At MIX ‘08, I met up with a Microsoft Windows Shell/User MVP who also spends time writing articles for popular magazines in Germany, such as ComputerBILD and PC Pr@xis. After introducing myself and touching on what I do, Sandro Villinger informed me he had just recently mentioned this site in the April issue of PC Pra@xis! The article was entitled "Den Windows-PC zum Mac machen", which loosely translated reads Converting a Windows PC to [appear like] a Mac.

If anyone locates mention of the site elsewhere in print (or otherwise), please let me know! Thanks goes to Sandro for tolerating my repeated requests for scans.

I’ve been receiving emails asking about the SoundMax® drivers for the Windows Vista platforms. From a consumer standpoint, I understand fixed driver availability has been extremely confusing so I’m going to try and clear up some things, in a never-before tried FAQ-like format.

Has the handle leaking problem been resolved?
Yes. This problem was fixed back around May 7th.

Ok, where are the drivers then?
Whoa there hotshot. There’s a process in place for driver packaging and distribution that you must understand. For a SoundMax driver package to be put together, collaboration between several companies must occur.

Analog Devices is responsible for the actual ADI1988A/ADI1988B silicon mini-brain implanted on your motherboard and the driver that lets you actually use it.

Sonic Focus is responsible for all the sophisticated audio processing software and handle leakage.

All parties involved, before anything can be released, must put all the components through extensive WHQL audio fidelity testing. This testing isn’t done by Microsoft. It’s too time consuming and can frankly be a huge pain in the ass when Microsoft’s Rube Goldberg-inspired test kit falls apart. In this case, the testing is done by Analog Devices and Sonic Focus. Upon completion, a neat little report of the results is generated and sent to the Microsoft WHQL team that turns around and generates digital certificates orders a sheet of "WHQL Certified" stickers for each company.

Upon receipt of the digital certificates stickers, everything is put into a Blendtec™ blender and presto! A SoundMax driver package.

This package is then sent to the various motherboard manufacturers to sit on for about six months before posting on their FTPs/websites. In the event that this is deemed unacceptable, especially if the new driver package resolves issues reported by consumers, Sonic Focus will post the newer package on their support page.

ASUS just posted a new driver package… does it include the handle leakage fix?
No. The new drivers they posted, in a package labeled ‘SoundMAXAudio_V610X6480_Vista.zip’, still have the affected component that leaks handles.

How do I know if my drivers have this leaking issue — the easy way, please?
Check the version of your SFFXSAPO.dll (32-bit) or SFSAPO64.dll (64-bit) file, located in the \System32 directory. All versions below 1.0.0.41 are affected. Sorry.

What about this "new" package I downloaded from Sonic Focus’ support page?
You mean the package that doesn’t exist on their support page (anymore)? Due to a last-minute unrelated (to the handle leak) issue found during testing, the package was removed. If you downloaded this package, I’d suggest reverting back to the leaky drivers, simply because I don’t know what’s wrong with that package.

Ok wise guy, when will I get a stable set of drivers then?
Dates can change. That said, expect a set of basic drivers (or more news) hopefully by the end of next week. The more advanced driver set (i.e. the BlackHawk product) may take longer, so I wouldn’t be surprised if we don’t see those until early June.

Do I really have to wait that long?
Actually, no. Sonic Focus will put out a neat little tool that’ll update the affected component shortly. This should hold us all over until the slipstreamed driver package is released.

Just received an email regarding the highly anticipated and late Windows Home Server Power Pack 1. Snippet from email:

The Windows Home Server team is pleased to announce details of the public beta of Windows Home Server Power Pack 1. This public beta will include the fix for the data corruption bug described in Knowledge Base article #946676 as well as a host of other bug fixes and new capabilities.  The Power Pack 1 download is planned to be available in early June and Beta participants are encouraged to sign up and begin preparing now.

Although the corrupting-data bug fix is nice, I’m primarily focused on the availability of the x64 client that MVPs have been testing with in their little secret circles for ages now… (if I find any bugs in the connector software, I’m going to choke the closest MVP)

If you aren’t signed up for the beta, head over to Connect, register, and locate the Windows Home Server beta program and apply. Given the beta is public, you should be automatically accepted.

Some of you may know TGTSoft, a company that sells a glorified uxtheme.dll patcher for $20 a pop. Does anyone still use their StyleXP software? I noticed today their storefront SSL certificate has expired.

So we have…

• … a lack of software updates since Windows XP SP2 (read: StyleXP doesn’t work on Windows XP SP3)
• … a lack of any new content
• … and an expired SSL certificate

It’s official. This company is deader than a doughnut.

TIP: If you’d like to skip the technical lead up to the conclusion, skip to the last two paragraphs of this post.

