Amazon Kindle (Windows) cannot be started again after a malformed azw is opened

Source: Internet
Author: User

Amazon Kindle (Windows) cannot be started again after a malformed azw is opened

It affects the user experience. The uninstallation and reinstallation cannot be opened, unless the user finds the file that has a problem manually and deletes it ...... Version 1.10.8

(1) Reproduction

For example, if you want to find a free public edition book, you can find a place, such as the author's:

"Robert Louis Steven son"

If you delete a character, for example, "o", it will lead to all subsequent disorder, and Kindle resolution will also fail.

(2) Others

Double-click to open azw, and Kindle will automatically copy it to the user directory. When the Kindle is initialized, the following files are automatically parsed to read the cover, author, and other information.

The downloaded files are not deleted after the Kindle is uninstalled, so you need to manually delete the files:

HKEY_CURRENT_USER \ Software \ Amazon \ Kindle \ User Settings \ CONTENT_PATH

Problematic files in this directory, otherwise the Kindle will never start

File Download:

Http://pan.baidu.com/s/1jG3RaGA

Double-click it to open it.
 

(460.cd8): Access violation - code c0000005 (!!! second chance !!!)*** ERROR: Symbol file could not be found.  Defaulted to export symbols for F:\Program Files (x86)\Amazon\Kindle\Kindle.exe - eax=000000dd ebx=000004e4 ecx=00000000 edx=0022ed44 esi=0022ed68 edi=000000ddeip=0197383f esp=0022ed14 ebp=05920448 iopl=0         nv up ei pl nz na po nccs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00210202Kindle!std::_Init_locks::operator=+0x137353:0197383f 0fb65103        movzx   edx,byte ptr [ecx+3]       ds:002b:00000003=??


At startup:

No digital signature check in this build... QString: arg: Argument missing:????? Delta ????????????????????????? Parameters ????????? Ó ??????????????? Ó ??????? ???????????, . Using Qt version 4.8.6
(11d0.1574): Access violation - code c0000005 (first chance)First chance exceptions are reported before any exception handling.This exception may be expected and handled.*** ERROR: Symbol file could not be found.  Defaulted to export symbols for MazamaReader.exe - eax=000000dd ebx=000004e4 ecx=00000000 edx=0271e63c esi=0271e660 edi=000000ddeip=008f383f esp=0271e60c ebp=05760448 iopl=0         nv up ei pl nz na po nccs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00210202MazamaReader!std::_Init_locks::operator=+0x137353:008f383f 0fb65103        movzx   edx,byte ptr [ecx+3]       ds:002b:00000003=??0:000> kvn # ChildEBP RetAddr  Args to Child              WARNING: Stack unwind information not available. Following frames may be wrong.00 0271e60c 008f6539 0271e648 0271e63c 86d91ccb MazamaReader!std::_Init_locks::operator=+0x13735301 00000000 00000000 00000000 00000000 00000000 MazamaReader!std::_Init_locks::operator=+0x13a04d





The cause of the crash is:
 

0:000> ub 008f6539 MazamaReader!std::_Init_locks::operator=+0x13a039:008f6525 54              push    esp008f6526 2420            and     al,20h008f6528 52              push    edx008f6529 8d442430        lea     eax,[esp+30h]008f652d 50              push    eax008f652e 8d74244c        lea     esi,[esp+4Ch]008f6532 8bcf            mov     ecx,edi008f6534 e8f7d2ffff      call    MazamaReader!std::_Init_locks::operator=+0x137344 (008f3830)





It can be seen that edi is the culprit, and edi is



008f6520 8b7c2440 mov edi, dword ptr [esp + 40 h]



Modification: The content of [esp + 40 h] needs to be verified, but the previous code is not clear, so it is better to track it dynamically. Restart,



Executable search path is:

ModLoad: 013d0000 036ee000 MazamaReader.exe



Base Address 0x013d0000, MazamaReader! Std: _ Init_locks: operator = + 0x137353 (01a2383f), get MazamaReader! Std: _ Init_locks: operator = the actual address is 0x018EC4EC, And the offset is 0x51C4EC.



