CRFIlter - COM & RPC FIltering Technology

Overview
CRFiltering Technology:
- allows filtering RPC and COM inside Windows, including system processes
- deliveries infrastructure for instrumentation any process in all Windows version (including privilege processes)

CRFilter is free tool which bases on CRFiltering Technology and traces ALL RPCs server requests inside Windows.

CRFilter - RPC Trace Tool
Following picture demonstrates SRFilter trace example:

It's fragment of Service Control Manager (SCM) and Local Session Manager (LSM) services.
What do you need more? Parameters of every function?
Call us and we help you!

CRFiltering Technology Features
CRFiltering Technology allows defining RPC function hooks - filtering procedures which runs inside appropriate Windows Services and hooking calls when appropriate server RPCs are called. CRFiltering hooks work independently from Local Program Call (LPC) or Remote Program Call (RPC) comes and which RPC protocol is issued.
Inside filtering procedure you may receive caller information (Local Client PID, remote Client IP Address or Name) and which user issues the RPC (Impersonate Client).
After hooking filtering procedure may communicate with other programs via standard communication interfaces (pipes, WinSock) or write information to file.

Other CRFiltering feature, it deliveries infrastructure for instrumentation about any Windows process, independently from its privileges. You may create simple Plugin. When named target DLL is loaded, but not started yet, CRFiltering loads your Plugin such as it may hook any target DLL API before it would be used. CRFiltering processing both static and dynamic loading of Target DLL.

CRFiltering Configuration Requirements
Windows Server 2008 R2, 32 and 64 bits
Windows Workstation 7, 32 and 64 bits

CRFiltering for Windows Workstation 8 and Windows Sever 2012 are coming soon.

CRFilter Features
You may see CRFilter trace example on the picture above. It's downloaded from CRFilter is configurable tool.
CRFilter is configurable tool. You may define:
1. Output all RPC calls from all processes or define process name
2. Direct trace to WinDBG or/and inside the file
3. Set format of output line
4. Exclude some processes from filtering

How CRFiltering may be used?
Must be noted, about all Microsoft Window Services use RPC as base interface. You may use RPCFIltering for following purposes:
1. RPC Interface Control Products which allows control which User from which Computer and Application try to access appropriate RPC Interface
2. Vulnerability protection for RPC server interfaces
3. Abnormal Client behavior detection
4. Use CRFiltering instrumentation ability for hooking different DLL APIs.
5. Creating different protection. For example, hooking with following blocking APIs such as VirtualProtect() and CreateRemoteThread() prevents working even unknown and not detected malware and spy programs.

CRFilter Free Version
CRFilter 32-bit version is free.
CRFilter 64-bit version is supplied by driver which signed by test certificate. You have to enforcement driver signature by BCDEdit (bcdedit.exe /set nointegritychecks ON) or by downloaded DSEO program.
Call us, if you would need CRFilter 64-bit tool start on not enforced system.

Downloading
CRFilter RPC Trace Tool Download 64 bit
CRFilter RPC Trace Tool Download 32 bit
Call Us
Welcome to admin@crfiter.com