diff --git a/ROPgadget/ropgadget/ropchain/arch/ropmakerx86.py b/ROPgadget/ropgadget/ropchain/arch/ropmakerx86.py
index e2779b6..368f728 100644
--- a/ROPgadget/ropgadget/ropchain/arch/ropmakerx86.py
+++ b/ROPgadget/ropgadget/ropchain/arch/ropmakerx86.py
@@ -83,6 +83,33 @@ class ROPMakerX86(object):
 
         return p
 
+    def __write4bytes(self, address, data, data_addr, popDst, popSrc, write4where):
+        p  = pack("<I", popDst['vaddr'])
+        p += pack("<I", address)
+        p += self.__padding(popDst, {})
+
+        p += pack("<I", popSrc['vaddr'])
+        p += data
+        p += self.__padding(popSrc, {popDst["gadget"].split()[1]: data_addr}) # Don't overwrite reg dst
+
+        p += pack("<I", write4where['vaddr'])
+        p += self.__padding(write4where, {})
+
+        return p
+
+    def __write4nulls(self, address, popDst, xorSrc, write4where):
+        p  = pack("<I", popDst['vaddr'])
+        p += pack("<I", address)
+        p += self.__padding(popDst, {})
+
+        p += pack("<I", xorSrc["vaddr"])
+        p += self.__padding(xorSrc, {})
+
+        p += pack("<I", write4where["vaddr"])
+        p += self.__padding(write4where, {})
+
+        return p
+
     def __buildRopChain(self, write4where, popDst, popSrc, xorSrc, xorEax, incEax, popEbx, popEcx, popEdx, syscall):
         sects = self.__binary.getDataSections()
         dataAddr = None
@@ -135,29 +162,19 @@ class ROPMakerX86(object):
         for i, chunk in enumerate(command_chunks):
             address = exec_addr + (i * 4)
 
-            p += pack("<I", popDst['vaddr'])
-
-            p += pack("<I", address)
-            p += self.__padding(popDst, {})
-
-            p += pack("<I", popSrc['vaddr'])
-            p += bytes(chunk, "ascii")
-            p += self.__padding(popSrc, {popDst["gadget"].split()[1]: dataAddr}) # Don't overwrite reg dst
-
-            p += pack("<I", write4where['vaddr'])
-            p += self.__padding(write4where, {})
+            # write 4 char chunk of the command
+            p += self.__write4bytes(
+                address,
+                bytes(chunk, "ascii"),
+                dataAddr, popDst, popSrc, write4where
+            )
 
 
         # write null byte after exec path string
-        p += pack("<I", popDst['vaddr'])
-        p += pack("<I", exec_addr + len(command))
-        p += self.__padding(popDst, {})
-
-        p += pack("<I", xorSrc["vaddr"])
-        p += self.__padding(xorSrc, {})
-
-        p += pack("<I", write4where["vaddr"])
-        p += self.__padding(write4where, {})
+        p += self.__write4nulls(
+            exec_addr + len(command),
+            popDst, xorSrc, write4where
+        )
 
         ##########################
         # Write Argument Strings #
@@ -168,32 +185,18 @@ class ROPMakerX86(object):
         # Write Argv Array #
         ####################
 
-        # put argvAddr in edx
-        p += pack('<I', popDst['vaddr'])
-        p += pack('<I', argv_addr) # @ .data + {offset + 4}
-        p += self.__padding(popDst, {})
+        # write argv[0] = exec_addr
+        p += self.__write4bytes(
+            argv_addr,
+            pack('<I', exec_addr),
+            dataAddr, popDst, popSrc, write4where
+        )
 
-        # write the exec path address to eax
-        p += pack('<I', popSrc['vaddr'])
-        p += pack('<I', exec_addr) # @ .data
-        p += self.__padding(popSrc, {popDst["gadget"].split()[1]: dataAddr}) # Don't overwrite reg dst
-
-        # perform the write: eax -> [edx]
-        # write the exec path address to argv[0]
-        p += pack('<I', write4where['vaddr']) # {write4where['gadget']}")
-        p += self.__padding(write4where, {})
-
-
-        # ARGV MUST BE FOLLOWED BY NULL
-        p += pack('<I', popDst['vaddr']) # { popDst['gadget'] }
-        p += pack('<I', argv_addr + (len(args) * 4) + 4) # @ .data + {offset + 8}
-        p += self.__padding(popDst, {})
-
-        p += pack('<I', xorSrc["vaddr"])
-        p += self.__padding(xorSrc, {})
-
-        p += pack('<I', write4where["vaddr"])
-        p += self.__padding(write4where, {})
+        # write null byte after argv array
+        p += self.__write4nulls(
+            argv_addr + (len(args) * 4) + 4,
+            popDst, xorSrc, write4where
+        )
 
         ##################################
         # Setup execve Args in Registers #