Udemy
    •  
    •  
    •  
    •  
    •  
    •  
    •  
    •  
Turn what you know into an opportunity and reach millions around the world.
Learn More
Your cart is empty.
Keep shopping
Windbg - A complete guide for Advanced Windows Debugging
Bestseller
Highest Rated
Rating: 4.7 out of 5(130 ratings)
1,460 students

Windbg - A complete guide for Advanced Windows Debugging

This course has everything you need to master Windbg as well as, debugging and reverse engineering Windows OS using it.
Created byAnand George
Last updated 6/2025
English

What you'll learn

  • Advanced Windows Debugging
  • Windbg
  • Windows internals
  • Dump Analysis
  • Post-mortem debugging
  • Core dump analysis in windows
  • Debugging system crash
  • Debugging BSOD
  • Debugging process hang
  • Debebugging system hang
  • Reverse Engineering
  • Malware Analysis
  • Debugging Slow Systems
  • Debugging Slow Applications
  • Windows Usermode internals
  • Windows Kernel mode internals

Course content

3 sections127 lectures26h 30m total length
  • Introduction8:21

    This lecture is a brief introduction to the course. In this lecture we will be discussing,

    · What is this course about?

    · Targeted audience

    · Structure of the course

  • Viewing Tips1:47

    In this lecture we will be discussing some viewing tips for the training.

  • Update3:18
  • Introduction to debugger9:43

    In this lecture we will be discussing,

    · The contents of each chapters in brief to give the overview of the entire course.

    · What is a debugger?

    · Different types of debuggers

    · Whiteboard to explain text editor, compiler, linker and debugger

    · What is Windbg?

  • Installation ofWindbg4:17

    In this lecture we will be discussing,

    · How to install Windbg?

    · Different versions of Windbg available.

  • Debugging a simple program16:33

    In this lecture we will be discussing about,

    · Different elements in Windbg UI

    · How to attach Windbg?

    · Different scenarios of debugging

  • Course Materials for Download0:10

    Hi

    All course materials current and future, will be available attached to this lecture,

    Let me know if I am missing anything which is discussed in the course and will add it.

    Mail me at sourcelens@gmail.com.

    Thank you,

    Anand

  • Concept of program execution5:18

    In this lecture we will seeing the demo of,

    · Attaching WinDbg to notepad

    · Observing the frozen and unfrozen state of the notepad

  • Memorydump4:54

    In this lecture we will be discussing about,

    · What is a dump?

    · What information a dump contains?

  • Debug symbols with demo6:52

    In this lecture we will be discussing,

    · Concept of symbol

    · Demo to understand symbols.

    · Whiteboard explaining symbols

  • Callstack, global and local variables8:02

    In this lecture we will be discussing about,

    · Call stack

    · Global variables

    · Local variables

  • Kernel, process, thread and stack5:32

    In this lecture we will discuss the concept of,

    · Kernel

    · Process

    · Thread

    · Whiteboard to explain the relation between the above entities

  • Some more concepts2:40

    In this lecture we will discussing about,

    · Types of dump-hang, crash, kernel/user dumps, Time Travel Tracing

  • Demo-how to take a dump3:50

    This lecture includes,

    · Demo to take a dump

    · How to open a dump in Windbg?

  • Debugger Commands2:24

    In this lecture we will be discussing,

    · Overview of debugger commands

    · Types of debugger commands- native, config and extension

  • Help command1:49

    In this lecture we will be discussing,

    · What is help command and how to use it?

  • Setting symbol path9:23

    In this lecture we will see a demo explaining,

    · How to set symbol path in Windbg?

  • Mismatched symbols, symnoisy and symquiet6:30

    In this lecture we will be discussing,

    · Mismatched symbols

    · Usage of the commands symnoisy and sympath

  • !analyze -v and stack commands10:16

    In this lecture we will be discussing the debugging command,

    · !analyze -v

  • Sympath command1:18

    In this lecture we will be seeing a demo on,

    · How to use .sympath command to set a symbol path?

  • Debugger Extensions9:55

    In this lecture we will be discussing about,

    · Debugger extensions

    · How to load and unload debugger extensions using son of strike (sos) .NET extension?

    · The commands discussed in this lecture are,

    I. .chain

    II. .extmatch

    III. dbghelp

    IV. .unload

    V. .load

    VI. l

    VII. lmvn

    VIII. !lmi

  • Native commands- x,ln6:15

    In this lecture we will be discussing the native commands,

    · x

    · ln

  • Native commands -r, k7:25

    In this lecture we will be discussing the native commands,

    · r

    · k (kvn, kf)

  • Native commands- e, u7:13

    In this lecture we will be discussing the native commands,

    · e (ea)

    · u (ub)

  • Native commands- dc4:47

    In this lecture we will be discussing the command,

    · dc (dv, dps)


  • dt command and recursive dumping6:57

    In this lecture we will be discussing the command,

    · dt

    · How to recursively dump using dt?

  • Doubly linked list12:13

    In this lecture we will be discussing,

    · How to dump a doubly linked list?

  • Real life application of doubly linked list6:55

    In this lecture we will doing a demo to see the practical application of dt command.

