yogo 0 Newbie Poster

Hi,

My system (WinXP SP2) crashes whenever I use any type of communication device that requires a remote IP (i.e. dialup). This includes modems, USB based ADSL modems and mobile phones for data.

I have traced the culprits to these two files (most likely): wanarp.sys and tcpip.sys

(wanarp.sys is the "MS Remote Access and Routing ARP Driver")

But.... now that I think I know what is causing the problem, I still am not sure what to do in order to fix it!

Anyone with ideas?

I noticed that there is only one version of wanarp.sys on my system but two versions of tcpip.sys. However, replacing the files did not solve the problem.


This is an analysis from WinDbg:

**************************************************
*****************************
* *
* Bugcheck Analysis *
* *
**************************************************
*****************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 825b7930, The address that the exception occurred at
Arg3: f235d3d8, Trap Frame
Arg4: 00000000

Debugging Details:
------------------

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

**************************************************
***********************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
**************************************************
***********************
Loading symbols for f326f000 tcpip.sys -> tcpip.sys
*** WARNING: Unable to verify timestamp for tcpip.sys
*** ERROR: Module load completed but symbols could not be loaded for tcpip.sys
Loading symbols for f31a7000 vsdatant.sys -> vsdatant.sys
*** WARNING: Unable to verify timestamp for vsdatant.sys
*** ERROR: Module load completed but symbols could not be loaded for vsdatant.sys

MODULE_NAME: wanarp

FAULTING_MODULE: 804d7000 nt

DEBUG_FLR_IMAGE_TIMESTAMP: 41107c89

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

FAULTING_IP:
+ffffffff825b7930
825b7930 80797c82 cmp byte ptr [ecx+0x7c],0x82

TRAP_FRAME: f235d3d8 -- (.trap fffffffff235d3d8)
ErrCode = 00000000
eax=824063b4 ebx=fd8be280 ecx=00000000 edx=81e1d000 esi=ff75ece0 edi=8244a8b8
eip=825b7930 esp=f235d44c ebp=f235d464 iopl=0 nv up ei ng nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010282
825b7930 80797c82 cmp byte ptr [ecx+0x7c],0x82 ds:0023:0000007c=??
Resetting default scope

CUSTOMER_CRASH_COUNT: 7

DEFAULT_BUCKET_ID: COMMON_SYSTEM_FAULT

BUGCHECK_STR: 0x8E

LAST_CONTROL_TRANSFER: from f9b77404 to 825b7930

STACK_TEXT:
WARNING: Frame IP not in any known module. Following frames may be wrong.
f235d448 f9b77404 824063b4 f235d4e8 00000001 0x825b7930
f235d464 f9b77707 8244a8b8 fd8be280 ff75ece0 wanarp+0x5404
f235d4a8 f327270a 8244a8b8 f235d4e8 00000001 wanarp+0x5707
f235d4d8 f32724ad fd8e1d58 6591d9d9 8225fdf0 tcpip+0x370a
f235d624 f32795d4 f32b04b8 00000000 81e1e0d0 tcpip+0x34ad
f235d678 f3278c70 ff9905b4 00000000 82276e80 tcpip+0xa5d4
f235d6bc f3278226 0835d6e0 00000001 00000000 tcpip+0x9c70
f235d6f8 f328b95e 8240c008 8240c09c ff6f2f90 tcpip+0x9226
f235d714 f31d5621 82594620 8240c008 f31d340e tcpip+0x1c95e
f235d718 82594620 8240c008 f31d340e 82594620 vsdatant+0x2e621
f235d71c 8240c008 f31d340e 82594620 8240c008 0x82594620
f235d720 f31d340e 82594620 8240c008 0000000f 0x8240c008
f235d724 82594620 8240c008 0000000f 8240c09c vsdatant+0x2c40e
f235d728 8240c008 0000000f 8240c09c 82594620 0x82594620
f235d72c 00000000 8240c09c 82594620 f235da2c 0x8240c008


FOLLOWUP_IP:
wanarp+5404
f9b77404 ?? ???

SYMBOL_STACK_INDEX: 1

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: wanarp+5404

IMAGE_NAME: wanarp.sys

STACK_COMMAND: .trap fffffffff235d3d8 ; kb

BUCKET_ID: WRONG_SYMBOLS

Followup: MachineOwner