WriteProcessMemory Monitor

WriteProcessMemory API Monitor is a designed to monitor processes in the system that writes to other process' virtual address spaces. Malware often uses such techniques in order to write payload stubs to a foreign process to hook an API, and load a malware. ntdll!NtWriteVirtualMemory is hooked in order to achieve the desired logging functionality in user mode. WriteProcessMemory API Monitor can easily be integrated into malware or rootkit test environments to help the security researcher reverse analyze a piece of malware alongside other powerful tools.