl_class" href="classpesieve_1_1_thread_scan_report.html">ThreadScanReport</a>* my_report, ULONGLONG susp_addr)</div>
+<div class="line"><a id="l00351" name="l00351"></a><span class="lineno">  351</span>{</div>
+<div class="line"><a id="l00352" name="l00352"></a><span class="lineno">  352</span>    MEMORY_BASIC_INFORMATION page_info = { 0 };</div>
+<div class="line"><a id="l00353" name="l00353"></a><span class="lineno">  353</span>    <span class="keywordflow">if</span> (!<a class="code hl_function" href="thread__scanner_8cpp.html#a7b9ade21d4de016d2a048bf6cc42dbc0">get_page_details</a>(processHandle, (LPVOID)susp_addr, page_info)) {</div>
+<div class="line"><a id="l00354" name="l00354"></a><span class="lineno">  354</span>        <span class="keywordflow">return</span> <span class="keyword">false</span>;</div>
+<div class="line"><a id="l00355" name="l00355"></a><span class="lineno">  355</span>    }</div>
+<div class="line"><a id="l00356" name="l00356"></a><span class="lineno">  356</span>    <span class="keywordflow">if</span> (page_info.State &amp; MEM_FREE) {</div>
+<div class="line"><a id="l00357" name="l00357"></a><span class="lineno">  357</span>        <span class="keywordflow">return</span> <span class="keyword">false</span>;</div>
+<div class="line"><a id="l00358" name="l00358"></a><span class="lineno">  358</span>    }</div>
+<div class="line"><a id="l00359" name="l00359"></a><span class="lineno">  359</span>    ULONGLONG base = (ULONGLONG)page_info.BaseAddress;</div>
+<div class="line"><a id="l00360" name="l00360"></a><span class="lineno">  360</span>    <span class="keywordflow">if</span> (this-&gt;<a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.is_extended) {</div>
+<div class="line"><a id="l00361" name="l00361"></a><span class="lineno">  361</span>        my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_thread_scan_report.html#aa4cc4cdcfd7be649a00dd57d46b70317">thread_state</a> = <a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.ext.state;</div>
+<div class="line"><a id="l00362" name="l00362"></a><span class="lineno">  362</span>        my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_thread_scan_report.html#acfe24bd84475b4de990f163e131a99e4">thread_wait_reason</a> = <a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.ext.wait_reason;</div>
+<div class="line"><a id="l00363" name="l00363"></a><span class="lineno">  363</span>        my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_thread_scan_report.html#a426ff44e71530e3f96236540d62d21e4">thread_wait_time</a> = <a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.ext.wait_time;</div>
+<div class="line"><a id="l00364" name="l00364"></a><span class="lineno">  364</span>    }</div>
+<div class="line"><a id="l00365" name="l00365"></a><span class="lineno">  365</span>    my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a49bdf7d9e08c3b7ea427ccf1df2a15df">module</a> = (HMODULE)base;</div>
+<div class="line"><a id="l00366" name="l00366"></a><span class="lineno">  366</span>    my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a274ffb4b7c29b04c7b09852858540fac">moduleSize</a> = page_info.RegionSize;</div>
+<div class="line"><a id="l00367" name="l00367"></a><span class="lineno">  367</span>    my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_thread_scan_report.html#a5419a44653c87acb8b8b49a53a2e67eb">protection</a> = page_info.AllocationProtect;</div>
+<div class="line"><a id="l00368" name="l00368"></a><span class="lineno">  368</span> </div>
+<div class="line"><a id="l00369" name="l00369"></a><span class="lineno">  369</span>    my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_thread_scan_report.html#a5a930aaa32e9de46d95b25018a373cbc">susp_addr</a> = susp_addr;</div>
+<div class="line"><a id="l00370" name="l00370"></a><span class="lineno">  370</span>    my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a10b0bdf16cb9e7af32e1ab9b35532f68">status</a> = <a class="code hl_enumvalue" href="namespacepesieve.html#a458a4723ce4aa55fd1033f3e36381883aa8e008219c2ccce11f9d85b511f9b5a6">SCAN_SUSPICIOUS</a>;</div>
+<div class="line"><a id="l00371" name="l00371"></a><span class="lineno">  371</span>    <span class="keyword">const</span> <span class="keywordtype">bool</span> isStatFilled = fillAreaStats(my_report);</div>
+<div class="line"><a id="l00372" name="l00372"></a><span class="lineno">  372</span><span class="preprocessor">#ifndef NO_ENTROPY_CHECK</span></div>
+<div class="line"><a id="l00373" name="l00373"></a><span class="lineno">  373</span>    <span class="keywordflow">if</span> (isStatFilled &amp;&amp; (my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_thread_scan_report.html#a00f0b36826c124dc6be154f0cdeb7f83">stats</a>.<a class="code hl_variable" href="classpesieve_1_1_area_entropy_stats.html#a82df077a940d6870308d72ba39cbeec2">entropy</a> &lt; <a class="code hl_define" href="thread__scanner_8cpp.html#acaf6cb2ff8299b9b3c55905f936d38a9">ENTROPY_TRESHOLD</a>)) {</div>
+<div class="line"><a id="l00374" name="l00374"></a><span class="lineno">  374</span>        my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a10b0bdf16cb9e7af32e1ab9b35532f68">status</a> = <a class="code hl_enumvalue" href="namespacepesieve.html#a458a4723ce4aa55fd1033f3e36381883a898214572c7aff1aca29db4a3ec9856d">SCAN_NOT_SUSPICIOUS</a>;</div>
+<div class="line"><a id="l00375" name="l00375"></a><span class="lineno">  375</span>    }</div>
+<div class="line"><a id="l00376" name="l00376"></a><span class="lineno">  376</span><span class="preprocessor">#endif</span></div>
+<div class="line"><a id="l00377" name="l00377"></a><span class="lineno">  377</span>    <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
+<div class="line"><a id="l00378" name="l00378"></a><span class="lineno">  378</span>}</div>
 </div>
-<div class="line"><a id="l00378" name="l00378"></a><span class="lineno">  378</span> </div>
-<div class="line"><a id="l00379" name="l00379"></a><span class="lineno">  379</span><span class="comment">// if extended info given, allow to filter out from the scan basing on the thread state and conditions</span></div>
-<div class="foldopen" id="foldopen00380" data-start="{" data-end="}">
-<div class="line"><a id="l00380" name="l00380"></a><span class="lineno"><a class="line" href="thread__scanner_8cpp.html#acde231c42b9527dcc026402dcb8b9d87">  380</a></span><span class="keywordtype">bool</span> <a class="code hl_function" href="thread__scanner_8cpp.html#acde231c42b9527dcc026402dcb8b9d87">should_scan_context</a>(<span class="keyword">const</span> <a class="code hl_struct" href="structpesieve_1_1util_1_1__thread__info.html">util::thread_info</a>&amp; <a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>)</div>
-<div class="line"><a id="l00381" name="l00381"></a><span class="lineno">  381</span>{</div>
-<div class="line"><a id="l00382" name="l00382"></a><span class="lineno">  382</span>    <span class="keywordflow">if</span> (!<a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.is_extended) {</div>
-<div class="line"><a id="l00383" name="l00383"></a><span class="lineno">  383</span>        <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
-<div class="line"><a id="l00384" name="l00384"></a><span class="lineno">  384</span>    }</div>
-<div class="line"><a id="l00385" name="l00385"></a><span class="lineno">  385</span>    <span class="keyword">const</span> KTHREAD_STATE state = (KTHREAD_STATE)<a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.ext.state;</div>
-<div class="line"><a id="l00386" name="l00386"></a><span class="lineno">  386</span>    <span class="keywordflow">if</span> (state == Ready) {</div>
-<div class="line"><a id="l00387" name="l00387"></a><span class="lineno">  387</span>        <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
-<div class="line"><a id="l00388" name="l00388"></a><span class="lineno">  388</span>    }</div>
-<div class="line"><a id="l00389" name="l00389"></a><span class="lineno">  389</span>    <span class="keywordflow">if</span> (state == Terminated) {</div>
-<div class="line"><a id="l00390" name="l00390"></a><span class="lineno">  390</span>        <span class="keywordflow">return</span> <span class="keyword">false</span>;</div>
-<div class="line"><a id="l00391" name="l00391"></a><span class="lineno">  391</span>    }</div>
-<div class="line"><a id="l00392" name="l00392"></a><span class="lineno">  392</span>    <span class="keywordflow">if</span> (state == Waiting) {</div>
-<div class="line"><a id="l00393" name="l00393"></a><span class="lineno">  393</span>        <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
-<div class="line"><a id="l00394" name="l00394"></a><span class="lineno">  394</span>    }</div>
-<div class="line"><a id="l00395" name="l00395"></a><span class="lineno">  395</span>    <span class="keywordflow">return</span> <span class="keyword">false</span>;</div>
-<div class="line"><a id="l00396" name="l00396"></a><span class="lineno">  396</span>}</div>
+<div class="line"><a id="l00379" name="l00379"></a><span class="lineno">  379</span> </div>
+<div class="line"><a id="l00380" name="l00380"></a><span class="lineno">  380</span><span class="comment">// if extended info given, allow to filter out from the scan basing on the thread state and conditions</span></div>
+<div class="foldopen" id="foldopen00381" data-start="{" data-end="}">
+<div class="line"><a id="l00381" name="l00381"></a><span class="lineno"><a class="line" href="thread__scanner_8cpp.html#acde231c42b9527dcc026402dcb8b9d87">  381</a></span><span class="keywordtype">bool</span> <a class="code hl_function" href="thread__scanner_8cpp.html#acde231c42b9527dcc026402dcb8b9d87">should_scan_context</a>(<span class="keyword">const</span> <a class="code hl_struct" href="structpesieve_1_1util_1_1__thread__info.html">util::thread_info</a>&amp; <a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>)</div>
+<div class="line"><a id="l00382" name="l00382"></a><span class="lineno">  382</span>{</div>
+<div class="line"><a id="l00383" name="l00383"></a><span class="lineno">  383</span>    <span class="keywordflow">if</span> (!<a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.is_extended) {</div>
+<div class="line"><a id="l00384" name="l00384"></a><span class="lineno">  384</span>        <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
+<div class="line"><a id="l00385" name="l00385"></a><span class="lineno">  385</span>    }</div>
+<div class="line"><a id="l00386" name="l00386"></a><span class="lineno">  386</span>    <span class="keyword">const</span> KTHREAD_STATE state = (KTHREAD_STATE)<a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.ext.state;</div>
+<div class="line"><a id="l00387" name="l00387"></a><span class="lineno">  387</span>    <span class="keywordflow">if</span> (state == Ready) {</div>
+<div class="line"><a id="l00388" name="l00388"></a><span class="lineno">  388</span>        <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
+<div class="line"><a id="l00389" name="l00389"></a><span class="lineno">  389</span>    }</div>
+<div class="line"><a id="l00390" name="l00390"></a><span class="lineno">  390</span>    <span class="keywordflow">if</span> (state == Terminated) {</div>
+<div class="line"><a id="l00391" name="l00391"></a><span class="lineno">  391</span>        <span class="keywordflow">return</span> <span class="keyword">false</span>;</div>
+<div class="line"><a id="l00392" name="l00392"></a><span class="lineno">  392</span>    }</div>
+<div class="line"><a id="l00393" name="l00393"></a><span class="lineno">  393</span>    <span class="keywordflow">if</span> (state == Waiting) {</div>
+<div class="line"><a id="l00394" name="l00394"></a><span class="lineno">  394</span>        <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
+<div class="line"><a id="l00395" name="l00395"></a><span class="lineno">  395</span>    }</div>
+<div class="line"><a id="l00396" name="l00396"></a><span class="lineno">  396</span>    <span class="keywordflow">return</span> <span class="keyword">false</span>;</div>
+<div class="line"><a id="l00397" name="l00397"></a><span class="lineno">  397</span>}</div>
 </div>
-<div class="line"><a id="l00397" name="l00397"></a><span class="lineno">  397</span> </div>
-<div class="foldopen" id="foldopen00398" data-start="{" data-end="}">
-<div class="line"><a id="l00398" name="l00398"></a><span class="lineno"><a class="line" href="classpesieve_1_1_thread_scanner.html#a23839353374eedcda7c92b0c7ce6b3bf">  398</a></span><a class="code hl_class" href="classpesieve_1_1_thread_scan_report.html">ThreadScanReport</a>* <a class="code hl_function" href="classpesieve_1_1_thread_scanner.html#a23839353374eedcda7c92b0c7ce6b3bf">pesieve::ThreadScanner::scanRemote</a>()</div>
-<div class="line"><a id="l00399" name="l00399"></a><span class="lineno">  399</span>{</div>
-<div class="line"><a id="l00400" name="l00400"></a><span class="lineno">  400</span>    <a class="code hl_class" href="classpesieve_1_1_thread_scan_report.html">ThreadScanReport</a>* my_report = <span class="keyword">new</span> <a class="code hl_class" href="classpesieve_1_1_thread_scan_report.html">ThreadScanReport</a>(<a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.tid);</div>
-<div class="line"><a id="l00401" name="l00401"></a><span class="lineno">  401</span>    <span class="keywordflow">if</span> (!my_report) <span class="keywordflow">return</span> <span class="keyword">nullptr</span>;</div>
-<div class="line"><a id="l00402" name="l00402"></a><span class="lineno">  402</span><span class="preprocessor">#ifdef _SHOW_THREAD_INFO</span></div>
-<div class="line"><a id="l00403" name="l00403"></a><span class="lineno">  403</span>    printThreadInfo(<a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>);</div>
-<div class="line"><a id="l00404" name="l00404"></a><span class="lineno">  404</span><span class="preprocessor">#endif </span><span class="comment">// _SHOW_THREAD_INFO</span></div>
-<div class="line"><a id="l00405" name="l00405"></a><span class="lineno">  405</span>    <span class="keywordtype">bool</span> is_shc = isAddrInShellcode(<a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.start_addr);</div>
-<div class="line"><a id="l00406" name="l00406"></a><span class="lineno">  406</span>    <span class="keywordflow">if</span> (is_shc) {</div>
-<div class="line"><a id="l00407" name="l00407"></a><span class="lineno">  407</span>        <span class="keywordflow">if</span> (reportSuspiciousAddr(my_report, <a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.start_addr)) {</div>
-<div class="line"><a id="l00408" name="l00408"></a><span class="lineno">  408</span>            <span class="keywordflow">return</span> my_report;</div>