Run again,

Executable search path is:

ModLoad: 013d0000 036ee000 MazamaReader.exe



Actually, this number (in fact, address randomization is enabled for this program), then the address on the previous layer is:

MazamaReader! Std: _ Init_locks: operator = + 0x13a04d



0x018EC4EC + 0x13a04d = 0x01A26539



This address is 0x000001c9 from the beginning of the function, and the available function address is 0x1A26370, with the next breakpoint.

0: 000> bp 0x1A26370

* ** ERROR: Symbol file cocould not be found. Defaulted to export symbols for MazamaReader.exe-

0: 000> g

Breakpoint 0 hit

Eax = 002ce9a4 ebx = 00000000 ecx = 050d1b38 edx = 002cea58 esi = ffffffff edi = 05145968

Eip = 01a26370 esp = 002ce8a0 ebp = 002 cecfc iopl = 0 nv up ei ng nz na pe nc

Cs = 0023 ss = 002b ds = 002b es = 002b fs = 0053 gs = 002b efl = 00200286

MazamaReader! Std: _ Init_locks: operator = + 0x139e84:

01a26370 6aff push 0 ffffffh



We can see that the stack information has almost no reference value ......

0: 000> k

ChildEBP RetAddr

WARNING: Stack unwind information not available. Following frames may be wrong.

002 cecfc 01a616b2 MazamaReader! Std: _ Init_locks: operator = + 0x139ea1

002ced30 01a62692 MazamaReader! Std: _ Init_locks: operator = + 0x1751c6

002ced80 016dea4e MazamaReader! Std: _ Init_locks: operator = + 0x1761a6

00000000 00000000 MazamaReader! XmlXIncludeProcessNode + 0xacb8e





Tracking and discovery:



0: 000>

Eax = 0035e600 ebx = 000004e4 ecx = 010d0440 edx = 0035e5f4 esi = 0035e618 edi = 010d0440

Eip = 01a26534 esp = 0035e5cc ebp = 010d0448 iopl = 0 nv up ei pl nz na pe nc

Cs = 0023 ss = 002b ds = 002b es = 002b fs = 0053 gs = 002b efl = 00200206

MazamaReader! Std: _ Init_locks: operator = + 0x13a048:

01a26534 e8f7d2ffff call MazamaReader! Std: _ Init_locks: operator = + 0x137344 (01a23830)

0: 000>

Eax = 00000000 ebx = 000004e4 ecx = 010d046b edx = 0035e5f4 esi = 0035e618 edi = 010d0440

Eip = 01a26539 esp = 0035e5cc ebp = 010d0448 iopl = 0 nv up ei pl zr na pe nc

Cs = 0023 ss = 002b ds = 002b es = 002b fs = 0053 gs = 002b efl = 00200246

MazamaReader! Std: _ Init_locks: operator = + 0x13a04d:

01a26539 83c408 add esp, 8

0: 000>

Eax = 00000000 ebx = 000004e4 ecx = 010d046b edx = 0035e5f4 esi = 0035e618 edi = 010d0440

Eip = 01a2653c esp = 0035e5d4 ebp = 010d0448 iopl = 0 nv up ei pl nz ac pe nc

Cs = 0023 ss = 002b ds = 002b es = 002b fs = 0053 gs = 002b efl = 00200216

MazamaReader! Std: _ Init_locks: operator = + 0x13a050:

01a2653c 89442440 mov dword ptr [esp + 40 h], eax ss: 002b: 0035e614 = 40040d01

0: 000>



Set esp + 40 to 0.





