Kernel callback routines
Usage
- Malicious process notify routines
- Image load callbacks
- Registry callbacks
Commands
# List kernel callbacks (Vol2)
vol.py -f <mem> --profile=<profile> callbacks
# List kernel callbacks (Vol3)
python3 vol.py -f <mem> windows.callbacks