[2016/11/10 14:56:23.596039, 6, pid=18983, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:2226(lp_file_list_changed) lp_file_list_changed() file /var/lib/iserv/config/exam/%I -> /var/lib/iserv/config/exam/192.168.9.8 last mod_time: Thu Jan 1 01:00:00 1970 file /etc/samba/smb.conf.local -> /etc/samba/smb.conf.local last mod_time: Tue Dec 15 19:31:42 2015 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu Nov 10 14:50:36 2016 [2016/11/10 14:56:23.596112, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/util.c:171(show_msg) [2016/11/10 14:56:23.596121, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/util.c:181(show_msg) size=144 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51223 smb_tid=65535 smb_pid=18981 smb_uid=14969 smb_mid=2 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 29 (0x1D) smb_bcc=101 [2016/11/10 14:56:23.596178, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) [0000] A1 1B 30 19 A0 03 0A 01 00 A3 12 04 10 01 00 00 ..0..... ........ [0010] 00 EC B9 42 D3 CB 85 6D 43 00 00 00 00 57 00 69 ...B...m C....W.i [0020] 00 6E 00 64 00 6F 00 77 00 73 00 20 00 36 00 2E .n.d.o.w .s. .6.. [0030] 00 31 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 .1...S.a .m.b.a. [0040] 00 34 00 2E 00 34 00 2E 00 35 00 2D 00 44 00 65 .4...4.. .5.-.D.e [0050] 00 62 00 69 00 61 00 6E 00 00 00 4C 00 41 00 4E .b.i.a.n ...L.A.N [0060] 00 32 00 00 00 .2... [2016/11/10 14:56:23.596292, 10, pid=18983, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:158(smb_signing_md5) smb_signing_md5: sequence number 1 [2016/11/10 14:56:23.596304, 10, pid=18983, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:271(smb_signing_sign_pdu) smb_signing_sign_pdu: sent SMB signature of [2016/11/10 14:56:23.596313, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) [0000] A2 AA C5 BF 78 69 B4 86 ....xi.. [2016/11/10 14:56:23.596443, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/util_sock.c:248(read_smb_length_return_keepalive) got smb length of 74 [2016/11/10 14:56:23.596459, 10, pid=18983, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:158(smb_signing_md5) smb_signing_md5: sequence number 2 [2016/11/10 14:56:23.596470, 10, pid=18983, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:330(smb_signing_check_pdu) smb_signing_check_pdu: seq 2: got good SMB signature of [2016/11/10 14:56:23.596479, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) [0000] AD 38 C1 CB DD 18 9D 62 .8.....b [2016/11/10 14:56:23.596494, 6, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1955(process_smb) got message type 0x0 of len 0x4a [2016/11/10 14:56:23.596503, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1957(process_smb) Transaction 3 of length 78 (0 toread) [2016/11/10 14:56:23.596512, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/util.c:171(show_msg) [2016/11/10 14:56:23.596519, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/util.c:181(show_msg) size=74 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51287 smb_tid=65535 smb_pid=18981 smb_uid=14969 smb_mid=3 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 12 (0xC) smb_vwv[ 3]= 1 (0x1) smb_bcc=31 [2016/11/10 14:56:23.596560, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) [0000] 00 5C 00 5C 00 49 00 53 00 45 00 52 00 56 00 5C .\.\.I.S .E.R.V.\ [0010] 00 49 00 50 00 43 00 24 00 00 00 49 50 43 00 .I.P.C.$ ...IPC. [2016/11/10 14:56:23.596587, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1538(switch_message) switch message SMBtconX (pid 18983) conn 0x0 [2016/11/10 14:56:23.596598, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2016/11/10 14:56:23.596611, 5, pid=18983, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/11/10 14:56:23.596620, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/11/10 14:56:23.596637, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2016/11/10 14:56:23.596649, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order) check lock order 1 for /var/run/samba/smbXsrv_session_global.tdb [2016/11/10 14:56:23.596658, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/var/run/samba/smbXsrv_session_global.tdb 2: 3: [2016/11/10 14:56:23.596669, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 6880A3D1 [2016/11/10 14:56:23.596682, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0xf93f3500 [2016/11/10 14:56:23.596705, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_session.c:930(smbXsrv_session_global_store) [2016/11/10 14:56:23.596713, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_session.c:932(smbXsrv_session_global_store) smbXsrv_session_global_store: key '6880A3D1' stored [2016/11/10 14:56:23.596723, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) &global_blob: struct smbXsrv_session_globalB version : SMBXSRV_VERSION_0 (0) seqnum : 0x00000004 (4) info : union smbXsrv_session_globalU(case 0) info0 : * info0: struct smbXsrv_session_global0 db_rec : * session_global_id : 0x6880a3d1 (1753261009) session_wire_id : 0x0000000000003a79 (14969) creation_time : Do Nov 10 14:56:24 2016 CET expiration_time : Do Jan 1 01:00:00 1970 CET auth_time : Do Nov 10 14:56:24 2016 CET auth_session_info_seqnum : 0x00000001 (1) auth_session_info : * auth_session_info: struct auth_session_info security_token : * security_token: struct security_token num_sids : 0x00000007 (7) sids: ARRAY(7) sids : S-1-5-21-1350919854-2293596380-2349120355-1000 sids : S-1-5-21-1350919854-2293596380-2349120355-513 sids : S-1-22-2-0 sids : S-1-1-0 sids : S-1-5-2 sids : S-1-5-11 sids : S-1-22-1-0 privilege_mask : 0x0000000000000000 (0) 0: SEC_PRIV_MACHINE_ACCOUNT_BIT 0: SEC_PRIV_PRINT_OPERATOR_BIT 0: SEC_PRIV_ADD_USERS_BIT 0: SEC_PRIV_DISK_OPERATOR_BIT 0: SEC_PRIV_REMOTE_SHUTDOWN_BIT 0: SEC_PRIV_BACKUP_BIT 0: SEC_PRIV_RESTORE_BIT 0: SEC_PRIV_TAKE_OWNERSHIP_BIT 0: SEC_PRIV_INCREASE_QUOTA_BIT 0: SEC_PRIV_SECURITY_BIT 0: SEC_PRIV_LOAD_DRIVER_BIT 0: SEC_PRIV_SYSTEM_PROFILE_BIT 0: SEC_PRIV_SYSTEMTIME_BIT 0: SEC_PRIV_PROFILE_SINGLE_PROCESS_BIT 0: SEC_PRIV_INCREASE_BASE_PRIORITY_BIT 0: SEC_PRIV_CREATE_PAGEFILE_BIT 0: SEC_PRIV_SHUTDOWN_BIT 0: SEC_PRIV_DEBUG_BIT 0: SEC_PRIV_SYSTEM_ENVIRONMENT_BIT 0: SEC_PRIV_CHANGE_NOTIFY_BIT 0: SEC_PRIV_UNDOCK_BIT 0: SEC_PRIV_ENABLE_DELEGATION_BIT 0: SEC_PRIV_MANAGE_VOLUME_BIT 0: SEC_PRIV_IMPERSONATE_BIT 0: SEC_PRIV_CREATE_GLOBAL_BIT rights_mask : 0x00000000 (0) 0: LSA_POLICY_MODE_INTERACTIVE 0: LSA_POLICY_MODE_NETWORK 0: LSA_POLICY_MODE_BATCH 0: LSA_POLICY_MODE_SERVICE 0: LSA_POLICY_MODE_PROXY 0: LSA_POLICY_MODE_DENY_INTERACTIVE 0: LSA_POLICY_MODE_DENY_NETWORK 0: LSA_POLICY_MODE_DENY_BATCH 0: LSA_POLICY_MODE_DENY_SERVICE 0: LSA_POLICY_MODE_REMOTE_INTERACTIVE 0: LSA_POLICY_MODE_DENY_REMOTE_INTERACTIVE 0x00: LSA_POLICY_MODE_ALL (0) 0x00: LSA_POLICY_MODE_ALL_NT4 (0) unix_token : * unix_token: struct security_unix_token uid : 0x0000000000000000 (0) gid : 0x0000000000000000 (0) ngroups : 0x00000001 (1) groups: ARRAY(1) groups : 0x0000000000000000 (0) info : * info: struct auth_user_info account_name : * account_name : 'root' domain_name : * domain_name : 'LAN2' full_name : * full_name : 'root' logon_script : * logon_script : 'login.bat' profile_path : * profile_path : '\\iserv\Windows\Local' home_directory : * home_directory : '\\iserv\Home' home_drive : * home_drive : 'H:' logon_server : * logon_server : 'ISERV' last_logon : NTTIME(0) last_logoff : Di Jan 19 04:14:07 2038 CET acct_expiry : Di Jan 19 04:14:07 2038 CET last_password_change : Do Nov 10 14:50:46 2016 CET allow_password_change : Do Nov 10 14:50:46 2016 CET force_password_change : Di Jan 19 04:14:07 2038 CET logon_count : 0x0000 (0) bad_password_count : 0x0000 (0) acct_flags : 0x00000010 (16) authenticated : 0x01 (1) unix_info : * unix_info: struct auth_user_info_unix unix_name : * unix_name : 'root' sanitized_username : * sanitized_username : 'root' torture : NULL credentials : NULL connection_dialect : 0x0000 (0) signing_flags : 0x02 (2) 0: SMBXSRV_SIGNING_REQUIRED 1: SMBXSRV_PROCESSED_SIGNED_PACKET 0: SMBXSRV_PROCESSED_UNSIGNED_PACKET encryption_flags : 0x08 (8) 0: SMBXSRV_ENCRYPTION_REQUIRED 0: SMBXSRV_ENCRYPTION_DESIRED 0: SMBXSRV_PROCESSED_ENCRYPTED_PACKET 1: SMBXSRV_PROCESSED_UNENCRYPTED_PACKET num_channels : 0x00000001 (1) channels: ARRAY(1) channels: struct smbXsrv_channel_global0 server_id: struct server_id pid : 0x0000000000004a27 (18983) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x366cb64da8e6853a (3921709820195276090) local_address : 'ipv4:192.168.9.8:445' remote_address : 'ipv4:192.168.9.8:35412' remote_name : '192.168.9.8' auth_session_info_seqnum : 0x00000001 (1) connection : * encryption_cipher : 0x8000 (32768) [2016/11/10 14:56:23.597244, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 6880A3D1 [2016/11/10 14:56:23.597256, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /var/run/samba/smbXsrv_session_global.tdb [2016/11/10 14:56:23.597265, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2016/11/10 14:56:23.597275, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_session.c:1391(smbXsrv_session_update) [2016/11/10 14:56:23.597282, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_session.c:1399(smbXsrv_session_update) smbXsrv_session_update: global_id (0x6880a3d1) stored [2016/11/10 14:56:23.597291, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) &session_blob: struct smbXsrv_sessionB version : SMBXSRV_VERSION_0 (0) reserved : 0x00000000 (0) info : union smbXsrv_sessionU(case 0) info0 : * info0: struct smbXsrv_session table : * db_rec : NULL client : * local_id : 0x00003a79 (14969) global : * global: struct smbXsrv_session_global0 db_rec : NULL session_global_id : 0x6880a3d1 (1753261009) session_wire_id : 0x0000000000003a79 (14969) creation_time : Do Nov 10 14:56:24 2016 CET expiration_time : Do Jan 1 01:00:00 1970 CET auth_time : Do Nov 10 14:56:24 2016 CET auth_session_info_seqnum : 0x00000001 (1) auth_session_info : * auth_session_info: struct auth_session_info security_token : * security_token: struct security_token num_sids : 0x00000007 (7) sids: ARRAY(7) sids : S-1-5-21-1350919854-2293596380-2349120355-1000 sids : S-1-5-21-1350919854-2293596380-2349120355-513 sids : S-1-22-2-0 sids : S-1-1-0 sids : S-1-5-2 sids : S-1-5-11 sids : S-1-22-1-0 privilege_mask : 0x0000000000000000 (0) 0: SEC_PRIV_MACHINE_ACCOUNT_BIT 0: SEC_PRIV_PRINT_OPERATOR_BIT 0: SEC_PRIV_ADD_USERS_BIT 0: SEC_PRIV_DISK_OPERATOR_BIT 0: SEC_PRIV_REMOTE_SHUTDOWN_BIT 0: SEC_PRIV_BACKUP_BIT 0: SEC_PRIV_RESTORE_BIT 0: SEC_PRIV_TAKE_OWNERSHIP_BIT 0: SEC_PRIV_INCREASE_QUOTA_BIT 0: SEC_PRIV_SECURITY_BIT 0: SEC_PRIV_LOAD_DRIVER_BIT 0: SEC_PRIV_SYSTEM_PROFILE_BIT 0: SEC_PRIV_SYSTEMTIME_BIT 0: SEC_PRIV_PROFILE_SINGLE_PROCESS_BIT 0: SEC_PRIV_INCREASE_BASE_PRIORITY_BIT 0: SEC_PRIV_CREATE_PAGEFILE_BIT 0: SEC_PRIV_SHUTDOWN_BIT 0: SEC_PRIV_DEBUG_BIT 0: SEC_PRIV_SYSTEM_ENVIRONMENT_BIT 0: SEC_PRIV_CHANGE_NOTIFY_BIT 0: SEC_PRIV_UNDOCK_BIT 0: SEC_PRIV_ENABLE_DELEGATION_BIT 0: SEC_PRIV_MANAGE_VOLUME_BIT 0: SEC_PRIV_IMPERSONATE_BIT 0: SEC_PRIV_CREATE_GLOBAL_BIT rights_mask : 0x00000000 (0) 0: LSA_POLICY_MODE_INTERACTIVE 0: LSA_POLICY_MODE_NETWORK 0: LSA_POLICY_MODE_BATCH 0: LSA_POLICY_MODE_SERVICE 0: LSA_POLICY_MODE_PROXY 0: LSA_POLICY_MODE_DENY_INTERACTIVE 0: LSA_POLICY_MODE_DENY_NETWORK 0: LSA_POLICY_MODE_DENY_BATCH 0: LSA_POLICY_MODE_DENY_SERVICE 0: LSA_POLICY_MODE_REMOTE_INTERACTIVE 0: LSA_POLICY_MODE_DENY_REMOTE_INTERACTIVE 0x00: LSA_POLICY_MODE_ALL (0) 0x00: LSA_POLICY_MODE_ALL_NT4 (0) unix_token : * unix_token: struct security_unix_token uid : 0x0000000000000000 (0) gid : 0x0000000000000000 (0) ngroups : 0x00000001 (1) groups: ARRAY(1) groups : 0x0000000000000000 (0) info : * info: struct auth_user_info account_name : * account_name : 'root' domain_name : * domain_name : 'LAN2' full_name : * full_name : 'root' logon_script : * logon_script : 'login.bat' profile_path : * profile_path : '\\iserv\Windows\Local' home_directory : * home_directory : '\\iserv\Home' home_drive : * home_drive : 'H:' logon_server : * logon_server : 'ISERV' last_logon : NTTIME(0) last_logoff : Di Jan 19 04:14:07 2038 CET acct_expiry : Di Jan 19 04:14:07 2038 CET last_password_change : Do Nov 10 14:50:46 2016 CET allow_password_change : Do Nov 10 14:50:46 2016 CET force_password_change : Di Jan 19 04:14:07 2038 CET logon_count : 0x0000 (0) bad_password_count : 0x0000 (0) acct_flags : 0x00000010 (16) authenticated : 0x01 (1) unix_info : * unix_info: struct auth_user_info_unix unix_name : * unix_name : 'root' sanitized_username : * sanitized_username : 'root' torture : NULL credentials : NULL connection_dialect : 0x0000 (0) signing_flags : 0x02 (2) 0: SMBXSRV_SIGNING_REQUIRED 1: SMBXSRV_PROCESSED_SIGNED_PACKET 0: SMBXSRV_PROCESSED_UNSIGNED_PACKET encryption_flags : 0x08 (8) 0: SMBXSRV_ENCRYPTION_REQUIRED 0: SMBXSRV_ENCRYPTION_DESIRED 0: SMBXSRV_PROCESSED_ENCRYPTED_PACKET 1: SMBXSRV_PROCESSED_UNENCRYPTED_PACKET num_channels : 0x00000001 (1) channels: ARRAY(1) channels: struct smbXsrv_channel_global0 server_id: struct server_id pid : 0x0000000000004a27 (18983) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x366cb64da8e6853a (3921709820195276090) local_address : 'ipv4:192.168.9.8:445' remote_address : 'ipv4:192.168.9.8:35412' remote_name : '192.168.9.8' auth_session_info_seqnum : 0x00000001 (1) connection : * encryption_cipher : 0x8000 (32768) status : NT_STATUS_OK idle_time : Do Nov 10 14:56:24 2016 CET nonce_high_random : 0x0000000000000000 (0) nonce_high_max : 0x0000000000000000 (0) nonce_high : 0x0000000000000000 (0) nonce_low : 0x0000000000000000 (0) compat : * tcon_table : NULL pending_auth : * pending_auth: struct smbXsrv_session_auth0 prev : * next : NULL session : * connection : * gensec : * preauth : NULL in_flags : 0x00 (0) in_security_mode : 0x00 (0) creation_time : Do Nov 10 14:56:24 2016 CET idle_time : Do Nov 10 14:56:24 2016 CET [2016/11/10 14:56:23.598103, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/reply.c:972(reply_tcon_and_X) Client requested device type [IPC] for share [IPC$] [2016/11/10 14:56:23.598121, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/service.c:1124(make_connection) making a connection to 'normal' service ipc$ [2016/11/10 14:56:23.598136, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order) check lock order 1 for /var/run/samba/smbXsrv_tcon_global.tdb [2016/11/10 14:56:23.598145, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/var/run/samba/smbXsrv_tcon_global.tdb 2: 3: [2016/11/10 14:56:23.598156, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 6114D4AA [2016/11/10 14:56:23.598174, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0xf93e0a00 [2016/11/10 14:56:23.598210, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_tcon.c:709(smbXsrv_tcon_global_store) [2016/11/10 14:56:23.598219, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_tcon.c:711(smbXsrv_tcon_global_store) smbXsrv_tcon_global_store: key '6114D4AA' stored [2016/11/10 14:56:23.598229, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) &global_blob: struct smbXsrv_tcon_globalB version : SMBXSRV_VERSION_0 (0) seqnum : 0x00000001 (1) info : union smbXsrv_tcon_globalU(case 0) info0 : * info0: struct smbXsrv_tcon_global0 db_rec : * tcon_global_id : 0x6114d4aa (1628755114) tcon_wire_id : 0x000034b2 (13490) server_id: struct server_id pid : 0x0000000000004a27 (18983) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x366cb64da8e6853a (3921709820195276090) creation_time : Do Nov 10 14:56:24 2016 CET share_name : NULL encryption_flags : 0x00 (0) 0: SMBXSRV_ENCRYPTION_REQUIRED 0: SMBXSRV_ENCRYPTION_DESIRED 0: SMBXSRV_PROCESSED_ENCRYPTED_PACKET 0: SMBXSRV_PROCESSED_UNENCRYPTED_PACKET session_global_id : 0x00000000 (0) signing_flags : 0x00 (0) 0: SMBXSRV_SIGNING_REQUIRED 0: SMBXSRV_PROCESSED_SIGNED_PACKET 0: SMBXSRV_PROCESSED_UNSIGNED_PACKET [2016/11/10 14:56:23.598372, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 6114D4AA [2016/11/10 14:56:23.598387, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /var/run/samba/smbXsrv_tcon_global.tdb [2016/11/10 14:56:23.598399, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2016/11/10 14:56:23.598413, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_tcon.c:831(smbXsrv_tcon_create) [2016/11/10 14:56:23.598422, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_tcon.c:839(smbXsrv_tcon_create) smbXsrv_tcon_create: global_id (0x6114d4aa) stored [2016/11/10 14:56:23.598434, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) &tcon_blob: struct smbXsrv_tconB version : SMBXSRV_VERSION_0 (0) reserved : 0x00000000 (0) info : union smbXsrv_tconU(case 0) info0 : * info0: struct smbXsrv_tcon table : * db_rec : NULL local_id : 0x000034b2 (13490) global : * global: struct smbXsrv_tcon_global0 db_rec : NULL tcon_global_id : 0x6114d4aa (1628755114) tcon_wire_id : 0x000034b2 (13490) server_id: struct server_id pid : 0x0000000000004a27 (18983) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x366cb64da8e6853a (3921709820195276090) creation_time : Do Nov 10 14:56:24 2016 CET share_name : NULL encryption_flags : 0x00 (0) 0: SMBXSRV_ENCRYPTION_REQUIRED 0: SMBXSRV_ENCRYPTION_DESIRED 0: SMBXSRV_PROCESSED_ENCRYPTED_PACKET 0: SMBXSRV_PROCESSED_UNENCRYPTED_PACKET session_global_id : 0x00000000 (0) signing_flags : 0x00 (0) 0: SMBXSRV_SIGNING_REQUIRED 0: SMBXSRV_PROCESSED_SIGNED_PACKET 0: SMBXSRV_PROCESSED_UNSIGNED_PACKET status : NT_STATUS_INTERNAL_ERROR idle_time : Do Nov 10 14:56:24 2016 CET compat : NULL [2016/11/10 14:56:23.598630, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/access.c:338(allow_access) Allowed connection from 192.168.9.8 (192.168.9.8) [2016/11/10 14:56:23.598646, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/share_access.c:237(user_ok_token) user_ok_token: share IPC$ is ok for unix user root [2016/11/10 14:56:23.598680, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/service.c:164(set_conn_connectpath) set_conn_connectpath: service IPC$, connectpath = /tmp [2016/11/10 14:56:23.598691, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/service.c:622(make_connection_snum) Connect path is '/tmp' for service [IPC$] [2016/11/10 14:56:23.598701, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/share_access.c:237(user_ok_token) user_ok_token: share IPC$ is ok for unix user root [2016/11/10 14:56:23.598710, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/share_access.c:284(is_share_read_only_for_token) is_share_read_only_for_user: share IPC$ is read-only for unix user root [2016/11/10 14:56:23.598734, 10, pid=18983, effective(0, 0), real(0, 0)] ../libcli/security/access_check.c:337(se_file_access_check) se_file_access_check: MAX desired = 0x2000000 mapped to 0x1f01ff [2016/11/10 14:56:23.598745, 3, pid=18983, effective(0, 0), real(0, 0), class=vfs] ../source3/smbd/vfs.c:113(vfs_init_default) Initialising default vfs hooks [2016/11/10 14:56:23.598763, 10, pid=18983, effective(0, 0), real(0, 0), class=vfs] ../source3/smbd/vfs.c:64(vfs_find_backend_entry) vfs_find_backend_entry called for /[Default VFS]/ [2016/11/10 14:56:23.598773, 5, pid=18983, effective(0, 0), real(0, 0), class=vfs] ../source3/smbd/vfs.c:103(smb_register_vfs) Successfully added vfs backend '/[Default VFS]/' [2016/11/10 14:56:23.598790, 10, pid=18983, effective(0, 0), real(0, 0), class=vfs] ../source3/smbd/vfs.c:64(vfs_find_backend_entry) vfs_find_backend_entry called for posixacl [2016/11/10 14:56:23.598814, 5, pid=18983, effective(0, 0), real(0, 0), class=vfs] ../source3/smbd/vfs.c:103(smb_register_vfs) Successfully added vfs backend 'posixacl' [2016/11/10 14:56:23.598824, 3, pid=18983, effective(0, 0), real(0, 0), class=vfs] ../source3/smbd/vfs.c:139(vfs_init_custom) Initialising custom vfs hooks from [/[Default VFS]/] [2016/11/10 14:56:23.598833, 10, pid=18983, effective(0, 0), real(0, 0), class=vfs] ../source3/smbd/vfs.c:64(vfs_find_backend_entry) vfs_find_backend_entry called for /[Default VFS]/ Successfully loaded vfs module [/[Default VFS]/] with the new modules system [2016/11/10 14:56:23.598845, 3, pid=18983, effective(0, 0), real(0, 0), class=vfs] ../source3/smbd/vfs.c:139(vfs_init_custom) Initialising custom vfs hooks from [full_audit] [2016/11/10 14:56:23.598855, 10, pid=18983, effective(0, 0), real(0, 0), class=vfs] ../source3/smbd/vfs.c:64(vfs_find_backend_entry) vfs_find_backend_entry called for full_audit [2016/11/10 14:56:23.598867, 5, pid=18983, effective(0, 0), real(0, 0), class=vfs] ../source3/smbd/vfs.c:179(vfs_init_custom) vfs module [full_audit] not loaded - trying to load... [2016/11/10 14:56:23.598877, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/util/modules.c:171(do_smb_load_module) Loading module 'full_audit' [2016/11/10 14:56:23.598887, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/util/modules.c:185(do_smb_load_module) Loading module 'full_audit': Trying to load from /usr/lib/i386-linux-gnu/samba/vfs/full_audit.so [2016/11/10 14:56:23.600405, 2, pid=18983, effective(0, 0), real(0, 0)] ../lib/util/modules.c:196(do_smb_load_module) Module 'full_audit' loaded [2016/11/10 14:56:23.600422, 10, pid=18983, effective(0, 0), real(0, 0), class=vfs] ../source3/smbd/vfs.c:64(vfs_find_backend_entry) vfs_find_backend_entry called for full_audit [2016/11/10 14:56:23.600435, 5, pid=18983, effective(0, 0), real(0, 0), class=vfs] ../source3/smbd/vfs.c:103(smb_register_vfs) Successfully added vfs backend 'full_audit' [2016/11/10 14:56:23.600448, 10, pid=18983, effective(0, 0), real(0, 0), class=full_audit] ../source3/modules/vfs_full_audit.c:2342(samba_init_module) vfs_full_audit: Debug class number of 'full_audit': 24 [2016/11/10 14:56:23.600462, 10, pid=18983, effective(0, 0), real(0, 0), class=vfs] ../source3/smbd/vfs.c:64(vfs_find_backend_entry) vfs_find_backend_entry called for full_audit Successfully loaded vfs module [full_audit] with the new modules system [2016/11/10 14:56:23.600517, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/service.c:164(set_conn_connectpath) set_conn_connectpath: service IPC$, connectpath = /tmp [2016/11/10 14:56:23.600532, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/share_access.c:237(user_ok_token) user_ok_token: share IPC$ is ok for unix user root [2016/11/10 14:56:23.600545, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/share_access.c:284(is_share_read_only_for_token) is_share_read_only_for_user: share IPC$ is read-only for unix user root [2016/11/10 14:56:23.600566, 10, pid=18983, effective(0, 0), real(0, 0)] ../libcli/security/access_check.c:337(se_file_access_check) se_file_access_check: MAX desired = 0x2000000 mapped to 0x1f01ff [2016/11/10 14:56:23.600604, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2016/11/10 14:56:23.600618, 5, pid=18983, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1350919854-2293596380-2349120355-1000 SID[ 1]: S-1-5-21-1350919854-2293596380-2349120355-513 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-1-0 SID[ 4]: S-1-5-2 SID[ 5]: S-1-5-11 SID[ 6]: S-1-22-1-0 Privileges (0x 0): Rights (0x 0): [2016/11/10 14:56:23.600667, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 1 supplementary groups Group[ 0]: 0 [2016/11/10 14:56:23.600689, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,0) [2016/11/10 14:56:23.600702, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2016/11/10 14:56:23.600712, 5, pid=18983, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/11/10 14:56:23.600721, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/11/10 14:56:23.600736, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2016/11/10 14:56:23.600759, 10, pid=18983, effective(0, 0), real(0, 0), class=vfs] ../source3/modules/vfs_default.c:170(vfswrap_fs_capabilities) vfswrap_fs_capabilities: timestamp resolution of sec available on share IPC$, directory /tmp [2016/11/10 14:56:23.600781, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/service.c:872(make_connection_snum) iserv (ipv4:192.168.9.8:35412) signed connect to service IPC$ initially as user root (uid=0, gid=0) (pid 18983) [2016/11/10 14:56:23.600796, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order) check lock order 1 for /var/run/samba/smbXsrv_tcon_global.tdb [2016/11/10 14:56:23.600805, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/var/run/samba/smbXsrv_tcon_global.tdb 2: 3: [2016/11/10 14:56:23.600816, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 6114D4AA [2016/11/10 14:56:23.600828, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0xf93ee0b8 [2016/11/10 14:56:23.600841, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_tcon.c:709(smbXsrv_tcon_global_store) [2016/11/10 14:56:23.600848, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_tcon.c:711(smbXsrv_tcon_global_store) smbXsrv_tcon_global_store: key '6114D4AA' stored [2016/11/10 14:56:23.600858, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) &global_blob: struct smbXsrv_tcon_globalB version : SMBXSRV_VERSION_0 (0) seqnum : 0x00000002 (2) info : union smbXsrv_tcon_globalU(case 0) info0 : * info0: struct smbXsrv_tcon_global0 db_rec : * tcon_global_id : 0x6114d4aa (1628755114) tcon_wire_id : 0x000034b2 (13490) server_id: struct server_id pid : 0x0000000000004a27 (18983) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x366cb64da8e6853a (3921709820195276090) creation_time : Do Nov 10 14:56:24 2016 CET share_name : 'IPC$' encryption_flags : 0x00 (0) 0: SMBXSRV_ENCRYPTION_REQUIRED 0: SMBXSRV_ENCRYPTION_DESIRED 0: SMBXSRV_PROCESSED_ENCRYPTED_PACKET 0: SMBXSRV_PROCESSED_UNENCRYPTED_PACKET session_global_id : 0x6880a3d1 (1753261009) signing_flags : 0x00 (0) 0: SMBXSRV_SIGNING_REQUIRED 0: SMBXSRV_PROCESSED_SIGNED_PACKET 0: SMBXSRV_PROCESSED_UNSIGNED_PACKET [2016/11/10 14:56:23.600970, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 6114D4AA [2016/11/10 14:56:23.600981, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /var/run/samba/smbXsrv_tcon_global.tdb [2016/11/10 14:56:23.600991, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2016/11/10 14:56:23.601001, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_tcon.c:876(smbXsrv_tcon_update) [2016/11/10 14:56:23.601007, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_tcon.c:884(smbXsrv_tcon_update) smbXsrv_tcon_update: global_id (0x6114d4aa) stored [2016/11/10 14:56:23.601016, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) &tcon_blob: struct smbXsrv_tconB version : SMBXSRV_VERSION_0 (0) reserved : 0x00000000 (0) info : union smbXsrv_tconU(case 0) info0 : * info0: struct smbXsrv_tcon table : * db_rec : NULL local_id : 0x000034b2 (13490) global : * global: struct smbXsrv_tcon_global0 db_rec : NULL tcon_global_id : 0x6114d4aa (1628755114) tcon_wire_id : 0x000034b2 (13490) server_id: struct server_id pid : 0x0000000000004a27 (18983) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x366cb64da8e6853a (3921709820195276090) creation_time : Do Nov 10 14:56:24 2016 CET share_name : 'IPC$' encryption_flags : 0x00 (0) 0: SMBXSRV_ENCRYPTION_REQUIRED 0: SMBXSRV_ENCRYPTION_DESIRED 0: SMBXSRV_PROCESSED_ENCRYPTED_PACKET 0: SMBXSRV_PROCESSED_UNENCRYPTED_PACKET session_global_id : 0x6880a3d1 (1753261009) signing_flags : 0x00 (0) 0: SMBXSRV_SIGNING_REQUIRED 0: SMBXSRV_PROCESSED_SIGNED_PACKET 0: SMBXSRV_PROCESSED_UNSIGNED_PACKET status : NT_STATUS_OK idle_time : Do Nov 10 14:56:24 2016 CET compat : * [2016/11/10 14:56:23.601177, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/reply.c:1139(reply_tcon_and_X) tconX service=IPC$ [2016/11/10 14:56:23.601189, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/util.c:171(show_msg) [2016/11/10 14:56:23.601198, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/util.c:181(show_msg) size=56 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51223 smb_tid=13490 smb_pid=18981 smb_uid=14969 smb_mid=3 smt_wct=7 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 33 (0x21) smb_vwv[ 3]= 511 (0x1FF) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 511 (0x1FF) smb_vwv[ 6]= 0 (0x0) smb_bcc=7 [2016/11/10 14:56:23.601264, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) [0000] 49 50 43 00 00 00 00 IPC.... [2016/11/10 14:56:23.601286, 10, pid=18983, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:158(smb_signing_md5) smb_signing_md5: sequence number 3 [2016/11/10 14:56:23.601299, 10, pid=18983, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:271(smb_signing_sign_pdu) smb_signing_sign_pdu: sent SMB signature of [2016/11/10 14:56:23.601311, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) [0000] 1B EF E2 BC A6 85 6C F2 ......l. [2016/11/10 14:56:23.601475, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/util_sock.c:248(read_smb_length_return_keepalive) got smb length of 102 [2016/11/10 14:56:23.601488, 10, pid=18983, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:158(smb_signing_md5) smb_signing_md5: sequence number 4 [2016/11/10 14:56:23.601498, 10, pid=18983, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:330(smb_signing_check_pdu) smb_signing_check_pdu: seq 4: got good SMB signature of [2016/11/10 14:56:23.601509, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) [0000] A4 DA A2 6D 3A 81 C0 3A ...m:..: [2016/11/10 14:56:23.601524, 6, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1955(process_smb) got message type 0x0 of len 0x66 [2016/11/10 14:56:23.601533, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1957(process_smb) Transaction 4 of length 106 (0 toread) [2016/11/10 14:56:23.601543, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/util.c:171(show_msg) [2016/11/10 14:56:23.601549, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/util.c:181(show_msg) size=102 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51287 smb_tid=13490 smb_pid=18981 smb_uid=14969 smb_mid=4 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 4096 (0x1000) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=19 [2016/11/10 14:56:23.601636, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) [0000] 00 5C 00 6C 00 73 00 61 00 72 00 70 00 63 00 00 .\.l.s.a .r.p.c.. [0010] 00 00 00 ... [2016/11/10 14:56:23.601661, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1538(switch_message) switch message SMBntcreateX (pid 18983) conn 0xf93f01e8 [2016/11/10 14:56:23.601672, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2016/11/10 14:56:23.601683, 5, pid=18983, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1350919854-2293596380-2349120355-1000 SID[ 1]: S-1-5-21-1350919854-2293596380-2349120355-513 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-1-0 SID[ 4]: S-1-5-2 SID[ 5]: S-1-5-11 SID[ 6]: S-1-22-1-0 Privileges (0x 0): Rights (0x 0): [2016/11/10 14:56:23.601718, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 1 supplementary groups Group[ 0]: 0 [2016/11/10 14:56:23.601738, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:363(change_to_user_internal) Impersonated user: uid=(0,0), gid=(0,0) [2016/11/10 14:56:23.601750, 4, pid=18983, effective(0, 0), real(0, 0), class=vfs] ../source3/smbd/vfs.c:844(vfs_ChDir) vfs_ChDir to /tmp [2016/11/10 14:56:23.601768, 4, pid=18983, effective(0, 0), real(0, 0), class=vfs] ../source3/smbd/vfs.c:855(vfs_ChDir) vfs_ChDir got /tmp [2016/11/10 14:56:23.601778, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order) check lock order 1 for /var/run/samba/smbXsrv_tcon_global.tdb [2016/11/10 14:56:23.601788, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/var/run/samba/smbXsrv_tcon_global.tdb 2: 3: [2016/11/10 14:56:23.601814, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 6114D4AA [2016/11/10 14:56:23.601829, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0xf93ee0b8 [2016/11/10 14:56:23.601846, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_tcon.c:709(smbXsrv_tcon_global_store) [2016/11/10 14:56:23.601859, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_tcon.c:711(smbXsrv_tcon_global_store) smbXsrv_tcon_global_store: key '6114D4AA' stored [2016/11/10 14:56:23.601872, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) &global_blob: struct smbXsrv_tcon_globalB version : SMBXSRV_VERSION_0 (0) seqnum : 0x00000003 (3) info : union smbXsrv_tcon_globalU(case 0) info0 : * info0: struct smbXsrv_tcon_global0 db_rec : * tcon_global_id : 0x6114d4aa (1628755114) tcon_wire_id : 0x000034b2 (13490) server_id: struct server_id pid : 0x0000000000004a27 (18983) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x366cb64da8e6853a (3921709820195276090) creation_time : Do Nov 10 14:56:24 2016 CET share_name : 'IPC$' encryption_flags : 0x08 (8) 0: SMBXSRV_ENCRYPTION_REQUIRED 0: SMBXSRV_ENCRYPTION_DESIRED 0: SMBXSRV_PROCESSED_ENCRYPTED_PACKET 1: SMBXSRV_PROCESSED_UNENCRYPTED_PACKET session_global_id : 0x6880a3d1 (1753261009) signing_flags : 0x02 (2) 0: SMBXSRV_SIGNING_REQUIRED 1: SMBXSRV_PROCESSED_SIGNED_PACKET 0: SMBXSRV_PROCESSED_UNSIGNED_PACKET [2016/11/10 14:56:23.602010, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 6114D4AA [2016/11/10 14:56:23.602024, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /var/run/samba/smbXsrv_tcon_global.tdb [2016/11/10 14:56:23.602037, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2016/11/10 14:56:23.602050, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_tcon.c:876(smbXsrv_tcon_update) [2016/11/10 14:56:23.602059, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_tcon.c:884(smbXsrv_tcon_update) smbXsrv_tcon_update: global_id (0x6114d4aa) stored [2016/11/10 14:56:23.602071, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) &tcon_blob: struct smbXsrv_tconB version : SMBXSRV_VERSION_0 (0) reserved : 0x00000000 (0) info : union smbXsrv_tconU(case 0) info0 : * info0: struct smbXsrv_tcon table : * db_rec : NULL local_id : 0x000034b2 (13490) global : * global: struct smbXsrv_tcon_global0 db_rec : NULL tcon_global_id : 0x6114d4aa (1628755114) tcon_wire_id : 0x000034b2 (13490) server_id: struct server_id pid : 0x0000000000004a27 (18983) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x366cb64da8e6853a (3921709820195276090) creation_time : Do Nov 10 14:56:24 2016 CET share_name : 'IPC$' encryption_flags : 0x08 (8) 0: SMBXSRV_ENCRYPTION_REQUIRED 0: SMBXSRV_ENCRYPTION_DESIRED 0: SMBXSRV_PROCESSED_ENCRYPTED_PACKET 1: SMBXSRV_PROCESSED_UNENCRYPTED_PACKET session_global_id : 0x6880a3d1 (1753261009) signing_flags : 0x02 (2) 0: SMBXSRV_SIGNING_REQUIRED 1: SMBXSRV_PROCESSED_SIGNED_PACKET 0: SMBXSRV_PROCESSED_UNSIGNED_PACKET status : NT_STATUS_OK idle_time : Do Nov 10 14:56:24 2016 CET compat : * [2016/11/10 14:56:23.602237, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/nttrans.c:504(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x0, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = lsarpc [2016/11/10 14:56:23.602248, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/nttrans.c:288(nt_open_pipe) nt_open_pipe: Opening pipe \lsarpc. [2016/11/10 14:56:23.602262, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order) check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2016/11/10 14:56:23.602272, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: [2016/11/10 14:56:23.602282, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 4298F82A [2016/11/10 14:56:23.602297, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0xf93f04a8 [2016/11/10 14:56:23.602307, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_open.c:623(smbXsrv_open_global_verify_record) smbXsrv_open_global_verify_record: empty value [2016/11/10 14:56:23.602344, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_open.c:742(smbXsrv_open_global_store) smbXsrv_open_global_store: key '4298F82A' stored [2016/11/10 14:56:23.602355, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) &global_blob: struct smbXsrv_open_globalB version : SMBXSRV_VERSION_0 (0) seqnum : 0x00000001 (1) info : union smbXsrv_open_globalU(case 0) info0 : * info0: struct smbXsrv_open_global0 db_rec : * server_id: struct server_id pid : 0x0000000000004a27 (18983) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x366cb64da8e6853a (3921709820195276090) open_global_id : 0x4298f82a (1117321258) open_persistent_id : 0x000000004298f82a (1117321258) open_volatile_id : 0x0000000000002dec (11756) open_owner : S-1-5-21-1350919854-2293596380-2349120355-1000 open_time : Do Nov 10 14:56:24 2016 CET create_guid : 00000000-0000-0000-0000-000000000000 client_guid : 00000000-0000-0000-0000-000000000000 app_instance_id : 00000000-0000-0000-0000-000000000000 disconnect_time : NTTIME(0) durable_timeout_msec : 0x00000000 (0) durable : 0x00 (0) backend_cookie : DATA_BLOB length=0 channel_sequence : 0x0000000000000000 (0) [2016/11/10 14:56:23.602456, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 4298F82A [2016/11/10 14:56:23.602467, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2016/11/10 14:56:23.602477, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2016/11/10 14:56:23.602486, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_open.c:909(smbXsrv_open_create) smbXsrv_open_create: global_id (0x4298f82a) stored [2016/11/10 14:56:23.602508, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) &open_blob: struct smbXsrv_openB version : SMBXSRV_VERSION_0 (0) reserved : 0x00000000 (0) info : union smbXsrv_openU(case 0) info0 : * info0: struct smbXsrv_open table : * db_rec : NULL local_id : 0x00002dec (11756) global : * global: struct smbXsrv_open_global0 db_rec : NULL server_id: struct server_id pid : 0x0000000000004a27 (18983) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x366cb64da8e6853a (3921709820195276090) open_global_id : 0x4298f82a (1117321258) open_persistent_id : 0x000000004298f82a (1117321258) open_volatile_id : 0x0000000000002dec (11756) open_owner : S-1-5-21-1350919854-2293596380-2349120355-1000 open_time : Do Nov 10 14:56:24 2016 CET create_guid : 00000000-0000-0000-0000-000000000000 client_guid : 00000000-0000-0000-0000-000000000000 app_instance_id : 00000000-0000-0000-0000-000000000000 disconnect_time : NTTIME(0) durable_timeout_msec : 0x00000000 (0) durable : 0x00 (0) backend_cookie : DATA_BLOB length=0 channel_sequence : 0x0000000000000000 (0) status : NT_STATUS_OK idle_time : Do Nov 10 14:56:24 2016 CET compat : NULL flags : 0x00 (0) 0: SMBXSRV_OPEN_NEED_REPLAY_CACHE 0: SMBXSRV_OPEN_HAVE_REPLAY_CACHE create_action : 0x00000000 (0) request_count : 0x0000000000000000 (0) pre_request_count : 0x0000000000000000 (0) [2016/11/10 14:56:23.602743, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/files.c:128(file_new) allocated file structure fnum 11756 (1 used) [2016/11/10 14:56:23.602758, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/files.c:745(file_name_hash) file_name_hash: /tmp/lsarpc hash 0xa9e2e929 [2016/11/10 14:56:23.602815, 4, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:89(make_internal_rpc_pipe_socketpair) Create of internal pipe lsarpc requested [2016/11/10 14:56:23.602892, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/nttrans.c:382(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \lsarpc [2016/11/10 14:56:23.602908, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/util.c:171(show_msg) [2016/11/10 14:56:23.602914, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/util.c:181(show_msg) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51223 smb_tid=13490 smb_pid=18981 smb_uid=14969 smb_mid=4 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=60416 (0xEC00) smb_vwv[ 3]= 301 (0x12D) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2016/11/10 14:56:23.603024, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) [2016/11/10 14:56:23.603031, 10, pid=18983, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:158(smb_signing_md5) smb_signing_md5: sequence number 5 [2016/11/10 14:56:23.603041, 10, pid=18983, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:271(smb_signing_sign_pdu) smb_signing_sign_pdu: sent SMB signature of [2016/11/10 14:56:23.603049, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) [0000] 31 A1 FF AC 2E DD E3 9D 1....... [2016/11/10 14:56:23.603219, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/util_sock.c:248(read_smb_length_return_keepalive) got smb length of 156 [2016/11/10 14:56:23.603231, 10, pid=18983, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:158(smb_signing_md5) smb_signing_md5: sequence number 6 [2016/11/10 14:56:23.603241, 10, pid=18983, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:330(smb_signing_check_pdu) smb_signing_check_pdu: seq 6: got good SMB signature of [2016/11/10 14:56:23.603261, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) [0000] 40 94 18 74 04 08 BD F1 @..t.... [2016/11/10 14:56:23.603283, 6, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1955(process_smb) got message type 0x0 of len 0x9c [2016/11/10 14:56:23.603295, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1957(process_smb) Transaction 5 of length 160 (0 toread) [2016/11/10 14:56:23.603307, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/util.c:171(show_msg) [2016/11/10 14:56:23.603315, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/util.c:181(show_msg) size=156 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51287 smb_tid=13490 smb_pid=18981 smb_uid=14969 smb_mid=5 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=11756 (0x2DEC) smb_bcc=89 [2016/11/10 14:56:23.603409, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [0020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [0030] 00 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xW4.4.. ....#Eg. [0040] AB 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [0050] 00 2B 10 48 60 02 00 00 00 .