The Samba-Bugzilla – Attachment 12640 Details for
Bug 12182
SPOOLSS_ENUMPRINTERS fails with certain printer names
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
Log (setdriver failing)
smb.log_broken (text/plain), 2.62 MB, created by
Mario Lipinski
on 2016-11-10 14:06:07 UTC
(
hide
)
Description:
Log (setdriver failing)
Filename:
MIME Type:
Creator:
Mario Lipinski
Created:
2016-11-10 14:06:07 UTC
Size:
2.62 MB
patch
obsolete
>[2016/11/10 14:51:13.821151, 6, pid=18327, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:2226(lp_file_list_changed) > lp_file_list_changed() > file /var/lib/iserv/config/exam/%I -> /var/lib/iserv/config/exam/192.168.9.8 last mod_time: Thu Jan 1 01:00:00 1970 > > file /etc/samba/smb.conf.local -> /etc/samba/smb.conf.local last mod_time: Tue Dec 15 19:31:42 2015 > > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu Nov 10 14:50:36 2016 > >[2016/11/10 14:51:13.821203, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/util.c:171(show_msg) >[2016/11/10 14:51:13.821210, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/util.c:181(show_msg) > size=144 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51223 > smb_tid=65535 > smb_pid=18325 > smb_uid=52826 > smb_mid=2 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 29 (0x1D) > smb_bcc=101 >[2016/11/10 14:51:13.821254, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) > [0000] A1 1B 30 19 A0 03 0A 01 00 A3 12 04 10 01 00 00 ..0..... ........ > [0010] 00 9F 46 0E DE 2B 8E 7B D5 00 00 00 00 57 00 69 ..F..+.{ .....W.i > [0020] 00 6E 00 64 00 6F 00 77 00 73 00 20 00 36 00 2E .n.d.o.w .s. .6.. > [0030] 00 31 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 .1...S.a .m.b.a. > [0040] 00 34 00 2E 00 34 00 2E 00 35 00 2D 00 44 00 65 .4...4.. .5.-.D.e > [0050] 00 62 00 69 00 61 00 6E 00 00 00 4C 00 41 00 4E .b.i.a.n ...L.A.N > [0060] 00 32 00 00 00 .2... >[2016/11/10 14:51:13.821330, 10, pid=18327, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:158(smb_signing_md5) > smb_signing_md5: sequence number 1 >[2016/11/10 14:51:13.821341, 10, pid=18327, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:271(smb_signing_sign_pdu) > smb_signing_sign_pdu: sent SMB signature of >[2016/11/10 14:51:13.821350, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) > [0000] 9B 64 29 B1 CA C9 E9 98 .d)..... >[2016/11/10 14:51:13.821508, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/util_sock.c:248(read_smb_length_return_keepalive) > got smb length of 74 >[2016/11/10 14:51:13.821525, 10, pid=18327, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:158(smb_signing_md5) > smb_signing_md5: sequence number 2 >[2016/11/10 14:51:13.821535, 10, pid=18327, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:330(smb_signing_check_pdu) > smb_signing_check_pdu: seq 2: got good SMB signature of >[2016/11/10 14:51:13.821544, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) > [0000] 95 F3 A5 B9 6A 00 93 B9 ....j... >[2016/11/10 14:51:13.821559, 6, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1955(process_smb) > got message type 0x0 of len 0x4a >[2016/11/10 14:51:13.821569, 3, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1957(process_smb) > Transaction 3 of length 78 (0 toread) >[2016/11/10 14:51:13.821578, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/util.c:171(show_msg) >[2016/11/10 14:51:13.821585, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/util.c:181(show_msg) > size=74 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51287 > smb_tid=65535 > smb_pid=18325 > smb_uid=52826 > smb_mid=3 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 12 (0xC) > smb_vwv[ 3]= 1 (0x1) > smb_bcc=31 >[2016/11/10 14:51:13.821628, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) > [0000] 00 5C 00 5C 00 49 00 53 00 45 00 52 00 56 00 5C .\.\.I.S .E.R.V.\ > [0010] 00 49 00 50 00 43 00 24 00 00 00 49 50 43 00 .I.P.C.$ ...IPC. >[2016/11/10 14:51:13.821656, 3, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1538(switch_message) > switch message SMBtconX (pid 18327) conn 0x0 >[2016/11/10 14:51:13.821667, 4, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2016/11/10 14:51:13.821680, 5, pid=18327, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2016/11/10 14:51:13.821690, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2016/11/10 14:51:13.821707, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2016/11/10 14:51:13.821719, 5, pid=18327, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order) > check lock order 1 for /var/run/samba/smbXsrv_session_global.tdb >[2016/11/10 14:51:13.821729, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) > lock order: 1:/var/run/samba/smbXsrv_session_global.tdb 2:<none> 3:<none> >[2016/11/10 14:51:13.821740, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) > Locking key 35CFFF08 >[2016/11/10 14:51:13.821753, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) > Allocated locked data 0x0xf93f2598 >[2016/11/10 14:51:13.821777, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_session.c:930(smbXsrv_session_global_store) >[2016/11/10 14:51:13.821785, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_session.c:932(smbXsrv_session_global_store) > smbXsrv_session_global_store: key '35CFFF08' stored >[2016/11/10 14:51:13.821794, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &global_blob: struct smbXsrv_session_globalB > version : SMBXSRV_VERSION_0 (0) > seqnum : 0x00000004 (4) > info : union smbXsrv_session_globalU(case 0) > info0 : * > info0: struct smbXsrv_session_global0 > db_rec : * > session_global_id : 0x35cfff08 (902823688) > session_wire_id : 0x000000000000ce5a (52826) > creation_time : Do Nov 10 14:51:14 2016 CET > expiration_time : Do Jan 1 01:00:00 1970 CET > auth_time : Do Nov 10 14:51:14 2016 CET > auth_session_info_seqnum : 0x00000001 (1) > auth_session_info : * > auth_session_info: struct auth_session_info > security_token : * > security_token: struct security_token > num_sids : 0x00000007 (7) > sids: ARRAY(7) > sids : S-1-5-21-1350919854-2293596380-2349120355-1000 > sids : S-1-5-21-1350919854-2293596380-2349120355-513 > sids : S-1-22-2-0 > sids : S-1-1-0 > sids : S-1-5-2 > sids : S-1-5-11 > sids : S-1-22-1-0 > privilege_mask : 0x0000000000000000 (0) > 0: SEC_PRIV_MACHINE_ACCOUNT_BIT > 0: SEC_PRIV_PRINT_OPERATOR_BIT > 0: SEC_PRIV_ADD_USERS_BIT > 0: SEC_PRIV_DISK_OPERATOR_BIT > 0: SEC_PRIV_REMOTE_SHUTDOWN_BIT > 0: SEC_PRIV_BACKUP_BIT > 0: SEC_PRIV_RESTORE_BIT > 0: SEC_PRIV_TAKE_OWNERSHIP_BIT > 0: SEC_PRIV_INCREASE_QUOTA_BIT > 0: SEC_PRIV_SECURITY_BIT > 0: SEC_PRIV_LOAD_DRIVER_BIT > 0: SEC_PRIV_SYSTEM_PROFILE_BIT > 0: SEC_PRIV_SYSTEMTIME_BIT > 0: SEC_PRIV_PROFILE_SINGLE_PROCESS_BIT > 0: SEC_PRIV_INCREASE_BASE_PRIORITY_BIT > 0: SEC_PRIV_CREATE_PAGEFILE_BIT > 0: SEC_PRIV_SHUTDOWN_BIT > 0: SEC_PRIV_DEBUG_BIT > 0: SEC_PRIV_SYSTEM_ENVIRONMENT_BIT > 0: SEC_PRIV_CHANGE_NOTIFY_BIT > 0: SEC_PRIV_UNDOCK_BIT > 0: SEC_PRIV_ENABLE_DELEGATION_BIT > 0: SEC_PRIV_MANAGE_VOLUME_BIT > 0: SEC_PRIV_IMPERSONATE_BIT > 0: SEC_PRIV_CREATE_GLOBAL_BIT > rights_mask : 0x00000000 (0) > 0: LSA_POLICY_MODE_INTERACTIVE > 0: LSA_POLICY_MODE_NETWORK > 0: LSA_POLICY_MODE_BATCH > 0: LSA_POLICY_MODE_SERVICE > 0: LSA_POLICY_MODE_PROXY > 0: LSA_POLICY_MODE_DENY_INTERACTIVE > 0: LSA_POLICY_MODE_DENY_NETWORK > 0: LSA_POLICY_MODE_DENY_BATCH > 0: LSA_POLICY_MODE_DENY_SERVICE > 0: LSA_POLICY_MODE_REMOTE_INTERACTIVE > 0: LSA_POLICY_MODE_DENY_REMOTE_INTERACTIVE > 0x00: LSA_POLICY_MODE_ALL (0) > 0x00: LSA_POLICY_MODE_ALL_NT4 (0) > unix_token : * > unix_token: struct security_unix_token > uid : 0x0000000000000000 (0) > gid : 0x0000000000000000 (0) > ngroups : 0x00000001 (1) > groups: ARRAY(1) > groups : 0x0000000000000000 (0) > info : * > info: struct auth_user_info > account_name : * > account_name : 'root' > domain_name : * > domain_name : 'LAN2' > full_name : * > full_name : 'root' > logon_script : * > logon_script : 'login.bat' > profile_path : * > profile_path : '\\iserv\Windows\Local' > home_directory : * > home_directory : '\\iserv\Home' > home_drive : * > home_drive : 'H:' > logon_server : * > logon_server : 'ISERV' > last_logon : NTTIME(0) > last_logoff : Di Jan 19 04:14:07 2038 CET > acct_expiry : Di Jan 19 04:14:07 2038 CET > last_password_change : Do Nov 10 14:50:46 2016 CET > allow_password_change : Do Nov 10 14:50:46 2016 CET > force_password_change : Di Jan 19 04:14:07 2038 CET > logon_count : 0x0000 (0) > bad_password_count : 0x0000 (0) > acct_flags : 0x00000010 (16) > authenticated : 0x01 (1) > unix_info : * > unix_info: struct auth_user_info_unix > unix_name : * > unix_name : 'root' > sanitized_username : * > sanitized_username : 'root' > torture : NULL > credentials : NULL > connection_dialect : 0x0000 (0) > signing_flags : 0x02 (2) > 0: SMBXSRV_SIGNING_REQUIRED > 1: SMBXSRV_PROCESSED_SIGNED_PACKET > 0: SMBXSRV_PROCESSED_UNSIGNED_PACKET > encryption_flags : 0x08 (8) > 0: SMBXSRV_ENCRYPTION_REQUIRED > 0: SMBXSRV_ENCRYPTION_DESIRED > 0: SMBXSRV_PROCESSED_ENCRYPTED_PACKET > 1: SMBXSRV_PROCESSED_UNENCRYPTED_PACKET > num_channels : 0x00000001 (1) > channels: ARRAY(1) > channels: struct smbXsrv_channel_global0 > server_id: struct server_id > pid : 0x0000000000004797 (18327) > task_id : 0x00000000 (0) > vnn : 0xffffffff (4294967295) > unique_id : 0x3a90ded0aead828a (4220117838711325322) > local_address : 'ipv4:192.168.9.8:445' > remote_address : 'ipv4:192.168.9.8:54404' > remote_name : '192.168.9.8' > auth_session_info_seqnum : 0x00000001 (1) > connection : * > encryption_cipher : 0x8000 (32768) >[2016/11/10 14:51:13.822321, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) > Unlocking key 35CFFF08 >[2016/11/10 14:51:13.822332, 5, pid=18327, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) > release lock order 1 for /var/run/samba/smbXsrv_session_global.tdb >[2016/11/10 14:51:13.822341, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) > lock order: 1:<none> 2:<none> 3:<none> >[2016/11/10 14:51:13.822352, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_session.c:1391(smbXsrv_session_update) >[2016/11/10 14:51:13.822358, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_session.c:1399(smbXsrv_session_update) > smbXsrv_session_update: global_id (0x35cfff08) stored >[2016/11/10 14:51:13.822368, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &session_blob: struct smbXsrv_sessionB > version : SMBXSRV_VERSION_0 (0) > reserved : 0x00000000 (0) > info : union smbXsrv_sessionU(case 0) > info0 : * > info0: struct smbXsrv_session > table : * > db_rec : NULL > client : * > local_id : 0x0000ce5a (52826) > global : * > global: struct smbXsrv_session_global0 > db_rec : NULL > session_global_id : 0x35cfff08 (902823688) > session_wire_id : 0x000000000000ce5a (52826) > creation_time : Do Nov 10 14:51:14 2016 CET > expiration_time : Do Jan 1 01:00:00 1970 CET > auth_time : Do Nov 10 14:51:14 2016 CET > auth_session_info_seqnum : 0x00000001 (1) > auth_session_info : * > auth_session_info: struct auth_session_info > security_token : * > security_token: struct security_token > num_sids : 0x00000007 (7) > sids: ARRAY(7) > sids : S-1-5-21-1350919854-2293596380-2349120355-1000 > sids : S-1-5-21-1350919854-2293596380-2349120355-513 > sids : S-1-22-2-0 > sids : S-1-1-0 > sids : S-1-5-2 > sids : S-1-5-11 > sids : S-1-22-1-0 > privilege_mask : 0x0000000000000000 (0) > 0: SEC_PRIV_MACHINE_ACCOUNT_BIT > 0: SEC_PRIV_PRINT_OPERATOR_BIT > 0: SEC_PRIV_ADD_USERS_BIT > 0: SEC_PRIV_DISK_OPERATOR_BIT > 0: SEC_PRIV_REMOTE_SHUTDOWN_BIT > 0: SEC_PRIV_BACKUP_BIT > 0: SEC_PRIV_RESTORE_BIT > 0: SEC_PRIV_TAKE_OWNERSHIP_BIT > 0: SEC_PRIV_INCREASE_QUOTA_BIT > 0: SEC_PRIV_SECURITY_BIT > 0: SEC_PRIV_LOAD_DRIVER_BIT > 0: SEC_PRIV_SYSTEM_PROFILE_BIT > 0: SEC_PRIV_SYSTEMTIME_BIT > 0: SEC_PRIV_PROFILE_SINGLE_PROCESS_BIT > 0: SEC_PRIV_INCREASE_BASE_PRIORITY_BIT > 0: SEC_PRIV_CREATE_PAGEFILE_BIT > 0: SEC_PRIV_SHUTDOWN_BIT > 0: SEC_PRIV_DEBUG_BIT > 0: SEC_PRIV_SYSTEM_ENVIRONMENT_BIT > 0: SEC_PRIV_CHANGE_NOTIFY_BIT > 0: SEC_PRIV_UNDOCK_BIT > 0: SEC_PRIV_ENABLE_DELEGATION_BIT > 0: SEC_PRIV_MANAGE_VOLUME_BIT > 0: SEC_PRIV_IMPERSONATE_BIT > 0: SEC_PRIV_CREATE_GLOBAL_BIT > rights_mask : 0x00000000 (0) > 0: LSA_POLICY_MODE_INTERACTIVE > 0: LSA_POLICY_MODE_NETWORK > 0: LSA_POLICY_MODE_BATCH > 0: LSA_POLICY_MODE_SERVICE > 0: LSA_POLICY_MODE_PROXY > 0: LSA_POLICY_MODE_DENY_INTERACTIVE > 0: LSA_POLICY_MODE_DENY_NETWORK > 0: LSA_POLICY_MODE_DENY_BATCH > 0: LSA_POLICY_MODE_DENY_SERVICE > 0: LSA_POLICY_MODE_REMOTE_INTERACTIVE > 0: LSA_POLICY_MODE_DENY_REMOTE_INTERACTIVE > 0x00: LSA_POLICY_MODE_ALL (0) > 0x00: LSA_POLICY_MODE_ALL_NT4 (0) > unix_token : * > unix_token: struct security_unix_token > uid : 0x0000000000000000 (0) > gid : 0x0000000000000000 (0) > ngroups : 0x00000001 (1) > groups: ARRAY(1) > groups : 0x0000000000000000 (0) > info : * > info: struct auth_user_info > account_name : * > account_name : 'root' > domain_name : * > domain_name : 'LAN2' > full_name : * > full_name : 'root' > logon_script : * > logon_script : 'login.bat' > profile_path : * > profile_path : '\\iserv\Windows\Local' > home_directory : * > home_directory : '\\iserv\Home' > home_drive : * > home_drive : 'H:' > logon_server : * > logon_server : 'ISERV' > last_logon : NTTIME(0) > last_logoff : Di Jan 19 04:14:07 2038 CET > acct_expiry : Di Jan 19 04:14:07 2038 CET > last_password_change : Do Nov 10 14:50:46 2016 CET > allow_password_change : Do Nov 10 14:50:46 2016 CET > force_password_change : Di Jan 19 04:14:07 2038 CET > logon_count : 0x0000 (0) > bad_password_count : 0x0000 (0) > acct_flags : 0x00000010 (16) > authenticated : 0x01 (1) > unix_info : * > unix_info: struct auth_user_info_unix > unix_name : * > unix_name : 'root' > sanitized_username : * > sanitized_username : 'root' > torture : NULL > credentials : NULL > connection_dialect : 0x0000 (0) > signing_flags : 0x02 (2) > 0: SMBXSRV_SIGNING_REQUIRED > 1: SMBXSRV_PROCESSED_SIGNED_PACKET > 0: SMBXSRV_PROCESSED_UNSIGNED_PACKET > encryption_flags : 0x08 (8) > 0: SMBXSRV_ENCRYPTION_REQUIRED > 0: SMBXSRV_ENCRYPTION_DESIRED > 0: SMBXSRV_PROCESSED_ENCRYPTED_PACKET > 1: SMBXSRV_PROCESSED_UNENCRYPTED_PACKET > num_channels : 0x00000001 (1) > channels: ARRAY(1) > channels: struct smbXsrv_channel_global0 > server_id: struct server_id > pid : 0x0000000000004797 (18327) > task_id : 0x00000000 (0) > vnn : 0xffffffff (4294967295) > unique_id : 0x3a90ded0aead828a (4220117838711325322) > local_address : 'ipv4:192.168.9.8:445' > remote_address : 'ipv4:192.168.9.8:54404' > remote_name : '192.168.9.8' > auth_session_info_seqnum : 0x00000001 (1) > connection : * > encryption_cipher : 0x8000 (32768) > status : NT_STATUS_OK > idle_time : Do Nov 10 14:51:14 2016 CET > nonce_high_random : 0x0000000000000000 (0) > nonce_high_max : 0x0000000000000000 (0) > nonce_high : 0x0000000000000000 (0) > nonce_low : 0x0000000000000000 (0) > compat : * > tcon_table : NULL > pending_auth : * > pending_auth: struct smbXsrv_session_auth0 > prev : * > next : NULL > session : * > connection : * > gensec : * > preauth : NULL > in_flags : 0x00 (0) > in_security_mode : 0x00 (0) > creation_time : Do Nov 10 14:51:14 2016 CET > idle_time : Do Nov 10 14:51:14 2016 CET >[2016/11/10 14:51:13.823018, 4, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/reply.c:972(reply_tcon_and_X) > Client requested device type [IPC] for share [IPC$] >[2016/11/10 14:51:13.823037, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/service.c:1124(make_connection) > making a connection to 'normal' service ipc$ >[2016/11/10 14:51:13.823051, 5, pid=18327, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order) > check lock order 1 for /var/run/samba/smbXsrv_tcon_global.tdb >[2016/11/10 14:51:13.823061, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) > lock order: 1:/var/run/samba/smbXsrv_tcon_global.tdb 2:<none> 3:<none> >[2016/11/10 14:51:13.823072, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) > Locking key 2DBD2220 >[2016/11/10 14:51:13.823089, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) > Allocated locked data 0x0xf93d1938 >[2016/11/10 14:51:13.823125, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_tcon.c:709(smbXsrv_tcon_global_store) >[2016/11/10 14:51:13.823134, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_tcon.c:711(smbXsrv_tcon_global_store) > smbXsrv_tcon_global_store: key '2DBD2220' stored >[2016/11/10 14:51:13.823143, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &global_blob: struct smbXsrv_tcon_globalB > version : SMBXSRV_VERSION_0 (0) > seqnum : 0x00000001 (1) > info : union smbXsrv_tcon_globalU(case 0) > info0 : * > info0: struct smbXsrv_tcon_global0 > db_rec : * > tcon_global_id : 0x2dbd2220 (767369760) > tcon_wire_id : 0x00007ac4 (31428) > server_id: struct server_id > pid : 0x0000000000004797 (18327) > task_id : 0x00000000 (0) > vnn : 0xffffffff (4294967295) > unique_id : 0x3a90ded0aead828a (4220117838711325322) > creation_time : Do Nov 10 14:51:14 2016 CET > share_name : NULL > encryption_flags : 0x00 (0) > 0: SMBXSRV_ENCRYPTION_REQUIRED > 0: SMBXSRV_ENCRYPTION_DESIRED > 0: SMBXSRV_PROCESSED_ENCRYPTED_PACKET > 0: SMBXSRV_PROCESSED_UNENCRYPTED_PACKET > session_global_id : 0x00000000 (0) > signing_flags : 0x00 (0) > 0: SMBXSRV_SIGNING_REQUIRED > 0: SMBXSRV_PROCESSED_SIGNED_PACKET > 0: SMBXSRV_PROCESSED_UNSIGNED_PACKET >[2016/11/10 14:51:13.823241, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) > Unlocking key 2DBD2220 >[2016/11/10 14:51:13.823252, 5, pid=18327, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) > release lock order 1 for /var/run/samba/smbXsrv_tcon_global.tdb >[2016/11/10 14:51:13.823261, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) > lock order: 1:<none> 2:<none> 3:<none> >[2016/11/10 14:51:13.823271, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_tcon.c:831(smbXsrv_tcon_create) >[2016/11/10 14:51:13.823278, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_tcon.c:839(smbXsrv_tcon_create) > smbXsrv_tcon_create: global_id (0x2dbd2220) stored >[2016/11/10 14:51:13.823287, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &tcon_blob: struct smbXsrv_tconB > version : SMBXSRV_VERSION_0 (0) > reserved : 0x00000000 (0) > info : union smbXsrv_tconU(case 0) > info0 : * > info0: struct smbXsrv_tcon > table : * > db_rec : NULL > local_id : 0x00007ac4 (31428) > global : * > global: struct smbXsrv_tcon_global0 > db_rec : NULL > tcon_global_id : 0x2dbd2220 (767369760) > tcon_wire_id : 0x00007ac4 (31428) > server_id: struct server_id > pid : 0x0000000000004797 (18327) > task_id : 0x00000000 (0) > vnn : 0xffffffff (4294967295) > unique_id : 0x3a90ded0aead828a (4220117838711325322) > creation_time : Do Nov 10 14:51:14 2016 CET > share_name : NULL > encryption_flags : 0x00 (0) > 0: SMBXSRV_ENCRYPTION_REQUIRED > 0: SMBXSRV_ENCRYPTION_DESIRED > 0: SMBXSRV_PROCESSED_ENCRYPTED_PACKET > 0: SMBXSRV_PROCESSED_UNENCRYPTED_PACKET > session_global_id : 0x00000000 (0) > signing_flags : 0x00 (0) > 0: SMBXSRV_SIGNING_REQUIRED > 0: SMBXSRV_PROCESSED_SIGNED_PACKET > 0: SMBXSRV_PROCESSED_UNSIGNED_PACKET > status : NT_STATUS_INTERNAL_ERROR > idle_time : Do Nov 10 14:51:14 2016 CET > compat : NULL >[2016/11/10 14:51:13.823422, 3, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/access.c:338(allow_access) > Allowed connection from 192.168.9.8 (192.168.9.8) >[2016/11/10 14:51:13.823435, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/share_access.c:237(user_ok_token) > user_ok_token: share IPC$ is ok for unix user root >[2016/11/10 14:51:13.823467, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/service.c:164(set_conn_connectpath) > set_conn_connectpath: service IPC$, connectpath = /tmp >[2016/11/10 14:51:13.823479, 3, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/service.c:622(make_connection_snum) > Connect path is '/tmp' for service [IPC$] >[2016/11/10 14:51:13.823489, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/share_access.c:237(user_ok_token) > user_ok_token: share IPC$ is ok for unix user root >[2016/11/10 14:51:13.823498, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/share_access.c:284(is_share_read_only_for_token) > is_share_read_only_for_user: share IPC$ is read-only for unix user root >[2016/11/10 14:51:13.823522, 10, pid=18327, effective(0, 0), real(0, 0)] ../libcli/security/access_check.c:337(se_file_access_check) > se_file_access_check: MAX desired = 0x2000000 mapped to 0x1f01ff >[2016/11/10 14:51:13.823534, 3, pid=18327, effective(0, 0), real(0, 0), class=vfs] ../source3/smbd/vfs.c:113(vfs_init_default) > Initialising default vfs hooks >[2016/11/10 14:51:13.823553, 10, pid=18327, effective(0, 0), real(0, 0), class=vfs] ../source3/smbd/vfs.c:64(vfs_find_backend_entry) > vfs_find_backend_entry called for /[Default VFS]/ >[2016/11/10 14:51:13.823563, 5, pid=18327, effective(0, 0), real(0, 0), class=vfs] ../source3/smbd/vfs.c:103(smb_register_vfs) > Successfully added vfs backend '/[Default VFS]/' >[2016/11/10 14:51:13.823580, 10, pid=18327, effective(0, 0), real(0, 0), class=vfs] ../source3/smbd/vfs.c:64(vfs_find_backend_entry) > vfs_find_backend_entry called for posixacl >[2016/11/10 14:51:13.823590, 5, pid=18327, effective(0, 0), real(0, 0), class=vfs] ../source3/smbd/vfs.c:103(smb_register_vfs) > Successfully added vfs backend 'posixacl' >[2016/11/10 14:51:13.823599, 3, pid=18327, effective(0, 0), real(0, 0), class=vfs] ../source3/smbd/vfs.c:139(vfs_init_custom) > Initialising custom vfs hooks from [/[Default VFS]/] >[2016/11/10 14:51:13.823608, 10, pid=18327, effective(0, 0), real(0, 0), class=vfs] ../source3/smbd/vfs.c:64(vfs_find_backend_entry) > vfs_find_backend_entry called for /[Default VFS]/ > Successfully loaded vfs module [/[Default VFS]/] with the new modules system >[2016/11/10 14:51:13.823620, 3, pid=18327, effective(0, 0), real(0, 0), class=vfs] ../source3/smbd/vfs.c:139(vfs_init_custom) > Initialising custom vfs hooks from [full_audit] >[2016/11/10 14:51:13.823630, 10, pid=18327, effective(0, 0), real(0, 0), class=vfs] ../source3/smbd/vfs.c:64(vfs_find_backend_entry) > vfs_find_backend_entry called for full_audit >[2016/11/10 14:51:13.823642, 5, pid=18327, effective(0, 0), real(0, 0), class=vfs] ../source3/smbd/vfs.c:179(vfs_init_custom) > vfs module [full_audit] not loaded - trying to load... >[2016/11/10 14:51:13.823652, 5, pid=18327, effective(0, 0), real(0, 0)] ../lib/util/modules.c:171(do_smb_load_module) > Loading module 'full_audit' >[2016/11/10 14:51:13.823662, 5, pid=18327, effective(0, 0), real(0, 0)] ../lib/util/modules.c:185(do_smb_load_module) > Loading module 'full_audit': Trying to load from /usr/lib/i386-linux-gnu/samba/vfs/full_audit.so >[2016/11/10 14:51:13.824851, 2, pid=18327, effective(0, 0), real(0, 0)] ../lib/util/modules.c:196(do_smb_load_module) > Module 'full_audit' loaded >[2016/11/10 14:51:13.824866, 10, pid=18327, effective(0, 0), real(0, 0), class=vfs] ../source3/smbd/vfs.c:64(vfs_find_backend_entry) > vfs_find_backend_entry called for full_audit >[2016/11/10 14:51:13.824876, 5, pid=18327, effective(0, 0), real(0, 0), class=vfs] ../source3/smbd/vfs.c:103(smb_register_vfs) > Successfully added vfs backend 'full_audit' >[2016/11/10 14:51:13.824887, 10, pid=18327, effective(0, 0), real(0, 0), class=full_audit] ../source3/modules/vfs_full_audit.c:2342(samba_init_module) > vfs_full_audit: Debug class number of 'full_audit': 24 >[2016/11/10 14:51:13.824897, 10, pid=18327, effective(0, 0), real(0, 0), class=vfs] ../source3/smbd/vfs.c:64(vfs_find_backend_entry) > vfs_find_backend_entry called for full_audit > Successfully loaded vfs module [full_audit] with the new modules system >[2016/11/10 14:51:13.824938, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/service.c:164(set_conn_connectpath) > set_conn_connectpath: service IPC$, connectpath = /tmp >[2016/11/10 14:51:13.824950, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/share_access.c:237(user_ok_token) > user_ok_token: share IPC$ is ok for unix user root >[2016/11/10 14:51:13.824960, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/share_access.c:284(is_share_read_only_for_token) > is_share_read_only_for_user: share IPC$ is read-only for unix user root >[2016/11/10 14:51:13.824976, 10, pid=18327, effective(0, 0), real(0, 0)] ../libcli/security/access_check.c:337(se_file_access_check) > se_file_access_check: MAX desired = 0x2000000 mapped to 0x1f01ff >[2016/11/10 14:51:13.825004, 4, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2016/11/10 14:51:13.825015, 5, pid=18327, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (7): > SID[ 0]: S-1-5-21-1350919854-2293596380-2349120355-1000 > SID[ 1]: S-1-5-21-1350919854-2293596380-2349120355-513 > SID[ 2]: S-1-22-2-0 > SID[ 3]: S-1-1-0 > SID[ 4]: S-1-5-2 > SID[ 5]: S-1-5-11 > SID[ 6]: S-1-22-1-0 > Privileges (0x 0): > Rights (0x 0): >[2016/11/10 14:51:13.825051, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 1 supplementary groups > Group[ 0]: 0 >[2016/11/10 14:51:13.825072, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) > Impersonated user: uid=(0,0), gid=(0,0) >[2016/11/10 14:51:13.825086, 4, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2016/11/10 14:51:13.825095, 5, pid=18327, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2016/11/10 14:51:13.825104, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2016/11/10 14:51:13.825120, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2016/11/10 14:51:13.825142, 10, pid=18327, effective(0, 0), real(0, 0), class=vfs] ../source3/modules/vfs_default.c:170(vfswrap_fs_capabilities) > vfswrap_fs_capabilities: timestamp resolution of sec available on share IPC$, directory /tmp >[2016/11/10 14:51:13.825164, 3, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/service.c:872(make_connection_snum) > iserv (ipv4:192.168.9.8:54404) signed connect to service IPC$ initially as user root (uid=0, gid=0) (pid 18327) >[2016/11/10 14:51:13.825179, 5, pid=18327, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order) > check lock order 1 for /var/run/samba/smbXsrv_tcon_global.tdb >[2016/11/10 14:51:13.825188, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) > lock order: 1:/var/run/samba/smbXsrv_tcon_global.tdb 2:<none> 3:<none> >[2016/11/10 14:51:13.825199, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) > Locking key 2DBD2220 >[2016/11/10 14:51:13.825211, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) > Allocated locked data 0x0xf93f0700 >[2016/11/10 14:51:13.825224, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_tcon.c:709(smbXsrv_tcon_global_store) >[2016/11/10 14:51:13.825232, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_tcon.c:711(smbXsrv_tcon_global_store) > smbXsrv_tcon_global_store: key '2DBD2220' stored >[2016/11/10 14:51:13.825241, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &global_blob: struct smbXsrv_tcon_globalB > version : SMBXSRV_VERSION_0 (0) > seqnum : 0x00000002 (2) > info : union smbXsrv_tcon_globalU(case 0) > info0 : * > info0: struct smbXsrv_tcon_global0 > db_rec : * > tcon_global_id : 0x2dbd2220 (767369760) > tcon_wire_id : 0x00007ac4 (31428) > server_id: struct server_id > pid : 0x0000000000004797 (18327) > task_id : 0x00000000 (0) > vnn : 0xffffffff (4294967295) > unique_id : 0x3a90ded0aead828a (4220117838711325322) > creation_time : Do Nov 10 14:51:14 2016 CET > share_name : 'IPC$' > encryption_flags : 0x00 (0) > 0: SMBXSRV_ENCRYPTION_REQUIRED > 0: SMBXSRV_ENCRYPTION_DESIRED > 0: SMBXSRV_PROCESSED_ENCRYPTED_PACKET > 0: SMBXSRV_PROCESSED_UNENCRYPTED_PACKET > session_global_id : 0x35cfff08 (902823688) > signing_flags : 0x00 (0) > 0: SMBXSRV_SIGNING_REQUIRED > 0: SMBXSRV_PROCESSED_SIGNED_PACKET > 0: SMBXSRV_PROCESSED_UNSIGNED_PACKET >[2016/11/10 14:51:13.825339, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) > Unlocking key 2DBD2220 >[2016/11/10 14:51:13.825350, 5, pid=18327, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) > release lock order 1 for /var/run/samba/smbXsrv_tcon_global.tdb >[2016/11/10 14:51:13.825359, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) > lock order: 1:<none> 2:<none> 3:<none> >[2016/11/10 14:51:13.825369, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_tcon.c:876(smbXsrv_tcon_update) >[2016/11/10 14:51:13.825376, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_tcon.c:884(smbXsrv_tcon_update) > smbXsrv_tcon_update: global_id (0x2dbd2220) stored >[2016/11/10 14:51:13.825385, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &tcon_blob: struct smbXsrv_tconB > version : SMBXSRV_VERSION_0 (0) > reserved : 0x00000000 (0) > info : union smbXsrv_tconU(case 0) > info0 : * > info0: struct smbXsrv_tcon > table : * > db_rec : NULL > local_id : 0x00007ac4 (31428) > global : * > global: struct smbXsrv_tcon_global0 > db_rec : NULL > tcon_global_id : 0x2dbd2220 (767369760) > tcon_wire_id : 0x00007ac4 (31428) > server_id: struct server_id > pid : 0x0000000000004797 (18327) > task_id : 0x00000000 (0) > vnn : 0xffffffff (4294967295) > unique_id : 0x3a90ded0aead828a (4220117838711325322) > creation_time : Do Nov 10 14:51:14 2016 CET > share_name : 'IPC$' > encryption_flags : 0x00 (0) > 0: SMBXSRV_ENCRYPTION_REQUIRED > 0: SMBXSRV_ENCRYPTION_DESIRED > 0: SMBXSRV_PROCESSED_ENCRYPTED_PACKET > 0: SMBXSRV_PROCESSED_UNENCRYPTED_PACKET > session_global_id : 0x35cfff08 (902823688) > signing_flags : 0x00 (0) > 0: SMBXSRV_SIGNING_REQUIRED > 0: SMBXSRV_PROCESSED_SIGNED_PACKET > 0: SMBXSRV_PROCESSED_UNSIGNED_PACKET > status : NT_STATUS_OK > idle_time : Do Nov 10 14:51:14 2016 CET > compat : * >[2016/11/10 14:51:13.825517, 3, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/reply.c:1139(reply_tcon_and_X) > tconX service=IPC$ >[2016/11/10 14:51:13.825527, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/util.c:171(show_msg) >[2016/11/10 14:51:13.825534, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/util.c:181(show_msg) > size=56 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51223 > smb_tid=31428 > smb_pid=18325 > smb_uid=52826 > smb_mid=3 > smt_wct=7 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 33 (0x21) > smb_vwv[ 3]= 511 (0x1FF) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 511 (0x1FF) > smb_vwv[ 6]= 0 (0x0) > smb_bcc=7 >[2016/11/10 14:51:13.825584, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) > [0000] 49 50 43 00 00 00 00 IPC.... >[2016/11/10 14:51:13.825600, 10, pid=18327, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:158(smb_signing_md5) > smb_signing_md5: sequence number 3 >[2016/11/10 14:51:13.825610, 10, pid=18327, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:271(smb_signing_sign_pdu) > smb_signing_sign_pdu: sent SMB signature of >[2016/11/10 14:51:13.825619, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) > [0000] 30 95 0E ED 35 2E 0A 60 0...5..` >[2016/11/10 14:51:13.825770, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/util_sock.c:248(read_smb_length_return_keepalive) > got smb length of 102 >[2016/11/10 14:51:13.825784, 10, pid=18327, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:158(smb_signing_md5) > smb_signing_md5: sequence number 4 >[2016/11/10 14:51:13.825794, 10, pid=18327, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:330(smb_signing_check_pdu) > smb_signing_check_pdu: seq 4: got good SMB signature of >[2016/11/10 14:51:13.825806, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) > [0000] D0 B5 4E 8E B4 26 DD AE ..N..&.. >[2016/11/10 14:51:13.825820, 6, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1955(process_smb) > got message type 0x0 of len 0x66 >[2016/11/10 14:51:13.825830, 3, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1957(process_smb) > Transaction 4 of length 106 (0 toread) >[2016/11/10 14:51:13.825840, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/util.c:171(show_msg) >[2016/11/10 14:51:13.825849, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/util.c:181(show_msg) > size=102 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51287 > smb_tid=31428 > smb_pid=18325 > smb_uid=52826 > smb_mid=4 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 4096 (0x1000) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_bcc=19 >[2016/11/10 14:51:13.825949, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) > [0000] 00 5C 00 6C 00 73 00 61 00 72 00 70 00 63 00 00 .\.l.s.a .r.p.c.. > [0010] 00 00 00 ... >[2016/11/10 14:51:13.825975, 3, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1538(switch_message) > switch message SMBntcreateX (pid 18327) conn 0xf93f27a0 >[2016/11/10 14:51:13.825987, 4, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2016/11/10 14:51:13.825997, 5, pid=18327, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (7): > SID[ 0]: S-1-5-21-1350919854-2293596380-2349120355-1000 > SID[ 1]: S-1-5-21-1350919854-2293596380-2349120355-513 > SID[ 2]: S-1-22-2-0 > SID[ 3]: S-1-1-0 > SID[ 4]: S-1-5-2 > SID[ 5]: S-1-5-11 > SID[ 6]: S-1-22-1-0 > Privileges (0x 0): > Rights (0x 0): >[2016/11/10 14:51:13.826032, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 1 supplementary groups > Group[ 0]: 0 >[2016/11/10 14:51:13.826053, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) > Impersonated user: uid=(0,0), gid=(0,0) >[2016/11/10 14:51:13.826065, 4, pid=18327, effective(0, 0), real(0, 0), class=vfs] ../source3/smbd/vfs.c:844(vfs_ChDir) > vfs_ChDir to /tmp >[2016/11/10 14:51:13.826085, 4, pid=18327, effective(0, 0), real(0, 0), class=vfs] ../source3/smbd/vfs.c:855(vfs_ChDir) > vfs_ChDir got /tmp >[2016/11/10 14:51:13.826098, 5, pid=18327, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order) > check lock order 1 for /var/run/samba/smbXsrv_tcon_global.tdb >[2016/11/10 14:51:13.826108, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) > lock order: 1:/var/run/samba/smbXsrv_tcon_global.tdb 2:<none> 3:<none> >[2016/11/10 14:51:13.826119, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) > Locking key 2DBD2220 >[2016/11/10 14:51:13.826131, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) > Allocated locked data 0x0xf93f2a90 >[2016/11/10 14:51:13.826145, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_tcon.c:709(smbXsrv_tcon_global_store) >[2016/11/10 14:51:13.826155, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_tcon.c:711(smbXsrv_tcon_global_store) > smbXsrv_tcon_global_store: key '2DBD2220' stored >[2016/11/10 14:51:13.826165, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &global_blob: struct smbXsrv_tcon_globalB > version : SMBXSRV_VERSION_0 (0) > seqnum : 0x00000003 (3) > info : union smbXsrv_tcon_globalU(case 0) > info0 : * > info0: struct smbXsrv_tcon_global0 > db_rec : * > tcon_global_id : 0x2dbd2220 (767369760) > tcon_wire_id : 0x00007ac4 (31428) > server_id: struct server_id > pid : 0x0000000000004797 (18327) > task_id : 0x00000000 (0) > vnn : 0xffffffff (4294967295) > unique_id : 0x3a90ded0aead828a (4220117838711325322) > creation_time : Do Nov 10 14:51:14 2016 CET > share_name : 'IPC$' > encryption_flags : 0x08 (8) > 0: SMBXSRV_ENCRYPTION_REQUIRED > 0: SMBXSRV_ENCRYPTION_DESIRED > 0: SMBXSRV_PROCESSED_ENCRYPTED_PACKET > 1: SMBXSRV_PROCESSED_UNENCRYPTED_PACKET > session_global_id : 0x35cfff08 (902823688) > signing_flags : 0x02 (2) > 0: SMBXSRV_SIGNING_REQUIRED > 1: SMBXSRV_PROCESSED_SIGNED_PACKET > 0: SMBXSRV_PROCESSED_UNSIGNED_PACKET >[2016/11/10 14:51:13.826289, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) > Unlocking key 2DBD2220 >[2016/11/10 14:51:13.826304, 5, pid=18327, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) > release lock order 1 for /var/run/samba/smbXsrv_tcon_global.tdb >[2016/11/10 14:51:13.826314, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) > lock order: 1:<none> 2:<none> 3:<none> >[2016/11/10 14:51:13.826324, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_tcon.c:876(smbXsrv_tcon_update) >[2016/11/10 14:51:13.826331, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_tcon.c:884(smbXsrv_tcon_update) > smbXsrv_tcon_update: global_id (0x2dbd2220) stored >[2016/11/10 14:51:13.826340, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &tcon_blob: struct smbXsrv_tconB > version : SMBXSRV_VERSION_0 (0) > reserved : 0x00000000 (0) > info : union smbXsrv_tconU(case 0) > info0 : * > info0: struct smbXsrv_tcon > table : * > db_rec : NULL > local_id : 0x00007ac4 (31428) > global : * > global: struct smbXsrv_tcon_global0 > db_rec : NULL > tcon_global_id : 0x2dbd2220 (767369760) > tcon_wire_id : 0x00007ac4 (31428) > server_id: struct server_id > pid : 0x0000000000004797 (18327) > task_id : 0x00000000 (0) > vnn : 0xffffffff (4294967295) > unique_id : 0x3a90ded0aead828a (4220117838711325322) > creation_time : Do Nov 10 14:51:14 2016 CET > share_name : 'IPC$' > encryption_flags : 0x08 (8) > 0: SMBXSRV_ENCRYPTION_REQUIRED > 0: SMBXSRV_ENCRYPTION_DESIRED > 0: SMBXSRV_PROCESSED_ENCRYPTED_PACKET > 1: SMBXSRV_PROCESSED_UNENCRYPTED_PACKET > session_global_id : 0x35cfff08 (902823688) > signing_flags : 0x02 (2) > 0: SMBXSRV_SIGNING_REQUIRED > 1: SMBXSRV_PROCESSED_SIGNED_PACKET > 0: SMBXSRV_PROCESSED_UNSIGNED_PACKET > status : NT_STATUS_OK > idle_time : Do Nov 10 14:51:14 2016 CET > compat : * >[2016/11/10 14:51:13.826472, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/nttrans.c:504(reply_ntcreate_and_X) > reply_ntcreate_and_X: flags = 0x0, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = lsarpc >[2016/11/10 14:51:13.826484, 4, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/nttrans.c:288(nt_open_pipe) > nt_open_pipe: Opening pipe \lsarpc. >[2016/11/10 14:51:13.826498, 5, pid=18327, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order) > check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb >[2016/11/10 14:51:13.826507, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) > lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2:<none> 3:<none> >[2016/11/10 14:51:13.826518, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) > Locking key 93DCB034 >[2016/11/10 14:51:13.826532, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) > Allocated locked data 0x0xf93d1938 >[2016/11/10 14:51:13.826542, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_open.c:623(smbXsrv_open_global_verify_record) > smbXsrv_open_global_verify_record: empty value >[2016/11/10 14:51:13.826576, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_open.c:742(smbXsrv_open_global_store) > smbXsrv_open_global_store: key '93DCB034' stored >[2016/11/10 14:51:13.826588, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &global_blob: struct smbXsrv_open_globalB > version : SMBXSRV_VERSION_0 (0) > seqnum : 0x00000001 (1) > info : union smbXsrv_open_globalU(case 0) > info0 : * > info0: struct smbXsrv_open_global0 > db_rec : * > server_id: struct server_id > pid : 0x0000000000004797 (18327) > task_id : 0x00000000 (0) > vnn : 0xffffffff (4294967295) > unique_id : 0x3a90ded0aead828a (4220117838711325322) > open_global_id : 0x93dcb034 (2480713780) > open_persistent_id : 0x0000000093dcb034 (2480713780) > open_volatile_id : 0x0000000000004211 (16913) > open_owner : S-1-5-21-1350919854-2293596380-2349120355-1000 > open_time : Do Nov 10 14:51:14 2016 CET > create_guid : 00000000-0000-0000-0000-000000000000 > client_guid : 00000000-0000-0000-0000-000000000000 > app_instance_id : 00000000-0000-0000-0000-000000000000 > disconnect_time : NTTIME(0) > durable_timeout_msec : 0x00000000 (0) > durable : 0x00 (0) > backend_cookie : DATA_BLOB length=0 > channel_sequence : 0x0000000000000000 (0) >[2016/11/10 14:51:13.826689, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) > Unlocking key 93DCB034 >[2016/11/10 14:51:13.826700, 5, pid=18327, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) > release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb >[2016/11/10 14:51:13.826710, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) > lock order: 1:<none> 2:<none> 3:<none> >[2016/11/10 14:51:13.826720, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_open.c:909(smbXsrv_open_create) > smbXsrv_open_create: global_id (0x93dcb034) stored >[2016/11/10 14:51:13.826729, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &open_blob: struct smbXsrv_openB > version : SMBXSRV_VERSION_0 (0) > reserved : 0x00000000 (0) > info : union smbXsrv_openU(case 0) > info0 : * > info0: struct smbXsrv_open > table : * > db_rec : NULL > local_id : 0x00004211 (16913) > global : * > global: struct smbXsrv_open_global0 > db_rec : NULL > server_id: struct server_id > pid : 0x0000000000004797 (18327) > task_id : 0x00000000 (0) > vnn : 0xffffffff (4294967295) > unique_id : 0x3a90ded0aead828a (4220117838711325322) > open_global_id : 0x93dcb034 (2480713780) > open_persistent_id : 0x0000000093dcb034 (2480713780) > open_volatile_id : 0x0000000000004211 (16913) > open_owner : S-1-5-21-1350919854-2293596380-2349120355-1000 > open_time : Do Nov 10 14:51:14 2016 CET > create_guid : 00000000-0000-0000-0000-000000000000 > client_guid : 00000000-0000-0000-0000-000000000000 > app_instance_id : 00000000-0000-0000-0000-000000000000 > disconnect_time : NTTIME(0) > durable_timeout_msec : 0x00000000 (0) > durable : 0x00 (0) > backend_cookie : DATA_BLOB length=0 > channel_sequence : 0x0000000000000000 (0) > status : NT_STATUS_OK > idle_time : Do Nov 10 14:51:14 2016 CET > compat : NULL > flags : 0x00 (0) > 0: SMBXSRV_OPEN_NEED_REPLAY_CACHE > 0: SMBXSRV_OPEN_HAVE_REPLAY_CACHE > create_action : 0x00000000 (0) > request_count : 0x0000000000000000 (0) > pre_request_count : 0x0000000000000000 (0) >[2016/11/10 14:51:13.826876, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/files.c:128(file_new) > allocated file structure fnum 16913 (1 used) >[2016/11/10 14:51:13.826888, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/files.c:745(file_name_hash) > file_name_hash: /tmp/lsarpc hash 0xa9e2e929 >[2016/11/10 14:51:13.826930, 4, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:89(make_internal_rpc_pipe_socketpair) > Create of internal pipe lsarpc requested >[2016/11/10 14:51:13.826990, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/nttrans.c:382(do_ntcreate_pipe_open) > do_ntcreate_pipe_open: open pipe = \lsarpc >[2016/11/10 14:51:13.827004, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/util.c:171(show_msg) >[2016/11/10 14:51:13.827011, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/util.c:181(show_msg) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51223 > smb_tid=31428 > smb_pid=18325 > smb_uid=52826 > smb_mid=4 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 4352 (0x1100) > smb_vwv[ 3]= 322 (0x142) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 0 (0x0) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2016/11/10 14:51:13.827123, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) >[2016/11/10 14:51:13.827130, 10, pid=18327, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:158(smb_signing_md5) > smb_signing_md5: sequence number 5 >[2016/11/10 14:51:13.827140, 10, pid=18327, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:271(smb_signing_sign_pdu) > smb_signing_sign_pdu: sent SMB signature of >[2016/11/10 14:51:13.827149, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) > [0000] 8D 05 BA 7D DA 55 79 53 ...}.UyS >[2016/11/10 14:51:13.827312, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/util_sock.c:248(read_smb_length_return_keepalive) > got smb length of 156 >[2016/11/10 14:51:13.827325, 10, pid=18327, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:158(smb_signing_md5) > smb_signing_md5: sequence number 6 >[2016/11/10 14:51:13.827335, 10, pid=18327, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:330(smb_signing_check_pdu) > smb_signing_check_pdu: seq 6: got good SMB signature of >[2016/11/10 14:51:13.827344, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) > [0000] D2 80 13 B7 C3 5A 30 9F .....Z0. >[2016/11/10 14:51:13.827359, 6, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1955(process_smb) > got message type 0x0 of len 0x9c >[2016/11/10 14:51:13.827368, 3, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1957(process_smb) > Transaction 5 of length 160 (0 toread) >[2016/11/10 14:51:13.827377, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/util.c:171(show_msg) >[2016/11/10 14:51:13.827384, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/util.c:181(show_msg) > size=156 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51287 > smb_tid=31428 > smb_pid=18325 > smb_uid=52826 > smb_mid=5 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 72 (0x48) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=16913 (0x4211) > smb_bcc=89 >[2016/11/10 14:51:13.827454, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... > [0020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ > [0030] 00 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xW4.4.. ....#Eg. > [0040] AB 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [0050] 00 2B 10 48 60 02 00 00 00 .+.H`... . >[2016/11/10 14:51:13.827519, 3, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1538(switch_message) > switch message SMBtrans (pid 18327) conn 0xf93f27a0 >[2016/11/10 14:51:13.827530, 4, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:384(change_to_user) > Skipping user change - already user >[2016/11/10 14:51:13.827541, 3, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:591(handle_trans) > trans <\PIPE\> data=72 params=0 setup=2 >[2016/11/10 14:51:13.827552, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:624(handle_trans) > calling named_pipe >[2016/11/10 14:51:13.827561, 3, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:542(named_pipe) > named pipe command on <> name >[2016/11/10 14:51:13.827571, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:464(api_fd_reply) > api_fd_reply >[2016/11/10 14:51:13.827580, 3, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:506(api_fd_reply) > Got API command 0x26 on pipe "lsarpc" (pnum 4211) >[2016/11/10 14:51:13.827590, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:508(api_fd_reply) > api_fd_reply: p:0xf93f3ac8 max_trans_reply: 4280 >[2016/11/10 14:51:13.827599, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:172(np_write_send) > np_write_send: len: 72 >[2016/11/10 14:51:13.827638, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:441(named_pipe_packet_process) > PDU is in Little Endian format! >[2016/11/10 14:51:13.827649, 10, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1685(process_complete_pdu) > Processing packet type 11 >[2016/11/10 14:51:13.827675, 3, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:728(api_pipe_bind_req) > api_pipe_bind_req: lsarpc -> lsarpc rpc service >[2016/11/10 14:51:13.827685, 5, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:761(api_pipe_bind_req) > api_pipe_bind_req: make response. 