shit.... couldn't you have asked this in some more private area?
now i have to open up my knowledge... *sob*
anyway:
the plain idea is: the music must be somewhere inside the EXE file of the installer/demo/cracktro/whatever.
we just have to get it out.
for this we have some program called WinRip or WinRipper, hard to find, but somewhere on the net as "wr078.zip"....
on a very small amount of targets we will manage to extract music files (MOD or XM mostly) using this tool.
but most targets are compressed and/or encrypted somehow.
to break this, we need to dump the target. for this we have a tool called
"ProcDump", you can find it on the net.
most times the exe files will be defective after dumping, especially when directly dumping from task list in PD (which is sometimes needed when nothing else works, normally we just choose to 'unpack' instead, target unknown). but this doesn't matter for us, since the data part is intact in 99,9% of all times.
you can try to determine the type of compressor/encryptor using a tool called "PE-Scan" and supply the info acquired to PD.
after we hopefully succeeded in dumping, we just use WinRip on the dump.
voilá!
in some really hard cases we have to manually trace write operations using "Filemon" from sysinternals.com, since some installers write the music file to some temp location before playing it back.....
so, now that i revealed all information which was holy to me, i will leave to find some dark cave where i can get some sleep after crying for hours...