What is a Callback Function?
In simple terms, it’s a function that is called through a function pointer. When we pass a function pointer to the parameter where the callback function is required, once that function pointer is used to call that function it points to it’s said that a call back is made. This can be abused to pass shellcode instead of a function pointer. This has been around a long time and there are so many Win32 APIs we can use to execute shellcode. This article contains few APIs that I have tested and are working on Windows 10.
Analyzing an API
For example, let’s take the function
user32.dll. The first parameter
lpEnumFunc is a pointer to a callback function of type
The function passes the parameters to an internal function called
The first parameter which is the callback function pointer is called inside this function making it possible to pass position independent shellcode.