PDA

View Full Version : Colorful Neologism (X-Code)


NoLoader
October 22nd, 2007, 07:57
Hi All,

In the virus research arena, code added to a file is usually considered 'payload delivery' or 'infection'. If using an RPC mechanism such as netcat (and placing code directly in memory without a host file or executable), this is usually referred to as injection. At times, when one does not desire a derogatory overtone, one would simply use 'patch'.

Has any one else come across the term X-Code (meaning patched code)? Two of the books I have recently read on Cracking techniques uses it frequently (both by the same author). I'm not convinced it's worth mentioning, but I wanted to check with folks who are more active in the cracking scene than I am...

Jeff
Jeffrey Walton

deroko
October 22nd, 2007, 08:51
and what's the thing that author named X-Code?

NoLoader
October 22nd, 2007, 10:27
Hi dereko,

Quote:
[Originally Posted by deroko;69682]and what's the thing that author named X-Code?

The patch. It is the same technique (the best I can tell) demonstrated by Razzia in his modification of Notepad (http://www.woodmann.com/fravia/razzcripp.htm). But the author's technique includes a very detailed explaination of the modifications to the PE header (which may or may not be required), where Razzia required no modifications if I recall correctly.

He (the author) also makes references to Neo and his epic battles in the Matrix Trilogy, which leads me to believe he may watch too much television.

Jeff

NoLoader
October 22nd, 2007, 10:37
Hi dereko,

Quote:
[Originally Posted by deroko;69682]and what's the thing that author named X-Code?

Just my point... Taking from Wikipedia, "The use of neologisms should be avoided in Wikipedia articles because they are not well understood, are not clearly definable, and will have different meanings to different people." Reference http://en.wikipedia.org/wiki/Wikipedia:Avoid_neologisms.

Jeff

deroko
October 22nd, 2007, 10:49
ah so he calls this way of patching X-code. I call it adding code to the image. What are you going to do with added code is your choice, it can be vx, patcher, loader etc.

blurcode
October 22nd, 2007, 12:24
Why ppl call you dereko? (like: http://forums.accessroot.com/?showtopic=6197&hl=dereko# ) :P

blabberer
October 22nd, 2007, 12:35
well X code iirc was the name given to inserting extra code in pe executable by kris kaspersky in his hacker disassembling uncovered book he recently posted some draft papaer on openrce which talks about this x code thingy

http://www.openrce.org/forums/posts/625

deroko
October 22nd, 2007, 13:59
@blurcode: I have no idea

NoLoader
October 22nd, 2007, 17:05
Hi blabberer,

Quote:
[Originally Posted by blabberer;69728]well X code iirc was the name given to inserting extra code in pe executable by kris kaspersky in his hacker disassembling uncovered book he recently posted some draft papaer on openrce which talks about this x code thingy

http://www.openrce.org/forums/posts/625

Yep... He is the one to whom I am referring. I did not want to name hime directly.

LLXX
October 27th, 2007, 00:29
Quote:
[Originally Posted by NoLoader;69732]Yep... He is the one to whom I am referring. I did not want to name hime directly.
Why? Are you afraid he's going to come after you?


I haven't seen "X-code" in this context either, the only thing that comes to mind is this: http://en.wikipedia.org/wiki/Xcode