The process:
The nag on startup:
First, get the crackme and run it. You saw the nag saying that we are not registered, right? We will kill that nag. Exit the program. Go into SoftIce and set a breakpoint like below:

bpx msvbvm60!rtcmsgbox

Why I set the above breakpoint? Because this a VB6 program and rtcmsgbox is the import function used by VB programs to generate a messagebox. Run the crackme again, SoftIce will pop up, press F11 once, the messagebox will show up, press the OK button on the messagebox and lastly SoftIce will pop up again. You will see the below code in SoftIce:

:0040FDDA CALL [MSVBVM60!rtcMsgBox]
:0040FDE0 LEA ECX,[EBP-1C] ;; you will land here

Notice the call? That's the call that will display the messagebox, I wonder whether we can bypass that call. Disassemble the crackme with W32Dasm(or any other disassembler), select from the menu to go to code location, enter 0040FDDA and you will see the below code:

:004FDDA Call dword ptr [00401050]

Note down the offset. Go into HIEW(or other hex editor), load the crackme, press Enter twice to go into hex mode, press F5 and enter the offset which you have noted down. The call consists of 6 bytes, so nop(F3 to edit, change those bytes into 90) all the 6 bytes. Press F9 to save and F10 to exit HIEW(you can choose to not exit, hehe). Run the crackme again. Hey, where has the nag gone?(Well, maybe it went to Wonderland already, hehe).
 

The easy serial:
Actually, there are three main ways that one can use to fish out the easy serial here. I have tried all the three ways and succeeded successfully. The first is to use W32Dasm with SDR Enabler for VB Apps from Duelist of DREAD Crew(this way is kinda lame), the second is with SmartCheck(you will need to show all events to fish the correct serial, I used version 6.01) and lastly, the third and the most approved(or standard, hehe) way is of course use our one and only SoftIce(actually, other debuggers may work too). Start the crackme, enter a fake serial(put one which i quite long since the input field is so long), go into SoftIce and set a breakpoint like below:

bpx msvbvm60!__vbastrcmp

Note that the __vbastrcmp has two underscores. Why this breakpoint? Because this is one of the most used function in VB to compare strings(well, you won't know exactly which one to use actually but for this target, I know this breakpoint is correct). Press the Check Key button, you will be thrown back into SoftIce, press F11 once and you will land on the code below:

:0040E932 PUSH EAX ;; prepare/load your fake serial you entered
:0040E933 PUSH 0040BAB0 ;; prepare/load the correct serial
:0040E938 CALL [MSVBVM60!__vbaStrCmp] ;; compare the two serials
:0040E93E MOV ESI,EAX ;; you land here

Disable the breakpoint on msvbvm60!__vbastrcmp by typing the below command and press enter:

bc*

Set breakpoint on 0040E932 so that when that line of code is being executed, SoftIce will break, the command as below:

bpx 0040E933

Press Ctrl+D to go out of SoftIce, the wrong serial messagebox will come out, press OK and press the Check Key button again. SoftIce will pop up, the command below will show you the correct serial:

d 0040BAB0

You will see something like below in the data window:

2.3.7.8.4.6.2.8.
3.5.6.2.6.7.....

Don't worry, this is normal for VB programs(this serial is in wide char format), so to get the correct serial just neglect all the .(dots). Enter the serial and press Check Key, quickly, a messagebox will inform you that easy serial part is now completed.
 

The harder serial:
Well, I don't know why this part is considered as harder serial because using the same way as we used on the easy serial, I successfully fish out a correct serial for this part. From the radio menu, select the harder serial part, enter some fake info, go into SoftIce and set a breakpoint like below:

bpx msvbvm60!__vbastrcmp

Go out of SoftIce, press the Check Key button, SoftIce will pop up, press F11 once and you will see the below code:

:0040EC41 PUSH EAX ;; prepare/load the correct serial
:0040EC42 CALL [MSVBVM60!__vbaStrCmp] ;; compare routine
:0040EC48 MOV ESI,EAX

Clear the breakpoint on msvbvm60!__vbastrcmp(refer to above), set a breakpoint on 0040EC41(refer to above) and go out of SoftIce. The wrong serial messagebox will be displayed, press OK and press the Check Key button again. You will land on 0040EC41 and by using the below command you can see the correct serial for this part in the data window:

d eax

The correct serial will again be in wide char format, so sort them out wisely and later try the serial. Another part of the crackme is completed(three parts out of eight).
 