While poking around my system, attempting to discover a reason for my long-standing NVIDIA GPU issues (surprised?), I went into panic mode when I discovered the audiodg.exe process having over a million handles open. As the process was a Microsoft-owned process, I thought nothing more of it and restarted the Windows Audio Endpoint Builder service. Problem solved.

… or not. The problem resurfaced when I fired Pandora back up. Counting thousands, it appeared the process was opening approximately twenty handles every second. To what though?

I fired up Process Explorer, reconfigured to show the handles column and clicked on the audiodg.exe process. Process Explorer dumped a huge listing of registry handles, in the bottom pane, that were left open.

I wasn’t convinced Microsoft had missed such a bug so I did some research on the audiodg.exe process. Of course Larry Osterman had an entire post on the matter, which is always nice. Of particular note were the following sentences:

There are two reasons it [audiodg.exe] runs outside of the windows audio service. The first is that there’s 3rd party code that gets loaded into audiodg.exe. Audio hardware vendors have the ability to install custom DSPs (called Audio Processing Objects or APOs) into the audio pipeline… The second reason for using a separate process for the audio engine is DRM.

Ah ha, so I really couldn’t blame audiodg.exe for opening the handles. I needed to see exactly who was responsible for opening these handles…

I stopped the Windows Audio and Windows Audio Endpoint Builder services and fired up Application Verifier and configured it to keep track of audiodg.exe’s handle usage.

After turning down my speakers, I opened WinDbg and invasively attached to the audiodg.exe process. To view the extra information that Application Verifier helped me collect, I issued the !htrace command with one of the handle values I wrote down earlier as a parameter.

Aside from the handle and thread information at top, I was given a stack dump of the functions called resulting in the open handle. Reading from bottom up, I came across a third-party module named SFSAPO64. A quick search on my system resulted in a library within the System32 folder owned by Sonic Focus, Inc., and a quick Google search verified the library was part of my SoundMax driver set.

The driver component appeared to be quite dated so I went to the ASUS support site in an attempt to download newer drivers. After stumbling around for a nice chunk of time, thanks to the pathetically slow server and cumbersome interface, I verified I was using the latest drivers (for this board/chipset combo). Damn.

Before I could jump up and down and claim I found a bug, I had to be sure. I fired up IDA Pro and drilled down into the area WinDbg pointed me to. I found this particularly interesting snippet of assembly (comments in green):

call    cs:RegGetValueW
test    eax, eax
mov     ebx, eax
jnz     short loc_40CAF4 ;// close key and return
mov     eax, [rdi+9FCh]
cmp     [rsp+1B8h+var_174], eax
jnz     short loc_40CAA9 ;// continue and get ParamData value
lea     eax, [rbx+2]
jmp     short loc_40CB01 ;// jump to end of function and return

Very roughly translated, the code probably looked something like this, before compilation (and optimization):

if(RegOpenKey(…) == ERROR_SUCCESS)
{
  if(RegGetValue(…,"ParamDataTime", pcbData) == ERROR_SUCCESS)
  {
    if(pcbData != g_someVariable)
    {
      if(RegGetValue(…,"ParamData", pcbData) == ERROR_SUCCESS)
      {
        /* do something neat */
        RegCloseKey(…);
      }
      else
      {
        RegCloseKey(…);
      }
    }
  }
  else
  {
    RegCloseKey(…);
  }
}

Upon analysis, I verified that if the conditional pcbData != g_someVariable was false, which it was most of the time, the function immediately returned, not calling RegCloseKey(). Oops.

Having confirmed the bug, I then did some research to determine the severity of the issue. Due to how handles are tracked, each process is allowed to open approximately 16 million handles. Handles are derived from a special pool of memory called the paged pool, which is basically a bunch of reserved memory that can be paged out to disk, if free memory is needed for other tasks. In the past, with a similar handle leak, you probably would have exhausted your paged pool (and filled up your page file) before hitting the ~16 million handle limit. Today, however, memory is cheap and abundant therefore hitting that limitation is very feasible.

Assuming I left the system running and playing audio for weeks and reached the open handle limit, the worst case scenario would’ve probably been crashing of the Windows Audio services, muting my sound output, causing me to restart them.

I contacted both Analog Devices Inc. (ADI) and Sonic Focus to alert them of the problem. Two days later (today), I spoke to a Sonic Focus representative confirming the issue and informing me the driver component was already fixed, already in WHQL testing, and that a set of fixed drivers should be available this week. Impressive. Keep an eye on Sonic Focus’ support page for the updated drivers!

NOTE: For non-Blackhawk users, like me, we have to wait a tad longer for Analog Devices Inc., to create a SoundMax bundle specific to our motherboards. I’ll share more information on availability when I receive it.

Until newer drivers are made available, you can do one of two things:

1. Keep an eye on the leak, restart the audio services if need be, or…
2. Disable audio enhancements via the Sound control panel applet (it’s a little checkbox under Signal Enhancements in the Speakers Properties window, Advanced tab).