####################################################################
#
# Sample Trace filter file for StraceNT
# Copyright (c) Pankaj Garg. All rights reserved
#
#
# Usage notes:
#
# EXCLUDES takes preference over INCLUDES. If an entry is specified
# in both EXCLUDE and INCLUDE, then it is excluded from the patching
#
# An empty entry for INCLUDES means "Patch ALL"
#
# An empty entry for EXCLUDES means "Exclude NONE"
#
####################################################################


####################################################################
#
# The diagram below shows how the modules and loaded and how import
# tables are specific to each module. The sample process is
# wordpad.exe
#
# Loaded_Module   Imported_Module    Imported_Functions
# -------------   ---------------    ------------------
# wordpad.exe
#                 |- gdi32.dll       (fgA, fgB, ...)
#                 |- kernel32.dll    (fkA, fkB, ...)
# gdi32.dll
#                 |- kernel32.dll    (fkA, fkX, fkY, ...)
# kernel32.dll
#                 |- ntdll.dll       (fnA, fnB, ...)
# ntdll.dll
#                 |- (No imports - Ntdll doesn't import anything)
# 
####################################################################


####################################################################
# Entries below specifies which modules of the process that are
# loaded or will be loaded in future using LoadLibrary should be
# patched. Loaded modules usually includes process Exe and other
# DLLs it loads.
#
# For example: If notepad.exe only uses kernel32.dll then its loaded
# modules will be "notepad.exe" and "kernel32.dll"
####################################################################

LOADED_MODULES_INCLUDES=
LOADED_MODULES_EXCLUDES=kernel32.dll;ntdll.dll;


####################################################################
# Entries below specifies which imported modules should we patch.
# Any loaded module i.e. either Exe or Dll can import functions from
# other modules and below you can specify which imported modules to
# patch and which to exclude.
#
# For example: If notepad.exe only uses kernel32.dll then loaded
# module notepad.exe's Import table will contain kernel32.dll's
# reference and loaded module kernel32.dll's Import table will
# contain reference to modules on which kernel32.dll is dependent
# (like NTDLL.dll)
####################################################################

IMP_MODULES_INCLUDES=kernel32.dll;
IMP_MODULES_EXCLUDES=


####################################################################
# It simply specifies which functions to patch and which functions
# to exclude. Function names are CASE SENSITIVE.
####################################################################

FUNCTIONS_INCLUDES=
FUNCTIONS_EXCLUDES=EnterCriticalSection;ReadProcessMemory;LeaveCriticalSection;IsBadReadPtr;InterlockedIncrement;InterlockedDecrement;


###############################################################
# The sample values given above will cause only functions
# imported from kernel32.dll to be patched. Modules Kernel32.dll
# and ntdll.dll will not be patched. Also the functions
# listed in FUNCTIONS_EXCLUDES will not be patched.
###############################################################