761 >[2016/11/10 14:51:13.827695, 3, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:356(check_bind_req) > check_bind_req for lsarpc context_id=0 >[2016/11/10 14:51:13.827714, 3, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:399(check_bind_req) > check_bind_req: lsarpc -> lsarpc rpc service >[2016/11/10 14:51:13.827724, 10, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:223(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe lsarpc >[2016/11/10 14:51:13.827734, 10, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:240(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe lsarpc >[2016/11/10 14:51:13.827756, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND_ACK (12) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0044 (68) > auth_length : 0x0000 (0) > call_id : 0x00000001 (1) > u : union dcerpc_payload(case 12) > bind_ack: struct dcerpc_bind_ack > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x000053f0 (21488) > secondary_address_size : 0x000d (13) > secondary_address : '\PIPE\lsarpc' > _pad1 : DATA_BLOB length=0 > num_results : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ack_ctx > result : DCERPC_BIND_ACK_RESULT_ACCEPTANCE (0) > reason : union dcerpc_bind_ack_reason(case 0) > value : DCERPC_BIND_ACK_REASON_NOT_SPECIFIED (0) > syntax: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 >[2016/11/10 14:51:13.827896, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:509(named_pipe_packet_process) > Sending 1 fragments in a total of 0 bytes >[2016/11/10 14:51:13.827906, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:514(named_pipe_packet_process) > Sending PDU number: 0, PDU Length: 68 >[2016/11/10 14:51:13.827934, 10, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:417(np_read_recv) > Received 68 bytes. There is no more data outstanding >[2016/11/10 14:51:13.827945, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..68] (align 0) >[2016/11/10 14:51:13.827955, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/util.c:171(show_msg) >[2016/11/10 14:51:13.827962, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/util.c:181(show_msg) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51223 > smb_tid=31428 > smb_pid=18325 > smb_uid=52826 > smb_mid=5 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2016/11/10 14:51:13.828018, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) > [0000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... > [0010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE > [0020] 5C 6C 73 61 72 70 63 00 00 01 00 00 00 00 00 00 \lsarpc. ........ > [0030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [0040] 60 02 00 00 00 `.... >[2016/11/10 14:51:13.828071, 10, pid=18327, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:158(smb_signing_md5) > smb_signing_md5: sequence number 7 >[2016/11/10 14:51:13.828081, 10, pid=18327, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:271(smb_signing_sign_pdu) > smb_signing_sign_pdu: sent SMB signature of >[2016/11/10 14:51:13.828097, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) > [0000] 96 46 0E BC EC 23 95 AE .F...#.. >[2016/11/10 14:51:13.828240, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/util_sock.c:248(read_smb_length_return_keepalive) > got smb length of 152 >[2016/11/10 14:51:13.828254, 10, pid=18327, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:158(smb_signing_md5) > smb_signing_md5: sequence number 8 >[2016/11/10 14:51:13.828264, 10, pid=18327, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:330(smb_signing_check_pdu) > smb_signing_check_pdu: seq 8: got good SMB signature of >[2016/11/10 14:51:13.828276, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) > [0000] 2D 9C C6 91 D0 F3 4B FC -.....K. >[2016/11/10 14:51:13.828291, 6, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1955(process_smb) > got message type 0x0 of len 0x98 >[2016/11/10 14:51:13.828300, 3, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1957(process_smb) > Transaction 6 of length 156 (0 toread) >[2016/11/10 14:51:13.828310, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/util.c:171(show_msg) >[2016/11/10 14:51:13.828316, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/util.c:181(show_msg) > size=152 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51287 > smb_tid=31428 > smb_pid=18325 > smb_uid=52826 > smb_mid=6 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 68 (0x44) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=16913 (0x4211) > smb_bcc=85 >[2016/11/10 14:51:13.828387, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 44 00 00 00 02 00 00 ........ .D...... > [0020] 00 2C 00 00 00 00 00 06 00 00 00 02 00 5C 00 00 .,...... .....\.. > [0030] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0040] 00 00 00 00 00 04 00 02 00 0C 00 00 00 02 00 01 ........ ........ > [0050] 00 00 00 00 02 ..... >[2016/11/10 14:51:13.828450, 3, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1538(switch_message) > switch message SMBtrans (pid 18327) conn 0xf93f27a0 >[2016/11/10 14:51:13.828460, 4, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:384(change_to_user) > Skipping user change - already user >[2016/11/10 14:51:13.828471, 3, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:591(handle_trans) > trans <\PIPE\> data=68 params=0 setup=2 >[2016/11/10 14:51:13.828482, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:624(handle_trans) > calling named_pipe >[2016/11/10 14:51:13.828491, 3, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:542(named_pipe) > named pipe command on <> name >[2016/11/10 14:51:13.828500, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:464(api_fd_reply) > api_fd_reply >[2016/11/10 14:51:13.828510, 3, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:506(api_fd_reply) > Got API command 0x26 on pipe "lsarpc" (pnum 4211) >[2016/11/10 14:51:13.828519, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:508(api_fd_reply) > api_fd_reply: p:0xf93f3ac8 max_trans_reply: 4280 >[2016/11/10 14:51:13.828529, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:172(np_write_send) > np_write_send: len: 68 >[2016/11/10 14:51:13.828561, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:441(named_pipe_packet_process) > PDU is in Little Endian format! >[2016/11/10 14:51:13.828572, 10, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1685(process_complete_pdu) > Processing packet type 0 >[2016/11/10 14:51:13.828581, 10, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1554(dcesrv_auth_request) > Checking request auth. >[2016/11/10 14:51:13.828595, 4, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2016/11/10 14:51:13.828607, 4, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2016/11/10 14:51:13.828620, 5, pid=18327, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (7): > SID[ 0]: S-1-5-21-1350919854-2293596380-2349120355-1000 > SID[ 1]: S-1-5-21-1350919854-2293596380-2349120355-513 > SID[ 2]: S-1-22-2-0 > SID[ 3]: S-1-1-0 > SID[ 4]: S-1-5-2 > SID[ 5]: S-1-5-11 > SID[ 6]: S-1-22-1-0 > Privileges (0x 0): > Rights (0x 0): >[2016/11/10 14:51:13.828656, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 1 supplementary groups > Group[ 0]: 0 >[2016/11/10 14:51:13.828676, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:452(smbd_become_authenticated_pipe_user) > Impersonated user: uid=(0,0), gid=(0,0) >[2016/11/10 14:51:13.828688, 5, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1404(api_pipe_request) > Requested lsarpc rpc service >[2016/11/10 14:51:13.828697, 4, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1429(api_rpcTNP) > api_rpcTNP: lsarpc op 0x6 - api_rpcTNP: rpc command: LSA_OPENPOLICY >[2016/11/10 14:51:13.828709, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1469(api_rpcTNP) > api_rpc_cmds[6].fn == 0xf7537f40 >[2016/11/10 14:51:13.828736, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > lsa_OpenPolicy: struct lsa_OpenPolicy > in: struct lsa_OpenPolicy > system_name : * > system_name : 0x005c (92) > attr : * > attr: struct lsa_ObjectAttribute > len : 0x00000018 (24) > root_dir : NULL > object_name : NULL > attributes : 0x00000000 (0) > sec_desc : NULL > sec_qos : * > sec_qos: struct lsa_QosInfo > len : 0x0000000c (12) > impersonation_level : 0x0002 (2) > context_mode : 0x01 (1) > effective_only : 0x00 (0) > access_mask : 0x02000000 (33554432) > 0: LSA_POLICY_VIEW_LOCAL_INFORMATION > 0: LSA_POLICY_VIEW_AUDIT_INFORMATION > 0: LSA_POLICY_GET_PRIVATE_INFORMATION > 0: LSA_POLICY_TRUST_ADMIN > 0: LSA_POLICY_CREATE_ACCOUNT > 0: LSA_POLICY_CREATE_SECRET > 0: LSA_POLICY_CREATE_PRIVILEGE > 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS > 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS > 0: LSA_POLICY_AUDIT_LOG_ADMIN > 0: LSA_POLICY_SERVER_ADMIN > 0: LSA_POLICY_LOOKUP_NAMES > 0: LSA_POLICY_NOTIFICATION >[2016/11/10 14:51:13.828873, 10, pid=18327, effective(0, 0), real(0, 0)] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0xb0000000 to 0x000f1fff >[2016/11/10 14:51:13.828887, 4, pid=18327, effective(0, 0), real(0, 0)] ../source3/rpc_server/srv_access_check.c:95(access_check_object) > _lsa_OpenPolicy2: ACCESS should be DENIED (requested: 0x000f1fff) > but overritten by euid == initial uid >[2016/11/10 14:51:13.828900, 4, pid=18327, effective(0, 0), real(0, 0)] ../source3/rpc_server/srv_access_check.c:117(access_check_object) > _lsa_OpenPolicy2: access GRANTED (requested: 0x000f1fff, granted: 0x000f1fff) >[2016/11/10 14:51:13.828911, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 24 58 51 7B ........ ....$XQ{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:13.828938, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > lsa_OpenPolicy: struct lsa_OpenPolicy > out: struct lsa_OpenPolicy > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000d-0000-0000-2458-517b97470000 > result : NT_STATUS_OK >[2016/11/10 14:51:13.828970, 5, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1496(api_rpcTNP) > api_rpcTNP: called lsarpc successfully >[2016/11/10 14:51:13.828986, 4, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2016/11/10 14:51:13.829000, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=24 > [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 24 58 51 7B ........ ....$XQ{ > [0010] 97 47 00 00 00 00 00 00 .G...... >[2016/11/10 14:51:13.829119, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:509(named_pipe_packet_process) > Sending 1 fragments in a total of 24 bytes >[2016/11/10 14:51:13.829128, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:514(named_pipe_packet_process) > Sending PDU number: 0, PDU Length: 48 >[2016/11/10 14:51:13.829158, 10, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:417(np_read_recv) > Received 48 bytes. There is no more data outstanding >[2016/11/10 14:51:13.829169, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2016/11/10 14:51:13.829179, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/util.c:171(show_msg) >[2016/11/10 14:51:13.829185, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/util.c:181(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51223 > smb_tid=31428 > smb_pid=18325 > smb_uid=52826 > smb_mid=6 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2016/11/10 14:51:13.829245, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... > [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 0D 00 00 ........ ........ > [0020] 00 00 00 00 00 24 58 51 7B 97 47 00 00 00 00 00 .....$XQ {.G..... > [0030] 00 . >[2016/11/10 14:51:13.829287, 10, pid=18327, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:158(smb_signing_md5) > smb_signing_md5: sequence number 9 >[2016/11/10 14:51:13.829297, 10, pid=18327, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:271(smb_signing_sign_pdu) > smb_signing_sign_pdu: sent SMB signature of >[2016/11/10 14:51:13.829306, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) > [0000] FD 7B F2 D8 14 AA 85 58 .{.....X >[2016/11/10 14:51:13.829404, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/util_sock.c:248(read_smb_length_return_keepalive) > got smb length of 130 >[2016/11/10 14:51:13.829416, 10, pid=18327, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:158(smb_signing_md5) > smb_signing_md5: sequence number 10 >[2016/11/10 14:51:13.829426, 10, pid=18327, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:330(smb_signing_check_pdu) > smb_signing_check_pdu: seq 10: got good SMB signature of >[2016/11/10 14:51:13.829435, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) > [0000] 3D E8 BF 6E F7 3C FE 18 =..n.<.. >[2016/11/10 14:51:13.829450, 6, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1955(process_smb) > got message type 0x0 of len 0x82 >[2016/11/10 14:51:13.829459, 3, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1957(process_smb) > Transaction 7 of length 134 (0 toread) >[2016/11/10 14:51:13.829468, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/util.c:171(show_msg) >[2016/11/10 14:51:13.829475, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/util.c:181(show_msg) > size=130 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51287 > smb_tid=31428 > smb_pid=18325 > smb_uid=52826 > smb_mid=7 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 46 (0x2E) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 46 (0x2E) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=16913 (0x4211) > smb_bcc=63 >[2016/11/10 14:51:13.829545, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 2E 00 00 00 03 00 00 ........ ........ > [0020] 00 16 00 00 00 00 00 07 00 00 00 00 00 0D 00 00 ........ ........ > [0030] 00 00 00 00 00 24 58 51 7B 97 47 00 00 05 00 .....$XQ {.G.... >[2016/11/10 14:51:13.829591, 3, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1538(switch_message) > switch message SMBtrans (pid 18327) conn 0xf93f27a0 >[2016/11/10 14:51:13.829601, 4, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:384(change_to_user) > Skipping user change - already user >[2016/11/10 14:51:13.829612, 3, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:591(handle_trans) > trans <\PIPE\> data=46 params=0 setup=2 >[2016/11/10 14:51:13.829623, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:624(handle_trans) > calling named_pipe >[2016/11/10 14:51:13.829632, 3, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:542(named_pipe) > named pipe command on <> name >[2016/11/10 14:51:13.829641, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:464(api_fd_reply) > api_fd_reply >[2016/11/10 14:51:13.829650, 3, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:506(api_fd_reply) > Got API command 0x26 on pipe "lsarpc" (pnum 4211) >[2016/11/10 14:51:13.829663, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:508(api_fd_reply) > api_fd_reply: p:0xf93f3ac8 max_trans_reply: 4280 >[2016/11/10 14:51:13.829672, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:172(np_write_send) > np_write_send: len: 46 >[2016/11/10 14:51:13.829704, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:441(named_pipe_packet_process) > PDU is in Little Endian format! >[2016/11/10 14:51:13.829714, 10, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1685(process_complete_pdu) > Processing packet type 0 >[2016/11/10 14:51:13.829724, 10, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1554(dcesrv_auth_request) > Checking request auth. >[2016/11/10 14:51:13.829736, 4, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2016/11/10 14:51:13.829754, 4, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2016/11/10 14:51:13.829765, 5, pid=18327, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (7): > SID[ 0]: S-1-5-21-1350919854-2293596380-2349120355-1000 > SID[ 1]: S-1-5-21-1350919854-2293596380-2349120355-513 > SID[ 2]: S-1-22-2-0 > SID[ 3]: S-1-1-0 > SID[ 4]: S-1-5-2 > SID[ 5]: S-1-5-11 > SID[ 6]: S-1-22-1-0 > Privileges (0x 0): > Rights (0x 0): >[2016/11/10 14:51:13.829800, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 1 supplementary groups > Group[ 0]: 0 >[2016/11/10 14:51:13.829820, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:452(smbd_become_authenticated_pipe_user) > Impersonated user: uid=(0,0), gid=(0,0) >[2016/11/10 14:51:13.829832, 5, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1404(api_pipe_request) > Requested lsarpc rpc service >[2016/11/10 14:51:13.829841, 4, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1429(api_rpcTNP) > api_rpcTNP: lsarpc op 0x7 - api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY >[2016/11/10 14:51:13.829852, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1469(api_rpcTNP) > api_rpc_cmds[7].fn == 0xf7537cb0 >[2016/11/10 14:51:13.829865, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > lsa_QueryInfoPolicy: struct lsa_QueryInfoPolicy > in: struct lsa_QueryInfoPolicy > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000d-0000-0000-2458-517b97470000 > level : LSA_POLICY_INFO_ACCOUNT_DOMAIN (5) >[2016/11/10 14:51:13.829907, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 24 58 51 7B ........ ....$XQ{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:13.829933, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > lsa_QueryInfoPolicy: struct lsa_QueryInfoPolicy > out: struct lsa_QueryInfoPolicy > info : * > info : * > info : union lsa_PolicyInformation(case 5) > account_domain: struct lsa_DomainInfo > name: struct lsa_StringLarge > length : 0x0008 (8) > size : 0x000a (10) > string : * > string : 'LAN2' > sid : * > sid : S-1-5-21-1350919854-2293596380-2349120355 > result : NT_STATUS_OK >[2016/11/10 14:51:13.829996, 5, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1496(api_rpcTNP) > api_rpcTNP: called lsarpc successfully >[2016/11/10 14:51:13.830012, 4, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2016/11/10 14:51:13.830025, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0060 (96) > auth_length : 0x0000 (0) > call_id : 0x00000003 (3) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000048 (72) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=72 > [0000] 00 00 02 00 05 00 00 00 08 00 0A 00 04 00 02 00 ........ ........ > [0010] 08 00 02 00 05 00 00 00 00 00 00 00 04 00 00 00 ........ ........ > [0020] 4C 00 41 00 4E 00 32 00 04 00 00 00 01 04 00 00 L.A.N.2. ........ > [0030] 00 00 00 05 15 00 00 00 AE 66 85 50 DC 80 B5 88 ........ .f.P.... > [0040] 63 BB 04 8C 00 00 00 00 c....... >[2016/11/10 14:51:13.830189, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:509(named_pipe_packet_process) > Sending 1 fragments in a total of 72 bytes >[2016/11/10 14:51:13.830199, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:514(named_pipe_packet_process) > Sending PDU number: 0, PDU Length: 96 >[2016/11/10 14:51:13.830228, 10, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:417(np_read_recv) > Received 96 bytes. There is no more data outstanding >[2016/11/10 14:51:13.830239, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..96] (align 0) >[2016/11/10 14:51:13.830248, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/util.c:171(show_msg) >[2016/11/10 14:51:13.830255, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/util.c:181(show_msg) > size=152 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51223 > smb_tid=31428 > smb_pid=18325 > smb_uid=52826 > smb_mid=7 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 96 (0x60) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 96 (0x60) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=97 >[2016/11/10 14:51:13.830315, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 60 00 00 00 03 00 00 ........ .`...... > [0010] 00 48 00 00 00 00 00 00 00 00 00 02 00 05 00 00 .H...... ........ > [0020] 00 08 00 0A 00 04 00 02 00 08 00 02 00 05 00 00 ........ ........ > [0030] 00 00 00 00 00 04 00 00 00 4C 00 41 00 4E 00 32 ........ .L.A.N.2 > [0040] 00 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 ........ ........ > [0050] 00 AE 66 85 50 DC 80 B5 88 63 BB 04 8C 00 00 00 ..f.P... .c...... > [0060] 00 . >[2016/11/10 14:51:13.830386, 10, pid=18327, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:158(smb_signing_md5) > smb_signing_md5: sequence number 11 >[2016/11/10 14:51:13.830395, 10, pid=18327, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:271(smb_signing_sign_pdu) > smb_signing_sign_pdu: sent SMB signature of >[2016/11/10 14:51:13.830405, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) > [0000] A5 BE 0D 81 18 A1 61 4E ......aN >[2016/11/10 14:51:13.830509, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/util_sock.c:248(read_smb_length_return_keepalive) > got smb length of 128 >[2016/11/10 14:51:13.830522, 10, pid=18327, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:158(smb_signing_md5) > smb_signing_md5: sequence number 12 >[2016/11/10 14:51:13.830532, 10, pid=18327, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:330(smb_signing_check_pdu) > smb_signing_check_pdu: seq 12: got good SMB signature of >[2016/11/10 14:51:13.830541, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) > [0000] 61 AE 22 5E E4 CB 88 63 a."^...c >[2016/11/10 14:51:13.830555, 6, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1955(process_smb) > got message type 0x0 of len 0x80 >[2016/11/10 14:51:13.830564, 3, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1957(process_smb) > Transaction 8 of length 132 (0 toread) >[2016/11/10 14:51:13.830573, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/util.c:171(show_msg) >[2016/11/10 14:51:13.830580, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/util.c:181(show_msg) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51287 > smb_tid=31428 > smb_pid=18325 > smb_uid=52826 > smb_mid=8 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=16913 (0x4211) > smb_bcc=61 >[2016/11/10 14:51:13.830650, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 04 00 00 ........ .,...... > [0020] 00 14 00 00 00 00 00 00 00 00 00 00 00 0D 00 00 ........ ........ > [0030] 00 00 00 00 00 24 58 51 7B 97 47 00 00 .....$XQ {.G.. >[2016/11/10 14:51:13.830695, 3, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1538(switch_message) > switch message SMBtrans (pid 18327) conn 0xf93f27a0 >[2016/11/10 14:51:13.830705, 4, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:384(change_to_user) > Skipping user change - already user >[2016/11/10 14:51:13.830716, 3, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:591(handle_trans) > trans <\PIPE\> data=44 params=0 setup=2 >[2016/11/10 14:51:13.830727, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:624(handle_trans) > calling named_pipe >[2016/11/10 14:51:13.830736, 3, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:542(named_pipe) > named pipe command on <> name >[2016/11/10 14:51:13.830748, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:464(api_fd_reply) > api_fd_reply >[2016/11/10 14:51:13.830758, 3, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:506(api_fd_reply) > Got API command 0x26 on pipe "lsarpc" (pnum 4211) >[2016/11/10 14:51:13.830767, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:508(api_fd_reply) > api_fd_reply: p:0xf93f3ac8 max_trans_reply: 4280 >[2016/11/10 14:51:13.830777, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:172(np_write_send) > np_write_send: len: 44 >[2016/11/10 14:51:13.830807, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:441(named_pipe_packet_process) > PDU is in Little Endian format! >[2016/11/10 14:51:13.830818, 10, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1685(process_complete_pdu) > Processing packet type 0 >[2016/11/10 14:51:13.830827, 10, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1554(dcesrv_auth_request) > Checking request auth. >[2016/11/10 14:51:13.830840, 4, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2016/11/10 14:51:13.830852, 4, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2016/11/10 14:51:13.830861, 5, pid=18327, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (7): > SID[ 0]: S-1-5-21-1350919854-2293596380-2349120355-1000 > SID[ 1]: S-1-5-21-1350919854-2293596380-2349120355-513 > SID[ 2]: S-1-22-2-0 > SID[ 3]: S-1-1-0 > SID[ 4]: S-1-5-2 > SID[ 5]: S-1-5-11 > SID[ 6]: S-1-22-1-0 > Privileges (0x 0): > Rights (0x 0): >[2016/11/10 14:51:13.830897, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 1 supplementary groups > Group[ 0]: 0 >[2016/11/10 14:51:13.830917, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:452(smbd_become_authenticated_pipe_user) > Impersonated user: uid=(0,0), gid=(0,0) >[2016/11/10 14:51:13.830928, 5, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1404(api_pipe_request) > Requested lsarpc rpc service >[2016/11/10 14:51:13.830937, 4, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1429(api_rpcTNP) > api_rpcTNP: lsarpc op 0x0 - api_rpcTNP: rpc command: LSA_CLOSE >[2016/11/10 14:51:13.830949, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1469(api_rpcTNP) > api_rpc_cmds[0].fn == 0xf7538de0 >[2016/11/10 14:51:13.830959, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > lsa_Close: struct lsa_Close > in: struct lsa_Close > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000d-0000-0000-2458-517b97470000 >[2016/11/10 14:51:13.830988, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 24 58 51 7B ........ ....$XQ{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:13.831012, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 24 58 51 7B ........ ....$XQ{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:13.831034, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) > Closed policy >[2016/11/10 14:51:13.831053, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > lsa_Close: struct lsa_Close > out: struct lsa_Close > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : NT_STATUS_OK >[2016/11/10 14:51:13.831085, 5, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1496(api_rpcTNP) > api_rpcTNP: called lsarpc successfully >[2016/11/10 14:51:13.831100, 4, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2016/11/10 14:51:13.831113, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0000 (0) > call_id : 0x00000004 (4) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=24 > [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0010] 00 00 00 00 00 00 00 00 ........ >[2016/11/10 14:51:13.831231, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:509(named_pipe_packet_process) > Sending 1 fragments in a total of 24 bytes >[2016/11/10 14:51:13.831241, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:514(named_pipe_packet_process) > Sending PDU number: 0, PDU Length: 48 >[2016/11/10 14:51:13.831268, 10, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:417(np_read_recv) > Received 48 bytes. There is no more data outstanding >[2016/11/10 14:51:13.831279, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2016/11/10 14:51:13.831289, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/util.c:171(show_msg) >[2016/11/10 14:51:13.831296, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/util.c:181(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51223 > smb_tid=31428 > smb_pid=18325 > smb_uid=52826 > smb_mid=8 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2016/11/10 14:51:13.831352, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... > [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0030] 00 . >[2016/11/10 14:51:13.831398, 10, pid=18327, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:158(smb_signing_md5) > smb_signing_md5: sequence number 13 >[2016/11/10 14:51:13.831408, 10, pid=18327, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:271(smb_signing_sign_pdu) > smb_signing_sign_pdu: sent SMB signature of >[2016/11/10 14:51:13.831417, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) > [0000] CF A6 F5 E7 39 AD 26 BE ....9.&. >[2016/11/10 14:51:13.831501, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/util_sock.c:248(read_smb_length_return_keepalive) > got smb length of 41 >[2016/11/10 14:51:13.831514, 10, pid=18327, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:158(smb_signing_md5) > smb_signing_md5: sequence number 14 >[2016/11/10 14:51:13.831523, 10, pid=18327, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:330(smb_signing_check_pdu) > smb_signing_check_pdu: seq 14: got good SMB signature of >[2016/11/10 14:51:13.831532, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) > [0000] 78 64 F9 0C 25 CF BD E9 xd..%... >[2016/11/10 14:51:13.831547, 6, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1955(process_smb) > got message type 0x0 of len 0x29 >[2016/11/10 14:51:13.831556, 3, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1957(process_smb) > Transaction 9 of length 45 (0 toread) >[2016/11/10 14:51:13.831565, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/util.c:171(show_msg) >[2016/11/10 14:51:13.831572, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/util.c:181(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51287 > smb_tid=31428 > smb_pid=18325 > smb_uid=52826 > smb_mid=9 > smt_wct=3 > smb_vwv[ 0]=16913 (0x4211) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2016/11/10 14:51:13.831612, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) >[2016/11/10 14:51:13.831621, 3, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1538(switch_message) > switch message SMBclose (pid 18327) conn 0xf93f27a0 >[2016/11/10 14:51:13.831631, 4, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:384(change_to_user) > Skipping user change - already user >[2016/11/10 14:51:13.831641, 3, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/reply.c:5327(reply_close) > Close file fd=-1 fnum 16913 (numopen=1) >[2016/11/10 14:51:13.831652, 6, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/close.c:513(set_close_write_time) > close_write_time: Thu Jan 1 00:59:59 1970 >[2016/11/10 14:51:13.831665, 5, pid=18327, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order) > check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb >[2016/11/10 14:51:13.831674, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) > lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2:<none> 3:<none> >[2016/11/10 14:51:13.831685, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) > Locking key 93DCB034 >[2016/11/10 14:51:13.831697, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) > Allocated locked data 0x0xf93efd68 >[2016/11/10 14:51:13.831712, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) > Unlocking key 93DCB034 >[2016/11/10 14:51:13.831722, 5, pid=18327, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) > release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb >[2016/11/10 14:51:13.831731, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) > lock order: 1:<none> 2:<none> 3:<none> >[2016/11/10 14:51:13.831751, 10, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:418(close_policy_by_pipe) > Deleted handle list for RPC connection lsarpc >[2016/11/10 14:51:13.831766, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/files.c:554(file_free) > freed files structure 16913 (0 used) >[2016/11/10 14:51:13.831776, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/util.c:171(show_msg) >[2016/11/10 14:51:13.831783, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/util.c:181(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51223 > smb_tid=31428 > smb_pid=18325 > smb_uid=52826 > smb_mid=9 > smt_wct=0 > smb_bcc=0 >[2016/11/10 14:51:13.831817, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) >[2016/11/10 14:51:13.831824, 10, pid=18327, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:158(smb_signing_md5) > smb_signing_md5: sequence number 15 >[2016/11/10 14:51:13.831833, 10, pid=18327, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:271(smb_signing_sign_pdu) > smb_signing_sign_pdu: sent SMB signature of >[2016/11/10 14:51:13.831842, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) > [0000] 4C 98 B2 98 FA F1 1A 4D L......M >[2016/11/10 14:51:16.574881, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/util_sock.c:248(read_smb_length_return_keepalive) > got smb length of 104 >[2016/11/10 14:51:16.574912, 10, pid=18327, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:158(smb_signing_md5) > smb_signing_md5: sequence number 16 >[2016/11/10 14:51:16.574927, 10, pid=18327, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:330(smb_signing_check_pdu) > smb_signing_check_pdu: seq 16: got good SMB signature of >[2016/11/10 14:51:16.574941, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) > [0000] 7B D3 1F 38 D7 C9 96 6D {..8...m >[2016/11/10 14:51:16.574964, 6, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1955(process_smb) > got message type 0x0 of len 0x68 >[2016/11/10 14:51:16.574978, 3, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1957(process_smb) > Transaction 10 of length 108 (0 toread) >[2016/11/10 14:51:16.574994, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/util.c:171(show_msg) >[2016/11/10 14:51:16.575004, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/util.c:181(show_msg) > size=104 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51287 > smb_tid=31428 > smb_pid=18325 > smb_uid=52826 > smb_mid=10 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 4608 (0x1200) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_bcc=21 >[2016/11/10 14:51:16.575095, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) > [0000] 00 5C 00 73 00 70 00 6F 00 6F 00 6C 00 73 00 73 .\.s.p.o .o.l.s.s > [0010] 00 00 00 00 00 ..... >[2016/11/10 14:51:16.575126, 3, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1538(switch_message) > switch message SMBntcreateX (pid 18327) conn 0xf93f27a0 >[2016/11/10 14:51:16.575138, 4, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:384(change_to_user) > Skipping user change - already user >[2016/11/10 14:51:16.575157, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/nttrans.c:504(reply_ntcreate_and_X) > reply_ntcreate_and_X: flags = 0x0, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = spoolss >[2016/11/10 14:51:16.575171, 4, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/nttrans.c:288(nt_open_pipe) > nt_open_pipe: Opening pipe \spoolss. >[2016/11/10 14:51:16.575187, 5, pid=18327, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order) > check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb >[2016/11/10 14:51:16.575197, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) > lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2:<none> 3:<none> >[2016/11/10 14:51:16.575209, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) > Locking key 6740DD85 >[2016/11/10 14:51:16.575225, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) > Allocated locked data 0x0xf93d1938 >[2016/11/10 14:51:16.575235, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_open.c:623(smbXsrv_open_global_verify_record) > smbXsrv_open_global_verify_record: empty value >[2016/11/10 14:51:16.575266, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_open.c:742(smbXsrv_open_global_store) > smbXsrv_open_global_store: key '6740DD85' stored >[2016/11/10 14:51:16.575277, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &global_blob: struct smbXsrv_open_globalB > version : SMBXSRV_VERSION_0 (0) > seqnum : 0x00000001 (1) > info : union smbXsrv_open_globalU(case 0) > info0 : * > info0: struct smbXsrv_open_global0 > db_rec : * > server_id: struct server_id > pid : 0x0000000000004797 (18327) > task_id : 0x00000000 (0) > vnn : 0xffffffff (4294967295) > unique_id : 0x3a90ded0aead828a (4220117838711325322) > open_global_id : 0x6740dd85 (1732304261) > open_persistent_id : 0x000000006740dd85 (1732304261) > open_volatile_id : 0x000000000000a82d (43053) > open_owner : S-1-5-21-1350919854-2293596380-2349120355-1000 > open_time : Do Nov 10 14:51:17 2016 CET > create_guid : 00000000-0000-0000-0000-000000000000 > client_guid : 00000000-0000-0000-0000-000000000000 > app_instance_id : 00000000-0000-0000-0000-000000000000 > disconnect_time : NTTIME(0) > durable_timeout_msec : 0x00000000 (0) > durable : 0x00 (0) > backend_cookie : DATA_BLOB length=0 > channel_sequence : 0x0000000000000000 (0) >[2016/11/10 14:51:16.575384, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) > Unlocking key 6740DD85 >[2016/11/10 14:51:16.575395, 5, pid=18327, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) > release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb >[2016/11/10 14:51:16.575405, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) > lock order: 1:<none> 2:<none> 3:<none> >[2016/11/10 14:51:16.575416, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_open.c:909(smbXsrv_open_create) > smbXsrv_open_create: global_id (0x6740dd85) stored >[2016/11/10 14:51:16.575425, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &open_blob: struct smbXsrv_openB > version : SMBXSRV_VERSION_0 (0) > reserved : 0x00000000 (0) > info : union smbXsrv_openU(case 0) > info0 : * > info0: struct smbXsrv_open > table : * > db_rec : NULL > local_id : 0x0000a82d (43053) > global : * > global: struct smbXsrv_open_global0 > db_rec : NULL > server_id: struct server_id > pid : 0x0000000000004797 (18327) > task_id : 0x00000000 (0) > vnn : 0xffffffff (4294967295) > unique_id : 0x3a90ded0aead828a (4220117838711325322) > open_global_id : 0x6740dd85 (1732304261) > open_persistent_id : 0x000000006740dd85 (1732304261) > open_volatile_id : 0x000000000000a82d (43053) > open_owner : S-1-5-21-1350919854-2293596380-2349120355-1000 > open_time : Do Nov 10 14:51:17 2016 CET > create_guid : 00000000-0000-0000-0000-000000000000 > client_guid : 00000000-0000-0000-0000-000000000000 > app_instance_id : 00000000-0000-0000-0000-000000000000 > disconnect_time : NTTIME(0) > durable_timeout_msec : 0x00000000 (0) > durable : 0x00 (0) > backend_cookie : DATA_BLOB length=0 > channel_sequence : 0x0000000000000000 (0) > status : NT_STATUS_OK > idle_time : Do Nov 10 14:51:17 2016 CET > compat : NULL > flags : 0x00 (0) > 0: SMBXSRV_OPEN_NEED_REPLAY_CACHE > 0: SMBXSRV_OPEN_HAVE_REPLAY_CACHE > create_action : 0x00000000 (0) > request_count : 0x0000000000000000 (0) > pre_request_count : 0x0000000000000000 (0) >[2016/11/10 14:51:16.575581, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/files.c:128(file_new) > allocated file structure fnum 43053 (1 used) >[2016/11/10 14:51:16.575594, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/files.c:745(file_name_hash) > file_name_hash: /tmp/spoolss hash 0x7d4e46e5 >[2016/11/10 14:51:16.575611, 4, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:89(make_internal_rpc_pipe_socketpair) > Create of internal pipe spoolss requested >[2016/11/10 14:51:16.575660, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/nttrans.c:382(do_ntcreate_pipe_open) > do_ntcreate_pipe_open: open pipe = \spoolss >[2016/11/10 14:51:16.575671, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/util.c:171(show_msg) >[2016/11/10 14:51:16.575678, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/util.c:181(show_msg) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51223 > smb_tid=31428 > smb_pid=18325 > smb_uid=52826 > smb_mid=10 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=11520 (0x2D00) > smb_vwv[ 3]= 424 (0x1A8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 0 (0x0) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2016/11/10 14:51:16.575793, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) >[2016/11/10 14:51:16.575800, 10, pid=18327, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:158(smb_signing_md5) > smb_signing_md5: sequence number 17 >[2016/11/10 14:51:16.575810, 10, pid=18327, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:271(smb_signing_sign_pdu) > smb_signing_sign_pdu: sent SMB signature of >[2016/11/10 14:51:16.575819, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) > [0000] 48 40 3A 84 CF 6C 80 68 H@:..l.h >[2016/11/10 14:51:16.576012, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/util_sock.c:248(read_smb_length_return_keepalive) > got smb length of 156 >[2016/11/10 14:51:16.576025, 10, pid=18327, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:158(smb_signing_md5) > smb_signing_md5: sequence number 18 >[2016/11/10 14:51:16.576035, 10, pid=18327, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:330(smb_signing_check_pdu) > smb_signing_check_pdu: seq 18: got good SMB signature of >[2016/11/10 14:51:16.576044, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) > [0000] E5 07 66 31 2B 28 00 76 ..f1+(.v >[2016/11/10 14:51:16.576059, 6, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1955(process_smb) > got message type 0x0 of len 0x9c >[2016/11/10 14:51:16.576068, 3, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1957(process_smb) > Transaction 11 of length 160 (0 toread) >[2016/11/10 14:51:16.576078, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/util.c:171(show_msg) >[2016/11/10 14:51:16.576084, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/util.c:181(show_msg) > size=156 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51287 > smb_tid=31428 > smb_pid=18325 > smb_uid=52826 > smb_mid=11 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 72 (0x48) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=43053 (0xA82D) > smb_bcc=89 >[2016/11/10 14:51:16.576160, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 05 00 00 ........ .H...... > [0020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ > [0030] 00 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xV4.4.. ....#Eg. > [0040] AB 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [0050] 00 2B 10 48 60 02 00 00 00 .+.H`... . >[2016/11/10 14:51:16.576223, 3, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1538(switch_message) > switch message SMBtrans (pid 18327) conn 0xf93f27a0 >[2016/11/10 14:51:16.576234, 4, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:384(change_to_user) > Skipping user change - already user >[2016/11/10 14:51:16.576246, 3, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:591(handle_trans) > trans <\PIPE\> data=72 params=0 setup=2 >[2016/11/10 14:51:16.576257, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:624(handle_trans) > calling named_pipe >[2016/11/10 14:51:16.576270, 3, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:542(named_pipe) > named pipe command on <> name >[2016/11/10 14:51:16.576279, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:464(api_fd_reply) > api_fd_reply >[2016/11/10 14:51:16.576289, 3, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:506(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum a82d) >[2016/11/10 14:51:16.576298, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:508(api_fd_reply) > api_fd_reply: p:0xf93f1990 max_trans_reply: 4280 >[2016/11/10 14:51:16.576308, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:172(np_write_send) > np_write_send: len: 72 >[2016/11/10 14:51:16.576348, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:441(named_pipe_packet_process) > PDU is in Little Endian format! >[2016/11/10 14:51:16.576359, 10, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1685(process_complete_pdu) > Processing packet type 11 >[2016/11/10 14:51:16.576374, 3, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:728(api_pipe_bind_req) > api_pipe_bind_req: spoolss -> spoolss rpc service >[2016/11/10 14:51:16.576384, 5, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:761(api_pipe_bind_req) > api_pipe_bind_req: make response. 761 >[2016/11/10 14:51:16.576394, 3, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:356(check_bind_req) > check_bind_req for spoolss context_id=0 >[2016/11/10 14:51:16.576404, 3, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:399(check_bind_req) > check_bind_req: spoolss -> spoolss rpc service >[2016/11/10 14:51:16.576414, 10, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:223(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe spoolss >[2016/11/10 14:51:16.576424, 10, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:240(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe spoolss >[2016/11/10 14:51:16.576441, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND_ACK (12) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0044 (68) > auth_length : 0x0000 (0) > call_id : 0x00000005 (5) > u : union dcerpc_payload(case 12) > bind_ack: struct dcerpc_bind_ack > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x000053f0 (21488) > secondary_address_size : 0x000e (14) > secondary_address : '\PIPE\spoolss' > _pad1 : DATA_BLOB length=0 > num_results : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ack_ctx > result : DCERPC_BIND_ACK_RESULT_ACCEPTANCE (0) > reason : union dcerpc_bind_ack_reason(case 0) > value : DCERPC_BIND_ACK_REASON_NOT_SPECIFIED (0) > syntax: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 >[2016/11/10 14:51:16.576629, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:509(named_pipe_packet_process) > Sending 1 fragments in a total of 0 bytes >[2016/11/10 14:51:16.576640, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:514(named_pipe_packet_process) > Sending PDU number: 0, PDU Length: 68 >[2016/11/10 14:51:16.576677, 10, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:417(np_read_recv) > Received 68 bytes. There is no more data outstanding >[2016/11/10 14:51:16.576689, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..68] (align 0) >[2016/11/10 14:51:16.576699, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/util.c:171(show_msg) >[2016/11/10 14:51:16.576706, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/util.c:181(show_msg) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51223 > smb_tid=31428 > smb_pid=18325 > smb_uid=52826 > smb_mid=11 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2016/11/10 14:51:16.576763, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) > [0000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 05 00 00 ........ .D...... > [0010] 00 B8 10 B8 10 F0 53 00 00 0E 00 5C 50 49 50 45 ......S. ...\PIPE > [0020] 5C 73 70 6F 6F 6C 73 73 00 01 00 00 00 00 00 00 \spoolss ........ > [0030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [0040] 60 02 00 00 00 `.... >[2016/11/10 14:51:16.576818, 10, pid=18327, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:158(smb_signing_md5) > smb_signing_md5: sequence number 19 >[2016/11/10 14:51:16.576830, 10, pid=18327, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:271(smb_signing_sign_pdu) > smb_signing_sign_pdu: sent SMB signature of >[2016/11/10 14:51:16.576842, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) > [0000] 8A B5 89 04 83 C6 B1 1C ........ >[2016/11/10 14:51:16.577031, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/util_sock.c:248(read_smb_length_return_keepalive) > got smb length of 286 >[2016/11/10 14:51:16.577044, 10, pid=18327, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:158(smb_signing_md5) > smb_signing_md5: sequence number 20 >[2016/11/10 14:51:16.577055, 10, pid=18327, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:330(smb_signing_check_pdu) > smb_signing_check_pdu: seq 20: got good SMB signature of >[2016/11/10 14:51:16.577064, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) > [0000] 6D 7E 06 13 76 E7 EB 1B m~..v... >[2016/11/10 14:51:16.577078, 6, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1955(process_smb) > got message type 0x0 of len 0x11e >[2016/11/10 14:51:16.577088, 3, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1957(process_smb) > Transaction 12 of length 290 (0 toread) >[2016/11/10 14:51:16.577097, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/util.c:171(show_msg) >[2016/11/10 14:51:16.577104, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/util.c:181(show_msg) > size=286 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51287 > smb_tid=31428 > smb_pid=18325 > smb_uid=52826 > smb_mid=12 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 202 (0xCA) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 202 (0xCA) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=43053 (0xA82D) > smb_bcc=219 >[2016/11/10 14:51:16.577178, 10, pid=18327, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 CA 00 00 00 06 00 00 ........ ........ > [0020] 00 B2 00 00 00 00 00 45 00 00 00 02 00 20 00 00 .......E ..... .. > [0030] 00 00 00 00 00 20 00 00 00 5C 00 5C 00 49 00 53 ..... .. .\.\.I.S > [0040] 00 45 00 52 00 56 00 5C 00 41 00 41 00 41 00 41 .E.R.V.\ .A.A.A.A > [0050] 00 41 00 41 00 41 00 41 00 41 00 41 00 41 00 41 .A.A.A.A .A.A.A.A > [0060] 00 41 00 41 00 41 00 41 00 41 00 41 00 41 00 41 .A.A.A.A .A.A.A.A > [0070] 00 41 00 41 00 C4 00 00 00 00 00 00 00 00 00 00 .A.A.... ........ > [0080] 00 00 00 00 00 0C 00 0F 00 01 00 00 00 01 00 00 ........ ........ > [0090] 00 04 00 02 00 1C 00 00 00 08 00 02 00 0C 00 02 ........ ........ > [00A0] 00 65 05 00 00 02 00 00 00 00 00 00 00 00 00 00 .e...... ........ > [00B0] 00 08 00 00 00 00 00 00 00 08 00 00 00 5C 00 5C ........ .....\.\ > [00C0] 00 49 00 53 00 45 00 52 00 56 00 00 00 01 00 00 .I.S.E.R .V...... > [00D0] 00 00 00 00 00 01 00 00 00 00 00 ........ ... >[2016/11/10 14:51:16.577320, 3, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1538(switch_message) > switch message SMBtrans (pid 18327) conn 0xf93f27a0 >[2016/11/10 14:51:16.577330, 4, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:384(change_to_user) > Skipping user change - already user >[2016/11/10 14:51:16.577342, 3, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:591(handle_trans) > trans <\PIPE\> data=202 params=0 setup=2 >[2016/11/10 14:51:16.577353, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:624(handle_trans) > calling named_pipe >[2016/11/10 14:51:16.577362, 3, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:542(named_pipe) > named pipe command on <> name >[2016/11/10 14:51:16.577372, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:464(api_fd_reply) > api_fd_reply >[2016/11/10 14:51:16.577381, 3, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:506(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum a82d) >[2016/11/10 14:51:16.577390, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:508(api_fd_reply) > api_fd_reply: p:0xf93f1990 max_trans_reply: 4280 >[2016/11/10 14:51:16.577400, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:172(np_write_send) > np_write_send: len: 202 >[2016/11/10 14:51:16.577432, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:441(named_pipe_packet_process) > PDU is in Little Endian format! >[2016/11/10 14:51:16.577443, 10, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1685(process_complete_pdu) > Processing packet type 0 >[2016/11/10 14:51:16.577453, 10, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1554(dcesrv_auth_request) > Checking request auth. >[2016/11/10 14:51:16.577468, 4, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2016/11/10 14:51:16.577481, 4, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2016/11/10 14:51:16.577492, 5, pid=18327, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (7): > SID[ 0]: S-1-5-21-1350919854-2293596380-2349120355-1000 > SID[ 1]: S-1-5-21-1350919854-2293596380-2349120355-513 > SID[ 2]: S-1-22-2-0 > SID[ 3]: S-1-1-0 > SID[ 4]: S-1-5-2 > SID[ 5]: S-1-5-11 > SID[ 6]: S-1-22-1-0 > Privileges (0x 0): > Rights (0x 0): >[2016/11/10 14:51:16.577532, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 1 supplementary groups > Group[ 0]: 0 >[2016/11/10 14:51:16.577555, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:452(smbd_become_authenticated_pipe_user) > Impersonated user: uid=(0,0), gid=(0,0) >[2016/11/10 14:51:16.577566, 5, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1404(api_pipe_request) > Requested spoolss rpc service >[2016/11/10 14:51:16.577576, 4, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1429(api_rpcTNP) > api_rpcTNP: spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX >[2016/11/10 14:51:16.577588, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1469(api_rpcTNP) > api_rpc_cmds[69].fn == 0xf7503270 >[2016/11/10 14:51:16.577637, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx > in: struct spoolss_OpenPrinterEx > printername : * > printername : '\\ISERV\AAAAAAAAAAAAAAAAAAAAAAÄ' > datatype : NULL > devmode_ctr: struct spoolss_DevmodeContainer > _ndr_size : 0x00000000 (0) > devmode : NULL > access_mask : 0x000f000c (983052) > 0: SERVER_ACCESS_ADMINISTER > 0: SERVER_ACCESS_ENUMERATE > 1: PRINTER_ACCESS_ADMINISTER > 1: PRINTER_ACCESS_USE > 0: JOB_ACCESS_ADMINISTER > 0: JOB_ACCESS_READ > userlevel_ctr: struct spoolss_UserLevelCtr > level : 0x00000001 (1) > user_info : union spoolss_UserLevel(case 1) > level1 : * > level1: struct spoolss_UserLevel1 > size : 0x0000001c (28) > client : * > client : '\\ISERV' > user : * > user : '' > build : 0x00000565 (1381) > major : UNKNOWN_ENUM_VALUE (2) > minor : SPOOLSS_MINOR_VERSION_0 (0) > processor : PROCESSOR_ARCHITECTURE_INTEL (0) >[2016/11/10 14:51:16.577760, 4, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2016/11/10 14:51:16.577773, 4, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(52826) : conn_ctx_stack_ndx = 0 >[2016/11/10 14:51:16.577782, 4, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2016/11/10 14:51:16.577792, 5, pid=18327, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2016/11/10 14:51:16.577801, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2016/11/10 14:51:16.577883, 7, pid=18327, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:4099(lp_servicenumber) > lp_servicenumber: couldn't find aaaaaaaaaaaaaaaaaaaaaaaä >[2016/11/10 14:51:16.577916, 8, pid=18327, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1430(add_a_service) > add_a_service: Creating snum = 21 for aaaaaaaaaaaaaaaaaaaaaaaä >[2016/11/10 14:51:16.577927, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1480(hash_a_service) > hash_a_service: hashing index 21 for service name aaaaaaaaaaaaaaaaaaaaaaaä >[2016/11/10 14:51:16.577938, 3, pid=18327, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1626(lp_add_printer) > adding printer service aaaaaaaaaaaaaaaaaaaaaaaä >[2016/11/10 14:51:16.577966, 7, pid=18327, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:4099(lp_servicenumber) > lp_servicenumber: couldn't find Brother_HL-L8250CDN >[2016/11/10 14:51:16.577983, 8, pid=18327, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1430(add_a_service) > add_a_service: Creating snum = 22 for Brother_HL-L8250CDN >[2016/11/10 14:51:16.577993, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1480(hash_a_service) > hash_a_service: hashing index 22 for service name Brother_HL-L8250CDN >[2016/11/10 14:51:16.578004, 3, pid=18327, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1626(lp_add_printer) > adding printer service Brother_HL-L8250CDN >[2016/11/10 14:51:16.578029, 7, pid=18327, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:4099(lp_servicenumber) > lp_servicenumber: couldn't find HLL8250CDN >[2016/11/10 14:51:16.578046, 8, pid=18327, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1430(add_a_service) > add_a_service: Creating snum = 23 for HLL8250CDN >[2016/11/10 14:51:16.578055, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1480(hash_a_service) > hash_a_service: hashing index 23 for service name HLL8250CDN >[2016/11/10 14:51:16.578066, 3, pid=18327, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1626(lp_add_printer) > adding printer service HLL8250CDN >[2016/11/10 14:51:16.578093, 7, pid=18327, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:4099(lp_servicenumber) > lp_servicenumber: couldn't find asdf >[2016/11/10 14:51:16.578109, 8, pid=18327, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1430(add_a_service) > add_a_service: Creating snum = 24 for asdf >[2016/11/10 14:51:16.578118, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1480(hash_a_service) > hash_a_service: hashing index 24 for service name asdf >[2016/11/10 14:51:16.578129, 3, pid=18327, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1626(lp_add_printer) > adding printer service asdf >[2016/11/10 14:51:16.578155, 7, pid=18327, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:4099(lp_servicenumber) > lp_servicenumber: couldn't find test >[2016/11/10 14:51:16.578171, 8, pid=18327, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1430(add_a_service) > add_a_service: Creating snum = 25 for test >[2016/11/10 14:51:16.578181, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1480(hash_a_service) > hash_a_service: hashing index 25 for service name test >[2016/11/10 14:51:16.578191, 3, pid=18327, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1626(lp_add_printer) > adding printer service test >[2016/11/10 14:51:16.578220, 7, pid=18327, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:4099(lp_servicenumber) > lp_servicenumber: couldn't find aaaaaaaaaaaaaaaaaaaaaä >[2016/11/10 14:51:16.578235, 8, pid=18327, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1430(add_a_service) > add_a_service: Creating snum = 26 for aaaaaaaaaaaaaaaaaaaaaä >[2016/11/10 14:51:16.578245, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1480(hash_a_service) > hash_a_service: hashing index 26 for service name aaaaaaaaaaaaaaaaaaaaaä >[2016/11/10 14:51:16.578256, 3, pid=18327, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1626(lp_add_printer) > adding printer service aaaaaaaaaaaaaaaaaaaaaä >[2016/11/10 14:51:16.578289, 7, pid=18327, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:4099(lp_servicenumber) > lp_servicenumber: couldn't find testdrucjker >[2016/11/10 14:51:16.578305, 8, pid=18327, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1430(add_a_service) > add_a_service: Creating snum = 27 for testdrucjker >[2016/11/10 14:51:16.578315, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1480(hash_a_service) > hash_a_service: hashing index 27 for service name testdrucjker >[2016/11/10 14:51:16.578325, 3, pid=18327, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1626(lp_add_printer) > adding printer service testdrucjker >[2016/11/10 14:51:16.578355, 7, pid=18327, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:4099(lp_servicenumber) > lp_servicenumber: couldn't find aaaaaaaaaaaaaaaaaaaaaaä >[2016/11/10 14:51:16.578371, 8, pid=18327, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1430(add_a_service) > add_a_service: Creating snum = 28 for aaaaaaaaaaaaaaaaaaaaaaä >[2016/11/10 14:51:16.578381, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1480(hash_a_service) > hash_a_service: hashing index 28 for service name aaaaaaaaaaaaaaaaaaaaaaä >[2016/11/10 14:51:16.578391, 3, pid=18327, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1626(lp_add_printer) > adding printer service aaaaaaaaaaaaaaaaaaaaaaä >[2016/11/10 14:51:16.578421, 7, pid=18327, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:4099(lp_servicenumber) > lp_servicenumber: couldn't find Canon_iR_C1028iF >[2016/11/10 14:51:16.578436, 8, pid=18327, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1430(add_a_service) > add_a_service: Creating snum = 29 for Canon_iR_C1028iF >[2016/11/10 14:51:16.578446, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1480(hash_a_service) > hash_a_service: hashing index 29 for service name Canon_iR_C1028iF >[2016/11/10 14:51:16.578456, 3, pid=18327, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1626(lp_add_printer) > adding printer service Canon_iR_C1028iF >[2016/11/10 14:51:16.578487, 7, pid=18327, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:4099(lp_servicenumber) > lp_servicenumber: couldn't find Täääst >[2016/11/10 14:51:16.578502, 8, pid=18327, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1430(add_a_service) > add_a_service: Creating snum = 30 for Täääst >[2016/11/10 14:51:16.578512, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1480(hash_a_service) > hash_a_service: hashing index 30 for service name Täääst >[2016/11/10 14:51:16.578523, 3, pid=18327, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1626(lp_add_printer) > adding printer service Täääst >[2016/11/10 14:51:16.578554, 7, pid=18327, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:4099(lp_servicenumber) > lp_servicenumber: couldn't find iserv >[2016/11/10 14:51:16.578570, 8, pid=18327, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1430(add_a_service) > add_a_service: Creating snum = 31 for iserv >[2016/11/10 14:51:16.578579, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1480(hash_a_service) > hash_a_service: hashing index 31 for service name iserv >[2016/11/10 14:51:16.578590, 3, pid=18327, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1626(lp_add_printer) > adding printer service iserv >[2016/11/10 14:51:16.578622, 7, pid=18327, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:4099(lp_servicenumber) > lp_servicenumber: couldn't find Täst >[2016/11/10 14:51:16.578637, 8, pid=18327, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1430(add_a_service) > add_a_service: Creating snum = 32 for Täst >[2016/11/10 14:51:16.578646, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1480(hash_a_service) > hash_a_service: hashing index 32 for service name Täst >[2016/11/10 14:51:16.578657, 3, pid=18327, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1626(lp_add_printer) > adding printer service Täst >[2016/11/10 14:51:16.578692, 7, pid=18327, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:4099(lp_servicenumber) > lp_servicenumber: couldn't find Testdrucker >[2016/11/10 14:51:16.578707, 8, pid=18327, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1430(add_a_service) > add_a_service: Creating snum = 33 for Testdrucker >[2016/11/10 14:51:16.578717, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1480(hash_a_service) > hash_a_service: hashing index 33 for service name Testdrucker >[2016/11/10 14:51:16.578727, 3, pid=18327, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1626(lp_add_printer) > adding printer service Testdrucker >[2016/11/10 14:51:16.578753, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/server_reload.c:87(delete_and_reload_printers) > reloading printer services from pcap cache >[2016/11/10 14:51:16.579025, 4, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 > checking name: \\ISERV\AAAAAAAAAAAAAAAAAAAAAAÄ >[2016/11/10 14:51:16.579052, 10, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:735(open_printer_hnd) > open_printer_hnd: name [\\ISERV\AAAAAAAAAAAAAAAAAAAAAAÄ] >[2016/11/10 14:51:16.579065, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 0E 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.579090, 3, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:507(set_printer_hnd_printertype) > Setting printer type=\\ISERV\AAAAAAAAAAAAAAAAAAAAAAÄ > Printer is a printer >[2016/11/10 14:51:16.579102, 4, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:567(set_printer_hnd_name) > Setting printer name=\\ISERV\AAAAAAAAAAAAAAAAAAAAAAÄ (len=32) > searching for [AAAAAAAAAAAAAAAAAAAAAAÄ] >[2016/11/10 14:51:16.579133, 4, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) > Create pipe requested winreg >[2016/11/10 14:51:16.579145, 10, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:223(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe winreg >[2016/11/10 14:51:16.579155, 10, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:240(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg >[2016/11/10 14:51:16.579178, 4, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) > Created internal pipe winreg >[2016/11/10 14:51:16.579215, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2016/11/10 14:51:16.579273, 7, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2016/11/10 14:51:16.579289, 4, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2016/11/10 14:51:16.579303, 4, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(52826) : conn_ctx_stack_ndx = 0 >[2016/11/10 14:51:16.579313, 4, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2016/11/10 14:51:16.579323, 5, pid=18327, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2016/11/10 14:51:16.579332, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2016/11/10 14:51:16.579397, 4, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2016/11/10 14:51:16.579409, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:885(regdb_open) > regdb_open: registry db opened. refcount reset (1) >[2016/11/10 14:51:16.579420, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2016/11/10 14:51:16.579430, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2016/11/10 14:51:16.579440, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/11/10 14:51:16.579449, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xf7331040 for key [\HKLM] >[2016/11/10 14:51:16.579482, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 0F 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.579507, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000f-0000-0000-2458-547b97470000 > result : WERR_OK >[2016/11/10 14:51:16.579562, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000f-0000-0000-2458-547b97470000 > keyname: struct winreg_String > name_len : 0x0088 (136) > name_size : 0x0088 (136) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2016/11/10 14:51:16.579653, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0F 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.579679, 7, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2016/11/10 14:51:16.579689, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (1->2) >[2016/11/10 14:51:16.579700, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2016/11/10 14:51:16.579709, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2016/11/10 14:51:16.579719, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/11/10 14:51:16.579728, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE] >[2016/11/10 14:51:16.579750, 7, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2016/11/10 14:51:16.579760, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (2->3) >[2016/11/10 14:51:16.579773, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2016/11/10 14:51:16.579782, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2016/11/10 14:51:16.579793, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/11/10 14:51:16.579802, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft] >[2016/11/10 14:51:16.579824, 7, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2016/11/10 14:51:16.579834, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (3->4) >[2016/11/10 14:51:16.579844, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/11/10 14:51:16.579853, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/11/10 14:51:16.579864, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/11/10 14:51:16.579873, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/11/10 14:51:16.579890, 7, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2016/11/10 14:51:16.579900, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (4->5) >[2016/11/10 14:51:16.579910, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/11/10 14:51:16.579922, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/11/10 14:51:16.579933, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/11/10 14:51:16.579942, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xf76f87c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/11/10 14:51:16.579966, 7, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2016/11/10 14:51:16.579976, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (5->6) >[2016/11/10 14:51:16.579988, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/11/10 14:51:16.580001, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/11/10 14:51:16.580013, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/11/10 14:51:16.580022, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xf76f87c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/11/10 14:51:16.580041, 7, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2016/11/10 14:51:16.580051, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (6->7) >[2016/11/10 14:51:16.580061, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/11/10 14:51:16.580070, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/11/10 14:51:16.580083, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/11/10 14:51:16.580104, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/11/10 14:51:16.580159, 7, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [printer] >[2016/11/10 14:51:16.580172, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (7->8) >[2016/11/10 14:51:16.580182, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer] >[2016/11/10 14:51:16.580192, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer] >[2016/11/10 14:51:16.580207, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/11/10 14:51:16.580216, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer] >[2016/11/10 14:51:16.580239, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (8->7) >[2016/11/10 14:51:16.580250, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (7->6) >[2016/11/10 14:51:16.580260, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (6->5) >[2016/11/10 14:51:16.580269, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (5->4) >[2016/11/10 14:51:16.580279, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (4->3) >[2016/11/10 14:51:16.580288, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (3->2) >[2016/11/10 14:51:16.580299, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.580323, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000010-0000-0000-2458-547b97470000 > result : WERR_OK >[2016/11/10 14:51:16.580367, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > in: struct winreg_QueryInfoKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000010-0000-0000-2458-547b97470000 > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL >[2016/11/10 14:51:16.580413, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.580439, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer' (ops 0xf7331040) >[2016/11/10 14:51:16.580449, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer] >[2016/11/10 14:51:16.580479, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Datatype] len[8] >[2016/11/10 14:51:16.580493, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[1]: name[Default Priority] len[4] >[2016/11/10 14:51:16.580504, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[2]: name[Location] len[2] >[2016/11/10 14:51:16.580513, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[3]: name[Parameters] len[2] >[2016/11/10 14:51:16.580523, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[4]: name[Port] len[38] >[2016/11/10 14:51:16.580533, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[5]: name[Print Processor] len[18] >[2016/11/10 14:51:16.580544, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[6]: name[Priority] len[4] >[2016/11/10 14:51:16.580554, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[7]: name[Separator File] len[2] >[2016/11/10 14:51:16.580564, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[8]: name[Share Name] len[16] >[2016/11/10 14:51:16.580574, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[9]: name[StartTime] len[4] >[2016/11/10 14:51:16.580584, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[10]: name[Status] len[4] >[2016/11/10 14:51:16.580594, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[11]: name[UntilTime] len[4] >[2016/11/10 14:51:16.580604, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[12]: name[Description] len[36] >[2016/11/10 14:51:16.580615, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[13]: name[Security] len[200] >[2016/11/10 14:51:16.580625, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[14]: name[Name] len[16] >[2016/11/10 14:51:16.580635, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[15]: name[Attributes] len[4] >[2016/11/10 14:51:16.580648, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[16]: name[Default DevMode] len[1072] >[2016/11/10 14:51:16.580659, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[17]: name[Printer Driver] len[38] >[2016/11/10 14:51:16.580669, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[18]: name[ChangeID] len[4] >[2016/11/10 14:51:16.580680, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer] >[2016/11/10 14:51:16.580701, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > out: struct winreg_QueryInfoKey > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL > num_subkeys : * > num_subkeys : 0x00000003 (3) > max_subkeylen : * > max_subkeylen : 0x00000022 (34) > max_classlen : * > max_classlen : 0x00000000 (0) > num_values : * > num_values : 0x00000013 (19) > max_valnamelen : * > max_valnamelen : 0x00000022 (34) > max_valbufsize : * > max_valbufsize : 0x00000430 (1072) > secdescsize : * > secdescsize : 0x00000078 (120) > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2016/11/10 14:51:16.580797, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000010-0000-0000-2458-547b97470000 > enum_index : 0x00000000 (0) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x00000430 (1072) > length : * > length : 0x00000000 (0) >[2016/11/10 14:51:16.580873, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.580897, 8, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer] >[2016/11/10 14:51:16.580909, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Datatype' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(8) > [0] : 0x52 (82) > [1] : 0x00 (0) > [2] : 0x41 (65) > [3] : 0x00 (0) > [4] : 0x57 (87) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > size : * > size : 0x00000008 (8) > length : * > length : 0x00000008 (8) > result : WERR_OK >[2016/11/10 14:51:16.581009, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000010-0000-0000-2458-547b97470000 > enum_index : 0x00000001 (1) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x00000430 (1072) > length : * > length : 0x00000000 (0) >[2016/11/10 14:51:16.581084, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.581108, 8, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer] >[2016/11/10 14:51:16.581119, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0022 (34) > size : 0x0024 (36) > name : * > name : 'Default Priority' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2016/11/10 14:51:16.581215, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000010-0000-0000-2458-547b97470000 > enum_index : 0x00000002 (2) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x00000430 (1072) > length : * > length : 0x00000000 (0) >[2016/11/10 14:51:16.581295, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.581320, 8, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer] >[2016/11/10 14:51:16.581331, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Location' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(2) > [0] : 0x00 (0) > [1] : 0x00 (0) > size : * > size : 0x00000002 (2) > length : * > length : 0x00000002 (2) > result : WERR_OK >[2016/11/10 14:51:16.581419, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000010-0000-0000-2458-547b97470000 > enum_index : 0x00000003 (3) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x00000430 (1072) > length : * > length : 0x00000000 (0) >[2016/11/10 14:51:16.581495, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.581519, 8, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer] >[2016/11/10 14:51:16.581532, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0016 (22) > size : 0x0024 (36) > name : * > name : 'Parameters' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(2) > [0] : 0x00 (0) > [1] : 0x00 (0) > size : * > size : 0x00000002 (2) > length : * > length : 0x00000002 (2) > result : WERR_OK >[2016/11/10 14:51:16.581620, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000010-0000-0000-2458-547b97470000 > enum_index : 0x00000004 (4) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x00000430 (1072) > length : * > length : 0x00000000 (0) >[2016/11/10 14:51:16.581695, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.581720, 8, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer] >[2016/11/10 14:51:16.581730, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x000a (10) > size : 0x0024 (36) > name : * > name : 'Port' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(38) > [0] : 0x53 (83) > [1] : 0x00 (0) > [2] : 0x61 (97) > [3] : 0x00 (0) > [4] : 0x6d (109) > [5] : 0x00 (0) > [6] : 0x62 (98) > [7] : 0x00 (0) > [8] : 0x61 (97) > [9] : 0x00 (0) > [10] : 0x20 (32) > [11] : 0x00 (0) > [12] : 0x50 (80) > [13] : 0x00 (0) > [14] : 0x72 (114) > [15] : 0x00 (0) > [16] : 0x69 (105) > [17] : 0x00 (0) > [18] : 0x6e (110) > [19] : 0x00 (0) > [20] : 0x74 (116) > [21] : 0x00 (0) > [22] : 0x65 (101) > [23] : 0x00 (0) > [24] : 0x72 (114) > [25] : 0x00 (0) > [26] : 0x20 (32) > [27] : 0x00 (0) > [28] : 0x50 (80) > [29] : 0x00 (0) > [30] : 0x6f (111) > [31] : 0x00 (0) > [32] : 0x72 (114) > [33] : 0x00 (0) > [34] : 0x74 (116) > [35] : 0x00 (0) > [36] : 0x00 (0) > [37] : 0x00 (0) > size : * > size : 0x00000026 (38) > length : * > length : 0x00000026 (38) > result : WERR_OK >[2016/11/10 14:51:16.581955, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000010-0000-0000-2458-547b97470000 > enum_index : 0x00000005 (5) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x00000430 (1072) > length : * > length : 0x00000000 (0) >[2016/11/10 14:51:16.582035, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.582059, 8, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer] >[2016/11/10 14:51:16.582070, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0020 (32) > size : 0x0024 (36) > name : * > name : 'Print Processor' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(18) > [0] : 0x77 (119) > [1] : 0x00 (0) > [2] : 0x69 (105) > [3] : 0x00 (0) > [4] : 0x6e (110) > [5] : 0x00 (0) > [6] : 0x70 (112) > [7] : 0x00 (0) > [8] : 0x72 (114) > [9] : 0x00 (0) > [10] : 0x69 (105) > [11] : 0x00 (0) > [12] : 0x6e (110) > [13] : 0x00 (0) > [14] : 0x74 (116) > [15] : 0x00 (0) > [16] : 0x00 (0) > [17] : 0x00 (0) > size : * > size : 0x00000012 (18) > length : * > length : 0x00000012 (18) > result : WERR_OK >[2016/11/10 14:51:16.582205, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000010-0000-0000-2458-547b97470000 > enum_index : 0x00000006 (6) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x00000430 (1072) > length : * > length : 0x00000000 (0) >[2016/11/10 14:51:16.582280, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.582304, 8, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer] >[2016/11/10 14:51:16.582315, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Priority' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2016/11/10 14:51:16.582409, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000010-0000-0000-2458-547b97470000 > enum_index : 0x00000007 (7) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x00000430 (1072) > length : * > length : 0x00000000 (0) >[2016/11/10 14:51:16.582484, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.582508, 8, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer] >[2016/11/10 14:51:16.582519, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x001e (30) > size : 0x0024 (36) > name : * > name : 'Separator File' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(2) > [0] : 0x00 (0) > [1] : 0x00 (0) > size : * > size : 0x00000002 (2) > length : * > length : 0x00000002 (2) > result : WERR_OK >[2016/11/10 14:51:16.582600, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000010-0000-0000-2458-547b97470000 > enum_index : 0x00000008 (8) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x00000430 (1072) > length : * > length : 0x00000000 (0) >[2016/11/10 14:51:16.582680, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.582705, 8, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer] >[2016/11/10 14:51:16.582715, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0016 (22) > size : 0x0024 (36) > name : * > name : 'Share Name' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(16) > [0] : 0x70 (112) > [1] : 0x00 (0) > [2] : 0x72 (114) > [3] : 0x00 (0) > [4] : 0x69 (105) > [5] : 0x00 (0) > [6] : 0x6e (110) > [7] : 0x00 (0) > [8] : 0x74 (116) > [9] : 0x00 (0) > [10] : 0x65 (101) > [11] : 0x00 (0) > [12] : 0x72 (114) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > size : * > size : 0x00000010 (16) > length : * > length : 0x00000010 (16) > result : WERR_OK >[2016/11/10 14:51:16.582852, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000010-0000-0000-2458-547b97470000 > enum_index : 0x00000009 (9) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x00000430 (1072) > length : * > length : 0x00000000 (0) >[2016/11/10 14:51:16.582930, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.582954, 8, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer] >[2016/11/10 14:51:16.582965, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0014 (20) > size : 0x0024 (36) > name : * > name : 'StartTime' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x00 (0) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2016/11/10 14:51:16.583061, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000010-0000-0000-2458-547b97470000 > enum_index : 0x0000000a (10) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x00000430 (1072) > length : * > length : 0x00000000 (0) >[2016/11/10 14:51:16.583135, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.583159, 8, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer] >[2016/11/10 14:51:16.583173, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x000e (14) > size : 0x0024 (36) > name : * > name : 'Status' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x00 (0) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2016/11/10 14:51:16.583266, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000010-0000-0000-2458-547b97470000 > enum_index : 0x0000000b (11) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x00000430 (1072) > length : * > length : 0x00000000 (0) >[2016/11/10 14:51:16.583341, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.583365, 8, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer] >[2016/11/10 14:51:16.583376, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0014 (20) > size : 0x0024 (36) > name : * > name : 'UntilTime' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x00 (0) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2016/11/10 14:51:16.583469, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000010-0000-0000-2458-547b97470000 > enum_index : 0x0000000c (12) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x00000430 (1072) > length : * > length : 0x00000000 (0) >[2016/11/10 14:51:16.583544, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.583568, 8, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer] >[2016/11/10 14:51:16.583579, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0018 (24) > size : 0x0024 (36) > name : * > name : 'Description' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(36) > [0] : 0x44 (68) > [1] : 0x00 (0) > [2] : 0x72 (114) > [3] : 0x00 (0) > [4] : 0x75 (117) > [5] : 0x00 (0) > [6] : 0x63 (99) > [7] : 0x00 (0) > [8] : 0x6b (107) > [9] : 0x00 (0) > [10] : 0x65 (101) > [11] : 0x00 (0) > [12] : 0x6e (110) > [13] : 0x00 (0) > [14] : 0x20 (32) > [15] : 0x00 (0) > [16] : 0x6d (109) > [17] : 0x00 (0) > [18] : 0x69 (105) > [19] : 0x00 (0) > [20] : 0x74 (116) > [21] : 0x00 (0) > [22] : 0x20 (32) > [23] : 0x00 (0) > [24] : 0x49 (73) > [25] : 0x00 (0) > [26] : 0x53 (83) > [27] : 0x00 (0) > [28] : 0x65 (101) > [29] : 0x00 (0) > [30] : 0x72 (114) > [31] : 0x00 (0) > [32] : 0x76 (118) > [33] : 0x00 (0) > [34] : 0x00 (0) > [35] : 0x00 (0) > size : * > size : 0x00000024 (36) > length : * > length : 0x00000024 (36) > result : WERR_OK >[2016/11/10 14:51:16.583835, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000010-0000-0000-2458-547b97470000 > enum_index : 0x0000000d (13) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x00000430 (1072) > length : * > length : 0x00000000 (0) >[2016/11/10 14:51:16.583913, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.583938, 8, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer] >[2016/11/10 14:51:16.583949, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Security' > type : * > type : REG_BINARY (3) > value : * > value: ARRAY(200) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x14 (20) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x24 (36) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x34 (52) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x01 (1) > [21] : 0x02 (2) > [22] : 0x00 (0) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x05 (5) > [28] : 0x20 (32) > [29] : 0x00 (0) > [30] : 0x00 (0) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x02 (2) > [34] : 0x00 (0) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x02 (2) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x05 (5) > [44] : 0x20 (32) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x20 (32) > [49] : 0x02 (2) > [50] : 0x00 (0) > [51] : 0x00 (0) > [52] : 0x02 (2) > [53] : 0x00 (0) > [54] : 0x94 (148) > [55] : 0x00 (0) > [56] : 0x05 (5) > [57] : 0x00 (0) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x02 (2) > [62] : 0x14 (20) > [63] : 0x00 (0) > [64] : 0x08 (8) > [65] : 0x00 (0) > [66] : 0x02 (2) > [67] : 0x20 (32) > [68] : 0x01 (1) > [69] : 0x01 (1) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x00 (0) > [75] : 0x01 (1) > [76] : 0x00 (0) > [77] : 0x00 (0) > [78] : 0x00 (0) > [79] : 0x00 (0) > [80] : 0x00 (0) > [81] : 0x09 (9) > [82] : 0x24 (36) > [83] : 0x00 (0) > [84] : 0x0c (12) > [85] : 0x00 (0) > [86] : 0x0f (15) > [87] : 0x10 (16) > [88] : 0x01 (1) > [89] : 0x05 (5) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x00 (0) > [93] : 0x00 (0) > [94] : 0x00 (0) > [95] : 0x05 (5) > [96] : 0x15 (21) > [97] : 0x00 (0) > [98] : 0x00 (0) > [99] : 0x00 (0) > [100] : 0xae (174) > [101] : 0x66 (102) > [102] : 0x85 (133) > [103] : 0x50 (80) > [104] : 0xdc (220) > [105] : 0x80 (128) > [106] : 0xb5 (181) > [107] : 0x88 (136) > [108] : 0x63 (99) > [109] : 0xbb (187) > [110] : 0x04 (4) > [111] : 0x8c (140) > [112] : 0x00 (0) > [113] : 0x02 (2) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x00 (0) > [117] : 0x02 (2) > [118] : 0x24 (36) > [119] : 0x00 (0) > [120] : 0x0c (12) > [121] : 0x00 (0) > [122] : 0x0f (15) > [123] : 0x10 (16) > [124] : 0x01 (1) > [125] : 0x05 (5) > [126] : 0x00 (0) > [127] : 0x00 (0) > [128] : 0x00 (0) > [129] : 0x00 (0) > [130] : 0x00 (0) > [131] : 0x05 (5) > [132] : 0x15 (21) > [133] : 0x00 (0) > [134] : 0x00 (0) > [135] : 0x00 (0) > [136] : 0xae (174) > [137] : 0x66 (102) > [138] : 0x85 (133) > [139] : 0x50 (80) > [140] : 0xdc (220) > [141] : 0x80 (128) > [142] : 0xb5 (181) > [143] : 0x88 (136) > [144] : 0x63 (99) > [145] : 0xbb (187) > [146] : 0x04 (4) > [147] : 0x8c (140) > [148] : 0x00 (0) > [149] : 0x02 (2) > [150] : 0x00 (0) > [151] : 0x00 (0) > [152] : 0x00 (0) > [153] : 0x09 (9) > [154] : 0x18 (24) > [155] : 0x00 (0) > [156] : 0x0c (12) > [157] : 0x00 (0) > [158] : 0x0f (15) > [159] : 0x10 (16) > [160] : 0x01 (1) > [161] : 0x02 (2) > [162] : 0x00 (0) > [163] : 0x00 (0) > [164] : 0x00 (0) > [165] : 0x00 (0) > [166] : 0x00 (0) > [167] : 0x05 (5) > [168] : 0x20 (32) > [169] : 0x00 (0) > [170] : 0x00 (0) > [171] : 0x00 (0) > [172] : 0x20 (32) > [173] : 0x02 (2) > [174] : 0x00 (0) > [175] : 0x00 (0) > [176] : 0x00 (0) > [177] : 0x02 (2) > [178] : 0x18 (24) > [179] : 0x00 (0) > [180] : 0x0c (12) > [181] : 0x00 (0) > [182] : 0x0f (15) > [183] : 0x10 (16) > [184] : 0x01 (1) > [185] : 0x02 (2) > [186] : 0x00 (0) > [187] : 0x00 (0) > [188] : 0x00 (0) > [189] : 0x00 (0) > [190] : 0x00 (0) > [191] : 0x05 (5) > [192] : 0x20 (32) > [193] : 0x00 (0) > [194] : 0x00 (0) > [195] : 0x00 (0) > [196] : 0x20 (32) > [197] : 0x02 (2) > [198] : 0x00 (0) > [199] : 0x00 (0) > size : * > size : 0x000000c8 (200) > length : * > length : 0x000000c8 (200) > result : WERR_OK >[2016/11/10 14:51:16.584798, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000010-0000-0000-2458-547b97470000 > enum_index : 0x0000000e (14) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x00000430 (1072) > length : * > length : 0x00000000 (0) >[2016/11/10 14:51:16.584878, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.584903, 8, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer] >[2016/11/10 14:51:16.584914, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x000a (10) > size : 0x0024 (36) > name : * > name : 'Name' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(16) > [0] : 0x70 (112) > [1] : 0x00 (0) > [2] : 0x72 (114) > [3] : 0x00 (0) > [4] : 0x69 (105) > [5] : 0x00 (0) > [6] : 0x6e (110) > [7] : 0x00 (0) > [8] : 0x74 (116) > [9] : 0x00 (0) > [10] : 0x65 (101) > [11] : 0x00 (0) > [12] : 0x72 (114) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > size : * > size : 0x00000010 (16) > length : * > length : 0x00000010 (16) > result : WERR_OK >[2016/11/10 14:51:16.585049, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000010-0000-0000-2458-547b97470000 > enum_index : 0x0000000f (15) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x00000430 (1072) > length : * > length : 0x00000000 (0) >[2016/11/10 14:51:16.585125, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.585152, 8, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer] >[2016/11/10 14:51:16.585163, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0016 (22) > size : 0x0024 (36) > name : * > name : 'Attributes' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x48 (72) > [1] : 0x18 (24) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2016/11/10 14:51:16.585250, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000010-0000-0000-2458-547b97470000 > enum_index : 0x00000010 (16) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x00000430 (1072) > length : * > length : 0x00000000 (0) >[2016/11/10 14:51:16.585325, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.585349, 8, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer] >[2016/11/10 14:51:16.585360, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0020 (32) > size : 0x0024 (36) > name : * > name : 'Default DevMode' > type : * > type : REG_BINARY (3) > value : * > value: ARRAY(1072) > [0] : 0x5c (92) > [1] : 0x00 (0) > [2] : 0x5c (92) > [3] : 0x00 (0) > [4] : 0x31 (49) > [5] : 0x00 (0) > [6] : 0x39 (57) > [7] : 0x00 (0) > [8] : 0x32 (50) > [9] : 0x00 (0) > [10] : 0x2e (46) > [11] : 0x00 (0) > [12] : 0x31 (49) > [13] : 0x00 (0) > [14] : 0x36 (54) > [15] : 0x00 (0) > [16] : 0x38 (56) > [17] : 0x00 (0) > [18] : 0x2e (46) > [19] : 0x00 (0) > [20] : 0x39 (57) > [21] : 0x00 (0) > [22] : 0x30 (48) > [23] : 0x00 (0) > [24] : 0x2e (46) > [25] : 0x00 (0) > [26] : 0x31 (49) > [27] : 0x00 (0) > [28] : 0x33 (51) > [29] : 0x00 (0) > [30] : 0x5c (92) > [31] : 0x00 (0) > [32] : 0x49 (73) > [33] : 0x00 (0) > [34] : 0x53 (83) > [35] : 0x00 (0) > [36] : 0x65 (101) > [37] : 0x00 (0) > [38] : 0x72 (114) > [39] : 0x00 (0) > [40] : 0x76 (118) > [41] : 0x00 (0) > [42] : 0x20 (32) > [43] : 0x00 (0) > [44] : 0x50 (80) > [45] : 0x00 (0) > [46] : 0x72 (114) > [47] : 0x00 (0) > [48] : 0x69 (105) > [49] : 0x00 (0) > [50] : 0x6e (110) > [51] : 0x00 (0) > [52] : 0x74 (116) > [53] : 0x00 (0) > [54] : 0x20 (32) > [55] : 0x00 (0) > [56] : 0x44 (68) > [57] : 0x00 (0) > [58] : 0x72 (114) > [59] : 0x00 (0) > [60] : 0x69 (105) > [61] : 0x00 (0) > [62] : 0x00 (0) > [63] : 0x00 (0) > [64] : 0x01 (1) > [65] : 0x04 (4) > [66] : 0x00 (0) > [67] : 0x06 (6) > [68] : 0xdc (220) > [69] : 0x00 (0) > [70] : 0x54 (84) > [71] : 0x03 (3) > [72] : 0x53 (83) > [73] : 0xef (239) > [74] : 0x81 (129) > [75] : 0x01 (1) > [76] : 0x01 (1) > [77] : 0x00 (0) > [78] : 0x09 (9) > [79] : 0x00 (0) > [80] : 0xea (234) > [81] : 0x0a (10) > [82] : 0x6f (111) > [83] : 0x08 (8) > [84] : 0x64 (100) > [85] : 0x00 (0) > [86] : 0x01 (1) > [87] : 0x00 (0) > [88] : 0x0f (15) > [89] : 0x00 (0) > [90] : 0x58 (88) > [91] : 0x02 (2) > [92] : 0x02 (2) > [93] : 0x00 (0) > [94] : 0x01 (1) > [95] : 0x00 (0) > [96] : 0x58 (88) > [97] : 0x02 (2) > [98] : 0x03 (3) > [99] : 0x00 (0) > [100] : 0x01 (1) > [101] : 0x00 (0) > [102] : 0x41 (65) > [103] : 0x00 (0) > [104] : 0x34 (52) > [105] : 0x00 (0) > [106] : 0x00 (0) > [107] : 0x00 (0) > [108] : 0x00 (0) > [109] : 0x00 (0) > [110] : 0x00 (0) > [111] : 0x00 (0) > [112] : 0x00 (0) > [113] : 0x00 (0) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x00 (0) > [117] : 0x00 (0) > [118] : 0x00 (0) > [119] : 0x00 (0) > [120] : 0x00 (0) > [121] : 0x00 (0) > [122] : 0x00 (0) > [123] : 0x00 (0) > [124] : 0x00 (0) > [125] : 0x00 (0) > [126] : 0x00 (0) > [127] : 0x00 (0) > [128] : 0x00 (0) > [129] : 0x00 (0) > [130] : 0x00 (0) > [131] : 0x00 (0) > [132] : 0x00 (0) > [133] : 0x00 (0) > [134] : 0x00 (0) > [135] : 0x00 (0) > [136] : 0x00 (0) > [137] : 0x00 (0) > [138] : 0x00 (0) > [139] : 0x00 (0) > [140] : 0x00 (0) > [141] : 0x00 (0) > [142] : 0x00 (0) > [143] : 0x00 (0) > [144] : 0x00 (0) > [145] : 0x00 (0) > [146] : 0x00 (0) > [147] : 0x00 (0) > [148] : 0x00 (0) > [149] : 0x00 (0) > [150] : 0x00 (0) > [151] : 0x00 (0) > [152] : 0x00 (0) > [153] : 0x00 (0) > [154] : 0x00 (0) > [155] : 0x00 (0) > [156] : 0x00 (0) > [157] : 0x00 (0) > [158] : 0x00 (0) > [159] : 0x00 (0) > [160] : 0x00 (0) > [161] : 0x00 (0) > [162] : 0x00 (0) > [163] : 0x00 (0) > [164] : 0x00 (0) > [165] : 0x00 (0) > [166] : 0x00 (0) > [167] : 0x00 (0) > [168] : 0x00 (0) > [169] : 0x00 (0) > [170] : 0x00 (0) > [171] : 0x00 (0) > [172] : 0x00 (0) > [173] : 0x00 (0) > [174] : 0x00 (0) > [175] : 0x00 (0) > [176] : 0x00 (0) > [177] : 0x00 (0) > [178] : 0x00 (0) > [179] : 0x00 (0) > [180] : 0x01 (1) > [181] : 0x00 (0) > [182] : 0x00 (0) > [183] : 0x00 (0) > [184] : 0x00 (0) > [185] : 0x00 (0) > [186] : 0x00 (0) > [187] : 0x00 (0) > [188] : 0x01 (1) > [189] : 0x00 (0) > [190] : 0x00 (0) > [191] : 0x00 (0) > [192] : 0x02 (2) > [193] : 0x00 (0) > [194] : 0x00 (0) > [195] : 0x00 (0) > [196] : 0x01 (1) > [197] : 0x00 (0) > [198] : 0x00 (0) > [199] : 0x00 (0) > [200] : 0x00 (0) > [201] : 0x00 (0) > [202] : 0x00 (0) > [203] : 0x00 (0) > [204] : 0x00 (0) > [205] : 0x00 (0) > [206] : 0x00 (0) > [207] : 0x00 (0) > [208] : 0x00 (0) > [209] : 0x00 (0) > [210] : 0x00 (0) > [211] : 0x00 (0) > [212] : 0x00 (0) > [213] : 0x00 (0) > [214] : 0x00 (0) > [215] : 0x00 (0) > [216] : 0x00 (0) > [217] : 0x00 (0) > [218] : 0x00 (0) > [219] : 0x00 (0) > [220] : 0x50 (80) > [221] : 0x52 (82) > [222] : 0x49 (73) > [223] : 0x56 (86) > [224] : 0xe2 (226) > [225] : 0x30 (48) > [226] : 0x00 (0) > [227] : 0x00 (0) > [228] : 0x00 (0) > [229] : 0x00 (0) > [230] : 0x00 (0) > [231] : 0x00 (0) > [232] : 0x00 (0) > [233] : 0x00 (0) > [234] : 0x00 (0) > [235] : 0x00 (0) > [236] : 0x00 (0) > [237] : 0x00 (0) > [238] : 0x00 (0) > [239] : 0x00 (0) > [240] : 0x00 (0) > [241] : 0x00 (0) > [242] : 0x00 (0) > [243] : 0x00 (0) > [244] : 0x00 (0) > [245] : 0x00 (0) > [246] : 0x00 (0) > [247] : 0x00 (0) > [248] : 0x00 (0) > [249] : 0x00 (0) > [250] : 0x00 (0) > [251] : 0x00 (0) > [252] : 0x00 (0) > [253] : 0x00 (0) > [254] : 0x00 (0) > [255] : 0x00 (0) > [256] : 0x00 (0) > [257] : 0x00 (0) > [258] : 0x00 (0) > [259] : 0x00 (0) > [260] : 0x00 (0) > [261] : 0x00 (0) > [262] : 0x00 (0) > [263] : 0x00 (0) > [264] : 0x00 (0) > [265] : 0x00 (0) > [266] : 0x00 (0) > [267] : 0x00 (0) > [268] : 0x00 (0) > [269] : 0x00 (0) > [270] : 0x00 (0) > [271] : 0x00 (0) > [272] : 0x00 (0) > [273] : 0x00 (0) > [274] : 0x00 (0) > [275] : 0x00 (0) > [276] : 0x00 (0) > [277] : 0x00 (0) > [278] : 0x00 (0) > [279] : 0x00 (0) > [280] : 0x00 (0) > [281] : 0x00 (0) > [282] : 0x00 (0) > [283] : 0x00 (0) > [284] : 0x00 (0) > [285] : 0x00 (0) > [286] : 0x00 (0) > [287] : 0x00 (0) > [288] : 0x00 (0) > [289] : 0x00 (0) > [290] : 0x00 (0) > [291] : 0x00 (0) > [292] : 0x00 (0) > [293] : 0x00 (0) > [294] : 0x00 (0) > [295] : 0x00 (0) > [296] : 0x00 (0) > [297] : 0x00 (0) > [298] : 0x00 (0) > [299] : 0x00 (0) > [300] : 0x00 (0) > [301] : 0x00 (0) > [302] : 0x00 (0) > [303] : 0x00 (0) > [304] : 0x00 (0) > [305] : 0x00 (0) > [306] : 0x00 (0) > [307] : 0x00 (0) > [308] : 0x18 (24) > [309] : 0x00 (0) > [310] : 0x00 (0) > [311] : 0x00 (0) > [312] : 0x00 (0) > [313] : 0x00 (0) > [314] : 0x10 (16) > [315] : 0x27 (39) > [316] : 0x10 (16) > [317] : 0x27 (39) > [318] : 0x10 (16) > [319] : 0x27 (39) > [320] : 0x00 (0) > [321] : 0x00 (0) > [322] : 0x10 (16) > [323] : 0x27 (39) > [324] : 0x00 (0) > [325] : 0x00 (0) > [326] : 0x00 (0) > [327] : 0x00 (0) > [328] : 0x00 (0) > [329] : 0x00 (0) > [330] : 0x00 (0) > [331] : 0x00 (0) > [332] : 0x80 (128) > [333] : 0x00 (0) > [334] : 0x54 (84) > [335] : 0x03 (3) > [336] : 0x00 (0) > [337] : 0x00 (0) > [338] : 0x00 (0) > [339] : 0x00 (0) > [340] : 0x00 (0) > [341] : 0x00 (0) > [342] : 0x00 (0) > [343] : 0x00 (0) > [344] : 0x00 (0) > [345] : 0x00 (0) > [346] : 0x00 (0) > [347] : 0x00 (0) > [348] : 0x00 (0) > [349] : 0x00 (0) > [350] : 0x00 (0) > [351] : 0x00 (0) > [352] : 0x00 (0) > [353] : 0x00 (0) > [354] : 0x00 (0) > [355] : 0x00 (0) > [356] : 0x00 (0) > [357] : 0x00 (0) > [358] : 0x00 (0) > [359] : 0x00 (0) > [360] : 0x03 (3) > [361] : 0x00 (0) > [362] : 0x00 (0) > [363] : 0x00 (0) > [364] : 0x00 (0) > [365] : 0x00 (0) > [366] : 0x00 (0) > [367] : 0x00 (0) > [368] : 0x00 (0) > [369] : 0x00 (0) > [370] : 0x10 (16) > [371] : 0x00 (0) > [372] : 0x50 (80) > [373] : 0x34 (52) > [374] : 0x03 (3) > [375] : 0x00 (0) > [376] : 0x28 (40) > [377] : 0x88 (136) > [378] : 0x04 (4) > [379] : 0x00 (0) > [380] : 0x00 (0) > [381] : 0x00 (0) > [382] : 0x00 (0) > [383] : 0x00 (0) > [384] : 0x00 (0) > [385] : 0x00 (0) > [386] : 0x00 (0) > [387] : 0x00 (0) > [388] : 0x00 (0) > [389] : 0x00 (0) > [390] : 0x01 (1) > [391] : 0x00 (0) > [392] : 0x00 (0) > [393] : 0x00 (0) > [394] : 0x00 (0) > [395] : 0x00 (0) > [396] : 0x00 (0) > [397] : 0x00 (0) > [398] : 0x00 (0) > [399] : 0x00 (0) > [400] : 0x00 (0) > [401] : 0x00 (0) > [402] : 0x00 (0) > [403] : 0x00 (0) > [404] : 0x00 (0) > [405] : 0x00 (0) > [406] : 0x00 (0) > [407] : 0x00 (0) > [408] : 0x24 (36) > [409] : 0x01 (1) > [410] : 0xdf (223) > [411] : 0x8c (140) > [412] : 0x03 (3) > [413] : 0x00 (0) > [414] : 0x00 (0) > [415] : 0x00 (0) > [416] : 0x05 (5) > [417] : 0x00 (0) > [418] : 0x0b (11) > [419] : 0x00 (0) > [420] : 0xff (255) > [421] : 0x00 (0) > [422] : 0x00 (0) > [423] : 0x00 (0) > [424] : 0x00 (0) > [425] : 0x00 (0) > [426] : 0x00 (0) > [427] : 0x00 (0) > [428] : 0x00 (0) > [429] : 0x00 (0) > [430] : 0x00 (0) > [431] : 0x00 (0) > [432] : 0x00 (0) > [433] : 0x00 (0) > [434] : 0x00 (0) > [435] : 0x00 (0) > [436] : 0x00 (0) > [437] : 0x00 (0) > [438] : 0x00 (0) > [439] : 0x00 (0) > [440] : 0x00 (0) > [441] : 0x00 (0) > [442] : 0x00 (0) > [443] : 0x00 (0) > [444] : 0x00 (0) > [445] : 0x00 (0) > [446] : 0x00 (0) > [447] : 0x00 (0) > [448] : 0x00 (0) > [449] : 0x00 (0) > [450] : 0x00 (0) > [451] : 0x00 (0) > [452] : 0x00 (0) > [453] : 0x00 (0) > [454] : 0x00 (0) > [455] : 0x00 (0) > [456] : 0x00 (0) > [457] : 0x00 (0) > [458] : 0x00 (0) > [459] : 0x00 (0) > [460] : 0x00 (0) > [461] : 0x00 (0) > [462] : 0x00 (0) > [463] : 0x00 (0) > [464] : 0x00 (0) > [465] : 0x00 (0) > [466] : 0x00 (0) > [467] : 0x00 (0) > [468] : 0x00 (0) > [469] : 0x00 (0) > [470] : 0x00 (0) > [471] : 0x00 (0) > [472] : 0x00 (0) > [473] : 0x00 (0) > [474] : 0x00 (0) > [475] : 0x00 (0) > [476] : 0x00 (0) > [477] : 0x00 (0) > [478] : 0x00 (0) > [479] : 0x00 (0) > [480] : 0x00 (0) > [481] : 0x00 (0) > [482] : 0x00 (0) > [483] : 0x00 (0) > [484] : 0x00 (0) > [485] : 0x00 (0) > [486] : 0x00 (0) > [487] : 0x00 (0) > [488] : 0x00 (0) > [489] : 0x00 (0) > [490] : 0x00 (0) > [491] : 0x00 (0) > [492] : 0x00 (0) > [493] : 0x00 (0) > [494] : 0x00 (0) > [495] : 0x00 (0) > [496] : 0x00 (0) > [497] : 0x00 (0) > [498] : 0x00 (0) > [499] : 0x00 (0) > [500] : 0x00 (0) > [501] : 0x00 (0) > [502] : 0x00 (0) > [503] : 0x00 (0) > [504] : 0x00 (0) > [505] : 0x00 (0) > [506] : 0x00 (0) > [507] : 0x00 (0) > [508] : 0x00 (0) > [509] : 0x00 (0) > [510] : 0x00 (0) > [511] : 0x00 (0) > [512] : 0x00 (0) > [513] : 0x00 (0) > [514] : 0x00 (0) > [515] : 0x00 (0) > [516] : 0x00 (0) > [517] : 0x00 (0) > [518] : 0x00 (0) > [519] : 0x00 (0) > [520] : 0x00 (0) > [521] : 0x00 (0) > [522] : 0x00 (0) > [523] : 0x00 (0) > [524] : 0x00 (0) > [525] : 0x00 (0) > [526] : 0x00 (0) > [527] : 0x00 (0) > [528] : 0x00 (0) > [529] : 0x00 (0) > [530] : 0x00 (0) > [531] : 0x00 (0) > [532] : 0x00 (0) > [533] : 0x00 (0) > [534] : 0x00 (0) > [535] : 0x00 (0) > [536] : 0x00 (0) > [537] : 0x00 (0) > [538] : 0x00 (0) > [539] : 0x00 (0) > [540] : 0x00 (0) > [541] : 0x00 (0) > [542] : 0x00 (0) > [543] : 0x00 (0) > [544] : 0x00 (0) > [545] : 0x00 (0) > [546] : 0x00 (0) > [547] : 0x00 (0) > [548] : 0x00 (0) > [549] : 0x00 (0) > [550] : 0x00 (0) > [551] : 0x00 (0) > [552] : 0x00 (0) > [553] : 0x00 (0) > [554] : 0x00 (0) > [555] : 0x00 (0) > [556] : 0x00 (0) > [557] : 0x00 (0) > [558] : 0x00 (0) > [559] : 0x00 (0) > [560] : 0x00 (0) > [561] : 0x00 (0) > [562] : 0x00 (0) > [563] : 0x00 (0) > [564] : 0x00 (0) > [565] : 0x00 (0) > [566] : 0x00 (0) > [567] : 0x00 (0) > [568] : 0x00 (0) > [569] : 0x00 (0) > [570] : 0x00 (0) > [571] : 0x00 (0) > [572] : 0x00 (0) > [573] : 0x00 (0) > [574] : 0x00 (0) > [575] : 0x00 (0) > [576] : 0x00 (0) > [577] : 0x00 (0) > [578] : 0x00 (0) > [579] : 0x00 (0) > [580] : 0x00 (0) > [581] : 0x00 (0) > [582] : 0x00 (0) > [583] : 0x00 (0) > [584] : 0x00 (0) > [585] : 0x00 (0) > [586] : 0x00 (0) > [587] : 0x00 (0) > [588] : 0x00 (0) > [589] : 0x00 (0) > [590] : 0x00 (0) > [591] : 0x00 (0) > [592] : 0x00 (0) > [593] : 0x00 (0) > [594] : 0x00 (0) > [595] : 0x00 (0) > [596] : 0x00 (0) > [597] : 0x00 (0) > [598] : 0x00 (0) > [599] : 0x00 (0) > [600] : 0x00 (0) > [601] : 0x00 (0) > [602] : 0x00 (0) > [603] : 0x00 (0) > [604] : 0x00 (0) > [605] : 0x00 (0) > [606] : 0x00 (0) > [607] : 0x00 (0) > [608] : 0x00 (0) > [609] : 0x00 (0) > [610] : 0x00 (0) > [611] : 0x00 (0) > [612] : 0x00 (0) > [613] : 0x00 (0) > [614] : 0x00 (0) > [615] : 0x00 (0) > [616] : 0x00 (0) > [617] : 0x00 (0) > [618] : 0x00 (0) > [619] : 0x00 (0) > [620] : 0x00 (0) > [621] : 0x00 (0) > [622] : 0x00 (0) > [623] : 0x00 (0) > [624] : 0x00 (0) > [625] : 0x00 (0) > [626] : 0x00 (0) > [627] : 0x00 (0) > [628] : 0x00 (0) > [629] : 0x00 (0) > [630] : 0x00 (0) > [631] : 0x00 (0) > [632] : 0x00 (0) > [633] : 0x00 (0) > [634] : 0x00 (0) > [635] : 0x00 (0) > [636] : 0x00 (0) > [637] : 0x00 (0) > [638] : 0x00 (0) > [639] : 0x00 (0) > [640] : 0x00 (0) > [641] : 0x00 (0) > [642] : 0x00 (0) > [643] : 0x00 (0) > [644] : 0x00 (0) > [645] : 0x00 (0) > [646] : 0x00 (0) > [647] : 0x00 (0) > [648] : 0x00 (0) > [649] : 0x00 (0) > [650] : 0x00 (0) > [651] : 0x00 (0) > [652] : 0x00 (0) > [653] : 0x00 (0) > [654] : 0x00 (0) > [655] : 0x00 (0) > [656] : 0x00 (0) > [657] : 0x00 (0) > [658] : 0x00 (0) > [659] : 0x00 (0) > [660] : 0x00 (0) > [661] : 0x00 (0) > [662] : 0x00 (0) > [663] : 0x00 (0) > [664] : 0x00 (0) > [665] : 0x00 (0) > [666] : 0x00 (0) > [667] : 0x00 (0) > [668] : 0x00 (0) > [669] : 0x00 (0) > [670] : 0x00 (0) > [671] : 0x00 (0) > [672] : 0x00 (0) > [673] : 0x00 (0) > [674] : 0x00 (0) > [675] : 0x00 (0) > [676] : 0x00 (0) > [677] : 0x00 (0) > [678] : 0x00 (0) > [679] : 0x00 (0) > [680] : 0x00 (0) > [681] : 0x00 (0) > [682] : 0x00 (0) > [683] : 0x00 (0) > [684] : 0x00 (0) > [685] : 0x00 (0) > [686] : 0x00 (0) > [687] : 0x00 (0) > [688] : 0x00 (0) > [689] : 0x00 (0) > [690] : 0x00 (0) > [691] : 0x00 (0) > [692] : 0x00 (0) > [693] : 0x00 (0) > [694] : 0x00 (0) > [695] : 0x00 (0) > [696] : 0x00 (0) > [697] : 0x00 (0) > [698] : 0x00 (0) > [699] : 0x00 (0) > [700] : 0x00 (0) > [701] : 0x00 (0) > [702] : 0x00 (0) > [703] : 0x00 (0) > [704] : 0x00 (0) > [705] : 0x00 (0) > [706] : 0x00 (0) > [707] : 0x00 (0) > [708] : 0x00 (0) > [709] : 0x00 (0) > [710] : 0x00 (0) > [711] : 0x00 (0) > [712] : 0x00 (0) > [713] : 0x00 (0) > [714] : 0x00 (0) > [715] : 0x00 (0) > [716] : 0x00 (0) > [717] : 0x00 (0) > [718] : 0x00 (0) > [719] : 0x00 (0) > [720] : 0x00 (0) > [721] : 0x00 (0) > [722] : 0x00 (0) > [723] : 0x00 (0) > [724] : 0x00 (0) > [725] : 0x00 (0) > [726] : 0x00 (0) > [727] : 0x00 (0) > [728] : 0x00 (0) > [729] : 0x00 (0) > [730] : 0x00 (0) > [731] : 0x00 (0) > [732] : 0x00 (0) > [733] : 0x00 (0) > [734] : 0x00 (0) > [735] : 0x00 (0) > [736] : 0x00 (0) > [737] : 0x00 (0) > [738] : 0x00 (0) > [739] : 0x00 (0) > [740] : 0x00 (0) > [741] : 0x00 (0) > [742] : 0x00 (0) > [743] : 0x00 (0) > [744] : 0x00 (0) > [745] : 0x00 (0) > [746] : 0x00 (0) > [747] : 0x00 (0) > [748] : 0x00 (0) > [749] : 0x00 (0) > [750] : 0x00 (0) > [751] : 0x00 (0) > [752] : 0x00 (0) > [753] : 0x00 (0) > [754] : 0x00 (0) > [755] : 0x00 (0) > [756] : 0x00 (0) > [757] : 0x00 (0) > [758] : 0x00 (0) > [759] : 0x00 (0) > [760] : 0x00 (0) > [761] : 0x00 (0) > [762] : 0x00 (0) > [763] : 0x00 (0) > [764] : 0x00 (0) > [765] : 0x00 (0) > [766] : 0x00 (0) > [767] : 0x00 (0) > [768] : 0x00 (0) > [769] : 0x00 (0) > [770] : 0x00 (0) > [771] : 0x00 (0) > [772] : 0x00 (0) > [773] : 0x00 (0) > [774] : 0x00 (0) > [775] : 0x00 (0) > [776] : 0x00 (0) > [777] : 0x00 (0) > [778] : 0x00 (0) > [779] : 0x00 (0) > [780] : 0x00 (0) > [781] : 0x00 (0) > [782] : 0x00 (0) > [783] : 0x00 (0) > [784] : 0x00 (0) > [785] : 0x00 (0) > [786] : 0x00 (0) > [787] : 0x00 (0) > [788] : 0x00 (0) > [789] : 0x00 (0) > [790] : 0x00 (0) > [791] : 0x00 (0) > [792] : 0x00 (0) > [793] : 0x00 (0) > [794] : 0x00 (0) > [795] : 0x00 (0) > [796] : 0x00 (0) > [797] : 0x00 (0) > [798] : 0x00 (0) > [799] : 0x00 (0) > [800] : 0x00 (0) > [801] : 0x00 (0) > [802] : 0x00 (0) > [803] : 0x00 (0) > [804] : 0x00 (0) > [805] : 0x00 (0) > [806] : 0x00 (0) > [807] : 0x00 (0) > [808] : 0x00 (0) > [809] : 0x00 (0) > [810] : 0x00 (0) > [811] : 0x00 (0) > [812] : 0x00 (0) > [813] : 0x00 (0) > [814] : 0x00 (0) > [815] : 0x00 (0) > [816] : 0x00 (0) > [817] : 0x00 (0) > [818] : 0x00 (0) > [819] : 0x00 (0) > [820] : 0x00 (0) > [821] : 0x00 (0) > [822] : 0x00 (0) > [823] : 0x00 (0) > [824] : 0x00 (0) > [825] : 0x00 (0) > [826] : 0x00 (0) > [827] : 0x00 (0) > [828] : 0x00 (0) > [829] : 0x00 (0) > [830] : 0x00 (0) > [831] : 0x00 (0) > [832] : 0x00 (0) > [833] : 0x00 (0) > [834] : 0x00 (0) > [835] : 0x00 (0) > [836] : 0x00 (0) > [837] : 0x00 (0) > [838] : 0x00 (0) > [839] : 0x00 (0) > [840] : 0x00 (0) > [841] : 0x00 (0) > [842] : 0x00 (0) > [843] : 0x00 (0) > [844] : 0x00 (0) > [845] : 0x00 (0) > [846] : 0x00 (0) > [847] : 0x00 (0) > [848] : 0x00 (0) > [849] : 0x00 (0) > [850] : 0x00 (0) > [851] : 0x00 (0) > [852] : 0x00 (0) > [853] : 0x00 (0) > [854] : 0x00 (0) > [855] : 0x00 (0) > [856] : 0x00 (0) > [857] : 0x00 (0) > [858] : 0x00 (0) > [859] : 0x00 (0) > [860] : 0x00 (0) > [861] : 0x00 (0) > [862] : 0x00 (0) > [863] : 0x00 (0) > [864] : 0x00 (0) > [865] : 0x00 (0) > [866] : 0x00 (0) > [867] : 0x00 (0) > [868] : 0x00 (0) > [869] : 0x00 (0) > [870] : 0x00 (0) > [871] : 0x00 (0) > [872] : 0x00 (0) > [873] : 0x00 (0) > [874] : 0x00 (0) > [875] : 0x00 (0) > [876] : 0x00 (0) > [877] : 0x00 (0) > [878] : 0x00 (0) > [879] : 0x00 (0) > [880] : 0x00 (0) > [881] : 0x00 (0) > [882] : 0x00 (0) > [883] : 0x00 (0) > [884] : 0x00 (0) > [885] : 0x00 (0) > [886] : 0x00 (0) > [887] : 0x00 (0) > [888] : 0x00 (0) > [889] : 0x00 (0) > [890] : 0x00 (0) > [891] : 0x00 (0) > [892] : 0x00 (0) > [893] : 0x00 (0) > [894] : 0x00 (0) > [895] : 0x00 (0) > [896] : 0x00 (0) > [897] : 0x00 (0) > [898] : 0x00 (0) > [899] : 0x00 (0) > [900] : 0x00 (0) > [901] : 0x00 (0) > [902] : 0x00 (0) > [903] : 0x00 (0) > [904] : 0x00 (0) > [905] : 0x00 (0) > [906] : 0x00 (0) > [907] : 0x00 (0) > [908] : 0x00 (0) > [909] : 0x00 (0) > [910] : 0x00 (0) > [911] : 0x00 (0) > [912] : 0x00 (0) > [913] : 0x00 (0) > [914] : 0x00 (0) > [915] : 0x00 (0) > [916] : 0x00 (0) > [917] : 0x00 (0) > [918] : 0x00 (0) > [919] : 0x00 (0) > [920] : 0x00 (0) > [921] : 0x00 (0) > [922] : 0x00 (0) > [923] : 0x00 (0) > [924] : 0x00 (0) > [925] : 0x00 (0) > [926] : 0x00 (0) > [927] : 0x00 (0) > [928] : 0x01 (1) > [929] : 0x00 (0) > [930] : 0x00 (0) > [931] : 0x00 (0) > [932] : 0x00 (0) > [933] : 0x00 (0) > [934] : 0x00 (0) > [935] : 0x00 (0) > [936] : 0x00 (0) > [937] : 0x00 (0) > [938] : 0x00 (0) > [939] : 0x00 (0) > [940] : 0x00 (0) > [941] : 0x00 (0) > [942] : 0x00 (0) > [943] : 0x00 (0) > [944] : 0x80 (128) > [945] : 0x00 (0) > [946] : 0x00 (0) > [947] : 0x00 (0) > [948] : 0x53 (83) > [949] : 0x4d (77) > [950] : 0x54 (84) > [951] : 0x4a (74) > [952] : 0x00 (0) > [953] : 0x00 (0) > [954] : 0x00 (0) > [955] : 0x00 (0) > [956] : 0x10 (16) > [957] : 0x00 (0) > [958] : 0x70 (112) > [959] : 0x00 (0) > [960] : 0x49 (73) > [961] : 0x00 (0) > [962] : 0x53 (83) > [963] : 0x00 (0) > [964] : 0x65 (101) > [965] : 0x00 (0) > [966] : 0x72 (114) > [967] : 0x00 (0) > [968] : 0x76 (118) > [969] : 0x00 (0) > [970] : 0x20 (32) > [971] : 0x00 (0) > [972] : 0x50 (80) > [973] : 0x00 (0) > [974] : 0x72 (114) > [975] : 0x00 (0) > [976] : 0x69 (105) > [977] : 0x00 (0) > [978] : 0x6e (110) > [979] : 0x00 (0) > [980] : 0x74 (116) > [981] : 0x00 (0) > [982] : 0x20 (32) > [983] : 0x00 (0) > [984] : 0x44 (68) > [985] : 0x00 (0) > [986] : 0x72 (114) > [987] : 0x00 (0) > [988] : 0x69 (105) > [989] : 0x00 (0) > [990] : 0x76 (118) > [991] : 0x00 (0) > [992] : 0x65 (101) > [993] : 0x00 (0) > [994] : 0x72 (114) > [995] : 0x00 (0) > [996] : 0x00 (0) > [997] : 0x00 (0) > [998] : 0x52 (82) > [999] : 0x65 (101) > [1000] : 0x73 (115) > [1001] : 0x6f (111) > [1002] : 0x6c (108) > [1003] : 0x75 (117) > [1004] : 0x74 (116) > [1005] : 0x69 (105) > [1006] : 0x6f (111) > [1007] : 0x6e (110) > [1008] : 0x00 (0) > [1009] : 0x36 (54) > [1010] : 0x30 (48) > [1011] : 0x30 (48) > [1012] : 0x64 (100) > [1013] : 0x70 (112) > [1014] : 0x69 (105) > [1015] : 0x00 (0) > [1016] : 0x50 (80) > [1017] : 0x61 (97) > [1018] : 0x67 (103) > [1019] : 0x65 (101) > [1020] : 0x53 (83) > [1021] : 0x69 (105) > [1022] : 0x7a (122) > [1023] : 0x65 (101) > [1024] : 0x00 (0) > [1025] : 0x41 (65) > [1026] : 0x34 (52) > [1027] : 0x00 (0) > [1028] : 0x50 (80) > [1029] : 0x61 (97) > [1030] : 0x67 (103) > [1031] : 0x65 (101) > [1032] : 0x52 (82) > [1033] : 0x65 (101) > [1034] : 0x67 (103) > [1035] : 0x69 (105) > [1036] : 0x6f (111) > [1037] : 0x6e (110) > [1038] : 0x00 (0) > [1039] : 0x00 (0) > [1040] : 0x00 (0) > [1041] : 0x00 (0) > [1042] : 0x00 (0) > [1043] : 0x00 (0) > [1044] : 0x00 (0) > [1045] : 0x00 (0) > [1046] : 0x00 (0) > [1047] : 0x00 (0) > [1048] : 0x00 (0) > [1049] : 0x00 (0) > [1050] : 0x00 (0) > [1051] : 0x00 (0) > [1052] : 0x00 (0) > [1053] : 0x00 (0) > [1054] : 0x00 (0) > [1055] : 0x00 (0) > [1056] : 0x00 (0) > [1057] : 0x00 (0) > [1058] : 0x00 (0) > [1059] : 0x00 (0) > [1060] : 0x00 (0) > [1061] : 0x00 (0) > [1062] : 0x00 (0) > [1063] : 0x00 (0) > [1064] : 0x00 (0) > [1065] : 0x00 (0) > [1066] : 0x00 (0) > [1067] : 0x00 (0) > [1068] : 0x00 (0) > [1069] : 0x00 (0) > [1070] : 0x00 (0) > [1071] : 0x00 (0) > size : * > size : 0x00000430 (1072) > length : * > length : 0x00000430 (1072) > result : WERR_OK >[2016/11/10 14:51:16.588999, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000010-0000-0000-2458-547b97470000 > enum_index : 0x00000011 (17) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x00000430 (1072) > length : * > length : 0x00000000 (0) >[2016/11/10 14:51:16.589078, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.589103, 8, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer] >[2016/11/10 14:51:16.589114, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x001e (30) > size : 0x0024 (36) > name : * > name : 'Printer Driver' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(38) > [0] : 0x49 (73) > [1] : 0x00 (0) > [2] : 0x53 (83) > [3] : 0x00 (0) > [4] : 0x65 (101) > [5] : 0x00 (0) > [6] : 0x72 (114) > [7] : 0x00 (0) > [8] : 0x76 (118) > [9] : 0x00 (0) > [10] : 0x20 (32) > [11] : 0x00 (0) > [12] : 0x50 (80) > [13] : 0x00 (0) > [14] : 0x72 (114) > [15] : 0x00 (0) > [16] : 0x69 (105) > [17] : 0x00 (0) > [18] : 0x6e (110) > [19] : 0x00 (0) > [20] : 0x74 (116) > [21] : 0x00 (0) > [22] : 0x20 (32) > [23] : 0x00 (0) > [24] : 0x44 (68) > [25] : 0x00 (0) > [26] : 0x72 (114) > [27] : 0x00 (0) > [28] : 0x69 (105) > [29] : 0x00 (0) > [30] : 0x76 (118) > [31] : 0x00 (0) > [32] : 0x65 (101) > [33] : 0x00 (0) > [34] : 0x72 (114) > [35] : 0x00 (0) > [36] : 0x00 (0) > [37] : 0x00 (0) > size : * > size : 0x00000026 (38) > length : * > length : 0x00000026 (38) > result : WERR_OK >[2016/11/10 14:51:16.589317, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000010-0000-0000-2458-547b97470000 > enum_index : 0x00000012 (18) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x00000430 (1072) > length : * > length : 0x00000000 (0) >[2016/11/10 14:51:16.589393, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.589418, 8, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer] >[2016/11/10 14:51:16.589431, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'ChangeID' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x7f (127) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2016/11/10 14:51:16.589538, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000010-0000-0000-2458-547b97470000 > value_name : * > value_name: struct winreg_String > name_len : 0x0020 (32) > name_size : 0x0020 (32) > name : * > name : 'Default DevMode' > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) >[2016/11/10 14:51:16.589608, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.589632, 7, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer] >[2016/11/10 14:51:16.589641, 7, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2016/11/10 14:51:16.589655, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : NULL > data_size : * > data_size : 0x00000430 (1072) > data_length : * > data_length : 0x00000000 (0) > result : WERR_OK >[2016/11/10 14:51:16.589701, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000010-0000-0000-2458-547b97470000 > value_name : * > value_name: struct winreg_String > name_len : 0x0020 (32) > name_size : 0x0020 (32) > name : * > name : 'Default DevMode' > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(0) > data_size : * > data_size : 0x00000430 (1072) > data_length : * > data_length : 0x00000000 (0) >[2016/11/10 14:51:16.589775, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.589800, 7, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer] >[2016/11/10 14:51:16.589813, 7, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2016/11/10 14:51:16.589830, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(1072) > [0] : 0x5c (92) > [1] : 0x00 (0) > [2] : 0x5c (92) > [3] : 0x00 (0) > [4] : 0x31 (49) > [5] : 0x00 (0) > [6] : 0x39 (57) > [7] : 0x00 (0) > [8] : 0x32 (50) > [9] : 0x00 (0) > [10] : 0x2e (46) > [11] : 0x00 (0) > [12] : 0x31 (49) > [13] : 0x00 (0) > [14] : 0x36 (54) > [15] : 0x00 (0) > [16] : 0x38 (56) > [17] : 0x00 (0) > [18] : 0x2e (46) > [19] : 0x00 (0) > [20] : 0x39 (57) > [21] : 0x00 (0) > [22] : 0x30 (48) > [23] : 0x00 (0) > [24] : 0x2e (46) > [25] : 0x00 (0) > [26] : 0x31 (49) > [27] : 0x00 (0) > [28] : 0x33 (51) > [29] : 0x00 (0) > [30] : 0x5c (92) > [31] : 0x00 (0) > [32] : 0x49 (73) > [33] : 0x00 (0) > [34] : 0x53 (83) > [35] : 0x00 (0) > [36] : 0x65 (101) > [37] : 0x00 (0) > [38] : 0x72 (114) > [39] : 0x00 (0) > [40] : 0x76 (118) > [41] : 0x00 (0) > [42] : 0x20 (32) > [43] : 0x00 (0) > [44] : 0x50 (80) > [45] : 0x00 (0) > [46] : 0x72 (114) > [47] : 0x00 (0) > [48] : 0x69 (105) > [49] : 0x00 (0) > [50] : 0x6e (110) > [51] : 0x00 (0) > [52] : 0x74 (116) > [53] : 0x00 (0) > [54] : 0x20 (32) > [55] : 0x00 (0) > [56] : 0x44 (68) > [57] : 0x00 (0) > [58] : 0x72 (114) > [59] : 0x00 (0) > [60] : 0x69 (105) > [61] : 0x00 (0) > [62] : 0x00 (0) > [63] : 0x00 (0) > [64] : 0x01 (1) > [65] : 0x04 (4) > [66] : 0x00 (0) > [67] : 0x06 (6) > [68] : 0xdc (220) > [69] : 0x00 (0) > [70] : 0x54 (84) > [71] : 0x03 (3) > [72] : 0x53 (83) > [73] : 0xef (239) > [74] : 0x81 (129) > [75] : 0x01 (1) > [76] : 0x01 (1) > [77] : 0x00 (0) > [78] : 0x09 (9) > [79] : 0x00 (0) > [80] : 0xea (234) > [81] : 0x0a (10) > [82] : 0x6f (111) > [83] : 0x08 (8) > [84] : 0x64 (100) > [85] : 0x00 (0) > [86] : 0x01 (1) > [87] : 0x00 (0) > [88] : 0x0f (15) > [89] : 0x00 (0) > [90] : 0x58 (88) > [91] : 0x02 (2) > [92] : 0x02 (2) > [93] : 0x00 (0) > [94] : 0x01 (1) > [95] : 0x00 (0) > [96] : 0x58 (88) > [97] : 0x02 (2) > [98] : 0x03 (3) > [99] : 0x00 (0) > [100] : 0x01 (1) > [101] : 0x00 (0) > [102] : 0x41 (65) > [103] : 0x00 (0) > [104] : 0x34 (52) > [105] : 0x00 (0) > [106] : 0x00 (0) > [107] : 0x00 (0) > [108] : 0x00 (0) > [109] : 0x00 (0) > [110] : 0x00 (0) > [111] : 0x00 (0) > [112] : 0x00 (0) > [113] : 0x00 (0) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x00 (0) > [117] : 0x00 (0) > [118] : 0x00 (0) > [119] : 0x00 (0) > [120] : 0x00 (0) > [121] : 0x00 (0) > [122] : 0x00 (0) > [123] : 0x00 (0) > [124] : 0x00 (0) > [125] : 0x00 (0) > [126] : 0x00 (0) > [127] : 0x00 (0) > [128] : 0x00 (0) > [129] : 0x00 (0) > [130] : 0x00 (0) > [131] : 0x00 (0) > [132] : 0x00 (0) > [133] : 0x00 (0) > [134] : 0x00 (0) > [135] : 0x00 (0) > [136] : 0x00 (0) > [137] : 0x00 (0) > [138] : 0x00 (0) > [139] : 0x00 (0) > [140] : 0x00 (0) > [141] : 0x00 (0) > [142] : 0x00 (0) > [143] : 0x00 (0) > [144] : 0x00 (0) > [145] : 0x00 (0) > [146] : 0x00 (0) > [147] : 0x00 (0) > [148] : 0x00 (0) > [149] : 0x00 (0) > [150] : 0x00 (0) > [151] : 0x00 (0) > [152] : 0x00 (0) > [153] : 0x00 (0) > [154] : 0x00 (0) > [155] : 0x00 (0) > [156] : 0x00 (0) > [157] : 0x00 (0) > [158] : 0x00 (0) > [159] : 0x00 (0) > [160] : 0x00 (0) > [161] : 0x00 (0) > [162] : 0x00 (0) > [163] : 0x00 (0) > [164] : 0x00 (0) > [165] : 0x00 (0) > [166] : 0x00 (0) > [167] : 0x00 (0) > [168] : 0x00 (0) > [169] : 0x00 (0) > [170] : 0x00 (0) > [171] : 0x00 (0) > [172] : 0x00 (0) > [173] : 0x00 (0) > [174] : 0x00 (0) > [175] : 0x00 (0) > [176] : 0x00 (0) > [177] : 0x00 (0) > [178] : 0x00 (0) > [179] : 0x00 (0) > [180] : 0x01 (1) > [181] : 0x00 (0) > [182] : 0x00 (0) > [183] : 0x00 (0) > [184] : 0x00 (0) > [185] : 0x00 (0) > [186] : 0x00 (0) > [187] : 0x00 (0) > [188] : 0x01 (1) > [189] : 0x00 (0) > [190] : 0x00 (0) > [191] : 0x00 (0) > [192] : 0x02 (2) > [193] : 0x00 (0) > [194] : 0x00 (0) > [195] : 0x00 (0) > [196] : 0x01 (1) > [197] : 0x00 (0) > [198] : 0x00 (0) > [199] : 0x00 (0) > [200] : 0x00 (0) > [201] : 0x00 (0) > [202] : 0x00 (0) > [203] : 0x00 (0) > [204] : 0x00 (0) > [205] : 0x00 (0) > [206] : 0x00 (0) > [207] : 0x00 (0) > [208] : 0x00 (0) > [209] : 0x00 (0) > [210] : 0x00 (0) > [211] : 0x00 (0) > [212] : 0x00 (0) > [213] : 0x00 (0) > [214] : 0x00 (0) > [215] : 0x00 (0) > [216] : 0x00 (0) > [217] : 0x00 (0) > [218] : 0x00 (0) > [219] : 0x00 (0) > [220] : 0x50 (80) > [221] : 0x52 (82) > [222] : 0x49 (73) > [223] : 0x56 (86) > [224] : 0xe2 (226) > [225] : 0x30 (48) > [226] : 0x00 (0) > [227] : 0x00 (0) > [228] : 0x00 (0) > [229] : 0x00 (0) > [230] : 0x00 (0) > [231] : 0x00 (0) > [232] : 0x00 (0) > [233] : 0x00 (0) > [234] : 0x00 (0) > [235] : 0x00 (0) > [236] : 0x00 (0) > [237] : 0x00 (0) > [238] : 0x00 (0) > [239] : 0x00 (0) > [240] : 0x00 (0) > [241] : 0x00 (0) > [242] : 0x00 (0) > [243] : 0x00 (0) > [244] : 0x00 (0) > [245] : 0x00 (0) > [246] : 0x00 (0) > [247] : 0x00 (0) > [248] : 0x00 (0) > [249] : 0x00 (0) > [250] : 0x00 (0) > [251] : 0x00 (0) > [252] : 0x00 (0) > [253] : 0x00 (0) > [254] : 0x00 (0) > [255] : 0x00 (0) > [256] : 0x00 (0) > [257] : 0x00 (0) > [258] : 0x00 (0) > [259] : 0x00 (0) > [260] : 0x00 (0) > [261] : 0x00 (0) > [262] : 0x00 (0) > [263] : 0x00 (0) > [264] : 0x00 (0) > [265] : 0x00 (0) > [266] : 0x00 (0) > [267] : 0x00 (0) > [268] : 0x00 (0) > [269] : 0x00 (0) > [270] : 0x00 (0) > [271] : 0x00 (0) > [272] : 0x00 (0) > [273] : 0x00 (0) > [274] : 0x00 (0) > [275] : 0x00 (0) > [276] : 0x00 (0) > [277] : 0x00 (0) > [278] : 0x00 (0) > [279] : 0x00 (0) > [280] : 0x00 (0) > [281] : 0x00 (0) > [282] : 0x00 (0) > [283] : 0x00 (0) > [284] : 0x00 (0) > [285] : 0x00 (0) > [286] : 0x00 (0) > [287] : 0x00 (0) > [288] : 0x00 (0) > [289] : 0x00 (0) > [290] : 0x00 (0) > [291] : 0x00 (0) > [292] : 0x00 (0) > [293] : 0x00 (0) > [294] : 0x00 (0) > [295] : 0x00 (0) > [296] : 0x00 (0) > [297] : 0x00 (0) > [298] : 0x00 (0) > [299] : 0x00 (0) > [300] : 0x00 (0) > [301] : 0x00 (0) > [302] : 0x00 (0) > [303] : 0x00 (0) > [304] : 0x00 (0) > [305] : 0x00 (0) > [306] : 0x00 (0) > [307] : 0x00 (0) > [308] : 0x18 (24) > [309] : 0x00 (0) > [310] : 0x00 (0) > [311] : 0x00 (0) > [312] : 0x00 (0) > [313] : 0x00 (0) > [314] : 0x10 (16) > [315] : 0x27 (39) > [316] : 0x10 (16) > [317] : 0x27 (39) > [318] : 0x10 (16) > [319] : 0x27 (39) > [320] : 0x00 (0) > [321] : 0x00 (0) > [322] : 0x10 (16) > [323] : 0x27 (39) > [324] : 0x00 (0) > [325] : 0x00 (0) > [326] : 0x00 (0) > [327] : 0x00 (0) > [328] : 0x00 (0) > [329] : 0x00 (0) > [330] : 0x00 (0) > [331] : 0x00 (0) > [332] : 0x80 (128) > [333] : 0x00 (0) > [334] : 0x54 (84) > [335] : 0x03 (3) > [336] : 0x00 (0) > [337] : 0x00 (0) > [338] : 0x00 (0) > [339] : 0x00 (0) > [340] : 0x00 (0) > [341] : 0x00 (0) > [342] : 0x00 (0) > [343] : 0x00 (0) > [344] : 0x00 (0) > [345] : 0x00 (0) > [346] : 0x00 (0) > [347] : 0x00 (0) > [348] : 0x00 (0) > [349] : 0x00 (0) > [350] : 0x00 (0) > [351] : 0x00 (0) > [352] : 0x00 (0) > [353] : 0x00 (0) > [354] : 0x00 (0) > [355] : 0x00 (0) > [356] : 0x00 (0) > [357] : 0x00 (0) > [358] : 0x00 (0) > [359] : 0x00 (0) > [360] : 0x03 (3) > [361] : 0x00 (0) > [362] : 0x00 (0) > [363] : 0x00 (0) > [364] : 0x00 (0) > [365] : 0x00 (0) > [366] : 0x00 (0) > [367] : 0x00 (0) > [368] : 0x00 (0) > [369] : 0x00 (0) > [370] : 0x10 (16) > [371] : 0x00 (0) > [372] : 0x50 (80) > [373] : 0x34 (52) > [374] : 0x03 (3) > [375] : 0x00 (0) > [376] : 0x28 (40) > [377] : 0x88 (136) > [378] : 0x04 (4) > [379] : 0x00 (0) > [380] : 0x00 (0) > [381] : 0x00 (0) > [382] : 0x00 (0) > [383] : 0x00 (0) > [384] : 0x00 (0) > [385] : 0x00 (0) > [386] : 0x00 (0) > [387] : 0x00 (0) > [388] : 0x00 (0) > [389] : 0x00 (0) > [390] : 0x01 (1) > [391] : 0x00 (0) > [392] : 0x00 (0) > [393] : 0x00 (0) > [394] : 0x00 (0) > [395] : 0x00 (0) > [396] : 0x00 (0) > [397] : 0x00 (0) > [398] : 0x00 (0) > [399] : 0x00 (0) > [400] : 0x00 (0) > [401] : 0x00 (0) > [402] : 0x00 (0) > [403] : 0x00 (0) > [404] : 0x00 (0) > [405] : 0x00 (0) > [406] : 0x00 (0) > [407] : 0x00 (0) > [408] : 0x24 (36) > [409] : 0x01 (1) > [410] : 0xdf (223) > [411] : 0x8c (140) > [412] : 0x03 (3) > [413] : 0x00 (0) > [414] : 0x00 (0) > [415] : 0x00 (0) > [416] : 0x05 (5) > [417] : 0x00 (0) > [418] : 0x0b (11) > [419] : 0x00 (0) > [420] : 0xff (255) > [421] : 0x00 (0) > [422] : 0x00 (0) > [423] : 0x00 (0) > [424] : 0x00 (0) > [425] : 0x00 (0) > [426] : 0x00 (0) > [427] : 0x00 (0) > [428] : 0x00 (0) > [429] : 0x00 (0) > [430] : 0x00 (0) > [431] : 0x00 (0) > [432] : 0x00 (0) > [433] : 0x00 (0) > [434] : 0x00 (0) > [435] : 0x00 (0) > [436] : 0x00 (0) > [437] : 0x00 (0) > [438] : 0x00 (0) > [439] : 0x00 (0) > [440] : 0x00 (0) > [441] : 0x00 (0) > [442] : 0x00 (0) > [443] : 0x00 (0) > [444] : 0x00 (0) > [445] : 0x00 (0) > [446] : 0x00 (0) > [447] : 0x00 (0) > [448] : 0x00 (0) > [449] : 0x00 (0) > [450] : 0x00 (0) > [451] : 0x00 (0) > [452] : 0x00 (0) > [453] : 0x00 (0) > [454] : 0x00 (0) > [455] : 0x00 (0) > [456] : 0x00 (0) > [457] : 0x00 (0) > [458] : 0x00 (0) > [459] : 0x00 (0) > [460] : 0x00 (0) > [461] : 0x00 (0) > [462] : 0x00 (0) > [463] : 0x00 (0) > [464] : 0x00 (0) > [465] : 0x00 (0) > [466] : 0x00 (0) > [467] : 0x00 (0) > [468] : 0x00 (0) > [469] : 0x00 (0) > [470] : 0x00 (0) > [471] : 0x00 (0) > [472] : 0x00 (0) > [473] : 0x00 (0) > [474] : 0x00 (0) > [475] : 0x00 (0) > [476] : 0x00 (0) > [477] : 0x00 (0) > [478] : 0x00 (0) > [479] : 0x00 (0) > [480] : 0x00 (0) > [481] : 0x00 (0) > [482] : 0x00 (0) > [483] : 0x00 (0) > [484] : 0x00 (0) > [485] : 0x00 (0) > [486] : 0x00 (0) > [487] : 0x00 (0) > [488] : 0x00 (0) > [489] : 0x00 (0) > [490] : 0x00 (0) > [491] : 0x00 (0) > [492] : 0x00 (0) > [493] : 0x00 (0) > [494] : 0x00 (0) > [495] : 0x00 (0) > [496] : 0x00 (0) > [497] : 0x00 (0) > [498] : 0x00 (0) > [499] : 0x00 (0) > [500] : 0x00 (0) > [501] : 0x00 (0) > [502] : 0x00 (0) > [503] : 0x00 (0) > [504] : 0x00 (0) > [505] : 0x00 (0) > [506] : 0x00 (0) > [507] : 0x00 (0) > [508] : 0x00 (0) > [509] : 0x00 (0) > [510] : 0x00 (0) > [511] : 0x00 (0) > [512] : 0x00 (0) > [513] : 0x00 (0) > [514] : 0x00 (0) > [515] : 0x00 (0) > [516] : 0x00 (0) > [517] : 0x00 (0) > [518] : 0x00 (0) > [519] : 0x00 (0) > [520] : 0x00 (0) > [521] : 0x00 (0) > [522] : 0x00 (0) > [523] : 0x00 (0) > [524] : 0x00 (0) > [525] : 0x00 (0) > [526] : 0x00 (0) > [527] : 0x00 (0) > [528] : 0x00 (0) > [529] : 0x00 (0) > [530] : 0x00 (0) > [531] : 0x00 (0) > [532] : 0x00 (0) > [533] : 0x00 (0) > [534] : 0x00 (0) > [535] : 0x00 (0) > [536] : 0x00 (0) > [537] : 0x00 (0) > [538] : 0x00 (0) > [539] : 0x00 (0) > [540] : 0x00 (0) > [541] : 0x00 (0) > [542] : 0x00 (0) > [543] : 0x00 (0) > [544] : 0x00 (0) > [545] : 0x00 (0) > [546] : 0x00 (0) > [547] : 0x00 (0) > [548] : 0x00 (0) > [549] : 0x00 (0) > [550] : 0x00 (0) > [551] : 0x00 (0) > [552] : 0x00 (0) > [553] : 0x00 (0) > [554] : 0x00 (0) > [555] : 0x00 (0) > [556] : 0x00 (0) > [557] : 0x00 (0) > [558] : 0x00 (0) > [559] : 0x00 (0) > [560] : 0x00 (0) > [561] : 0x00 (0) > [562] : 0x00 (0) > [563] : 0x00 (0) > [564] : 0x00 (0) > [565] : 0x00 (0) > [566] : 0x00 (0) > [567] : 0x00 (0) > [568] : 0x00 (0) > [569] : 0x00 (0) > [570] : 0x00 (0) > [571] : 0x00 (0) > [572] : 0x00 (0) > [573] : 0x00 (0) > [574] : 0x00 (0) > [575] : 0x00 (0) > [576] : 0x00 (0) > [577] : 0x00 (0) > [578] : 0x00 (0) > [579] : 0x00 (0) > [580] : 0x00 (0) > [581] : 0x00 (0) > [582] : 0x00 (0) > [583] : 0x00 (0) > [584] : 0x00 (0) > [585] : 0x00 (0) > [586] : 0x00 (0) > [587] : 0x00 (0) > [588] : 0x00 (0) > [589] : 0x00 (0) > [590] : 0x00 (0) > [591] : 0x00 (0) > [592] : 0x00 (0) > [593] : 0x00 (0) > [594] : 0x00 (0) > [595] : 0x00 (0) > [596] : 0x00 (0) > [597] : 0x00 (0) > [598] : 0x00 (0) > [599] : 0x00 (0) > [600] : 0x00 (0) > [601] : 0x00 (0) > [602] : 0x00 (0) > [603] : 0x00 (0) > [604] : 0x00 (0) > [605] : 0x00 (0) > [606] : 0x00 (0) > [607] : 0x00 (0) > [608] : 0x00 (0) > [609] : 0x00 (0) > [610] : 0x00 (0) > [611] : 0x00 (0) > [612] : 0x00 (0) > [613] : 0x00 (0) > [614] : 0x00 (0) > [615] : 0x00 (0) > [616] : 0x00 (0) > [617] : 0x00 (0) > [618] : 0x00 (0) > [619] : 0x00 (0) > [620] : 0x00 (0) > [621] : 0x00 (0) > [622] : 0x00 (0) > [623] : 0x00 (0) > [624] : 0x00 (0) > [625] : 0x00 (0) > [626] : 0x00 (0) > [627] : 0x00 (0) > [628] : 0x00 (0) > [629] : 0x00 (0) > [630] : 0x00 (0) > [631] : 0x00 (0) > [632] : 0x00 (0) > [633] : 0x00 (0) > [634] : 0x00 (0) > [635] : 0x00 (0) > [636] : 0x00 (0) > [637] : 0x00 (0) > [638] : 0x00 (0) > [639] : 0x00 (0) > [640] : 0x00 (0) > [641] : 0x00 (0) > [642] : 0x00 (0) > [643] : 0x00 (0) > [644] : 0x00 (0) > [645] : 0x00 (0) > [646] : 0x00 (0) > [647] : 0x00 (0) > [648] : 0x00 (0) > [649] : 0x00 (0) > [650] : 0x00 (0) > [651] : 0x00 (0) > [652] : 0x00 (0) > [653] : 0x00 (0) > [654] : 0x00 (0) > [655] : 0x00 (0) > [656] : 0x00 (0) > [657] : 0x00 (0) > [658] : 0x00 (0) > [659] : 0x00 (0) > [660] : 0x00 (0) > [661] : 0x00 (0) > [662] : 0x00 (0) > [663] : 0x00 (0) > [664] : 0x00 (0) > [665] : 0x00 (0) > [666] : 0x00 (0) > [667] : 0x00 (0) > [668] : 0x00 (0) > [669] : 0x00 (0) > [670] : 0x00 (0) > [671] : 0x00 (0) > [672] : 0x00 (0) > [673] : 0x00 (0) > [674] : 0x00 (0) > [675] : 0x00 (0) > [676] : 0x00 (0) > [677] : 0x00 (0) > [678] : 0x00 (0) > [679] : 0x00 (0) > [680] : 0x00 (0) > [681] : 0x00 (0) > [682] : 0x00 (0) > [683] : 0x00 (0) > [684] : 0x00 (0) > [685] : 0x00 (0) > [686] : 0x00 (0) > [687] : 0x00 (0) > [688] : 0x00 (0) > [689] : 0x00 (0) > [690] : 0x00 (0) > [691] : 0x00 (0) > [692] : 0x00 (0) > [693] : 0x00 (0) > [694] : 0x00 (0) > [695] : 0x00 (0) > [696] : 0x00 (0) > [697] : 0x00 (0) > [698] : 0x00 (0) > [699] : 0x00 (0) > [700] : 0x00 (0) > [701] : 0x00 (0) > [702] : 0x00 (0) > [703] : 0x00 (0) > [704] : 0x00 (0) > [705] : 0x00 (0) > [706] : 0x00 (0) > [707] : 0x00 (0) > [708] : 0x00 (0) > [709] : 0x00 (0) > [710] : 0x00 (0) > [711] : 0x00 (0) > [712] : 0x00 (0) > [713] : 0x00 (0) > [714] : 0x00 (0) > [715] : 0x00 (0) > [716] : 0x00 (0) > [717] : 0x00 (0) > [718] : 0x00 (0) > [719] : 0x00 (0) > [720] : 0x00 (0) > [721] : 0x00 (0) > [722] : 0x00 (0) > [723] : 0x00 (0) > [724] : 0x00 (0) > [725] : 0x00 (0) > [726] : 0x00 (0) > [727] : 0x00 (0) > [728] : 0x00 (0) > [729] : 0x00 (0) > [730] : 0x00 (0) > [731] : 0x00 (0) > [732] : 0x00 (0) > [733] : 0x00 (0) > [734] : 0x00 (0) > [735] : 0x00 (0) > [736] : 0x00 (0) > [737] : 0x00 (0) > [738] : 0x00 (0) > [739] : 0x00 (0) > [740] : 0x00 (0) > [741] : 0x00 (0) > [742] : 0x00 (0) > [743] : 0x00 (0) > [744] : 0x00 (0) > [745] : 0x00 (0) > [746] : 0x00 (0) > [747] : 0x00 (0) > [748] : 0x00 (0) > [749] : 0x00 (0) > [750] : 0x00 (0) > [751] : 0x00 (0) > [752] : 0x00 (0) > [753] : 0x00 (0) > [754] : 0x00 (0) > [755] : 0x00 (0) > [756] : 0x00 (0) > [757] : 0x00 (0) > [758] : 0x00 (0) > [759] : 0x00 (0) > [760] : 0x00 (0) > [761] : 0x00 (0) > [762] : 0x00 (0) > [763] : 0x00 (0) > [764] : 0x00 (0) > [765] : 0x00 (0) > [766] : 0x00 (0) > [767] : 0x00 (0) > [768] : 0x00 (0) > [769] : 0x00 (0) > [770] : 0x00 (0) > [771] : 0x00 (0) > [772] : 0x00 (0) > [773] : 0x00 (0) > [774] : 0x00 (0) > [775] : 0x00 (0) > [776] : 0x00 (0) > [777] : 0x00 (0) > [778] : 0x00 (0) > [779] : 0x00 (0) > [780] : 0x00 (0) > [781] : 0x00 (0) > [782] : 0x00 (0) > [783] : 0x00 (0) > [784] : 0x00 (0) > [785] : 0x00 (0) > [786] : 0x00 (0) > [787] : 0x00 (0) > [788] : 0x00 (0) > [789] : 0x00 (0) > [790] : 0x00 (0) > [791] : 0x00 (0) > [792] : 0x00 (0) > [793] : 0x00 (0) > [794] : 0x00 (0) > [795] : 0x00 (0) > [796] : 0x00 (0) > [797] : 0x00 (0) > [798] : 0x00 (0) > [799] : 0x00 (0) > [800] : 0x00 (0) > [801] : 0x00 (0) > [802] : 0x00 (0) > [803] : 0x00 (0) > [804] : 0x00 (0) > [805] : 0x00 (0) > [806] : 0x00 (0) > [807] : 0x00 (0) > [808] : 0x00 (0) > [809] : 0x00 (0) > [810] : 0x00 (0) > [811] : 0x00 (0) > [812] : 0x00 (0) > [813] : 0x00 (0) > [814] : 0x00 (0) > [815] : 0x00 (0) > [816] : 0x00 (0) > [817] : 0x00 (0) > [818] : 0x00 (0) > [819] : 0x00 (0) > [820] : 0x00 (0) > [821] : 0x00 (0) > [822] : 0x00 (0) > [823] : 0x00 (0) > [824] : 0x00 (0) > [825] : 0x00 (0) > [826] : 0x00 (0) > [827] : 0x00 (0) > [828] : 0x00 (0) > [829] : 0x00 (0) > [830] : 0x00 (0) > [831] : 0x00 (0) > [832] : 0x00 (0) > [833] : 0x00 (0) > [834] : 0x00 (0) > [835] : 0x00 (0) > [836] : 0x00 (0) > [837] : 0x00 (0) > [838] : 0x00 (0) > [839] : 0x00 (0) > [840] : 0x00 (0) > [841] : 0x00 (0) > [842] : 0x00 (0) > [843] : 0x00 (0) > [844] : 0x00 (0) > [845] : 0x00 (0) > [846] : 0x00 (0) > [847] : 0x00 (0) > [848] : 0x00 (0) > [849] : 0x00 (0) > [850] : 0x00 (0) > [851] : 0x00 (0) > [852] : 0x00 (0) > [853] : 0x00 (0) > [854] : 0x00 (0) > [855] : 0x00 (0) > [856] : 0x00 (0) > [857] : 0x00 (0) > [858] : 0x00 (0) > [859] : 0x00 (0) > [860] : 0x00 (0) > [861] : 0x00 (0) > [862] : 0x00 (0) > [863] : 0x00 (0) > [864] : 0x00 (0) > [865] : 0x00 (0) > [866] : 0x00 (0) > [867] : 0x00 (0) > [868] : 0x00 (0) > [869] : 0x00 (0) > [870] : 0x00 (0) > [871] : 0x00 (0) > [872] : 0x00 (0) > [873] : 0x00 (0) > [874] : 0x00 (0) > [875] : 0x00 (0) > [876] : 0x00 (0) > [877] : 0x00 (0) > [878] : 0x00 (0) > [879] : 0x00 (0) > [880] : 0x00 (0) > [881] : 0x00 (0) > [882] : 0x00 (0) > [883] : 0x00 (0) > [884] : 0x00 (0) > [885] : 0x00 (0) > [886] : 0x00 (0) > [887] : 0x00 (0) > [888] : 0x00 (0) > [889] : 0x00 (0) > [890] : 0x00 (0) > [891] : 0x00 (0) > [892] : 0x00 (0) > [893] : 0x00 (0) > [894] : 0x00 (0) > [895] : 0x00 (0) > [896] : 0x00 (0) > [897] : 0x00 (0) > [898] : 0x00 (0) > [899] : 0x00 (0) > [900] : 0x00 (0) > [901] : 0x00 (0) > [902] : 0x00 (0) > [903] : 0x00 (0) > [904] : 0x00 (0) > [905] : 0x00 (0) > [906] : 0x00 (0) > [907] : 0x00 (0) > [908] : 0x00 (0) > [909] : 0x00 (0) > [910] : 0x00 (0) > [911] : 0x00 (0) > [912] : 0x00 (0) > [913] : 0x00 (0) > [914] : 0x00 (0) > [915] : 0x00 (0) > [916] : 0x00 (0) > [917] : 0x00 (0) > [918] : 0x00 (0) > [919] : 0x00 (0) > [920] : 0x00 (0) > [921] : 0x00 (0) > [922] : 0x00 (0) > [923] : 0x00 (0) > [924] : 0x00 (0) > [925] : 0x00 (0) > [926] : 0x00 (0) > [927] : 0x00 (0) > [928] : 0x01 (1) > [929] : 0x00 (0) > [930] : 0x00 (0) > [931] : 0x00 (0) > [932] : 0x00 (0) > [933] : 0x00 (0) > [934] : 0x00 (0) > [935] : 0x00 (0) > [936] : 0x00 (0) > [937] : 0x00 (0) > [938] : 0x00 (0) > [939] : 0x00 (0) > [940] : 0x00 (0) > [941] : 0x00 (0) > [942] : 0x00 (0) > [943] : 0x00 (0) > [944] : 0x80 (128) > [945] : 0x00 (0) > [946] : 0x00 (0) > [947] : 0x00 (0) > [948] : 0x53 (83) > [949] : 0x4d (77) > [950] : 0x54 (84) > [951] : 0x4a (74) > [952] : 0x00 (0) > [953] : 0x00 (0) > [954] : 0x00 (0) > [955] : 0x00 (0) > [956] : 0x10 (16) > [957] : 0x00 (0) > [958] : 0x70 (112) > [959] : 0x00 (0) > [960] : 0x49 (73) > [961] : 0x00 (0) > [962] : 0x53 (83) > [963] : 0x00 (0) > [964] : 0x65 (101) > [965] : 0x00 (0) > [966] : 0x72 (114) > [967] : 0x00 (0) > [968] : 0x76 (118) > [969] : 0x00 (0) > [970] : 0x20 (32) > [971] : 0x00 (0) > [972] : 0x50 (80) > [973] : 0x00 (0) > [974] : 0x72 (114) > [975] : 0x00 (0) > [976] : 0x69 (105) > [977] : 0x00 (0) > [978] : 0x6e (110) > [979] : 0x00 (0) > [980] : 0x74 (116) > [981] : 0x00 (0) > [982] : 0x20 (32) > [983] : 0x00 (0) > [984] : 0x44 (68) > [985] : 0x00 (0) > [986] : 0x72 (114) > [987] : 0x00 (0) > [988] : 0x69 (105) > [989] : 0x00 (0) > [990] : 0x76 (118) > [991] : 0x00 (0) > [992] : 0x65 (101) > [993] : 0x00 (0) > [994] : 0x72 (114) > [995] : 0x00 (0) > [996] : 0x00 (0) > [997] : 0x00 (0) > [998] : 0x52 (82) > [999] : 0x65 (101) > [1000] : 0x73 (115) > [1001] : 0x6f (111) > [1002] : 0x6c (108) > [1003] : 0x75 (117) > [1004] : 0x74 (116) > [1005] : 0x69 (105) > [1006] : 0x6f (111) > [1007] : 0x6e (110) > [1008] : 0x00 (0) > [1009] : 0x36 (54) > [1010] : 0x30 (48) > [1011] : 0x30 (48) > [1012] : 0x64 (100) > [1013] : 0x70 (112) > [1014] : 0x69 (105) > [1015] : 0x00 (0) > [1016] : 0x50 (80) > [1017] : 0x61 (97) > [1018] : 0x67 (103) > [1019] : 0x65 (101) > [1020] : 0x53 (83) > [1021] : 0x69 (105) > [1022] : 0x7a (122) > [1023] : 0x65 (101) > [1024] : 0x00 (0) > [1025] : 0x41 (65) > [1026] : 0x34 (52) > [1027] : 0x00 (0) > [1028] : 0x50 (80) > [1029] : 0x61 (97) > [1030] : 0x67 (103) > [1031] : 0x65 (101) > [1032] : 0x52 (82) > [1033] : 0x65 (101) > [1034] : 0x67 (103) > [1035] : 0x69 (105) > [1036] : 0x6f (111) > [1037] : 0x6e (110) > [1038] : 0x00 (0) > [1039] : 0x00 (0) > [1040] : 0x00 (0) > [1041] : 0x00 (0) > [1042] : 0x00 (0) > [1043] : 0x00 (0) > [1044] : 0x00 (0) > [1045] : 0x00 (0) > [1046] : 0x00 (0) > [1047] : 0x00 (0) > [1048] : 0x00 (0) > [1049] : 0x00 (0) > [1050] : 0x00 (0) > [1051] : 0x00 (0) > [1052] : 0x00 (0) > [1053] : 0x00 (0) > [1054] : 0x00 (0) > [1055] : 0x00 (0) > [1056] : 0x00 (0) > [1057] : 0x00 (0) > [1058] : 0x00 (0) > [1059] : 0x00 (0) > [1060] : 0x00 (0) > [1061] : 0x00 (0) > [1062] : 0x00 (0) > [1063] : 0x00 (0) > [1064] : 0x00 (0) > [1065] : 0x00 (0) > [1066] : 0x00 (0) > [1067] : 0x00 (0) > [1068] : 0x00 (0) > [1069] : 0x00 (0) > [1070] : 0x00 (0) > [1071] : 0x00 (0) > data_size : * > data_size : 0x00000430 (1072) > data_length : * > data_length : 0x00000430 (1072) > result : WERR_OK >[2016/11/10 14:51:16.593519, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2016/11/10 14:51:16.593567, 7, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2016/11/10 14:51:16.593581, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (2->3) >[2016/11/10 14:51:16.593592, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2016/11/10 14:51:16.593602, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2016/11/10 14:51:16.593611, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/11/10 14:51:16.593620, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xf7331040 for key [\HKLM] >[2016/11/10 14:51:16.593649, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.593675, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000011-0000-0000-2458-547b97470000 > result : WERR_OK >[2016/11/10 14:51:16.593716, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000011-0000-0000-2458-547b97470000 > keyname: struct winreg_String > name_len : 0x0088 (136) > name_size : 0x0088 (136) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2016/11/10 14:51:16.593804, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.593829, 7, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2016/11/10 14:51:16.593839, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (3->4) >[2016/11/10 14:51:16.593849, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2016/11/10 14:51:16.593864, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2016/11/10 14:51:16.593878, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/11/10 14:51:16.593889, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE] >[2016/11/10 14:51:16.593920, 7, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2016/11/10 14:51:16.593936, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (4->5) >[2016/11/10 14:51:16.593950, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2016/11/10 14:51:16.593963, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2016/11/10 14:51:16.593974, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/11/10 14:51:16.593983, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft] >[2016/11/10 14:51:16.594004, 7, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2016/11/10 14:51:16.594014, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (5->6) >[2016/11/10 