diff --git a/tools/cinderella/cinderella_prep.cpp b/tools/cinderella/cinderella_prep.cpp
index 694756829478c54eb1acc3def65e77faa85990d0..a58d8db3ccedb3535fc133236a36f75f279573d1 100644
--- a/tools/cinderella/cinderella_prep.cpp
+++ b/tools/cinderella/cinderella_prep.cpp
@@ -95,9 +95,8 @@ bool CinderellaPrep::execute()
 	insertAssemblyBefore(m_firp, entryPoint, "nop");
 	addInferenceCallback(entryPoint);
 	
-	// pin functions
-// why do we need to pin?
-//	pinAllFunctionEntryPoints();
+	// must pin functions o/w zipr will move
+	pinAllFunctionEntryPoints();
 
 	return true;
 }
diff --git a/tools/prince/prince.cpp b/tools/prince/prince.cpp
index 2e185ff9c0caa9546b73732e0ea4b3f042be3e01..93f430904f111e3beacdb73baeac2cf9b6e4a097 100644
--- a/tools/prince/prince.cpp
+++ b/tools/prince/prince.cpp
@@ -21,10 +21,13 @@ using namespace libIRDB;
 
 uintptr_t malloc_address = 0L;
 
+int success = 0;
+
 #define EXIT_CODE_TEST_SUCCESS 0
 #define EXIT_CODE_TEST_FAILURE 1
 #define EXIT_CODE_TEST_INVALID 2
 
+
 static void send_request(int fd, struct request *req)
 {
 	int bytes_written;
@@ -32,11 +35,20 @@ static void send_request(int fd, struct request *req)
 	bytes_written = write(fd, req, sizeof(struct request));
 }
 
+static void send_quit_command(int fd)
+{
+	struct request req;
+	clear_request(&req);
+	req.command = CMD_QUIT;
+	send_request(fd, &req);
+}
+
 static void get_response(int fd, struct response *res)
 {
 	int bytes_read;
 
 	bytes_read = read(fd, res, sizeof(struct response));
+//	cout << "get_response(): bytes_read = " << bytes_read << endl;
 }
 
 static void set_argument_int(struct argument *arg, int val)
@@ -78,7 +90,7 @@ int call_proto_i_pbb(uintptr_t fn, uintptr_t rptr, int bogus1, int bogus2, int *
 	set_argument_ptr(&req.arg2, rptr);
 	set_argument_int(&req.arg3, bogus1);
 	set_argument_int(&req.arg4, bogus2);
-	req.outarg_type = ARG_PTR;
+	req.outarg_type = ARG_INT;
 
 	send_request(CINDERELLA_DRIVER_WRITE, &req);
 	get_response(CINDERELLA_DRIVER_READ, &res);
@@ -1159,8 +1171,12 @@ int test_for_realloc(const uintptr_t malloc_adddress, const uintptr_t maybe_real
 
 void sig_chld(int signo) 
 {
-	fprintf(stderr,"Child segfaulted\n");
-	exit(1); // exit with error code
+	fprintf(stderr, "prince: SIGNAL %d raised: exit: success = %d\n", signo, success);
+
+	if (success) 
+		exit(EXIT_CODE_TEST_SUCCESS); 
+	else
+		exit(EXIT_CODE_TEST_FAILURE);
 }
 
 int test_prince(string executable, string libcFunction, Function_t *functionToTest) {
@@ -1169,7 +1185,6 @@ int test_prince(string executable, string libcFunction, Function_t *functionToTe
 	pid_t pid;
 	int status, died;
 	struct sigaction act;
-	int success = 0;
 
  /* We don't want to block any other signals in this example */
     sigemptyset(&act.sa_mask);
@@ -1184,7 +1199,7 @@ int test_prince(string executable, string libcFunction, Function_t *functionToTe
     if (sigaction(SIGCHLD, &act, NULL) < 0) 
     {
         fprintf(stderr, "sigaction failed\n");
-        return 1;
+	return EXIT_CODE_TEST_FAILURE;
     }
 
 	const char *target = executable.c_str();
@@ -1305,8 +1320,11 @@ int test_prince(string executable, string libcFunction, Function_t *functionToTe
 				success = test_for_strtok(address);
 			}
 
