diff --git a/dotfiles/lldb/lisa.py b/dotfiles/lldb/lisa.py
new file mode 100644
index 0000000..245f187
--- /dev/null
+++ b/dotfiles/lldb/lisa.py
@@ -0,0 +1,2982 @@
+#!/usr/bin/env python
+
+# Copyright 2015 ant4g0nist
+
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+
+#       http://www.apache.org/licenses/LICENSE-2.0
+
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+
+import os
+import re
+import cmd
+import sys
+import time
+import shlex
+import random
+import string
+import struct
+import commands
+import datetime
+import optparse
+import argparse
+import platform
+import httplib
+from struct import *
+from sys import version_info
+from struct import pack
+from binascii   import *
+from ctypes import *
+import subprocess
+
+
+#install package
+def install(name):
+    subprocess.call(['sudo','pip', 'install', name])    
+
+try:
+    from capstone import *
+except:
+    print "[+]\tGonna try installing capstone."
+    install('capstone')
+    from capstone import *
+
+PYROPGADGET_VERSION = 'ich'
+
+if sys.version_info.major == 3:
+    xrange = range
+
+import lldb
+
+#global vars#
+lisaversion = 'v-ni'
+PAGE_SIZE=4096
+MAX_DISTANCE=PAGE_SIZE*10
+g_ignore_frame_pointer= False
+reportexploitable=""
+###################
+
+REGISTERS = {
+    8 : ["al", "ah", "bl", "bh", "cl", "ch", "dl", "dh"],
+    16: ["ax", "bx", "cx", "dx"],
+    32: ["eax", "ebx", "ecx", "edx", "esi", "edi", "ebp", "esp", "eip"],
+    64: ["rax", "rbx", "rcx", "rdx", "rsi", "rdi", "rbp", "rsp", "rip",
+         "r8", "r9", "r10", "r11", "r12", "r13", "r14", "r15"]
+}
+
+####################################
+#             Misc Utils           #
+####################################
+def banner(debugger,command,result,dict):
+    
+    lisa2="""
+        
+        lllllll   iiii
+        l:::::l  i::::i
+        l:::::l   iiii
+        l:::::l
+        l::::l iiiiiii     ssssssssss     aaaaaaaaaaaaa
+        l::::l i:::::i   ss::::::::::s    a::::::::::::a
+        l::::l  i::::i ss:::::::::::::s   aaaaaaaaa:::::a
+        l::::l  i::::i s::::::ssss:::::s           a::::a
+        l::::l  i::::i  s:::::s  ssssss     aaaaaaa:::::a
+        l::::l  i::::i    s::::::s        aa::::::::::::a
+        l::::l  i::::i       s::::::s    a::::aaaa::::::a
+        l::::l  i::::i ssssss   s:::::s a::::a    a:::::a
+        l::::::li::::::is:::::ssss::::::sa::::a    a:::::a
+        l::::::li::::::is::::::::::::::s a:::::aaaa::::::a
+        l::::::li::::::i s:::::::::::ss   a::::::::::aa:::a
+        lllllllliiiiiiii  sssssssssss      aaaaaaaaaa  aaaa
+        """
+    print tty_colors.green()+random.choice([lisa2])+tty_colors.default()
+    print tty_colors.red()+"\t-An Exploit Dev Swiss Army Knife. Version: "+lisaversion+tty_colors.default()
+
+#convert to hex
+def to_hex(var):
+    """
+        converts given value to hex
+    """
+    return hex(var)
+
+#hextoascii
+def hex2ascii(debugger,hex,result,dict):
+    """
+        converts Hex to ascii
+        ex: h2a 0x41414141 prints AAAA
+    """
+    print hex.replace('0x','').decode('hex')
+
+#generate random hex of length between n - m
+def urandom(debugger,n,result,dict):
+    """
+        Generates random hex of given length
+    """
+    if not n:
+        print 'rand command an argument: example: rand 23'
+        return
+    print open('/dev/urandom','r').read(random.randint(int(n)/2,int(n)/2)).encode('hex')
+
+# run os commands
+def shell(debugger,command,result,dict):
+    """
+        runs shell command and prints output
+    """
+    try:
+        if command:
+            os.system(command)
+        else:
+            print 'Please enter a proper shell command.Eg: shell ls'
+            return
+    except:
+        print 'Please enter a proper shell command.Eg: shell ls'
+    return
+
+#term colors
+class TerminalColors:
+    '''Simple terminal colors class'''
+    def __init__(self, enabled = True):
+        # TODO: discover terminal type from "file" and disable if
+        # it can't handle the color codes
+        self.enabled = enabled
+    
+    def reset(self):
+        '''Reset all terminal colors and formatting.'''
+        if self.enabled:
+            return "\x1b[0m";
+        return ''
+    
+    def bold(self, on = True):
+        '''Enable or disable bold depending on the "on" parameter.'''
+        if self.enabled:
+            if on:
+                return "\x1b[1m";
+            else:
+                return "\x1b[22m";
+        return ''
+    
+    def italics(self, on = True):
+        '''Enable or disable italics depending on the "on" parameter.'''
+        if self.enabled:
+            if on:
+                return "\x1b[3m";
+            else:
+                return "\x1b[23m";
+        return ''
+    
+    def underline(self, on = True):
+        '''Enable or disable underline depending on the "on" parameter.'''
+        if self.enabled:
+            if on:
+                return "\x1b[4m";
+            else:
+                return "\x1b[24m";
+        return ''
+    
+    def inverse(self, on = True):
+        '''Enable or disable inverse depending on the "on" parameter.'''
+        if self.enabled:
+            if on:
+                return "\x1b[7m";
+            else:
+                return "\x1b[27m";
+        return ''
+    
+    def strike(self, on = True):
+        '''Enable or disable strike through depending on the "on" parameter.'''
+        if self.enabled:
+            if on:
+                return "\x1b[9m";
+            else:
+                return "\x1b[29m";
+        return ''
+
+    def black(self, fg = True):
+        '''Set the foreground or background color to black.
+            The foreground color will be set if "fg" tests True. The background color will be set if "fg" tests False.'''
+        if self.enabled:
+            if fg:
+                return "\x1b[30m";
+            else:
+                return "\x1b[40m";
+        return ''
+
+    def red(self, fg = True):
+        '''Set the foreground or background color to red.
+            The foreground color will be set if "fg" tests True. The background color will be set if "fg" tests False.'''
+        if self.enabled:
+            if fg:
+                return "\x1b[31m";
+            else:
+                return "\x1b[41m";
+        return ''
+    
+    def green(self, fg = True):
+        '''Set the foreground or background color to green.
+            The foreground color will be set if "fg" tests True. The background color will be set if "fg" tests False.'''
+        if self.enabled:
+            if fg:
+                return "\x1b[32m";
+            else:
+                return "\x1b[42m";
+        return ''
+    
+    def yellow(self, fg = True):
+        '''Set the foreground or background color to yellow.
+            The foreground color will be set if "fg" tests True. The background color will be set if "fg" tests False.'''
+        if self.enabled:
+            if fg:
+                return "\x1b[43m";
+            else:
+                return "\x1b[33m";
+        return ''
+    
+    def blue(self, fg = True):
+        '''Set the foreground or background color to blue.
+            The foreground color will be set if "fg" tests True. The background color will be set if "fg" tests False.'''
+        if self.enabled:
+            if fg:
+                return "\x1b[34m";
+            else:
+                return "\x1b[44m";
+        return ''
+    
+    def magenta(self, fg = True):
+        '''Set the foreground or background color to magenta.
+            The foreground color will be set if "fg" tests True. The background color will be set if "fg" tests False.'''
+        if self.enabled:
+            if fg:
+                return "\x1b[35m";
+            else:
+                return "\x1b[45m";
+        return ''
+    
+    def cyan(self, fg = True):
+        '''Set the foreground or background color to cyan.
+            The foreground color will be set if "fg" tests True. The background color will be set if "fg" tests False.'''
+        if self.enabled:
+            if fg:
+                return "\x1b[36m";
+            else:
+                return "\x1b[46m";
+        return ''
+    
+    def white(self, fg = True):
+        '''Set the foreground or background color to white.
+            The foreground color will be set if "fg" tests True. The background color will be set if "fg" tests False.'''
+        if self.enabled:
+            if fg:
+                return "\x1b[37m";
+            else:
+                return "\x1b[47m";
+        return ''
+    
+    def default(self, fg = True):
+        '''Set the foreground or background color to the default.
+            The foreground color will be set if "fg" tests True. The background color will be set if "fg" tests False.'''
+        if self.enabled:
+            if fg:
+                return "\x1b[39m";
+            else:
+                return "\x1b[49m";
+        return ''
+
+####################################
+#       LLDB                       #
+####################################
+
+#set malloc debugging features
+def setMallocDebug(debugger,c,result,dict):
+    """sets DYLD_INSERT_LIBRARIES to /usr/lib/libgmalloc.dylib"""
+    execute(debugger,'settings set target.env-vars DYLD_INSERT_LIBRARIES=/usr/lib/libgmalloc.dylib',result,dict)
+    return True
+
+#execute given LLDB command
+def execute(debugger,lldb_command,result,dict):
+    """
+        Execute given command and print the outout to stdout
+    """
+    debugger.HandleCommand(lldb_command)
+
+#execute command and return output
+def executeReturnOutput(debugger,lldb_command,result,dict):
+    """Execute given command and returns the outout"""
+    ci = debugger.GetCommandInterpreter()
+    res=lldb.SBCommandReturnObject()
+    ci.HandleCommand(lldb_command,res)
+    output= res.GetOutput()
+    error  = res.GetError()
+    return (output,error)
+
+def s(debugger,command,result,dict):
+    """step command"""
+    executeReturnOutput(debugger,"thread step-in",result,dict)
+    context(debugger,command,result,dict)
+
+def si(debugger,command,result,dict):
+    """step into command"""
+    executeReturnOutput(debugger,"thread step-inst",result,dict)
+    context(debugger,command,result,dict)
+
+def so(debugger,command,result,dict):
+    """step over"""
+    executeReturnOutput(debugger,"thread step-over",result,dict)
+    context(debugger,command,result,dict)
+
+def stepnInstructions(debugger,count,result,dict):
+    """step-in n time"""
+    c=0
+
+    while c<int(count):
+        command=""
+        executeReturnOutput(debugger,"thread step-in",result,dict)
+        c+=1
+
+    context(debugger,command,result,dict)
+
+def testjump(debugger,command,result,dict):
+        """
+        Test if jump instruction is taken or not
+        Returns:
+            True if jump is taken or False if not 
+        """
+        inst=None
+        flags = get_eflags(debugger,command,result,dict)
+        if not flags:
+            return None
+
+        if not inst:
+            pc =getregvalue(debugger,"pc",result,dict)
+
+            inst, error = executeReturnOutput(debugger,"x/1i $pc",result,dict)
+            if not inst:
+                return None
+
+        opcode = inst.split('  ')[2]    
+
+        if opcode == "jmp":
+            return (True,inst.split('  ')[4])
+        if opcode == "je" and flags["ZF"]:
+            print inst.split('  ')[4]
+            return (True,inst.split('  ')[4])
+        if opcode == "jne" and not flags["ZF"]:
+            return (True,inst.split('  ')[4])
+        if opcode == "jg" and not flags["ZF"] and (flags["SF"] == flags["OF"]):
+            return (True,inst.split('  ')[4])
+        if opcode == "jge" and (flags["SF"] == flags["OF"]):
+            return (True,inst.split('  ')[4])
+        if opcode == "ja" and not flags["CF"] and not flags["ZF"]:
+            return (True,inst.split('  ')[4])
+        if opcode == "jae" and not flags["CF"]:
+            return (True,inst.split('  ')[4])
+        if opcode == "jl" and (flags["SF"] != flags["OF"]):
+            return (True,inst.split('  ')[4])
+        if opcode == "jle" and (flags["ZF"] or (flags["SF"] != flags["OF"])):
+            return (True,inst.split('  ')[4])
+        if opcode == "jb" and flags["CF"]:
+            return (True,inst.split('  ')[4])
+        if opcode == "jbe" and (flags["CF"] or flags["ZF"]):
+            return (True,inst.split('  ')[4])
+        if opcode == "jo" and flags["OF"]:
+            return (True,inst.split('  ')[4])
+        if opcode == "jno" and not flags["OF"]:
+            return (True,inst.split('  ')[4])
+        if opcode == "jz" and flags["ZF"]:
+            return (True,inst.split('  ')[4])
+        if opcode == "jnz" and flags["OF"]:
+            return (True,inst.split('  ')[4])
+
+        return (False,None)
+
+def context(debugger,command,result,dict):
+    """Prints context of current execution"""
+    
+    try:
+        #disas
+        op, error=executeReturnOutput(debugger,"disassemble -c 2 -s $pc",result,dict)
+        print tty_colors.red()+"[*] Disassembly :\n"+tty_colors.default()
+        print op
+
+        #stack
+        op, error=executeReturnOutput(debugger,"x/10x $sp",result,dict)
+        print tty_colors.red()+"[*] Stack :\n"+tty_colors.default()
+        print tty_colors.blue()+op+tty_colors.default()
+
+        #registers
+        op, error=executeReturnOutput(debugger,"register read",result,dict)
+        print tty_colors.red()+"[*] Registers\t:"+tty_colors.default()
+        print op.split("\n\n")[0].split('General Purpose Registers:\n')[1].split('eflags')[0]
+        print '\n'
+
+        #jump
+        dis, error=executeReturnOutput(debugger,'disassemble -c 1 -s $pc',result,dict)
+        if dis:
+            dis = dis.split(': ')[1].split()[0]
+
+            if 'j' in dis:
+                jumpto, destination = testjump(debugger,command,result,dict)
+                if jumpto==True:
+                    print tty_colors.red()+"[*] Jumping to\t:"+destination+tty_colors.default()
+                else:
+                    print tty_colors.red()+"[*] Jump not taken."+tty_colors.default()
+        else:
+            print error,
+
+    except Exception as e:
+        print 'error running context'
+
+def get_eflags(debugger,command,result,dict):
+    """
+    Get flags value from EFLAGS register
+
+    Returns:
+    - dictionary of named flags
+    """
+
+    # Eflags bit masks, source vdb
+    EFLAGS_CF = 1 << 0
+    EFLAGS_PF = 1 << 2
+    EFLAGS_AF = 1 << 4
+    EFLAGS_ZF = 1 << 6
+    EFLAGS_SF = 1 << 7
+    EFLAGS_TF = 1 << 8
+    EFLAGS_IF = 1 << 9
+    EFLAGS_DF = 1 << 10
+    EFLAGS_OF = 1 << 11
+
+    flags = {"CF":0, "PF":0, "AF":0, "ZF":0, "SF":0, "TF":0, "IF":0, "DF":0, "OF":0}
+    eflags = getregvalue(debugger,"eflags",result,dict)
+
+    if not eflags:
+        eflags = getregvalue(debugger,"rflags",result,dict)
+    eflags=int(eflags,16)
+    flags["CF"] = bool(eflags & EFLAGS_CF)
+    flags["PF"] = bool(eflags & EFLAGS_PF)
+    flags["AF"] = bool(eflags & EFLAGS_AF)
+    flags["ZF"] = bool(eflags & EFLAGS_ZF)
+    flags["SF"] = bool(eflags & EFLAGS_SF)
+    flags["TF"] = bool(eflags & EFLAGS_TF)
+    flags["IF"] = bool(eflags & EFLAGS_IF)
+    flags["DF"] = bool(eflags & EFLAGS_DF)
+    flags["OF"] = bool(eflags & EFLAGS_OF)
+
+    return flags
+
+
+####################################
+#         Exploitation             #
+####################################
+
+
+#pattern create and pattern offset
+def pattern_create(debugger,size,result,dict):
+    """creates a cyclic pattern of given length"""
+
+    try:length=int(size)
+    except:print "[+] Usage: pattern_create <length> [set a] [set b] [set c]"
+    seta="ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+    setb="abcdefghijklmnopqrstuvwxyz"
+    setc="0123456789"
+
+    string="" ; a=0 ; b=0 ; c=0
+
+    while len(string) < length:
+        string += seta[a] + setb[b] + setc[c]
+        c+=1
+        if c == len(setc):c=0;b+=1
+        if b == len(setb):b=0;a+=1
+        if a == len(seta):a=0
+    
+    print tty_colors.red()+ string[:length]+tty_colors.default()
+
+    return string[:length]
+
+#check if given pattern is in cyclic pattern
+def check_if_cyclic(debugger,pat,result,dict):
+    """check if given pattern is in cyclic pattern"""
+
+    seta="ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+    setb="abcdefghijklmnopqrstuvwxyz"
+    setc="0123456789"
+    
+    if not pat:
+        print '[+] Usage: check_if_cyclic <some string>'
+        return
+
+    string=pat ; a=0 ; b=0 ; c=0
+    length=len(string)
+    i=0
+    while i<(length-2):
+        if string[i].isalpha():
+            if string[i].islower():
+                if string[i+1].isupper():
+                    if string[i+2].isdigit():
+                        pass
+                    else:
+                        print tty_colors.red()+"Not a cyclic pattern"+tty_colors.default()
+                        return False
+                else:
+                    print tty_colors.red()+"Not a cyclic pattern"+tty_colors.default()
+                    return False
+        
+            elif string[i].isupper():
+                if string[i+1].islower():
+                    if string[i+2].isdigit():
+                        pass
+                    else:
+                            print tty_colors.red()+"Not a cyclic pattern"+tty_colors.default()
+                            return False
+                else:
+                    print tty_colors.red()+"Not a cyclic pattern"+tty_colors.default()
+                    return False
+
+        elif string[i].isdigit():
+            if string[i+1].isalpha():
+                if string[i+1].isupper():
+                    if string[i+2].islower():
+                        pass
+                    else:
+                        print tty_colors.red()+"Not a cyclic pattern"+tty_colors.default()
+                        return False
+                else:
+                    print tty_colors.red()+"Not a cyclic pattern"+tty_colors.default()
+                    return False
+
+
+        i+=3
+    print "seems to be a valid pattern"
+    return True
+
+#pattern search
+def pattern_offset(debugger,sizepat,result,dict):
+    """search offset of pattern."""
