HexonTask 3 Now Completed At LastSun Dec 20 17:15:16 1998 Hi SandmanBelow is the method that I used to complete task 3Dead Listing in W32DASM0043FA04 E8FB41FCFF call 00403C04 ;check serial no0043FA09 752E jne 0043FA39 ;begger off 0043FA0B A1209B4400 mov eax, dword ptr [00449B20] ;good guy0043FA10 8B00 mov eax, dword ptr [eax]0043FA12 E8D5AFFEFF call 0042A9EC0043FA17 A1109D4400 mov eax, dword ptr [00449D10]0043FA1C 803800 cmp byte ptr [eax],00 ;good guy if 00043FA1F 750C jne 0043FA2D ;begger offTo get CYT to accept any registration number I used BPX hmemcpy in Soft Ice to find the function that checks the serial against the username generated one. When I was satisfied that I had found this function I F12ed out of it and arrived at the second line of the above code. Then to ensure that the program flow will always drop through to the next instruction I just NOOPed the jne:0043FA09 90 nop 0043FA0A 90 nopAnd then when the prog flow again needs to fall through to the next instruction rather than jump at 0043FA1F, again I NOOPed:0043FA1F 90 nop0043FA20 90 nopTask 3 was by no means easy for me, there was a lot of trial and error involved. However I got there in the end. HexonHexon by jeff , Sun Dec 20 17:48 Re: Hexon by Hexon , Sun Dec 20 19:52