DiamondCS APM is an advanced process/module viewer and manipulation
utility that allows unique control over target processes by becoming a
part of them.
Take control of a process by becoming a part of it
Unlike conventional process viewers, DiamondCS APM doesn't control
processes by remotely sending them instructions. Instead, APM safely
attaches a part of itself to the target process, essentially becoming a
part of that process. Once 'inside', APM is free to perform actions on
behalf of the target process. For example, if it calls the ExitProcess
API call, the target process terminates.
Control processes in ways that aren't conventionally possible
Because of this 'insider' nature, APM is able to do some remarkable
things that aren't otherwise possible. For example, it can determine
the commandline of any process by making it call the GetCommandLine API
function. It can use FreeLibrary and LoadLibrary to unload and load
DLLs into the process (allowing you to make plugins for virtually any
program!). It can even determine which ports the target process is
using! APM has even been used here in our lab to disinfect an
explorer.exe-infecting rootkit-style trojan from a test machine, making
it an excellent anti-trojan tool.
|