14:51:16.594024, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/11/10 14:51:16.594033, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/11/10 14:51:16.594044, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/11/10 14:51:16.594053, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/11/10 14:51:16.594070, 7, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2016/11/10 14:51:16.594080, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (6->7) >[2016/11/10 14:51:16.594090, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/11/10 14:51:16.594100, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/11/10 14:51:16.594111, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/11/10 14:51:16.594120, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xf76f87c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/11/10 14:51:16.594144, 7, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2016/11/10 14:51:16.594157, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (7->8) >[2016/11/10 14:51:16.594167, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/11/10 14:51:16.594177, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/11/10 14:51:16.594189, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/11/10 14:51:16.594198, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xf76f87c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/11/10 14:51:16.594216, 7, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2016/11/10 14:51:16.594226, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (8->9) >[2016/11/10 14:51:16.594236, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/11/10 14:51:16.594246, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/11/10 14:51:16.594258, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/11/10 14:51:16.594267, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/11/10 14:51:16.594311, 7, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [printer] >[2016/11/10 14:51:16.594322, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (9->10) >[2016/11/10 14:51:16.594332, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer] >[2016/11/10 14:51:16.594342, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer] >[2016/11/10 14:51:16.594354, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/11/10 14:51:16.594363, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer] >[2016/11/10 14:51:16.594385, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (10->9) >[2016/11/10 14:51:16.594395, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (9->8) >[2016/11/10 14:51:16.594407, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (8->7) >[2016/11/10 14:51:16.594417, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (7->6) >[2016/11/10 14:51:16.594427, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (6->5) >[2016/11/10 14:51:16.594437, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (5->4) >[2016/11/10 14:51:16.594447, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) > Opened policy hnd[4] [0000] 00 00 00 00 12 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.594472, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000012-0000-0000-2458-547b97470000 > result : WERR_OK >[2016/11/10 14:51:16.594516, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000012-0000-0000-2458-547b97470000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) >[2016/11/10 14:51:16.594586, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 12 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.594610, 7, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer] >[2016/11/10 14:51:16.594620, 7, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2016/11/10 14:51:16.594630, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer' (ops 0xf7331040) >[2016/11/10 14:51:16.594640, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer] >[2016/11/10 14:51:16.594658, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Datatype] len[8] >[2016/11/10 14:51:16.594672, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[1]: name[Default Priority] len[4] >[2016/11/10 14:51:16.594682, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[2]: name[Location] len[2] >[2016/11/10 14:51:16.594692, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[3]: name[Parameters] len[2] >[2016/11/10 14:51:16.594702, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[4]: name[Port] len[38] >[2016/11/10 14:51:16.594712, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[5]: name[Print Processor] len[18] >[2016/11/10 14:51:16.594722, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[6]: name[Priority] len[4] >[2016/11/10 14:51:16.594732, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[7]: name[Separator File] len[2] >[2016/11/10 14:51:16.594742, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[8]: name[Share Name] len[16] >[2016/11/10 14:51:16.594752, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[9]: name[StartTime] len[4] >[2016/11/10 14:51:16.594763, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[10]: name[Status] len[4] >[2016/11/10 14:51:16.594773, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[11]: name[UntilTime] len[4] >[2016/11/10 14:51:16.594783, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[12]: name[Description] len[36] >[2016/11/10 14:51:16.594793, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[13]: name[Security] len[200] >[2016/11/10 14:51:16.594804, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[14]: name[Name] len[16] >[2016/11/10 14:51:16.594814, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[15]: name[Attributes] len[4] >[2016/11/10 14:51:16.594826, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[16]: name[Default DevMode] len[1072] >[2016/11/10 14:51:16.594836, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[17]: name[Printer Driver] len[38] >[2016/11/10 14:51:16.594847, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[18]: name[ChangeID] len[4] >[2016/11/10 14:51:16.594858, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : NULL > data_size : * > data_size : 0x000000c8 (200) > data_length : * > data_length : 0x00000000 (0) > result : WERR_OK >[2016/11/10 14:51:16.594909, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000012-0000-0000-2458-547b97470000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(0) > data_size : * > data_size : 0x000000c8 (200) > data_length : * > data_length : 0x00000000 (0) >[2016/11/10 14:51:16.594981, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 12 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.595005, 7, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer] >[2016/11/10 14:51:16.595014, 7, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2016/11/10 14:51:16.595026, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(200) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x14 (20) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x24 (36) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x34 (52) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x01 (1) > [21] : 0x02 (2) > [22] : 0x00 (0) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x05 (5) > [28] : 0x20 (32) > [29] : 0x00 (0) > [30] : 0x00 (0) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x02 (2) > [34] : 0x00 (0) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x02 (2) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x05 (5) > [44] : 0x20 (32) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x20 (32) > [49] : 0x02 (2) > [50] : 0x00 (0) > [51] : 0x00 (0) > [52] : 0x02 (2) > [53] : 0x00 (0) > [54] : 0x94 (148) > [55] : 0x00 (0) > [56] : 0x05 (5) > [57] : 0x00 (0) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x02 (2) > [62] : 0x14 (20) > [63] : 0x00 (0) > [64] : 0x08 (8) > [65] : 0x00 (0) > [66] : 0x02 (2) > [67] : 0x20 (32) > [68] : 0x01 (1) > [69] : 0x01 (1) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x00 (0) > [75] : 0x01 (1) > [76] : 0x00 (0) > [77] : 0x00 (0) > [78] : 0x00 (0) > [79] : 0x00 (0) > [80] : 0x00 (0) > [81] : 0x09 (9) > [82] : 0x24 (36) > [83] : 0x00 (0) > [84] : 0x0c (12) > [85] : 0x00 (0) > [86] : 0x0f (15) > [87] : 0x10 (16) > [88] : 0x01 (1) > [89] : 0x05 (5) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x00 (0) > [93] : 0x00 (0) > [94] : 0x00 (0) > [95] : 0x05 (5) > [96] : 0x15 (21) > [97] : 0x00 (0) > [98] : 0x00 (0) > [99] : 0x00 (0) > [100] : 0xae (174) > [101] : 0x66 (102) > [102] : 0x85 (133) > [103] : 0x50 (80) > [104] : 0xdc (220) > [105] : 0x80 (128) > [106] : 0xb5 (181) > [107] : 0x88 (136) > [108] : 0x63 (99) > [109] : 0xbb (187) > [110] : 0x04 (4) > [111] : 0x8c (140) > [112] : 0x00 (0) > [113] : 0x02 (2) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x00 (0) > [117] : 0x02 (2) > [118] : 0x24 (36) > [119] : 0x00 (0) > [120] : 0x0c (12) > [121] : 0x00 (0) > [122] : 0x0f (15) > [123] : 0x10 (16) > [124] : 0x01 (1) > [125] : 0x05 (5) > [126] : 0x00 (0) > [127] : 0x00 (0) > [128] : 0x00 (0) > [129] : 0x00 (0) > [130] : 0x00 (0) > [131] : 0x05 (5) > [132] : 0x15 (21) > [133] : 0x00 (0) > [134] : 0x00 (0) > [135] : 0x00 (0) > [136] : 0xae (174) > [137] : 0x66 (102) > [138] : 0x85 (133) > [139] : 0x50 (80) > [140] : 0xdc (220) > [141] : 0x80 (128) > [142] : 0xb5 (181) > [143] : 0x88 (136) > [144] : 0x63 (99) > [145] : 0xbb (187) > [146] : 0x04 (4) > [147] : 0x8c (140) > [148] : 0x00 (0) > [149] : 0x02 (2) > [150] : 0x00 (0) > [151] : 0x00 (0) > [152] : 0x00 (0) > [153] : 0x09 (9) > [154] : 0x18 (24) > [155] : 0x00 (0) > [156] : 0x0c (12) > [157] : 0x00 (0) > [158] : 0x0f (15) > [159] : 0x10 (16) > [160] : 0x01 (1) > [161] : 0x02 (2) > [162] : 0x00 (0) > [163] : 0x00 (0) > [164] : 0x00 (0) > [165] : 0x00 (0) > [166] : 0x00 (0) > [167] : 0x05 (5) > [168] : 0x20 (32) > [169] : 0x00 (0) > [170] : 0x00 (0) > [171] : 0x00 (0) > [172] : 0x20 (32) > [173] : 0x02 (2) > [174] : 0x00 (0) > [175] : 0x00 (0) > [176] : 0x00 (0) > [177] : 0x02 (2) > [178] : 0x18 (24) > [179] : 0x00 (0) > [180] : 0x0c (12) > [181] : 0x00 (0) > [182] : 0x0f (15) > [183] : 0x10 (16) > [184] : 0x01 (1) > [185] : 0x02 (2) > [186] : 0x00 (0) > [187] : 0x00 (0) > [188] : 0x00 (0) > [189] : 0x00 (0) > [190] : 0x00 (0) > [191] : 0x05 (5) > [192] : 0x20 (32) > [193] : 0x00 (0) > [194] : 0x00 (0) > [195] : 0x00 (0) > [196] : 0x20 (32) > [197] : 0x02 (2) > [198] : 0x00 (0) > [199] : 0x00 (0) > data_size : * > data_size : 0x000000c8 (200) > data_length : * > data_length : 0x000000c8 (200) > result : WERR_OK >[2016/11/10 14:51:16.595760, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000012-0000-0000-2458-547b97470000 >[2016/11/10 14:51:16.595789, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 12 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.595813, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 12 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.595836, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) > Closed policy >[2016/11/10 14:51:16.595847, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (4->3) >[2016/11/10 14:51:16.595857, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2016/11/10 14:51:16.595901, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000011-0000-0000-2458-547b97470000 >[2016/11/10 14:51:16.595928, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.595951, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.595982, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) > Closed policy >[2016/11/10 14:51:16.595992, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (3->2) >[2016/11/10 14:51:16.596001, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2016/11/10 14:51:16.596038, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000010-0000-0000-2458-547b97470000 >[2016/11/10 14:51:16.596065, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.596099, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.596122, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) > Closed policy >[2016/11/10 14:51:16.596134, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (2->1) >[2016/11/10 14:51:16.596143, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2016/11/10 14:51:16.596182, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000f-0000-0000-2458-547b97470000 >[2016/11/10 14:51:16.596208, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0F 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.596232, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0F 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.596255, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) > Closed policy >[2016/11/10 14:51:16.596264, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (1->0) >[2016/11/10 14:51:16.596326, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2016/11/10 14:51:16.596366, 10, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:418(close_policy_by_pipe) > Deleted handle list for RPC connection winreg > printername: printer >[2016/11/10 14:51:16.596398, 4, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) > Create pipe requested winreg >[2016/11/10 14:51:16.596411, 10, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:223(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe winreg >[2016/11/10 14:51:16.596421, 10, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:240(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg >[2016/11/10 14:51:16.596448, 4, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) > Created internal pipe winreg >[2016/11/10 14:51:16.596476, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2016/11/10 14:51:16.596522, 7, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2016/11/10 14:51:16.596540, 4, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2016/11/10 14:51:16.596556, 4, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(52826) : conn_ctx_stack_ndx = 0 >[2016/11/10 14:51:16.596566, 4, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2016/11/10 14:51:16.596576, 5, pid=18327, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2016/11/10 14:51:16.596585, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2016/11/10 14:51:16.596650, 4, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2016/11/10 14:51:16.596661, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:885(regdb_open) > regdb_open: registry db opened. refcount reset (1) >[2016/11/10 14:51:16.596672, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2016/11/10 14:51:16.596682, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2016/11/10 14:51:16.596692, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/11/10 14:51:16.596701, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xf7331040 for key [\HKLM] >[2016/11/10 14:51:16.596732, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.596758, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000013-0000-0000-2458-547b97470000 > result : WERR_OK >[2016/11/10 14:51:16.596800, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000013-0000-0000-2458-547b97470000 > keyname: struct winreg_String > name_len : 0x00aa (170) > name_size : 0x00aa (170) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaaaä' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2016/11/10 14:51:16.596893, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.596919, 7, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2016/11/10 14:51:16.596928, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (1->2) >[2016/11/10 14:51:16.596939, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2016/11/10 14:51:16.596948, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2016/11/10 14:51:16.596959, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/11/10 14:51:16.596968, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE] >[2016/11/10 14:51:16.596990, 7, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2016/11/10 14:51:16.597000, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (2->3) >[2016/11/10 14:51:16.597010, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2016/11/10 14:51:16.597019, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2016/11/10 14:51:16.597030, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/11/10 14:51:16.597038, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft] >[2016/11/10 14:51:16.597060, 7, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2016/11/10 14:51:16.597071, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (3->4) >[2016/11/10 14:51:16.597081, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/11/10 14:51:16.597090, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/11/10 14:51:16.597101, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/11/10 14:51:16.597110, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/11/10 14:51:16.597127, 7, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2016/11/10 14:51:16.597137, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (4->5) >[2016/11/10 14:51:16.597149, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/11/10 14:51:16.597159, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/11/10 14:51:16.597170, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/11/10 14:51:16.597179, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xf76f87c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/11/10 14:51:16.597203, 7, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2016/11/10 14:51:16.597213, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (5->6) >[2016/11/10 14:51:16.597223, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/11/10 14:51:16.597232, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/11/10 14:51:16.597244, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/11/10 14:51:16.597253, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xf76f87c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/11/10 14:51:16.597270, 7, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2016/11/10 14:51:16.597280, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (6->7) >[2016/11/10 14:51:16.597290, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/11/10 14:51:16.597300, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/11/10 14:51:16.597312, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/11/10 14:51:16.597320, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/11/10 14:51:16.597364, 7, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [aaaaaaaaaaaaaaaaaaaaaaaä] >[2016/11/10 14:51:16.597374, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (7->8) >[2016/11/10 14:51:16.597384, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaaaä] >[2016/11/10 14:51:16.597394, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaaaä] >[2016/11/10 14:51:16.597409, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/11/10 14:51:16.597418, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaaaä] >[2016/11/10 14:51:16.597442, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (8->7) >[2016/11/10 14:51:16.597452, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (7->6) >[2016/11/10 14:51:16.597462, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (6->5) >[2016/11/10 14:51:16.597471, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (5->4) >[2016/11/10 14:51:16.597481, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (4->3) >[2016/11/10 14:51:16.597490, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (3->2) >[2016/11/10 14:51:16.597500, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.597524, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000014-0000-0000-2458-547b97470000 > result : WERR_OK >[2016/11/10 14:51:16.597565, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > in: struct winreg_QueryInfoKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000014-0000-0000-2458-547b97470000 > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL >[2016/11/10 14:51:16.597611, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.597636, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaaaä' (ops 0xf7331040) >[2016/11/10 14:51:16.597647, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaaaä] >[2016/11/10 14:51:16.597669, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Attributes] len[4] >[2016/11/10 14:51:16.597680, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[1]: name[Datatype] len[8] >[2016/11/10 14:51:16.597690, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[2]: name[Default Priority] len[4] >[2016/11/10 14:51:16.597700, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[3]: name[Port] len[38] >[2016/11/10 14:51:16.597710, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[4]: name[Name] len[50] >[2016/11/10 14:51:16.597720, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[5]: name[Print Processor] len[18] >[2016/11/10 14:51:16.597730, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[6]: name[Priority] len[4] >[2016/11/10 14:51:16.597740, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[7]: name[Security] len[248] >[2016/11/10 14:51:16.597751, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[8]: name[Share Name] len[50] >[2016/11/10 14:51:16.597761, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[9]: name[StartTime] len[4] >[2016/11/10 14:51:16.597771, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[10]: name[UntilTime] len[4] >[2016/11/10 14:51:16.597781, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[11]: name[Description] len[60] >[2016/11/10 14:51:16.597791, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[12]: name[Printer Driver] len[38] >[2016/11/10 14:51:16.597802, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[13]: name[Location] len[2] >[2016/11/10 14:51:16.597812, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[14]: name[Parameters] len[2] >[2016/11/10 14:51:16.597822, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[15]: name[Separator File] len[2] >[2016/11/10 14:51:16.597833, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[16]: name[Status] len[4] >[2016/11/10 14:51:16.597845, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[17]: name[Default DevMode] len[1072] >[2016/11/10 14:51:16.597855, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[18]: name[ChangeID] len[4] >[2016/11/10 14:51:16.597866, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaaaä] >[2016/11/10 14:51:16.597888, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > out: struct winreg_QueryInfoKey > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL > num_subkeys : * > num_subkeys : 0x00000003 (3) > max_subkeylen : * > max_subkeylen : 0x00000022 (34) > max_classlen : * > max_classlen : 0x00000000 (0) > num_values : * > num_values : 0x00000013 (19) > max_valnamelen : * > max_valnamelen : 0x00000022 (34) > max_valbufsize : * > max_valbufsize : 0x00000430 (1072) > secdescsize : * > secdescsize : 0x00000078 (120) > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2016/11/10 14:51:16.597982, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000014-0000-0000-2458-547b97470000 > enum_index : 0x00000000 (0) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x00000430 (1072) > length : * > length : 0x00000000 (0) >[2016/11/10 14:51:16.598059, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.598083, 8, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaaaä] >[2016/11/10 14:51:16.598094, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0016 (22) > size : 0x0024 (36) > name : * > name : 'Attributes' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x48 (72) > [1] : 0x10 (16) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2016/11/10 14:51:16.598180, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000014-0000-0000-2458-547b97470000 > enum_index : 0x00000001 (1) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x00000430 (1072) > length : * > length : 0x00000000 (0) >[2016/11/10 14:51:16.598256, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.598279, 8, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaaaä] >[2016/11/10 14:51:16.598290, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Datatype' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(8) > [0] : 0x52 (82) > [1] : 0x00 (0) > [2] : 0x41 (65) > [3] : 0x00 (0) > [4] : 0x57 (87) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > size : * > size : 0x00000008 (8) > length : * > length : 0x00000008 (8) > result : WERR_OK >[2016/11/10 14:51:16.598387, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000014-0000-0000-2458-547b97470000 > enum_index : 0x00000002 (2) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x00000430 (1072) > length : * > length : 0x00000000 (0) >[2016/11/10 14:51:16.598464, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.598488, 8, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaaaä] >[2016/11/10 14:51:16.598498, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0022 (34) > size : 0x0024 (36) > name : * > name : 'Default Priority' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2016/11/10 14:51:16.598581, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000014-0000-0000-2458-547b97470000 > enum_index : 0x00000003 (3) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x00000430 (1072) > length : * > length : 0x00000000 (0) >[2016/11/10 14:51:16.598655, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.598681, 8, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaaaä] >[2016/11/10 14:51:16.598692, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x000a (10) > size : 0x0024 (36) > name : * > name : 'Port' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(38) > [0] : 0x53 (83) > [1] : 0x00 (0) > [2] : 0x61 (97) > [3] : 0x00 (0) > [4] : 0x6d (109) > [5] : 0x00 (0) > [6] : 0x62 (98) > [7] : 0x00 (0) > [8] : 0x61 (97) > [9] : 0x00 (0) > [10] : 0x20 (32) > [11] : 0x00 (0) > [12] : 0x50 (80) > [13] : 0x00 (0) > [14] : 0x72 (114) > [15] : 0x00 (0) > [16] : 0x69 (105) > [17] : 0x00 (0) > [18] : 0x6e (110) > [19] : 0x00 (0) > [20] : 0x74 (116) > [21] : 0x00 (0) > [22] : 0x65 (101) > [23] : 0x00 (0) > [24] : 0x72 (114) > [25] : 0x00 (0) > [26] : 0x20 (32) > [27] : 0x00 (0) > [28] : 0x50 (80) > [29] : 0x00 (0) > [30] : 0x6f (111) > [31] : 0x00 (0) > [32] : 0x72 (114) > [33] : 0x00 (0) > [34] : 0x74 (116) > [35] : 0x00 (0) > [36] : 0x00 (0) > [37] : 0x00 (0) > size : * > size : 0x00000026 (38) > length : * > length : 0x00000026 (38) > result : WERR_OK >[2016/11/10 14:51:16.598886, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000014-0000-0000-2458-547b97470000 > enum_index : 0x00000004 (4) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x00000430 (1072) > length : * > length : 0x00000000 (0) >[2016/11/10 14:51:16.598964, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.598987, 8, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaaaä] >[2016/11/10 14:51:16.598998, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x000a (10) > size : 0x0024 (36) > name : * > name : 'Name' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(50) > [0] : 0x61 (97) > [1] : 0x00 (0) > [2] : 0x61 (97) > [3] : 0x00 (0) > [4] : 0x61 (97) > [5] : 0x00 (0) > [6] : 0x61 (97) > [7] : 0x00 (0) > [8] : 0x61 (97) > [9] : 0x00 (0) > [10] : 0x61 (97) > [11] : 0x00 (0) > [12] : 0x61 (97) > [13] : 0x00 (0) > [14] : 0x61 (97) > [15] : 0x00 (0) > [16] : 0x61 (97) > [17] : 0x00 (0) > [18] : 0x61 (97) > [19] : 0x00 (0) > [20] : 0x61 (97) > [21] : 0x00 (0) > [22] : 0x61 (97) > [23] : 0x00 (0) > [24] : 0x61 (97) > [25] : 0x00 (0) > [26] : 0x61 (97) > [27] : 0x00 (0) > [28] : 0x61 (97) > [29] : 0x00 (0) > [30] : 0x61 (97) > [31] : 0x00 (0) > [32] : 0x61 (97) > [33] : 0x00 (0) > [34] : 0x61 (97) > [35] : 0x00 (0) > [36] : 0x61 (97) > [37] : 0x00 (0) > [38] : 0x61 (97) > [39] : 0x00 (0) > [40] : 0x61 (97) > [41] : 0x00 (0) > [42] : 0x61 (97) > [43] : 0x00 (0) > [44] : 0x61 (97) > [45] : 0x00 (0) > [46] : 0xe4 (228) > [47] : 0x00 (0) > [48] : 0x00 (0) > [49] : 0x00 (0) > size : * > size : 0x00000032 (50) > length : * > length : 0x00000032 (50) > result : WERR_OK >[2016/11/10 14:51:16.599241, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000014-0000-0000-2458-547b97470000 > enum_index : 0x00000005 (5) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x00000430 (1072) > length : * > length : 0x00000000 (0) >[2016/11/10 14:51:16.599316, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.599339, 8, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaaaä] >[2016/11/10 14:51:16.599349, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0020 (32) > size : 0x0024 (36) > name : * > name : 'Print Processor' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(18) > [0] : 0x77 (119) > [1] : 0x00 (0) > [2] : 0x69 (105) > [3] : 0x00 (0) > [4] : 0x6e (110) > [5] : 0x00 (0) > [6] : 0x70 (112) > [7] : 0x00 (0) > [8] : 0x72 (114) > [9] : 0x00 (0) > [10] : 0x69 (105) > [11] : 0x00 (0) > [12] : 0x6e (110) > [13] : 0x00 (0) > [14] : 0x74 (116) > [15] : 0x00 (0) > [16] : 0x00 (0) > [17] : 0x00 (0) > size : * > size : 0x00000012 (18) > length : * > length : 0x00000012 (18) > result : WERR_OK >[2016/11/10 14:51:16.599484, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000014-0000-0000-2458-547b97470000 > enum_index : 0x00000006 (6) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x00000430 (1072) > length : * > length : 0x00000000 (0) >[2016/11/10 14:51:16.599559, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.599582, 8, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaaaä] >[2016/11/10 14:51:16.599593, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Priority' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2016/11/10 14:51:16.599673, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000014-0000-0000-2458-547b97470000 > enum_index : 0x00000007 (7) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x00000430 (1072) > length : * > length : 0x00000000 (0) >[2016/11/10 14:51:16.599751, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.599774, 8, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaaaä] >[2016/11/10 14:51:16.599785, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Security' > type : * > type : REG_BINARY (3) > value : * > value: ARRAY(248) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x14 (20) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x24 (36) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x34 (52) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x01 (1) > [21] : 0x02 (2) > [22] : 0x00 (0) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x05 (5) > [28] : 0x20 (32) > [29] : 0x00 (0) > [30] : 0x00 (0) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x02 (2) > [34] : 0x00 (0) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x02 (2) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x05 (5) > [44] : 0x20 (32) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x20 (32) > [49] : 0x02 (2) > [50] : 0x00 (0) > [51] : 0x00 (0) > [52] : 0x02 (2) > [53] : 0x00 (0) > [54] : 0xc4 (196) > [55] : 0x00 (0) > [56] : 0x07 (7) > [57] : 0x00 (0) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x02 (2) > [62] : 0x14 (20) > [63] : 0x00 (0) > [64] : 0x08 (8) > [65] : 0x00 (0) > [66] : 0x02 (2) > [67] : 0x20 (32) > [68] : 0x01 (1) > [69] : 0x01 (1) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x00 (0) > [75] : 0x01 (1) > [76] : 0x00 (0) > [77] : 0x00 (0) > [78] : 0x00 (0) > [79] : 0x00 (0) > [80] : 0x00 (0) > [81] : 0x09 (9) > [82] : 0x24 (36) > [83] : 0x00 (0) > [84] : 0x0c (12) > [85] : 0x00 (0) > [86] : 0x0f (15) > [87] : 0x10 (16) > [88] : 0x01 (1) > [89] : 0x05 (5) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x00 (0) > [93] : 0x00 (0) > [94] : 0x00 (0) > [95] : 0x05 (5) > [96] : 0x15 (21) > [97] : 0x00 (0) > [98] : 0x00 (0) > [99] : 0x00 (0) > [100] : 0xae (174) > [101] : 0x66 (102) > [102] : 0x85 (133) > [103] : 0x50 (80) > [104] : 0xdc (220) > [105] : 0x80 (128) > [106] : 0xb5 (181) > [107] : 0x88 (136) > [108] : 0x63 (99) > [109] : 0xbb (187) > [110] : 0x04 (4) > [111] : 0x8c (140) > [112] : 0x00 (0) > [113] : 0x02 (2) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x00 (0) > [117] : 0x02 (2) > [118] : 0x24 (36) > [119] : 0x00 (0) > [120] : 0x0c (12) > [121] : 0x00 (0) > [122] : 0x0f (15) > [123] : 0x10 (16) > [124] : 0x01 (1) > [125] : 0x05 (5) > [126] : 0x00 (0) > [127] : 0x00 (0) > [128] : 0x00 (0) > [129] : 0x00 (0) > [130] : 0x00 (0) > [131] : 0x05 (5) > [132] : 0x15 (21) > [133] : 0x00 (0) > [134] : 0x00 (0) > [135] : 0x00 (0) > [136] : 0xae (174) > [137] : 0x66 (102) > [138] : 0x85 (133) > [139] : 0x50 (80) > [140] : 0xdc (220) > [141] : 0x80 (128) > [142] : 0xb5 (181) > [143] : 0x88 (136) > [144] : 0x63 (99) > [145] : 0xbb (187) > [146] : 0x04 (4) > [147] : 0x8c (140) > [148] : 0x00 (0) > [149] : 0x02 (2) > [150] : 0x00 (0) > [151] : 0x00 (0) > [152] : 0x00 (0) > [153] : 0x09 (9) > [154] : 0x18 (24) > [155] : 0x00 (0) > [156] : 0x0c (12) > [157] : 0x00 (0) > [158] : 0x0f (15) > [159] : 0x10 (16) > [160] : 0x01 (1) > [161] : 0x02 (2) > [162] : 0x00 (0) > [163] : 0x00 (0) > [164] : 0x00 (0) > [165] : 0x00 (0) > [166] : 0x00 (0) > [167] : 0x05 (5) > [168] : 0x20 (32) > [169] : 0x00 (0) > [170] : 0x00 (0) > [171] : 0x00 (0) > [172] : 0x20 (32) > [173] : 0x02 (2) > [174] : 0x00 (0) > [175] : 0x00 (0) > [176] : 0x00 (0) > [177] : 0x02 (2) > [178] : 0x18 (24) > [179] : 0x00 (0) > [180] : 0x0c (12) > [181] : 0x00 (0) > [182] : 0x0f (15) > [183] : 0x10 (16) > [184] : 0x01 (1) > [185] : 0x02 (2) > [186] : 0x00 (0) > [187] : 0x00 (0) > [188] : 0x00 (0) > [189] : 0x00 (0) > [190] : 0x00 (0) > [191] : 0x05 (5) > [192] : 0x20 (32) > [193] : 0x00 (0) > [194] : 0x00 (0) > [195] : 0x00 (0) > [196] : 0x20 (32) > [197] : 0x02 (2) > [198] : 0x00 (0) > [199] : 0x00 (0) > [200] : 0x00 (0) > [201] : 0x09 (9) > [202] : 0x18 (24) > [203] : 0x00 (0) > [204] : 0x0c (12) > [205] : 0x00 (0) > [206] : 0x0f (15) > [207] : 0x10 (16) > [208] : 0x01 (1) > [209] : 0x02 (2) > [210] : 0x00 (0) > [211] : 0x00 (0) > [212] : 0x00 (0) > [213] : 0x00 (0) > [214] : 0x00 (0) > [215] : 0x05 (5) > [216] : 0x20 (32) > [217] : 0x00 (0) > [218] : 0x00 (0) > [219] : 0x00 (0) > [220] : 0x26 (38) > [221] : 0x02 (2) > [222] : 0x00 (0) > [223] : 0x00 (0) > [224] : 0x00 (0) > [225] : 0x02 (2) > [226] : 0x18 (24) > [227] : 0x00 (0) > [228] : 0x0c (12) > [229] : 0x00 (0) > [230] : 0x0f (15) > [231] : 0x10 (16) > [232] : 0x01 (1) > [233] : 0x02 (2) > [234] : 0x00 (0) > [235] : 0x00 (0) > [236] : 0x00 (0) > [237] : 0x00 (0) > [238] : 0x00 (0) > [239] : 0x05 (5) > [240] : 0x20 (32) > [241] : 0x00 (0) > [242] : 0x00 (0) > [243] : 0x00 (0) > [244] : 0x26 (38) > [245] : 0x02 (2) > [246] : 0x00 (0) > [247] : 0x00 (0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x000000f8 (248) > result : WERR_OK >[2016/11/10 14:51:16.600803, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000014-0000-0000-2458-547b97470000 > enum_index : 0x00000008 (8) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x00000430 (1072) > length : * > length : 0x00000000 (0) >[2016/11/10 14:51:16.600880, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.600905, 8, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaaaä] >[2016/11/10 14:51:16.600916, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0016 (22) > size : 0x0024 (36) > name : * > name : 'Share Name' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(50) > [0] : 0x61 (97) > [1] : 0x00 (0) > [2] : 0x61 (97) > [3] : 0x00 (0) > [4] : 0x61 (97) > [5] : 0x00 (0) > [6] : 0x61 (97) > [7] : 0x00 (0) > [8] : 0x61 (97) > [9] : 0x00 (0) > [10] : 0x61 (97) > [11] : 0x00 (0) > [12] : 0x61 (97) > [13] : 0x00 (0) > [14] : 0x61 (97) > [15] : 0x00 (0) > [16] : 0x61 (97) > [17] : 0x00 (0) > [18] : 0x61 (97) > [19] : 0x00 (0) > [20] : 0x61 (97) > [21] : 0x00 (0) > [22] : 0x61 (97) > [23] : 0x00 (0) > [24] : 0x61 (97) > [25] : 0x00 (0) > [26] : 0x61 (97) > [27] : 0x00 (0) > [28] : 0x61 (97) > [29] : 0x00 (0) > [30] : 0x61 (97) > [31] : 0x00 (0) > [32] : 0x61 (97) > [33] : 0x00 (0) > [34] : 0x61 (97) > [35] : 0x00 (0) > [36] : 0x61 (97) > [37] : 0x00 (0) > [38] : 0x61 (97) > [39] : 0x00 (0) > [40] : 0x61 (97) > [41] : 0x00 (0) > [42] : 0x61 (97) > [43] : 0x00 (0) > [44] : 0x61 (97) > [45] : 0x00 (0) > [46] : 0xe4 (228) > [47] : 0x00 (0) > [48] : 0x00 (0) > [49] : 0x00 (0) > size : * > size : 0x00000032 (50) > length : * > length : 0x00000032 (50) > result : WERR_OK >[2016/11/10 14:51:16.601176, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000014-0000-0000-2458-547b97470000 > enum_index : 0x00000009 (9) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x00000430 (1072) > length : * > length : 0x00000000 (0) >[2016/11/10 14:51:16.601252, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.601277, 8, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaaaä] >[2016/11/10 14:51:16.601290, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0014 (20) > size : 0x0024 (36) > name : * > name : 'StartTime' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x00 (0) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2016/11/10 14:51:16.601379, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000014-0000-0000-2458-547b97470000 > enum_index : 0x0000000a (10) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x00000430 (1072) > length : * > length : 0x00000000 (0) >[2016/11/10 14:51:16.601453, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.601478, 8, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaaaä] >[2016/11/10 14:51:16.601489, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0014 (20) > size : 0x0024 (36) > name : * > name : 'UntilTime' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x00 (0) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2016/11/10 14:51:16.601578, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000014-0000-0000-2458-547b97470000 > enum_index : 0x0000000b (11) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x00000430 (1072) > length : * > length : 0x00000000 (0) >[2016/11/10 14:51:16.601661, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.601686, 8, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaaaä] >[2016/11/10 14:51:16.601697, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0018 (24) > size : 0x0024 (36) > name : * > name : 'Description' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(60) > [0] : 0x61 (97) > [1] : 0x00 (0) > [2] : 0x61 (97) > [3] : 0x00 (0) > [4] : 0x61 (97) > [5] : 0x00 (0) > [6] : 0x61 (97) > [7] : 0x00 (0) > [8] : 0x61 (97) > [9] : 0x00 (0) > [10] : 0x61 (97) > [11] : 0x00 (0) > [12] : 0x61 (97) > [13] : 0x00 (0) > [14] : 0x61 (97) > [15] : 0x00 (0) > [16] : 0x61 (97) > [17] : 0x00 (0) > [18] : 0x61 (97) > [19] : 0x00 (0) > [20] : 0x61 (97) > [21] : 0x00 (0) > [22] : 0x61 (97) > [23] : 0x00 (0) > [24] : 0x61 (97) > [25] : 0x00 (0) > [26] : 0x61 (97) > [27] : 0x00 (0) > [28] : 0x61 (97) > [29] : 0x00 (0) > [30] : 0x61 (97) > [31] : 0x00 (0) > [32] : 0x61 (97) > [33] : 0x00 (0) > [34] : 0x61 (97) > [35] : 0x00 (0) > [36] : 0x61 (97) > [37] : 0x00 (0) > [38] : 0x61 (97) > [39] : 0x00 (0) > [40] : 0x61 (97) > [41] : 0x00 (0) > [42] : 0x61 (97) > [43] : 0x00 (0) > [44] : 0x61 (97) > [45] : 0x00 (0) > [46] : 0xe4 (228) > [47] : 0x00 (0) > [48] : 0x2c (44) > [49] : 0x00 (0) > [50] : 0x20 (32) > [51] : 0x00 (0) > [52] : 0x30 (48) > [53] : 0x00 (0) > [54] : 0x2b (43) > [55] : 0x00 (0) > [56] : 0x30 (48) > [57] : 0x00 (0) > [58] : 0x00 (0) > [59] : 0x00 (0) > size : * > size : 0x0000003c (60) > length : * > length : 0x0000003c (60) > result : WERR_OK >[2016/11/10 14:51:16.601995, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000014-0000-0000-2458-547b97470000 > enum_index : 0x0000000c (12) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x00000430 (1072) > length : * > length : 0x00000000 (0) >[2016/11/10 14:51:16.602070, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.602097, 8, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaaaä] >[2016/11/10 14:51:16.602109, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x001e (30) > size : 0x0024 (36) > name : * > name : 'Printer Driver' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(38) > [0] : 0x49 (73) > [1] : 0x00 (0) > [2] : 0x53 (83) > [3] : 0x00 (0) > [4] : 0x65 (101) > [5] : 0x00 (0) > [6] : 0x72 (114) > [7] : 0x00 (0) > [8] : 0x76 (118) > [9] : 0x00 (0) > [10] : 0x20 (32) > [11] : 0x00 (0) > [12] : 0x50 (80) > [13] : 0x00 (0) > [14] : 0x72 (114) > [15] : 0x00 (0) > [16] : 0x69 (105) > [17] : 0x00 (0) > [18] : 0x6e (110) > [19] : 0x00 (0) > [20] : 0x74 (116) > [21] : 0x00 (0) > [22] : 0x20 (32) > [23] : 0x00 (0) > [24] : 0x44 (68) > [25] : 0x00 (0) > [26] : 0x72 (114) > [27] : 0x00 (0) > [28] : 0x69 (105) > [29] : 0x00 (0) > [30] : 0x76 (118) > [31] : 0x00 (0) > [32] : 0x65 (101) > [33] : 0x00 (0) > [34] : 0x72 (114) > [35] : 0x00 (0) > [36] : 0x00 (0) > [37] : 0x00 (0) > size : * > size : 0x00000026 (38) > length : * > length : 0x00000026 (38) > result : WERR_OK >[2016/11/10 14:51:16.602315, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000014-0000-0000-2458-547b97470000 > enum_index : 0x0000000d (13) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x00000430 (1072) > length : * > length : 0x00000000 (0) >[2016/11/10 14:51:16.602395, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.602419, 8, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaaaä] >[2016/11/10 14:51:16.602430, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Location' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(2) > [0] : 0x00 (0) > [1] : 0x00 (0) > size : * > size : 0x00000002 (2) > length : * > length : 0x00000002 (2) > result : WERR_OK >[2016/11/10 14:51:16.602510, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000014-0000-0000-2458-547b97470000 > enum_index : 0x0000000e (14) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x00000430 (1072) > length : * > length : 0x00000000 (0) >[2016/11/10 14:51:16.602590, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.602615, 8, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaaaä] >[2016/11/10 14:51:16.602628, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0016 (22) > size : 0x0024 (36) > name : * > name : 'Parameters' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(2) > [0] : 0x00 (0) > [1] : 0x00 (0) > size : * > size : 0x00000002 (2) > length : * > length : 0x00000002 (2) > result : WERR_OK >[2016/11/10 14:51:16.602709, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000014-0000-0000-2458-547b97470000 > enum_index : 0x0000000f (15) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x00000430 (1072) > length : * > length : 0x00000000 (0) >[2016/11/10 14:51:16.602784, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.602808, 8, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaaaä] >[2016/11/10 14:51:16.602819, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x001e (30) > size : 0x0024 (36) > name : * > name : 'Separator File' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(2) > [0] : 0x00 (0) > [1] : 0x00 (0) > size : * > size : 0x00000002 (2) > length : * > length : 0x00000002 (2) > result : WERR_OK >[2016/11/10 14:51:16.602897, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000014-0000-0000-2458-547b97470000 > enum_index : 0x00000010 (16) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x00000430 (1072) > length : * > length : 0x00000000 (0) >[2016/11/10 14:51:16.602973, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.602997, 8, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaaaä] >[2016/11/10 14:51:16.603007, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x000e (14) > size : 0x0024 (36) > name : * > name : 'Status' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x00 (0) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2016/11/10 14:51:16.603093, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000014-0000-0000-2458-547b97470000 > enum_index : 0x00000011 (17) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x00000430 (1072) > length : * > length : 0x00000000 (0) >[2016/11/10 14:51:16.603170, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.603194, 8, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaaaä] >[2016/11/10 14:51:16.603205, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0020 (32) > size : 0x0024 (36) > name : * > name : 'Default DevMode' > type : * > type : REG_BINARY (3) > value : * > value: ARRAY(1072) > [0] : 0x5c (92) > [1] : 0x00 (0) > [2] : 0x5c (92) > [3] : 0x00 (0) > [4] : 0x69 (105) > [5] : 0x00 (0) > [6] : 0x73 (115) > [7] : 0x00 (0) > [8] : 0x65 (101) > [9] : 0x00 (0) > [10] : 0x72 (114) > [11] : 0x00 (0) > [12] : 0x76 (118) > [13] : 0x00 (0) > [14] : 0x5c (92) > [15] : 0x00 (0) > [16] : 0x78 (120) > [17] : 0x00 (0) > [18] : 0x79 (121) > [19] : 0x00 (0) > [20] : 0x7a (122) > [21] : 0x00 (0) > [22] : 0x00 (0) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x00 (0) > [28] : 0x00 (0) > [29] : 0x00 (0) > [30] : 0x00 (0) > [31] : 0x00 (0) > [32] : 0x00 (0) > [33] : 0x00 (0) > [34] : 0x00 (0) > [35] : 0x00 (0) > [36] : 0x00 (0) > [37] : 0x00 (0) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x00 (0) > [44] : 0x00 (0) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x00 (0) > [49] : 0x00 (0) > [50] : 0x00 (0) > [51] : 0x00 (0) > [52] : 0x00 (0) > [53] : 0x00 (0) > [54] : 0x00 (0) > [55] : 0x00 (0) > [56] : 0x00 (0) > [57] : 0x00 (0) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x00 (0) > [62] : 0x00 (0) > [63] : 0x00 (0) > [64] : 0x01 (1) > [65] : 0x04 (4) > [66] : 0x00 (0) > [67] : 0x06 (6) > [68] : 0xdc (220) > [69] : 0x00 (0) > [70] : 0x54 (84) > [71] : 0x03 (3) > [72] : 0x53 (83) > [73] : 0xef (239) > [74] : 0x81 (129) > [75] : 0x01 (1) > [76] : 0x01 (1) > [77] : 0x00 (0) > [78] : 0x09 (9) > [79] : 0x00 (0) > [80] : 0xea (234) > [81] : 0x0a (10) > [82] : 0x6f (111) > [83] : 0x08 (8) > [84] : 0x64 (100) > [85] : 0x00 (0) > [86] : 0x01 (1) > [87] : 0x00 (0) > [88] : 0x0f (15) > [89] : 0x00 (0) > [90] : 0x58 (88) > [91] : 0x02 (2) > [92] : 0x02 (2) > [93] : 0x00 (0) > [94] : 0x01 (1) > [95] : 0x00 (0) > [96] : 0x58 (88) > [97] : 0x02 (2) > [98] : 0x03 (3) > [99] : 0x00 (0) > [100] : 0x01 (1) > [101] : 0x00 (0) > [102] : 0x41 (65) > [103] : 0x00 (0) > [104] : 0x34 (52) > [105] : 