# Find the Jump Point

Once the bad chars have been found; find the jump point to exploit:

`!mona jmp -r esp -cpb "BAD CHARS"`

This will identify the potential jumps, potentially in a list. Any can be used.

In mona click on one, and press enter to follow it into the decompiled app. In x86 systems, the jump value will be reversed:

**`JMP ESP`**`: 62501203`

`In`` `**`retn`**`: \x03\x12\x50\x62`