+.H`... . [2016/11/10 14:56:23.603515, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1538(switch_message) switch message SMBtrans (pid 18983) conn 0xf93f01e8 [2016/11/10 14:56:23.603528, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2016/11/10 14:56:23.603543, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:591(handle_trans) trans <\PIPE\> data=72 params=0 setup=2 [2016/11/10 14:56:23.603557, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:624(handle_trans) calling named_pipe [2016/11/10 14:56:23.603569, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:542(named_pipe) named pipe command on <> name [2016/11/10 14:56:23.603581, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:464(api_fd_reply) api_fd_reply [2016/11/10 14:56:23.603593, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:506(api_fd_reply) Got API command 0x26 on pipe "lsarpc" (pnum 2dec) [2016/11/10 14:56:23.603606, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:508(api_fd_reply) api_fd_reply: p:0xf93f0f30 max_trans_reply: 4280 [2016/11/10 14:56:23.603621, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:172(np_write_send) np_write_send: len: 72 [2016/11/10 14:56:23.603663, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:441(named_pipe_packet_process) PDU is in Little Endian format! [2016/11/10 14:56:23.603675, 10, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1685(process_complete_pdu) Processing packet type 11 [2016/11/10 14:56:23.603700, 3, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:728(api_pipe_bind_req) api_pipe_bind_req: lsarpc -> lsarpc rpc service [2016/11/10 14:56:23.603710, 5, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:761(api_pipe_bind_req) api_pipe_bind_req: make response. 761 [2016/11/10 14:56:23.603719, 3, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:356(check_bind_req) check_bind_req for lsarpc context_id=0 [2016/11/10 14:56:23.603739, 3, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:399(check_bind_req) check_bind_req: lsarpc -> lsarpc rpc service [2016/11/10 14:56:23.603749, 10, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:223(init_pipe_handles) init_pipe_handle_list: created handle list for pipe lsarpc [2016/11/10 14:56:23.603759, 10, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:240(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe lsarpc [2016/11/10 14:56:23.603782, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0044 (68) auth_length : 0x0000 (0) call_id : 0x00000001 (1) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x000053f0 (21488) secondary_address_size : 0x000d (13) secondary_address : '\PIPE\lsarpc' _pad1 : DATA_BLOB length=0 num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : DCERPC_BIND_ACK_RESULT_ACCEPTANCE (0) reason : union dcerpc_bind_ack_reason(case 0) value : DCERPC_BIND_ACK_REASON_NOT_SPECIFIED (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 [2016/11/10 14:56:23.603923, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:509(named_pipe_packet_process) Sending 1 fragments in a total of 0 bytes [2016/11/10 14:56:23.603946, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:514(named_pipe_packet_process) Sending PDU number: 0, PDU Length: 68 [2016/11/10 14:56:23.603987, 10, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:417(np_read_recv) Received 68 bytes. There is no more data outstanding [2016/11/10 14:56:23.604001, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..68] (align 0) [2016/11/10 14:56:23.604014, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/util.c:171(show_msg) [2016/11/10 14:56:23.604022, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/util.c:181(show_msg) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51223 smb_tid=13490 smb_pid=18981 smb_uid=14969 smb_mid=5 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2016/11/10 14:56:23.604105, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) [0000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [0010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE [0020] 5C 6C 73 61 72 70 63 00 00 01 00 00 00 00 00 00 \lsarpc. ........ [0030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [0040] 60 02 00 00 00 `.... [2016/11/10 14:56:23.604190, 10, pid=18983, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:158(smb_signing_md5) smb_signing_md5: sequence number 7 [2016/11/10 14:56:23.604203, 10, pid=18983, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:271(smb_signing_sign_pdu) smb_signing_sign_pdu: sent SMB signature of [2016/11/10 14:56:23.604215, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) [0000] 88 3E A2 06 BB 11 25 B4 .>....%. [2016/11/10 14:56:23.604369, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/util_sock.c:248(read_smb_length_return_keepalive) got smb length of 152 [2016/11/10 14:56:23.604382, 10, pid=18983, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:158(smb_signing_md5) smb_signing_md5: sequence number 8 [2016/11/10 14:56:23.604392, 10, pid=18983, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:330(smb_signing_check_pdu) smb_signing_check_pdu: seq 8: got good SMB signature of [2016/11/10 14:56:23.604405, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) [0000] 4D 68 E7 46 0F 23 B6 66 Mh.F.#.f [2016/11/10 14:56:23.604419, 6, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1955(process_smb) got message type 0x0 of len 0x98 [2016/11/10 14:56:23.604429, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1957(process_smb) Transaction 6 of length 156 (0 toread) [2016/11/10 14:56:23.604438, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/util.c:171(show_msg) [2016/11/10 14:56:23.604444, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/util.c:181(show_msg) size=152 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51287 smb_tid=13490 smb_pid=18981 smb_uid=14969 smb_mid=6 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 68 (0x44) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=11756 (0x2DEC) smb_bcc=85 [2016/11/10 14:56:23.604513, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 44 00 00 00 02 00 00 ........ .D...... [0020] 00 2C 00 00 00 00 00 06 00 00 00 02 00 5C 00 00 .,...... .....\.. [0030] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 04 00 02 00 0C 00 00 00 02 00 01 ........ ........ [0050] 00 00 00 00 02 ..... [2016/11/10 14:56:23.604577, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1538(switch_message) switch message SMBtrans (pid 18983) conn 0xf93f01e8 [2016/11/10 14:56:23.604587, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2016/11/10 14:56:23.604598, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:591(handle_trans) trans <\PIPE\> data=68 params=0 setup=2 [2016/11/10 14:56:23.604609, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:624(handle_trans) calling named_pipe [2016/11/10 14:56:23.604618, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:542(named_pipe) named pipe command on <> name [2016/11/10 14:56:23.604627, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:464(api_fd_reply) api_fd_reply [2016/11/10 14:56:23.604650, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:506(api_fd_reply) Got API command 0x26 on pipe "lsarpc" (pnum 2dec) [2016/11/10 14:56:23.604664, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:508(api_fd_reply) api_fd_reply: p:0xf93f0f30 max_trans_reply: 4280 [2016/11/10 14:56:23.604676, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:172(np_write_send) np_write_send: len: 68 [2016/11/10 14:56:23.604719, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:441(named_pipe_packet_process) PDU is in Little Endian format! [2016/11/10 14:56:23.604732, 10, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1685(process_complete_pdu) Processing packet type 0 [2016/11/10 14:56:23.604745, 10, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1554(dcesrv_auth_request) Checking request auth. [2016/11/10 14:56:23.604762, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2016/11/10 14:56:23.604778, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2016/11/10 14:56:23.604795, 5, pid=18983, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1350919854-2293596380-2349120355-1000 SID[ 1]: S-1-5-21-1350919854-2293596380-2349120355-513 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-1-0 SID[ 4]: S-1-5-2 SID[ 5]: S-1-5-11 SID[ 6]: S-1-22-1-0 Privileges (0x 0): Rights (0x 0): [2016/11/10 14:56:23.604843, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 1 supplementary groups Group[ 0]: 0 [2016/11/10 14:56:23.604870, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:452(smbd_become_authenticated_pipe_user) Impersonated user: uid=(0,0), gid=(0,0) [2016/11/10 14:56:23.604885, 5, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1404(api_pipe_request) Requested lsarpc rpc service [2016/11/10 14:56:23.604897, 4, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1429(api_rpcTNP) api_rpcTNP: lsarpc op 0x6 - api_rpcTNP: rpc command: LSA_OPENPOLICY [2016/11/10 14:56:23.604913, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1469(api_rpcTNP) api_rpc_cmds[6].fn == 0xf7537f40 [2016/11/10 14:56:23.604950, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) lsa_OpenPolicy: struct lsa_OpenPolicy in: struct lsa_OpenPolicy system_name : * system_name : 0x005c (92) attr : * attr: struct lsa_ObjectAttribute len : 0x00000018 (24) root_dir : NULL object_name : NULL attributes : 0x00000000 (0) sec_desc : NULL sec_qos : * sec_qos: struct lsa_QosInfo len : 0x0000000c (12) impersonation_level : 0x0002 (2) context_mode : 0x01 (1) effective_only : 0x00 (0) access_mask : 0x02000000 (33554432) 0: LSA_POLICY_VIEW_LOCAL_INFORMATION 0: LSA_POLICY_VIEW_AUDIT_INFORMATION 0: LSA_POLICY_GET_PRIVATE_INFORMATION 0: LSA_POLICY_TRUST_ADMIN 0: LSA_POLICY_CREATE_ACCOUNT 0: LSA_POLICY_CREATE_SECRET 0: LSA_POLICY_CREATE_PRIVILEGE 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS 0: LSA_POLICY_AUDIT_LOG_ADMIN 0: LSA_POLICY_SERVER_ADMIN 0: LSA_POLICY_LOOKUP_NAMES 0: LSA_POLICY_NOTIFICATION [2016/11/10 14:56:23.605107, 10, pid=18983, effective(0, 0), real(0, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0xb0000000 to 0x000f1fff [2016/11/10 14:56:23.605122, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/rpc_server/srv_access_check.c:95(access_check_object) _lsa_OpenPolicy2: ACCESS should be DENIED (requested: 0x000f1fff) but overritten by euid == initial uid [2016/11/10 14:56:23.605134, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/rpc_server/srv_access_check.c:117(access_check_object) _lsa_OpenPolicy2: access GRANTED (requested: 0x000f1fff, granted: 0x000f1fff) [2016/11/10 14:56:23.605146, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 24 58 87 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:23.605174, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) lsa_OpenPolicy: struct lsa_OpenPolicy out: struct lsa_OpenPolicy handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000d-0000-0000-2458-877c274a0000 result : NT_STATUS_OK [2016/11/10 14:56:23.605206, 5, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1496(api_rpcTNP) api_rpcTNP: called lsarpc successfully [2016/11/10 14:56:23.605222, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2016/11/10 14:56:23.605236, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 24 58 87 7C ........ ....$X.| [0010] 27 4A 00 00 00 00 00 00 'J...... [2016/11/10 14:56:23.605365, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:509(named_pipe_packet_process) Sending 1 fragments in a total of 24 bytes [2016/11/10 14:56:23.605375, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:514(named_pipe_packet_process) Sending PDU number: 0, PDU Length: 48 [2016/11/10 14:56:23.605406, 10, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:417(np_read_recv) Received 48 bytes. There is no more data outstanding [2016/11/10 14:56:23.605417, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2016/11/10 14:56:23.605427, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/util.c:171(show_msg) [2016/11/10 14:56:23.605434, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/util.c:181(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51223 smb_tid=13490 smb_pid=18981 smb_uid=14969 smb_mid=6 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2016/11/10 14:56:23.605493, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 0D 00 00 ........ ........ [0020] 00 00 00 00 00 24 58 87 7C 27 4A 00 00 00 00 00 .....$X. |'J..... [0030] 00 . [2016/11/10 14:56:23.605535, 10, pid=18983, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:158(smb_signing_md5) smb_signing_md5: sequence number 9 [2016/11/10 14:56:23.605545, 10, pid=18983, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:271(smb_signing_sign_pdu) smb_signing_sign_pdu: sent SMB signature of [2016/11/10 14:56:23.605554, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) [0000] 4B 68 76 CB 0F 3D 89 3F Khv..=.? [2016/11/10 14:56:23.605656, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/util_sock.c:248(read_smb_length_return_keepalive) got smb length of 130 [2016/11/10 14:56:23.605671, 10, pid=18983, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:158(smb_signing_md5) smb_signing_md5: sequence number 10 [2016/11/10 14:56:23.605684, 10, pid=18983, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:330(smb_signing_check_pdu) smb_signing_check_pdu: seq 10: got good SMB signature of [2016/11/10 14:56:23.605696, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) [0000] 01 77 69 A7 F0 84 8D D0 .wi..... [2016/11/10 14:56:23.605717, 6, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1955(process_smb) got message type 0x0 of len 0x82 [2016/11/10 14:56:23.605729, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1957(process_smb) Transaction 7 of length 134 (0 toread) [2016/11/10 14:56:23.605741, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/util.c:171(show_msg) [2016/11/10 14:56:23.605749, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/util.c:181(show_msg) size=130 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51287 smb_tid=13490 smb_pid=18981 smb_uid=14969 smb_mid=7 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 46 (0x2E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 46 (0x2E) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=11756 (0x2DEC) smb_bcc=63 [2016/11/10 14:56:23.605842, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 2E 00 00 00 03 00 00 ........ ........ [0020] 00 16 00 00 00 00 00 07 00 00 00 00 00 0D 00 00 ........ ........ [0030] 00 00 00 00 00 24 58 87 7C 27 4A 00 00 05 00 .....$X. |'J.... [2016/11/10 14:56:23.605916, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1538(switch_message) switch message SMBtrans (pid 18983) conn 0xf93f01e8 [2016/11/10 14:56:23.605929, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2016/11/10 14:56:23.605946, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:591(handle_trans) trans <\PIPE\> data=46 params=0 setup=2 [2016/11/10 14:56:23.605958, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:624(handle_trans) calling named_pipe [2016/11/10 14:56:23.605967, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:542(named_pipe) named pipe command on <> name [2016/11/10 14:56:23.605976, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:464(api_fd_reply) api_fd_reply [2016/11/10 14:56:23.605986, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:506(api_fd_reply) Got API command 0x26 on pipe "lsarpc" (pnum 2dec) [2016/11/10 14:56:23.605998, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:508(api_fd_reply) api_fd_reply: p:0xf93f0f30 max_trans_reply: 4280 [2016/11/10 14:56:23.606008, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:172(np_write_send) np_write_send: len: 46 [2016/11/10 14:56:23.606041, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:441(named_pipe_packet_process) PDU is in Little Endian format! [2016/11/10 14:56:23.606051, 10, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1685(process_complete_pdu) Processing packet type 0 [2016/11/10 14:56:23.606061, 10, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1554(dcesrv_auth_request) Checking request auth. [2016/11/10 14:56:23.606073, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2016/11/10 14:56:23.606085, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2016/11/10 14:56:23.606095, 5, pid=18983, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1350919854-2293596380-2349120355-1000 SID[ 1]: S-1-5-21-1350919854-2293596380-2349120355-513 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-1-0 SID[ 4]: S-1-5-2 SID[ 5]: S-1-5-11 SID[ 6]: S-1-22-1-0 Privileges (0x 0): Rights (0x 0): [2016/11/10 14:56:23.606130, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 1 supplementary groups Group[ 0]: 0 [2016/11/10 14:56:23.606150, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:452(smbd_become_authenticated_pipe_user) Impersonated user: uid=(0,0), gid=(0,0) [2016/11/10 14:56:23.606161, 5, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1404(api_pipe_request) Requested lsarpc rpc service [2016/11/10 14:56:23.606170, 4, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1429(api_rpcTNP) api_rpcTNP: lsarpc op 0x7 - api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY [2016/11/10 14:56:23.606182, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1469(api_rpcTNP) api_rpc_cmds[7].fn == 0xf7537cb0 [2016/11/10 14:56:23.606192, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) lsa_QueryInfoPolicy: struct lsa_QueryInfoPolicy in: struct lsa_QueryInfoPolicy handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000d-0000-0000-2458-877c274a0000 level : LSA_POLICY_INFO_ACCOUNT_DOMAIN (5) [2016/11/10 14:56:23.606240, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 24 58 87 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:23.606266, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) lsa_QueryInfoPolicy: struct lsa_QueryInfoPolicy out: struct lsa_QueryInfoPolicy info : * info : * info : union lsa_PolicyInformation(case 5) account_domain: struct lsa_DomainInfo name: struct lsa_StringLarge length : 0x0008 (8) size : 0x000a (10) string : * string : 'LAN2' sid : * sid : S-1-5-21-1350919854-2293596380-2349120355 result : NT_STATUS_OK [2016/11/10 14:56:23.606328, 5, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1496(api_rpcTNP) api_rpcTNP: called lsarpc successfully [2016/11/10 14:56:23.606344, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2016/11/10 14:56:23.606358, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0060 (96) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000048 (72) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=72 [0000] 00 00 02 00 05 00 00 00 08 00 0A 00 04 00 02 00 ........ ........ [0010] 08 00 02 00 05 00 00 00 00 00 00 00 04 00 00 00 ........ ........ [0020] 4C 00 41 00 4E 00 32 00 04 00 00 00 01 04 00 00 L.A.N.2. ........ [0030] 00 00 00 05 15 00 00 00 AE 66 85 50 DC 80 B5 88 ........ .f.P.... [0040] 63 BB 04 8C 00 00 00 00 c....... [2016/11/10 14:56:23.606604, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:509(named_pipe_packet_process) Sending 1 fragments in a total of 72 bytes [2016/11/10 14:56:23.606617, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:514(named_pipe_packet_process) Sending PDU number: 0, PDU Length: 96 [2016/11/10 14:56:23.606657, 10, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:417(np_read_recv) Received 96 bytes. There is no more data outstanding [2016/11/10 14:56:23.606670, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..96] (align 0) [2016/11/10 14:56:23.606683, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/util.c:171(show_msg) [2016/11/10 14:56:23.606691, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/util.c:181(show_msg) size=152 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51223 smb_tid=13490 smb_pid=18981 smb_uid=14969 smb_mid=7 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 96 (0x60) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 96 (0x60) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=97 [2016/11/10 14:56:23.606770, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) [0000] 00 05 00 02 03 10 00 00 00 60 00 00 00 03 00 00 ........ .`...... [0010] 00 48 00 00 00 00 00 00 00 00 00 02 00 05 00 00 .H...... ........ [0020] 00 08 00 0A 00 04 00 02 00 08 00 02 00 05 00 00 ........ ........ [0030] 00 00 00 00 00 04 00 00 00 4C 00 41 00 4E 00 32 ........ .L.A.N.2 [0040] 00 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 ........ ........ [0050] 00 AE 66 85 50 DC 80 B5 88 63 BB 04 8C 00 00 00 ..f.P... .c...... [0060] 00 . [2016/11/10 14:56:23.606849, 10, pid=18983, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:158(smb_signing_md5) smb_signing_md5: sequence number 11 [2016/11/10 14:56:23.606860, 10, pid=18983, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:271(smb_signing_sign_pdu) smb_signing_sign_pdu: sent SMB signature of [2016/11/10 14:56:23.606869, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) [0000] 31 CD 7A 29 CA DC 44 3E 1.z)..D> [2016/11/10 14:56:23.606979, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/util_sock.c:248(read_smb_length_return_keepalive) got smb length of 128 [2016/11/10 14:56:23.606991, 10, pid=18983, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:158(smb_signing_md5) smb_signing_md5: sequence number 12 [2016/11/10 14:56:23.607001, 10, pid=18983, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:330(smb_signing_check_pdu) smb_signing_check_pdu: seq 12: got good SMB signature of [2016/11/10 14:56:23.607010, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) [0000] CA 72 71 DE 35 F3 49 D7 .rq.5.I. [2016/11/10 14:56:23.607025, 6, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1955(process_smb) got message type 0x0 of len 0x80 [2016/11/10 14:56:23.607034, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1957(process_smb) Transaction 8 of length 132 (0 toread) [2016/11/10 14:56:23.607043, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/util.c:171(show_msg) [2016/11/10 14:56:23.607049, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/util.c:181(show_msg) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51287 smb_tid=13490 smb_pid=18981 smb_uid=14969 smb_mid=8 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=11756 (0x2DEC) smb_bcc=61 [2016/11/10 14:56:23.607120, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 04 00 00 ........ .,...... [0020] 00 14 00 00 00 00 00 00 00 00 00 00 00 0D 00 00 ........ ........ [0030] 00 00 00 00 00 24 58 87 7C 27 4A 00 00 .....$X. |'J.. [2016/11/10 14:56:23.607199, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1538(switch_message) switch message SMBtrans (pid 18983) conn 0xf93f01e8 [2016/11/10 14:56:23.607213, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2016/11/10 14:56:23.607227, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:591(handle_trans) trans <\PIPE\> data=44 params=0 setup=2 [2016/11/10 14:56:23.607241, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:624(handle_trans) calling named_pipe [2016/11/10 14:56:23.607252, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:542(named_pipe) named pipe command on <> name [2016/11/10 14:56:23.607269, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:464(api_fd_reply) api_fd_reply [2016/11/10 14:56:23.607281, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:506(api_fd_reply) Got API command 0x26 on pipe "lsarpc" (pnum 2dec) [2016/11/10 14:56:23.607293, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:508(api_fd_reply) api_fd_reply: p:0xf93f0f30 max_trans_reply: 4280 [2016/11/10 14:56:23.607306, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:172(np_write_send) np_write_send: len: 44 [2016/11/10 14:56:23.607348, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:441(named_pipe_packet_process) PDU is in Little Endian format! [2016/11/10 14:56:23.607361, 10, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1685(process_complete_pdu) Processing packet type 0 [2016/11/10 14:56:23.607373, 10, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1554(dcesrv_auth_request) Checking request auth. [2016/11/10 14:56:23.607390, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2016/11/10 14:56:23.607404, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2016/11/10 14:56:23.607417, 5, pid=18983, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1350919854-2293596380-2349120355-1000 SID[ 1]: S-1-5-21-1350919854-2293596380-2349120355-513 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-1-0 SID[ 4]: S-1-5-2 SID[ 5]: S-1-5-11 SID[ 6]: S-1-22-1-0 Privileges (0x 0): Rights (0x 0): [2016/11/10 14:56:23.607465, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 1 supplementary groups Group[ 0]: 0 [2016/11/10 14:56:23.607490, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:452(smbd_become_authenticated_pipe_user) Impersonated user: uid=(0,0), gid=(0,0) [2016/11/10 14:56:23.607508, 5, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1404(api_pipe_request) Requested lsarpc rpc service [2016/11/10 14:56:23.607519, 4, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1429(api_rpcTNP) api_rpcTNP: lsarpc op 0x0 - api_rpcTNP: rpc command: LSA_CLOSE [2016/11/10 14:56:23.607531, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1469(api_rpcTNP) api_rpc_cmds[0].fn == 0xf7538de0 [2016/11/10 14:56:23.607541, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) lsa_Close: struct lsa_Close in: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000d-0000-0000-2458-877c274a0000 [2016/11/10 14:56:23.607569, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 24 58 87 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:23.607594, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 24 58 87 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:23.607616, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) Closed policy [2016/11/10 14:56:23.607629, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) lsa_Close: struct lsa_Close out: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_OK [2016/11/10 14:56:23.607672, 5, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1496(api_rpcTNP) api_rpcTNP: called lsarpc successfully [2016/11/10 14:56:23.607688, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2016/11/10 14:56:23.607702, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000004 (4) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 ........ [2016/11/10 14:56:23.607821, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:509(named_pipe_packet_process) Sending 1 fragments in a total of 24 bytes [2016/11/10 14:56:23.607830, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:514(named_pipe_packet_process) Sending PDU number: 0, PDU Length: 48 [2016/11/10 14:56:23.607860, 10, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:417(np_read_recv) Received 48 bytes. There is no more data outstanding [2016/11/10 14:56:23.607871, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2016/11/10 14:56:23.607881, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/util.c:171(show_msg) [2016/11/10 14:56:23.607887, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/util.c:181(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51223 smb_tid=13490 smb_pid=18981 smb_uid=14969 smb_mid=8 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2016/11/10 14:56:23.607960, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 . [2016/11/10 14:56:23.608007, 10, pid=18983, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:158(smb_signing_md5) smb_signing_md5: sequence number 13 [2016/11/10 14:56:23.608017, 10, pid=18983, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:271(smb_signing_sign_pdu) smb_signing_sign_pdu: sent SMB signature of [2016/11/10 14:56:23.608026, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) [0000] 38 A0 9D E3 B1 67 DB 12 8....g.. [2016/11/10 14:56:23.608116, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/util_sock.c:248(read_smb_length_return_keepalive) got smb length of 41 [2016/11/10 14:56:23.608137, 10, pid=18983, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:158(smb_signing_md5) smb_signing_md5: sequence number 14 [2016/11/10 14:56:23.608152, 10, pid=18983, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:330(smb_signing_check_pdu) smb_signing_check_pdu: seq 14: got good SMB signature of [2016/11/10 14:56:23.608163, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) [0000] 64 F7 DE A7 CF EF 50 7A d.....Pz [2016/11/10 14:56:23.608181, 6, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1955(process_smb) got message type 0x0 of len 0x29 [2016/11/10 14:56:23.608192, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1957(process_smb) Transaction 9 of length 45 (0 toread) [2016/11/10 14:56:23.608201, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/util.c:171(show_msg) [2016/11/10 14:56:23.608208, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/util.c:181(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51287 smb_tid=13490 smb_pid=18981 smb_uid=14969 smb_mid=9 smt_wct=3 smb_vwv[ 0]=11756 (0x2DEC) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2016/11/10 14:56:23.608250, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) [2016/11/10 14:56:23.608259, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1538(switch_message) switch message SMBclose (pid 18983) conn 0xf93f01e8 [2016/11/10 14:56:23.608269, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2016/11/10 14:56:23.608279, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/reply.c:5327(reply_close) Close file fd=-1 fnum 11756 (numopen=1) [2016/11/10 14:56:23.608291, 6, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/close.c:513(set_close_write_time) close_write_time: Thu Jan 1 00:59:59 1970 [2016/11/10 14:56:23.608304, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order) check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2016/11/10 14:56:23.608314, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: [2016/11/10 14:56:23.608325, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 4298F82A [2016/11/10 14:56:23.608339, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0xf93f0d10 [2016/11/10 14:56:23.608354, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 4298F82A [2016/11/10 14:56:23.608364, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2016/11/10 14:56:23.608374, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2016/11/10 14:56:23.608396, 10, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:418(close_policy_by_pipe) Deleted handle list for RPC connection lsarpc [2016/11/10 14:56:23.608417, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/files.c:554(file_free) freed files structure 11756 (0 used) [2016/11/10 14:56:23.608429, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/util.c:171(show_msg) [2016/11/10 14:56:23.608435, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/util.c:181(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51223 smb_tid=13490 smb_pid=18981 smb_uid=14969 smb_mid=9 smt_wct=0 smb_bcc=0 [2016/11/10 14:56:23.608469, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) [2016/11/10 14:56:23.608477, 10, pid=18983, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:158(smb_signing_md5) smb_signing_md5: sequence number 15 [2016/11/10 14:56:23.608487, 10, pid=18983, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:271(smb_signing_sign_pdu) smb_signing_sign_pdu: sent SMB signature of [2016/11/10 14:56:23.608496, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) [0000] 5F 3C B5 87 53 98 F9 08 _<..S... [2016/11/10 14:56:30.590208, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/util_sock.c:248(read_smb_length_return_keepalive) got smb length of 104 [2016/11/10 14:56:30.590237, 10, pid=18983, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:158(smb_signing_md5) smb_signing_md5: sequence number 16 [2016/11/10 14:56:30.590253, 10, pid=18983, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:330(smb_signing_check_pdu) smb_signing_check_pdu: seq 16: got good SMB signature of [2016/11/10 14:56:30.590264, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) [0000] 70 33 3B B5 C9 86 E2 CD p3;..... [2016/11/10 14:56:30.590280, 6, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1955(process_smb) got message type 0x0 of len 0x68 [2016/11/10 14:56:30.590289, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1957(process_smb) Transaction 10 of length 108 (0 toread) [2016/11/10 14:56:30.590299, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/util.c:171(show_msg) [2016/11/10 14:56:30.590306, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/util.c:181(show_msg) size=104 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51287 smb_tid=13490 smb_pid=18981 smb_uid=14969 smb_mid=10 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 4608 (0x1200) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=21 [2016/11/10 14:56:30.590397, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) [0000] 00 5C 00 73 00 70 00 6F 00 6F 00 6C 00 73 00 73 .\.s.p.o .o.l.s.s [0010] 00 00 00 00 00 ..... [2016/11/10 14:56:30.590429, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1538(switch_message) switch message SMBntcreateX (pid 18983) conn 0xf93f01e8 [2016/11/10 14:56:30.590440, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2016/11/10 14:56:30.590457, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/nttrans.c:504(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x0, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = spoolss [2016/11/10 14:56:30.590471, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/nttrans.c:288(nt_open_pipe) nt_open_pipe: Opening pipe \spoolss. [2016/11/10 14:56:30.590489, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order) check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2016/11/10 14:56:30.590499, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: [2016/11/10 14:56:30.590511, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 35AFBF44 [2016/11/10 14:56:30.590526, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0xf93f04a8 [2016/11/10 14:56:30.590540, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_open.c:623(smbXsrv_open_global_verify_record) smbXsrv_open_global_verify_record: empty value [2016/11/10 14:56:30.590571, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_open.c:742(smbXsrv_open_global_store) smbXsrv_open_global_store: key '35AFBF44' stored [2016/11/10 14:56:30.590582, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) &global_blob: struct smbXsrv_open_globalB version : SMBXSRV_VERSION_0 (0) seqnum : 0x00000001 (1) info : union smbXsrv_open_globalU(case 0) info0 : * info0: struct smbXsrv_open_global0 db_rec : * server_id: struct server_id pid : 0x0000000000004a27 (18983) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x366cb64da8e6853a (3921709820195276090) open_global_id : 0x35afbf44 (900710212) open_persistent_id : 0x0000000035afbf44 (900710212) open_volatile_id : 0x0000000000003e78 (15992) open_owner : S-1-5-21-1350919854-2293596380-2349120355-1000 open_time : Do Nov 10 14:56:31 2016 CET create_guid : 00000000-0000-0000-0000-000000000000 client_guid : 00000000-0000-0000-0000-000000000000 app_instance_id : 00000000-0000-0000-0000-000000000000 disconnect_time : NTTIME(0) durable_timeout_msec : 0x00000000 (0) durable : 0x00 (0) backend_cookie : DATA_BLOB length=0 channel_sequence : 0x0000000000000000 (0) [2016/11/10 14:56:30.590687, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 35AFBF44 [2016/11/10 14:56:30.590698, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2016/11/10 14:56:30.590707, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2016/11/10 14:56:30.590717, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/smbXsrv_open.c:909(smbXsrv_open_create) smbXsrv_open_create: global_id (0x35afbf44) stored [2016/11/10 14:56:30.590727, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) &open_blob: struct smbXsrv_openB version : SMBXSRV_VERSION_0 (0) reserved : 0x00000000 (0) info : union smbXsrv_openU(case 0) info0 : * info0: struct smbXsrv_open table : * db_rec : NULL local_id : 0x00003e78 (15992) global : * global: struct smbXsrv_open_global0 db_rec : NULL server_id: struct server_id pid : 0x0000000000004a27 (18983) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x366cb64da8e6853a (3921709820195276090) open_global_id : 0x35afbf44 (900710212) open_persistent_id : 0x0000000035afbf44 (900710212) open_volatile_id : 0x0000000000003e78 (15992) open_owner : S-1-5-21-1350919854-2293596380-2349120355-1000 open_time : Do Nov 10 14:56:31 2016 CET create_guid : 00000000-0000-0000-0000-000000000000 client_guid : 00000000-0000-0000-0000-000000000000 app_instance_id : 00000000-0000-0000-0000-000000000000 disconnect_time : NTTIME(0) durable_timeout_msec : 0x00000000 (0) durable : 0x00 (0) backend_cookie : DATA_BLOB length=0 channel_sequence : 0x0000000000000000 (0) status : NT_STATUS_OK idle_time : Do Nov 10 14:56:31 2016 CET compat : NULL flags : 0x00 (0) 0: SMBXSRV_OPEN_NEED_REPLAY_CACHE 0: SMBXSRV_OPEN_HAVE_REPLAY_CACHE create_action : 0x00000000 (0) request_count : 0x0000000000000000 (0) pre_request_count : 0x0000000000000000 (0) [2016/11/10 14:56:30.590892, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/files.c:128(file_new) allocated file structure fnum 15992 (1 used) [2016/11/10 14:56:30.590905, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/files.c:745(file_name_hash) file_name_hash: /tmp/spoolss hash 0x7d4e46e5 [2016/11/10 14:56:30.590922, 4, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:89(make_internal_rpc_pipe_socketpair) Create of internal pipe spoolss requested [2016/11/10 14:56:30.590977, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/nttrans.c:382(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \spoolss [2016/11/10 14:56:30.590989, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/util.c:171(show_msg) [2016/11/10 14:56:30.590996, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/util.c:181(show_msg) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51223 smb_tid=13490 smb_pid=18981 smb_uid=14969 smb_mid=10 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=30720 (0x7800) smb_vwv[ 3]= 318 (0x13E) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2016/11/10 14:56:30.591118, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) [2016/11/10 14:56:30.591129, 10, pid=18983, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:158(smb_signing_md5) smb_signing_md5: sequence number 17 [2016/11/10 14:56:30.591141, 10, pid=18983, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:271(smb_signing_sign_pdu) smb_signing_sign_pdu: sent SMB signature of [2016/11/10 14:56:30.591153, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) [0000] E9 0F AA B7 3C 06 7A 9F ....<.z. [2016/11/10 14:56:30.591380, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/util_sock.c:248(read_smb_length_return_keepalive) got smb length of 156 [2016/11/10 14:56:30.591395, 10, pid=18983, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:158(smb_signing_md5) smb_signing_md5: sequence number 18 [2016/11/10 14:56:30.591406, 10, pid=18983, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:330(smb_signing_check_pdu) smb_signing_check_pdu: seq 18: got good SMB signature of [2016/11/10 14:56:30.591415, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) [0000] 96 90 EF 4B 83 0D 3D 26 ...K..=& [2016/11/10 14:56:30.591430, 6, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1955(process_smb) got message type 0x0 of len 0x9c [2016/11/10 14:56:30.591439, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1957(process_smb) Transaction 11 of length 160 (0 toread) [2016/11/10 14:56:30.591448, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/util.c:171(show_msg) [2016/11/10 14:56:30.591455, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/util.c:181(show_msg) size=156 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51287 smb_tid=13490 smb_pid=18981 smb_uid=14969 smb_mid=11 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=15992 (0x3E78) smb_bcc=89 [2016/11/10 14:56:30.591526, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 05 00 00 ........ .H...... [0020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [0030] 00 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xV4.4.. ....#Eg. [0040] AB 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [0050] 00 2B 10 48 60 02 00 00 00 .