Duration: 3 Days

This course provides an in-depth exploration of Windows debugging using WinDbg and associated tools. It is designed for advanced users and developers who seek to understand the intricacies of the Windows operating system, the CPU and memory management, and how to effectively use WinDbg to diagnose and solve complex problems. Through a combination of theory and practical exercises, participants will gain the skills necessary to debug both user-mode and kernel-mode issues, create custom debugging scripts, and extend WinDbg’s capabilities using the Debugger API.

Target Audience

This course is intended for software developers, system administrators, and IT professionals with a solid understanding of Windows internals and experience with debugging tools, who are looking to deepen their expertise in Windows debugging.

Course Outline

• WinDbg Primer
• CPU and Memory
• Core Components
• Debugger Data Model
• JavaScript
• Time Travel Debugging
• Debugger API

WinDbg Primer

Debugging, Kernel debugger for local and remote debugging, Symbol setup, Legacy commands and Extensions

CPU and Memory

Kernel debugger, Local and Remote Debugging, Address Space Layout, CPU Protection model, Hypervisor protection model

Core Components

Windows execution model, processes and threads, objects and handles, Windows security model

Debugger Data Model

WinDbg’s debugger data model and NatVis, debugger variables, synthetic methods, LINQ, debugger namespace, special debugger capabilities

JavaScript

Integration with WinDbg, Imperative and extension scripts

Time Travel Debugging

Process execution analysis, function calls and memory access

Debugger API

C++ extensions using the debugger engine and EngExtCpp