A New Direction

It is with great excitement (and a certain amount of nostalgia) that I would like to announce two important changes in my professional life and in the direction in which I will pursue my knowledge and work on Windows Internals. The first of these changes is my debut as an instructor for David Solomon’s Expert Seminars, and the second is my departure from ReactOS, effective immediately. These plans do not change in any way my internship at Apple which will take place during the summer.

Some time ago, I had the great privilege of being approached by David Solomon, a well-known and highly regarded computer expert, teacher, consultant and co-author of Windows Internals 4th Edition (and Inside Windows 2000, 3rd Edition). For the last couple of years, David had been working with Mark Russinovich, another respected figure in the world of Windows Internals, and co-founder of Winternals and Sysinternals as well as developer of some of the most useful Windows system tools available today. Apart from working on the two books (which Mark was a co-author of), they both provided trainings and seminars on Windows internals under the “David Solomon Expert Seminars” banner. As is widely known, Microsoft realized that Mark’s experience and amazing work on the NT platform through his articles and tools could provide a highly beneficial new addition to the company. The company bought Winternals last year, and hired Mark at the highest technical level in the company, Technical Fellow. 

All this is history of course, and back to the matter at hand, Mark’s recent new employment made him unavailable for teaching new classes, which made David Solomon start the search for a new instructor which could take on the responsibility of teaching new classes. I was highly honoured to have been chosen as this person, and accepted this unique opportunity to bring my knowledge out to many more people and to work with one of my most admired Windows experts

With this new job as an added task on top of my already busy life, as well as with the imminent Apple internship, I was already planning to cut back on my involvement with ReactOS. However, since it became clear that my level of contact with Microsoft employees and resources would be in conflict with my work at ReactOS, I made the difficult choice of amicably severing my ties with the project. This decision took some time for me to finalize, but the various motivations behind it had started cropping up since early this year

When I first joined ReactOS 3 years ago, the kernel was – in my opinion – highly disorganized and hodgepodge of Linux, NT 4, Wine and Windows 9x code which was very far from its actual goal of NT Driver compatibility. In fact, the development model seemed to focus on hacking NT drivers to work on ReactOS, and not vice-versa. Coincidentally, I joined the project just as the lead kernel developer, David Welch, had just burnt out and moved to other projects and goals. For the last three years, I rewrote key subsystems such as the thread scheduler, dispatcher, locking and IRQL mechanisms, HAL, executive support, object manager, process manager, I/O manager, basic VDM and 8086 support, and much more, as well as switched the project goals from NT4 to NT 5.2. 

My ability to do this came from my extensive reverse engineering of the kernel in the past, reading internals books, access to the DDK/IFS, as well as using WinDBG and .pdb type information. In return for all the code and guidance I provided, the project gave me a lot in return as well, including a unique perspective of working on such a project, the ability to work in large and distributed teams, and using open source tools for Windows NT kernel development. With millions of lines of code, ReactOS is the kind of project that an 18 year old could’ve only dreamt work ing on. I became adept in source control repositories, regression testing, unit testing, team management, IRC administration, as well as a much better coder in C. I also made friendships of all levels with various developers, testers and users, and had a chance to mentor two students during last year’s Google Summer of Code. I was able to attend and give talks on ReactOS, exhibit it, and make connections with other people in the industry, and in the open source world. Overall, it’s been an exhilarating adventure.

After three years however, and with the many new responsibilities that had kept growing, my free time grew short. Additionally, my work in the kernel had almost reached completion. The parts that still need major work, in my opinion, require extremely skilled developers in those areas to ever be as close to NT as needed. They are also some of the most critical: the memory manager, the cache manager, the Power/PnP Manager, the configuration manager and the file system runtime library. With the current differences that exist, most modern WDM drivers as well as IFS drivers can only dream of running properly. Unfortunately, my knowledge in those areas was limited. I had never reverse engineered them as extensively as parts of the executive, and documentation on their guts is limited.  In all honesty, they’re also not parts of the system that interest me much. I could, of course, have continued working on user-mode parts of the system where my help would still bring a lot of the system forward, such as ntdll, csrss, smss, winsock and kernel32, but my interest in teaching with David Solomon and getting in touch with the developers behind NT outweighed that desire.

After three years, I learned a tremendous amount of knowledge and skills while working on ReactOS, now the time has come for me to learn even more by expanding my horizons. In many ways, I had already outgrown the project, focusing more on security research, utilities and tools, articles and non-ReactOS related talks and conferences. It was time for me to step outside and take on a new opportunity with a larger audience and which would bring me many new experiences and teachings. I wish the ReactOS Project all the luck and I know that some significant new changes are on the horizon for them. I will keep watching from a distance, and I thank them for the most fun years of my life.

This blog will continue as usual, and I am currently working on the fourth part of the SDB series. Thank you for your continued readership and support!

7 Replies to “A New Direction”

  1. Wish you good luck at your new position! Somehow it made me a bit sad that you will not continue your work at ReactOS, but nothing lasts forever and there are always new challenges and possibilities…

    In your post you didn’t mention TinyKRNL: are you going to cease your activity in this project either?

    P.S. I am already keen on reading the next part of your SDB series! Your articles are a great source of information. Keep up the good work!

  2. Good luck!

    As michael strehovsky said, are you going to cease your activity en TinyKRNL?

  3. Hi! I dont know if you remember me (wG/Brazil:)
    I’ve asked about how to know about process creation without api hooking. We can do that by using PsSetCreateProcessNotifyRoutine in kernelmode.
    Good luck & dont forget to connect to irc some free time!

  4. Hi there Alex. Everything sounds great and I wish you the best on your new path in life. Just one thing bugs me (and the rest of the world from what I can gather) – what is the status of TinyKRNL ? Surely you are not leaving this behind/terminating ? This project is way way way too good to be put on the scrap heap for later/someone else/etc – conflict interest or not !!!
    I am a University graduate who is preparing for my thesis which requires the creation of my own operating system. I have just downloaded the WDK and would like to get some feel for it by building TinyKRNL but the website is not working properly and the file coming down is corrupt (32KB 7Z nightly). I would very very very much appreciate it if you could e-mail me/FTP me a copy of everything required to 1) Create the Razzle/Dazzle build environment, 2) Use the Razzle/Dazzle build environment to compile the raw TinyKRNL source into working executables/files/etc, and 3) burn a boot/live disk that brings me up to the native command line interface or even up to the system process (NTOSKRNL.EXE) with no visuals and just the ability to run/load/execute drivers/system threads/natives in the background. Anyway, to wrap things up, I think you are a complete genius and deserve the best – you have earned it and I am happy for you. In conclusion, my only concern here is that you do not terminate TinyKRNL and if need be (as I am in a great financial position myself) I would be happy to provide funding to keep the project ALIVE. Either way, please e-mail me at simulatedrealitylimited@gmail.com and please provide me with the above (attached file/FTP URL) so I can bring up Razzle/Dazzle and build the current stage of this absolutely amazing operating system. We can then talk about money etc and I can get an idea of what your plans are – ie handing it over to someone else, sourceforging it, or running it yourself still. Cheers !!! Whatever you do just make sure you do not do nothing 🙂

  5. Pingback: A New Direction

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.