Guest Mark Naughton Posted December 10, 2008 Posted December 10, 2008 Sigcheck reports file as ok, sfc /scannow completes ok. Is this file ok? Thanks Mark Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error. File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys C:\Windows\System32\drivers>sigcheck -a -h -r tcpip.sys sigcheck v1.54 - sigcheck Copyright Quote
Guest Darrell Gorter[MSFT] Posted December 11, 2008 Posted December 11, 2008 Hello Mark, Yes the file is OK. This error happens when tcpip.sys is loaded in user mode, to check the version information of the driver binary. It loaded fine at boot time in kernel mode and was successfully verified or you would have seen errors at boot time or tcpip.sys would not have loaded. Thanks, Darrell Gorter[MSFT] This posting is provided "AS IS" with no warranties, and confers no rights -------------------- | >From: "Mark Naughton" <MarkNaughton@hotmail.com> | >Subject: Code integrity error on tcpip.sys | >Date: Wed, 10 Dec 2008 15:40:03 -0500 | >Lines: 38 | >Message-ID: <B11D7537-E874-4D0A-8DD9-5A1657251BBE@microsoft.com> | >MIME-Version: 1.0 | >Content-Type: text/plain; | > format=flowed; | > charset="utf-8"; | > reply-type=original | >Content-Transfer-Encoding: 8bit | >X-Priority: 3 | >X-MSMail-Priority: Normal | >X-Newsreader: Microsoft Windows Mail 6.0.6001.18000 | >X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6001.18049 | >X-MS-CommunityGroup-MessageCategory: {E4FCE0A9-75B4-4168-BFF9-16C22D8747EC} | >X-MS-CommunityGroup-PostID: {B11D7537-E874-4D0A-8DD9-5A1657251BBE} | >Newsgroups: microsoft.public.windows.vista.security | >Path: TK2MSFTNGHUB02.phx.gbl | >Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.vista.security:19999 | >NNTP-Posting-Host: TK2MSFTNGHUB02.phx.gbl 127.0.0.1 | >X-Tomcat-NG: microsoft.public.windows.vista.security | > | > | > | >Sigcheck reports file as ok, sfc /scannow completes ok. Is this file ok? | >Thanks Mark | > | > | >Code integrity determined that the image hash of a file is not valid. The | >file could be corrupt due to unauthorized modification or the invalid hash | >could indicate a potential disk device error. | > | >File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys | > | > | > | > | >C:\Windows\System32\drivers>sigcheck -a -h -r tcpip.sys | > | >sigcheck v1.54 - sigcheck | >Copyright Quote
Guest Luke Kaven Posted December 22, 2008 Posted December 22, 2008 RE: Code integrity error on tcpip.sys -- IS suspicious Since installing Vista SP1 three weeks ago, I have had BSOD crashes that immediately follow a CodeIntegrity violation error (event ID 3002) in the log that cites TCPIP.SYS according to the OPs message. Over a hundred crashes. Day after day, I've been over this problem with 1st and 2nd level Vista support. I am now strongly suspicious that this driver is corrupt and is causing these crashes. The version installed by SP1 currently on my system reads as v6.0.6001.18000 and is dated 18-Jan-2008. My driver was not patched so far as I know. The only third party software installed after SP1 is Adobe CS4. Bone stock Dell Dimension E521. Lots of systematic searches for driver updates, disabling unneeded devices, all to no avail. The only constant is TCPIP.SYS and the error report that immediately precedes each crash. I do not know if I am a candidate for hotfix based on KB article #952709, which carries TWO updates of this one file. [v6.0.6001.18063 and v6.0.6001.22167 (both dated 26-Apr-2008). ] Are you really sure this is okay? What can I do? Install the hotfix listed above? Try SP2 BETA? Reverting to pre SP1 isn't an option, because my Adobe CS4 won't run without SP1 or higher. Luke Kaven ""Darrell Gorter[MSFT]"" wrote: <span style="color:blue"> > Hello Mark, > Yes the file is OK. > This error happens when tcpip.sys is loaded in user mode, to check the > version information of the driver binary. > It loaded fine at boot time in kernel mode and was successfully verified or > you would have seen errors at boot time or tcpip.sys would not have