SecurityXploded Blog

ReactOS : Source for Windows OS

ReactOS® is an advanced free open source operating system providing a ground-up implementation of a Microsoft Windows® XP compatible operating system. ReactOS is currently in its alpha stage and there is long way to go.Though its not exact replica of Windows XP, its near match. Moreover all function names are same as that of Windows.

Its an ideal platform for anyone curious to peek into windows architecture and implementation. One of the best thing is that you need not have to go through the source code, everything is available at just a click of mouse. Their website has a nice search feature through which you can look at the source of any Windows function. Note that the search query is case sensitive. So just typing createprocessa will not work. You need to type correct function name as “CreateProcessA”. I guess this has done to make the search results accurate, however other way would have been much better.

Here is the screenshot showing the file create.c containing implementation of CreateProcessA function (you need to scroll down to see the function)

This is great help for researchers especially for anyone into vulnerability research as it saves lot of reverse engineering time. Not only for researchers, its useful for any curious person who wants to know what lies beneath!. If you are good enough, then you may think of contributing to this great project as well.

In near future, ReactOS may force Bill to open the Windows Gates…!


  1. jc jc
    June 12, 2007    

    I dont ReactOS’s source being open will help in vuln research in windows, ya, it will help you find bugs in ReactOS…. and this is the case with any open source OS. But the fun is when is when things are hidden from the researcher…

  2. June 14, 2007    

    Source for project A and B is same, that means finding vulnerability in project A is same as finding vulnerability in project B.

    You are right, there is no fun in above statement. During research you may want to look for how exactly the function is implemented along with debugger. Sometimes with debugger it takes time, but this can make it simpler so you can spend more time on later part of research.

Leave a Reply