The name/serial:
This is a bit harder cause we don't know which is the appropriate breakpoint to set(__vbastrcmp won't work) but then hmemcpy should be working. Yes, it works. This will require some tracing. First, in the radio menu, switch to the name/serial part, enter some fake into both of the input field like I do below:

ManKind
2319998

Go into SoftIce and set a breakpoint on hmemcpy. Go out of SoftIce and press the Check Key button, SoftIce will pop up, press F5 once to let SoftIce read the info on the second input field(the first time only it only reads the info on the first input field), press F12 until you are in MSVBVM60!'s code(you can know by looking at the bottom of the code window). Next, press F10 until you are in Crackme8's code, continue pressing until the white line indicator of SoftIce land on the below code:

:0040F338 MOV [EBP-3C],EAX

Using the command "d eax"(without quotes), you will see something like below in the data window:

I.D. .C.r.a.c.k.
m.e. .V.8...0...
B.y. .W.h.i.z.K.
i.D. .......S...

Scroll down a little and you should see your fake serial, scroll down more you can see your fake name and little more will display your correct serial(all in wide char format). For my name, I got the following serial:

328716234

No, I am not gonna do keygen here, I am a newbie(lamer to be more suitable, hehe) and that's not the requirement for this part. Well, another part completed(5 out of 8). I am starting to get tired here, but I'll try my best to crack all parts of the crackme.
 

The matrix:
I am not going to explain how to get valid codes(either checked or unchecked) here because I think I am not good enough to explain. There are more than one correct code and I have got only one valid one which my friend(thanks ^tCM^, hehe) find out. The condition of the valid code is as below:

Check all the checkboxes(shocking, but true, hehe)

Though this is more to some type of bug, I don't care much cause who asks the programmer to leave a bug in it. Another reason why I don't care much to find out a valid(standard and certified) way to crack and explain this part is because the programmer allows us to patch this part, since our patching skills are tested by the nag part already, I don't think we need to show off again(hehe). Last reason why I didn't go further to find other valid codes is because one valid code is good enough cause the programmer doesn't ask us to make a keygen. That's all for this part, don't be disappointed, there are still other parts.
 

The keyfile:
I have never successfully crack any keyfile protection before, this is my first. This really gave me some trouble but with an appropriate breakpoint, it is just a piece of cake. Start the crackme, don't choose the keyfile part in the radio menu yet. With SmartCheck, I found that the keyfile's name is wk.dat and it should be placed in the same directory as the crackme(you can also use File Monitor), so we create a file in the directory where the crackme is and name it as wk.dat. Go into SoftIce and set a breakpoint like below:

bpx msvbvm60!__vbafileopen

In the radio menu, choose the keyfile part and SoftIce will pop up almost immediately, press F11 once and you will you come to the below code:

:0040F506 PUSH 0040BCC0 ;; load something, interesting, hehe
:0040F50B PUSH 01
:0040F50D PUSH FF
:0040F50F PUSH 01 ;; scroll up if you can't see the above codes
:0040F511 CALL [MSVBVM60!__vbaFileOpen] ;; open file routine
:0040F517 MOV EBX,[MSVBVM60!rtcEndOfFile] ;; you land here

Clear the breakpoint of msvbvm60!__vbafileopen and type the below command to view the correct content of the keyfile in the data window:

d 0040BCC0

You will see something like below:

w.k...d.a.t.....
.... E.a.s.y., .
e.h.?.......R.e.

Come out of SoftIce. Is that(Easy, eh? ->in wide char format) the correct content of the keyfile? To know, we just need to try it. Edit the wk.dat file, fill in Easy, eh? and save it. Next, in the radio menu, just choose any other part(hopefully not the nag part, hehe) and then choose the kyefile part again and a Registered! text will quickly be presented to you.
 

