Routine inspection, 32-bit program, canary and nx are enabled
Try it locally to see the general situation
32-bit ida was loaded, and the backdoor was found when retrieving the string, shell_addr=0x80485cb
Find the key function and bypass the if on line 9 to get the shell. v1 is an unsigned integer. After we input the data, it will be converted into one's complement (negative number's complement = original code inverted +1) and stored in memory, 32 The range represented by the bit int type is -2147483648~2147483647that we should first enter a negative number, then remove the negative sign of its front door to become positive, and then calculate its complement, which must be greater than 0. The complement of -2147483648 is 0x80000000, it is still 0x80000000 after the inverse plus one, so enter -2147483648 here
