From Collaborative RCE Tool Library

Jump to: navigation, search

API Monitoring Tools


Tool name: Rohitab API Monitor
Rating: 5.0 (1 vote)
Author: Rohitab Batra                        
Website: http://www.rohitab.com/apimonitor
Current version: v2 (Alpha-r13)
Last updated: March 14, 2013
Direct D/L link: http://www.rohitab.com/downloads
License type: Freeware
Description: API Monitor is a free software that lets you monitor and control API calls made by applications and services. Its a powerful tool for seeing how applications and services work or for tracking down problems that you have in your own applications.

* Supports monitoring of 32-bit and 64-bit applications and services
* API Definitions for over 15,000 API’s from 200 DLL’s and over 17,000 methods from 1,800+ COM Interfaces (Shell, Web Browser, DirectShow, DirectSound, DirectX, Direct2D, DirectWrite, Windows Imaging Component, Debugger Engine, MAPI etc)
* Decode and display 2000 different structures and unions, 1000+ Enumerated data types, 800+ flags. Buffers and arrays within structures can also be viewed
* Display input and output buffers
* Call Tree display which shows the hierarchy of API calls
* Decode Parameters and Return Values
* Control the target application by setting breakpoints on API calls
* Instant monitoring of any API from any DLL without requiring any definitions
* Memory Editor that lets you view, edit and allocate memory in any process
* Dynamic Call Filtering capabilities which allows you to hide or show API calls based on a certain criteria
* Supports monitoring of COM Interfaces
* Decode error codes and display friendly messages by calling an appropriate error function to retrieve additional information about the error
* Capture and view the call stack for each API call
* Custom DLL Monitoring - Supports creating definitions for any DLL or COM Interface
* Support for filtering calls by threads
* Displays the duration for each API call
* Process detection and notification
Also listed in: COM Monitoring Tools, File Monitoring Tools, Memory Dumpers, Memory Patchers, Monitoring Tools, Network Monitoring Tools, Registry Monitoring Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: WinApiOverride
Rating: 5.0 (3 votes)
Author: Jacquelin POTIER                        
Website: http://jacquelin.potier.free.fr/winapioverride32/
Current version: 6.4.1
Last updated: April 14, 2014
Direct D/L link: http://jacquelin.potier.free.fr/exe/winapioverride32_bin.zip
License type: Free / Open Source (GPL v2)
Description: WinAPIOverride is an advanced api monitoring software for 32 and 64 bits processes.
You can monitor and/or override any function of a process.
This can be done for API functions or executable internal functions.

It tries to fill the gap between classical API monitoring softwares and debuggers.
It can break targeted application before or after a function call, allowing memory or registers changes; and it can directly call functions of the targeted application.
Main differences between other API monitoring softwares :
- You can define filters on parameters or function result
- You can define filters on dll to discard calls from windows system dll
- You can hook functions inside the target process not only API
- You can hook asm functions with parameters passed through registers
- You can hook hardware and software exceptions
- Double and float results are logged
- You can easily override any API or any process internal function
- You can break process before or/and after function call to change memory or registers
- You can call functions which are inside the remote processes
- Can hook COM OLE and ActiveX interfaces
- User types (enum, struct and union) and user defines are supported
- All is is done like modules : you can log or override independently for any function
- A library is provided for developers who intend to build their one hooking software
Also listed in: .NET Tracers, COM Monitoring Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: DynLogger
Rating: 4.0 (1 vote)
Author: Daniel Pistelli                        
Website: http://ntcore.com/dynlogger.php
Current version: 1.1.0.1
Last updated: April 14, 2008
Direct D/L link: http://ntcore.com/Files/DynLogger_x86.zip
License type: Free
Description: DynLogger logs all dynamically retrieved functions by reporting the module name and the requested function. It can come very handy when one wants to know a "hidden" function used by an application. It also logs the loaded modules.

Download the x64 version of DynLogger only if the process is not an x86 process. In all other cases download the x86 version.