-<div class="line"><a id="l00409" name="l00409"></a><span class="lineno">  409</span>        }</div>
-<div class="line"><a id="l00410" name="l00410"></a><span class="lineno">  410</span>    }</div>
-<div class="line"><a id="l00411" name="l00411"></a><span class="lineno">  411</span><span class="preprocessor">#ifndef _DEBUG</span></div>
-<div class="line"><a id="l00412" name="l00412"></a><span class="lineno">  412</span>    <span class="comment">// if NOT compiled in a debug mode, make this check BEFORE scan</span></div>
-<div class="line"><a id="l00413" name="l00413"></a><span class="lineno">  413</span>    <span class="keywordflow">if</span> (!<a class="code hl_function" href="thread__scanner_8cpp.html#acde231c42b9527dcc026402dcb8b9d87">should_scan_context</a>(<a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>)) {</div>
-<div class="line"><a id="l00414" name="l00414"></a><span class="lineno">  414</span>        my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a10b0bdf16cb9e7af32e1ab9b35532f68">status</a> = <a class="code hl_enumvalue" href="namespacepesieve.html#a458a4723ce4aa55fd1033f3e36381883a898214572c7aff1aca29db4a3ec9856d">SCAN_NOT_SUSPICIOUS</a>;</div>
-<div class="line"><a id="l00415" name="l00415"></a><span class="lineno">  415</span>        <span class="keywordflow">return</span> my_report;</div>
-<div class="line"><a id="l00416" name="l00416"></a><span class="lineno">  416</span>    }</div>
-<div class="line"><a id="l00417" name="l00417"></a><span class="lineno">  417</span><span class="preprocessor">#endif</span></div>
-<div class="line"><a id="l00418" name="l00418"></a><span class="lineno">  418</span>    <span class="comment">// proceed with detailed checks:</span></div>
-<div class="line"><a id="l00419" name="l00419"></a><span class="lineno">  419</span>    HANDLE hThread = OpenThread(</div>
-<div class="line"><a id="l00420" name="l00420"></a><span class="lineno">  420</span>        THREAD_GET_CONTEXT | THREAD_QUERY_INFORMATION | SYNCHRONIZE,</div>
-<div class="line"><a id="l00421" name="l00421"></a><span class="lineno">  421</span>        FALSE,</div>
-<div class="line"><a id="l00422" name="l00422"></a><span class="lineno">  422</span>        <a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.tid</div>
-<div class="line"><a id="l00423" name="l00423"></a><span class="lineno">  423</span>    );</div>
-<div class="line"><a id="l00424" name="l00424"></a><span class="lineno">  424</span>    <span class="keywordflow">if</span> (!hThread) {</div>
-<div class="line"><a id="l00425" name="l00425"></a><span class="lineno">  425</span><span class="preprocessor">#ifdef _DEBUG</span></div>
-<div class="line"><a id="l00426" name="l00426"></a><span class="lineno">  426</span>        std::cerr &lt;&lt; <span class="stringliteral">&quot;[-] Could not OpenThread. Error: &quot;</span> &lt;&lt; GetLastError() &lt;&lt; std::endl;</div>
-<div class="line"><a id="l00427" name="l00427"></a><span class="lineno">  427</span><span class="preprocessor">#endif</span></div>
-<div class="line"><a id="l00428" name="l00428"></a><span class="lineno">  428</span>        <span class="keywordflow">return</span> <span class="keyword">nullptr</span>;</div>
-<div class="line"><a id="l00429" name="l00429"></a><span class="lineno">  429</span>    }</div>
-<div class="line"><a id="l00430" name="l00430"></a><span class="lineno">  430</span>    <span class="keyword">const</span> DWORD tid = GetThreadId(hThread);</div>
-<div class="line"><a id="l00431" name="l00431"></a><span class="lineno">  431</span>    <a class="code hl_struct" href="structpesieve_1_1__ctx__details.html">ctx_details</a> cDetails = { 0 };</div>
-<div class="line"><a id="l00432" name="l00432"></a><span class="lineno">  432</span>    <span class="keyword">const</span> <span class="keywordtype">bool</span> is_ok = fetchThreadCtxDetails(processHandle, hThread, cDetails);</div>
-<div class="line"><a id="l00433" name="l00433"></a><span class="lineno">  433</span> </div>
-<div class="line"><a id="l00434" name="l00434"></a><span class="lineno">  434</span>    DWORD exit_code = 0;</div>
-<div class="line"><a id="l00435" name="l00435"></a><span class="lineno">  435</span>    GetExitCodeThread(hThread, &amp;exit_code);</div>
-<div class="line"><a id="l00436" name="l00436"></a><span class="lineno">  436</span>    CloseHandle(hThread);</div>
-<div class="line"><a id="l00437" name="l00437"></a><span class="lineno">  437</span> </div>
-<div class="line"><a id="l00438" name="l00438"></a><span class="lineno">  438</span>    <span class="keywordflow">if</span> (!is_ok) {</div>
-<div class="line"><a id="l00439" name="l00439"></a><span class="lineno">  439</span>        <span class="comment">// could not fetch the thread context and information</span></div>
-<div class="line"><a id="l00440" name="l00440"></a><span class="lineno">  440</span>        my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a10b0bdf16cb9e7af32e1ab9b35532f68">status</a> = <a class="code hl_enumvalue" href="namespacepesieve.html#a458a4723ce4aa55fd1033f3e36381883ab619b7720957ba16403f9eb619bba747">SCAN_ERROR</a>;</div>
-<div class="line"><a id="l00441" name="l00441"></a><span class="lineno">  441</span>        <span class="keywordflow">return</span> my_report;</div>
-<div class="line"><a id="l00442" name="l00442"></a><span class="lineno">  442</span>    }</div>
-<div class="line"><a id="l00443" name="l00443"></a><span class="lineno">  443</span><span class="preprocessor">#ifdef _DEBUG</span></div>
-<div class="line"><a id="l00444" name="l00444"></a><span class="lineno">  444</span>    std::string bits = cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#ad0c5e14eb1bb6d1bef2421752eb5e298">is64b</a> ? <span class="stringliteral">&quot;64&quot;</span> : <span class="stringliteral">&quot;32&quot;</span>;</div>
-<div class="line"><a id="l00445" name="l00445"></a><span class="lineno">  445</span>    std::cout &lt;&lt; <span class="stringliteral">&quot;[&quot;</span> &lt;&lt; bits &lt;&lt; <span class="stringliteral">&quot;-bit] &quot;</span> &lt;&lt; std::hex &lt;&lt; <span class="stringliteral">&quot; Rip: &quot;</span> &lt;&lt; cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#a6dc0bc061045467c3d71b6644adf68b4">rip</a> &lt;&lt; <span class="stringliteral">&quot; Rsp: &quot;</span> &lt;&lt; cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#ab19759b888e6034d29dcaf6cedeed9bd">rsp</a>;</div>
-<div class="line"><a id="l00446" name="l00446"></a><span class="lineno">  446</span>    <span class="keywordflow">if</span> (exit_code != STILL_ACTIVE) </div>
-<div class="line"><a id="l00447" name="l00447"></a><span class="lineno">  447</span>        std::cout &lt;&lt; <span class="stringliteral">&quot; ExitCode: &quot;</span> &lt;&lt; exit_code;</div>
-<div class="line"><a id="l00448" name="l00448"></a><span class="lineno">  448</span> </div>
-<div class="line"><a id="l00449" name="l00449"></a><span class="lineno">  449</span>    <span class="keywordflow">if</span> (cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#a4b5f5a030c362877e2772ab3493e0d6f">ret_addr</a> != 0) {</div>
-<div class="line"><a id="l00450" name="l00450"></a><span class="lineno">  450</span>        std::cout &lt;&lt; std::hex &lt;&lt; <span class="stringliteral">&quot; Ret: &quot;</span> &lt;&lt; cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#a4b5f5a030c362877e2772ab3493e0d6f">ret_addr</a>;</div>
-<div class="line"><a id="l00451" name="l00451"></a><span class="lineno">  451</span>    }</div>
-<div class="line"><a id="l00452" name="l00452"></a><span class="lineno">  452</span>    std::cout &lt;&lt; <span class="stringliteral">&quot;\n&quot;</span>;</div>
-<div class="line"><a id="l00453" name="l00453"></a><span class="lineno">  453</span><span class="preprocessor">#endif</span></div>
-<div class="line"><a id="l00454" name="l00454"></a><span class="lineno">  454</span> </div>
-<div class="line"><a id="l00455" name="l00455"></a><span class="lineno">  455</span>    <span class="keywordflow">if</span> (exit_code != STILL_ACTIVE) {</div>
-<div class="line"><a id="l00456" name="l00456"></a><span class="lineno">  456</span>        my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a10b0bdf16cb9e7af32e1ab9b35532f68">status</a> = <a class="code hl_enumvalue" href="namespacepesieve.html#a458a4723ce4aa55fd1033f3e36381883a898214572c7aff1aca29db4a3ec9856d">SCAN_NOT_SUSPICIOUS</a>;</div>
-<div class="line"><a id="l00457" name="l00457"></a><span class="lineno">  457</span>        <span class="keywordflow">return</span> my_report;</div>
-<div class="line"><a id="l00458" name="l00458"></a><span class="lineno">  458</span>    }</div>
-<div class="line"><a id="l00459" name="l00459"></a><span class="lineno">  459</span><span class="preprocessor">#ifdef _DEBUG</span></div>
-<div class="line"><a id="l00460" name="l00460"></a><span class="lineno">  460</span>    <span class="comment">// if compiled in a debug mode, make this check AFTER scan</span></div>
-<div class="line"><a id="l00461" name="l00461"></a><span class="lineno">  461</span>    <span class="comment">// (so that we can see first what was skipped)</span></div>
-<div class="line"><a id="l00462" name="l00462"></a><span class="lineno">  462</span>    <span class="keywordflow">if</span> (!<a class="code hl_function" href="thread__scanner_8cpp.html#acde231c42b9527dcc026402dcb8b9d87">should_scan_context</a>(<a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>)) {</div>
-<div class="line"><a id="l00463" name="l00463"></a><span class="lineno">  463</span>        my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a10b0bdf16cb9e7af32e1ab9b35532f68">status</a> = <a class="code hl_enumvalue" href="namespacepesieve.html#a458a4723ce4aa55fd1033f3e36381883a898214572c7aff1aca29db4a3ec9856d">SCAN_NOT_SUSPICIOUS</a>;</div>
-<div class="line"><a id="l00464" name="l00464"></a><span class="lineno">  464</span>        <span class="keywordflow">return</span> my_report;</div>
-<div class="line"><a id="l00465" name="l00465"></a><span class="lineno">  465</span>    }</div>
-<div class="line"><a id="l00466" name="l00466"></a><span class="lineno">  466</span><span class="preprocessor">#endif</span></div>
-<div class="line"><a id="l00467" name="l00467"></a><span class="lineno">  467</span> </div>
-<div class="line"><a id="l00468" name="l00468"></a><span class="lineno">  468</span>    is_shc = isAddrInShellcode(cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#a6dc0bc061045467c3d71b6644adf68b4">rip</a>);</div>
-<div class="line"><a id="l00469" name="l00469"></a><span class="lineno">  469</span>    <span class="keywordflow">if</span> (is_shc) {</div>
-<div class="line"><a id="l00470" name="l00470"></a><span class="lineno">  470</span>        <span class="keywordflow">if</span> (reportSuspiciousAddr(my_report, cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#a6dc0bc061045467c3d71b6644adf68b4">rip</a>)) {</div>
-<div class="line"><a id="l00471" name="l00471"></a><span class="lineno">  471</span>            <span class="keywordflow">return</span> my_report;</div>
-<div class="line"><a id="l00472" name="l00472"></a><span class="lineno">  472</span>        }</div>
-<div class="line"><a id="l00473" name="l00473"></a><span class="lineno">  473</span>    }</div>
-<div class="line"><a id="l00474" name="l00474"></a><span class="lineno">  474</span>    <span class="keywordflow">if</span> ((cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#a4b5f5a030c362877e2772ab3493e0d6f">ret_addr</a> != 0) &amp;&amp; (cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#a8add5038bb0b71c10646482ba2bbcaaa">is_managed</a> == <span class="keyword">false</span>)) {</div>
-<div class="line"><a id="l00475" name="l00475"></a><span class="lineno">  475</span>        is_shc = isAddrInShellcode(cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#a4b5f5a030c362877e2772ab3493e0d6f">ret_addr</a>);</div>
-<div class="line"><a id="l00476" name="l00476"></a><span class="lineno">  476</span>        <span class="keywordflow">if</span> (is_shc) {</div>
-<div class="line"><a id="l00477" name="l00477"></a><span class="lineno">  477</span>            <span class="keywordflow">if</span> (reportSuspiciousAddr(my_report, cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#a4b5f5a030c362877e2772ab3493e0d6f">ret_addr</a>)) {</div>
-<div class="line"><a id="l00478" name="l00478"></a><span class="lineno">  478</span>                <span class="keywordflow">return</span> my_report;</div>
-<div class="line"><a id="l00479" name="l00479"></a><span class="lineno">  479</span>            }</div>
-<div class="line"><a id="l00480" name="l00480"></a><span class="lineno">  480</span>        }</div>
-<div class="line"><a id="l00481" name="l00481"></a><span class="lineno">  481</span>    }</div>
-<div class="line"><a id="l00482" name="l00482"></a><span class="lineno">  482</span>    <span class="keyword">const</span> <span class="keywordtype">bool</span> hasEmptyGUI = <a class="code hl_function" href="thread__scanner_8cpp.html#a20dfb89b6f97369747479fad5b4e764b">has_empty_gui_info</a>(tid);</div>
-<div class="line"><a id="l00483" name="l00483"></a><span class="lineno">  483</span>    <span class="keywordflow">if</span> (hasEmptyGUI &amp;&amp; </div>
-<div class="line"><a id="l00484" name="l00484"></a><span class="lineno">  484</span>        cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#aabca56adbcd0155923d8e6b0e62599c5">stackFramesCount</a> == 1 </div>
-<div class="line"><a id="l00485" name="l00485"></a><span class="lineno">  485</span>        &amp;&amp; this-&gt;info.is_extended &amp;&amp; <a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.ext.state == Waiting &amp;&amp; <a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.ext.wait_reason == UserRequest)</div>
-<div class="line"><a id="l00486" name="l00486"></a><span class="lineno">  486</span>    {</div>
-<div class="line"><a id="l00487" name="l00487"></a><span class="lineno">  487</span>        my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_thread_scan_report.html#aa4cc4cdcfd7be649a00dd57d46b70317">thread_state</a> = <a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.ext.state;</div>
-<div class="line"><a id="l00488" name="l00488"></a><span class="lineno">  488</span>        my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_thread_scan_report.html#acfe24bd84475b4de990f163e131a99e4">thread_wait_reason</a> = <a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.ext.wait_reason;</div>
