9114/23, 693 PM [API Monitor Spy on API Calls and GOM Interfaces (Freeware 32-bit and 64-bit Versions) | hitab.com rohitab.com feed your bain Search eowen [eso. 4 Const ‘My Résumé 1 Downie + Bonne API Monitor Contents Overview API Monitor isa fee softwar tht ets you moniter and contol AP cals made by applications and services Is a powerfl tool fr seing how applications and services ‘work a for uacking down problems at you have in your ows applications Features + 64-bit Support [API Monitor supports monitoring of 64-bit aplication and services. The bit version cn only be wed to monitor 6-bit applications and the 32-bit version canbe nly be ued to monitor 52-it applications, To monitors S2-b pplicaon on 62-5 Windows, you mst Usethe 32: version. Note thal he Sibi iar for APL Monitor melds bth 64-bit and 32-1 versions. + Summary View with Syntax Highlighting ‘The Summary window displays information abou! the API cll This includes the Thread ID and he name ofthe DLL that ade the API ell, the syntax-highliphed ww rohtab.com/apimantor wn9114723, 633 PM [API Monitor Spy on API Calls and GOM Interfaces (Freeware 32-bit and 64-bit Versions) | hitab.com Sti ot pram eu as I AP man he ah id a Oo extn oi Ea eo ons ‘iqueytey(oceoosnoeeC0%a, teHamebormsion, HULL ee. SEARLS BUFFER TOO. SMALL + 1,000% API Definitions, 1,300 COM Interfaces API Monitor comes with API Definitions fr over 13,000 APT's from almost 200 DLL's and ove 17,000 methods fom 1.300+ COM Interfaces (Shel, Web Browse, DicetShow, DieeSound,DiseetX, DuecOD, DirectWrte, Windows Inaging Component, Debugger Engine, MAPI ete)-API's ae orgaized ino categories and sub eae MSDN an eae eT ei > anes i aan " [a Corre rg Gees ! SCI Meter ennuatie {9 D Mose xcen nastge 1 Doar coneson (5B [losamens se rans 1 (2B Goanesona utes 1B LID sae nt eo = $B Buran 3 Ill tee Deropmet 2 Bren: 2p iwasaund 5 1% Dretsoons08ute © Els reassure 11 wreasanee > D1 resonate 2B raeriotrnere 1 Domwenpsrnse aaa Cl Seen 1 Deustnestnivnie “DB mpi Benoni 1 ¢ cecuertoston EE cera Structures, Unions, Enums and Flags API Monitor ean devode and display 2000 diferent stucturs and unions, 1000+ Enumerated datatypes, 800+ Nag. Buffers and arays within seuctars ean also be viewed ww rohtab.com/apimantor ane914723, 633 PM [API Monitor Spy on API Calls and GOM Interfaces (Freeware 32-bit and 64-bit Versions) | ahitab.com sums 3 @ tbe soxamnoscca cemetonsease ws 20 (wn NUL m8 NHN =0 [ond = DAREERRIDGH, mene = BA STATE, et soe o rox, pete = on ane Pe temas oor wena TSatewneaceeugbisnaid) nn Gotua f= tomeoaes ena tan {Canons au proces acyl) ue |B stoma eos nmeccace | cvasunsne|armitgumscn,htason aco sr lis Semwoa eke Uno tosis -ADVAZ A, WOH) . + Decode Parameters and Retura Valuer ‘Both parameters and yetur values canbe displayed in a se-iendly format, The fit sreenaat below shows the normal view with de parameter values played scx The second sereeshot displays the decoded parameter values. For duShare Mode, APL Monitor displays FILE. SHARE_DBLETE | FILE_SHARE_READ instead snd the sma pane, a Pala Poca a 1 acute Dibeinepdeopint acne Denton een 2 DWoRD o cusnross, . sc one fscuRMAn, — @ ibecumenettes —oorod can Cop cota , 6 39080 2 dofngpnaietees ene 30 | ccna piper 7 eNO Oo memsatere coer oo ETI ince eon am shee ane eal ave Poca a 1 cm o prietine cutee Dibeinepdeopint acne Deaton een 2 DWoRD o cusnross, FES OUETE FESR RAD FL SWE OAT FE SHAE RED wseuamic, Gece: no 6 39080 2 dofngynghetetes EFAS SEQUIM S38 isa Sequemas c0 7 eNO Oo memsatere a a noe eon sun i ue Breakpoints API Monitor lets you contol the target application by setngbreskpoins on APL ells. Breakpoins canbe trggsrd before an APL alle an APL cal, on APL failure orifthe API generates an exception, Pre~all