Windows OS utility designed solely to monitor processes in the system that write to other process’ virtual address spaces. Malware often uses such techniques in order to write payload stubs to a foreign process to hook an API, load a malware DLL etc. ntdll!NtWriteVirtualMemory is hooked in order to achieve the desired logging functionality in usermode. We have created WPMSvc, a service-only version.
For Windows XP, Vista, 7, 8, 10 (32\64-bit)
This is a software application with a simple graphical user interface (GUI).
Effectively monitor all WriteProcessMemory API operations in the system.
Ignore logging of WriteProcessMemory API calls from system processes.
You can easily export the logged data to a text file via the Export button.
The service-application uses only a few MBs of memory, you will not even notice it.
The program is free from spyware, adware or other pests, nothing extra is installed.
|Last Updated||December 23, 2015|
|Operating System||For Windows XP, Vista, 7, 8, 10 (32\64-bit)|
|Category||Malware Analysis Tools|
|File Size||1.4 MB|