Found the solution.
I tricked the program into pop-ing up a MessageBox::Show(string). W00T!
Original Code
Code:
IL_005b: /* 03 | */ ldarg.1
IL_005c: /* 08 | */ ldloc.2
IL_005d: /* 28 | (0A)000027 */ call bool [mscorlib]System.String::op_Equality(string,
string)
I had to NOP out the ldarg.1 (bad serial I typed in) so MessageBox call would not crash.
ldloc.2 held proper serial#.
Then I byte changed the 27 to 25 (which is the reference location of MessageBox used elsewhere in the program (looking at IL dump).
So now the code reads:
Code:
IL_005b: /* 00 | */ nop
IL_005c: /* 08 | */ ldloc.2
IL_005d: /* 28 | (0A)000025 */ call valuetype [System.Windows.Forms]System.Windows.Forms.DialogResult [System.Windows.Forms]System.Windows.Forms.MessageBox::Show(string)
Viola. No need for keygen. Just let the program pop out the answer for you.