I've been using emu8086 for school purposes some years ago, and I reused it recently. If you want to bypass the registration here is how to proceed:
The informations about the registration are saved in the registry (HKEY_CURRENT_USER\Software\VB and VBA Program Settings\emu8086\Reg\*) and a file named reg.ini in the program's folder. Those informations are checked during the program start and at the activation, by the function call at 0x005DA697.
CPU Disasm
Address Hex dump Command
005DA692 68 74146200 PUSH OFFSET emu8086.00621474
005DA697 E8 D4000000 CALL 005DA770
005DA69C 66:F7D8 NEG AX
005DA69F 1BC0 SBB EAX,EAX
005DA6A1 66:A3 70146200 MOV WORD PTR DS:[621470],AX
005DA6A7 FF15 E0104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaExitP
The check result is stored in the WORD located at 0x00621470. The value stored must be non-zero to ensure that the software is registered, as show in this check.
CPU Disasm
Address Hex dump Command
005D8E32 0FBF05 70146200 MOVSX EAX,WORD PTR DS:[621470]
005D8E39 85C0 TEST EAX,EAX
005D8E3B 0F84 53050000 JE 005D9394 //jumps to show a "wrong registration key" popup if the serial is incorrect
To bypass the registration check we just need to be sure that there is a non-zero value at 0x00621470, so just replace the code that save the return of the check function to 0x00621470 by this :
Before
CPU Disasm
Address Hex dump Command
005DA692 68 74146200 PUSH OFFSET emu8086.00621474
005DA697 E8 D4000000 CALL 005DA770
005DA69C 66:F7D8 NEG AX
005DA69F 1BC0 SBB EAX,EAX
005DA6A1 66:A3 70146200 MOV WORD PTR DS:[621470],AX
005DA6A7 FF15 E0104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaExitP
After
CPU Disasm
Address Hex dump Command
005DA692 68 74146200 PUSH OFFSET emu8086.00621474
005DA697 E8 D4000000 CALL 005DA770
005DA69C 66:C705 70146200 0100 MOV WORD PTR DS:[621470],1
005DA6A5 90 NOP
005DA6A6 90 NOP
005DA6A7 FF15 E0104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaExitP
I hope this can help someone : )
