Jordan Eldredge

Disassembling Winamp with Ghidra to find the Maki interpreter

So called “Modern” Winamp skins are scripted using a custom scripting language called Maki which compiles to a custom byte code.

To learn more about this byte code, I attempted to locate the byte code interpreter in the Winamp binary. Here are the septs I followed to find the Maki interpreter in the Winamp binary using Ghidra:

  • Install Winamp (5.666)

  • Find the install directory in Program Files

  • Find the plugins directory

  • Open gen_ff.dll plugin (the one in charge of rendering the UI) in Ghidra

  • Search strings for “division” and find “Division by zero”

  • Select that option to jump to the data section offset where the string is

  • Right click the offset number and select “Show all References to Address”

  • Find the name of the enclosing function that uses the string

  • Right click the name and select “References” > “Find references to FUN_<FUNCTION_NUMBER>”

  • Jump to the one reference

  • This function is the interpreter

  • 🎉

The branch for multiplication

Tags: winamp