WriteProcessMemory API Monitor is a designed to monitor processes in the system that writes to other process' virtual address spaces. Malware often uses such techniques in order to write payload stubs to a foreign process to hook an API, and load a malware. ntdll!NtWriteVirtualMemory is hooked in order to achieve the desired logging functionality in user mode. WriteProcessMemory API Monitor can easily be integrated into malware or rootkit test environments to help the security researcher reverse analyze a piece of malware alongside other powerful tools.
What's new in version 1.2
ReleaseApril 24, 2012
Date AddedDecember 1, 2011
Operating SystemsWindows 2003, Windows 2000, Windows Vista, Windows 98, Windows Me, Windows, Windows NT, Windows 7, Windows XP