loaded. > > Thanks, > Darrell Gorter[MSFT] > > This posting is provided "AS IS" with no warranties, and confers no rights > -------------------- > | >From: "Mark Naughton" <MarkNaughton@hotmail.com> > | >Subject: Code integrity error on tcpip.sys > | >Date: Wed, 10 Dec 2008 15:40:03 -0500 > | >Lines: 38 > | >Message-ID: <B11D7537-E874-4D0A-8DD9-5A1657251BBE@microsoft.com> > | >MIME-Version: 1.0 > | >Content-Type: text/plain; > | > format=flowed; > | > charset="utf-8"; > | > reply-type=original > | >Content-Transfer-Encoding: 8bit > | >X-Priority: 3 > | >X-MSMail-Priority: Normal > | >X-Newsreader: Microsoft Windows Mail 6.0.6001.18000 > | >X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6001.18049 > | >X-MS-CommunityGroup-MessageCategory: > {E4FCE0A9-75B4-4168-BFF9-16C22D8747EC} > | >X-MS-CommunityGroup-PostID: {B11D7537-E874-4D0A-8DD9-5A1657251BBE} > | >Newsgroups: microsoft.public.windows.vista.security > | >Path: TK2MSFTNGHUB02.phx.gbl > | >Xref: TK2MSFTNGHUB02.phx.gbl > microsoft.public.windows.vista.security:19999 > | >NNTP-Posting-Host: TK2MSFTNGHUB02.phx.gbl 127.0.0.1 > | >X-Tomcat-NG: microsoft.public.windows.vista.security > | > > | > > | > > | >Sigcheck reports file as ok, sfc /scannow completes ok. Is this file ok? > | >Thanks Mark > | > > | > > | >Code integrity determined that the image hash of a file is not valid. > The > | >file could be corrupt due to unauthorized modification or the invalid > hash > | >could indicate a potential disk device error. > | > > | >File Name: DeviceHarddiskVolume2WindowsSystem32driverstcpip.sys > | > > | > > | > > | > > | >C:WindowsSystem32drivers>sigcheck -a -h -r tcpip.sys > | > > | >sigcheck v1.54 - sigcheck > | >Copyright Quote
Guest The Max Posted December 22, 2008 Posted December 22, 2008 Re: Code integrity error on tcpip.sys -- IS suspicious On Mon, 22 Dec 2008 00:46:01 -0800, Luke Kaven <Luke Kaven@discussions.microsoft.com> wrote: <span style="color:blue"> >What can I do? Install the hotfix listed above? Try SP2 BETA? Reverting >to pre SP1 isn't an option, because my Adobe CS4 won't run without SP1 or >higher. </span> 1) try the hotfix. If it's not meant for your system, it won't install. 2) if the problem IS SP1, then your CS4 is going to be pretty useless on a computer that is constantly crashing, hmm?? -- Max Quote
Guest Luke Kaven Posted December 22, 2008 Posted December 22, 2008 Re: Code integrity error on tcpip.sys -- IS suspicious "The Max" wrote:<span style="color:blue"> > On Mon, 22 Dec 2008 00:46:01 -0800, Luke Kaven <Luke > Kaven@discussions.microsoft.com> wrote: > <span style="color:green"> > >What can I do? Install the hotfix listed above? Try SP2 BETA? Reverting > >to pre SP1 isn't an option, because my Adobe CS4 won't run without SP1 or > >higher. </span> > > 1) try the hotfix. If it's not meant for your system, it won't > install. > > 2) if the problem IS SP1, then your CS4 is going to be pretty useless > on a computer that is constantly crashing, hmm??</span> I get a couple of hours of use of the machine each day between crashes. It is either that or nothing. So I think I'm best off trying to get SP1 to work, or SP2 for that matter. Quote
Guest Michael D. Ober Posted December 22, 2008 Posted December 22, 2008 Re: Code integrity error on tcpip.sys -- IS suspicious "Luke Kaven" <Luke Kaven@discussions.microsoft.com> wrote in message news:7325F3C4-A2E9-4573-8D25-CA742962C93E@microsoft.com...<span style="color:blue"> > Since installing Vista SP1 three weeks ago, I have had BSOD crashes that > immediately follow a CodeIntegrity violation error (event ID 3002) in the > log > that cites TCPIP.SYS according to the OPs message. Over a hundred > crashes. > > Day after day, I've been over this problem with 1st and 2nd level Vista > support. I am now strongly suspicious that this driver is corrupt and is > causing these crashes. The version installed by SP1 currently on my > system > reads as v6.0.6001.18000 and is dated 18-Jan-2008. > > My driver was not patched so far as I know. The only third party software > installed after SP1 is Adobe CS4. Bone stock Dell Dimension E521. Lots > of > systematic searches for driver updates, disabling unneeded devices, all to > no > avail. The only constant is TCPIP.SYS and the error report that > immediately > precedes each crash. > > I do not know if I am a candidate for hotfix based on KB article #952709, > which carries TWO updates of this one file. [v6.0.6001.18063 and > v6.0.6001.22167 (both dated 26-Apr-2008). ] > > Are you really sure this is okay? > > What can I do? Install the hotfix listed above? Try SP2 BETA? Reverting > to pre SP1 isn't an option, because my Adobe CS4 won't run without SP1 or > higher. > > Luke Kaven > > ""Darrell Gorter[MSFT]"" wrote: ><span style="color:green"> >> Hello Mark, >> Yes the file is OK. >> This error happens when tcpip.sys is loaded in user mode, to check the >> version information of the driver binary. >> It loaded fine at boot time in kernel mode and was successfully verified >> or >> you would have seen errors at boot time or tcpip.sys would not have >> loaded. >> >> Thanks, >> Darrell Gorter[MSFT] >> >> This posting is provided "AS IS" with no warranties, and confers no >> rights >> -------------------- >> | >From: "Mark Naughton" <MarkNaughton@hotmail.com> >> | >Subject: Code integrity error on tcpip.sys >> | >Date: Wed, 10 Dec 2008 15:40:03 -0500 >> | >Lines: 38 >> | >Message-ID: <B11D7537-E874-4D0A-8DD9-5A1657251BBE@microsoft.com> >> | >MIME-Version: 1.0 >> | >Content-Type: text/plain; >> | > format=flowed; >> | > charset="utf-8"; >> | > reply-type=original >> | >Content-Transfer-Encoding: 8bit >> | >X-Priority: 3 >> | >X-MSMail-Priority: Normal >> | >X-Newsreader: Microsoft Windows Mail 6.0.6001.18000 >> | >X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6001.18049 >> | >X-MS-CommunityGroup-MessageCategory: >> {E4FCE0A9-75B4-4168-BFF9-16C22D8747EC} >> | >X-MS-CommunityGroup-PostID: {B11D7537-E874-4D0A-8DD9-5A1657251BBE} >> | >Newsgroups: microsoft.public.windows.vista.security >> | >Path: TK2MSFTNGHUB02.phx.gbl >> | >Xref: TK2MSFTNGHUB02.phx.gbl >> microsoft.public.windows.vista.security:19999 >> | >NNTP-Posting-Host: TK2MSFTNGHUB02.phx.gbl 127.0.0.1 >> | >X-Tomcat-NG: microsoft.public.windows.vista.security >> | > >> | > >> | > >> | >Sigcheck reports file as ok, sfc /scannow completes ok. Is this file >> ok? >> | >Thanks Mark >> | > >> | > >> | >Code integrity determined that the image hash of a file is not valid. >> The >> | >file could be corrupt due to unauthorized modification or the invalid >> hash >> | >could indicate a potential disk device error. >> | > >> | >File Name: DeviceHarddiskVolume2WindowsSystem32driverstcpip.sys >> | > >> | > >> | > >> | > >> | >C:WindowsSystem32drivers>sigcheck -a -h -r tcpip.sys >> | > >> | >sigcheck v1.54 - sigcheck >> | >Copyright Quote
Guest Luke Kaven Posted December 22, 2008 Posted December 22, 2008 Re: Code integrity error on tcpip.sys -- IS suspicious "Michael D. Ober" wrote:<span style="color:blue"> > Check Dell's support site for a new device driver for the network interface > hardware.</span> Note that the machine was not networked and the network interface hardware device driver was disabled during this time. Last night, I connected to the network and installed every Microsoft update listed by auto-update. Within a half hour, the machine crashed following a CodeIntegrity violation, also citing hash of TCPIP.SYS (though this file itself was updated). But this does leave open the question of the network interface hardware, which was obviously up during that time. But just barely. So I have now installed that driver update. I ran FSCK /R on the system disk just in case. Ran while booting and I was away while it completed. Does anyone know if there is a saved FSCK log anywhere on the system. Quote
Guest Luke Kaven Posted December 22, 2008 Posted December 22, 2008 Re: Code integrity error on tcpip.sys -- IS suspicious Of course I meant to say "CHKDSK /R". I found the log. No bad sectors, but a few free sectors marked as allocated. Quote
