Hi. I am assuming you are saying about the "A"*40. The 40 junk characters is to fill everything until the RIP region , ie we are wrapping around the buffer and RBP to reach the RIP region where we can provide our chain. We are not giving the payload pop rdi and system in the stack. For example if the system() address is called in the RIP region we actually execute the system function. If we use the system address inside the buffer space, It cannot execute it. Hope I clarified the doubt :)