+    
+    if len(sizepat.split(' '))==2:
+        try:
+            size=int(sizepat.split(' ')[0])
+            pat=sizepat.split(' ')[1]
+            pattern=pattern_create(debugger,size,result,dict)
+            if "0x" in pat:
+                pat=pat.replace("0x","")
+                pat=pat.decode("hex")[::-1]
+            try:
+                p=int(pat)
+                pat=pat.decode('hex')
+            except:
+                pass
+            found=[m.start() for m in re.finditer(pat, pattern)]
+            if found!=-1:
+                print 'offsets:',found
+        except:
+            print "please check the syntax"
+            print "pattern_offset 250 Aa2A"
+                
+    elif len(sizepat.split(' '))==1:
+        try:
+            size=10000
+            pat=sizepat.split(' ')[1]
+            pattern=pattern_create(debugger,size,result,dict,True)
+            if "0x" in pat:
+                pat=pat.replace("0x","")
+                pat=pat.decode("hex")[::-1]
+            try:
+                p=int(pat)
+                pat=pat.decode('hex')
+            except:
+                pass
+            found=[m.start() for m in re.finditer(pat, pattern)]
+            #                found=pattern.find(pat)
+            if found!=-1:
+                print found
+        except:
+            print "please check the syntax"
+            print "pattern_offset 250 Aa2A"
+
+#return address in register
+def getregvalue(debugger,reg,result,dict):
+    output,error=executeReturnOutput(debugger,'register read '+reg,result,dict)
+    return output.split("= ")[-1].split(" ")[0]
+
+lldb_stop_reasons =  { 'eStateCrashed' : 8, 'eStateDetached' : 9, 'eStateExited' : 10, 'eStateInvalid' : 0,
+                      'eStateLaunching' : 4, 'eStateRunning' : 6, 'eStateStepping' : 7,'eStateStopped' : 5,
+                      'eStateSuspended' : 11, 'eStopReasonBreakpoint' : 3, 'eStopReasonException' : 6,
+                      'eStopReasonExec' : 7, 'eStopReasonInvalid' : 0, 'eStopReasonNone' : 1, 'eStopReasonSignal' : 5,
+                      'eStopReasonThreadExiting' : 9, 'eStopReasonTrace' : 2, 'eStopReasonWatchpoint' : 4
+                      }
+
+def getexception(exception_description):
+    type1  = exception_description
+    try:
+        exception = re.search("EXC_(.+?) ",type1).group().strip(' ')
+    except:
+        exception = None
+    try:
+        code =  re.search("\(code(.+?),",type1).group().split('=')[1].strip(',')
+    except:
+        try:
+            code =  re.search("\(code(.+?)\)",type1).group().split('=')[1].strip(')')
+        except:
+            code = None
+    try:
+        address  = re.search(", address(.+?)\)",type1).group().split('=')[1].strip(')')
+    except:
+        address = None
+
+    return exception,code,address
+
+def getsignal(signal_description):
+    return signal_description.split(' ')[1]
+
+
+def type_for_two_memory(access_address, disassembly):
+    first_reg_val = value_for_first_register(disassembly)
+    if first_reg_val != access_address:
+        return "read"
+    else:
+        return "write"
+
+def stack_access_crash(access_address, sp_val):
+    access_address=int(access_address,0)
+    sp_val = int(sp_val,0)
+    if ((sp_val - access_address) <= PAGE_SIZE):
+        return True
+    return False
+
+def getexceptiontype(access_address, disassembly, registers):
+    if disassembly!=None:
+        last_comma = disassembly.find(',')
+        right_paren = disassembly.find(']')
+
+        sp = registers['sp']
+
+        if disassembly[right_paren+1:].find(']')!=-1:
+            type_=type_for_two_memory(access_address, disassembly)
+            return type_
+
+        elif disassembly.find('call')!=-1:
+            if not right_paren or last_comma:
+                type_ = "recursion"
+            elif stack_access_crash(access_address,sp):
+                print 'ohhh'
+                type_ = "recursion"
+            else:
+                type_ = "exec"
+            return type_
+
+        elif disassembly.find("cmp")!=-1 or disassembly.find("test")!=-1 or disassembly.find("fld")!=-1:
+            type_ = "read"
+            return type_
+
+        elif disassembly.find("fst")!=-1:
+            type_ = "write"
+            return type_
+
+        elif disassembly.find("mov")!=-1:
+            if last_comma>right_paren:
+                type_ = "read"
+            else:
+                type_ = "write"
+            return type_
+
+        elif disassembly.find('jmp')!=-1:
+            type_ = "exec"
+            return type_
+
+        elif disassembly.find('push')!=-1:
+            if right_paren:
+                type_ = "read"
+            else:
+                type_ = "recursion"
+            return type_
+
+        elif disassembly.find('inc')!=-1 or disassembly.find('dec')!=-1:
+            type_ = "write"
+            return type_
+
+        elif disassembly.find("stos")!=-1:
+            type_ = "write"
+            return type_
+
+        elif disassembly.find("lods")!=-1:
+            type_ = "read"
+            return type_
+
+        else:
+            type_ = "unknown"
+            return type_
+
+        if disassembly.find("st") == 2:
+            type_ = "write"
+            return type_
+
+        elif disassembly.find("ld") == 2:
+            type_ = "read"
+            return type_
+
+        elif disassembly.find("push") == 2:
+            type_ = "recursion"
+            return type_
+
+        else:
+            type_ = "unknown"
+            return type_
+
+    else:
+        type_ = "unknown"
+        return type_
+
+def is_stack_suspicious(exc_address, exception, backtrace):
+    global reportexploitable
+    global is_exploitable
+
+    suspicious_functions = [
+            "__chk_fail", "__stack_chk_fail", "szone_error", "CFRelease", "CFRetain", "_CFRelease", "_CFRetain",
+           "malloc", "calloc", "realloc", "objc_msgSend",
+           "szone_free", "free_small", "tiny_free_list_add_ptr", "tiny_free_list_remove_ptr",
+           "small_free_list_add_ptr", "small_free_list_remove_ptr", "large_entries_free_no_lock",
+           "large_free_no_lock", "szone_batch_free", "szone_destroy", "free",
+           "CSMemDisposeHandle", "CSMemDisposePtr",
+           "append_int", "release_file_streams_for_task", "__guard_setup",
+           "_CFStringAppendFormatAndArgumentsAux", "WTF::fastFree", "WTF::fastMalloc",
+           "WTF::FastCalloc", "WTF::FastRealloc", " WTF::tryFastCalloc", "WTF::tryFastMalloc",
+           "WTF::tryFastRealloc", "WTF::TCMalloc_Central_FreeList", "GMfree", "GMmalloc_zone_free",
+           "GMrealloc", "GMmalloc_zone_realloc"]
+
+    if exc_address=="0xbbadbeef":
+        # WebCore functions call CRASH() in various assertions or if the amount to allocate was too big. CRASH writes a null byte to 0xbbadbeef.
+        is_exploitable=False
+        print tty_colors.red()+"Exploitable = %s"%is_exploitable+tty_colors.default()        
+        reportexploitable = "Not exploitable. Seems to be a safe crash. Calls to CRASH() function writes a null byte to 0xbbadbeef"
+        print tty_colors.red()+"Not exploitable. Seems to be a safe crash. Calls to CRASH() function writes a null byte to 0xbbadbeef"+tty_colors.default()
+
+        return 
+
+    if "0   ???" in backtrace:
+        is_exploitable = True
+        print tty_colors.red()+"Exploitable = %s"%is_exploitable+tty_colors.default()
+        print tty_colors.red()+"This crash is suspected to be exploitable because the crashing instruction is outside of a known function, i.e. in dynamically generated code"+tty_colors.default()
+        reportexploitable="This crash is suspected to be exploitable because the crashing instruction is outside of a known function, i.e. in dynamically generated code"
+        return
+
+    for i in suspicious_functions:
+        if i in backtrace:
+            if exception == "EXC_BREAKPOINT" and (i=="CFRelease" or i=="CFRetain"):
+                is_exploitable = "no"
+                return
+            elif i=="_CFRelease" or i=="CFRelease" and "CGContextDelegateFinalize" in backtrace:
+                return
+            elif i=="objc_msgSend" and exc_address<<PAGE_SIZE:
+                continue
+            else:
+                is_exploitable = True
+                print tty_colors.red()+"Exploitable = %s"%is_exploitable+tty_colors.default()
+                print tty_colors.red()+"The crash is suspected to be an exploitable issue due to the suspicious function in the stack trace of the crashing thread: "+i+tty_colors.default()
+                reportexploitable="The crash is suspected to be an exploitable issue due to the suspicious function in the stack trace of the crashing thread."
+                return
+
+#return whether or not the base pointer is far away from the stack pointer.
+def bp_inconsistent_with_sp(bp_val,sp_val):
+    #define MAX_DISTANCE (PAGE_SIZE * 10)
+    #    No check if bp_val > sp_val since bp_val - sp_val may have underflowed.
+
+    if (int(bp_val,0) - int(sp_val,0)) > MAX_DISTANCE:
+        return True
+    return False
+
+class Lisa:
+    def __init__(self, debugger,result,dict):
+        
+        self.debugger = debugger
+        self.target = self.debugger.GetSelectedTarget()
+        self.process = self.target.process
+        self.thread = self.process.selected_thread
+        self.frame = self.thread.GetFrameAtIndex(0)
+        self.pc = hex(self.frame.pc)
+        self.sp = hex(self.frame.sp)
+        self.bp = hex(self.frame.fp)
+
+        disas,disas_error = executeReturnOutput(debugger,"disassemble -c 1 -s $pc",result,dict)
+
+        if disas_error:
+            self.pc_disas = None
+        else:
+            self.pc_disas = re.search("->(.+?)\n",disas).group().split(':')[1]
+
+        self.backtrace, self.backtrace_error = executeReturnOutput(debugger,"bt",result,dict)
+
+        self.crash_reason = self.thread.GetStopReason()
+        
+        if self.crash_reason == lldb_stop_reasons['eStopReasonException']:
+            self.exception = self.thread.GetStopDescription(80)
+            self.exception,self.exc_code,self.exc_address = getexception(self.exception)
+            self.signal = None
+
+            print tty_colors.red()+"Exception : "+self.exception+tty_colors.default()
+
+        elif self.crash_reason == lldb_stop_reasons['eStopReasonSignal']:
+            self.signal = self.thread.GetStopDescription(80)
+            self.signal = getsignal(self.signal)
+            self.exc_address = None
+            self.exception = None
+
+            print tty_colors.red()+"Signal : "+self.signal+tty_colors.default()
+            
+        else:
+            return
+
+        self.gen_registers =  list(self.frame.registers)[0]
+        self.registers = {}
+
+        for i in  self.gen_registers.__iter__():
+            self.registers[i.name]=i.value
+
+        max_offset = 1024
+        if self.exception:
+            if self.exception=="EXC_BAD_ACCESS":
+                # check pc == access_address
+                
+                if self.exc_address and int(self.exc_address,0)==int(self.pc,0):
+                    # IP over write
+                    is_exploitable = True
+                    print tty_colors.red()+"Exploitable = %s"%is_exploitable+tty_colors.default()
+                    print tty_colors.red()+"Trying to execute a bad address, this is a potentially exploitable issue"+tty_colors.default()
+                    reportexploitable="Trying to execute a bad address, this is a potentially exploitable issue"
+
+                else:
+                    self.access_type = getexceptiontype(self.exc_address, self.pc_disas, self.registers)
+                    
+                    if self.exc_address and int(self.exc_address,16)<int(PAGE_SIZE):
+                        is_exploitable=False
+                        print tty_colors.red()+"Exploitable = %s"%is_exploitable+tty_colors.default()
+                        print tty_colors.blue()+"Null Dereference. Probably not exploitable"+tty_colors.default()
+                        reportexploitable="Null Dereference. Probably not exploitable"
+                        return
+
+                    elif self.access_type == "recursion":
+                        is_exploitable=False
+
+                        stack=self.backtrace
+                        MINIMUM_RECURSION_LENGTH = 300
+                        stack_length= len(stack.split("\n"))
+
+                        if stack_length>MINIMUM_RECURSION_LENGTH:
+                            print tty_colors.red()+"Exploitable = %s"%is_exploitable+tty_colors.default()
+                            print tty_colors.red()+"The crash is suspected to be not exploitable due to unbounded recursion since there were %d stack frames."%stack_length+tty_colors.default()
+                            reportexploitable="The crash is suspected to be not exploitable due to unbounded recursion since there were %d stack frames."%stack_length
+                            return
+                    else:
+                        is_exploitable=True
+
+                    if self.access_type == "exec":
+                        is_exploitable = True
+
+                    addr = self.exc_address
+                    max_offset = 1024
+
+                    if (addr > 0x55555555 - max_offset and addr < 0x55555555 + max_offset):
+                        print tty_colors.red()+"Exploitable = %s"%is_exploitable+tty_colors.default()
+                        print tty_colors.red()+"The access address indicates the use of freed memory if MallocScribble was used, or uninitialized memory if libgmalloc and MALLOC_FILL_SPACE was used."+tty_colors.default()
+                        reportexploitable="The access address indicates the use of freed memory if MallocScribble was used, or uninitialized memory if libgmalloc and MALLOC_FILL_SPACE was used."
+                    
+                    elif (addr > 0xaaaaaaaa - max_offset and addr < 0xaaaaaaaa + max_offset):
+                        print tty_colors.red()+"Exploitable = %s"%is_exploitable+tty_colors.default()                        
+                        print tty_colors.red()+"The access address indicates that uninitialized memory was being used if MallocScribble was used."+tty_colors.default()
+                        reportexploitable="The access address indicates that uninitialized memory was being used if MallocScribble was used."                            
+
+                    elif "EXC_I386_GPFLT" == self.exc_code:
+                        print tty_colors.red()+"Exploitable = %s"%is_exploitable+tty_colors.default()
+                        print tty_colors.red()+"The exception code indicates that the access address was invalid in the 64-bit ABI (it was > 0x0000800000000000)."+tty_colors.default()
+                        reportexploitable="The exception code indicates that the access address was invalid in the 64-bit ABI (it was > 0x0000800000000000)."
+
+                    elif not g_ignore_frame_pointer  and bp_inconsistent_with_sp(self.bp,self.sp):
+                        is_exploitable = True
+                        print tty_colors.red()+"Exploitable = %s"%is_exploitable+tty_colors.default()
+                        print tty_colors.red()+"Presumed exploitable based on the discrepancy between the stack pointer and base pointer registers. "+tty_colors.default()
+                        reportexploitable="Presumed exploitable based on the discrepancy between the stack pointer and base pointer registers."
+
+                    else:
+                        print tty_colors.red()+"Exploitable = %s"%is_exploitable+tty_colors.default()
+
+                        if self.access_type=="read" or self.access_type=="write":
+                            print tty_colors.red()+"Crash "+self.access_type+"'g invalid address."+tty_colors.default()
+                            reportexploitable= "Crash "+self.access_type+"'g invalid address."
+                        else:
+                            print tty_colors.red()+"Crash accessing invalid address."+tty_colors.default()
+                            reportexploitable= "Crash accessing invalid address."
+
+            elif self.exception=="EXC_BAD_INSTRUCTION":
+                is_exploitable = True
+                print tty_colors.red()+"Exploitable = %s"%is_exploitable+tty_colors.default()
+                print tty_colors.blue()+"Illegal instruction at %s, probably a exploitable issue unless the crash was in libdispatch/xpc."%self.pc+tty_colors.default()
+                reportexploitable="Illegal instruction at %s, probably a exploitable issue unless the crash was in libdispatch/xpc."%self.pc
+
+            elif self.exception=="EXC_ARITHMETIC":
+                is_exploitable = False
+                print tty_colors.red()+"Exploitable = %s"%is_exploitable+tty_colors.default()
+                print tty_colors.blue()+"Arithmetic exception at %s, probably not exploitable."%self.pc+tty_colors.default()
+                reportexploitable="Arithmetic exception at %s, probably not exploitable."%self.pc
+
+            elif self.exception=="EXC_SOFTWARE":
+                is_exploitable=False
+                print tty_colors.red()+"Exploitable = %s"%is_exploitable+tty_colors.default()
+                print tty_colors.blue()+"Software exception, probably not exploitable."+tty_colors.default()
+                reportexploitable="Software exception, probably not exploitable."
+
+            elif self.exception=="EXC_BREAKPOINT":
+                is_exploitable=False
+                print tty_colors.red()+"Exploitable = %s"%is_exploitable+tty_colors.default()
+                print tty_colors.blue()+"Software breakpoint, probably not exploitable."+tty_colors.default()
+                reportexploitable="Software breakpoint, probably not exploitable."
+            
+            elif self.exc_address=="EXC_CRASH":
+                is_exploitable= False
+                print tty_colors.red()+"Exploitable = %s"%is_exploitable+tty_colors.default()
+
+        elif self.signal:
+            is_stack_suspicious(self.exc_address, self.exception, self.backtrace)
+        
+
+def exploitable(debugger,cmd,res,dict):
+    """checks if the crash is exploitable"""
+    lisa_=Lisa(debugger,res,dict)
+
+class ShellStorm:
+    def __init__(self):
+        pass
+
+    def searchShellcode(self, keyword):
+        try:
+            print "Connecting to shell-storm.org..."
+            s = httplib.HTTPConnection("shell-storm.org")
+            s.request("GET", "/api/?s="+str(keyword))
+            res = s.getresponse()
+            data_l = res.read().split('\n')
+        except:
+            print "Cannot connect to shell-storm.org"
+            return None
+
+        data_dl = []
+        for data in data_l:
+            try:
+                desc = data.split("::::")
+                try:
+                    dico = {
+                             'ScAuthor': desc[0],
+                             'ScArch': desc[1],
+                             'ScTitle': desc[2],
+                             'ScId': desc[3],
+                             'ScUrl': desc[4],
+                             'ScSize': int(''.join(x for x in desc[2][-10:-5] if x.isdigit()))
+                           }
+                except Exception:
+                    dico = {
+                             'ScAuthor': desc[0],
+                             'ScArch': desc[1],
+                             'ScTitle': desc[2],
+                             'ScId': desc[3],
+                             'ScUrl': desc[4],
+                             'ScSize': 0
+                           }
+
+
+                data_dl.append(dico)
+            except:
+                pass
+
+        try:
+            return sorted(data_dl, key=lambda x: x['ScSize'], reverse=True)
+        except Exception:
+            print("Could not sort by size")
+
+        return data_dl
+
+    def displayShellcode(self, shellcodeId):
+        if shellcodeId is None:
+            return None
+
+        try:
+            print "Connecting to shell-storm.org..."
+            s = httplib.HTTPConnection("shell-storm.org")
+        except:
+            print "Cannot connect to shell-storm.org"
+            return None
+
+        try:
+            s.request("GET", "/shellcode/files/shellcode-"+str(shellcodeId)+".php")
+            res = s.getresponse()
+            data = res.read().split("<pre>")[1].split("<body>")[0]
+        except:
+            print "Failed to download shellcode from shell-storm.org"
+            return None
+
+        data = data.replace("&quot;", "\"")
+        data = data.replace("&amp;", "&")
+        data = data.replace("&lt;", "<")
+        data = data.replace("&gt;", ">")
+
+        return data
+
+    @staticmethod
+    def version():
+        print "shell-storm API - v0.1"
+        print "Search and display all shellcodes in shell-storm database"
+        print "Jonathan Salwan - @JonathanSalwan - 2012"
+        print "http://shell-storm.org"
+        return
+
+def extract_from_universal_binary(debugger,command,result,dict):
+    """Uses lipo to extract a given architecture from a Universal binary
+        Syntax: extract x86_64 <input file> <output file>
+        Ex: extract x86_64 /usr/lib/system/libsystem_kernel.dylib ./libsystem_kernel.dylib
+
+    """
+    args = shlex.split(command)
+    if len(args)==3:
+        architecture = args[0]
+        intputfile = args[1]
+        outputfile = args[2]
+
+        commands.getoutput('lipo '+intputfile+' -extract '+architecture+' -output '+outputfile)
+    else:
+        print "Syntax: extract x86_64 /usr/lib/system/libsystem_kernel.dylib ./libsystem_kernel.dylib"
+
+
+
+def shellcode(debugger, command, result, dict):
+    """Searches shell-storm for shellcode
+       Syntax:shellcode"""
+    mod = shlex.split(command)
+    if len(mod)!=2:
+        print "Syntax:   shellcode <option> <arg>\n"
+        print "Options:  -search <keyword>"
+        print "          -display <shellcode id>"
+        print "          -save <shellcode id>"
+        return
+
+    arg = mod[1]
+    mod = mod[0]
+    if mod != "-search" and mod != "-display" and mod != "-save":
+        syntax()
+        return
+
+    if mod == "-search":
+        api = ShellStorm()
+        res_dl = api.searchShellcode(arg)
+        if not res_dl:
+            print "Shellcode not found"
+            sys.exit(0)
+
+        print "Found %d shellcodes" % len(res_dl)
+        print "%s\t%s %s" %("ScId", "Size", "Title")
+        for data_d in res_dl:
+            if data_d['ScSize'] == 0:
+                print "[%s]\tn/a  %s - %s"%(data_d['ScId'], data_d['ScArch'], data_d['ScTitle'])
+            else:
+                print "[%s]\t%s%s - %s"%(data_d['ScId'], str(data_d['ScSize']).ljust(5), data_d['ScArch'], data_d['ScTitle'])
+
+    elif mod == "-display":
+        res = ShellStorm().displayShellcode(arg)
+        if not res:
+            print "Shellcode id not found"
+            return
+        print tty_colors.red()+res+tty_colors.default()
+
+    elif mod == "-save":
+        res = ShellStorm().displayShellcode(arg)
+
+        if not res:
+            print "Shellcode id not found"
+            return
+        f=open('shellcode_'+str(time.time())+'.c','w')
+        f.write(res)
+        f.close()            
+        print tty_colors.red()+"Written to file shellcode_"+str(time.time())+'.c'+tty_colors.default()
+
+    
+
+def dump(debugger,command,result,dict):
+    """Dump's Memory of the process in a given address range
+       Syntax: dump outfile 0x6080000fe680 0x6080000fe680+1000
+            dump will not read over 1024 bytes of data. To overwride this use -f
+       Syntax: dump outfile 0x6080000fe680 0x6080000fe680+1000 -f"""
+
+    args = shlex.split(command)
+    if len(args)<3:
+        print "Syntax: dump outfile 0x6080000fe680 0x6080000fe680+1000"
+        return
+
+    outfile = args[0]
+    start_range = args[1]
+    end_range = args[2]
+    force=False
+    if len(args)>3:
+        force=True
+
+    if force:
+        output,error=executeReturnOutput(debugger,"memory read -b --force --outfile "+outfile+' '+start_range+' '+end_range,result,dict)    
+    else:
+        output,error=executeReturnOutput(debugger,"memory read -b --outfile "+outfile+' '+start_range+' '+end_range,result,dict)
+
+    if not error:
+        print output,
+    else:
+        if "--force" in error:
+            print "dump will not read over 1024 bytes of data. To overwride this use -f."
+            print "Syntax: dump outfile 0x6080000fe680 0x6080000fe680+1000 -f"
+        else:
+            print error
+
+class MACH_HEADER(Structure):
+    _fields_ = [
+                ("magic",           c_uint),
+                ("cputype",         c_uint),
+                ("cpusubtype",      c_uint),
+                ("filetype",        c_uint),
+                ("ncmds",           c_uint),
+                ("sizeofcmds",      c_uint),
+                ("flags",           c_uint)
+               ]
+
+class LOAD_COMMAND(Structure):
+    _fields_ = [
+                ("cmd",             c_uint),
+                ("cmdsize",         c_uint)
+               ]
+
+class SEGMENT_COMMAND(Structure):
+    _fields_ = [
+                ("cmd",             c_uint),
+                ("cmdsize",         c_uint),
+                ("segname",         c_ubyte * 16),
+                ("vmaddr",          c_uint),
+                ("vmsize",          c_uint),
+                ("fileoff",         c_uint),
+                ("filesize",        c_uint),
+                ("maxprot",         c_uint),
+                ("initprot",        c_uint),
+                ("nsects",          c_uint),
+                ("flags",           c_uint)
+               ]
+
+class SEGMENT_COMMAND64(Structure):
+    _fields_ = [
+                ("cmd",             c_uint),
+                ("cmdsize",         c_uint),
+                ("segname",         c_ubyte * 16),
+                ("vmaddr",          c_ulonglong),
+                ("vmsize",          c_ulonglong),
+                ("fileoff",         c_ulonglong),
+                ("filesize",        c_ulonglong),
+                ("maxprot",         c_uint),
+                ("initprot",        c_uint),
+                ("nsects",          c_uint),
+                ("flags",           c_uint)
+               ]
+
+class SECTION(Structure):
+    _fields_ = [
+                ("sectname",        c_ubyte * 16),  
+                ("segname",         c_ubyte * 16),  
+                ("addr",            c_uint),  
+                ("size",            c_uint),  
+                ("offset",          c_uint),  
+                ("align",           c_uint),  
+                ("reloff",          c_uint),  
+                ("nreloc",          c_uint),  
+                ("flags",           c_uint),  
+                ("reserved1",       c_uint),  
+                ("reserved2",       c_uint)  
+               ]
+    
+class SECTION64(Structure):
+    _fields_ = [
+                ("sectname",        c_ubyte * 16),  
+                ("segname",         c_ubyte * 16),  
+                ("addr",            c_ulonglong),  
+                ("size",            c_ulonglong),  
+                ("offset",          c_uint),  
+                ("align",           c_uint),  
+                ("reloff",          c_uint),  
+                ("nreloc",          c_uint),  
+                ("flags",           c_uint),  
+                ("reserved1",       c_uint),  
+                ("reserved2",       c_uint)  
+               ]
+
+class MACHOFlags:
+    CPU_TYPE_I386               = 0x7
+    CPU_TYPE_X86_64             = (CPU_TYPE_I386 | 0x1000000)
+    CPU_TYPE_MIPS               = 0x8
+    CPU_TYPE_ARM                = 12
+    CPU_TYPE_SPARC              = 14
+    CPU_TYPE_POWERPC            = 18
+    CPU_TYPE_POWERPC64          = (CPU_TYPE_POWERPC | 0x1000000)
+    LC_SEGMENT                  = 0x1
+    LC_SEGMENT_64               = 0x19
+    S_ATTR_SOME_INSTRUCTIONS    = 0x00000400
+    S_ATTR_PURE_INSTRUCTIONS    = 0x80000000
+
+class MachOHeader(Structure):
+
+    _fields_ = [
+
+        ("magic", c_uint),
+        ("cputype", c_uint),
+        ("cpusubtype", c_uint),
+        ("filetype", c_uint),
+        ("ncmds", c_uint),
+        ("sizeofcmds", c_uint),
+        ("flags", c_uint)
+
+    ]
+
+""" This class parses the Mach-O """
+class MACHO:
+    def __init__(self, binary):
+        self.__binary = bytearray(binary)
+
+        self.__machHeader   = None
+        self.__rawLoadCmd   = None
+        self.__sections_l   = []
+
+        self.__setHeader()
+        self.__setLoadCmd()
+
+    def __setHeader(self):
+        self.__machHeader = MACH_HEADER.from_buffer_copy(self.__binary)
+
+        if self.getArchMode() == CS_MODE_32:
+            self.__rawLoadCmd   = self.__binary[28:28+self.__machHeader.sizeofcmds]
+
+        elif self.getArchMode() == CS_MODE_64:
+            self.__rawLoadCmd   = self.__binary[32:32+self.__machHeader.sizeofcmds]
+
+    def __setLoadCmd(self):
+        base = self.__rawLoadCmd
+        for i in range(self.__machHeader.ncmds):
+            command = LOAD_COMMAND.from_buffer_copy(base)
+
+            if command.cmd == MACHOFlags.LC_SEGMENT:
+                segment = SEGMENT_COMMAND.from_buffer_copy(base)
+                self.__setSections(segment.nsects, base[56:], 32)
+
+            elif command.cmd == MACHOFlags.LC_SEGMENT_64:
+                segment = SEGMENT_COMMAND64.from_buffer_copy(base)
+                self.__setSections(segment.nsects, base[72:], 64)
+
+            base = base[command.cmdsize:]
+
+    def __setSections(self, sectionsNumber, base, sizeHeader):
+        for i in range(sectionsNumber):
+            if sizeHeader == 32:
+                section = SECTION.from_buffer_copy(base)
+                base = base[68:]
+                self.__sections_l += [section]
+            elif sizeHeader == 64:
+                section = SECTION64.from_buffer_copy(base)
+                base = base[80:]
+                self.__sections_l += [section]
+
+    def getEntryPoint(self):
+        
+        for section in self.__sections_l:
+            if section.sectname[0:6] == "__text":
+                return section.addr
+
+    def getExecSections(self):
+        ret = []
+        for section in self.__sections_l:
+            if section.flags & MACHOFlags.S_ATTR_SOME_INSTRUCTIONS or section.flags & MACHOFlags.S_ATTR_PURE_INSTRUCTIONS:
+                ret +=  [{
+                            "name"    : section.sectname,
+                            "offset"  : section.offset,
+                            "size"    : section.size,
+                            "vaddr"   : section.addr,
+                            "opcodes" : bytes(self.__binary[section.offset:section.offset+section.size])
+                        }]
+        return ret
+
+    def getDataSections(self):
+        ret = []
+        for section in self.__sections_l:
+            if not section.flags & MACHOFlags.S_ATTR_SOME_INSTRUCTIONS and not section.flags & MACHOFlags.S_ATTR_PURE_INSTRUCTIONS:
+                ret +=  [{
+                            "name"    : section.sectname,
+                            "offset"  : section.offset,
+                            "size"    : section.size,
+                            "vaddr"   : section.addr,
+                            "opcodes" : str(self.__binary[section.offset:section.offset+section.size])
+                        }]
+        return ret
+
+    def getArch(self):
+        if self.__machHeader.cputype == MACHOFlags.CPU_TYPE_I386 or self.__machHeader.cputype == MACHOFlags.CPU_TYPE_X86_64: 
+            return CS_ARCH_X86
+        if self.__machHeader.cputype == MACHOFlags.CPU_TYPE_ARM:
+            return CS_ARCH_ARM
+        if self.__machHeader.cputype == MACHOFlags.CPU_TYPE_MIPS:
+            return CS_ARCH_MIPS
+        else:
+            print("[Error] MACHO.getArch() - Architecture not supported")
+            return None
+            
+    def getArchMode(self):
+        if self.__machHeader.magic == 0xfeedface: 
+            return 4
+        elif self.__machHeader.magic == 0xfeedfacf:
+            return 8
+        else:
+            print("[Error] MACHO.getArchMode() - Bad Arch size")
+            return None
+        pass
+
+    def getFormat(self):
+        return "Mach-O"
+
+class FAT_HEADER(BigEndianStructure):
+    _fields_ = [
+                ("magic",           c_uint),
+                ("nfat_arch",       c_uint)
+               ]
+
+class FAT_ARC(BigEndianStructure):
+    _fields_ = [
+                ("cputype",         c_uint),
+                ("cpusubtype",      c_uint),
+                ("offset",          c_uint),
+                ("size",            c_uint),
+                ("align",           c_uint)
+               ]
+
+class MACHOFlags:
+    CPU_TYPE_I386               = 0x7
+    CPU_TYPE_X86_64             = (CPU_TYPE_I386 | 0x1000000)
+    CPU_TYPE_MIPS               = 0x8
+    CPU_TYPE_ARM                = 12
+    CPU_TYPE_SPARC              = 14
+    CPU_TYPE_POWERPC            = 18
+    CPU_TYPE_POWERPC64          = (CPU_TYPE_POWERPC | 0x1000000)
+    LC_SEGMENT                  = 0x1
+    LC_SEGMENT_64               = 0x19
+    S_ATTR_SOME_INSTRUCTIONS    = 0x00000400
+    S_ATTR_PURE_INSTRUCTIONS    = 0x80000000
+
+""" This class parses the Universal binary """
+class UNIVERSAL:
+    def __init__(self, binary):
+        self.__binary = bytearray(binary)
+        self.__machoBinaries = []
+
+        self.__fatHeader    = None
+        self.__rawLoadCmd   = None
+        self.__sections_l   = []
+
+        self.__setHeader()
+        self.__setBinaries()
+
+    def __setHeader(self):
+        self.__fatHeader = FAT_HEADER.from_buffer_copy(self.__binary)
+
+    def __setBinaries(self):
+        offset = 8
+        for i in xrange(self.__fatHeader.nfat_arch):
+            header = FAT_ARC.from_buffer_copy(self.__binary[offset:])
+            rawBinary = self.__binary[header.offset:header.offset+header.size]
+            if rawBinary[:4] == unhexlify(b"cefaedfe") or rawBinary[:4] == unhexlify(b"cffaedfe"):
+                self.__machoBinaries.append(MACHO(rawBinary))
+            else:
+                print("[Error] Binary #"+str(i+1)+" in Universal binary has an unsupported format")
+            offset += sizeof(header)
+
+    def getExecSections(self):
+        ret = []
+        for binary in self.__machoBinaries:
+            ret += binary.getExecSections()
+        return ret
+
+    def getDataSections(self):
+        ret = []
+        for binary in self.__machoBinaries:
+            ret += binary.getDataSections()
+        return ret
+
+    def getFormat(self):
+        return "Universal"
+
+    # TODO: These three will just return whatever is in the first binary.
+    # Perhaps the rest of ROPgadget should support loading multiple binaries?
+    def getEntryPoint(self):
+        for binary in self.__machoBinaries:
+            return binary.getEntryPoint()
+
+    def getArch(self):
+        for binary in self.__machoBinaries:
+            return binary.getArch()
+            
+    def getArchMode(self):
+        for binary in self.__machoBinaries:
+            return binary.getArchMode()
+
+
+
+def deleteDuplicateGadgets(currentGadgets):
+    gadgets_content_set = set()
+    unique_gadgets = []
+    for gadget in currentGadgets:
+        gad = gadget["gadget"]
+        if gad in gadgets_content_set:
+            continue
+        gadgets_content_set.add(gad)
+        unique_gadgets += [gadget]
+    return unique_gadgets
+
+def alphaSortgadgets(currentGadgets):
+    return sorted(currentGadgets, key=lambda key : key["gadget"]) 
+
+
+
+class Options:
+    def __init__(self, options, binary, gadgets):
+        self.__options = options
+        self.__gadgets = gadgets
+        self.__binary  = binary 
+
+        if options.filter:   self.__filterOption()
+        if options.only:     self.__onlyOption()
+        if options.range:    self.__rangeOption()
+        if options.badbytes: self.__deleteBadBytes()
+
+    def __filterOption(self):
+        new = []
+        if not self.__options.filter:
+            return 
+        filt = self.__options.filter.split("|")
+        if not len(filt):
+            return 
+        for gadget in self.__gadgets:
+            flag = 0
+            insts = gadget["gadget"].split(" ; ")
+            for ins in insts:
+                if ins.split(" ")[0] in filt:
+                    flag = 1
+                    break
+            if not flag:
+                new += [gadget]
+        self.__gadgets = new
+
+    def __onlyOption(self):
+        new = []
+        if not self.__options.only:
+            return 
+        only = self.__options.only.split("|")
+        if not len(only):
+            return 
+        for gadget in self.__gadgets:
+            flag = 0
+            insts = gadget["gadget"].split(" ; ")
+            for ins in insts:
+                if ins.split(" ")[0] not in only:
+                    flag = 1
+                    break
+            if not flag:
+                new += [gadget]
+        self.__gadgets = new
+
+    def __rangeOption(self):
+        new = []
+        rangeS = int(self.__options.range.split('-')[0], 16)
+        rangeE = int(self.__options.range.split('-')[1], 16)
+        if rangeS == 0 and rangeE == 0:
+            return 
+        for gadget in self.__gadgets:
+            vaddr = gadget["vaddr"]
+            if vaddr >= rangeS and vaddr <= rangeE:
+                new += [gadget]
+        self.__gadgets = new
+
+    def __deleteBadBytes(self):
+        if not self.__options.badbytes:
+            return
+        new = []
+        #Filter out empty badbytes (i.e if badbytes was set to 00|ff| there's an empty badbyte after the last '|')
+        #and convert each one to the corresponding byte
+        bbytes = [bb.decode('hex') for bb in self.__options.badbytes.split("|") if bb]
+        archMode = self.__binary.getArchMode()
+        for gadget in self.__gadgets:
+            gadAddr = pack("<L", gadget["vaddr"]) if archMode == CS_MODE_32 else pack("<Q", gadget["vaddr"])
+            try:
+                for x in bbytes:
+                    if x in gadAddr: raise
+                new += [gadget]
+            except:
+                pass
+        self.__gadgets = new
+
+    def getGadgets(self):
+        return self.__gadgets
+
+
+class ROPMakerX86:
+    def __init__(self, binary, gadgets, liboffset=0x0):
+        self.__binary  = binary
+        self.__gadgets = gadgets
+
+        # If it's a library, we have the option to add an offset to the addresses
+        self.__liboffset = liboffset
+
+        self.__generate()
+
+
+    def __lookingForWrite4Where(self, gadgetsAlreadyTested):
+        for gadget in self.__gadgets:
+            if gadget in gadgetsAlreadyTested:
+                continue
+            f = gadget["gadget"].split(" ; ")[0]
+            # regex -> mov dword ptr [r32], r32
+            regex = re.search("mov dword ptr \[(?P<dst>([(eax)|(ebx)|(ecx)|(edx)|(esi)|(edi)]{3}))\], (?P<src>([(eax)|(ebx)|(ecx)|(edx)|(esi)|(edi)]{3}))$", f)
+            if regex:
+                lg = gadget["gadget"].split(" ; ")[1:]
+                try:
+                    for g in lg:
+                        if g.split()[0] != "pop" and g.split()[0] != "ret":
+                            raise
+                        # we need this to filterout 'ret' instructions with an offset like 'ret 0x6', because they ruin the stack pointer
+                        if g != "ret":
+                            if g.split()[0] == "ret" and g.split()[1] != "":
+                                raise
+                    print("\t[+] Gadget found: 0x%x %s" %(gadget["vaddr"], gadget["gadget"]))
+                    return [gadget, regex.group("dst"), regex.group("src")]
+                except:
+                    continue
+        return None
+
+    def __lookingForSomeThing(self, something):
+        for gadget in self.__gadgets:
+            lg = gadget["gadget"].split(" ; ")
+            if lg[0] == something:
+                try:
+                    for g in lg[1:]:
+                        if g.split()[0] != "pop" and g.split()[0] != "ret":
+                            raise
+                        # we need this to filterout 'ret' instructions with an offset like 'ret 0x6', because they ruin the stack pointer
+                        if g != "ret":
+                            if g.split()[0] == "ret" and g.split()[1] != "":
+                                raise
+                    print("\t[+] Gadget found: 0x%x %s" %(gadget["vaddr"], gadget["gadget"]))
+                    return gadget
+                except:
+                    continue
+        return None
+
+    def __padding(self, gadget, regAlreadSetted):
+        lg = gadget["gadget"].split(" ; ")
+        for g in lg[1:]:
+            if g.split()[0] == "pop":
+                reg = g.split()[1]
+                try:
+                    print("\tp += pack('<I', 0x%08x) # padding without overwrite %s" %(regAlreadSetted[reg], reg))
+                except KeyError:
+                    print("\tp += pack('<I', 0x41414141) # padding")
+
+    def __buildRopChain(self, write4where, popDst, popSrc, xorSrc, xorEax, incEax, popEbx, popEcx, popEdx, syscall):
+
+        sects = self.__binary.getDataSections()
+        dataAddr = None
+        for s in sects:
+            if s["name"] == ".data":
+                dataAddr = s["vaddr"] + self.__liboffset
+        if dataAddr == None:
+            print("\n[-] Error - Can't find a writable section")
+            return
+
+        print("\t#!/usr/bin/env python2")
+        print("\t# execve generated by ROPgadget\n" )
+        print("\tfrom struct import pack\n")
+
+        print("\t# Padding goes here")
+        print("\tp = ''\n")
+
+        print("\tp += pack('<I', 0x%08x) # %s" %(popDst["vaddr"], popDst["gadget"]))
+        print("\tp += pack('<I', 0x%08x) # @ .data" %(dataAddr))
+        self.__padding(popDst, {})
+
+        print("\tp += pack('<I', 0x%08x) # %s" %(popSrc["vaddr"], popSrc["gadget"]))
+        print("\tp += '/bin'")
+        self.__padding(popSrc, {popDst["gadget"].split()[1]: dataAddr}) # Don't overwrite reg dst
+
+        print("\tp += pack('<I', 0x%08x) # %s" %(write4where["vaddr"], write4where["gadget"]))
+        self.__padding(write4where, {})
+
+        print("\tp += pack('<I', 0x%08x) # %s" %(popDst["vaddr"], popDst["gadget"]))
+        print("\tp += pack('<I', 0x%08x) # @ .data + 4" %(dataAddr + 4))
+        self.__padding(popDst, {})
+
+        print("\tp += pack('<I', 0x%08x) # %s" %(popSrc["vaddr"], popSrc["gadget"]))
+        print("\tp += '//sh'")
+        self.__padding(popSrc, {popDst["gadget"].split()[1]: dataAddr + 4}) # Don't overwrite reg dst
+
+        print("\tp += pack('<I', 0x%08x) # %s" %(write4where["vaddr"], write4where["gadget"]))
+        self.__padding(write4where, {})
+
+        print("\tp += pack('<I', 0x%08x) # %s" %(popDst["vaddr"], popDst["gadget"]))
+        print("\tp += pack('<I', 0x%08x) # @ .data + 8" %(dataAddr + 8))
+        self.__padding(popDst, {})
+
+        print("\tp += pack('<I', 0x%08x) # %s" %(xorSrc["vaddr"], xorSrc["gadget"]))
+        self.__padding(xorSrc, {})
+
+        print("\tp += pack('<I', 0x%08x) # %s" %(write4where["vaddr"], write4where["gadget"]))
+        self.__padding(write4where, {})
+
+        print("\tp += pack('<I', 0x%08x) # %s" %(popEbx["vaddr"], popEbx["gadget"]))
+        print("\tp += pack('<I', 0x%08x) # @ .data" %(dataAddr))
+        self.__padding(popEbx, {})
+
+        print("\tp += pack('<I', 0x%08x) # %s" %(popEcx["vaddr"], popEcx["gadget"]))
+        print("\tp += pack('<I', 0x%08x) # @ .data + 8" %(dataAddr + 8))
+        self.__padding(popEcx, {"ebx": dataAddr}) # Don't overwrite ebx
+
+        print("\tp += pack('<I', 0x%08x) # %s" %(popEdx["vaddr"], popEdx["gadget"]))
+        print("\tp += pack('<I', 0x%08x) # @ .data + 8" %(dataAddr + 8))
+        self.__padding(popEdx, {"ebx": dataAddr, "ecx": dataAddr + 8}) # Don't overwrite ebx and ecx
+
+        print("\tp += pack('<I', 0x%08x) # %s" %(xorEax["vaddr"], xorEax["gadget"]))
+        self.__padding(xorEax, {"ebx": dataAddr, "ecx": dataAddr + 8}) # Don't overwrite ebx and ecx
+
+        for i in range(11):
+            print("\tp += pack('<I', 0x%08x) # %s" %(incEax["vaddr"], incEax["gadget"]))
+            self.__padding(incEax, {"ebx": dataAddr, "ecx": dataAddr + 8}) # Don't overwrite ebx and ecx
+
+        print("\tp += pack('<I', 0x%08x) # %s" %(syscall["vaddr"], syscall["gadget"]))
+
+    def __generate(self):
+
+        # To find the smaller gadget
+        self.__gadgets.reverse()
+
+        print("\nROP chain generation\n===========================================================")
+
+        print("\n- Step 1 -- Write-what-where gadgets\n")
+
+        gadgetsAlreadyTested = []
+        while True:
+            write4where = self.__lookingForWrite4Where(gadgetsAlreadyTested)
+            if not write4where:
+                print("\t[-] Can't find the 'mov dword ptr [r32], r32' gadget")
+                return
+
+            popDst = self.__lookingForSomeThing("pop %s" %(write4where[1]))
+            if not popDst:
+                print("\t[-] Can't find the 'pop %s' gadget. Try with another 'mov [reg], reg'\n" %(write4where[1]))
+                gadgetsAlreadyTested += [write4where[0]]
+                continue
+
+            popSrc = self.__lookingForSomeThing("pop %s" %(write4where[2]))
+            if not popSrc:
+                print("\t[-] Can't find the 'pop %s' gadget. Try with another 'mov [reg], reg'\n" %(write4where[2]))
+                gadgetsAlreadyTested += [write4where[0]]
+                continue
+
+            xorSrc = self.__lookingForSomeThing("xor %s, %s" %(write4where[2], write4where[2]))
+            if not xorSrc:
+                print("\t[-] Can't find the 'xor %s, %s' gadget. Try with another 'mov [r], r'\n" %(write4where[2], write4where[2]))
+                gadgetsAlreadyTested += [write4where[0]]
+                continue
+            else:
+                break
+
+        print("\n- Step 2 -- Init syscall number gadgets\n")
+
+        xorEax = self.__lookingForSomeThing("xor eax, eax")
+        if not xorEax:
+            print("\t[-] Can't find the 'xor eax, eax' instuction")
+            return
+
+        incEax = self.__lookingForSomeThing("inc eax")
+        if not incEax:
+            print("\t[-] Can't find the 'inc eax' instuction")
+            return
+
+        print("\n- Step 3 -- Init syscall arguments gadgets\n")
+
+        popEbx = self.__lookingForSomeThing("pop ebx")
+        if not popEbx:
+            print("\t[-] Can't find the 'pop ebx' instruction")
+            return
+
+        popEcx = self.__lookingForSomeThing("pop ecx")
+        if not popEcx:
+            print("\t[-] Can't find the 'pop ecx' instruction")
+            return
+
+        popEdx = self.__lookingForSomeThing("pop edx")
+        if not popEdx:
+            print("\t[-] Can't find the 'pop edx' instruction")
+            return
+
+        print("\n- Step 4 -- Syscall gadget\n")
+
+        syscall = self.__lookingForSomeThing("int 0x80")
+        if not syscall:
+            print("\t[-] Can't find the 'syscall' instruction")
+            return
+
+        print("\n- Step 5 -- Build the ROP chain\n")
+
+        self.__buildRopChain(write4where[0], popDst, popSrc, xorSrc, xorEax, incEax, popEbx, popEcx, popEdx, syscall)
+
+class ROPMakerX64:
+    def __init__(self, binary, gadgets, liboffset=0x0):
+        self.__binary  = binary
+        self.__gadgets = gadgets
+
+        # If it's a library, we have the option to add an offset to the addresses
+        self.__liboffset = liboffset
+
+        self.__generate()
+
+
+    def __lookingForWrite4Where(self, gadgetsAlreadyTested):
+        for gadget in self.__gadgets:
+            if gadget in gadgetsAlreadyTested:
+                continue
+            f = gadget["gadget"].split(" ; ")[0]
+            regex = re.search("mov .* ptr \[(?P<dst>([(rax)|(rbx)|(rcx)|(rdx)|(rsi)|(rdi)|(r9)|(r10)|(r11)|(r12)|(r13)|(r14)|(r15)]{3}))\], (?P<src>([(rax)|(rbx)|(rcx)|(rdx)|(rsi)|(rdi)|(r9)|(r10)|(r11)|(r12)|(r13)|(r14)|(r15)]{3}))$", f)
+            if regex:
+                lg = gadget["gadget"].split(" ; ")[1:]
+                try:
+                    for g in lg:
+                        if g.split()[0] != "pop" and g.split()[0] != "ret":
+                            raise
+                        # we need this to filterout 'ret' instructions with an offset like 'ret 0x6', because they ruin the stack pointer
+                        if g != "ret":
+                            if g.split()[0] == "ret" and g.split()[1] != "":
+                                raise
+                    print("\t[+] Gadget found: 0x%x %s" %(gadget["vaddr"], gadget["gadget"]))
+                    return [gadget, regex.group("dst"), regex.group("src")]
+                except:
+                    continue
+        return None
+
+    def __lookingForSomeThing(self, something):
+        for gadget in self.__gadgets:
+            lg = gadget["gadget"].split(" ; ")
+            if lg[0] == something:
+                try:
+                    for g in lg[1:]:
+                        if g.split()[0] != "pop" and g.split()[0] != "ret":
+                            raise
+                        if g != "ret":
+                        # we need this to filterout 'ret' instructions with an offset like 'ret 0x6', because they ruin the stack pointer
+                            if g.split()[0] == "ret" and g.split()[1] != "":
+                                raise
+                    print("\t[+] Gadget found: 0x%x %s" %(gadget["vaddr"], gadget["gadget"]))
+                    return gadget
+                except:
+                    continue
+        return None
+
+    def __padding(self, gadget, regAlreadSetted):
+        lg = gadget["gadget"].split(" ; ")
+        for g in lg[1:]:
+            if g.split()[0] == "pop":
+                reg = g.split()[1]
+                try:
+                    print("\tp += pack('<Q', 0x%016x) # padding without overwrite %s" %(regAlreadSetted[reg], reg))
+                except KeyError:
+                    print("\tp += pack('<Q', 0x4141414141414141) # padding")
+
+    def __buildRopChain(self, write4where, popDst, popSrc, xorSrc, xorRax, incRax, popRdi, popRsi, popRdx, syscall):
+
+        sects = self.__binary.getDataSections()
+        dataAddr = None
+        for s in sects:
+            if s["name"] == ".data":
+                dataAddr = s["vaddr"] + self.__liboffset
+        if dataAddr is None:
+            print("\n[-] Error - Can't find a writable section")
+            return
+
+        print("\t#!/usr/bin/env python2")
+        print("\t# execve generated by ROPgadget\n")
+        print("\tfrom struct import pack\n")
+
+        print("\t# Padding goes here")
+        print("\tp = ''\n")
+
+        print("\tp += pack('<Q', 0x%016x) # %s" %(popDst["vaddr"], popDst["gadget"]))
+        print("\tp += pack('<Q', 0x%016x) # @ .data" %(dataAddr))
+        self.__padding(popDst, {})
+
+        print("\tp += pack('<Q', 0x%016x) # %s" %(popSrc["vaddr"], popSrc["gadget"]))
+        print("\tp += '/bin//sh'")
+        self.__padding(popSrc, {popDst["gadget"].split()[1]: dataAddr}) # Don't overwrite reg dst
+
+        print("\tp += pack('<Q', 0x%016x) # %s" %(write4where["vaddr"], write4where["gadget"]))
+        self.__padding(write4where, {})
+
+        print("\tp += pack('<Q', 0x%016x) # %s" %(popDst["vaddr"], popDst["gadget"]))
+        print("\tp += pack('<Q', 0x%016x) # @ .data + 8" %(dataAddr + 8))
+        self.__padding(popDst, {})
+
+        print("\tp += pack('<Q', 0x%016x) # %s" %(xorSrc["vaddr"], xorSrc["gadget"]))
+        self.__padding(xorSrc, {})
+
+        print("\tp += pack('<Q', 0x%016x) # %s" %(write4where["vaddr"], write4where["gadget"]))
+        self.__padding(write4where, {})
+
+        print("\tp += pack('<Q', 0x%016x) # %s" %(popRdi["vaddr"], popRdi["gadget"]))
+        print("\tp += pack('<Q', 0x%016x) # @ .data" %(dataAddr))
+        self.__padding(popRdi, {})
+
+        print("\tp += pack('<Q', 0x%016x) # %s" %(popRsi["vaddr"], popRsi["gadget"]))
+        print("\tp += pack('<Q', 0x%016x) # @ .data + 8" %(dataAddr + 8))
+        self.__padding(popRsi, {"rdi": dataAddr}) # Don't overwrite rdi
+
+        print("\tp += pack('<Q', 0x%016x) # %s" %(popRdx["vaddr"], popRdx["gadget"]))
+        print("\tp += pack('<Q', 0x%016x) # @ .data + 8" %(dataAddr + 8))
+        self.__padding(popRdx, {"rdi": dataAddr, "rsi": dataAddr + 8}) # Don't overwrite rdi and rsi
+
+        print("\tp += pack('<Q', 0x%016x) # %s" %(xorRax["vaddr"], xorRax["gadget"]))
+        self.__padding(xorRax, {"rdi": dataAddr, "rsi": dataAddr + 8}) # Don't overwrite rdi and rsi
+
+        for i in range(59):
+            print("\tp += pack('<Q', 0x%016x) # %s" %(incRax["vaddr"], incRax["gadget"]))
+            self.__padding(incRax, {"rdi": dataAddr, "rsi": dataAddr + 8}) # Don't overwrite rdi and rsi
+
+        print("\tp += pack('<Q', 0x%016x) # %s" %(syscall["vaddr"], syscall["gadget"]))
+
+    def __generate(self):
+
+        # To find the smaller gadget
+        self.__gadgets.reverse()
+
+        print("\nROP chain generation\n===========================================================")
+
+        print("\n- Step 1 -- Write-what-where gadgets\n")
+
+        gadgetsAlreadyTested = []
+        while True:
+            write4where = self.__lookingForWrite4Where(gadgetsAlreadyTested)
+            if not write4where:
+                print("\t[-] Can't find the 'mov qword ptr [r64], r64' gadget")
+                return
+
+            popDst = self.__lookingForSomeThing("pop %s" %(write4where[1]))
+            if not popDst:
+                print("\t[-] Can't find the 'pop %s' gadget. Try with another 'mov [reg], reg'\n" %(write4where[1]))
+                gadgetsAlreadyTested += [write4where[0]]
+                continue
+
+            popSrc = self.__lookingForSomeThing("pop %s" %(write4where[2]))
+            if not popSrc:
+                print("\t[-] Can't find the 'pop %s' gadget. Try with another 'mov [reg], reg'\n" %(write4where[2]))
+                gadgetsAlreadyTested += [write4where[0]]
+                continue
+
+            xorSrc = self.__lookingForSomeThing("xor %s, %s" %(write4where[2], write4where[2]))
+            if not xorSrc:
+                print("\t[-] Can't find the 'xor %s, %s' gadget. Try with another 'mov [reg], reg'\n" %(write4where[2], write4where[2]))
+                gadgetsAlreadyTested += [write4where[0]]
+                continue
+            else:
+                break
+
+        print("\n- Step 2 -- Init syscall number gadgets\n")
+
+        xorRax = self.__lookingForSomeThing("xor rax, rax")
+        if not xorRax:
+            print("\t[-] Can't find the 'xor rax, rax' instuction")
+            return
+
+        incRax = self.__lookingForSomeThing("inc rax")
+        incEax = self.__lookingForSomeThing("inc eax")
+        incAx = self.__lookingForSomeThing("inc al")
+        addRax = self.__lookingForSomeThing("add rax, 1")
+        addEax = self.__lookingForSomeThing("add eax, 1")
+        addAx = self.__lookingForSomeThing("add al, 1")
+
+        instr = [incRax, incEax, incAx, addRax, addEax, addAx]
+
+        if all(v is None for v in instr):
+            print("\t[-] Can't find the 'inc rax' or 'add rax, 1' instuction")
+            return
+
+        for i in instr:
+            if i is not None:
+                incRax = i
+                break
+
+        print("\n- Step 3 -- Init syscall arguments gadgets\n")
+
+        popRdi = self.__lookingForSomeThing("pop rdi")
+        if not popRdi:
+            print("\t[-] Can't find the 'pop rdi' instruction")
+            return
+
+        popRsi = self.__lookingForSomeThing("pop rsi")
+        if not popRsi:
+            print("\t[-] Can't find the 'pop rsi' instruction")
+            return
+
+        popRdx = self.__lookingForSomeThing("pop rdx")
+        if not popRdx:
+            print("\t[-] Can't find the 'pop rdx' instruction")
+            return
+
+        print("\n- Step 4 -- Syscall gadget\n")
+
+        syscall = self.__lookingForSomeThing("syscall")
+        if not syscall:
+            print("\t[-] Can't find the 'syscall' instruction")
+            return
+
+        print("\n- Step 5 -- Build the ROP chain\n")
+
+        self.__buildRopChain(write4where[0], popDst, popSrc, xorSrc, xorRax, incRax, popRdi, popRsi, popRdx, syscall)
+
+
+class ROPMaker:
+    def __init__(self, binary, gadgets, offset):
+        self.__binary  = binary
+        self.__gadgets = gadgets
+        self.__offset  = offset
+
+        self.__handlerArch()
+
+    def __handlerArch(self):
+
+        if self.__binary.getArch() == CS_ARCH_X86           \
+            and self.__binary.getArchMode() == CS_MODE_32   \
+            and self.__binary.getFormat() == "ELF":
+            ROPMakerX86(self.__binary, self.__gadgets, self.__offset)
+
+        elif self.__binary.getArch() == CS_ARCH_X86         \
+            and self.__binary.getArchMode() == CS_MODE_64   \
+            and self.__binary.getFormat() == "ELF":
+            ROPMakerX64(self.__binary, self.__gadgets, self.__offset)
+
+        else:
+            print("\n[Error] ROPMaker.__handlerArch - Arch not supported yet for the rop chain generation")
+
+
+class Gadgets:
+    def __init__(self, binary, options, offset):
+        self.__binary  = binary
+        self.__options = options
+        self.__offset  = offset
+
+
+    def __checkInstructionBlackListedX86(self, insts):
+        bl = ["db", "int3"]
+        for inst in insts:
+            for b in bl:
+                if inst.split(" ")[0] == b:
+                    return True
+        return False
+
+    def __checkMultiBr(self, insts, br):
+        count = 0
+        for inst in insts:
+            if inst.split()[0] in br:
+                count += 1
+        return count
+
+    def __passCleanX86(self, gadgets, multibr=False):
+        new = []
+        br = ["ret", "retf", "int", "sysenter", "jmp", "call", "syscall"]
+        for gadget in gadgets:
+            insts = gadget["gadget"].split(" ; ")
+            if len(insts) == 1 and insts[0].split(" ")[0] not in br:
+                continue
+            if insts[-1].split(" ")[0] not in br:
+                continue
+            if self.__checkInstructionBlackListedX86(insts):
+                continue
+            if not multibr and self.__checkMultiBr(insts, br) > 1:
+                continue
+            if len([m.start() for m in re.finditer("ret", gadget["gadget"])]) > 1:
+                continue
+            new += [gadget]
+        return new
+
+    def __gadgetsFinding(self, section, gadgets, arch, mode):
+
+        C_OP    = 0
+        C_SIZE  = 1
+        C_ALIGN = 2
+
+        ret = []
+        md = Cs(arch, mode)
+        for gad in gadgets:
+            
+            allRefRet = [m.start() for m in re.finditer(gad[C_OP], section["opcodes"])]
+            for ref in allRefRet:
+                for i in range(self.__options.depth):
+                    if (section["vaddr"]+ref-(i*gad[C_ALIGN])) % gad[C_ALIGN] == 0:
+                        off = self.__offset
+                        decodes = md.disasm(section["opcodes"][ref-(i*gad[C_ALIGN]):ref+gad[C_SIZE]], section["vaddr"]+ref)
+                        gadget = ""
+                        for decode in decodes:
+                            gadget += (decode.mnemonic + " " + decode.op_str + " ; ").replace("  ", " ")
+                        if len(gadget) > 0:
+                            gadget = gadget[:-3]
+                            off = self.__offset
+                            ret += [{"vaddr" :  off+section["vaddr"]+ref-(i*gad[C_ALIGN]), "gadget" : gadget, "decodes" : decodes, "bytes": section["opcodes"][ref-(i*gad[C_ALIGN]):ref+gad[C_SIZE]]}]
+        return ret
+
+    def addROPGadgets(self, section):
+
+        arch = self.__binary.getArch()
+        arch_mode = self.__binary.getArchMode()
+
+        if arch == CS_ARCH_X86:
+            gadgets = [
+                            [b"\xc3", 1, 1],               # ret
+                            [b"\xc2[\x00-\xff]{2}", 3, 1], # ret <imm>
+                            [b"\xcb", 1, 1],               # retf
+                            [b"\xca[\x00-\xff]{2}", 3, 1]  # retf <imm>
+                       ]
+
+        elif arch == CS_ARCH_MIPS:   gadgets = []            # MIPS doesn't contains RET instruction set. Only JOP gadgets
+        elif arch == CS_ARCH_PPC:
+            gadgets = [
+                            [b"\x4e\x80\x00\x20", 4, 4] # blr
+                       ]
+            arch_mode = arch_mode + CS_MODE_BIG_ENDIAN
+
+        elif arch == CS_ARCH_SPARC:
+            gadgets = [
+                            [b"\x81\xc3\xe0\x08", 4, 4], # retl
+                            [b"\x81\xc7\xe0\x08", 4, 4], # ret
+                            [b"\x81\xe8\x00\x00", 4, 4]  # restore
+                       ]
+            arch_mode = CS_MODE_BIG_ENDIAN
+
+        elif arch == CS_ARCH_ARM:    gadgets = []            # ARM doesn't contains RET instruction set. Only JOP gadgets
+        elif arch == CS_ARCH_ARM64:
+            gadgets =  [
+                            [b"\xc0\x03\x5f\xd6", 4, 4] # ret
+                       ]
+            arch_mode = CS_MODE_ARM
+
+        else:
+            print("Gadgets().addROPGadgets() - Architecture not supported")
+            return None
+
+        if len(gadgets) > 0 :
+            return self.__gadgetsFinding(section, gadgets, arch, arch_mode)
+        return gadgets
+
+
+    def addJOPGadgets(self, section):
+        arch = self.__binary.getArch()
+        arch_mode = self.__binary.getArchMode()
+
+
+
+        if arch  == CS_ARCH_X86:
+            gadgets = [
+                               [b"\xff[\x20\x21\x22\x23\x26\x27]{1}", 2, 1],     # jmp  [reg]
+                               [b"\xff[\xe0\xe1\xe2\xe3\xe4\xe6\xe7]{1}", 2, 1], # jmp  [reg]
+                               [b"\xff[\x10\x11\x12\x13\x16\x17]{1}", 2, 1],     # jmp  [reg]
+                               [b"\xff[\xd0\xd1\xd2\xd3\xd4\xd6\xd7]{1}", 2, 1]  # call [reg]
+                      ]
+
+
+        elif arch == CS_ARCH_MIPS:
+            gadgets = [
+                               [b"\x09\xf8\x20\x03[\x00-\xff]{4}", 8, 4], # jrl $t9
+                               [b"\x08\x00\x20\x03[\x00-\xff]{4}", 8, 4], # jr  $t9
+                               [b"\x08\x00\xe0\x03[\x00-\xff]{4}", 8, 4]  # jr  $ra
+                      ]
+        elif arch == CS_ARCH_PPC:    gadgets = [] # PPC architecture doesn't contains reg branch instruction
+        elif arch == CS_ARCH_SPARC:
+            gadgets = [
+                               [b"\x81\xc0[\x00\x40\x80\xc0]{1}\x00", 4, 4]  # jmp %g[0-3]
+                      ]
+            arch_mode = CS_MODE_BIG_ENDIAN
+        elif arch == CS_ARCH_ARM64:
+            gadgets = [
+                               [b"[\x00\x20\x40\x60\x80\xa0\xc0\xe0]{1}[\x00\x02]{1}\x1f\xd6", 4, 4],     # br  reg
+                               [b"[\x00\x20\x40\x60\x80\xa0\xc0\xe0]{1}[\x00\x02]{1}\x5C\x3f\xd6", 4, 4]  # blr reg
+                      ]
+            arch_mode = CS_MODE_ARM
+        elif arch == CS_ARCH_ARM:
+            if self.__options.thumb or self.__options.rawMode == "thumb":
+                gadgets = [
+                               [b"[\x00\x08\x10\x18\x20\x28\x30\x38\x40\x48\x70]{1}\x47", 2, 2], # bx   reg
+                               [b"[\x80\x88\x90\x98\xa0\xa8\xb0\xb8\xc0\xc8\xf0]{1}\x47", 2, 2], # blx  reg
+                               [b"[\x00-\xff]{1}\xbd", 2, 2]                                     # pop {,pc}
+                          ]
+                arch_mode = CS_MODE_THUMB
+            else:
+                gadgets = [
+                               [b"[\x10-\x19\x1e]{1}\xff\x2f\xe1", 4, 4],  # bx   reg
+                               [b"[\x30-\x39\x3e]{1}\xff\x2f\xe1", 4, 4],  # blx  reg
+                               [b"[\x00-\xff]{1}\x80\xbd\xe8", 4, 4]       # pop {,pc}
+                          ]
+                arch_mode = CS_MODE_ARM
+        else:
+            print("Gadgets().addJOPGadgets() - Architecture not supported")
+            return None
+
+        if len(gadgets) > 0 :
+            return self.__gadgetsFinding(section, gadgets, arch, arch_mode)
+        return gadgets
+
+
+    def addSYSGadgets(self, section):
+
+        arch = self.__binary.getArch()
+        arch_mode = self.__binary.getArchMode()
+
+        if   arch == CS_ARCH_X86:
+            gadgets = [
+                               [b"\xcd\x80", 2, 1],                         # int 0x80
+                               [b"\x0f\x34", 2, 1],                         # sysenter
+                               [b"\x0f\x05", 2, 1],                         # syscall
+                               [b"\x65\xff\x15\x10\x00\x00\x00", 7, 1],     # call DWORD PTR gs:0x10
+                               [b"\xcd\x80\xc3", 3, 1],                     # int 0x80 ; ret
+                               [b"\x0f\x34\xc3", 3, 1],                     # sysenter ; ret
+                               [b"\x0f\x05\xc3", 3, 1],                     # syscall ; ret
+                               [b"\x65\xff\x15\x10\x00\x00\x00\xc3", 8, 1], # call DWORD PTR gs:0x10 ; ret
+                      ]
+
+        elif arch == CS_ARCH_MIPS:
+            gadgets = [
+                               [b"\x0c\x00\x00\x00", 4, 4] # syscall
+                      ]
+        elif arch == CS_ARCH_PPC:    gadgets = [] # TODO (sc inst)
+        elif arch == CS_ARCH_SPARC:  gadgets = [] # TODO (ta inst)
+        elif arch == CS_ARCH_ARM64:  gadgets = [] # TODO
+        elif arch == CS_ARCH_ARM:
+            if self.__options.thumb or self.__options.rawMode == "thumb":
+                gadgets = [
+                               [b"\x00-\xff]{1}\xef", 2, 2] # svc
+                          ]
+                arch_mode = CS_MODE_THUMB
+            else:
+                gadgets = [
+                               [b"\x00-\xff]{3}\xef", 4, 4] # svc
+                          ]
+                arch_mode = CS_MODE_ARM
+        else:
+            print("Gadgets().addSYSGadgets() - Architecture not supported")
+            return None
+
+        if len(gadgets) > 0 :
+            return self.__gadgetsFinding(section, gadgets, arch, arch_mode)
+        return []
+
+
+    def passClean(self, gadgets, multibr):
+
+        arch = self.__binary.getArch()
+        if   arch == CS_ARCH_X86:    return self.__passCleanX86(gadgets, multibr)
+        elif arch == CS_ARCH_MIPS:   return gadgets
+        elif arch == CS_ARCH_PPC:    return gadgets
+        elif arch == CS_ARCH_SPARC:  return gadgets
+        elif arch == CS_ARCH_ARM:    return gadgets
+        elif arch == CS_ARCH_ARM64:  return gadgets
+        else:
+            print("Gadgets().passClean() - Architecture not supported")
+            return None
+
+
+class Core(cmd.Cmd):
+    def __init__(self, options):
+        cmd.Cmd.__init__(self)
+        self.__options = options
+        self.__binary  = None
+        self.__gadgets = []
+        self.__offset  = 0
+        self.prompt    = '(ROPgadget)> '
+
+
+    def __checksBeforeManipulations(self):
+        if self.__binary == None or self.__binary.getBinary() == None or self.__binary.getArch() == None or self.__binary.getArchMode() == None:
+            return False
+        return True
+
+
+    def __getAllgadgets(self):
+
+        if self.__checksBeforeManipulations() == False:
+            return False
+
+        G = Gadgets(self.__binary, self.__options, self.__offset)
+        execSections = self.__binary.getExecSections()
+
+        # Find ROP/JOP/SYS gadgets
+        self.__gadgets = []
+        for section in execSections:
+            if not self.__options.norop: self.__gadgets += G.addROPGadgets(section)
+            if not self.__options.nojop: self.__gadgets += G.addJOPGadgets(section)
+            if not self.__options.nosys: self.__gadgets += G.addSYSGadgets(section)
+
+        # Pass clean single instruction and unknown instructions
+        self.__gadgets = G.passClean(self.__gadgets, self.__options.multibr)
+
+        # Delete duplicate gadgets
+        if not self.__options.all:
+            self.__gadgets = deleteDuplicateGadgets(self.__gadgets)
+
+        # Applicate some Options
+        self.__gadgets = Options(self.__options, self.__binary, self.__gadgets).getGadgets()
+
+        # Sorted alphabetically
+        self.__gadgets = alphaSortgadgets(self.__gadgets)
+
+        return True
+
+
+    def __lookingForGadgets(self):
+
+        if self.__checksBeforeManipulations() == False:
+            return False
+
+        arch = self.__binary.getArchMode()
+        print("Gadgets information\n============================================================")
+        for gadget in self.__gadgets:
+            vaddr = gadget["vaddr"]
+            insts = gadget["gadget"]
+            bytes = gadget["bytes"]
+            bytesStr = " // " + bytes.encode('hex') if self.__options.dump else ""
+
+            print(("0x%08x" %(vaddr) if arch == CS_MODE_32 else "0x%016x" %(vaddr)) + " : %s" %(insts) + bytesStr)
+
+        print("\nUnique gadgets found: %d" %(len(self.__gadgets)))
+        return True
+
+
+    def __lookingForAString(self, string):
+
+        if self.__checksBeforeManipulations() == False:
+            return False
+
+        dataSections = self.__binary.getDataSections()
+        arch = self.__binary.getArchMode()
+        print("Strings information\n============================================================")
+        for section in dataSections:
+            allRef = [m.start() for m in re.finditer(string, section["opcodes"])]
+            for ref in allRef:
+                vaddr  = self.__offset + section["vaddr"] + ref
+                string = section["opcodes"][ref:ref+len(string)]
+                rangeS = int(self.__options.range.split('-')[0], 16)
+                rangeE = int(self.__options.range.split('-')[1], 16)
+                if (rangeS == 0 and rangeE == 0) or (vaddr >= rangeS and vaddr <= rangeE):
+                    print(("0x%08x" %(vaddr) if arch == CS_MODE_32 else "0x%016x" %(vaddr)) + " : %s" %(string))
+        return True
+
+
+    def __lookingForOpcodes(self, opcodes):
+
+        if self.__checksBeforeManipulations() == False:
+            return False
+
+        execSections = self.__binary.getExecSections()
+        arch = self.__binary.getArchMode()
+        print("Opcodes information\n============================================================")
+        for section in execSections:
+            allRef = [m.start() for m in re.finditer(opcodes.decode("hex"), section["opcodes"])]
+            for ref in allRef:
+                vaddr  = self.__offset + section["vaddr"] + ref
+                rangeS = int(self.__options.range.split('-')[0], 16)
+                rangeE = int(self.__options.range.split('-')[1], 16)
+                if (rangeS == 0 and rangeE == 0) or (vaddr >= rangeS and vaddr <= rangeE):
+                    print(("0x%08x" %(vaddr) if arch == CS_MODE_32 else "0x%016x" %(vaddr)) + " : %s" %(opcodes))
+        return True
+
+
+    def __lookingForMemStr(self, memstr):
+
+        if self.__checksBeforeManipulations() == False:
+            return False
+
+        sections  = self.__binary.getExecSections()
+        sections += self.__binary.getDataSections()
+        arch = self.__binary.getArchMode()
+        print("Memory bytes information\n=======================================================")
+        chars = list(memstr)
+        for char in chars:
+            try:
+                for section in sections:
+                    allRef = [m.start() for m in re.finditer(char, section["opcodes"])]
+                    for ref in allRef:
+                        vaddr  = self.__offset + section["vaddr"] + ref
+                        rangeS = int(self.__options.range.split('-')[0], 16)
+                        rangeE = int(self.__options.range.split('-')[1], 16)
+                        if (rangeS == 0 and rangeE == 0) or (vaddr >= rangeS and vaddr <= rangeE):
+                            print(("0x%08x" %(vaddr) if arch == CS_MODE_32 else "0x%016x" %(vaddr)) + " : '%c'" %(char))
+                            raise
+            except:
+                pass
+        return True
+
+
+    def analyze(self):
+
+        try:
+            self.__offset = int(self.__options.offset, 16) if self.__options.offset else 0
+        except ValueError:
+            print("[Error] The offset must be in hexadecimal")
+            return False
+
+        if self.__options.console:
+            if self.__options.binary:
+                self.__binary = Binary(self.__options)
+                if self.__checksBeforeManipulations() == False:
+                    return False
+            self.cmdloop()
+            return True
+
+        self.__binary = Binary(self.__options)
+        if self.__checksBeforeManipulations() == False:
+            return False
+
+        if   self.__options.string:   return self.__lookingForAString(self.__options.string)
+        elif self.__options.opcode:   return self.__lookingForOpcodes(self.__options.opcode)
+        elif self.__options.memstr:   return self.__lookingForMemStr(self.__options.memstr)
+        else: 
+            self.__getAllgadgets()
+            self.__lookingForGadgets()
+            if self.__options.ropchain:
+                ROPMaker(self.__binary, self.__gadgets, self.__offset)
+            return True
+
+
+    def gadgets(self):
+        return self.__gadgets
+
+
+
+
+    # Console methods  ============================================
+
+    def do_binary(self, s, silent=False):
+        # Do not split the filename with spaces since it might contain 
+        # whitespaces
+        if len(s) == 0:
+            if not silent:
+                return self.help_binary()
+            return False
+
+        binary = s
+
+        self.__options.binary = binary
+        self.__binary = Binary(self.__options)
+        if self.__checksBeforeManipulations() == False:
+            return False
+
+        if not silent:
+            print("[+] Binary loaded")
+
+
+    def help_binary(self):
+        print("Syntax: binary <file> -- Load a binary")
+        return False
+
+
+    def do_EOF(self, s, silent=False):
+        return self.do_quit(s, silent)
+
+    def do_quit(self, s, silent=False):
+        return True
+
+
+    def help_quit(self):
+        print("Syntax: quit -- Terminates the application")
+        return False
+
+
+    def do_load(self, s, silent=False):
+
+        if self.__binary == None:
+            if not silent:
+                print("[-] No binary loaded.")
+            return False
+
+        if not silent:
+            print("[+] Loading gadgets, please wait...")
+        self.__getAllgadgets()
+
+        if not silent:
+            print("[+] Gadgets loaded !")
+
+        
+    def help_load(self):
+        print("Syntax: load -- Load all gadgets")
+        return False
+
+
+    def do_display(self, s, silent=False):
+        self.__lookingForGadgets()
+
+
+    def help_display(self):
+        print("Syntax: display -- Display all gadgets loaded")
+        return False
+
+
+    def do_depth(self, s, silent=False):
+        try:
+            depth = int(s.split()[0])
+        except:
+            if not silent:
+                return self.help_depth()
+            return False
+        if depth <= 0:
+            if not silent:
+                print("[-] The depth value must be > 0")
+            return False
+        self.__options.depth = int(depth)
+
+        if not silent:
+            print("[+] Depth updated. You have to reload gadgets")
+
+
+    def help_depth(self):
+        print("Syntax: depth <value> -- Set the depth search engine")
+        return False
+
+
+    def do_badbytes(self, s, silent=False):
+        try:
+            bb = s.split()[0]
+        except:
+            if not silent:
+                return self.help_badbytes()
+            else:
+                return False
+        self.__options.badbytes = bb
+
+        if not silent:
+            print("[+] Bad bytes updated. You have to reload gadgets")
+
+
+    def help_badbytes(self):
+        print("Syntax: badbytes <badbyte1|badbyte2...> -- ")
+        return False
+
+
+    def __withK(self, listK, gadget):
+        if len(listK) == 0:
+            return True
+        for a in listK:
+            if a not in gadget:
+                return False
+        return True
+        
+    def __withoutK(self, listK, gadget):
+        for a in listK:
+            if a in gadget:
+                return False
+        return True
+
+    def do_search(self, s, silent=False):
+        args = s.split()
+        if not len(args):
+            return self.help_search()
+        withK, withoutK = [], []
+        for a in args:
+            if a[0:1] == "!":
+                withoutK += [a[1:]]
+            else:
+                withK += [a]
+        if self.__checksBeforeManipulations() == False:
+            if not silent:
+                print("[-] You have to load a binary")
+            return False
+        arch = self.__binary.getArchMode()
+        for gadget in self.__gadgets:
+            vaddr = gadget["vaddr"]
+            insts = gadget["gadget"]
+            if self.__withK(withK, insts) and self.__withoutK(withoutK, insts):
+                # What to do if silent = True?
+                print(("0x%08x" %(vaddr) if arch == CS_MODE_32 else "0x%016x" %(vaddr)) + " : %s" %(insts))
+
+
+    def help_search(self):
+        print("Syntax: search <keyword1 keyword2 keyword3...> -- Filter with or without keywords")
+        print("keyword  = with")
+        print("!keyword = witout")
+        return False
+
+
+    def count(self):
+        return len(self.__gadgets)
+
+    def do_count(self, s, silent=False):
+        if not silent:
+            print("[+] %d loaded gadgets." % self.count())
+
+
+    def help_count(self):
+        print("Shows the number of loaded gadgets.")
+        return False
+
+
+    def do_filter(self, s, silent=False):
+        try:
+            self.__options.filter = s.split()[0]
+        except:
+            if not silent:
+                return self.help_filter()
+            return False
+
+        if not silent:
+            print("[+] Filter setted. You have to reload gadgets")
+
+
+    def help_filter(self):
+        print("Syntax: filter <filter1|filter2|...> - Suppress specific instructions")
+        return False
+
+
+    def do_only(self, s, silent=False):
+        try:
+            self.__options.only = s.split()[0]
+        except:
+            if not silent:
+                return self.help_only()
+            return False
+
+        if not silent:
+            print("[+] Only setted. You have to reload gadgets")
+
+
+    def help_only(self):
+        print("Syntax: only <only1|only2|...> - Only show specific instructions")
+        return False
+
+
+    def do_range(self, s, silent=False):
+            try:
+                rangeS = int(s.split('-')[0], 16)
+                rangeE = int(s.split('-')[1], 16)
+                self.__options.range = s.split()[0]
+            except:
+                if not silent:
+                    return self.help_range()
+                return False
+
+            if rangeS > rangeE:
+                if not silent:
+                    print("[-] The start value must be greater than the end value")
+                return False
+
+            if not silent:
+                print("[+] Range setted. You have to reload gadgets")
+
+
+    def help_range(self):
+        print("Syntax: range <start-and> - Search between two addresses (0x...-0x...)")
+        return False
+
+
+    def do_settings(self, s, silent=False):
+        print("All:         %s" %(self.__options.all))
+        print("Badbytes:    %s" %(self.__options.badbytes))
+        print("Binary:      %s" %(self.__options.binary))
+        print("Depth:       %s" %(self.__options.depth))
+        print("Filter:      %s" %(self.__options.filter))
+        print("Memstr:      %s" %(self.__options.memstr))
+        print("MultiBr:     %s" %(self.__options.multibr))
+        print("NoJOP:       %s" %(self.__options.nojop))
+        print("NoROP:       %s" %(self.__options.norop))
+        print("NoSYS:       %s" %(self.__options.nosys))
+        print("Offset:      %s" %(self.__options.offset))
+        print("Only:        %s" %(self.__options.only))
+        print("Opcode:      %s" %(self.__options.opcode))
+        print("ROPchain:    %s" %(self.__options.ropchain))
+        print("Range:       %s" %(self.__options.range))
+        print("RawArch:     %s" %(self.__options.rawArch))
+        print("RawMode:     %s" %(self.__options.rawMode))
+        print("String:      %s" %(self.__options.string))
+        print("Thumb:       %s" %(self.__options.thumb))
+
+    def help_settings(self):
+        print("Display setting's environment")
+        return False
+
+
+    def do_nojop(self, s, silent=False):
+        try:
+            arg = s.split()[0]
+        except:
+            return self.help_nojop()
+
+        if arg == "enable":
+            self.__options.nojop = True
+            if not silent:
+                print("[+] NoJOP enable. You have to reload gadgets")
+
+        elif arg == "disable":
+            self.__options.nojop = False
+            if not silent:
+                print("[+] NoJOP disable. You have to reload gadgets")
+
+        else:
+            if not silent:
+                return self.help_nojop()
+            return False
+
+
+    def help_nojop(self):
+        print("Syntax: nojop <enable|disable> - Disable JOP search engin")
+        return False
+
+
+    def do_norop(self, s, silent=False):
+        try:
+            arg = s.split()[0]
+        except:
+            return self.help_norop()
+
+        if arg == "enable":
+            self.__options.norop = True
+            if not silent:
+                print("[+] NoROP enable. You have to reload gadgets")
+
+        elif arg == "disable":
+            self.__options.norop = False
+            if not silent:
+                print("[+] NoROP disable. You have to reload gadgets")
+
+        else:
+            if not silent:
+                return self.help_norop()
+            return False
+
+
+    def help_norop(self):
+        print("Syntax: norop <enable|disable> - Disable ROP search engin")
+        return False
+
+
+    def do_nosys(self, s, silent=False):
+        try:
+            arg = s.split()[0]
+        except:
+            return self.help_nosys()
+
+        if arg == "enable":
+            self.__options.nosys = True
+            if not silent:
+                print("[+] NoSYS enable. You have to reload gadgets")
+
+        elif arg == "disable":
+            self.__options.nosys = False
+            if not silent:
+                print("[+] NoSYS disable. You have to reload gadgets")
+
+        else:
+            if not silent:
+                return self.help_nosys()
+
+            return False
+
+
+    def help_nosys(self):
+        print("Syntax: nosys <enable|disable> - Disable SYS search engin")
+        return False
+
+
+    def do_thumb(self, s, silent=False):
+        try:
+            arg = s.split()[0]
+        except:
+            return self.help_thumb()
+
+        if arg == "enable":
+            self.__options.thumb = True
+            if not silent:
+                print("[+] Thumb enable. You have to reload gadgets")
+
+        elif arg == "disable":
+            self.__options.thumb = False
+            if not silent:
+                print("[+] Thumb disable. You have to reload gadgets")
+
+        else:
+            if not silent:
+                return self.help_thumb()
+            return False
+
+
+    def help_thumb(self):
+        print("Syntax: thumb <enable|disable> - Use the thumb mode for the search engine (ARM only)")
+        return False
+
+
+    def do_all(self, s, silent=False):
+        if s == "enable":
+            self.__options.all = True
+            if not silent:
+                print("[+] Showing all gadgets enabled. You have to reload gadgets")
+
+        elif s == "disable":
+            self.__options.all = False
+            if not silent:
+                print("[+] Showing all gadgets disabled. You have to reload gadgets")
+
+        else:
+            if not silent:
+                return self.help_all()
+
+            return False
+
+
+    def help_multibr(self):
+        print("Syntax: multibr <enable|disable> - Enable/Disable multiple branch gadgets")
+        return False
+
+
+    def do_multibr(self, s, silent=False):
+        if s == "enable":
+            self.__options.multibr = True
+            if not silent:
+                print("[+] Multiple branch gadgets enabled. You have to reload gadgets")
+
+        elif s == "disable":
+            self.__options.multibr = False
+            if not silent:
+                print("[+] Multiple branch gadgets disabled. You have to reload gadgets")
+
+        else:
+            if not silent:
+                return self.help_all()
+
+            return False
+
+
+    def help_all(self):
+        print("Syntax: all <enable|disable - Show all gadgets (disable removing duplice gadgets)")
+        return False
+
+class Binary:
+    def __init__(self, options):
+        self.__fileName  = options.binary
+        self.__rawBinary = None
+        self.__binary    = None
+
+        try:
+            fd = open(self.__fileName, "rb")
+            self.__rawBinary = fd.read()
+            fd.close()
+        except:
+            print("[Error] Can't open the binary or binary not found")
+            return None 
+
+        if self.__rawBinary[:4] == unhexlify(b"cafebabe"):
+             self.__binary = UNIVERSAL(self.__rawBinary)
+        elif self.__rawBinary[:4] == unhexlify(b"cefaedfe") or self.__rawBinary[:4] == unhexlify(b"cffaedfe"):
+             self.__binary = MACHO(self.__rawBinary)
+
+    def getFileName(self):
+        return self.__fileName
+
+    def getRawBinary(self):
+        return self.__rawBinary
+
+    def getBinary(self):
+        return self.__binary
+
+    def getEntryPoint(self):
+        return self.__binary.getEntryPoint()
+
+    def getDataSections(self):
+        return self.__binary.getDataSections()
+
+    def getExecSections(self):
+        return self.__binary.getExecSections()
+
+    def getArch(self):
+        return self.__binary.getArch()
+
+    def getArchMode(self):
+        return self.__binary.getArchMode()
+
+    def getFormat(self):
+        return self.__binary.getFormat()
+class Args:
+    def __init__(self, arguments=None):
+        self.__args = None
+        custom_arguments_provided = True
+
+        # If no custom arguments are provided, use the program arguments
+        if not arguments:
+          arguments = args
+          custom_arguments_provided = False
+
+        sys.argv=arguments
+        self.__parse(arguments, custom_arguments_provided)
+
+    def __parse(self, arguments, custom_arguments_provided=False):
+        parser = argparse.ArgumentParser(formatter_class=argparse.RawDescriptionHelpFormatter,
+                                         description="""description:
+  rop(ROPgadget) lets you search your gadgets on a binary. It supports several 
+  file formats and architectures and uses the Capstone disassembler for
+  the search engine.
+
+formats supported: 
+  - ELF
+  - PE
+  - Mach-O
+  - Raw
+
+architectures supported:
+  - x86
+  - x86-64
+  - ARM
+  - ARM64
+  - MIPS
+  - PowerPC
+  - Sparc
+""",
+  epilog="""examples:
+  rop --binary ./test-suite-binaries/elf-Linux-x86 
+  rop --binary ./test-suite-binaries/elf-Linux-x86 --ropchain
+  rop --binary ./test-suite-binaries/elf-Linux-x86 --depth 3
+  rop --binary ./test-suite-binaries/elf-Linux-x86 --string "main"
+  rop --binary ./test-suite-binaries/elf-Linux-x86 --string "m..n"
+  rop --binary ./test-suite-binaries/elf-Linux-x86 --opcode c9c3
+  rop --binary ./test-suite-binaries/elf-Linux-x86 --only "mov|ret"
+  rop --binary ./test-suite-binaries/elf-Linux-x86 --only "mov|pop|xor|ret"
+  rop --binary ./test-suite-binaries/elf-Linux-x86 --filter "xchg|add|sub"
+  rop --binary ./test-suite-binaries/elf-Linux-x86 --norop --nosys
+  rop --binary ./test-suite-binaries/elf-Linux-x86 --range 0x08041000-0x08042000
+  rop --binary ./test-suite-binaries/elf-Linux-x86 --string main --range 0x080c9aaa-0x080c9aba
+  rop --binary ./test-suite-binaries/elf-Linux-x86 --memstr "/bin/sh"
+  rop --binary ./test-suite-binaries/elf-Linux-x86 --console
+  rop --binary ./test-suite-binaries/elf-Linux-x86 --badbytes "00|7f|42"
+  rop --binary ./test-suite-binaries/Linux_lib64.so --offset 0xdeadbeef00000000
+  rop --binary ./test-suite-binaries/elf-ARMv7-ls --depth 5
+  rop --binary ./test-suite-binaries/elf-ARM64-bash --depth 5
+  rop --binary ./test-suite-binaries/raw-x86.raw --rawArch=x86 --rawMode=32""")
+
+        parser.add_argument("--binary",             type=str, metavar="<binary>",     help="Specify a binary filename to analyze")
+        parser.add_argument("--opcode",             type=str, metavar="<opcodes>",    help="Search opcode in executable segment")
+        parser.add_argument("--string",             type=str, metavar="<string>",     help="Search string in readable segment")
+        parser.add_argument("--memstr",             type=str, metavar="<string>",     help="Search each byte in all readable segment")
+        parser.add_argument("--depth",              type=int, metavar="<nbyte>",      default=10, help="Depth for search engine (default 10)")
+        parser.add_argument("--only",               type=str, metavar="<key>",        help="Only show specific instructions")
+        parser.add_argument("--filter",             type=str, metavar="<key>",        help="Suppress specific instructions")
+        parser.add_argument("--range",              type=str, metavar="<start-end>",  default="0x0-0x0", help="Search between two addresses (0x...-0x...)")
+        parser.add_argument("--badbytes",           type=str, metavar="<byte>",       help="Rejects specific bytes in the gadget's address")
+        parser.add_argument("--rawArch",            type=str, metavar="<arch>",       help="Specify an arch for a raw file")
+        parser.add_argument("--rawMode",            type=str, metavar="<mode>",       help="Specify a mode for a raw file")
+        parser.add_argument("--offset",             type=str, metavar="<hexaddr>",    help="Specify an offset for gadget addresses")
+        parser.add_argument("--ropchain",           action="store_true",              help="Enable the ROP chain generation")
+        parser.add_argument("--thumb"  ,            action="store_true",              help="Use the thumb mode for the search engine (ARM only)")
+        parser.add_argument("--console",            action="store_true",              help="Use an interactive console for search engine")
+        parser.add_argument("--norop",              action="store_true",              help="Disable ROP search engine")
+        parser.add_argument("--nojop",              action="store_true",              help="Disable JOP search engine")
+        parser.add_argument("--nosys",              action="store_true",              help="Disable SYS search engine")
+        parser.add_argument("--multibr",            action="store_true",              help="Enable multiple branch gadgets")
+        parser.add_argument("--all",                action="store_true",              help="Disables the removal of duplicate gadgets")
+        parser.add_argument("--dump",               action="store_true",              help="Outputs the gadget bytes")
+        
+        self.__args = parser.parse_args(arguments)
+
+        if self.__args.depth < 2:
+            print("[Error] The depth must be >= 2")
+            sys.exit(-1)
+
+        elif not custom_arguments_provided and not self.__args.binary and not self.__args.console:
+            print("[Error] Need a binary filename (--binary/--console or --help)")
+            sys.exit(-1)
+
+        elif self.__args.range:
+            try:
+                rangeS = int(self.__args.range.split('-')[0], 16)
+                rangeE = int(self.__args.range.split('-')[1], 16)
+            except:
+                print("[Error] A range must be set in hexadecimal. Ex: 0x08041000-0x08042000")
+                sys.exit(-1)
+            if rangeS > rangeE:
+                print("[Error] The start value must be greater than end value")
+                sys.exit(-1)
+
+    def __printVersion(self):
+        print("Version:        %s" %(PYROPGADGET_VERSION))
+        print("Author:         Jonathan Salwan" )
+        print("Author page:    https://twitter.com/JonathanSalwan" )
+        print("Project page:   http://shell-storm.org/project/ROPgadget/" )
+
+    def getArgs(self):
+        return self.__args
+
+def rop(debugger,args,result,dict):
+    args=shlex.split(args)
+    
+    if args:
+        Core(Args(arguments=args).getArgs()).analyze()
+    else:
+        print """description:
+  rop(ROPgadget) lets you search your gadgets on a binary. It supports several 
+  file formats and architectures and uses the Capstone disassembler for
+  the search engine.
+
+formats supported: 
+  - ELF
+  - PE
+  - Mach-O
+  - Raw
+
+architectures supported:
+  - x86
+  - x86-64
+  - ARM
+  - ARM64
+  - MIPS
+  - PowerPC
+  - Sparc
+  epilog=examples:
+  rop --binary ./test-suite-binaries/elf-Linux-x86 
+  rop --binary ./test-suite-binaries/elf-Linux-x86 --ropchain
+  rop --binary ./test-suite-binaries/elf-Linux-x86 --depth 3
+  rop --binary ./test-suite-binaries/elf-Linux-x86 --string "main"
+  rop --binary ./test-suite-binaries/elf-Linux-x86 --string "m..n"
+  rop --binary ./test-suite-binaries/elf-Linux-x86 --opcode c9c3
+  rop --binary ./test-suite-binaries/elf-Linux-x86 --only "mov|ret"
+  rop --binary ./test-suite-binaries/elf-Linux-x86 --only "mov|pop|xor|ret"
+  rop --binary ./test-suite-binaries/elf-Linux-x86 --filter "xchg|add|sub"
+  rop --binary ./test-suite-binaries/elf-Linux-x86 --norop --nosys
+  rop --binary ./test-suite-binaries/elf-Linux-x86 --range 0x08041000-0x08042000
+  rop --binary ./test-suite-binaries/elf-Linux-x86 --string main --range 0x080c9aaa-0x080c9aba
+  rop --binary ./test-suite-binaries/elf-Linux-x86 --memstr "/bin/sh"
+  rop --binary ./test-suite-binaries/elf-Linux-x86 --console
+  rop --binary ./test-suite-binaries/elf-Linux-x86 --badbytes "00|7f|42"
+  rop --binary ./test-suite-binaries/Linux_lib64.so --offset 0xdeadbeef00000000
+  rop --binary ./test-suite-binaries/elf-ARMv7-ls --depth 5
+  rop --binary ./test-suite-binaries/elf-ARM64-bash --depth 5
+  rop --binary ./test-suite-binaries/raw-x86.raw --rawArch=x86 --rawMode=32"""
+
+def __lldb_init_module(debugger, dict):
+    
+    debugger.HandleCommand('command script add --function lisa.exploitable exploitable')
+    debugger.HandleCommand('command script add --function lisa.pattern_create pattern_create')
+    debugger.HandleCommand('command script add --function lisa.pattern_offset pattern_offset')
+    debugger.HandleCommand('command script add --function lisa.check_if_cyclic check_if_cyclic')
+    debugger.HandleCommand('command script add --function lisa.stepnInstructions sf')
+    debugger.HandleCommand('command script add --function lisa.context ct')
+    debugger.HandleCommand('command script add --function lisa.s s')
+    debugger.HandleCommand('command script add --function lisa.si si')
+    debugger.HandleCommand('command script add --function lisa.so so')
+    debugger.HandleCommand('command script add --function lisa.banner banner')
+    debugger.HandleCommand('command script add --function lisa.exploitable exploitable')
+    debugger.HandleCommand('command script add -function lisa.setMallocDebug setmalloc')
+    debugger.HandleCommand('command script add -function lisa.shellcode shellcode')
+    debugger.HandleCommand('command script add -function lisa.extract_from_universal_binary extract')
+    debugger.HandleCommand('command script add --function lisa.dump dump')
+    debugger.HandleCommand('command script add --function lisa.rop rop')
+
+tty_colors = TerminalColors (True)
diff --git a/dotfiles/lldbinit b/dotfiles/lldbinit
new file mode 100644
index 0000000..857b495
--- /dev/null
+++ b/dotfiles/lldbinit
@@ -0,0 +1,6 @@
+settings set prompt "(lisa)"
+settings set target.x86-disassembly-flavor intel
+command script import ~/lisa.py
+command script import lldb
+command script add -f lisa.alias lisa
+lisa