Brealpoint allow you o modify pararcters before they ae passed othe API, oto skip the APL al abd spec ‘thevetum vale and last enor code. Pascal and Erar realpoints allow you to modify parancters, eur Yaluc and st enor code before they are passed ack 10 Ihe caller Exception Brelpoint allow yout calc the excepio to prevet the tape application frome a posible rash. Global Breakpoins ea ls be eggerd on APLerors and exceptions. Full Ao-compltesuppotsevaable foal supported enumerated datatypes and fags. ww rohtab.com/apimantor an911423, 693 PM [API Monitor Spy on API Calls and GOM Interfaces (Freeware 32-bit and 64-bit Versions) | ahitab.com [Merton Snipa ee Co ror: Np tpt) ssc cane 0 FUE te SRE ATE “Monitoring without creating definitions [enracs Goda tse Stent [Elgtmarosen Fela mersse era a imccuan Tse seeomolee Gi vetmwe nose ) ont goupname Cha aeteocmenone 1a aaemaee 1 atone D1 ctaton a ab 13 mon tng esa big [Cena Process Memory Editor AP Monier includes 2 memory ctor that ets you view, eit and allocate memory in ay process. The memory editor also allows you o change the protection of ‘memory resons. Daring a breakpoint, the memory edi can be used o View and modify butTers inthe targel proces, Riph-lck on any process o sevice inthe Running Process window to auch the memory eit ww rohtab.com/apimantor APL Monta now allows monitoring of any APL fiom any DLL without requag XML defitions to crated, The newly added Eeternal DLL Filler allows DLL's 19 ‘be added and removed on an as-needed basis Once « DLL hasbeen added te ler works excl the same ay the capt ir: vidual APT's can be elcid for ‘monitoring and breakpoints canbe sl. In aon, the numberof parameters that ate eaptre from these AP's can be specified The Exleral DLL iter san also be "ved toile allowing mulape set's of DLL's tobe loaded bused onthe tng application siz911423, 633 PM [API Monitor Spy on API Calls and GOM Interfaces (Freeware 32-bit and 64-bit Versions) | ahitab.com (Witmimee eT at Fitering earn COM Monitoring [API Moaitr supports monitoring of COM Interfaces. The following screenshot displays COM method ells mae by DirectShow Graph ww rohtab.com/apimantor API Monto includes dynamic cal iteing capabilities which allows yout hie or show API cll based ona certain citeva, Over 25 diferent feds can be filter ‘pon. Filtering canbe used, foregoing calls tat take mae than SO ms to execute, ao View Unicode API calls fat failed and tured err code 2. ez911423, 633 PM [API Monitor Spy on API Calls and GOM Interfaces (Freeware 32-bit and 64-bit Versions) | hitab.com So en ocoasre a @pumowe nw 2 owascomter —GSCHLIMROCSERER ASCH SRR wane [ene Fug ONSEN = Fdaleg Boe exes wut sawn -c4oner: Hen sor + Decode Error Codes ww rohtab.com/apimantor a Qtek etn O48, 1,4 8, MUL 02) 0 esa names 1) 3 ene (8S HEY Joasnact as 2798255 00 A en ee UD a RE i aie {sp ea Qua rorasopo-tagrtr (cena TR WE oo for wie Guten Feecteenn() : To Sh SNES eet nga, aicncmacionencacmnoroc ener si, Loc > nice Gear Peecendnn onus, exch Nt sx ose ox io lost Gunza [spnacmescsnesonon forse) io E8 Gi damm | omaoceaa an Sine be log Gumus | (essence. qm) ix Ee ies Gana | Lovaortrteesco:y coco ebay = ‘i tam Sue a aaa tx So te Sunn orden aie es he tat Game [Snimcmanccgurmtonatomnann ie fim fost Sura x So tom Sunn a co tur jon ee » Same Inn tour demumat sown ns ce — Er Su imae [eesewanqoneg = ‘When an APT call als, API Monitor can call an appropriate cor funtion o reve ational information about the eor. GetLasEor, CommDigExtendedEor, WSAGetLastror functions are supported. In addition, NTSTATUS and HRESULT ero codes can be displayed in a fendly forma. nthe following seeeasho, he (ce a a m29114/23, 693 PM [API Monitor Spy on API Calls and GOM Interfaces (Freeware 32-bit