DLL injection support in Windows 8

What’s new in Windows 8

Windows 8 offers two modes of work: Metro and Desktop. Desktop is the mode we are used to, most apps that work on Windows 7, will work fine on Desktop mode including LSP. Metro is the new mode that uses sandbox for each app, Metro app can’t use normal Win API, it has to use WinRT which is a special Metro API.

How this affects DLL injection?

It is possible to inject DLLs into Metro apps, BUT, you will not be able to redirect Winsock traffic to localhost, it has nothing to do with the injection but a general limitation of Metro, localhost redirection will also fail if you try NDIS/WFP and try to modify the raw IP packet directly.

What’s next?

Any application that wants to intercept Metro based apps and redirect to localhost must use WFP proxy redirection, since all other method will not work with Metro (TDI/DLL Injection/LSP/NDIS)

Does Komodia has a solution?

Yes, we have a WFP component and adjusted it to work with Windows 8 new interception requirements, you can visit the product’s page: Komodia’s Redirector.

Is DLL injection dead?

DLL injection is not dead yet, in June 2012 around 42% of OS are Windows XP which can’t use WFP, so any company that still wants to support XP can use DLL injection, Windows 7 has 40% market share that supports DLL injection as well.

The advantage of Komodia’s solution that it supports the same API for WFP and LSP, so you don’t need to worry about the OS differences, Komodia’s solution doesn’t use DLL injection.