I am looking to block plug-in hosts like those that can be loaded in daws as plugins and that can load other plugins. It’s easy to do using this JUCE: PluginHostType Class Reference
but I am not only looking to block app’s and exe, but plugins that are hosts themselves also.
Any experience? Ideas? TIA.
Please only comment if you have actual ideas or experience with the matter.
First off, don’t do this except to prove a point to Steinberg that VST3 is flawed and they should make a VST4 that doesn’t suck. That is the sole reason that I can think to do this. Every other reason (for example, preventing someone from analyzing the i/o of your plugin) has a workaround that a sufficiently motivated actor will be able to workaround with ease and it’s not worth putting in the effort to deal with (security through obscurity isn’t security, it’s a waste of money).
There’s a design flaw in the VST3 spec that when a plugin binary is loaded, the host must call InitDll, bundleEntry, or ModuleEntry depending on whether its loaded on Windows,MacOs/iOS, or Linux respectively.
If these functions run under the assumption that they’re called exactly once, then a plugin-host-in-plugin may crash when it loads a plugin after its host loads an instance of the same plugin.
(insert handwaving) there should be some way to use a combination of the current call stack and this property to forbid a plugin-as-host from loading your plugin. I’m not going to detail here what you would need to do, because again, the edge case above is a real problem but your motivations are suspect, but this should give you enough to go on.
It is very easy to spoof the application path to a dll, so if that’s something you plan on defending against, know that you’re not doing anything but wasting someone’s time.
To put it more concisely, if your goal is to prevent reverse engineering the plugin the recourse is legal and not technical. And it’s an entire engineering project to put in the barriers to do so separate from developing the plugin itself that it’s not worth it.
