From fd920b33ddef77190a2a2c966904db592e0bc2f5 Mon Sep 17 00:00:00 2001
From: rabbitstack <rabbitstack7@gmail.com>
Date: Mon, 13 Oct 2025 18:48:14 +0200
Subject: [PATCH] fix(tests): Try to stabilize flaky tests

---
 internal/etw/source_test.go | 49 +++++++++++--------------------------
 pkg/pe/parser_test.go       |  7 +++---
 2 files changed, 18 insertions(+), 38 deletions(-)

diff --git a/internal/etw/source_test.go b/internal/etw/source_test.go
index 88b27c1ce..0447a01af 100644
--- a/internal/etw/source_test.go
+++ b/internal/etw/source_test.go
@@ -20,6 +20,18 @@ package etw
 import (
 	"context"
 	"fmt"
+	"net"
+	"net/http"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"runtime"
+	"strings"
+	"syscall"
+	"testing"
+	"time"
+	"unsafe"
+
 	"github.com/rabbitstack/fibratus/internal/evasion"
 	"github.com/rabbitstack/fibratus/pkg/config"
 	"github.com/rabbitstack/fibratus/pkg/event"
@@ -39,17 +51,6 @@ import (
 	"github.com/stretchr/testify/require"
 	"golang.org/x/sys/windows"
 	"golang.org/x/sys/windows/registry"
-	"net"
-	"net/http"
-	"os"
-	"os/exec"
-	"path/filepath"
-	"runtime"
-	"strings"
-	"syscall"
-	"testing"
-	"time"
-	"unsafe"
 )
 
 // MockListener receives the event and does nothing but indicating the event was processed.
@@ -626,30 +627,8 @@ func TestEventSourceAllEvents(t *testing.T) {
 		{
 			"duplicate handle",
 			func() error {
-				var si windows.StartupInfo
-				var pi windows.ProcessInformation
-				argv, err := windows.UTF16PtrFromString(filepath.Join(os.Getenv("windir"), "notepad.exe"))
-				if err != nil {
-					return err
-				}
-				err = windows.CreateProcess(
-					nil,
-					argv,
-					nil,
-					nil,
-					true,
-					0,
-					nil,
-					nil,
-					&si,
-					&pi)
-				if err != nil {
-					return err
-				}
-				time.Sleep(time.Second)
-				defer windows.TerminateProcess(pi.Process, 0)
 				hs := handle.NewSnapshotter(&config.Config{EnumerateHandles: true}, nil)
-				handles, err := hs.FindHandles(pi.ProcessId)
+				handles, err := hs.FindHandles(uint32(os.Getppid()))
 				if err != nil {
 					return err
 				}
@@ -660,7 +639,7 @@ func TestEventSourceAllEvents(t *testing.T) {
 					}
 				}
 				assert.False(t, dupHandleID == 0)
-				dup, err := handle.Duplicate(dupHandleID, pi.ProcessId, windows.KEY_READ)
+				dup, err := handle.Duplicate(dupHandleID, uint32(os.Getppid()), 0)
 				if err != nil {
 					return err
 				}
diff --git a/pkg/pe/parser_test.go b/pkg/pe/parser_test.go
index 9443e1384..28e3fe645 100644
--- a/pkg/pe/parser_test.go
+++ b/pkg/pe/parser_test.go
@@ -19,12 +19,13 @@
 package pe
 
 import (
-	"github.com/stretchr/testify/require"
-	"golang.org/x/sys/windows"
 	"os"
 	"path/filepath"
 	"testing"
 	"time"
+
+	"github.com/stretchr/testify/require"
+	"golang.org/x/sys/windows"
 )
 
 func TestParseFile(t *testing.T) {
@@ -106,7 +107,7 @@ func TestParseMem(t *testing.T) {
 		executable       string
 		expectedSections int
 	}{
-		{filepath.Join(os.Getenv("windir"), "notepad.exe"), 7},
+		{filepath.Join(os.Getenv("windir"), "regedit.exe"), 8},
 	}
 
 	for _, tt := range tests {