Tag Archives: Detours

Hooking Winsock

Hooking Winsock is one way to allow the programmer to intercept Winsock2 calls, this way has advantages and disadvantages. Advantages:

  • No need to install anything.
  • Easy to learn.


  • For commercial products requires a commercial hooking library.
  • For 64bit there’s only Microsoft Detours which costs a small fortune.
  • On Vista and above you have to deal with injection security enforcement.


API interception via DLL redirection

API interception via DLL redirection is a method that can be used to modify the default behaviour of an application that you don’t have the source code to.

Since this Blog is about network interception, I’ll address that point. It’s possible to intercept the Winsock API via DLL injection (also called detouring). This method has advantages and disadvantages (at Komodia we use Winsock LSP to do that), the main advantages of network DLL injection:

  • Doesn’t require installation of any kind (unless you want to intercept services on Vista/7 which is another story)
  • Easy to code

Disadvantages are:

  • Need a detouring library, if you are going for a commercial project it will cost you, also for 64bit you only have Microsoft Detours and Komodia Detours (and that’s it)
  • Will not work with all apps.
  • Some apps are protected against detouring.
  • Need special code for Vista/7 if you want to intercept services and normal apps from a single service.