Kernel Modules Window

Kernel Modules window holds a list of loaded kernel modules with specifying their names, full paths, base address, memory image size. Also, the following additional information is outlined: module description and its company-developer, state (Hidden in memory, Modified image) and results of checking its digital signature and scanning by the antivirus engine.

If a file is digitally signed, it’ll be coloured in green. Provided a file is detected by the antivirus engine, it’ll be coloured in red (infected) or yellow (suspicious). If there are some oddities of file state in the memory, it’ll be coloured in yellow. All other modules will be displayed in black.

Don’t display files digitally signed flag allows excluding information on files, which are digitally signed, from the list.

Additional information collected by a driver of kernel mode modules extended monitoring will be displayed if the Use extended detection mode is set.

Note: The flag becomes enabled after the driver has been installed and the computer has been rebooted.

Vba32 AntiRootkit kernel modules Kernel Modules Window
Kernel Modules window

The Dump button allows dumping selected kernel modules and save this dumps on a hard drive.


Kernel Modules Window