0x00 (0) > [106] : 0x00 (0) > [107] : 0x00 (0) > [108] : 0x00 (0) > [109] : 0x00 (0) > [110] : 0x00 (0) > [111] : 0x00 (0) > [112] : 0x00 (0) > [113] : 0x00 (0) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x00 (0) > [117] : 0x00 (0) > [118] : 0x00 (0) > [119] : 0x00 (0) > [120] : 0x00 (0) > [121] : 0x00 (0) > [122] : 0x00 (0) > [123] : 0x00 (0) > [124] : 0x00 (0) > [125] : 0x00 (0) > [126] : 0x00 (0) > [127] : 0x00 (0) > [128] : 0x00 (0) > [129] : 0x00 (0) > [130] : 0x00 (0) > [131] : 0x00 (0) > [132] : 0x00 (0) > [133] : 0x00 (0) > [134] : 0x00 (0) > [135] : 0x00 (0) > [136] : 0x00 (0) > [137] : 0x00 (0) > [138] : 0x00 (0) > [139] : 0x00 (0) > [140] : 0x00 (0) > [141] : 0x00 (0) > [142] : 0x00 (0) > [143] : 0x00 (0) > [144] : 0x00 (0) > [145] : 0x00 (0) > [146] : 0x00 (0) > [147] : 0x00 (0) > [148] : 0x00 (0) > [149] : 0x00 (0) > [150] : 0x00 (0) > [151] : 0x00 (0) > [152] : 0x00 (0) > [153] : 0x00 (0) > [154] : 0x00 (0) > [155] : 0x00 (0) > [156] : 0x00 (0) > [157] : 0x00 (0) > [158] : 0x00 (0) > [159] : 0x00 (0) > [160] : 0x00 (0) > [161] : 0x00 (0) > [162] : 0x00 (0) > [163] : 0x00 (0) > [164] : 0x00 (0) > [165] : 0x00 (0) > [166] : 0x00 (0) > [167] : 0x00 (0) > [168] : 0x00 (0) > [169] : 0x00 (0) > [170] : 0x00 (0) > [171] : 0x00 (0) > [172] : 0x00 (0) > [173] : 0x00 (0) > [174] : 0x00 (0) > [175] : 0x00 (0) > [176] : 0x00 (0) > [177] : 0x00 (0) > [178] : 0x00 (0) > [179] : 0x00 (0) > [180] : 0x01 (1) > [181] : 0x00 (0) > [182] : 0x00 (0) > [183] : 0x00 (0) > [184] : 0x00 (0) > [185] : 0x00 (0) > [186] : 0x00 (0) > [187] : 0x00 (0) > [188] : 0x01 (1) > [189] : 0x00 (0) > [190] : 0x00 (0) > [191] : 0x00 (0) > [192] : 0x02 (2) > [193] : 0x00 (0) > [194] : 0x00 (0) > [195] : 0x00 (0) > [196] : 0x01 (1) > [197] : 0x00 (0) > [198] : 0x00 (0) > [199] : 0x00 (0) > [200] : 0x00 (0) > [201] : 0x00 (0) > [202] : 0x00 (0) > [203] : 0x00 (0) > [204] : 0x00 (0) > [205] : 0x00 (0) > [206] : 0x00 (0) > [207] : 0x00 (0) > [208] : 0x00 (0) > [209] : 0x00 (0) > [210] : 0x00 (0) > [211] : 0x00 (0) > [212] : 0x00 (0) > [213] : 0x00 (0) > [214] : 0x00 (0) > [215] : 0x00 (0) > [216] : 0x00 (0) > [217] : 0x00 (0) > [218] : 0x00 (0) > [219] : 0x00 (0) > [220] : 0x50 (80) > [221] : 0x52 (82) > [222] : 0x49 (73) > [223] : 0x56 (86) > [224] : 0xe2 (226) > [225] : 0x30 (48) > [226] : 0x00 (0) > [227] : 0x00 (0) > [228] : 0x00 (0) > [229] : 0x00 (0) > [230] : 0x00 (0) > [231] : 0x00 (0) > [232] : 0x00 (0) > [233] : 0x00 (0) > [234] : 0x00 (0) > [235] : 0x00 (0) > [236] : 0x00 (0) > [237] : 0x00 (0) > [238] : 0x00 (0) > [239] : 0x00 (0) > [240] : 0x00 (0) > [241] : 0x00 (0) > [242] : 0x00 (0) > [243] : 0x00 (0) > [244] : 0x00 (0) > [245] : 0x00 (0) > [246] : 0x00 (0) > [247] : 0x00 (0) > [248] : 0x00 (0) > [249] : 0x00 (0) > [250] : 0x00 (0) > [251] : 0x00 (0) > [252] : 0x00 (0) > [253] : 0x00 (0) > [254] : 0x00 (0) > [255] : 0x00 (0) > [256] : 0x00 (0) > [257] : 0x00 (0) > [258] : 0x00 (0) > [259] : 0x00 (0) > [260] : 0x00 (0) > [261] : 0x00 (0) > [262] : 0x00 (0) > [263] : 0x00 (0) > [264] : 0x00 (0) > [265] : 0x00 (0) > [266] : 0x00 (0) > [267] : 0x00 (0) > [268] : 0x00 (0) > [269] : 0x00 (0) > [270] : 0x00 (0) > [271] : 0x00 (0) > [272] : 0x00 (0) > [273] : 0x00 (0) > [274] : 0x00 (0) > [275] : 0x00 (0) > [276] : 0x00 (0) > [277] : 0x00 (0) > [278] : 0x00 (0) > [279] : 0x00 (0) > [280] : 0x00 (0) > [281] : 0x00 (0) > [282] : 0x00 (0) > [283] : 0x00 (0) > [284] : 0x00 (0) > [285] : 0x00 (0) > [286] : 0x00 (0) > [287] : 0x00 (0) > [288] : 0x00 (0) > [289] : 0x00 (0) > [290] : 0x00 (0) > [291] : 0x00 (0) > [292] : 0x00 (0) > [293] : 0x00 (0) > [294] : 0x00 (0) > [295] : 0x00 (0) > [296] : 0x00 (0) > [297] : 0x00 (0) > [298] : 0x00 (0) > [299] : 0x00 (0) > [300] : 0x00 (0) > [301] : 0x00 (0) > [302] : 0x00 (0) > [303] : 0x00 (0) > [304] : 0x00 (0) > [305] : 0x00 (0) > [306] : 0x00 (0) > [307] : 0x00 (0) > [308] : 0x18 (24) > [309] : 0x00 (0) > [310] : 0x00 (0) > [311] : 0x00 (0) > [312] : 0x00 (0) > [313] : 0x00 (0) > [314] : 0x10 (16) > [315] : 0x27 (39) > [316] : 0x10 (16) > [317] : 0x27 (39) > [318] : 0x10 (16) > [319] : 0x27 (39) > [320] : 0x00 (0) > [321] : 0x00 (0) > [322] : 0x10 (16) > [323] : 0x27 (39) > [324] : 0x00 (0) > [325] : 0x00 (0) > [326] : 0x00 (0) > [327] : 0x00 (0) > [328] : 0x00 (0) > [329] : 0x00 (0) > [330] : 0x00 (0) > [331] : 0x00 (0) > [332] : 0x80 (128) > [333] : 0x00 (0) > [334] : 0x54 (84) > [335] : 0x03 (3) > [336] : 0x00 (0) > [337] : 0x00 (0) > [338] : 0x00 (0) > [339] : 0x00 (0) > [340] : 0x00 (0) > [341] : 0x00 (0) > [342] : 0x00 (0) > [343] : 0x00 (0) > [344] : 0x00 (0) > [345] : 0x00 (0) > [346] : 0x00 (0) > [347] : 0x00 (0) > [348] : 0x00 (0) > [349] : 0x00 (0) > [350] : 0x00 (0) > [351] : 0x00 (0) > [352] : 0x00 (0) > [353] : 0x00 (0) > [354] : 0x00 (0) > [355] : 0x00 (0) > [356] : 0x00 (0) > [357] : 0x00 (0) > [358] : 0x00 (0) > [359] : 0x00 (0) > [360] : 0x03 (3) > [361] : 0x00 (0) > [362] : 0x00 (0) > [363] : 0x00 (0) > [364] : 0x00 (0) > [365] : 0x00 (0) > [366] : 0x00 (0) > [367] : 0x00 (0) > [368] : 0x00 (0) > [369] : 0x00 (0) > [370] : 0x10 (16) > [371] : 0x00 (0) > [372] : 0x50 (80) > [373] : 0x34 (52) > [374] : 0x03 (3) > [375] : 0x00 (0) > [376] : 0x28 (40) > [377] : 0x88 (136) > [378] : 0x04 (4) > [379] : 0x00 (0) > [380] : 0x00 (0) > [381] : 0x00 (0) > [382] : 0x00 (0) > [383] : 0x00 (0) > [384] : 0x00 (0) > [385] : 0x00 (0) > [386] : 0x00 (0) > [387] : 0x00 (0) > [388] : 0x00 (0) > [389] : 0x00 (0) > [390] : 0x01 (1) > [391] : 0x00 (0) > [392] : 0x00 (0) > [393] : 0x00 (0) > [394] : 0x00 (0) > [395] : 0x00 (0) > [396] : 0x00 (0) > [397] : 0x00 (0) > [398] : 0x00 (0) > [399] : 0x00 (0) > [400] : 0x00 (0) > [401] : 0x00 (0) > [402] : 0x00 (0) > [403] : 0x00 (0) > [404] : 0x00 (0) > [405] : 0x00 (0) > [406] : 0x00 (0) > [407] : 0x00 (0) > [408] : 0x24 (36) > [409] : 0x01 (1) > [410] : 0xdf (223) > [411] : 0x8c (140) > [412] : 0x03 (3) > [413] : 0x00 (0) > [414] : 0x00 (0) > [415] : 0x00 (0) > [416] : 0x05 (5) > [417] : 0x00 (0) > [418] : 0x0b (11) > [419] : 0x00 (0) > [420] : 0xff (255) > [421] : 0x00 (0) > [422] : 0x00 (0) > [423] : 0x00 (0) > [424] : 0x00 (0) > [425] : 0x00 (0) > [426] : 0x00 (0) > [427] : 0x00 (0) > [428] : 0x00 (0) > [429] : 0x00 (0) > [430] : 0x00 (0) > [431] : 0x00 (0) > [432] : 0x00 (0) > [433] : 0x00 (0) > [434] : 0x00 (0) > [435] : 0x00 (0) > [436] : 0x00 (0) > [437] : 0x00 (0) > [438] : 0x00 (0) > [439] : 0x00 (0) > [440] : 0x00 (0) > [441] : 0x00 (0) > [442] : 0x00 (0) > [443] : 0x00 (0) > [444] : 0x00 (0) > [445] : 0x00 (0) > [446] : 0x00 (0) > [447] : 0x00 (0) > [448] : 0x00 (0) > [449] : 0x00 (0) > [450] : 0x00 (0) > [451] : 0x00 (0) > [452] : 0x00 (0) > [453] : 0x00 (0) > [454] : 0x00 (0) > [455] : 0x00 (0) > [456] : 0x00 (0) > [457] : 0x00 (0) > [458] : 0x00 (0) > [459] : 0x00 (0) > [460] : 0x00 (0) > [461] : 0x00 (0) > [462] : 0x00 (0) > [463] : 0x00 (0) > [464] : 0x00 (0) > [465] : 0x00 (0) > [466] : 0x00 (0) > [467] : 0x00 (0) > [468] : 0x00 (0) > [469] : 0x00 (0) > [470] : 0x00 (0) > [471] : 0x00 (0) > [472] : 0x00 (0) > [473] : 0x00 (0) > [474] : 0x00 (0) > [475] : 0x00 (0) > [476] : 0x00 (0) > [477] : 0x00 (0) > [478] : 0x00 (0) > [479] : 0x00 (0) > [480] : 0x00 (0) > [481] : 0x00 (0) > [482] : 0x00 (0) > [483] : 0x00 (0) > [484] : 0x00 (0) > [485] : 0x00 (0) > [486] : 0x00 (0) > [487] : 0x00 (0) > [488] : 0x00 (0) > [489] : 0x00 (0) > [490] : 0x00 (0) > [491] : 0x00 (0) > [492] : 0x00 (0) > [493] : 0x00 (0) > [494] : 0x00 (0) > [495] : 0x00 (0) > [496] : 0x00 (0) > [497] : 0x00 (0) > [498] : 0x00 (0) > [499] : 0x00 (0) > [500] : 0x00 (0) > [501] : 0x00 (0) > [502] : 0x00 (0) > [503] : 0x00 (0) > [504] : 0x00 (0) > [505] : 0x00 (0) > [506] : 0x00 (0) > [507] : 0x00 (0) > [508] : 0x00 (0) > [509] : 0x00 (0) > [510] : 0x00 (0) > [511] : 0x00 (0) > [512] : 0x00 (0) > [513] : 0x00 (0) > [514] : 0x00 (0) > [515] : 0x00 (0) > [516] : 0x00 (0) > [517] : 0x00 (0) > [518] : 0x00 (0) > [519] : 0x00 (0) > [520] : 0x00 (0) > [521] : 0x00 (0) > [522] : 0x00 (0) > [523] : 0x00 (0) > [524] : 0x00 (0) > [525] : 0x00 (0) > [526] : 0x00 (0) > [527] : 0x00 (0) > [528] : 0x00 (0) > [529] : 0x00 (0) > [530] : 0x00 (0) > [531] : 0x00 (0) > [532] : 0x00 (0) > [533] : 0x00 (0) > [534] : 0x00 (0) > [535] : 0x00 (0) > [536] : 0x00 (0) > [537] : 0x00 (0) > [538] : 0x00 (0) > [539] : 0x00 (0) > [540] : 0x00 (0) > [541] : 0x00 (0) > [542] : 0x00 (0) > [543] : 0x00 (0) > [544] : 0x00 (0) > [545] : 0x00 (0) > [546] : 0x00 (0) > [547] : 0x00 (0) > [548] : 0x00 (0) > [549] : 0x00 (0) > [550] : 0x00 (0) > [551] : 0x00 (0) > [552] : 0x00 (0) > [553] : 0x00 (0) > [554] : 0x00 (0) > [555] : 0x00 (0) > [556] : 0x00 (0) > [557] : 0x00 (0) > [558] : 0x00 (0) > [559] : 0x00 (0) > [560] : 0x00 (0) > [561] : 0x00 (0) > [562] : 0x00 (0) > [563] : 0x00 (0) > [564] : 0x00 (0) > [565] : 0x00 (0) > [566] : 0x00 (0) > [567] : 0x00 (0) > [568] : 0x00 (0) > [569] : 0x00 (0) > [570] : 0x00 (0) > [571] : 0x00 (0) > [572] : 0x00 (0) > [573] : 0x00 (0) > [574] : 0x00 (0) > [575] : 0x00 (0) > [576] : 0x00 (0) > [577] : 0x00 (0) > [578] : 0x00 (0) > [579] : 0x00 (0) > [580] : 0x00 (0) > [581] : 0x00 (0) > [582] : 0x00 (0) > [583] : 0x00 (0) > [584] : 0x00 (0) > [585] : 0x00 (0) > [586] : 0x00 (0) > [587] : 0x00 (0) > [588] : 0x00 (0) > [589] : 0x00 (0) > [590] : 0x00 (0) > [591] : 0x00 (0) > [592] : 0x00 (0) > [593] : 0x00 (0) > [594] : 0x00 (0) > [595] : 0x00 (0) > [596] : 0x00 (0) > [597] : 0x00 (0) > [598] : 0x00 (0) > [599] : 0x00 (0) > [600] : 0x00 (0) > [601] : 0x00 (0) > [602] : 0x00 (0) > [603] : 0x00 (0) > [604] : 0x00 (0) > [605] : 0x00 (0) > [606] : 0x00 (0) > [607] : 0x00 (0) > [608] : 0x00 (0) > [609] : 0x00 (0) > [610] : 0x00 (0) > [611] : 0x00 (0) > [612] : 0x00 (0) > [613] : 0x00 (0) > [614] : 0x00 (0) > [615] : 0x00 (0) > [616] : 0x00 (0) > [617] : 0x00 (0) > [618] : 0x00 (0) > [619] : 0x00 (0) > [620] : 0x00 (0) > [621] : 0x00 (0) > [622] : 0x00 (0) > [623] : 0x00 (0) > [624] : 0x00 (0) > [625] : 0x00 (0) > [626] : 0x00 (0) > [627] : 0x00 (0) > [628] : 0x00 (0) > [629] : 0x00 (0) > [630] : 0x00 (0) > [631] : 0x00 (0) > [632] : 0x00 (0) > [633] : 0x00 (0) > [634] : 0x00 (0) > [635] : 0x00 (0) > [636] : 0x00 (0) > [637] : 0x00 (0) > [638] : 0x00 (0) > [639] : 0x00 (0) > [640] : 0x00 (0) > [641] : 0x00 (0) > [642] : 0x00 (0) > [643] : 0x00 (0) > [644] : 0x00 (0) > [645] : 0x00 (0) > [646] : 0x00 (0) > [647] : 0x00 (0) > [648] : 0x00 (0) > [649] : 0x00 (0) > [650] : 0x00 (0) > [651] : 0x00 (0) > [652] : 0x00 (0) > [653] : 0x00 (0) > [654] : 0x00 (0) > [655] : 0x00 (0) > [656] : 0x00 (0) > [657] : 0x00 (0) > [658] : 0x00 (0) > [659] : 0x00 (0) > [660] : 0x00 (0) > [661] : 0x00 (0) > [662] : 0x00 (0) > [663] : 0x00 (0) > [664] : 0x00 (0) > [665] : 0x00 (0) > [666] : 0x00 (0) > [667] : 0x00 (0) > [668] : 0x00 (0) > [669] : 0x00 (0) > [670] : 0x00 (0) > [671] : 0x00 (0) > [672] : 0x00 (0) > [673] : 0x00 (0) > [674] : 0x00 (0) > [675] : 0x00 (0) > [676] : 0x00 (0) > [677] : 0x00 (0) > [678] : 0x00 (0) > [679] : 0x00 (0) > [680] : 0x00 (0) > [681] : 0x00 (0) > [682] : 0x00 (0) > [683] : 0x00 (0) > [684] : 0x00 (0) > [685] : 0x00 (0) > [686] : 0x00 (0) > [687] : 0x00 (0) > [688] : 0x00 (0) > [689] : 0x00 (0) > [690] : 0x00 (0) > [691] : 0x00 (0) > [692] : 0x00 (0) > [693] : 0x00 (0) > [694] : 0x00 (0) > [695] : 0x00 (0) > [696] : 0x00 (0) > [697] : 0x00 (0) > [698] : 0x00 (0) > [699] : 0x00 (0) > [700] : 0x00 (0) > [701] : 0x00 (0) > [702] : 0x00 (0) > [703] : 0x00 (0) > [704] : 0x00 (0) > [705] : 0x00 (0) > [706] : 0x00 (0) > [707] : 0x00 (0) > [708] : 0x00 (0) > [709] : 0x00 (0) > [710] : 0x00 (0) > [711] : 0x00 (0) > [712] : 0x00 (0) > [713] : 0x00 (0) > [714] : 0x00 (0) > [715] : 0x00 (0) > [716] : 0x00 (0) > [717] : 0x00 (0) > [718] : 0x00 (0) > [719] : 0x00 (0) > [720] : 0x00 (0) > [721] : 0x00 (0) > [722] : 0x00 (0) > [723] : 0x00 (0) > [724] : 0x00 (0) > [725] : 0x00 (0) > [726] : 0x00 (0) > [727] : 0x00 (0) > [728] : 0x00 (0) > [729] : 0x00 (0) > [730] : 0x00 (0) > [731] : 0x00 (0) > [732] : 0x00 (0) > [733] : 0x00 (0) > [734] : 0x00 (0) > [735] : 0x00 (0) > [736] : 0x00 (0) > [737] : 0x00 (0) > [738] : 0x00 (0) > [739] : 0x00 (0) > [740] : 0x00 (0) > [741] : 0x00 (0) > [742] : 0x00 (0) > [743] : 0x00 (0) > [744] : 0x00 (0) > [745] : 0x00 (0) > [746] : 0x00 (0) > [747] : 0x00 (0) > [748] : 0x00 (0) > [749] : 0x00 (0) > [750] : 0x00 (0) > [751] : 0x00 (0) > [752] : 0x00 (0) > [753] : 0x00 (0) > [754] : 0x00 (0) > [755] : 0x00 (0) > [756] : 0x00 (0) > [757] : 0x00 (0) > [758] : 0x00 (0) > [759] : 0x00 (0) > [760] : 0x00 (0) > [761] : 0x00 (0) > [762] : 0x00 (0) > [763] : 0x00 (0) > [764] : 0x00 (0) > [765] : 0x00 (0) > [766] : 0x00 (0) > [767] : 0x00 (0) > [768] : 0x00 (0) > [769] : 0x00 (0) > [770] : 0x00 (0) > [771] : 0x00 (0) > [772] : 0x00 (0) > [773] : 0x00 (0) > [774] : 0x00 (0) > [775] : 0x00 (0) > [776] : 0x00 (0) > [777] : 0x00 (0) > [778] : 0x00 (0) > [779] : 0x00 (0) > [780] : 0x00 (0) > [781] : 0x00 (0) > [782] : 0x00 (0) > [783] : 0x00 (0) > [784] : 0x00 (0) > [785] : 0x00 (0) > [786] : 0x00 (0) > [787] : 0x00 (0) > [788] : 0x00 (0) > [789] : 0x00 (0) > [790] : 0x00 (0) > [791] : 0x00 (0) > [792] : 0x00 (0) > [793] : 0x00 (0) > [794] : 0x00 (0) > [795] : 0x00 (0) > [796] : 0x00 (0) > [797] : 0x00 (0) > [798] : 0x00 (0) > [799] : 0x00 (0) > [800] : 0x00 (0) > [801] : 0x00 (0) > [802] : 0x00 (0) > [803] : 0x00 (0) > [804] : 0x00 (0) > [805] : 0x00 (0) > [806] : 0x00 (0) > [807] : 0x00 (0) > [808] : 0x00 (0) > [809] : 0x00 (0) > [810] : 0x00 (0) > [811] : 0x00 (0) > [812] : 0x00 (0) > [813] : 0x00 (0) > [814] : 0x00 (0) > [815] : 0x00 (0) > [816] : 0x00 (0) > [817] : 0x00 (0) > [818] : 0x00 (0) > [819] : 0x00 (0) > [820] : 0x00 (0) > [821] : 0x00 (0) > [822] : 0x00 (0) > [823] : 0x00 (0) > [824] : 0x00 (0) > [825] : 0x00 (0) > [826] : 0x00 (0) > [827] : 0x00 (0) > [828] : 0x00 (0) > [829] : 0x00 (0) > [830] : 0x00 (0) > [831] : 0x00 (0) > [832] : 0x00 (0) > [833] : 0x00 (0) > [834] : 0x00 (0) > [835] : 0x00 (0) > [836] : 0x00 (0) > [837] : 0x00 (0) > [838] : 0x00 (0) > [839] : 0x00 (0) > [840] : 0x00 (0) > [841] : 0x00 (0) > [842] : 0x00 (0) > [843] : 0x00 (0) > [844] : 0x00 (0) > [845] : 0x00 (0) > [846] : 0x00 (0) > [847] : 0x00 (0) > [848] : 0x00 (0) > [849] : 0x00 (0) > [850] : 0x00 (0) > [851] : 0x00 (0) > [852] : 0x00 (0) > [853] : 0x00 (0) > [854] : 0x00 (0) > [855] : 0x00 (0) > [856] : 0x00 (0) > [857] : 0x00 (0) > [858] : 0x00 (0) > [859] : 0x00 (0) > [860] : 0x00 (0) > [861] : 0x00 (0) > [862] : 0x00 (0) > [863] : 0x00 (0) > [864] : 0x00 (0) > [865] : 0x00 (0) > [866] : 0x00 (0) > [867] : 0x00 (0) > [868] : 0x00 (0) > [869] : 0x00 (0) > [870] : 0x00 (0) > [871] : 0x00 (0) > [872] : 0x00 (0) > [873] : 0x00 (0) > [874] : 0x00 (0) > [875] : 0x00 (0) > [876] : 0x00 (0) > [877] : 0x00 (0) > [878] : 0x00 (0) > [879] : 0x00 (0) > [880] : 0x00 (0) > [881] : 0x00 (0) > [882] : 0x00 (0) > [883] : 0x00 (0) > [884] : 0x00 (0) > [885] : 0x00 (0) > [886] : 0x00 (0) > [887] : 0x00 (0) > [888] : 0x00 (0) > [889] : 0x00 (0) > [890] : 0x00 (0) > [891] : 0x00 (0) > [892] : 0x00 (0) > [893] : 0x00 (0) > [894] : 0x00 (0) > [895] : 0x00 (0) > [896] : 0x00 (0) > [897] : 0x00 (0) > [898] : 0x00 (0) > [899] : 0x00 (0) > [900] : 0x00 (0) > [901] : 0x00 (0) > [902] : 0x00 (0) > [903] : 0x00 (0) > [904] : 0x00 (0) > [905] : 0x00 (0) > [906] : 0x00 (0) > [907] : 0x00 (0) > [908] : 0x00 (0) > [909] : 0x00 (0) > [910] : 0x00 (0) > [911] : 0x00 (0) > [912] : 0x00 (0) > [913] : 0x00 (0) > [914] : 0x00 (0) > [915] : 0x00 (0) > [916] : 0x00 (0) > [917] : 0x00 (0) > [918] : 0x00 (0) > [919] : 0x00 (0) > [920] : 0x00 (0) > [921] : 0x00 (0) > [922] : 0x00 (0) > [923] : 0x00 (0) > [924] : 0x00 (0) > [925] : 0x00 (0) > [926] : 0x00 (0) > [927] : 0x00 (0) > [928] : 0x01 (1) > [929] : 0x00 (0) > [930] : 0x00 (0) > [931] : 0x00 (0) > [932] : 0x00 (0) > [933] : 0x00 (0) > [934] : 0x00 (0) > [935] : 0x00 (0) > [936] : 0x00 (0) > [937] : 0x00 (0) > [938] : 0x00 (0) > [939] : 0x00 (0) > [940] : 0x00 (0) > [941] : 0x00 (0) > [942] : 0x00 (0) > [943] : 0x00 (0) > [944] : 0x80 (128) > [945] : 0x00 (0) > [946] : 0x00 (0) > [947] : 0x00 (0) > [948] : 0x53 (83) > [949] : 0x4d (77) > [950] : 0x54 (84) > [951] : 0x4a (74) > [952] : 0x00 (0) > [953] : 0x00 (0) > [954] : 0x00 (0) > [955] : 0x00 (0) > [956] : 0x10 (16) > [957] : 0x00 (0) > [958] : 0x70 (112) > [959] : 0x00 (0) > [960] : 0x49 (73) > [961] : 0x00 (0) > [962] : 0x53 (83) > [963] : 0x00 (0) > [964] : 0x65 (101) > [965] : 0x00 (0) > [966] : 0x72 (114) > [967] : 0x00 (0) > [968] : 0x76 (118) > [969] : 0x00 (0) > [970] : 0x20 (32) > [971] : 0x00 (0) > [972] : 0x50 (80) > [973] : 0x00 (0) > [974] : 0x72 (114) > [975] : 0x00 (0) > [976] : 0x69 (105) > [977] : 0x00 (0) > [978] : 0x6e (110) > [979] : 0x00 (0) > [980] : 0x74 (116) > [981] : 0x00 (0) > [982] : 0x20 (32) > [983] : 0x00 (0) > [984] : 0x44 (68) > [985] : 0x00 (0) > [986] : 0x72 (114) > [987] : 0x00 (0) > [988] : 0x69 (105) > [989] : 0x00 (0) > [990] : 0x76 (118) > [991] : 0x00 (0) > [992] : 0x65 (101) > [993] : 0x00 (0) > [994] : 0x72 (114) > [995] : 0x00 (0) > [996] : 0x00 (0) > [997] : 0x00 (0) > [998] : 0x52 (82) > [999] : 0x65 (101) > [1000] : 0x73 (115) > [1001] : 0x6f (111) > [1002] : 0x6c (108) > [1003] : 0x75 (117) > [1004] : 0x74 (116) > [1005] : 0x69 (105) > [1006] : 0x6f (111) > [1007] : 0x6e (110) > [1008] : 0x00 (0) > [1009] : 0x36 (54) > [1010] : 0x30 (48) > [1011] : 0x30 (48) > [1012] : 0x64 (100) > [1013] : 0x70 (112) > [1014] : 0x69 (105) > [1015] : 0x00 (0) > [1016] : 0x50 (80) > [1017] : 0x61 (97) > [1018] : 0x67 (103) > [1019] : 0x65 (101) > [1020] : 0x53 (83) > [1021] : 0x69 (105) > [1022] : 0x7a (122) > [1023] : 0x65 (101) > [1024] : 0x00 (0) > [1025] : 0x41 (65) > [1026] : 0x34 (52) > [1027] : 0x00 (0) > [1028] : 0x50 (80) > [1029] : 0x61 (97) > [1030] : 0x67 (103) > [1031] : 0x65 (101) > [1032] : 0x52 (82) > [1033] : 0x65 (101) > [1034] : 0x67 (103) > [1035] : 0x69 (105) > [1036] : 0x6f (111) > [1037] : 0x6e (110) > [1038] : 0x00 (0) > [1039] : 0x00 (0) > [1040] : 0x00 (0) > [1041] : 0x00 (0) > [1042] : 0x00 (0) > [1043] : 0x00 (0) > [1044] : 0x00 (0) > [1045] : 0x00 (0) > [1046] : 0x00 (0) > [1047] : 0x00 (0) > [1048] : 0x00 (0) > [1049] : 0x00 (0) > [1050] : 0x00 (0) > [1051] : 0x00 (0) > [1052] : 0x00 (0) > [1053] : 0x00 (0) > [1054] : 0x00 (0) > [1055] : 0x00 (0) > [1056] : 0x00 (0) > [1057] : 0x00 (0) > [1058] : 0x00 (0) > [1059] : 0x00 (0) > [1060] : 0x00 (0) > [1061] : 0x00 (0) > [1062] : 0x00 (0) > [1063] : 0x00 (0) > [1064] : 0x00 (0) > [1065] : 0x00 (0) > [1066] : 0x00 (0) > [1067] : 0x00 (0) > [1068] : 0x00 (0) > [1069] : 0x00 (0) > [1070] : 0x00 (0) > [1071] : 0x00 (0) > size : * > size : 0x00000430 (1072) > length : * > length : 0x00000430 (1072) > result : WERR_OK >[2016/11/10 14:51:16.606866, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000014-0000-0000-2458-547b97470000 > enum_index : 0x00000012 (18) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x00000430 (1072) > length : * > length : 0x00000000 (0) >[2016/11/10 14:51:16.606945, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.606973, 8, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaaaä] >[2016/11/10 14:51:16.606985, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'ChangeID' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0xd3 (211) > [1] : 0x7e (126) > [2] : 0x04 (4) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2016/11/10 14:51:16.607095, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000014-0000-0000-2458-547b97470000 > value_name : * > value_name: struct winreg_String > name_len : 0x0020 (32) > name_size : 0x0020 (32) > name : * > name : 'Default DevMode' > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) >[2016/11/10 14:51:16.607165, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.607189, 7, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaaaä] >[2016/11/10 14:51:16.607199, 7, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2016/11/10 14:51:16.607212, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : NULL > data_size : * > data_size : 0x00000430 (1072) > data_length : * > data_length : 0x00000000 (0) > result : WERR_OK >[2016/11/10 14:51:16.607263, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000014-0000-0000-2458-547b97470000 > value_name : * > value_name: struct winreg_String > name_len : 0x0020 (32) > name_size : 0x0020 (32) > name : * > name : 'Default DevMode' > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(0) > data_size : * > data_size : 0x00000430 (1072) > data_length : * > data_length : 0x00000000 (0) >[2016/11/10 14:51:16.607332, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.607356, 7, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaaaä] >[2016/11/10 14:51:16.607365, 7, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2016/11/10 14:51:16.607378, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(1072) > [0] : 0x5c (92) > [1] : 0x00 (0) > [2] : 0x5c (92) > [3] : 0x00 (0) > [4] : 0x69 (105) > [5] : 0x00 (0) > [6] : 0x73 (115) > [7] : 0x00 (0) > [8] : 0x65 (101) > [9] : 0x00 (0) > [10] : 0x72 (114) > [11] : 0x00 (0) > [12] : 0x76 (118) > [13] : 0x00 (0) > [14] : 0x5c (92) > [15] : 0x00 (0) > [16] : 0x78 (120) > [17] : 0x00 (0) > [18] : 0x79 (121) > [19] : 0x00 (0) > [20] : 0x7a (122) > [21] : 0x00 (0) > [22] : 0x00 (0) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x00 (0) > [28] : 0x00 (0) > [29] : 0x00 (0) > [30] : 0x00 (0) > [31] : 0x00 (0) > [32] : 0x00 (0) > [33] : 0x00 (0) > [34] : 0x00 (0) > [35] : 0x00 (0) > [36] : 0x00 (0) > [37] : 0x00 (0) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x00 (0) > [44] : 0x00 (0) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x00 (0) > [49] : 0x00 (0) > [50] : 0x00 (0) > [51] : 0x00 (0) > [52] : 0x00 (0) > [53] : 0x00 (0) > [54] : 0x00 (0) > [55] : 0x00 (0) > [56] : 0x00 (0) > [57] : 0x00 (0) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x00 (0) > [62] : 0x00 (0) > [63] : 0x00 (0) > [64] : 0x01 (1) > [65] : 0x04 (4) > [66] : 0x00 (0) > [67] : 0x06 (6) > [68] : 0xdc (220) > [69] : 0x00 (0) > [70] : 0x54 (84) > [71] : 0x03 (3) > [72] : 0x53 (83) > [73] : 0xef (239) > [74] : 0x81 (129) > [75] : 0x01 (1) > [76] : 0x01 (1) > [77] : 0x00 (0) > [78] : 0x09 (9) > [79] : 0x00 (0) > [80] : 0xea (234) > [81] : 0x0a (10) > [82] : 0x6f (111) > [83] : 0x08 (8) > [84] : 0x64 (100) > [85] : 0x00 (0) > [86] : 0x01 (1) > [87] : 0x00 (0) > [88] : 0x0f (15) > [89] : 0x00 (0) > [90] : 0x58 (88) > [91] : 0x02 (2) > [92] : 0x02 (2) > [93] : 0x00 (0) > [94] : 0x01 (1) > [95] : 0x00 (0) > [96] : 0x58 (88) > [97] : 0x02 (2) > [98] : 0x03 (3) > [99] : 0x00 (0) > [100] : 0x01 (1) > [101] : 0x00 (0) > [102] : 0x41 (65) > [103] : 0x00 (0) > [104] : 0x34 (52) > [105] : 0x00 (0) > [106] : 0x00 (0) > [107] : 0x00 (0) > [108] : 0x00 (0) > [109] : 0x00 (0) > [110] : 0x00 (0) > [111] : 0x00 (0) > [112] : 0x00 (0) > [113] : 0x00 (0) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x00 (0) > [117] : 0x00 (0) > [118] : 0x00 (0) > [119] : 0x00 (0) > [120] : 0x00 (0) > [121] : 0x00 (0) > [122] : 0x00 (0) > [123] : 0x00 (0) > [124] : 0x00 (0) > [125] : 0x00 (0) > [126] : 0x00 (0) > [127] : 0x00 (0) > [128] : 0x00 (0) > [129] : 0x00 (0) > [130] : 0x00 (0) > [131] : 0x00 (0) > [132] : 0x00 (0) > [133] : 0x00 (0) > [134] : 0x00 (0) > [135] : 0x00 (0) > [136] : 0x00 (0) > [137] : 0x00 (0) > [138] : 0x00 (0) > [139] : 0x00 (0) > [140] : 0x00 (0) > [141] : 0x00 (0) > [142] : 0x00 (0) > [143] : 0x00 (0) > [144] : 0x00 (0) > [145] : 0x00 (0) > [146] : 0x00 (0) > [147] : 0x00 (0) > [148] : 0x00 (0) > [149] : 0x00 (0) > [150] : 0x00 (0) > [151] : 0x00 (0) > [152] : 0x00 (0) > [153] : 0x00 (0) > [154] : 0x00 (0) > [155] : 0x00 (0) > [156] : 0x00 (0) > [157] : 0x00 (0) > [158] : 0x00 (0) > [159] : 0x00 (0) > [160] : 0x00 (0) > [161] : 0x00 (0) > [162] : 0x00 (0) > [163] : 0x00 (0) > [164] : 0x00 (0) > [165] : 0x00 (0) > [166] : 0x00 (0) > [167] : 0x00 (0) > [168] : 0x00 (0) > [169] : 0x00 (0) > [170] : 0x00 (0) > [171] : 0x00 (0) > [172] : 0x00 (0) > [173] : 0x00 (0) > [174] : 0x00 (0) > [175] : 0x00 (0) > [176] : 0x00 (0) > [177] : 0x00 (0) > [178] : 0x00 (0) > [179] : 0x00 (0) > [180] : 0x01 (1) > [181] : 0x00 (0) > [182] : 0x00 (0) > [183] : 0x00 (0) > [184] : 0x00 (0) > [185] : 0x00 (0) > [186] : 0x00 (0) > [187] : 0x00 (0) > [188] : 0x01 (1) > [189] : 0x00 (0) > [190] : 0x00 (0) > [191] : 0x00 (0) > [192] : 0x02 (2) > [193] : 0x00 (0) > [194] : 0x00 (0) > [195] : 0x00 (0) > [196] : 0x01 (1) > [197] : 0x00 (0) > [198] : 0x00 (0) > [199] : 0x00 (0) > [200] : 0x00 (0) > [201] : 0x00 (0) > [202] : 0x00 (0) > [203] : 0x00 (0) > [204] : 0x00 (0) > [205] : 0x00 (0) > [206] : 0x00 (0) > [207] : 0x00 (0) > [208] : 0x00 (0) > [209] : 0x00 (0) > [210] : 0x00 (0) > [211] : 0x00 (0) > [212] : 0x00 (0) > [213] : 0x00 (0) > [214] : 0x00 (0) > [215] : 0x00 (0) > [216] : 0x00 (0) > [217] : 0x00 (0) > [218] : 0x00 (0) > [219] : 0x00 (0) > [220] : 0x50 (80) > [221] : 0x52 (82) > [222] : 0x49 (73) > [223] : 0x56 (86) > [224] : 0xe2 (226) > [225] : 0x30 (48) > [226] : 0x00 (0) > [227] : 0x00 (0) > [228] : 0x00 (0) > [229] : 0x00 (0) > [230] : 0x00 (0) > [231] : 0x00 (0) > [232] : 0x00 (0) > [233] : 0x00 (0) > [234] : 0x00 (0) > [235] : 0x00 (0) > [236] : 0x00 (0) > [237] : 0x00 (0) > [238] : 0x00 (0) > [239] : 0x00 (0) > [240] : 0x00 (0) > [241] : 0x00 (0) > [242] : 0x00 (0) > [243] : 0x00 (0) > [244] : 0x00 (0) > [245] : 0x00 (0) > [246] : 0x00 (0) > [247] : 0x00 (0) > [248] : 0x00 (0) > [249] : 0x00 (0) > [250] : 0x00 (0) > [251] : 0x00 (0) > [252] : 0x00 (0) > [253] : 0x00 (0) > [254] : 0x00 (0) > [255] : 0x00 (0) > [256] : 0x00 (0) > [257] : 0x00 (0) > [258] : 0x00 (0) > [259] : 0x00 (0) > [260] : 0x00 (0) > [261] : 0x00 (0) > [262] : 0x00 (0) > [263] : 0x00 (0) > [264] : 0x00 (0) > [265] : 0x00 (0) > [266] : 0x00 (0) > [267] : 0x00 (0) > [268] : 0x00 (0) > [269] : 0x00 (0) > [270] : 0x00 (0) > [271] : 0x00 (0) > [272] : 0x00 (0) > [273] : 0x00 (0) > [274] : 0x00 (0) > [275] : 0x00 (0) > [276] : 0x00 (0) > [277] : 0x00 (0) > [278] : 0x00 (0) > [279] : 0x00 (0) > [280] : 0x00 (0) > [281] : 0x00 (0) > [282] : 0x00 (0) > [283] : 0x00 (0) > [284] : 0x00 (0) > [285] : 0x00 (0) > [286] : 0x00 (0) > [287] : 0x00 (0) > [288] : 0x00 (0) > [289] : 0x00 (0) > [290] : 0x00 (0) > [291] : 0x00 (0) > [292] : 0x00 (0) > [293] : 0x00 (0) > [294] : 0x00 (0) > [295] : 0x00 (0) > [296] : 0x00 (0) > [297] : 0x00 (0) > [298] : 0x00 (0) > [299] : 0x00 (0) > [300] : 0x00 (0) > [301] : 0x00 (0) > [302] : 0x00 (0) > [303] : 0x00 (0) > [304] : 0x00 (0) > [305] : 0x00 (0) > [306] : 0x00 (0) > [307] : 0x00 (0) > [308] : 0x18 (24) > [309] : 0x00 (0) > [310] : 0x00 (0) > [311] : 0x00 (0) > [312] : 0x00 (0) > [313] : 0x00 (0) > [314] : 0x10 (16) > [315] : 0x27 (39) > [316] : 0x10 (16) > [317] : 0x27 (39) > [318] : 0x10 (16) > [319] : 0x27 (39) > [320] : 0x00 (0) > [321] : 0x00 (0) > [322] : 0x10 (16) > [323] : 0x27 (39) > [324] : 0x00 (0) > [325] : 0x00 (0) > [326] : 0x00 (0) > [327] : 0x00 (0) > [328] : 0x00 (0) > [329] : 0x00 (0) > [330] : 0x00 (0) > [331] : 0x00 (0) > [332] : 0x80 (128) > [333] : 0x00 (0) > [334] : 0x54 (84) > [335] : 0x03 (3) > [336] : 0x00 (0) > [337] : 0x00 (0) > [338] : 0x00 (0) > [339] : 0x00 (0) > [340] : 0x00 (0) > [341] : 0x00 (0) > [342] : 0x00 (0) > [343] : 0x00 (0) > [344] : 0x00 (0) > [345] : 0x00 (0) > [346] : 0x00 (0) > [347] : 0x00 (0) > [348] : 0x00 (0) > [349] : 0x00 (0) > [350] : 0x00 (0) > [351] : 0x00 (0) > [352] : 0x00 (0) > [353] : 0x00 (0) > [354] : 0x00 (0) > [355] : 0x00 (0) > [356] : 0x00 (0) > [357] : 0x00 (0) > [358] : 0x00 (0) > [359] : 0x00 (0) > [360] : 0x03 (3) > [361] : 0x00 (0) > [362] : 0x00 (0) > [363] : 0x00 (0) > [364] : 0x00 (0) > [365] : 0x00 (0) > [366] : 0x00 (0) > [367] : 0x00 (0) > [368] : 0x00 (0) > [369] : 0x00 (0) > [370] : 0x10 (16) > [371] : 0x00 (0) > [372] : 0x50 (80) > [373] : 0x34 (52) > [374] : 0x03 (3) > [375] : 0x00 (0) > [376] : 0x28 (40) > [377] : 0x88 (136) > [378] : 0x04 (4) > [379] : 0x00 (0) > [380] : 0x00 (0) > [381] : 0x00 (0) > [382] : 0x00 (0) > [383] : 0x00 (0) > [384] : 0x00 (0) > [385] : 0x00 (0) > [386] : 0x00 (0) > [387] : 0x00 (0) > [388] : 0x00 (0) > [389] : 0x00 (0) > [390] : 0x01 (1) > [391] : 0x00 (0) > [392] : 0x00 (0) > [393] : 0x00 (0) > [394] : 0x00 (0) > [395] : 0x00 (0) > [396] : 0x00 (0) > [397] : 0x00 (0) > [398] : 0x00 (0) > [399] : 0x00 (0) > [400] : 0x00 (0) > [401] : 0x00 (0) > [402] : 0x00 (0) > [403] : 0x00 (0) > [404] : 0x00 (0) > [405] : 0x00 (0) > [406] : 0x00 (0) > [407] : 0x00 (0) > [408] : 0x24 (36) > [409] : 0x01 (1) > [410] : 0xdf (223) > [411] : 0x8c (140) > [412] : 0x03 (3) > [413] : 0x00 (0) > [414] : 0x00 (0) > [415] : 0x00 (0) > [416] : 0x05 (5) > [417] : 0x00 (0) > [418] : 0x0b (11) > [419] : 0x00 (0) > [420] : 0xff (255) > [421] : 0x00 (0) > [422] : 0x00 (0) > [423] : 0x00 (0) > [424] : 0x00 (0) > [425] : 0x00 (0) > [426] : 0x00 (0) > [427] : 0x00 (0) > [428] : 0x00 (0) > [429] : 0x00 (0) > [430] : 0x00 (0) > [431] : 0x00 (0) > [432] : 0x00 (0) > [433] : 0x00 (0) > [434] : 0x00 (0) > [435] : 0x00 (0) > [436] : 0x00 (0) > [437] : 0x00 (0) > [438] : 0x00 (0) > [439] : 0x00 (0) > [440] : 0x00 (0) > [441] : 0x00 (0) > [442] : 0x00 (0) > [443] : 0x00 (0) > [444] : 0x00 (0) > [445] : 0x00 (0) > [446] : 0x00 (0) > [447] : 0x00 (0) > [448] : 0x00 (0) > [449] : 0x00 (0) > [450] : 0x00 (0) > [451] : 0x00 (0) > [452] : 0x00 (0) > [453] : 0x00 (0) > [454] : 0x00 (0) > [455] : 0x00 (0) > [456] : 0x00 (0) > [457] : 0x00 (0) > [458] : 0x00 (0) > [459] : 0x00 (0) > [460] : 0x00 (0) > [461] : 0x00 (0) > [462] : 0x00 (0) > [463] : 0x00 (0) > [464] : 0x00 (0) > [465] : 0x00 (0) > [466] : 0x00 (0) > [467] : 0x00 (0) > [468] : 0x00 (0) > [469] : 0x00 (0) > [470] : 0x00 (0) > [471] : 0x00 (0) > [472] : 0x00 (0) > [473] : 0x00 (0) > [474] : 0x00 (0) > [475] : 0x00 (0) > [476] : 0x00 (0) > [477] : 0x00 (0) > [478] : 0x00 (0) > [479] : 0x00 (0) > [480] : 0x00 (0) > [481] : 0x00 (0) > [482] : 0x00 (0) > [483] : 0x00 (0) > [484] : 0x00 (0) > [485] : 0x00 (0) > [486] : 0x00 (0) > [487] : 0x00 (0) > [488] : 0x00 (0) > [489] : 0x00 (0) > [490] : 0x00 (0) > [491] : 0x00 (0) > [492] : 0x00 (0) > [493] : 0x00 (0) > [494] : 0x00 (0) > [495] : 0x00 (0) > [496] : 0x00 (0) > [497] : 0x00 (0) > [498] : 0x00 (0) > [499] : 0x00 (0) > [500] : 0x00 (0) > [501] : 0x00 (0) > [502] : 0x00 (0) > [503] : 0x00 (0) > [504] : 0x00 (0) > [505] : 0x00 (0) > [506] : 0x00 (0) > [507] : 0x00 (0) > [508] : 0x00 (0) > [509] : 0x00 (0) > [510] : 0x00 (0) > [511] : 0x00 (0) > [512] : 0x00 (0) > [513] : 0x00 (0) > [514] : 0x00 (0) > [515] : 0x00 (0) > [516] : 0x00 (0) > [517] : 0x00 (0) > [518] : 0x00 (0) > [519] : 0x00 (0) > [520] : 0x00 (0) > [521] : 0x00 (0) > [522] : 0x00 (0) > [523] : 0x00 (0) > [524] : 0x00 (0) > [525] : 0x00 (0) > [526] : 0x00 (0) > [527] : 0x00 (0) > [528] : 0x00 (0) > [529] : 0x00 (0) > [530] : 0x00 (0) > [531] : 0x00 (0) > [532] : 0x00 (0) > [533] : 0x00 (0) > [534] : 0x00 (0) > [535] : 0x00 (0) > [536] : 0x00 (0) > [537] : 0x00 (0) > [538] : 0x00 (0) > [539] : 0x00 (0) > [540] : 0x00 (0) > [541] : 0x00 (0) > [542] : 0x00 (0) > [543] : 0x00 (0) > [544] : 0x00 (0) > [545] : 0x00 (0) > [546] : 0x00 (0) > [547] : 0x00 (0) > [548] : 0x00 (0) > [549] : 0x00 (0) > [550] : 0x00 (0) > [551] : 0x00 (0) > [552] : 0x00 (0) > [553] : 0x00 (0) > [554] : 0x00 (0) > [555] : 0x00 (0) > [556] : 0x00 (0) > [557] : 0x00 (0) > [558] : 0x00 (0) > [559] : 0x00 (0) > [560] : 0x00 (0) > [561] : 0x00 (0) > [562] : 0x00 (0) > [563] : 0x00 (0) > [564] : 0x00 (0) > [565] : 0x00 (0) > [566] : 0x00 (0) > [567] : 0x00 (0) > [568] : 0x00 (0) > [569] : 0x00 (0) > [570] : 0x00 (0) > [571] : 0x00 (0) > [572] : 0x00 (0) > [573] : 0x00 (0) > [574] : 0x00 (0) > [575] : 0x00 (0) > [576] : 0x00 (0) > [577] : 0x00 (0) > [578] : 0x00 (0) > [579] : 0x00 (0) > [580] : 0x00 (0) > [581] : 0x00 (0) > [582] : 0x00 (0) > [583] : 0x00 (0) > [584] : 0x00 (0) > [585] : 0x00 (0) > [586] : 0x00 (0) > [587] : 0x00 (0) > [588] : 0x00 (0) > [589] : 0x00 (0) > [590] : 0x00 (0) > [591] : 0x00 (0) > [592] : 0x00 (0) > [593] : 0x00 (0) > [594] : 0x00 (0) > [595] : 0x00 (0) > [596] : 0x00 (0) > [597] : 0x00 (0) > [598] : 0x00 (0) > [599] : 0x00 (0) > [600] : 0x00 (0) > [601] : 0x00 (0) > [602] : 0x00 (0) > [603] : 0x00 (0) > [604] : 0x00 (0) > [605] : 0x00 (0) > [606] : 0x00 (0) > [607] : 0x00 (0) > [608] : 0x00 (0) > [609] : 0x00 (0) > [610] : 0x00 (0) > [611] : 0x00 (0) > [612] : 0x00 (0) > [613] : 0x00 (0) > [614] : 0x00 (0) > [615] : 0x00 (0) > [616] : 0x00 (0) > [617] : 0x00 (0) > [618] : 0x00 (0) > [619] : 0x00 (0) > [620] : 0x00 (0) > [621] : 0x00 (0) > [622] : 0x00 (0) > [623] : 0x00 (0) > [624] : 0x00 (0) > [625] : 0x00 (0) > [626] : 0x00 (0) > [627] : 0x00 (0) > [628] : 0x00 (0) > [629] : 0x00 (0) > [630] : 0x00 (0) > [631] : 0x00 (0) > [632] : 0x00 (0) > [633] : 0x00 (0) > [634] : 0x00 (0) > [635] : 0x00 (0) > [636] : 0x00 (0) > [637] : 0x00 (0) > [638] : 0x00 (0) > [639] : 0x00 (0) > [640] : 0x00 (0) > [641] : 0x00 (0) > [642] : 0x00 (0) > [643] : 0x00 (0) > [644] : 0x00 (0) > [645] : 0x00 (0) > [646] : 0x00 (0) > [647] : 0x00 (0) > [648] : 0x00 (0) > [649] : 0x00 (0) > [650] : 0x00 (0) > [651] : 0x00 (0) > [652] : 0x00 (0) > [653] : 0x00 (0) > [654] : 0x00 (0) > [655] : 0x00 (0) > [656] : 0x00 (0) > [657] : 0x00 (0) > [658] : 0x00 (0) > [659] : 0x00 (0) > [660] : 0x00 (0) > [661] : 0x00 (0) > [662] : 0x00 (0) > [663] : 0x00 (0) > [664] : 0x00 (0) > [665] : 0x00 (0) > [666] : 0x00 (0) > [667] : 0x00 (0) > [668] : 0x00 (0) > [669] : 0x00 (0) > [670] : 0x00 (0) > [671] : 0x00 (0) > [672] : 0x00 (0) > [673] : 0x00 (0) > [674] : 0x00 (0) > [675] : 0x00 (0) > [676] : 0x00 (0) > [677] : 0x00 (0) > [678] : 0x00 (0) > [679] : 0x00 (0) > [680] : 0x00 (0) > [681] : 0x00 (0) > [682] : 0x00 (0) > [683] : 0x00 (0) > [684] : 0x00 (0) > [685] : 0x00 (0) > [686] : 0x00 (0) > [687] : 0x00 (0) > [688] : 0x00 (0) > [689] : 0x00 (0) > [690] : 0x00 (0) > [691] : 0x00 (0) > [692] : 0x00 (0) > [693] : 0x00 (0) > [694] : 0x00 (0) > [695] : 0x00 (0) > [696] : 0x00 (0) > [697] : 0x00 (0) > [698] : 0x00 (0) > [699] : 0x00 (0) > [700] : 0x00 (0) > [701] : 0x00 (0) > [702] : 0x00 (0) > [703] : 0x00 (0) > [704] : 0x00 (0) > [705] : 0x00 (0) > [706] : 0x00 (0) > [707] : 0x00 (0) > [708] : 0x00 (0) > [709] : 0x00 (0) > [710] : 0x00 (0) > [711] : 0x00 (0) > [712] : 0x00 (0) > [713] : 0x00 (0) > [714] : 0x00 (0) > [715] : 0x00 (0) > [716] : 0x00 (0) > [717] : 0x00 (0) > [718] : 0x00 (0) > [719] : 0x00 (0) > [720] : 0x00 (0) > [721] : 0x00 (0) > [722] : 0x00 (0) > [723] : 0x00 (0) > [724] : 0x00 (0) > [725] : 0x00 (0) > [726] : 0x00 (0) > [727] : 0x00 (0) > [728] : 0x00 (0) > [729] : 0x00 (0) > [730] : 0x00 (0) > [731] : 0x00 (0) > [732] : 0x00 (0) > [733] : 0x00 (0) > [734] : 0x00 (0) > [735] : 0x00 (0) > [736] : 0x00 (0) > [737] : 0x00 (0) > [738] : 0x00 (0) > [739] : 0x00 (0) > [740] : 0x00 (0) > [741] : 0x00 (0) > [742] : 0x00 (0) > [743] : 0x00 (0) > [744] : 0x00 (0) > [745] : 0x00 (0) > [746] : 0x00 (0) > [747] : 0x00 (0) > [748] : 0x00 (0) > [749] : 0x00 (0) > [750] : 0x00 (0) > [751] : 0x00 (0) > [752] : 0x00 (0) > [753] : 0x00 (0) > [754] : 0x00 (0) > [755] : 0x00 (0) > [756] : 0x00 (0) > [757] : 0x00 (0) > [758] : 0x00 (0) > [759] : 0x00 (0) > [760] : 0x00 (0) > [761] : 0x00 (0) > [762] : 0x00 (0) > [763] : 0x00 (0) > [764] : 0x00 (0) > [765] : 0x00 (0) > [766] : 0x00 (0) > [767] : 0x00 (0) > [768] : 0x00 (0) > [769] : 0x00 (0) > [770] : 0x00 (0) > [771] : 0x00 (0) > [772] : 0x00 (0) > [773] : 0x00 (0) > [774] : 0x00 (0) > [775] : 0x00 (0) > [776] : 0x00 (0) > [777] : 0x00 (0) > [778] : 0x00 (0) > [779] : 0x00 (0) > [780] : 0x00 (0) > [781] : 0x00 (0) > [782] : 0x00 (0) > [783] : 0x00 (0) > [784] : 0x00 (0) > [785] : 0x00 (0) > [786] : 0x00 (0) > [787] : 0x00 (0) > [788] : 0x00 (0) > [789] : 0x00 (0) > [790] : 0x00 (0) > [791] : 0x00 (0) > [792] : 0x00 (0) > [793] : 0x00 (0) > [794] : 0x00 (0) > [795] : 0x00 (0) > [796] : 0x00 (0) > [797] : 0x00 (0) > [798] : 0x00 (0) > [799] : 0x00 (0) > [800] : 0x00 (0) > [801] : 0x00 (0) > [802] : 0x00 (0) > [803] : 0x00 (0) > [804] : 0x00 (0) > [805] : 0x00 (0) > [806] : 0x00 (0) > [807] : 0x00 (0) > [808] : 0x00 (0) > [809] : 0x00 (0) > [810] : 0x00 (0) > [811] : 0x00 (0) > [812] : 0x00 (0) > [813] : 0x00 (0) > [814] : 0x00 (0) > [815] : 0x00 (0) > [816] : 0x00 (0) > [817] : 0x00 (0) > [818] : 0x00 (0) > [819] : 0x00 (0) > [820] : 0x00 (0) > [821] : 0x00 (0) > [822] : 0x00 (0) > [823] : 0x00 (0) > [824] : 0x00 (0) > [825] : 0x00 (0) > [826] : 0x00 (0) > [827] : 0x00 (0) > [828] : 0x00 (0) > [829] : 0x00 (0) > [830] : 0x00 (0) > [831] : 0x00 (0) > [832] : 0x00 (0) > [833] : 0x00 (0) > [834] : 0x00 (0) > [835] : 0x00 (0) > [836] : 0x00 (0) > [837] : 0x00 (0) > [838] : 0x00 (0) > [839] : 0x00 (0) > [840] : 0x00 (0) > [841] : 0x00 (0) > [842] : 0x00 (0) > [843] : 0x00 (0) > [844] : 0x00 (0) > [845] : 0x00 (0) > [846] : 0x00 (0) > [847] : 0x00 (0) > [848] : 0x00 (0) > [849] : 0x00 (0) > [850] : 0x00 (0) > [851] : 0x00 (0) > [852] : 0x00 (0) > [853] : 0x00 (0) > [854] : 0x00 (0) > [855] : 0x00 (0) > [856] : 0x00 (0) > [857] : 0x00 (0) > [858] : 0x00 (0) > [859] : 0x00 (0) > [860] : 0x00 (0) > [861] : 0x00 (0) > [862] : 0x00 (0) > [863] : 0x00 (0) > [864] : 0x00 (0) > [865] : 0x00 (0) > [866] : 0x00 (0) > [867] : 0x00 (0) > [868] : 0x00 (0) > [869] : 0x00 (0) > [870] : 0x00 (0) > [871] : 0x00 (0) > [872] : 0x00 (0) > [873] : 0x00 (0) > [874] : 0x00 (0) > [875] : 0x00 (0) > [876] : 0x00 (0) > [877] : 0x00 (0) > [878] : 0x00 (0) > [879] : 0x00 (0) > [880] : 0x00 (0) > [881] : 0x00 (0) > [882] : 0x00 (0) > [883] : 0x00 (0) > [884] : 0x00 (0) > [885] : 0x00 (0) > [886] : 0x00 (0) > [887] : 0x00 (0) > [888] : 0x00 (0) > [889] : 0x00 (0) > [890] : 0x00 (0) > [891] : 0x00 (0) > [892] : 0x00 (0) > [893] : 0x00 (0) > [894] : 0x00 (0) > [895] : 0x00 (0) > [896] : 0x00 (0) > [897] : 0x00 (0) > [898] : 0x00 (0) > [899] : 0x00 (0) > [900] : 0x00 (0) > [901] : 0x00 (0) > [902] : 0x00 (0) > [903] : 0x00 (0) > [904] : 0x00 (0) > [905] : 0x00 (0) > [906] : 0x00 (0) > [907] : 0x00 (0) > [908] : 0x00 (0) > [909] : 0x00 (0) > [910] : 0x00 (0) > [911] : 0x00 (0) > [912] : 0x00 (0) > [913] : 0x00 (0) > [914] : 0x00 (0) > [915] : 0x00 (0) > [916] : 0x00 (0) > [917] : 0x00 (0) > [918] : 0x00 (0) > [919] : 0x00 (0) > [920] : 0x00 (0) > [921] : 0x00 (0) > [922] : 0x00 (0) > [923] : 0x00 (0) > [924] : 0x00 (0) > [925] : 0x00 (0) > [926] : 0x00 (0) > [927] : 0x00 (0) > [928] : 0x01 (1) > [929] : 0x00 (0) > [930] : 0x00 (0) > [931] : 0x00 (0) > [932] : 0x00 (0) > [933] : 0x00 (0) > [934] : 0x00 (0) > [935] : 0x00 (0) > [936] : 0x00 (0) > [937] : 0x00 (0) > [938] : 0x00 (0) > [939] : 0x00 (0) > [940] : 0x00 (0) > [941] : 0x00 (0) > [942] : 0x00 (0) > [943] : 0x00 (0) > [944] : 0x80 (128) > [945] : 0x00 (0) > [946] : 0x00 (0) > [947] : 0x00 (0) > [948] : 0x53 (83) > [949] : 0x4d (77) > [950] : 0x54 (84) > [951] : 0x4a (74) > [952] : 0x00 (0) > [953] : 0x00 (0) > [954] : 0x00 (0) > [955] : 0x00 (0) > [956] : 0x10 (16) > [957] : 0x00 (0) > [958] : 0x70 (112) > [959] : 0x00 (0) > [960] : 0x49 (73) > [961] : 0x00 (0) > [962] : 0x53 (83) > [963] : 0x00 (0) > [964] : 0x65 (101) > [965] : 0x00 (0) > [966] : 0x72 (114) > [967] : 0x00 (0) > [968] : 0x76 (118) > [969] : 0x00 (0) > [970] : 0x20 (32) > [971] : 0x00 (0) > [972] : 0x50 (80) > [973] : 0x00 (0) > [974] : 0x72 (114) > [975] : 0x00 (0) > [976] : 0x69 (105) > [977] : 0x00 (0) > [978] : 0x6e (110) > [979] : 0x00 (0) > [980] : 0x74 (116) > [981] : 0x00 (0) > [982] : 0x20 (32) > [983] : 0x00 (0) > [984] : 0x44 (68) > [985] : 0x00 (0) > [986] : 0x72 (114) > [987] : 0x00 (0) > [988] : 0x69 (105) > [989] : 0x00 (0) > [990] : 0x76 (118) > [991] : 0x00 (0) > [992] : 0x65 (101) > [993] : 0x00 (0) > [994] : 0x72 (114) > [995] : 0x00 (0) > [996] : 0x00 (0) > [997] : 0x00 (0) > [998] : 0x52 (82) > [999] : 0x65 (101) > [1000] : 0x73 (115) > [1001] : 0x6f (111) > [1002] : 0x6c (108) > [1003] : 0x75 (117) > [1004] : 0x74 (116) > [1005] : 0x69 (105) > [1006] : 0x6f (111) > [1007] : 0x6e (110) > [1008] : 0x00 (0) > [1009] : 0x36 (54) > [1010] : 0x30 (48) > [1011] : 0x30 (48) > [1012] : 0x64 (100) > [1013] : 0x70 (112) > [1014] : 0x69 (105) > [1015] : 0x00 (0) > [1016] : 0x50 (80) > [1017] : 0x61 (97) > [1018] : 0x67 (103) > [1019] : 0x65 (101) > [1020] : 0x53 (83) > [1021] : 0x69 (105) > [1022] : 0x7a (122) > [1023] : 0x65 (101) > [1024] : 0x00 (0) > [1025] : 0x41 (65) > [1026] : 0x34 (52) > [1027] : 0x00 (0) > [1028] : 0x50 (80) > [1029] : 0x61 (97) > [1030] : 0x67 (103) > [1031] : 0x65 (101) > [1032] : 0x52 (82) > [1033] : 0x65 (101) > [1034] : 0x67 (103) > [1035] : 0x69 (105) > [1036] : 0x6f (111) > [1037] : 0x6e (110) > [1038] : 0x00 (0) > [1039] : 0x00 (0) > [1040] : 0x00 (0) > [1041] : 0x00 (0) > [1042] : 0x00 (0) > [1043] : 0x00 (0) > [1044] : 0x00 (0) > [1045] : 0x00 (0) > [1046] : 0x00 (0) > [1047] : 0x00 (0) > [1048] : 0x00 (0) > [1049] : 0x00 (0) > [1050] : 0x00 (0) > [1051] : 0x00 (0) > [1052] : 0x00 (0) > [1053] : 0x00 (0) > [1054] : 0x00 (0) > [1055] : 0x00 (0) > [1056] : 0x00 (0) > [1057] : 0x00 (0) > [1058] : 0x00 (0) > [1059] : 0x00 (0) > [1060] : 0x00 (0) > [1061] : 0x00 (0) > [1062] : 0x00 (0) > [1063] : 0x00 (0) > [1064] : 0x00 (0) > [1065] : 0x00 (0) > [1066] : 0x00 (0) > [1067] : 0x00 (0) > [1068] : 0x00 (0) > [1069] : 0x00 (0) > [1070] : 0x00 (0) > [1071] : 0x00 (0) > data_size : * > data_size : 0x00000430 (1072) > data_length : * > data_length : 0x00000430 (1072) > result : WERR_OK >[2016/11/10 14:51:16.611089, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2016/11/10 14:51:16.611142, 7, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2016/11/10 14:51:16.611153, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (2->3) >[2016/11/10 14:51:16.611165, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2016/11/10 14:51:16.611175, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2016/11/10 14:51:16.611185, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/11/10 14:51:16.611194, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xf7331040 for key [\HKLM] >[2016/11/10 14:51:16.611224, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.611250, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000015-0000-0000-2458-547b97470000 > result : WERR_OK >[2016/11/10 14:51:16.611291, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000015-0000-0000-2458-547b97470000 > keyname: struct winreg_String > name_len : 0x00aa (170) > name_size : 0x00aa (170) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaaaä' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2016/11/10 14:51:16.611381, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.611406, 7, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2016/11/10 14:51:16.611419, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (3->4) >[2016/11/10 14:51:16.611429, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2016/11/10 14:51:16.611439, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2016/11/10 14:51:16.611449, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/11/10 14:51:16.611458, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE] >[2016/11/10 14:51:16.611488, 7, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2016/11/10 14:51:16.611500, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (4->5) >[2016/11/10 14:51:16.611510, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2016/11/10 14:51:16.611519, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2016/11/10 14:51:16.611530, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/11/10 14:51:16.611539, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft] >[2016/11/10 14:51:16.611559, 7, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2016/11/10 14:51:16.611569, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (5->6) >[2016/11/10 14:51:16.611579, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/11/10 14:51:16.611588, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/11/10 14:51:16.611599, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/11/10 14:51:16.611608, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/11/10 14:51:16.611626, 7, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2016/11/10 14:51:16.611636, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (6->7) >[2016/11/10 14:51:16.611646, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/11/10 14:51:16.611655, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/11/10 14:51:16.611676, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/11/10 14:51:16.611688, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xf76f87c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/11/10 14:51:16.611714, 7, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2016/11/10 14:51:16.611724, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (7->8) >[2016/11/10 14:51:16.611734, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/11/10 14:51:16.611744, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/11/10 14:51:16.611756, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/11/10 14:51:16.611765, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xf76f87c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/11/10 14:51:16.611783, 7, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2016/11/10 14:51:16.611793, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (8->9) >[2016/11/10 14:51:16.611803, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/11/10 14:51:16.611812, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/11/10 14:51:16.611824, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/11/10 14:51:16.611833, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/11/10 14:51:16.611878, 7, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [aaaaaaaaaaaaaaaaaaaaaaaä] >[2016/11/10 14:51:16.611891, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (9->10) >[2016/11/10 14:51:16.611903, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaaaä] >[2016/11/10 14:51:16.611913, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaaaä] >[2016/11/10 14:51:16.611925, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/11/10 