Home    |    Instructor-led Training    |    Online Training     
         
 
Courses
ADA
Adobe
Agile
AJAX
Android
Apache
AutoCAD
Big Data
BlockChain
Business Analysis
Business Intelligence
Business Objects
Business Skills
C/C++/Go programming
Cisco
Citrix
Cloud Computing
COBOL
Cognos
ColdFusion
COM/COM+
CompTIA
CORBA
CRM
Crystal Reports
Data Science
Datawarehousing
DB2
Desktop Application Software
DevOps
DNS
Embedded Systems
Google Web Toolkit (GWT)
IPhone
ITIL
Java
JBoss
LDAP
Leadership Development
Lotus
Machine learning/AI
Macintosh
Mainframe programming
Mobile
MultiMedia and design
.NET
NetApp
Networking
New Manager Development
Object oriented analysis and design
OpenVMS
Oracle
Oracle VM
Perl
PHP
PostgreSQL
PowerBuilder
Professional Soft Skills Workshops
Project Management
Rational
Ruby
Sales Performance
SAP
SAS
Security
SharePoint
SOA
Software quality and tools
SQL Server
Sybase
Symantec
Telecommunications
Teradata
Tivoli
Tomcat
Unix/Linux/Solaris/AIX/
HP-UX
Unisys Mainframe
Visual Basic
Visual Foxpro
VMware
Web Development
WebLogic
WebSphere
Websphere MQ (MQSeries)
Windows programming
XML
XML Web Services
Other
Windows Debugging and Reversing
Overview

This course introduces attendees to debugging and reverse engineering using the Debugging Tools for Windows or WinDBG. Application developers, driver developers and security researchers will learn how to harness the power of WinDBG to debug applications and drivers as well as reverse engineer parts of the operating system.

Hands-on Labs

Every topic in the course is accompanied by hands-on labs that illustrate the most important commands of WinDBG and the scenarios under which they are used. These hands-on labs will also familiarize attendees with X86 and X64 assembler, PE files, call stacks and debugger scripts.

Prerequisites

Understanding of operating system concepts, working knowledge of Windows and familiarity with C/C++ is required. Knowledge of X86 or X64 assembler is NOT required.

The Windows Internal Architecture course provides most of the pre-requisite knowledge for this course.

Course duration

3 Days

Topics

Debugger and Symbols

This section introduces attendees to WinDBG and walks them through basic debugger operations. It covers the key concepts required to use the debugger effectively for both debugging and reverse engineering like symbols files, symbol server, private and public symbols, symbol file issues and how to troubleshoot and fix them. Different modes in which the debugger can be used like user mode debugging, kernel mode debugging, live debugging and memory dump debugging are discussed. An introduction to CPU registers, their usage and X86/X64 assembly language is also provided.

Data Structures

Being able to display data structures used in high level languages like C/C++ is a critical part of effective debugging. Examining these structures in WinDBG and identifying assembler code patterns that access these structures are discussed in this section. In addition techniques for examining arrays, structure, unions and linked-lists are covered.

PE Files

The structure of Portable Executable (PE) files is discussed along with techniques to navigate through PE files in WinDBG. Concepts such as PE File header, sections, function patching, disassembling functions, examining assembler code, import and export tables, exception tables, packed sections, PE file checksums and memory carving are covered.

Call Stacks

The capability of displaying call stacks is one of the core pieces of debugging functionality offered by WinDBG. This section discusses call stacks on X86 and X64 platforms along with techniques for navigating the stack, retrieving parameters and local variables from the stack and manual stack reconstruction. Concepts related to call stacks such as non-volatile registers, function prolog/epilog, frame pointer omission, exception handling differences on 32 and 64 bit platforms are covered.

Automation

Debugger extensions and debugger scripting are some of the ways of automating debugging and reverse engineering tasks. This section discusses debugger scripting and related topics like scripting language, control flow tokens, operators, pseudo registers, aliases, string operators, expression parsers, built-in iterators etc. and how to use them for automation.

Live Debugging

In this section attendees learn about using the debugger for live debugging and the support provided by the Windows operating system for various live debugging scenarios. Topics like invasive and non-invasive debugging, side effects of debugging, auto-attaching debuggers to processes, just-in-time debugging, techniques for setting breakpoints, conditional breakpoints, process and thread specific breakpoints etc. are discussed.

Please contact your training representative for more details on having this course delivered onsite or online

Training Outlines - the one stop shopping center for IT training.
© Training Outlines All rights reserved