WinRasp - RASP Solution For Windows
1 Introduction
WinRasp is a RASP (Runtime Application Self Protection) solution for Windows. It can help customer to detect and remove the threats while the target protected application is at runtime. It includes registry security module , file/directory security module , process object security module and some misc support features.
2 Features
2.1 File/Directory Security module
| Name | Descrition |
| File Unlock | Identify which process is using the target file is used. Provide the interface to close the file handle force. |
| Directory Protection | Prevent directory/ file from data modifying, create new file and delete existing file. Support regular expression filter. User can set a white PID or process name to permit it to access the protected directory. Support receive directory and file modify event. |
| File/Directory Hiding | Hiding File or Directory from user mode application. |
| Direct File Access | Provides a set of function call to support create, read and write file in kernel mode. To direct access file can avoid the user mode apihook module to interfere the real file data and information. |
2.2 Process Security module
| Name | Decription |
| Process Creation Monitor | Monitor the process creation and exit in the OS. Support regular expression filter. Support receive directory and file modify event. |
| DLL Image Load Monitor | Monitor DLL image load event in the whole system. Prevent the suspicious DLL from being load. Support regular expression filter. Support receive and disposition of DLL Image load event. |
| Kill Process Force | Support kill process in kernel mode. |
| DLL Injection | Support Inject DLL in kernel mode. |
| Process memory Read/Write | Support to read/write process memory in kernel mode. Also support read/write kernel address space memory in kernel mode. |
| Process Object Protection | Capture the process object access event, filter and prevent the write request to the target process object. |
2.3 Registry Security module
| Name | Description |
| Registry Key Protection | Prevent registry key from file data modifying, create new key and delete existing key. User can set a white PID or process name to permit it to access the protected registry key. Support receive registry key modify event. |
| Direct Registry Access | Provides a set of function call to support create, read and write registry key in kernel mode. To direct access registry key can avoid the user mode apihook module to interfere the real registry key data and information. |
| Registry Key Hiding | Hiding Registry key from user mode application. |
2.4 Misc Security module
| Name | Decription |
| Debugging state checking | Checking the target application is being debug. Checking OS Kernel is being debug. |
| Callback Management | To enumerate the all kernel callback object include process creation callback, DLL image load callback, object access callback and registry operation callback. Support remove the callback object in the system. |
| Direct network access | Provides a set of function call to support send and receive data in kernel mode. To direct access network can avoid the user mode apihook module to interfere the real network data and information. |
| Kernel Driver module list | Get a loaded kernel module list, including image name, image base address, entry point, image size. |
3 Support and Services
-
License type
4. The File/Directory Security module, Process security Module, Reigstry Security Module, Misc Security Module can be purchased individual.
Clients can evaluate WinRasp for 1 month. WinRasp supports two kinds of license term.
1. SDK license
The SDK package includes these items shown in the flowing list:
Executable binary files for both x86 and x64 Windows OS
Header and lib files for compiling and linking
A full source code demo project that describes the usage of WinRasp API
WinRasp SDK reference.pdf
WinRasp user’s guide.pdf
2. Full source code license
The full source code package includes these items shown in the flowing list:
Executable binary files for both x86 and x64 Windows OS
Full source code for all modules of WinRasp.
WinRasp SDK reference.pdf
WinRasp user’s guide.pdf
3. Both SDK and source code license are no limitation on number of copy installation.Technical support
License of WinRasp includes one year of technical support, including questions, bug support, and access to framework maintenance updates. Licensees will also have options to secure major updates (functional enhancements) and OS upgrades as well.
Custom development
Some clients may want to customize core components of WinRasp to meet their product needs. In addition to providing full source license, we can be engaged to provide custom development services to modify WinRasp to client specifications.