Introduction to the Course
FREE PREVIEWIntroduction to Debugger
FREE PREVIEWInstallation of Windbg
FREE PREVIEWDebugging a Simple Program
FREE PREVIEWCourse Materials to Download
Concept of Program Execution
FREE PREVIEWMemorydump
FREE PREVIEWDebug symbols with Demo
FREE PREVIEWCallStack, Global and Local Variables
FREE PREVIEWKernel, process, thread and stack
FREE PREVIEWSome more concepts
Demo - How to take a dump
Debugger Commands
Help Command
Setting symbol path
Mismatched symbols, symnoisy and symquite
!analyze-v and stack commands
Sympathcommand
Debugger Extensions
Native commands - x,ln
Native commands - r,k
Nativecommands - e,u
Nativecommands - dc
dt command and recursive dumping
Double linked list
Real life application of doubly linked list
dv command
's' command
Live debugging commands - bpcommands
t,p, .logopen.etc
wow64 Debugging
Demo - Debugging32bit, 64bit, wow64
Assembly Language 32bit - whiteboard
Assembly Language 32bit - demo
Assembly Language 64bit
ChildEBP, retAddr, argstochild
Address Range
Looping - foreach command
pipe, version, vertarget
Time travel tracing
Conclusion of chapter1
Introduction to chapter 2
FREE PREVIEWUser mode internals - address Translation
FREE PREVIEWObjects and handles
User mode - Memory management
User mode - Process and Threads
Data structures, Win32 API and systemcalls
Portable Executable
User mode - Simple crash
Dump collection using Procdump by sysinternals
Internals of Access Violation
Types of Exception
Usermode Memory Corruption - Heap Corruption
Demo - Heap Corruption
Double Free
User Mode - Stack Corruption
Stack Overflow
Examining Normal dumps
User Mode Hang
Concepts related to hang
Demo - Hang slow application
Critical session deadlock
Dump collection - procdump and task manager
Loader Lock
Mutex deadlock
Slow Application- High CPU
User Mode - Leaks
Slow application- UMDH
Large allocation inside nt heap and Thread Leak
Handle Leak and htrace command
Leak Analysis - The Generic Way
Handle object leaks - GDI handle
Handle object leaks - virtual alloc
C++ Runtime, new and delete
Template functions and function overloading
Security Implications of allowing someone to debug a process
FREE PREVIEWKernel Mode - Basics
FREE PREVIEWDemo - full memory dump kernel mode
Analyzing the Full memory dump
Kernel Mode Internals Part 1
FREE PREVIEWKernel Mode Internals Part 2
FREE PREVIEWOperating system scheduler/dispatcher
Memory management
ALPC and implementation of some API's
Debugging Windows logon UI
FREE PREVIEWSample application Kernel Mode
FREE PREVIEWKernel Mode- Simple Crash
Stack overflow- kernel mode
Stack corruption- kernel mode
Pool Corruption
Bugcheck codes
Why Kernel mode Crashes are Complicated than User mode?
Operating system Hangs
Spinlock Deadlock
High CPU- Kernel mode
Pool Leak
Eresource deadlock
Waiting for IRP
Thread leak and process leak
Kernel mode myths
Demo- Suspend process LSAS
Suspend process CSRSS
SVC host hang
Suspending Winlogon and chapter 2 conclusion
Introduction to chapter-3
FREE PREVIEWNotmyfault - High IRQL kernel mode - 32 bit
Buffer Overflow and code override - 32 bit
Stack Trash - 32 bit
High IRQL- User Mode 32 bit
Stack Overflow - 32 bit
Hard Coded Breakpoint - 32 bit
Double Free - 32 bit
IRP Hang - 32 bit
DPC Hang - 32 bit
Deadlock - 32 bit
Paged pool Leak - 32 bit
High IRQL(km) - 64 bit
Buffer Overflow-64 bit
Code Overwrite and Stack Corruption - 64 bit
High IRQL(um) and Stack Overflow- 64 bit
Hard Coded Breakpoint and Double Free - 64 bit
Hang - 64 bit
Leak Non-Paged Pool - 64 bit
Waiting on NDA
Conclusion of course
FREE PREVIEW