+.H`... . [2016/11/10 14:56:30.591600, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1538(switch_message) switch message SMBtrans (pid 18983) conn 0xf93f01e8 [2016/11/10 14:56:30.591611, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2016/11/10 14:56:30.591623, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:591(handle_trans) trans <\PIPE\> data=72 params=0 setup=2 [2016/11/10 14:56:30.591634, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:624(handle_trans) calling named_pipe [2016/11/10 14:56:30.591646, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:542(named_pipe) named pipe command on <> name [2016/11/10 14:56:30.591656, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:464(api_fd_reply) api_fd_reply [2016/11/10 14:56:30.591665, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:506(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 3e78) [2016/11/10 14:56:30.591675, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:508(api_fd_reply) api_fd_reply: p:0xf93f09e8 max_trans_reply: 4280 [2016/11/10 14:56:30.591684, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:172(np_write_send) np_write_send: len: 72 [2016/11/10 14:56:30.591723, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:441(named_pipe_packet_process) PDU is in Little Endian format! [2016/11/10 14:56:30.591735, 10, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1685(process_complete_pdu) Processing packet type 11 [2016/11/10 14:56:30.591748, 3, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:728(api_pipe_bind_req) api_pipe_bind_req: spoolss -> spoolss rpc service [2016/11/10 14:56:30.591759, 5, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:761(api_pipe_bind_req) api_pipe_bind_req: make response. 761 [2016/11/10 14:56:30.591772, 3, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:356(check_bind_req) check_bind_req for spoolss context_id=0 [2016/11/10 14:56:30.591784, 3, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:399(check_bind_req) check_bind_req: spoolss -> spoolss rpc service [2016/11/10 14:56:30.591794, 10, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:223(init_pipe_handles) init_pipe_handle_list: created handle list for pipe spoolss [2016/11/10 14:56:30.591804, 10, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:240(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe spoolss [2016/11/10 14:56:30.591821, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0044 (68) auth_length : 0x0000 (0) call_id : 0x00000005 (5) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x000053f0 (21488) secondary_address_size : 0x000e (14) secondary_address : '\PIPE\spoolss' _pad1 : DATA_BLOB length=0 num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : DCERPC_BIND_ACK_RESULT_ACCEPTANCE (0) reason : union dcerpc_bind_ack_reason(case 0) value : DCERPC_BIND_ACK_REASON_NOT_SPECIFIED (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 [2016/11/10 14:56:30.591958, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:509(named_pipe_packet_process) Sending 1 fragments in a total of 0 bytes [2016/11/10 14:56:30.591972, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:514(named_pipe_packet_process) Sending PDU number: 0, PDU Length: 68 [2016/11/10 14:56:30.592004, 10, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:417(np_read_recv) Received 68 bytes. There is no more data outstanding [2016/11/10 14:56:30.592016, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..68] (align 0) [2016/11/10 14:56:30.592026, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/util.c:171(show_msg) [2016/11/10 14:56:30.592033, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/util.c:181(show_msg) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51223 smb_tid=13490 smb_pid=18981 smb_uid=14969 smb_mid=11 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2016/11/10 14:56:30.592102, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) [0000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 05 00 00 ........ .D...... [0010] 00 B8 10 B8 10 F0 53 00 00 0E 00 5C 50 49 50 45 ......S. ...\PIPE [0020] 5C 73 70 6F 6F 6C 73 73 00 01 00 00 00 00 00 00 \spoolss ........ [0030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [0040] 60 02 00 00 00 `.... [2016/11/10 14:56:30.592157, 10, pid=18983, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:158(smb_signing_md5) smb_signing_md5: sequence number 19 [2016/11/10 14:56:30.592167, 10, pid=18983, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:271(smb_signing_sign_pdu) smb_signing_sign_pdu: sent SMB signature of [2016/11/10 14:56:30.592176, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) [0000] 05 DF CA B3 0A 05 2E EC ........ [2016/11/10 14:56:30.592371, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/util_sock.c:248(read_smb_length_return_keepalive) got smb length of 286 [2016/11/10 14:56:30.592389, 10, pid=18983, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:158(smb_signing_md5) smb_signing_md5: sequence number 20 [2016/11/10 14:56:30.592401, 10, pid=18983, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:330(smb_signing_check_pdu) smb_signing_check_pdu: seq 20: got good SMB signature of [2016/11/10 14:56:30.592410, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) [0000] DD AD 29 33 42 7B 96 8B ..)3B{.. [2016/11/10 14:56:30.592425, 6, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1955(process_smb) got message type 0x0 of len 0x11e [2016/11/10 14:56:30.592434, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1957(process_smb) Transaction 12 of length 290 (0 toread) [2016/11/10 14:56:30.592446, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/util.c:171(show_msg) [2016/11/10 14:56:30.592455, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/util.c:181(show_msg) size=286 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51287 smb_tid=13490 smb_pid=18981 smb_uid=14969 smb_mid=12 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 202 (0xCA) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 202 (0xCA) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=15992 (0x3E78) smb_bcc=219 [2016/11/10 14:56:30.592529, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 CA 00 00 00 06 00 00 ........ ........ [0020] 00 B2 00 00 00 00 00 45 00 00 00 02 00 1F 00 00 .......E ........ [0030] 00 00 00 00 00 1F 00 00 00 5C 00 5C 00 49 00 53 ........ .\.\.I.S [0040] 00 45 00 52 00 56 00 5C 00 41 00 41 00 41 00 41 .E.R.V.\ .A.A.A.A [0050] 00 41 00 41 00 41 00 41 00 41 00 41 00 41 00 41 .A.A.A.A .A.A.A.A [0060] 00 41 00 41 00 41 00 41 00 41 00 41 00 41 00 41 .A.A.A.A .A.A.A.A [0070] 00 41 00 C4 00 00 00 00 00 00 00 00 00 00 00 00 .A...... ........ [0080] 00 00 00 00 00 0C 00 0F 00 01 00 00 00 01 00 00 ........ ........ [0090] 00 04 00 02 00 1C 00 00 00 08 00 02 00 0C 00 02 ........ ........ [00A0] 00 65 05 00 00 02 00 00 00 00 00 00 00 00 00 00 .e...... ........ [00B0] 00 08 00 00 00 00 00 00 00 08 00 00 00 5C 00 5C ........ .....\.\ [00C0] 00 49 00 53 00 45 00 52 00 56 00 00 00 01 00 00 .I.S.E.R .V...... [00D0] 00 00 00 00 00 01 00 00 00 00 00 ........ ... [2016/11/10 14:56:30.592678, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1538(switch_message) switch message SMBtrans (pid 18983) conn 0xf93f01e8 [2016/11/10 14:56:30.592689, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2016/11/10 14:56:30.592701, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:591(handle_trans) trans <\PIPE\> data=202 params=0 setup=2 [2016/11/10 14:56:30.592712, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:624(handle_trans) calling named_pipe [2016/11/10 14:56:30.592721, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:542(named_pipe) named pipe command on <> name [2016/11/10 14:56:30.592730, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:464(api_fd_reply) api_fd_reply [2016/11/10 14:56:30.592739, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:506(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 3e78) [2016/11/10 14:56:30.592748, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:508(api_fd_reply) api_fd_reply: p:0xf93f09e8 max_trans_reply: 4280 [2016/11/10 14:56:30.592758, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:172(np_write_send) np_write_send: len: 202 [2016/11/10 14:56:30.592792, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:441(named_pipe_packet_process) PDU is in Little Endian format! [2016/11/10 14:56:30.592803, 10, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1685(process_complete_pdu) Processing packet type 0 [2016/11/10 14:56:30.592812, 10, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1554(dcesrv_auth_request) Checking request auth. [2016/11/10 14:56:30.592827, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2016/11/10 14:56:30.592840, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2016/11/10 14:56:30.592850, 5, pid=18983, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1350919854-2293596380-2349120355-1000 SID[ 1]: S-1-5-21-1350919854-2293596380-2349120355-513 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-1-0 SID[ 4]: S-1-5-2 SID[ 5]: S-1-5-11 SID[ 6]: S-1-22-1-0 Privileges (0x 0): Rights (0x 0): [2016/11/10 14:56:30.592895, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 1 supplementary groups Group[ 0]: 0 [2016/11/10 14:56:30.592919, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:452(smbd_become_authenticated_pipe_user) Impersonated user: uid=(0,0), gid=(0,0) [2016/11/10 14:56:30.592930, 5, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1404(api_pipe_request) Requested spoolss rpc service [2016/11/10 14:56:30.592940, 4, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1429(api_rpcTNP) api_rpcTNP: spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX [2016/11/10 14:56:30.592951, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1469(api_rpcTNP) api_rpc_cmds[69].fn == 0xf7503270 [2016/11/10 14:56:30.592997, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx in: struct spoolss_OpenPrinterEx printername : * printername : '\\ISERV\AAAAAAAAAAAAAAAAAAAAAÄ' datatype : NULL devmode_ctr: struct spoolss_DevmodeContainer _ndr_size : 0x00000000 (0) devmode : NULL access_mask : 0x000f000c (983052) 0: SERVER_ACCESS_ADMINISTER 0: SERVER_ACCESS_ENUMERATE 1: PRINTER_ACCESS_ADMINISTER 1: PRINTER_ACCESS_USE 0: JOB_ACCESS_ADMINISTER 0: JOB_ACCESS_READ userlevel_ctr: struct spoolss_UserLevelCtr level : 0x00000001 (1) user_info : union spoolss_UserLevel(case 1) level1 : * level1: struct spoolss_UserLevel1 size : 0x0000001c (28) client : * client : '\\ISERV' user : * user : '' build : 0x00000565 (1381) major : UNKNOWN_ENUM_VALUE (2) minor : SPOOLSS_MINOR_VERSION_0 (0) processor : PROCESSOR_ARCHITECTURE_INTEL (0) [2016/11/10 14:56:30.593120, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2016/11/10 14:56:30.593136, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:491(push_conn_ctx) push_conn_ctx(14969) : conn_ctx_stack_ndx = 0 [2016/11/10 14:56:30.593146, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2016/11/10 14:56:30.593156, 5, pid=18983, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/11/10 14:56:30.593164, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/11/10 14:56:30.593245, 7, pid=18983, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:4099(lp_servicenumber) lp_servicenumber: couldn't find aaaaaaaaaaaaaaaaaaaaaaaä [2016/11/10 14:56:30.593277, 8, pid=18983, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1430(add_a_service) add_a_service: Creating snum = 21 for aaaaaaaaaaaaaaaaaaaaaaaä [2016/11/10 14:56:30.593287, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1480(hash_a_service) hash_a_service: hashing index 21 for service name aaaaaaaaaaaaaaaaaaaaaaaä [2016/11/10 14:56:30.593299, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1626(lp_add_printer) adding printer service aaaaaaaaaaaaaaaaaaaaaaaä [2016/11/10 14:56:30.593330, 7, pid=18983, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:4099(lp_servicenumber) lp_servicenumber: couldn't find Brother_HL-L8250CDN [2016/11/10 14:56:30.593355, 8, pid=18983, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1430(add_a_service) add_a_service: Creating snum = 22 for Brother_HL-L8250CDN [2016/11/10 14:56:30.593368, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1480(hash_a_service) hash_a_service: hashing index 22 for service name Brother_HL-L8250CDN [2016/11/10 14:56:30.593383, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1626(lp_add_printer) adding printer service Brother_HL-L8250CDN [2016/11/10 14:56:30.593418, 7, pid=18983, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:4099(lp_servicenumber) lp_servicenumber: couldn't find HLL8250CDN [2016/11/10 14:56:30.593442, 8, pid=18983, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1430(add_a_service) add_a_service: Creating snum = 23 for HLL8250CDN [2016/11/10 14:56:30.593455, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1480(hash_a_service) hash_a_service: hashing index 23 for service name HLL8250CDN [2016/11/10 14:56:30.593470, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1626(lp_add_printer) adding printer service HLL8250CDN [2016/11/10 14:56:30.593509, 7, pid=18983, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:4099(lp_servicenumber) lp_servicenumber: couldn't find asdf [2016/11/10 14:56:30.593535, 8, pid=18983, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1430(add_a_service) add_a_service: Creating snum = 24 for asdf [2016/11/10 14:56:30.593549, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1480(hash_a_service) hash_a_service: hashing index 24 for service name asdf [2016/11/10 14:56:30.593562, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1626(lp_add_printer) adding printer service asdf [2016/11/10 14:56:30.593591, 7, pid=18983, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:4099(lp_servicenumber) lp_servicenumber: couldn't find test [2016/11/10 14:56:30.593608, 8, pid=18983, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1430(add_a_service) add_a_service: Creating snum = 25 for test [2016/11/10 14:56:30.593618, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1480(hash_a_service) hash_a_service: hashing index 25 for service name test [2016/11/10 14:56:30.593628, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1626(lp_add_printer) adding printer service test [2016/11/10 14:56:30.593657, 7, pid=18983, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:4099(lp_servicenumber) lp_servicenumber: couldn't find aaaaaaaaaaaaaaaaaaaaaä [2016/11/10 14:56:30.593673, 8, pid=18983, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1430(add_a_service) add_a_service: Creating snum = 26 for aaaaaaaaaaaaaaaaaaaaaä [2016/11/10 14:56:30.593683, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1480(hash_a_service) hash_a_service: hashing index 26 for service name aaaaaaaaaaaaaaaaaaaaaä [2016/11/10 14:56:30.593694, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1626(lp_add_printer) adding printer service aaaaaaaaaaaaaaaaaaaaaä [2016/11/10 14:56:30.593733, 7, pid=18983, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:4099(lp_servicenumber) lp_servicenumber: couldn't find testdrucjker [2016/11/10 14:56:30.593752, 8, pid=18983, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1430(add_a_service) add_a_service: Creating snum = 27 for testdrucjker [2016/11/10 14:56:30.593762, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1480(hash_a_service) hash_a_service: hashing index 27 for service name testdrucjker [2016/11/10 14:56:30.593772, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1626(lp_add_printer) adding printer service testdrucjker [2016/11/10 14:56:30.593803, 7, pid=18983, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:4099(lp_servicenumber) lp_servicenumber: couldn't find aaaaaaaaaaaaaaaaaaaaaaä [2016/11/10 14:56:30.593821, 8, pid=18983, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1430(add_a_service) add_a_service: Creating snum = 28 for aaaaaaaaaaaaaaaaaaaaaaä [2016/11/10 14:56:30.593833, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1480(hash_a_service) hash_a_service: hashing index 28 for service name aaaaaaaaaaaaaaaaaaaaaaä [2016/11/10 14:56:30.593847, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1626(lp_add_printer) adding printer service aaaaaaaaaaaaaaaaaaaaaaä [2016/11/10 14:56:30.593878, 7, pid=18983, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:4099(lp_servicenumber) lp_servicenumber: couldn't find Canon_iR_C1028iF [2016/11/10 14:56:30.593894, 8, pid=18983, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1430(add_a_service) add_a_service: Creating snum = 29 for Canon_iR_C1028iF [2016/11/10 14:56:30.593903, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1480(hash_a_service) hash_a_service: hashing index 29 for service name Canon_iR_C1028iF [2016/11/10 14:56:30.593913, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1626(lp_add_printer) adding printer service Canon_iR_C1028iF [2016/11/10 14:56:30.593944, 7, pid=18983, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:4099(lp_servicenumber) lp_servicenumber: couldn't find Täääst [2016/11/10 14:56:30.593960, 8, pid=18983, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1430(add_a_service) add_a_service: Creating snum = 30 for Täääst [2016/11/10 14:56:30.593969, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1480(hash_a_service) hash_a_service: hashing index 30 for service name Täääst [2016/11/10 14:56:30.593980, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1626(lp_add_printer) adding printer service Täääst [2016/11/10 14:56:30.594011, 7, pid=18983, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:4099(lp_servicenumber) lp_servicenumber: couldn't find iserv [2016/11/10 14:56:30.594026, 8, pid=18983, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1430(add_a_service) add_a_service: Creating snum = 31 for iserv [2016/11/10 14:56:30.594036, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1480(hash_a_service) hash_a_service: hashing index 31 for service name iserv [2016/11/10 14:56:30.594046, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1626(lp_add_printer) adding printer service iserv [2016/11/10 14:56:30.594083, 7, pid=18983, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:4099(lp_servicenumber) lp_servicenumber: couldn't find Täst [2016/11/10 14:56:30.594100, 8, pid=18983, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1430(add_a_service) add_a_service: Creating snum = 32 for Täst [2016/11/10 14:56:30.594109, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1480(hash_a_service) hash_a_service: hashing index 32 for service name Täst [2016/11/10 14:56:30.594120, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1626(lp_add_printer) adding printer service Täst [2016/11/10 14:56:30.594155, 7, pid=18983, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:4099(lp_servicenumber) lp_servicenumber: couldn't find Testdrucker [2016/11/10 14:56:30.594171, 8, pid=18983, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1430(add_a_service) add_a_service: Creating snum = 33 for Testdrucker [2016/11/10 14:56:30.594180, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1480(hash_a_service) hash_a_service: hashing index 33 for service name Testdrucker [2016/11/10 14:56:30.594191, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:1626(lp_add_printer) adding printer service Testdrucker [2016/11/10 14:56:30.594216, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/server_reload.c:87(delete_and_reload_printers) reloading printer services from pcap cache [2016/11/10 14:56:30.594491, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 checking name: \\ISERV\AAAAAAAAAAAAAAAAAAAAAÄ [2016/11/10 14:56:30.594519, 10, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:735(open_printer_hnd) open_printer_hnd: name [\\ISERV\AAAAAAAAAAAAAAAAAAAAAÄ] [2016/11/10 14:56:30.594533, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 0E 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.594558, 3, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:507(set_printer_hnd_printertype) Setting printer type=\\ISERV\AAAAAAAAAAAAAAAAAAAAAÄ Printer is a printer [2016/11/10 14:56:30.594570, 4, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:567(set_printer_hnd_name) Setting printer name=\\ISERV\AAAAAAAAAAAAAAAAAAAAAÄ (len=31) searching for [AAAAAAAAAAAAAAAAAAAAAÄ] [2016/11/10 14:56:30.594599, 4, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) Create pipe requested winreg [2016/11/10 14:56:30.594610, 10, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:223(init_pipe_handles) init_pipe_handle_list: created handle list for pipe winreg [2016/11/10 14:56:30.594620, 10, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:240(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg [2016/11/10 14:56:30.594641, 4, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) Created internal pipe winreg [2016/11/10 14:56:30.594678, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/11/10 14:56:30.594740, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/11/10 14:56:30.594757, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2016/11/10 14:56:30.594775, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:491(push_conn_ctx) push_conn_ctx(14969) : conn_ctx_stack_ndx = 0 [2016/11/10 14:56:30.594785, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2016/11/10 14:56:30.594794, 5, pid=18983, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/11/10 14:56:30.594803, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/11/10 14:56:30.594867, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2016/11/10 14:56:30.594879, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:885(regdb_open) regdb_open: registry db opened. refcount reset (1) [2016/11/10 14:56:30.594891, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/11/10 14:56:30.594900, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/11/10 14:56:30.594910, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.594919, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM] [2016/11/10 14:56:30.594952, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 0F 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.594987, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000f-0000-0000-2458-8e7c274a0000 result : WERR_OK [2016/11/10 14:56:30.595043, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000f-0000-0000-2458-8e7c274a0000 keyname: struct winreg_String name_len : 0x0088 (136) name_size : 0x0088 (136) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/11/10 14:56:30.595136, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0F 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.595162, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/11/10 14:56:30.595172, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (1->2) [2016/11/10 14:56:30.595183, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/11/10 14:56:30.595193, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/11/10 14:56:30.595204, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.595213, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE] [2016/11/10 14:56:30.595237, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/11/10 14:56:30.595247, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/11/10 14:56:30.595259, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.595269, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.595279, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.595288, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.595310, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/11/10 14:56:30.595320, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (3->4) [2016/11/10 14:56:30.595331, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.595342, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.595357, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.595366, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.595385, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/11/10 14:56:30.595395, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (4->5) [2016/11/10 14:56:30.595405, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.595417, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.595428, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.595437, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf76f87c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.595467, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/11/10 14:56:30.595478, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (5->6) [2016/11/10 14:56:30.595488, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.595498, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.595510, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.595518, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf76f87c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.595542, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/11/10 14:56:30.595556, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (6->7) [2016/11/10 14:56:30.595567, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.595577, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.595589, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.595598, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.595643, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [printer] [2016/11/10 14:56:30.595654, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (7->8) [2016/11/10 14:56:30.595665, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer] [2016/11/10 14:56:30.595674, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer] [2016/11/10 14:56:30.595689, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.595698, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer] [2016/11/10 14:56:30.595721, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (8->7) [2016/11/10 14:56:30.595732, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (7->6) [2016/11/10 14:56:30.595744, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (6->5) [2016/11/10 14:56:30.595758, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (5->4) [2016/11/10 14:56:30.595768, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (4->3) [2016/11/10 14:56:30.595778, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/11/10 14:56:30.595788, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.595813, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000010-0000-0000-2458-8e7c274a0000 result : WERR_OK [2016/11/10 14:56:30.595859, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000010-0000-0000-2458-8e7c274a0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2016/11/10 14:56:30.595904, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.595935, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer' (ops 0xf7331040) [2016/11/10 14:56:30.595947, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer] [2016/11/10 14:56:30.595966, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[0]: name[Datatype] len[8] [2016/11/10 14:56:30.595980, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[1]: name[Default Priority] len[4] [2016/11/10 14:56:30.595990, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[2]: name[Location] len[2] [2016/11/10 14:56:30.596000, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[3]: name[Parameters] len[2] [2016/11/10 14:56:30.596010, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2016/11/10 14:56:30.596020, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[5]: name[Print Processor] len[18] [2016/11/10 14:56:30.596030, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[6]: name[Priority] len[4] [2016/11/10 14:56:30.596041, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[7]: name[Separator File] len[2] [2016/11/10 14:56:30.596050, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[8]: name[Share Name] len[16] [2016/11/10 14:56:30.596060, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[9]: name[StartTime] len[4] [2016/11/10 14:56:30.596070, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[10]: name[Status] len[4] [2016/11/10 14:56:30.596080, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2016/11/10 14:56:30.596101, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[12]: name[Description] len[36] [2016/11/10 14:56:30.596114, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[13]: name[Security] len[200] [2016/11/10 14:56:30.596130, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[14]: name[Name] len[16] [2016/11/10 14:56:30.596142, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[15]: name[Attributes] len[4] [2016/11/10 14:56:30.596154, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[16]: name[Default DevMode] len[1072] [2016/11/10 14:56:30.596166, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[17]: name[Printer Driver] len[38] [2016/11/10 14:56:30.596183, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[18]: name[ChangeID] len[4] [2016/11/10 14:56:30.596195, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer] [2016/11/10 14:56:30.596218, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x00000013 (19) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x00000430 (1072) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2016/11/10 14:56:30.596316, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000010-0000-0000-2458-8e7c274a0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.596393, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.596419, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer] [2016/11/10 14:56:30.596431, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2016/11/10 14:56:30.596538, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000010-0000-0000-2458-8e7c274a0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.596619, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.596644, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer] [2016/11/10 14:56:30.596655, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2016/11/10 14:56:30.596750, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000010-0000-0000-2458-8e7c274a0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.596836, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.596861, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer] [2016/11/10 14:56:30.596873, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Location' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2016/11/10 14:56:30.596962, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000010-0000-0000-2458-8e7c274a0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.597043, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.597068, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer] [2016/11/10 14:56:30.597082, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Parameters' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2016/11/10 14:56:30.597171, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000010-0000-0000-2458-8e7c274a0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.597253, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.597278, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer] [2016/11/10 14:56:30.597289, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2016/11/10 14:56:30.597527, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000010-0000-0000-2458-8e7c274a0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.597603, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.597628, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer] [2016/11/10 14:56:30.597639, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2016/11/10 14:56:30.597788, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000010-0000-0000-2458-8e7c274a0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.597869, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.597894, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer] [2016/11/10 14:56:30.597905, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2016/11/10 14:56:30.598010, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000010-0000-0000-2458-8e7c274a0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.598087, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.598112, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer] [2016/11/10 14:56:30.598123, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x001e (30) size : 0x0024 (36) name : * name : 'Separator File' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2016/11/10 14:56:30.598212, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000010-0000-0000-2458-8e7c274a0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.598291, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.598315, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer] [2016/11/10 14:56:30.598329, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(16) [0] : 0x70 (112) [1] : 0x00 (0) [2] : 0x72 (114) [3] : 0x00 (0) [4] : 0x69 (105) [5] : 0x00 (0) [6] : 0x6e (110) [7] : 0x00 (0) [8] : 0x74 (116) [9] : 0x00 (0) [10] : 0x65 (101) [11] : 0x00 (0) [12] : 0x72 (114) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) size : * size : 0x00000010 (16) length : * length : 0x00000010 (16) result : WERR_OK [2016/11/10 14:56:30.598480, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000010-0000-0000-2458-8e7c274a0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.598566, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.598604, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer] [2016/11/10 14:56:30.598620, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2016/11/10 14:56:30.598766, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000010-0000-0000-2458-8e7c274a0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.598863, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.598889, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer] [2016/11/10 14:56:30.598903, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000e (14) size : 0x0024 (36) name : * name : 'Status' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2016/11/10 14:56:30.599007, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000010-0000-0000-2458-8e7c274a0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.599087, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.599111, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer] [2016/11/10 14:56:30.599123, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2016/11/10 14:56:30.599227, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000010-0000-0000-2458-8e7c274a0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.599319, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.599345, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer] [2016/11/10 14:56:30.599356, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(36) [0] : 0x44 (68) [1] : 0x00 (0) [2] : 0x72 (114) [3] : 0x00 (0) [4] : 0x75 (117) [5] : 0x00 (0) [6] : 0x63 (99) [7] : 0x00 (0) [8] : 0x6b (107) [9] : 0x00 (0) [10] : 0x65 (101) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x20 (32) [15] : 0x00 (0) [16] : 0x6d (109) [17] : 0x00 (0) [18] : 0x69 (105) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x20 (32) [23] : 0x00 (0) [24] : 0x49 (73) [25] : 0x00 (0) [26] : 0x53 (83) [27] : 0x00 (0) [28] : 0x65 (101) [29] : 0x00 (0) [30] : 0x72 (114) [31] : 0x00 (0) [32] : 0x76 (118) [33] : 0x00 (0) [34] : 0x00 (0) [35] : 0x00 (0) size : * size : 0x00000024 (36) length : * length : 0x00000024 (36) result : WERR_OK [2016/11/10 14:56:30.599585, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000010-0000-0000-2458-8e7c274a0000 enum_index : 0x0000000d (13) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.599660, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.599685, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer] [2016/11/10 14:56:30.599696, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(200) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0x94 (148) [55] : 0x00 (0) [56] : 0x05 (5) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xae (174) [101] : 0x66 (102) [102] : 0x85 (133) [103] : 0x50 (80) [104] : 0xdc (220) [105] : 0x80 (128) [106] : 0xb5 (181) [107] : 0x88 (136) [108] : 0x63 (99) [109] : 0xbb (187) [110] : 0x04 (4) [111] : 0x8c (140) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xae (174) [137] : 0x66 (102) [138] : 0x85 (133) [139] : 0x50 (80) [140] : 0xdc (220) [141] : 0x80 (128) [142] : 0xb5 (181) [143] : 0x88 (136) [144] : 0x63 (99) [145] : 0xbb (187) [146] : 0x04 (4) [147] : 0x8c (140) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) size : * size : 0x000000c8 (200) length : * length : 0x000000c8 (200) result : WERR_OK [2016/11/10 14:56:30.600564, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000010-0000-0000-2458-8e7c274a0000 enum_index : 0x0000000e (14) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.600652, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.600677, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer] [2016/11/10 14:56:30.600689, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(16) [0] : 0x70 (112) [1] : 0x00 (0) [2] : 0x72 (114) [3] : 0x00 (0) [4] : 0x69 (105) [5] : 0x00 (0) [6] : 0x6e (110) [7] : 0x00 (0) [8] : 0x74 (116) [9] : 0x00 (0) [10] : 0x65 (101) [11] : 0x00 (0) [12] : 0x72 (114) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) size : * size : 0x00000010 (16) length : * length : 0x00000010 (16) result : WERR_OK [2016/11/10 14:56:30.600833, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000010-0000-0000-2458-8e7c274a0000 enum_index : 0x0000000f (15) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.600912, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.600940, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer] [2016/11/10 14:56:30.600951, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x18 (24) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2016/11/10 14:56:30.601042, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000010-0000-0000-2458-8e7c274a0000 enum_index : 0x00000010 (16) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.601121, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.601146, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer] [2016/11/10 14:56:30.601162, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Default DevMode' type : * type : REG_BINARY (3) value : * value: ARRAY(1072) [0] : 0x5c (92) [1] : 0x00 (0) [2] : 0x5c (92) [3] : 0x00 (0) [4] : 0x31 (49) [5] : 0x00 (0) [6] : 0x39 (57) [7] : 0x00 (0) [8] : 0x32 (50) [9] : 0x00 (0) [10] : 0x2e (46) [11] : 0x00 (0) [12] : 0x31 (49) [13] : 0x00 (0) [14] : 0x36 (54) [15] : 0x00 (0) [16] : 0x38 (56) [17] : 0x00 (0) [18] : 0x2e (46) [19] : 0x00 (0) [20] : 0x39 (57) [21] : 0x00 (0) [22] : 0x30 (48) [23] : 0x00 (0) [24] : 0x2e (46) [25] : 0x00 (0) [26] : 0x31 (49) [27] : 0x00 (0) [28] : 0x33 (51) [29] : 0x00 (0) [30] : 0x5c (92) [31] : 0x00 (0) [32] : 0x49 (73) [33] : 0x00 (0) [34] : 0x53 (83) [35] : 0x00 (0) [36] : 0x65 (101) [37] : 0x00 (0) [38] : 0x72 (114) [39] : 0x00 (0) [40] : 0x76 (118) [41] : 0x00 (0) [42] : 0x20 (32) [43] : 0x00 (0) [44] : 0x50 (80) [45] : 0x00 (0) [46] : 0x72 (114) [47] : 0x00 (0) [48] : 0x69 (105) [49] : 0x00 (0) [50] : 0x6e (110) [51] : 0x00 (0) [52] : 0x74 (116) [53] : 0x00 (0) [54] : 0x20 (32) [55] : 0x00 (0) [56] : 0x44 (68) [57] : 0x00 (0) [58] : 0x72 (114) [59] : 0x00 (0) [60] : 0x69 (105) [61] : 0x00 (0) [62] : 0x00 (0) [63] : 0x00 (0) [64] : 0x01 (1) [65] : 0x04 (4) [66] : 0x00 (0) [67] : 0x06 (6) [68] : 0xdc (220) [69] : 0x00 (0) [70] : 0x54 (84) [71] : 0x03 (3) [72] : 0x53 (83) [73] : 0xef (239) [74] : 0x81 (129) [75] : 0x01 (1) [76] : 0x01 (1) [77] : 0x00 (0) [78] : 0x09 (9) [79] : 0x00 (0) [80] : 0xea (234) [81] : 0x0a (10) [82] : 0x6f (111) [83] : 0x08 (8) [84] : 0x64 (100) [85] : 0x00 (0) [86] : 0x01 (1) [87] : 0x00 (0) [88] : 0x0f (15) [89] : 0x00 (0) [90] : 0x58 (88) [91] : 0x02 (2) [92] : 0x02 (2) [93] : 0x00 (0) [94] : 0x01 (1) [95] : 0x00 (0) [96] : 0x58 (88) [97] : 0x02 (2) [98] : 0x03 (3) [99] : 0x00 (0) [100] : 0x01 (1) [101] : 0x00 (0) [102] : 0x41 (65) [103] : 0x00 (0) [104] : 0x34 (52) [105] : 0x00 (0) [106] : 0x00 (0) [107] : 0x00 (0) [108] : 0x00 (0) [109] : 0x00 (0) [110] : 0x00 (0) [111] : 0x00 (0) [112] : 0x00 (0) [113] : 0x00 (0) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x00 (0) [120] : 0x00 (0) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x00 (0) [125] : 0x00 (0) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x00 (0) [132] : 0x00 (0) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0x00 (0) [137] : 0x00 (0) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x00 (0) [144] : 0x00 (0) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x00 (0) [149] : 0x00 (0) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x00 (0) [154] : 0x00 (0) [155] : 0x00 (0) [156] : 0x00 (0) [157] : 0x00 (0) [158] : 0x00 (0) [159] : 0x00 (0) [160] : 0x00 (0) [161] : 0x00 (0) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x00 (0) [168] : 0x00 (0) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x00 (0) [173] : 0x00 (0) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x00 (0) [178] : 0x00 (0) [179] : 0x00 (0) [180] : 0x01 (1) [181] : 0x00 (0) [182] : 0x00 (0) [183] : 0x00 (0) [184] : 0x00 (0) [185] : 0x00 (0) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x01 (1) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x00 (0) [192] : 0x02 (2) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x01 (1) [197] : 0x00 (0) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x00 (0) [202] : 0x00 (0) [203] : 0x00 (0) [204] : 0x00 (0) [205] : 0x00 (0) [206] : 0x00 (0) [207] : 0x00 (0) [208] : 0x00 (0) [209] : 0x00 (0) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x00 (0) [216] : 0x00 (0) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x50 (80) [221] : 0x52 (82) [222] : 0x49 (73) [223] : 0x56 (86) [224] : 0xe2 (226) [225] : 0x30 (48) [226] : 0x00 (0) [227] : 0x00 (0) [228] : 0x00 (0) [229] : 0x00 (0) [230] : 0x00 (0) [231] : 0x00 (0) [232] : 0x00 (0) [233] : 0x00 (0) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x00 (0) [240] : 0x00 (0) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x00 (0) [245] : 0x00 (0) [246] : 0x00 (0) [247] : 0x00 (0) [248] : 