I have a program that checks the previous registration info at startup, i can find this check easy enough however i cant find the call or jump that leads to this check. The check starts at 0042B770 but when i disassemble the exe and go to this address, it does not have any referenced jumps or calls, also the few lines of code above this are all nops and then a ret... could anyone tell me how i could find the address that jumps/calls 0042B770. Thanks.

Hello Tech19 !

Since I don't think there is much encryption in it, I can only think of two ways:

Code:

Proc1:

  ...

  Mov   EAX, [????????]

  Cmp   EAX, ????????

  Ja    BadFunction

  Jmp   DWord Ptr [4*EAX+????????]

Code:

Proc2:

  ...

  Mov    E?X, [????????]

  Call   DWord Ptr [E?X+??]

Here we have a jump-table. It is at address ????????. The 4*EAX denotes the function called, since every address has 4 bytes. The Cmp checks if the call would not call a memory address where no pointer to a valid procedure is stored. So you should go to the jump-table start, find the procedure with the keycheck, find the value for EAX which needs to be passed to Proc1 and set a breakpoint with condition if EAX==????????. Then you can see from where the call came.
A bit more complicated, since you don't know the address of the jump-table. So you have to use a debugger and check it at runtime.