Exploit Dev — Calling Functions

ret2win jumped to a function with no arguments. Real targets need you to call functions WITH controlled arguments — and on x86-64 those live in registers you do not directly control. The fix is the pop gadget: pop rdi; ret loads a stack value you supply into RDI, then keeps going. We chain gadget + value + function to call win(0xcafebabe), set two arguments with two gadgets, and meet the idea that becomes ROP: the stack as a to-do list.