Alex’s experience in OS design and Kernel coding dates back to his early adolescence, when he first played with John Fine’s educational OS/Kernel/Bootloader code. Since then, he has been active in the area of NT Kernel Development, offering help and advice for driver developers, as well as in the NT Reverse Engineering/Security field, where he has published a number of articles and source code, such as on the topic of NTFS Advanced Data Streams. His contributions include documentation for the Linux NTFS project, various award-winning articles on Planet Source Code and an extensive research paper on the Visual Basic Metadata and Pseudo-code format. He has also done hands-on training for security companies and given talks at security conferences (REcon 2006) and he sometimes posts articles on the security community site OpenRCE.

Since Summer 2004, Alex has been working as a core kernel developer for the ReactOS project, where his experience with the NT Kernel continued to grow. His responsibilities included the coding of multiple kernel functions, and he has extensively worked on the Object Manager, Process Manager, Executive and parts of the Microkernel such as exception dispatching, thread scheduling and system traps. He is now working on the Local Procedure Call module (LPC), the User-Mode Debugging module (Dbgk) and the Kernel Debugging library (Kd) and expects to work on the HAL and Subsystem Manager (SMSS) later in 2007.

Alex Ionescu is also the TinyKRNL Project Coordinator is and he is responsible for overseeing the general progress of the project, organizing the other developers, handling outside communication as well as defining the vision and goals of the project.

He is currently studying at Concordia University in Montreal, Canada, and is in his first year of obtaining a bachelor’s degree in Software Engineering. He is also a Microsoft Student Ambassador and is representing the company on campus as a Technical Rep.

22 Responses to “About”

  1. […] researcher Alex Ionescu is one such researcher who has done a lot of work in the area of Protected Processes in […]

  2. thomaslim168 says:

    hi alex, can you drop me an email thomas@coseinc.com? thank you.

  3. rabbit says:

    Hi Alex?
    I participated 2014 syscan360 in July, and am very interested in your address.
    Do you have a link avaialable to donwload the Compatibility Database Dumper (CDD) v1.0 ?

  4. 0xnull says:


    I recently saw your article on patchguard changes in 8.1 and upwards, it suddently brought a lot of issues i have encountered to light so thankyou for that.

    I am hiding driver via PsLoadedModuleList and removing from OBJECT_DIRECTORY and I believe this modification causes bugcheck due to the changes you highlighted. I would like to discuss this with you if you have some time, potential workarounds without modifying PG etc. I am happy to donate to your work and show you the current code scenario.

    Please feel free to email me. Thanks

  5. Alex says:

    Hi Alex,

    I started following you blog and I see you have a lot of experience in the security and penetration testing world.
    I would like to ask your advise on something related to security, is there a way to contact you? Do you have a contact form or an email that I can reach you at?

    Thank you!

  6. aionescu says:

    You can reach me at @aionescu on Twitter or the same at gmail.

  7. aionescu says:

    Unfortunately I am not able to assist with PG bypassing and/or rootkit development. Sorry!

  8. Alexander khalyapin says:

    Hello, Alex!

    It seems like that there is a misprint in https://www.osr.com/nt-insider/2015-issue3/the-state-of-synchronization/ According to text in the article, Synchronization event is preferable in mostly non-contention use cases, and vise versa Fast mutex provide an optimization for contention – spinlock. So, figure 2 has got a misprint in “Yes”/”No” in vertices outgoing from “Contention?” switch.

  9. Alexander khalyapin says:

    Hello, Alex, again!

    I’ve confused with text/figure interpretation mentioned in my previous comment about https://www.osr.com/nt-insider/2015-issue3/the-state-of-synchronization/. Actually, the text in the article claims that Fast mutex has got the spinlock optimization which is more suitable for non-contended use cases, and vise versa Synchronization event is preferable when contentions are expected quite often. So, figure 2 has got a misprint in “Yes”/”No” in vertices outgoing from “Contention?” switch.

    Sorry for my misprint about misprint 🙂
    And thank you for the good article!


  10. Yariv Inbar says:

    Hi Alex,
    My name is Yariv Inbar, I’m the CEO of Mediatech-Jonbryce training center in Israel.
    I heard a lot about you and i’d like to check the opportunity of inviting you to deliver a reverse engineering course in Israel If possible.

    many thanks

  11. aionescu says:

    Hi Alex,

    I wouldn’t really call it a misprint, because if you have contention concerns, and are dealing with NUMA concerns or size concerns, the PushLock is a much better choice than the Synchronization Event. If you don’t care about any of those things, then I suggested the Fast Mutex because at least it’ll behave better at least in some cases, vs the synchronization event which will behave slow in all cases.

  12. Muju Feng says:

    Hi Alex,

    I met a problem while I compile VisualUefi with VS2015. The IDE reported an error “error creating or communicating with child process” when compiling OpensslLib. What had caused this error?

  13. contact says:

    Hello Alex,

    Can you give me your email?
    How to contact with you?

  14. Yasha says:

    You write int Tw.

    Shocking news. Another “next gen” cyber company takes my research (Recon 2015: Hooking Nirvana) and creates FUD https://cybellum.com/doubleagent-taking-full-control-antivirus/
    19:24 – 22 Mar 2017

    But……….What is it ???? 2010 year!!!


  15. aionescu says:

    I referenced many works in my presentation. I didn’t claim I invented it 🙂 I didn’t know about the wasm.ru links but I had seen KiTrap8’s research (another Russian).

  16. aionescu says:

    alex at this URL

  17. aionescu says:

    Not sure, maybe out of memory or some similar issue? I need to refresh the project anyway.

  18. Dmitry says:

    Hello, Alex.
    Do you have plans to be a trainer at REcon 2018? (Windows Internals for Reverse Engineer course)

  19. Janusz says:


    Looking for Windows kernel developer for security project.


  20. aionescu says:

    Yes, I always train at REcon!

  21. aionescu says:

    Thanks, Janusz, however, I already have a full-time job.

Leave a Reply