Generally when you crack something and it looks good until you restart, there's simply another registration check on startup (and generally its this check that really matters.. the other bytes you played with were nice since they probably tell the user "good boy" if they bother using the registration interface.. but the program could care less.)

Generally I would open up RegMon and FileMon (one, then the other...) and watch for any instances of the invalid username/key that you entered when you cracked it. Typically it'll be something like "RegKey" or "Key" or something to that effect. Set a filter that only shows the target you are working on, and then have the keyword highlighted.

Go back into your debugger and search for the string and set breakpoints on every instance. Run the program from your debugger (I use Olly for this type of work in most cases). It SHOULD break before you see any highlighting in RegMon/FileMon... after the first break, it's a good idea to trace OVER all the calls until you see highlighting... then when you see the code that caused the highlighting you can kill off all your other breakpoints.. and set a breakpoint on the code that reads the name/serial... since you were tracing over everything you'll likely need to restart the program and then trace INTO a call of some kind (where it does the dirty work of loading the serial into memory).. when you find the actual routine there is typically a bunch of other crap, and then a RETN.. after the return, you will be back outside the call, and on the other side you will typically encounter some kind of CMP/TEST and a conditional JMP (JZ/JNZ, etc)...

This is only one approach, but I find that it helps with a majority of programs.. I'm sure other people have better ways or different ways...

Good luck,

t0xic