Guest Luke Kaven Posted December 23, 2008 Posted December 23, 2008 Re: Code integrity error on tcpip.sys -- IS suspicious Hmmm, 37 Microsoft updates and an updated network interface driver later, the machine still crashes. Still with EventID 3002. CodeIntegrity error. TCPIP.SYS. "per-page image hashes could not be found on this system" Stayed up for 12 hours today, a new record. But after I brought it back up it crashed ten minutes later while idle. Any ideas out there? One of you Microsoft engineers must have an idea of what causes this kind of thing. No useful information from L2 Vista support, though they've tried to be helpful. Quote
Guest FromTheRafters Posted December 23, 2008 Posted December 23, 2008 Re: Code integrity error on tcpip.sys -- IS suspicious Figure 2. Code integrity events The Code Integrity Operational log shows events generated by the kernel when a kernel mode driver fails an image verification check when the driver is loaded. The image verification failure may be due to a number of reasons, including the following: a.. The driver was unsigned, but installed on the system by an administrator and Code Integrity is not allowing the driver to load. b.. The driver was signed, but the driver image file was modified or tampered with and the modification invalidated the driver signature. c.. The system disk device may have device errors when reading the image file for the device from bad disk sectors. From this article: http://msdn.microsoft.com/en-us/library/bb530195.aspx ....near the bottom It looks like what you are experiencing to me, Hope it helps. "Luke Kaven" <LukeKaven@discussions.microsoft.com> wrote in message news:C3D5CD03-8D72-4DF4-A766-ECDC9A345F4E@microsoft.com...<span style="color:blue"> > Hmmm, 37 Microsoft updates and an updated network interface driver later, > the > machine still crashes. Still with EventID 3002. CodeIntegrity error. > TCPIP.SYS. "per-page image hashes could not be found on this system" > Stayed > up for 12 hours today, a new record. But after I brought it back up it > crashed ten minutes later while idle. > > Any ideas out there? One of you Microsoft engineers must have an idea of > what causes this kind of thing. No useful information from L2 Vista > support, > though they've tried to be helpful. </span> Quote
Guest Luke Kaven Posted December 23, 2008 Posted December 23, 2008 Re: Code integrity error on tcpip.sys -- IS suspicious Thanks for putting that up. I appreciate it. This is a straight stock install with updates from Microsoft. No patches to TCPIP.SYS were made (as I know some people do patch this driver). So the signed, stock driver was installed. If anything is modifying it, it isn't showing up as a change in the driver file on disk. I don't have reason to think that anything is modifying it in memory at the moment. So is a disk error possible here? I can't find any accompanying messages about disk errors. And I'm wondering why, after installing a number of updates, why it would always be that one driver that is cited by the CodeIntegrity violation? Could it be that there is an intermittently bad sector somewhere in the pagefile where this driver happens to reside? Why wouldn't disk errors be showing up in the log? I know CHKDSK won't necessarily identify marginal sectors. It's been a while since I've had to fix a disk. Could someone remind me if there is a way to do a low level scan that will identify marginal sectors and put them on the permanent bad sector list without necessitating a complete reformat and reinstall? Thanks, Luke "FromTheRafters" wrote: <span style="color:blue"> > Figure 2. Code integrity events > > The Code Integrity Operational log shows events generated by the kernel when > a kernel mode driver fails an image verification check when the driver is > loaded. The image verification failure may be due to a number of reasons, > including the following: > > a.. The driver was unsigned, but installed on the system by an > administrator and Code Integrity is not allowing the driver to load. > b.. The driver was signed, but the driver image file was modified or > tampered with and the modification invalidated the driver signature. > c.. The system disk device may have device errors when reading the image > file for the device from bad disk sectors. > From this article: > > http://msdn.microsoft.com/en-us/library/bb530195.aspx > > ....near the bottom > > It looks like what you are experiencing to me, Hope it helps. > > "Luke Kaven" <LukeKaven@discussions.microsoft.com> wrote in message > news:C3D5CD03-8D72-4DF4-A766-ECDC9A345F4E@microsoft.com...