I recycled the code of a bigger project to write this little application. It's a very small utility, but it might be of use after all. It was tested on XP and Vista, both x86 and x64. It works for .NET application as well. Just start the logging process, the log will be saved after you quit the monitored application.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: PIX with callstack patch
Rating: 4.0 (1 vote)
Author: arc_                        
Website: http://www.woodmann.com/forum/showthread.php?t=12696
Current version:
Last updated: May 1, 2012
Direct D/L link: Locally archived copy
License type: Free
Description: MSDN describes the DirectX tool "PIX" as follows (at http://msdn.microsoft.com/en-us/library/bb173085(VS.85).aspx):
"PIX is a debugging and analysis tool that captures detailed information from a Direct3D application as it executes. PIX can be configured to gather data, such as the list of Direct3D APIs called, timing information, mesh vertices before and after transformations, screenshots, and select statistics. PIX can also be used for debugging vertex and pixel shaders, including setting breakpoints and stepping through shader code."

Thus, a highly useful tool right from the MS DirectX SDK for e.g. finding the cause of a rendering problem: for any captured frame, you can click through the executed DX API functions and see how the frame is being built up, eventually finding out what part is to blame.

But what about reversing a closed source application's renderer? PIX does not store a call stack; it merely logs *what* DX functions are called, but not from *where*. Therefore it is not very useful for reversing by default.

I didn't want to let such a great tool go to waste. After some reversing work I ended up patching PIX to log and show (part of) the call stack for each DirectX call that the target program makes. Each call stack entry has both the virtual address and the module name.

Example usage of the resulting modified tool is finding out about and messing with a game's renderer, or more simply locating the HUD rendering code and quickly finding the data that it represents (e.g. health, money) rather than having to resort to memory scanning.
Also listed in: DirectX Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: SysAnalyzer
Rating: 4.0 (2 votes)
Author: David Zimmer (iDefense Labs)                        
Website: http://sandsprite.com/blogs/index.php?uid=7&pid=185
Current version:
Last updated: March 21, 2011
Direct D/L link: http://sandsprite.com/CodeStuff/SysAnalyzer_Setup.exe
License type: GPL2
Description: Update: This tool is no longer available for download through the iDefense website. An updated installer has been made available by the author.

SysAnalyzer is an automated malcode run time analysis application that monitors various aspects of system and process states. SysAnalyzer was designed to enable analysts to quickly build a comprehensive report as to the actions a binary takes on a system. SysAnalyzer can automatically monitor and compare:

* Running Processes
* Open Ports
* Loaded Drivers
* Injected Libraries
* Key Registry Changes
* APIs called by a target process
* File Modifications
* HTTP, IRC, and DNS traffic

SysAnalyzer also comes with a ProcessAnalyzer tool which can perform the following tasks:

* Create a memory dump of target process
* parse memory dump for strings
* parse strings output for exe, reg, and url references
* scan memory dump for known exploit signatures

Full GPL source for SysAnalyzer is included in the installation package.
Also listed in: Disk Monitoring Tools, File Monitoring Tools, Install Monitoring Tools, Memory Dumpers, Network Monitoring Tools, Registry Monitoring Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Auto Debug
Rating: 3.5 (2 votes)
Author:                         
Website: http://www.autodebug.com
Current version: 4.3
Last updated: 2007
Direct D/L link: N/A
License type: Shareware
Description: Auto Debug software is an API monitor tool which can automatic trace all APIs and ActiveX interface to input and output parameters. After setting the API which you want to monitor easily, this application will auto trace the target program and monitor the function of inputting and outputting calling. It analysises PDB files automatic while monitoring any DLL and ActiveX interface.

Different from others apispy or API monitor tools, Auto Debug software doesn't need the user to develop any DLL or hook DLL. It's easy to use --- Only setting the APIs which we want to monitor with ON, once the target application running and calling these APIs, it will monitor their parameters of inputting and outputting automaticly! Don't need to develop any DLL, once installing the software, we can start to monitor APIs NOW!

If we have the API prototype(often from the .h file), we can build the PDB file without origin source easily. For example, we can found a sample for generating comdlg32.dll PDB file at ($InstallPath\PDBsample). --- (need Professional Version, it also generates over 30 windows system DLL's PDB files in the Professional Version).

News: Auto Debug for Windows x64 version is available.

Features

It doesn't need to rebuild the source code while monitoring inputting parameters and outputting results of the traced APIs in the target program automaticly, only monitoring the input and output of APIs.

