Amazon Kindle (Windows) cannot be started again after a malformed azw is opened
It affects the user experience. The uninstallation and reinstallation cannot be opened, unless the user finds the file that has a problem manually and deletes it ...... Version 1.10.8
(1) Reproduction
For example, if you want to find a free public edition book, you can find a place, such as the author's:
"Robert Louis Steven son"
If you delete a character, for example, "o", it will lead to all subsequent disorder, and Kindle resolution will also fail.
(2) Others
Double-click to open azw, and Kindle will automatically copy it to the user directory. When the Kindle is initialized, the following files are automatically parsed to read the cover, author, and other information.
The downloaded files are not deleted after the Kindle is uninstalled, so you need to manually delete the files:
HKEY_CURRENT_USER \ Software \ Amazon \ Kindle \ User Settings \ CONTENT_PATH
Problematic files in this directory, otherwise the Kindle will never start
File Download:
Http://pan.baidu.com/s/1jG3RaGA
Double-click it to open it.
(460.cd8): Access violation - code c0000005 (!!! second chance !!!)*** ERROR: Symbol file could not be found. Defaulted to export symbols for F:\Program Files (x86)\Amazon\Kindle\Kindle.exe - eax=000000dd ebx=000004e4 ecx=00000000 edx=0022ed44 esi=0022ed68 edi=000000ddeip=0197383f esp=0022ed14 ebp=05920448 iopl=0 nv up ei pl nz na po nccs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00210202Kindle!std::_Init_locks::operator=+0x137353:0197383f 0fb65103 movzx edx,byte ptr [ecx+3] ds:002b:00000003=??
At startup:
No digital signature check in this build... QString: arg: Argument missing:????? Delta ????????????????????????? Parameters ????????? Ó ??????????????? Ó ??????? ???????????, . Using Qt version 4.8.6
(11d0.1574): Access violation - code c0000005 (first chance)First chance exceptions are reported before any exception handling.This exception may be expected and handled.*** ERROR: Symbol file could not be found. Defaulted to export symbols for MazamaReader.exe - eax=000000dd ebx=000004e4 ecx=00000000 edx=0271e63c esi=0271e660 edi=000000ddeip=008f383f esp=0271e60c ebp=05760448 iopl=0 nv up ei pl nz na po nccs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00210202MazamaReader!std::_Init_locks::operator=+0x137353:008f383f 0fb65103 movzx edx,byte ptr [ecx+3] ds:002b:00000003=??0:000> kvn # ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong.00 0271e60c 008f6539 0271e648 0271e63c 86d91ccb MazamaReader!std::_Init_locks::operator=+0x13735301 00000000 00000000 00000000 00000000 00000000 MazamaReader!std::_Init_locks::operator=+0x13a04d
The cause of the crash is:
0:000> ub 008f6539 MazamaReader!std::_Init_locks::operator=+0x13a039:008f6525 54 push esp008f6526 2420 and al,20h008f6528 52 push edx008f6529 8d442430 lea eax,[esp+30h]008f652d 50 push eax008f652e 8d74244c lea esi,[esp+4Ch]008f6532 8bcf mov ecx,edi008f6534 e8f7d2ffff call MazamaReader!std::_Init_locks::operator=+0x137344 (008f3830)
It can be seen that edi is the culprit, and edi is
008f6520 8b7c2440 mov edi, dword ptr [esp + 40 h]
Modification: The content of [esp + 40 h] needs to be verified, but the previous code is not clear, so it is better to track it dynamically. Restart,
Executable search path is:
ModLoad: 013d0000 036ee000 MazamaReader.exe
Base Address 0x013d0000, MazamaReader! Std: _ Init_locks: operator = + 0x137353 (01a2383f), get MazamaReader! Std: _ Init_locks: operator = the actual address is 0x018EC4EC, And the offset is 0x51C4EC.
