From f351100d47ceaa02151158d4045108b0076e490f Mon Sep 17 00:00:00 2001
From: rabbitstack <rabbitstack7@gmail.com>
Date: Mon, 18 Sep 2023 22:18:15 +0200
Subject: [PATCH] Add missing flag/enum parameter values in kcap param
 constructor

---
 pkg/kevent/kparam.go | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/pkg/kevent/kparam.go b/pkg/kevent/kparam.go
index 655427ca1..219b7c0ae 100644
--- a/pkg/kevent/kparam.go
+++ b/pkg/kevent/kparam.go
@@ -137,12 +137,28 @@ func NewKparamFromKcap(name string, typ kparams.Type, value kparams.Value, ktype
 		enum = network.ProtoNames
 	case kparams.RegValueType:
 		enum = key.RegistryValueTypes
+	case kparams.MemAllocType:
+		flags = MemAllocationFlags
+	case kparams.FileViewSectionType:
+		enum = ViewSectionTypes
+	case kparams.DNSOpts:
+		flags = DNSOptsFlags
+	case kparams.DNSRR:
+		enum = DNSRecordTypes
+	case kparams.DNSRcode:
+		enum = DNSResponseCodes
 	case kparams.DesiredAccess:
 		if ktype == ktypes.OpenProcess {
 			flags = PsAccessRightFlags
 		} else {
 			flags = ThreadAccessRightFlags
 		}
+	case kparams.MemProtect:
+		if ktype == ktypes.VirtualAlloc || ktype == ktypes.VirtualFree {
+			flags = MemProtectionFlags
+		} else {
+			flags = ViewProtectionFlags
+		}
 	}
 	return &Kparam{Name: name, Type: typ, Value: value, Enum: enum, Flags: flags}
 }