Course Descriptions

Azius Developer Training offers seminars in five major areas of Windows technology: Windows operating system internals, troubleshooting and debugging, device drivers, Windows security, and Windows source code.

Click on a course ID below for a complete course description and topic outline.

To learn about arranging any of these seminars for on-site (private) delivery, please click the “Private Seminars” button in the left navbar. The “Public Seminars” page gives our schedule of public (open-enrollment) offerings.

Windows Internals & Performance

Windows is a complex operating system. To most effectively use it, develop for it, or support it, every Windows professional can benefit from knowledge of 1) how the system works inside, and 2) how to use the available tools to see how it's working and to troubleshoot it. Our focus in our Windows Internals seminars is not just on what the components of Windows are and what they do, but on how you can use that information to be a better developer, system administrator, driver developer, or even platform builder. Various Windows built-in tools, the SysInternals tools, the Windows Performance Toolkit, and the kernel debugger are used to help understand and analyze the system. In short, our Windows Internals seminars are the closest you can get to the operating system without source. (If you do have source access, we can present any of these in a "with source" form.) Why so many different "Windows Internals" seminars? Click here.

ID Title Level, etc Summary
INT150 Windows Internals EssentialsBasic
2 days lecture only
A two-day "short course" covering the most important aspects of how Windows works.
INT201 Core Windows InternalsIntermediate
3 days with labs

Presents the most important aspects of the internal design and implementation of the Windows operating system in a three-day lecture+demo/hands-on format. 

 
INT235 Windows Internals and Performance Toolkit WorkshopIntermediate
5 days with labs

This seminar combines our Core Windows Internals seminar with in-depth coverage of the Windows Performance Toolkit, with extensive hands-on labs.

The Performance Toolkit is invaluable for nearly all Windows professionals, but requires in-depth knowledge of the operating system to use effectively. We use a tightly integrated approach to present Windows internals theory and then put the theory to immediate use in analyzing realistic scenarios and problems. 

INT250 Windows Internals WorkshopIntermediate
5 days with labs

Our "flagship" Windows Internals seminar, covering more topics in more detail and with more hands-on time.

INT410 Windows Memory Management InternalsAdvanced
4 days with labs
This seminar provides a intensive, detailed study of the memory manager of current Windows operating systems.

Windows Troubleshooting and Debugging

In these seminars you will learn to apply the principles of operating system internals to general system troubleshooting, performance optimization, memory dump (blue screen) analysis, and live debugging.

ID Title Level, etc Summary
CMB221 Windows Internals, Troubleshooting, and Memory Dump AnalysisIntermediate
5 days with labs
4 days lecture only

Learn how current Windows operating systems are designed and implemented, and immediately apply that knowledge to isolate the causes of system and application failures and performance problems. 

DBG150 DBG150 (placeholder)Basic
1 day lecture only

(placeholder)

DBG211 Windows Debugging and Performance AnalysisIntermediate
3 days with labs
2 days lecture only

This seminar teaches you how to use the Windows debugging tools, Performance utility, Performance Toolkit, event logs, and other tools. These will be used to diagnose performance problems and resource issues, to isolate the causes of operating system failures and system hangs, and to debug application failures. 

DBG211-1 Windows Debugging and Troubleshooting EssentialsIntermediate
1 day lecture only

This seminar provides a fast but comprehensive introduction to the use of the Windows Debugging Tools, Windows Performance Toolkit, and other tools for "live" kernel mode debugging, memory dump analysis. and performance analysis. 

DBG274 Windows Driver Debugging and Crash Dump Analysis for Itanium SystemsAdvanced
1 day with labs

This seminar provides a fast introduction to kernel mode debugging and memory dump analysis on Itanium platforms.

DBG311 Windows Itanium Architecture and DebuggingAdvanced
4 days with labs
2 days lecture only

An extensive, in-depth tutorial on the use of the Microsoft Windows Debugging Tools on Itanium platforms.

DBG320 Mastering Windows DebuggingAdvanced
5 days with labs

 NEW!  Go beyond the basics of debugging with this intensive seminar. 

Seminars for Application Developers

These seminars are for developers who need to know how to best use Windows' technologies in their applications.

ID Title Level, etc Summary
APP210 Windows Application Development: An Internals ApproachIntermediate
3 days with labs

For programmers new to Windows and Win32 programming, this seminar provides an introduction to the idioms of Windows and an orientation to APIs and mechanisms commonly used in "systems level" programs.

IOT210 Getting started with IoT: Windows and Raspberry PiIntermediate
2 days with labs

Get started with IoT on Windows with the Raspberry Pi in this fast-paced seminar! 

OFF201 Microsoft Office Open XML File FormatsIntermediate
3 days with labs
2 days lecture only

This seminar covers the Office Open XML (OOXML) file formats used by current versions of Microsoft Office. 

Windows Device Driver Development

We've been writing drivers for Windows since the beta releases of Windows NT 3.1! We offer seminars on a wider variety of driver models than anyone else in the industry (in fact, more than the rest of the industry combined).

ID Title Level, etc Summary
DRV101 Windows Drivers ConceptsBasic
1 day lecture only

A one-day introduction to the various Windows device driver environments. Covers all current Windows operating systems and all driver models.

DRV150 Windows Internals Essentials for Device Driver DevelopersIntermediate
1 day lecture only

A guided tour of the internal design and implementation of the current Windows operating systems, with particular emphasis on those aspects that are important to driver developers.

DRV201 Core Windows Driver Model (WDM) DevelopmentIntermediate
5 days with labs
3 days lecture only

Teaches you how to develop, install, and debug the most common types of WDM device drivers for Windows operating systems.

DRV203 Developing Windows Driver Foundation (KMDF and UMDF 2.0) DriversIntermediate
5 days with labs

This seminar teaches you how to write, package, install, and debug drivers using the Windows Driver Foundation models: Kernel Mode Driver Frameworks (KMDF) and User Mode Driver Frameworks (UMDF 2.0). These are the driver models recommended by Microsoft for all devices for which a more specialized driver model is not available. 

DRV204 Windows Driver Development for User Mode Driver Frameworks (UMDF 1.x)Intermediate
5 days with labs

This seminar describes how to write, package, install, and debug drivers using User Mode Driver Frameworks 1.x.

DRV205 Windows Pseudodrivers and Operating System InterfacesIntermediate
5 days with labs

This seminar describes the required and optional routines of all device drivers, and presents the designs and operating system interfaces commonly used by filter drivers and pseudodrivers.

DRV211 Windows Driver Debugging and Memory Dump AnalysisIntermediate
4 days with labs
2 days lecture only

An intensive hands-on tutorial on debugging device drivers, via both “live” debugging and analysis of memory dumps. The latter includes techniques for looking at code for which you don't have the source. 

DRV301 Advanced Windows Driver Model (WDM) DriversAdvanced
5 days with labs

An intensive seminar that teaches you how to develop, install, and debug WDM device drivers for devices on backplane buses (commonly PCI, PCI-Express, and PCcard). Bus drivers, bus filter drivers, and various advanced system interfaces are included.

Windows Device Driver Development - Specialized

The following are specific to particular interfaces or to specialized driver technologies:

ID Title Level, etc Summary
DRV221 Windows Network Drivers for NDIS 5Intermediate
5 days with labs
3 days lecture only

This seminar focuses on developing and installing network interface card (NIC) Miniport and Intermediate drivers for NDIS 5. 

DRV222 Windows Network Drivers for NDIS 6Intermediate
5 days with labs
3 days lecture only

This seminar focuses on developing and installing network interface card (NIC) Miniport, Lightweight Filter (LWF), and Intermediate drivers. 

 

DRV231 Windows Drivers for IEEE 1394 DevicesIntermediate
2 days with labs
1 day lecture only

This seminar covers function drivers for devices on the IEEE 1394 bus.

DRV232 Windows Drivers for USB DevicesIntermediate
3 days with labs
1 day lecture only

This seminar covers the specifics of functional drivers for devices on the USB bus.

DRV251 Windows Drivers for Storage Class ControllersIntermediate
3 days with labs
2 days lecture only

This seminar covers Windows StorPort miniport drivers: drivers for storage controller class devices, i.e. disk controllers. These include drivers for SCSI controllers (SCSI host bus adapters), for FibreChannel controllers, for IDE and SATA RAID adapters, and for other controllers for storage class devices. 

DRV264 Windows 64-bit Driver MigrationIntermediate
1 day with labs

Attendees will learn how to port Windows drivers to all supported 64-bit platforms. You will also learn debugging techniques specific to the 64-bit extended (X64) systems.

DRV350 Windows File System DriversAdvanced
5 days with labs
3 days lecture only

Developers who need to write or maintain Windows File System Drivers.

DRV360 Windows File System Minifilter DriversAdvanced
5 days with labs
3 days lecture only

In this seminar you will learn how to design and write a Windows file system minifilter driver. 

Windows Security

Security is everyone's foremost concern these days. We've extensively researched the security enhancements in Windows to bring you seminars on Windows security internals and configuration - plus, one on effectively using the current cryptopgraphy APIs.

ID Title Level, etc Summary
SEC230 Windows Cryptography Next Generation (CNG) for DevelopersIntermediate
3 or 4 days with labs
2 days lecture only

This seminar covers the “next-generation” cryptography (CNG) support in Windows Vista through Windows 8 and Windows Server 2012. 

SEC240 Windows Security InternalsIntermediate
4 days with labs
3 days lecture only

Security is one of the most important responsibilities of a multi-user operating system. Windows provides an enormous number of security features, many of them added quite recently, many of them still unknown to users and system administrators. This seminar presents the security features of Windows in "internals" terms, covering not only administrator-level controls and visibility, but also describing their internal implementation, their visibility, and tradeoffs of their use.

SEC250 Hardening Windows SystemsIntermediate
3 days with labs

This seminar teaches how to "lock down" a Windows server and its clients to ensure reliable and secure operation, consistent with the enterprise’s unique security policies. 

Windows Forensics

These seminars bring our extensive knowledge of Windows internals and security to the cyber-forensics field.

ID Title Level, etc Summary
FOR111 Data Storage and Recovery MethodsBasic
2 days with labs
Cyber Forensics

This seminar covers how data is physically stored in a computer system, and provides detailed information on RAM, ROM, Flash, CD, DVD, Hybrid Hard Disks, and Blu-Ray.  Learn about the recovery potential from a variety of storage devices.

FOR130 Survey of Malware TypesBasic
1 day lecture only
Cyber Forensics

Most recent malware is used for financial or political gain, and although often referred to as "viruses," the attack and propagation methods are very different from true viruses. This course is an overview of the types of malware, how malware is categorized, and how each type of malware attacks a Windows system. This allows the forensic investigator to identify malware used in criminal attacks.

FOR202 Malware InternalsIntermediate
2 days with labs
Cyber Forensics

How does malware work? How do you trace where malware came from? In order to defeat your enemy, you must understand your enemy. This course covers the various types of malware and how it typically operates in a Windows system. 

FOR205 Windows Internals for ForensicsIntermediate
5 days with labs
Cyber Forensics

All modern malware works within the operating system, not only by exploiting weaknesses but also by using features that are there for everyday use. It is therefore impossible to understand how malware works without a deep understanding of the operating system it targets. This seminar provides detailed information on how Windows works internally, with special focus on common malware attack methods. It includes coverage of Windows’ most recent security features, most of them specifically added to combat malware.  

FOR206 Windows CryptographyIntermediate
2 days with labs
Cyber Forensics

Encryption is being used more and more in legitimate business, as well as within criminal enterprises. Learn about the types of encryption available in Windows, the weaknesses, and what it takes to either decrypt files that have been encrypted or to defeat the encryption by other means. Includes the detection of hidden volumes as implemented by, for example, TrueCrypt. 

FOR207 BitLocker Operation and InternalsIntermediate
1 day with labs
Cyber Forensics

BitLocker is being used more and more to protect the contents of disks from loss and theft. Unfortunately, it is also being used by cybercriminals to hide their activities from law enforcement. This course describes the internal operation of BitLocker, and how  law enforcement can defeat it in some cases. 

FOR209 Virtual MachinesIntermediate
1 day with labs
Cyber Forensics

Virtual machines are useful for many purposes in computing, but they can also be used to hide evidence of user activity on a computer system. Cybercriminals are using virtual machines because it is apparently easy to remove all trace of their activities just by deleting a single file. This seminar describes virtual machines, their methods of operation, how they are used to hide user activity, and how to detect their use. It also describes how to use virtual machines for malware analysis and other aspects of cyber forensics. 

FOR220 Windows Storage Architecture OverviewIntermediate
1 day with labs
Cyber Forensics

Understanding how files are stored (and may be hidden) on a disk or other storage media (solid-state disk, USB "key", SD card, etc.), is essential to performing a thorough forensic investigation. Learn the essentials of the on-disk formats of NTFS, EFS, FAT 12/16/32, exFAT, CDFS, and UDFS. This seminar also covers details of partitioning methods (MBR vs. GPT), the various types of Windows "volumes," basic vs. dynamic disks, and the new Storage Spaces. 

FOR223 Windows Log Files and Other HistoryIntermediate
1 day with labs
Cyber Forensics

Windows miaintains a significant amount of data on its past activity as part of its normal operation. This is used for self-diagnosis, performance monitoring, and error reporting, as well as for common functions such as user login/logiout tracking and file access auditing. Using this information, a forensic investigator can create a detailed timeline of a user’s activities, going back months or in some cases years. Learn what information Windows maintains and where to find it. 

FOR231 Internet Design and ProtocolsIntermediate
5 days with labs
Cyber Forensics

How is data transmitted from one machine to another over the Internet? What network protocols are used by the Internet? How do you capture network traffic? What information is recorded by a user’s Internet Service Provider? How do you trace the origin of a Distributed Denial of Service Attack? This course will answer these questions and more, and provide the forensic investigator with the knowledge necessary to gather information about a suspect’s use of the internet. The student will learn how to capture network traces and trace the route through the Internet that packets followed. 

FOR420 NTFS File SystemIntermediate
2 days with labs
Cyber Forensics

This seminar presents the complete details of the NTFS file system on-disk structure. You will learn how files are stored in NTFS, how directory indexes work, and how to recover deleted files and partitions.

FOR421 FAT12/16/32 and exFAT File SystemsIntermediate
1 day with labs
Cyber Forensics

This seminar presents the complete details of the FAT file systems. Learn how files are stored, and how to recover some deleted files.

Seminars for Microsoft Shared Source Licensees

For 15 years we have been Microsoft's exclusive provider of source code training for the Government Security Program (GSP). And if you have source code access (regardless of which shared source program you're in), we can provide that training to you as well.These seminars are of course only available to those who have signed the appropriate source code licenses with Microsoft. For details, please see the Windows Shared Source Licensing Programs page at www.microsoft.com. Your Shared Source representative can assist you with arranging these seminars.

ID Title Level, etc Summary
WSC150 Windows Code Center Premium OrientationIntermediate
2 days with labs
1 day lecture only
Windows Source Licensees

This seminar provides an introduction and orientation to Code Center Premium and to the Windows operating system source trees.

WSC250 Windows Internals Workshop for Code Center PremiumIntermediate
5 days with labs
Windows Source Licensees

This seminar provides a comprehensive guided tour through, and analysis of, the internal design, implementation, and operation of the major components of the Windows operating system, with a corresponding tour of the Windows source code.