This course has everything you need to master Windbg as well as, debugging and reverse engineering Windows OS using it
What you'll learn:
Advanced Windows Debugging
Windbg
Windows internals
Dump Analysis
Post-mortem debugging
Core dump analysis in windows
Debugging system crash
Debugging BSOD
Debugging process hang
Debebugging system hang
Reverse Engineering
Malware Analysis
Debugging Slow Systems
Debugging Slow Applications
Windows Usermode internals
Windows Kernel mode internals
Requirements C programming
1 to 2 year of IT experience on Windows
Description Have you ever felt your windows operating system is hung or becoming slow or having a BSOD? Or an application crash or application hang or slow on windows? Have you had to press the restart button of your PC or the windows server to get rid of the problem and had no clue when that issue will happen again? Or you're asked to analyse a memory dump of a compromised system for isolating a malware?. If that bothers you, this training is all about root causing and solving such complicated issues once and for all, among many other topics it covers.
Windbg is the single most powerful, debugging and reverse engineering tool in windows platform. Windbg is like an x-ray plus mri plus ct scan for programs running on windows operating system, including the operating system itself. It helps us to root cause complicated problems like we discussed in windows ( OS ) and programs running inside the operating system.
Just like the name implies this training has all the details which you need to master windbg. I have spent all my efforts to make sure this is the best and most complete windbg training available right now and I will keep adding topics to make sure that the statement is true in the future as well.
Targeted audience
Due to any reason, if you are trying to use or learn windbg, you already know what you're doing and there is no better place than this course. If you have been following my youtube series, this course is a complete super set of it. Being said that following are some of the categories of students to whom, I strongly recommend this course.
Support engineers
If you are a support engineer or Escalation Engineer who is supporting any product on windows, or Windows itself, I definitely recommend this course.
Malware analyst and cyber security professionals.
If you are into core cyber security especially on windows platform this tool should be definitely in your arsenal. When it comes to reverse engineering, I myself don't prefer to compare ida pro or any other similar tool with windbg but I always found windbg is one of the most, if not THE most powerful and productive tool when it comes to reverse engineering along with debugging.
Windows SysAdmins
Another main targeted set of audience is Windows administrators who always can take leverage from tools like this and know more about the product they are working with and troubleshoot problems they face at a totally different level.
C and C++ Programmers
Last and not least may be the most important category of students - advanced C and C ++ programmers which includes, driver developers, testers, software maintenance engineers and so on. Are you wondering why your application is crashing, hanging, slow or taking too much resources? That too happens once in a blue moon in production and you have no way to reproduce the issue in your dev environment. Are you asked to debug a problem in a code base you have no clue about? Or you just want to see exactly what that latest feature of cpp 20 is doing behind the scenes? This training is for you.
To summarise, this course is for anyone who wants to study windows internals and advanced production debugging on windows. Post this training you don't have to read every single windows internals and debugging books out there but you will debug whatever you want to know whatever you want to know, rather than reading some abstract result from some books.
Post this training you will not have to read and learn OS internals from any books but you will debug and understand it as and when you need it.
Course Structure
This course has 3 chapters
In Chapter 1 we discuss the necessary concepts to get us started and mostly focus on the commands of the debugger.
In Chapter 2 we apply what we have learned in Chapter 1 to different debugging scenarios, like crashes, hangs, slowness, leaks and more. We will be using test applications for this chapter and we will have source code of these test applications. First we will discuss User mode issues and then we will go into Kernel mode.
In chapter 3 we will use the knowledge gained in Chapter 1 and 2 to troubleshoot real production like or production issues. In this chapter we will discuss analysis of memory dumps which we don't have source code or any idea about. We will start with issues from sysinternals notmyfault and slowly get into true production debugging scenarios. I will keep adding lessons to this chapter if there is enough interest from students on this course. Students also can submit dumps to this chapter and they can get the dumps analyzed for free of cost and share the experience with others.
Please refer to the course content and free preview lesson for more details about the structure and content of the course.
Who this course is for
Anyone who want to learn advanced windows debugging and Reverse engineering with Windbg
Security Specialists
Reverse engineers
Malware analysts
Support engineers
Software developers
Software Sustenance Engineers
Windows Admins
Escalation Engineers