-			fprintf(stderr, "waiting for child to exit\n");
-			waitpid(-1, &status, 0);
+			fprintf(stderr, "waiting for child to exit: success = %d\n", success);
+
+			kill(pid, SIGKILL);
+
+//			waitpid(pid, &status, 0);
  	}
 
 	return success ? EXIT_CODE_TEST_SUCCESS : EXIT_CODE_TEST_FAILURE;
diff --git a/tools/prince/prince.sh b/tools/prince/prince.sh
index f27d6bd9a5e64f6708e8228fb45d7b5b531e1b2e..e2c95030c64590686bcd6a63073b12a819351231 100755
--- a/tools/prince/prince.sh
+++ b/tools/prince/prince.sh
@@ -3,12 +3,14 @@
 # Find <libc_function> in <binary> using functions in <filename> as candidates
 #
 
-binary=$1                # binary augmented via test loop
-libc_function=$2         # what libc function are we looking for?
-filename=$3              # file containing names of candidate functions in binary
-malloc=$4                # (optional) assume $4 is malloc
+variant_id=$1
+binary=$2                # binary augmented via test loop
+libc_function=$3         # what libc function are we looking for?
+filename=$4              # file containing names of candidate functions in binary
+malloc=$5                # (optional) assume $4 is malloc
 
 tmp=$filename.tmp.$$
+prince_driver=$SECURITY_TRANSFORMS_HOME/tools/prince/prince_driver.exe
 
 tr -s '\r\n' ' ' < $filename | sed -e 's/ $/\n/' > $tmp
 functions_to_test=`cat $tmp`
@@ -20,9 +22,9 @@ for function_to_test in $functions_to_test
 do
 	echo "=== Investigating maybe $libc_function with function $function_to_test"
 	if [ -z $malloc ]; then	
-		cmd="timeout 2 $PEASOUP_HOME/prince/prince_driver.exe $binary $libc_function $function_to_test"  
+		cmd="timeout 2 $prince_driver $variant_id $binary $libc_function $function_to_test"  
 	else
-		cmd="timeout 2 $PEASOUP_HOME/prince/prince_driver.exe $binary $libc_function $function_to_test --malloc $malloc"  
+		cmd="timeout 2 $prince_driver $variant_id $binary $libc_function $function_to_test --malloc $malloc"  
 		if [ "$function_to_test" = "$malloc" ]; then
 			echo "prince negative $libc_function $function_to_test"
 			continue
@@ -39,10 +41,10 @@ do
 			echo "prince invalid $libc_function $function_to_test"
 		fi
 	fi
-	killall $binary
+	killall `basename $binary`
 done 
 
-killall $binary
+killall `basename $binary`
 echo "Done processing libc_function $libc_function with filename $filename"
 
 #cat $filename | awk '{print $1}' | while read name;
diff --git a/tools/prince/prince_driver.cpp b/tools/prince/prince_driver.cpp
index 6e49c0ebe140f41b6161fb7bc05953bb79fd57d9..6d8e55b527e17997d1bebd4b78b08c972c676e2d 100644
--- a/tools/prince/prince_driver.cpp
+++ b/tools/prince/prince_driver.cpp
@@ -27,15 +27,15 @@ extern int test_prince(string targetName, string functionName, Function_t* fn);
 
 int main(int argc, char **argv)
 {
-	if(argc != 4)
+	if(argc != 5)
   	{
 		usage(argv[0]);
 		exit(1);
 	}
 
 	string programName(argv[0]);
-	string cinderellaExecutable(argv[1]);
-	int variantID = atoi(argv[2]);
+	int variantID = atoi(argv[1]);
+	string cinderellaExecutable(argv[2]);
 	string libcFunction(argv[3]);
 	string functionName(argv[4]);
 
@@ -59,8 +59,10 @@ int main(int argc, char **argv)
 			assert(firp && pidp);
 
 			Function_t *fn = findFunction(firp, functionName);
-			if (fn)
+			if (fn) {
+				cout << "prince_driver: cinderella_exec: " << cinderellaExecutable << "  libc_function: " << functionName << "  candidate_fn: " << fn->GetName() << endl;
 				return test_prince(cinderellaExecutable, libcFunction, fn);
+			}
 			else
 				return 1;
 		}