APM provides you with a mini-arsenal of functions to use on target processes, and with the Load DLL capability even allows you to write your own plugins to extend the capability even further.
Get Command Line
The most elementary of all the features, Get Command Line simply retrieves and displays the execution
command line that started the process. This can be useful to determine what parameters (if any) a program was launched with.
Main API function(s): GetCommandLine
Unload DLL\Load DLL
These two related functions allow you to unload existing modules (ie.
DLLs) and load new modules into a target process. The Unload DLL feature is
particular useful if you wish to free a DLL (eg. to replace or delete it).
Software programmers and researchers will find the Load DLL feature particularly interesting as they can then develop their own DLLs that can be loaded into other processes,
giving your DLL the same level of control (and more) over the process as APM itself! The DLLs are loaded by the LoadLibrary API, so all 'normal' Win32 DLLs are supported.
Main API function(s): FreeLibrary, LoadLibrary
Because of the Load DLL capability, you can write plugins for any virtually application! See the \testdll\ subdirectory in your APM directory for an example.
Port Mapper
This uses a brute-force port-to-process mapping technique that is technically the same as the one used by another interesting freeware utility called
Inzider by Arne Vidstrom,
which is to be credited as the first program known to use this undocumented technique.
Unfortunately, the technique itself is generally not recommended, not least because of the requirement of having to be inside the target process, but also because it is relatively slow (it takes approximately 1-2 seconds per process due to 'brute-force' repeated calls to a Winsock API function), and results aren't very reliable. Additionally,
not all processes can be attached to, so this technique doesn't always work. Nevertheless, this feature has been included in APM as a further demonstration of what
is possible when you are inside another process.
Recommendation: For heavy-duty port-to-process mapping that utilises three advanced port-to-process mapping techniques, please visit the Port Explorer website at
http://www.diamondcs.com.au/portexplorer/
Unload Winsock
This feature invokes the Winsock WSACleanup function, attempting to gracefully cause the target process to terminate its use of ws2_32.dll. In turn this closes
all connections and sockets.
Main API function(s): WSACleanup
Close All Handles
All handles used by the target process will be closed.
Main API function(s): CloseHandle
Close File Handles
All file and directory handles used by the target process will be
closed. This is ideal if you need to delete or move a particular file but can't
because it's in use by another process.
Main API function(s): CloseHandle
Close Mutex Handles
All mutant handles used by the target process will be closed, freeing
any mutexes that were in use.
Main API function(s): CloseHandle
Use Less Memory
Empties the working set of the target process to reduce physical memory use.
Main API function(s): SetProcessWorkingSetSize
Get SeDebugPrivilege
Attempts to adjust the token
privileges of the target process so as to give it SeDebugPrivilege - a special
privilege that grants unique capabilities such as being able to terminate most
processes, including ones that normally say 'Access Denied'.
Main API function(s): AdjustTokenPrivileges
Exit Process
Most process viewers allow you to terminate processes. This is nearly always done via the TerminateProcess API, which forcefully terminates the target
process. However, this is not always desirable, and APM provides a safer alternative - the ExitProcess function. By MSDN definition - "ExitProcess is the preferred method of ending a process. This function provides a clean process
shutdown."
Main API function(s): ExitProcess
Memory Statistics
The memory statistics utility is a floating window that allows you to see memory statistics in real-time. Statistics are automatically updated every 2 seconds, allowing for realtime results without slowing down your PC.
What is an API function?API (Application Programming Interface) functions are routines provided by the operating system which programs can call to do some of their work for them. For example, the MessageBox API function displays a messagebox which can be used to not only inform the user of a message, but also ask the user to choose from options such as Yes/No.
Copyright © 2008, Diamond Computer Systems Pty. Ltd. All rights reserved.