Callbacks.dll is a WinDbg extension that will enumerate all pointers inside of the following symbols for callbacks that are registered on the system:
- nt!PspCreateProcessNotifyRoutine
- nt!PspCreateThreadNotifyRoutine
- nt!PspLoadImageNotifyRoutine
The extension takes in either of the four parameters: process, image, thread, or all. This just makes life a little bit easier when you're doing whatever it is you're doing with them.
This just lists the callbacks, nothing more nothing less but as I continue working on my shenanigans...I will make sure to continue adding on to this.
Have fun!