PACE iLokv3?
 

I have program with iLok 3 here (there are a lot of variations, most of the time audio plugins), let me list for the particular version, maybe somebody has a clue on how to attack and unpack/unpace it:

If you trace throught he binary, you somehow hit a trap and land into a Demo Auth window, which forces you to exit.
It was possible to not hit that trap with fine tuning ScyllaHide.

Then there are various export functions visible

GetPluginFactory --- this exists for all vst3 plugins
pace_license_challenge_callback
C2 00 00 (RET0)
pace_wrapping_ca
pace_wrapping_cz
pace_wrapping_d
pace_wrapping_fc
pace_wrapping_fi
pace_wrapping_ia
pace_wrapping_iz
Those 7 are dynamic, they are created on runtime.
OptionalHeader.AdressOfEntryPoint --- this is the entry point
Here it seems to construct adresses, as the imagebase is hardcoded, normal VST plugins doesnt seem to have this.

The Import table has a few extra pace specific intermodular calls,
for example:
__pace_license_change_callback those lead after the binary is run, those link to the C2 00 00 (RET0) from above. Maybe they can be used?

The only thing i have found so far was the SnD paper from 2009. (I guess most the stuff is kept private R2R, RET, etc)

(what a peverse resource wasting protector. have seen variants, where the non pace version is 3.7MB and the pace version is 12.7MB Insane)

Any help woud be awsome and maybe we discuss via PM.

PS: this looks like Metafortress.