0x00 (0) [249] : 0x00 (0) [250] : 0x00 (0) [251] : 0x00 (0) [252] : 0x00 (0) [253] : 0x00 (0) [254] : 0x00 (0) [255] : 0x00 (0) [256] : 0x00 (0) [257] : 0x00 (0) [258] : 0x00 (0) [259] : 0x00 (0) [260] : 0x00 (0) [261] : 0x00 (0) [262] : 0x00 (0) [263] : 0x00 (0) [264] : 0x00 (0) [265] : 0x00 (0) [266] : 0x00 (0) [267] : 0x00 (0) [268] : 0x00 (0) [269] : 0x00 (0) [270] : 0x00 (0) [271] : 0x00 (0) [272] : 0x00 (0) [273] : 0x00 (0) [274] : 0x00 (0) [275] : 0x00 (0) [276] : 0x00 (0) [277] : 0x00 (0) [278] : 0x00 (0) [279] : 0x00 (0) [280] : 0x00 (0) [281] : 0x00 (0) [282] : 0x00 (0) [283] : 0x00 (0) [284] : 0x00 (0) [285] : 0x00 (0) [286] : 0x00 (0) [287] : 0x00 (0) [288] : 0x00 (0) [289] : 0x00 (0) [290] : 0x00 (0) [291] : 0x00 (0) [292] : 0x00 (0) [293] : 0x00 (0) [294] : 0x00 (0) [295] : 0x00 (0) [296] : 0x00 (0) [297] : 0x00 (0) [298] : 0x00 (0) [299] : 0x00 (0) [300] : 0x00 (0) [301] : 0x00 (0) [302] : 0x00 (0) [303] : 0x00 (0) [304] : 0x00 (0) [305] : 0x00 (0) [306] : 0x00 (0) [307] : 0x00 (0) [308] : 0x18 (24) [309] : 0x00 (0) [310] : 0x00 (0) [311] : 0x00 (0) [312] : 0x00 (0) [313] : 0x00 (0) [314] : 0x10 (16) [315] : 0x27 (39) [316] : 0x10 (16) [317] : 0x27 (39) [318] : 0x10 (16) [319] : 0x27 (39) [320] : 0x00 (0) [321] : 0x00 (0) [322] : 0x10 (16) [323] : 0x27 (39) [324] : 0x00 (0) [325] : 0x00 (0) [326] : 0x00 (0) [327] : 0x00 (0) [328] : 0x00 (0) [329] : 0x00 (0) [330] : 0x00 (0) [331] : 0x00 (0) [332] : 0x80 (128) [333] : 0x00 (0) [334] : 0x54 (84) [335] : 0x03 (3) [336] : 0x00 (0) [337] : 0x00 (0) [338] : 0x00 (0) [339] : 0x00 (0) [340] : 0x00 (0) [341] : 0x00 (0) [342] : 0x00 (0) [343] : 0x00 (0) [344] : 0x00 (0) [345] : 0x00 (0) [346] : 0x00 (0) [347] : 0x00 (0) [348] : 0x00 (0) [349] : 0x00 (0) [350] : 0x00 (0) [351] : 0x00 (0) [352] : 0x00 (0) [353] : 0x00 (0) [354] : 0x00 (0) [355] : 0x00 (0) [356] : 0x00 (0) [357] : 0x00 (0) [358] : 0x00 (0) [359] : 0x00 (0) [360] : 0x03 (3) [361] : 0x00 (0) [362] : 0x00 (0) [363] : 0x00 (0) [364] : 0x00 (0) [365] : 0x00 (0) [366] : 0x00 (0) [367] : 0x00 (0) [368] : 0x00 (0) [369] : 0x00 (0) [370] : 0x10 (16) [371] : 0x00 (0) [372] : 0x50 (80) [373] : 0x34 (52) [374] : 0x03 (3) [375] : 0x00 (0) [376] : 0x28 (40) [377] : 0x88 (136) [378] : 0x04 (4) [379] : 0x00 (0) [380] : 0x00 (0) [381] : 0x00 (0) [382] : 0x00 (0) [383] : 0x00 (0) [384] : 0x00 (0) [385] : 0x00 (0) [386] : 0x00 (0) [387] : 0x00 (0) [388] : 0x00 (0) [389] : 0x00 (0) [390] : 0x01 (1) [391] : 0x00 (0) [392] : 0x00 (0) [393] : 0x00 (0) [394] : 0x00 (0) [395] : 0x00 (0) [396] : 0x00 (0) [397] : 0x00 (0) [398] : 0x00 (0) [399] : 0x00 (0) [400] : 0x00 (0) [401] : 0x00 (0) [402] : 0x00 (0) [403] : 0x00 (0) [404] : 0x00 (0) [405] : 0x00 (0) [406] : 0x00 (0) [407] : 0x00 (0) [408] : 0x24 (36) [409] : 0x01 (1) [410] : 0xdf (223) [411] : 0x8c (140) [412] : 0x03 (3) [413] : 0x00 (0) [414] : 0x00 (0) [415] : 0x00 (0) [416] : 0x05 (5) [417] : 0x00 (0) [418] : 0x0b (11) [419] : 0x00 (0) [420] : 0xff (255) [421] : 0x00 (0) [422] : 0x00 (0) [423] : 0x00 (0) [424] : 0x00 (0) [425] : 0x00 (0) [426] : 0x00 (0) [427] : 0x00 (0) [428] : 0x00 (0) [429] : 0x00 (0) [430] : 0x00 (0) [431] : 0x00 (0) [432] : 0x00 (0) [433] : 0x00 (0) [434] : 0x00 (0) [435] : 0x00 (0) [436] : 0x00 (0) [437] : 0x00 (0) [438] : 0x00 (0) [439] : 0x00 (0) [440] : 0x00 (0) [441] : 0x00 (0) [442] : 0x00 (0) [443] : 0x00 (0) [444] : 0x00 (0) [445] : 0x00 (0) [446] : 0x00 (0) [447] : 0x00 (0) [448] : 0x00 (0) [449] : 0x00 (0) [450] : 0x00 (0) [451] : 0x00 (0) [452] : 0x00 (0) [453] : 0x00 (0) [454] : 0x00 (0) [455] : 0x00 (0) [456] : 0x00 (0) [457] : 0x00 (0) [458] : 0x00 (0) [459] : 0x00 (0) [460] : 0x00 (0) [461] : 0x00 (0) [462] : 0x00 (0) [463] : 0x00 (0) [464] : 0x00 (0) [465] : 0x00 (0) [466] : 0x00 (0) [467] : 0x00 (0) [468] : 0x00 (0) [469] : 0x00 (0) [470] : 0x00 (0) [471] : 0x00 (0) [472] : 0x00 (0) [473] : 0x00 (0) [474] : 0x00 (0) [475] : 0x00 (0) [476] : 0x00 (0) [477] : 0x00 (0) [478] : 0x00 (0) [479] : 0x00 (0) [480] : 0x00 (0) [481] : 0x00 (0) [482] : 0x00 (0) [483] : 0x00 (0) [484] : 0x00 (0) [485] : 0x00 (0) [486] : 0x00 (0) [487] : 0x00 (0) [488] : 0x00 (0) [489] : 0x00 (0) [490] : 0x00 (0) [491] : 0x00 (0) [492] : 0x00 (0) [493] : 0x00 (0) [494] : 0x00 (0) [495] : 0x00 (0) [496] : 0x00 (0) [497] : 0x00 (0) [498] : 0x00 (0) [499] : 0x00 (0) [500] : 0x00 (0) [501] : 0x00 (0) [502] : 0x00 (0) [503] : 0x00 (0) [504] : 0x00 (0) [505] : 0x00 (0) [506] : 0x00 (0) [507] : 0x00 (0) [508] : 0x00 (0) [509] : 0x00 (0) [510] : 0x00 (0) [511] : 0x00 (0) [512] : 0x00 (0) [513] : 0x00 (0) [514] : 0x00 (0) [515] : 0x00 (0) [516] : 0x00 (0) [517] : 0x00 (0) [518] : 0x00 (0) [519] : 0x00 (0) [520] : 0x00 (0) [521] : 0x00 (0) [522] : 0x00 (0) [523] : 0x00 (0) [524] : 0x00 (0) [525] : 0x00 (0) [526] : 0x00 (0) [527] : 0x00 (0) [528] : 0x00 (0) [529] : 0x00 (0) [530] : 0x00 (0) [531] : 0x00 (0) [532] : 0x00 (0) [533] : 0x00 (0) [534] : 0x00 (0) [535] : 0x00 (0) [536] : 0x00 (0) [537] : 0x00 (0) [538] : 0x00 (0) [539] : 0x00 (0) [540] : 0x00 (0) [541] : 0x00 (0) [542] : 0x00 (0) [543] : 0x00 (0) [544] : 0x00 (0) [545] : 0x00 (0) [546] : 0x00 (0) [547] : 0x00 (0) [548] : 0x00 (0) [549] : 0x00 (0) [550] : 0x00 (0) [551] : 0x00 (0) [552] : 0x00 (0) [553] : 0x00 (0) [554] : 0x00 (0) [555] : 0x00 (0) [556] : 0x00 (0) [557] : 0x00 (0) [558] : 0x00 (0) [559] : 0x00 (0) [560] : 0x00 (0) [561] : 0x00 (0) [562] : 0x00 (0) [563] : 0x00 (0) [564] : 0x00 (0) [565] : 0x00 (0) [566] : 0x00 (0) [567] : 0x00 (0) [568] : 0x00 (0) [569] : 0x00 (0) [570] : 0x00 (0) [571] : 0x00 (0) [572] : 0x00 (0) [573] : 0x00 (0) [574] : 0x00 (0) [575] : 0x00 (0) [576] : 0x00 (0) [577] : 0x00 (0) [578] : 0x00 (0) [579] : 0x00 (0) [580] : 0x00 (0) [581] : 0x00 (0) [582] : 0x00 (0) [583] : 0x00 (0) [584] : 0x00 (0) [585] : 0x00 (0) [586] : 0x00 (0) [587] : 0x00 (0) [588] : 0x00 (0) [589] : 0x00 (0) [590] : 0x00 (0) [591] : 0x00 (0) [592] : 0x00 (0) [593] : 0x00 (0) [594] : 0x00 (0) [595] : 0x00 (0) [596] : 0x00 (0) [597] : 0x00 (0) [598] : 0x00 (0) [599] : 0x00 (0) [600] : 0x00 (0) [601] : 0x00 (0) [602] : 0x00 (0) [603] : 0x00 (0) [604] : 0x00 (0) [605] : 0x00 (0) [606] : 0x00 (0) [607] : 0x00 (0) [608] : 0x00 (0) [609] : 0x00 (0) [610] : 0x00 (0) [611] : 0x00 (0) [612] : 0x00 (0) [613] : 0x00 (0) [614] : 0x00 (0) [615] : 0x00 (0) [616] : 0x00 (0) [617] : 0x00 (0) [618] : 0x00 (0) [619] : 0x00 (0) [620] : 0x00 (0) [621] : 0x00 (0) [622] : 0x00 (0) [623] : 0x00 (0) [624] : 0x00 (0) [625] : 0x00 (0) [626] : 0x00 (0) [627] : 0x00 (0) [628] : 0x00 (0) [629] : 0x00 (0) [630] : 0x00 (0) [631] : 0x00 (0) [632] : 0x00 (0) [633] : 0x00 (0) [634] : 0x00 (0) [635] : 0x00 (0) [636] : 0x00 (0) [637] : 0x00 (0) [638] : 0x00 (0) [639] : 0x00 (0) [640] : 0x00 (0) [641] : 0x00 (0) [642] : 0x00 (0) [643] : 0x00 (0) [644] : 0x00 (0) [645] : 0x00 (0) [646] : 0x00 (0) [647] : 0x00 (0) [648] : 0x00 (0) [649] : 0x00 (0) [650] : 0x00 (0) [651] : 0x00 (0) [652] : 0x00 (0) [653] : 0x00 (0) [654] : 0x00 (0) [655] : 0x00 (0) [656] : 0x00 (0) [657] : 0x00 (0) [658] : 0x00 (0) [659] : 0x00 (0) [660] : 0x00 (0) [661] : 0x00 (0) [662] : 0x00 (0) [663] : 0x00 (0) [664] : 0x00 (0) [665] : 0x00 (0) [666] : 0x00 (0) [667] : 0x00 (0) [668] : 0x00 (0) [669] : 0x00 (0) [670] : 0x00 (0) [671] : 0x00 (0) [672] : 0x00 (0) [673] : 0x00 (0) [674] : 0x00 (0) [675] : 0x00 (0) [676] : 0x00 (0) [677] : 0x00 (0) [678] : 0x00 (0) [679] : 0x00 (0) [680] : 0x00 (0) [681] : 0x00 (0) [682] : 0x00 (0) [683] : 0x00 (0) [684] : 0x00 (0) [685] : 0x00 (0) [686] : 0x00 (0) [687] : 0x00 (0) [688] : 0x00 (0) [689] : 0x00 (0) [690] : 0x00 (0) [691] : 0x00 (0) [692] : 0x00 (0) [693] : 0x00 (0) [694] : 0x00 (0) [695] : 0x00 (0) [696] : 0x00 (0) [697] : 0x00 (0) [698] : 0x00 (0) [699] : 0x00 (0) [700] : 0x00 (0) [701] : 0x00 (0) [702] : 0x00 (0) [703] : 0x00 (0) [704] : 0x00 (0) [705] : 0x00 (0) [706] : 0x00 (0) [707] : 0x00 (0) [708] : 0x00 (0) [709] : 0x00 (0) [710] : 0x00 (0) [711] : 0x00 (0) [712] : 0x00 (0) [713] : 0x00 (0) [714] : 0x00 (0) [715] : 0x00 (0) [716] : 0x00 (0) [717] : 0x00 (0) [718] : 0x00 (0) [719] : 0x00 (0) [720] : 0x00 (0) [721] : 0x00 (0) [722] : 0x00 (0) [723] : 0x00 (0) [724] : 0x00 (0) [725] : 0x00 (0) [726] : 0x00 (0) [727] : 0x00 (0) [728] : 0x00 (0) [729] : 0x00 (0) [730] : 0x00 (0) [731] : 0x00 (0) [732] : 0x00 (0) [733] : 0x00 (0) [734] : 0x00 (0) [735] : 0x00 (0) [736] : 0x00 (0) [737] : 0x00 (0) [738] : 0x00 (0) [739] : 0x00 (0) [740] : 0x00 (0) [741] : 0x00 (0) [742] : 0x00 (0) [743] : 0x00 (0) [744] : 0x00 (0) [745] : 0x00 (0) [746] : 0x00 (0) [747] : 0x00 (0) [748] : 0x00 (0) [749] : 0x00 (0) [750] : 0x00 (0) [751] : 0x00 (0) [752] : 0x00 (0) [753] : 0x00 (0) [754] : 0x00 (0) [755] : 0x00 (0) [756] : 0x00 (0) [757] : 0x00 (0) [758] : 0x00 (0) [759] : 0x00 (0) [760] : 0x00 (0) [761] : 0x00 (0) [762] : 0x00 (0) [763] : 0x00 (0) [764] : 0x00 (0) [765] : 0x00 (0) [766] : 0x00 (0) [767] : 0x00 (0) [768] : 0x00 (0) [769] : 0x00 (0) [770] : 0x00 (0) [771] : 0x00 (0) [772] : 0x00 (0) [773] : 0x00 (0) [774] : 0x00 (0) [775] : 0x00 (0) [776] : 0x00 (0) [777] : 0x00 (0) [778] : 0x00 (0) [779] : 0x00 (0) [780] : 0x00 (0) [781] : 0x00 (0) [782] : 0x00 (0) [783] : 0x00 (0) [784] : 0x00 (0) [785] : 0x00 (0) [786] : 0x00 (0) [787] : 0x00 (0) [788] : 0x00 (0) [789] : 0x00 (0) [790] : 0x00 (0) [791] : 0x00 (0) [792] : 0x00 (0) [793] : 0x00 (0) [794] : 0x00 (0) [795] : 0x00 (0) [796] : 0x00 (0) [797] : 0x00 (0) [798] : 0x00 (0) [799] : 0x00 (0) [800] : 0x00 (0) [801] : 0x00 (0) [802] : 0x00 (0) [803] : 0x00 (0) [804] : 0x00 (0) [805] : 0x00 (0) [806] : 0x00 (0) [807] : 0x00 (0) [808] : 0x00 (0) [809] : 0x00 (0) [810] : 0x00 (0) [811] : 0x00 (0) [812] : 0x00 (0) [813] : 0x00 (0) [814] : 0x00 (0) [815] : 0x00 (0) [816] : 0x00 (0) [817] : 0x00 (0) [818] : 0x00 (0) [819] : 0x00 (0) [820] : 0x00 (0) [821] : 0x00 (0) [822] : 0x00 (0) [823] : 0x00 (0) [824] : 0x00 (0) [825] : 0x00 (0) [826] : 0x00 (0) [827] : 0x00 (0) [828] : 0x00 (0) [829] : 0x00 (0) [830] : 0x00 (0) [831] : 0x00 (0) [832] : 0x00 (0) [833] : 0x00 (0) [834] : 0x00 (0) [835] : 0x00 (0) [836] : 0x00 (0) [837] : 0x00 (0) [838] : 0x00 (0) [839] : 0x00 (0) [840] : 0x00 (0) [841] : 0x00 (0) [842] : 0x00 (0) [843] : 0x00 (0) [844] : 0x00 (0) [845] : 0x00 (0) [846] : 0x00 (0) [847] : 0x00 (0) [848] : 0x00 (0) [849] : 0x00 (0) [850] : 0x00 (0) [851] : 0x00 (0) [852] : 0x00 (0) [853] : 0x00 (0) [854] : 0x00 (0) [855] : 0x00 (0) [856] : 0x00 (0) [857] : 0x00 (0) [858] : 0x00 (0) [859] : 0x00 (0) [860] : 0x00 (0) [861] : 0x00 (0) [862] : 0x00 (0) [863] : 0x00 (0) [864] : 0x00 (0) [865] : 0x00 (0) [866] : 0x00 (0) [867] : 0x00 (0) [868] : 0x00 (0) [869] : 0x00 (0) [870] : 0x00 (0) [871] : 0x00 (0) [872] : 0x00 (0) [873] : 0x00 (0) [874] : 0x00 (0) [875] : 0x00 (0) [876] : 0x00 (0) [877] : 0x00 (0) [878] : 0x00 (0) [879] : 0x00 (0) [880] : 0x00 (0) [881] : 0x00 (0) [882] : 0x00 (0) [883] : 0x00 (0) [884] : 0x00 (0) [885] : 0x00 (0) [886] : 0x00 (0) [887] : 0x00 (0) [888] : 0x00 (0) [889] : 0x00 (0) [890] : 0x00 (0) [891] : 0x00 (0) [892] : 0x00 (0) [893] : 0x00 (0) [894] : 0x00 (0) [895] : 0x00 (0) [896] : 0x00 (0) [897] : 0x00 (0) [898] : 0x00 (0) [899] : 0x00 (0) [900] : 0x00 (0) [901] : 0x00 (0) [902] : 0x00 (0) [903] : 0x00 (0) [904] : 0x00 (0) [905] : 0x00 (0) [906] : 0x00 (0) [907] : 0x00 (0) [908] : 0x00 (0) [909] : 0x00 (0) [910] : 0x00 (0) [911] : 0x00 (0) [912] : 0x00 (0) [913] : 0x00 (0) [914] : 0x00 (0) [915] : 0x00 (0) [916] : 0x00 (0) [917] : 0x00 (0) [918] : 0x00 (0) [919] : 0x00 (0) [920] : 0x00 (0) [921] : 0x00 (0) [922] : 0x00 (0) [923] : 0x00 (0) [924] : 0x00 (0) [925] : 0x00 (0) [926] : 0x00 (0) [927] : 0x00 (0) [928] : 0x01 (1) [929] : 0x00 (0) [930] : 0x00 (0) [931] : 0x00 (0) [932] : 0x00 (0) [933] : 0x00 (0) [934] : 0x00 (0) [935] : 0x00 (0) [936] : 0x00 (0) [937] : 0x00 (0) [938] : 0x00 (0) [939] : 0x00 (0) [940] : 0x00 (0) [941] : 0x00 (0) [942] : 0x00 (0) [943] : 0x00 (0) [944] : 0x80 (128) [945] : 0x00 (0) [946] : 0x00 (0) [947] : 0x00 (0) [948] : 0x53 (83) [949] : 0x4d (77) [950] : 0x54 (84) [951] : 0x4a (74) [952] : 0x00 (0) [953] : 0x00 (0) [954] : 0x00 (0) [955] : 0x00 (0) [956] : 0x10 (16) [957] : 0x00 (0) [958] : 0x70 (112) [959] : 0x00 (0) [960] : 0x49 (73) [961] : 0x00 (0) [962] : 0x53 (83) [963] : 0x00 (0) [964] : 0x65 (101) [965] : 0x00 (0) [966] : 0x72 (114) [967] : 0x00 (0) [968] : 0x76 (118) [969] : 0x00 (0) [970] : 0x20 (32) [971] : 0x00 (0) [972] : 0x50 (80) [973] : 0x00 (0) [974] : 0x72 (114) [975] : 0x00 (0) [976] : 0x69 (105) [977] : 0x00 (0) [978] : 0x6e (110) [979] : 0x00 (0) [980] : 0x74 (116) [981] : 0x00 (0) [982] : 0x20 (32) [983] : 0x00 (0) [984] : 0x44 (68) [985] : 0x00 (0) [986] : 0x72 (114) [987] : 0x00 (0) [988] : 0x69 (105) [989] : 0x00 (0) [990] : 0x76 (118) [991] : 0x00 (0) [992] : 0x65 (101) [993] : 0x00 (0) [994] : 0x72 (114) [995] : 0x00 (0) [996] : 0x00 (0) [997] : 0x00 (0) [998] : 0x52 (82) [999] : 0x65 (101) [1000] : 0x73 (115) [1001] : 0x6f (111) [1002] : 0x6c (108) [1003] : 0x75 (117) [1004] : 0x74 (116) [1005] : 0x69 (105) [1006] : 0x6f (111) [1007] : 0x6e (110) [1008] : 0x00 (0) [1009] : 0x36 (54) [1010] : 0x30 (48) [1011] : 0x30 (48) [1012] : 0x64 (100) [1013] : 0x70 (112) [1014] : 0x69 (105) [1015] : 0x00 (0) [1016] : 0x50 (80) [1017] : 0x61 (97) [1018] : 0x67 (103) [1019] : 0x65 (101) [1020] : 0x53 (83) [1021] : 0x69 (105) [1022] : 0x7a (122) [1023] : 0x65 (101) [1024] : 0x00 (0) [1025] : 0x41 (65) [1026] : 0x34 (52) [1027] : 0x00 (0) [1028] : 0x50 (80) [1029] : 0x61 (97) [1030] : 0x67 (103) [1031] : 0x65 (101) [1032] : 0x52 (82) [1033] : 0x65 (101) [1034] : 0x67 (103) [1035] : 0x69 (105) [1036] : 0x6f (111) [1037] : 0x6e (110) [1038] : 0x00 (0) [1039] : 0x00 (0) [1040] : 0x00 (0) [1041] : 0x00 (0) [1042] : 0x00 (0) [1043] : 0x00 (0) [1044] : 0x00 (0) [1045] : 0x00 (0) [1046] : 0x00 (0) [1047] : 0x00 (0) [1048] : 0x00 (0) [1049] : 0x00 (0) [1050] : 0x00 (0) [1051] : 0x00 (0) [1052] : 0x00 (0) [1053] : 0x00 (0) [1054] : 0x00 (0) [1055] : 0x00 (0) [1056] : 0x00 (0) [1057] : 0x00 (0) [1058] : 0x00 (0) [1059] : 0x00 (0) [1060] : 0x00 (0) [1061] : 0x00 (0) [1062] : 0x00 (0) [1063] : 0x00 (0) [1064] : 0x00 (0) [1065] : 0x00 (0) [1066] : 0x00 (0) [1067] : 0x00 (0) [1068] : 0x00 (0) [1069] : 0x00 (0) [1070] : 0x00 (0) [1071] : 0x00 (0) size : * size : 0x00000430 (1072) length : * length : 0x00000430 (1072) result : WERR_OK [2016/11/10 14:56:30.604920, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000010-0000-0000-2458-8e7c274a0000 enum_index : 0x00000011 (17) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.605001, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.605027, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer] [2016/11/10 14:56:30.605039, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x001e (30) size : 0x0024 (36) name : * name : 'Printer Driver' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x49 (73) [1] : 0x00 (0) [2] : 0x53 (83) [3] : 0x00 (0) [4] : 0x65 (101) [5] : 0x00 (0) [6] : 0x72 (114) [7] : 0x00 (0) [8] : 0x76 (118) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x20 (32) [23] : 0x00 (0) [24] : 0x44 (68) [25] : 0x00 (0) [26] : 0x72 (114) [27] : 0x00 (0) [28] : 0x69 (105) [29] : 0x00 (0) [30] : 0x76 (118) [31] : 0x00 (0) [32] : 0x65 (101) [33] : 0x00 (0) [34] : 0x72 (114) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2016/11/10 14:56:30.605256, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000010-0000-0000-2458-8e7c274a0000 enum_index : 0x00000012 (18) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.605336, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.605361, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer] [2016/11/10 14:56:30.605375, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x7f (127) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2016/11/10 14:56:30.605489, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000010-0000-0000-2458-8e7c274a0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2016/11/10 14:56:30.605559, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.605583, 7, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer] [2016/11/10 14:56:30.605593, 7, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/11/10 14:56:30.605606, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x00000430 (1072) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2016/11/10 14:56:30.605661, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000010-0000-0000-2458-8e7c274a0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x00000430 (1072) data_length : * data_length : 0x00000000 (0) [2016/11/10 14:56:30.605740, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.605764, 7, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer] [2016/11/10 14:56:30.605773, 7, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/11/10 14:56:30.605786, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(1072) [0] : 0x5c (92) [1] : 0x00 (0) [2] : 0x5c (92) [3] : 0x00 (0) [4] : 0x31 (49) [5] : 0x00 (0) [6] : 0x39 (57) [7] : 0x00 (0) [8] : 0x32 (50) [9] : 0x00 (0) [10] : 0x2e (46) [11] : 0x00 (0) [12] : 0x31 (49) [13] : 0x00 (0) [14] : 0x36 (54) [15] : 0x00 (0) [16] : 0x38 (56) [17] : 0x00 (0) [18] : 0x2e (46) [19] : 0x00 (0) [20] : 0x39 (57) [21] : 0x00 (0) [22] : 0x30 (48) [23] : 0x00 (0) [24] : 0x2e (46) [25] : 0x00 (0) [26] : 0x31 (49) [27] : 0x00 (0) [28] : 0x33 (51) [29] : 0x00 (0) [30] : 0x5c (92) [31] : 0x00 (0) [32] : 0x49 (73) [33] : 0x00 (0) [34] : 0x53 (83) [35] : 0x00 (0) [36] : 0x65 (101) [37] : 0x00 (0) [38] : 0x72 (114) [39] : 0x00 (0) [40] : 0x76 (118) [41] : 0x00 (0) [42] : 0x20 (32) [43] : 0x00 (0) [44] : 0x50 (80) [45] : 0x00 (0) [46] : 0x72 (114) [47] : 0x00 (0) [48] : 0x69 (105) [49] : 0x00 (0) [50] : 0x6e (110) [51] : 0x00 (0) [52] : 0x74 (116) [53] : 0x00 (0) [54] : 0x20 (32) [55] : 0x00 (0) [56] : 0x44 (68) [57] : 0x00 (0) [58] : 0x72 (114) [59] : 0x00 (0) [60] : 0x69 (105) [61] : 0x00 (0) [62] : 0x00 (0) [63] : 0x00 (0) [64] : 0x01 (1) [65] : 0x04 (4) [66] : 0x00 (0) [67] : 0x06 (6) [68] : 0xdc (220) [69] : 0x00 (0) [70] : 0x54 (84) [71] : 0x03 (3) [72] : 0x53 (83) [73] : 0xef (239) [74] : 0x81 (129) [75] : 0x01 (1) [76] : 0x01 (1) [77] : 0x00 (0) [78] : 0x09 (9) [79] : 0x00 (0) [80] : 0xea (234) [81] : 0x0a (10) [82] : 0x6f (111) [83] : 0x08 (8) [84] : 0x64 (100) [85] : 0x00 (0) [86] : 0x01 (1) [87] : 0x00 (0) [88] : 0x0f (15) [89] : 0x00 (0) [90] : 0x58 (88) [91] : 0x02 (2) [92] : 0x02 (2) [93] : 0x00 (0) [94] : 0x01 (1) [95] : 0x00 (0) [96] : 0x58 (88) [97] : 0x02 (2) [98] : 0x03 (3) [99] : 0x00 (0) [100] : 0x01 (1) [101] : 0x00 (0) [102] : 0x41 (65) [103] : 0x00 (0) [104] : 0x34 (52) [105] : 0x00 (0) [106] : 0x00 (0) [107] : 0x00 (0) [108] : 0x00 (0) [109] : 0x00 (0) [110] : 0x00 (0) [111] : 0x00 (0) [112] : 0x00 (0) [113] : 0x00 (0) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x00 (0) [120] : 0x00 (0) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x00 (0) [125] : 0x00 (0) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x00 (0) [132] : 0x00 (0) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0x00 (0) [137] : 0x00 (0) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x00 (0) [144] : 0x00 (0) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x00 (0) [149] : 0x00 (0) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x00 (0) [154] : 0x00 (0) [155] : 0x00 (0) [156] : 0x00 (0) [157] : 0x00 (0) [158] : 0x00 (0) [159] : 0x00 (0) [160] : 0x00 (0) [161] : 0x00 (0) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x00 (0) [168] : 0x00 (0) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x00 (0) [173] : 0x00 (0) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x00 (0) [178] : 0x00 (0) [179] : 0x00 (0) [180] : 0x01 (1) [181] : 0x00 (0) [182] : 0x00 (0) [183] : 0x00 (0) [184] : 0x00 (0) [185] : 0x00 (0) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x01 (1) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x00 (0) [192] : 0x02 (2) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x01 (1) [197] : 0x00 (0) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x00 (0) [202] : 0x00 (0) [203] : 0x00 (0) [204] : 0x00 (0) [205] : 0x00 (0) [206] : 0x00 (0) [207] : 0x00 (0) [208] : 0x00 (0) [209] : 0x00 (0) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x00 (0) [216] : 0x00 (0) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x50 (80) [221] : 0x52 (82) [222] : 0x49 (73) [223] : 0x56 (86) [224] : 0xe2 (226) [225] : 0x30 (48) [226] : 0x00 (0) [227] : 0x00 (0) [228] : 0x00 (0) [229] : 0x00 (0) [230] : 0x00 (0) [231] : 0x00 (0) [232] : 0x00 (0) [233] : 0x00 (0) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x00 (0) [240] : 0x00 (0) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x00 (0) [245] : 0x00 (0) [246] : 0x00 (0) [247] : 0x00 (0) [248] : 0x00 (0) [249] : 0x00 (0) [250] : 0x00 (0) [251] : 0x00 (0) [252] : 0x00 (0) [253] : 0x00 (0) [254] : 0x00 (0) [255] : 0x00 (0) [256] : 0x00 (0) [257] : 0x00 (0) [258] : 0x00 (0) [259] : 0x00 (0) [260] : 0x00 (0) [261] : 0x00 (0) [262] : 0x00 (0) [263] : 0x00 (0) [264] : 0x00 (0) [265] : 0x00 (0) [266] : 0x00 (0) [267] : 0x00 (0) [268] : 0x00 (0) [269] : 0x00 (0) [270] : 0x00 (0) [271] : 0x00 (0) [272] : 0x00 (0) [273] : 0x00 (0) [274] : 0x00 (0) [275] : 0x00 (0) [276] : 0x00 (0) [277] : 0x00 (0) [278] : 0x00 (0) [279] : 0x00 (0) [280] : 0x00 (0) [281] : 0x00 (0) [282] : 0x00 (0) [283] : 0x00 (0) [284] : 0x00 (0) [285] : 0x00 (0) [286] : 0x00 (0) [287] : 0x00 (0) [288] : 0x00 (0) [289] : 0x00 (0) [290] : 0x00 (0) [291] : 0x00 (0) [292] : 0x00 (0) [293] : 0x00 (0) [294] : 0x00 (0) [295] : 0x00 (0) [296] : 0x00 (0) [297] : 0x00 (0) [298] : 0x00 (0) [299] : 0x00 (0) [300] : 0x00 (0) [301] : 0x00 (0) [302] : 0x00 (0) [303] : 0x00 (0) [304] : 0x00 (0) [305] : 0x00 (0) [306] : 0x00 (0) [307] : 0x00 (0) [308] : 0x18 (24) [309] : 0x00 (0) [310] : 0x00 (0) [311] : 0x00 (0) [312] : 0x00 (0) [313] : 0x00 (0) [314] : 0x10 (16) [315] : 0x27 (39) [316] : 0x10 (16) [317] : 0x27 (39) [318] : 0x10 (16) [319] : 0x27 (39) [320] : 0x00 (0) [321] : 0x00 (0) [322] : 0x10 (16) [323] : 0x27 (39) [324] : 0x00 (0) [325] : 0x00 (0) [326] : 0x00 (0) [327] : 0x00 (0) [328] : 0x00 (0) [329] : 0x00 (0) [330] : 0x00 (0) [331] : 0x00 (0) [332] : 0x80 (128) [333] : 0x00 (0) [334] : 0x54 (84) [335] : 0x03 (3) [336] : 0x00 (0) [337] : 0x00 (0) [338] : 0x00 (0) [339] : 0x00 (0) [340] : 0x00 (0) [341] : 0x00 (0) [342] : 0x00 (0) [343] : 0x00 (0) [344] : 0x00 (0) [345] : 0x00 (0) [346] : 0x00 (0) [347] : 0x00 (0) [348] : 0x00 (0) [349] : 0x00 (0) [350] : 0x00 (0) [351] : 0x00 (0) [352] : 0x00 (0) [353] : 0x00 (0) [354] : 0x00 (0) [355] : 0x00 (0) [356] : 0x00 (0) [357] : 0x00 (0) [358] : 0x00 (0) [359] : 0x00 (0) [360] : 0x03 (3) [361] : 0x00 (0) [362] : 0x00 (0) [363] : 0x00 (0) [364] : 0x00 (0) [365] : 0x00 (0) [366] : 0x00 (0) [367] : 0x00 (0) [368] : 0x00 (0) [369] : 0x00 (0) [370] : 0x10 (16) [371] : 0x00 (0) [372] : 0x50 (80) [373] : 0x34 (52) [374] : 0x03 (3) [375] : 0x00 (0) [376] : 0x28 (40) [377] : 0x88 (136) [378] : 0x04 (4) [379] : 0x00 (0) [380] : 0x00 (0) [381] : 0x00 (0) [382] : 0x00 (0) [383] : 0x00 (0) [384] : 0x00 (0) [385] : 0x00 (0) [386] : 0x00 (0) [387] : 0x00 (0) [388] : 0x00 (0) [389] : 0x00 (0) [390] : 0x01 (1) [391] : 0x00 (0) [392] : 0x00 (0) [393] : 0x00 (0) [394] : 0x00 (0) [395] : 0x00 (0) [396] : 0x00 (0) [397] : 0x00 (0) [398] : 0x00 (0) [399] : 0x00 (0) [400] : 0x00 (0) [401] : 0x00 (0) [402] : 0x00 (0) [403] : 0x00 (0) [404] : 0x00 (0) [405] : 0x00 (0) [406] : 0x00 (0) [407] : 0x00 (0) [408] : 0x24 (36) [409] : 0x01 (1) [410] : 0xdf (223) [411] : 0x8c (140) [412] : 0x03 (3) [413] : 0x00 (0) [414] : 0x00 (0) [415] : 0x00 (0) [416] : 0x05 (5) [417] : 0x00 (0) [418] : 0x0b (11) [419] : 0x00 (0) [420] : 0xff (255) [421] : 0x00 (0) [422] : 0x00 (0) [423] : 0x00 (0) [424] : 0x00 (0) [425] : 0x00 (0) [426] : 0x00 (0) [427] : 0x00 (0) [428] : 0x00 (0) [429] : 0x00 (0) [430] : 0x00 (0) [431] : 0x00 (0) [432] : 0x00 (0) [433] : 0x00 (0) [434] : 0x00 (0) [435] : 0x00 (0) [436] : 0x00 (0) [437] : 0x00 (0) [438] : 0x00 (0) [439] : 0x00 (0) [440] : 0x00 (0) [441] : 0x00 (0) [442] : 0x00 (0) [443] : 0x00 (0) [444] : 0x00 (0) [445] : 0x00 (0) [446] : 0x00 (0) [447] : 0x00 (0) [448] : 0x00 (0) [449] : 0x00 (0) [450] : 0x00 (0) [451] : 0x00 (0) [452] : 0x00 (0) [453] : 0x00 (0) [454] : 0x00 (0) [455] : 0x00 (0) [456] : 0x00 (0) [457] : 0x00 (0) [458] : 0x00 (0) [459] : 0x00 (0) [460] : 0x00 (0) [461] : 0x00 (0) [462] : 0x00 (0) [463] : 0x00 (0) [464] : 0x00 (0) [465] : 0x00 (0) [466] : 0x00 (0) [467] : 0x00 (0) [468] : 0x00 (0) [469] : 0x00 (0) [470] : 0x00 (0) [471] : 0x00 (0) [472] : 0x00 (0) [473] : 0x00 (0) [474] : 0x00 (0) [475] : 0x00 (0) [476] : 0x00 (0) [477] : 0x00 (0) [478] : 0x00 (0) [479] : 0x00 (0) [480] : 0x00 (0) [481] : 0x00 (0) [482] : 0x00 (0) [483] : 0x00 (0) [484] : 0x00 (0) [485] : 0x00 (0) [486] : 0x00 (0) [487] : 0x00 (0) [488] : 0x00 (0) [489] : 0x00 (0) [490] : 0x00 (0) [491] : 0x00 (0) [492] : 0x00 (0) [493] : 0x00 (0) [494] : 0x00 (0) [495] : 0x00 (0) [496] : 0x00 (0) [497] : 0x00 (0) [498] : 0x00 (0) [499] : 0x00 (0) [500] : 0x00 (0) [501] : 0x00 (0) [502] : 0x00 (0) [503] : 0x00 (0) [504] : 0x00 (0) [505] : 0x00 (0) [506] : 0x00 (0) [507] : 0x00 (0) [508] : 0x00 (0) [509] : 0x00 (0) [510] : 0x00 (0) [511] : 0x00 (0) [512] : 0x00 (0) [513] : 0x00 (0) [514] : 0x00 (0) [515] : 0x00 (0) [516] : 0x00 (0) [517] : 0x00 (0) [518] : 0x00 (0) [519] : 0x00 (0) [520] : 0x00 (0) [521] : 0x00 (0) [522] : 0x00 (0) [523] : 0x00 (0) [524] : 0x00 (0) [525] : 0x00 (0) [526] : 0x00 (0) [527] : 0x00 (0) [528] : 0x00 (0) [529] : 0x00 (0) [530] : 0x00 (0) [531] : 0x00 (0) [532] : 0x00 (0) [533] : 0x00 (0) [534] : 0x00 (0) [535] : 0x00 (0) [536] : 0x00 (0) [537] : 0x00 (0) [538] : 0x00 (0) [539] : 0x00 (0) [540] : 0x00 (0) [541] : 0x00 (0) [542] : 0x00 (0) [543] : 0x00 (0) [544] : 0x00 (0) [545] : 0x00 (0) [546] : 0x00 (0) [547] : 0x00 (0) [548] : 0x00 (0) [549] : 0x00 (0) [550] : 0x00 (0) [551] : 0x00 (0) [552] : 0x00 (0) [553] : 0x00 (0) [554] : 0x00 (0) [555] : 0x00 (0) [556] : 0x00 (0) [557] : 0x00 (0) [558] : 0x00 (0) [559] : 0x00 (0) [560] : 0x00 (0) [561] : 0x00 (0) [562] : 0x00 (0) [563] : 0x00 (0) [564] : 0x00 (0) [565] : 0x00 (0) [566] : 0x00 (0) [567] : 0x00 (0) [568] : 0x00 (0) [569] : 0x00 (0) [570] : 0x00 (0) [571] : 0x00 (0) [572] : 0x00 (0) [573] : 0x00 (0) [574] : 0x00 (0) [575] : 0x00 (0) [576] : 0x00 (0) [577] : 0x00 (0) [578] : 0x00 (0) [579] : 0x00 (0) [580] : 0x00 (0) [581] : 0x00 (0) [582] : 0x00 (0) [583] : 0x00 (0) [584] : 0x00 (0) [585] : 0x00 (0) [586] : 0x00 (0) [587] : 0x00 (0) [588] : 0x00 (0) [589] : 0x00 (0) [590] : 0x00 (0) [591] : 0x00 (0) [592] : 0x00 (0) [593] : 0x00 (0) [594] : 0x00 (0) [595] : 0x00 (0) [596] : 0x00 (0) [597] : 0x00 (0) [598] : 0x00 (0) [599] : 0x00 (0) [600] : 0x00 (0) [601] : 0x00 (0) [602] : 0x00 (0) [603] : 0x00 (0) [604] : 0x00 (0) [605] : 0x00 (0) [606] : 0x00 (0) [607] : 0x00 (0) [608] : 0x00 (0) [609] : 0x00 (0) [610] : 0x00 (0) [611] : 0x00 (0) [612] : 0x00 (0) [613] : 0x00 (0) [614] : 0x00 (0) [615] : 0x00 (0) [616] : 0x00 (0) [617] : 0x00 (0) [618] : 0x00 (0) [619] : 0x00 (0) [620] : 0x00 (0) [621] : 0x00 (0) [622] : 0x00 (0) [623] : 0x00 (0) [624] : 0x00 (0) [625] : 0x00 (0) [626] : 0x00 (0) [627] : 0x00 (0) [628] : 0x00 (0) [629] : 0x00 (0) [630] : 0x00 (0) [631] : 0x00 (0) [632] : 0x00 (0) [633] : 0x00 (0) [634] : 0x00 (0) [635] : 0x00 (0) [636] : 0x00 (0) [637] : 0x00 (0) [638] : 0x00 (0) [639] : 0x00 (0) [640] : 0x00 (0) [641] : 0x00 (0) [642] : 0x00 (0) [643] : 0x00 (0) [644] : 0x00 (0) [645] : 0x00 (0) [646] : 0x00 (0) [647] : 0x00 (0) [648] : 0x00 (0) [649] : 0x00 (0) [650] : 0x00 (0) [651] : 0x00 (0) [652] : 0x00 (0) [653] : 0x00 (0) [654] : 0x00 (0) [655] : 0x00 (0) [656] : 0x00 (0) [657] : 0x00 (0) [658] : 0x00 (0) [659] : 0x00 (0) [660] : 0x00 (0) [661] : 0x00 (0) [662] : 0x00 (0) [663] : 0x00 (0) [664] : 0x00 (0) [665] : 0x00 (0) [666] : 0x00 (0) [667] : 0x00 (0) [668] : 0x00 (0) [669] : 0x00 (0) [670] : 0x00 (0) [671] : 0x00 (0) [672] : 0x00 (0) [673] : 0x00 (0) [674] : 0x00 (0) [675] : 0x00 (0) [676] : 0x00 (0) [677] : 0x00 (0) [678] : 0x00 (0) [679] : 0x00 (0) [680] : 0x00 (0) [681] : 0x00 (0) [682] : 0x00 (0) [683] : 0x00 (0) [684] : 0x00 (0) [685] : 0x00 (0) [686] : 0x00 (0) [687] : 0x00 (0) [688] : 0x00 (0) [689] : 0x00 (0) [690] : 0x00 (0) [691] : 0x00 (0) [692] : 0x00 (0) [693] : 0x00 (0) [694] : 0x00 (0) [695] : 0x00 (0) [696] : 0x00 (0) [697] : 0x00 (0) [698] : 0x00 (0) [699] : 0x00 (0) [700] : 0x00 (0) [701] : 0x00 (0) [702] : 0x00 (0) [703] : 0x00 (0) [704] : 0x00 (0) [705] : 0x00 (0) [706] : 0x00 (0) [707] : 0x00 (0) [708] : 0x00 (0) [709] : 0x00 (0) [710] : 0x00 (0) [711] : 0x00 (0) [712] : 0x00 (0) [713] : 0x00 (0) [714] : 0x00 (0) [715] : 0x00 (0) [716] : 0x00 (0) [717] : 0x00 (0) [718] : 0x00 (0) [719] : 0x00 (0) [720] : 0x00 (0) [721] : 0x00 (0) [722] : 0x00 (0) [723] : 0x00 (0) [724] : 0x00 (0) [725] : 0x00 (0) [726] : 0x00 (0) [727] : 0x00 (0) [728] : 0x00 (0) [729] : 0x00 (0) [730] : 0x00 (0) [731] : 0x00 (0) [732] : 0x00 (0) [733] : 0x00 (0) [734] : 0x00 (0) [735] : 0x00 (0) [736] : 0x00 (0) [737] : 0x00 (0) [738] : 0x00 (0) [739] : 0x00 (0) [740] : 0x00 (0) [741] : 0x00 (0) [742] : 0x00 (0) [743] : 0x00 (0) [744] : 0x00 (0) [745] : 0x00 (0) [746] : 0x00 (0) [747] : 0x00 (0) [748] : 0x00 (0) [749] : 0x00 (0) [750] : 0x00 (0) [751] : 0x00 (0) [752] : 0x00 (0) [753] : 0x00 (0) [754] : 0x00 (0) [755] : 0x00 (0) [756] : 0x00 (0) [757] : 0x00 (0) [758] : 0x00 (0) [759] : 0x00 (0) [760] : 0x00 (0) [761] : 0x00 (0) [762] : 0x00 (0) [763] : 0x00 (0) [764] : 0x00 (0) [765] : 0x00 (0) [766] : 0x00 (0) [767] : 0x00 (0) [768] : 0x00 (0) [769] : 0x00 (0) [770] : 0x00 (0) [771] : 0x00 (0) [772] : 0x00 (0) [773] : 0x00 (0) [774] : 0x00 (0) [775] : 0x00 (0) [776] : 0x00 (0) [777] : 0x00 (0) [778] : 0x00 (0) [779] : 0x00 (0) [780] : 0x00 (0) [781] : 0x00 (0) [782] : 0x00 (0) [783] : 0x00 (0) [784] : 0x00 (0) [785] : 0x00 (0) [786] : 0x00 (0) [787] : 0x00 (0) [788] : 0x00 (0) [789] : 0x00 (0) [790] : 0x00 (0) [791] : 0x00 (0) [792] : 0x00 (0) [793] : 0x00 (0) [794] : 0x00 (0) [795] : 0x00 (0) [796] : 0x00 (0) [797] : 0x00 (0) [798] : 0x00 (0) [799] : 0x00 (0) [800] : 0x00 (0) [801] : 0x00 (0) [802] : 0x00 (0) [803] : 0x00 (0) [804] : 0x00 (0) [805] : 0x00 (0) [806] : 0x00 (0) [807] : 0x00 (0) [808] : 0x00 (0) [809] : 0x00 (0) [810] : 0x00 (0) [811] : 0x00 (0) [812] : 0x00 (0) [813] : 0x00 (0) [814] : 0x00 (0) [815] : 0x00 (0) [816] : 0x00 (0) [817] : 0x00 (0) [818] : 0x00 (0) [819] : 0x00 (0) [820] : 0x00 (0) [821] : 0x00 (0) [822] : 0x00 (0) [823] : 0x00 (0) [824] : 0x00 (0) [825] : 0x00 (0) [826] : 0x00 (0) [827] : 0x00 (0) [828] : 0x00 (0) [829] : 0x00 (0) [830] : 0x00 (0) [831] : 0x00 (0) [832] : 0x00 (0) [833] : 0x00 (0) [834] : 0x00 (0) [835] : 0x00 (0) [836] : 0x00 (0) [837] : 0x00 (0) [838] : 0x00 (0) [839] : 0x00 (0) [840] : 0x00 (0) [841] : 0x00 (0) [842] : 0x00 (0) [843] : 0x00 (0) [844] : 0x00 (0) [845] : 0x00 (0) [846] : 0x00 (0) [847] : 0x00 (0) [848] : 0x00 (0) [849] : 0x00 (0) [850] : 0x00 (0) [851] : 0x00 (0) [852] : 0x00 (0) [853] : 0x00 (0) [854] : 0x00 (0) [855] : 0x00 (0) [856] : 0x00 (0) [857] : 0x00 (0) [858] : 0x00 (0) [859] : 0x00 (0) [860] : 0x00 (0) [861] : 0x00 (0) [862] : 0x00 (0) [863] : 0x00 (0) [864] : 0x00 (0) [865] : 0x00 (0) [866] : 0x00 (0) [867] : 0x00 (0) [868] : 0x00 (0) [869] : 0x00 (0) [870] : 0x00 (0) [871] : 0x00 (0) [872] : 0x00 (0) [873] : 0x00 (0) [874] : 0x00 (0) [875] : 0x00 (0) [876] : 0x00 (0) [877] : 0x00 (0) [878] : 0x00 (0) [879] : 0x00 (0) [880] : 0x00 (0) [881] : 0x00 (0) [882] : 0x00 (0) [883] : 0x00 (0) [884] : 0x00 (0) [885] : 0x00 (0) [886] : 0x00 (0) [887] : 0x00 (0) [888] : 0x00 (0) [889] : 0x00 (0) [890] : 0x00 (0) [891] : 0x00 (0) [892] : 0x00 (0) [893] : 0x00 (0) [894] : 0x00 (0) [895] : 0x00 (0) [896] : 0x00 (0) [897] : 0x00 (0) [898] : 0x00 (0) [899] : 0x00 (0) [900] : 0x00 (0) [901] : 0x00 (0) [902] : 0x00 (0) [903] : 0x00 (0) [904] : 0x00 (0) [905] : 0x00 (0) [906] : 0x00 (0) [907] : 0x00 (0) [908] : 0x00 (0) [909] : 0x00 (0) [910] : 0x00 (0) [911] : 0x00 (0) [912] : 0x00 (0) [913] : 0x00 (0) [914] : 0x00 (0) [915] : 0x00 (0) [916] : 0x00 (0) [917] : 0x00 (0) [918] : 0x00 (0) [919] : 0x00 (0) [920] : 0x00 (0) [921] : 0x00 (0) [922] : 0x00 (0) [923] : 0x00 (0) [924] : 0x00 (0) [925] : 0x00 (0) [926] : 0x00 (0) [927] : 0x00 (0) [928] : 0x01 (1) [929] : 0x00 (0) [930] : 0x00 (0) [931] : 0x00 (0) [932] : 0x00 (0) [933] : 0x00 (0) [934] : 0x00 (0) [935] : 0x00 (0) [936] : 0x00 (0) [937] : 0x00 (0) [938] : 0x00 (0) [939] : 0x00 (0) [940] : 0x00 (0) [941] : 0x00 (0) [942] : 0x00 (0) [943] : 0x00 (0) [944] : 0x80 (128) [945] : 0x00 (0) [946] : 0x00 (0) [947] : 0x00 (0) [948] : 0x53 (83) [949] : 0x4d (77) [950] : 0x54 (84) [951] : 0x4a (74) [952] : 0x00 (0) [953] : 0x00 (0) [954] : 0x00 (0) [955] : 0x00 (0) [956] : 0x10 (16) [957] : 0x00 (0) [958] : 0x70 (112) [959] : 0x00 (0) [960] : 0x49 (73) [961] : 0x00 (0) [962] : 0x53 (83) [963] : 0x00 (0) [964] : 0x65 (101) [965] : 0x00 (0) [966] : 0x72 (114) [967] : 0x00 (0) [968] : 0x76 (118) [969] : 0x00 (0) [970] : 0x20 (32) [971] : 0x00 (0) [972] : 0x50 (80) [973] : 0x00 (0) [974] : 0x72 (114) [975] : 0x00 (0) [976] : 0x69 (105) [977] : 0x00 (0) [978] : 0x6e (110) [979] : 0x00 (0) [980] : 0x74 (116) [981] : 0x00 (0) [982] : 0x20 (32) [983] : 0x00 (0) [984] : 0x44 (68) [985] : 0x00 (0) [986] : 0x72 (114) [987] : 0x00 (0) [988] : 0x69 (105) [989] : 0x00 (0) [990] : 0x76 (118) [991] : 0x00 (0) [992] : 0x65 (101) [993] : 0x00 (0) [994] : 0x72 (114) [995] : 0x00 (0) [996] : 0x00 (0) [997] : 0x00 (0) [998] : 0x52 (82) [999] : 0x65 (101) [1000] : 0x73 (115) [1001] : 0x6f (111) [1002] : 0x6c (108) [1003] : 0x75 (117) [1004] : 0x74 (116) [1005] : 0x69 (105) [1006] : 0x6f (111) [1007] : 0x6e (110) [1008] : 0x00 (0) [1009] : 0x36 (54) [1010] : 0x30 (48) [1011] : 0x30 (48) [1012] : 0x64 (100) [1013] : 0x70 (112) [1014] : 0x69 (105) [1015] : 0x00 (0) [1016] : 0x50 (80) [1017] : 0x61 (97) [1018] : 0x67 (103) [1019] : 0x65 (101) [1020] : 0x53 (83) [1021] : 0x69 (105) [1022] : 0x7a (122) [1023] : 0x65 (101) [1024] : 0x00 (0) [1025] : 0x41 (65) [1026] : 0x34 (52) [1027] : 0x00 (0) [1028] : 0x50 (80) [1029] : 0x61 (97) [1030] : 0x67 (103) [1031] : 0x65 (101) [1032] : 0x52 (82) [1033] : 0x65 (101) [1034] : 0x67 (103) [1035] : 0x69 (105) [1036] : 0x6f (111) [1037] : 0x6e (110) [1038] : 0x00 (0) [1039] : 0x00 (0) [1040] : 0x00 (0) [1041] : 0x00 (0) [1042] : 0x00 (0) [1043] : 0x00 (0) [1044] : 0x00 (0) [1045] : 0x00 (0) [1046] : 0x00 (0) [1047] : 0x00 (0) [1048] : 0x00 (0) [1049] : 0x00 (0) [1050] : 0x00 (0) [1051] : 0x00 (0) [1052] : 0x00 (0) [1053] : 0x00 (0) [1054] : 0x00 (0) [1055] : 0x00 (0) [1056] : 0x00 (0) [1057] : 0x00 (0) [1058] : 0x00 (0) [1059] : 0x00 (0) [1060] : 0x00 (0) [1061] : 0x00 (0) [1062] : 0x00 (0) [1063] : 0x00 (0) [1064] : 0x00 (0) [1065] : 0x00 (0) [1066] : 0x00 (0) [1067] : 0x00 (0) [1068] : 0x00 (0) [1069] : 0x00 (0) [1070] : 0x00 (0) [1071] : 0x00 (0) data_size : * data_size : 0x00000430 (1072) data_length : * data_length : 0x00000430 (1072) result : WERR_OK [2016/11/10 14:56:30.609540, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/11/10 14:56:30.609590, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/11/10 14:56:30.609604, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/11/10 14:56:30.609621, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/11/10 14:56:30.609631, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/11/10 14:56:30.609641, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.609650, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM] [2016/11/10 14:56:30.609675, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.609701, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000011-0000-0000-2458-8e7c274a0000 result : WERR_OK [2016/11/10 14:56:30.609743, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000011-0000-0000-2458-8e7c274a0000 keyname: struct winreg_String name_len : 0x0088 (136) name_size : 0x0088 (136) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/11/10 14:56:30.609832, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.609857, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/11/10 14:56:30.609867, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (3->4) [2016/11/10 14:56:30.609877, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/11/10 14:56:30.609891, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/11/10 14:56:30.609901, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.609910, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE] [2016/11/10 14:56:30.609933, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/11/10 14:56:30.609944, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (4->5) [2016/11/10 14:56:30.609954, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.609963, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.609973, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.609982, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.610001, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/11/10 14:56:30.610011, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (5->6) [2016/11/10 14:56:30.610021, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.610030, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.610041, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.610049, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.610066, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/11/10 14:56:30.610076, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (6->7) [2016/11/10 14:56:30.610086, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.610095, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.610107, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.610115, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf76f87c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.610139, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/11/10 14:56:30.610151, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (7->8) [2016/11/10 14:56:30.610161, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.610171, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.610183, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.610192, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf76f87c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.610211, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/11/10 14:56:30.610221, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (8->9) [2016/11/10 14:56:30.610231, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.610241, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.610253, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.610262, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.610306, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [printer] [2016/11/10 14:56:30.610317, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (9->10) [2016/11/10 14:56:30.610328, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer] [2016/11/10 14:56:30.610338, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer] [2016/11/10 14:56:30.610350, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.610359, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer] [2016/11/10 14:56:30.610382, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (10->9) [2016/11/10 14:56:30.610392, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (9->8) [2016/11/10 14:56:30.610405, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (8->7) [2016/11/10 14:56:30.610415, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (7->6) [2016/11/10 14:56:30.610424, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (6->5) [2016/11/10 14:56:30.610434, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (5->4) [2016/11/10 14:56:30.610444, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 12 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.610468, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000012-0000-0000-2458-8e7c274a0000 result : WERR_OK [2016/11/10 14:56:30.610511, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000012-0000-0000-2458-8e7c274a0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2016/11/10 14:56:30.610580, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 12 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.610604, 7, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer] [2016/11/10 14:56:30.610614, 7, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/11/10 14:56:30.610623, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer' (ops 0xf7331040) [2016/11/10 14:56:30.610633, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer] [2016/11/10 14:56:30.610652, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[0]: name[Datatype] len[8] [2016/11/10 14:56:30.610666, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[1]: name[Default Priority] len[4] [2016/11/10 14:56:30.610676, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[2]: name[Location] len[2] [2016/11/10 14:56:30.610686, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[3]: name[Parameters] len[2] [2016/11/10 14:56:30.610695, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2016/11/10 14:56:30.610705, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[5]: name[Print Processor] len[18] [2016/11/10 14:56:30.610715, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[6]: name[Priority] len[4] [2016/11/10 14:56:30.610725, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[7]: name[Separator File] len[2] [2016/11/10 