Alex’s experience in OS design and Kernel coding dates back to his early adolescence, when he first played with John Fine’s educational OS/Kernel/Bootloader code. Since then, he has been active in the area of NT Kernel Development, offering help and advice for driver developers, as well as in the NT Reverse Engineering/Security field, where he has published a number of articles and source code, such as on the topic of NTFS Advanced Data Streams. His contributions include documentation for the Linux NTFS project, various award-winning articles on Planet Source Code and an extensive research paper on the Visual Basic Metadata and Pseudo-code format. He has also done hands-on training for security companies and given talks at security conferences (REcon 2006) and he sometimes posts articles on the security community site OpenRCE.

Since Summer 2004, Alex has been working as a core kernel developer for the ReactOS project, where his experience with the NT Kernel continued to grow. His responsibilities included the coding of multiple kernel functions, and he has extensively worked on the Object Manager, Process Manager, Executive and parts of the Microkernel such as exception dispatching, thread scheduling and system traps. He is now working on the Local Procedure Call module (LPC), the User-Mode Debugging module (Dbgk) and the Kernel Debugging library (Kd) and expects to work on the HAL and Subsystem Manager (SMSS) later in 2007.

Alex Ionescu is also the TinyKRNL Project Coordinator is and he is responsible for overseeing the general progress of the project, organizing the other developers, handling outside communication as well as defining the vision and goals of the project.

He is currently studying at Concordia University in Montreal, Canada, and is in his first year of obtaining a bachelor’s degree in Software Engineering. He is also a Microsoft Student Ambassador and is representing the company on campus as a Technical Rep.

12 Responses to “About”

  1. […] researcher Alex Ionescu is one such researcher who has done a lot of work in the area of Protected Processes in […]

  2. thomaslim168 says:

    hi alex, can you drop me an email thomas@coseinc.com? thank you.

  3. rabbit says:

    Hi Alex?
    I participated 2014 syscan360 in July, and am very interested in your address.
    Do you have a link avaialable to donwload the Compatibility Database Dumper (CDD) v1.0 ?

  4. 0xnull says:


    I recently saw your article on patchguard changes in 8.1 and upwards, it suddently brought a lot of issues i have encountered to light so thankyou for that.

    I am hiding driver via PsLoadedModuleList and removing from OBJECT_DIRECTORY and I believe this modification causes bugcheck due to the changes you highlighted. I would like to discuss this with you if you have some time, potential workarounds without modifying PG etc. I am happy to donate to your work and show you the current code scenario.

    Please feel free to email me. Thanks

  5. Alex says:

    Hi Alex,

    I started following you blog and I see you have a lot of experience in the security and penetration testing world.
    I would like to ask your advise on something related to security, is there a way to contact you? Do you have a contact form or an email that I can reach you at?

    Thank you!

  6. aionescu says:

    You can reach me at @aionescu on Twitter or the same at gmail.

  7. aionescu says:

    Unfortunately I am not able to assist with PG bypassing and/or rootkit development. Sorry!

  8. Alexander khalyapin says:

    Hello, Alex!

    It seems like that there is a misprint in https://www.osr.com/nt-insider/2015-issue3/the-state-of-synchronization/ According to text in the article, Synchronization event is preferable in mostly non-contention use cases, and vise versa Fast mutex provide an optimization for contention – spinlock. So, figure 2 has got a misprint in “Yes”/”No” in vertices outgoing from “Contention?” switch.

  9. Alexander khalyapin says:

    Hello, Alex, again!

    I’ve confused with text/figure interpretation mentioned in my previous comment about https://www.osr.com/nt-insider/2015-issue3/the-state-of-synchronization/. Actually, the text in the article claims that Fast mutex has got the spinlock optimization which is more suitable for non-contended use cases, and vise versa Synchronization event is preferable when contentions are expected quite often. So, figure 2 has got a misprint in “Yes”/”No” in vertices outgoing from “Contention?” switch.

    Sorry for my misprint about misprint :)
    And thank you for the good article!


  10. Yariv Inbar says:

    Hi Alex,
    My name is Yariv Inbar, I’m the CEO of Mediatech-Jonbryce training center in Israel.
    I heard a lot about you and i’d like to check the opportunity of inviting you to deliver a reverse engineering course in Israel If possible.

    many thanks

  11. aionescu says:

    Hi Alex,

    I wouldn’t really call it a misprint, because if you have contention concerns, and are dealing with NUMA concerns or size concerns, the PushLock is a much better choice than the Synchronization Event. If you don’t care about any of those things, then I suggested the Fast Mutex because at least it’ll behave better at least in some cases, vs the synchronization event which will behave slow in all cases.

Leave a Reply