Course code: GOC7« Back

Windows Internals & Advanced Troubleshooting

This five-day advanced course explains Windows internals and operation of the operating systems. Students spend at least half the time of the training practicing interesting problems to investigate system behavior and understand precisely what happens inside the Kernel scheduler and process manager, memory manager. They learn what happens during the boot process, how security is maintained, how processes and threads are started, scheduled, maintained and prioritized, how virtual and physical memory is handled and allocated and how exceptions are handled. Students receive strong insight into how the most essential components of the system cooperate and how the system use device drivers to support hardware. A significant part of the training is dedicated for monitoring and optimizing system performance. Students receive deep troubleshooting skills and practice use of various built-in and third party tools that can be used to investigate. The course is presented by our top level professional (MCT, MCSE, MCITP) who specializes on the system core operations, troubleshooting and optimization.

GOPAS Official Curriculum
This section contains overview of retired courses which don’t belong to GOPAS course offer any more or were replaced by new course versions.
For more information about possibility to buy retired courses contact our customer services department ( or business department (

AffiliateDurationCatalogue priceHandbook priceITB
Praha5 22 500 CZK 1 700 CZK 50
Brno5 22 500 CZK 1 700 CZK 50
Bratislava5 700,00 EUR 70,00 EUR 50

User intensity level

Who is the course for

The course is intended for experienced administrators of Windows NT family of operating system such as Windows 2000, XP, Vista, 2003 and 2008

What we teach you

We will teach you how to understand the Windows Internals the way you will never ever want to use any other operating system.

Required skills

Basic work with Windows XP/2000/Server 2003 platform, network technologies summary and their configuration to Windows.

Teaching methods

Instructor-led classroom training with practical demonstrations and excercises on computers in a virtual environment

Teaching materials

Printed PowerPoint presentations and the original Windows Internals book.

Course Outline

Topic overview

  • History and evolution of Windows NT
  • Windows 2000 overview
  • Changes in Windows XP/2003

    Related tools

  • Support Tools
  • Resource Kits
  • SDK’s
  • Kernel Debuggers
  • Sysinternal’s free tools

    Operating system architecture

  • Basic concept
  • Architecture overview
  • Main subsystems (Win32,Posix,OS/2 …)
  • Kernel-mode components
  • Operating system threads/processes
  • Interrupt requests management & DPC

    Processes, threads and time synchronization

  • Process, thread and job
  • Starting, finishing and collapse of process
  • Priorities
  • Time synchronization of threads
  • Priorities adjustment
  • Environment of multiprocessing

    Memory Management

  • Virtual memory - arrangement (2G,3G,64-bit, PAE)
  • Paging file
  • Virtual Address Translation
  • Page fault handling (Hard, Soft)
  • Working Set
  • Physical memory


  • Win32 services
  • Registry
  • WMI


  • Security Ratings
  • Security Components
  • Object Protection
  • Auditing, Impersonation and Privileges

    I/O System

  • I/O System Components
  • Drivers installation
  • Kinds of drivers
  • Driver Operation
  • Plug-and-Play Manager
  • Power Manager


  • SCSIPort drivers
  • Storport drivers
  • iSCSI drivers
  • Partitioning
  • File systems
  • NTFS I/O
  • NTFS features
  • NTFS on-disk structures
  • Backup & Restore Technologies
  • Volume Shadow Copy Service

    Cache Manager

  • Cache Virtual Structure
  • Cache Size
  • Cache Operation

    Startup, shutdown and system crashes

  • Startup process
  • Prefetch mechanisms
  • Logon process
  • Shutdown
  • System Restore
  • Last Known Good
  • Safe Mode
  • Recovery Console
  • ERD Commander
  • Crashes
  • Crash dump files analysis
  • On-line Crash Analysis
  • Driver Verifier

    Solving problems

  • Usage of system auditing
  • Performance monitor & Task Manager
  • Process Explorer
  • Filemon and Regmon tools
  • Autoruns
  • Tdimon,Tcpview
  • Load order
  • PS Tools suite
  • Previous courses

    Next courses

    no following course
    Windows Internals, Fifth Edition

    1700 CZK
    Windows Internals, Fifth Edition

    70 EUR