The specific reasons are as follows:

eax=00002541 ebx=0000002b ecx=0137046b edx=003cea04 esi=003cea28 edi=01370548eip=01a238eb esp=003ce9d0 ebp=01370448 iopl=0         nv up ei pl nz na pe nccs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00200206MazamaReader!std::_Init_locks::operator=+0x1373ff:01a238eb 8902            mov     dword ptr [edx],eax  ds:002b:003cea04=230000000:000> eax=00002541 ebx=0000002b ecx=0137046b edx=003cea04 esi=003cea28 edi=01370548eip=01a238ed esp=003ce9d0 ebp=01370448 iopl=0         nv up ei pl nz na pe nccs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00200206MazamaReader!std::_Init_locks::operator=+0x137401:01a238ed 3906            cmp     dword ptr [esi],eax  ds:002b:003cea28=dd0000000:000> eax=00002541 ebx=0000002b ecx=0137046b edx=003cea04 esi=003cea28 edi=01370548eip=01a238ef esp=003ce9d0 ebp=01370448 iopl=0         nv up ei ng nz na pe cycs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00200287MazamaReader!std::_Init_locks::operator=+0x137403:01a238ef 5b              pop     ebx0:000> eax=00002541 ebx=000004e4 ecx=0137046b edx=003cea04 esi=003cea28 edi=01370548eip=01a238f0 esp=003ce9d4 ebp=01370448 iopl=0         nv up ei ng nz na pe cycs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00200287MazamaReader!std::_Init_locks::operator=+0x137404:01a238f0 1bc0            sbb     eax,eax0:000> eax=ffffffff ebx=000004e4 ecx=0137046b edx=003cea04 esi=003cea28 edi=01370548eip=01a238f2 esp=003ce9d4 ebp=01370448 iopl=0         nv up ei ng nz ac pe cycs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00200297MazamaReader!std::_Init_locks::operator=+0x137406:01a238f2 f7d0            not     eax0:000> eax=00000000 ebx=000004e4 ecx=0137046b edx=003cea04 esi=003cea28 edi=01370548eip=01a238f4 esp=003ce9d4 ebp=01370448 iopl=0         nv up ei ng nz ac pe cycs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00200297MazamaReader!std::_Init_locks::operator=+0x137408:01a238f4 23c1            and     eax,ecx0:000>



When data is parsed, the bitwise subtraction minus CF causes eax to become 0 xffffffff, followed by ecx for logic and ...... Then a null pointer is returned.



This is a normal trend:

0:000> eax=0000002b ebx=00000a28 ecx=053c0440 edx=003aeb84 esi=003aeba8 edi=053c0548eip=01a238f0 esp=003aeb54 ebp=053c043c iopl=0         nv up ei pl nz ac pe nccs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00200216MazamaReader!std::_Init_locks::operator=+0x137404:01a238f0 1bc0            sbb     eax,eax0:000> eax=00000000 ebx=00000a28 ecx=053c0440 edx=003aeb84 esi=003aeba8 edi=053c0548eip=01a238f2 esp=003aeb54 ebp=053c043c iopl=0         nv up ei pl zr na pe nccs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00200246MazamaReader!std::_Init_locks::operator=+0x137406:01a238f2 f7d0            not     eax0:000> eax=ffffffff ebx=00000a28 ecx=053c0440 edx=003aeb84 esi=003aeba8 edi=053c0548eip=01a238f4 esp=003aeb54 ebp=053c043c iopl=0         nv up ei pl zr na pe nccs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00200246MazamaReader!std::_Init_locks::operator=+0x137408:01a238f4 23c1            and     eax,ecx0:000> eax=053c0440 ebx=00000a28 ecx=053c0440 edx=003aeb84 esi=003aeba8 edi=053c0548eip=01a238f6 esp=003aeb54 ebp=053c043c iopl=0         nv up ei pl nz na po nccs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00200202MazamaReader!std::_Init_locks::operator=+0x13740a:01a238f6 5f              pop     edi0:000> eax=053c0440 ebx=00000a28 ecx=053c0440 edx=003aeb84 esi=003aeba8 edi=053c0434eip=01a238f7 esp=003aeb58 ebp=053c043c iopl=0         nv up ei pl nz na po nccs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00200202MazamaReader!std::_Init_locks::operator=+0x13740b:01a238f7 c3              ret

 

Solution:

Empty pointer, and if the file goes wrong, should I not read it every time ......

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.