.text:00CAB180 ; FUNCTION CHUNK AT .text:024AF380 SIZE 00000015 BYTES
.text:00CAB180
.text:00CAB180 ; __unwind { // SEH_CAB180
.text:00CAB180 push ebp
.text:00CAB181 mov ebp, esp
.text:00CAB183 push 0FFFFFFFFh
.text:00CAB185 push offset SEH_CAB180
.text:00CAB18A mov eax, large fs:0
.text:00CAB190 push eax
.text:00CAB191 mov large fs:0, esp
.text:00CAB198 sub esp, 350h
.text:00CAB19E mov [ebp+var_80], 0
.text:00CAB1A5 push ecx
.text:00CAB1A6 fld ds:flt_2516A6C
.text:00CAB1AC fstp [esp+360h+var_360]
.text:00CAB1AF push 0
.text:00CAB1B1 push offset aYouMustUnlockY ; "You must unlock your NaB version"
.text:00CAB1B6 lea ecx, [ebp+var_32C]
.text:00CAB1BC call ??0NaB_dialog_name@@QAE@PADKM@Z ; NaB_dialog_name::NaB_dialog_name(char *,ulong,float)
.text:00CAB1C1 ; try {
.text:00CAB1C1 mov [ebp+var_4], 0
.text:00CAB1C8 mov [ebp+var_7C], 32h ; '2'
.text:00CAB1CF mov [ebp+var_F4], 0
.text:00CAB1D6 lea eax, [ebp+var_84]
.text:00CAB1DC push eax
.text:00CAB1DD push offset aBudabe ; "Budabe"
.text:00CAB1E2 push 80000001h
.text:00CAB1E7 call ds:RegOpenKeyA
.text:00CAB1ED lea ecx, [ebp+var_7C]
.text:00CAB1F0 push ecx
.text:00CAB1F1 lea edx, [ebp+var_F4]
.text:00CAB1F7 push edx
.text:00CAB1F8 push offset aBudabeview ; "BudabeView"
.text:00CAB1FD mov eax, [ebp+var_84]
.text:00CAB203 push eax
.text:00CAB204 call ds:RegQueryValueA
.text:00CAB20A mov ecx, [ebp+var_84]
.text:00CAB210 push ecx
.text:00CAB211 call ds:RegCloseKey
.text:00CAB217 lea edx, [ebp+var_F4]
.text:00CAB21D mov [ebp+var_340], edx
.text:00CAB223 mov eax, [ebp+var_340]
.text:00CAB229 add eax, 1
.text:00CAB22C mov [ebp+var_344], eax
.text:00CAB232
.text:00CAB232 loc_CAB232: ; CODE XREF: sub_CAB180+CE?j
.text:00CAB232 mov ecx, [ebp+var_340]
.text:00CAB238 mov dl, [ecx]
.text:00CAB23A mov [ebp+var_345], dl
.text:00CAB240 add [ebp+var_340], 1
.text:00CAB247 cmp [ebp+var_345], 0
.text:00CAB24E jnz short loc_CAB232
.text:00CAB250 mov eax, [ebp+var_340]
.text:00CAB256 sub eax, [ebp+var_344]
.text:00CAB25C mov [ebp+var_34C], eax
.text:00CAB262 cmp [ebp+var_34C], 10h
.text:00CAB269 jnb short loc_CAB271
.text:00CAB26B mov [ebp+var_74], 0
.text:00CAB26F jmp short loc_CAB2AF
.text:00CAB271 ; ---------------------------------------------------------------------------
.text:00CAB271
.text:00CAB271 loc_CAB271: ; CODE XREF: sub_CAB180+E9?j
.text:00CAB271 mov [ebp+var_78], 0
.text:00CAB278 jmp short loc_CAB283
.text:00CAB27A ; ---------------------------------------------------------------------------
.text:00CAB27A
.text:00CAB27A loc_CAB27A: ; CODE XREF: sub_CAB180+12D?j
