Disassembling Winamp with Ghidra to find the Maki interpreter
So called “Modern” Winamp skins are scripted using a custom scripting language called Maki which compiles to a custom byte code.
To learn more about this byte code, I attempted to locate the byte code interpreter in the Winamp binary. Here are the septs I followed to find the Maki interpreter in the Winamp binary using Ghidra:
Install Winamp (5.666)
Find the install directory in Program Files
Find the
plugins
directoryOpen gen_ff.dll plugin (the one in charge of rendering the UI) in Ghidra
Search strings for “division” and find “Division by zero”
Select that option to jump to the data section offset where the string is
Right click the offset number and select “Show all References to Address”
Find the name of the enclosing function that uses the string
Right click the name and select “References” > “Find references to FUN_<FUNCTION_NUMBER>”
Jump to the one reference
This function is the interpreter
🎉