integrate thread enumeration into CLI scanning
This commit is contained in:
Adir Shitrit
@@ -1,5 +1,5 @@
|
|||||||
use anyhow::Result;
|
use anyhow::Result;
|
||||||
use ghost_core::{memory, process, DetectionEngine, ThreatLevel};
|
use ghost_core::{memory, process, thread, DetectionEngine, ThreatLevel};
|
||||||
|
|
||||||
fn main() -> Result<()> {
|
fn main() -> Result<()> {
|
||||||
env_logger::init();
|
env_logger::init();
|
||||||
@@ -15,7 +15,9 @@ fn main() -> Result<()> {
|
|||||||
|
|
||||||
for proc in &processes {
|
for proc in &processes {
|
||||||
if let Ok(regions) = memory::enumerate_memory_regions(proc.pid) {
|
if let Ok(regions) = memory::enumerate_memory_regions(proc.pid) {
|
||||||
let result = engine.analyze_process(proc, ®ions);
|
// Get thread information if available
|
||||||
|
let threads = thread::enumerate_threads(proc.pid).ok();
|
||||||
|
let result = engine.analyze_process(proc, ®ions, threads.as_deref());
|
||||||
|
|
||||||
if result.threat_level != ThreatLevel::Clean {
|
if result.threat_level != ThreatLevel::Clean {
|
||||||
detections.push(result);
|
detections.push(result);
|
||||||
|
|||||||
Reference in New Issue
Block a user