14:51:16.611934, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaaaä] >[2016/11/10 14:51:16.611963, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (10->9) >[2016/11/10 14:51:16.611977, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (9->8) >[2016/11/10 14:51:16.611989, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (8->7) >[2016/11/10 14:51:16.611998, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (7->6) >[2016/11/10 14:51:16.612008, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (6->5) >[2016/11/10 14:51:16.612017, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (5->4) >[2016/11/10 14:51:16.612028, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) > Opened policy hnd[4] [0000] 00 00 00 00 16 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.612052, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000016-0000-0000-2458-547b97470000 > result : WERR_OK >[2016/11/10 14:51:16.612110, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000016-0000-0000-2458-547b97470000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) >[2016/11/10 14:51:16.612183, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 16 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.612208, 7, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaaaä] >[2016/11/10 14:51:16.612218, 7, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2016/11/10 14:51:16.612227, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaaaä' (ops 0xf7331040) >[2016/11/10 14:51:16.612240, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaaaä] >[2016/11/10 14:51:16.612261, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Attributes] len[4] >[2016/11/10 14:51:16.612273, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[1]: name[Datatype] len[8] >[2016/11/10 14:51:16.612283, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[2]: name[Default Priority] len[4] >[2016/11/10 14:51:16.612293, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[3]: name[Port] len[38] >[2016/11/10 14:51:16.612303, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[4]: name[Name] len[50] >[2016/11/10 14:51:16.612313, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[5]: name[Print Processor] len[18] >[2016/11/10 14:51:16.612323, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[6]: name[Priority] len[4] >[2016/11/10 14:51:16.612333, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[7]: name[Security] len[248] >[2016/11/10 14:51:16.612343, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[8]: name[Share Name] len[50] >[2016/11/10 14:51:16.612356, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[9]: name[StartTime] len[4] >[2016/11/10 14:51:16.612370, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[10]: name[UntilTime] len[4] >[2016/11/10 14:51:16.612380, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[11]: name[Description] len[60] >[2016/11/10 14:51:16.612391, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[12]: name[Printer Driver] len[38] >[2016/11/10 14:51:16.612401, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[13]: name[Location] len[2] >[2016/11/10 14:51:16.612412, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[14]: name[Parameters] len[2] >[2016/11/10 14:51:16.612422, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[15]: name[Separator File] len[2] >[2016/11/10 14:51:16.612432, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[16]: name[Status] len[4] >[2016/11/10 14:51:16.612447, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[17]: name[Default DevMode] len[1072] >[2016/11/10 14:51:16.612458, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[18]: name[ChangeID] len[4] >[2016/11/10 14:51:16.612469, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : NULL > data_size : * > data_size : 0x000000f8 (248) > data_length : * > data_length : 0x00000000 (0) > result : WERR_OK >[2016/11/10 14:51:16.612519, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000016-0000-0000-2458-547b97470000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(0) > data_size : * > data_size : 0x000000f8 (248) > data_length : * > data_length : 0x00000000 (0) >[2016/11/10 14:51:16.612590, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 16 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.612614, 7, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaaaä] >[2016/11/10 14:51:16.612623, 7, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2016/11/10 14:51:16.612635, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(248) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x14 (20) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x24 (36) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x34 (52) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x01 (1) > [21] : 0x02 (2) > [22] : 0x00 (0) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x05 (5) > [28] : 0x20 (32) > [29] : 0x00 (0) > [30] : 0x00 (0) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x02 (2) > [34] : 0x00 (0) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x02 (2) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x05 (5) > [44] : 0x20 (32) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x20 (32) > [49] : 0x02 (2) > [50] : 0x00 (0) > [51] : 0x00 (0) > [52] : 0x02 (2) > [53] : 0x00 (0) > [54] : 0xc4 (196) > [55] : 0x00 (0) > [56] : 0x07 (7) > [57] : 0x00 (0) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x02 (2) > [62] : 0x14 (20) > [63] : 0x00 (0) > [64] : 0x08 (8) > [65] : 0x00 (0) > [66] : 0x02 (2) > [67] : 0x20 (32) > [68] : 0x01 (1) > [69] : 0x01 (1) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x00 (0) > [75] : 0x01 (1) > [76] : 0x00 (0) > [77] : 0x00 (0) > [78] : 0x00 (0) > [79] : 0x00 (0) > [80] : 0x00 (0) > [81] : 0x09 (9) > [82] : 0x24 (36) > [83] : 0x00 (0) > [84] : 0x0c (12) > [85] : 0x00 (0) > [86] : 0x0f (15) > [87] : 0x10 (16) > [88] : 0x01 (1) > [89] : 0x05 (5) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x00 (0) > [93] : 0x00 (0) > [94] : 0x00 (0) > [95] : 0x05 (5) > [96] : 0x15 (21) > [97] : 0x00 (0) > [98] : 0x00 (0) > [99] : 0x00 (0) > [100] : 0xae (174) > [101] : 0x66 (102) > [102] : 0x85 (133) > [103] : 0x50 (80) > [104] : 0xdc (220) > [105] : 0x80 (128) > [106] : 0xb5 (181) > [107] : 0x88 (136) > [108] : 0x63 (99) > [109] : 0xbb (187) > [110] : 0x04 (4) > [111] : 0x8c (140) > [112] : 0x00 (0) > [113] : 0x02 (2) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x00 (0) > [117] : 0x02 (2) > [118] : 0x24 (36) > [119] : 0x00 (0) > [120] : 0x0c (12) > [121] : 0x00 (0) > [122] : 0x0f (15) > [123] : 0x10 (16) > [124] : 0x01 (1) > [125] : 0x05 (5) > [126] : 0x00 (0) > [127] : 0x00 (0) > [128] : 0x00 (0) > [129] : 0x00 (0) > [130] : 0x00 (0) > [131] : 0x05 (5) > [132] : 0x15 (21) > [133] : 0x00 (0) > [134] : 0x00 (0) > [135] : 0x00 (0) > [136] : 0xae (174) > [137] : 0x66 (102) > [138] : 0x85 (133) > [139] : 0x50 (80) > [140] : 0xdc (220) > [141] : 0x80 (128) > [142] : 0xb5 (181) > [143] : 0x88 (136) > [144] : 0x63 (99) > [145] : 0xbb (187) > [146] : 0x04 (4) > [147] : 0x8c (140) > [148] : 0x00 (0) > [149] : 0x02 (2) > [150] : 0x00 (0) > [151] : 0x00 (0) > [152] : 0x00 (0) > [153] : 0x09 (9) > [154] : 0x18 (24) > [155] : 0x00 (0) > [156] : 0x0c (12) > [157] : 0x00 (0) > [158] : 0x0f (15) > [159] : 0x10 (16) > [160] : 0x01 (1) > [161] : 0x02 (2) > [162] : 0x00 (0) > [163] : 0x00 (0) > [164] : 0x00 (0) > [165] : 0x00 (0) > [166] : 0x00 (0) > [167] : 0x05 (5) > [168] : 0x20 (32) > [169] : 0x00 (0) > [170] : 0x00 (0) > [171] : 0x00 (0) > [172] : 0x20 (32) > [173] : 0x02 (2) > [174] : 0x00 (0) > [175] : 0x00 (0) > [176] : 0x00 (0) > [177] : 0x02 (2) > [178] : 0x18 (24) > [179] : 0x00 (0) > [180] : 0x0c (12) > [181] : 0x00 (0) > [182] : 0x0f (15) > [183] : 0x10 (16) > [184] : 0x01 (1) > [185] : 0x02 (2) > [186] : 0x00 (0) > [187] : 0x00 (0) > [188] : 0x00 (0) > [189] : 0x00 (0) > [190] : 0x00 (0) > [191] : 0x05 (5) > [192] : 0x20 (32) > [193] : 0x00 (0) > [194] : 0x00 (0) > [195] : 0x00 (0) > [196] : 0x20 (32) > [197] : 0x02 (2) > [198] : 0x00 (0) > [199] : 0x00 (0) > [200] : 0x00 (0) > [201] : 0x09 (9) > [202] : 0x18 (24) > [203] : 0x00 (0) > [204] : 0x0c (12) > [205] : 0x00 (0) > [206] : 0x0f (15) > [207] : 0x10 (16) > [208] : 0x01 (1) > [209] : 0x02 (2) > [210] : 0x00 (0) > [211] : 0x00 (0) > [212] : 0x00 (0) > [213] : 0x00 (0) > [214] : 0x00 (0) > [215] : 0x05 (5) > [216] : 0x20 (32) > [217] : 0x00 (0) > [218] : 0x00 (0) > [219] : 0x00 (0) > [220] : 0x26 (38) > [221] : 0x02 (2) > [222] : 0x00 (0) > [223] : 0x00 (0) > [224] : 0x00 (0) > [225] : 0x02 (2) > [226] : 0x18 (24) > [227] : 0x00 (0) > [228] : 0x0c (12) > [229] : 0x00 (0) > [230] : 0x0f (15) > [231] : 0x10 (16) > [232] : 0x01 (1) > [233] : 0x02 (2) > [234] : 0x00 (0) > [235] : 0x00 (0) > [236] : 0x00 (0) > [237] : 0x00 (0) > [238] : 0x00 (0) > [239] : 0x05 (5) > [240] : 0x20 (32) > [241] : 0x00 (0) > [242] : 0x00 (0) > [243] : 0x00 (0) > [244] : 0x26 (38) > [245] : 0x02 (2) > [246] : 0x00 (0) > [247] : 0x00 (0) > data_size : * > data_size : 0x000000f8 (248) > data_length : * > data_length : 0x000000f8 (248) > result : WERR_OK >[2016/11/10 14:51:16.613576, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000016-0000-0000-2458-547b97470000 >[2016/11/10 14:51:16.613607, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 16 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.613632, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 16 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.613654, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) > Closed policy >[2016/11/10 14:51:16.613666, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (4->3) >[2016/11/10 14:51:16.613676, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2016/11/10 14:51:16.613719, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000015-0000-0000-2458-547b97470000 >[2016/11/10 14:51:16.613750, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.613774, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.613796, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) > Closed policy >[2016/11/10 14:51:16.613806, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (3->2) >[2016/11/10 14:51:16.613816, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2016/11/10 14:51:16.613852, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000014-0000-0000-2458-547b97470000 >[2016/11/10 14:51:16.613878, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.613901, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.613924, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) > Closed policy >[2016/11/10 14:51:16.613935, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (2->1) >[2016/11/10 14:51:16.613947, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2016/11/10 14:51:16.613985, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000013-0000-0000-2458-547b97470000 >[2016/11/10 14:51:16.614022, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.614061, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.614085, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) > Closed policy >[2016/11/10 14:51:16.614095, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (1->0) >[2016/11/10 14:51:16.614170, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2016/11/10 14:51:16.614226, 10, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:418(close_policy_by_pipe) > Deleted handle list for RPC connection winreg > printername: aaaaaaaaaaaaaaaaaaaaaaaä >[2016/11/10 14:51:16.614268, 4, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) > Create pipe requested winreg >[2016/11/10 14:51:16.614285, 10, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:223(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe winreg >[2016/11/10 14:51:16.614298, 10, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:240(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg >[2016/11/10 14:51:16.614333, 4, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) > Created internal pipe winreg >[2016/11/10 14:51:16.614359, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2016/11/10 14:51:16.614415, 7, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2016/11/10 14:51:16.614433, 4, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2016/11/10 14:51:16.614446, 4, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:491(push_conn_ctx) > push_conn_ctx(52826) : conn_ctx_stack_ndx = 0 >[2016/11/10 14:51:16.614456, 4, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2016/11/10 14:51:16.614466, 5, pid=18327, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2016/11/10 14:51:16.614476, 5, pid=18327, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2016/11/10 14:51:16.614545, 4, pid=18327, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2016/11/10 14:51:16.614556, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:885(regdb_open) > regdb_open: registry db opened. refcount reset (1) >[2016/11/10 14:51:16.614567, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2016/11/10 14:51:16.614577, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2016/11/10 14:51:16.614587, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/11/10 14:51:16.614598, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xf7331040 for key [\HKLM] >[2016/11/10 14:51:16.614633, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 17 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.614658, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000017-0000-0000-2458-547b97470000 > result : WERR_OK >[2016/11/10 14:51:16.614703, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000017-0000-0000-2458-547b97470000 > keyname: struct winreg_String > name_len : 0x00a0 (160) > name_size : 0x00a0 (160) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_HL-L8250CDN' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2016/11/10 14:51:16.614793, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 17 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.614824, 7, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2016/11/10 14:51:16.614836, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (1->2) >[2016/11/10 14:51:16.614850, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2016/11/10 14:51:16.614860, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2016/11/10 14:51:16.614870, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/11/10 14:51:16.614879, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE] >[2016/11/10 14:51:16.614903, 7, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2016/11/10 14:51:16.614913, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (2->3) >[2016/11/10 14:51:16.614923, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2016/11/10 14:51:16.614932, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2016/11/10 14:51:16.614943, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/11/10 14:51:16.614952, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft] >[2016/11/10 14:51:16.614974, 7, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2016/11/10 14:51:16.614984, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (3->4) >[2016/11/10 14:51:16.614994, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/11/10 14:51:16.615003, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/11/10 14:51:16.615014, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/11/10 14:51:16.615023, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/11/10 14:51:16.615040, 7, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2016/11/10 14:51:16.615050, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (4->5) >[2016/11/10 14:51:16.615060, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/11/10 14:51:16.615069, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/11/10 14:51:16.615081, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/11/10 14:51:16.615089, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xf76f87c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/11/10 14:51:16.615115, 7, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2016/11/10 14:51:16.615125, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (5->6) >[2016/11/10 14:51:16.615135, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/11/10 14:51:16.615145, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/11/10 14:51:16.615156, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/11/10 14:51:16.615165, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xf76f87c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/11/10 14:51:16.615182, 7, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2016/11/10 14:51:16.615192, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (6->7) >[2016/11/10 14:51:16.615202, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/11/10 14:51:16.615212, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/11/10 14:51:16.615224, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/11/10 14:51:16.615232, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/11/10 14:51:16.615277, 7, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Brother_HL-L8250CDN] >[2016/11/10 14:51:16.615287, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (7->8) >[2016/11/10 14:51:16.615302, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_HL-L8250CDN] >[2016/11/10 14:51:16.615314, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_HL-L8250CDN] >[2016/11/10 14:51:16.615327, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/11/10 14:51:16.615336, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_HL-L8250CDN] >[2016/11/10 14:51:16.615361, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (8->7) >[2016/11/10 14:51:16.615375, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (7->6) >[2016/11/10 14:51:16.615388, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (6->5) >[2016/11/10 14:51:16.615400, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (5->4) >[2016/11/10 14:51:16.615409, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (4->3) >[2016/11/10 14:51:16.615419, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (3->2) >[2016/11/10 14:51:16.615429, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.615454, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000018-0000-0000-2458-547b97470000 > result : WERR_OK >[2016/11/10 14:51:16.615497, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > in: struct winreg_QueryInfoKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000018-0000-0000-2458-547b97470000 > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL >[2016/11/10 14:51:16.615549, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.615576, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_HL-L8250CDN' (ops 0xf7331040) >[2016/11/10 14:51:16.615586, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_HL-L8250CDN] >[2016/11/10 14:51:16.615606, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Attributes] len[4] >[2016/11/10 14:51:16.615617, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[1]: name[Datatype] len[8] >[2016/11/10 14:51:16.615627, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[2]: name[Default Priority] len[4] >[2016/11/10 14:51:16.615638, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[3]: name[Port] len[38] >[2016/11/10 14:51:16.615651, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[4]: name[Name] len[40] >[2016/11/10 14:51:16.615661, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[5]: name[Print Processor] len[18] >[2016/11/10 14:51:16.615671, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[6]: name[Priority] len[4] >[2016/11/10 14:51:16.615681, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[7]: name[Security] len[248] >[2016/11/10 14:51:16.615691, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[8]: name[Share Name] len[40] >[2016/11/10 14:51:16.615701, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[9]: name[StartTime] len[4] >[2016/11/10 14:51:16.615711, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[10]: name[UntilTime] len[4] >[2016/11/10 14:51:16.615721, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[11]: name[Description] len[50] >[2016/11/10 14:51:16.615735, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[12]: name[Printer Driver] len[38] >[2016/11/10 14:51:16.615748, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[13]: name[Location] len[2] >[2016/11/10 14:51:16.615758, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[14]: name[Parameters] len[2] >[2016/11/10 14:51:16.615769, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[15]: name[Separator File] len[2] >[2016/11/10 14:51:16.615784, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[16]: name[Status] len[4] >[2016/11/10 14:51:16.615799, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[17]: name[Default DevMode] len[1072] >[2016/11/10 14:51:16.615812, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) > regdb_unpack_values: value[18]: name[ChangeID] len[4] >[2016/11/10 14:51:16.615827, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_HL-L8250CDN] >[2016/11/10 14:51:16.615848, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > out: struct winreg_QueryInfoKey > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL > num_subkeys : * > num_subkeys : 0x00000003 (3) > max_subkeylen : * > max_subkeylen : 0x00000022 (34) > max_classlen : * > max_classlen : 0x00000000 (0) > num_values : * > num_values : 0x00000013 (19) > max_valnamelen : * > max_valnamelen : 0x00000022 (34) > max_valbufsize : * > max_valbufsize : 0x00000430 (1072) > secdescsize : * > secdescsize : 0x00000078 (120) > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2016/11/10 14:51:16.615948, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000018-0000-0000-2458-547b97470000 > enum_index : 0x00000000 (0) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x00000430 (1072) > length : * > length : 0x00000000 (0) >[2016/11/10 14:51:16.616034, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.616059, 8, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_HL-L8250CDN] >[2016/11/10 14:51:16.616070, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0016 (22) > size : 0x0024 (36) > name : * > name : 'Attributes' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x48 (72) > [1] : 0x10 (16) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2016/11/10 14:51:16.616196, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000018-0000-0000-2458-547b97470000 > enum_index : 0x00000001 (1) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x00000430 (1072) > length : * > length : 0x00000000 (0) >[2016/11/10 14:51:16.616278, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.616302, 8, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_HL-L8250CDN] >[2016/11/10 14:51:16.616314, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Datatype' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(8) > [0] : 0x52 (82) > [1] : 0x00 (0) > [2] : 0x41 (65) > [3] : 0x00 (0) > [4] : 0x57 (87) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > size : * > size : 0x00000008 (8) > length : * > length : 0x00000008 (8) > result : WERR_OK >[2016/11/10 14:51:16.616421, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000018-0000-0000-2458-547b97470000 > enum_index : 0x00000002 (2) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x00000430 (1072) > length : * > length : 0x00000000 (0) >[2016/11/10 14:51:16.616511, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.616535, 8, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_HL-L8250CDN] >[2016/11/10 14:51:16.616549, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0022 (34) > size : 0x0024 (36) > name : * > name : 'Default Priority' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2016/11/10 14:51:16.616637, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000018-0000-0000-2458-547b97470000 > enum_index : 0x00000003 (3) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x00000430 (1072) > length : * > length : 0x00000000 (0) >[2016/11/10 14:51:16.616717, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.616741, 8, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_HL-L8250CDN] >[2016/11/10 14:51:16.616752, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x000a (10) > size : 0x0024 (36) > name : * > name : 'Port' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(38) > [0] : 0x53 (83) > [1] : 0x00 (0) > [2] : 0x61 (97) > [3] : 0x00 (0) > [4] : 0x6d (109) > [5] : 0x00 (0) > [6] : 0x62 (98) > [7] : 0x00 (0) > [8] : 0x61 (97) > [9] : 0x00 (0) > [10] : 0x20 (32) > [11] : 0x00 (0) > [12] : 0x50 (80) > [13] : 0x00 (0) > [14] : 0x72 (114) > [15] : 0x00 (0) > [16] : 0x69 (105) > [17] : 0x00 (0) > [18] : 0x6e (110) > [19] : 0x00 (0) > [20] : 0x74 (116) > [21] : 0x00 (0) > [22] : 0x65 (101) > [23] : 0x00 (0) > [24] : 0x72 (114) > [25] : 0x00 (0) > [26] : 0x20 (32) > [27] : 0x00 (0) > [28] : 0x50 (80) > [29] : 0x00 (0) > [30] : 0x6f (111) > [31] : 0x00 (0) > [32] : 0x72 (114) > [33] : 0x00 (0) > [34] : 0x74 (116) > [35] : 0x00 (0) > [36] : 0x00 (0) > [37] : 0x00 (0) > size : * > size : 0x00000026 (38) > length : * > length : 0x00000026 (38) > result : WERR_OK >[2016/11/10 14:51:16.616980, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000018-0000-0000-2458-547b97470000 > enum_index : 0x00000004 (4) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x00000430 (1072) > length : * > length : 0x00000000 (0) >[2016/11/10 14:51:16.617059, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.617090, 8, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_HL-L8250CDN] >[2016/11/10 14:51:16.617102, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x000a (10) > size : 0x0024 (36) > name : * > name : 'Name' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(40) > [0] : 0x42 (66) > [1] : 0x00 (0) > [2] : 0x72 (114) > [3] : 0x00 (0) > [4] : 0x6f (111) > [5] : 0x00 (0) > [6] : 0x74 (116) > [7] : 0x00 (0) > [8] : 0x68 (104) > [9] : 0x00 (0) > [10] : 0x65 (101) > [11] : 0x00 (0) > [12] : 0x72 (114) > [13] : 0x00 (0) > [14] : 0x5f (95) > [15] : 0x00 (0) > [16] : 0x48 (72) > [17] : 0x00 (0) > [18] : 0x4c (76) > [19] : 0x00 (0) > [20] : 0x2d (45) > [21] : 0x00 (0) > [22] : 0x4c (76) > [23] : 0x00 (0) > [24] : 0x38 (56) > [25] : 0x00 (0) > [26] : 0x32 (50) > [27] : 0x00 (0) > [28] : 0x35 (53) > [29] : 0x00 (0) > [30] : 0x30 (48) > [31] : 0x00 (0) > [32] : 0x43 (67) > [33] : 0x00 (0) > [34] : 0x44 (68) > [35] : 0x00 (0) > [36] : 0x4e (78) > [37] : 0x00 (0) > [38] : 0x00 (0) > [39] : 0x00 (0) > size : * > size : 0x00000028 (40) > length : * > length : 0x00000028 (40) > result : WERR_OK >[2016/11/10 14:51:16.617336, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000018-0000-0000-2458-547b97470000 > enum_index : 0x00000005 (5) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x00000430 (1072) > length : * > length : 0x00000000 (0) >[2016/11/10 14:51:16.617417, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.617442, 8, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_HL-L8250CDN] >[2016/11/10 14:51:16.617453, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0020 (32) > size : 0x0024 (36) > name : * > name : 'Print Processor' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(18) > [0] : 0x77 (119) > [1] : 0x00 (0) > [2] : 0x69 (105) > [3] : 0x00 (0) > [4] : 0x6e (110) > [5] : 0x00 (0) > [6] : 0x70 (112) > [7] : 0x00 (0) > [8] : 0x72 (114) > [9] : 0x00 (0) > [10] : 0x69 (105) > [11] : 0x00 (0) > [12] : 0x6e (110) > [13] : 0x00 (0) > [14] : 0x74 (116) > [15] : 0x00 (0) > [16] : 0x00 (0) > [17] : 0x00 (0) > size : * > size : 0x00000012 (18) > length : * > length : 0x00000012 (18) > result : WERR_OK >[2016/11/10 14:51:16.617597, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000018-0000-0000-2458-547b97470000 > enum_index : 0x00000006 (6) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x00000430 (1072) > length : * > length : 0x00000000 (0) >[2016/11/10 14:51:16.617676, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.617701, 8, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_HL-L8250CDN] >[2016/11/10 14:51:16.617712, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Priority' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2016/11/10 14:51:16.617822, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000018-0000-0000-2458-547b97470000 > enum_index : 0x00000007 (7) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x00000430 (1072) > length : * > length : 0x00000000 (0) >[2016/11/10 14:51:16.617898, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.617926, 8, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_HL-L8250CDN] >[2016/11/10 14:51:16.617937, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Security' > type : * > type : REG_BINARY (3) > value : * > value: ARRAY(248) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x14 (20) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x24 (36) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x34 (52) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x01 (1) > [21] : 0x02 (2) > [22] : 0x00 (0) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x05 (5) > [28] : 0x20 (32) > [29] : 0x00 (0) > [30] : 0x00 (0) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x02 (2) > [34] : 0x00 (0) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x02 (2) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x05 (5) > [44] : 0x20 (32) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x20 (32) > [49] : 0x02 (2) > [50] : 0x00 (0) > [51] : 0x00 (0) > [52] : 0x02 (2) > [53] : 0x00 (0) > [54] : 0xc4 (196) > [55] : 0x00 (0) > [56] : 0x07 (7) > [57] : 0x00 (0) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x02 (2) > [62] : 0x14 (20) > [63] : 0x00 (0) > [64] : 0x08 (8) > [65] : 0x00 (0) > [66] : 0x02 (2) > [67] : 0x20 (32) > [68] : 0x01 (1) > [69] : 0x01 (1) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x00 (0) > [75] : 0x01 (1) > [76] : 0x00 (0) > [77] : 0x00 (0) > [78] : 0x00 (0) > [79] : 0x00 (0) > [80] : 0x00 (0) > [81] : 0x09 (9) > [82] : 0x24 (36) > [83] : 0x00 (0) > [84] : 0x0c (12) > [85] : 0x00 (0) > [86] : 0x0f (15) > [87] : 0x10 (16) > [88] : 0x01 (1) > [89] : 0x05 (5) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x00 (0) > [93] : 0x00 (0) > [94] : 0x00 (0) > [95] : 0x05 (5) > [96] : 0x15 (21) > [97] : 0x00 (0) > [98] : 0x00 (0) > [99] : 0x00 (0) > [100] : 0xae (174) > [101] : 0x66 (102) > [102] : 0x85 (133) > [103] : 0x50 (80) > [104] : 0xdc (220) > [105] : 0x80 (128) > [106] : 0xb5 (181) > [107] : 0x88 (136) > [108] : 0x63 (99) > [109] : 0xbb (187) > [110] : 0x04 (4) > [111] : 0x8c (140) > [112] : 0x00 (0) > [113] : 0x02 (2) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x00 (0) > [117] : 0x02 (2) > [118] : 0x24 (36) > [119] : 0x00 (0) > [120] : 0x0c (12) > [121] : 0x00 (0) > [122] : 0x0f (15) > [123] : 0x10 (16) > [124] : 0x01 (1) > [125] : 0x05 (5) > [126] : 0x00 (0) > [127] : 0x00 (0) > [128] : 0x00 (0) > [129] : 0x00 (0) > [130] : 0x00 (0) > [131] : 0x05 (5) > [132] : 0x15 (21) > [133] : 0x00 (0) > [134] : 0x00 (0) > [135] : 0x00 (0) > [136] : 0xae (174) > [137] : 0x66 (102) > [138] : 0x85 (133) > [139] : 0x50 (80) > [140] : 0xdc (220) > [141] : 0x80 (128) > [142] : 0xb5 (181) > [143] : 0x88 (136) > [144] : 0x63 (99) > [145] : 0xbb (187) > [146] : 0x04 (4) > [147] : 0x8c (140) > [148] : 0x00 (0) > [149] : 0x02 (2) > [150] : 0x00 (0) > [151] : 0x00 (0) > [152] : 0x00 (0) > [153] : 0x09 (9) > [154] : 0x18 (24) > [155] : 0x00 (0) > [156] : 0x0c (12) > [157] : 0x00 (0) > [158] : 0x0f (15) > [159] : 0x10 (16) > [160] : 0x01 (1) > [161] : 0x02 (2) > [162] : 0x00 (0) > [163] : 0x00 (0) > [164] : 0x00 (0) > [165] : 0x00 (0) > [166] : 0x00 (0) > [167] : 0x05 (5) > [168] : 0x20 (32) > [169] : 0x00 (0) > [170] : 0x00 (0) > [171] : 0x00 (0) > [172] : 0x20 (32) > [173] : 0x02 (2) > [174] : 0x00 (0) > [175] : 0x00 (0) > [176] : 0x00 (0) > [177] : 0x02 (2) > [178] : 0x18 (24) > [179] : 0x00 (0) > [180] : 0x0c (12) > [181] : 0x00 (0) > [182] : 0x0f (15) > [183] : 0x10 (16) > [184] : 0x01 (1) > [185] : 0x02 (2) > [186] : 0x00 (0) > [187] : 0x00 (0) > [188] : 0x00 (0) > [189] : 0x00 (0) > [190] : 0x00 (0) > [191] : 0x05 (5) > [192] : 0x20 (32) > [193] : 0x00 (0) > [194] : 0x00 (0) > [195] : 0x00 (0) > [196] : 0x20 (32) > [197] : 0x02 (2) > [198] : 0x00 (0) > [199] : 0x00 (0) > [200] : 0x00 (0) > [201] : 0x09 (9) > [202] : 0x18 (24) > [203] : 0x00 (0) > [204] : 0x0c (12) > [205] : 0x00 (0) > [206] : 0x0f (15) > [207] : 0x10 (16) > [208] : 0x01 (1) > [209] : 0x02 (2) > [210] : 0x00 (0) > [211] : 0x00 (0) > [212] : 0x00 (0) > [213] : 0x00 (0) > [214] : 0x00 (0) > [215] : 0x05 (5) > [216] : 0x20 (32) > [217] : 0x00 (0) > [218] : 0x00 (0) > [219] : 0x00 (0) > [220] : 0x26 (38) > [221] : 0x02 (2) > [222] : 0x00 (0) > [223] : 0x00 (0) > [224] : 0x00 (0) > [225] : 0x02 (2) > [226] : 0x18 (24) > [227] : 0x00 (0) > [228] : 0x0c (12) > [229] : 0x00 (0) > [230] : 0x0f (15) > [231] : 0x10 (16) > [232] : 0x01 (1) > [233] : 0x02 (2) > [234] : 0x00 (0) > [235] : 0x00 (0) > [236] : 0x00 (0) > [237] : 0x00 (0) > [238] : 0x00 (0) > [239] : 0x05 (5) > [240] : 0x20 (32) > [241] : 0x00 (0) > [242] : 0x00 (0) > [243] : 0x00 (0) > [244] : 0x26 (38) > [245] : 0x02 (2) > [246] : 0x00 (0) > [247] : 0x00 (0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x000000f8 (248) > result : WERR_OK >[2016/11/10 14:51:16.618931, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000018-0000-0000-2458-547b97470000 > enum_index : 0x00000008 (8) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x00000430 (1072) > length : * > length : 0x00000000 (0) >[2016/11/10 14:51:16.619010, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.619034, 8, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_HL-L8250CDN] >[2016/11/10 14:51:16.619045, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0016 (22) > size : 0x0024 (36) > name : * > name : 'Share Name' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(40) > [0] : 0x42 (66) > [1] : 0x00 (0) > [2] : 0x72 (114) > [3] : 0x00 (0) > [4] : 0x6f (111) > [5] : 0x00 (0) > [6] : 0x74 (116) > [7] : 0x00 (0) > [8] : 0x68 (104) > [9] : 0x00 (0) > [10] : 0x65 (101) > [11] : 0x00 (0) > [12] : 0x72 (114) > [13] : 0x00 (0) > [14] : 0x5f (95) > [15] : 0x00 (0) > [16] : 0x48 (72) > [17] : 0x00 (0) > [18] : 0x4c (76) > [19] : 0x00 (0) > [20] : 0x2d (45) > [21] : 0x00 (0) > [22] : 0x4c (76) > [23] : 0x00 (0) > [24] : 0x38 (56) > [25] : 0x00 (0) > [26] : 0x32 (50) > [27] : 0x00 (0) > [28] : 0x35 (53) > [29] : 0x00 (0) > [30] : 0x30 (48) > [31] : 0x00 (0) > [32] : 0x43 (67) > [33] : 0x00 (0) > [34] : 0x44 (68) > [35] : 0x00 (0) > [36] : 0x4e (78) > [37] : 0x00 (0) > [38] : 0x00 (0) > [39] : 0x00 (0) > size : * > size : 0x00000028 (40) > length : * > length : 0x00000028 (40) > result : WERR_OK >[2016/11/10 14:51:16.619267, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000018-0000-0000-2458-547b97470000 > enum_index : 0x00000009 (9) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x00000430 (1072) > length : * > length : 0x00000000 (0) >[2016/11/10 14:51:16.619342, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.619366, 8, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_HL-L8250CDN] >[2016/11/10 14:51:16.619377, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0014 (20) > size : 0x0024 (36) > name : * > name : 'StartTime' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x00 (0) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2016/11/10 14:51:16.619463, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000018-0000-0000-2458-547b97470000 > enum_index : 0x0000000a (10) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x00000430 (1072) > length : * > length : 0x00000000 (0) >[2016/11/10 14:51:16.619540, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.619565, 8, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_HL-L8250CDN] >[2016/11/10 14:51:16.619575, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0014 (20) > size : 0x0024 (36) > name : * > name : 'UntilTime' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x00 (0) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2016/11/10 14:51:16.619662, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000018-0000-0000-2458-547b97470000 > enum_index : 0x0000000b (11) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x00000430 (1072) > length : * > length : 0x00000000 (0) >[2016/11/10 14:51:16.619736, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.619760, 8, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_HL-L8250CDN] >[2016/11/10 14:51:16.619774, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0018 (24) > size : 0x0024 (36) > name : * > name : 'Description' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(50) > [0] : 0x42 (66) > [1] : 0x00 (0) > [2] : 0x72 (114) > [3] : 0x00 (0) > [4] : 0x6f (111) > [5] : 0x00 (0) > [6] : 0x74 (116) > [7] : 0x00 (0) > [8] : 0x68 (104) > [9] : 0x00 (0) > [10] : 0x65 (101) > [11] : 0x00 (0) > [12] : 0x72 (114) > [13] : 0x00 (0) > [14] : 0x20 (32) > [15] : 0x00 (0) > [16] : 0x48 (72) > [17] : 0x00 (0) > [18] : 0x4c (76) > [19] : 0x00 (0) > [20] : 0x2d (45) > [21] : 0x00 (0) > [22] : 0x4c (76) > [23] : 0x00 (0) > [24] : 0x38 (56) > [25] : 0x00 (0) > [26] : 0x32 (50) > [27] : 0x00 (0) > [28] : 0x35 (53) > [29] : 0x00 (0) > [30] : 0x30 (48) > [31] : 0x00 (0) > [32] : 0x43 (67) > [33] : 0x00 (0) > [34] : 0x44 (68) > [35] : 0x00 (0) > [36] : 0x4e (78) > [37] : 0x00 (0) > [38] : 0x2c (44) > [39] : 0x00 (0) > [40] : 0x20 (32) > [41] : 0x00 (0) > [42] : 0x30 (48) > [43] : 0x00 (0) > [44] : 0x2b (43) > [45] : 0x00 (0) > [46] : 0x30 (48) > [47] : 0x00 (0) > [48] : 0x00 (0) > [49] : 0x00 (0) > size : * > size : 0x00000032 (50) > length : * > length : 0x00000032 (50) > result : WERR_OK >[2016/11/10 14:51:16.620035, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000018-0000-0000-2458-547b97470000 > enum_index : 0x0000000c (12) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x00000430 (1072) > length : * > length : 0x00000000 (0) >[2016/11/10 14:51:16.620119, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.620143, 8, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_HL-L8250CDN] >[2016/11/10 14:51:16.620154, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x001e (30) > size : 0x0024 (36) > name : * > name : 'Printer Driver' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(38) > [0] : 0x49 (73) > [1] : 0x00 (0) > [2] : 0x53 (83) > [3] : 0x00 (0) > [4] : 0x65 (101) > [5] : 0x00 (0) > [6] : 0x72 (114) > [7] : 0x00 (0) > [8] : 0x76 (118) > [9] : 0x00 (0) > [10] : 0x20 (32) > [11] : 0x00 (0) > [12] : 0x50 (80) > [13] : 0x00 (0) > [14] : 0x72 (114) > [15] : 0x00 (0) > [16] : 0x69 (105) > [17] : 0x00 (0) > [18] : 0x6e (110) > [19] : 0x00 (0) > [20] : 0x74 (116) > [21] : 0x00 (0) > [22] : 0x20 (32) > [23] : 0x00 (0) > [24] : 0x44 (68) > [25] : 0x00 (0) > [26] : 0x72 (114) > [27] : 0x00 (0) > [28] : 0x69 (105) > [29] : 0x00 (0) > [30] : 0x76 (118) > [31] : 0x00 (0) > [32] : 0x65 (101) > [33] : 0x00 (0) > [34] : 0x72 (114) > [35] : 0x00 (0) > [36] : 0x00 (0) > [37] : 0x00 (0) > size : * > size : 0x00000026 (38) > length : * > length : 0x00000026 (38) > result : WERR_OK >[2016/11/10 14:51:16.620354, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000018-0000-0000-2458-547b97470000 > enum_index : 0x0000000d (13) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x00000430 (1072) > length : * > length : 0x00000000 (0) >[2016/11/10 14:51:16.620429, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.620454, 8, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_HL-L8250CDN] >[2016/11/10 14:51:16.620464, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Location' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(2) > [0] : 0x00 (0) > [1] : 0x00 (0) > size : * > size : 0x00000002 (2) > length : * > length : 0x00000002 (2) > result : WERR_OK >[2016/11/10 14:51:16.620543, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000018-0000-0000-2458-547b97470000 > enum_index : 0x0000000e (14) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x00000430 (1072) > length : * > length : 0x00000000 (0) >[2016/11/10 14:51:16.620620, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.620644, 8, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_HL-L8250CDN] >[2016/11/10 14:51:16.620655, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0016 (22) > size : 0x0024 (36) > name : * > name : 'Parameters' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(2) > [0] : 0x00 (0) > [1] : 0x00 (0) > size : * > size : 0x00000002 (2) > length : * > length : 0x00000002 (2) > result : WERR_OK >[2016/11/10 14:51:16.620733, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000018-0000-0000-2458-547b97470000 > enum_index : 0x0000000f (15) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x00000430 (1072) > length : * > length : 0x00000000 (0) >[2016/11/10 14:51:16.620808, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.620834, 8, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_HL-L8250CDN] >[2016/11/10 14:51:16.620845, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x001e (30) > size : 0x0024 (36) > name : * > name : 'Separator File' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(2) > [0] : 0x00 (0) > [1] : 0x00 (0) > size : * > size : 0x00000002 (2) > length : * > length : 0x00000002 (2) > result : WERR_OK >[2016/11/10 14:51:16.620922, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000018-0000-0000-2458-547b97470000 > enum_index : 0x00000010 (16) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x00000430 (1072) > length : * > length : 0x00000000 (0) >[2016/11/10 14:51:16.620997, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.621021, 8, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_HL-L8250CDN] >[2016/11/10 14:51:16.621031, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x000e (14) > size : 0x0024 (36) > name : * > name : 'Status' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x00 (0) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2016/11/10 14:51:16.621121, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000018-0000-0000-2458-547b97470000 > enum_index : 0x00000011 (17) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x00000430 (1072) > length : * > length : 0x00000000 (0) >[2016/11/10 14:51:16.621195, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.621220, 8, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_HL-L8250CDN] >[2016/11/10 14:51:16.621231, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0020 (32) > size : 0x0024 (36) > name : * > name : 'Default DevMode' > type : * > type : REG_BINARY (3) > value : * > value: ARRAY(1072) > [0] : 0x5c (92) > [1] : 0x00 (0) > [2] : 0x5c (92) > [3] : 0x00 (0) > [4] : 0x69 (105) > [5] : 0x00 (0) > [6] : 0x73 (115) > [7] : 0x00 (0) > [8] : 0x65 (101) > [9] : 0x00 (0) > [10] : 0x72 (114) > [11] : 0x00 (0) > [12] : 0x76 (118) > [13] : 0x00 (0) > [14] : 0x5c (92) > [15] : 0x00 (0) > [16] : 0x78 (120) > [17] : 0x00 (0) > [18] : 0x79 (121) > [19] : 0x00 (0) > [20] : 0x7a (122) > [21] : 0x00 (0) > [22] : 0x00 (0) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x00 (0) > [28] : 0x00 (0) > [29] : 0x00 (0) > [30] : 0x00 (0) > [31] : 0x00 (0) > [32] : 0x00 (0) > [33] : 0x00 (0) > [34] : 0x00 (0) > [35] : 0x00 (0) > [36] : 0x00 (0) > [37] : 0x00 (0) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x00 (0) > [44] : 0x00 (0) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x00 (0) > [49] : 0x00 (0) > [50] : 0x00 (0) > [51] : 0x00 (0) > [52] : 0x00 (0) > [53] : 0x00 (0) > [54] : 0x00 (0) > [55] : 0x00 (0) > [56] : 0x00 (0) > [57] : 0x00 (0) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x00 (0) > [62] : 0x00 (0) > [63] : 0x00 (0) > [64] : 0x01 (1) > [65] : 0x04 (4) > [66] : 0x00 (0) > [67] : 0x06 (6) > [68] : 0xdc (220) > [69] : 0x00 (0) > [70] : 0x54 (84) > [71] : 0x03 (3) > [72] : 0x53 (83) > [73] : 0xef (239) > [74] : 0x81 (129) > [75] : 0x01 (1) > [76] : 0x01 (1) > [77] : 0x00 (0) > [78] : 0x09 (9) > [79] : 0x00 (0) > [80] : 0xea (234) > [81] : 0x0a (10) > [82] : 0x6f (111) > [83] : 0x08 (8) > [84] : 0x64 (100) > [85] : 0x00 (0) > [86] : 0x01 (1) > [87] : 0x00 (0) > [88] : 0x0f (15) > [89] : 0x00 (0) > [90] : 0x58 (88) > [91] : 0x02 (2) > [92] : 0x02 (2) > [93] : 0x00 (0) > [94] : 0x01 (1) > [95] : 0x00 (0) > [96] : 0x58 (88) > [97] : 0x02 (2) > [98] : 0x03 (3) > [99] : 0x00 (0) > [100] : 0x01 (1) > [101] : 0x00 (0) > [102] : 0x41 (65) > [103] : 0x00 (0) > [104] : 0x34 (52) > [105] : 0x00 (0) > [106] : 0x00 (0) > [107] : 0x00 (0) > [108] : 0x00 (0) > [109] : 0x00 (0) > [110] : 0x00 (0) > [111] : 0x00 (0) > [112] : 0x00 (0) > [113] : 0x00 (0) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x00 (0) > [117] : 0x00 (0) > [118] : 0x00 (0) > [119] : 0x00 (0) > [120] : 0x00 (0) > [121] : 0x00 (0) > [122] : 0x00 (0) > [123] : 0x00 (0) > [124] : 0x00 (0) > [125] : 0x00 (0) > [126] : 0x00 (0) > [127] : 0x00 (0) > [128] : 0x00 (0) > [129] : 0x00 (0) > [130] : 0x00 (0) > [131] : 0x00 (0) > [132] : 0x00 (0) > [133] : 0x00 (0) > [134] : 0x00 (0) > [135] : 0x00 (0) > [136] : 0x00 (0) > [137] : 0x00 (0) > [138] : 0x00 (0) > [139] : 0x00 (0) > [140] : 0x00 (0) > [141] : 0x00 (0) > [142] : 0x00 (0) > [143] : 0x00 (0) > [144] : 0x00 (0) > [145] : 0x00 (0) > [146] : 0x00 (0) > [147] : 0x00 (0) > [148] : 0x00 (0) > [149] : 0x00 (0) > [150] : 0x00 (0) > [151] : 0x00 (0) > [152] : 0x00 (0) > [153] : 0x00 (0) > [154] : 0x00 (0) > [155] : 0x00 (0) > [156] : 0x00 (0) > [157] : 0x00 (0) > [158] : 0x00 (0) > [159] : 0x00 (0) > [160] : 0x00 (0) > [161] : 0x00 (0) > [162] : 0x00 (0) > [163] : 0x00 (0) > [164] : 0x00 (0) > [165] : 0x00 (0) > [166] : 0x00 (0) > [167] : 0x00 (0) > [168] : 0x00 (0) > [169] : 0x00 (0) > [170] : 0x00 (0) > [171] : 0x00 (0) > [172] : 0x00 (0) > [173] : 0x00 (0) > [174] : 0x00 (0) > [175] : 0x00 (0) > [176] : 0x00 (0) > [177] : 0x00 (0) > [178] : 0x00 (0) > [179] : 0x00 (0) > [180] : 0x01 (1) > [181] : 0x00 (0) > [182] : 0x00 (0) > [183] : 0x00 (0) > [184] : 0x00 (0) > [185] : 0x00 (0) > [186] : 0x00 (0) > [187] : 0x00 (0) > [188] : 0x01 (1) > [189] : 0x00 (0) > [190] : 0x00 (0) > [191] : 0x00 (0) > [192] : 0x02 (2) > [193] : 0x00 (0) > [194] : 0x00 (0) > [195] : 0x00 (0) > [196] : 0x01 (1) > [197] : 0x00 (0) > [198] : 0x00 (0) > [199] : 0x00 (0) > [200] : 0x00 (0) > [201] : 0x00 (0) > [202] : 0x00 (0) > [203] : 0x00 (0) > [204] : 0x00 (0) > [205] : 0x00 (0) > [206] : 0x00 (0) > [207] : 0x00 (0) > [208] : 0x00 (0) > [209] : 0x00 (0) > [210] : 0x00 (0) > [211] : 0x00 (0) > [212] : 0x00 (0) > [213] : 0x00 (0) > [214] : 0x00 (0) > [215] : 0x00 (0) > [216] : 0x00 (0) > [217] : 0x00 (0) > [218] : 0x00 (0) > [219] : 0x00 (0) > [220] : 0x50 (80) > [221] : 0x52 (82) > [222] : 0x49 (73) > [223] : 0x56 (86) > [224] : 0xe2 (226) > [225] : 0x30 (48) > [226] : 0x00 (0) > [227] : 0x00 (0) > [228] : 0x00 (0) > [229] : 0x00 (0) > [230] : 0x00 (0) > [231] : 0x00 (0) > [232] : 0x00 (0) > [233] : 0x00 (0) > [234] : 0x00 (0) > [235] : 0x00 (0) > [236] : 0x00 (0) > [237] : 0x00 (0) > [238] : 0x00 (0) > [239] : 0x00 (0) > [240] : 0x00 (0) > [241] : 0x00 (0) > [242] : 0x00 (0) > [243] : 0x00 (0) > [244] : 0x00 (0) > [245] : 0x00 (0) > [246] : 0x00 (0) > [247] : 0x00 (0) > [248] : 0x00 (0) > [249] : 0x00 (0) > [250] : 0x00 (0) > [251] : 0x00 (0) > [252] : 0x00 (0) > [253] : 0x00 (0) > [254] : 0x00 (0) > [255] : 0x00 (0) > [256] : 0x00 (0) > [257] : 0x00 (0) > [258] : 0x00 (0) > [259] : 0x00 (0) > [260] : 0x00 (0) > [261] : 0x00 (0) > [262] : 0x00 (0) > [263] : 0x00 (0) > [264] : 0x00 (0) > [265] : 0x00 (0) > [266] : 0x00 (0) > [267] : 0x00 (0) > [268] : 0x00 (0) > [269] : 0x00 (0) > [270] : 0x00 (0) > [271] : 0x00 (0) > [272] : 0x00 (0) > [273] : 0x00 (0) > [274] : 0x00 (0) > [275] : 0x00 (0) > [276] : 0x00 (0) > [277] : 0x00 (0) > [278] : 0x00 (0) > [279] : 0x00 (0) > [280] : 0x00 (0) > [281] : 0x00 (0) > [282] : 0x00 (0) > [283] : 0x00 (0) > [284] : 0x00 (0) > [285] : 0x00 (0) > [286] : 0x00 (0) > [287] : 0x00 (0) > [288] : 0x00 (0) > [289] : 0x00 (0) > [290] : 0x00 (0) > [291] : 0x00 (0) > [292] : 0x00 (0) > [293] : 0x00 (0) > [294] : 0x00 (0) > [295] : 0x00 (0) > [296] : 0x00 (0) > [297] : 0x00 (0) > [298] : 0x00 (0) > [299] : 0x00 (0) > [300] : 0x00 (0) > [301] : 0x00 (0) > [302] : 0x00 (0) > [303] : 0x00 (0) > [304] : 0x00 (0) > [305] : 0x00 (0) > [306] : 0x00 (0) > [307] : 0x00 (0) > [308] : 0x18 (24) > [309] : 0x00 (0) > [310] : 0x00 (0) > [311] : 0x00 (0) > [312] : 0x00 (0) > [313] : 0x00 (0) > [314] : 0x10 (16) > [315] : 0x27 (39) > [316] : 0x10 (16) > [317] : 0x27 (39) > [318] : 0x10 (16) > [319] : 0x27 (39) > [320] : 0x00 (0) > [321] : 0x00 (0) > [322] : 0x10 (16) > [323] : 0x27 (39) > [324] : 0x00 (0) > [325] : 0x00 (0) > [326] : 0x00 (0) > [327] : 0x00 (0) > [328] : 0x00 (0) > [329] : 0x00 (0) > [330] : 0x00 (0) > [331] : 0x00 (0) > [332] : 0x80 (128) > [333] : 0x00 (0) > [334] : 0x54 (84) > [335] : 0x03 (3) > [336] : 0x00 (0) > [337] : 0x00 (0) > [338] : 0x00 (0) > [339] : 0x00 (0) > [340] : 0x00 (0) > [341] : 0x00 (0) > [342] : 0x00 (0) > [343] : 0x00 (0) > [344] : 0x00 (0) > [345] : 0x00 (0) > [346] : 0x00 (0) > [347] : 0x00 (0) > [348] : 0x00 (0) > [349] : 0x00 (0) > [350] : 0x00 (0) > [351] : 0x00 (0) > [352] : 0x00 (0) > [353] : 0x00 (0) > [354] : 0x00 (0) > [355] : 0x00 (0) > [356] : 0x00 (0) > [357] : 0x00 (0) > [358] : 0x00 (0) > [359] : 0x00 (0) > [360] : 0x03 (3) > [361] : 0x00 (0) > [362] : 0x00 (0) > [363] : 0x00 (0) > [364] : 0x00 (0) > [365] : 0x00 (0) > [366] : 0x00 (0) > [367] : 0x00 (0) > [368] : 0x00 (0) > [369] : 0x00 (0) > [370] : 0x10 (16) > [371] : 0x00 (0) > [372] : 0x50 (80) > [373] : 0x34 (52) > [374] : 0x03 (3) > [375] : 0x00 (0) > [376] : 0x28 (40) > [377] : 0x88 (136) > [378] : 0x04 (4) > [379] : 0x00 (0) > [380] : 0x00 (0) > [381] : 0x00 (0) > [382] : 0x00 (0) > [383] : 0x00 (0) > [384] : 0x00 (0) > [385] : 0x00 (0) > [386] : 0x00 (0) > [387] : 0x00 (0) > [388] : 0x00 (0) > [389] : 0x00 (0) > [390] : 0x01 (1) > [391] : 0x00 (0) > [392] : 0x00 (0) > [393] : 0x00 (0) > [394] : 0x00 (0) > [395] : 0x00 (0) > [396] : 0x00 (0) > [397] : 0x00 (0) > [398] : 0x00 (0) > [399] : 0x00 (0) > [400] : 0x00 (0) > [401] : 0x00 (0) > [402] : 0x00 (0) > [403] : 0x00 (0) > [404] : 0x00 (0) > [405] : 0x00 (0) > [406] : 0x00 (0) > [407] : 0x00 (0) > [408] : 0x24 (36) > [409] : 0x01 (1) > [410] : 0xdf (223) > [411] : 0x8c (140) > [412] : 0x03 (3) > [413] : 0x00 (0) > [414] : 0x00 (0) > [415] : 0x00 (0) > [416] : 0x05 (5) > [417] : 0x00 (0) > [418] : 0x0b (11) > [419] : 0x00 (0) > [420] : 0xff (255) > [421] : 0x00 (0) > [422] : 0x00 (0) > [423] : 0x00 (0) > [424] : 0x00 (0) > [425] : 0x00 (0) > [426] : 0x00 (0) > [427] : 0x00 (0) > [428] : 0x00 (0) > [429] : 0x00 (0) > [430] : 0x00 (0) > [431] : 0x00 (0) > [432] : 0x00 (0) > [433] : 0x00 (0) > [434] : 0x00 (0) > [435] : 0x00 (0) > [436] : 0x00 (0) > [437] : 0x00 (0) > [438] : 0x00 (0) > [439] : 0x00 (0) > [440] : 0x00 (0) > [441] : 0x00 (0) > [442] : 0x00 (0) > [443] : 0x00 (0) > [444] : 0x00 (0) > [445] : 0x00 (0) > [446] : 0x00 (0) > [447] : 0x00 (0) > [448] : 0x00 (0) > [449] : 0x00 (0) > [450] : 0x00 (0) > [451] : 0x00 (0) > [452] : 0x00 (0) > [453] : 0x00 (0) > [454] : 0x00 (0) > [455] : 0x00 (0) > [456] : 0x00 (0) > [457] : 0x00 (0) > [458] : 0x00 (0) > [459] : 0x00 (0) > [460] : 0x00 (0) > [461] : 0x00 (0) > [462] : 0x00 (0) > [463] : 0x00 (0) > [464] : 0x00 (0) > [465] : 0x00 (0) > [466] : 0x00 (0) > [467] : 0x00 (0) > [468] : 0x00 (0) > [469] : 0x00 (0) > [470] : 0x00 (0) > [471] : 0x00 (0) > [472] : 0x00 (0) > [473] : 0x00 (0) > [474] : 0x00 (0) > [475] : 0x00 (0) > [476] : 0x00 (0) > [477] : 0x00 (0) > [478] : 0x00 (0) > [479] : 0x00 (0) > [480] : 0x00 (0) > [481] : 0x00 (0) > [482] : 0x00 (0) > [483] : 0x00 (0) > [484] : 0x00 (0) > [485] : 0x00 (0) > [486] : 0x00 (0) > [487] : 0x00 (0) > [488] : 0x00 (0) > [489] : 0x00 (0) > [490] : 0x00 (0) > [491] : 0x00 (0) > [492] : 0x00 (0) > [493] : 0x00 (0) > [494] : 0x00 (0) > [495] : 0x00 (0) > [496] : 0x00 (0) > [497] : 0x00 (0) > [498] : 0x00 (0) > [499] : 0x00 (0) > [500] : 0x00 (0) > [501] : 0x00 (0) > [502] : 0x00 (0) > [503] : 0x00 (0) > [504] : 0x00 (0) > [505] : 0x00 (0) > [506] : 0x00 (0) > [507] : 0x00 (0) > [508] : 0x00 (0) > [509] : 0x00 (0) > [510] : 0x00 (0) > [511] : 0x00 (0) > [512] : 0x00 (0) > [513] : 0x00 (0) > [514] : 0x00 (0) > [515] : 0x00 (0) > [516] : 0x00 (0) > [517] : 0x00 (0) > [518] : 0x00 (0) > [519] : 0x00 (0) > [520] : 0x00 (0) > [521] : 0x00 (0) > [522] : 0x00 (0) > [523] : 0x00 (0) > [524] : 0x00 (0) > [525] : 0x00 (0) > [526] : 0x00 (0) > [527] : 0x00 (0) > [528] : 0x00 (0) > [529] : 0x00 (0) > [530] : 0x00 (0) > [531] : 0x00 (0) > [532] : 0x00 (0) > [533] : 0x00 (0) > [534] : 0x00 (0) > [535] : 0x00 (0) > [536] : 0x00 (0) > [537] : 0x00 (0) > [538] : 0x00 (0) > [539] : 0x00 (0) > [540] : 0x00 (0) > [541] : 0x00 (0) > [542] : 0x00 (0) > [543] : 0x00 (0) > [544] : 0x00 (0) > [545] : 0x00 (0) > [546] : 0x00 (0) > [547] : 0x00 (0) > [548] : 0x00 (0) > [549] : 0x00 (0) > [550] : 0x00 (0) > [551] : 0x00 (0) > [552] : 0x00 (0) > [553] : 0x00 (0) > [554] : 0x00 (0) > [555] : 0x00 (0) > [556] : 0x00 (0) > [557] : 0x00 (0) > [558] : 0x00 (0) > [559] : 0x00 (0) > [560] : 0x00 (0) > [561] : 0x00 (0) > [562] : 0x00 (0) > [563] : 0x00 (0) > [564] : 0x00 (0) > [565] : 0x00 (0) > [566] : 0x00 (0) > [567] : 0x00 (0) > [568] : 0x00 (0) > [569] : 0x00 (0) > [570] : 0x00 (0) > [571] : 0x00 (0) > [572] : 0x00 (0) > [573] : 0x00 (0) > [574] : 0x00 (0) > [575] : 0x00 (0) > [576] : 0x00 (0) > [577] : 0x00 (0) > [578] : 0x00 (0) > [579] : 0x00 (0) > [580] : 0x00 (0) > [581] : 0x00 (0) > [582] : 0x00 (0) > [583] : 0x00 (0) > [584] : 0x00 (0) > [585] : 0x00 (0) > [586] : 0x00 (0) > [587] : 0x00 (0) > [588] : 0x00 (0) > [589] : 0x00 (0) > [590] : 0x00 (0) > [591] : 0x00 (0) > [592] : 0x00 (0) > [593] : 0x00 (0) > [594] : 0x00 (0) > [595] : 0x00 (0) > [596] : 0x00 (0) > [597] : 0x00 (0) > [598] : 0x00 (0) > [599] : 0x00 (0) > [600] : 0x00 (0) > [601] : 0x00 (0) > [602] : 0x00 (0) > [603] : 0x00 (0) > [604] : 0x00 (0) > [605] : 0x00 (0) > [606] : 0x00 (0) > [607] : 0x00 (0) > [608] : 0x00 (0) > [609] : 0x00 (0) > [610] : 0x00 (0) > [611] : 0x00 (0) > [612] : 0x00 (0) > [613] : 0x00 (0) > [614] : 0x00 (0) > [615] : 0x00 (0) > [616] : 0x00 (0) > [617] : 0x00 (0) > [618] : 0x00 (0) > [619] : 0x00 (0) > [620] : 0x00 (0) > [621] : 0x00 (0) > [622] : 0x00 (0) > [623] : 0x00 (0) > [624] : 0x00 (0) > [625] : 0x00 (0) > [626] : 0x00 (0) > [627] : 0x00 (0) > [628] : 0x00 (0) > [629] : 0x00 (0) > [630] : 0x00 (0) > [631] : 0x00 (0) > [632] : 0x00 (0) > [633] : 0x00 (0) > [634] : 0x00 (0) > [635] : 0x00 (0) > [636] : 0x00 (0) > [637] : 0x00 (0) > [638] : 0x00 (0) > [639] : 0x00 (0) > [640] : 0x00 (0) > [641] : 0x00 (0) > [642] : 0x00 (0) > [643] : 0x00 (0) > [644] : 0x00 (0) > [645] : 0x00 (0) > [646] : 0x00 (0) > [647] : 0x00 (0) > [648] : 0x00 (0) > [649] : 0x00 (0) > [650] : 0x00 (0) > [651] : 0x00 (0) > [652] : 0x00 (0) > [653] : 0x00 (0) > [654] : 0x00 (0) > [655] : 0x00 (0) > [656] : 0x00 (0) > [657] : 0x00 (0) > [658] : 0x00 (0) > [659] : 0x00 (0) > [660] : 0x00 (0) > [661] : 0x00 (0) > [662] : 0x00 (0) > [663] : 0x00 (0) > [664] : 0x00 (0) > [665] : 0x00 (0) > [666] : 0x00 (0) > [667] : 0x00 (0) > [668] : 0x00 (0) > [669] : 0x00 (0) > [670] : 0x00 (0) > [671] : 0x00 (0) > [672] : 0x00 (0) > [673] : 0x00 (0) > [674] : 0x00 (0) > [675] : 0x00 (0) > [676] : 0x00 (0) > [677] : 0x00 (0) > [678] : 0x00 (0) > [679] : 0x00 (0) > [680] : 0x00 (0) > [681] : 0x00 (0) > [682] : 0x00 (0) > [683] : 0x00 (0) > [684] : 0x00 (0) > [685] : 0x00 (0) > [686] : 0x00 (0) > [687] : 0x00 (0) > [688] : 0x00 (0) > [689] : 0x00 (0) > [690] : 0x00 (0) > [691] : 0x00 (0) > [692] : 0x00 (0) > [693] : 0x00 (0) > [694] : 0x00 (0) > [695] : 0x00 (0) > [696] : 0x00 (0) > [697] : 0x00 (0) > [698] : 0x00 (0) > [699] : 0x00 (0) > [700] : 0x00 (0) > [701] : 0x00 (0) > [702] : 0x00 (0) > [703] : 0x00 (0) > [704] : 0x00 (0) > [705] : 0x00 (0) > [706] : 0x00 (0) > [707] : 0x00 (0) > [708] : 0x00 (0) > [709] : 0x00 (0) > [710] : 0x00 (0) > [711] : 0x00 (0) > [712] : 0x00 (0) > [713] : 0x00 (0) > [714] : 0x00 (0) > [715] : 0x00 (0) > [716] : 0x00 (0) > [717] : 0x00 (0) > [718] : 0x00 (0) > [719] : 0x00 (0) > [720] : 0x00 (0) > [721] : 0x00 (0) > [722] : 0x00 (0) > [723] : 0x00 (0) > [724] : 0x00 (0) > [725] : 0x00 (0) > [726] : 0x00 (0) > [727] : 0x00 (0) > [728] : 0x00 (0) > [729] : 0x00 (0) > [730] : 0x00 (0) > [731] : 0x00 (0) > [732] : 0x00 (0) > [733] : 0x00 (0) > [734] : 0x00 (0) > [735] : 0x00 (0) > [736] : 0x00 (0) > [737] : 0x00 (0) > [738] : 0x00 (0) > [739] : 0x00 (0) > [740] : 0x00 (0) > [741] : 0x00 (0) > [742] : 0x00 (0) > [743] : 0x00 (0) > [744] : 0x00 (0) > [745] : 0x00 (0) > [746] : 0x00 (0) > [747] : 0x00 (0) > [748] : 0x00 (0) > [749] : 0x00 (0) > [750] : 0x00 (0) > [751] : 0x00 (0) > [752] : 0x00 (0) > [753] : 0x00 (0) > [754] : 0x00 (0) > [755] : 0x00 (0) > [756] : 0x00 (0) > [757] : 0x00 (0) > [758] : 0x00 (0) > [759] : 0x00 (0) > [760] : 0x00 (0) > [761] : 0x00 (0) > [762] : 0x00 (0) > [763] : 0x00 (0) > [764] : 0x00 (0) > [765] : 0x00 (0) > [766] : 0x00 (0) > [767] : 0x00 (0) > [768] : 0x00 (0) > [769] : 0x00 (0) > [770] : 0x00 (0) > [771] : 0x00 (0) > [772] : 0x00 (0) > [773] : 0x00 (0) > [774] : 0x00 (0) > [775] : 0x00 (0) > [776] : 0x00 (0) > [777] : 0x00 (0) > [778] : 0x00 (0) > [779] : 0x00 (0) > [780] : 0x00 (0) > [781] : 0x00 (0) > [782] : 0x00 (0) > [783] : 0x00 (0) > [784] : 0x00 (0) > [785] : 0x00 (0) > [786] : 0x00 (0) > [787] : 0x00 (0) > [788] : 0x00 (0) > [789] : 0x00 (0) > [790] : 0x00 (0) > [791] : 0x00 (0) > [792] : 0x00 (0) > [793] : 0x00 (0) > [794] : 0x00 (0) > [795] : 0x00 (0) > [796] : 0x00 (0) > [797] : 0x00 (0) > [798] : 0x00 (0) > [799] : 0x00 (0) > [800] : 0x00 (0) > [801] : 0x00 (0) > [802] : 0x00 (0) > [803] : 0x00 (0) > [804] : 0x00 (0) > [805] : 0x00 (0) > [806] : 0x00 (0) > [807] : 0x00 (0) > [808] : 0x00 (0) > [809] : 0x00 (0) > [810] : 0x00 (0) > [811] : 0x00 (0) > [812] : 0x00 (0) > [813] : 0x00 (0) > [814] : 0x00 (0) > [815] : 0x00 (0) > [816] : 0x00 (0) > [817] : 0x00 (0) > [818] : 0x00 (0) > [819] : 0x00 (0) > [820] : 0x00 (0) > [821] : 0x00 (0) > [822] : 0x00 (0) > [823] : 0x00 (0) > [824] : 0x00 (0) > [825] : 0x00 (0) > [826] : 0x00 (0) > [827] : 0x00 (0) > [828] : 0x00 (0) > [829] : 0x00 (0) > [830] : 0x00 (0) > [831] : 0x00 (0) > [832] : 0x00 (0) > [833] : 0x00 (0) > [834] : 0x00 (0) > [835] : 0x00 (0) > [836] : 0x00 (0) > [837] : 0x00 (0) > [838] : 0x00 (0) > [839] : 0x00 (0) > [840] : 0x00 (0) > [841] : 0x00 (0) > [842] : 0x00 (0) > [843] : 0x00 (0) > [844] : 0x00 (0) > [845] : 0x00 (0) > [846] : 0x00 (0) > [847] : 0x00 (0) > [848] : 0x00 (0) > [849] : 0x00 (0) > [850] : 0x00 (0) > [851] : 0x00 (0) > [852] : 0x00 (0) > [853] : 0x00 (0) > [854] : 0x00 (0) > [855] : 0x00 (0) > [856] : 0x00 (0) > [857] : 0x00 (0) > [858] : 0x00 (0) > [859] : 0x00 (0) > [860] : 0x00 (0) > [861] : 0x00 (0) > [862] : 0x00 (0) > [863] : 0x00 (0) > [864] : 0x00 (0) > [865] : 0x00 (0) > [866] : 0x00 (0) > [867] : 0x00 (0) > [868] : 0x00 (0) > [869] : 0x00 (0) > [870] : 0x00 (0) > [871] : 0x00 (0) > [872] : 0x00 (0) > [873] : 0x00 (0) > [874] : 0x00 (0) > [875] : 0x00 (0) > [876] : 0x00 (0) > [877] : 0x00 (0) > [878] : 0x00 (0) > [879] : 0x00 (0) > [880] : 0x00 (0) > [881] : 0x00 (0) > [882] : 0x00 (0) > [883] : 0x00 (0) > [884] : 0x00 (0) > [885] : 0x00 (0) > [886] : 0x00 (0) > [887] : 0x00 (0) > [888] : 0x00 (0) > [889] : 0x00 (0) > [890] : 0x00 (0) > [891] : 0x00 (0) > [892] : 0x00 (0) > [893] : 0x00 (0) > [894] : 0x00 (0) > [895] : 0x00 (0) > [896] : 0x00 (0) > [897] : 0x00 (0) > [898] : 0x00 (0) > [899] : 0x00 (0) > [900] : 0x00 (0) > [901] : 0x00 (0) > [902] : 0x00 (0) > [903] : 0x00 (0) > [904] : 0x00 (0) > [905] : 0x00 (0) > [906] : 0x00 (0) > [907] : 0x00 (0) > [908] : 0x00 (0) > [909] : 0x00 (0) > [910] : 0x00 (0) > [911] : 0x00 (0) > [912] : 0x00 (0) > [913] : 0x00 (0) > [914] : 0x00 (0) > [915] : 0x00 (0) > [916] : 0x00 (0) > [917] : 0x00 (0) > [918] : 0x00 (0) > [919] : 0x00 (0) > [920] : 0x00 (0) > [921] : 0x00 (0) > [922] : 0x00 (0) > [923] : 0x00 (0) > [924] : 0x00 (0) > [925] : 0x00 (0) > [926] : 0x00 (0) > [927] : 0x00 (0) > [928] : 0x01 (1) > [929] : 0x00 (0) > [930] : 0x00 (0) > [931] : 0x00 (0) > [932] : 0x00 (0) > [933] : 0x00 (0) > [934] : 0x00 (0) > [935] : 0x00 (0) > [936] : 0x00 (0) > [937] : 0x00 (0) > [938] : 0x00 (0) > [939] : 0x00 (0) > [940] : 0x00 (0) > [941] : 0x00 (0) > [942] : 0x00 (0) > [943] : 0x00 (0) > [944] : 0x80 (128) > [945] : 0x00 (0) > [946] : 0x00 (0) > [947] : 0x00 (0) > [948] : 0x53 (83) > [949] : 0x4d (77) > [950] : 0x54 (84) > [951] : 0x4a (74) > [952] : 0x00 (0) > [953] : 0x00 (0) > [954] : 0x00 (0) > [955] : 0x00 (0) > [956] : 0x10 (16) > [957] : 0x00 (0) > [958] : 0x70 (112) > [959] : 0x00 (0) > [960] : 0x49 (73) > [961] : 0x00 (0) > [962] : 0x53 (83) > [963] : 0x00 (0) > [964] : 0x65 (101) > [965] : 0x00 (0) > [966] : 0x72 (114) > [967] : 0x00 (0) > [968] : 0x76 (118) > [969] : 0x00 (0) > [970] : 0x20 (32) > [971] : 0x00 (0) > [972] : 0x50 (80) > [973] : 0x00 (0) > [974] : 0x72 (114) > [975] : 0x00 (0) > [976] : 0x69 (105) > [977] : 0x00 (0) > [978] : 0x6e (110) > [979] : 0x00 (0) > [980] : 0x74 (116) > [981] : 0x00 (0) > [982] : 0x20 (32) > [983] : 0x00 (0) > [984] : 0x44 (68) > [985] : 0x00 (0) > [986] : 0x72 (114) > [987] : 0x00 (0) > [988] : 0x69 (105) > [989] : 0x00 (0) > [990] : 0x76 (118) > [991] : 0x00 (0) > [992] : 0x65 (101) > [993] : 0x00 (0) > [994] : 0x72 (114) > [995] : 0x00 (0) > [996] : 0x00 (0) > [997] : 0x00 (0) > [998] : 0x52 (82) > [999] : 0x65 (101) > [1000] : 0x73 (115) > [1001] : 0x6f (111) > [1002] : 0x6c (108) > [1003] : 0x75 (117) > [1004] : 0x74 (116) > [1005] : 0x69 (105) > [1006] : 0x6f (111) > [1007] : 0x6e (110) > [1008] : 0x00 (0) > [1009] : 0x36 (54) > [1010] : 0x30 (48) > [1011] : 0x30 (48) > [1012] : 0x64 (100) > [1013] : 0x70 (112) > [1014] : 0x69 (105) > [1015] : 0x00 (0) > [1016] : 0x50 (80) > [1017] : 0x61 (97) > [1018] : 0x67 (103) > [1019] : 0x65 (101) > [1020] : 0x53 (83) > [1021] : 0x69 (105) > [1022] : 0x7a (122) > [1023] : 0x65 (101) > [1024] : 0x00 (0) > [1025] : 0x41 (65) > [1026] : 0x34 (52) > [1027] : 0x00 (0) > [1028] : 0x50 (80) > [1029] : 0x61 (97) > [1030] : 0x67 (103) > [1031] : 0x65 (101) > [1032] : 0x52 (82) > [1033] : 0x65 (101) > [1034] : 0x67 (103) > [1035] : 0x69 (105) > [1036] : 0x6f (111) > [1037] : 0x6e (110) > [1038] : 0x00 (0) > [1039] : 0x00 (0) > [1040] : 0x00 (0) > [1041] : 0x00 (0) > [1042] : 0x00 (0) > [1043] : 0x00 (0) > [1044] : 0x00 (0) > [1045] : 0x00 (0) > [1046] : 0x00 (0) > [1047] : 0x00 (0) > [1048] : 0x00 (0) > [1049] : 0x00 (0) > [1050] : 0x00 (0) > [1051] : 0x00 (0) > [1052] : 0x00 (0) > [1053] : 0x00 (0) > [1054] : 0x00 (0) > [1055] : 0x00 (0) > [1056] : 0x00 (0) > [1057] : 0x00 (0) > [1058] : 0x00 (0) > [1059] : 0x00 (0) > [1060] : 0x00 (0) > [1061] : 0x00 (0) > [1062] : 0x00 (0) > [1063] : 0x00 (0) > [1064] : 0x00 (0) > [1065] : 0x00 (0) > [1066] : 0x00 (0) > [1067] : 0x00 (0) > [1068] : 0x00 (0) > [1069] : 0x00 (0) > [1070] : 0x00 (0) > [1071] : 0x00 (0) > size : * > size : 0x00000430 (1072) > length : * > length : 0x00000430 (1072) > result : WERR_OK >[2016/11/10 14:51:16.625020, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000018-0000-0000-2458-547b97470000 > enum_index : 0x00000012 (18) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x00000430 (1072) > length : * > length : 0x00000000 (0) >[2016/11/10 14:51:16.625099, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.625125, 8, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_HL-L8250CDN] >[2016/11/10 14:51:16.625137, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'ChangeID' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x1e (30) > [1] : 0x4a (74) > [2] : 0xa8 (168) > [3] : 0x17 (23) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2016/11/10 14:51:16.625245, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000018-0000-0000-2458-547b97470000 > value_name : * > value_name: struct winreg_String > name_len : 0x0020 (32) > name_size : 0x0020 (32) > name : * > name : 'Default DevMode' > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) >[2016/11/10 14:51:16.625318, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.625342, 7, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_HL-L8250CDN] >[2016/11/10 14:51:16.625352, 7, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2016/11/10 14:51:16.625365, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : NULL > data_size : * > data_size : 0x00000430 (1072) > data_length : * > data_length : 0x00000000 (0) > result : WERR_OK >[2016/11/10 14:51:16.625412, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000018-0000-0000-2458-547b97470000 > value_name : * > value_name: struct winreg_String > name_len : 0x0020 (32) > name_size : 0x0020 (32) > name : * > name : 'Default DevMode' > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(0) > data_size : * > data_size : 0x00000430 (1072) > data_length : * > data_length : 0x00000000 (0) >[2016/11/10 14:51:16.625484, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.625508, 7, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_HL-L8250CDN] >[2016/11/10 14:51:16.625517, 7, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2016/11/10 14:51:16.625530, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(1072) > [0] : 0x5c (92) > [1] : 0x00 (0) > [2] : 0x5c (92) > [3] : 0x00 (0) > [4] : 0x69 (105) > [5] : 0x00 (0) > [6] : 0x73 (115) > [7] : 0x00 (0) > [8] : 0x65 (101) > [9] : 0x00 (0) > [10] : 0x72 (114) > [11] : 0x00 (0) > [12] : 0x76 (118) > [13] : 0x00 (0) > [14] : 0x5c (92) > [15] : 0x00 (0) > [16] : 0x78 (120) > [17] : 0x00 (0) > [18] : 0x79 (121) > [19] : 0x00 (0) > [20] : 0x7a (122) > [21] : 0x00 (0) > [22] : 0x00 (0) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x00 (0) > [28] : 0x00 (0) > [29] : 0x00 (0) > [30] : 0x00 (0) > [31] : 0x00 (0) > [32] : 0x00 (0) > [33] : 0x00 (0) > [34] : 0x00 (0) > [35] : 0x00 (0) > [36] : 0x00 (0) > [37] : 0x00 (0) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x00 (0) > [44] : 0x00 (0) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x00 (0) > [49] : 0x00 (0) > [50] : 0x00 (0) > [51] : 0x00 (0) > [52] : 0x00 (0) > [53] : 0x00 (0) > [54] : 0x00 (0) > [55] : 0x00 (0) > [56] : 0x00 (0) > [57] : 0x00 (0) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x00 (0) > [62] : 0x00 (0) > [63] : 0x00 (0) > [64] : 0x01 (1) > [65] : 0x04 (4) > [66] : 0x00 (0) > [67] : 0x06 (6) > [68] : 0xdc (220) > [69] : 0x00 (0) > [70] : 0x54 (84) > [71] : 0x03 (3) > [72] : 0x53 (83) > [73] : 0xef (239) > [74] : 0x81 (129) > [75] : 0x01 (1) > [76] : 0x01 (1) > [77] : 0x00 (0) > [78] : 0x09 (9) > [79] : 0x00 (0) > [80] : 0xea (234) > [81] : 0x0a (10) > [82] : 0x6f (111) > [83] : 0x08 (8) > [84] : 0x64 (100) > [85] : 0x00 (0) > [86] : 0x01 (1) > [87] : 0x00 (0) > [88] : 0x0f (15) > [89] : 0x00 (0) > [90] : 0x58 (88) > [91] : 0x02 (2) > [92] : 0x02 (2) > [93] : 0x00 (0) > [94] : 0x01 (1) > [95] : 0x00 (0) > [96] : 0x58 (88) > [97] : 0x02 (2) > [98] : 0x03 (3) > [99] : 0x00 (0) > [100] : 0x01 (1) > [101] : 0x00 (0) > [102] : 0x41 (65) > [103] : 0x00 (0) > [104] : 0x34 (52) > [105] : 0x00 (0) > [106] : 0x00 (0) > [107] : 0x00 (0) > [108] : 0x00 (0) > [109] : 0x00 (0) > [110] : 0x00 (0) > [111] : 0x00 (0) > [112] : 0x00 (0) > [113] : 0x00 (0) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x00 (0) > [117] : 0x00 (0) > [118] : 0x00 (0) > [119] : 0x00 (0) > [120] : 0x00 (0) > [121] : 0x00 (0) > [122] : 0x00 (0) > [123] : 0x00 (0) > [124] : 0x00 (0) > [125] : 0x00 (0) > [126] : 0x00 (0) > [127] : 0x00 (0) > [128] : 0x00 (0) > [129] : 0x00 (0) > [130] : 0x00 (0) > [131] : 0x00 (0) > [132] : 0x00 (0) > [133] : 0x00 (0) > [134] : 0x00 (0) > [135] : 0x00 (0) > [136] : 0x00 (0) > [137] : 0x00 (0) > [138] : 0x00 (0) > [139] : 0x00 (0) > [140] : 0x00 (0) > [141] : 0x00 (0) > [142] : 0x00 (0) > [143] : 0x00 (0) > [144] : 0x00 (0) > [145] : 0x00 (0) > [146] : 0x00 (0) > [147] : 0x00 (0) > [148] : 0x00 (0) > [149] : 0x00 (0) > [150] : 0x00 (0) > [151] : 0x00 (0) > [152] : 0x00 (0) > [153] : 0x00 (0) > [154] : 0x00 (0) > [155] : 0x00 (0) > [156] : 0x00 (0) > [157] : 0x00 (0) > [158] : 0x00 (0) > [159] : 0x00 (0) > [160] : 0x00 (0) > [161] : 0x00 (0) > [162] : 0x00 (0) > [163] : 0x00 (0) > [164] : 0x00 (0) > [165] : 0x00 (0) > [166] : 0x00 (0) > [167] : 0x00 (0) > [168] : 0x00 (0) > [169] : 0x00 (0) > [170] : 0x00 (0) > [171] : 0x00 (0) > [172] : 0x00 (0) > [173] : 0x00 (0) > [174] : 0x00 (0) > [175] : 0x00 (0) > [176] : 0x00 (0) > [177] : 0x00 (0) > [178] : 0x00 (0) > [179] : 0x00 (0) > [180] : 0x01 (1) > [181] : 0x00 (0) > [182] : 0x00 (0) > [183] : 0x00 (0) > [184] : 0x00 (0) > [185] : 0x00 (0) > [186] : 0x00 (0) > [187] : 0x00 (0) > [188] : 0x01 (1) > [189] : 0x00 (0) > [190] : 0x00 (0) > [191] : 0x00 (0) > [192] : 0x02 (2) > [193] : 0x00 (0) > [194] : 0x00 (0) > [195] : 0x00 (0) > [196] : 0x01 (1) > [197] : 0x00 (0) > [198] : 0x00 (0) > [199] : 0x00 (0) > [200] : 0x00 (0) > [201] : 0x00 (0) > [202] : 0x00 (0) > [203] : 0x00 (0) > [204] : 0x00 (0) > [205] : 0x00 (0) > [206] : 0x00 (0) > [207] : 0x00 (0) > [208] : 0x00 (0) > [209] : 0x00 (0) > [210] : 0x00 (0) > [211] : 0x00 (0) > [212] : 0x00 (0) > [213] : 0x00 (0) > [214] : 0x00 (0) > [215] : 0x00 (0) > [216] : 0x00 (0) > [217] : 0x00 (0) > [218] : 0x00 (0) > [219] : 0x00 (0) > [220] : 0x50 (80) > [221] : 0x52 (82) > [222] : 0x49 (73) > [223] : 0x56 (86) > [224] : 0xe2 (226) > [225] : 0x30 (48) > [226] : 0x00 (0) > [227] : 0x00 (0) > [228] : 0x00 (0) > [229] : 0x00 (0) > [230] : 0x00 (0) > [231] : 0x00 (0) > [232] : 0x00 (0) > [233] : 0x00 (0) > [234] : 0x00 (0) > [235] : 0x00 (0) > [236] : 0x00 (0) > [237] : 0x00 (0) > [238] : 0x00 (0) > [239] : 0x00 (0) > [240] : 0x00 (0) > [241] : 0x00 (0) > [242] : 0x00 (0) > [243] : 0x00 (0) > [244] : 0x00 (0) > [245] : 0x00 (0) > [246] : 0x00 (0) > [247] : 0x00 (0) > [248] : 0x00 (0) > [249] : 0x00 (0) > [250] : 0x00 (0) > [251] : 0x00 (0) > [252] : 0x00 (0) > [253] : 0x00 (0) > [254] : 0x00 (0) > [255] : 0x00 (0) > [256] : 0x00 (0) > [257] : 0x00 (0) > [258] : 0x00 (0) > [259] : 0x00 (0) > [260] : 0x00 (0) > [261] : 0x00 (0) > [262] : 0x00 (0) > [263] : 0x00 (0) > [264] : 0x00 (0) > [265] : 0x00 (0) > [266] : 0x00 (0) > [267] : 0x00 (0) > [268] : 0x00 (0) > [269] : 0x00 (0) > [270] : 0x00 (0) > [271] : 0x00 (0) > [272] : 0x00 (0) > [273] : 0x00 (0) > [274] : 0x00 (0) > [275] : 0x00 (0) > [276] : 0x00 (0) > [277] : 0x00 (0) > [278] : 0x00 (0) > [279] : 0x00 (0) > [280] : 0x00 (0) > [281] : 0x00 (0) > [282] : 0x00 (0) > [283] : 0x00 (0) > [284] : 0x00 (0) > [285] : 0x00 (0) > [286] : 0x00 (0) > [287] : 0x00 (0) > [288] : 0x00 (0) > [289] : 0x00 (0) > [290] : 0x00 (0) > [291] : 0x00 (0) > [292] : 0x00 (0) > [293] : 0x00 (0) > [294] : 0x00 (0) > [295] : 0x00 (0) > [296] : 0x00 (0) > [297] : 0x00 (0) > [298] : 0x00 (0) > [299] : 0x00 (0) > [300] : 0x00 (0) > [301] : 0x00 (0) > [302] : 0x00 (0) > [303] : 0x00 (0) > [304] : 0x00 (0) > [305] : 0x00 (0) > [306] : 0x00 (0) > [307] : 0x00 (0) > [308] : 0x18 (24) > [309] : 0x00 (0) > [310] : 0x00 (0) > [311] : 0x00 (0) > [312] : 0x00 (0) > [313] : 0x00 (0) > [314] : 0x10 (16) > [315] : 0x27 (39) > [316] : 0x10 (16) > [317] : 0x27 (39) > [318] : 0x10 (16) > [319] : 0x27 (39) > [320] : 0x00 (0) > [321] : 0x00 (0) > [322] : 0x10 (16) > [323] : 0x27 (39) > [324] : 0x00 (0) > [325] : 0x00 (0) > [326] : 0x00 (0) > [327] : 0x00 (0) > [328] : 0x00 (0) > [329] : 0x00 (0) > [330] : 0x00 (0) > [331] : 0x00 (0) > [332] : 0x80 (128) > [333] : 0x00 (0) > [334] : 0x54 (84) > [335] : 0x03 (3) > [336] : 0x00 (0) > [337] : 0x00 (0) > [338] : 0x00 (0) > [339] : 0x00 (0) > [340] : 0x00 (0) > [341] : 0x00 (0) > [342] : 0x00 (0) > [343] : 0x00 (0) > [344] : 0x00 (0) > [345] : 0x00 (0) > [346] : 0x00 (0) > [347] : 0x00 (0) > [348] : 0x00 (0) > [349] : 0x00 (0) > [350] : 0x00 (0) > [351] : 0x00 (0) > [352] : 0x00 (0) > [353] : 0x00 (0) > [354] : 0x00 (0) > [355] : 0x00 (0) > [356] : 0x00 (0) > [357] : 0x00 (0) > [358] : 0x00 (0) > [359] : 0x00 (0) > [360] : 0x03 (3) > [361] : 0x00 (0) > [362] : 0x00 (0) > [363] : 0x00 (0) > [364] : 0x00 (0) > [365] : 0x00 (0) > [366] : 0x00 (0) > [367] : 0x00 (0) > [368] : 0x00 (0) > [369] : 0x00 (0) > [370] : 0x10 (16) > [371] : 0x00 (0) > [372] : 0x50 (80) > [373] : 0x34 (52) > [374] : 0x03 (3) > [375] : 0x00 (0) > [376] : 0x28 (40) > [377] : 0x88 (136) > [378] : 0x04 (4) > [379] : 0x00 (0) > [380] : 0x00 (0) > [381] : 0x00 (0) > [382] : 0x00 (0) > [383] : 0x00 (0) > [384] : 0x00 (0) > [385] : 0x00 (0) > [386] : 0x00 (0) > [387] : 0x00 (0) > [388] : 0x00 (0) > [389] : 0x00 (0) > [390] : 0x01 (1) > [391] : 0x00 (0) > [392] : 0x00 (0) > [393] : 0x00 (0) > [394] : 0x00 (0) > [395] : 0x00 (0) > [396] : 0x00 (0) > [397] : 0x00 (0) > [398] : 0x00 (0) > [399] : 0x00 (0) > [400] : 0x00 (0) > [401] : 0x00 (0) > [402] : 0x00 (0) > [403] : 0x00 (0) > [404] : 0x00 (0) > [405] : 0x00 (0) > [406] : 0x00 (0) > [407] : 0x00 (0) > [408] : 0x24 (36) > [409] : 0x01 (1) > [410] : 0xdf (223) > [411] : 0x8c (140) > [412] : 0x03 (3) > [413] : 0x00 (0) > [414] : 0x00 (0) > [415] : 0x00 (0) > [416] : 0x05 (5) > [417] : 0x00 (0) > [418] : 0x0b (11) > [419] : 0x00 (0) > [420] : 0xff (255) > [421] : 0x00 (0) > [422] : 0x00 (0) > [423] : 0x00 (0) > [424] : 0x00 (0) > [425] : 0x00 (0) > [426] : 0x00 (0) > [427] : 0x00 (0) > [428] : 0x00 (0) > [429] : 0x00 (0) > [430] : 0x00 (0) > [431] : 0x00 (0) > [432] : 0x00 (0) > [433] : 0x00 (0) > [434] : 0x00 (0) > [435] : 0x00 (0) > [436] : 0x00 (0) > [437] : 0x00 (0) > [438] : 0x00 (0) > [439] : 0x00 (0) > [440] : 0x00 (0) > [441] : 0x00 (0) > [442] : 0x00 (0) > [443] : 0x00 (0) > [444] : 0x00 (0) > [445] : 0x00 (0) > [446] : 0x00 (0) > [447] : 0x00 (0) > [448] : 0x00 (0) > [449] : 0x00 (0) > [450] : 0x00 (0) > [451] : 0x00 (0) > [452] : 0x00 (0) > [453] : 0x00 (0) > [454] : 0x00 (0) > [455] : 0x00 (0) > [456] : 0x00 (0) > [457] : 0x00 (0) > [458] : 0x00 (0) > [459] : 0x00 (0) > [460] : 0x00 (0) > [461] : 0x00 (0) > [462] : 0x00 (0) > [463] : 0x00 (0) > [464] : 0x00 (0) > [465] : 0x00 (0) > [466] : 0x00 (0) > [467] : 0x00 (0) > [468] : 0x00 (0) > [469] : 0x00 (0) > [470] : 0x00 (0) > [471] : 0x00 (0) > [472] : 0x00 (0) > [473] : 0x00 (0) > [474] : 0x00 (0) > [475] : 0x00 (0) > [476] : 0x00 (0) > [477] : 0x00 (0) > [478] : 0x00 (0) > [479] : 0x00 (0) > [480] : 0x00 (0) > [481] : 0x00 (0) > [482] : 0x00 (0) > [483] : 0x00 (0) > [484] : 0x00 (0) > [485] : 0x00 (0) > [486] : 0x00 (0) > [487] : 0x00 (0) > [488] : 0x00 (0) > [489] : 0x00 (0) > [490] : 0x00 (0) > [491] : 0x00 (0) > [492] : 0x00 (0) > [493] : 0x00 (0) > [494] : 0x00 (0) > [495] : 0x00 (0) > [496] : 0x00 (0) > [497] : 0x00 (0) > [498] : 0x00 (0) > [499] : 0x00 (0) > [500] : 0x00 (0) > [501] : 0x00 (0) > [502] : 0x00 (0) > [503] : 0x00 (0) > [504] : 0x00 (0) > [505] : 0x00 (0) > [506] : 0x00 (0) > [507] : 0x00 (0) > [508] : 0x00 (0) > [509] : 0x00 (0) > [510] : 0x00 (0) > [511] : 0x00 (0) > [512] : 0x00 (0) > [513] : 0x00 (0) > [514] : 0x00 (0) > [515] : 0x00 (0) > [516] : 0x00 (0) > [517] : 0x00 (0) > [518] : 0x00 (0) > [519] : 0x00 (0) > [520] : 0x00 (0) > [521] : 0x00 (0) > [522] : 0x00 (0) > [523] : 0x00 (0) > [524] : 0x00 (0) > [525] : 0x00 (0) > [526] : 0x00 (0) > [527] : 0x00 (0) > [528] : 0x00 (0) > [529] : 0x00 (0) > [530] : 0x00 (0) > [531] : 0x00 (0) > [532] : 0x00 (0) > [533] : 0x00 (0) > [534] : 0x00 (0) > [535] : 0x00 (0) > [536] : 0x00 (0) > [537] : 0x00 (0) > [538] : 0x00 (0) > [539] : 0x00 (0) > [540] : 0x00 (0) > [541] : 0x00 (0) > [542] : 0x00 (0) > [543] : 0x00 (0) > [544] : 0x00 (0) > [545] : 0x00 (0) > [546] : 0x00 (0) > [547] : 0x00 (0) > [548] : 0x00 (0) > [549] : 0x00 (0) > [550] : 0x00 (0) > [551] : 0x00 (0) > [552] : 0x00 (0) > [553] : 0x00 (0) > [554] : 0x00 (0) > [555] : 0x00 (0) > [556] : 0x00 (0) > [557] : 0x00 (0) > [558] : 0x00 (0) > [559] : 0x00 (0) > [560] : 0x00 (0) > [561] : 0x00 (0) > [562] : 0x00 (0) > [563] : 0x00 (0) > [564] : 0x00 (0) > [565] : 0x00 (0) > [566] : 0x00 (0) > [567] : 0x00 (0) > [568] : 0x00 (0) > [569] : 0x00 (0) > [570] : 0x00 (0) > [571] : 0x00 (0) > [572] : 0x00 (0) > [573] : 0x00 (0) > [574] : 0x00 (0) > [575] : 0x00 (0) > [576] : 0x00 (0) > [577] : 0x00 (0) > [578] : 0x00 (0) > [579] : 0x00 (0) > [580] : 0x00 (0) > [581] : 0x00 (0) > [582] : 0x00 (0) > [583] : 0x00 (0) > [584] : 0x00 (0) > [585] : 0x00 (0) > [586] : 0x00 (0) > [587] : 0x00 (0) > [588] : 0x00 (0) > [589] : 0x00 (0) > [590] : 0x00 (0) > [591] : 0x00 (0) > [592] : 0x00 (0) > [593] : 0x00 (0) > [594] : 0x00 (0) > [595] : 0x00 (0) > [596] : 0x00 (0) > [597] : 0x00 (0) > [598] : 0x00 (0) > [599] : 0x00 (0) > [600] : 0x00 (0) > [601] : 0x00 (0) > [602] : 0x00 (0) > [603] : 0x00 (0) > [604] : 0x00 (0) > [605] : 0x00 (0) > [606] : 0x00 (0) > [607] : 0x00 (0) > [608] : 0x00 (0) > [609] : 0x00 (0) > [610] : 0x00 (0) > [611] : 0x00 (0) > [612] : 0x00 (0) > [613] : 0x00 (0) > [614] : 0x00 (0) > [615] : 0x00 (0) > [616] : 0x00 (0) > [617] : 0x00 (0) > [618] : 0x00 (0) > [619] : 0x00 (0) > [620] : 0x00 (0) > [621] : 0x00 (0) > [622] : 0x00 (0) > [623] : 0x00 (0) > [624] : 0x00 (0) > [625] : 0x00 (0) > [626] : 0x00 (0) > [627] : 0x00 (0) > [628] : 0x00 (0) > [629] : 0x00 (0) > [630] : 0x00 (0) > [631] : 0x00 (0) > [632] : 0x00 (0) > [633] : 0x00 (0) > [634] : 0x00 (0) > [635] : 0x00 (0) > [636] : 0x00 (0) > [637] : 0x00 (0) > [638] : 0x00 (0) > [639] : 0x00 (0) > [640] : 0x00 (0) > [641] : 0x00 (0) > [642] : 0x00 (0) > [643] : 0x00 (0) > [644] : 0x00 (0) > [645] : 0x00 (0) > [646] : 0x00 (0) > [647] : 0x00 (0) > [648] : 0x00 (0) > [649] : 0x00 (0) > [650] : 0x00 (0) > [651] : 0x00 (0) > [652] : 0x00 (0) > [653] : 0x00 (0) > [654] : 0x00 (0) > [655] : 0x00 (0) > [656] : 0x00 (0) > [657] : 0x00 (0) > [658] : 0x00 (0) > [659] : 0x00 (0) > [660] : 0x00 (0) > [661] : 0x00 (0) > [662] : 0x00 (0) > [663] : 0x00 (0) > [664] : 0x00 (0) > [665] : 0x00 (0) > [666] : 0x00 (0) > [667] : 0x00 (0) > [668] : 0x00 (0) > [669] : 0x00 (0) > [670] : 0x00 (0) > [671] : 0x00 (0) > [672] : 0x00 (0) > [673] : 0x00 (0) > [674] : 0x00 (0) > [675] : 0x00 (0) > [676] : 0x00 (0) > [677] : 0x00 (0) > [678] : 0x00 (0) > [679] : 0x00 (0) > [680] : 0x00 (0) > [681] : 0x00 (0) > [682] : 0x00 (0) > [683] : 0x00 (0) > [684] : 0x00 (0) > [685] : 0x00 (0) > [686] : 0x00 (0) > [687] : 0x00 (0) > [688] : 0x00 (0) > [689] : 0x00 (0) > [690] : 0x00 (0) > [691] : 0x00 (0) > [692] : 0x00 (0) > [693] : 0x00 (0) > [694] : 0x00 (0) > [695] : 0x00 (0) > [696] : 0x00 (0) > [697] : 0x00 (0) > [698] : 0x00 (0) > [699] : 0x00 (0) > [700] : 0x00 (0) > [701] : 0x00 (0) > [702] : 0x00 (0) > [703] : 0x00 (0) > [704] : 0x00 (0) > [705] : 0x00 (0) > [706] : 0x00 (0) > [707] : 0x00 (0) > [708] : 0x00 (0) > [709] : 0x00 (0) > [710] : 0x00 (0) > [711] : 0x00 (0) > [712] : 0x00 (0) > [713] : 0x00 (0) > [714] : 0x00 (0) > [715] : 0x00 (0) > [716] : 0x00 (0) > [717] : 0x00 (0) > [718] : 0x00 (0) > [719] : 0x00 (0) > [720] : 0x00 (0) > [721] : 0x00 (0) > [722] : 0x00 (0) > [723] : 0x00 (0) > [724] : 0x00 (0) > [725] : 0x00 (0) > [726] : 0x00 (0) > [727] : 0x00 (0) > [728] : 0x00 (0) > [729] : 0x00 (0) > [730] : 0x00 (0) > [731] : 0x00 (0) > [732] : 0x00 (0) > [733] : 0x00 (0) > [734] : 0x00 (0) > [735] : 0x00 (0) > [736] : 0x00 (0) > [737] : 0x00 (0) > [738] : 0x00 (0) > [739] : 0x00 (0) > [740] : 0x00 (0) > [741] : 0x00 (0) > [742] : 0x00 (0) > [743] : 0x00 (0) > [744] : 0x00 (0) > [745] : 0x00 (0) > [746] : 0x00 (0) > [747] : 0x00 (0) > [748] : 0x00 (0) > [749] : 0x00 (0) > [750] : 0x00 (0) > [751] : 0x00 (0) > [752] : 0x00 (0) > [753] : 0x00 (0) > [754] : 0x00 (0) > [755] : 0x00 (0) > [756] : 0x00 (0) > [757] : 0x00 (0) > [758] : 0x00 (0) > [759] : 0x00 (0) > [760] : 0x00 (0) > [761] : 0x00 (0) > [762] : 0x00 (0) > [763] : 0x00 (0) > [764] : 0x00 (0) > [765] : 0x00 (0) > [766] : 0x00 (0) > [767] : 0x00 (0) > [768] : 0x00 (0) > [769] : 0x00 (0) > [770] : 0x00 (0) > [771] : 0x00 (0) > [772] : 0x00 (0) > [773] : 0x00 (0) > [774] : 0x00 (0) > [775] : 0x00 (0) > [776] : 0x00 (0) > [777] : 0x00 (0) > [778] : 0x00 (0) > [779] : 0x00 (0) > [780] : 0x00 (0) > [781] : 0x00 (0) > [782] : 0x00 (0) > [783] : 0x00 (0) > [784] : 0x00 (0) > [785] : 0x00 (0) > [786] : 0x00 (0) > [787] : 0x00 (0) > [788] : 0x00 (0) > [789] : 0x00 (0) > [790] : 0x00 (0) > [791] : 0x00 (0) > [792] : 0x00 (0) > [793] : 0x00 (0) > [794] : 0x00 (0) > [795] : 0x00 (0) > [796] : 0x00 (0) > [797] : 0x00 (0) > [798] : 0x00 (0) > [799] : 0x00 (0) > [800] : 0x00 (0) > [801] : 0x00 (0) > [802] : 0x00 (0) > [803] : 0x00 (0) > [804] : 0x00 (0) > [805] : 0x00 (0) > [806] : 0x00 (0) > [807] : 0x00 (0) > [808] : 0x00 (0) > [809] : 0x00 (0) > [810] : 0x00 (0) > [811] : 0x00 (0) > [812] : 0x00 (0) > [813] : 0x00 (0) > [814] : 0x00 (0) > [815] : 0x00 (0) > [816] : 0x00 (0) > [817] : 0x00 (0) > [818] : 0x00 (0) > [819] : 0x00 (0) > [820] : 0x00 (0) > [821] : 0x00 (0) > [822] : 0x00 (0) > [823] : 0x00 (0) > [824] : 0x00 (0) > [825] : 0x00 (0) > [826] : 0x00 (0) > [827] : 0x00 (0) > [828] : 0x00 (0) > [829] : 0x00 (0) > [830] : 0x00 (0) > [831] : 0x00 (0) > [832] : 0x00 (0) > [833] : 0x00 (0) > [834] : 0x00 (0) > [835] : 0x00 (0) > [836] : 0x00 (0) > [837] : 0x00 (0) > [838] : 0x00 (0) > [839] : 0x00 (0) > [840] : 0x00 (0) > [841] : 0x00 (0) > [842] : 0x00 (0) > [843] : 0x00 (0) > [844] : 0x00 (0) > [845] : 0x00 (0) > [846] : 0x00 (0) > [847] : 0x00 (0) > [848] : 0x00 (0) > [849] : 0x00 (0) > [850] : 0x00 (0) > [851] : 0x00 (0) > [852] : 0x00 (0) > [853] : 0x00 (0) > [854] : 0x00 (0) > [855] : 0x00 (0) > [856] : 0x00 (0) > [857] : 0x00 (0) > [858] : 0x00 (0) > [859] : 0x00 (0) > [860] : 0x00 (0) > [861] : 0x00 (0) > [862] : 0x00 (0) > [863] : 0x00 (0) > [864] : 0x00 (0) > [865] : 0x00 (0) > [866] : 0x00 (0) > [867] : 0x00 (0) > [868] : 0x00 (0) > [869] : 0x00 (0) > [870] : 0x00 (0) > [871] : 0x00 (0) > [872] : 0x00 (0) > [873] : 0x00 (0) > [874] : 0x00 (0) > [875] : 0x00 (0) > [876] : 0x00 (0) > [877] : 0x00 (0) > [878] : 0x00 (0) > [879] : 0x00 (0) > [880] : 0x00 (0) > [881] : 0x00 (0) > [882] : 0x00 (0) > [883] : 0x00 (0) > [884] : 0x00 (0) > [885] : 0x00 (0) > [886] : 0x00 (0) > [887] : 0x00 (0) > [888] : 0x00 (0) > [889] : 0x00 (0) > [890] : 0x00 (0) > [891] : 0x00 (0) > [892] : 0x00 (0) > [893] : 0x00 (0) > [894] : 0x00 (0) > [895] : 0x00 (0) > [896] : 0x00 (0) > [897] : 0x00 (0) > [898] : 0x00 (0) > [899] : 0x00 (0) > [900] : 0x00 (0) > [901] : 0x00 (0) > [902] : 0x00 (0) > [903] : 0x00 (0) > [904] : 0x00 (0) > [905] : 0x00 (0) > [906] : 0x00 (0) > [907] : 0x00 (0) > [908] : 0x00 (0) > [909] : 0x00 (0) > [910] : 0x00 (0) > [911] : 0x00 (0) > [912] : 0x00 (0) > [913] : 0x00 (0) > [914] : 0x00 (0) > [915] : 0x00 (0) > [916] : 0x00 (0) > [917] : 0x00 (0) > [918] : 0x00 (0) > [919] : 0x00 (0) > [920] : 0x00 (0) > [921] : 0x00 (0) > [922] : 0x00 (0) > [923] : 0x00 (0) > [924] : 0x00 (0) > [925] : 0x00 (0) > [926] : 0x00 (0) > [927] : 0x00 (0) > [928] : 0x01 (1) > [929] : 0x00 (0) > [930] : 0x00 (0) > [931] : 0x00 (0) > [932] : 0x00 (0) > [933] : 0x00 (0) > [934] : 0x00 (0) > [935] : 0x00 (0) > [936] : 0x00 (0) > [937] : 0x00 (0) > [938] : 0x00 (0) > [939] : 0x00 (0) > [940] : 0x00 (0) > [941] : 0x00 (0) > [942] : 0x00 (0) > [943] : 0x00 (0) > [944] : 0x80 (128) > [945] : 0x00 (0) > [946] : 0x00 (0) > [947] : 0x00 (0) > [948] : 0x53 (83) > [949] : 0x4d (77) > [950] : 0x54 (84) > [951] : 0x4a (74) > [952] : 0x00 (0) > [953] : 0x00 (0) > [954] : 0x00 (0) > [955] : 0x00 (0) > [956] : 0x10 (16) > [957] : 0x00 (0) > [958] : 0x70 (112) > [959] : 0x00 (0) > [960] : 0x49 (73) > [961] : 0x00 (0) > [962] : 0x53 (83) > [963] : 0x00 (0) > [964] : 0x65 (101) > [965] : 0x00 (0) > [966] : 0x72 (114) > [967] : 0x00 (0) > [968] : 0x76 (118) > [969] : 0x00 (0) > [970] : 0x20 (32) > [971] : 0x00 (0) > [972] : 0x50 (80) > [973] : 0x00 (0) > [974] : 0x72 (114) > [975] : 0x00 (0) > [976] : 0x69 (105) > [977] : 0x00 (0) > [978] : 0x6e (110) > [979] : 0x00 (0) > [980] : 0x74 (116) > [981] : 0x00 (0) > [982] : 0x20 (32) > [983] : 0x00 (0) > [984] : 0x44 (68) > [985] : 0x00 (0) > [986] : 0x72 (114) > [987] : 0x00 (0) > [988] : 0x69 (105) > [989] : 0x00 (0) > [990] : 0x76 (118) > [991] : 0x00 (0) > [992] : 0x65 (101) > [993] : 0x00 (0) > [994] : 0x72 (114) > [995] : 0x00 (0) > [996] : 0x00 (0) > [997] : 0x00 (0) > [998] : 0x52 (82) > [999] : 0x65 (101) > [1000] : 0x73 (115) > [1001] : 0x6f (111) > [1002] : 0x6c (108) > [1003] : 0x75 (117) > [1004] : 0x74 (116) > [1005] : 0x69 (105) > [1006] : 0x6f (111) > [1007] : 0x6e (110) > [1008] : 0x00 (0) > [1009] : 0x36 (54) > [1010] : 0x30 (48) > [1011] : 0x30 (48) > [1012] : 0x64 (100) > [1013] : 0x70 (112) > [1014] : 0x69 (105) > [1015] : 0x00 (0) > [1016] : 0x50 (80) > [1017] : 0x61 (97) > [1018] : 0x67 (103) > [1019] : 0x65 (101) > [1020] : 0x53 (83) > [1021] : 0x69 (105) > [1022] : 0x7a (122) > [1023] : 0x65 (101) > [1024] : 0x00 (0) > [1025] : 0x41 (65) > [1026] : 0x34 (52) > [1027] : 0x00 (0) > [1028] : 0x50 (80) > [1029] : 0x61 (97) > [1030] : 0x67 (103) > [1031] : 0x65 (101) > [1032] : 0x52 (82) > [1033] : 0x65 (101) > [1034] : 0x67 (103) > [1035] : 0x69 (105) > [1036] : 0x6f (111) > [1037] : 0x6e (110) > [1038] : 0x00 (0) > [1039] : 0x00 (0) > [1040] : 0x00 (0) > [1041] : 0x00 (0) > [1042] : 0x00 (0) > [1043] : 0x00 (0) > [1044] : 0x00 (0) > [1045] : 0x00 (0) > [1046] : 0x00 (0) > [1047] : 0x00 (0) > [1048] : 0x00 (0) > [1049] : 0x00 (0) > [1050] : 0x00 (0) > [1051] : 0x00 (0) > [1052] : 0x00 (0) > [1053] : 0x00 (0) > [1054] : 0x00 (0) > [1055] : 0x00 (0) > [1056] : 0x00 (0) > [1057] : 0x00 (0) > [1058] : 0x00 (0) > [1059] : 0x00 (0) > [1060] : 0x00 (0) > [1061] : 0x00 (0) > [1062] : 0x00 (0) > [1063] : 0x00 (0) > [1064] : 0x00 (0) > [1065] : 0x00 (0) > [1066] : 0x00 (0) > [1067] : 0x00 (0) > [1068] : 0x00 (0) > [1069] : 0x00 (0) > [1070] : 0x00 (0) > [1071] : 0x00 (0) > data_size : * > data_size : 0x00000430 (1072) > data_length : * > data_length : 0x00000430 (1072) > result : WERR_OK >[2016/11/10 14:51:16.629217, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2016/11/10 14:51:16.629265, 7, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2016/11/10 14:51:16.629276, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (2->3) >[2016/11/10 14:51:16.629287, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2016/11/10 14:51:16.629297, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2016/11/10 14:51:16.629308, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/11/10 14:51:16.629317, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xf7331040 for key [\HKLM] >[2016/11/10 14:51:16.629346, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.629372, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000019-0000-0000-2458-547b97470000 > result : WERR_OK >[2016/11/10 14:51:16.629412, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000019-0000-0000-2458-547b97470000 > keyname: struct winreg_String > name_len : 0x00a0 (160) > name_size : 0x00a0 (160) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_HL-L8250CDN' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2016/11/10 14:51:16.629506, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.629531, 7, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2016/11/10 14:51:16.629542, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (3->4) >[2016/11/10 14:51:16.629552, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2016/11/10 14:51:16.629561, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2016/11/10 14:51:16.629572, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/11/10 14:51:16.629581, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE] >[2016/11/10 14:51:16.629604, 7, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2016/11/10 14:51:16.629614, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (4->5) >[2016/11/10 14:51:16.629624, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2016/11/10 14:51:16.629633, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2016/11/10 14:51:16.629644, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/11/10 14:51:16.629653, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft] >[2016/11/10 14:51:16.629672, 7, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2016/11/10 14:51:16.629682, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (5->6) >[2016/11/10 14:51:16.629692, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/11/10 14:51:16.629704, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/11/10 14:51:16.629715, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/11/10 14:51:16.629724, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2016/11/10 14:51:16.629741, 7, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2016/11/10 14:51:16.629751, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (6->7) >[2016/11/10 14:51:16.629761, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/11/10 14:51:16.629770, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/11/10 14:51:16.629782, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/11/10 14:51:16.629791, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xf76f87c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2016/11/10 14:51:16.629815, 7, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2016/11/10 14:51:16.629825, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (7->8) >[2016/11/10 14:51:16.629835, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/11/10 14:51:16.629844, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/11/10 14:51:16.629856, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/11/10 14:51:16.629865, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xf76f87c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2016/11/10 14:51:16.629882, 7, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2016/11/10 14:51:16.629892, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (8->9) >[2016/11/10 14:51:16.629903, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/11/10 14:51:16.629912, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/11/10 14:51:16.629924, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/11/10 14:51:16.629935, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2016/11/10 14:51:16.629980, 7, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) > regkey_open_onelevel: name = [Brother_HL-L8250CDN] >[2016/11/10 14:51:16.629990, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) > regdb_open: incrementing refcount (9->10) >[2016/11/10 14:51:16.630001, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_HL-L8250CDN] >[2016/11/10 14:51:16.630010, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_HL-L8250CDN] >[2016/11/10 14:51:16.630023, 10, pid=18327, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2016/11/10 14:51:16.630031, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) > reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_HL-L8250CDN] >[2016/11/10 14:51:16.630054, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (10->9) >[2016/11/10 14:51:16.630064, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (9->8) >[2016/11/10 14:51:16.630074, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (8->7) >[2016/11/10 14:51:16.630084, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (7->6) >[2016/11/10 14:51:16.630093, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (6->5) >[2016/11/10 14:51:16.630103, 10, pid=18327, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) > regdb_close: decrementing refcount (5->4) >[2016/11/10 14:51:16.630113, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) > Opened policy hnd[4] [0000] 00 00 00 00 1A 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00 .G.. >[2016/11/10 14:51:16.630137, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001a-0000-0000-2458-547b97470000 > result : WERR_OK >[2016/11/10 14:51:16.630179, 1, pid=18327, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001a-0000-0000-2458-547b97470000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) >[2016/11/10 14:51:16.630252, 6, pid=18327, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1A 00 00 00 00 00 00 00 24 58 54 7B ........ ....$XT{ > [0010] 97 47 00 00