WriteProcessMemory API Monitor is a Windows OS utility designed solely to monitor processes in the system that write to other process’ virtual address spaces. Malware often uses such techniques in order to write payload stubs to a foreign process to hook an API, load a malware DLL etc. ntdll!NtWriteVirtualMemory is hooked in order to achieve the desired logging functionality in usermode.
WriteProcessMemory API Monitor displays the caller process and target process filenames as well as their respective process identifiers are shown along with the size of the buffer written to the process and the actual contents represented in hexadecimal of the buffer. The location of the written memory is also listed in hex for run-time reverse engineering convenience.
WriteProcessMemory API Monitor can easily be integrated into malware or rootkit test environments to help the security researcher reverse analyze a piece of malware alongside other powerful tools.
Exclude System processes
Save logs to file on close
Very user-friendly GUI
Operating System: Windows All | 32-bit ONLY
Last Update: 01.11.2011