Question SoftICE to investigate handle leak in winlogon.exe

Hi,

I am tryingg to debug winlogon.exe by SoftICE to investigate handle leak
problem.

  1. When I type “!handle 0 3 token” SoftICE with kdxtx86.sys extention,
    I cannot filter the type of handle, so that all handle is listed…
    I want to list an only handle for token.

    2. When I convert ntsdexts.dll to ntsdexts.SYS by using kd2sys, I got the
    following error.
    Do you know anything good solution to convert?

    - - - - - -
    Copying C:\Program Files\Debugging Tools for Windows\w2kfre\ntsdexts.dll to
    C:\WINNT\SYSTEM32\DRIVERS\ntsdexts.SYS
    The following imports are missing for MSVCRT.dll
    mbstowcs
    The following imports are missing for ntdll.dll
    NtQueryInformationToken
    NtOpenThreadToken
    RtlNtStatusToDosError
    NtOpenProcessToken
    NtQueryIoCompletion
    NtQueryKey
    NtQuerySection
    NtQueryMutant
    NtQuerySemaphore
    NtQueryEvent
    RtlCreateUnicodeStringFromAsciiz
    NtDuplicateObject
    NtQueryObject
    NtClose
    RtlFreeHeap
    RtlAllocateHeap
    NtQueryInformationAtom
    NtQuerySystemInformation
    NtQueryInformationProcess
    NtQueryInformationThread
    NtQueryTimer
    The following imports are missing for KERNEL32.dll
    FormatMessageA
    lstrcmpA
    ExpandEnvironmentStringsA
    LoadLibraryA
    GetModuleHandleA
    ReadProcessMemory
    GetVersionExA
    WriteProcessMemory
    lstrcmpiA
    FileTimeToSystemTime
    FileTimeToLocalFileTime
    GetProcAddress
    DuplicateHandle
    GetSystemTimeAsFileTime
    GetCurrentProcess
    lstrlenA
    VirtualQueryEx
    The following imports are missing for ADVAPI32.dll
    RegQueryValueExA
    RegCloseKey
    RegOpenKeyExA
    LookupAccountSidW
    RegEnumKeyExA
    RegEnumValueA
    RegQueryInfoKeyA

    Some imports required by this extension are not
    available from NTICE at this time.

    Deleting output file C:\WINNT\SYSTEM32\DRIVERS\ntsdexts.SYS

    Thanks,

    Kimi