diff --git a/pwn/mrsnowy/README.md b/pwn/mrsnowy/README.md
index 818f435..4cbd5da 100644
--- a/pwn/mrsnowy/README.md
+++ b/pwn/mrsnowy/README.md
@@ -17,6 +17,10 @@ Something must be wrong with him.
 - `checksec --file=mrsnowy` reports NX being enabled
   - So no shellcode will be placable unless there is executable space
   - This hints to ROP Chaining
+
+
+![dissasembly of investigate function](images/investigate_disass.png)
+
 - The binary should be patched to get rid of the timetaking animation
   - Just `nop` the banner() function call using radare2
 - Overwriting the returnpointer of `investigate()` using pwntools:
diff --git a/pwn/mrsnowy/images/investigate_disass.png b/pwn/mrsnowy/images/investigate_disass.png
new file mode 100644
index 0000000..b4fca7a
Binary files /dev/null and b/pwn/mrsnowy/images/investigate_disass.png differ