Windows Kernel Programming Advanced Course Trainsec.png
$270 or 3 × $95

Advanced Windows Kernel Programming

The course is designed for experienced Windows developers and security researchers who want to deepen their understanding of kernel-level programming.

This course is suitable for those who have completed “Windows Kernel Programming 1” and “Windows Kernel Programming 2.” It assumes prior experience in Windows driver development, familiarity with Windows internals, and a basic understanding of kernel debugging tools.

85 Lessons | Community Access

$270

or $95 x 3 installments
  • Full Lifetime Access
  • 30 Day Money-Back Guarantee
  • Installments available
  • Online community
Buy Now
blue depth
Pavel Yosifovich

Pavel Yosifovich

Developer, trainer, author and (sometimes) speaker. Founder of TrainSec academy.

@zodiacon

25+ years as Software developer, trainer, consultant, author, and speaker. Co-author of “Windows Internals”. Author of “Windows Kernel Programming”, “Windows 10 System Programming, as well as System and kernel programming courses on PentesterAcademy, and “Windows Internals” series of courses on PluralSight.

Books and publications

Pavel’s GIT

Pavel Yosifovich
Twitter Linkedin Youtube Github
Pavel's Courses

Are you a freelancer or an individual student?

Contact us to receive more affordable personal pricing.

Apply for a discount

Advanced Windows Kernel Programming Course Contents

Chapters included in this course

Introduction

  • 00-Introduction.mp4 • 24 mins • 118 MB
  • AdvancedKernelProgrammingLabs.pdf • 237 KB
  • Advanced Windows Kernel Programming.pdf • 3.77 MB
  • Labs.zip • 282 KB
  • Demos.zip • 5.07 MB

1: Kernel and System Design

This section provides a deep dive into the core principles of system architecture, focusing on how modern operating systems interact with hardware and manage system resources. It covers essential topics such as system calls, memory management, kernel functions, and object handling, forming a solid foundation for advanced kernel programming. Students will gain both theoretical knowledge and practical insights into designing, debugging, and optimizing kernel-level code.

2: Programming Techniques

This section introduces core programming techniques used in kernel development, including memory management, object structures, and kernel data structures. These topics are crucial for writing efficient and secure kernel-mode code, as well as for understanding how the Windows kernel manages resources.

  • 02-01-Programming Techniques Intro-1.mp4 • 8 mins • 48.8 MB
  • 02-02-Strings.mp4 • 6 mins • 40 MB
  • 02-03-Dynamic Memory.mp4 • 33 mins • 306 MB
  • 02-04-Move Semantics.mp4 • 4 mins • 29.9 MB
  • 02-05-Lookaside Lists.mp4 • 10 mins • 72.5 MB
  • 02-06-Linked Lists.mp4 • 14 mins • 86.3 MB
  • 02-07-Object Attributes.mp4 • 13 mins • 103 MB
  • 02-08-Permanent Objects.mp4 • 4 mins • 35.9 MB
  • 02-09-Tables.mp4 • 22 mins • 127 MB
  • 02-10-Callback Objects.mp4 • 20 mins • 151 MB
  • 02-11-Process Attaching.mp4 • 9 mins • 65.4 MB
  • 02-12-Labs Description.mp4 • 6 mins • 52 MB
  • 02-13-Solutions Walkthrough Part 1.mp4 • 1h 09m 15s • 293 MB
  • 02-14-Solutions Walkthrough Part 2-1.mp4 • 58 mins • 637 MB

3: Tracing and Debugging

This section focuses on debugging techniques, trace logging, and diagnostic tools used in kernel development. Effective debugging is critical for kernel developers, as errors in kernel-mode code can lead to system crashes and security vulnerabilities.