<span style="color:green"> > > Hmmm, 37 Microsoft updates and an updated network interface driver later, > > the > > machine still crashes. Still with EventID 3002. CodeIntegrity error. > > TCPIP.SYS. "per-page image hashes could not be found on this system" > > Stayed > > up for 12 hours today, a new record. But after I brought it back up it > > crashed ten minutes later while idle. > > > > Any ideas out there? One of you Microsoft engineers must have an idea of > > what causes this kind of thing. No useful information from L2 Vista > > support, > > though they've tried to be helpful. </span> > > > </span> Quote
Guest Darrell Gorter[MSFT] Posted January 7, 2009 Posted January 7, 2009 Re: Code integrity error on tcpip.sys -- IS suspicious Hello Luke, Here is where the issue gets confusing. If TCPIP.sys is failing at boot time you shouldn't be able to boot. So this means that the file appears to pass the boot test when the kernel first loads the file. If you are crashing at boot time, I could see this as the cause. What happens in the event log message is that something loads TCPIP.sys into memory during user mode. Not all the data is present to verify the page hashes so the error message is generated. This is after TCPIP is already loaded Is this 64-bit? What is the exact BlueScreen Error message that you are seeing? What is the Event Log message that you are seeing? So is there a one to one correlation between every BSOD and every event message or do they happen independant of each other? Thanks, Darrell Gorter[MSFT] This posting is provided "AS IS" with no warranties, and confers no rights -------------------- | >Thread-Topic: Code integrity error on tcpip.sys -- IS suspicious | >thread-index: AcllBpysS8LPnTdfRrO4ui5uNk2nfA== | >X-WBNR-Posting-Host: 207.46.193.207 | >From: =?Utf-8?B?THVrZSBLYXZlbg==?= <LukeKaven@discussions.microsoft.com> | >References: <B11D7537-E874-4D0A-8DD9-5A1657251BBE@microsoft.com> <5XrQL$zWJHA.4692@TK2MSFTNGHUB02.phx.gbl> <7325F3C4-A2E9-4573-8D25-CA742962C93E@microsoft.com> <BqSdnXIm_N_aE9LUnZ2dnUVZ_vOdnZ2d@earthlink.com> <C3D5CD03-8D72-4DF4-A766-ECDC9A345F4E@microsoft.com> <OQ2oJFQZJHA.1336@TK2MSFTNGP02.phx.gbl> | >Subject: Re: Code integrity error on tcpip.sys -- IS suspicious | >Date: Tue, 23 Dec 2008 05:59:02 -0800 | >Lines: 63 | >Message-ID: <5C785667-7EB7-4289-B59B-F13492B575B5@microsoft.com> | >MIME-Version: 1.0 | >Content-Type: text/plain; | > charset="Utf-8" | >Content-Transfer-Encoding: 7bit | >X-Newsreader: Microsoft CDO for Windows 2000 | >Content-Class: urn:content-classes:message | >Importance: normal | >Priority: normal | >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.3168 | >Newsgroups: microsoft.public.windows.vista.security | >Path: TK2MSFTNGHUB02.phx.gbl | >Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.vista.security:20235 | >NNTP-Posting-Host: tk2msftibfm01.phx.gbl 10.40.244.149 | >X-Tomcat-NG: microsoft.public.windows.vista.security | > | >Thanks for putting that up. I appreciate it. | > | >This is a straight stock install with updates from Microsoft. No patches to | >TCPIP.SYS were made (as I know some people do patch this driver). So the | >signed, stock driver was installed. If anything is modifying it, it isn't | >showing up as a change in the driver file on disk. I don't have reason to | >think that anything is modifying it in memory at the moment. | > | >So is a disk error possible here? I can't find any accompanying messages | >about