Stage 1
It would appear as though all the action happens here:
00403F57 . FF15 30F34300 CALL DWORD PTR DS:[<&USER32.GetDlgItemTe>; \GetDlgItemTextA
00403F5D . 8BF0 MOV ESI,EAX
00403F5F . 83FE 02 CMP ESI,2
00403F62 . 8935 40CA4300 MOV DWORD PTR DS:[43CA40],ESI
00403F68 . 0F8C 22010000 JL ra_crckm.00404090
00403F6E . 83FE 23 CMP ESI,23
00403F71 . 0F8F 19010000 JG ra_crckm.00404090
00403F77 . BA 01000000 MOV EDX,1
00403F7C . 33C9 XOR ECX,ECX
00403F7E . 85F6 TEST ESI,ESI
00403F80 . 8915 18794300 MOV DWORD PTR DS:[437918],EDX
00403F86 . 7E 40 JLE SHORT ra_crckm.00403FC8
00403F88 . BF 60C94300 MOV EDI,ra_crckm.0043C960 ;ASCII "Hoof Arted"
00403F8D . 4F DEC EDI
00403F8E > 83F9 12 CMP ECX,12
00403F91 . 7D 2F JGE SHORT ra_crckm.00403FC2
00403F93 . 69D2 7ED31252 IMUL EDX,EDX,5212D37E
00403F99 . 0FBE440F 01 MOVSX EAX,BYTE PTR DS:[EDI+ECX+1] ;Next chr to EAX
00403F9E . 41 INC ECX ;Next chr
00403F9F . C1FA 09 SAR EDX,9
00403FA2 . 81E2 80CFCFFF AND EDX,FFCFCF80
00403FA8 . 0FAFC2 IMUL EAX,EDX
00403FAB . 40 INC EAX
00403FAC . 35 9F9F0000 XOR EAX,9F9F
00403FB1 . C1C0 05 ROL EAX,5
00403FB4 . 0FAFC1 IMUL EAX,ECX
00403FB7 . 99 CDQ
00403FB8 . 33C2 XOR EAX,EDX
00403FBA . 2BC2 SUB EAX,EDX
00403FBC . 3BCE CMP ECX,ESI ;Reached end of Username ?
00403FBE . 8BD0 MOV EDX,EAX
00403FC0 .^7C CC JL SHORT ra_crckm.00403F8E ;Not, so go back to f8e
When the name is received, it cycles through one character at a time and does it little magic trick on the val of EAX. It then compares your HEX value of your entered serial with the Value in EAX. In my case, "Hoof Arted" = 72467A80 so I would need to enter the serial "1917221504" to pass Stage 1.
Now, following the little algo used above, it is quite easy to see what it is doing and you could probably sit and work it out with a calculator. Trying to code it is another thing. I will try work on a visual basic keygen (only language I know) the problem is that it cannot handle large numbers easily.
This is where the ripping of the algo comes in. It would be great to see a little tutorial on how the rip the asm and create a keygen. Any takers

?
Stage 2
Stage 2 is a "password" stage but the password is not hardcoded. You need to "beat" the algo. The action happens here:
00403CFA . FF15 2CF34300 CALL DWORD PTR DS:[<&USER32.GetDlgItemIn>; \GetDlgItemInt
00403D00 . 8BC8 MOV ECX,EAX
00403D02 . 81F9 78563412 CMP ECX,12345678
00403D08 . 890D 1C794300 MOV DWORD PTR DS:[43791C],ECX
00403D0E . 7D 1B JGE SHORT ra_crckm.00403D2B
Above we can see that our HEX val of our serial is tested for >= to 0x12345678. So we meet the first criteria by entering, as a password , "305419896". This then enables us to go to the next part of the checking routine.
00403D2B > B8 EFCB6672 MOV EAX,7266CBEF
00403D30 . 890D C0C84300 MOV DWORD PTR DS:[43C8C0],ECX
00403D36 . F7E9 IMUL ECX
00403D38 . 8BC2 MOV EAX,EDX
00403D3A . C1F8 14 SAR EAX,14
00403D3D . 8BD0 MOV EDX,EAX
00403D3F . C1EA 1F SHR EDX,1F
00403D42 . 03C2 ADD EAX,EDX
00403D44 . 25 452E0000 AND EAX,2E45
00403D49 . 03C1 ADD EAX,ECX
00403D4B . 35 15180000 XOR EAX,1815
00403D50 . 03C1 ADD EAX,ECX
00403D52 . 25 82790000 AND EAX,7982
00403D57 . 03C1 ADD EAX,ECX
00403D59 . 25 9A810000 AND EAX,819A
00403D5E . 03C1 ADD EAX,ECX
00403D60 . A3 CCC84300 MOV DWORD PTR DS:[43C8CC],EAX
00403D65 . 05 F07FFFFF ADD EAX,FFFF7FF0
00403D6A . 3BC1 CMP EAX,ECX (ECX = 12345678, EAX = 1233D700)
It stores a copy of our serial entered and proceeds to run a little algo. The end result is then compared to our serial again. This is quite a strange thing as how can what we enter be the same as the serial that has been changed? I sort of got this by chance. A bit of zen helped me I suppose but just check this out.
You enter serial 0x12345678 and the modified version is then 1233D700. No match there.
The difference between these two is 7F78. Dont know if it means anything but add it to your 0x12345678 and you get 0x1234D5F0. Convert to dec and enter it as a password and you will see EAX = 1234D5F0, ECX = 1234D6F0 ( Close).
The difference again is 0x0100. Add this to serial and you have your required password.
To complete stage 2, password is 305452784. Now, I am sure, due to the way the calculation is done, that there are possibly other passwords that would work. I have not checked. Any mathematic geniuses could give some input?
That is as far as I have gone. I will be working on the other stages when I can and will be trying to keygen the first stage. My source code will be attached.

Dont care if you dont like VB.
Hoof