Are You Done?  
Ok Now We´ll See A Registration Dialog. Ok Let´s Enter "DnNuke'99" As Name and "1133557799" As Our Reg Code 
Oh Oh.. It Said [Registration Failed] Now What? Let´s Call The Cops. What´s The Number To 911!! 
But Why? We Didn´t Do Anything Illegal. Yet! ;)  
Ok Ok. Have Some Cold Water, Because Here Comes The easy Solution: First Fire Up W32DASM And Open The WinRar95.exe. Then Click On the [String Data References] And Look For  "Registration failed" Ok Doubel Click On It. 

You´ll Land Here 

* Possible Reference to String Resource ID=00106: "Registration failed" 
                                  | 
:00413C8C 6A6A                      push 0000006A 
:00413C8E E8F8640000            call 0041A18B 
:00413C93 59                           pop ecx 
:00413C94 50                           push eax 
:00413C95 FF7508                    push [ebp+08] 

If You Scroll Up You´ll se this: 

* Referenced by a (U)nconditional or (C)onditional Jump at Address: 
|:00413C3D(C) 
| 
:00413C59 8D559C                  lea edx, dword ptr [ebp-64] 
:00413C5C 52                         push edx 
:00413C5D 6830AD4200          push 0042AD30 
:00413C62 E839920000           call 0041CEA0 
:00413C67 83C408                  add esp, 00000008 
:00413C6A 8D8D54FFFFFF      lea ecx, dword ptr [ebp+FFFFFF54] 
:00413C70 51                          push ecx 
:00413C71 8D459C                  lea eax, dword ptr [ebp-64] 
:00413C74 50                          push eax 
:00413C75 E84768FFFF          call 0040A4C1 
:00413C7A 83C408                  add esp, 00000008 
:00413C7D 85C0                      test eax, eax 
:00413C7F 7532                       jne 00413CB3 

* Possible Reference to String Resource ID=00048: "Normal" 
                                  | 
:00413C81 6A30                    push 00000030 

* Possible Reference to String Resource ID=00026: "Warning" 
                                  | 
:00413C83 6A1A                     push 0000001A 
:00413C85 E801650000           call 0041A18B 
:00413C8A 59                         pop ecx 
:00413C8B 50                         push eax 

* Possible Reference to Dialog: ARCINFODLG, CONTROL_ID:006A, "" 

Right?  

Ok I´ll Tell You What's Important Here. 

|:00413C3D(C) 
Is The Calls Number. 
| 
:00413C59 8D559C                  lea edx, dword ptr [ebp-64] 
:00413C5C 52                         push edx 
:00413C5D 6830AD4200          push 0042AD30 
:00413C62 E839920000           call 0041CEA0 
:00413C67 83C408                  add esp, 00000008 
:00413C6A 8D8D54FFFFFF      lea ecx, dword ptr [ebp+FFFFFF54] 
:00413C70 51                          push ecx 
:00413C71 8D459C                  lea eax, dword ptr [ebp-64] 
:00413C74 50                          push eax 
:00413C75 E84768FFFF          call 0040A4C1        -----> Calculation Of Your Serial. 
:00413C7A 83C408                  add esp, 00000008 
:00413C7D 85C0                      test eax, eax       -----> Test If Your Serial = The Right Serial 
:00413C7F 7532                       jne 00413CB3      -----> jne =  Jump If Not Equal     Yep It´s Tha BadBoy! 

Well Was Our Serial Right? No....  
Ok Let' s Tell The Program That It should je = Jump If Equal. So That It Won´t Think That Our Serial Is Fake.  
Now Scroll So That The Green Line Is On The :00413C7F 7532                       jne 00413CB3 

Then You´ll See That In The Display Window At The Bottom Of The Program Shows That It´s "@Offset" Is  1327F.  
Write Down The Number And Then Fire Up Your Hex Editor. If You use HIEW Choose Decode as Mode.   
Then Enter The Offset 1327F  
And You Will See The Line. 

00413C7F: 7532                         jne      .000413CB3   -------- (1) 

Edit It And Change The 7532 To 7432 

Ok. It Looks Alright Now. Let' s Test It...  

Once Again Go To The Registration Dialog. Enter "DnNuke'99" As Name and "1133557799" As Our Reg Code. [Enter] 

mm..  A Happy Message   "Thank For Your Support" 
And Look The (evaluation copy) Is Gone!!  
Fellow Hacker We Did It.  

But Wait..  

After you register it creates a key in Rar.ini:  

[registration] 
regname=DnNuke'99 
regcode=1133557799 

That Can´t Be Good..  Why You Ask? Let' s Fire Up WinRar And Find Out.  

Oh No, The (evaluation copy) Is Still There.. No Problem. Fire Up Your W32Desm And "Search" For (evaluation copy). 
Found It Good. Let´s Look At The Code Above 

:00418D3A B94B000000              mov ecx, 0000004B 
:00418D3F F3                               repz 
:00418D40 A5                               movsd 
:00418D41 833D5C57420000      cmp dword ptr [0042575C], 00000000  ---> Compare In Rar.ini? 
:00418D48 752F                           jne 00418D79   ---> Jump If Not Equal     Bingo BadBoy Nr.2 

* Possible StringData Ref from Data Obj ->" " 
                                  | 
:00418D4A 68196B4200              push 00426B19 
:00418D4F 8D8514FDFFFF        lea eax, dword ptr [ebp+FFFFFD14] 
:00418D55 50                               push eax 
:00418D56 E8B5400000              call 0041CE10 
:00418D5B 83C408                     add esp, 00000008 

* Possible Reference to String Resource ID=00252: "(evaluation copy)" 
                                  | 
:00418D5E 68FC000000              push 000000FC 
:00418D63 E823140000              call 0041A18B 
:00418D68 59                               pop ecx 
:00418D69 50                               push eax 
:00418D6A 8D9514FDFFFF        lea edx, dword ptr [ebp+FFFFFD14] 

As You See We Found The Second Badboy. So Let´s Do The Same Thing Here.. 
Fire Up HIEW Enter Offset 18348 And Change 752F To 742F 

Test It.  Oh Yeah! Your Tha Man..  
Hope You´ve Learned Something On This Tutor..  

Bye For Now  
//DnNuke'99 [ReFleXZ] 

Bjanes, MiZ, The Sandman, tkC               .....And All Otherz Fellow Crackers....