[vox-tech] Question about listing loaded modules by process...

ME vox-tech@lists.lugod.org
Thu, 13 Jun 2002 08:08:31 -0700 (PDT) 

In cases where there is possibility of a root via a rootkit and an LKM
with evil payload, there is a tool "chkrootkit" that tries to find LKMs
based on diffs in reported processes and real processes - but it can
produce false positives in cases where processes appear and disappear
between the times differences in listed processes are gathered from actual
processes. It is not 100% in wat it tries to do, but makes some rather
good attempts and is much better tyan nothing when trying to track
something like this down.

http://www.chkrootkit.org/  and
http://www.chkrootkit.org/README

I'm not sure if this is what you are asking though...

could it be you just wanted lsmod? perhaps lsof?

Sorry, would need feedback to offer better answer. :-(

-ME

-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS/CM$/IT$/LS$/S/O$ !d--(++) !s !a+++(-----) C++$(++++) U++++$(+$) P+$>+++ 
L+++$(++) E W+++$(+) N+ o K w+$>++>+++ O-@ M+$ V-$>- !PS !PE Y+ !PGP
t@-(++) 5+@ X@ R- tv- b++ DI+++ D+ G--@ e+>++>++++ h(++)>+ r*>? z?
------END GEEK CODE BLOCK------
decode: http://www.ebb.org/ungeek/ about: http://www.geekcode.com/geek.html
     Systems Department Operating Systems Analyst for the SSU Library

On Thu, 13 Jun 2002, R. Douglas Barbieri wrote:

> Date: Thu, 13 Jun 2002 00:32:32 -0700 (PDT)
> From: R. Douglas Barbieri <doug@dooglio.net>
> Reply-To: vox-tech@lists.lugod.org
> To: LUGOD vox-tech mailing list <vox-tech@lists.lugod.org>
> Subject: [vox-tech] Question about listing loaded modules by process...
> 
> Hello all,
> 
> I came across a command a while ago which allowed me to see which 
> processes had what modules loaded. I can't for the life of me remember 
> what it is! Anyone know?
> 
> Doug
> 
> -- 
> R. Douglas Barbieri
> doug@dooglio.net
> http://www.dooglio.net
> 
> "That government is best which governs the least, because its people
>    discipline themselves."
> 
> -- Thomas Jefferson
> 
> 
> _______________________________________________
> vox-tech mailing list
> vox-tech@lists.lugod.org
> http://lists.lugod.org/mailman/listinfo/vox-tech
>