From b2f7b9cef7ddd32ac658e00f8b9faf5a05238838 Mon Sep 17 00:00:00 2001
From: Still Hsu <dev@stillu.cc>
Date: Sat, 29 Nov 2025 10:03:48 +0800
Subject: [PATCH 1/2] Move CreateEvent to optional

Signed-off-by: Still Hsu <dev@stillu.cc>
---
 .../socket/tcp/create-tcp-socket-via-raw-afd-driver.yml         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/communication/socket/tcp/create-tcp-socket-via-raw-afd-driver.yml b/communication/socket/tcp/create-tcp-socket-via-raw-afd-driver.yml
index 61677ad62..0f11e3c0f 100644
--- a/communication/socket/tcp/create-tcp-socket-via-raw-afd-driver.yml
+++ b/communication/socket/tcp/create-tcp-socket-via-raw-afd-driver.yml
@@ -20,7 +20,6 @@ rule:
       # wanted, but the routine is resolved via GetProcAddress into a global
       # - api: ntdll.NtCreateFile
 
-      - api: kernel32.CreateEvent
       - string: "\\Device\\Afd\\Endpoint"
       - or:
         - description: a hardcoded byte array that provides the socket details to the AFD driver via "extended attributes".
@@ -77,6 +76,7 @@ rule:
       - optional:
         - api: NtCreateFile
         - api: NtDeviceIoControlFile
+        - api: kernel32.CreateEvent 
         - api: kernel32.WaitForSingleObject
         - number: 0x12003 = IOCTL_AFD_BIND
         - number: 0x12007 = IOCTL_AFD_CONNECT

From acafe3704647c0a0bdee074efeeabb532d923091 Mon Sep 17 00:00:00 2001
From: Still Hsu <dev@stillu.cc>
Date: Wed, 3 Dec 2025 10:54:08 +0800
Subject: [PATCH 2/2] Fix linting

Signed-off-by: Still Hsu <dev@stillu.cc>
---
 .../socket/tcp/create-tcp-socket-via-raw-afd-driver.yml         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/communication/socket/tcp/create-tcp-socket-via-raw-afd-driver.yml b/communication/socket/tcp/create-tcp-socket-via-raw-afd-driver.yml
index 0f11e3c0f..e85f24d8d 100644
--- a/communication/socket/tcp/create-tcp-socket-via-raw-afd-driver.yml
+++ b/communication/socket/tcp/create-tcp-socket-via-raw-afd-driver.yml
@@ -76,7 +76,7 @@ rule:
       - optional:
         - api: NtCreateFile
         - api: NtDeviceIoControlFile
-        - api: kernel32.CreateEvent 
+        - api: kernel32.CreateEvent
         - api: kernel32.WaitForSingleObject
         - number: 0x12003 = IOCTL_AFD_BIND
         - number: 0x12007 = IOCTL_AFD_CONNECT