-<div class="line"><a id="l00489" name="l00489"></a><span class="lineno">  489</span>        my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_thread_scan_report.html#a426ff44e71530e3f96236540d62d21e4">thread_wait_time</a> = <a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.ext.wait_time;</div>
-<div class="line"><a id="l00490" name="l00490"></a><span class="lineno">  490</span>        my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_thread_scan_report.html#a5a930aaa32e9de46d95b25018a373cbc">susp_addr</a> = 0;</div>
-<div class="line"><a id="l00491" name="l00491"></a><span class="lineno">  491</span>        my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a10b0bdf16cb9e7af32e1ab9b35532f68">status</a> = <a class="code hl_enumvalue" href="namespacepesieve.html#a458a4723ce4aa55fd1033f3e36381883aa8e008219c2ccce11f9d85b511f9b5a6">SCAN_SUSPICIOUS</a>;</div>
-<div class="line"><a id="l00492" name="l00492"></a><span class="lineno">  492</span>    }</div>
-<div class="line"><a id="l00493" name="l00493"></a><span class="lineno">  493</span>    <span class="keywordflow">return</span> my_report;</div>
-<div class="line"><a id="l00494" name="l00494"></a><span class="lineno">  494</span>}</div>
+<div class="line"><a id="l00398" name="l00398"></a><span class="lineno">  398</span> </div>
+<div class="foldopen" id="foldopen00399" data-start="{" data-end="}">
+<div class="line"><a id="l00399" name="l00399"></a><span class="lineno"><a class="line" href="classpesieve_1_1_thread_scanner.html#a23839353374eedcda7c92b0c7ce6b3bf">  399</a></span><a class="code hl_class" href="classpesieve_1_1_thread_scan_report.html">ThreadScanReport</a>* <a class="code hl_function" href="classpesieve_1_1_thread_scanner.html#a23839353374eedcda7c92b0c7ce6b3bf">pesieve::ThreadScanner::scanRemote</a>()</div>
+<div class="line"><a id="l00400" name="l00400"></a><span class="lineno">  400</span>{</div>
+<div class="line"><a id="l00401" name="l00401"></a><span class="lineno">  401</span>    <a class="code hl_class" href="classpesieve_1_1_thread_scan_report.html">ThreadScanReport</a>* my_report = <span class="keyword">new</span> <a class="code hl_class" href="classpesieve_1_1_thread_scan_report.html">ThreadScanReport</a>(<a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.tid);</div>
+<div class="line"><a id="l00402" name="l00402"></a><span class="lineno">  402</span>    <span class="keywordflow">if</span> (!my_report) <span class="keywordflow">return</span> <span class="keyword">nullptr</span>;</div>
+<div class="line"><a id="l00403" name="l00403"></a><span class="lineno">  403</span> </div>
+<div class="line"><a id="l00404" name="l00404"></a><span class="lineno">  404</span><span class="preprocessor">#ifdef _SHOW_THREAD_INFO</span></div>
+<div class="line"><a id="l00405" name="l00405"></a><span class="lineno">  405</span>    printThreadInfo(<a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>);</div>
+<div class="line"><a id="l00406" name="l00406"></a><span class="lineno">  406</span><span class="preprocessor">#endif </span><span class="comment">// _SHOW_THREAD_INFO</span></div>
+<div class="line"><a id="l00407" name="l00407"></a><span class="lineno">  407</span> </div>
+<div class="line"><a id="l00408" name="l00408"></a><span class="lineno">  408</span>    <span class="keywordtype">bool</span> is_shc = isAddrInShellcode(<a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.start_addr);</div>
+<div class="line"><a id="l00409" name="l00409"></a><span class="lineno">  409</span>    <span class="keywordflow">if</span> (is_shc) {</div>
+<div class="line"><a id="l00410" name="l00410"></a><span class="lineno">  410</span>        <span class="keywordflow">if</span> (reportSuspiciousAddr(my_report, <a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.start_addr)) {</div>
+<div class="line"><a id="l00411" name="l00411"></a><span class="lineno">  411</span>            <span class="keywordflow">if</span> (my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a10b0bdf16cb9e7af32e1ab9b35532f68">status</a> == <a class="code hl_enumvalue" href="namespacepesieve.html#a458a4723ce4aa55fd1033f3e36381883aa8e008219c2ccce11f9d85b511f9b5a6">SCAN_SUSPICIOUS</a>) {</div>
+<div class="line"><a id="l00412" name="l00412"></a><span class="lineno">  412</span>                <span class="keywordflow">return</span> my_report;</div>
+<div class="line"><a id="l00413" name="l00413"></a><span class="lineno">  413</span>            }</div>
+<div class="line"><a id="l00414" name="l00414"></a><span class="lineno">  414</span>        }</div>
+<div class="line"><a id="l00415" name="l00415"></a><span class="lineno">  415</span>    }</div>
+<div class="line"><a id="l00416" name="l00416"></a><span class="lineno">  416</span><span class="preprocessor">#ifndef _DEBUG</span></div>
+<div class="line"><a id="l00417" name="l00417"></a><span class="lineno">  417</span>    <span class="comment">// if NOT compiled in a debug mode, make this check BEFORE scan</span></div>
+<div class="line"><a id="l00418" name="l00418"></a><span class="lineno">  418</span>    <span class="keywordflow">if</span> (!<a class="code hl_function" href="thread__scanner_8cpp.html#acde231c42b9527dcc026402dcb8b9d87">should_scan_context</a>(<a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>)) {</div>
+<div class="line"><a id="l00419" name="l00419"></a><span class="lineno">  419</span>        my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a10b0bdf16cb9e7af32e1ab9b35532f68">status</a> = <a class="code hl_enumvalue" href="namespacepesieve.html#a458a4723ce4aa55fd1033f3e36381883a898214572c7aff1aca29db4a3ec9856d">SCAN_NOT_SUSPICIOUS</a>;</div>
+<div class="line"><a id="l00420" name="l00420"></a><span class="lineno">  420</span>        <span class="keywordflow">return</span> my_report;</div>
+<div class="line"><a id="l00421" name="l00421"></a><span class="lineno">  421</span>    }</div>
+<div class="line"><a id="l00422" name="l00422"></a><span class="lineno">  422</span><span class="preprocessor">#endif</span></div>
+<div class="line"><a id="l00423" name="l00423"></a><span class="lineno">  423</span>    <span class="comment">// proceed with detailed checks:</span></div>
+<div class="line"><a id="l00424" name="l00424"></a><span class="lineno">  424</span>    HANDLE hThread = OpenThread(</div>
+<div class="line"><a id="l00425" name="l00425"></a><span class="lineno">  425</span>        THREAD_GET_CONTEXT | THREAD_QUERY_INFORMATION | SYNCHRONIZE,</div>
+<div class="line"><a id="l00426" name="l00426"></a><span class="lineno">  426</span>        FALSE,</div>
+<div class="line"><a id="l00427" name="l00427"></a><span class="lineno">  427</span>        <a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.tid</div>
+<div class="line"><a id="l00428" name="l00428"></a><span class="lineno">  428</span>    );</div>
+<div class="line"><a id="l00429" name="l00429"></a><span class="lineno">  429</span>    <span class="keywordflow">if</span> (!hThread) {</div>
+<div class="line"><a id="l00430" name="l00430"></a><span class="lineno">  430</span><span class="preprocessor">#ifdef _DEBUG</span></div>
+<div class="line"><a id="l00431" name="l00431"></a><span class="lineno">  431</span>        std::cerr &lt;&lt; <span class="stringliteral">&quot;[-] Could not OpenThread. Error: &quot;</span> &lt;&lt; GetLastError() &lt;&lt; std::endl;</div>
+<div class="line"><a id="l00432" name="l00432"></a><span class="lineno">  432</span><span class="preprocessor">#endif</span></div>
+<div class="line"><a id="l00433" name="l00433"></a><span class="lineno">  433</span>        <span class="keywordflow">return</span> <span class="keyword">nullptr</span>;</div>
+<div class="line"><a id="l00434" name="l00434"></a><span class="lineno">  434</span>    }</div>
+<div class="line"><a id="l00435" name="l00435"></a><span class="lineno">  435</span>    <span class="keyword">const</span> DWORD tid = GetThreadId(hThread);</div>
+<div class="line"><a id="l00436" name="l00436"></a><span class="lineno">  436</span>    <a class="code hl_struct" href="structpesieve_1_1__ctx__details.html">ctx_details</a> cDetails = { 0 };</div>
+<div class="line"><a id="l00437" name="l00437"></a><span class="lineno">  437</span>    <span class="keyword">const</span> <span class="keywordtype">bool</span> is_ok = fetchThreadCtxDetails(processHandle, hThread, cDetails);</div>
+<div class="line"><a id="l00438" name="l00438"></a><span class="lineno">  438</span> </div>
+<div class="line"><a id="l00439" name="l00439"></a><span class="lineno">  439</span>    DWORD exit_code = 0;</div>
+<div class="line"><a id="l00440" name="l00440"></a><span class="lineno">  440</span>    GetExitCodeThread(hThread, &amp;exit_code);</div>
+<div class="line"><a id="l00441" name="l00441"></a><span class="lineno">  441</span>    CloseHandle(hThread);</div>
+<div class="line"><a id="l00442" name="l00442"></a><span class="lineno">  442</span> </div>
+<div class="line"><a id="l00443" name="l00443"></a><span class="lineno">  443</span>    <span class="keywordflow">if</span> (!is_ok) {</div>
+<div class="line"><a id="l00444" name="l00444"></a><span class="lineno">  444</span>        <span class="comment">// could not fetch the thread context and information</span></div>
+<div class="line"><a id="l00445" name="l00445"></a><span class="lineno">  445</span>        my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a10b0bdf16cb9e7af32e1ab9b35532f68">status</a> = <a class="code hl_enumvalue" href="namespacepesieve.html#a458a4723ce4aa55fd1033f3e36381883ab619b7720957ba16403f9eb619bba747">SCAN_ERROR</a>;</div>
+<div class="line"><a id="l00446" name="l00446"></a><span class="lineno">  446</span>        <span class="keywordflow">return</span> my_report;</div>
+<div class="line"><a id="l00447" name="l00447"></a><span class="lineno">  447</span>    }</div>
+<div class="line"><a id="l00448" name="l00448"></a><span class="lineno">  448</span><span class="preprocessor">#ifdef _DEBUG</span></div>
+<div class="line"><a id="l00449" name="l00449"></a><span class="lineno">  449</span>    std::string bits = cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#ad0c5e14eb1bb6d1bef2421752eb5e298">is64b</a> ? <span class="stringliteral">&quot;64&quot;</span> : <span class="stringliteral">&quot;32&quot;</span>;</div>
+<div class="line"><a id="l00450" name="l00450"></a><span class="lineno">  450</span>    std::cout &lt;&lt; <span class="stringliteral">&quot;[&quot;</span> &lt;&lt; bits &lt;&lt; <span class="stringliteral">&quot;-bit] &quot;</span> &lt;&lt; std::hex &lt;&lt; <span class="stringliteral">&quot; Rip: &quot;</span> &lt;&lt; cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#a6dc0bc061045467c3d71b6644adf68b4">rip</a> &lt;&lt; <span class="stringliteral">&quot; Rsp: &quot;</span> &lt;&lt; cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#ab19759b888e6034d29dcaf6cedeed9bd">rsp</a>;</div>
+<div class="line"><a id="l00451" name="l00451"></a><span class="lineno">  451</span>    <span class="keywordflow">if</span> (exit_code != STILL_ACTIVE) </div>
+<div class="line"><a id="l00452" name="l00452"></a><span class="lineno">  452</span>        std::cout &lt;&lt; <span class="stringliteral">&quot; ExitCode: &quot;</span> &lt;&lt; exit_code;</div>
+<div class="line"><a id="l00453" name="l00453"></a><span class="lineno">  453</span> </div>
+<div class="line"><a id="l00454" name="l00454"></a><span class="lineno">  454</span>    <span class="keywordflow">if</span> (cDetails.ret_addr != 0) {</div>
+<div class="line"><a id="l00455" name="l00455"></a><span class="lineno">  455</span>        std::cout &lt;&lt; std::hex &lt;&lt; <span class="stringliteral">&quot; Ret: &quot;</span> &lt;&lt; cDetails.ret_addr;</div>
+<div class="line"><a id="l00456" name="l00456"></a><span class="lineno">  456</span>    }</div>
+<div class="line"><a id="l00457" name="l00457"></a><span class="lineno">  457</span>    std::cout &lt;&lt; <span class="stringliteral">&quot;\n&quot;</span>;</div>
+<div class="line"><a id="l00458" name="l00458"></a><span class="lineno">  458</span><span class="preprocessor">#endif</span></div>
+<div class="line"><a id="l00459" name="l00459"></a><span class="lineno">  459</span> </div>
+<div class="line"><a id="l00460" name="l00460"></a><span class="lineno">  460</span>    <span class="keywordflow">if</span> (exit_code != STILL_ACTIVE) {</div>
+<div class="line"><a id="l00461" name="l00461"></a><span class="lineno">  461</span>        my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a10b0bdf16cb9e7af32e1ab9b35532f68">status</a> = <a class="code hl_enumvalue" href="namespacepesieve.html#a458a4723ce4aa55fd1033f3e36381883a898214572c7aff1aca29db4a3ec9856d">SCAN_NOT_SUSPICIOUS</a>;</div>
+<div class="line"><a id="l00462" name="l00462"></a><span class="lineno">  462</span>        <span class="keywordflow">return</span> my_report;</div>
+<div class="line"><a id="l00463" name="l00463"></a><span class="lineno">  463</span>    }</div>
+<div class="line"><a id="l00464" name="l00464"></a><span class="lineno">  464</span><span class="preprocessor">#ifdef _DEBUG</span></div>
+<div class="line"><a id="l00465" name="l00465"></a><span class="lineno">  465</span>    <span class="comment">// if compiled in a debug mode, make this check AFTER scan</span></div>
+<div class="line"><a id="l00466" name="l00466"></a><span class="lineno">  466</span>    <span class="comment">// (so that we can see first what was skipped)</span></div>
+<div class="line"><a id="l00467" name="l00467"></a><span class="lineno">  467</span>    <span class="keywordflow">if</span> (!<a class="code hl_function" href="thread__scanner_8cpp.html#acde231c42b9527dcc026402dcb8b9d87">should_scan_context</a>(<a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>)) {</div>
+<div class="line"><a id="l00468" name="l00468"></a><span class="lineno">  468</span>        my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a10b0bdf16cb9e7af32e1ab9b35532f68">status</a> = <a class="code hl_enumvalue" href="namespacepesieve.html#a458a4723ce4aa55fd1033f3e36381883a898214572c7aff1aca29db4a3ec9856d">SCAN_NOT_SUSPICIOUS</a>;</div>
+<div class="line"><a id="l00469" name="l00469"></a><span class="lineno">  469</span>        <span class="keywordflow">return</span> my_report;</div>
+<div class="line"><a id="l00470" name="l00470"></a><span class="lineno">  470</span>    }</div>
+<div class="line"><a id="l00471" name="l00471"></a><span class="lineno">  471</span><span class="preprocessor">#endif</span></div>
+<div class="line"><a id="l00472" name="l00472"></a><span class="lineno">  472</span> </div>
+<div class="line"><a id="l00473" name="l00473"></a><span class="lineno">  473</span>    is_shc = isAddrInShellcode(cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#a6dc0bc061045467c3d71b6644adf68b4">rip</a>);</div>