disk errors. And I'm wondering why, after installing a number of | >updates, why it would always be that one driver that is cited by the | >CodeIntegrity violation? Could it be that there is an intermittently bad | >sector somewhere in the pagefile where this driver happens to reside? Why | >wouldn't disk errors be showing up in the log? | > | >I know CHKDSK won't necessarily identify marginal sectors. It's been a | >while since I've had to fix a disk. Could someone remind me if there is a | >way to do a low level scan that will identify marginal sectors and put them | >on the permanent bad sector list without necessitating a complete reformat | >and reinstall? | > | >Thanks, Luke | > | >"FromTheRafters" wrote: | > | >> Figure 2. Code integrity events | >> | >> The Code Integrity Operational log shows events generated by the kernel when | >> a kernel mode driver fails an image verification check when the driver is | >> loaded. The image verification failure may be due to a number of reasons, | >> including the following: | >> | >> a.. The driver was unsigned, but installed on the system by an | >> administrator and Code Integrity is not allowing the driver to load. | >> b.. The driver was signed, but the driver image file was modified or | >> tampered with and the modification invalidated the driver signature. | >> c.. The system disk device may have device errors when reading the image | >> file for the device from bad disk sectors. | >> From this article: | >> | >> http://msdn.microsoft.com/en-us/library/bb530195.aspx | >> | >> ....near the bottom | >> | >> It looks like what you are experiencing to me, Hope it helps. | >> | >> "Luke Kaven" <LukeKaven@discussions.microsoft.com> wrote in message | >> news:C3D5CD03-8D72-4DF4-A766-ECDC9A345F4E@microsoft.com... | >> > Hmmm, 37 Microsoft updates and an updated network interface driver later, | >> > the | >> > machine still crashes. Still with EventID 3002. CodeIntegrity error. | >> > TCPIP.SYS. "per-page image hashes could not be found on this system" | >> > Stayed | >> > up for 12 hours today, a new record. But after I brought it back up it | >> > crashed ten minutes later while idle. | >> > | >> > Any ideas out there? One of you Microsoft engineers must have an idea of | >> > what causes this kind of thing. No useful information from L2 Vista | >> > support, | >> > though they've tried to be helpful. | >> | >> | >> | > Quote
Guest DFLX Posted January 23, 2009 Posted January 23, 2009 Whew! Glad to know I'm not the only one with this problem. I know this has already been stated for the most part, but just to confirm, it doesn't seem to be network related at all. In fact, my issue seems to be related to my video card somehow. SFC finds nothing wrong with tcpip.sys etc and so forth. I would say a disk error is not the issue, unless we both just happened to have disk errors in the same sectors on our drives... -Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error. File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys Event IT: 5038- It keeps freezing up my graphics card, and it comes up with that little bubble in the corner "your graphics device has stopped responding and had to be restored", or whatever it says. It does that about 4 times and then it blue screens. Once I get Vista booted back up, I check the event viewer and see about 8 of those events for tcpip.sys. Perplexing. I'm not 100% sure exactly what the problem is, but most graphical applications seems to run just fine, unless I'm running them alongside FAH GPU client (it doesn't play well with others). Our problems don't seem to be the exact same as my problems don't seem to be random, it only happens if I try and set my desktop to a dreamscene. It never crashes any other time. Before coming here I thought it was a graphics card issue. So I figured I hadn't installed new drivers in a while, might as well start there, just to find out I updated my drivers about a month ago, nothing new out. I still had the installer for those, so I figured reinstalling