In that case, considering that even the undocumented methods are exported from the respective DLLs, these can easily be identified and their workings can be figured out by perusing the machine code. Access to source code, stolen or otherwise, is not really required. Also, as compatibility is ReactOS' goal, even identical bugs can't be credible evidence.
Reversing is one thing, distributing copies of reverse engineered IP is another. I am pretty sure that is not a good idea unless the terms under which you obtained the product explicitly allow it.
