[FEATURE] Filter out your own process from threads scan

hasherezade · Feb 9, 2022 · a833231 · a833231
1 parent 2cd8269
commit a833231
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 4 deletions.
diff --git a/scanners/scanner.cpp b/scanners/scanner.cpp
@@ -443,18 +443,23 @@ size_t pesieve::ProcessScanner::scanModulesIATs(ProcessScanReport &pReport) //th
 
 size_t pesieve::ProcessScanner::scanThreads(ProcessScanReport& pReport) //throws exceptions
 {
+	const DWORD pid = pReport.pid; //original PID, not a reflection!
+
+	//dont't scan your own threads - it may give wrong results:
+	if (pid == GetCurrentProcessId()) {
+		return 0;
+	}
+
 	const bool is_64bit = pesieve::util::is_process_64bit(this->processHandle);
 #ifndef _WIN64
 	if (is_64bit) return 0;
 #endif
-	
+
 	if (!args.quiet) {
 		std::cout << "Scanning threads." << std::endl;
 	}
 	ULONGLONG start_tick = GetTickCount64();
 
-	const DWORD pid = pReport.pid; //original PID, not a reflection!
-
 	std::vector<thread_info> threads_info;
 	if (!pesieve::util::fetch_threads_info(pid, threads_info)) { //extended info, but doesn't work on old Windows...
 

diff --git a/scanners/thread_scanner.h b/scanners/thread_scanner.h
@@ -68,7 +68,7 @@ namespace pesieve {
 	} thread_ctx;
 
 	//!  A scanner for threads
-	//! Based on the idea presented here: https://github.com/thefLink/Hunt-Sleeping-Beacons
+	//!  Stack-scan inspired by the idea presented here: https://github.com/thefLink/Hunt-Sleeping-Beacons
 	class ThreadScanner : public ProcessFeatureScanner {
 	public:
 		// neccessery to validly recognize stack frame