At first you should understand your target and type of protection it uses.
What if:
- your target is
not packed
- your target
doesn't use serials
- your target
doesn't use registration keys
- your target is
virtualised
- your target is using
remote computations and
remote resources
- your target is using distributed nodes and micro-services
- your target is using specific dedicated
hardware
- your target is using remote
authentication and
authorisation
So, it looks like you're targeting only 'classic' desktop applications using classic approaches.
- No packing → no unpacking
- No serials and no keys → no key generation
- Virtualised code → de-virtualisation
- Specific hardware → hardware emulation
- Remote services → replacement services
- etc