Hi,
I am trying to debug winlogon.exe by SoftICE with windbg extension to
investigate handle leak problem.
- When I type “!handle 0 3 token” in SoftICE with kdxtx86.sys
extension,
I cannot filter the type of handle, “token”, so that all handle is listed…
I want to list only token.
2. When I convert ntsdexts.dll or kdx2x86.dll to ntsdexts.SYS or kdx2x86 by
using kd2sys, I got the following error. I can only convert kdxtx86.dll to
kdxtx86.sys…
Do you know anything good solution to convert?
- - - - - -
Copying C:\Program Files\Debugging Tools for Windows\w2kfre\ntsdexts.dll to
C:\WINNT\SYSTEM32\DRIVERS\ntsdexts.SYS
The following imports are missing for MSVCRT.dll
mbstowcs
The following imports are missing for ntdll.dll
NtQueryInformationToken
NtOpenThreadToken
RtlNtStatusToDosError
NtOpenProcessToken
NtQueryIoCompletion
NtQueryKey
NtQuerySection
NtQueryMutant
NtQuerySemaphore
NtQueryEvent
RtlCreateUnicodeStringFromAsciiz
NtDuplicateObject
NtQueryObject
NtClose
RtlFreeHeap
RtlAllocateHeap
NtQueryInformationAtom
NtQuerySystemInformation
NtQueryInformationProcess
NtQueryInformationThread
NtQueryTimer
The following imports are missing for KERNEL32.dll
FormatMessageA
lstrcmpA
ExpandEnvironmentStringsA
LoadLibraryA
GetModuleHandleA
ReadProcessMemory
GetVersionExA
WriteProcessMemory
lstrcmpiA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetProcAddress
DuplicateHandle
GetSystemTimeAsFileTime
GetCurrentProcess
lstrlenA
VirtualQueryEx
The following imports are missing for ADVAPI32.dll
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
LookupAccountSidW
RegEnumKeyExA
RegEnumValueA
RegQueryInfoKeyA
Some imports required by this extension are not
available from NTICE at this time.
Deleting output file C:\WINNT\SYSTEM32\DRIVERS\ntsdexts.SYS
Thanks,
Kimi