Tag Archives: Injection

API interception via DLL redirection

API interception via DLL redirection is a method that can be used to modify the default behaviour of an application that you don’t have the source code to.

Since this Blog is about network interception, I’ll address that point. It’s possible to intercept the Winsock API via DLL injection (also called detouring). This method has advantages and disadvantages (at Komodia we use Winsock LSP to do that), the main advantages of network DLL injection:

  • Doesn’t require installation of any kind (unless you want to intercept services on Vista/7 which is another story)
  • Easy to code

Disadvantages are:

  • Need a detouring library, if you are going for a commercial project it will cost you, also for 64bit you only have Microsoft Detours and Komodia Detours (and that’s it)
  • Will not work with all apps.
  • Some apps are protected against detouring.
  • Need special code for Vista/7 if you want to intercept services and normal apps from a single service.

Barak