ElfStat is a Tool designed for detecting any kernel level rootkit [or other malwares] that modifies the text segment of the kernel in memory -- this implies any malware that modifies the code of the running kernel. This tool has some nice kernel analysis features, which are good for security analysts who want to dissasemble the malware code and even Patch IT. I've included 'kmp' kernel memory Patcher. This tool allows you to patch /dev/kmem which is generally more writable in FreeBSD than in Linux. The only real inconvenience with ElfStat is that it requires you have a copy of your uncompressed kernel image to use as a signature. In Linux this is created as vmlinux (not vmlinuz) and in FreeBSD it may be /boot/kernel/kernel. For complete instructions read the README file included with elfstat-version.tgz.