Home    |    Instructor-led Training    |    Online Training     
         
 
Courses
ADA
Adobe
Agile
AJAX
Android
Apache
AutoCAD
Big Data
BlockChain
Business Analysis
Business Intelligence
Business Objects
Business Skills
C/C++/Go programming
Cisco
Citrix
Cloud Computing
COBOL
Cognos
ColdFusion
COM/COM+
CompTIA
CORBA
CRM
Crystal Reports
Data Science
Datawarehousing
DB2
Desktop Application Software
DevOps
DNS
Embedded Systems
Google Web Toolkit (GWT)
IPhone
ITIL
Java
JBoss
LDAP
Leadership Development
Lotus
Machine learning/AI
Macintosh
Mainframe programming
Mobile
MultiMedia and design
.NET
NetApp
Networking
New Manager Development
Object oriented analysis and design
OpenVMS
Oracle
Oracle VM
Perl
PHP
PostgreSQL
PowerBuilder
Professional Soft Skills Workshops
Project Management
Rational
Ruby
Sales Performance
SAP
SAS
Security
SharePoint
SOA
Software quality and tools
SQL Server
Sybase
Symantec
Telecommunications
Teradata
Tivoli
Tomcat
Unix/Linux/Solaris/AIX/
HP-UX
Unisys Mainframe
Visual Basic
Visual Foxpro
VMware
Web Development
WebLogic
WebSphere
Websphere MQ (MQSeries)
Windows programming
XML
XML Web Services
Other
Windows Kernel Programming
Overview

This course focuses on Windows kernel interfaces and their usage in developing kernel mode modules. Kernel software developers, anti-malware developers, malware analysts and security researchers will learn about the Windows kernel programming environment, the various kernel APIs (WDK APIs) along with the merits and pitfalls of each one of them. This course does NOT cover development of drivers for hardware devices like PCI and USB.

Hands-on Labs

Every topic in the course is accompanied by hands-on labs that involve writing kernel mode code as well as walking through instructor provided source code to understand the programming model, the APIs and their use cases.

Prerequisites

This is an intermediate level course and requires attendees to be fluent in C/C++ programming. In addition, attendees are expected to have good working knowledge of the windows kernel.

The Windows Kernel Internals courses provide the pre-requisite windows kernel knowledge for this course.

Course duration

3 Days

Topics

Driver Development Workflow

The first step in driver development is to get familiar with the tool chain. This section covers the Windows Driver Kit, the Debugging Tools for Windows for kernel debugging and driver quality tools like Code Analysis and Driver Verifier. Attendees will configure a Virtual Machine as a kernel debug target to test the drivers developed during the course.

Kernel Programming Basics

The kernel mode programming environment is different from application development in many respects including memory allocation, string handling, object lifetime management, linked list manipulation, compiler pragmas etc. This section covers the basics of kernel mode software development including usage of tools like kernel mode debugger, driver verifier etc. Attendees will apply the concepts learnt in this section to the rest of the topics in this course.

Synchronization

Due the reentrant nature of the kernel, proper synchronization in drivers is critical. This section talks about IRQL and its relationship to synchronization. The entire arsenal of synchronization primitives provided by the kernel consisting of events, mutexes, fast mutexes, guarded mutexes, ERSOURCEs, interlocked operations and spin locks are covered along with their respective usage scenarios.

Execution Contexts

The windows kernel provides interfaces for drivers to execute functions in different thread contexts like calling thread context, arbitrary thread context, system thread context, targeted thread context. This section discusses the differences between the various execution contexts, their use cases and then delves into the implementation details like dispatch entry points, deferred procedure calls (DPCs), timers, asynchronous procedure calls (APC), work items and system threads.

Filter Drivers

The most common method of intercepting I/O operations in the system are IRP based filter drivers which can be used to filter keyboard, mouse, disk I/O, USB devices etc. Filter driver concepts like attaching to devices, pre-filtering, post-filtering, request forwarding, I/O completion, data access, filter and control device objects are discussed.

Advanced Topics

Attendees put together the concepts covered in previous sections and apply them to implement common tasks required in kernel drivers like locking memory, mapping memory, application to driver communication, rundown protection and building custom I/O requests etc.

Please contact your training representative for more details on having this course delivered onsite or online

Training Outlines - the one stop shopping center for IT training.
© Training Outlines All rights reserved