  • dv command5:51

    Here, we will be discussing the commands,

    · dv

    · .frame

  • 's' command3:37

    In this lecture we will be discussing the command,

    s-search memory

  • Live debugging commands – bp commands30:45

    In this lecture we will be discussing the commands,

    · bp

    · bm

    · bd

    · be

    · ba

    · bpcmds

    · bl

  • t,p, .logopen commands6:16

    In this lecture we will be discussing the commands,

    · t

    · p

    · wt

    · .logopen

    .logclose

  • wow64 Debugging4:31

    In this lecture we will be discussing about,

    * wow64 mode of debugging

  • Demo – debugging 32bit, 64 bit and wow64bit23:07

    In this lecture we will see the demo of,

    · 32bit application in 32bit debugger

    · 64bit application in 64bit debugger

    · 32bit application in 64bit debugger

    · .effmach command

    · Kernel mode debugging in wow64

  • Assembly Language 32bit- whiteboard6:13

    In this lecture we will be explaining 32bit stack frame with the help of whiteboard.

  • Assembly Language 32bit- demo33:30

    In this lecture we will be explaining 32bit assembly language instructions with the help of a demo.

  • Assembly language 64bit15:31

    In this lecture we will be explaining 64bit assembly language instructions with the help of a demo.

  • ChildEBP, retAddr, argstochild2:45

    In this lecture we will be discussing about,

    · ChildEBP

    · RetAddr

    · argstochild

  • Address Range3:57

    In this lecture we will be doing a demo showing different ways to give address range in commands.

  • Looping- foreach command20:26

    In this lecture we will be discussing about,

    · Different variants of foreach command

  • pipe, version, vertarget commands1:23

    In this lecture we will discussing the commands,

    · version

    · vertarget

    · pipe

  • Time Travel Tracing13:41

    In this lecture we will be discussing about,

    · Time Travel Tracing

    · Different commands related to time travel tracing

  • Conclusion of Chapter 11:03

    This lecture includes, the overview of what we have seen so far.

Requirements

  • C programming
  • 1 to 2 year of IT experience on Windows

Description

Have you ever felt your windows operating system is hung or becoming slow or having a BSOD? Or an application crash or application hang or slow on windows? Have you had to press the restart button of your PC or the windows server to get rid of the problem and had no clue when that issue will happen again? Or you're asked to analyse a memory dump of a compromised system for isolating a malware?. If that bothers you, this training is all about root causing and solving such complicated issues once and for all, among many other topics it covers.

Windbg is the single most powerful, debugging and reverse engineering tool in windows platform. Windbg is like an x-ray plus mri plus ct scan for programs running on windows operating system, including the operating system itself. It helps us to root cause complicated problems like we discussed in windows ( OS ) and programs running inside the operating system.

Just like the name implies this training has all the details which you need to master windbg. I have spent all my efforts to make sure this is the best and most complete windbg training available right now and I will keep adding topics to make sure that the statement is true in the future as well.


Targeted audience

Due to any reason, if you are trying to use or learn windbg, you already know what you're doing and there is no better place than this course. If you have been following my youtube series, this course is a complete super set of it. Being said that following are some of the categories of students to whom, I strongly recommend this course.

Support engineers

If you are a support engineer or Escalation Engineer who is supporting any product on windows, or Windows itself, I definitely recommend this course.

Malware analyst and cyber security professionals.

If you are into core cyber security especially on windows platform this tool should be definitely in your arsenal. When it comes to reverse engineering, I myself don't prefer to compare ida pro or any other similar tool with windbg but I always found windbg is one of the most, if not THE most powerful and productive tool when it comes to reverse engineering along with debugging.

Windows SysAdmins

Another main targeted set of audience is Windows administrators who always can take leverage from tools like this and know more about the product they are working with and troubleshoot problems they face at a totally different level.

C and C++ Programmers

Last and not least may be the most important category of students - advanced C and C ++ programmers which includes, driver developers, testers, software maintenance engineers and so on. Are you wondering why your application is crashing, hanging, slow or taking too much resources? That too happens once in a blue moon in production and you have no way to reproduce the issue in your dev environment. Are you asked to debug a problem in a code base you have no clue about? Or you just want to see exactly what that latest feature of cpp 20 is doing behind the scenes? This training is for you.


To summarise, this course is for anyone who wants to study windows internals and advanced production debugging on windows. Post this training you don't have to read every single windows internals and debugging books out there but you will debug whatever you want to know whatever you want to know, rather than reading some abstract result from some books.

Post this training you will not have to read and learn OS internals from any books but you will debug and understand it as and when you need it.


Course Structure

This course has 3 chapters

In Chapter 1 we discuss the necessary concepts to get us started and mostly focus on the commands of the debugger.

In Chapter 2 we apply what we have learned in Chapter 1 to different debugging scenarios, like crashes, hangs, slowness, leaks and more. We will be using test applications for this chapter and we will have source code of these test applications. First we will discuss User mode issues and then we will go into Kernel mode.

In chapter 3 we will use the knowledge gained in Chapter 1 and 2 to troubleshoot real production like or production issues. In this chapter we will discuss analysis of memory dumps which we don't have source code or any idea about. We will start with issues from sysinternals notmyfault and slowly get into true production debugging scenarios. I will keep adding lessons to this chapter if there is enough interest from students on this course. Students also can submit dumps to this chapter and they can get the dumps analyzed for free of cost and share the experience with others.


Please refer to the course content and free preview lesson for more details about the structure and content of the course.


Who this course is for:

  • Anyone who want to learn advanced windows debugging and Reverse engineering with Windbg
  • Security Specialists
  • Reverse engineers
  • Malware analysts
  • Support engineers
  • Software developers
  • Software Sustenance Engineers
  • Windows Admins
  • Escalation Engineers