From be877b93aadd327d373f6989b00fedb9167dcdeb Mon Sep 17 00:00:00 2001
From: Kevin Mayer <Kevin.Mayer@gdata.de>
Date: Thu, 14 Sep 2023 16:09:38 +0200
Subject: [PATCH] WIP: fix failing functions/parameters

---
 .../configuration/configuration.yml           |  3 +++
 .../test/FunctionDefinitions_UnitTest.cpp     | 15 +++++++++++-
 .../test/testFunctionDefinitions.yaml         | 24 +++++++++++++++++++
 3 files changed, 41 insertions(+), 1 deletion(-)

diff --git a/plugins/apitracing/configuration/configuration.yml b/plugins/apitracing/configuration/configuration.yml
index a13ae1fa..d900547f 100644
--- a/plugins/apitracing/configuration/configuration.yml
+++ b/plugins/apitracing/configuration/configuration.yml
@@ -6,6 +6,9 @@ profiles:
     traced_modules:
       ntdll.dll:
         - LdrLoadDll
+        - NtOpenProcess
+        - NtOpenThread
+        - NtGetContextThread
   calc:
     trace_children: true
     traced_modules:
diff --git a/plugins/apitracing/test/FunctionDefinitions_UnitTest.cpp b/plugins/apitracing/test/FunctionDefinitions_UnitTest.cpp
index ea8e95d1..2854a0c3 100644
--- a/plugins/apitracing/test/FunctionDefinitions_UnitTest.cpp
+++ b/plugins/apitracing/test/FunctionDefinitions_UnitTest.cpp
@@ -15,8 +15,9 @@ namespace ApiTracing
 
         void SetUp() override
         {
+            auto functionDefinitionsPath = std::filesystem::path("testFunctionDefinitions.yaml");
             functionDefinitions =
-                std::make_shared<FunctionDefinitions>(std::filesystem::path("testFunctionDefinitions.yaml"));
+                std::make_shared<FunctionDefinitions>(functionDefinitionsPath);
             functionDefinitions->init();
         }
 
@@ -64,6 +65,18 @@ namespace ApiTracing
                      std::runtime_error);
     }
 
+    TEST_F(FunctionDefinitionsTestFixture, getFunctionParameterDefinitions_NtOpenProcess_nothrow)
+    {
+        EXPECT_NO_THROW(auto ret = functionDefinitions->getFunctionParameterDefinitions(
+                         "ntdll.dll", "NtOpenProcess", ConstantDefinitions::x64AddressWidth));
+    }
+
+    TEST_F(FunctionDefinitionsTestFixture, getFunctionParameterDefinitions_NtTerminateThread_nothrow)
+    {
+        EXPECT_NO_THROW(auto ret = functionDefinitions->getFunctionParameterDefinitions(
+                            "ntdll.dll", "NtTerminateThread", ConstantDefinitions::x64AddressWidth));
+    }
+
     TEST_F(FunctionDefinitionsTestFixture,
            getFunctionParameterDefinitions_validFunction32And64Bit_correctParameterInformation)
     {
diff --git a/plugins/apitracing/test/testFunctionDefinitions.yaml b/plugins/apitracing/test/testFunctionDefinitions.yaml
index 0a2db833..0173fac3 100644
--- a/plugins/apitracing/test/testFunctionDefinitions.yaml
+++ b/plugins/apitracing/test/testFunctionDefinitions.yaml
@@ -37,6 +37,30 @@ Modules:
       ReturnParameters:
         - FileHandle
         - IoStatusBlock
+    NtGetContextThread:
+      Parameters:
+        ThreadHandle: HANDLE
+        Context: LPCONTEXT
+      ReturnValue: NTSTATUS
+    NtOpenProcess:
+      Parameters:
+        ProcessHandle: PHANDLE
+        DesiredAccess: ACCESS_MASK
+        ObjectAttributes: POBJECT_ATTRIBUTES
+        ClientId: PCLIENT_ID
+      ReturnValue: NTSTATUS
+    NtOpenThread:
+      Parameters:
+        ThreadHandle: PHANDLE
+        DesiredAccess: ACCESS_MASK
+        ObjectAttributes: POBJECT_ATTRIBUTES
+        ClientId: PCLIENT_ID
+      ReturnValue: NTSTATUS
+    NtTerminateThread:
+      Parameters:
+        ThreadHandle: HANDLE
+        ExitStatus: NTSTATUS
+      ReturnValue: NTSTATUS
 Structures:
   POBJECT_ATTRIBUTES:
     Length: