Home > IT-Pro Speaker Training > Sami Laiho > Blackbelt - Advanced Troubleshooting the Windows OS

Course information

Blackbelt - Advanced Troubleshooting the Windows OS

Culemborg (NL) or RemoteMonday 27 January 20204€ 2.799,00Register now

Also possible to join this class remote

Sami offers two courses for troubleshooting of anything that related or runs on the Windows OS.

If you’re thinking about which course to take first, take the other one. If you are totally familiar with the stuff on the other course you are very welcome to join this one as well.

It’s Sami's professional opinion that the best troubleshooters can be taught by taking these two courses and it’s better to take the more Tools-oriented BlackBelt Troubleshooting course first and the join this Content-oriented Advanced Troubleshooting course next.

  • Have you ever wondered if Windows Pagefile settings should be changed or how they actually work?
  • Have you ever wondered what the values in Task Manager actually mean – like Paged Pool, Working Set, Free memory etc?
  • Do you know how a file actually gets cached and finally written to the disk or how threads communicate with each other?
  • Have you ever wondered what Mutexes or Semaphores in Process Explorer really mean?

If you don’t know the answers, come and join this course as it will provide you with the answers and a lot more! 

Level 400+ class. (also known as: "Windows Internals" Windows Internals book included) 

This training is organized only a few times a year in this region.

Tel: +31 88 55 88 400
E-mail: sales@pds-site.com

For who

This Windows Internals training is meant for all administrators who want to deepen their knowledge about Windows. It is also suitable for people who think (with all respect!) they know everything about the Windows OS…  
It’s a very deep dive course and surely in no way suitable for beginners but seasoned administrators. 

Pre knowledge requirements
you should be comfortable with the following:

  • Experience with Windows Administration
  • Experience with Active Directory
  • Experience with networking infrastructure

What you learn

This 4-day course teaches you how the operating system actually works under the hood. Windows Internals was previously taught globally by two of the best known teachers David Solomon and Mark Russinovich.

David is now retired from training and Mark is working for Microsoft as the CTO AZURE. This training is based on their Windows Internals book which is considered mandatory knowledge for all top Microsoft professionals including Microsoft’s own PFE’s (Premier Field Engineer). 

That book might be a bit too deep for most so this is an easy way to learn the important parts of the book in an effective pace. You will, among other things, learn about:

• Concepts and Tools
• System Architecture
• System Mechanisms
• Management Mechanisms
• Processes, Threads and Jobs
• Security
• Networking
• I/O System
• Storage Management
• Memory Management
• Cache Manager
• File Systems
• Startup and Shutdown
• Crash Dump Analysis


Day 1

Concepts and Tools

  • Windows Operating System Versions
  • Foundation Concepts and Terms
  • Digging into Windows Internals
  • Sysinternals Tools

System Architecture

  • Requirements and Design Goals
  • Operating System Model
  • Architecture Overview
  • Key System Components

System Mechanisms

  • Trap dispatching
  • Object Manager
  • Synchronization
  • System Worker Threads
  • Global Flags
  • ALPC
  • Kernel Event Tracing
  • Wow64
  • User Mode Debugging
  • Image Loader
  • Kernel patching
  • Code integrity

Day 2

Management Mechanisms

  • The Registry
  • Services
  • UBPM
  • WMI
  • Windows Diagnostics Service

Processes, Threads and Jobs

  • Process Internals
  • Protected Processes
  • CreateProcess function
  • Thread Internals
  • Thread scheduling
  • Jobs


  • Security Ratings
  • Security System Components
  • Protecting Objects
  • AuthZ API
  • Account rights and privileges
  • Access tokens
  • Auditing
  • Logon
  • UAC
  • AppID Service
  • AppLocker

Crash Dump Analysis

  • Why Does Windows Crash?
  • The Blue Screen
  • Troubleshooting Crashes
  • Crash Dump Files
  • Windows Error Reporting
  • Online Crash Analysis
  • Basic Crash Dump Analysis
  • Using Crash Troubleshooting Tools
  • Advanced Crash Dump Analysis

 Day 3


  • Windows Networking Architecture
  • Networking API’s
  • Multiple Redirector Support
  • DFS and DFS-R
  • Offline Files
  • BranchCache
  • Name Resolution
  • Location and topology
  • NDIS

I/O System

  • I/O System Components
  • Device Drivers
  • I/O Processing
  • Kernel-Mode Driver Framework (KMDF)
  • User-Mode Driver Framework (UMDF)
  • The Plug and Play (PnP) Manager
  • The Power Manager 

Storage Management

  • Storage Terminology
  • Disk Drivers
  • Volume Management
  • BitLocker Drive Encryption
  • Volume Shadow Copy Service

Memory Management

  • Introduction to the Memory Manager
  • Services the Memory Manager Provides
  • Kernel-Mode Heaps (System Memory Pools)
  • Heap Manager
  • Virtual Address Space Layouts
  • Address Translation
  • Page Fault Handling
  • Stacks
  • Virtual Address Descriptors
  • NUMA
  • Section Objects
  • Driver Verifier
  • Page Frame Number Database
  • Physical Memory Limits
  • Working Sets
  • Proactive Memory Management (SuperFetch)

Day 4

Cache Manager

  • Key Features of the Cache Manager
  • Cache Virtual Memory Management
  • Cache Size
  • Cache Data Structures
  • File System Interfaces
  • Fast I/O
  • Read Ahead and Write Behind

File Systems

  • Windows File System Formats
  • File System Driver Architecture
  • Troubleshooting File System Problems
  • Common Log File System
  • NTFS Design Goals and Features
  • NTFS File System Driver
  • NTFS On-Disk Structure
  • NTFS Recovery Support
  • EFS

Startup and Shutdown

  • Boot Process
  • Troubleshooting Boot and Startup Problems
  • Shutdown

Some student quotes and recommendations:

"Great training, excellent trainer with real indepth knowledge brought to me in real "eatable" way. (I ment usable)"

“Technical side: Sami’s trainings include The True Stuff from the “start” to the “end”. In other words, the whole Windows’ “saga” is covered from top to down, or the other way around, absolutely NO bullshit included.

“If you are ready for a deep dive into the Windows kernel and willing and wanting to learn how Windows really works, then you need to take Sami’s BlackBelt course. Sami’s high energy, enthusiastic and engaging approach to teaching, will captivate you and keep your attention for the entire duration. When it is all over, you will begging for more.” 

“It’s a very interesting course. You learn so much about actions you didn’t know they existed.” 

“Excellent trainer, by far the most “hands on” with REAL LIFE scenarios testing, ABSOLUTE needed for an IT Pro in an enterprise” 

“You think you know Windows, but you dont.” 

Culemborg (NL) or RemoteMonday 27 January 20204€ 2.799,00Register now