+<div class="line"><a id="l00474" name="l00474"></a><span class="lineno">  474</span>    <span class="keywordflow">if</span> (is_shc) {</div>
+<div class="line"><a id="l00475" name="l00475"></a><span class="lineno">  475</span>        <span class="keywordflow">if</span> (reportSuspiciousAddr(my_report, cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#a6dc0bc061045467c3d71b6644adf68b4">rip</a>)) {</div>
+<div class="line"><a id="l00476" name="l00476"></a><span class="lineno">  476</span>            <span class="keywordflow">if</span> (my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a10b0bdf16cb9e7af32e1ab9b35532f68">status</a> == <a class="code hl_enumvalue" href="namespacepesieve.html#a458a4723ce4aa55fd1033f3e36381883aa8e008219c2ccce11f9d85b511f9b5a6">SCAN_SUSPICIOUS</a>) {</div>
+<div class="line"><a id="l00477" name="l00477"></a><span class="lineno">  477</span>                <span class="keywordflow">return</span> my_report;</div>
+<div class="line"><a id="l00478" name="l00478"></a><span class="lineno">  478</span>            }</div>
+<div class="line"><a id="l00479" name="l00479"></a><span class="lineno">  479</span>        }</div>
+<div class="line"><a id="l00480" name="l00480"></a><span class="lineno">  480</span>    }</div>
+<div class="line"><a id="l00481" name="l00481"></a><span class="lineno">  481</span> </div>
+<div class="line"><a id="l00482" name="l00482"></a><span class="lineno">  482</span>    <span class="keywordflow">for</span> (<span class="keyword">auto</span> itr = cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#a44ca7a32918f0eab5a8d9cf14080e0c0">shcCandidates</a>.begin(); itr != cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#a44ca7a32918f0eab5a8d9cf14080e0c0">shcCandidates</a>.end(); ++itr) {</div>
+<div class="line"><a id="l00483" name="l00483"></a><span class="lineno">  483</span>        <span class="keyword">const</span> ULONGLONG addr = *itr;</div>
+<div class="line"><a id="l00484" name="l00484"></a><span class="lineno">  484</span><span class="preprocessor">#ifdef _SHOW_THREAD_INFO</span></div>
+<div class="line"><a id="l00485" name="l00485"></a><span class="lineno">  485</span>        std::cout &lt;&lt; <span class="stringliteral">&quot;Checking shc candidate: &quot;</span> &lt;&lt; std::hex &lt;&lt; addr &lt;&lt; <span class="stringliteral">&quot;\n&quot;</span>;</div>
+<div class="line"><a id="l00486" name="l00486"></a><span class="lineno">  486</span><span class="preprocessor">#endif </span><span class="comment">//_SHOW_THREAD_INFO</span></div>
+<div class="line"><a id="l00487" name="l00487"></a><span class="lineno">  487</span>        <span class="comment">//automatically verifies if the address is legit</span></div>
+<div class="line"><a id="l00488" name="l00488"></a><span class="lineno">  488</span>        <span class="keywordflow">if</span> (reportSuspiciousAddr(my_report, addr)) {</div>
+<div class="line"><a id="l00489" name="l00489"></a><span class="lineno">  489</span>            <span class="keywordflow">if</span> (my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a10b0bdf16cb9e7af32e1ab9b35532f68">status</a> == <a class="code hl_enumvalue" href="namespacepesieve.html#a458a4723ce4aa55fd1033f3e36381883aa8e008219c2ccce11f9d85b511f9b5a6">SCAN_SUSPICIOUS</a>) {</div>
+<div class="line"><a id="l00490" name="l00490"></a><span class="lineno">  490</span><span class="preprocessor">#ifdef _SHOW_THREAD_INFO</span></div>
+<div class="line"><a id="l00491" name="l00491"></a><span class="lineno">  491</span>                std::cout &lt;&lt; <span class="stringliteral">&quot;Found! &quot;</span> &lt;&lt; std::hex &lt;&lt; addr &lt;&lt; <span class="stringliteral">&quot;\n&quot;</span>;</div>
+<div class="line"><a id="l00492" name="l00492"></a><span class="lineno">  492</span><span class="preprocessor">#endif </span><span class="comment">//_SHOW_THREAD_INFO</span></div>
+<div class="line"><a id="l00493" name="l00493"></a><span class="lineno">  493</span>                <span class="keywordflow">return</span> my_report;</div>
+<div class="line"><a id="l00494" name="l00494"></a><span class="lineno">  494</span>            }</div>
+<div class="line"><a id="l00495" name="l00495"></a><span class="lineno">  495</span>        }</div>
+<div class="line"><a id="l00496" name="l00496"></a><span class="lineno">  496</span>    }</div>
+<div class="line"><a id="l00497" name="l00497"></a><span class="lineno">  497</span> </div>
+<div class="line"><a id="l00498" name="l00498"></a><span class="lineno">  498</span>    <span class="keyword">const</span> <span class="keywordtype">bool</span> hasEmptyGUI = <a class="code hl_function" href="thread__scanner_8cpp.html#a20dfb89b6f97369747479fad5b4e764b">has_empty_gui_info</a>(tid);</div>
+<div class="line"><a id="l00499" name="l00499"></a><span class="lineno">  499</span>    <span class="keywordflow">if</span> (hasEmptyGUI &amp;&amp; </div>
+<div class="line"><a id="l00500" name="l00500"></a><span class="lineno">  500</span>        cDetails.<a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#aabca56adbcd0155923d8e6b0e62599c5">stackFramesCount</a> == 1 </div>
+<div class="line"><a id="l00501" name="l00501"></a><span class="lineno">  501</span>        &amp;&amp; this-&gt;info.is_extended &amp;&amp; <a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.ext.state == Waiting &amp;&amp; <a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.ext.wait_reason == UserRequest)</div>
+<div class="line"><a id="l00502" name="l00502"></a><span class="lineno">  502</span>    {</div>
+<div class="line"><a id="l00503" name="l00503"></a><span class="lineno">  503</span>        my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_thread_scan_report.html#aa4cc4cdcfd7be649a00dd57d46b70317">thread_state</a> = <a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.ext.state;</div>
+<div class="line"><a id="l00504" name="l00504"></a><span class="lineno">  504</span>        my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_thread_scan_report.html#acfe24bd84475b4de990f163e131a99e4">thread_wait_reason</a> = <a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.ext.wait_reason;</div>
+<div class="line"><a id="l00505" name="l00505"></a><span class="lineno">  505</span>        my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_thread_scan_report.html#a426ff44e71530e3f96236540d62d21e4">thread_wait_time</a> = <a class="code hl_function" href="namespacepesieve.html#ac299ba917fb6598dc9de71516cf71c84">info</a>.ext.wait_time;</div>
+<div class="line"><a id="l00506" name="l00506"></a><span class="lineno">  506</span>        my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_thread_scan_report.html#a5a930aaa32e9de46d95b25018a373cbc">susp_addr</a> = 0;</div>
+<div class="line"><a id="l00507" name="l00507"></a><span class="lineno">  507</span>        my_report-&gt;<a class="code hl_variable" href="classpesieve_1_1_module_scan_report.html#a10b0bdf16cb9e7af32e1ab9b35532f68">status</a> = <a class="code hl_enumvalue" href="namespacepesieve.html#a458a4723ce4aa55fd1033f3e36381883aa8e008219c2ccce11f9d85b511f9b5a6">SCAN_SUSPICIOUS</a>;</div>
+<div class="line"><a id="l00508" name="l00508"></a><span class="lineno">  508</span>    }</div>
+<div class="line"><a id="l00509" name="l00509"></a><span class="lineno">  509</span>    <span class="keywordflow">return</span> my_report;</div>
+<div class="line"><a id="l00510" name="l00510"></a><span class="lineno">  510</span>}</div>
 </div>
 <div class="ttc" id="aclasspesieve_1_1_area_entropy_stats_html_a82df077a940d6870308d72ba39cbeec2"><div class="ttname"><a href="classpesieve_1_1_area_entropy_stats.html#a82df077a940d6870308d72ba39cbeec2">pesieve::AreaEntropyStats::entropy</a></div><div class="ttdeci">double entropy</div><div class="ttdef"><b>Definition</b> <a href="entropy__stats_8h_source.html#l00036">entropy_stats.h:36</a></div></div>
 <div class="ttc" id="aclasspesieve_1_1_area_stats_calculator_html"><div class="ttname"><a href="classpesieve_1_1_area_stats_calculator.html">pesieve::AreaStatsCalculator</a></div><div class="ttdoc">A class responsible for filling in the statistics with the data from the particular buffer.</div><div class="ttdef"><b>Definition</b> <a href="stats_8h_source.html#l00073">stats.h:73</a></div></div>
@@ -642,14 +658,14 @@
 <div class="ttc" id="aclasspesieve_1_1_thread_scan_report_html_aa4cc4cdcfd7be649a00dd57d46b70317"><div class="ttname"><a href="classpesieve_1_1_thread_scan_report.html#aa4cc4cdcfd7be649a00dd57d46b70317">pesieve::ThreadScanReport::thread_state</a></div><div class="ttdeci">DWORD thread_state</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8h_source.html#l00086">thread_scanner.h:86</a></div></div>
 <div class="ttc" id="aclasspesieve_1_1_thread_scan_report_html_acfe24bd84475b4de990f163e131a99e4"><div class="ttname"><a href="classpesieve_1_1_thread_scan_report.html#acfe24bd84475b4de990f163e131a99e4">pesieve::ThreadScanReport::thread_wait_reason</a></div><div class="ttdeci">DWORD thread_wait_reason</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8h_source.html#l00087">thread_scanner.h:87</a></div></div>
 <div class="ttc" id="aclasspesieve_1_1_thread_scan_report_html_af30839203957e838bc299232e05ab735"><div class="ttname"><a href="classpesieve_1_1_thread_scan_report.html#af30839203957e838bc299232e05ab735">pesieve::ThreadScanReport::translate_thread_state</a></div><div class="ttdeci">static std::string translate_thread_state(DWORD thread_state)</div><div class="ttdef"><b>Definition</b> <a href="#l00118">thread_scanner.cpp:118</a></div></div>
-<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_a23839353374eedcda7c92b0c7ce6b3bf"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#a23839353374eedcda7c92b0c7ce6b3bf">pesieve::ThreadScanner::scanRemote</a></div><div class="ttdeci">virtual ThreadScanReport * scanRemote()</div><div class="ttdef"><b>Definition</b> <a href="#l00398">thread_scanner.cpp:398</a></div></div>
-<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_a36850edb808d4be733631fa2bcd3b7b4"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#a36850edb808d4be733631fa2bcd3b7b4">pesieve::ThreadScanner::reportSuspiciousAddr</a></div><div class="ttdeci">bool reportSuspiciousAddr(ThreadScanReport *my_report, ULONGLONG susp_addr)</div><div class="ttdef"><b>Definition</b> <a href="#l00349">thread_scanner.cpp:349</a></div></div>
-<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_a69820b7fd6f60e4f136b6d71e03cb28d"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#a69820b7fd6f60e4f136b6d71e03cb28d">pesieve::ThreadScanner::fillStackFrameInfo</a></div><div class="ttdeci">size_t fillStackFrameInfo(IN HANDLE hProcess, IN HANDLE hThread, IN LPVOID ctx, IN OUT ctx_details &amp;cDetails)</div><div class="ttdef"><b>Definition</b> <a href="#l00194">thread_scanner.cpp:194</a></div></div>
-<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_a75c0be0ec6ea82b700f3ca5e846a0675"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#a75c0be0ec6ea82b700f3ca5e846a0675">pesieve::ThreadScanner::printThreadInfo</a></div><div class="ttdeci">void printThreadInfo(const util::thread_info &amp;threadi)</div><div class="ttdef"><b>Definition</b> <a href="#l00305">thread_scanner.cpp:305</a></div></div>
-<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_a79df00ed9c178f7eab47cbb8ee43dd42"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#a79df00ed9c178f7eab47cbb8ee43dd42">pesieve::ThreadScanner::fillAreaStats</a></div><div class="ttdeci">bool fillAreaStats(ThreadScanReport *my_report)</div><div class="ttdef"><b>Definition</b> <a href="#l00336">thread_scanner.cpp:336</a></div></div>
-<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_a912120f6549a8b27c3e8166ccd2511cf"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#a912120f6549a8b27c3e8166ccd2511cf">pesieve::ThreadScanner::isAddrInShellcode</a></div><div class="ttdeci">bool isAddrInShellcode(ULONGLONG addr)</div><div class="ttdef"><b>Definition</b> <a href="#l00263">thread_scanner.cpp:263</a></div></div>
-<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_ab1cc74daf162025643c225c29cd8225b"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#ab1cc74daf162025643c225c29cd8225b">pesieve::ThreadScanner::fetchThreadCtxDetails</a></div><div class="ttdeci">bool fetchThreadCtxDetails(IN HANDLE hProcess, IN HANDLE hThread, OUT ctx_details &amp;c)</div><div class="ttdef"><b>Definition</b> <a href="#l00229">thread_scanner.cpp:229</a></div></div>
-<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_ac35db3f1ec2765f9dda550b04f0cb9ee"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#ac35db3f1ec2765f9dda550b04f0cb9ee">pesieve::ThreadScanner::printResolvedAddr</a></div><div class="ttdeci">bool printResolvedAddr(ULONGLONG addr)</div><div class="ttdef"><b>Definition</b> <a href="#l00275">thread_scanner.cpp:275</a></div></div>
+<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_a23839353374eedcda7c92b0c7ce6b3bf"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#a23839353374eedcda7c92b0c7ce6b3bf">pesieve::ThreadScanner::scanRemote</a></div><div class="ttdeci">virtual ThreadScanReport * scanRemote()</div><div class="ttdef"><b>Definition</b> <a href="#l00399">thread_scanner.cpp:399</a></div></div>
+<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_a36850edb808d4be733631fa2bcd3b7b4"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#a36850edb808d4be733631fa2bcd3b7b4">pesieve::ThreadScanner::reportSuspiciousAddr</a></div><div class="ttdeci">bool reportSuspiciousAddr(ThreadScanReport *my_report, ULONGLONG susp_addr)</div><div class="ttdef"><b>Definition</b> <a href="#l00350">thread_scanner.cpp:350</a></div></div>
+<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_a69820b7fd6f60e4f136b6d71e03cb28d"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#a69820b7fd6f60e4f136b6d71e03cb28d">pesieve::ThreadScanner::fillStackFrameInfo</a></div><div class="ttdeci">size_t fillStackFrameInfo(IN HANDLE hProcess, IN HANDLE hThread, IN LPVOID ctx, IN OUT ctx_details &amp;cDetails)</div><div class="ttdef"><b>Definition</b> <a href="#l00195">thread_scanner.cpp:195</a></div></div>
+<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_a75c0be0ec6ea82b700f3ca5e846a0675"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#a75c0be0ec6ea82b700f3ca5e846a0675">pesieve::ThreadScanner::printThreadInfo</a></div><div class="ttdeci">void printThreadInfo(const util::thread_info &amp;threadi)</div><div class="ttdef"><b>Definition</b> <a href="#l00306">thread_scanner.cpp:306</a></div></div>
