Course Description
Duration: 3 Days
This course provides an in-depth exploration of Windows debugging using WinDbg and associated tools. It is designed for advanced users and developers who seek to understand the intricacies of the Windows operating system, the CPU and memory management, and how to effectively use WinDbg to diagnose and solve complex problems. Through a combination of theory and practical exercises, participants will gain the skills necessary to debug both user-mode and kernel-mode issues, create custom debugging scripts, and extend WinDbg’s capabilities using the Debugger API.
Target Audience
This course is intended for software developers, system administrators, and IT professionals with a solid understanding of Windows internals and experience with debugging tools, who are looking to deepen their expertise in Windows debugging.
Course Outline
- WinDbg Primer
- CPU and Memory
- Core Components
- Debugger Data Model
- JavaScript
- Time Travel Debugging
- Debugger API
WinDbg Primer
Debugging, Kernel debugger for local and remote debugging, Symbol setup, Legacy commands and Extensions
CPU and Memory
Kernel debugger, Local and Remote Debugging, Address Space Layout, CPU Protection model, Hypervisor protection model
Core Components
Windows execution model, processes and threads, objects and handles, Windows security model
Debugger Data Model
WinDbg’s debugger data model and NatVis, debugger variables, synthetic methods, LINQ, debugger namespace, special debugger capabilities
JavaScript
Integration with WinDbg, Imperative and extension scripts
Time Travel Debugging
Process execution analysis, function calls and memory access
Debugger API
C++ extensions using the debugger engine and EngExtCpp