WIP: fix failing functions/parameters

GDATASoftwareAG · Sep 15, 2023 · be877b9 · be877b9
1 parent 748a1bb
commit be877b9
Show file tree

Hide file tree

Showing 3 changed files with 41 additions and 1 deletion.
diff --git a/plugins/apitracing/configuration/configuration.yml b/plugins/apitracing/configuration/configuration.yml
@@ -6,6 +6,9 @@ profiles:
     traced_modules:
       ntdll.dll:
         - LdrLoadDll
+        - NtOpenProcess
+        - NtOpenThread
+        - NtGetContextThread
   calc:
     trace_children: true
     traced_modules:

diff --git a/plugins/apitracing/test/FunctionDefinitions_UnitTest.cpp b/plugins/apitracing/test/FunctionDefinitions_UnitTest.cpp
@@ -15,8 +15,9 @@ namespace ApiTracing
 
         void SetUp() override
         {
+            auto functionDefinitionsPath = std::filesystem::path("testFunctionDefinitions.yaml");
             functionDefinitions =
-                std::make_shared<FunctionDefinitions>(std::filesystem::path("testFunctionDefinitions.yaml"));
+                std::make_shared<FunctionDefinitions>(functionDefinitionsPath);
             functionDefinitions->init();
         }
 
@@ -64,6 +65,18 @@ namespace ApiTracing
                      std::runtime_error);
     }
 
+    TEST_F(FunctionDefinitionsTestFixture, getFunctionParameterDefinitions_NtOpenProcess_nothrow)
+    {
+        EXPECT_NO_THROW(auto ret = functionDefinitions->getFunctionParameterDefinitions(
+                         "ntdll.dll", "NtOpenProcess", ConstantDefinitions::x64AddressWidth));
+    }
+
+    TEST_F(FunctionDefinitionsTestFixture, getFunctionParameterDefinitions_NtTerminateThread_nothrow)
+    {
+        EXPECT_NO_THROW(auto ret = functionDefinitions->getFunctionParameterDefinitions(
+                            "ntdll.dll", "NtTerminateThread", ConstantDefinitions::x64AddressWidth));
+    }
+
     TEST_F(FunctionDefinitionsTestFixture,
            getFunctionParameterDefinitions_validFunction32And64Bit_correctParameterInformation)
     {

diff --git a/plugins/apitracing/test/testFunctionDefinitions.yaml b/plugins/apitracing/test/testFunctionDefinitions.yaml
@@ -37,6 +37,30 @@ Modules:
       ReturnParameters:
         - FileHandle
         - IoStatusBlock
+    NtGetContextThread:
+      Parameters:
+        ThreadHandle: HANDLE
+        Context: LPCONTEXT
+      ReturnValue: NTSTATUS
+    NtOpenProcess:
+      Parameters:
+        ProcessHandle: PHANDLE
+        DesiredAccess: ACCESS_MASK
+        ObjectAttributes: POBJECT_ATTRIBUTES
+        ClientId: PCLIENT_ID
+      ReturnValue: NTSTATUS
+    NtOpenThread:
+      Parameters:
+        ThreadHandle: PHANDLE
+        DesiredAccess: ACCESS_MASK
+        ObjectAttributes: POBJECT_ATTRIBUTES
+        ClientId: PCLIENT_ID
+      ReturnValue: NTSTATUS
+    NtTerminateThread:
+      Parameters:
+        ThreadHandle: HANDLE
+        ExitStatus: NTSTATUS
+      ReturnValue: NTSTATUS
 Structures:
   POBJECT_ATTRIBUTES:
     Length: