diff --git a/TODO b/TODO
index 7c163408a2..3a03a3b340 100644
--- a/TODO
+++ b/TODO
@@ -5,6 +5,14 @@
 
 <{include libr/TODO}>
 
+* Enhace code analysis
+  - calculate multiple execution paths to give branch prediction results
+    - get/set register status of the vm
+    - analyze from various parent functions and resolve ranged values
+    - a ranged value can be:
+      - ut64 from, to
+      - limit : %2 (module)
+      - ...
 * mount /mnt/ must chop last '/'
 * jk in visual mode for disassembly print format must scroll by opcodes, not bytes
 * "wx jeje" does not says "invalid hexpair string" (must report error)
diff --git a/binr/radare2/radare2.c b/binr/radare2/radare2.c
index a23da1558d..642f9fdfa0 100644
--- a/binr/radare2/radare2.c
+++ b/binr/radare2/radare2.c
@@ -206,10 +206,12 @@ int main(int argc, char **argv) {
 	}
 
 	if (debug) {
+		int *p = r.file->fd->data;
+		int pid = *p; // 1st element in debugger's struct must be int
 		r_core_cmd (&r, "e io.ffio=true", 0);
 		r_core_cmd (&r, "dh native", 0);
-		r_core_cmdf (&r, "dpa %d", r.file->fd);
-		r_core_cmdf (&r, "dp=%d", r.file->fd);
+		r_core_cmdf (&r, "dpa %d", pid);
+		r_core_cmdf (&r, "dp=%d", pid);
 		r_core_cmd (&r, ".dr*", 0);
 		/* honor dbg.bep */
 		{
diff --git a/libr/io/cache.c b/libr/io/cache.c
index 3743082835..44b814e9a0 100644
--- a/libr/io/cache.c
+++ b/libr/io/cache.c
@@ -1,4 +1,4 @@
-/* radare - LGPL - Copyright 2008-2010 pancake<nopcode.org> */
+/* radare - LGPL - Copyright 2008-2011 pancake<nopcode.org> */
 
 // XXX This has been stolen from r_vm !!! we must adapt this
 // XXX to work with r_io correctly
diff --git a/libr/io/io.c b/libr/io/io.c
index 9cf43be489..0bcc1212e9 100644
--- a/libr/io/io.c
+++ b/libr/io/io.c
@@ -1,4 +1,4 @@
-/* radare - LGPL - Copyright 2008-2010 pancake<nopcode.org> */
+/* radare - LGPL - Copyright 2008-2011 pancake<nopcode.org> */
 
 #include "r_io.h"
 #include "r_util.h"
@@ -83,15 +83,15 @@ R_API RIODesc *r_io_open(struct r_io_t *io, const char *file, int flags, int mod
 			plugin = r_io_plugin_resolve (io, uri);
 			if (plugin && plugin->open) {
 				desc = plugin->open (io, uri, flags, mode);
+				if (io->redirect) {
+					free ((void *)uri);
+					uri = strdup (io->redirect);
+					r_io_redirect (io, NULL);
+					continue;
+				}
 				if (desc != NULL) {
 					r_io_desc_add (io, desc);
 					fd = desc->fd;
-					if (io->redirect) {
-						free ((void *)uri);
-						uri = strdup (io->redirect);
-						r_io_redirect (io, NULL);
-						continue;
-					}
 					if (fd != -1)
 						r_io_plugin_open (io, fd, plugin);
 					if (desc != io->fd)
diff --git a/libr/io/p/io_debug.c b/libr/io/p/io_debug.c
index bc70b9580a..03693bc2eb 100644
--- a/libr/io/p/io_debug.c
+++ b/libr/io/p/io_debug.c
@@ -1,4 +1,4 @@
-/* radare - LGPL - Copyright 2007-2010 pancake<nopcode.org> */
+/* radare - LGPL - Copyright 2007-2011 pancake<nopcode.org> */
 
 #include <r_io.h>
 #include <r_lib.h>
@@ -249,10 +249,6 @@ static RIODesc *__open(struct r_io_t *io, const char *file, int rw, int mode) {
 	return NULL;
 }
 
-static int __init(struct r_io_t *io) {
-	return R_TRUE;
-}
-
 struct r_io_plugin_t r_io_plugin_debug = {
         //void *plugin;
 	.name = "debug",
@@ -262,7 +258,6 @@ struct r_io_plugin_t r_io_plugin_debug = {
 	.lseek = NULL,
 	.system = NULL,
 	.debug = (void *)1,
-	.init = __init,
         //void *widget;
 /*
         struct debug_t *debug;
diff --git a/libr/io/p/io_ptrace.c b/libr/io/p/io_ptrace.c
index 2cafbaac51..8781479fb7 100644
--- a/libr/io/p/io_ptrace.c
+++ b/libr/io/p/io_ptrace.c
@@ -42,7 +42,7 @@ static int debug_os_read_at(int pid, void *buf, int sz, ut64 addr) {
 			(void *)(&((long*)(long)addr)[x]));
                 if (((long *)buf)[x] == -1) // && errno)
                         return s;
-		s += sizeof (long);
+		s += sizeof (s);
         }
         if (last) {
                 lr = debug_read_raw (pid, &((long*)(long)addr)[x]);
@@ -98,24 +98,25 @@ static RIODesc *__open(struct r_io_t *io, const char *file, int rw, int mode) {
 	int ret = -1;
 	if (__plugin_open (io, file)) {
 		int pid = atoi (file+9);
-		if (file[0]=='a') {
-			ret = ptrace (PTRACE_ATTACH, pid, 0, 0);
-			if (ret == -1) {
-				switch (errno) {
-				case EPERM:
-					ret = pid;
-					eprintf ("Operation not permitted\n");
-					break;
-				case EINVAL:
-					perror ("ptrace: Cannot attach");
-					eprintf ("ERRNO: %d (EINVAL)\n", errno);
-					break;
-				}
-			} else
-			if (__waitpid (pid))
+		ret = ptrace (PTRACE_ATTACH, pid, 0, 0);
+		if (file[0]=='p')  //ptrace
+			ret = 0;
+		else
+		if (ret == -1) {
+			switch (errno) {
+			case EPERM:
 				ret = pid;
-			else eprintf ("Error in waitpid\n");
-		} else ret = pid;
+				eprintf ("ptrace_attach: Operation not permitted\n");
+				break;
+			case EINVAL:
+				perror ("ptrace: Cannot attach");
+				eprintf ("ERRNO: %d (EINVAL)\n", errno);
+				break;
+			}
+		} else
+		if (__waitpid (pid))
+			ret = pid;
+		else eprintf ("Error in waitpid\n");
 		if (ret != -1) {
 			RIOPtrace *riop = R_NEW (RIOPtrace);
 			riop->pid = riop->tid = pid;
@@ -140,6 +141,12 @@ static int __system(struct r_io_t *io, RIODesc *fd, const char *cmd) {
 	RIOPtrace *iop = (RIOPtrace*)fd->data;
 	//printf("ptrace io command (%s)\n", cmd);
 	/* XXX ugly hack for testing purposes */
+	if (!strcmp (cmd, "mem")) {
+		char b[128];
+		int ret = debug_os_read_at (iop->pid, b, 128, 0x8048500);
+		printf ("ret = %d , pid = %d\n", ret, iop->pid);
+		printf ("%x %x %x %x\n", b[0], b[1], b[2], b[3]);
+	} else
 	if (!strcmp (cmd, "pid")) {
 		int pid = atoi (cmd+4);
 		if (pid != 0)