86

GitHub - 0xcpu/ExecutiveCallbackObjects: Research on Windows Kernel Executive Ca...

 4 years ago
source link: https://github.com/0xcpu/ExecutiveCallbackObjects
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

README.md

ExecutiveCallbackObjects

Research on Windows Kernel Executive Callback Objects

OS Version: Windows 10 Pro Insiders Preview 20H1 19008 or later

List of researched callback objects

542875F90F9B47F497B64BA219CACF69

AfdTdxCallback

EnlightenmentState

IoExternalDmaUnblock

IoSessionNotifications

LicensingData

LLTDCallbackMapper

LLTDCallbackRspndr

NdisBindUnbind

Phase1InitComplete

PowerState

ProcessorAdd

SeImageVerificationDriverInfo

SetSystemState

SetSystemTime

TcpConnectionCallbackTemp

TcpTimerStarvationCallbackTemp

VidPhu

WdEbNotificationCallback

WdNriNotificationCallback

WdProcessNotificationCallback

Disclaimer

This investigation is just being held for research purpose, we don't take part nor encourage any illegitimate use of what is explained in this repository. Also if you find any mistakes or different behaviours please feel free to contribute, we would gladly appreciate any contribution.

Acknowledgments

hFiref0x for WinObjEx64


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK