Midv-075

What makes a debut like this successful is the combination of several key elements:

The ( 0x40073f ) is stored at [rbp+8] . Because print_result prints the 64‑bit result as a signed integer with printf("%ld\n", result) , we can force the function to return a value that is exactly the saved RIP . MIDV-075

(Japanese: はじめて、果てるまで見つめ合って限界までお互い気持ちいい濃密SEX3本番) What makes a debut like this successful is

The trick: supply values a and b such that a + b == saved_rip (mod 2^64). Since saved_rip is a (the address of print_result after the call), we can compute the required operands offline. MIDV-075