Course Description
This course offers an in-depth exploration of Windows operating system internals, focusing on advanced debugging techniques, system architecture, memory management, and security features. Designed for professionals and advanced learners with a solid foundation in operating systems and programming, the course will provide practical insights into the complexities of Windows’ core components and how they interact to ensure system stability, performance, and security.
Course Format: 10 days or 5 days if you’ve taken the security class with us or have prior knowledge
Target Audience
This course is intended for software developers, system administrators, security professionals, and advanced learners who seek to deepen their understanding of Windows internals and improve their debugging and system analysis skills.
Course Outline
- WinDBG Scripting & NatVis
- Hidden Processes
- Registry Carving
- Shared Memory Forensics
- Cached File Forensics
WinDbg Primer
Debugging, Kernel debugger for local and remote debugging, Symbol setup, Legacy commands and Extensions
Debugger Data Model and LINQ
WinDbg’s debugger data model and NatVis, debugger variables, synthetic methods, LINQ, debugger namespace, special debugger capabilities
JavaScript
Integration with WinDbg, Imperative and extension scripts