WriteProcessMemory Monitor 1.5 + portable


This post was published 5 years ago. Download links are most likely obsolete.
If that's the case, try asking the author to reupload.

WriteProcessMemory Monitor 1.5 + portable
WriteProcessMemory Monitor 1.5 + portable | 3.2 Mb
WriteProcessMemory Monitor is a Windows OS utility designed solely to monitor processes in the system that write to other process’ virtual address spaces. Malware often uses such techniques in order to write payload stubs to a foreign process to hook an API, load a malware DLL etc. ntdll!NtWriteVirtualMemory is hooked in order to achieve the desired logging functionality in usermode.

WriteProcessMemory Monitor displays the caller process and target process filenames as well as their respective process identifiers are shown along with the size of the buffer written to the process and the actual contents represented in hexadecimal of the buffer. The location of the written memory is also listed in hex for run-time reverse engineering convenience.

Whats New:
[23-12-2015] - v1.5.0.0

+ Improved logging of API call events

All comments

    Load more replies

    Join the conversation!

    Login or Register
    to post a comment.