[Openvortex-dev] auhook - admaud30.sys logger

[Jeff Muizelaar]

Alright here is the first draft. Not pretty but should be usable.

Updates will come later.

The format is something like this:

[type]:[register],[value or return]

types:
Wl - WRITE_REGISTER_ULONG
Ws - WRITE_REGISTER_USHORT
Wc - WRITE_REGISTER_UCHAR

Rl - READ_REGISTER_ULONG
Rs - READ_REGISTER_USHORT
Rc - READ_REGISTER_UCHAR

This will only work on the admaud30.sys matching the one from vortexofsound.
md5: 19c2658f202c1c4297b9e0ddbbae5f0f

You will also need the utilities from
http://www.orgon.com/w2k_internals/w2k_internals.zip

To use: (running as administrator of course)

1. extract the w2k_internals.zip into the bin directory of auhook

2. load auhook.sys by using w2k_load.exe

$ w2k_load auhook.sys

3. run to w2k_sym.exe to find out where the drivers (admaud30.sys &
auhook.sys) are loaded

$ w2k_sym /d

this will give you a list of addresses. On my machine, for example, I
get admaud30.sys = 0xbec6b000 and auhook.sys = 0xed5e0000.

4. run chmod_mem.exe to make \Device\PhysicalMemory writable

$ chmod_mem /current

5. run w2kauhook.exe with the addresses of admaud30.sys and auhook.sys

$ w2kauhook 0xbec6b000 0xed5e0000

6. Use the sound card in some way.

7. Either watch the logs flow or enjoy the fact that you just crashed
the kernel and wait for your system to come back up.

-Jeff

auhook.zip
Description: Zip archive