.text:00CAB27A mov ecx, [ebp+var_78]
.text:00CAB27D add ecx, 2
.text:00CAB280 mov [ebp+var_78], ecx
.text:00CAB283
.text:00CAB283 loc_CAB283: ; CODE XREF: sub_CAB180+F8?j
.text:00CAB283 cmp [ebp+var_78], 10h
.text:00CAB287 jge short loc_CAB2AF
.text:00CAB289 mov edx, [ebp+var_78]
.text:00CAB28C movzx ecx, [ebp+edx+var_F4]
.text:00CAB294 mov edx, [ebp+var_78]
.text:00CAB297 movzx eax, [ebp+edx+var_F3]
.text:00CAB29F add ecx, eax
.text:00CAB2A1 mov eax, [ebp+var_78]
.text:00CAB2A4 cdq
.text:00CAB2A5 sub eax, edx
.text:00CAB2A7 sar eax, 1
.text:00CAB2A9 mov [ebp+eax+var_74], cl
.text:00CAB2AD jmp short loc_CAB27A
.text:00CAB2AF ; ---------------------------------------------------------------------------
.text:00CAB2AF
.text:00CAB2AF loc_CAB2AF: ; CODE XREF: sub_CAB180+EF?j
.text:00CAB2AF ; sub_CAB180+107?j
.text:00CAB2AF mov [ebp+var_6C], 0
.text:00CAB2B3 mov [ebp+var_88], 10h
.text:00CAB2BD lea ecx, [ebp+var_88]
.text:00CAB2C3 push ecx
.text:00CAB2C4 lea edx, [ebp+var_1C3]
.text:00CAB2CA push edx
.text:00CAB2CB call ds:GetComputerNameA
.text:00CAB2D1 mov [ebp+var_1C4], 20h ; ' '
.text:00CAB2D8 lea eax, [ebp+var_1C4]
.text:00CAB2DE mov [ebp+var_350], eax
.text:00CAB2E4 mov ecx, [ebp+var_350]
.text:00CAB2EA add ecx, 1
.text:00CAB2ED mov [ebp+var_354], ecx
.text:00CAB2F3
.text:00CAB2F3 loc_CAB2F3: ; CODE XREF: sub_CAB180+18F?j
.text:00CAB2F3 mov edx, [ebp+var_350]
.text:00CAB2F9 mov al, [edx]
.text:00CAB2FB mov [ebp+var_355], al
.text:00CAB301 add [ebp+var_350], 1
.text:00CAB308 cmp [ebp+var_355], 0
.text:00CAB30F jnz short loc_CAB2F3
.text:00CAB311 mov ecx, [ebp+var_350]
.text:00CAB317 sub ecx, [ebp+var_354]
.text:00CAB31D mov [ebp+var_35C], ecx
.text:00CAB323 lea edx, [ebp+var_15C]
.text:00CAB329 push edx
.text:00CAB32A mov eax, [ebp+var_35C]
.text:00CAB330 push eax
.text:00CAB331 lea ecx, [ebp+var_1C4]
.text:00CAB337 push ecx
.text:00CAB338 call sub_CA70C0
.text:00CAB33D add esp, 0Ch
.text:00CAB340 lea edx, [ebp+var_74]
.text:00CAB343 push edx
.text:00CAB344 lea eax, [ebp+var_15C]
.text:00CAB34A push eax
.text:00CAB34B call ?STD_strcmp@@YAJPBD0@Z ; STD_strcmp(char const *,char const *)
.text:00CAB350 add esp, 8
.text:00CAB353 test eax, eax
.text:00CAB355 jnz short loc_CAB37E
.text:00CAB357 mov [ebp+var_330], 1
.text:00CAB357 ; } // starts at CAB1C1
.text:00CAB361 mov [ebp+var_4], 0FFFFFFFFh
.text:00CAB368 lea ecx, [ebp+var_32C]
.text:00CAB36E call ??1NaB_dialog_name@@UAE@XZ ; NaB_dialog_name::~NaB_dialog_name(void)
.text:00CAB373 mov eax, [ebp+var_330]
