Another method for listing the kernel modules is to use the driverscan plugin, as shown in the following code. The driverscan plugin gets the information related to kernel modules from a structure named DRIVER_OBJECT. To be specific, the driverscan plugin uses pool tag scanning to find the driver objects in the physical address space. The first column, Offset(P), specifies the physical address where the DRIVER_OBJECT structure was found, the second column, Start, contains the base address of the module, and the Driver Name column displays the name of the Driver. For example, the driver name \Driver\Beep is the same as Beep.sys, and the last entry shows the malicious driver, \Driver\2683608180e436a1 ...