Software security Module/ toolkit replacing HSM for developing crypto functions

You could use SoftHSM, which is a pure-software PKCS #11 implementation. It is being used by the OpenDNSSEC project precisely to be swapped out in cases a real HSM is not available, so it might work for you too. However, it's BSD licensed, so I guess your management may not like it on that basis.

If you are looking for low-cost and yet commmercial (I'm not sure if you're specifically looking for something proprietary, which CryptoAPI is, or for something that is commercially supported, which CryptoAPI is not, unless you have a contract with Microsoft), rewriting your application to use the Win32 CryptoAPI seems the only viable option to me. RSA's toolkits are not cheap, in my experience.

Your best option should be to find a software PKCS#11 library. There should be several implementations on the market - I know that the company I work for sells one. That way you would still be able to switch back to a PKCS#11-compliant HSM and the necessary modifications to the application should be minimal.

Your other options are CryptoAPI or CNG from Microsoft or a toolkit from RSA, Cryptomathic or another vendor. That would probably require more work to rewrite the application - I can't really see any advantage to this option, except that CryptoAPI and CNG are free.

I have a customer who used the software PKCS#11 implementation that comes with Mozilla's NSS as a drop-in replacement for the HSM. They're on Linux using ruby-pkcs11, so your mileage may vary.