pub fn walk_kernel_threads<P: PhysicalMemoryProvider>(
reader: &ObjectReader<P>,
processes: &[ProcessInfo],
) -> Result<Vec<KernelThreadInfo>>Expand description
Walk the given process list and extract kernel thread information.
Kernel threads are identified by having cr3 == None (mm pointer is
NULL). For each kernel thread, the thread function pointer is read
from memory when available, and the thread is classified for anomalies.
Returns Ok(Vec::new()) when required symbols are missing.