* Source Code level monitor.(new in Professional V4.1).
* Automatic analysis parameter type with PDB files.(new in V4.0). Support for Visual Studio 2005, Visual Studio .NET 2003 and Visual C++ 6.0.
* Very easy to generate PDB files without source code if you know the api prototype.(new in Professional V4.0).
* Tracing your application with release version.
* The best API monitor tool.
* Tracing Release version with mapfile.
* Supporting Debug version and Release version, not need source code.
* Supporting tracing COM Interface.
* Supporting multithread.
* Not need to know the prototype of the functions.
* Not only trace for exported APIs, but also be effect for undocumented APIs.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Detours
Rating: 3.5 (2 votes)
Author: Microsoft                        
Website: http://research.microsoft.com/sn/detours
Current version: 2.1.216
Last updated: November 10, 2008
Direct D/L link: http://ftp.research.microsoft.com/downloads/d36340fb-4d3c-4ddd-bf5b-1db25d03713d/DetoursExpress.msi
License type: Free
Description: Innovative systems research hinges on the ability to easily instrument and extend existing operating system and application functionality. With access to appropriate source code, it is often trivial to insert new instrumentation or extensions by rebuilding the OS or application. However, in today's world systems researchers seldom have access to all relevant source code.

Detours is a library for instrumenting arbitrary Win32 functions on x86, x64, and IA64 machines. Detours intercepts Win32 functions by re-writing the in-memory code for target functions. The Detours package also contains utilities to attach arbitrary DLLs and data segments (called payloads) to any Win32 binary.

Detours preserves the un-instrumented target function (callable through a trampoline) as a subroutine for use by the instrumentation. Our trampoline design enables a large class of innovative extensions to existing binary software.

We have used Detours to create an automatic distributed partitioning system, to instrument and analyze the DCOM protocol stack, and to create a thunking layer for a COM-based OS API. Detours is used widely within Microsoft and within the industry.

Detours 2.1 is now available. Detours 2.1 includes the following new features:

* Complete documentation of the Detours API.
* Transactional model for attaching and detaching detours.
* Support for updating peer threads when attaching or detaching detours.
* Unification of dynamic and static detours into a single API.
* Support for detection of detoured processes.
* Significant robustness improvements in APIs that start a process with a DLL containing detour functions.
* New APIs to copy payloads into target processes.
* Support for 64-bit code on x64 and IA64 processors (available in Professional edition only).
* Supports building detours with Visual Studio 2005, Visual Studio .NET 2003, Visual Studio .NET (VC8), and Visual Studio (VC7).
Also listed in: Code Injection Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: oSpy
Rating: 3.5 (2 votes)
Author: Ole Andre Vadla Ravnaas                        
Website: http://code.google.com/p/ospy
Current version: 1.9.8
Last updated: July 18, 2009
Direct D/L link: http://ospy.googlecode.com/files/oSpy-1.9.8.zip
License type: Free / Open Source
Description: oSpy is a tool which aids in reverse-engineering software running on the Windows platform. With the amount of proprietary systems that exist today (synchronization protocols, instant messaging, etc.), the amount of work required to keep up when developing interoperable solutions will quickly become a big burden when limited to traditional techniques.

However, when the sniffing is done on the API level it allows a much more fine-grained view of what's going on. Seeing return-addresses for each recv/send call (for example), can prove useful when you want to look at the processing code at that spot in a debugger or static analysis tool. And if an application uses encrypted communication it's easy to intercept these calls as well. oSpy already intercepts one such API, and is the API used by MSN Messenger, Google Talk, etc. for encrypting/decrypting HTTPS data.

Another neat feature is when wanting to see how an application behaves when in a firewalled environment. Normally you would have to simulate such an environment by configuring firewalls etc., which not only is time-consuming, but might also cripple the rest of the applications you've got running. oSpy solves this problem by a feature called softwalling which allows you to set rules based on the type of function-call, the return-address, local/remote address/port, etc., and lets you choose which error to signal back to the application when the rule matches. This way you can make the application think that for example a connect() timed out, connection was refused, there was no route to host, etc.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: APIScan
Rating: 0.0 (0 votes)
Author: Sirmabus                        
Website: http://www.openrce.org/forums/posts/456
Current version: 2.2
Last updated: April 28, 2007
Direct D/L link: Locally archived copy
License type: Free
Description: APIScan is a simple tool to gather a list of APIs that a target process uses.

You can use this list in an initial analysis to help determine a target's
general operating nature. Also can be used to help determine patch/update changes by doing a WinDiff on a "before" and "after" dump.

