Help on Windows 7 Blue Screen which caused by "Tcpip.sys"

#1
My Thinkpad X201i is running Windows 7 system with Nortel VPN and Lotus Notes.
When I connect to VPN and run Notes.exe, the system may meet a blue screen and
says: tcpip.exe error. This really drive me mad. Who can help me on this
problem? Thanks so much!
View attachment DMP.rar
 


Trouble

Noob Whisperer
#2
DUMP:
Code:
DRIVER_OVERRAN_STACK_BUFFER (f7)
A driver has overrun a stack-based buffer.  This overrun could potentially
allow a malicious user to gain control of this machine.
DESCRIPTION
A driver overran a stack-based buffer (or local variable) in a way that would
have overwritten the function's return address and jumped back to an arbitrary
address when the function returned.  [COLOR=#ff0000][U][B]This is the classic "buffer overrun"
hacking attack and the system has been brought down to prevent a malicious user
from gaining complete control of it.[/B][/U][/COLOR]
Do a kb to get a stack backtrace -- the last routine on the stack before the
buffer overrun handlers and bugcheck call is the one that overran its local
variable(s).
Arguments:
Arg1: 1bfbd676, Actual security check cookie from the stack
Arg2: 8c0ea0ad, Expected security check cookie
Arg3: 73f15f52, Complement of the expected security check cookie
Arg4: 00000000, zero

Debugging Details:
------------------


GSFAILURE_FUNCTION: tcpip!Ipv4pFragmentPacketHelper

GSFAILURE_RA_SMASHED:  TRUE

GSFAILURE_MODULE_COOKIE: 8c0ea0ad tcpip!__security_cookie [ 8c0ea004 ]

GSFAILURE_FRAME_COOKIE:  ffffffff

SECURITY_COOKIE:  Expected 8c0ea0ad found 1bfbd676

GSFAILURE_ANALYSIS_TEXT: !gs output:
Corruption occurred in tcpip!Ipv4pFragmentPacketHelper or one of its callers

Analyzing __report_gsfailure frame (2)...
LEA usage: Function @0xFFFFFFFF8C084BC5-0xFFFFFFFF8C085397 is NOT using LEA
Module canary at 0xFFFFFFFF8C0EA004 (tcpip!__security_cookie): 0x8C0EA0AD
Complement at 0xFFFFFFFF8C0EA008: 0x73F15F52  (matches OK)
couldn't disassemble

Stack buffer overrun analysis completed successfully.


BUGCHECK_STR:  STACK_BUFFER_OVERRUN

DEFAULT_BUCKET_ID:  GS_FALSE_POSITIVE_PROBABLY_NOT_USING_GS

CUSTOMER_CRASH_COUNT:  1

PROCESS_NAME:  System

CURRENT_IRQL:  2

STACK_TEXT:  
8fbe69ec 8c098069 000000f7 1bfbd676 8c0ea0ad nt!KeBugCheckEx+0x1e
8fbe6a0c 8c085397 00000000 864d5a70 00000030 tcpip!__report_gsfailure+0x25
8fbe6ad0 4ae8c041 3dd26b26 a80769bf b5173c80 tcpip!Ipv4pFragmentPacketHelper+0x7d2
WARNING: Frame IP not in any known module. Following frames may be wrong.
8fbe6adc b5173c80 e828bb64 648b96f4 f315f9b3 0x4ae8c041
8fbe6bdc 8c07c174 8958c810 b4a3d3d2 8c0e9b44 0xb5173c80
8fbe6c6c 8c080e46 8a785008 86276978 00000000 tcpip!Fl48pReceiveArpPackets+0xf8
8fbe6ce8 8c07b45e 8a785008 86276978 00000000 tcpip!FlpReceiveNonPreValidatedNetBufferListChain+0x760
8fbe6d1c 836d577a 86276978 00000000 ffffffff tcpip!FlReceiveNetBufferListChainCalloutRoutine+0x11e
8fbe6d1c 836d5871 86276978 00000000 ffffffff nt!KiSwapKernelStackAndExit+0x15a
8df2f148 00000000 00000000 00000000 00000000 nt!KiSwitchKernelStackAndCallout+0x31


STACK_COMMAND:  kb

FOLLOWUP_IP: 
tcpip!Ipv4pFragmentPacketHelper+7d2
8c085397 c9              leave

SYMBOL_STACK_INDEX:  2

SYMBOL_NAME:  tcpip!Ipv4pFragmentPacketHelper+7d2

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: tcpip

IMAGE_NAME:  tcpip.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4e83e463

FAILURE_BUCKET_ID:  STACK_BUFFER_OVERRUN_MISMATCH_GSCOOKIE_tcpip!Ipv4pFragmentPacketHelper+7d2

BUCKET_ID:  STACK_BUFFER_OVERRUN_MISMATCH_GSCOOKIE_tcpip!Ipv4pFragmentPacketHelper+7d2

Followup: MachineOwner
Start by running this Microsoft Standalone System Sweeper Beta | Microsoft Connect
Download the correct version for your architecture. Grab a blank CD, double click the program and it will create a bootable CD that will allow you do scan your system independent of the OS. Choose full system scan.
Keep us posted.
 


This website is not affiliated, owned, or endorsed by Microsoft Corporation. It is a member of the Microsoft Partner Program.