Hi,
I am tryingg to debug winlogon.exe by SoftICE to investigate handle leak
problem.
- When I type “!handle 0 3 token” SoftICE with kdxtx86.sys extention,
I cannot filter the type of handle, so that all handle is listed…
I want to list an only handle for token.
2. When I convert ntsdexts.dll to ntsdexts.SYS by using kd2sys, I got the
following error.
Do you know anything good solution to convert?
- - - - - -
Copying C:\Program Files\Debugging Tools for Windows\w2kfre\ntsdexts.dll to
C:\WINNT\SYSTEM32\DRIVERS\ntsdexts.SYS
The following imports are missing for MSVCRT.dll
mbstowcs
The following imports are missing for ntdll.dll
NtQueryInformationToken
NtOpenThreadToken
RtlNtStatusToDosError
NtOpenProcessToken
NtQueryIoCompletion
NtQueryKey
NtQuerySection
NtQueryMutant
NtQuerySemaphore
NtQueryEvent
RtlCreateUnicodeStringFromAsciiz
NtDuplicateObject
NtQueryObject
NtClose
RtlFreeHeap
RtlAllocateHeap
NtQueryInformationAtom
NtQuerySystemInformation
NtQueryInformationProcess
NtQueryInformationThread
NtQueryTimer
The following imports are missing for KERNEL32.dll
FormatMessageA
lstrcmpA
ExpandEnvironmentStringsA
LoadLibraryA
GetModuleHandleA
ReadProcessMemory
GetVersionExA
WriteProcessMemory
lstrcmpiA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetProcAddress
DuplicateHandle
GetSystemTimeAsFileTime
GetCurrentProcess
lstrlenA
VirtualQueryEx
The following imports are missing for ADVAPI32.dll
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
LookupAccountSidW
RegEnumKeyExA
RegEnumValueA
RegQueryInfoKeyA
Some imports required by this extension are not
available from NTICE at this time.
Deleting output file C:\WINNT\SYSTEM32\DRIVERS\ntsdexts.SYS
Thanks,
Kimi