I got this program.. it has a two session max... i wanna defeat that..
I've pinpointed the problem to be here (using olly and hidedebug 1.22)

004f9154 CALL DWORD PTR DS:[545E40] (olly : USER32.ShowWindow)

From here the code will run into USER32, kernel etc.
Now the 'problem' is when it returns, it doesnt return to the successive address (004f915a). Depending on whetether its successfull or not, it will return to either 004f914b (success) OR 004fd1bf (wich is the deathtrap)

Now.... I dont get how a call to user32.showwindow can have an impact on the next instruction to be executed /return address... so to speak.. I think of it in terms of

1 do somethig
2. return
3. call 1.
4. do something else

eip = 3 and we would go 3,1,2,4 ... right ? Obviosly not .. perhaps someone has the patience to explain it to the n00b ?