might do the trick? Anyway, here's where I find out that the second I click the install button on the installer, it stops responding. Never did that before. Then I try installing them through the device manager. Seems to go OK, but doesn't fix my problem. So then I turn to the grand ol' internet and I stumble upon this post. Only windows could produce the same error for two different people under completely different circumstances from a file that has nothing to do with what is crashing either of their computers style_emoticons/ Luke Kaven;918344 Wrote: <span style="color:blue"> > Thanks for putting that up. I appreciate it. > > This is a straight stock install with updates from Microsoft. No > patches to > TCPIP.SYS were made (as I know some people do patch this driver). So > the > signed, stock driver was installed. If anything is modifying it, it > isn't > showing up as a change in the driver file on disk. I don't have reason > to > think that anything is modifying it in memory at the moment. > > So is a disk error possible here? I can't find any accompanying > messages > about disk errors. And I'm wondering why, after installing a number of > updates, why it would always be that one driver that is cited by the > CodeIntegrity violation? Could it be that there is an intermittently > bad > sector somewhere in the pagefile where this driver happens to reside? > Why > wouldn't disk errors be showing up in the log? > > I know CHKDSK won't necessarily identify marginal sectors. It's been a > while since I've had to fix a disk. Could someone remind me if there > is a > way to do a low level scan that will identify marginal sectors and put > them > on the permanent bad sector list without necessitating a complete > reformat > and reinstall? > > Thanks, Luke > > "FromTheRafters" wrote:<span style="color:green"><span style="color:darkred"> > > > > > > > Figure 2. Code integrity events > > > > > > The Code Integrity Operational log shows events generated by the</span> > > kernel when<span style="color:darkred"> > > > a kernel mode driver fails an image verification check when the</span> > > driver is<span style="color:darkred"> > > > loaded. The image verification failure may be due to a number of</span> > > reasons,<span style="color:darkred"> > > > including the following: > > > > > > a.. The driver was unsigned, but installed on the system by an > > > administrator and Code Integrity is not allowing the driver to load. > > > b.. The driver was signed, but the driver image file was modified</span> > > or<span style="color:darkred"> > > > tampered with and the modification invalidated the driver signature. > > > c.. The system disk device may have device errors when reading the</span> > > image<span style="color:darkred"> > > > file for the device from bad disk sectors. > > > From this article: > > > > > > 'Digital Signatures for Kernel Modules on Systems Running Windows</span> > > Vista' (http://msdn.microsoft.com/en-us/library/bb530195.aspx)<span style="color:darkred"> > > > > > > ....near the bottom > > > > > > It looks like what you are experiencing to me, Hope it helps. > > > > > > "Luke Kaven" <LukeKaven@xxxxxx> wrote in message > > > news:C3D5CD03-8D72-4DF4-A766-ECDC9A345F4E@xxxxxx> > > > > > > > > > Hmmm, 37 Microsoft updates and an updated network interface driver > > > later, > > > > > the > > > > > machine still crashes. Still with EventID 3002. CodeIntegrity > > > error. > > > > > TCPIP.SYS. "per-page image hashes could not be found on this > > > system" > > > > > Stayed > > > > > up for 12 hours today, a new record. But after I brought it back > > > up it > > > > > crashed ten minutes later while idle. > > > > > > > > > > Any ideas out there? One of you Microsoft engineers must have an > > > idea of > > > > > what causes this kind of thing. No useful information from L2 > > > Vista > > > > > support, > > > > > though they've tried to be helpful.> > > > > > > > > > > > ></span></span></span> -- DFLX Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.