QA testing - Invalid calling convention for stop functions

[Dwordcito]

Target version	Related issue	Related PR
4.4	wazuh/wazuh#13077	wazuh/wazuh#14486

Description

Segmentation fault during shutdown on Windows.

Proposed checks

• Fresh Install 4.4: Check that no segfault is caused when stopping Windows Agent.
• Update - Check that no segfault is caused when stopping Windows Agent 🟢
• Fresh Install on brach with fix - Check that no segfault is caused when stopping Windows Agent 🟢
• Check AR IT

Steps to reproduce

• Install and register agent.
• Shutdown agent service through manage_agent.exe application.
• Check Application Event log.

Expected results

1. No segfault and error log in application event log..

Configuration and considerations

• Default.

[Deblintrake09]

Review data

Tester	PR commit
@Deblintrake09	d6e6d0b

Testing environment

OS	OS version	Deployment	Image/AMI	Notes
Centos	8	<LOCAL | Vagrant	qactl/centos_8
Windows	Server 2019	<LOCAL | Vagrant	qactl/windows_server2019

Tested packages

wazuh-manager	wazuh-agent
.rpm Manager	4.4 win agent --- dev branch win agent

Conclusion

Status

• In progress
• Pending Review
• Team leader approved
• Manager approved

[Deblintrake09]

Test on 4.4

Check that no segfault is caused when stopping Windows Agent 🔴

1. Install and Start windows Agent
   

2. Check Event Viewer for Application Errors - no application errors present 🟢
   

3. Stop Windows Agent

4. Check Event Viewer that No Application Error has been caused 🔴
   

5. Check alert in alerts.json

   # tail -f /var/ossec/logs/alerts/alerts.json | grep "Application Error"
   {"timestamp":"2022-08-09T18:47:41.342+0000","rule":{"level":9,"description":"Windows application error event.","id":"60602","firedtimes":1,"mail":false,"groups":["windows","windows_application","system_error"],"gdpr":["IV_35.7.d"],"gpg13":["4.3"]},"agent":{"id":"005","name":"WIN-JLGVA4CR4VI"},"manager":{"name":"c3"},"id":"1660070861.3143502","decoder":{"name":"windows_eventchannel"},"data":{"win":{"system":{"providerName":"Application Error","eventID":"1000","level":"2","task":"100","keywords":"0x80000000000000","systemTime":"2022-08-09T18:47:43.229327400Z","eventRecordID":"1390","channel":"Application","computer":"WIN-JLGVA4CR4VI","severityValue":"ERROR","message":"\"Faulting application name: wazuh-agent.exe, version: 0.0.0.0, time stamp: 0x62f2711c\r\nFaulting module name: sechost.dll, version: 10.0.17763.1, time stamp: 0xec52cb01\r\nException code: 0xc0000005\r\nFault offset: 0x00015896\r\nFaulting process id: 0x2f4\r\nFaulting application start time: 0x01d8ac2080b576ce\r\nFaulting application path: C:\\Program Files (x86)\\ossec-agent\\wazuh-agent.exe\r\nFaulting module path: C:\\Windows\\System32\\sechost.dll\r\nReport Id: f92bab6b-ba92-4b22-a0d0-90765a58884c\r\nFaulting package full name: \r\nFaulting package-relative application ID: \""},"eventdata":{"data":"wazuh-agent.exe, 0.0.0.0, 62f2711c, sechost.dll, 10.0.17763.1, ec52cb01, c0000005, 00015896, 2f4, 01d8ac2080b576ce, C:\\\\Program Files (x86)\\\\ossec-agent\\\\wazuh-agent.exe, C:\\\\Windows\\\\System32\\\\sechost.dll, f92bab6b-ba92-4b22-a0d0-90765a58884c"}}},"location":"EventChannel"}
   {"timestamp":"2022-08-09T18:50:24.657+0000","rule":{"level":9,"description":"Windows application error event.","id":"60602","firedtimes":2,"mail":false,"groups":["windows","windows_application","system_error"],"gdpr":["IV_35.7.d"],"gpg13":["4.3"]},"agent":{"id":"005","name":"WIN-JLGVA4CR4VI","ip":"FE80:0000:0000:0000:B1E6:42AF:E199:1398"},"manager":{"name":"c3"},"id":"1660071024.4467063","decoder":{"name":"windows_eventchannel"},"data":{"win":{"system":{"providerName":"Application Error","eventID":"1000","level":"2","task":"100","keywords":"0x80000000000000","systemTime":"2022-08-09T18:50:26.579304300Z","eventRecordID":"1398","channel":"Application","computer":"WIN-JLGVA4CR4VI","severityValue":"ERROR","message":"\"Faulting application name: wazuh-agent.exe, version: 0.0.0.0, time stamp: 0x62f2711c\r\nFaulting module name: sechost.dll, version: 10.0.17763.1, time stamp: 0xec52cb01\r\nException code: 0xc0000005\r\nFault offset: 0x00015896\r\nFaulting process id: 0x5c4\r\nFaulting application start time: 0x01d8ac208455dcd0\r\nFaulting application path: C:\\Program Files (x86)\\ossec-agent\\wazuh-agent.exe\r\nFaulting module path: C:\\Windows\\System32\\sechost.dll\r\nReport Id: fc8a40cf-0a04-47e2-9c3e-3e79ff360712\r\nFaulting package full name: \r\nFaulting package-relative application ID: \""},"eventdata":{"data":"wazuh-agent.exe, 0.0.0.0, 62f2711c, sechost.dll, 10.0.17763.1, ec52cb01, c0000005, 00015896, 5c4, 01d8ac208455dcd0, C:\\\\Program Files (x86)\\\\ossec-agent\\\\wazuh-agent.exe, C:\\\\Windows\\\\System32\\\\sechost.dll, fc8a40cf-0a04-47e2-9c3e-3e79ff360712"}}},"location":"EventChannel"}
   

Test on dev branch

Update - Check that no segfault is caused when stopping Windows Agent 🟢

1. Upgrade agent with fixed package and Start windows Agent
   

2. Check Event Viewer for Application Errors - Three application errors present 🟢
   

3. Stop Windows Agent
   

4. Check Event Viewer that No Application Error has been caused 🟢
   

5. Check alert in alerts.json

   # tail -f /var/ossec/logs/alerts/alerts.json | grep "Application Error"
   

Fresh Install - Check that no segfault is caused when stopping Windows Agent 🟢

1. Upgrade agent with fixed package and Start windows Agent
   

2. Check Event Viewer for Application Errors - Three application errors present 🟢
   

3. Stop Windows Agent
   

4. Check Event Viewer that No Application Error has been caused 🟢
   

5. Check alert in alerts.json

   # tail -f /var/ossec/logs/alerts/alerts.json | grep "Application Error"
   

Check AR IT

Test Active Response IT - Windows Agent 🟢

Tests path	Jenkins Results	Notes
test_active_response/	🟢 🟢 🟢

[jmv74211]

🟢 Everything seems to be working properly