.text:00CAB379 jmp loc_CAB529
.text:00CAB37E ; ---------------------------------------------------------------------------
.text:00CAB37E
.text:00CAB37E loc_CAB37E: ; CODE XREF: sub_CAB180+1D5?j
.text:00CAB37E ; sub_CAB180:loc_CAB435?j
.text:00CAB37E lea ecx, [ebp+var_74]
.text:00CAB381 push ecx
.text:00CAB382 lea edx, [ebp+var_15C]
.text:00CAB388 push edx
.text:00CAB389 call ?STD_strcmp@@YAJPBD0@Z ; STD_strcmp(char const *,char const *)
.text:00CAB38E add esp, 8
.text:00CAB391 test eax, eax
.text:00CAB393 jz loc_CAB43A
.text:00CAB399 mov eax, [ebp+var_80]
.text:00CAB39C add eax, 1
.text:00CAB39F mov [ebp+var_80], eax
.text:00CAB3A2 lea ecx, [ebp+var_32C]
.text:00CAB3A8 call ?DoModal@NaB_dialog@@UAEHXZ ; NaB_dialog::DoModal(void)
.text:00CAB3AD cmp eax, 2
.text:00CAB3B0 jnz short loc_CAB3E3
.text:00CAB3B2 mov dword_2C69DA4, 0FFFFFFFFh
.text:00CAB3BC mov [ebp+var_334], 0
.text:00CAB3C6 mov [ebp+var_4], 0FFFFFFFFh
.text:00CAB3CD lea ecx, [ebp+var_32C]
.text:00CAB3D3 call ??1NaB_dialog_name@@UAE@XZ ; NaB_dialog_name::~NaB_dialog_name(void)
.text:00CAB3D8 mov eax, [ebp+var_334]
.text:00CAB3DE jmp loc_CAB529
.text:00CAB3E3 ; ---------------------------------------------------------------------------
.text:00CAB3E3
.text:00CAB3E3 loc_CAB3E3: ; CODE XREF: sub_CAB180+230?j
.text:00CAB3E3 push 32h ; '2'
.text:00CAB3E5 lea ecx, [ebp+var_234]
.text:00CAB3EB call ds:mfc90d_1131
.text:00CAB3F1 push eax
.text:00CAB3F2 lea ecx, [ebp+var_74]
.text:00CAB3F5 push ecx
.text:00CAB3F6 call ?STD_strncpy@@YAXPADPBDK@Z ; STD_strncpy(char *,char const *,ulong)
.text:00CAB3FB add esp, 0Ch
.text:00CAB3FE cmp [ebp+var_80], 3
.text:00CAB402 jnz short loc_CAB435
.text:00CAB404 mov dword_2C69DA4, 0FFFFFFFFh
.text:00CAB40E mov [ebp+var_338], 0
.text:00CAB418 mov [ebp+var_4], 0FFFFFFFFh
.text:00CAB41F lea ecx, [ebp+var_32C]
.text:00CAB425 call ??1NaB_dialog_name@@UAE@XZ ; NaB_dialog_name::~NaB_dialog_name(void)
.text:00CAB42A mov eax, [ebp+var_338]
.text:00CAB430 jmp loc_CAB529
.text:00CAB435 ; ---------------------------------------------------------------------------
.text:00CAB435
.text:00CAB435 loc_CAB435: ; CODE XREF: sub_CAB180+282?j
.text:00CAB435 jmp loc_CAB37E
.text:00CAB43A ; ---------------------------------------------------------------------------
.text:00CAB43A
.text:00CAB43A loc_CAB43A: ; CODE XREF: sub_CAB180+213?j
.text:00CAB43A mov [ebp+var_78], 0
.text:00CAB441 jmp short loc_CAB44C
.text:00CAB443 ; ---------------------------------------------------------------------------
.text:00CAB443