+<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_a79df00ed9c178f7eab47cbb8ee43dd42"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#a79df00ed9c178f7eab47cbb8ee43dd42">pesieve::ThreadScanner::fillAreaStats</a></div><div class="ttdeci">bool fillAreaStats(ThreadScanReport *my_report)</div><div class="ttdef"><b>Definition</b> <a href="#l00337">thread_scanner.cpp:337</a></div></div>
+<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_a912120f6549a8b27c3e8166ccd2511cf"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#a912120f6549a8b27c3e8166ccd2511cf">pesieve::ThreadScanner::isAddrInShellcode</a></div><div class="ttdeci">bool isAddrInShellcode(ULONGLONG addr)</div><div class="ttdef"><b>Definition</b> <a href="#l00264">thread_scanner.cpp:264</a></div></div>
+<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_ab1cc74daf162025643c225c29cd8225b"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#ab1cc74daf162025643c225c29cd8225b">pesieve::ThreadScanner::fetchThreadCtxDetails</a></div><div class="ttdeci">bool fetchThreadCtxDetails(IN HANDLE hProcess, IN HANDLE hThread, OUT ctx_details &amp;c)</div><div class="ttdef"><b>Definition</b> <a href="#l00230">thread_scanner.cpp:230</a></div></div>
+<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_ac35db3f1ec2765f9dda550b04f0cb9ee"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#ac35db3f1ec2765f9dda550b04f0cb9ee">pesieve::ThreadScanner::printResolvedAddr</a></div><div class="ttdeci">bool printResolvedAddr(ULONGLONG addr)</div><div class="ttdef"><b>Definition</b> <a href="#l00276">thread_scanner.cpp:276</a></div></div>
 <div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_ae67285f50239657076a865f1b2d82ed7"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#ae67285f50239657076a865f1b2d82ed7">pesieve::ThreadScanner::analyzeStackFrames</a></div><div class="ttdeci">size_t analyzeStackFrames(IN const std::vector&lt; ULONGLONG &gt; stack_frame, IN OUT ctx_details &amp;cDetails)</div><div class="ttdef"><b>Definition</b> <a href="#l00139">thread_scanner.cpp:139</a></div></div>
 <div class="ttc" id="amempage__data_8h_html"><div class="ttname"><a href="mempage__data_8h.html">mempage_data.h</a></div></div>
 <div class="ttc" id="anamespacepesieve_1_1util_html_a43b6faf00b6a97279f2d67f4a3fd2513"><div class="ttname"><a href="namespacepesieve_1_1util.html#a43b6faf00b6a97279f2d67f4a3fd2513">pesieve::util::is_process_wow64</a></div><div class="ttdeci">BOOL is_process_wow64(IN HANDLE processHandle, OUT BOOL *isProcWow64)</div><div class="ttdef"><b>Definition</b> <a href="process__util_8cpp_source.html#l00027">process_util.cpp:27</a></div></div>
@@ -671,7 +687,7 @@
 <div class="ttc" id="astruct__t__stack__enum__params_html_af39d9900e3d580fea3a16440f979bcef"><div class="ttname"><a href="struct__t__stack__enum__params.html#af39d9900e3d580fea3a16440f979bcef">_t_stack_enum_params::hThread</a></div><div class="ttdeci">HANDLE hThread</div><div class="ttdef"><b>Definition</b> <a href="#l00021">thread_scanner.cpp:21</a></div></div>
 <div class="ttc" id="astruct__t__stack__enum__params_html_afd374d69c557b225099cff673e6ab6d7"><div class="ttname"><a href="struct__t__stack__enum__params.html#afd374d69c557b225099cff673e6ab6d7">_t_stack_enum_params::stack_frame</a></div><div class="ttdeci">std::vector&lt; ULONGLONG &gt; stack_frame</div><div class="ttdef"><b>Definition</b> <a href="#l00024">thread_scanner.cpp:24</a></div></div>
 <div class="ttc" id="astructpesieve_1_1__ctx__details_html"><div class="ttname"><a href="structpesieve_1_1__ctx__details.html">pesieve::_ctx_details</a></div><div class="ttdoc">A custom structure keeping a fragment of a thread context.</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8h_source.html#l00093">thread_scanner.h:93</a></div></div>
-<div class="ttc" id="astructpesieve_1_1__ctx__details_html_a4b5f5a030c362877e2772ab3493e0d6f"><div class="ttname"><a href="structpesieve_1_1__ctx__details.html#a4b5f5a030c362877e2772ab3493e0d6f">pesieve::_ctx_details::ret_addr</a></div><div class="ttdeci">ULONGLONG ret_addr</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8h_source.html#l00098">thread_scanner.h:98</a></div></div>
+<div class="ttc" id="astructpesieve_1_1__ctx__details_html_a44ca7a32918f0eab5a8d9cf14080e0c0"><div class="ttname"><a href="structpesieve_1_1__ctx__details.html#a44ca7a32918f0eab5a8d9cf14080e0c0">pesieve::_ctx_details::shcCandidates</a></div><div class="ttdeci">std::set&lt; ULONGLONG &gt; shcCandidates</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8h_source.html#l00101">thread_scanner.h:101</a></div></div>
 <div class="ttc" id="astructpesieve_1_1__ctx__details_html_a5868fc0792120aa74a5fab5ab1a5eeb6"><div class="ttname"><a href="structpesieve_1_1__ctx__details.html#a5868fc0792120aa74a5fab5ab1a5eeb6">pesieve::_ctx_details::rbp</a></div><div class="ttdeci">ULONGLONG rbp</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8h_source.html#l00097">thread_scanner.h:97</a></div></div>
 <div class="ttc" id="astructpesieve_1_1__ctx__details_html_a6dc0bc061045467c3d71b6644adf68b4"><div class="ttname"><a href="structpesieve_1_1__ctx__details.html#a6dc0bc061045467c3d71b6644adf68b4">pesieve::_ctx_details::rip</a></div><div class="ttdeci">ULONGLONG rip</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8h_source.html#l00095">thread_scanner.h:95</a></div></div>
 <div class="ttc" id="astructpesieve_1_1__ctx__details_html_a8add5038bb0b71c10646482ba2bbcaaa"><div class="ttname"><a href="structpesieve_1_1__ctx__details.html#a8add5038bb0b71c10646482ba2bbcaaa">pesieve::_ctx_details::is_managed</a></div><div class="ttdeci">bool is_managed</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8h_source.html#l00099">thread_scanner.h:99</a></div></div>
@@ -689,10 +705,10 @@
 <div class="ttc" id="astructpesieve_1_1util_1_1__thread__info_html_aa8f037bcc48e97319145006c5ceef188"><div class="ttname"><a href="structpesieve_1_1util_1_1__thread__info.html#aa8f037bcc48e97319145006c5ceef188">pesieve::util::_thread_info::ext</a></div><div class="ttdeci">thread_info_ext ext</div><div class="ttdef"><b>Definition</b> <a href="threads__util_8h_source.html#l00039">threads_util.h:39</a></div></div>
 <div class="ttc" id="athread__scanner_8cpp_html_a20dfb89b6f97369747479fad5b4e764b"><div class="ttname"><a href="thread__scanner_8cpp.html#a20dfb89b6f97369747479fad5b4e764b">has_empty_gui_info</a></div><div class="ttdeci">bool has_empty_gui_info(DWORD tid)</div><div class="ttdef"><b>Definition</b> <a href="#l00085">thread_scanner.cpp:85</a></div></div>
 <div class="ttc" id="athread__scanner_8cpp_html_a5fd1bfb68319bb2bf608046d60a2e7a0"><div class="ttname"><a href="thread__scanner_8cpp.html#a5fd1bfb68319bb2bf608046d60a2e7a0">t_stack_enum_params</a></div><div class="ttdeci">struct _t_stack_enum_params t_stack_enum_params</div></div>
-<div class="ttc" id="athread__scanner_8cpp_html_a7b9ade21d4de016d2a048bf6cc42dbc0"><div class="ttname"><a href="thread__scanner_8cpp.html#a7b9ade21d4de016d2a048bf6cc42dbc0">get_page_details</a></div><div class="ttdeci">bool get_page_details(HANDLE processHandle, LPVOID start_va, MEMORY_BASIC_INFORMATION &amp;page_info)</div><div class="ttdef"><b>Definition</b> <a href="#l00323">thread_scanner.cpp:323</a></div></div>
+<div class="ttc" id="athread__scanner_8cpp_html_a7b9ade21d4de016d2a048bf6cc42dbc0"><div class="ttname"><a href="thread__scanner_8cpp.html#a7b9ade21d4de016d2a048bf6cc42dbc0">get_page_details</a></div><div class="ttdeci">bool get_page_details(HANDLE processHandle, LPVOID start_va, MEMORY_BASIC_INFORMATION &amp;page_info)</div><div class="ttdef"><b>Definition</b> <a href="#l00324">thread_scanner.cpp:324</a></div></div>
 <div class="ttc" id="athread__scanner_8cpp_html_aae9f172c5997c8651c566511823bb19e"><div class="ttname"><a href="thread__scanner_8cpp.html#aae9f172c5997c8651c566511823bb19e">enum_stack_thread</a></div><div class="ttdeci">DWORD WINAPI enum_stack_thread(LPVOID lpParam)</div><div class="ttdef"><b>Definition</b> <a href="#l00036">thread_scanner.cpp:36</a></div></div>
 <div class="ttc" id="athread__scanner_8cpp_html_acaf6cb2ff8299b9b3c55905f936d38a9"><div class="ttname"><a href="thread__scanner_8cpp.html#acaf6cb2ff8299b9b3c55905f936d38a9">ENTROPY_TRESHOLD</a></div><div class="ttdeci">#define ENTROPY_TRESHOLD</div><div class="ttdef"><b>Definition</b> <a href="#l00009">thread_scanner.cpp:9</a></div></div>
-<div class="ttc" id="athread__scanner_8cpp_html_acde231c42b9527dcc026402dcb8b9d87"><div class="ttname"><a href="thread__scanner_8cpp.html#acde231c42b9527dcc026402dcb8b9d87">should_scan_context</a></div><div class="ttdeci">bool should_scan_context(const util::thread_info &amp;info)</div><div class="ttdef"><b>Definition</b> <a href="#l00380">thread_scanner.cpp:380</a></div></div>
+<div class="ttc" id="athread__scanner_8cpp_html_acde231c42b9527dcc026402dcb8b9d87"><div class="ttname"><a href="thread__scanner_8cpp.html#acde231c42b9527dcc026402dcb8b9d87">should_scan_context</a></div><div class="ttdeci">bool should_scan_context(const util::thread_info &amp;info)</div><div class="ttdef"><b>Definition</b> <a href="#l00381">thread_scanner.cpp:381</a></div></div>
 <div class="ttc" id="athread__scanner_8h_html"><div class="ttname"><a href="thread__scanner_8h.html">thread_scanner.h</a></div></div>
 </div><!-- fragment --></div><!-- contents -->
 <!-- start footer part -->
diff --git a/thread__scanner_8h_source.html b/thread__scanner_8h_source.html
index 6cb6763b7..53f9b2521 100644
--- a/thread__scanner_8h_source.html
+++ b/thread__scanner_8h_source.html
@@ -197,66 +197,67 @@
 <div class="line"><a id="l00095" name="l00095"></a><span class="lineno"><a class="line" href="structpesieve_1_1__ctx__details.html#a6dc0bc061045467c3d71b6644adf68b4">   95</a></span>        ULONGLONG <a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#a6dc0bc061045467c3d71b6644adf68b4">rip</a>;</div>
 <div class="line"><a id="l00096" name="l00096"></a><span class="lineno"><a class="line" href="structpesieve_1_1__ctx__details.html#ab19759b888e6034d29dcaf6cedeed9bd">   96</a></span>        ULONGLONG <a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#ab19759b888e6034d29dcaf6cedeed9bd">rsp</a>;</div>
 <div class="line"><a id="l00097" name="l00097"></a><span class="lineno"><a class="line" href="structpesieve_1_1__ctx__details.html#a5868fc0792120aa74a5fab5ab1a5eeb6">   97</a></span>        ULONGLONG <a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#a5868fc0792120aa74a5fab5ab1a5eeb6">rbp</a>;</div>
-<div class="line"><a id="l00098" name="l00098"></a><span class="lineno"><a class="line" href="structpesieve_1_1__ctx__details.html#a4b5f5a030c362877e2772ab3493e0d6f">   98</a></span>        ULONGLONG <a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#a4b5f5a030c362877e2772ab3493e0d6f">ret_addr</a>; <span class="comment">// the last return address on the stack (or the address of the first shellcode)</span></div>
+<div class="line"><a id="l00098" name="l00098"></a><span class="lineno"><a class="line" href="structpesieve_1_1__ctx__details.html#a98c61b583bcc9251354d2e199b1c5523">   98</a></span>        ULONGLONG <a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#a98c61b583bcc9251354d2e199b1c5523">last_ret</a>; <span class="comment">// the last return address on the stack</span></div>
 <div class="line"><a id="l00099" name="l00099"></a><span class="lineno"><a class="line" href="structpesieve_1_1__ctx__details.html#a8add5038bb0b71c10646482ba2bbcaaa">   99</a></span>        <span class="keywordtype">bool</span> <a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#a8add5038bb0b71c10646482ba2bbcaaa">is_managed</a>; <span class="comment">// does it contain .NET modules</span></div>
 <div class="line"><a id="l00100" name="l00100"></a><span class="lineno"><a class="line" href="structpesieve_1_1__ctx__details.html#aabca56adbcd0155923d8e6b0e62599c5">  100</a></span>        <span class="keywordtype">size_t</span> <a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#aabca56adbcd0155923d8e6b0e62599c5">stackFramesCount</a>;</div>
-<div class="line"><a id="l00101" name="l00101"></a><span class="lineno">  101</span> </div>
-<div class="foldopen" id="foldopen00102" data-start="{" data-end="}">
-<div class="line"><a id="l00102" name="l00102"></a><span class="lineno"><a class="line" href="structpesieve_1_1__ctx__details.html#a973d23630a3057a9e1fc500c5bccb639">  102</a></span>        <a class="code hl_function" href="structpesieve_1_1__ctx__details.html#a973d23630a3057a9e1fc500c5bccb639">_ctx_details</a>(<span class="keywordtype">bool</span> _is64b = <span class="keyword">false</span>, ULONGLONG _rip = 0, ULONGLONG _rsp = 0, ULONGLONG _rbp = 0, ULONGLONG _ret_addr = 0)</div>
-<div class="line"><a id="l00103" name="l00103"></a><span class="lineno">  103</span>            : <a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#ad0c5e14eb1bb6d1bef2421752eb5e298">is64b</a>(_is64b), <a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#a6dc0bc061045467c3d71b6644adf68b4">rip</a>(_rip), <a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#ab19759b888e6034d29dcaf6cedeed9bd">rsp</a>(_rsp), <a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#a5868fc0792120aa74a5fab5ab1a5eeb6">rbp</a>(_rbp), <a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#a4b5f5a030c362877e2772ab3493e0d6f">ret_addr</a>(_ret_addr), </div>
-<div class="line"><a id="l00104" name="l00104"></a><span class="lineno">  104</span>            <a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#aabca56adbcd0155923d8e6b0e62599c5">stackFramesCount</a>(0),</div>
-<div class="line"><a id="l00105" name="l00105"></a><span class="lineno">  105</span>            <a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#a8add5038bb0b71c10646482ba2bbcaaa">is_managed</a>(false)</div>
-<div class="line"><a id="l00106" name="l00106"></a><span class="lineno">  106</span>        {</div>
-<div class="line"><a id="l00107" name="l00107"></a><span class="lineno">  107</span>        }</div>
+<div class="line"><a id="l00101" name="l00101"></a><span class="lineno"><a class="line" href="structpesieve_1_1__ctx__details.html#a44ca7a32918f0eab5a8d9cf14080e0c0">  101</a></span>        std::set&lt;ULONGLONG&gt; <a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#a44ca7a32918f0eab5a8d9cf14080e0c0">shcCandidates</a>;</div>
+<div class="line"><a id="l00102" name="l00102"></a><span class="lineno">  102</span> </div>
+<div class="foldopen" id="foldopen00103" data-start="{" data-end="}">
+<div class="line"><a id="l00103" name="l00103"></a><span class="lineno"><a class="line" href="structpesieve_1_1__ctx__details.html#a973d23630a3057a9e1fc500c5bccb639">  103</a></span>        <a class="code hl_function" href="structpesieve_1_1__ctx__details.html#a973d23630a3057a9e1fc500c5bccb639">_ctx_details</a>(<span class="keywordtype">bool</span> _is64b = <span class="keyword">false</span>, ULONGLONG _rip = 0, ULONGLONG _rsp = 0, ULONGLONG _rbp = 0, ULONGLONG _ret_addr = 0)</div>