There are similar tools, often more robust (like "Dependency Walker"), but
most of these just parse the target IAT ("Import Address Table") alone.
APIScan catches dynamically/delayed loaded modules too; and dumps them as a simple list.
============================================================

Example dump for a module:
Code:

Library Flags Function
====================================
-- COMCTL32.DLL
[I...] ImageList_Add
[I...] ImageList_Create
[I...] ImageList_Destroy
[I.O.] InitCommonControls
[.D..] InitCommonControlsEx
[.D.F] ImNotHere
...
...

Explanation:
APIScan saw that "COMCTL32.DLL" is loaded both as an import via the IAT, plus it caught it being loaded dynamically for "InitCommonControlsEx".
That's the 'D' flag in "[.D.F] InitCommonControlsEx". The 'F' in "[.D.F] ImNotHere" means that that the application failed in one or more attempt to dynamically load (from the 'D') "ImNotHere", since this export doesn't exist in "COMCTL32.DLL". In "[I.O.] InitCommonControls", the 'I' tells us this API is in the IAT, and the 'O' tells us it was by "ordinal".
Note, you can have both 'I' and 'D' flags since an application (as well as 'O', and 'F', if there is a 'D') can have it both in it's IAT and loaded it dynamicly (with "GetProcAddress()").

Changes:
--------
2.2: Got rid of the index numbers around the DLL and API dumps, that made WinDiff'ing a mess.


TODO:
1. Add intra-module support.
API scan could parse the IATs of modules/DLLs and optionally filter out GetProcAddress() calls made within modules for better focus.
2. Optional real time output to DBGVIEW.
Also listed in: Dependency Analyzer Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: BoundsChecker
Rating: 0.0 (0 votes)
Author: Compuware                        
Website: http://www.compuware.com/products/devpartner/visualc.htm
Current version:
Last updated:
Direct D/L link: N/A
License type: Commercial
Description: Among many things, BoundsChecker is actually a pretty decent API monitor/logger.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Echo Mirage
Rating: 0.0 (0 votes)
Author: Dave Armstrong <dave@wildcroftsecurity.com>                        
Website: http://www.wildcroftsecurity.com/echo-mirage
Current version: 3.1
Last updated: March 5, 2013
Direct D/L link: Locally archived copy
License type: Freeware
Description: Echo Mirage is a generic network proxy. It uses DLL injection and function hooking techniques to redirect network related function calls so that data transmitted and received by local applications can be observed and modified.

Windows encryption and OpenSSL functions are also hooked so that plain text of data being sent and received over an encrypted session is also available.

Traffic can be intercepted in real-time, or manipulated with regular expressions and action scripts.
Also listed in: Network Monitoring Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Export Log
Rating: 0.0 (0 votes)
Author: deroko                        
Website: http://deroko.phearless.org
Current version: 1.0
Last updated: September 15, 2008
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Program for runtime logging of used/imported external functions (i.e. in other DLLs) in target modules/processes.
Also listed in: Dependency Analyzer Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: FastSystemCallHook
Rating: 0.0 (0 votes)
Author: Darawk                        
Website: N/A
Current version:
Last updated: April 5, 2008
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: A snippet of code which is a KiFastSystemCall hook I wrote that hooks all user-mode APIs by replacing the SYSENTER MSR. It works also on multi-processor systems and should be easy to extend into a fully functional library if you want to.
Also listed in: Code Injection Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: generic tracer
Rating: 0.0 (0 votes)
Author: Dennis Yurichev                        
Website: http://conus.info/gt
Current version: 0.1
Last updated: May 24, 2009
Direct D/L link: http://conus.info/gt/gt01.zip
License type: Free
Description: generic tracer - extremely simple win32 tracer

* Main features:

1) Setting breakpoint at any function, monitoring its arguments and return value.
2) Monitoring global variables access.

In a way, it is a kind strace utility.

Significant differences vs strace are:

1) gt is Win32 only.
2) Breakpoints not just system calls, but any function.
3) Only 4 breakpoints, because of x86 architecture limitation.
4) Usage of Oracle .SYM files: ORACLE_HOME should be defined in environment.
Also listed in: Monitoring Tools, Tracers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: KaKeeware Application Monitor (KAM)
Rating: 0.0 (0 votes)
Author: KaKeeware                        
Website: http://www.kakeeware.com/i_kam.php
Current version: 1.32
Last updated: May 24, 2007
Direct D/L link: http://www.kakeeware.com/download.php?f=kam.exe
License type: Freeware
Description: KaKeeware Application Monitor is a very small API monitor that allows the user to monitor the APIs called by the given application. KAM supports 5577 different APIs as for now.

