CSI-300 - Foundations of Application Internals
This component course lays the ground work for understanding how the operating system interacts with applications. This course lays critical ground work for understanding how various technologies such as application virtualization and application compatibility intercept Windows Application calls and correct problems. This knowledge allows you to be productive with all the Microsoft and third party technologies that leverage this model to create value-added application management.
Topics
Troubleshooting and Debugging Principles
Disciplines and methods for debugging and troubleshooting tough problems.
Fundamentals of Windows Processes
Anatomy of a process, Permissions, Loading DLLs and Other Code
COM Fundamentals
Why COM?, COM Operations, HKCR, Tracing COM, DLL Loading, Loading Overrides (.LOCAL)
Windows Code Files
Anatomy of EXEs and DLLs, DLL Loading, Editing EXEs.
Processes for Kernel 6 (Win7, Vista, Win2008)
Why Learn This?, Windows Integrity Mechanism (WIM) Integrity Levels (IL), User Account Control (UAC), Security Manifesting, On The Fly Virtualization, COM and UAC, Disable UAC, Windows Resource Protection (WRP), User Interface Privilege Isolation (UIPI), Win7: Per-User Applications (PUA), Win7: XP Mode
IE Changes for Kernel 6
IE Protected Mode (IEPM), Usage of ILs, Usage of UAC Virtualization
Application Internals
The main ways in whch an application integrates with Windows. Environment variables, App Paths, Shortcuts, Extension Mapping, Shell Extensions, etc.
Labs & Templates:
VMWare Testing Templates for XP, Vista, Win7.
Procmon filter templates
Tracing COM
Replacing internal UAC manifests
Virtualization: Detecting, Tracing, Cleaning Up
Tools:
Process Explorer (Procexp.exe)
Process Monitor (Procmon.exe)
Explorer Suite EXE Editor
whoami
RegScanner
RegfromApp
AppCompat
AppVerifier
|
