WinRasp is a RASP (Runtime Application Self Protection) solution for Windows. It can help customer to detect and remove the threats while the target application is at runtime. It can be used to protect registry, file, and process object.
Identify the target file is in using by which process. Provide the interface to close the file handle by force.
Prevent directory or file from data modifying, create new file and delete existing file. Support regular expression filter. User can set a white PID or process name to permit it can access the protected directory. Support receive directory and file modify event. Support Event Hanlder.
Hiding File or Directory from user mode application.
Provides a set of function call to support create, read and write file in kernel mode. To direct access file can avoid the user mode apihook module to interfere the real file data and information.
Monitor the process creation and exit event in the OS. Support regular expression filter. Support receive the process started and exit event. It can also block the unwanted process creation. Support Event Hanlder.
Monitor DLL image load event in the whole operating system. Prevent the suspicious DLL from being load. Support regular expression filter. Support receive and disposition of DLL Image load event.Support Event Hanlder.
Support Inject DLL in kernel mode. Both support dll injection to 32 and 64 bit process.
Support kill process in kernel mode. The caller can choose to kill the process normally or by force.
Support to read/write process memory in kernel mode. Also support read/write kernel address space memory in kernel mode.
Retrive a process list from kernel mode.
Capture the process object access event, filter and prevent the write request to the target process object. Support receive the event handler processing. Support Event Hanlder .
Prevent registry key from file data modifying, create new key and delete existing key. Support regular expression filter. User can set a white PID or process name to permit it can access the protected registry key. Support receive registry key modify event. Support Event Hanlder.
Provides a set of function call to support create, read and write registry key in kernel mode. To direct access registry key can avoid the user mode apihook module to interfere the real registry key data and information.
Hiding Registry key from user mode application.
Checking the target application is being debug. Checking OS Kernel is being debug.
To enumerate the all kernel callback object include process creation callback, DLL image load callback, object access callback and registry operation callback. Support remove the callback object in the system.
Provides a set of function call to support send and receive data in kernel mode. To direct access network can avoid the user mode apihook module to interfere the real network data and information.
Get a loaded kernel module list, including image name, image base address, entry point, image size.
For more information, please visit
http://www.etefs.com or
http://www.minifilter.net
For business cooperation or more product detail ,please contact
[email protected]