14:56:30.610735, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[8]: name[Share Name] len[16] [2016/11/10 14:56:30.610745, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[9]: name[StartTime] len[4] [2016/11/10 14:56:30.610756, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[10]: name[Status] len[4] [2016/11/10 14:56:30.610766, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2016/11/10 14:56:30.610776, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[12]: name[Description] len[36] [2016/11/10 14:56:30.610786, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[13]: name[Security] len[200] [2016/11/10 14:56:30.610797, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[14]: name[Name] len[16] [2016/11/10 14:56:30.610807, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[15]: name[Attributes] len[4] [2016/11/10 14:56:30.610819, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[16]: name[Default DevMode] len[1072] [2016/11/10 14:56:30.610830, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[17]: name[Printer Driver] len[38] [2016/11/10 14:56:30.610840, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[18]: name[ChangeID] len[4] [2016/11/10 14:56:30.610851, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000c8 (200) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2016/11/10 14:56:30.610902, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000012-0000-0000-2458-8e7c274a0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000c8 (200) data_length : * data_length : 0x00000000 (0) [2016/11/10 14:56:30.610984, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 12 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.611020, 7, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\printer] [2016/11/10 14:56:30.611032, 7, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/11/10 14:56:30.611045, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(200) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0x94 (148) [55] : 0x00 (0) [56] : 0x05 (5) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xae (174) [101] : 0x66 (102) [102] : 0x85 (133) [103] : 0x50 (80) [104] : 0xdc (220) [105] : 0x80 (128) [106] : 0xb5 (181) [107] : 0x88 (136) [108] : 0x63 (99) [109] : 0xbb (187) [110] : 0x04 (4) [111] : 0x8c (140) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xae (174) [137] : 0x66 (102) [138] : 0x85 (133) [139] : 0x50 (80) [140] : 0xdc (220) [141] : 0x80 (128) [142] : 0xb5 (181) [143] : 0x88 (136) [144] : 0x63 (99) [145] : 0xbb (187) [146] : 0x04 (4) [147] : 0x8c (140) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) data_size : * data_size : 0x000000c8 (200) data_length : * data_length : 0x000000c8 (200) result : WERR_OK [2016/11/10 14:56:30.611803, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000012-0000-0000-2458-8e7c274a0000 [2016/11/10 14:56:30.611833, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 12 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.611857, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 12 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.611880, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) Closed policy [2016/11/10 14:56:30.611891, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (4->3) [2016/11/10 14:56:30.611901, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/11/10 14:56:30.611942, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000011-0000-0000-2458-8e7c274a0000 [2016/11/10 14:56:30.611979, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.612015, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.612046, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) Closed policy [2016/11/10 14:56:30.612056, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/11/10 14:56:30.612066, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/11/10 14:56:30.612111, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000010-0000-0000-2458-8e7c274a0000 [2016/11/10 14:56:30.612140, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.612163, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.612186, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) Closed policy [2016/11/10 14:56:30.612196, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (2->1) [2016/11/10 14:56:30.612206, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/11/10 14:56:30.612244, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000f-0000-0000-2458-8e7c274a0000 [2016/11/10 14:56:30.612270, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0F 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.612294, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0F 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.612317, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) Closed policy [2016/11/10 14:56:30.612326, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (1->0) [2016/11/10 14:56:30.612394, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/11/10 14:56:30.612432, 10, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:418(close_policy_by_pipe) Deleted handle list for RPC connection winreg printername: printer [2016/11/10 14:56:30.612461, 4, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) Create pipe requested winreg [2016/11/10 14:56:30.612473, 10, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:223(init_pipe_handles) init_pipe_handle_list: created handle list for pipe winreg [2016/11/10 14:56:30.612483, 10, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:240(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg [2016/11/10 14:56:30.612509, 4, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) Created internal pipe winreg [2016/11/10 14:56:30.612534, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/11/10 14:56:30.612579, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/11/10 14:56:30.612595, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2016/11/10 14:56:30.612610, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:491(push_conn_ctx) push_conn_ctx(14969) : conn_ctx_stack_ndx = 0 [2016/11/10 14:56:30.612620, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2016/11/10 14:56:30.612630, 5, pid=18983, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/11/10 14:56:30.612639, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/11/10 14:56:30.612699, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2016/11/10 14:56:30.612711, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:885(regdb_open) regdb_open: registry db opened. refcount reset (1) [2016/11/10 14:56:30.612722, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/11/10 14:56:30.612731, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/11/10 14:56:30.612741, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.612750, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM] [2016/11/10 14:56:30.612780, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.612805, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000013-0000-0000-2458-8e7c274a0000 result : WERR_OK [2016/11/10 14:56:30.612848, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000013-0000-0000-2458-8e7c274a0000 keyname: struct winreg_String name_len : 0x00aa (170) name_size : 0x00aa (170) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaaaä' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/11/10 14:56:30.612947, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.612974, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/11/10 14:56:30.612984, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (1->2) [2016/11/10 14:56:30.612995, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/11/10 14:56:30.613004, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/11/10 14:56:30.613015, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.613024, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE] [2016/11/10 14:56:30.613046, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/11/10 14:56:30.613057, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/11/10 14:56:30.613067, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.613076, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.613086, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.613095, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.613117, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/11/10 14:56:30.613127, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (3->4) [2016/11/10 14:56:30.613137, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.613146, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.613157, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.613165, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.613183, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/11/10 14:56:30.613192, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (4->5) [2016/11/10 14:56:30.613205, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.613214, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.613225, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.613234, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf76f87c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.613258, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/11/10 14:56:30.613267, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (5->6) [2016/11/10 14:56:30.613277, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.613287, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.613298, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.613307, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf76f87c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.613324, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/11/10 14:56:30.613334, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (6->7) [2016/11/10 14:56:30.613344, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.613353, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.613365, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.613373, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.613417, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [aaaaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.613427, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (7->8) [2016/11/10 14:56:30.613437, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.613447, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.613461, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.613470, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.613494, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (8->7) [2016/11/10 14:56:30.613504, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (7->6) [2016/11/10 14:56:30.613514, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (6->5) [2016/11/10 14:56:30.613523, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (5->4) [2016/11/10 14:56:30.613533, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (4->3) [2016/11/10 14:56:30.613542, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/11/10 14:56:30.613552, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.613576, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000014-0000-0000-2458-8e7c274a0000 result : WERR_OK [2016/11/10 14:56:30.613617, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000014-0000-0000-2458-8e7c274a0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2016/11/10 14:56:30.613663, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.613689, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaaaä' (ops 0xf7331040) [2016/11/10 14:56:30.613699, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.613723, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2016/11/10 14:56:30.613734, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[1]: name[Datatype] len[8] [2016/11/10 14:56:30.613744, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[2]: name[Default Priority] len[4] [2016/11/10 14:56:30.613754, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[3]: name[Port] len[38] [2016/11/10 14:56:30.613764, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[4]: name[Name] len[50] [2016/11/10 14:56:30.613775, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[5]: name[Print Processor] len[18] [2016/11/10 14:56:30.613785, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[6]: name[Priority] len[4] [2016/11/10 14:56:30.613795, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[7]: name[Security] len[248] [2016/11/10 14:56:30.613806, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[8]: name[Share Name] len[50] [2016/11/10 14:56:30.613816, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[9]: name[StartTime] len[4] [2016/11/10 14:56:30.613826, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[10]: name[UntilTime] len[4] [2016/11/10 14:56:30.613836, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[11]: name[Description] len[60] [2016/11/10 14:56:30.613847, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[12]: name[Printer Driver] len[38] [2016/11/10 14:56:30.613858, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[13]: name[Location] len[2] [2016/11/10 14:56:30.613868, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[14]: name[Parameters] len[2] [2016/11/10 14:56:30.613878, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[15]: name[Separator File] len[2] [2016/11/10 14:56:30.613889, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[16]: name[Status] len[4] [2016/11/10 14:56:30.613901, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[17]: name[Default DevMode] len[1072] [2016/11/10 14:56:30.613912, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[18]: name[ChangeID] len[4] [2016/11/10 14:56:30.613922, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.613944, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x00000013 (19) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x00000430 (1072) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2016/11/10 14:56:30.614037, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000014-0000-0000-2458-8e7c274a0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.614113, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.614137, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.614148, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2016/11/10 14:56:30.614236, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000014-0000-0000-2458-8e7c274a0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.614312, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.614335, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.614346, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2016/11/10 14:56:30.614441, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000014-0000-0000-2458-8e7c274a0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.614518, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.614541, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.614551, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2016/11/10 14:56:30.614636, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000014-0000-0000-2458-8e7c274a0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.614712, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.614738, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.614749, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2016/11/10 14:56:30.614947, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000014-0000-0000-2458-8e7c274a0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.615023, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.615046, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.615057, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(50) [0] : 0x61 (97) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x61 (97) [5] : 0x00 (0) [6] : 0x61 (97) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x61 (97) [11] : 0x00 (0) [12] : 0x61 (97) [13] : 0x00 (0) [14] : 0x61 (97) [15] : 0x00 (0) [16] : 0x61 (97) [17] : 0x00 (0) [18] : 0x61 (97) [19] : 0x00 (0) [20] : 0x61 (97) [21] : 0x00 (0) [22] : 0x61 (97) [23] : 0x00 (0) [24] : 0x61 (97) [25] : 0x00 (0) [26] : 0x61 (97) [27] : 0x00 (0) [28] : 0x61 (97) [29] : 0x00 (0) [30] : 0x61 (97) [31] : 0x00 (0) [32] : 0x61 (97) [33] : 0x00 (0) [34] : 0x61 (97) [35] : 0x00 (0) [36] : 0x61 (97) [37] : 0x00 (0) [38] : 0x61 (97) [39] : 0x00 (0) [40] : 0x61 (97) [41] : 0x00 (0) [42] : 0x61 (97) [43] : 0x00 (0) [44] : 0x61 (97) [45] : 0x00 (0) [46] : 0xe4 (228) [47] : 0x00 (0) [48] : 0x00 (0) [49] : 0x00 (0) size : * size : 0x00000032 (50) length : * length : 0x00000032 (50) result : WERR_OK [2016/11/10 14:56:30.615299, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000014-0000-0000-2458-8e7c274a0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.615373, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.615397, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.615408, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2016/11/10 14:56:30.615544, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000014-0000-0000-2458-8e7c274a0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.615620, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.615643, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.615654, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2016/11/10 14:56:30.615733, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000014-0000-0000-2458-8e7c274a0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.615810, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.615833, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.615844, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xae (174) [101] : 0x66 (102) [102] : 0x85 (133) [103] : 0x50 (80) [104] : 0xdc (220) [105] : 0x80 (128) [106] : 0xb5 (181) [107] : 0x88 (136) [108] : 0x63 (99) [109] : 0xbb (187) [110] : 0x04 (4) [111] : 0x8c (140) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xae (174) [137] : 0x66 (102) [138] : 0x85 (133) [139] : 0x50 (80) [140] : 0xdc (220) [141] : 0x80 (128) [142] : 0xb5 (181) [143] : 0x88 (136) [144] : 0x63 (99) [145] : 0xbb (187) [146] : 0x04 (4) [147] : 0x8c (140) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) size : * size : 0x000000f8 (248) length : * length : 0x000000f8 (248) result : WERR_OK [2016/11/10 14:56:30.616869, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000014-0000-0000-2458-8e7c274a0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.616949, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.616974, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.616986, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(50) [0] : 0x61 (97) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x61 (97) [5] : 0x00 (0) [6] : 0x61 (97) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x61 (97) [11] : 0x00 (0) [12] : 0x61 (97) [13] : 0x00 (0) [14] : 0x61 (97) [15] : 0x00 (0) [16] : 0x61 (97) [17] : 0x00 (0) [18] : 0x61 (97) [19] : 0x00 (0) [20] : 0x61 (97) [21] : 0x00 (0) [22] : 0x61 (97) [23] : 0x00 (0) [24] : 0x61 (97) [25] : 0x00 (0) [26] : 0x61 (97) [27] : 0x00 (0) [28] : 0x61 (97) [29] : 0x00 (0) [30] : 0x61 (97) [31] : 0x00 (0) [32] : 0x61 (97) [33] : 0x00 (0) [34] : 0x61 (97) [35] : 0x00 (0) [36] : 0x61 (97) [37] : 0x00 (0) [38] : 0x61 (97) [39] : 0x00 (0) [40] : 0x61 (97) [41] : 0x00 (0) [42] : 0x61 (97) [43] : 0x00 (0) [44] : 0x61 (97) [45] : 0x00 (0) [46] : 0xe4 (228) [47] : 0x00 (0) [48] : 0x00 (0) [49] : 0x00 (0) size : * size : 0x00000032 (50) length : * length : 0x00000032 (50) result : WERR_OK [2016/11/10 14:56:30.617249, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000014-0000-0000-2458-8e7c274a0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.617324, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.617348, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.617361, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2016/11/10 14:56:30.617455, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000014-0000-0000-2458-8e7c274a0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.617530, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.617554, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.617565, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2016/11/10 14:56:30.617653, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000014-0000-0000-2458-8e7c274a0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.617727, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.617752, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.617763, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(60) [0] : 0x61 (97) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x61 (97) [5] : 0x00 (0) [6] : 0x61 (97) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x61 (97) [11] : 0x00 (0) [12] : 0x61 (97) [13] : 0x00 (0) [14] : 0x61 (97) [15] : 0x00 (0) [16] : 0x61 (97) [17] : 0x00 (0) [18] : 0x61 (97) [19] : 0x00 (0) [20] : 0x61 (97) [21] : 0x00 (0) [22] : 0x61 (97) [23] : 0x00 (0) [24] : 0x61 (97) [25] : 0x00 (0) [26] : 0x61 (97) [27] : 0x00 (0) [28] : 0x61 (97) [29] : 0x00 (0) [30] : 0x61 (97) [31] : 0x00 (0) [32] : 0x61 (97) [33] : 0x00 (0) [34] : 0x61 (97) [35] : 0x00 (0) [36] : 0x61 (97) [37] : 0x00 (0) [38] : 0x61 (97) [39] : 0x00 (0) [40] : 0x61 (97) [41] : 0x00 (0) [42] : 0x61 (97) [43] : 0x00 (0) [44] : 0x61 (97) [45] : 0x00 (0) [46] : 0xe4 (228) [47] : 0x00 (0) [48] : 0x2c (44) [49] : 0x00 (0) [50] : 0x20 (32) [51] : 0x00 (0) [52] : 0x30 (48) [53] : 0x00 (0) [54] : 0x2b (43) [55] : 0x00 (0) [56] : 0x30 (48) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) size : * size : 0x0000003c (60) length : * length : 0x0000003c (60) result : WERR_OK [2016/11/10 14:56:30.618066, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000014-0000-0000-2458-8e7c274a0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.618141, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.618168, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.618179, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x001e (30) size : 0x0024 (36) name : * name : 'Printer Driver' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x49 (73) [1] : 0x00 (0) [2] : 0x53 (83) [3] : 0x00 (0) [4] : 0x65 (101) [5] : 0x00 (0) [6] : 0x72 (114) [7] : 0x00 (0) [8] : 0x76 (118) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x20 (32) [23] : 0x00 (0) [24] : 0x44 (68) [25] : 0x00 (0) [26] : 0x72 (114) [27] : 0x00 (0) [28] : 0x69 (105) [29] : 0x00 (0) [30] : 0x76 (118) [31] : 0x00 (0) [32] : 0x65 (101) [33] : 0x00 (0) [34] : 0x72 (114) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2016/11/10 14:56:30.618373, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000014-0000-0000-2458-8e7c274a0000 enum_index : 0x0000000d (13) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.618450, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.618481, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.618493, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Location' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2016/11/10 14:56:30.618577, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000014-0000-0000-2458-8e7c274a0000 enum_index : 0x0000000e (14) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.618653, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.618677, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.618691, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Parameters' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2016/11/10 14:56:30.618773, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000014-0000-0000-2458-8e7c274a0000 enum_index : 0x0000000f (15) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.618847, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.618871, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.618881, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x001e (30) size : 0x0024 (36) name : * name : 'Separator File' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2016/11/10 14:56:30.618959, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000014-0000-0000-2458-8e7c274a0000 enum_index : 0x00000010 (16) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.619033, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.619057, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.619068, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000e (14) size : 0x0024 (36) name : * name : 'Status' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2016/11/10 14:56:30.619164, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000014-0000-0000-2458-8e7c274a0000 enum_index : 0x00000011 (17) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.619246, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.619271, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.619282, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Default DevMode' type : * type : REG_BINARY (3) value : * value: ARRAY(1072) [0] : 0x5c (92) [1] : 0x00 (0) [2] : 0x5c (92) [3] : 0x00 (0) [4] : 0x69 (105) [5] : 0x00 (0) [6] : 0x73 (115) [7] : 0x00 (0) [8] : 0x65 (101) [9] : 0x00 (0) [10] : 0x72 (114) [11] : 0x00 (0) [12] : 0x76 (118) [13] : 0x00 (0) [14] : 0x5c (92) [15] : 0x00 (0) [16] : 0x78 (120) [17] : 0x00 (0) [18] : 0x79 (121) [19] : 0x00 (0) [20] : 0x7a (122) [21] : 0x00 (0) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x00 (0) [28] : 0x00 (0) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x00 (0) [33] : 0x00 (0) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x00 (0) [44] : 0x00 (0) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x00 (0) [49] : 0x00 (0) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x00 (0) [53] : 0x00 (0) [54] : 0x00 (0) [55] : 0x00 (0) [56] : 0x00 (0) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x00 (0) [62] : 0x00 (0) [63] : 0x00 (0) [64] : 0x01 (1) [65] : 0x04 (4) [66] : 0x00 (0) [67] : 0x06 (6) [68] : 0xdc (220) [69] : 0x00 (0) [70] : 0x54 (84) [71] : 0x03 (3) [72] : 0x53 (83) [73] : 0xef (239) [74] : 0x81 (129) [75] : 0x01 (1) [76] : 0x01 (1) [77] : 0x00 (0) [78] : 0x09 (9) [79] : 0x00 (0) [80] : 0xea (234) [81] : 0x0a (10) [82] : 0x6f (111) [83] : 0x08 (8) [84] : 0x64 (100) [85] : 0x00 (0) [86] : 0x01 (1) [87] : 0x00 (0) [88] : 0x0f (15) [89] : 0x00 (0) [90] : 0x58 (88) [91] : 0x02 (2) [92] : 0x02 (2) [93] : 0x00 (0) [94] : 0x01 (1) [95] : 0x00 (0) [96] : 0x58 (88) [97] : 0x02 (2) [98] : 0x03 (3) [99] : 0x00 (0) [100] : 0x01 (1) [101] : 0x00 (0) [102] : 0x41 (65) [103] : 0x00 (0) [104] : 0x34 (52) [105] : 0x00 (0) [106] : 0x00 (0) [107] : 0x00 (0) [108] : 0x00 (0) [109] : 0x00 (0) [110] : 0x00 (0) [111] : 0x00 (0) [112] : 0x00 (0) [113] : 0x00 (0) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x00 (0) [120] : 0x00 (0) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x00 (0) [125] : 0x00 (0) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x00 (0) [132] : 0x00 (0) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0x00 (0) [137] : 0x00 (0) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x00 (0) [144] : 0x00 (0) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x00 (0) [149] : 0x00 (0) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x00 (0) [154] : 0x00 (0) [155] : 0x00 (0) [156] : 0x00 (0) [157] : 0x00 (0) [158] : 0x00 (0) [159] : 0x00 (0) [160] : 0x00 (0) [161] : 0x00 (0) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x00 (0) [168] : 0x00 (0) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x00 (0) [173] : 0x00 (0) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x00 (0) [178] : 0x00 (0) [179] : 0x00 (0) [180] : 0x01 (1) [181] : 0x00 (0) [182] : 0x00 (0) [183] : 0x00 (0) [184] : 0x00 (0) [185] : 0x00 (0) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x01 (1) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x00 (0) [192] : 0x02 (2) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x01 (1) [197] : 0x00 (0) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x00 (0) [202] : 0x00 (0) [203] : 0x00 (0) [204] : 0x00 (0) [205] : 0x00 (0) [206] : 0x00 (0) [207] : 0x00 (0) [208] : 0x00 (0) [209] : 0x00 (0) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x00 (0) [216] : 0x00 (0) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x50 (80) [221] : 0x52 (82) [222] : 0x49 (73) [223] : 0x56 (86) [224] : 0xe2 (226) [225] : 0x30 (48) [226] : 0x00 (0) [227] : 0x00 (0) [228] : 0x00 (0) [229] : 0x00 (0) [230] : 0x00 (0) [231] : 0x00 (0) [232] : 0x00 (0) [233] : 0x00 (0) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x00 (0) [240] : 0x00 (0) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x00 (0) [245] : 0x00 (0) [246] : 0x00 (0) [247] : 0x00 (0) [248] : 0x00 (0) [249] : 0x00 (0) [250] : 0x00 (0) [251] : 0x00 (0) [252] : 0x00 (0) [253] : 0x00 (0) [254] : 0x00 (0) [255] : 0x00 (0) [256] : 0x00 (0) [257] : 0x00 (0) [258] : 0x00 (0) [259] : 0x00 (0) [260] : 0x00 (0) [261] : 0x00 (0) [262] : 0x00 (0) [263] : 0x00 (0) [264] : 0x00 (0) [265] : 0x00 (0) [266] : 0x00 (0) [267] : 0x00 (0) [268] : 0x00 (0) [269] : 0x00 (0) [270] : 0x00 (0) [271] : 0x00 (0) [272] : 0x00 (0) [273] : 0x00 (0) [274] : 0x00 (0) [275] : 0x00 (0) [276] : 0x00 (0) [277] : 0x00 (0) [278] : 0x00 (0) [279] : 0x00 (0) [280] : 0x00 (0) [281] : 0x00 (0) [282] : 0x00 (0) [283] : 0x00 (0) [284] : 0x00 (0) [285] : 0x00 (0) [286] : 0x00 (0) [287] : 0x00 (0) [288] : 0x00 (0) [289] : 0x00 (0) [290] : 0x00 (0) [291] : 0x00 (0) [292] : 0x00 (0) [293] : 0x00 (0) [294] : 0x00 (0) [295] : 0x00 (0) [296] : 0x00 (0) [297] : 0x00 (0) [298] : 0x00 (0) [299] : 0x00 (0) [300] : 0x00 (0) [301] : 0x00 (0) [302] : 0x00 (0) [303] : 0x00 (0) [304] : 0x00 (0) [305] : 0x00 (0) [306] : 0x00 (0) [307] : 0x00 (0) [308] : 0x18 (24) [309] : 0x00 (0) [310] : 0x00 (0) [311] : 0x00 (0) [312] : 0x00 (0) [313] : 0x00 (0) [314] : 0x10 (16) [315] : 0x27 (39) [316] : 0x10 (16) [317] : 0x27 (39) [318] : 0x10 (16) [319] : 0x27 (39) [320] : 0x00 (0) [321] : 0x00 (0) [322] : 0x10 (16) [323] : 0x27 (39) [324] : 0x00 (0) [325] : 0x00 (0) [326] : 0x00 (0) [327] : 0x00 (0) [328] : 0x00 (0) [329] : 0x00 (0) [330] : 0x00 (0) [331] : 0x00 (0) [332] : 0x80 (128) [333] : 0x00 (0) [334] : 0x54 (84) [335] : 0x03 (3) [336] : 0x00 (0) [337] : 0x00 (0) [338] : 0x00 (0) [339] : 0x00 (0) [340] : 0x00 (0) [341] : 0x00 (0) [342] : 0x00 (0) [343] : 0x00 (0) [344] : 0x00 (0) [345] : 0x00 (0) [346] : 0x00 (0) [347] : 0x00 (0) [348] : 0x00 (0) [349] : 0x00 (0) [350] : 0x00 (0) [351] : 0x00 (0) [352] : 0x00 (0) [353] : 0x00 (0) [354] : 0x00 (0) [355] : 0x00 (0) [356] : 0x00 (0) [357] : 0x00 (0) [358] : 0x00 (0) [359] : 0x00 (0) [360] : 0x03 (3) [361] : 0x00 (0) [362] : 0x00 (0) [363] : 0x00 (0) [364] : 0x00 (0) [365] : 0x00 (0) [366] : 0x00 (0) [367] : 0x00 (0) [368] : 0x00 (0) [369] : 0x00 (0) [370] : 0x10 (16) [371] : 0x00 (0) [372] : 0x50 (80) [373] : 0x34 (52) [374] : 0x03 (3) [375] : 0x00 (0) [376] : 0x28 (40) [377] : 0x88 (136) [378] : 0x04 (4) [379] : 0x00 (0) [380] : 0x00 (0) [381] : 0x00 (0) [382] : 0x00 (0) [383] : 0x00 (0) [384] : 0x00 (0) [385] : 0x00 (0) [386] : 0x00 (0) [387] : 0x00 (0) [388] : 0x00 (0) [389] : 0x00 (0) [390] : 0x01 (1) [391] : 0x00 (0) [392] : 0x00 (0) [393] : 0x00 (0) [394] : 0x00 (0) [395] : 0x00 (0) [396] : 0x00 (0) [397] : 0x00 (0) [398] : 0x00 (0) [399] : 0x00 (0) [400] : 0x00 (0) [401] : 0x00 (0) [402] : 0x00 (0) [403] : 0x00 (0) [404] : 0x00 (0) [405] : 0x00 (0) [406] : 0x00 (0) [407] : 0x00 (0) [408] : 0x24 (36) [409] : 0x01 (1) [410] : 0xdf (223) [411] : 0x8c (140) [412] : 0x03 (3) [413] : 0x00 (0) [414] : 0x00 (0) [415] : 0x00 (0) [416] : 0x05 (5) [417] : 0x00 (0) [418] : 0x0b (11) [419] : 0x00 (0) [420] : 0xff (255) [421] : 0x00 (0) [422] : 0x00 (0) [423] : 0x00 (0) [424] : 0x00 (0) [425] : 0x00 (0) [426] : 0x00 (0) [427] : 0x00 (0) [428] : 0x00 (0) [429] : 0x00 (0) [430] : 0x00 (0) [431] : 0x00 (0) [432] : 0x00 (0) [433] : 0x00 (0) [434] : 0x00 (0) [435] : 0x00 (0) [436] : 0x00 (0) [437] : 0x00 (0) [438] : 0x00 (0) [439] : 0x00 (0) [440] : 0x00 (0) [441] : 0x00 (0) [442] : 0x00 (0) [443] : 0x00 (0) [444] : 0x00 (0) [445] : 0x00 (0) [446] : 0x00 (0) [447] : 0x00 (0) [448] : 0x00 (0) [449] : 0x00 (0) [450] : 0x00 (0) [451] : 0x00 (0) [452] : 0x00 (0) [453] : 0x00 (0) [454] : 0x00 (0) [455] : 0x00 (0) [456] : 0x00 (0) [457] : 0x00 (0) [458] : 0x00 (0) [459] : 0x00 (0) [460] : 0x00 (0) [461] : 0x00 (0) [462] : 0x00 (0) [463] : 0x00 (0) [464] : 0x00 (0) [465] : 0x00 (0) [466] : 0x00 (0) [467] : 0x00 (0) [468] : 0x00 (0) [469] : 0x00 (0) [470] : 0x00 (0) [471] : 0x00 (0) [472] : 0x00 (0) [473] : 0x00 (0) [474] : 0x00 (0) [475] : 0x00 (0) [476] : 0x00 (0) [477] : 0x00 (0) [478] : 0x00 (0) [479] : 0x00 (0) [480] : 0x00 (0) [481] : 0x00 (0) [482] : 0x00 (0) [483] : 0x00 (0) [484] : 0x00 (0) [485] : 0x00 (0) [486] : 0x00 (0) [487] : 0x00 (0) [488] : 0x00 (0) [489] : 0x00 (0) [490] : 0x00 (0) [491] : 0x00 (0) [492] : 0x00 (0) [493] : 0x00 (0) [494] : 0x00 (0) [495] : 0x00 (0) [496] : 0x00 (0) [497] : 0x00 (0) [498] : 0x00 (0) [499] : 0x00 (0) [500] : 0x00 (0) [501] : 0x00 (0) [502] : 0x00 (0) [503] : 0x00 (0) [504] : 0x00 (0) [505] : 0x00 (0) [506] : 0x00 (0) [507] : 0x00 (0) [508] : 0x00 (0) [509] : 0x00 (0) [510] : 0x00 (0) [511] : 0x00 (0) [512] : 0x00 (0) [513] : 0x00 (0) [514] : 0x00 (0) [515] : 0x00 (0) [516] : 0x00 (0) [517] : 0x00 (0) [518] : 0x00 (0) [519] : 0x00 (0) [520] : 0x00 (0) [521] : 0x00 (0) [522] : 0x00 (0) [523] : 0x00 (0) [524] : 0x00 (0) [525] : 0x00 (0) [526] : 0x00 (0) [527] : 0x00 (0) [528] : 0x00 (0) [529] : 0x00 (0) [530] : 0x00 (0) [531] : 0x00 (0) [532] : 0x00 (0) [533] : 0x00 (0) [534] : 0x00 (0) [535] : 0x00 (0) [536] : 0x00 (0) [537] : 0x00 (0) [538] : 0x00 (0) [539] : 0x00 (0) [540] : 0x00 (0) [541] : 0x00 (0) [542] : 0x00 (0) [543] : 0x00 (0) [544] : 0x00 (0) [545] : 0x00 (0) [546] : 0x00 (0) [547] : 0x00 (0) [548] : 0x00 (0) [549] : 0x00 (0) [550] : 0x00 (0) [551] : 0x00 (0) [552] : 0x00 (0) [553] : 0x00 (0) [554] : 0x00 (0) [555] : 0x00 (0) [556] : 0x00 (0) [557] : 0x00 (0) [558] : 0x00 (0) [559] : 0x00 (0) [560] : 0x00 (0) [561] : 0x00 (0) [562] : 0x00 (0) [563] : 0x00 (0) [564] : 0x00 (0) [565] : 0x00 (0) [566] : 0x00 (0) [567] : 0x00 (0) [568] : 0x00 (0) [569] : 0x00 (0) [570] : 0x00 (0) [571] : 0x00 (0) [572] : 0x00 (0) [573] : 0x00 (0) [574] : 0x00 (0) [575] : 0x00 (0) [576] : 0x00 (0) [577] : 0x00 (0) [578] : 0x00 (0) [579] : 0x00 (0) [580] : 0x00 (0) [581] : 0x00 (0) [582] : 0x00 (0) [583] : 0x00 (0) [584] : 0x00 (0) [585] : 0x00 (0) [586] : 0x00 (0) [587] : 0x00 (0) [588] : 0x00 (0) [589] : 0x00 (0) [590] : 0x00 (0) [591] : 0x00 (0) [592] : 0x00 (0) [593] : 0x00 (0) [594] : 0x00 (0) [595] : 0x00 (0) [596] : 0x00 (0) [597] : 0x00 (0) [598] : 0x00 (0) [599] : 0x00 (0) [600] : 0x00 (0) [601] : 0x00 (0) [602] : 0x00 (0) [603] : 0x00 (0) [604] : 0x00 (0) [605] : 0x00 (0) [606] : 0x00 (0) [607] : 0x00 (0) [608] : 0x00 (0) [609] : 0x00 (0) [610] : 0x00 (0) [611] : 0x00 (0) [612] : 0x00 (0) [613] : 0x00 (0) [614] : 0x00 (0) [615] : 0x00 (0) [616] : 0x00 (0) [617] : 0x00 (0) [618] : 0x00 (0) [619] : 0x00 (0) [620] : 0x00 (0) [621] : 0x00 (0) [622] : 0x00 (0) [623] : 0x00 (0) [624] : 0x00 (0) [625] : 0x00 (0) [626] : 0x00 (0) [627] : 0x00 (0) [628] : 0x00 (0) [629] : 0x00 (0) [630] : 0x00 (0) [631] : 0x00 (0) [632] : 0x00 (0) [633] : 0x00 (0) [634] : 0x00 (0) [635] : 0x00 (0) [636] : 0x00 (0) [637] : 0x00 (0) [638] : 0x00 (0) [639] : 0x00 (0) [640] : 0x00 (0) [641] : 0x00 (0) [642] : 0x00 (0) [643] : 0x00 (0) [644] : 0x00 (0) [645] : 0x00 (0) [646] : 0x00 (0) [647] : 0x00 (0) [648] : 0x00 (0) [649] : 0x00 (0) [650] : 0x00 (0) [651] : 0x00 (0) [652] : 0x00 (0) [653] : 0x00 (0) [654] : 0x00 (0) [655] : 0x00 (0) [656] : 0x00 (0) [657] : 0x00 (0) [658] : 0x00 (0) [659] : 0x00 (0) [660] : 0x00 (0) [661] : 0x00 (0) [662] : 0x00 (0) [663] : 0x00 (0) [664] : 0x00 (0) [665] : 0x00 (0) [666] : 0x00 (0) [667] : 0x00 (0) [668] : 0x00 (0) [669] : 0x00 (0) [670] : 0x00 (0) [671] : 0x00 (0) [672] : 0x00 (0) [673] : 0x00 (0) [674] : 0x00 (0) [675] : 0x00 (0) [676] : 0x00 (0) [677] : 0x00 (0) [678] : 0x00 (0) [679] : 0x00 (0) [680] : 0x00 (0) [681] : 0x00 (0) [682] : 0x00 (0) [683] : 0x00 (0) [684] : 0x00 (0) [685] : 0x00 (0) [686] : 0x00 (0) [687] : 0x00 (0) [688] : 0x00 (0) [689] : 0x00 (0) [690] : 0x00 (0) [691] : 0x00 (0) [692] : 0x00 (0) [693] : 0x00 (0) [694] : 0x00 (0) [695] : 0x00 (0) [696] : 0x00 (0) [697] : 0x00 (0) [698] : 0x00 (0) [699] : 0x00 (0) [700] : 0x00 (0) [701] : 0x00 (0) [702] : 0x00 (0) [703] : 0x00 (0) [704] : 0x00 (0) [705] : 0x00 (0) [706] : 0x00 (0) [707] : 0x00 (0) [708] : 0x00 (0) [709] : 0x00 (0) [710] : 0x00 (0) [711] : 0x00 (0) [712] : 0x00 (0) [713] : 0x00 (0) [714] : 0x00 (0) [715] : 0x00 (0) [716] : 0x00 (0) [717] : 0x00 (0) [718] : 0x00 (0) [719] : 0x00 (0) [720] : 0x00 (0) [721] : 0x00 (0) [722] : 0x00 (0) [723] : 0x00 (0) [724] : 0x00 (0) [725] : 0x00 (0) [726] : 0x00 (0) [727] : 0x00 (0) [728] : 0x00 (0) [729] : 0x00 (0) [730] : 0x00 (0) [731] : 0x00 (0) [732] : 0x00 (0) [733] : 0x00 (0) [734] : 0x00 (0) [735] : 0x00 (0) [736] : 0x00 (0) [737] : 0x00 (0) [738] : 0x00 (0) [739] : 0x00 (0) [740] : 0x00 (0) [741] : 0x00 (0) [742] : 0x00 (0) [743] : 0x00 (0) [744] : 0x00 (0) [745] : 0x00 (0) [746] : 0x00 (0) [747] : 0x00 (0) [748] : 0x00 (0) [749] : 0x00 (0) [750] : 0x00 (0) [751] : 0x00 (0) [752] : 0x00 (0) [753] : 0x00 (0) [754] : 0x00 (0) [755] : 0x00 (0) [756] : 0x00 (0) [757] : 0x00 (0) [758] : 0x00 (0) [759] : 0x00 (0) [760] : 0x00 (0) [761] : 0x00 (0) [762] : 0x00 (0) [763] : 0x00 (0) [764] : 0x00 (0) [765] : 0x00 (0) [766] : 0x00 (0) [767] : 0x00 (0) [768] : 0x00 (0) [769] : 0x00 (0) [770] : 0x00 (0) [771] : 0x00 (0) [772] : 0x00 (0) [773] : 0x00 (0) [774] : 0x00 (0) [775] : 0x00 (0) [776] : 0x00 (0) [777] : 0x00 (0) [778] : 0x00 (0) [779] : 0x00 (0) [780] : 0x00 (0) [781] : 0x00 (0) [782] : 0x00 (0) [783] : 0x00 (0) [784] : 0x00 (0) [785] : 0x00 (0) [786] : 0x00 (0) [787] : 0x00 (0) [788] : 0x00 (0) [789] : 0x00 (0) [790] : 0x00 (0) [791] : 0x00 (0) [792] : 0x00 (0) [793] : 0x00 (0) [794] : 0x00 (0) [795] : 0x00 (0) [796] : 0x00 (0) [797] : 0x00 (0) [798] : 0x00 (0) [799] : 0x00 (0) [800] : 0x00 (0) [801] : 0x00 (0) [802] : 0x00 (0) [803] : 0x00 (0) [804] : 0x00 (0) [805] : 0x00 (0) [806] : 0x00 (0) [807] : 0x00 (0) [808] : 0x00 (0) [809] : 0x00 (0) [810] : 0x00 (0) [811] : 0x00 (0) [812] : 0x00 (0) [813] : 0x00 (0) [814] : 0x00 (0) [815] : 0x00 (0) [816] : 0x00 (0) [817] : 0x00 (0) [818] : 0x00 (0) [819] : 0x00 (0) [820] : 0x00 (0) [821] : 0x00 (0) [822] : 0x00 (0) [823] : 0x00 (0) [824] : 0x00 (0) [825] : 0x00 (0) [826] : 0x00 (0) [827] : 0x00 (0) [828] : 0x00 (0) [829] : 0x00 (0) [830] : 0x00 (0) [831] : 0x00 (0) [832] : 0x00 (0) [833] : 0x00 (0) [834] : 0x00 (0) [835] : 0x00 (0) [836] : 0x00 (0) [837] : 0x00 (0) [838] : 0x00 (0) [839] : 0x00 (0) [840] : 0x00 (0) [841] : 0x00 (0) [842] : 0x00 (0) [843] : 0x00 (0) [844] : 0x00 (0) [845] : 0x00 (0) [846] : 0x00 (0) [847] : 0x00 (0) [848] : 0x00 (0) [849] : 0x00 (0) [850] : 0x00 (0) [851] : 0x00 (0) [852] : 0x00 (0) [853] : 0x00 (0) [854] : 0x00 (0) [855] : 0x00 (0) [856] : 0x00 (0) [857] : 0x00 (0) [858] : 0x00 (0) [859] : 0x00 (0) [860] : 0x00 (0) [861] : 0x00 (0) [862] : 0x00 (0) [863] : 0x00 (0) [864] : 0x00 (0) [865] : 0x00 (0) [866] : 0x00 (0) [867] : 0x00 (0) [868] : 0x00 (0) [869] : 0x00 (0) [870] : 0x00 (0) [871] : 0x00 (0) [872] : 0x00 (0) [873] : 0x00 (0) [874] : 0x00 (0) [875] : 0x00 (0) [876] : 0x00 (0) [877] : 0x00 (0) [878] : 0x00 (0) [879] : 0x00 (0) [880] : 0x00 (0) [881] : 0x00 (0) [882] : 0x00 (0) [883] : 0x00 (0) [884] : 0x00 (0) [885] : 0x00 (0) [886] : 0x00 (0) [887] : 0x00 (0) [888] : 0x00 (0) [889] : 0x00 (0) [890] : 0x00 (0) [891] : 0x00 (0) [892] : 0x00 (0) [893] : 0x00 (0) [894] : 0x00 (0) [895] : 0x00 (0) [896] : 0x00 (0) [897] : 0x00 (0) [898] : 0x00 (0) [899] : 0x00 (0) [900] : 0x00 (0) [901] : 0x00 (0) [902] : 0x00 (0) [903] : 0x00 (0) [904] : 0x00 (0) [905] : 0x00 (0) [906] : 0x00 (0) [907] : 0x00 (0) [908] : 0x00 (0) [909] : 0x00 (0) [910] : 0x00 (0) [911] : 0x00 (0) [912] : 0x00 (0) [913] : 0x00 (0) [914] : 0x00 (0) [915] : 0x00 (0) [916] : 0x00 (0) [917] : 0x00 (0) [918] : 0x00 (0) [919] : 0x00 (0) [920] : 0x00 (0) [921] : 0x00 (0) [922] : 0x00 (0) [923] : 0x00 (0) [924] : 0x00 (0) [925] : 0x00 (0) [926] : 0x00 (0) [927] : 0x00 (0) [928] : 0x01 (1) [929] : 0x00 (0) [930] : 0x00 (0) [931] : 0x00 (0) [932] : 0x00 (0) [933] : 0x00 (0) [934] : 0x00 (0) [935] : 0x00 (0) [936] : 0x00 (0) [937] : 0x00 (0) [938] : 0x00 (0) [939] : 0x00 (0) [940] : 0x00 (0) [941] : 0x00 (0) [942] : 0x00 (0) [943] : 0x00 (0) [944] : 0x80 (128) [945] : 0x00 (0) [946] : 0x00 (0) [947] : 0x00 (0) [948] : 0x53 (83) [949] : 0x4d (77) [950] : 0x54 (84) [951] : 0x4a (74) [952] : 0x00 (0) [953] : 0x00 (0) [954] : 0x00 (0) [955] : 0x00 (0) [956] : 0x10 (16) [957] : 0x00 (0) [958] : 0x70 (112) [959] : 0x00 (0) [960] : 0x49 (73) [961] : 0x00 (0) [962] : 0x53 (83) [963] : 0x00 (0) [964] : 0x65 (101) [965] : 0x00 (0) [966] : 0x72 (114) [967] : 0x00 (0) [968] : 0x76 (118) [969] : 0x00 (0) [970] : 0x20 (32) [971] : 0x00 (0) [972] : 0x50 (80) [973] : 0x00 (0) [974] : 0x72 (114) [975] : 0x00 (0) [976] : 0x69 (105) [977] : 0x00 (0) [978] : 0x6e (110) [979] : 0x00 (0) [980] : 0x74 (116) [981] : 0x00 (0) [982] : 0x20 (32) [983] : 0x00 (0) [984] : 0x44 (68) [985] : 0x00 (0) [986] : 0x72 (114) [987] : 0x00 (0) [988] : 0x69 (105) [989] : 0x00 (0) [990] : 0x76 (118) [991] : 0x00 (0) [992] : 0x65 (101) [993] : 0x00 (0) [994] : 0x72 (114) [995] : 0x00 (0) [996] : 0x00 (0) [997] : 0x00 (0) [998] : 0x52 (82) [999] : 0x65 (101) [1000] : 0x73 (115) [1001] : 0x6f (111) [1002] : 0x6c (108) [1003] : 0x75 (117) [1004] : 