The nag:
Since we have cracked the first nag on startup, this shouldn't be a problem to us. Don't choose the nag part in the radio menu first, go into SoftIce and set a breakpoint on msvbvm60!rtcmsgbox like below:

bpx msvbvm60!rtcmsgbox

Leave SoftIce and select the nag part. SoftIce will pop up, press F11 once, the nag will be displayed, press the OK button and you will back into SoftIce with the following code displaed to you:

:00412B6A CALL [MSVBVM60!rtcMsgBox] ;; the call that display the nag
:00412B70 LEA ECX,[EBP-1C] ;; you land here

Note down the call's address(00412B6A), clear the breakpoint on msvbvm60!rtcmsgbox, leave SoftIce, disassemble the crackme and go to address 00412B6A and finally note down the offset of the address in the disassembler(you can also use Iczelion's great Offset Utility). Exit the crackme and shut down W32Dasm. Use HIEW, load up the crackme, press Enter twice to go into hex mode, press F5 to go to the location we want, enter the offset that we noted down, when we reach there press F3 to edit and nop(change all the 6 bytes into 90) all the 6 bytes in the call. Press F9 to save the changes and F10 to exit. Restart the crackme and choose the nag part, eh, no more nag! Yes, we killed that nag already. That's all for this part.
 

The cripple part:
Should this be named cripple or disabled(I think it should be called disabled, but then, this is WhizKiD's program, hehe)? The matrix part and this part really give me some headache but shortly before this tutorial is completed, I happen to speak to WhizKiD on IRC and I found out that I must use a customiser to enable the disabled button. I don't agree with that, because to me, using a customiser and patching doesn't have any difference at all since both way changes the code in the main .exe file. Anyway, in order to successfully crack all parts of this crackme and teach you something new(there is not much tutorial on using customiser/resource editor), I decided to proceed to crack this part. Start the crackme and The Customiser, in the radio menu of the crackme choose the cripple part, press the Edit Window button on The Customiser's screen. The Customiser Configuration Screen will pop up, in the radio menu choose Select, press the On button, now you can select which region of window you want to edit, choose the Disabled button of the crackme, make sure the following data are all shown in the Window Details tab of the configuration screen before you click on the Disabled button(with the special pointer):

Class:ThunderRT6CommandButton
Text:Disabled
Parent Class:ThunderRT6FormDC
Parent Text:WhizKiD's Crackme Challenge

Then, on the configuration screen, switch to the Misc. tab and check those checkboxes with the name mentioned below:

Enable Window
Save Action
Parent Window
Resource Id
Class Name

Click the Do Now button and now switch over to the crackme and see what happens to the disabled button. You can click the button now and it will display a message telling you that the cripple part is completed(this prove that this part shouldn't be called cripple, should be disabled since the function of the button is working as soon as it is enabled). To make the button look nicer, you can also change the Text from Disabled into Enabled but I am not going to teach you how here since our main objective has been met. That's it for this part. Hope you are satisfied and learn something new(this is my, WhizKiD's and all other members of the Reverse Engineering Scene's main purpose). As usual, contact me if I make any mistake, give me your feedback, comments, suggestions and opinions about this tutorial and my way of presenting it.
 

Extra notes:
Well, the year 1999 is coming to an end. I must take this advantage to thanks everyone who has contributed to me in all possible ways, either directly or indirectly(especially those with names mentioned below). I must also praise WhizKiD and other Immortal Descendants members for their good work. Keep up your good works. I must admit that while cracking this crackme, I am very happy because of the challenges and this is the longest essay I have ever written. I really felt proud of the Reverse Engineering Scene(which is far more successful than hacking, virii, etc.)!

Ending:
Thanks and greetz to:
+ORC, +HCU, Sandman, HarvestR, tKC, ytc_, Punisher, Kwai_Lo, TORN@DO, CrackZ, cLUSTER, LaZaRuS, mISTER fANATIC, yes123, WhizKiD, Volatility, ACiD BuRN, Eternal Bliss, R!SC, Kwazy Webbit, +Mammon, MisterE, Shadow, ^tCM^, WaJ, Borna Janes, Kathras, douby, Steinowitz, Lord Soth, Latigo, Lucifer48, NeuRaL_NoiSE, Fravia+, Latigo, Duelist, Alpine, flag eRRatum, Nitrus, +Frog's Print, Muad`Dib, Iczelion, Razzia, Warezpup, Bomber Monkey, llama and other crackers, individuals and organisations who have helped me, either directly or indirectly.