Fix IDA 7.5/7.6 crashing on idapython3.dll in Wine

idafix.md

Description

For some reason IDA executes FreeLibrary() to the plugin immediately after getting its PLUGIN structure's address, so later invocations of the plugin lead to calls to nowhere (that was supposed to be python3.dll). Simply patching the location of the FreeLibrary() call fixes the issue. The location is easy to find: go by cross-references to a place where the call to FreeLibrary is followed by a reference to the string "%s: incompatible plugin version..." and NOP it away.

7.5

ida.dll

+001c1d20  15 9b e6 e3 ff 48 8b 4d  88 48 85 c9 74 0e 90 90  |.....H.M.H..t...|
+001c1d30  90 90 90 90 48 c7 45 88  00 00 00 00 48 8b 4c 24  |....H.E.....H.L$|

ida64.dll

+001cb050  15 83 53 e3 ff 48 8b 4d  88 48 85 c9 74 0e 90 90  |..S..H.M.H..t...|
+001cb060  90 90 90 90 48 c7 45 88  00 00 00 00 48 8b 4c 24  |....H.E.....H.L$|

7.6

ida.dll

+001cb6f0  15 03 4d e3 ff 48 8b 4d  88 48 85 c9 74 0e 90 90  |..M..H.M.H..t...|
+001cb700  90 90 90 90 48 c7 45 88  00 00 00 00 48 8b 4c 24  |....H.E.....H.L$|

ida64.dll

+001d53f0  15 0b b0 e2 ff 48 8b 4d  88 48 85 c9 74 0e 90 90  |.....H.M.H..t...|
+001d5400  90 90 90 90 48 c7 45 88  00 00 00 00 48 8b 4c 24  |....H.E.....H.L$|

This is really helpful!
Do you have any idea why this only crashes on wine?

This is really helpful! Do you have any idea why this only crashes on wine?

Please refer:
https://bugs.winehq.org/show_bug.cgi?id=52094
https://gitlab.winehq.org/wine/wine/-/merge_requests?scope=all&state=opened&search=refcount
The root case is that wine cannot Properly track refcount with forwarded exports, fixing it introduces memory leaking issue, so the patch is not merged to wine main branch, and it is not possible to be solved in near future.