Introduction to API Monitor (API monitoring tool)

API Monitor is a freeware that allows you to monitor and control applications and services, making API calls. It is a powerful tool to see how applications and services work, or track your problems in your own applications.

64-bit Support

API monitoring supports monitoring of 64-bit applications and services. The 64-bit version can only be used to monitor 64-bit applications and 32-bit versions for monitoring only 32-bit applications. To monitor 32-bit applications in 64-bit Windows, you must use the 32-bit version. Note that API monitoring for 64-bit installers includes both 64-bit and 32-bit versions.

Summary view and syntax highlighting

The Summary window displays information about the API calls. This includes the thread ID and the name of the DLL that made the API call, with all arguments and syntax highlighting the return value of the API call. If the API call fails, information about the error is also displayed.

13000 API definition, more than 1,300 COM interfaces

API Monitor comes with an API defined for nearly a $17,000 DLL with more than 13,000 API and more than 1,300 COM interfaces (Shell,web browser, Directshow,directsound,directx, Direct2d,directwrite,windows image processing components, debugger engine, MAPI, etc.). The API is organized into categories and subcategories (as specified in MSDN). The API capture filter allows you to select the API to monitor.

Structures, unions, enumerations and flags

API Monitor can decode and display 2000 different structures and unions, 1000+ enumerated data types, 800+ flags. The structure within the array, buffers and arrays, can also be viewed.

Buffer view

The API Monitor can display input and output buffers. The amount of data displayed is calculated automatically from the API of other parameters, or from the API return value. The maximum amount of data that is captured is configurable. The following screen shows the buffer after the API call of ReadFile. The length of lpbuffer is calculated by looking at the value of the Lpnumberofbytesread API call after it has been executed. In this case, the value returned is 174, which is the length of the buffer that is displayed.

Call Tree

API monitoring displays a call tree that shows the hierarchy of API calls. The following screen shows a call tree called by the CoGetClassObject call by a Visual Basic application loaded by Microsoft's Winsock ActiveX control. The ActiveX control Mswinsck.ocx makes calls to WSAStartup and Createwindowexa from DllMain.

Decoding parameters and return values

Two parameters and return values can be displayed as a user-friendly format. The first one below, for the parameter values to watch normally. The second screen shows the decoded parameter values. For DWSHAREMODE,API Monitor Display File_share_delete | File_share_read, instead of 5, when the decode parameter value is enabled option. This option is available both in the Parameters pane and in the Summary pane.

Breakpoint

API Monitor allows you to set breakpoints through API calls to control the target application. Breakpoints can be triggered before an API call, after an API call, in an API failure, or if an API generates an exception. Pre-call breakpoints allow you to modify their arguments before they are passed to the API, skip API calls, and specify the return value and past error codes. After calling the wrong breakpoint allows you to modify the parameters, return values and past error codes before they are passed to the caller. An exception breakpoint allows you to catch an exception to prevent a potential crash of a target application. Global breakpoints can also be raised in API errors and exceptions. Full auto-complete support applies to all supported enumeration data types and flags.

Monitoring without creating a definition

The API Monitor can now monitor any DLL's API without the need for an XML definition to create it. The newly added external DLL filter allows DLLs to be added and one to be removed as needed. Once the DLL is added, the filter works exactly the same, capturing the filter; Individual APIs can be selected for monitoring and breakpoints can be set. In addition, you can arbitrarily specify the number of capture parameters from these APIs. External DLL filters can also be saved to a file, allowing multiple sets of DLLs to be loaded based on the target application.

Process Memory Editor

API monitoring includes memory editor, can let you check?? See, edit and allocate memory in any process. The memory editor also allows you to change the protection of the memory area. In a breakpoint, the memory editor can be used to view and modify buffers in the target process. Right-click the Startup memory Editor in any program or service on the window during the run.

Call filtering

API monitoring includes a dynamic call filtering feature that allows you to hide or show a standard API call based on certain criteria. More than 25 different fields can be filtered according to. Filtering can be used, for example, to discover a Unicode API call that takes more than 50 milliseconds to execute or to view the failure and return error code 2.

COM monitoring

The API monitor supports monitoring COM interfaces. The following screen shows the GraphEdit COM method calls made in DirectShow.

API monitors can decode GUIDs, IID and REFIID, and display them in a human-readable format

Decoding error Codes

When the API call fails, API Monitor can call the appropriate error function to get additional information about the error. GetLastError functions, Commdlgextendederror, support for WSAGetLastError functions. Additionally, the NTSTATUS and HRESULT error codes can be displayed in a friendly format. In the following, the API connection fails. The error code determined by the API Monitor is tuned to WSAGetLastError and displays two error codes and a red error message.

Call stack

The API Monitor lets you capture and view the call stack for each API call. The following screen shows the NtCreateFile API call stack.

Multiple layout options

This version of the graphical user interface has been fully written and provides a number of useful features. Some pre-defined layouts are available, but you can choose to create your own custom layouts. The GUI is divided into dockable Windows "API capture Filter", "Running process", "output", "parameters", "Hex buffer", "Call stack" and "hook process". Each of these windows can be set to "docking", "floating", "hidden" or "Auto Hide".

Process View

A Running Process window displays a list of running processes and services that can be hooked up. You can also right-click any program to launch the memory editor.

Service Monitoring

Supports monitoring of Windows services. The following screen shows a call to the Microsoft XPS Document Writer's print Spooler service when a file is printed. Note that to enable monitoring of the service, your user account must have sufficient permissions (in Vista and later in the system administrator mode).

Custom DLL Monitoring

API Monitor supports the creation of any DLL definition. Defining XML Format creation

Theme

The Hook Process window shows the process that was previously hooked or being monitored. All threads in the process are displayed during the widening process. The thread labeled "M" is the main path of the process. A worker thread marked with a "W" thread. The inactive theme is gray and has a red square labeled with its icon. Each thread displays the thread ID and the start address is thread.

Requirements

Windows 2000 and Windows XP 32-bit Windows XP 64-Bit Edition x64,windows Vista 32-Bit Edition, Windows Vista 64-Bit Edition X64,windows 7 32-bit, Windows 7 64-bit x64 WI Ndows 8 32-bit, 64-bit x64 for Windows 8

Download

API Monitor v2 (ALPHA-R13)-x86 32-bit--32-bit for Windows, Server 2003, XP, Vista, Windows 7, server, and Wi Ndows 8
API Monitor v2 (alpha-r13)-x64 64-bit--64-bit for Windows XP, Vista, Windows 7, Server $ and Windows 8 x64 (includ Es 32-bit version)
API Monitor v2 (ALPHA-R13)-portable--portable-runs without Installing-32-bit and 64-bit

Resources

API Monitor (API monitoring tool)

API Monitor Official website

Introduction to API Monitor (API monitoring tool)