Run again,
Executable search path is:
ModLoad: 013d0000 036ee000 MazamaReader.exe
Actually, this number (in fact, address randomization is enabled for this program), then the address on the previous layer is:
MazamaReader! Std: _ Init_locks: operator = + 0x13a04d
0x018EC4EC + 0x13a04d = 0x01A26539
This address is 0x000001c9 from the beginning of the function, and the available function address is 0x1A26370, with the next breakpoint.
0: 000> bp 0x1A26370
* ** ERROR: Symbol file cocould not be found. Defaulted to export symbols for MazamaReader.exe-
0: 000> g
Breakpoint 0 hit
Eax = 002ce9a4 ebx = 00000000 ecx = 050d1b38 edx = 002cea58 esi = ffffffff edi = 05145968
Eip = 01a26370 esp = 002ce8a0 ebp = 002 cecfc iopl = 0 nv up ei ng nz na pe nc
Cs = 0023 ss = 002b ds = 002b es = 002b fs = 0053 gs = 002b efl = 00200286
MazamaReader! Std: _ Init_locks: operator = + 0x139e84:
01a26370 6aff push 0 ffffffh
We can see that the stack information has almost no reference value ......
0: 000> k
ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
002 cecfc 01a616b2 MazamaReader! Std: _ Init_locks: operator = + 0x139ea1
002ced30 01a62692 MazamaReader! Std: _ Init_locks: operator = + 0x1751c6
002ced80 016dea4e MazamaReader! Std: _ Init_locks: operator = + 0x1761a6
00000000 00000000 MazamaReader! XmlXIncludeProcessNode + 0xacb8e
Tracking and discovery:
0: 000>
Eax = 0035e600 ebx = 000004e4 ecx = 010d0440 edx = 0035e5f4 esi = 0035e618 edi = 010d0440
Eip = 01a26534 esp = 0035e5cc ebp = 010d0448 iopl = 0 nv up ei pl nz na pe nc
Cs = 0023 ss = 002b ds = 002b es = 002b fs = 0053 gs = 002b efl = 00200206
MazamaReader! Std: _ Init_locks: operator = + 0x13a048:
01a26534 e8f7d2ffff call MazamaReader! Std: _ Init_locks: operator = + 0x137344 (01a23830)
0: 000>
Eax = 00000000 ebx = 000004e4 ecx = 010d046b edx = 0035e5f4 esi = 0035e618 edi = 010d0440
Eip = 01a26539 esp = 0035e5cc ebp = 010d0448 iopl = 0 nv up ei pl zr na pe nc
Cs = 0023 ss = 002b ds = 002b es = 002b fs = 0053 gs = 002b efl = 00200246
MazamaReader! Std: _ Init_locks: operator = + 0x13a04d:
01a26539 83c408 add esp, 8
0: 000>
Eax = 00000000 ebx = 000004e4 ecx = 010d046b edx = 0035e5f4 esi = 0035e618 edi = 010d0440
Eip = 01a2653c esp = 0035e5d4 ebp = 010d0448 iopl = 0 nv up ei pl nz ac pe nc
Cs = 0023 ss = 002b ds = 002b es = 002b fs = 0053 gs = 002b efl = 00200216
MazamaReader! Std: _ Init_locks: operator = + 0x13a050:
01a2653c 89442440 mov dword ptr [esp + 40 h], eax ss: 002b: 0035e614 = 40040d01
0: 000>
Set esp + 40 to 0.