KAM works as an API spy that may help the developers and localization engineers to find the bugs in the release versions of the software. It can be also used by malware analysts to check which APIs are used by the sample they analyse.
The executable file is packed with Upack.
Since v1.04, KAM can rerieve object names (filenames, registry keys) and shows them on UI instead of handles, making the listing more readable. 1.10 shows more information about monitored APIs. 1.20 added groups to APIs window and added support for command line for monitored program. 1.21 hopefully fixes the problem with some XP versions. 1.30 introduces a lot of new APIs (now it's over 5000!). 1.31 finally conquers Vista. 1.32 adds some APIs (as per request :).

Please be aware that some AV programs may flag kam.exe as malicious. This is a problem known as FP (False Positive). kam.exe is not malicious and it doesn't contain any malicious code.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Malcode Analysis Pack
Rating: 0.0 (0 votes)
Author: David Zimmer (iDefense Labs)                        
Website: http://sandsprite.com/blogs/index.php?uid=7&pid=185
Current version:
Last updated: May 5, 2012
Direct D/L link: http://sandsprite.com/CodeStuff/map_setup.exe
License type: GPL2
Description: Update: This is no longer available through the iDefense website. An updated package has been made available by the author.

The Malcode Analyst Pack contains a series of utilities that were found to be necessary tools while doing rapid malcode analysis.

Included in this package are:

• ShellExt - 5 explorer shell extensions
• socketTool - manual TCP Client for probing functionality.
• MailPot - mail server capture pot
• fakeDNS - spoofs dns responses to controlled ip's
• sniff_hit - HTTP, IRC, and DNS sniffer
• sclog - Shellcode research and analysis application
• IDCDumpFix - aids in quick RE of packed applications
• Shellcode2Exe - embeds multiple shellcode formats in exe husk
• GdiProcs - detect hidden processes
• finddll - scan processes for loaded dll by name
• Virustotal - virus reports for single and bulk hash lookups. Explorer integration
Also listed in: Import Editors, Malware Analysis Tools, Network Sniffers, Network Tools, Process Monitoring Tools, Reverse Engineering Frameworks, TCP Proxy Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: oStudio - Live Tuning
Rating: 0.0 (0 votes)
Author: Objectis                        
Website: http://www.objectis-software.com/product/ostudio-live-tuning-live-debugging-functional-tests/
Current version: 1.3
Last updated: January 17, 2014
Direct D/L link: http://www.objectis-software.com/download-ostudio-2013/
License type: Free
Description: Accelerates the integration, testing and development phase by a factor of 2 to 10, in one easy-to-use application.
oStudio - Live Tuning brings a new development and real time debugging method. It's easy to connect embedded systems, automation and .NET applications to oStudio - Live Tuning, and to interact with them LIVE!

Traditional step by step debugging techniques are now history. A system doesn’t need to be halted to verify and validate its behavior anymore! This method, called live debugging, consists of observing and interacting with a real-time system while it’s still running. oStudio – Live Tuning is a new generation of debugger. It regroups new debugging tools for embedded systems and the machine industry with automated testing.
Also listed in: .NET Debuggers, .NET Tools, .NET Tracers, COM Debugging Tools, COM Monitoring Tools, Debug Output Monitoring Tools, Debuggers, FPGA Tools, Microcontroller Tools, Non-Intrusive Debuggers, Visual Basic Debuggers, Visual Basic Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: scdbg
Rating: 0.0 (0 votes)
Author: David Zimmer                        
Website: http://sandsprite.com/blogs/index.php?uid=7&pid=152
Current version:
Last updated: March 30, 2012
Direct D/L link: http://sandsprite.com/CodeStuff/scdbg.zip
License type: free
Description: scdbg is a shellcode analysis application built around the libemu emulation library. When run it will display to the user all of the Windows API the shellcode attempts to call.

Additions include:
100+ new api hooks, 5 new dlls, interactive debug shell, memory dumping, rebuilt PEB, SEH support, support for file format exploits, support for return address scanners, memory monitor, report mode, dump mode, easily human readable outputs, log after xx capabilities, directory mode, inline analysis of process injection shellcode and more...

Builds are available for Windows (native), Cygwin, and *nix variants.

See tool web page for more details.


