WinAPI Search
v.1.0.5.0
Copyright (c) 2019-2022 by dennisbabkin.com. All rights reserved.
(Windows 8/10/11)

LAST MODIFIED: Nov 11, 2022


To download an older version for Windows XP/Vista/7:
https://dennisbabkin.com/php/downloads/WinApiSearch_win7.zip



DESCRIPTION:
================

WinAPI Search app was designed primarily for Windows developers, researchers and malware reverse 
engineers. Its original goal was to provide a utility to search for Win32 functions by name, but 
this app later grew to include additional functionality.

The following features are supported:

- Search a single or multiple binary PE files by Win32 function name.

- Support for Regular Expressions in search strings.

- Search for specifc PE files using the following filters:

  - Bitness: 32-bit, 64-bit.

  - Search only in export table, import table, or "delay load" import table of the PE headers.

  - Ability to differentiate between C and C++ functions, as well as among ordinal function names 
    and export table forwarded functions.

  - Support for API-Sets or Windows "umbrella" libraries.

  - Search by certain PE header subsystem, such as: boot application, console application, GUI 
    application, native application, EFI driver, EFI ROM, Win9x, POSIX or OS/2 subsystem, Windows 
    CE or XBox subsystem, etc.

  - Search by certain PE header characteristics, such as: use of ASLR, App Container, Control Flow
    Guard, Data Execution Prevention, support for Large Address Awareness, manifest isolation, no 
    binding, no SEH, Terminal Server Awareness, buffer overrun checks, code integrity signature 
    checks, and more.

  - Search by presence of certain PE header directories, such as: .NET & COM runtime discriptor, 
    base relocation table, bound import directory, debug directory, delay-load import table, 
    exception directory, export directory, import directory, import address table (IAT), load 
    configuration directory, security directory, thread local storage (TLS), resources directory 
    (with specific resource types) and more.

  - Search by a compilation timestamp date range.

- Search for PE files that import a certain module (DLL) by its name.

- Search for Win32 and HRESULT error codes using their numerical values.

- Search for Win32 and HRESULT errors by their message text.

- Ability to undecorate (or demangle) Microsoft-specific symbol names.

- Check PE file for correctness, including its structure and layout.

- For each API it can retrieve the following:

  - Linear file offset, as well as the mapped offset for the function.

  - What physical module (or file on disk) the function resolves to.

  - Distinguish whether the symbol refers to an executable function or to a global variable.

  - Other details about the PE file that were given above.

- Overall this app can be used as a replacement for Microsoft's discontinued Dependency Walker.


This utility does not require installation and can be run from any location on the disk.






To download your copy go to:
https://www.dennisbabkin.com/winapisearch/

For bug reports go to:
https://www.dennisbabkin.com/sfb/?what=bug&name=WinApiSearch


Thank you!
















