ExecutiveCallbackObjects

Research on Windows Kernel Executive Callback Objects

OS Version: Windows 10 Pro Insiders Preview 20H1 19008 or later

List of researched callback objects

542875F90F9B47F497B64BA219CACF69

AfdTdxCallback

EnlightenmentState

IoExternalDmaUnblock

IoSessionNotifications

LicensingData

LLTDCallbackMapper

LLTDCallbackRspndr

NdisBindUnbind

Phase1InitComplete

PowerState

ProcessorAdd

SeImageVerificationDriverInfo

SetSystemState

SetSystemTime

TcpConnectionCallbackTemp

TcpTimerStarvationCallbackTemp

VidPhu

WdEbNotificationCallback

WdNriNotificationCallback

WdProcessNotificationCallback

Disclaimer

This investigation is just being held for research purpose, we don't take part nor encourage any illegitimate use of what is explained in this repository. Also if you find any mistakes or different behaviours please feel free to contribute, we would gladly appreciate any contribution.

Acknowledgments

hFiref0x for WinObjEx64