Phox Crackme 2 -------------- This one wasn't so hard either, First off start the crackme and enter a junk serial, i entered '11223344' and set a breakpoint on MessageBoxA , press the OK button and you'll land here: :004011E8 E86C000000 CALL USER32!MessageBoxA :004011ED 33C0 XOR EAX,EAX :004011EF 5E POP ESI :004011F0 5F POP EDI :004011F1 5B POP EBX :004011F2 C9 LEAVE :004011F3 C21000 RET 0010 scroll up a bit and you'll see :0040119B 837D1020 CMP DWORD PTR [EBP+10],20 :0040119F 754C JNZ 004011ED :004011A1 FF354C204000 PUSH DWORD PTR [0040204C] :004011A7 E89B000000 CALL USER32!GetWindowTextLengthA ; get the length of our entered serial :004011AC A3E9204000 MOV [004020E9],EAX :004011B1 8BF0 MOV ESI,EAX ; ESI = length of our serial :004011B3 83FE0C CMP ESI,0C ; Compare ESI with 0Ch (12) :004011B6 751E JNZ 004011D6 ; Jump if length isn't 12 chars :004011B8 6A30 PUSH 30 :004011BA 6891204000 PUSH 00402091 ; else push the 'Nice Job' stuff :004011BF 6897204000 PUSH 00402097 :004011C4 FF3548204000 PUSH DWORD PTR [00402048] :004011CA E88A000000 CALL USER32!MessageBoxA ; and show it :004011CF 5E POP ESI :004011D0 5F POP EDI :004011D1 5B POP EBX :004011D2 C9 LEAVE :004011D3 C21000 RET 0010 :004011D6 6A30 PUSH 30 :004011D8 68ED204000 PUSH 004020ED ; push the bad box :004011DD 68FB204000 PUSH 004020FB :004011E2 FF3548204000 PUSH DWORD PTR [00402048] :004011E8 E86C000000 CALL USER32!MessageBoxA ; show it :004011ED 33C0 XOR EAX,EAX :004011EF 5E POP ESI :004011F0 5F POP EDI :004011F1 5B POP EBX :004011F2 C9 LEAVE :004011F3 C21000 RET 0010 well, all you have to do is enter 12 chars as the serial number.. --- /Klefz