Axel Rietschin, Microsoft Engineer for the Windows Kernel, the ability to develop the ReactOS operating system without borrowing code from Windows. In his opinion, the developers of ReactOS took advantage of the code from the core of Windows Research, the source code of which was licensed to universities. This code has been leaked in various places, including on GitHub.
Ritchen is sure that it is physically impossible to write the ReactOS core from scratch as it is written now, using only the available public documentation. In particular, the names of internal structures and functions in the ReactOS kernel are the same as those in the Windows Research kernel, while these names are not exported during assembly and do not shine anywhere except in the original code. The same goes for macro and parameter names, whose names cannot be exactly reproduced without looking into the original Windows code.
Recall that in 2006 ReactOS had the inclusion of about 100 lines of assembly language code resulting from the decompilation of Windows. After that, development was suspended for about a month to audit possible intersections. Since then, the ReactOS developers have been especially reverent about checking the sources proposed for inclusion in the project.
When reverse-engineering to comply with US copyright law, the ReactOS project uses a dual scheme in which one researcher analyzes the work and writes documentation based on it, and another developer builds a new implementation for ReactOS based on this documentation. It's possible that the analysis phase may have used leaked Windows source code and documented the same names of functions and structures, but with the ReactOS development scheme, the implementation will be completely different and created from scratch.
In addition, already oversight publications of NT and W2K kernel builds with uncleaned debugging information, including information about the names of internal variables. Many structure and function names are also provided in the header files included with the SDK/DDK, and the structure of system calls can be determined by parsing components such as the COM runtime. Hotfix updates are often published without cleanup of symbolic name tables. In addition, some programs and drivers for Windows use non-public, undocumented calls, and many hidden features of Windows come to light during launch adaptation in virtualization systems and emulators.
ReactOS developers could use these components as part of their reverse engineering process.
Source: opennet.ru