0x74 (116) [1005] : 0x69 (105) [1006] : 0x6f (111) [1007] : 0x6e (110) [1008] : 0x00 (0) [1009] : 0x36 (54) [1010] : 0x30 (48) [1011] : 0x30 (48) [1012] : 0x64 (100) [1013] : 0x70 (112) [1014] : 0x69 (105) [1015] : 0x00 (0) [1016] : 0x50 (80) [1017] : 0x61 (97) [1018] : 0x67 (103) [1019] : 0x65 (101) [1020] : 0x53 (83) [1021] : 0x69 (105) [1022] : 0x7a (122) [1023] : 0x65 (101) [1024] : 0x00 (0) [1025] : 0x41 (65) [1026] : 0x34 (52) [1027] : 0x00 (0) [1028] : 0x50 (80) [1029] : 0x61 (97) [1030] : 0x67 (103) [1031] : 0x65 (101) [1032] : 0x52 (82) [1033] : 0x65 (101) [1034] : 0x67 (103) [1035] : 0x69 (105) [1036] : 0x6f (111) [1037] : 0x6e (110) [1038] : 0x00 (0) [1039] : 0x00 (0) [1040] : 0x00 (0) [1041] : 0x00 (0) [1042] : 0x00 (0) [1043] : 0x00 (0) [1044] : 0x00 (0) [1045] : 0x00 (0) [1046] : 0x00 (0) [1047] : 0x00 (0) [1048] : 0x00 (0) [1049] : 0x00 (0) [1050] : 0x00 (0) [1051] : 0x00 (0) [1052] : 0x00 (0) [1053] : 0x00 (0) [1054] : 0x00 (0) [1055] : 0x00 (0) [1056] : 0x00 (0) [1057] : 0x00 (0) [1058] : 0x00 (0) [1059] : 0x00 (0) [1060] : 0x00 (0) [1061] : 0x00 (0) [1062] : 0x00 (0) [1063] : 0x00 (0) [1064] : 0x00 (0) [1065] : 0x00 (0) [1066] : 0x00 (0) [1067] : 0x00 (0) [1068] : 0x00 (0) [1069] : 0x00 (0) [1070] : 0x00 (0) [1071] : 0x00 (0) size : * size : 0x00000430 (1072) length : * length : 0x00000430 (1072) result : WERR_OK [2016/11/10 14:56:30.623074, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000014-0000-0000-2458-8e7c274a0000 enum_index : 0x00000012 (18) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.623153, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.623181, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.623193, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0xd3 (211) [1] : 0x7e (126) [2] : 0x04 (4) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2016/11/10 14:56:30.623300, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000014-0000-0000-2458-8e7c274a0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2016/11/10 14:56:30.623369, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.623393, 7, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.623403, 7, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/11/10 14:56:30.623416, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x00000430 (1072) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2016/11/10 14:56:30.623466, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000014-0000-0000-2458-8e7c274a0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x00000430 (1072) data_length : * data_length : 0x00000000 (0) [2016/11/10 14:56:30.623542, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.623567, 7, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.623577, 7, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/11/10 14:56:30.623590, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(1072) [0] : 0x5c (92) [1] : 0x00 (0) [2] : 0x5c (92) [3] : 0x00 (0) [4] : 0x69 (105) [5] : 0x00 (0) [6] : 0x73 (115) [7] : 0x00 (0) [8] : 0x65 (101) [9] : 0x00 (0) [10] : 0x72 (114) [11] : 0x00 (0) [12] : 0x76 (118) [13] : 0x00 (0) [14] : 0x5c (92) [15] : 0x00 (0) [16] : 0x78 (120) [17] : 0x00 (0) [18] : 0x79 (121) [19] : 0x00 (0) [20] : 0x7a (122) [21] : 0x00 (0) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x00 (0) [28] : 0x00 (0) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x00 (0) [33] : 0x00 (0) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x00 (0) [44] : 0x00 (0) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x00 (0) [49] : 0x00 (0) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x00 (0) [53] : 0x00 (0) [54] : 0x00 (0) [55] : 0x00 (0) [56] : 0x00 (0) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x00 (0) [62] : 0x00 (0) [63] : 0x00 (0) [64] : 0x01 (1) [65] : 0x04 (4) [66] : 0x00 (0) [67] : 0x06 (6) [68] : 0xdc (220) [69] : 0x00 (0) [70] : 0x54 (84) [71] : 0x03 (3) [72] : 0x53 (83) [73] : 0xef (239) [74] : 0x81 (129) [75] : 0x01 (1) [76] : 0x01 (1) [77] : 0x00 (0) [78] : 0x09 (9) [79] : 0x00 (0) [80] : 0xea (234) [81] : 0x0a (10) [82] : 0x6f (111) [83] : 0x08 (8) [84] : 0x64 (100) [85] : 0x00 (0) [86] : 0x01 (1) [87] : 0x00 (0) [88] : 0x0f (15) [89] : 0x00 (0) [90] : 0x58 (88) [91] : 0x02 (2) [92] : 0x02 (2) [93] : 0x00 (0) [94] : 0x01 (1) [95] : 0x00 (0) [96] : 0x58 (88) [97] : 0x02 (2) [98] : 0x03 (3) [99] : 0x00 (0) [100] : 0x01 (1) [101] : 0x00 (0) [102] : 0x41 (65) [103] : 0x00 (0) [104] : 0x34 (52) [105] : 0x00 (0) [106] : 0x00 (0) [107] : 0x00 (0) [108] : 0x00 (0) [109] : 0x00 (0) [110] : 0x00 (0) [111] : 0x00 (0) [112] : 0x00 (0) [113] : 0x00 (0) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x00 (0) [120] : 0x00 (0) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x00 (0) [125] : 0x00 (0) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x00 (0) [132] : 0x00 (0) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0x00 (0) [137] : 0x00 (0) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x00 (0) [144] : 0x00 (0) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x00 (0) [149] : 0x00 (0) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x00 (0) [154] : 0x00 (0) [155] : 0x00 (0) [156] : 0x00 (0) [157] : 0x00 (0) [158] : 0x00 (0) [159] : 0x00 (0) [160] : 0x00 (0) [161] : 0x00 (0) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x00 (0) [168] : 0x00 (0) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x00 (0) [173] : 0x00 (0) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x00 (0) [178] : 0x00 (0) [179] : 0x00 (0) [180] : 0x01 (1) [181] : 0x00 (0) [182] : 0x00 (0) [183] : 0x00 (0) [184] : 0x00 (0) [185] : 0x00 (0) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x01 (1) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x00 (0) [192] : 0x02 (2) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x01 (1) [197] : 0x00 (0) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x00 (0) [202] : 0x00 (0) [203] : 0x00 (0) [204] : 0x00 (0) [205] : 0x00 (0) [206] : 0x00 (0) [207] : 0x00 (0) [208] : 0x00 (0) [209] : 0x00 (0) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x00 (0) [216] : 0x00 (0) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x50 (80) [221] : 0x52 (82) [222] : 0x49 (73) [223] : 0x56 (86) [224] : 0xe2 (226) [225] : 0x30 (48) [226] : 0x00 (0) [227] : 0x00 (0) [228] : 0x00 (0) [229] : 0x00 (0) [230] : 0x00 (0) [231] : 0x00 (0) [232] : 0x00 (0) [233] : 0x00 (0) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x00 (0) [240] : 0x00 (0) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x00 (0) [245] : 0x00 (0) [246] : 0x00 (0) [247] : 0x00 (0) [248] : 0x00 (0) [249] : 0x00 (0) [250] : 0x00 (0) [251] : 0x00 (0) [252] : 0x00 (0) [253] : 0x00 (0) [254] : 0x00 (0) [255] : 0x00 (0) [256] : 0x00 (0) [257] : 0x00 (0) [258] : 0x00 (0) [259] : 0x00 (0) [260] : 0x00 (0) [261] : 0x00 (0) [262] : 0x00 (0) [263] : 0x00 (0) [264] : 0x00 (0) [265] : 0x00 (0) [266] : 0x00 (0) [267] : 0x00 (0) [268] : 0x00 (0) [269] : 0x00 (0) [270] : 0x00 (0) [271] : 0x00 (0) [272] : 0x00 (0) [273] : 0x00 (0) [274] : 0x00 (0) [275] : 0x00 (0) [276] : 0x00 (0) [277] : 0x00 (0) [278] : 0x00 (0) [279] : 0x00 (0) [280] : 0x00 (0) [281] : 0x00 (0) [282] : 0x00 (0) [283] : 0x00 (0) [284] : 0x00 (0) [285] : 0x00 (0) [286] : 0x00 (0) [287] : 0x00 (0) [288] : 0x00 (0) [289] : 0x00 (0) [290] : 0x00 (0) [291] : 0x00 (0) [292] : 0x00 (0) [293] : 0x00 (0) [294] : 0x00 (0) [295] : 0x00 (0) [296] : 0x00 (0) [297] : 0x00 (0) [298] : 0x00 (0) [299] : 0x00 (0) [300] : 0x00 (0) [301] : 0x00 (0) [302] : 0x00 (0) [303] : 0x00 (0) [304] : 0x00 (0) [305] : 0x00 (0) [306] : 0x00 (0) [307] : 0x00 (0) [308] : 0x18 (24) [309] : 0x00 (0) [310] : 0x00 (0) [311] : 0x00 (0) [312] : 0x00 (0) [313] : 0x00 (0) [314] : 0x10 (16) [315] : 0x27 (39) [316] : 0x10 (16) [317] : 0x27 (39) [318] : 0x10 (16) [319] : 0x27 (39) [320] : 0x00 (0) [321] : 0x00 (0) [322] : 0x10 (16) [323] : 0x27 (39) [324] : 0x00 (0) [325] : 0x00 (0) [326] : 0x00 (0) [327] : 0x00 (0) [328] : 0x00 (0) [329] : 0x00 (0) [330] : 0x00 (0) [331] : 0x00 (0) [332] : 0x80 (128) [333] : 0x00 (0) [334] : 0x54 (84) [335] : 0x03 (3) [336] : 0x00 (0) [337] : 0x00 (0) [338] : 0x00 (0) [339] : 0x00 (0) [340] : 0x00 (0) [341] : 0x00 (0) [342] : 0x00 (0) [343] : 0x00 (0) [344] : 0x00 (0) [345] : 0x00 (0) [346] : 0x00 (0) [347] : 0x00 (0) [348] : 0x00 (0) [349] : 0x00 (0) [350] : 0x00 (0) [351] : 0x00 (0) [352] : 0x00 (0) [353] : 0x00 (0) [354] : 0x00 (0) [355] : 0x00 (0) [356] : 0x00 (0) [357] : 0x00 (0) [358] : 0x00 (0) [359] : 0x00 (0) [360] : 0x03 (3) [361] : 0x00 (0) [362] : 0x00 (0) [363] : 0x00 (0) [364] : 0x00 (0) [365] : 0x00 (0) [366] : 0x00 (0) [367] : 0x00 (0) [368] : 0x00 (0) [369] : 0x00 (0) [370] : 0x10 (16) [371] : 0x00 (0) [372] : 0x50 (80) [373] : 0x34 (52) [374] : 0x03 (3) [375] : 0x00 (0) [376] : 0x28 (40) [377] : 0x88 (136) [378] : 0x04 (4) [379] : 0x00 (0) [380] : 0x00 (0) [381] : 0x00 (0) [382] : 0x00 (0) [383] : 0x00 (0) [384] : 0x00 (0) [385] : 0x00 (0) [386] : 0x00 (0) [387] : 0x00 (0) [388] : 0x00 (0) [389] : 0x00 (0) [390] : 0x01 (1) [391] : 0x00 (0) [392] : 0x00 (0) [393] : 0x00 (0) [394] : 0x00 (0) [395] : 0x00 (0) [396] : 0x00 (0) [397] : 0x00 (0) [398] : 0x00 (0) [399] : 0x00 (0) [400] : 0x00 (0) [401] : 0x00 (0) [402] : 0x00 (0) [403] : 0x00 (0) [404] : 0x00 (0) [405] : 0x00 (0) [406] : 0x00 (0) [407] : 0x00 (0) [408] : 0x24 (36) [409] : 0x01 (1) [410] : 0xdf (223) [411] : 0x8c (140) [412] : 0x03 (3) [413] : 0x00 (0) [414] : 0x00 (0) [415] : 0x00 (0) [416] : 0x05 (5) [417] : 0x00 (0) [418] : 0x0b (11) [419] : 0x00 (0) [420] : 0xff (255) [421] : 0x00 (0) [422] : 0x00 (0) [423] : 0x00 (0) [424] : 0x00 (0) [425] : 0x00 (0) [426] : 0x00 (0) [427] : 0x00 (0) [428] : 0x00 (0) [429] : 0x00 (0) [430] : 0x00 (0) [431] : 0x00 (0) [432] : 0x00 (0) [433] : 0x00 (0) [434] : 0x00 (0) [435] : 0x00 (0) [436] : 0x00 (0) [437] : 0x00 (0) [438] : 0x00 (0) [439] : 0x00 (0) [440] : 0x00 (0) [441] : 0x00 (0) [442] : 0x00 (0) [443] : 0x00 (0) [444] : 0x00 (0) [445] : 0x00 (0) [446] : 0x00 (0) [447] : 0x00 (0) [448] : 0x00 (0) [449] : 0x00 (0) [450] : 0x00 (0) [451] : 0x00 (0) [452] : 0x00 (0) [453] : 0x00 (0) [454] : 0x00 (0) [455] : 0x00 (0) [456] : 0x00 (0) [457] : 0x00 (0) [458] : 0x00 (0) [459] : 0x00 (0) [460] : 0x00 (0) [461] : 0x00 (0) [462] : 0x00 (0) [463] : 0x00 (0) [464] : 0x00 (0) [465] : 0x00 (0) [466] : 0x00 (0) [467] : 0x00 (0) [468] : 0x00 (0) [469] : 0x00 (0) [470] : 0x00 (0) [471] : 0x00 (0) [472] : 0x00 (0) [473] : 0x00 (0) [474] : 0x00 (0) [475] : 0x00 (0) [476] : 0x00 (0) [477] : 0x00 (0) [478] : 0x00 (0) [479] : 0x00 (0) [480] : 0x00 (0) [481] : 0x00 (0) [482] : 0x00 (0) [483] : 0x00 (0) [484] : 0x00 (0) [485] : 0x00 (0) [486] : 0x00 (0) [487] : 0x00 (0) [488] : 0x00 (0) [489] : 0x00 (0) [490] : 0x00 (0) [491] : 0x00 (0) [492] : 0x00 (0) [493] : 0x00 (0) [494] : 0x00 (0) [495] : 0x00 (0) [496] : 0x00 (0) [497] : 0x00 (0) [498] : 0x00 (0) [499] : 0x00 (0) [500] : 0x00 (0) [501] : 0x00 (0) [502] : 0x00 (0) [503] : 0x00 (0) [504] : 0x00 (0) [505] : 0x00 (0) [506] : 0x00 (0) [507] : 0x00 (0) [508] : 0x00 (0) [509] : 0x00 (0) [510] : 0x00 (0) [511] : 0x00 (0) [512] : 0x00 (0) [513] : 0x00 (0) [514] : 0x00 (0) [515] : 0x00 (0) [516] : 0x00 (0) [517] : 0x00 (0) [518] : 0x00 (0) [519] : 0x00 (0) [520] : 0x00 (0) [521] : 0x00 (0) [522] : 0x00 (0) [523] : 0x00 (0) [524] : 0x00 (0) [525] : 0x00 (0) [526] : 0x00 (0) [527] : 0x00 (0) [528] : 0x00 (0) [529] : 0x00 (0) [530] : 0x00 (0) [531] : 0x00 (0) [532] : 0x00 (0) [533] : 0x00 (0) [534] : 0x00 (0) [535] : 0x00 (0) [536] : 0x00 (0) [537] : 0x00 (0) [538] : 0x00 (0) [539] : 0x00 (0) [540] : 0x00 (0) [541] : 0x00 (0) [542] : 0x00 (0) [543] : 0x00 (0) [544] : 0x00 (0) [545] : 0x00 (0) [546] : 0x00 (0) [547] : 0x00 (0) [548] : 0x00 (0) [549] : 0x00 (0) [550] : 0x00 (0) [551] : 0x00 (0) [552] : 0x00 (0) [553] : 0x00 (0) [554] : 0x00 (0) [555] : 0x00 (0) [556] : 0x00 (0) [557] : 0x00 (0) [558] : 0x00 (0) [559] : 0x00 (0) [560] : 0x00 (0) [561] : 0x00 (0) [562] : 0x00 (0) [563] : 0x00 (0) [564] : 0x00 (0) [565] : 0x00 (0) [566] : 0x00 (0) [567] : 0x00 (0) [568] : 0x00 (0) [569] : 0x00 (0) [570] : 0x00 (0) [571] : 0x00 (0) [572] : 0x00 (0) [573] : 0x00 (0) [574] : 0x00 (0) [575] : 0x00 (0) [576] : 0x00 (0) [577] : 0x00 (0) [578] : 0x00 (0) [579] : 0x00 (0) [580] : 0x00 (0) [581] : 0x00 (0) [582] : 0x00 (0) [583] : 0x00 (0) [584] : 0x00 (0) [585] : 0x00 (0) [586] : 0x00 (0) [587] : 0x00 (0) [588] : 0x00 (0) [589] : 0x00 (0) [590] : 0x00 (0) [591] : 0x00 (0) [592] : 0x00 (0) [593] : 0x00 (0) [594] : 0x00 (0) [595] : 0x00 (0) [596] : 0x00 (0) [597] : 0x00 (0) [598] : 0x00 (0) [599] : 0x00 (0) [600] : 0x00 (0) [601] : 0x00 (0) [602] : 0x00 (0) [603] : 0x00 (0) [604] : 0x00 (0) [605] : 0x00 (0) [606] : 0x00 (0) [607] : 0x00 (0) [608] : 0x00 (0) [609] : 0x00 (0) [610] : 0x00 (0) [611] : 0x00 (0) [612] : 0x00 (0) [613] : 0x00 (0) [614] : 0x00 (0) [615] : 0x00 (0) [616] : 0x00 (0) [617] : 0x00 (0) [618] : 0x00 (0) [619] : 0x00 (0) [620] : 0x00 (0) [621] : 0x00 (0) [622] : 0x00 (0) [623] : 0x00 (0) [624] : 0x00 (0) [625] : 0x00 (0) [626] : 0x00 (0) [627] : 0x00 (0) [628] : 0x00 (0) [629] : 0x00 (0) [630] : 0x00 (0) [631] : 0x00 (0) [632] : 0x00 (0) [633] : 0x00 (0) [634] : 0x00 (0) [635] : 0x00 (0) [636] : 0x00 (0) [637] : 0x00 (0) [638] : 0x00 (0) [639] : 0x00 (0) [640] : 0x00 (0) [641] : 0x00 (0) [642] : 0x00 (0) [643] : 0x00 (0) [644] : 0x00 (0) [645] : 0x00 (0) [646] : 0x00 (0) [647] : 0x00 (0) [648] : 0x00 (0) [649] : 0x00 (0) [650] : 0x00 (0) [651] : 0x00 (0) [652] : 0x00 (0) [653] : 0x00 (0) [654] : 0x00 (0) [655] : 0x00 (0) [656] : 0x00 (0) [657] : 0x00 (0) [658] : 0x00 (0) [659] : 0x00 (0) [660] : 0x00 (0) [661] : 0x00 (0) [662] : 0x00 (0) [663] : 0x00 (0) [664] : 0x00 (0) [665] : 0x00 (0) [666] : 0x00 (0) [667] : 0x00 (0) [668] : 0x00 (0) [669] : 0x00 (0) [670] : 0x00 (0) [671] : 0x00 (0) [672] : 0x00 (0) [673] : 0x00 (0) [674] : 0x00 (0) [675] : 0x00 (0) [676] : 0x00 (0) [677] : 0x00 (0) [678] : 0x00 (0) [679] : 0x00 (0) [680] : 0x00 (0) [681] : 0x00 (0) [682] : 0x00 (0) [683] : 0x00 (0) [684] : 0x00 (0) [685] : 0x00 (0) [686] : 0x00 (0) [687] : 0x00 (0) [688] : 0x00 (0) [689] : 0x00 (0) [690] : 0x00 (0) [691] : 0x00 (0) [692] : 0x00 (0) [693] : 0x00 (0) [694] : 0x00 (0) [695] : 0x00 (0) [696] : 0x00 (0) [697] : 0x00 (0) [698] : 0x00 (0) [699] : 0x00 (0) [700] : 0x00 (0) [701] : 0x00 (0) [702] : 0x00 (0) [703] : 0x00 (0) [704] : 0x00 (0) [705] : 0x00 (0) [706] : 0x00 (0) [707] : 0x00 (0) [708] : 0x00 (0) [709] : 0x00 (0) [710] : 0x00 (0) [711] : 0x00 (0) [712] : 0x00 (0) [713] : 0x00 (0) [714] : 0x00 (0) [715] : 0x00 (0) [716] : 0x00 (0) [717] : 0x00 (0) [718] : 0x00 (0) [719] : 0x00 (0) [720] : 0x00 (0) [721] : 0x00 (0) [722] : 0x00 (0) [723] : 0x00 (0) [724] : 0x00 (0) [725] : 0x00 (0) [726] : 0x00 (0) [727] : 0x00 (0) [728] : 0x00 (0) [729] : 0x00 (0) [730] : 0x00 (0) [731] : 0x00 (0) [732] : 0x00 (0) [733] : 0x00 (0) [734] : 0x00 (0) [735] : 0x00 (0) [736] : 0x00 (0) [737] : 0x00 (0) [738] : 0x00 (0) [739] : 0x00 (0) [740] : 0x00 (0) [741] : 0x00 (0) [742] : 0x00 (0) [743] : 0x00 (0) [744] : 0x00 (0) [745] : 0x00 (0) [746] : 0x00 (0) [747] : 0x00 (0) [748] : 0x00 (0) [749] : 0x00 (0) [750] : 0x00 (0) [751] : 0x00 (0) [752] : 0x00 (0) [753] : 0x00 (0) [754] : 0x00 (0) [755] : 0x00 (0) [756] : 0x00 (0) [757] : 0x00 (0) [758] : 0x00 (0) [759] : 0x00 (0) [760] : 0x00 (0) [761] : 0x00 (0) [762] : 0x00 (0) [763] : 0x00 (0) [764] : 0x00 (0) [765] : 0x00 (0) [766] : 0x00 (0) [767] : 0x00 (0) [768] : 0x00 (0) [769] : 0x00 (0) [770] : 0x00 (0) [771] : 0x00 (0) [772] : 0x00 (0) [773] : 0x00 (0) [774] : 0x00 (0) [775] : 0x00 (0) [776] : 0x00 (0) [777] : 0x00 (0) [778] : 0x00 (0) [779] : 0x00 (0) [780] : 0x00 (0) [781] : 0x00 (0) [782] : 0x00 (0) [783] : 0x00 (0) [784] : 0x00 (0) [785] : 0x00 (0) [786] : 0x00 (0) [787] : 0x00 (0) [788] : 0x00 (0) [789] : 0x00 (0) [790] : 0x00 (0) [791] : 0x00 (0) [792] : 0x00 (0) [793] : 0x00 (0) [794] : 0x00 (0) [795] : 0x00 (0) [796] : 0x00 (0) [797] : 0x00 (0) [798] : 0x00 (0) [799] : 0x00 (0) [800] : 0x00 (0) [801] : 0x00 (0) [802] : 0x00 (0) [803] : 0x00 (0) [804] : 0x00 (0) [805] : 0x00 (0) [806] : 0x00 (0) [807] : 0x00 (0) [808] : 0x00 (0) [809] : 0x00 (0) [810] : 0x00 (0) [811] : 0x00 (0) [812] : 0x00 (0) [813] : 0x00 (0) [814] : 0x00 (0) [815] : 0x00 (0) [816] : 0x00 (0) [817] : 0x00 (0) [818] : 0x00 (0) [819] : 0x00 (0) [820] : 0x00 (0) [821] : 0x00 (0) [822] : 0x00 (0) [823] : 0x00 (0) [824] : 0x00 (0) [825] : 0x00 (0) [826] : 0x00 (0) [827] : 0x00 (0) [828] : 0x00 (0) [829] : 0x00 (0) [830] : 0x00 (0) [831] : 0x00 (0) [832] : 0x00 (0) [833] : 0x00 (0) [834] : 0x00 (0) [835] : 0x00 (0) [836] : 0x00 (0) [837] : 0x00 (0) [838] : 0x00 (0) [839] : 0x00 (0) [840] : 0x00 (0) [841] : 0x00 (0) [842] : 0x00 (0) [843] : 0x00 (0) [844] : 0x00 (0) [845] : 0x00 (0) [846] : 0x00 (0) [847] : 0x00 (0) [848] : 0x00 (0) [849] : 0x00 (0) [850] : 0x00 (0) [851] : 0x00 (0) [852] : 0x00 (0) [853] : 0x00 (0) [854] : 0x00 (0) [855] : 0x00 (0) [856] : 0x00 (0) [857] : 0x00 (0) [858] : 0x00 (0) [859] : 0x00 (0) [860] : 0x00 (0) [861] : 0x00 (0) [862] : 0x00 (0) [863] : 0x00 (0) [864] : 0x00 (0) [865] : 0x00 (0) [866] : 0x00 (0) [867] : 0x00 (0) [868] : 0x00 (0) [869] : 0x00 (0) [870] : 0x00 (0) [871] : 0x00 (0) [872] : 0x00 (0) [873] : 0x00 (0) [874] : 0x00 (0) [875] : 0x00 (0) [876] : 0x00 (0) [877] : 0x00 (0) [878] : 0x00 (0) [879] : 0x00 (0) [880] : 0x00 (0) [881] : 0x00 (0) [882] : 0x00 (0) [883] : 0x00 (0) [884] : 0x00 (0) [885] : 0x00 (0) [886] : 0x00 (0) [887] : 0x00 (0) [888] : 0x00 (0) [889] : 0x00 (0) [890] : 0x00 (0) [891] : 0x00 (0) [892] : 0x00 (0) [893] : 0x00 (0) [894] : 0x00 (0) [895] : 0x00 (0) [896] : 0x00 (0) [897] : 0x00 (0) [898] : 0x00 (0) [899] : 0x00 (0) [900] : 0x00 (0) [901] : 0x00 (0) [902] : 0x00 (0) [903] : 0x00 (0) [904] : 0x00 (0) [905] : 0x00 (0) [906] : 0x00 (0) [907] : 0x00 (0) [908] : 0x00 (0) [909] : 0x00 (0) [910] : 0x00 (0) [911] : 0x00 (0) [912] : 0x00 (0) [913] : 0x00 (0) [914] : 0x00 (0) [915] : 0x00 (0) [916] : 0x00 (0) [917] : 0x00 (0) [918] : 0x00 (0) [919] : 0x00 (0) [920] : 0x00 (0) [921] : 0x00 (0) [922] : 0x00 (0) [923] : 0x00 (0) [924] : 0x00 (0) [925] : 0x00 (0) [926] : 0x00 (0) [927] : 0x00 (0) [928] : 0x01 (1) [929] : 0x00 (0) [930] : 0x00 (0) [931] : 0x00 (0) [932] : 0x00 (0) [933] : 0x00 (0) [934] : 0x00 (0) [935] : 0x00 (0) [936] : 0x00 (0) [937] : 0x00 (0) [938] : 0x00 (0) [939] : 0x00 (0) [940] : 0x00 (0) [941] : 0x00 (0) [942] : 0x00 (0) [943] : 0x00 (0) [944] : 0x80 (128) [945] : 0x00 (0) [946] : 0x00 (0) [947] : 0x00 (0) [948] : 0x53 (83) [949] : 0x4d (77) [950] : 0x54 (84) [951] : 0x4a (74) [952] : 0x00 (0) [953] : 0x00 (0) [954] : 0x00 (0) [955] : 0x00 (0) [956] : 0x10 (16) [957] : 0x00 (0) [958] : 0x70 (112) [959] : 0x00 (0) [960] : 0x49 (73) [961] : 0x00 (0) [962] : 0x53 (83) [963] : 0x00 (0) [964] : 0x65 (101) [965] : 0x00 (0) [966] : 0x72 (114) [967] : 0x00 (0) [968] : 0x76 (118) [969] : 0x00 (0) [970] : 0x20 (32) [971] : 0x00 (0) [972] : 0x50 (80) [973] : 0x00 (0) [974] : 0x72 (114) [975] : 0x00 (0) [976] : 0x69 (105) [977] : 0x00 (0) [978] : 0x6e (110) [979] : 0x00 (0) [980] : 0x74 (116) [981] : 0x00 (0) [982] : 0x20 (32) [983] : 0x00 (0) [984] : 0x44 (68) [985] : 0x00 (0) [986] : 0x72 (114) [987] : 0x00 (0) [988] : 0x69 (105) [989] : 0x00 (0) [990] : 0x76 (118) [991] : 0x00 (0) [992] : 0x65 (101) [993] : 0x00 (0) [994] : 0x72 (114) [995] : 0x00 (0) [996] : 0x00 (0) [997] : 0x00 (0) [998] : 0x52 (82) [999] : 0x65 (101) [1000] : 0x73 (115) [1001] : 0x6f (111) [1002] : 0x6c (108) [1003] : 0x75 (117) [1004] : 0x74 (116) [1005] : 0x69 (105) [1006] : 0x6f (111) [1007] : 0x6e (110) [1008] : 0x00 (0) [1009] : 0x36 (54) [1010] : 0x30 (48) [1011] : 0x30 (48) [1012] : 0x64 (100) [1013] : 0x70 (112) [1014] : 0x69 (105) [1015] : 0x00 (0) [1016] : 0x50 (80) [1017] : 0x61 (97) [1018] : 0x67 (103) [1019] : 0x65 (101) [1020] : 0x53 (83) [1021] : 0x69 (105) [1022] : 0x7a (122) [1023] : 0x65 (101) [1024] : 0x00 (0) [1025] : 0x41 (65) [1026] : 0x34 (52) [1027] : 0x00 (0) [1028] : 0x50 (80) [1029] : 0x61 (97) [1030] : 0x67 (103) [1031] : 0x65 (101) [1032] : 0x52 (82) [1033] : 0x65 (101) [1034] : 0x67 (103) [1035] : 0x69 (105) [1036] : 0x6f (111) [1037] : 0x6e (110) [1038] : 0x00 (0) [1039] : 0x00 (0) [1040] : 0x00 (0) [1041] : 0x00 (0) [1042] : 0x00 (0) [1043] : 0x00 (0) [1044] : 0x00 (0) [1045] : 0x00 (0) [1046] : 0x00 (0) [1047] : 0x00 (0) [1048] : 0x00 (0) [1049] : 0x00 (0) [1050] : 0x00 (0) [1051] : 0x00 (0) [1052] : 0x00 (0) [1053] : 0x00 (0) [1054] : 0x00 (0) [1055] : 0x00 (0) [1056] : 0x00 (0) [1057] : 0x00 (0) [1058] : 0x00 (0) [1059] : 0x00 (0) [1060] : 0x00 (0) [1061] : 0x00 (0) [1062] : 0x00 (0) [1063] : 0x00 (0) [1064] : 0x00 (0) [1065] : 0x00 (0) [1066] : 0x00 (0) [1067] : 0x00 (0) [1068] : 0x00 (0) [1069] : 0x00 (0) [1070] : 0x00 (0) [1071] : 0x00 (0) data_size : * data_size : 0x00000430 (1072) data_length : * data_length : 0x00000430 (1072) result : WERR_OK [2016/11/10 14:56:30.627431, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/11/10 14:56:30.627482, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/11/10 14:56:30.627492, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/11/10 14:56:30.627504, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/11/10 14:56:30.627514, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/11/10 14:56:30.627524, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.627533, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM] [2016/11/10 14:56:30.627560, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.627587, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000015-0000-0000-2458-8e7c274a0000 result : WERR_OK [2016/11/10 14:56:30.627629, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000015-0000-0000-2458-8e7c274a0000 keyname: struct winreg_String name_len : 0x00aa (170) name_size : 0x00aa (170) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaaaä' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/11/10 14:56:30.627722, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.627747, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/11/10 14:56:30.627760, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (3->4) [2016/11/10 14:56:30.627770, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/11/10 14:56:30.627780, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/11/10 14:56:30.627790, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.627799, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE] [2016/11/10 14:56:30.627821, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/11/10 14:56:30.627831, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (4->5) [2016/11/10 14:56:30.627841, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.627850, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.627861, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.627869, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.627888, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/11/10 14:56:30.627898, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (5->6) [2016/11/10 14:56:30.627908, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.627917, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.627928, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.627937, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.627954, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/11/10 14:56:30.627964, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (6->7) [2016/11/10 14:56:30.627974, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.627983, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.627997, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.628006, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf76f87c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.628029, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/11/10 14:56:30.628039, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (7->8) [2016/11/10 14:56:30.628049, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.628059, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.628070, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.628079, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf76f87c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.628104, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/11/10 14:56:30.628114, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (8->9) [2016/11/10 14:56:30.628124, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.628133, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.628145, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.628154, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.628198, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [aaaaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.628208, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (9->10) [2016/11/10 14:56:30.628219, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.628228, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.628240, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.628249, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.628275, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (10->9) [2016/11/10 14:56:30.628285, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (9->8) [2016/11/10 14:56:30.628295, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (8->7) [2016/11/10 14:56:30.628305, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (7->6) [2016/11/10 14:56:30.628314, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (6->5) [2016/11/10 14:56:30.628324, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (5->4) [2016/11/10 14:56:30.628334, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 16 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.628358, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000016-0000-0000-2458-8e7c274a0000 result : WERR_OK [2016/11/10 14:56:30.628400, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000016-0000-0000-2458-8e7c274a0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2016/11/10 14:56:30.628470, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 16 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.628495, 7, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.628504, 7, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/11/10 14:56:30.628514, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaaaä' (ops 0xf7331040) [2016/11/10 14:56:30.628527, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.628548, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2016/11/10 14:56:30.628559, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[1]: name[Datatype] len[8] [2016/11/10 14:56:30.628569, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[2]: name[Default Priority] len[4] [2016/11/10 14:56:30.628579, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[3]: name[Port] len[38] [2016/11/10 14:56:30.628589, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[4]: name[Name] len[50] [2016/11/10 14:56:30.628600, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[5]: name[Print Processor] len[18] [2016/11/10 14:56:30.628610, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[6]: name[Priority] len[4] [2016/11/10 14:56:30.628620, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[7]: name[Security] len[248] [2016/11/10 14:56:30.628631, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[8]: name[Share Name] len[50] [2016/11/10 14:56:30.628641, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[9]: name[StartTime] len[4] [2016/11/10 14:56:30.628651, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[10]: name[UntilTime] len[4] [2016/11/10 14:56:30.628661, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[11]: name[Description] len[60] [2016/11/10 14:56:30.628671, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[12]: name[Printer Driver] len[38] [2016/11/10 14:56:30.628681, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[13]: name[Location] len[2] [2016/11/10 14:56:30.628691, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[14]: name[Parameters] len[2] [2016/11/10 14:56:30.628702, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[15]: name[Separator File] len[2] [2016/11/10 14:56:30.628712, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[16]: name[Status] len[4] [2016/11/10 14:56:30.628729, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[17]: name[Default DevMode] len[1072] [2016/11/10 14:56:30.628740, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[18]: name[ChangeID] len[4] [2016/11/10 14:56:30.628751, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2016/11/10 14:56:30.628802, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000016-0000-0000-2458-8e7c274a0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2016/11/10 14:56:30.628892, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 16 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.628916, 7, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.628926, 7, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/11/10 14:56:30.628937, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xae (174) [101] : 0x66 (102) [102] : 0x85 (133) [103] : 0x50 (80) [104] : 0xdc (220) [105] : 0x80 (128) [106] : 0xb5 (181) [107] : 0x88 (136) [108] : 0x63 (99) [109] : 0xbb (187) [110] : 0x04 (4) [111] : 0x8c (140) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xae (174) [137] : 0x66 (102) [138] : 0x85 (133) [139] : 0x50 (80) [140] : 0xdc (220) [141] : 0x80 (128) [142] : 0xb5 (181) [143] : 0x88 (136) [144] : 0x63 (99) [145] : 0xbb (187) [146] : 0x04 (4) [147] : 0x8c (140) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2016/11/10 14:56:30.629873, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000016-0000-0000-2458-8e7c274a0000 [2016/11/10 14:56:30.629902, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 16 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.629926, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 16 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.629949, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) Closed policy [2016/11/10 14:56:30.629960, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (4->3) [2016/11/10 14:56:30.629969, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/11/10 14:56:30.630005, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000015-0000-0000-2458-8e7c274a0000 [2016/11/10 14:56:30.630034, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.630059, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.630082, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) Closed policy [2016/11/10 14:56:30.630092, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/11/10 14:56:30.630101, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/11/10 14:56:30.630136, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000014-0000-0000-2458-8e7c274a0000 [2016/11/10 14:56:30.630163, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.630186, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.630209, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) Closed policy [2016/11/10 14:56:30.630220, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (2->1) [2016/11/10 14:56:30.630230, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/11/10 14:56:30.630265, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000013-0000-0000-2458-8e7c274a0000 [2016/11/10 14:56:30.630292, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.630319, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.630342, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) Closed policy [2016/11/10 14:56:30.630352, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (1->0) [2016/11/10 14:56:30.630420, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/11/10 14:56:30.630459, 10, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:418(close_policy_by_pipe) Deleted handle list for RPC connection winreg printername: aaaaaaaaaaaaaaaaaaaaaaaä [2016/11/10 14:56:30.630487, 4, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) Create pipe requested winreg [2016/11/10 14:56:30.630499, 10, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:223(init_pipe_handles) init_pipe_handle_list: created handle list for pipe winreg [2016/11/10 14:56:30.630508, 10, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:240(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg [2016/11/10 14:56:30.630535, 4, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) Created internal pipe winreg [2016/11/10 14:56:30.630556, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/11/10 14:56:30.630602, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/11/10 14:56:30.630617, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2016/11/10 14:56:30.630630, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:491(push_conn_ctx) push_conn_ctx(14969) : conn_ctx_stack_ndx = 0 [2016/11/10 14:56:30.630640, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2016/11/10 14:56:30.630649, 5, pid=18983, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/11/10 14:56:30.630658, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/11/10 14:56:30.630722, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2016/11/10 14:56:30.630734, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:885(regdb_open) regdb_open: registry db opened. refcount reset (1) [2016/11/10 14:56:30.630744, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/11/10 14:56:30.630754, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/11/10 14:56:30.630763, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.630772, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM] [2016/11/10 14:56:30.630801, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 17 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.630826, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000017-0000-0000-2458-8e7c274a0000 result : WERR_OK [2016/11/10 14:56:30.630868, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000017-0000-0000-2458-8e7c274a0000 keyname: struct winreg_String name_len : 0x00a0 (160) name_size : 0x00a0 (160) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_HL-L8250CDN' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/11/10 14:56:30.630957, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 17 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.630981, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/11/10 14:56:30.630991, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (1->2) [2016/11/10 14:56:30.631005, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/11/10 14:56:30.631015, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/11/10 14:56:30.631025, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.631034, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE] [2016/11/10 14:56:30.631057, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/11/10 14:56:30.631067, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/11/10 14:56:30.631077, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.631086, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.631097, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.631106, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.631127, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/11/10 14:56:30.631138, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (3->4) [2016/11/10 14:56:30.631148, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.631158, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.631169, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.631177, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.631194, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/11/10 14:56:30.631204, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (4->5) [2016/11/10 14:56:30.631214, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.631224, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.631235, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.631243, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf76f87c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.631269, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/11/10 14:56:30.631279, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (5->6) [2016/11/10 14:56:30.631289, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.631298, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.631310, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.631318, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf76f87c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.631335, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/11/10 14:56:30.631345, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (6->7) [2016/11/10 14:56:30.631355, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.631364, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.631376, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.631384, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.631428, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Brother_HL-L8250CDN] [2016/11/10 14:56:30.631438, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (7->8) [2016/11/10 14:56:30.631448, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_HL-L8250CDN] [2016/11/10 14:56:30.631457, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_HL-L8250CDN] [2016/11/10 14:56:30.631469, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.631478, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_HL-L8250CDN] [2016/11/10 14:56:30.631500, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (8->7) [2016/11/10 14:56:30.631515, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (7->6) [2016/11/10 14:56:30.631525, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (6->5) [2016/11/10 14:56:30.631535, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (5->4) [2016/11/10 14:56:30.631544, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (4->3) [2016/11/10 14:56:30.631553, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/11/10 14:56:30.631563, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.631587, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000018-0000-0000-2458-8e7c274a0000 result : WERR_OK [2016/11/10 14:56:30.631628, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000018-0000-0000-2458-8e7c274a0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2016/11/10 14:56:30.631673, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.631698, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_HL-L8250CDN' (ops 0xf7331040) [2016/11/10 14:56:30.631709, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_HL-L8250CDN] [2016/11/10 14:56:30.631727, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2016/11/10 14:56:30.631738, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[1]: name[Datatype] len[8] [2016/11/10 14:56:30.631748, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[2]: name[Default Priority] len[4] [2016/11/10 14:56:30.631758, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[3]: name[Port] len[38] [2016/11/10 14:56:30.631770, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[4]: name[Name] len[40] [2016/11/10 14:56:30.631780, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[5]: name[Print Processor] len[18] [2016/11/10 14:56:30.631790, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[6]: name[Priority] len[4] [2016/11/10 14:56:30.631800, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[7]: name[Security] len[248] [2016/11/10 14:56:30.631810, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[8]: name[Share Name] len[40] [2016/11/10 14:56:30.631820, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[9]: name[StartTime] len[4] [2016/11/10 14:56:30.631830, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[10]: name[UntilTime] len[4] [2016/11/10 14:56:30.631841, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[11]: name[Description] len[50] [2016/11/10 14:56:30.631851, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[12]: name[Printer Driver] len[38] [2016/11/10 14:56:30.631862, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[13]: name[Location] len[2] [2016/11/10 14:56:30.631872, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[14]: name[Parameters] len[2] [2016/11/10 14:56:30.631883, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[15]: name[Separator File] len[2] [2016/11/10 14:56:30.631894, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[16]: name[Status] len[4] [2016/11/10 14:56:30.631906, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[17]: name[Default DevMode] len[1072] [2016/11/10 14:56:30.631917, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[18]: name[ChangeID] len[4] [2016/11/10 14:56:30.631928, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_HL-L8250CDN] [2016/11/10 14:56:30.631946, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x00000013 (19) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x00000430 (1072) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2016/11/10 14:56:30.632053, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000018-0000-0000-2458-8e7c274a0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.632146, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.632171, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_HL-L8250CDN] [2016/11/10 14:56:30.632183, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2016/11/10 