and 64-bit Versions) | hitab.com + Multiple Layout Options “The GUI in ini version has boon completely wren ad provides a namber of wel fetes A number of predefined layout options ae sviible, however, you may choos to create your own custom layout. The GUI «divided int doknble windows for “API Capture Fite” "Ruaing Process”, "Ouro, "Parmer “Hex Buff, "Cal Sack” td “Hooked Process” Each ofthese windows ca be so "Docking, "Foaing™ "Hide" og “Auto Hide” 1+ Procets View “The Running Process window display ist of raning process and services that an be hooked. You can also righ lick on any proce to aun the memory PrerainaFoceses x ee ee ila D sascha Sal ewe aw [et srencowevance | a neal TE vntmare authonzation Semsce ee Depress man “VMware USB Aritstion Service 3220, 6 on omens cer ae B ornooad ff core © aipece |) snort social A poe tn ‘+ Monitoring of Services Monitoring of Windows Services is supported. The following crcensbot displays calls made by the Print Spoor sevice whea a document was printed to Microsoft XPS Document Writ, Please noe that to etal monitoring f serves, your user eeount mist have suliient privileges (Administrator mode mn Visa. Monitoring supports creating definitions for any DLL. Definitions ae created in XML format soneetne Cle STATES Nees ERATTOL AEDS ww rohtab.com/apimantor anz9114/23, 693 PM [API Monitor Spy on API Calls and GOM Interfaces (Freeware 32-bit and 64-bit Versions) | hitab.com + Threads ‘The Hooked Processes window displays processes tat were previously hooked or are curently being monitored, Expanding the process display al trends fo the ‘proces. The treed marked with "Ms the ain treed of he process. Treads mated with “W" are worker UeadS Inactive treads ae grayed ou and are also Fame a ee cn Enh ed igi te The Dod st a id 3. © Te wincennsrwowne 1 ah cwonsomasvoestvnsan trea ay ene cen 75 a Cal Peds tae (ens et stage Gi Pree 588 tre e010 these renner a west i (Gi reese raraneocsurmgteserer 2c 9) Pens 56 aap CabasPunng- OFF CB hres 0 pt dapcatbantniongcf| | ny = Fr Change Log Screenshots = Main Window © captre Fier BreakpoinStucare wv ohtab.com/apimanitor one9114723, 633 PM Decoded StustueBuser Dynamic Arays GUID Decoding = Memory Eaitor Exteral DLL Fier Call ieee Decode APL Exror COM Monitoring Process View Services Hook Service Options: Monitoring ww rohtab.com/apimantor [API Monitor Spy on API Calls and GOM Interfaces (Freeware 32-bit and 64-bit Versions) | hitab.com sone91423, 633 PM [API Monitor Spy on API Calls and GOM Interfaces (Freeware 32-bit and 64-bit Versions) | hitab.com Opsions: Memory Options: Dis = API Loader (Costom DLL Requirements Winds 2000, Windows XP 32-t, Windows XP 64-bit x4, Windows Mss 32-bit, Windows Vista bat x64, Windows 7 32-bit, Windows 7 68-it x64, Windows $32, Windows 8 4b x68 Download Download files below, ot Click hereto downlod from Mean Latest Release (Alpha r13) ABLMonior v2 (Alpha 31-386 3245 -- 32-bit for Windows 2000, Server 2003, XP, Vista, Windows 7, Server 2008 and Windows 8 ‘Support Forums ‘Tutorials Old Version 1.5 Leave a Reply. ‘You must be logged in topos comment. Loe ct xis > CGlTlaet comity Source Code Blacks Vins © SilhnAwembly © [CC] Revers Ey Tuoi for newbies © Wt2 = lncteased CPU wage when sng mull bales © Wels: Wen Key Crashing ww rohtab com/apimonitor - 6. for Windows XP, Vista, Windows 7, Server 2008 and Windows 8x64 (Inludes 32-bit version) Bortable- Roms without installing = 52-bit and 64-bit nae9114/23, 693 PM [API Monitor Spy on API Calls and GOM Interfaces (Freeware 32-bit and 64-bit Versions) | ahitab.com A sul fs engine wih Growonks © What you Listened toley, Meatinad Cantos bello ack to Toe {© 2000-2012 Robitab Batra, Al Rights Reserved ww rohtab.com/apimantor sane