Since some rootkits operate as kernel modules, and many computer issues can be caused by corrupt kernel modules, I was thinking that it would be great if RunAlyzer could list the installed modules, and give options to disable/remove/etc.

Obviously this goes beyond the original purpose of RunAlyzer, but since kernel modules are a large part of what is happening with Windows, it might be prudent to at least be able to get a list of them when running RunAlyzer from a BartPE disk.

Hi,

Correct me if I'm wrong but, but I think kernel modules are listed in the registry under the "HKLM\System\ControlSet00x\Services" key.

And RunAlyzer already scans that key.

But perhaps I could be missing the point. Are there any other places where Kernel Modules can be located?

Regards.

If kernel modules are all loaded as services, and therefore already displayed as services, then it would at least be nice if there was something to distinguish them from the other services.

I'll admit that I really don't know how kernel modules work in Windows (any recommended reading would be appreciated). My assumption was that the average kernel module was executed differently than services and startup applications (although I know that Logitech runs theirs as a service).

What Leolo probably refers to you can probably see here:
QUERY_SERVICE_CONFIG Structure (http://msdn2.microsoft.com/en-us/library/ms684950%28VS.85%29.aspx), for services with dwServiceType=SERVICE_KERNEL_DRIVER.

When you click services in RunAlzer, you can find this information in the Service Info tab below (as Service Type: (1) kernel drv).

Sure, this could be made an additional column in the list above, but that would of course "steal" another few pixels in width from the description field.

As for something to read about, you can find a lot by doing a search for "Mark Russinovich Kernel". Mark Russinovich has written quite a lot on the topic. That's usally very technical though (but then, what about the kernel isn't? ;) ).