The course is designed for experienced Windows developers and security researchers who want to deepen their understanding of kernel-level programming.
This course is suitable for those who have completed “Windows Kernel Programming 1” and “Windows Kernel Programming 2.” It assumes prior experience in Windows driver development, familiarity with Windows internals, and a basic understanding of kernel debugging tools.
25+ years as Software developer, trainer, consultant, author, and speaker. Co-author of “Windows Internals”. Author of “Windows Kernel Programming”, “Windows 10 System Programming, as well as System and kernel programming courses on PentesterAcademy, and “Windows Internals” series of courses on PluralSight.
Contact us to receive more affordable personal pricing.
This section provides a deep dive into the core principles of system architecture, focusing on how modern operating systems interact with hardware and manage system resources. It covers essential topics such as system calls, memory management, kernel functions, and object handling, forming a solid foundation for advanced kernel programming. Students will gain both theoretical knowledge and practical insights into designing, debugging, and optimizing kernel-level code.
This section introduces core programming techniques used in kernel development, including memory management, object structures, and kernel data structures. These topics are crucial for writing efficient and secure kernel-mode code, as well as for understanding how the Windows kernel manages resources.
This section focuses on debugging techniques, trace logging, and diagnostic tools used in kernel development. Effective debugging is critical for kernel developers, as errors in kernel-mode code can lead to system crashes and security vulnerabilities.
Synchronization is one of the most critical aspects of kernel programming. Since kernel-mode code often runs in a multi-threaded environment and interacts with hardware, proper synchronization ensures that race conditions, deadlocks, and inconsistent data states do not occur. This section covers the various synchronization mechanisms available in the Windows kernel, such as mutexes, spin locks, semaphores, and asynchronous procedure calls (APCs). Understanding these techniques is crucial for students developing device drivers, file system filters, and other kernel components that require safe concurrent execution.
Minifilter drivers are a fundamental part of the Windows kernel, allowing developers to intercept and modify file system operations without directly modifying the file system driver itself. They are widely used for security applications (e.g., antivirus software), data monitoring, and custom file system behavior implementations. This section covers how minifilter drivers work, how they interact with file system I/O, and best practices for writing efficient and stable minifilter drivers. Mastering these concepts is essential for students interested in kernel-level file system development and security applications.
The Windows Filtering Platform (WFP) is a powerful framework that allows kernel-mode and user-mode applications to interact with the network stack, enabling advanced packet filtering, traffic inspection, and firewall functionality. This section introduces students to WFP concepts, the API, and practical applications in networking security and custom firewall development.
This section covers advanced topics in driver development, focusing on debugging techniques, Plug and Play (PnP) drivers, and filter drivers. Understanding these topics is crucial for developing stable, efficient, and reliable drivers that interact with the Windows operating system. The lessons in this section will help students navigate common pitfalls, troubleshoot driver issues, and implement drivers that work seamlessly with the Windows kernel.
This section focuses on the Kernel Mode Driver Framework (KMDF), which simplifies driver development by providing a structured framework for handling common driver tasks. KMDF abstracts much of the complexity involved in writing Windows drivers, making it easier to develop stable, maintainable, and efficient drivers. This section covers the fundamentals of KMDF, including driver initialization, request handling, and debugging techniques.
25+ years as Software developer, trainer, consultant, author, and speaker. Co-author of “Windows Internals”. Author of “Windows Kernel Programming”, “Windows 10 System Programming, as well as System and kernel programming courses on PentesterAcademy, and “Windows Internals” series of courses on PluralSight.
The course provides the foundations for the most common software device drivers that are useful not just in cyber security, but also other scenarios, where monitoring and sometimes prevention of operations is required.
@2025 TrainSec. All rights reserved. Terms of Use | Privacy Policy