fix typo and english, thanks https://dylan-liew.github.io/

caprinux · caprinux · commit 87cc25e5ab08 · 2025-09-04T20:00:34.000+08:00
diff --git a/_posts/general/2025-07-11-breaking-disassembly-through-symbol-resolution.md b/_posts/general/2025-07-11-breaking-disassembly-through-symbol-resolution.md
@@ -87,7 +87,7 @@ Let's take a look at what actually happens when an ELF program tries to call `pu
 ![call_puts](call_puts.png)
 _call puts@PLT which dereferences and jumps into GOT entry_
 
-As you can see, when we call `puts`, it actually calls `puts@PLT` which attempts to dereference and jump into its own GOT entry. If the symbol has already been resolved before, the GOT entry of `puts` would contain the actually its function libc address.
+As you can see, when we call `puts`, it actually calls `puts@PLT` which attempts to dereference and jump into its own GOT entry. If the symbol has already been resolved before, the GOT entry of `puts` would contain its libc address.
 
 ![puts got is resolved](got_resolved.png)
 _puts@GOT after puts has been resolved_
@@ -430,7 +430,7 @@ Ultimately, this would make every single API function appear incorrectly and mig
 - Decompiler might refuse to decompile due to incorrect call types _(if the fake function requires many more arguments that the original function)_
 - Disassembler might stop disassembly early if it encounters a `noreturn` function _(i.e. exit, _exit, abort)_.
 
-You can find the obfuscation scripts and test files [here](https://github.com/caprinux/rel-fuscate/obfusactor).
+You can find the obfuscation scripts and test files [here](https://github.com/caprinux/rel-fuscate/tree/main/obfuscator).
 
 ## Deobfuscation is easier o_o
 
@@ -456,4 +456,4 @@ Exploring new ways to breaking disassembly/decompilation and deter reverse engin
 
 I hope you enjoyed this post! If it interests you, you can check out some of the other CTF challenges that I've written in the past [here](https://github.com/caprinux/challenge-creation) _(including some other cursed obfuscated challenges)_.
 
-Thanks to [goatmilkkk](https://goat.elmo.sg) for proofreading!
+Thanks to [goatmilkkk](https://goat.elmo.sg) for proofreading!
diff --git a/_posts/general/querying-for-exploitable-kheap-structures.md b/_posts/general/querying-for-exploitable-kheap-structures.md
@@ -0,0 +1,28 @@
+---
+title: Querying the Kernel for Exploitable Heap Structures
+description: Using CodeQL to query the Kernel codebase
+date: 2025-02-15 00:00:00 +0800
+categories: [Resources]
+tags: [kernel]
+---
+
+# Foreword
+
+One of the biggest difficulties that I've faced as a beginner trying to get into Kernel Exploitation would be not knowing what exploitable heap structure I can use for any given heap-based vulnerability.
+
+In fact, this is most certainly not a novel research topic. [ptr Yudai](https://x.com/ptryudai), who is highly respected in the exploit community, has also tackled this problem successfully using the Ghidra scripting engine. 
+
+- https://ptr-yudai.hatenablog.com/entry/2020/03/16/165628
+- [Deep Kernel Treasure Hunt (CodeBlue, 2023) - ptrYudai](https://archive.codeblue.jp/2023/result/pdf/cb23-deep-kernel-treasure-hunt-finding-exploitable-structures-in-the-linux-kernel-by-yudai-fujiwara.pdf)
+- https://blog.csdn.net/qq_45323960/article/details/130912716
+
+## Objectives
+
+- Find the structs of all objects allocated in the kernel
+- Trace 
+
+# CodeQL
+
+
+
+# References
