Windows: Remove VAD length check in thread enumeration

This exclusion of threads where there are < 5 vads seems to filter valid
threads (at least, threads where the start address or Win32 start
address values are readable and valid disassembly, and the start time
makes sense in the context of the parent process).

Author: dgmcdona

volatility3/framework/plugins/windows/thrdscan.py

@@ -131,17 +131,16 @@ def gather_thread_info(
             vads = pe_symbols.PESymbols.get_vads_for_process_cache(
                 vads_cache, owner_proc
             )
-            if not vads or len(vads) < 5:
-                vollog.debug(
-                    f"Not enough vads for process at {owner_proc.vol.offset:#x}. Skipping thread at {ethread.vol.offset:#x}"
-                )
-                return None
 
-            start_path = pe_symbols.PESymbols.filepath_for_address(
-                vads, thread_start_addr
+            start_path = (
+                pe_symbols.PESymbols.filepath_for_address(vads, thread_start_addr)
+                if vads
+                else None
             )
-            win32start_path = pe_symbols.PESymbols.filepath_for_address(
-                vads, thread_win32start_addr
+            win32start_path = (
+                pe_symbols.PESymbols.filepath_for_address(vads, thread_win32start_addr)
+                if vads
+                else None
             )
         else:
             start_path = None