From dfac235733a264d12953d9a1d9343c40a62eaa31 Mon Sep 17 00:00:00 2001
From: Sebastian Lenzlinger <74497638+sebaschi@users.noreply.github.com>
Date: Tue, 13 Jun 2023 14:34:12 +0200
Subject: [PATCH 1/2] Update README.md

Add warning about updating whitelist.txt with current kernel modules
---
 README.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/README.md b/README.md
index e4f3b8f..abd3745 100644
--- a/README.md
+++ b/README.md
@@ -51,8 +51,7 @@ To run just kernel module detection
 # Warning
 Running any part if this program in a lightheaded manner may break your system.
 Killing processes and unloading modules should be done with caution. We suggest testing it an a VM.
-If one runs the KLDetect with the kernel module keylogger detection option set, make sure to update the [whitelist.txt](https://github.com/sebaschi/keylogger-detector/blob/main/src/whitelist.txt)
-with the safe kernel modules that you know you have on your system. Altough KLDetect should not unload any kernel modules currently used, better safe than sorry.
+If one runs the KLDetect with the kernel module keylogger detection option set, make sure to update the [whitelist.txt](https://github.com/sebaschi/keylogger-detector/blob/main/src/whitelist.txt), with the safe kernel modules that you know you have on your system. In particular we highly suggest running ```lsmnod > <path-to-kldetect>/whitelist.txt```, before inserting a kernel keylogger. This way 'normal' modules that you already have installed on the 'clean' kernel will not accidentally be unloaded. Altough KLDetect should not unload any kernel modules currently used, better safe than sorry.
 
 # Developers
 Copyright © 2023[Michel Romancuk](https://github.com/SoulKindred), [Sebastian Lenzlinger](https://github.com/sebaschi)

From e3c076b1df21f68947024ae323ea0af9520f505f Mon Sep 17 00:00:00 2001
From: Sebastian Lenzlinger <74497638+sebaschi@users.noreply.github.com>
Date: Tue, 13 Jun 2023 14:35:53 +0200
Subject: [PATCH 2/2] Update README.md

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index abd3745..629e9a3 100644
--- a/README.md
+++ b/README.md
@@ -51,7 +51,7 @@ To run just kernel module detection
 # Warning
 Running any part if this program in a lightheaded manner may break your system.
 Killing processes and unloading modules should be done with caution. We suggest testing it an a VM.
-If one runs the KLDetect with the kernel module keylogger detection option set, make sure to update the [whitelist.txt](https://github.com/sebaschi/keylogger-detector/blob/main/src/whitelist.txt), with the safe kernel modules that you know you have on your system. In particular we highly suggest running ```lsmnod > <path-to-kldetect>/whitelist.txt```, before inserting a kernel keylogger. This way 'normal' modules that you already have installed on the 'clean' kernel will not accidentally be unloaded. Altough KLDetect should not unload any kernel modules currently used, better safe than sorry.
+If one runs the KLDetect with the kernel module keylogger detection option set, make sure to update the [whitelist.txt](https://github.com/sebaschi/keylogger-detector/blob/main/src/whitelist.txt), with the safe kernel modules that you know you have on your system. In particular we highly suggest running ```lsmod > <path-to-kldetect>/whitelist.txt```, before inserting a kernel keylogger. This writes the modules currently inserted in the kernel to the whtielist. This way 'normal' modules that you already have installed on the 'clean' kernel will not accidentally be unloaded. Altough KLDetect should not unload any kernel modules currently used, better safe than sorry.
 
 # Developers
 Copyright © 2023[Michel Romancuk](https://github.com/SoulKindred), [Sebastian Lenzlinger](https://github.com/sebaschi)