[EP_X0FF]

This document covers kernel notification callback routines up to 19H1, released as part of WinObjEx64 v1.7

https://github.com/hfiref0x/WinObjEx64/ ... lbacks.pdf

Notification callbacks mentioned

• ObRegisterCallbacks
• CmRegisterCallbacks
• CmRegisterCallbacksEx
• PsSetCreateProcessNotifyRoutine
• PsSetCreateProcessNotifyRoutineEx
• PsSetCreateProcessNotifyRoutineEx2
• PsSetCreateThreadNotifyRoutine
• PsSetCreateThreadNotifyRoutineEx
• PsSetLoadImageNotifyRoutine
• PsSetLoadImageNotifyRoutineEx
• KeRegisterBugCheckCallback
• KeRegisterBugCheckReasonCallback
• IoRegisterShutdownNotification
• IoRegisterLastChanceShutdownNotification
• SeRegisterLogonSessionTerminatedRoutine
• SeRegisterLogonSessionTerminatedRoutineEx
• PoRegisterPowerSettingCallback
• DbgSetDebugPrintCallback
• IoRegisterFsRegistrationChange