  • 03-01-DbgPrint(Ex).mp4 • 17 mins • 145 MB
  • 03-02-Trace Logging.mp4 • 4 mins • 26.2 MB
  • 03-03-Trace Logging (cont.).mp4 • 24 mins • 261 MB
  • 03-04-Debugging.mp4 • 26 mins • 273 MB

4: Synchronization

Synchronization is one of the most critical aspects of kernel programming. Since kernel-mode code often runs in a multi-threaded environment and interacts with hardware, proper synchronization ensures that race conditions, deadlocks, and inconsistent data states do not occur. This section covers the various synchronization mechanisms available in the Windows kernel, such as mutexes, spin locks, semaphores, and asynchronous procedure calls (APCs). Understanding these techniques is crucial for students developing device drivers, file system filters, and other kernel components that require safe concurrent execution.

  • 04-01-Synchronization Basics.mp4 • 25 mins • 183 MB
  • 04-02-Mutexes.mp4 • 36 mins • 238 MB
  • 04-03-APCs (Asynchronous Procedure Calls).mp4 • 31 mins • 221 MB
  • 04-04-Fast Mutex.mp4 • 5 mins • 35.5 MB
  • 04-05-Semaphores.mp4 • 9 mins • 50.8 MB
  • 04-06-Events.mp4 • 19 mins • 158 MB
  • 04-07-IRQL (Interrupt Request Level) Recap.mp4 • 22 mins • 53.4 MB
  • 04-08-High IRQL Synchronization.mp4 • 20 mins • 53.3 MB
  • 04-09-Spin Locks.mp4 • 13 mins • 32.8 MB
  • 04-10-Lab Intro.mp4 • 7 mins • 28.4 MB
  • 04-11-Labs Walkthrough.mp4 • 35 mins • 121 MB
  • 04-12-APC Lab Walkthorugh.mp4 • 43 mins • 192 MB

5: File System Mini-Filters

Minifilter drivers are a fundamental part of the Windows kernel, allowing developers to intercept and modify file system operations without directly modifying the file system driver itself. They are widely used for security applications (e.g., antivirus software), data monitoring, and custom file system behavior implementations. This section covers how minifilter drivers work, how they interact with file system I/O, and best practices for writing efficient and stable minifilter drivers. Mastering these concepts is essential for students interested in kernel-level file system development and security applications.

  • 05-01-Minifilter Architecture.mp4 • 7 mins • 19.2 MB
  • 05-02-Loading and Unloading.mp4 • 7 mins • 18.8 MB
  • 05-03-Minifilter Registration and Initialization.mp4 • 27 mins • 93.1 MB
  • 05-04-Processing Operations.mp4 • 13 mins • 45.9 MB
  • 05-05-Operations and Parameters.mp4 • 41 mins • 162 MB
  • 05-06-File and Directory Information.mp4 • 9 mins • 38.5 MB
  • 05-07-File Names.mp4 • 16 mins • 56.5 MB
  • 05-08-Contexts.mp4 • 14 mins • 42.8 MB
  • 05-09-Accessing Data.mp4 • 16 mins • 50.6 MB
  • 05-10-User Kernel Communication.mp4 • 25 mins • 82 MB
  • 05-11-Labs.mp4 • 1h 08m 33s • 349 MB
  • 05-12-Labs Walkthrough.mp4 • 16 mins • 70.8 MB

6: Windows Filtering Platform

The Windows Filtering Platform (WFP) is a powerful framework that allows kernel-mode and user-mode applications to interact with the network stack, enabling advanced packet filtering, traffic inspection, and firewall functionality. This section introduces students to WFP concepts, the API, and practical applications in networking security and custom firewall development.

