Author Topic: APIMON  (Read 2681 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33576
  • malware fighter
« on: December 18, 2009, 09:49:57 PM »
Hi malware fighters,

Downloadable from here:

API Monitor is software that monitors and displays API calls made by applications. For each API called, the program displays the process ID, process name, API called, parameters, return value, status, and the GetLastError code. It also includes an Error Lookup tool and an IOCTL decoder.
New API categories and an API Details view have been added. The API Details view displays the complete parameter list, including the name of the parameter..
This tool came on board of Windows NT and 2000. The MS dll help file that is online and that is searchable will be discontinued from Febr. 10th of 2010.
This is how you worked APIMON in the archaic days of NT4 (Polonus is certified Admin of MS NT4 and the kernel)
From the Start menu, select Run, then apimon.exe.
From the File menu, select Open.
Select the image you want to monitor, and click OK. (I'm using %systemroot%\system32\notepad.exe.)
Two blank windows, DLLs in use and Api Counters, open.
The next task is to start the selected image. Click the green Play arrow (or select Start Monitor from the Tools menu).
The application will start, and the two blank windows will now include DLL and API information.
When the program monitoring is complete and the program is closed, click Stop or select Stop Monitor from the Tools menu.
Stopping the API Monitor program also stops the image that the program had loaded, so make sure you don't lose any work,

Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!