├── README.md
├── SmashTheRef
    ├── 1 - xxxMnOpenHierarchy.cpp
    ├── 10 - UnlockNotifyWindow.cpp
    ├── 11 - CSRSS Arbitrary Free.cpp
    ├── 12 - Advanced FlashWindow.cpp
    ├── 13 - UnlockDesktopMenu NULL deref.cpp
    ├── 2 - FreeTimer.cpp
    ├── 3 - xxxCreateCaret.cpp
    ├── 4 - Ultimate Reloading.cpp
    ├── 5 - FreeSPB.cpp
    ├── 6 - xxxCapture WND.cpp
    ├── 7 - xxxCapture PQ.cpp
    ├── 8 - zzzAttachThreadInput.cpp
    ├── 9 - xxxSendMinRectMessages .cpp
    ├── SmashTheRef - BlueHatIL2022.pdf
    ├── Win32k Smash the Ref - full version.pdf
    └── Win32k Smash the Ref.pdf
├── console.cpp
├── dde ptr leak.cpp
├── debughook ptr leak.cpp
├── setdialog.cpp
└── xxxcreatewindow menu ptr leak.cpp


/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gdabah/win32k-bugs/HEAD/README.md


--------------------------------------------------------------------------------
/SmashTheRef/1 - xxxMnOpenHierarchy.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gdabah/win32k-bugs/HEAD/SmashTheRef/1 - xxxMnOpenHierarchy.cpp


--------------------------------------------------------------------------------
/SmashTheRef/10 - UnlockNotifyWindow.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gdabah/win32k-bugs/HEAD/SmashTheRef/10 - UnlockNotifyWindow.cpp


--------------------------------------------------------------------------------
/SmashTheRef/11 - CSRSS Arbitrary Free.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gdabah/win32k-bugs/HEAD/SmashTheRef/11 - CSRSS Arbitrary Free.cpp


--------------------------------------------------------------------------------
/SmashTheRef/12 - Advanced FlashWindow.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gdabah/win32k-bugs/HEAD/SmashTheRef/12 - Advanced FlashWindow.cpp


--------------------------------------------------------------------------------
/SmashTheRef/13 - UnlockDesktopMenu NULL deref.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gdabah/win32k-bugs/HEAD/SmashTheRef/13 - UnlockDesktopMenu NULL deref.cpp


--------------------------------------------------------------------------------
/SmashTheRef/2 - FreeTimer.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gdabah/win32k-bugs/HEAD/SmashTheRef/2 - FreeTimer.cpp


--------------------------------------------------------------------------------
/SmashTheRef/3 - xxxCreateCaret.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gdabah/win32k-bugs/HEAD/SmashTheRef/3 - xxxCreateCaret.cpp


--------------------------------------------------------------------------------
/SmashTheRef/4 - Ultimate Reloading.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gdabah/win32k-bugs/HEAD/SmashTheRef/4 - Ultimate Reloading.cpp


--------------------------------------------------------------------------------
/SmashTheRef/5 - FreeSPB.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gdabah/win32k-bugs/HEAD/SmashTheRef/5 - FreeSPB.cpp


--------------------------------------------------------------------------------
/SmashTheRef/6 - xxxCapture WND.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gdabah/win32k-bugs/HEAD/SmashTheRef/6 - xxxCapture WND.cpp


--------------------------------------------------------------------------------
/SmashTheRef/7 - xxxCapture PQ.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gdabah/win32k-bugs/HEAD/SmashTheRef/7 - xxxCapture PQ.cpp


--------------------------------------------------------------------------------
/SmashTheRef/8 - zzzAttachThreadInput.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gdabah/win32k-bugs/HEAD/SmashTheRef/8 - zzzAttachThreadInput.cpp


--------------------------------------------------------------------------------
/SmashTheRef/9 - xxxSendMinRectMessages .cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gdabah/win32k-bugs/HEAD/SmashTheRef/9 - xxxSendMinRectMessages .cpp


--------------------------------------------------------------------------------
/SmashTheRef/SmashTheRef - BlueHatIL2022.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gdabah/win32k-bugs/HEAD/SmashTheRef/SmashTheRef - BlueHatIL2022.pdf


--------------------------------------------------------------------------------
/SmashTheRef/Win32k Smash the Ref - full version.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gdabah/win32k-bugs/HEAD/SmashTheRef/Win32k Smash the Ref - full version.pdf


--------------------------------------------------------------------------------
/SmashTheRef/Win32k Smash the Ref.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gdabah/win32k-bugs/HEAD/SmashTheRef/Win32k Smash the Ref.pdf


--------------------------------------------------------------------------------
/console.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gdabah/win32k-bugs/HEAD/console.cpp


--------------------------------------------------------------------------------
/dde ptr leak.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gdabah/win32k-bugs/HEAD/dde ptr leak.cpp


--------------------------------------------------------------------------------
/debughook ptr leak.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gdabah/win32k-bugs/HEAD/debughook ptr leak.cpp


--------------------------------------------------------------------------------
/setdialog.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gdabah/win32k-bugs/HEAD/setdialog.cpp


--------------------------------------------------------------------------------
/xxxcreatewindow menu ptr leak.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gdabah/win32k-bugs/HEAD/xxxcreatewindow menu ptr leak.cpp


--------------------------------------------------------------------------------