.text:00CAB443 loc_CAB443: ; CODE XREF: sub_CAB180+32C?j
.text:00CAB443 mov edx, [ebp+var_78]
.text:00CAB446 add edx, 2
.text:00CAB449 mov [ebp+var_78], edx
.text:00CAB44C
.text:00CAB44C loc_CAB44C: ; CODE XREF: sub_CAB180+2C1?j
.text:00CAB44C cmp [ebp+var_78], 10h
.text:00CAB450 jge short loc_CAB4AE
.text:00CAB452 mov eax, [ebp+var_78]
.text:00CAB455 cdq
.text:00CAB456 sub eax, edx
.text:00CAB458 sar eax, 1
.text:00CAB45A movzx eax, [ebp+eax+var_74]
.text:00CAB45F cdq
.text:00CAB460 sub eax, edx
.text:00CAB462 sar eax, 1
.text:00CAB464 mov ecx, [ebp+var_78]
.text:00CAB467 mov [ebp+ecx+var_F4], al
.text:00CAB46E mov edx, [ebp+var_78]
.text:00CAB471 movzx eax, [ebp+edx+var_F4]
.text:00CAB479 test eax, eax
.text:00CAB47B jnz short loc_CAB488
.text:00CAB47D mov ecx, [ebp+var_78]
.text:00CAB480 mov [ebp+ecx+var_F4], 1
.text:00CAB488
.text:00CAB488 loc_CAB488: ; CODE XREF: sub_CAB180+2FB?j
.text:00CAB488 mov eax, [ebp+var_78]
.text:00CAB48B cdq
.text:00CAB48C sub eax, edx
.text:00CAB48E sar eax, 1
.text:00CAB490 movzx edx, [ebp+eax+var_74]
.text:00CAB495 mov eax, [ebp+var_78]
.text:00CAB498 movzx ecx, [ebp+eax+var_F4]
.text:00CAB4A0 sub edx, ecx
.text:00CAB4A2 mov eax, [ebp+var_78]
.text:00CAB4A5 mov [ebp+eax+var_F3], dl
.text:00CAB4AC jmp short loc_CAB443
.text:00CAB4AE ; ---------------------------------------------------------------------------
.text:00CAB4AE
.text:00CAB4AE loc_CAB4AE: ; CODE XREF: sub_CAB180+2D0?j
.text:00CAB4AE mov [ebp+var_E4], 0
.text:00CAB4B5 lea ecx, [ebp+var_84]
.text:00CAB4BB push ecx
.text:00CAB4BC push offset aBudabe ; "Budabe"
.text:00CAB4C1 push 80000001h
.text:00CAB4C6 call ds:RegCreateKeyA
.text:00CAB4CC lea edx, [ebp+var_F4]
.text:00CAB4D2 push edx
.text:00CAB4D3 call ?STD_strlen@@YAKPBD@Z ; STD_strlen(char const *)
.text:00CAB4D8 add esp, 4
.text:00CAB4DB add eax, 1
.text:00CAB4DE push eax
.text:00CAB4DF lea eax, [ebp+var_F4]
.text:00CAB4E5 push eax
.text:00CAB4E6 push 1
.text:00CAB4E8 push offset aBudabeview ; "BudabeView"
.text:00CAB4ED mov ecx, [ebp+var_84]
.text:00CAB4F3 push ecx
.text:00CAB4F4 call ds:RegSetValueA
.text:00CAB4FA mov edx, [ebp+var_84]
.text:00CAB500 push edx
.text:00CAB501 call ds:RegCloseKey
.text:00CAB507 mov [ebp+var_33C], 1
.text:00CAB511 mov [ebp+var_4], 0FFFFFFFFh
.text:00CAB518 lea ecx, [ebp+var_32C]
.text:00CAB51E call ??1NaB_dialog_name@@UAE@XZ ; NaB_dialog_name::~NaB_dialog_name(void)
.text:00CAB523 mov eax, [ebp+var_33C]
.text:00CAB529
.text:00CAB529 loc_CAB529: ; CODE XREF: sub_CAB180+1F9?j
.text:00CAB529 ; sub_CAB180+25E?j ...
