WINDOWS DEBUGGING ESSENTIAL

Student Pre-requisite

Software Requirement

Hardware Requirement

Laptop Computer

Course Outline

Debugging Fundamentals

  • Introduction and Overview
  • Debugging Tools for Windows Overview
  • Immunity debugger
  • Pythons scripts for Immunity debugger
  • Demo: Installing Debugging Tools for Windows
  • Running the debuggers
  • Demo: Running the debuggers
  • Symbols
  • Demo: Configuring symbols
  • Exploratory debugger commands
  • Demo: Peeking into notepad
  • Postmortem debugging
  • Demo: AD Plus crash dump generation
  • Using debugger to crack applications
  • Demo CrackME
  • Summary
Debugging Advanced
  • Writing scripts for WinDbg
  • Writing plug-in for WinDbg
  • Crash Dump analysis
  • Kernel Debugging
  • Summary
Heap Corruptions
  • Introduction and Overview
  • Common misconceptions and symptoms
  • Windows Memory Architecture overview
  • Windows Heap Manager Overview
  • Heap Segments
  • Heap Blocks
  • Heap Coalescing
  • Low Fragmentation Heap
  • Tools for debugging heap corruptions
  • Demo: Debugging a heap corruption manually
  • Demo: Debugging a heap corruption using light page heap
  • Demo: Debugging a heap corruption using full page heap
Resource Leaks
  • Introduction and Overview
  • Introduction and Overview
  • Misconceptions and symptom
  • Handle Overview
  • Tools for debugging handle leaks
  • Demo: Debugging a sporadic handle leak
  • Windows Heap Manager Overview
  • Tools for debugging heap leaks
  • Demo: Sporadic Memory leak
  • Preemptive Strategies
  • Summary

About Instructor

Moti Joseph has been involved in computer security since 2000. He has been working on reverse engineering exploit code and developing security products for CheckPoint and WebSense Secuirty Labs and currenlty for COSEINC and spoken in different conferences including

  • (*) at Blackhat USA Las Vegas 2007
  • (*) at Shanghai Jiao Tong University 2010
  • (*) at SysCan2010 Taiwan, Taipei
  • (*) at CONF2010 Poland, Karkow
  • (*) at CONF2009 Poland, Warsaw
  • (*) at ShakaCon 2009 USA
  • (*) at POC 2009 South Korea and 2010 Seoul