TBD
(when you register you get all viewing links and materials within 24 hours)
This comprehensive training includes more than 40 step-by-step exercises and covers more than 85 crash dump analysis patterns from x86 and x64 process, kernel, and complete (physical) memory dumps. Learn how to analyze application (native and .NET Core), service, and system crashes and freezes, navigate through memory dump space (managed and unmanaged code) and diagnose corruption, memory and handle leaks, CPU spikes, blocked threads, deadlocks, wait chains, resource contention, and much more with WinDbg debugger. The training uses a unique and innovative pattern-oriented analysis approach developed by Software Diagnostics Institute to speed up the learning curve, and it is based on the latest edition of Accelerated Windows Memory Dump Analysis and Accelerated .NET Core Memory Dump Analysis books. It uses the latest WinDbg Preview and is optionally containerized.
Outline slides
Slides from Days 1-3
Slides from Days 4-6
Slides from Days 7-8
Training outline:
- Session 1 (2 hours): Overview. Native process memory dump analysis.
- Session 2 (2 hours): Native process memory dump analysis.
- Session 3 (2 hours): Native process memory dump analysis.
- Session 4 (2 hours): .NET Core process memory dump analysis.
- Session 5 (2 hours): .NET Core process memory dump analysis.
- Session 6 (2 hours): Kernel memory dump analysis.
- Session 7 (2 hours): Complete (physical) memory dump analysis.
- Session 8 (2 hours): Additional Q&A and memory dump analysis if necessary.
After registration, you get:
- Practical Foundations of Windows Debugging, Disassembling, Reversing, Second Edition PDF book (+300 pages)
- The current PDF books (+900 pages)
- The training recording
- Access to Software Diagnostics Library with more than 380 cross-referenced patterns of memory dump analysis, their classification, and more than 70 case studies
After viewing all sessions, you also get:
- Personalized Certificate of Attendance with unique CID
- Optional Personalized Certificate of Completion with unique CID (after the tests)
Prerequisites: Basic Windows troubleshooting
Audience: Software technical support and escalation engineers, system administrators, security researchers, reverse engineers, malware and memory forensics analysts, software developers, and quality assurance engineers.
If you are interested in Linux memory dump analysis there is another training: Accelerated Linux Core Dump Analysis