.text:00CAB529 mov ecx, [ebp+var_C]
.text:00CAB52C mov large fs:0, ecx
.text:00CAB533 mov esp, ebp
.text:00CAB535 pop ebp
.text:00CAB536 retn
.text:00CAB536 ; } // starts at CAB180
.text:00CAB536 sub_CAB180 endp
.text:00CAB536
int sub_CAB180()
{
const char *v1; // eax
unsigned int v2; // eax
char v3[248]; // [esp+34h] [ebp-32Ch] BYREF
char v4[112]; // [esp+12Ch] [ebp-234h] BYREF
char v5; // [esp+19Ch] [ebp-1C4h] BYREF
CHAR v6[103]; // [esp+19Dh] [ebp-1C3h] BYREF
char v7[104]; // [esp+204h] [ebp-15Ch] BYREF
CHAR v8; // [esp+26Ch] [ebp-F4h] BYREF
char v9[107]; // [esp+26Dh] [ebp-F3h] BYREF
DWORD v10; // [esp+2D8h] [ebp-88h] BYREF
HKEY v11; // [esp+2DCh] [ebp-84h] BYREF
int v12; // [esp+2E0h] [ebp-80h]
LONG v13; // [esp+2E4h] [ebp-7Ch] BYREF
int i; // [esp+2E8h] [ebp-78h]
char v15[104]; // [esp+2ECh] [ebp-74h] BYREF
int v16; // [esp+35Ch] [ebp-4h]
v12 = 0;
NaB_dialog_name::NaB_dialog_name((NaB_dialog_name *)v3, "You must unlock your NaB version", 0, 0.1);
v16 = 0;
v13 = 50;
v8 = 0;
RegOpenKeyA(HKEY_CURRENT_USER, "Budabe", &v11);
RegQueryValueA(v11, "BudabeView", &v8, &v13);
RegCloseKey(v11);
if ( (unsigned int)(&v9[strlen(&v8)] - v9) >= 0x10 )
{
for ( i = 0; i < 16; i += 2 )
v15[i / 2] = v9[i] + v9[i - 1];
}
else
{
v15[0] = 0;
}
v15[8] = 0;
v10 = 16;
GetComputerNameA(v6, &v10);
v5 = 32;
sub_CA70C0(&v5, &v6[strlen(&v5)] - v6, v7);
if ( STD_strcmp(v7, v15) )
{
while ( STD_strcmp(v7, v15) )
{
++v12;
if ( NaB_dialog::DoModal((NaB_dialog *)v3) != 2 )
{
v1 = (const char *)mfc90d_1131(v4);
STD_strncpy(v15, v1, 0x32u);
if ( v12 != 3 )
continue;
}
dword_2C69DA4 = -1;
v16 = -1;
NaB_dialog_name::~NaB_dialog_name((NaB_dialog_name *)v3);
return 0;
}
for ( i = 0; i < 16; i += 2 )
{
v9[i - 1] = (unsigned __int8)v15[i / 2] / 2;
if ( !v9[i - 1] )
v9[i - 1] = 1;
v9[i] = v15[i / 2] - v9[i - 1];
}
v9[15] = 0;
RegCreateKeyA(HKEY_CURRENT_USER, "Budabe", &v11);
v2 = STD_strlen(&v8);
RegSetValueA(v11, "BudabeView", 1u, &v8, v2 + 1);
RegCloseKey(v11);
v16 = -1;
NaB_dialog_name::~NaB_dialog_name((NaB_dialog_name *)v3);
return 1;
}
else
{
v16 = -1;
NaB_dialog_name::~NaB_dialog_name((NaB_dialog_name *)v3);
return 1;
}
}
这个工具要求输入代码来解锁工具并访问它,它是 2012 年的一个工具,我在 IDA 上花了几个小时试图了解如何绕过它,但我还是来了。此工具未在任何地方公开,因此请不要妄下结论说我在盗版某些东西。如果你足够聪明,你应该从伪代码中明白这不是盗版的东西。