The specific reasons are as follows:
eax=00002541 ebx=0000002b ecx=0137046b edx=003cea04 esi=003cea28 edi=01370548eip=01a238eb esp=003ce9d0 ebp=01370448 iopl=0 nv up ei pl nz na pe nccs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00200206MazamaReader!std::_Init_locks::operator=+0x1373ff:01a238eb 8902 mov dword ptr [edx],eax ds:002b:003cea04=230000000:000> eax=00002541 ebx=0000002b ecx=0137046b edx=003cea04 esi=003cea28 edi=01370548eip=01a238ed esp=003ce9d0 ebp=01370448 iopl=0 nv up ei pl nz na pe nccs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00200206MazamaReader!std::_Init_locks::operator=+0x137401:01a238ed 3906 cmp dword ptr [esi],eax ds:002b:003cea28=dd0000000:000> eax=00002541 ebx=0000002b ecx=0137046b edx=003cea04 esi=003cea28 edi=01370548eip=01a238ef esp=003ce9d0 ebp=01370448 iopl=0 nv up ei ng nz na pe cycs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00200287MazamaReader!std::_Init_locks::operator=+0x137403:01a238ef 5b pop ebx0:000> eax=00002541 ebx=000004e4 ecx=0137046b edx=003cea04 esi=003cea28 edi=01370548eip=01a238f0 esp=003ce9d4 ebp=01370448 iopl=0 nv up ei ng nz na pe cycs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00200287MazamaReader!std::_Init_locks::operator=+0x137404:01a238f0 1bc0 sbb eax,eax0:000> eax=ffffffff ebx=000004e4 ecx=0137046b edx=003cea04 esi=003cea28 edi=01370548eip=01a238f2 esp=003ce9d4 ebp=01370448 iopl=0 nv up ei ng nz ac pe cycs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00200297MazamaReader!std::_Init_locks::operator=+0x137406:01a238f2 f7d0 not eax0:000> eax=00000000 ebx=000004e4 ecx=0137046b edx=003cea04 esi=003cea28 edi=01370548eip=01a238f4 esp=003ce9d4 ebp=01370448 iopl=0 nv up ei ng nz ac pe cycs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00200297MazamaReader!std::_Init_locks::operator=+0x137408:01a238f4 23c1 and eax,ecx0:000>
When data is parsed, the bitwise subtraction minus CF causes eax to become 0 xffffffff, followed by ecx for logic and ...... Then a null pointer is returned.
This is a normal trend:
0:000> eax=0000002b ebx=00000a28 ecx=053c0440 edx=003aeb84 esi=003aeba8 edi=053c0548eip=01a238f0 esp=003aeb54 ebp=053c043c iopl=0 nv up ei pl nz ac pe nccs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00200216MazamaReader!std::_Init_locks::operator=+0x137404:01a238f0 1bc0 sbb eax,eax0:000> eax=00000000 ebx=00000a28 ecx=053c0440 edx=003aeb84 esi=003aeba8 edi=053c0548eip=01a238f2 esp=003aeb54 ebp=053c043c iopl=0 nv up ei pl zr na pe nccs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00200246MazamaReader!std::_Init_locks::operator=+0x137406:01a238f2 f7d0 not eax0:000> eax=ffffffff ebx=00000a28 ecx=053c0440 edx=003aeb84 esi=003aeba8 edi=053c0548eip=01a238f4 esp=003aeb54 ebp=053c043c iopl=0 nv up ei pl zr na pe nccs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00200246MazamaReader!std::_Init_locks::operator=+0x137408:01a238f4 23c1 and eax,ecx0:000> eax=053c0440 ebx=00000a28 ecx=053c0440 edx=003aeb84 esi=003aeba8 edi=053c0548eip=01a238f6 esp=003aeb54 ebp=053c043c iopl=0 nv up ei pl nz na po nccs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00200202MazamaReader!std::_Init_locks::operator=+0x13740a:01a238f6 5f pop edi0:000> eax=053c0440 ebx=00000a28 ecx=053c0440 edx=003aeb84 esi=003aeba8 edi=053c0434eip=01a238f7 esp=003aeb58 ebp=053c043c iopl=0 nv up ei pl nz na po nccs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00200202MazamaReader!std::_Init_locks::operator=+0x13740b:01a238f7 c3 ret
Solution:
Empty pointer, and if the file goes wrong, should I not read it every time ......