**************************
New catagory Request: Shellcode Analysis

While other categories describe functions of this tool, its a really specialized niche field.
Not many people know specialized tools exist for it, a category of its own (probably
within the Malcode Analysis section?) would help people find it. I can think of two other applications to link into this new section. (libemu and sclog) and maybe shellcode_2_exe
***************************
Also listed in: Automated Unpackers, Debuggers, Malware Analysis Tools, Monitoring Tools, Needs New Category
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: SpyStudio
Rating: 0.0 (0 votes)
Author: Nektra                        
Website: http://www.nektra.com/products/spystudio
Current version: 1.0.0b
Last updated: February 2008
Direct D/L link: http://www.nektra.com/products/spystudio/spystudio.exe
License type: Free
Description: SpyStudio is a powerful application that simplifies the code execution interception operations, also called "hooking". Users can now easily monitor and gain control over processes in their systems, to really know what is happening in the Operating System and it's applications.

With SpyStudio you can monitor and intercept API calls at any time, change its parameters, and resume execution.

SpyStudio uses the Deviare API technology to intercept functions' calls, this allows the user to monitor and hook applications in real time.
Deviare is a very complex technology, that can be used through the most simple interfaces.

This useful application provides the ability to break process execution and inspect the function's parameters at any level, and even change its values.

* Hooks any module of any application.

* Understands almost any function's parameters. Every defined data structures and types in windows.h are supported.

* Break on monitor: Break application's code execution, watch and modify function's parameters.

* Integrated Python shell: Now allows to execute Python scripts and handle hooks!

* Some of the modules included on the database are:

Advapi32.dll
Gdi32.dll
Kernel32.dll
Ntdll.dll
User32.dll
Shell32.dll
Wininet.dll
Also listed in: Code Injection Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Win32 API Monitor
Rating: 0.0 (0 votes)
Author: N/A                        
Website: http://www.apimonitor.com
Current version: 1.3.1
Last updated: March 24, 2009
Direct D/L link: http://www.apimonitor.com/download/APIMonitorTrial.exe
License type: Shareware
Description: API Monitor is a software that allows you to spy and display Win32 API calls made by applications. It can trace any exported APIs and display wide range of information, including function name, call sequence, input and output parameters, function return value and more. A useful developer tool for seeing how win32 applications work and learn their tricks.

Main Features
Trace any exported APIs- Including win32 APIs and other 3rd-Party APIs, unnecessary to know the prototype of the functions.
Display wide range of information, including function name, call sequence, input and output parameters, function return value, GetLastError code and more.
Predefine 82 DLLs and nearly 4000 APIs' prototype.
Filter Profiles are a powerful way of storing your favorite monitor settings for use in other sessions. API Monitor preset 27 API Filter Profiler, including Handles and Objects, Dynamic-Link Libraries, Event Log, Pipes and Mailslots, Debugging, Windows Classes, COMM, Application Related, Shell, Dialog Boxes, File System, Services Related, Remote Access Service, Memory Management, Print Related, Windows, Registry, Processes and Threads, File IO, WinInet, Windows Sockets, Multimedia API, Windows GUI, Network Management, WinNT Security, Access Control Functions.
Allow content to be viewed and exported-Log content can be viewed within API Monitor, and exported to another application or saved to a file.
Support debug version and release version with no modifications to the target application.
Support Unicode and ANSI APIs.
Monitor Running Process-Spy APIs in a background or console process that is already running.
Support multithread.
Display API calls originating from ActiveX controls and COM objects instanced by an application.
MS Excel® style data filtering, customize filter criteria against any data item.
Automatic click-sorting against an unlimited number of columns, descending or ascending.
Automatic data grouping - an extremely powerful data viewing and manipulation metaphor.
Automatic runtime column selection - easily customize the columns visible on-screen with intuitive drag and drop.
Instant Online MSDN Help - This feature allows you to view online MSDN context-sensitive help for the currently selected API.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)


RSS feed Feed containing all updates and additions for this category.

RSS feed Feed containing all updates and additions for this category, including sub-categories.




If you find that any information for the tool above is missing, outdated or incorrect, please edit it!
(please also edit it if you think it fits well in some additional category, since this can also be controlled)


Views
Category Navigation Tree
   Code Coverage Tools  (13)
   Code Ripping Tools  (2)
   Helper Tools  (3)
   Hex Editors  (13)
   Memory Patchers  (7)
   Packers  (19)
   Profiler Tools  (11)
   String Finders  (10)
   Tool Hiding Tools  (7)
   Tracers  (20)
   Needs New Category  (3)