+<div class="line"><a id="l00104" name="l00104"></a><span class="lineno">  104</span>            : <a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#ad0c5e14eb1bb6d1bef2421752eb5e298">is64b</a>(_is64b), <a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#a6dc0bc061045467c3d71b6644adf68b4">rip</a>(_rip), <a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#ab19759b888e6034d29dcaf6cedeed9bd">rsp</a>(_rsp), <a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#a5868fc0792120aa74a5fab5ab1a5eeb6">rbp</a>(_rbp), <a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#a98c61b583bcc9251354d2e199b1c5523">last_ret</a>(_ret_addr),</div>
+<div class="line"><a id="l00105" name="l00105"></a><span class="lineno">  105</span>            <a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#aabca56adbcd0155923d8e6b0e62599c5">stackFramesCount</a>(0),</div>
+<div class="line"><a id="l00106" name="l00106"></a><span class="lineno">  106</span>            <a class="code hl_variable" href="structpesieve_1_1__ctx__details.html#a8add5038bb0b71c10646482ba2bbcaaa">is_managed</a>(false)</div>
+<div class="line"><a id="l00107" name="l00107"></a><span class="lineno">  107</span>        {</div>
+<div class="line"><a id="l00108" name="l00108"></a><span class="lineno">  108</span>        }</div>
 </div>
-<div class="line"><a id="l00108" name="l00108"></a><span class="lineno">  108</span> </div>
-<div class="foldopen" id="foldopen00109" data-start="{" data-end="}">
-<div class="line"><a id="l00109" name="l00109"></a><span class="lineno"><a class="line" href="structpesieve_1_1__ctx__details.html#a0934e6ecb1c6e65150bfa4d4641cb517">  109</a></span>        <span class="keywordtype">void</span> <a class="code hl_function" href="structpesieve_1_1__ctx__details.html#a0934e6ecb1c6e65150bfa4d4641cb517">init</a>(<span class="keywordtype">bool</span> _is64b = <span class="keyword">false</span>, ULONGLONG _rip = 0, ULONGLONG _rsp = 0, ULONGLONG _rbp = 0, ULONGLONG _ret_addr = 0)</div>
-<div class="line"><a id="l00110" name="l00110"></a><span class="lineno">  110</span>        {</div>
-<div class="line"><a id="l00111" name="l00111"></a><span class="lineno">  111</span>            this-&gt;is64b = _is64b;</div>
-<div class="line"><a id="l00112" name="l00112"></a><span class="lineno">  112</span>            this-&gt;rip = _rip;</div>
-<div class="line"><a id="l00113" name="l00113"></a><span class="lineno">  113</span>            this-&gt;rsp = _rsp;</div>
-<div class="line"><a id="l00114" name="l00114"></a><span class="lineno">  114</span>            this-&gt;rbp = _rbp;</div>
-<div class="line"><a id="l00115" name="l00115"></a><span class="lineno">  115</span>            this-&gt;ret_addr = _ret_addr;</div>
-<div class="line"><a id="l00116" name="l00116"></a><span class="lineno">  116</span>        }</div>
+<div class="line"><a id="l00109" name="l00109"></a><span class="lineno">  109</span> </div>
+<div class="foldopen" id="foldopen00110" data-start="{" data-end="}">
+<div class="line"><a id="l00110" name="l00110"></a><span class="lineno"><a class="line" href="structpesieve_1_1__ctx__details.html#a0934e6ecb1c6e65150bfa4d4641cb517">  110</a></span>        <span class="keywordtype">void</span> <a class="code hl_function" href="structpesieve_1_1__ctx__details.html#a0934e6ecb1c6e65150bfa4d4641cb517">init</a>(<span class="keywordtype">bool</span> _is64b = <span class="keyword">false</span>, ULONGLONG _rip = 0, ULONGLONG _rsp = 0, ULONGLONG _rbp = 0, ULONGLONG _ret_addr = 0)</div>
+<div class="line"><a id="l00111" name="l00111"></a><span class="lineno">  111</span>        {</div>
+<div class="line"><a id="l00112" name="l00112"></a><span class="lineno">  112</span>            this-&gt;is64b = _is64b;</div>
+<div class="line"><a id="l00113" name="l00113"></a><span class="lineno">  113</span>            this-&gt;rip = _rip;</div>
+<div class="line"><a id="l00114" name="l00114"></a><span class="lineno">  114</span>            this-&gt;rsp = _rsp;</div>
+<div class="line"><a id="l00115" name="l00115"></a><span class="lineno">  115</span>            this-&gt;rbp = _rbp;</div>
+<div class="line"><a id="l00116" name="l00116"></a><span class="lineno">  116</span>            this-&gt;last_ret = _ret_addr;</div>
+<div class="line"><a id="l00117" name="l00117"></a><span class="lineno">  117</span>        }</div>
 </div>
-<div class="line"><a id="l00117" name="l00117"></a><span class="lineno">  117</span> </div>
-<div class="line"><a id="l00118" name="l00118"></a><span class="lineno"><a class="line" href="namespacepesieve.html#a7a37f9e361f80961af26f92053c89f36">  118</a></span>    } <a class="code hl_typedef" href="namespacepesieve.html#a7a37f9e361f80961af26f92053c89f36">ctx_details</a>;</div>
+<div class="line"><a id="l00118" name="l00118"></a><span class="lineno">  118</span> </div>
+<div class="line"><a id="l00119" name="l00119"></a><span class="lineno"><a class="line" href="namespacepesieve.html#a7a37f9e361f80961af26f92053c89f36">  119</a></span>    } <a class="code hl_typedef" href="namespacepesieve.html#a7a37f9e361f80961af26f92053c89f36">ctx_details</a>;</div>
 </div>
-<div class="line"><a id="l00119" name="l00119"></a><span class="lineno">  119</span> </div>
-<div class="foldopen" id="foldopen00122" data-start="{" data-end="};">
-<div class="line"><a id="l00122" name="l00122"></a><span class="lineno"><a class="line" href="classpesieve_1_1_thread_scanner.html">  122</a></span>    <span class="keyword">class </span><a class="code hl_class" href="classpesieve_1_1_thread_scanner.html">ThreadScanner</a> : <span class="keyword">public</span> <a class="code hl_class" href="classpesieve_1_1_process_feature_scanner.html">ProcessFeatureScanner</a> {</div>
-<div class="line"><a id="l00123" name="l00123"></a><span class="lineno">  123</span>    <span class="keyword">public</span>:</div>
-<div class="foldopen" id="foldopen00124" data-start="{" data-end="}">
-<div class="line"><a id="l00124" name="l00124"></a><span class="lineno"><a class="line" href="classpesieve_1_1_thread_scanner.html#a0b863bc69b85ae721666a1e3c6116937">  124</a></span>        <a class="code hl_function" href="classpesieve_1_1_thread_scanner.html#a0b863bc69b85ae721666a1e3c6116937">ThreadScanner</a>(HANDLE hProc, <span class="keywordtype">bool</span> _isReflection, <span class="keyword">const</span> <a class="code hl_struct" href="structpesieve_1_1util_1_1__thread__info.html">util::thread_info</a>&amp; _info, <a class="code hl_class" href="classpesieve_1_1_modules_info.html">ModulesInfo</a>&amp; _modulesInfo, peconv::ExportsMapper* _exportsMap, <a class="code hl_class" href="class_process_symbols_manager.html">ProcessSymbolsManager</a>* _symbols)</div>
-<div class="line"><a id="l00125" name="l00125"></a><span class="lineno">  125</span>            : <a class="code hl_class" href="classpesieve_1_1_process_feature_scanner.html">ProcessFeatureScanner</a>(hProc), <a class="code hl_variable" href="classpesieve_1_1_thread_scanner.html#a121637d2eb96737a16a8bd43d5017d2a">isReflection</a>(_isReflection),</div>
-<div class="line"><a id="l00126" name="l00126"></a><span class="lineno">  126</span>            <a class="code hl_variable" href="classpesieve_1_1_thread_scanner.html#aa4261219925db9cf54c61714dc5234b9">info</a>(_info), <a class="code hl_variable" href="classpesieve_1_1_thread_scanner.html#ae52ae17b09541a02b7be5c288eb220fd">modulesInfo</a>(_modulesInfo), <a class="code hl_variable" href="classpesieve_1_1_thread_scanner.html#aa32fde697d92f5f545c9d2faa5ade268">exportsMap</a>(_exportsMap), <a class="code hl_variable" href="classpesieve_1_1_thread_scanner.html#ad455f81b20ec49dc2968d6f2db67ae13">symbols</a>(_symbols)</div>
-<div class="line"><a id="l00127" name="l00127"></a><span class="lineno">  127</span>        {</div>
-<div class="line"><a id="l00128" name="l00128"></a><span class="lineno">  128</span>        }</div>
+<div class="line"><a id="l00120" name="l00120"></a><span class="lineno">  120</span> </div>
+<div class="foldopen" id="foldopen00123" data-start="{" data-end="};">
+<div class="line"><a id="l00123" name="l00123"></a><span class="lineno"><a class="line" href="classpesieve_1_1_thread_scanner.html">  123</a></span>    <span class="keyword">class </span><a class="code hl_class" href="classpesieve_1_1_thread_scanner.html">ThreadScanner</a> : <span class="keyword">public</span> <a class="code hl_class" href="classpesieve_1_1_process_feature_scanner.html">ProcessFeatureScanner</a> {</div>
+<div class="line"><a id="l00124" name="l00124"></a><span class="lineno">  124</span>    <span class="keyword">public</span>:</div>
+<div class="foldopen" id="foldopen00125" data-start="{" data-end="}">
+<div class="line"><a id="l00125" name="l00125"></a><span class="lineno"><a class="line" href="classpesieve_1_1_thread_scanner.html#a0b863bc69b85ae721666a1e3c6116937">  125</a></span>        <a class="code hl_function" href="classpesieve_1_1_thread_scanner.html#a0b863bc69b85ae721666a1e3c6116937">ThreadScanner</a>(HANDLE hProc, <span class="keywordtype">bool</span> _isReflection, <span class="keyword">const</span> <a class="code hl_struct" href="structpesieve_1_1util_1_1__thread__info.html">util::thread_info</a>&amp; _info, <a class="code hl_class" href="classpesieve_1_1_modules_info.html">ModulesInfo</a>&amp; _modulesInfo, peconv::ExportsMapper* _exportsMap, <a class="code hl_class" href="class_process_symbols_manager.html">ProcessSymbolsManager</a>* _symbols)</div>
+<div class="line"><a id="l00126" name="l00126"></a><span class="lineno">  126</span>            : <a class="code hl_class" href="classpesieve_1_1_process_feature_scanner.html">ProcessFeatureScanner</a>(hProc), <a class="code hl_variable" href="classpesieve_1_1_thread_scanner.html#a121637d2eb96737a16a8bd43d5017d2a">isReflection</a>(_isReflection),</div>
+<div class="line"><a id="l00127" name="l00127"></a><span class="lineno">  127</span>            <a class="code hl_variable" href="classpesieve_1_1_thread_scanner.html#aa4261219925db9cf54c61714dc5234b9">info</a>(_info), <a class="code hl_variable" href="classpesieve_1_1_thread_scanner.html#ae52ae17b09541a02b7be5c288eb220fd">modulesInfo</a>(_modulesInfo), <a class="code hl_variable" href="classpesieve_1_1_thread_scanner.html#aa32fde697d92f5f545c9d2faa5ade268">exportsMap</a>(_exportsMap), <a class="code hl_variable" href="classpesieve_1_1_thread_scanner.html#ad455f81b20ec49dc2968d6f2db67ae13">symbols</a>(_symbols)</div>
+<div class="line"><a id="l00128" name="l00128"></a><span class="lineno">  128</span>        {</div>
+<div class="line"><a id="l00129" name="l00129"></a><span class="lineno">  129</span>        }</div>
 </div>
-<div class="line"><a id="l00129" name="l00129"></a><span class="lineno">  129</span> </div>
-<div class="line"><a id="l00130" name="l00130"></a><span class="lineno">  130</span>        <span class="keyword">virtual</span> <a class="code hl_class" href="classpesieve_1_1_thread_scan_report.html">ThreadScanReport</a>* <a class="code hl_function" href="classpesieve_1_1_thread_scanner.html#a23839353374eedcda7c92b0c7ce6b3bf">scanRemote</a>();</div>
-<div class="line"><a id="l00131" name="l00131"></a><span class="lineno">  131</span> </div>
-<div class="line"><a id="l00132" name="l00132"></a><span class="lineno">  132</span>    <span class="keyword">protected</span>:</div>
-<div class="line"><a id="l00133" name="l00133"></a><span class="lineno">  133</span> </div>
-<div class="line"><a id="l00134" name="l00134"></a><span class="lineno">  134</span>        <span class="keywordtype">bool</span> <a class="code hl_function" href="classpesieve_1_1_thread_scanner.html#a912120f6549a8b27c3e8166ccd2511cf">isAddrInShellcode</a>(ULONGLONG addr);</div>
-<div class="line"><a id="l00135" name="l00135"></a><span class="lineno">  135</span>        <span class="keywordtype">void</span> <a class="code hl_function" href="classpesieve_1_1_thread_scanner.html#a75c0be0ec6ea82b700f3ca5e846a0675">printThreadInfo</a>(<span class="keyword">const</span> <a class="code hl_struct" href="structpesieve_1_1util_1_1__thread__info.html">util::thread_info</a>&amp; threadi);</div>
-<div class="line"><a id="l00136" name="l00136"></a><span class="lineno">  136</span>        <span class="keywordtype">bool</span> <a class="code hl_function" href="classpesieve_1_1_thread_scanner.html#ac35db3f1ec2765f9dda550b04f0cb9ee">printResolvedAddr</a>(ULONGLONG addr);</div>
-<div class="line"><a id="l00137" name="l00137"></a><span class="lineno">  137</span>        <span class="keywordtype">bool</span> <a class="code hl_function" href="classpesieve_1_1_thread_scanner.html#ab1cc74daf162025643c225c29cd8225b">fetchThreadCtxDetails</a>(IN HANDLE hProcess, IN HANDLE hThread, OUT <a class="code hl_struct" href="structpesieve_1_1__ctx__details.html">ctx_details</a>&amp; c);</div>
-<div class="line"><a id="l00138" name="l00138"></a><span class="lineno">  138</span>        <span class="keywordtype">size_t</span> <a class="code hl_function" href="classpesieve_1_1_thread_scanner.html#a69820b7fd6f60e4f136b6d71e03cb28d">fillStackFrameInfo</a>(IN HANDLE hProcess, IN HANDLE hThread, IN LPVOID ctx, IN OUT <a class="code hl_struct" href="structpesieve_1_1__ctx__details.html">ctx_details</a>&amp; cDetails);</div>
-<div class="line"><a id="l00139" name="l00139"></a><span class="lineno">  139</span>        <span class="keywordtype">size_t</span> <a class="code hl_function" href="classpesieve_1_1_thread_scanner.html#ae67285f50239657076a865f1b2d82ed7">analyzeStackFrames</a>(IN <span class="keyword">const</span> std::vector&lt;ULONGLONG&gt; stack_frame, IN OUT <a class="code hl_struct" href="structpesieve_1_1__ctx__details.html">ctx_details</a>&amp; cDetails);</div>
-<div class="line"><a id="l00140" name="l00140"></a><span class="lineno">  140</span>        <span class="keywordtype">bool</span> <a class="code hl_function" href="classpesieve_1_1_thread_scanner.html#a79df00ed9c178f7eab47cbb8ee43dd42">fillAreaStats</a>(<a class="code hl_class" href="classpesieve_1_1_thread_scan_report.html">ThreadScanReport</a>* my_report);</div>
-<div class="line"><a id="l00141" name="l00141"></a><span class="lineno">  141</span>        <span class="keywordtype">bool</span> <a class="code hl_function" href="classpesieve_1_1_thread_scanner.html#a36850edb808d4be733631fa2bcd3b7b4">reportSuspiciousAddr</a>(<a class="code hl_class" href="classpesieve_1_1_thread_scan_report.html">ThreadScanReport</a>* my_report, ULONGLONG susp_addr);</div>
-<div class="line"><a id="l00142" name="l00142"></a><span class="lineno">  142</span> </div>
