Windows 7 Help on Windows 7 Blue Screen which caused by "Tcpip.sys"

thinkpwd

New Member
My Thinkpad X201i is running Windows 7 system with Nortel VPN and Lotus Notes.
When I connect to VPN and run Notes.exe, the system may meet a blue screen and
says: tcpip.exe error. This really drive me mad. Who can help me on this
problem? Thanks so much!
View attachment DMP.rar
 
DUMP:
Code:
DRIVER_OVERRAN_STACK_BUFFER (f7)
A driver has overrun a stack-based buffer.  This overrun could potentially
allow a malicious user to gain control of this machine.
DESCRIPTION
A driver overran a stack-based buffer (or local variable) in a way that would
have overwritten the function's return address and jumped back to an arbitrary
address when the function returned.  [COLOR=#ff0000][U][B]This is the classic "buffer overrun"
hacking attack and the system has been brought down to prevent a malicious user
from gaining complete control of it.[/B][/U][/COLOR]
Do a kb to get a stack backtrace -- the last routine on the stack before the
buffer overrun handlers and bugcheck call is the one that overran its local
variable(s).
Arguments:
Arg1: 1bfbd676, Actual security check cookie from the stack
Arg2: 8c0ea0ad, Expected security check cookie
Arg3: 73f15f52, Complement of the expected security check cookie
Arg4: 00000000, zero

Debugging Details:
------------------


GSFAILURE_FUNCTION: tcpip!Ipv4pFragmentPacketHelper

GSFAILURE_RA_SMASHED:  TRUE

GSFAILURE_MODULE_COOKIE: 8c0ea0ad tcpip!__security_cookie [ 8c0ea004 ]

GSFAILURE_FRAME_COOKIE:  ffffffff

SECURITY_COOKIE:  Expected 8c0ea0ad found 1bfbd676

GSFAILURE_ANALYSIS_TEXT: !gs output:
Corruption occurred in tcpip!Ipv4pFragmentPacketHelper or one of its callers

Analyzing __report_gsfailure frame (2)...
LEA usage: Function @0xFFFFFFFF8C084BC5-0xFFFFFFFF8C085397 is NOT using LEA
Module canary at 0xFFFFFFFF8C0EA004 (tcpip!__security_cookie): 0x8C0EA0AD
Complement at 0xFFFFFFFF8C0EA008: 0x73F15F52  (matches OK)
couldn't disassemble

Stack buffer overrun analysis completed successfully.


BUGCHECK_STR:  STACK_BUFFER_OVERRUN

DEFAULT_BUCKET_ID:  GS_FALSE_POSITIVE_PROBABLY_NOT_USING_GS

CUSTOMER_CRASH_COUNT:  1

PROCESS_NAME:  System

CURRENT_IRQL:  2

STACK_TEXT:  
8fbe69ec 8c098069 000000f7 1bfbd676 8c0ea0ad nt!KeBugCheckEx+0x1e
8fbe6a0c 8c085397 00000000 864d5a70 00000030 tcpip!__report_gsfailure+0x25
8fbe6ad0 4ae8c041 3dd26b26 a80769bf b5173c80 tcpip!Ipv4pFragmentPacketHelper+0x7d2
WARNING: Frame IP not in any known module. Following frames may be wrong.
8fbe6adc b5173c80 e828bb64 648b96f4 f315f9b3 0x4ae8c041
8fbe6bdc 8c07c174 8958c810 b4a3d3d2 8c0e9b44 0xb5173c80
8fbe6c6c 8c080e46 8a785008 86276978 00000000 tcpip!Fl48pReceiveArpPackets+0xf8
8fbe6ce8 8c07b45e 8a785008 86276978 00000000 tcpip!FlpReceiveNonPreValidatedNetBufferListChain+0x760
8fbe6d1c 836d577a 86276978 00000000 ffffffff tcpip!FlReceiveNetBufferListChainCalloutRoutine+0x11e
8fbe6d1c 836d5871 86276978 00000000 ffffffff nt!KiSwapKernelStackAndExit+0x15a
8df2f148 00000000 00000000 00000000 00000000 nt!KiSwitchKernelStackAndCallout+0x31


STACK_COMMAND:  kb

FOLLOWUP_IP: 
tcpip!Ipv4pFragmentPacketHelper+7d2
8c085397 c9              leave

SYMBOL_STACK_INDEX:  2

SYMBOL_NAME:  tcpip!Ipv4pFragmentPacketHelper+7d2

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: tcpip

IMAGE_NAME:  tcpip.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4e83e463

FAILURE_BUCKET_ID:  STACK_BUFFER_OVERRUN_MISMATCH_GSCOOKIE_tcpip!Ipv4pFragmentPacketHelper+7d2

BUCKET_ID:  STACK_BUFFER_OVERRUN_MISMATCH_GSCOOKIE_tcpip!Ipv4pFragmentPacketHelper+7d2

Followup: MachineOwner
Start by running this Microsoft Standalone System Sweeper Beta | Microsoft Connect
Download the correct version for your architecture. Grab a blank CD, double click the program and it will create a bootable CD that will allow you do scan your system independent of the OS. Choose full system scan.
Keep us posted.
 
Back
Top