Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

API Monitor utility traces application performance for Windows

Admins can use updated API monitoring software to hook into API calls and get an inside look at application mechanisms for improved tracking capabilities.

My favorite tools for Windows are the ones that let you not only look under the hood (so to speak), but inside the engine itself. Process Explorer for instance, has long been the reigning king of such apps. As time has gone on, however, I've found a slew of other programs to complement Process Explorer's functionality. The newest candidate is called API Monitor from Rohitab Batra.

It's not hard to guess what API Monitor does considering its name. It tracks application program interface (API) calls made by programs and lets you analyze the results in a variety of ways. It's not for novices though, as it requires some understanding of Windows APIs -- otherwise the results it returns won't be of much use to you.

More on Windows tools and techniques

Building an automated permissions management solution with Icacls

Sysinternals RAMMap utility sheds new light on Windows memory usage

Free PHP add-on brings accelerated speed, support to Windows Server

API Monitor works by running side-by-side with the programs you want to monitor. When you launch the program, you'll see a tree view of API lists in the upper left window from which you can select APIs to monitor. The window in the bottom left contains a list of processes that are currently running. Right-click on one, select Hook and API Monitor will begin dumping a list of all the previously selected APIs used by that program.

Each hooked process appears as a subentry in the Hooked Process window. Expand the program entry and you'll see a list of threads tracked from that process. Note that terminated threads are grayed out. Select a thread and you'll see a list of the API calls made from that thread. Click on a call to see its parameters exposed in another sub-window.

API Monitor isn't just limited to dumping native Windows APIs, however. It comes pre-loaded with API definitions from a number of third parties such as Mozilla. If you want to add a definition for a dynamic link library (DLL) on your own, you can manually create the definition as a simple XML-format file and add it to the program's API dictionary. The dictionaries let you register web links for APIs, which allow you to click on the name of an API and see a description for it in a browser window (from MSDN, for instance).

There are also a slew of tutorials available to walk you through some common API Monitor tasks, such as sniffing SSL-encrypted traffic from Internet Explorer. Before you panic, however, remember that this is only sniffing traffic on the local computer and that if someone has console access to your machine, it's game over for security no matter what.

API Monitor comes in two editions -- one for monitoring 32-bit applications and another for 64-bit apps. Unlike Process Explorer, where the 64-bit version could analyze 32-bit processes, you can only use the 64-bit version of API Monitor to analyze 64-bit programs and vice versa. Also, note that some programs may crash when hooked or unhooked, so don't hook into a program that's currently working with data you don't have backed up somewhere.

An older version of the program, API v1.5 (32-bit only) is also available, but the author encourages using the newer version, both for its expanded feature set and to help uncover bugs.

Figure 1: API Monitor (click to enlarge)
 API Monitor hooking into an instance of Google Chrome and dumping properties from an invocation of the WindowFromPoint API in COMCTL32.DLL. Note the checkbox lists in the upper left, which tell API Monitor what APIs to hook into.

Serdar Yegulalp has been writing about computers and information technology for more than 15 years for a variety of publications, including InformationWeek and Windows Magazine.

Dig Deeper on Windows administration tools