  • 06-01-WFP Architecture.mp4 • 16 mins • 40.2 MB Preview
  • 06-02-WFP Objects and Properties.mp4 • 26 mins • 161 MB
  • 06-03-WFP API.mp4 • 38 mins • 133 MB
  • 06-04-Callouts.mp4 • 22 mins • 68.1 MB
  • 06-05-Actions.mp4 • 7 mins • 21.5 MB
  • 06-06-Lab WFP API.mp4 • 54 mins • 277 MB
  • 06-07-Lab Callouts.mp4 • 1h 06m 10s • 275 MB
  • 06-08-More WFP.mp4 • 15 mins • 68.1 MB
  • 06-09-More on Filter Arbitration.mp4 • 12 mins • 37.6 MB

7: Miscellaneous Topics

This section covers advanced topics in driver development, focusing on debugging techniques, Plug and Play (PnP) drivers, and filter drivers. Understanding these topics is crucial for developing stable, efficient, and reliable drivers that interact with the Windows operating system. The lessons in this section will help students navigate common pitfalls, troubleshoot driver issues, and implement drivers that work seamlessly with the Windows kernel.

  • 07-01-Securing Device Objects.mp4 • 11 mins • 35 MB
  • 07-02-Plug & Play.mp4 • 14 mins • 35.6 MB
  • 07-03-Plug & Play Drivers.mp4 • 31 mins • 97 MB
  • 07-04-IRP Flow.mp4 • 16 mins • 33.5 MB
  • 07-05-Filter Drivers.mp4 • 56 mins • 158 MB
  • 07-06-Completion Routines.mp4 • 15 mins • 48.5 MB
  • 07-07-Lab Walkthrough - Beep Filter.mp4 • 34 mins • 128 MB

8: Introduction to KMDF

This section focuses on the Kernel Mode Driver Framework (KMDF), which simplifies driver development by providing a structured framework for handling common driver tasks. KMDF abstracts much of the complexity involved in writing Windows drivers, making it easier to develop stable, maintainable, and efficient drivers. This section covers the fundamentals of KMDF, including driver initialization, request handling, and debugging techniques.

  • 08-01-What is KMDF.mp4 • 23 mins • 65.5 MB
  • 08-02-KMDF Object Model.mp4 • 17 mins • 54 MB
  • 08-03-DriverEntry.mp4 • 14 mins • 40.1 MB
  • 08-04-Creating a Device.mp4 • 11 mins • 36.4 MB
  • 08-05-Handling Requests.mp4 • 19 mins • 63.6 MB
  • 08-06-Booster Sample - DriverEntry.mp4 • 11 mins • 28.6 MB
  • 08-07-Booster Sample - Adding Device.mp4 • 4 mins • 11.4 MB
  • 08-08-Booster Sample - Device Control.mp4 •6 mins • 17.4 MB
  • 08-09-Booster Sample - Booster Client.mp4 • 15 mins • 45.3 MB
  • 08-10-KMDF Debugging.mp4 •8 mins • 28.9 MB
  • 08-11-Driver Installation.mp4 • 44 mins • 171 MB
Pavel Yosifovich

Pavel Yosifovich

Developer, trainer, author and (sometimes) speaker. Founder of TrainSec academy.

@zodiacon

25+ years as Software developer, trainer, consultant, author, and speaker. Co-author of “Windows Internals”. Author of “Windows Kernel Programming”, “Windows 10 System Programming, as well as System and kernel programming courses on PentesterAcademy, and “Windows Internals” series of courses on PluralSight.

Books and publications

Pavel’s GIT

Pavel Yosifovich
Twitter Linkedin Youtube Github
Pavel's Courses
Windows Kernel Programming Advanced Course Trainsec.png

Advanced Windows Kernel Programming

$270 or 3 × $95

The course provides the foundations for the most common software device drivers that are useful not just in cyber security, but also other scenarios, where monitoring and sometimes prevention of operations is required.

Buy Now

Useful Resources

Pavel’s GitHub
Pavel’s Books
Uriel’s GitHub
Antivirus Bypass Techniques Book

Learning Paths

Windows Master Developer
Windows Internals Master
Windows Security Researcher
Hardware Hacking Expert

Let's Connect

Contact Us
Join our Discord community

@2025 TrainSec. All rights reserved. Terms of Use | Privacy Policy