-<div class="line"><a id="l00143" name="l00143"></a><span class="lineno"><a class="line" href="classpesieve_1_1_thread_scanner.html#a121637d2eb96737a16a8bd43d5017d2a">  143</a></span>        <span class="keywordtype">bool</span> <a class="code hl_variable" href="classpesieve_1_1_thread_scanner.html#a121637d2eb96737a16a8bd43d5017d2a">isReflection</a>;</div>
-<div class="line"><a id="l00144" name="l00144"></a><span class="lineno"><a class="line" href="classpesieve_1_1_thread_scanner.html#aa4261219925db9cf54c61714dc5234b9">  144</a></span>        <span class="keyword">const</span> <a class="code hl_struct" href="structpesieve_1_1util_1_1__thread__info.html">util::thread_info</a>&amp; <a class="code hl_variable" href="classpesieve_1_1_thread_scanner.html#aa4261219925db9cf54c61714dc5234b9">info</a>;</div>
-<div class="line"><a id="l00145" name="l00145"></a><span class="lineno"><a class="line" href="classpesieve_1_1_thread_scanner.html#ae52ae17b09541a02b7be5c288eb220fd">  145</a></span>        <a class="code hl_class" href="classpesieve_1_1_modules_info.html">ModulesInfo</a>&amp; <a class="code hl_variable" href="classpesieve_1_1_thread_scanner.html#ae52ae17b09541a02b7be5c288eb220fd">modulesInfo</a>;</div>
-<div class="line"><a id="l00146" name="l00146"></a><span class="lineno"><a class="line" href="classpesieve_1_1_thread_scanner.html#aa32fde697d92f5f545c9d2faa5ade268">  146</a></span>        peconv::ExportsMapper* <a class="code hl_variable" href="classpesieve_1_1_thread_scanner.html#aa32fde697d92f5f545c9d2faa5ade268">exportsMap</a>;</div>
-<div class="line"><a id="l00147" name="l00147"></a><span class="lineno"><a class="line" href="classpesieve_1_1_thread_scanner.html#ad455f81b20ec49dc2968d6f2db67ae13">  147</a></span>        <a class="code hl_class" href="class_process_symbols_manager.html">ProcessSymbolsManager</a>* <a class="code hl_variable" href="classpesieve_1_1_thread_scanner.html#ad455f81b20ec49dc2968d6f2db67ae13">symbols</a>;</div>
-<div class="line"><a id="l00148" name="l00148"></a><span class="lineno">  148</span>    };</div>
+<div class="line"><a id="l00130" name="l00130"></a><span class="lineno">  130</span> </div>
+<div class="line"><a id="l00131" name="l00131"></a><span class="lineno">  131</span>        <span class="keyword">virtual</span> <a class="code hl_class" href="classpesieve_1_1_thread_scan_report.html">ThreadScanReport</a>* <a class="code hl_function" href="classpesieve_1_1_thread_scanner.html#a23839353374eedcda7c92b0c7ce6b3bf">scanRemote</a>();</div>
+<div class="line"><a id="l00132" name="l00132"></a><span class="lineno">  132</span> </div>
+<div class="line"><a id="l00133" name="l00133"></a><span class="lineno">  133</span>    <span class="keyword">protected</span>:</div>
+<div class="line"><a id="l00134" name="l00134"></a><span class="lineno">  134</span> </div>
+<div class="line"><a id="l00135" name="l00135"></a><span class="lineno">  135</span>        <span class="keywordtype">bool</span> <a class="code hl_function" href="classpesieve_1_1_thread_scanner.html#a912120f6549a8b27c3e8166ccd2511cf">isAddrInShellcode</a>(ULONGLONG addr);</div>
+<div class="line"><a id="l00136" name="l00136"></a><span class="lineno">  136</span>        <span class="keywordtype">void</span> <a class="code hl_function" href="classpesieve_1_1_thread_scanner.html#a75c0be0ec6ea82b700f3ca5e846a0675">printThreadInfo</a>(<span class="keyword">const</span> <a class="code hl_struct" href="structpesieve_1_1util_1_1__thread__info.html">util::thread_info</a>&amp; threadi);</div>
+<div class="line"><a id="l00137" name="l00137"></a><span class="lineno">  137</span>        <span class="keywordtype">bool</span> <a class="code hl_function" href="classpesieve_1_1_thread_scanner.html#ac35db3f1ec2765f9dda550b04f0cb9ee">printResolvedAddr</a>(ULONGLONG addr);</div>
+<div class="line"><a id="l00138" name="l00138"></a><span class="lineno">  138</span>        <span class="keywordtype">bool</span> <a class="code hl_function" href="classpesieve_1_1_thread_scanner.html#ab1cc74daf162025643c225c29cd8225b">fetchThreadCtxDetails</a>(IN HANDLE hProcess, IN HANDLE hThread, OUT <a class="code hl_struct" href="structpesieve_1_1__ctx__details.html">ctx_details</a>&amp; c);</div>
+<div class="line"><a id="l00139" name="l00139"></a><span class="lineno">  139</span>        <span class="keywordtype">size_t</span> <a class="code hl_function" href="classpesieve_1_1_thread_scanner.html#a69820b7fd6f60e4f136b6d71e03cb28d">fillStackFrameInfo</a>(IN HANDLE hProcess, IN HANDLE hThread, IN LPVOID ctx, IN OUT <a class="code hl_struct" href="structpesieve_1_1__ctx__details.html">ctx_details</a>&amp; cDetails);</div>
+<div class="line"><a id="l00140" name="l00140"></a><span class="lineno">  140</span>        <span class="keywordtype">size_t</span> <a class="code hl_function" href="classpesieve_1_1_thread_scanner.html#ae67285f50239657076a865f1b2d82ed7">analyzeStackFrames</a>(IN <span class="keyword">const</span> std::vector&lt;ULONGLONG&gt; stack_frame, IN OUT <a class="code hl_struct" href="structpesieve_1_1__ctx__details.html">ctx_details</a>&amp; cDetails);</div>
+<div class="line"><a id="l00141" name="l00141"></a><span class="lineno">  141</span>        <span class="keywordtype">bool</span> <a class="code hl_function" href="classpesieve_1_1_thread_scanner.html#a79df00ed9c178f7eab47cbb8ee43dd42">fillAreaStats</a>(<a class="code hl_class" href="classpesieve_1_1_thread_scan_report.html">ThreadScanReport</a>* my_report);</div>
+<div class="line"><a id="l00142" name="l00142"></a><span class="lineno">  142</span>        <span class="keywordtype">bool</span> <a class="code hl_function" href="classpesieve_1_1_thread_scanner.html#a36850edb808d4be733631fa2bcd3b7b4">reportSuspiciousAddr</a>(<a class="code hl_class" href="classpesieve_1_1_thread_scan_report.html">ThreadScanReport</a>* my_report, ULONGLONG susp_addr);</div>
+<div class="line"><a id="l00143" name="l00143"></a><span class="lineno">  143</span> </div>
+<div class="line"><a id="l00144" name="l00144"></a><span class="lineno"><a class="line" href="classpesieve_1_1_thread_scanner.html#a121637d2eb96737a16a8bd43d5017d2a">  144</a></span>        <span class="keywordtype">bool</span> <a class="code hl_variable" href="classpesieve_1_1_thread_scanner.html#a121637d2eb96737a16a8bd43d5017d2a">isReflection</a>;</div>
+<div class="line"><a id="l00145" name="l00145"></a><span class="lineno"><a class="line" href="classpesieve_1_1_thread_scanner.html#aa4261219925db9cf54c61714dc5234b9">  145</a></span>        <span class="keyword">const</span> <a class="code hl_struct" href="structpesieve_1_1util_1_1__thread__info.html">util::thread_info</a>&amp; <a class="code hl_variable" href="classpesieve_1_1_thread_scanner.html#aa4261219925db9cf54c61714dc5234b9">info</a>;</div>
+<div class="line"><a id="l00146" name="l00146"></a><span class="lineno"><a class="line" href="classpesieve_1_1_thread_scanner.html#ae52ae17b09541a02b7be5c288eb220fd">  146</a></span>        <a class="code hl_class" href="classpesieve_1_1_modules_info.html">ModulesInfo</a>&amp; <a class="code hl_variable" href="classpesieve_1_1_thread_scanner.html#ae52ae17b09541a02b7be5c288eb220fd">modulesInfo</a>;</div>
+<div class="line"><a id="l00147" name="l00147"></a><span class="lineno"><a class="line" href="classpesieve_1_1_thread_scanner.html#aa32fde697d92f5f545c9d2faa5ade268">  147</a></span>        peconv::ExportsMapper* <a class="code hl_variable" href="classpesieve_1_1_thread_scanner.html#aa32fde697d92f5f545c9d2faa5ade268">exportsMap</a>;</div>
+<div class="line"><a id="l00148" name="l00148"></a><span class="lineno"><a class="line" href="classpesieve_1_1_thread_scanner.html#ad455f81b20ec49dc2968d6f2db67ae13">  148</a></span>        <a class="code hl_class" href="class_process_symbols_manager.html">ProcessSymbolsManager</a>* <a class="code hl_variable" href="classpesieve_1_1_thread_scanner.html#ad455f81b20ec49dc2968d6f2db67ae13">symbols</a>;</div>
+<div class="line"><a id="l00149" name="l00149"></a><span class="lineno">  149</span>    };</div>
 </div>
-<div class="line"><a id="l00149" name="l00149"></a><span class="lineno">  149</span> </div>
-<div class="line"><a id="l00150" name="l00150"></a><span class="lineno">  150</span>}; <span class="comment">//namespace pesieve</span></div>
+<div class="line"><a id="l00150" name="l00150"></a><span class="lineno">  150</span> </div>
+<div class="line"><a id="l00151" name="l00151"></a><span class="lineno">  151</span>}; <span class="comment">//namespace pesieve</span></div>
 <div class="ttc" id="aclass_process_symbols_manager_html"><div class="ttname"><a href="class_process_symbols_manager.html">ProcessSymbolsManager</a></div><div class="ttdef"><b>Definition</b> <a href="process__symbols_8h_source.html#l00007">process_symbols.h:8</a></div></div>
 <div class="ttc" id="aclasspesieve_1_1_area_entropy_stats_html"><div class="ttname"><a href="classpesieve_1_1_area_entropy_stats.html">pesieve::AreaEntropyStats</a></div><div class="ttdef"><b>Definition</b> <a href="entropy__stats_8h_source.html#l00009">entropy_stats.h:9</a></div></div>
 <div class="ttc" id="aclasspesieve_1_1_area_stats_html_a3005dfc8cd36c15290a724a29ee09a63"><div class="ttname"><a href="classpesieve_1_1_area_stats.html#a3005dfc8cd36c15290a724a29ee09a63">pesieve::AreaStats::isFilled</a></div><div class="ttdeci">bool isFilled() const</div><div class="ttdef"><b>Definition</b> <a href="stats_8h_source.html#l00040">stats.h:40</a></div></div>
@@ -280,21 +281,21 @@
 <div class="ttc" id="aclasspesieve_1_1_thread_scan_report_html_acfe24bd84475b4de990f163e131a99e4"><div class="ttname"><a href="classpesieve_1_1_thread_scan_report.html#acfe24bd84475b4de990f163e131a99e4">pesieve::ThreadScanReport::thread_wait_reason</a></div><div class="ttdeci">DWORD thread_wait_reason</div><div class="ttdef"><b>Definition</b> <a href="#l00087">thread_scanner.h:87</a></div></div>
 <div class="ttc" id="aclasspesieve_1_1_thread_scan_report_html_af00f4e4ed6eb563a6e55c651e1bb552f"><div class="ttname"><a href="classpesieve_1_1_thread_scan_report.html#af00f4e4ed6eb563a6e55c651e1bb552f">pesieve::ThreadScanReport::toJSON</a></div><div class="ttdeci">virtual const bool toJSON(std::stringstream &amp;outs, size_t level, const pesieve::t_json_level &amp;jdetails)</div><div class="ttdef"><b>Definition</b> <a href="#l00074">thread_scanner.h:74</a></div></div>
 <div class="ttc" id="aclasspesieve_1_1_thread_scan_report_html_af30839203957e838bc299232e05ab735"><div class="ttname"><a href="classpesieve_1_1_thread_scan_report.html#af30839203957e838bc299232e05ab735">pesieve::ThreadScanReport::translate_thread_state</a></div><div class="ttdeci">static std::string translate_thread_state(DWORD thread_state)</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8cpp_source.html#l00118">thread_scanner.cpp:118</a></div></div>
-<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html">pesieve::ThreadScanner</a></div><div class="ttdef"><b>Definition</b> <a href="#l00122">thread_scanner.h:122</a></div></div>
-<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_a0b863bc69b85ae721666a1e3c6116937"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#a0b863bc69b85ae721666a1e3c6116937">pesieve::ThreadScanner::ThreadScanner</a></div><div class="ttdeci">ThreadScanner(HANDLE hProc, bool _isReflection, const util::thread_info &amp;_info, ModulesInfo &amp;_modulesInfo, peconv::ExportsMapper *_exportsMap, ProcessSymbolsManager *_symbols)</div><div class="ttdef"><b>Definition</b> <a href="#l00124">thread_scanner.h:124</a></div></div>
-<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_a121637d2eb96737a16a8bd43d5017d2a"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#a121637d2eb96737a16a8bd43d5017d2a">pesieve::ThreadScanner::isReflection</a></div><div class="ttdeci">bool isReflection</div><div class="ttdef"><b>Definition</b> <a href="#l00143">thread_scanner.h:143</a></div></div>
-<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_a23839353374eedcda7c92b0c7ce6b3bf"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#a23839353374eedcda7c92b0c7ce6b3bf">pesieve::ThreadScanner::scanRemote</a></div><div class="ttdeci">virtual ThreadScanReport * scanRemote()</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8cpp_source.html#l00398">thread_scanner.cpp:398</a></div></div>
-<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_a36850edb808d4be733631fa2bcd3b7b4"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#a36850edb808d4be733631fa2bcd3b7b4">pesieve::ThreadScanner::reportSuspiciousAddr</a></div><div class="ttdeci">bool reportSuspiciousAddr(ThreadScanReport *my_report, ULONGLONG susp_addr)</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8cpp_source.html#l00349">thread_scanner.cpp:349</a></div></div>
-<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_a69820b7fd6f60e4f136b6d71e03cb28d"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#a69820b7fd6f60e4f136b6d71e03cb28d">pesieve::ThreadScanner::fillStackFrameInfo</a></div><div class="ttdeci">size_t fillStackFrameInfo(IN HANDLE hProcess, IN HANDLE hThread, IN LPVOID ctx, IN OUT ctx_details &amp;cDetails)</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8cpp_source.html#l00194">thread_scanner.cpp:194</a></div></div>
-<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_a75c0be0ec6ea82b700f3ca5e846a0675"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#a75c0be0ec6ea82b700f3ca5e846a0675">pesieve::ThreadScanner::printThreadInfo</a></div><div class="ttdeci">void printThreadInfo(const util::thread_info &amp;threadi)</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8cpp_source.html#l00305">thread_scanner.cpp:305</a></div></div>
-<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_a79df00ed9c178f7eab47cbb8ee43dd42"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#a79df00ed9c178f7eab47cbb8ee43dd42">pesieve::ThreadScanner::fillAreaStats</a></div><div class="ttdeci">bool fillAreaStats(ThreadScanReport *my_report)</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8cpp_source.html#l00336">thread_scanner.cpp:336</a></div></div>
-<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_a912120f6549a8b27c3e8166ccd2511cf"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#a912120f6549a8b27c3e8166ccd2511cf">pesieve::ThreadScanner::isAddrInShellcode</a></div><div class="ttdeci">bool isAddrInShellcode(ULONGLONG addr)</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8cpp_source.html#l00263">thread_scanner.cpp:263</a></div></div>
-<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_aa32fde697d92f5f545c9d2faa5ade268"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#aa32fde697d92f5f545c9d2faa5ade268">pesieve::ThreadScanner::exportsMap</a></div><div class="ttdeci">peconv::ExportsMapper * exportsMap</div><div class="ttdef"><b>Definition</b> <a href="#l00146">thread_scanner.h:146</a></div></div>
