Help on Windows 7 Blue Screen which caused by "Tcpip.sys"

Discussion in 'Windows 7 Blue Screen of Death (BSOD)' started by thinkpwd, Jan 2, 2012.

  1. thinkpwd

    thinkpwd New Member

    Joined:
    Jan 2, 2012
    Messages:
    2
    Likes Received:
    0
    My Thinkpad X201i is running Windows 7 system with Nortel VPN and Lotus Notes.
    When I connect to VPN and run Notes.exe, the system may meet a blue screen and
    says: tcpip.exe error. This really drive me mad. Who can help me on this
    problem? Thanks so much!
    View attachment DMP.rar
     
  2. Trouble

    Trouble Noob Whisperer

    Joined:
    Nov 30, 2009
    Messages:
    13,845
    Likes Received:
    833
    DUMP:
    Code:
    DRIVER_OVERRAN_STACK_BUFFER (f7)
    A driver has overrun a stack-based buffer.  This overrun could potentially
    allow a malicious user to gain control of this machine.
    DESCRIPTION
    A driver overran a stack-based buffer (or local variable) in a way that would
    have overwritten the function's return address and jumped back to an arbitrary
    address when the function returned.  [COLOR=#ff0000][U][B]This is the classic "buffer overrun"
    hacking attack and the system has been brought down to prevent a malicious user
    from gaining complete control of it.[/B][/U][/COLOR]
    Do a kb to get a stack backtrace -- the last routine on the stack before the
    buffer overrun handlers and bugcheck call is the one that overran its local
    variable(s).
    Arguments:
    Arg1: 1bfbd676, Actual security check cookie from the stack
    Arg2: 8c0ea0ad, Expected security check cookie
    Arg3: 73f15f52, Complement of the expected security check cookie
    Arg4: 00000000, zero
    
    Debugging Details:
    ------------------
    
    
    GSFAILURE_FUNCTION: tcpip!Ipv4pFragmentPacketHelper
    
    GSFAILURE_RA_SMASHED:  TRUE
    
    GSFAILURE_MODULE_COOKIE: 8c0ea0ad tcpip!__security_cookie [ 8c0ea004 ]
    
    GSFAILURE_FRAME_COOKIE:  ffffffff
    
    SECURITY_COOKIE:  Expected 8c0ea0ad found 1bfbd676
    
    GSFAILURE_ANALYSIS_TEXT: !gs output:
    Corruption occurred in tcpip!Ipv4pFragmentPacketHelper or one of its callers
    
    Analyzing __report_gsfailure frame (2)...
    LEA usage: Function @0xFFFFFFFF8C084BC5-0xFFFFFFFF8C085397 is NOT using LEA
    Module canary at 0xFFFFFFFF8C0EA004 (tcpip!__security_cookie): 0x8C0EA0AD
    Complement at 0xFFFFFFFF8C0EA008: 0x73F15F52  (matches OK)
    couldn't disassemble
    
    Stack buffer overrun analysis completed successfully.
    
    
    BUGCHECK_STR:  STACK_BUFFER_OVERRUN
    
    DEFAULT_BUCKET_ID:  GS_FALSE_POSITIVE_PROBABLY_NOT_USING_GS
    
    CUSTOMER_CRASH_COUNT:  1
    
    PROCESS_NAME:  System
    
    CURRENT_IRQL:  2
    
    STACK_TEXT:  
    8fbe69ec 8c098069 000000f7 1bfbd676 8c0ea0ad nt!KeBugCheckEx+0x1e
    8fbe6a0c 8c085397 00000000 864d5a70 00000030 tcpip!__report_gsfailure+0x25
    8fbe6ad0 4ae8c041 3dd26b26 a80769bf b5173c80 tcpip!Ipv4pFragmentPacketHelper+0x7d2
    WARNING: Frame IP not in any known module. Following frames may be wrong.
    8fbe6adc b5173c80 e828bb64 648b96f4 f315f9b3 0x4ae8c041
    8fbe6bdc 8c07c174 8958c810 b4a3d3d2 8c0e9b44 0xb5173c80
    8fbe6c6c 8c080e46 8a785008 86276978 00000000 tcpip!Fl48pReceiveArpPackets+0xf8
    8fbe6ce8 8c07b45e 8a785008 86276978 00000000 tcpip!FlpReceiveNonPreValidatedNetBufferListChain+0x760
    8fbe6d1c 836d577a 86276978 00000000 ffffffff tcpip!FlReceiveNetBufferListChainCalloutRoutine+0x11e
    8fbe6d1c 836d5871 86276978 00000000 ffffffff nt!KiSwapKernelStackAndExit+0x15a
    8df2f148 00000000 00000000 00000000 00000000 nt!KiSwitchKernelStackAndCallout+0x31
    
    
    STACK_COMMAND:  kb
    
    FOLLOWUP_IP: 
    tcpip!Ipv4pFragmentPacketHelper+7d2
    8c085397 c9              leave
    
    SYMBOL_STACK_INDEX:  2
    
    SYMBOL_NAME:  tcpip!Ipv4pFragmentPacketHelper+7d2
    
    FOLLOWUP_NAME:  MachineOwner
    
    MODULE_NAME: tcpip
    
    IMAGE_NAME:  tcpip.sys
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  4e83e463
    
    FAILURE_BUCKET_ID:  STACK_BUFFER_OVERRUN_MISMATCH_GSCOOKIE_tcpip!Ipv4pFragmentPacketHelper+7d2
    
    BUCKET_ID:  STACK_BUFFER_OVERRUN_MISMATCH_GSCOOKIE_tcpip!Ipv4pFragmentPacketHelper+7d2
    
    Followup: MachineOwner
    Start by running this Microsoft Standalone System Sweeper Beta | Microsoft Connect
    Download the correct version for your architecture. Grab a blank CD, double click the program and it will create a bootable CD that will allow you do scan your system independent of the OS. Choose full system scan.
    Keep us posted.
     

Share This Page

Loading...