Skip to main content

Debuggers 3011: Advanced WinDbg


About This Course

This is it! This is the class that *actually* teaches you how to configure an advanced Windows kernel debugging environment. This class gives you all the steps to quickly and automatically build 2 VMs: a debugger VM and a target VM. You'll obtain an automated way to build an executable on a debugger VM and then automatically push that executable to a target VM so you can run it. The debugger VM is able to debug the kernel of the target VM using WinDbg as well as decompiled source code level debugging with IDA/Ghidra and ret-sync.

After this class, you'll have a very efficient way of debugging the Windows kernel.

Topics include:

• Preparing the 2 VMs (automation included)

• Configuring WinDbg

• Configuring Ghidra/IDA Pro

• Configuring ret-sync

• Configuring Visual Studio and SSH

At the end of the class, you'll be able to build a "hello world" on the debugger VM and debug its kernel side effects on the target VM.


You must have taken OST2 Architecture 1001, or have equivalent knowledge of assembly.

You must have taken OST2 Debuggers 1011: Introductory WinDbg and Debuggers 2011: Intermediate WinDbg, or have equivalent knowledge of WinDbg.

Frequently Asked Questions

What learning paths is this class used in?

Debugging, Reverse Engineering, Malware Analysis, Exploits

To be or not to be?

That is the question...

Course Staff

Cedric's Twitter Pic!

Cedric Halbronn

Cedric (@saidelike and @saidelike) specialises in vulnerability research and exploit development, and while at NCC Group working in the Exploit Development Group (EDG) has published some public research related to Cisco ASA, Windows kernel, NAS devices, printers, etc.