<ul style='font-size: 15px'>
	<li>&raquo; These pools of NOP instructions are never larger than 15.</li>
	<li>&raquo; So, instead of figuring out how to write a virus that was less than 16 bytes in length, we decided to use jump instructions to chain the
	 overwritten cavity together, giving our code a way to execute in-full.</li>

	<li>&raquo; If someone devels a heur. for this, then fine. It's not difficult to obfusciate this and to make potential infected executables
	a static anlyzers nightmare. </li>
	<li>&raquo; For example, a simple thing to do would be to, instead of looking for the amount of nops you need, find space for one extra
	byte and throw in a random number. </li>
	<li>&raquo; This way, the last valid instruction you will see is a 'ret' but if you inserted, directly after it an 0xe9 (jump with a 32-bit addr.)
	 then it would see your virus code as, partially, an address instead of a valid instruction after a 'ret' and before a function prologue. </li>
</ul>


	
