Attach exisiting process: find rip in thread context

[Wenzel]

Currently we attach to a process by listening to CR3 events.

We should enumerate the threads, pick the first one, find the thread context and read the value of rip where the thread is supposed to continue the execution.