Skip to Content
Learning Malware Analysis
book

Learning Malware Analysis

by Monnappa K A
June 2018
Beginner
510 pages
13h 7m
English
Packt Publishing
Content preview from Learning Malware Analysis

5. Listing Kernel Modules

To list the kernel modules, you can use the modules plugin. This plugin relies on walking the doubly linked list of metadata structures (KLDR_DATA_TABLE_ENTRY) pointed to by PsLoadedModuleList (this technique is similar to walking the doubly linked list of _EPROCESS structures, as described in Chapter 10, Hunting Malware Using Memory Forensics, in the Understanding ActiveProcessLinks section). Listing kernel modules may not always help you identify the malicious kernel driver out of the hundreds of loaded kernel modules, but it can be useful for spotting a suspicious indicator such as a kernel driver having a weird name, or kernel modules loading from non-standard paths or the temporary paths. The modules plugin ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Practical Malware Analysis

Practical Malware Analysis

Michael Sikorski, Andrew Honig
Malware Analysis Techniques
Mastering Malware Analysis

Mastering Malware Analysis

Alexey Kleymenov, Amr Thabet
Evasive Malware

Evasive Malware

Kyle Cucci

Publisher Resources

ISBN: 9781788392501Other