-<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_aa4261219925db9cf54c61714dc5234b9"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#aa4261219925db9cf54c61714dc5234b9">pesieve::ThreadScanner::info</a></div><div class="ttdeci">const util::thread_info &amp; info</div><div class="ttdef"><b>Definition</b> <a href="#l00144">thread_scanner.h:144</a></div></div>
-<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_ab1cc74daf162025643c225c29cd8225b"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#ab1cc74daf162025643c225c29cd8225b">pesieve::ThreadScanner::fetchThreadCtxDetails</a></div><div class="ttdeci">bool fetchThreadCtxDetails(IN HANDLE hProcess, IN HANDLE hThread, OUT ctx_details &amp;c)</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8cpp_source.html#l00229">thread_scanner.cpp:229</a></div></div>
-<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_ac35db3f1ec2765f9dda550b04f0cb9ee"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#ac35db3f1ec2765f9dda550b04f0cb9ee">pesieve::ThreadScanner::printResolvedAddr</a></div><div class="ttdeci">bool printResolvedAddr(ULONGLONG addr)</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8cpp_source.html#l00275">thread_scanner.cpp:275</a></div></div>
-<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_ad455f81b20ec49dc2968d6f2db67ae13"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#ad455f81b20ec49dc2968d6f2db67ae13">pesieve::ThreadScanner::symbols</a></div><div class="ttdeci">ProcessSymbolsManager * symbols</div><div class="ttdef"><b>Definition</b> <a href="#l00147">thread_scanner.h:147</a></div></div>
-<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_ae52ae17b09541a02b7be5c288eb220fd"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#ae52ae17b09541a02b7be5c288eb220fd">pesieve::ThreadScanner::modulesInfo</a></div><div class="ttdeci">ModulesInfo &amp; modulesInfo</div><div class="ttdef"><b>Definition</b> <a href="#l00145">thread_scanner.h:145</a></div></div>
+<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html">pesieve::ThreadScanner</a></div><div class="ttdef"><b>Definition</b> <a href="#l00123">thread_scanner.h:123</a></div></div>
+<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_a0b863bc69b85ae721666a1e3c6116937"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#a0b863bc69b85ae721666a1e3c6116937">pesieve::ThreadScanner::ThreadScanner</a></div><div class="ttdeci">ThreadScanner(HANDLE hProc, bool _isReflection, const util::thread_info &amp;_info, ModulesInfo &amp;_modulesInfo, peconv::ExportsMapper *_exportsMap, ProcessSymbolsManager *_symbols)</div><div class="ttdef"><b>Definition</b> <a href="#l00125">thread_scanner.h:125</a></div></div>
+<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_a121637d2eb96737a16a8bd43d5017d2a"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#a121637d2eb96737a16a8bd43d5017d2a">pesieve::ThreadScanner::isReflection</a></div><div class="ttdeci">bool isReflection</div><div class="ttdef"><b>Definition</b> <a href="#l00144">thread_scanner.h:144</a></div></div>
+<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_a23839353374eedcda7c92b0c7ce6b3bf"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#a23839353374eedcda7c92b0c7ce6b3bf">pesieve::ThreadScanner::scanRemote</a></div><div class="ttdeci">virtual ThreadScanReport * scanRemote()</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8cpp_source.html#l00399">thread_scanner.cpp:399</a></div></div>
+<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_a36850edb808d4be733631fa2bcd3b7b4"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#a36850edb808d4be733631fa2bcd3b7b4">pesieve::ThreadScanner::reportSuspiciousAddr</a></div><div class="ttdeci">bool reportSuspiciousAddr(ThreadScanReport *my_report, ULONGLONG susp_addr)</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8cpp_source.html#l00350">thread_scanner.cpp:350</a></div></div>
+<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_a69820b7fd6f60e4f136b6d71e03cb28d"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#a69820b7fd6f60e4f136b6d71e03cb28d">pesieve::ThreadScanner::fillStackFrameInfo</a></div><div class="ttdeci">size_t fillStackFrameInfo(IN HANDLE hProcess, IN HANDLE hThread, IN LPVOID ctx, IN OUT ctx_details &amp;cDetails)</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8cpp_source.html#l00195">thread_scanner.cpp:195</a></div></div>
+<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_a75c0be0ec6ea82b700f3ca5e846a0675"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#a75c0be0ec6ea82b700f3ca5e846a0675">pesieve::ThreadScanner::printThreadInfo</a></div><div class="ttdeci">void printThreadInfo(const util::thread_info &amp;threadi)</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8cpp_source.html#l00306">thread_scanner.cpp:306</a></div></div>
+<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_a79df00ed9c178f7eab47cbb8ee43dd42"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#a79df00ed9c178f7eab47cbb8ee43dd42">pesieve::ThreadScanner::fillAreaStats</a></div><div class="ttdeci">bool fillAreaStats(ThreadScanReport *my_report)</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8cpp_source.html#l00337">thread_scanner.cpp:337</a></div></div>
+<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_a912120f6549a8b27c3e8166ccd2511cf"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#a912120f6549a8b27c3e8166ccd2511cf">pesieve::ThreadScanner::isAddrInShellcode</a></div><div class="ttdeci">bool isAddrInShellcode(ULONGLONG addr)</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8cpp_source.html#l00264">thread_scanner.cpp:264</a></div></div>
+<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_aa32fde697d92f5f545c9d2faa5ade268"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#aa32fde697d92f5f545c9d2faa5ade268">pesieve::ThreadScanner::exportsMap</a></div><div class="ttdeci">peconv::ExportsMapper * exportsMap</div><div class="ttdef"><b>Definition</b> <a href="#l00147">thread_scanner.h:147</a></div></div>
+<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_aa4261219925db9cf54c61714dc5234b9"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#aa4261219925db9cf54c61714dc5234b9">pesieve::ThreadScanner::info</a></div><div class="ttdeci">const util::thread_info &amp; info</div><div class="ttdef"><b>Definition</b> <a href="#l00145">thread_scanner.h:145</a></div></div>
+<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_ab1cc74daf162025643c225c29cd8225b"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#ab1cc74daf162025643c225c29cd8225b">pesieve::ThreadScanner::fetchThreadCtxDetails</a></div><div class="ttdeci">bool fetchThreadCtxDetails(IN HANDLE hProcess, IN HANDLE hThread, OUT ctx_details &amp;c)</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8cpp_source.html#l00230">thread_scanner.cpp:230</a></div></div>
+<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_ac35db3f1ec2765f9dda550b04f0cb9ee"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#ac35db3f1ec2765f9dda550b04f0cb9ee">pesieve::ThreadScanner::printResolvedAddr</a></div><div class="ttdeci">bool printResolvedAddr(ULONGLONG addr)</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8cpp_source.html#l00276">thread_scanner.cpp:276</a></div></div>
+<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_ad455f81b20ec49dc2968d6f2db67ae13"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#ad455f81b20ec49dc2968d6f2db67ae13">pesieve::ThreadScanner::symbols</a></div><div class="ttdeci">ProcessSymbolsManager * symbols</div><div class="ttdef"><b>Definition</b> <a href="#l00148">thread_scanner.h:148</a></div></div>
+<div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_ae52ae17b09541a02b7be5c288eb220fd"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#ae52ae17b09541a02b7be5c288eb220fd">pesieve::ThreadScanner::modulesInfo</a></div><div class="ttdeci">ModulesInfo &amp; modulesInfo</div><div class="ttdef"><b>Definition</b> <a href="#l00146">thread_scanner.h:146</a></div></div>
 <div class="ttc" id="aclasspesieve_1_1_thread_scanner_html_ae67285f50239657076a865f1b2d82ed7"><div class="ttname"><a href="classpesieve_1_1_thread_scanner.html#ae67285f50239657076a865f1b2d82ed7">pesieve::ThreadScanner::analyzeStackFrames</a></div><div class="ttdeci">size_t analyzeStackFrames(IN const std::vector&lt; ULONGLONG &gt; stack_frame, IN OUT ctx_details &amp;cDetails)</div><div class="ttdef"><b>Definition</b> <a href="thread__scanner_8cpp_source.html#l00139">thread_scanner.cpp:139</a></div></div>
 <div class="ttc" id="aclasspesieve_1_1t__json__level_html"><div class="ttname"><a href="classpesieve_1_1t__json__level.html">pesieve.t_json_level</a></div><div class="ttdef"><b>Definition</b> <a href="pesieve_8py_source.html#l00082">pesieve.py:82</a></div></div>
 <div class="ttc" id="aentropy__stats_8h_html"><div class="ttname"><a href="entropy__stats_8h.html">entropy_stats.h</a></div></div>
@@ -305,12 +306,13 @@
 <div class="ttc" id="aprocess__symbols_8h_html"><div class="ttname"><a href="process__symbols_8h.html">process_symbols.h</a></div></div>
 <div class="ttc" id="astats_8h_html"><div class="ttname"><a href="stats_8h.html">stats.h</a></div></div>
 <div class="ttc" id="astructpesieve_1_1__ctx__details_html"><div class="ttname"><a href="structpesieve_1_1__ctx__details.html">pesieve::_ctx_details</a></div><div class="ttdoc">A custom structure keeping a fragment of a thread context.</div><div class="ttdef"><b>Definition</b> <a href="#l00093">thread_scanner.h:93</a></div></div>
-<div class="ttc" id="astructpesieve_1_1__ctx__details_html_a0934e6ecb1c6e65150bfa4d4641cb517"><div class="ttname"><a href="structpesieve_1_1__ctx__details.html#a0934e6ecb1c6e65150bfa4d4641cb517">pesieve::_ctx_details::init</a></div><div class="ttdeci">void init(bool _is64b=false, ULONGLONG _rip=0, ULONGLONG _rsp=0, ULONGLONG _rbp=0, ULONGLONG _ret_addr=0)</div><div class="ttdef"><b>Definition</b> <a href="#l00109">thread_scanner.h:109</a></div></div>
-<div class="ttc" id="astructpesieve_1_1__ctx__details_html_a4b5f5a030c362877e2772ab3493e0d6f"><div class="ttname"><a href="structpesieve_1_1__ctx__details.html#a4b5f5a030c362877e2772ab3493e0d6f">pesieve::_ctx_details::ret_addr</a></div><div class="ttdeci">ULONGLONG ret_addr</div><div class="ttdef"><b>Definition</b> <a href="#l00098">thread_scanner.h:98</a></div></div>
+<div class="ttc" id="astructpesieve_1_1__ctx__details_html_a0934e6ecb1c6e65150bfa4d4641cb517"><div class="ttname"><a href="structpesieve_1_1__ctx__details.html#a0934e6ecb1c6e65150bfa4d4641cb517">pesieve::_ctx_details::init</a></div><div class="ttdeci">void init(bool _is64b=false, ULONGLONG _rip=0, ULONGLONG _rsp=0, ULONGLONG _rbp=0, ULONGLONG _ret_addr=0)</div><div class="ttdef"><b>Definition</b> <a href="#l00110">thread_scanner.h:110</a></div></div>
+<div class="ttc" id="astructpesieve_1_1__ctx__details_html_a44ca7a32918f0eab5a8d9cf14080e0c0"><div class="ttname"><a href="structpesieve_1_1__ctx__details.html#a44ca7a32918f0eab5a8d9cf14080e0c0">pesieve::_ctx_details::shcCandidates</a></div><div class="ttdeci">std::set&lt; ULONGLONG &gt; shcCandidates</div><div class="ttdef"><b>Definition</b> <a href="#l00101">thread_scanner.h:101</a></div></div>
 <div class="ttc" id="astructpesieve_1_1__ctx__details_html_a5868fc0792120aa74a5fab5ab1a5eeb6"><div class="ttname"><a href="structpesieve_1_1__ctx__details.html#a5868fc0792120aa74a5fab5ab1a5eeb6">pesieve::_ctx_details::rbp</a></div><div class="ttdeci">ULONGLONG rbp</div><div class="ttdef"><b>Definition</b> <a href="#l00097">thread_scanner.h:97</a></div></div>
 <div class="ttc" id="astructpesieve_1_1__ctx__details_html_a6dc0bc061045467c3d71b6644adf68b4"><div class="ttname"><a href="structpesieve_1_1__ctx__details.html#a6dc0bc061045467c3d71b6644adf68b4">pesieve::_ctx_details::rip</a></div><div class="ttdeci">ULONGLONG rip</div><div class="ttdef"><b>Definition</b> <a href="#l00095">thread_scanner.h:95</a></div></div>
 <div class="ttc" id="astructpesieve_1_1__ctx__details_html_a8add5038bb0b71c10646482ba2bbcaaa"><div class="ttname"><a href="structpesieve_1_1__ctx__details.html#a8add5038bb0b71c10646482ba2bbcaaa">pesieve::_ctx_details::is_managed</a></div><div class="ttdeci">bool is_managed</div><div class="ttdef"><b>Definition</b> <a href="#l00099">thread_scanner.h:99</a></div></div>
-<div class="ttc" id="astructpesieve_1_1__ctx__details_html_a973d23630a3057a9e1fc500c5bccb639"><div class="ttname"><a href="structpesieve_1_1__ctx__details.html#a973d23630a3057a9e1fc500c5bccb639">pesieve::_ctx_details::_ctx_details</a></div><div class="ttdeci">_ctx_details(bool _is64b=false, ULONGLONG _rip=0, ULONGLONG _rsp=0, ULONGLONG _rbp=0, ULONGLONG _ret_addr=0)</div><div class="ttdef"><b>Definition</b> <a href="#l00102">thread_scanner.h:102</a></div></div>
+<div class="ttc" id="astructpesieve_1_1__ctx__details_html_a973d23630a3057a9e1fc500c5bccb639"><div class="ttname"><a href="structpesieve_1_1__ctx__details.html#a973d23630a3057a9e1fc500c5bccb639">pesieve::_ctx_details::_ctx_details</a></div><div class="ttdeci">_ctx_details(bool _is64b=false, ULONGLONG _rip=0, ULONGLONG _rsp=0, ULONGLONG _rbp=0, ULONGLONG _ret_addr=0)</div><div class="ttdef"><b>Definition</b> <a href="#l00103">thread_scanner.h:103</a></div></div>
+<div class="ttc" id="astructpesieve_1_1__ctx__details_html_a98c61b583bcc9251354d2e199b1c5523"><div class="ttname"><a href="structpesieve_1_1__ctx__details.html#a98c61b583bcc9251354d2e199b1c5523">pesieve::_ctx_details::last_ret</a></div><div class="ttdeci">ULONGLONG last_ret</div><div class="ttdef"><b>Definition</b> <a href="#l00098">thread_scanner.h:98</a></div></div>
 <div class="ttc" id="astructpesieve_1_1__ctx__details_html_aabca56adbcd0155923d8e6b0e62599c5"><div class="ttname"><a href="structpesieve_1_1__ctx__details.html#aabca56adbcd0155923d8e6b0e62599c5">pesieve::_ctx_details::stackFramesCount</a></div><div class="ttdeci">size_t stackFramesCount</div><div class="ttdef"><b>Definition</b> <a href="#l00100">thread_scanner.h:100</a></div></div>
 <div class="ttc" id="astructpesieve_1_1__ctx__details_html_ab19759b888e6034d29dcaf6cedeed9bd"><div class="ttname"><a href="structpesieve_1_1__ctx__details.html#ab19759b888e6034d29dcaf6cedeed9bd">pesieve::_ctx_details::rsp</a></div><div class="ttdeci">ULONGLONG rsp</div><div class="ttdef"><b>Definition</b> <a href="#l00096">thread_scanner.h:96</a></div></div>
 <div class="ttc" id="astructpesieve_1_1__ctx__details_html_ad0c5e14eb1bb6d1bef2421752eb5e298"><div class="ttname"><a href="structpesieve_1_1__ctx__details.html#ad0c5e14eb1bb6d1bef2421752eb5e298">pesieve::_ctx_details::is64b</a></div><div class="ttdeci">bool is64b</div><div class="ttdef"><b>Definition</b> <a href="#l00094">thread_scanner.h:94</a></div></div>