14:56:30.632271, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000018-0000-0000-2458-8e7c274a0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.632352, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.632375, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_HL-L8250CDN] [2016/11/10 14:56:30.632386, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2016/11/10 14:56:30.632483, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000018-0000-0000-2458-8e7c274a0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.632559, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.632585, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_HL-L8250CDN] [2016/11/10 14:56:30.632596, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2016/11/10 14:56:30.632678, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000018-0000-0000-2458-8e7c274a0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.632755, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.632780, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_HL-L8250CDN] [2016/11/10 14:56:30.632791, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2016/11/10 14:56:30.633014, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000018-0000-0000-2458-8e7c274a0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.633092, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.633117, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_HL-L8250CDN] [2016/11/10 14:56:30.633128, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(40) [0] : 0x42 (66) [1] : 0x00 (0) [2] : 0x72 (114) [3] : 0x00 (0) [4] : 0x6f (111) [5] : 0x00 (0) [6] : 0x74 (116) [7] : 0x00 (0) [8] : 0x68 (104) [9] : 0x00 (0) [10] : 0x65 (101) [11] : 0x00 (0) [12] : 0x72 (114) [13] : 0x00 (0) [14] : 0x5f (95) [15] : 0x00 (0) [16] : 0x48 (72) [17] : 0x00 (0) [18] : 0x4c (76) [19] : 0x00 (0) [20] : 0x2d (45) [21] : 0x00 (0) [22] : 0x4c (76) [23] : 0x00 (0) [24] : 0x38 (56) [25] : 0x00 (0) [26] : 0x32 (50) [27] : 0x00 (0) [28] : 0x35 (53) [29] : 0x00 (0) [30] : 0x30 (48) [31] : 0x00 (0) [32] : 0x43 (67) [33] : 0x00 (0) [34] : 0x44 (68) [35] : 0x00 (0) [36] : 0x4e (78) [37] : 0x00 (0) [38] : 0x00 (0) [39] : 0x00 (0) size : * size : 0x00000028 (40) length : * length : 0x00000028 (40) result : WERR_OK [2016/11/10 14:56:30.633374, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000018-0000-0000-2458-8e7c274a0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.633454, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.633480, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_HL-L8250CDN] [2016/11/10 14:56:30.633491, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2016/11/10 14:56:30.633625, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000018-0000-0000-2458-8e7c274a0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.633705, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.633729, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_HL-L8250CDN] [2016/11/10 14:56:30.633740, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2016/11/10 14:56:30.633826, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000018-0000-0000-2458-8e7c274a0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.633900, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.633927, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_HL-L8250CDN] [2016/11/10 14:56:30.633937, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xae (174) [101] : 0x66 (102) [102] : 0x85 (133) [103] : 0x50 (80) [104] : 0xdc (220) [105] : 0x80 (128) [106] : 0xb5 (181) [107] : 0x88 (136) [108] : 0x63 (99) [109] : 0xbb (187) [110] : 0x04 (4) [111] : 0x8c (140) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xae (174) [137] : 0x66 (102) [138] : 0x85 (133) [139] : 0x50 (80) [140] : 0xdc (220) [141] : 0x80 (128) [142] : 0xb5 (181) [143] : 0x88 (136) [144] : 0x63 (99) [145] : 0xbb (187) [146] : 0x04 (4) [147] : 0x8c (140) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) size : * size : 0x000000f8 (248) length : * length : 0x000000f8 (248) result : WERR_OK [2016/11/10 14:56:30.634931, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000018-0000-0000-2458-8e7c274a0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.635009, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.635034, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_HL-L8250CDN] [2016/11/10 14:56:30.635045, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(40) [0] : 0x42 (66) [1] : 0x00 (0) [2] : 0x72 (114) [3] : 0x00 (0) [4] : 0x6f (111) [5] : 0x00 (0) [6] : 0x74 (116) [7] : 0x00 (0) [8] : 0x68 (104) [9] : 0x00 (0) [10] : 0x65 (101) [11] : 0x00 (0) [12] : 0x72 (114) [13] : 0x00 (0) [14] : 0x5f (95) [15] : 0x00 (0) [16] : 0x48 (72) [17] : 0x00 (0) [18] : 0x4c (76) [19] : 0x00 (0) [20] : 0x2d (45) [21] : 0x00 (0) [22] : 0x4c (76) [23] : 0x00 (0) [24] : 0x38 (56) [25] : 0x00 (0) [26] : 0x32 (50) [27] : 0x00 (0) [28] : 0x35 (53) [29] : 0x00 (0) [30] : 0x30 (48) [31] : 0x00 (0) [32] : 0x43 (67) [33] : 0x00 (0) [34] : 0x44 (68) [35] : 0x00 (0) [36] : 0x4e (78) [37] : 0x00 (0) [38] : 0x00 (0) [39] : 0x00 (0) size : * size : 0x00000028 (40) length : * length : 0x00000028 (40) result : WERR_OK [2016/11/10 14:56:30.635274, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000018-0000-0000-2458-8e7c274a0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.635350, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.635375, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_HL-L8250CDN] [2016/11/10 14:56:30.635385, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2016/11/10 14:56:30.635471, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000018-0000-0000-2458-8e7c274a0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.635548, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.635573, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_HL-L8250CDN] [2016/11/10 14:56:30.635583, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2016/11/10 14:56:30.635668, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000018-0000-0000-2458-8e7c274a0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.635742, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.635767, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_HL-L8250CDN] [2016/11/10 14:56:30.635780, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(50) [0] : 0x42 (66) [1] : 0x00 (0) [2] : 0x72 (114) [3] : 0x00 (0) [4] : 0x6f (111) [5] : 0x00 (0) [6] : 0x74 (116) [7] : 0x00 (0) [8] : 0x68 (104) [9] : 0x00 (0) [10] : 0x65 (101) [11] : 0x00 (0) [12] : 0x72 (114) [13] : 0x00 (0) [14] : 0x20 (32) [15] : 0x00 (0) [16] : 0x48 (72) [17] : 0x00 (0) [18] : 0x4c (76) [19] : 0x00 (0) [20] : 0x2d (45) [21] : 0x00 (0) [22] : 0x4c (76) [23] : 0x00 (0) [24] : 0x38 (56) [25] : 0x00 (0) [26] : 0x32 (50) [27] : 0x00 (0) [28] : 0x35 (53) [29] : 0x00 (0) [30] : 0x30 (48) [31] : 0x00 (0) [32] : 0x43 (67) [33] : 0x00 (0) [34] : 0x44 (68) [35] : 0x00 (0) [36] : 0x4e (78) [37] : 0x00 (0) [38] : 0x2c (44) [39] : 0x00 (0) [40] : 0x20 (32) [41] : 0x00 (0) [42] : 0x30 (48) [43] : 0x00 (0) [44] : 0x2b (43) [45] : 0x00 (0) [46] : 0x30 (48) [47] : 0x00 (0) [48] : 0x00 (0) [49] : 0x00 (0) size : * size : 0x00000032 (50) length : * length : 0x00000032 (50) result : WERR_OK [2016/11/10 14:56:30.636043, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000018-0000-0000-2458-8e7c274a0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.636126, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.636152, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_HL-L8250CDN] [2016/11/10 14:56:30.636163, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x001e (30) size : 0x0024 (36) name : * name : 'Printer Driver' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x49 (73) [1] : 0x00 (0) [2] : 0x53 (83) [3] : 0x00 (0) [4] : 0x65 (101) [5] : 0x00 (0) [6] : 0x72 (114) [7] : 0x00 (0) [8] : 0x76 (118) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x20 (32) [23] : 0x00 (0) [24] : 0x44 (68) [25] : 0x00 (0) [26] : 0x72 (114) [27] : 0x00 (0) [28] : 0x69 (105) [29] : 0x00 (0) [30] : 0x76 (118) [31] : 0x00 (0) [32] : 0x65 (101) [33] : 0x00 (0) [34] : 0x72 (114) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2016/11/10 14:56:30.636361, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000018-0000-0000-2458-8e7c274a0000 enum_index : 0x0000000d (13) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.636435, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.636460, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_HL-L8250CDN] [2016/11/10 14:56:30.636470, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Location' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2016/11/10 14:56:30.636548, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000018-0000-0000-2458-8e7c274a0000 enum_index : 0x0000000e (14) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.636624, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.636649, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_HL-L8250CDN] [2016/11/10 14:56:30.636659, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Parameters' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2016/11/10 14:56:30.636737, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000018-0000-0000-2458-8e7c274a0000 enum_index : 0x0000000f (15) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.636811, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.636837, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_HL-L8250CDN] [2016/11/10 14:56:30.636847, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x001e (30) size : 0x0024 (36) name : * name : 'Separator File' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2016/11/10 14:56:30.636923, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000018-0000-0000-2458-8e7c274a0000 enum_index : 0x00000010 (16) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.637000, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.637025, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_HL-L8250CDN] [2016/11/10 14:56:30.637035, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000e (14) size : 0x0024 (36) name : * name : 'Status' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2016/11/10 14:56:30.637126, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000018-0000-0000-2458-8e7c274a0000 enum_index : 0x00000011 (17) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.637201, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.637225, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_HL-L8250CDN] [2016/11/10 14:56:30.637236, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Default DevMode' type : * type : REG_BINARY (3) value : * value: ARRAY(1072) [0] : 0x5c (92) [1] : 0x00 (0) [2] : 0x5c (92) [3] : 0x00 (0) [4] : 0x69 (105) [5] : 0x00 (0) [6] : 0x73 (115) [7] : 0x00 (0) [8] : 0x65 (101) [9] : 0x00 (0) [10] : 0x72 (114) [11] : 0x00 (0) [12] : 0x76 (118) [13] : 0x00 (0) [14] : 0x5c (92) [15] : 0x00 (0) [16] : 0x78 (120) [17] : 0x00 (0) [18] : 0x79 (121) [19] : 0x00 (0) [20] : 0x7a (122) [21] : 0x00 (0) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x00 (0) [28] : 0x00 (0) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x00 (0) [33] : 0x00 (0) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x00 (0) [44] : 0x00 (0) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x00 (0) [49] : 0x00 (0) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x00 (0) [53] : 0x00 (0) [54] : 0x00 (0) [55] : 0x00 (0) [56] : 0x00 (0) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x00 (0) [62] : 0x00 (0) [63] : 0x00 (0) [64] : 0x01 (1) [65] : 0x04 (4) [66] : 0x00 (0) [67] : 0x06 (6) [68] : 0xdc (220) [69] : 0x00 (0) [70] : 0x54 (84) [71] : 0x03 (3) [72] : 0x53 (83) [73] : 0xef (239) [74] : 0x81 (129) [75] : 0x01 (1) [76] : 0x01 (1) [77] : 0x00 (0) [78] : 0x09 (9) [79] : 0x00 (0) [80] : 0xea (234) [81] : 0x0a (10) [82] : 0x6f (111) [83] : 0x08 (8) [84] : 0x64 (100) [85] : 0x00 (0) [86] : 0x01 (1) [87] : 0x00 (0) [88] : 0x0f (15) [89] : 0x00 (0) [90] : 0x58 (88) [91] : 0x02 (2) [92] : 0x02 (2) [93] : 0x00 (0) [94] : 0x01 (1) [95] : 0x00 (0) [96] : 0x58 (88) [97] : 0x02 (2) [98] : 0x03 (3) [99] : 0x00 (0) [100] : 0x01 (1) [101] : 0x00 (0) [102] : 0x41 (65) [103] : 0x00 (0) [104] : 0x34 (52) [105] : 0x00 (0) [106] : 0x00 (0) [107] : 0x00 (0) [108] : 0x00 (0) [109] : 0x00 (0) [110] : 0x00 (0) [111] : 0x00 (0) [112] : 0x00 (0) [113] : 0x00 (0) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x00 (0) [120] : 0x00 (0) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x00 (0) [125] : 0x00 (0) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x00 (0) [132] : 0x00 (0) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0x00 (0) [137] : 0x00 (0) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x00 (0) [144] : 0x00 (0) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x00 (0) [149] : 0x00 (0) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x00 (0) [154] : 0x00 (0) [155] : 0x00 (0) [156] : 0x00 (0) [157] : 0x00 (0) [158] : 0x00 (0) [159] : 0x00 (0) [160] : 0x00 (0) [161] : 0x00 (0) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x00 (0) [168] : 0x00 (0) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x00 (0) [173] : 0x00 (0) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x00 (0) [178] : 0x00 (0) [179] : 0x00 (0) [180] : 0x01 (1) [181] : 0x00 (0) [182] : 0x00 (0) [183] : 0x00 (0) [184] : 0x00 (0) [185] : 0x00 (0) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x01 (1) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x00 (0) [192] : 0x02 (2) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x01 (1) [197] : 0x00 (0) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x00 (0) [202] : 0x00 (0) [203] : 0x00 (0) [204] : 0x00 (0) [205] : 0x00 (0) [206] : 0x00 (0) [207] : 0x00 (0) [208] : 0x00 (0) [209] : 0x00 (0) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x00 (0) [216] : 0x00 (0) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x50 (80) [221] : 0x52 (82) [222] : 0x49 (73) [223] : 0x56 (86) [224] : 0xe2 (226) [225] : 0x30 (48) [226] : 0x00 (0) [227] : 0x00 (0) [228] : 0x00 (0) [229] : 0x00 (0) [230] : 0x00 (0) [231] : 0x00 (0) [232] : 0x00 (0) [233] : 0x00 (0) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x00 (0) [240] : 0x00 (0) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x00 (0) [245] : 0x00 (0) [246] : 0x00 (0) [247] : 0x00 (0) [248] : 0x00 (0) [249] : 0x00 (0) [250] : 0x00 (0) [251] : 0x00 (0) [252] : 0x00 (0) [253] : 0x00 (0) [254] : 0x00 (0) [255] : 0x00 (0) [256] : 0x00 (0) [257] : 0x00 (0) [258] : 0x00 (0) [259] : 0x00 (0) [260] : 0x00 (0) [261] : 0x00 (0) [262] : 0x00 (0) [263] : 0x00 (0) [264] : 0x00 (0) [265] : 0x00 (0) [266] : 0x00 (0) [267] : 0x00 (0) [268] : 0x00 (0) [269] : 0x00 (0) [270] : 0x00 (0) [271] : 0x00 (0) [272] : 0x00 (0) [273] : 0x00 (0) [274] : 0x00 (0) [275] : 0x00 (0) [276] : 0x00 (0) [277] : 0x00 (0) [278] : 0x00 (0) [279] : 0x00 (0) [280] : 0x00 (0) [281] : 0x00 (0) [282] : 0x00 (0) [283] : 0x00 (0) [284] : 0x00 (0) [285] : 0x00 (0) [286] : 0x00 (0) [287] : 0x00 (0) [288] : 0x00 (0) [289] : 0x00 (0) [290] : 0x00 (0) [291] : 0x00 (0) [292] : 0x00 (0) [293] : 0x00 (0) [294] : 0x00 (0) [295] : 0x00 (0) [296] : 0x00 (0) [297] : 0x00 (0) [298] : 0x00 (0) [299] : 0x00 (0) [300] : 0x00 (0) [301] : 0x00 (0) [302] : 0x00 (0) [303] : 0x00 (0) [304] : 0x00 (0) [305] : 0x00 (0) [306] : 0x00 (0) [307] : 0x00 (0) [308] : 0x18 (24) [309] : 0x00 (0) [310] : 0x00 (0) [311] : 0x00 (0) [312] : 0x00 (0) [313] : 0x00 (0) [314] : 0x10 (16) [315] : 0x27 (39) [316] : 0x10 (16) [317] : 0x27 (39) [318] : 0x10 (16) [319] : 0x27 (39) [320] : 0x00 (0) [321] : 0x00 (0) [322] : 0x10 (16) [323] : 0x27 (39) [324] : 0x00 (0) [325] : 0x00 (0) [326] : 0x00 (0) [327] : 0x00 (0) [328] : 0x00 (0) [329] : 0x00 (0) [330] : 0x00 (0) [331] : 0x00 (0) [332] : 0x80 (128) [333] : 0x00 (0) [334] : 0x54 (84) [335] : 0x03 (3) [336] : 0x00 (0) [337] : 0x00 (0) [338] : 0x00 (0) [339] : 0x00 (0) [340] : 0x00 (0) [341] : 0x00 (0) [342] : 0x00 (0) [343] : 0x00 (0) [344] : 0x00 (0) [345] : 0x00 (0) [346] : 0x00 (0) [347] : 0x00 (0) [348] : 0x00 (0) [349] : 0x00 (0) [350] : 0x00 (0) [351] : 0x00 (0) [352] : 0x00 (0) [353] : 0x00 (0) [354] : 0x00 (0) [355] : 0x00 (0) [356] : 0x00 (0) [357] : 0x00 (0) [358] : 0x00 (0) [359] : 0x00 (0) [360] : 0x03 (3) [361] : 0x00 (0) [362] : 0x00 (0) [363] : 0x00 (0) [364] : 0x00 (0) [365] : 0x00 (0) [366] : 0x00 (0) [367] : 0x00 (0) [368] : 0x00 (0) [369] : 0x00 (0) [370] : 0x10 (16) [371] : 0x00 (0) [372] : 0x50 (80) [373] : 0x34 (52) [374] : 0x03 (3) [375] : 0x00 (0) [376] : 0x28 (40) [377] : 0x88 (136) [378] : 0x04 (4) [379] : 0x00 (0) [380] : 0x00 (0) [381] : 0x00 (0) [382] : 0x00 (0) [383] : 0x00 (0) [384] : 0x00 (0) [385] : 0x00 (0) [386] : 0x00 (0) [387] : 0x00 (0) [388] : 0x00 (0) [389] : 0x00 (0) [390] : 0x01 (1) [391] : 0x00 (0) [392] : 0x00 (0) [393] : 0x00 (0) [394] : 0x00 (0) [395] : 0x00 (0) [396] : 0x00 (0) [397] : 0x00 (0) [398] : 0x00 (0) [399] : 0x00 (0) [400] : 0x00 (0) [401] : 0x00 (0) [402] : 0x00 (0) [403] : 0x00 (0) [404] : 0x00 (0) [405] : 0x00 (0) [406] : 0x00 (0) [407] : 0x00 (0) [408] : 0x24 (36) [409] : 0x01 (1) [410] : 0xdf (223) [411] : 0x8c (140) [412] : 0x03 (3) [413] : 0x00 (0) [414] : 0x00 (0) [415] : 0x00 (0) [416] : 0x05 (5) [417] : 0x00 (0) [418] : 0x0b (11) [419] : 0x00 (0) [420] : 0xff (255) [421] : 0x00 (0) [422] : 0x00 (0) [423] : 0x00 (0) [424] : 0x00 (0) [425] : 0x00 (0) [426] : 0x00 (0) [427] : 0x00 (0) [428] : 0x00 (0) [429] : 0x00 (0) [430] : 0x00 (0) [431] : 0x00 (0) [432] : 0x00 (0) [433] : 0x00 (0) [434] : 0x00 (0) [435] : 0x00 (0) [436] : 0x00 (0) [437] : 0x00 (0) [438] : 0x00 (0) [439] : 0x00 (0) [440] : 0x00 (0) [441] : 0x00 (0) [442] : 0x00 (0) [443] : 0x00 (0) [444] : 0x00 (0) [445] : 0x00 (0) [446] : 0x00 (0) [447] : 0x00 (0) [448] : 0x00 (0) [449] : 0x00 (0) [450] : 0x00 (0) [451] : 0x00 (0) [452] : 0x00 (0) [453] : 0x00 (0) [454] : 0x00 (0) [455] : 0x00 (0) [456] : 0x00 (0) [457] : 0x00 (0) [458] : 0x00 (0) [459] : 0x00 (0) [460] : 0x00 (0) [461] : 0x00 (0) [462] : 0x00 (0) [463] : 0x00 (0) [464] : 0x00 (0) [465] : 0x00 (0) [466] : 0x00 (0) [467] : 0x00 (0) [468] : 0x00 (0) [469] : 0x00 (0) [470] : 0x00 (0) [471] : 0x00 (0) [472] : 0x00 (0) [473] : 0x00 (0) [474] : 0x00 (0) [475] : 0x00 (0) [476] : 0x00 (0) [477] : 0x00 (0) [478] : 0x00 (0) [479] : 0x00 (0) [480] : 0x00 (0) [481] : 0x00 (0) [482] : 0x00 (0) [483] : 0x00 (0) [484] : 0x00 (0) [485] : 0x00 (0) [486] : 0x00 (0) [487] : 0x00 (0) [488] : 0x00 (0) [489] : 0x00 (0) [490] : 0x00 (0) [491] : 0x00 (0) [492] : 0x00 (0) [493] : 0x00 (0) [494] : 0x00 (0) [495] : 0x00 (0) [496] : 0x00 (0) [497] : 0x00 (0) [498] : 0x00 (0) [499] : 0x00 (0) [500] : 0x00 (0) [501] : 0x00 (0) [502] : 0x00 (0) [503] : 0x00 (0) [504] : 0x00 (0) [505] : 0x00 (0) [506] : 0x00 (0) [507] : 0x00 (0) [508] : 0x00 (0) [509] : 0x00 (0) [510] : 0x00 (0) [511] : 0x00 (0) [512] : 0x00 (0) [513] : 0x00 (0) [514] : 0x00 (0) [515] : 0x00 (0) [516] : 0x00 (0) [517] : 0x00 (0) [518] : 0x00 (0) [519] : 0x00 (0) [520] : 0x00 (0) [521] : 0x00 (0) [522] : 0x00 (0) [523] : 0x00 (0) [524] : 0x00 (0) [525] : 0x00 (0) [526] : 0x00 (0) [527] : 0x00 (0) [528] : 0x00 (0) [529] : 0x00 (0) [530] : 0x00 (0) [531] : 0x00 (0) [532] : 0x00 (0) [533] : 0x00 (0) [534] : 0x00 (0) [535] : 0x00 (0) [536] : 0x00 (0) [537] : 0x00 (0) [538] : 0x00 (0) [539] : 0x00 (0) [540] : 0x00 (0) [541] : 0x00 (0) [542] : 0x00 (0) [543] : 0x00 (0) [544] : 0x00 (0) [545] : 0x00 (0) [546] : 0x00 (0) [547] : 0x00 (0) [548] : 0x00 (0) [549] : 0x00 (0) [550] : 0x00 (0) [551] : 0x00 (0) [552] : 0x00 (0) [553] : 0x00 (0) [554] : 0x00 (0) [555] : 0x00 (0) [556] : 0x00 (0) [557] : 0x00 (0) [558] : 0x00 (0) [559] : 0x00 (0) [560] : 0x00 (0) [561] : 0x00 (0) [562] : 0x00 (0) [563] : 0x00 (0) [564] : 0x00 (0) [565] : 0x00 (0) [566] : 0x00 (0) [567] : 0x00 (0) [568] : 0x00 (0) [569] : 0x00 (0) [570] : 0x00 (0) [571] : 0x00 (0) [572] : 0x00 (0) [573] : 0x00 (0) [574] : 0x00 (0) [575] : 0x00 (0) [576] : 0x00 (0) [577] : 0x00 (0) [578] : 0x00 (0) [579] : 0x00 (0) [580] : 0x00 (0) [581] : 0x00 (0) [582] : 0x00 (0) [583] : 0x00 (0) [584] : 0x00 (0) [585] : 0x00 (0) [586] : 0x00 (0) [587] : 0x00 (0) [588] : 0x00 (0) [589] : 0x00 (0) [590] : 0x00 (0) [591] : 0x00 (0) [592] : 0x00 (0) [593] : 0x00 (0) [594] : 0x00 (0) [595] : 0x00 (0) [596] : 0x00 (0) [597] : 0x00 (0) [598] : 0x00 (0) [599] : 0x00 (0) [600] : 0x00 (0) [601] : 0x00 (0) [602] : 0x00 (0) [603] : 0x00 (0) [604] : 0x00 (0) [605] : 0x00 (0) [606] : 0x00 (0) [607] : 0x00 (0) [608] : 0x00 (0) [609] : 0x00 (0) [610] : 0x00 (0) [611] : 0x00 (0) [612] : 0x00 (0) [613] : 0x00 (0) [614] : 0x00 (0) [615] : 0x00 (0) [616] : 0x00 (0) [617] : 0x00 (0) [618] : 0x00 (0) [619] : 0x00 (0) [620] : 0x00 (0) [621] : 0x00 (0) [622] : 0x00 (0) [623] : 0x00 (0) [624] : 0x00 (0) [625] : 0x00 (0) [626] : 0x00 (0) [627] : 0x00 (0) [628] : 0x00 (0) [629] : 0x00 (0) [630] : 0x00 (0) [631] : 0x00 (0) [632] : 0x00 (0) [633] : 0x00 (0) [634] : 0x00 (0) [635] : 0x00 (0) [636] : 0x00 (0) [637] : 0x00 (0) [638] : 0x00 (0) [639] : 0x00 (0) [640] : 0x00 (0) [641] : 0x00 (0) [642] : 0x00 (0) [643] : 0x00 (0) [644] : 0x00 (0) [645] : 0x00 (0) [646] : 0x00 (0) [647] : 0x00 (0) [648] : 0x00 (0) [649] : 0x00 (0) [650] : 0x00 (0) [651] : 0x00 (0) [652] : 0x00 (0) [653] : 0x00 (0) [654] : 0x00 (0) [655] : 0x00 (0) [656] : 0x00 (0) [657] : 0x00 (0) [658] : 0x00 (0) [659] : 0x00 (0) [660] : 0x00 (0) [661] : 0x00 (0) [662] : 0x00 (0) [663] : 0x00 (0) [664] : 0x00 (0) [665] : 0x00 (0) [666] : 0x00 (0) [667] : 0x00 (0) [668] : 0x00 (0) [669] : 0x00 (0) [670] : 0x00 (0) [671] : 0x00 (0) [672] : 0x00 (0) [673] : 0x00 (0) [674] : 0x00 (0) [675] : 0x00 (0) [676] : 0x00 (0) [677] : 0x00 (0) [678] : 0x00 (0) [679] : 0x00 (0) [680] : 0x00 (0) [681] : 0x00 (0) [682] : 0x00 (0) [683] : 0x00 (0) [684] : 0x00 (0) [685] : 0x00 (0) [686] : 0x00 (0) [687] : 0x00 (0) [688] : 0x00 (0) [689] : 0x00 (0) [690] : 0x00 (0) [691] : 0x00 (0) [692] : 0x00 (0) [693] : 0x00 (0) [694] : 0x00 (0) [695] : 0x00 (0) [696] : 0x00 (0) [697] : 0x00 (0) [698] : 0x00 (0) [699] : 0x00 (0) [700] : 0x00 (0) [701] : 0x00 (0) [702] : 0x00 (0) [703] : 0x00 (0) [704] : 0x00 (0) [705] : 0x00 (0) [706] : 0x00 (0) [707] : 0x00 (0) [708] : 0x00 (0) [709] : 0x00 (0) [710] : 0x00 (0) [711] : 0x00 (0) [712] : 0x00 (0) [713] : 0x00 (0) [714] : 0x00 (0) [715] : 0x00 (0) [716] : 0x00 (0) [717] : 0x00 (0) [718] : 0x00 (0) [719] : 0x00 (0) [720] : 0x00 (0) [721] : 0x00 (0) [722] : 0x00 (0) [723] : 0x00 (0) [724] : 0x00 (0) [725] : 0x00 (0) [726] : 0x00 (0) [727] : 0x00 (0) [728] : 0x00 (0) [729] : 0x00 (0) [730] : 0x00 (0) [731] : 0x00 (0) [732] : 0x00 (0) [733] : 0x00 (0) [734] : 0x00 (0) [735] : 0x00 (0) [736] : 0x00 (0) [737] : 0x00 (0) [738] : 0x00 (0) [739] : 0x00 (0) [740] : 0x00 (0) [741] : 0x00 (0) [742] : 0x00 (0) [743] : 0x00 (0) [744] : 0x00 (0) [745] : 0x00 (0) [746] : 0x00 (0) [747] : 0x00 (0) [748] : 0x00 (0) [749] : 0x00 (0) [750] : 0x00 (0) [751] : 0x00 (0) [752] : 0x00 (0) [753] : 0x00 (0) [754] : 0x00 (0) [755] : 0x00 (0) [756] : 0x00 (0) [757] : 0x00 (0) [758] : 0x00 (0) [759] : 0x00 (0) [760] : 0x00 (0) [761] : 0x00 (0) [762] : 0x00 (0) [763] : 0x00 (0) [764] : 0x00 (0) [765] : 0x00 (0) [766] : 0x00 (0) [767] : 0x00 (0) [768] : 0x00 (0) [769] : 0x00 (0) [770] : 0x00 (0) [771] : 0x00 (0) [772] : 0x00 (0) [773] : 0x00 (0) [774] : 0x00 (0) [775] : 0x00 (0) [776] : 0x00 (0) [777] : 0x00 (0) [778] : 0x00 (0) [779] : 0x00 (0) [780] : 0x00 (0) [781] : 0x00 (0) [782] : 0x00 (0) [783] : 0x00 (0) [784] : 0x00 (0) [785] : 0x00 (0) [786] : 0x00 (0) [787] : 0x00 (0) [788] : 0x00 (0) [789] : 0x00 (0) [790] : 0x00 (0) [791] : 0x00 (0) [792] : 0x00 (0) [793] : 0x00 (0) [794] : 0x00 (0) [795] : 0x00 (0) [796] : 0x00 (0) [797] : 0x00 (0) [798] : 0x00 (0) [799] : 0x00 (0) [800] : 0x00 (0) [801] : 0x00 (0) [802] : 0x00 (0) [803] : 0x00 (0) [804] : 0x00 (0) [805] : 0x00 (0) [806] : 0x00 (0) [807] : 0x00 (0) [808] : 0x00 (0) [809] : 0x00 (0) [810] : 0x00 (0) [811] : 0x00 (0) [812] : 0x00 (0) [813] : 0x00 (0) [814] : 0x00 (0) [815] : 0x00 (0) [816] : 0x00 (0) [817] : 0x00 (0) [818] : 0x00 (0) [819] : 0x00 (0) [820] : 0x00 (0) [821] : 0x00 (0) [822] : 0x00 (0) [823] : 0x00 (0) [824] : 0x00 (0) [825] : 0x00 (0) [826] : 0x00 (0) [827] : 0x00 (0) [828] : 0x00 (0) [829] : 0x00 (0) [830] : 0x00 (0) [831] : 0x00 (0) [832] : 0x00 (0) [833] : 0x00 (0) [834] : 0x00 (0) [835] : 0x00 (0) [836] : 0x00 (0) [837] : 0x00 (0) [838] : 0x00 (0) [839] : 0x00 (0) [840] : 0x00 (0) [841] : 0x00 (0) [842] : 0x00 (0) [843] : 0x00 (0) [844] : 0x00 (0) [845] : 0x00 (0) [846] : 0x00 (0) [847] : 0x00 (0) [848] : 0x00 (0) [849] : 0x00 (0) [850] : 0x00 (0) [851] : 0x00 (0) [852] : 0x00 (0) [853] : 0x00 (0) [854] : 0x00 (0) [855] : 0x00 (0) [856] : 0x00 (0) [857] : 0x00 (0) [858] : 0x00 (0) [859] : 0x00 (0) [860] : 0x00 (0) [861] : 0x00 (0) [862] : 0x00 (0) [863] : 0x00 (0) [864] : 0x00 (0) [865] : 0x00 (0) [866] : 0x00 (0) [867] : 0x00 (0) [868] : 0x00 (0) [869] : 0x00 (0) [870] : 0x00 (0) [871] : 0x00 (0) [872] : 0x00 (0) [873] : 0x00 (0) [874] : 0x00 (0) [875] : 0x00 (0) [876] : 0x00 (0) [877] : 0x00 (0) [878] : 0x00 (0) [879] : 0x00 (0) [880] : 0x00 (0) [881] : 0x00 (0) [882] : 0x00 (0) [883] : 0x00 (0) [884] : 0x00 (0) [885] : 0x00 (0) [886] : 0x00 (0) [887] : 0x00 (0) [888] : 0x00 (0) [889] : 0x00 (0) [890] : 0x00 (0) [891] : 0x00 (0) [892] : 0x00 (0) [893] : 0x00 (0) [894] : 0x00 (0) [895] : 0x00 (0) [896] : 0x00 (0) [897] : 0x00 (0) [898] : 0x00 (0) [899] : 0x00 (0) [900] : 0x00 (0) [901] : 0x00 (0) [902] : 0x00 (0) [903] : 0x00 (0) [904] : 0x00 (0) [905] : 0x00 (0) [906] : 0x00 (0) [907] : 0x00 (0) [908] : 0x00 (0) [909] : 0x00 (0) [910] : 0x00 (0) [911] : 0x00 (0) [912] : 0x00 (0) [913] : 0x00 (0) [914] : 0x00 (0) [915] : 0x00 (0) [916] : 0x00 (0) [917] : 0x00 (0) [918] : 0x00 (0) [919] : 0x00 (0) [920] : 0x00 (0) [921] : 0x00 (0) [922] : 0x00 (0) [923] : 0x00 (0) [924] : 0x00 (0) [925] : 0x00 (0) [926] : 0x00 (0) [927] : 0x00 (0) [928] : 0x01 (1) [929] : 0x00 (0) [930] : 0x00 (0) [931] : 0x00 (0) [932] : 0x00 (0) [933] : 0x00 (0) [934] : 0x00 (0) [935] : 0x00 (0) [936] : 0x00 (0) [937] : 0x00 (0) [938] : 0x00 (0) [939] : 0x00 (0) [940] : 0x00 (0) [941] : 0x00 (0) [942] : 0x00 (0) [943] : 0x00 (0) [944] : 0x80 (128) [945] : 0x00 (0) [946] : 0x00 (0) [947] : 0x00 (0) [948] : 0x53 (83) [949] : 0x4d (77) [950] : 0x54 (84) [951] : 0x4a (74) [952] : 0x00 (0) [953] : 0x00 (0) [954] : 0x00 (0) [955] : 0x00 (0) [956] : 0x10 (16) [957] : 0x00 (0) [958] : 0x70 (112) [959] : 0x00 (0) [960] : 0x49 (73) [961] : 0x00 (0) [962] : 0x53 (83) [963] : 0x00 (0) [964] : 0x65 (101) [965] : 0x00 (0) [966] : 0x72 (114) [967] : 0x00 (0) [968] : 0x76 (118) [969] : 0x00 (0) [970] : 0x20 (32) [971] : 0x00 (0) [972] : 0x50 (80) [973] : 0x00 (0) [974] : 0x72 (114) [975] : 0x00 (0) [976] : 0x69 (105) [977] : 0x00 (0) [978] : 0x6e (110) [979] : 0x00 (0) [980] : 0x74 (116) [981] : 0x00 (0) [982] : 0x20 (32) [983] : 0x00 (0) [984] : 0x44 (68) [985] : 0x00 (0) [986] : 0x72 (114) [987] : 0x00 (0) [988] : 0x69 (105) [989] : 0x00 (0) [990] : 0x76 (118) [991] : 0x00 (0) [992] : 0x65 (101) [993] : 0x00 (0) [994] : 0x72 (114) [995] : 0x00 (0) [996] : 0x00 (0) [997] : 0x00 (0) [998] : 0x52 (82) [999] : 0x65 (101) [1000] : 0x73 (115) [1001] : 0x6f (111) [1002] : 0x6c (108) [1003] : 0x75 (117) [1004] : 0x74 (116) [1005] : 0x69 (105) [1006] : 0x6f (111) [1007] : 0x6e (110) [1008] : 0x00 (0) [1009] : 0x36 (54) [1010] : 0x30 (48) [1011] : 0x30 (48) [1012] : 0x64 (100) [1013] : 0x70 (112) [1014] : 0x69 (105) [1015] : 0x00 (0) [1016] : 0x50 (80) [1017] : 0x61 (97) [1018] : 0x67 (103) [1019] : 0x65 (101) [1020] : 0x53 (83) [1021] : 0x69 (105) [1022] : 0x7a (122) [1023] : 0x65 (101) [1024] : 0x00 (0) [1025] : 0x41 (65) [1026] : 0x34 (52) [1027] : 0x00 (0) [1028] : 0x50 (80) [1029] : 0x61 (97) [1030] : 0x67 (103) [1031] : 0x65 (101) [1032] : 0x52 (82) [1033] : 0x65 (101) [1034] : 0x67 (103) [1035] : 0x69 (105) [1036] : 0x6f (111) [1037] : 0x6e (110) [1038] : 0x00 (0) [1039] : 0x00 (0) [1040] : 0x00 (0) [1041] : 0x00 (0) [1042] : 0x00 (0) [1043] : 0x00 (0) [1044] : 0x00 (0) [1045] : 0x00 (0) [1046] : 0x00 (0) [1047] : 0x00 (0) [1048] : 0x00 (0) [1049] : 0x00 (0) [1050] : 0x00 (0) [1051] : 0x00 (0) [1052] : 0x00 (0) [1053] : 0x00 (0) [1054] : 0x00 (0) [1055] : 0x00 (0) [1056] : 0x00 (0) [1057] : 0x00 (0) [1058] : 0x00 (0) [1059] : 0x00 (0) [1060] : 0x00 (0) [1061] : 0x00 (0) [1062] : 0x00 (0) [1063] : 0x00 (0) [1064] : 0x00 (0) [1065] : 0x00 (0) [1066] : 0x00 (0) [1067] : 0x00 (0) [1068] : 0x00 (0) [1069] : 0x00 (0) [1070] : 0x00 (0) [1071] : 0x00 (0) size : * size : 0x00000430 (1072) length : * length : 0x00000430 (1072) result : WERR_OK [2016/11/10 14:56:30.640898, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000018-0000-0000-2458-8e7c274a0000 enum_index : 0x00000012 (18) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.640979, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.641004, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_HL-L8250CDN] [2016/11/10 14:56:30.641016, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x1e (30) [1] : 0x4a (74) [2] : 0xa8 (168) [3] : 0x17 (23) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2016/11/10 14:56:30.641123, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000018-0000-0000-2458-8e7c274a0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2016/11/10 14:56:30.641195, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.641219, 7, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_HL-L8250CDN] [2016/11/10 14:56:30.641229, 7, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/11/10 14:56:30.641242, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x00000430 (1072) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2016/11/10 14:56:30.641290, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000018-0000-0000-2458-8e7c274a0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x00000430 (1072) data_length : * data_length : 0x00000000 (0) [2016/11/10 14:56:30.641361, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.641384, 7, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_HL-L8250CDN] [2016/11/10 14:56:30.641394, 7, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/11/10 14:56:30.641407, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(1072) [0] : 0x5c (92) [1] : 0x00 (0) [2] : 0x5c (92) [3] : 0x00 (0) [4] : 0x69 (105) [5] : 0x00 (0) [6] : 0x73 (115) [7] : 0x00 (0) [8] : 0x65 (101) [9] : 0x00 (0) [10] : 0x72 (114) [11] : 0x00 (0) [12] : 0x76 (118) [13] : 0x00 (0) [14] : 0x5c (92) [15] : 0x00 (0) [16] : 0x78 (120) [17] : 0x00 (0) [18] : 0x79 (121) [19] : 0x00 (0) [20] : 0x7a (122) [21] : 0x00 (0) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x00 (0) [28] : 0x00 (0) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x00 (0) [33] : 0x00 (0) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x00 (0) [44] : 0x00 (0) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x00 (0) [49] : 0x00 (0) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x00 (0) [53] : 0x00 (0) [54] : 0x00 (0) [55] : 0x00 (0) [56] : 0x00 (0) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x00 (0) [62] : 0x00 (0) [63] : 0x00 (0) [64] : 0x01 (1) [65] : 0x04 (4) [66] : 0x00 (0) [67] : 0x06 (6) [68] : 0xdc (220) [69] : 0x00 (0) [70] : 0x54 (84) [71] : 0x03 (3) [72] : 0x53 (83) [73] : 0xef (239) [74] : 0x81 (129) [75] : 0x01 (1) [76] : 0x01 (1) [77] : 0x00 (0) [78] : 0x09 (9) [79] : 0x00 (0) [80] : 0xea (234) [81] : 0x0a (10) [82] : 0x6f (111) [83] : 0x08 (8) [84] : 0x64 (100) [85] : 0x00 (0) [86] : 0x01 (1) [87] : 0x00 (0) [88] : 0x0f (15) [89] : 0x00 (0) [90] : 0x58 (88) [91] : 0x02 (2) [92] : 0x02 (2) [93] : 0x00 (0) [94] : 0x01 (1) [95] : 0x00 (0) [96] : 0x58 (88) [97] : 0x02 (2) [98] : 0x03 (3) [99] : 0x00 (0) [100] : 0x01 (1) [101] : 0x00 (0) [102] : 0x41 (65) [103] : 0x00 (0) [104] : 0x34 (52) [105] : 0x00 (0) [106] : 0x00 (0) [107] : 0x00 (0) [108] : 0x00 (0) [109] : 0x00 (0) [110] : 0x00 (0) [111] : 0x00 (0) [112] : 0x00 (0) [113] : 0x00 (0) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x00 (0) [120] : 0x00 (0) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x00 (0) [125] : 0x00 (0) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x00 (0) [132] : 0x00 (0) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0x00 (0) [137] : 0x00 (0) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x00 (0) [144] : 0x00 (0) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x00 (0) [149] : 0x00 (0) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x00 (0) [154] : 0x00 (0) [155] : 0x00 (0) [156] : 0x00 (0) [157] : 0x00 (0) [158] : 0x00 (0) [159] : 0x00 (0) [160] : 0x00 (0) [161] : 0x00 (0) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x00 (0) [168] : 0x00 (0) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x00 (0) [173] : 0x00 (0) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x00 (0) [178] : 0x00 (0) [179] : 0x00 (0) [180] : 0x01 (1) [181] : 0x00 (0) [182] : 0x00 (0) [183] : 0x00 (0) [184] : 0x00 (0) [185] : 0x00 (0) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x01 (1) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x00 (0) [192] : 0x02 (2) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x01 (1) [197] : 0x00 (0) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x00 (0) [202] : 0x00 (0) [203] : 0x00 (0) [204] : 0x00 (0) [205] : 0x00 (0) [206] : 0x00 (0) [207] : 0x00 (0) [208] : 0x00 (0) [209] : 0x00 (0) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x00 (0) [216] : 0x00 (0) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x50 (80) [221] : 0x52 (82) [222] : 0x49 (73) [223] : 0x56 (86) [224] : 0xe2 (226) [225] : 0x30 (48) [226] : 0x00 (0) [227] : 0x00 (0) [228] : 0x00 (0) [229] : 0x00 (0) [230] : 0x00 (0) [231] : 0x00 (0) [232] : 0x00 (0) [233] : 0x00 (0) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x00 (0) [240] : 0x00 (0) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x00 (0) [245] : 0x00 (0) [246] : 0x00 (0) [247] : 0x00 (0) [248] : 0x00 (0) [249] : 0x00 (0) [250] : 0x00 (0) [251] : 0x00 (0) [252] : 0x00 (0) [253] : 0x00 (0) [254] : 0x00 (0) [255] : 0x00 (0) [256] : 0x00 (0) [257] : 0x00 (0) [258] : 0x00 (0) [259] : 0x00 (0) [260] : 0x00 (0) [261] : 0x00 (0) [262] : 0x00 (0) [263] : 0x00 (0) [264] : 0x00 (0) [265] : 0x00 (0) [266] : 0x00 (0) [267] : 0x00 (0) [268] : 0x00 (0) [269] : 0x00 (0) [270] : 0x00 (0) [271] : 0x00 (0) [272] : 0x00 (0) [273] : 0x00 (0) [274] : 0x00 (0) [275] : 0x00 (0) [276] : 0x00 (0) [277] : 0x00 (0) [278] : 0x00 (0) [279] : 0x00 (0) [280] : 0x00 (0) [281] : 0x00 (0) [282] : 0x00 (0) [283] : 0x00 (0) [284] : 0x00 (0) [285] : 0x00 (0) [286] : 0x00 (0) [287] : 0x00 (0) [288] : 0x00 (0) [289] : 0x00 (0) [290] : 0x00 (0) [291] : 0x00 (0) [292] : 0x00 (0) [293] : 0x00 (0) [294] : 0x00 (0) [295] : 0x00 (0) [296] : 0x00 (0) [297] : 0x00 (0) [298] : 0x00 (0) [299] : 0x00 (0) [300] : 0x00 (0) [301] : 0x00 (0) [302] : 0x00 (0) [303] : 0x00 (0) [304] : 0x00 (0) [305] : 0x00 (0) [306] : 0x00 (0) [307] : 0x00 (0) [308] : 0x18 (24) [309] : 0x00 (0) [310] : 0x00 (0) [311] : 0x00 (0) [312] : 0x00 (0) [313] : 0x00 (0) [314] : 0x10 (16) [315] : 0x27 (39) [316] : 0x10 (16) [317] : 0x27 (39) [318] : 0x10 (16) [319] : 0x27 (39) [320] : 0x00 (0) [321] : 0x00 (0) [322] : 0x10 (16) [323] : 0x27 (39) [324] : 0x00 (0) [325] : 0x00 (0) [326] : 0x00 (0) [327] : 0x00 (0) [328] : 0x00 (0) [329] : 0x00 (0) [330] : 0x00 (0) [331] : 0x00 (0) [332] : 0x80 (128) [333] : 0x00 (0) [334] : 0x54 (84) [335] : 0x03 (3) [336] : 0x00 (0) [337] : 0x00 (0) [338] : 0x00 (0) [339] : 0x00 (0) [340] : 0x00 (0) [341] : 0x00 (0) [342] : 0x00 (0) [343] : 0x00 (0) [344] : 0x00 (0) [345] : 0x00 (0) [346] : 0x00 (0) [347] : 0x00 (0) [348] : 0x00 (0) [349] : 0x00 (0) [350] : 0x00 (0) [351] : 0x00 (0) [352] : 0x00 (0) [353] : 0x00 (0) [354] : 0x00 (0) [355] : 0x00 (0) [356] : 0x00 (0) [357] : 0x00 (0) [358] : 0x00 (0) [359] : 0x00 (0) [360] : 0x03 (3) [361] : 0x00 (0) [362] : 0x00 (0) [363] : 0x00 (0) [364] : 0x00 (0) [365] : 0x00 (0) [366] : 0x00 (0) [367] : 0x00 (0) [368] : 0x00 (0) [369] : 0x00 (0) [370] : 0x10 (16) [371] : 0x00 (0) [372] : 0x50 (80) [373] : 0x34 (52) [374] : 0x03 (3) [375] : 0x00 (0) [376] : 0x28 (40) [377] : 0x88 (136) [378] : 0x04 (4) [379] : 0x00 (0) [380] : 0x00 (0) [381] : 0x00 (0) [382] : 0x00 (0) [383] : 0x00 (0) [384] : 0x00 (0) [385] : 0x00 (0) [386] : 0x00 (0) [387] : 0x00 (0) [388] : 0x00 (0) [389] : 0x00 (0) [390] : 0x01 (1) [391] : 0x00 (0) [392] : 0x00 (0) [393] : 0x00 (0) [394] : 0x00 (0) [395] : 0x00 (0) [396] : 0x00 (0) [397] : 0x00 (0) [398] : 0x00 (0) [399] : 0x00 (0) [400] : 0x00 (0) [401] : 0x00 (0) [402] : 0x00 (0) [403] : 0x00 (0) [404] : 0x00 (0) [405] : 0x00 (0) [406] : 0x00 (0) [407] : 0x00 (0) [408] : 0x24 (36) [409] : 0x01 (1) [410] : 0xdf (223) [411] : 0x8c (140) [412] : 0x03 (3) [413] : 0x00 (0) [414] : 0x00 (0) [415] : 0x00 (0) [416] : 0x05 (5) [417] : 0x00 (0) [418] : 0x0b (11) [419] : 0x00 (0) [420] : 0xff (255) [421] : 0x00 (0) [422] : 0x00 (0) [423] : 0x00 (0) [424] : 0x00 (0) [425] : 0x00 (0) [426] : 0x00 (0) [427] : 0x00 (0) [428] : 0x00 (0) [429] : 0x00 (0) [430] : 0x00 (0) [431] : 0x00 (0) [432] : 0x00 (0) [433] : 0x00 (0) [434] : 0x00 (0) [435] : 0x00 (0) [436] : 0x00 (0) [437] : 0x00 (0) [438] : 0x00 (0) [439] : 0x00 (0) [440] : 0x00 (0) [441] : 0x00 (0) [442] : 0x00 (0) [443] : 0x00 (0) [444] : 0x00 (0) [445] : 0x00 (0) [446] : 0x00 (0) [447] : 0x00 (0) [448] : 0x00 (0) [449] : 0x00 (0) [450] : 0x00 (0) [451] : 0x00 (0) [452] : 0x00 (0) [453] : 0x00 (0) [454] : 0x00 (0) [455] : 0x00 (0) [456] : 0x00 (0) [457] : 0x00 (0) [458] : 0x00 (0) [459] : 0x00 (0) [460] : 0x00 (0) [461] : 0x00 (0) [462] : 0x00 (0) [463] : 0x00 (0) [464] : 0x00 (0) [465] : 0x00 (0) [466] : 0x00 (0) [467] : 0x00 (0) [468] : 0x00 (0) [469] : 0x00 (0) [470] : 0x00 (0) [471] : 0x00 (0) [472] : 0x00 (0) [473] : 0x00 (0) [474] : 0x00 (0) [475] : 0x00 (0) [476] : 0x00 (0) [477] : 0x00 (0) [478] : 0x00 (0) [479] : 0x00 (0) [480] : 0x00 (0) [481] : 0x00 (0) [482] : 0x00 (0) [483] : 0x00 (0) [484] : 0x00 (0) [485] : 0x00 (0) [486] : 0x00 (0) [487] : 0x00 (0) [488] : 0x00 (0) [489] : 0x00 (0) [490] : 0x00 (0) [491] : 0x00 (0) [492] : 0x00 (0) [493] : 0x00 (0) [494] : 0x00 (0) [495] : 0x00 (0) [496] : 0x00 (0) [497] : 0x00 (0) [498] : 0x00 (0) [499] : 0x00 (0) [500] : 0x00 (0) [501] : 0x00 (0) [502] : 0x00 (0) [503] : 0x00 (0) [504] : 0x00 (0) [505] : 0x00 (0) [506] : 0x00 (0) [507] : 0x00 (0) [508] : 0x00 (0) [509] : 0x00 (0) [510] : 0x00 (0) [511] : 0x00 (0) [512] : 0x00 (0) [513] : 0x00 (0) [514] : 0x00 (0) [515] : 0x00 (0) [516] : 0x00 (0) [517] : 0x00 (0) [518] : 0x00 (0) [519] : 0x00 (0) [520] : 0x00 (0) [521] : 0x00 (0) [522] : 0x00 (0) [523] : 0x00 (0) [524] : 0x00 (0) [525] : 0x00 (0) [526] : 0x00 (0) [527] : 0x00 (0) [528] : 0x00 (0) [529] : 0x00 (0) [530] : 0x00 (0) [531] : 0x00 (0) [532] : 0x00 (0) [533] : 0x00 (0) [534] : 0x00 (0) [535] : 0x00 (0) [536] : 0x00 (0) [537] : 0x00 (0) [538] : 0x00 (0) [539] : 0x00 (0) [540] : 0x00 (0) [541] : 0x00 (0) [542] : 0x00 (0) [543] : 0x00 (0) [544] : 0x00 (0) [545] : 0x00 (0) [546] : 0x00 (0) [547] : 0x00 (0) [548] : 0x00 (0) [549] : 0x00 (0) [550] : 0x00 (0) [551] : 0x00 (0) [552] : 0x00 (0) [553] : 0x00 (0) [554] : 0x00 (0) [555] : 0x00 (0) [556] : 0x00 (0) [557] : 0x00 (0) [558] : 0x00 (0) [559] : 0x00 (0) [560] : 0x00 (0) [561] : 0x00 (0) [562] : 0x00 (0) [563] : 0x00 (0) [564] : 0x00 (0) [565] : 0x00 (0) [566] : 0x00 (0) [567] : 0x00 (0) [568] : 0x00 (0) [569] : 0x00 (0) [570] : 0x00 (0) [571] : 0x00 (0) [572] : 0x00 (0) [573] : 0x00 (0) [574] : 0x00 (0) [575] : 0x00 (0) [576] : 0x00 (0) [577] : 0x00 (0) [578] : 0x00 (0) [579] : 0x00 (0) [580] : 0x00 (0) [581] : 0x00 (0) [582] : 0x00 (0) [583] : 0x00 (0) [584] : 0x00 (0) [585] : 0x00 (0) [586] : 0x00 (0) [587] : 0x00 (0) [588] : 0x00 (0) [589] : 0x00 (0) [590] : 0x00 (0) [591] : 0x00 (0) [592] : 0x00 (0) [593] : 0x00 (0) [594] : 0x00 (0) [595] : 0x00 (0) [596] : 0x00 (0) [597] : 0x00 (0) [598] : 0x00 (0) [599] : 0x00 (0) [600] : 0x00 (0) [601] : 0x00 (0) [602] : 0x00 (0) [603] : 0x00 (0) [604] : 0x00 (0) [605] : 0x00 (0) [606] : 0x00 (0) [607] : 0x00 (0) [608] : 0x00 (0) [609] : 0x00 (0) [610] : 0x00 (0) [611] : 0x00 (0) [612] : 0x00 (0) [613] : 0x00 (0) [614] : 0x00 (0) [615] : 0x00 (0) [616] : 0x00 (0) [617] : 0x00 (0) [618] : 0x00 (0) [619] : 0x00 (0) [620] : 0x00 (0) [621] : 0x00 (0) [622] : 0x00 (0) [623] : 0x00 (0) [624] : 0x00 (0) [625] : 0x00 (0) [626] : 0x00 (0) [627] : 0x00 (0) [628] : 0x00 (0) [629] : 0x00 (0) [630] : 0x00 (0) [631] : 0x00 (0) [632] : 0x00 (0) [633] : 0x00 (0) [634] : 0x00 (0) [635] : 0x00 (0) [636] : 0x00 (0) [637] : 0x00 (0) [638] : 0x00 (0) [639] : 0x00 (0) [640] : 0x00 (0) [641] : 0x00 (0) [642] : 0x00 (0) [643] : 0x00 (0) [644] : 0x00 (0) [645] : 0x00 (0) [646] : 0x00 (0) [647] : 0x00 (0) [648] : 0x00 (0) [649] : 0x00 (0) [650] : 0x00 (0) [651] : 0x00 (0) [652] : 0x00 (0) [653] : 0x00 (0) [654] : 0x00 (0) [655] : 0x00 (0) [656] : 0x00 (0) [657] : 0x00 (0) [658] : 0x00 (0) [659] : 0x00 (0) [660] : 0x00 (0) [661] : 0x00 (0) [662] : 0x00 (0) [663] : 0x00 (0) [664] : 0x00 (0) [665] : 0x00 (0) [666] : 0x00 (0) [667] : 0x00 (0) [668] : 0x00 (0) [669] : 0x00 (0) [670] : 0x00 (0) [671] : 0x00 (0) [672] : 0x00 (0) [673] : 0x00 (0) [674] : 0x00 (0) [675] : 0x00 (0) [676] : 0x00 (0) [677] : 0x00 (0) [678] : 0x00 (0) [679] : 0x00 (0) [680] : 0x00 (0) [681] : 0x00 (0) [682] : 0x00 (0) [683] : 0x00 (0) [684] : 0x00 (0) [685] : 0x00 (0) [686] : 0x00 (0) [687] : 0x00 (0) [688] : 0x00 (0) [689] : 0x00 (0) [690] : 0x00 (0) [691] : 0x00 (0) [692] : 0x00 (0) [693] : 0x00 (0) [694] : 0x00 (0) [695] : 0x00 (0) [696] : 0x00 (0) [697] : 0x00 (0) [698] : 0x00 (0) [699] : 0x00 (0) [700] : 0x00 (0) [701] : 0x00 (0) [702] : 0x00 (0) [703] : 0x00 (0) [704] : 0x00 (0) [705] : 0x00 (0) [706] : 0x00 (0) [707] : 0x00 (0) [708] : 0x00 (0) [709] : 0x00 (0) [710] : 0x00 (0) [711] : 0x00 (0) [712] : 0x00 (0) [713] : 0x00 (0) [714] : 0x00 (0) [715] : 0x00 (0) [716] : 0x00 (0) [717] : 0x00 (0) [718] : 0x00 (0) [719] : 0x00 (0) [720] : 0x00 (0) [721] : 0x00 (0) [722] : 0x00 (0) [723] : 0x00 (0) [724] : 0x00 (0) [725] : 0x00 (0) [726] : 0x00 (0) [727] : 0x00 (0) [728] : 0x00 (0) [729] : 0x00 (0) [730] : 0x00 (0) [731] : 0x00 (0) [732] : 0x00 (0) [733] : 0x00 (0) [734] : 0x00 (0) [735] : 0x00 (0) [736] : 0x00 (0) [737] : 0x00 (0) [738] : 0x00 (0) [739] : 0x00 (0) [740] : 0x00 (0) [741] : 0x00 (0) [742] : 0x00 (0) [743] : 0x00 (0) [744] : 0x00 (0) [745] : 0x00 (0) [746] : 0x00 (0) [747] : 0x00 (0) [748] : 0x00 (0) [749] : 0x00 (0) [750] : 0x00 (0) [751] : 0x00 (0) [752] : 0x00 (0) [753] : 0x00 (0) [754] : 0x00 (0) [755] : 0x00 (0) [756] : 0x00 (0) [757] : 0x00 (0) [758] : 0x00 (0) [759] : 0x00 (0) [760] : 0x00 (0) [761] : 0x00 (0) [762] : 0x00 (0) [763] : 0x00 (0) [764] : 0x00 (0) [765] : 0x00 (0) [766] : 0x00 (0) [767] : 0x00 (0) [768] : 0x00 (0) [769] : 0x00 (0) [770] : 0x00 (0) [771] : 0x00 (0) [772] : 0x00 (0) [773] : 0x00 (0) [774] : 0x00 (0) [775] : 0x00 (0) [776] : 0x00 (0) [777] : 0x00 (0) [778] : 0x00 (0) [779] : 0x00 (0) [780] : 0x00 (0) [781] : 0x00 (0) [782] : 0x00 (0) [783] : 0x00 (0) [784] : 0x00 (0) [785] : 0x00 (0) [786] : 0x00 (0) [787] : 0x00 (0) [788] : 0x00 (0) [789] : 0x00 (0) [790] : 0x00 (0) [791] : 0x00 (0) [792] : 0x00 (0) [793] : 0x00 (0) [794] : 0x00 (0) [795] : 0x00 (0) [796] : 0x00 (0) [797] : 0x00 (0) [798] : 0x00 (0) [799] : 0x00 (0) [800] : 0x00 (0) [801] : 0x00 (0) [802] : 0x00 (0) [803] : 0x00 (0) [804] : 0x00 (0) [805] : 0x00 (0) [806] : 0x00 (0) [807] : 0x00 (0) [808] : 0x00 (0) [809] : 0x00 (0) [810] : 0x00 (0) [811] : 0x00 (0) [812] : 0x00 (0) [813] : 0x00 (0) [814] : 0x00 (0) [815] : 0x00 (0) [816] : 0x00 (0) [817] : 0x00 (0) [818] : 0x00 (0) [819] : 0x00 (0) [820] : 0x00 (0) [821] : 0x00 (0) [822] : 0x00 (0) [823] : 0x00 (0) [824] : 0x00 (0) [825] : 0x00 (0) [826] : 0x00 (0) [827] : 0x00 (0) [828] : 0x00 (0) [829] : 0x00 (0) [830] : 0x00 (0) [831] : 0x00 (0) [832] : 0x00 (0) [833] : 0x00 (0) [834] : 0x00 (0) [835] : 0x00 (0) [836] : 0x00 (0) [837] : 0x00 (0) [838] : 0x00 (0) [839] : 0x00 (0) [840] : 0x00 (0) [841] : 0x00 (0) [842] : 0x00 (0) [843] : 0x00 (0) [844] : 0x00 (0) [845] : 0x00 (0) [846] : 0x00 (0) [847] : 0x00 (0) [848] : 0x00 (0) [849] : 0x00 (0) [850] : 0x00 (0) [851] : 0x00 (0) [852] : 0x00 (0) [853] : 0x00 (0) [854] : 0x00 (0) [855] : 0x00 (0) [856] : 0x00 (0) [857] : 0x00 (0) [858] : 0x00 (0) [859] : 0x00 (0) [860] : 0x00 (0) [861] : 0x00 (0) [862] : 0x00 (0) [863] : 0x00 (0) [864] : 0x00 (0) [865] : 0x00 (0) [866] : 0x00 (0) [867] : 0x00 (0) [868] : 0x00 (0) [869] : 0x00 (0) [870] : 0x00 (0) [871] : 0x00 (0) [872] : 0x00 (0) [873] : 0x00 (0) [874] : 0x00 (0) [875] : 0x00 (0) [876] : 0x00 (0) [877] : 0x00 (0) [878] : 0x00 (0) [879] : 0x00 (0) [880] : 0x00 (0) [881] : 0x00 (0) [882] : 0x00 (0) [883] : 0x00 (0) [884] : 0x00 (0) [885] : 0x00 (0) [886] : 0x00 (0) [887] : 0x00 (0) [888] : 0x00 (0) [889] : 0x00 (0) [890] : 0x00 (0) [891] : 0x00 (0) [892] : 0x00 (0) [893] : 0x00 (0) [894] : 0x00 (0) [895] : 0x00 (0) [896] : 0x00 (0) [897] : 0x00 (0) [898] : 0x00 (0) [899] : 0x00 (0) [900] : 0x00 (0) [901] : 0x00 (0) [902] : 0x00 (0) [903] : 0x00 (0) [904] : 0x00 (0) [905] : 0x00 (0) [906] : 0x00 (0) [907] : 0x00 (0) [908] : 0x00 (0) [909] : 0x00 (0) [910] : 0x00 (0) [911] : 0x00 (0) [912] : 0x00 (0) [913] : 0x00 (0) [914] : 0x00 (0) [915] : 0x00 (0) [916] : 0x00 (0) [917] : 0x00 (0) [918] : 0x00 (0) [919] : 0x00 (0) [920] : 0x00 (0) [921] : 0x00 (0) [922] : 0x00 (0) [923] : 0x00 (0) [924] : 0x00 (0) [925] : 0x00 (0) [926] : 0x00 (0) [927] : 0x00 (0) [928] : 0x01 (1) [929] : 0x00 (0) [930] : 0x00 (0) [931] : 0x00 (0) [932] : 0x00 (0) [933] : 0x00 (0) [934] : 0x00 (0) [935] : 0x00 (0) [936] : 0x00 (0) [937] : 0x00 (0) [938] : 0x00 (0) [939] : 0x00 (0) [940] : 0x00 (0) [941] : 0x00 (0) [942] : 0x00 (0) [943] : 0x00 (0) [944] : 0x80 (128) [945] : 0x00 (0) [946] : 0x00 (0) [947] : 0x00 (0) [948] : 0x53 (83) [949] : 0x4d (77) [950] : 0x54 (84) [951] : 0x4a (74) [952] : 0x00 (0) [953] : 0x00 (0) [954] : 0x00 (0) [955] : 0x00 (0) [956] : 0x10 (16) [957] : 0x00 (0) [958] : 0x70 (112) [959] : 0x00 (0) [960] : 0x49 (73) [961] : 0x00 (0) [962] : 0x53 (83) [963] : 0x00 (0) [964] : 0x65 (101) [965] : 0x00 (0) [966] : 0x72 (114) [967] : 0x00 (0) [968] : 0x76 (118) [969] : 0x00 (0) [970] : 0x20 (32) [971] : 0x00 (0) [972] : 0x50 (80) [973] : 0x00 (0) [974] : 0x72 (114) [975] : 0x00 (0) [976] : 0x69 (105) [977] : 0x00 (0) [978] : 0x6e (110) [979] : 0x00 (0) [980] : 0x74 (116) [981] : 0x00 (0) [982] : 0x20 (32) [983] : 0x00 (0) [984] : 0x44 (68) [985] : 0x00 (0) [986] : 0x72 (114) [987] : 0x00 (0) [988] : 0x69 (105) [989] : 0x00 (0) [990] : 0x76 (118) [991] : 0x00 (0) [992] : 0x65 (101) [993] : 0x00 (0) [994] : 0x72 (114) [995] : 0x00 (0) [996] : 0x00 (0) [997] : 0x00 (0) [998] : 0x52 (82) [999] : 0x65 (101) [1000] : 0x73 (115) [1001] : 0x6f (111) [1002] : 0x6c (108) [1003] : 0x75 (117) [1004] : 0x74 (116) [1005] : 0x69 (105) [1006] : 0x6f (111) [1007] : 0x6e (110) [1008] : 0x00 (0) [1009] : 0x36 (54) [1010] : 0x30 (48) [1011] : 0x30 (48) [1012] : 0x64 (100) [1013] : 0x70 (112) [1014] : 0x69 (105) [1015] : 0x00 (0) [1016] : 0x50 (80) [1017] : 0x61 (97) [1018] : 0x67 (103) [1019] : 0x65 (101) [1020] : 0x53 (83) [1021] : 0x69 (105) [1022] : 0x7a (122) [1023] : 0x65 (101) [1024] : 0x00 (0) [1025] : 0x41 (65) [1026] : 0x34 (52) [1027] : 0x00 (0) [1028] : 0x50 (80) [1029] : 0x61 (97) [1030] : 0x67 (103) [1031] : 0x65 (101) [1032] : 0x52 (82) [1033] : 0x65 (101) [1034] : 0x67 (103) [1035] : 0x69 (105) [1036] : 0x6f (111) [1037] : 0x6e (110) [1038] : 0x00 (0) [1039] : 0x00 (0) [1040] : 0x00 (0) [1041] : 0x00 (0) [1042] : 0x00 (0) [1043] : 0x00 (0) [1044] : 0x00 (0) [1045] : 0x00 (0) [1046] : 0x00 (0) [1047] : 0x00 (0) [1048] : 0x00 (0) [1049] : 0x00 (0) [1050] : 0x00 (0) [1051] : 0x00 (0) [1052] : 0x00 (0) [1053] : 0x00 (0) [1054] : 0x00 (0) [1055] : 0x00 (0) [1056] : 0x00 (0) [1057] : 0x00 (0) [1058] : 0x00 (0) [1059] : 0x00 (0) [1060] : 0x00 (0) [1061] : 0x00 (0) [1062] : 0x00 (0) [1063] : 0x00 (0) [1064] : 0x00 (0) [1065] : 0x00 (0) [1066] : 0x00 (0) [1067] : 0x00 (0) [1068] : 0x00 (0) [1069] : 0x00 (0) [1070] : 0x00 (0) [1071] : 0x00 (0) data_size : * data_size : 0x00000430 (1072) data_length : * data_length : 0x00000430 (1072) result : WERR_OK [2016/11/10 14:56:30.645029, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/11/10 14:56:30.645077, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/11/10 14:56:30.645088, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/11/10 14:56:30.645099, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/11/10 14:56:30.645109, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/11/10 14:56:30.645120, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.645129, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM] [2016/11/10 14:56:30.645159, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.645185, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000019-0000-0000-2458-8e7c274a0000 result : WERR_OK [2016/11/10 14:56:30.645239, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000019-0000-0000-2458-8e7c274a0000 keyname: struct winreg_String name_len : 0x00a0 (160) name_size : 0x00a0 (160) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_HL-L8250CDN' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/11/10 14:56:30.645336, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.645362, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/11/10 14:56:30.645372, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (3->4) [2016/11/10 14:56:30.645383, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/11/10 14:56:30.645392, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/11/10 14:56:30.645403, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.645412, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE] [2016/11/10 14:56:30.645435, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/11/10 14:56:30.645446, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (4->5) [2016/11/10 14:56:30.645456, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.645465, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.645475, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.645484, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.645503, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/11/10 14:56:30.645513, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (5->6) [2016/11/10 14:56:30.645523, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.645535, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.645546, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.645555, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.645572, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/11/10 14:56:30.645582, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (6->7) [2016/11/10 14:56:30.645592, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.645601, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.645613, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.645621, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf76f87c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.645645, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/11/10 14:56:30.645655, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (7->8) [2016/11/10 14:56:30.645665, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.645674, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.645686, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.645695, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf76f87c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.645712, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/11/10 14:56:30.645722, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (8->9) [2016/11/10 14:56:30.645732, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.645741, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.645753, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.645764, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.645809, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Brother_HL-L8250CDN] [2016/11/10 14:56:30.645820, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (9->10) [2016/11/10 14:56:30.645830, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_HL-L8250CDN] [2016/11/10 14:56:30.645840, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_HL-L8250CDN] [2016/11/10 14:56:30.645853, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.645862, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_HL-L8250CDN] [2016/11/10 14:56:30.645885, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (10->9) [2016/11/10 14:56:30.645896, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (9->8) [2016/11/10 14:56:30.645906, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (8->7) [2016/11/10 14:56:30.645916, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (7->6) [2016/11/10 14:56:30.645925, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (6->5) [2016/11/10 14:56:30.645935, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (5->4) [2016/11/10 14:56:30.645945, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 1A 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.645970, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001a-0000-0000-2458-8e7c274a0000 result : WERR_OK [2016/11/10 14:56:30.646013, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001a-0000-0000-2458-8e7c274a0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2016/11/10 14:56:30.646086, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1A 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.646110, 7, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_HL-L8250CDN] [2016/11/10 14:56:30.646120, 7, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/11/10 14:56:30.646129, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_HL-L8250CDN' (ops 0xf7331040) [2016/11/10 14:56:30.646139, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_HL-L8250CDN] [2016/11/10 14:56:30.646158, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2016/11/10 14:56:30.646168, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[1]: name[Datatype] len[8] [2016/11/10 14:56:30.646178, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[2]: name[Default Priority] len[4] [2016/11/10 14:56:30.646188, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[3]: name[Port] len[38] [2016/11/10 14:56:30.646198, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[4]: name[Name] len[40] [2016/11/10 14:56:30.646208, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[5]: name[Print Processor] len[18] [2016/11/10 14:56:30.646218, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[6]: name[Priority] len[4] [2016/11/10 14:56:30.646228, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[7]: name[Security] len[248] [2016/11/10 14:56:30.646238, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[8]: name[Share Name] len[40] [2016/11/10 14:56:30.646248, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[9]: name[StartTime] len[4] [2016/11/10 14:56:30.646260, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[10]: name[UntilTime] len[4] [2016/11/10 14:56:30.646271, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[11]: name[Description] len[50] [2016/11/10 14:56:30.646281, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[12]: name[Printer Driver] len[38] [2016/11/10 14:56:30.646291, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[13]: name[Location] len[2] [2016/11/10 14:56:30.646301, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[14]: name[Parameters] len[2] [2016/11/10 14:56:30.646311, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[15]: name[Separator File] len[2] [2016/11/10 14:56:30.646322, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[16]: name[Status] len[4] [2016/11/10 14:56:30.646333, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[17]: name[Default DevMode] len[1072] [2016/11/10 14:56:30.646344, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[18]: name[ChangeID] len[4] [2016/11/10 14:56:30.646355, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2016/11/10 14:56:30.646402, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001a-0000-0000-2458-8e7c274a0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2016/11/10 14:56:30.646473, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1A 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.646497, 7, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_HL-L8250CDN] [2016/11/10 14:56:30.646508, 7, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/11/10 14:56:30.646519, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xae (174) [101] : 0x66 (102) [102] : 0x85 (133) [103] : 0x50 (80) [104] : 0xdc (220) [105] : 0x80 (128) [106] : 0xb5 (181) [107] : 0x88 (136) [108] : 0x63 (99) [109] : 0xbb (187) [110] : 0x04 (4) [111] : 0x8c (140) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xae (174) [137] : 0x66 (102) [138] : 0x85 (133) [139] : 0x50 (80) [140] : 0xdc (220) [141] : 0x80 (128) [142] : 0xb5 (181) [143] : 0x88 (136) [144] : 0x63 (99) [145] : 0xbb (187) [146] : 0x04 (4) [147] : 0x8c (140) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2016/11/10 14:56:30.647421, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001a-0000-0000-2458-8e7c274a0000 [2016/11/10 14:56:30.647450, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1A 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.647474, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1A 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.647499, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) Closed policy [2016/11/10 14:56:30.647510, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (4->3) [2016/11/10 14:56:30.647521, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/11/10 14:56:30.647558, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000019-0000-0000-2458-8e7c274a0000 [2016/11/10 14:56:30.647586, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.647610, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.647632, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) Closed policy [2016/11/10 14:56:30.647642, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/11/10 14:56:30.647651, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/11/10 14:56:30.647685, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000018-0000-0000-2458-8e7c274a0000 [2016/11/10 14:56:30.647712, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.647735, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.647759, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) Closed policy [2016/11/10 14:56:30.647770, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (2->1) [2016/11/10 14:56:30.647780, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/11/10 14:56:30.647813, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000017-0000-0000-2458-8e7c274a0000 [2016/11/10 14:56:30.647840, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 17 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.647863, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 17 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.647885, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) Closed policy [2016/11/10 14:56:30.647894, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (1->0) [2016/11/10 14:56:30.647957, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/11/10 14:56:30.647996, 10, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:418(close_policy_by_pipe) Deleted handle list for RPC connection winreg printername: Brother_HL-L8250CDN [2016/11/10 14:56:30.648023, 4, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) Create pipe requested winreg [2016/11/10 14:56:30.648035, 10, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:223(init_pipe_handles) init_pipe_handle_list: created handle list for pipe winreg [2016/11/10 14:56:30.648044, 10, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:240(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg [2016/11/10 14:56:30.648078, 4, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) Created internal pipe winreg [2016/11/10 14:56:30.648106, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/11/10 14:56:30.648156, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/11/10 14:56:30.648172, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2016/11/10 14:56:30.648184, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:491(push_conn_ctx) push_conn_ctx(14969) : conn_ctx_stack_ndx = 0 [2016/11/10 14:56:30.648194, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2016/11/10 14:56:30.648204, 5, pid=18983, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/11/10 14:56:30.648213, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/11/10 14:56:30.648275, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2016/11/10 14:56:30.648287, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:885(regdb_open) regdb_open: registry db opened. refcount reset (1) [2016/11/10 14:56:30.648297, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/11/10 14:56:30.648307, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/11/10 14:56:30.648317, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.648326, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM] [2016/11/10 14:56:30.648357, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 1B 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.648381, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001b-0000-0000-2458-8e7c274a0000 result : WERR_OK [2016/11/10 14:56:30.648423, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001b-0000-0000-2458-8e7c274a0000 keyname: struct winreg_String name_len : 0x008e (142) name_size : 0x008e (142) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HLL8250CDN' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/11/10 14:56:30.648513, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1B 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.648539, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/11/10 14:56:30.648548, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (1->2) [2016/11/10 14:56:30.648559, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/11/10 14:56:30.648568, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/11/10 14:56:30.648578, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.648587, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE] [2016/11/10 14:56:30.648609, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/11/10 14:56:30.648619, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/11/10 14:56:30.648629, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.648638, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.648648, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.648657, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.648678, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/11/10 14:56:30.648689, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (3->4) [2016/11/10 14:56:30.648699, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.648708, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.648721, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.648730, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.648747, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/11/10 14:56:30.648757, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (4->5) [2016/11/10 14:56:30.648768, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.648777, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.648788, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.648797, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf76f87c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.648820, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/11/10 14:56:30.648830, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (5->6) [2016/11/10 14:56:30.648840, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.648850, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.648862, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.648870, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf76f87c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.648888, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/11/10 14:56:30.648898, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (6->7) [2016/11/10 14:56:30.648908, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.648917, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.648929, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.648938, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.648982, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HLL8250CDN] [2016/11/10 14:56:30.648995, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (7->8) [2016/11/10 14:56:30.649005, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HLL8250CDN] [2016/11/10 14:56:30.649016, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HLL8250CDN] [2016/11/10 14:56:30.649028, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.649037, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HLL8250CDN] [2016/11/10 14:56:30.649060, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (8->7) [2016/11/10 14:56:30.649070, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (7->6) [2016/11/10 14:56:30.649081, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (6->5) [2016/11/10 14:56:30.649090, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (5->4) [2016/11/10 14:56:30.649100, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (4->3) [2016/11/10 14:56:30.649110, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/11/10 14:56:30.649120, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 1C 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.649144, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001c-0000-0000-2458-8e7c274a0000 result : WERR_OK [2016/11/10 14:56:30.649185, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001c-0000-0000-2458-8e7c274a0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2016/11/10 14:56:30.649230, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1C 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.649257, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HLL8250CDN' (ops 0xf7331040) [2016/11/10 14:56:30.649268, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HLL8250CDN] [2016/11/10 14:56:30.649286, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2016/11/10 14:56:30.649297, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[1]: name[Datatype] len[8] [2016/11/10 14:56:30.649307, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[2]: name[Default Priority] len[4] [2016/11/10 14:56:30.649317, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[3]: name[Port] len[38] [2016/11/10 14:56:30.649326, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[4]: name[Name] len[22] [2016/11/10 14:56:30.649336, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[5]: name[Print Processor] len[18] [2016/11/10 14:56:30.649346, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[6]: name[Priority] len[4] [2016/11/10 14:56:30.649357, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[7]: name[Security] len[248] [2016/11/10 14:56:30.649367, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[8]: name[Share Name] len[22] [2016/11/10 14:56:30.649377, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[9]: name[StartTime] len[4] [2016/11/10 14:56:30.649387, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[10]: name[UntilTime] len[4] [2016/11/10 14:56:30.649397, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[11]: name[Description] len[22] [2016/11/10 14:56:30.649407, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[12]: name[Printer Driver] len[38] [2016/11/10 14:56:30.649417, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[13]: name[Location] len[2] [2016/11/10 14:56:30.649427, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[14]: name[Parameters] len[2] [2016/11/10 14:56:30.649438, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[15]: name[Separator File] len[2] [2016/11/10 14:56:30.649448, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[16]: name[Status] len[4] [2016/11/10 14:56:30.649462, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[17]: name[Default DevMode] len[1072] [2016/11/10 14:56:30.649473, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[18]: name[ChangeID] len[4] [2016/11/10 14:56:30.649484, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HLL8250CDN] [2016/11/10 14:56:30.649502, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x00000013 (19) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x00000430 (1072) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2016/11/10 14:56:30.649594, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001c-0000-0000-2458-8e7c274a0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.649670, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1C 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.649695, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HLL8250CDN] [2016/11/10 14:56:30.649706, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2016/11/10 14:56:30.649794, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001c-0000-0000-2458-8e7c274a0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.649872, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1C 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.649896, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HLL8250CDN] [2016/11/10 14:56:30.649907, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2016/11/10 14:56:30.650009, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001c-0000-0000-2458-8e7c274a0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.650085, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1C 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.650109, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HLL8250CDN] [2016/11/10 14:56:30.650119, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2016/11/10 14:56:30.650200, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001c-0000-0000-2458-8e7c274a0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.650276, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1C 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.650300, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HLL8250CDN] [2016/11/10 14:56:30.650311, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2016/11/10 14:56:30.650528, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001c-0000-0000-2458-8e7c274a0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.650606, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1C 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.650631, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HLL8250CDN] [2016/11/10 14:56:30.650642, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(22) [0] : 0x48 (72) [1] : 0x00 (0) [2] : 0x4c (76) [3] : 0x00 (0) [4] : 0x4c (76) [5] : 0x00 (0) [6] : 0x38 (56) [7] : 0x00 (0) [8] : 0x32 (50) [9] : 0x00 (0) [10] : 0x35 (53) [11] : 0x00 (0) [12] : 0x30 (48) [13] : 0x00 (0) [14] : 0x43 (67) [15] : 0x00 (0) [16] : 0x44 (68) [17] : 0x00 (0) [18] : 0x4e (78) [19] : 0x00 (0) [20] : 0x00 (0) [21] : 0x00 (0) size : * size : 0x00000016 (22) length : * length : 0x00000016 (22) result : WERR_OK [2016/11/10 14:56:30.650802, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001c-0000-0000-2458-8e7c274a0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.650877, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1C 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.650901, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HLL8250CDN] [2016/11/10 14:56:30.650912, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2016/11/10 14:56:30.651041, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001c-0000-0000-2458-8e7c274a0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.651118, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1C 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.651143, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HLL8250CDN] [2016/11/10 14:56:30.651153, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2016/11/10 14:56:30.651240, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001c-0000-0000-2458-8e7c274a0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.651321, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1C 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.651345, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HLL8250CDN] [2016/11/10 14:56:30.651356, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xae (174) [101] : 0x66 (102) [102] : 0x85 (133) [103] : 0x50 (80) [104] : 0xdc (220) [105] : 0x80 (128) [106] : 0xb5 (181) [107] : 0x88 (136) [108] : 0x63 (99) [109] : 0xbb (187) [110] : 0x04 (4) [111] : 0x8c (140) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xae (174) [137] : 0x66 (102) [138] : 0x85 (133) [139] : 0x50 (80) [140] : 0xdc (220) [141] : 0x80 (128) [142] : 0xb5 (181) [143] : 0x88 (136) [144] : 0x63 (99) [145] : 0xbb (187) [146] : 0x04 (4) [147] : 0x8c (140) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) size : * size : 0x000000f8 (248) length : * length : 0x000000f8 (248) result : WERR_OK [2016/11/10 14:56:30.652355, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001c-0000-0000-2458-8e7c274a0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.652435, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1C 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.652460, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HLL8250CDN] [2016/11/10 14:56:30.652471, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(22) [0] : 0x48 (72) [1] : 0x00 (0) [2] : 0x4c (76) [3] : 0x00 (0) [4] : 0x4c (76) [5] : 0x00 (0) [6] : 0x38 (56) [7] : 0x00 (0) [8] : 0x32 (50) [9] : 0x00 (0) [10] : 0x35 (53) [11] : 0x00 (0) [12] : 0x30 (48) [13] : 0x00 (0) [14] : 0x43 (67) [15] : 0x00 (0) [16] : 0x44 (68) [17] : 0x00 (0) [18] : 0x4e (78) [19] : 0x00 (0) [20] : 0x00 (0) [21] : 0x00 (0) size : * size : 0x00000016 (22) length : * length : 0x00000016 (22) result : WERR_OK [2016/11/10 14:56:30.652626, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001c-0000-0000-2458-8e7c274a0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.652702, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1C 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.652727, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HLL8250CDN] [2016/11/10 14:56:30.652737, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2016/11/10 14:56:30.652824, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001c-0000-0000-2458-8e7c274a0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.652898, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1C 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.652924, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HLL8250CDN] [2016/11/10 14:56:30.652935, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2016/11/10 14:56:30.653020, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001c-0000-0000-2458-8e7c274a0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.653094, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1C 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.653119, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HLL8250CDN] [2016/11/10 14:56:30.653129, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(22) [0] : 0x48 (72) [1] : 0x00 (0) [2] : 0x4c (76) [3] : 0x00 (0) [4] : 0x4c (76) [5] : 0x00 (0) [6] : 0x38 (56) [7] : 0x00 (0) [8] : 0x32 (50) [9] : 0x00 (0) [10] : 0x35 (53) [11] : 0x00 (0) [12] : 0x30 (48) [13] : 0x00 (0) [14] : 0x43 (67) [15] : 0x00 (0) [16] : 0x44 (68) [17] : 0x00 (0) [18] : 0x4e (78) [19] : 0x00 (0) [20] : 0x00 (0) [21] : 0x00 (0) size : * size : 0x00000016 (22) length : * length : 0x00000016 (22) result : WERR_OK [2016/11/10 14:56:30.653287, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001c-0000-0000-2458-8e7c274a0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.653362, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1C 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.653386, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HLL8250CDN] [2016/11/10 14:56:30.653397, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x001e (30) size : 0x0024 (36) name : * name : 'Printer Driver' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x49 (73) [1] : 0x00 (0) [2] : 0x53 (83) [3] : 0x00 (0) [4] : 0x65 (101) [5] : 0x00 (0) [6] : 0x72 (114) [7] : 0x00 (0) [8] : 0x76 (118) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x20 (32) [23] : 0x00 (0) [24] : 0x44 (68) [25] : 0x00 (0) [26] : 0x72 (114) [27] : 0x00 (0) [28] : 0x69 (105) [29] : 0x00 (0) [30] : 0x76 (118) [31] : 0x00 (0) [32] : 0x65 (101) [33] : 0x00 (0) [34] : 0x72 (114) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2016/11/10 14:56:30.653592, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001c-0000-0000-2458-8e7c274a0000 enum_index : 0x0000000d (13) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.653666, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1C 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.653693, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HLL8250CDN] [2016/11/10 14:56:30.653704, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Location' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2016/11/10 14:56:30.653782, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001c-0000-0000-2458-8e7c274a0000 enum_index : 0x0000000e (14) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.653856, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1C 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.653880, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HLL8250CDN] [2016/11/10 14:56:30.653890, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Parameters' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2016/11/10 14:56:30.653974, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001c-0000-0000-2458-8e7c274a0000 enum_index : 0x0000000f (15) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.654049, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1C 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.654074, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HLL8250CDN] [2016/11/10 14:56:30.654084, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x001e (30) size : 0x0024 (36) name : * name : 'Separator File' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2016/11/10 14:56:30.654160, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001c-0000-0000-2458-8e7c274a0000 enum_index : 0x00000010 (16) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.654236, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1C 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.654260, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HLL8250CDN] [2016/11/10 14:56:30.654270, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000e (14) size : 0x0024 (36) name : * name : 'Status' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2016/11/10 14:56:30.654355, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001c-0000-0000-2458-8e7c274a0000 enum_index : 0x00000011 (17) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.654429, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1C 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.654453, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HLL8250CDN] [2016/11/10 14:56:30.654463, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Default DevMode' type : * type : REG_BINARY (3) value : * value: ARRAY(1072) [0] : 0x5c (92) [1] : 0x00 (0) [2] : 0x5c (92) [3] : 0x00 (0) [4] : 0x69 (105) [5] : 0x00 (0) [6] : 0x73 (115) [7] : 0x00 (0) [8] : 0x65 (101) [9] : 0x00 (0) [10] : 0x72 (114) [11] : 0x00 (0) [12] : 0x76 (118) [13] : 0x00 (0) [14] : 0x5c (92) [15] : 0x00 (0) [16] : 0x78 (120) [17] : 0x00 (0) [18] : 0x79 (121) [19] : 0x00 (0) [20] : 0x7a (122) [21] : 0x00 (0) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x00 (0) [28] : 0x00 (0) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x00 (0) [33] : 0x00 (0) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x00 (0) [44] : 0x00 (0) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x00 (0) [49] : 0x00 (0) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x00 (0) [53] : 0x00 (0) [54] : 0x00 (0) [55] : 0x00 (0) [56] : 0x00 (0) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x00 (0) [62] : 0x00 (0) [63] : 0x00 (0) [64] : 0x01 (1) [65] : 0x04 (4) [66] : 0x00 (0) [67] : 0x06 (6) [68] : 0xdc (220) [69] : 0x00 (0) [70] : 0x54 (84) [71] : 0x03 (3) [72] : 0x53 (83) [73] : 0xef (239) [74] : 0x81 (129) [75] : 0x01 (1) [76] : 0x01 (1) [77] : 0x00 (0) [78] : 0x09 (9) [79] : 0x00 (0) [80] : 0xea (234) [81] : 0x0a (10) [82] : 0x6f (111) [83] : 0x08 (8) [84] : 0x64 (100) [85] : 0x00 (0) [86] : 0x01 (1) [87] : 0x00 (0) [88] : 0x0f (15) [89] : 0x00 (0) [90] : 0x58 (88) [91] : 0x02 (2) [92] : 0x02 (2) [93] : 0x00 (0) [94] : 0x01 (1) [95] : 0x00 (0) [96] : 0x58 (88) [97] : 0x02 (2) [98] : 0x03 (3) [99] : 0x00 (0) [100] : 0x01 (1) [101] : 0x00 (0) [102] : 0x41 (65) [103] : 0x00 (0) [104] : 0x34 (52) [105] : 0x00 (0) [106] : 0x00 (0) [107] : 0x00 (0) [108] : 0x00 (0) [109] : 0x00 (0) [110] : 0x00 (0) [111] : 0x00 (0) [112] : 0x00 (0) [113] : 0x00 (0) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x00 (0) [120] : 0x00 (0) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x00 (0) [125] : 0x00 (0) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x00 (0) [132] : 0x00 (0) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0x00 (0) [137] : 0x00 (0) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x00 (0) [144] : 0x00 (0) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x00 (0) [149] : 0x00 (0) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x00 (0) [154] : 0x00 (0) [155] : 0x00 (0) [156] : 0x00 (0) [157] : 0x00 (0) [158] : 0x00 (0) [159] : 0x00 (0) [160] : 0x00 (0) [161] : 0x00 (0) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x00 (0) [168] : 0x00 (0) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x00 (0) [173] : 0x00 (0) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x00 (0) [178] : 0x00 (0) [179] : 0x00 (0) [180] : 0x01 (1) [181] : 0x00 (0) [182] : 0x00 (0) [183] : 0x00 (0) [184] : 0x00 (0) [185] : 0x00 (0) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x01 (1) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x00 (0) [192] : 0x02 (2) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x01 (1) [197] : 0x00 (0) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x00 (0) [202] : 0x00 (0) [203] : 0x00 (0) [204] : 0x00 (0) [205] : 0x00 (0) [206] : 0x00 (0) [207] : 0x00 (0) [208] : 0x00 (0) [209] : 0x00 (0) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x00 (0) [216] : 0x00 (0) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x50 (80) [221] : 0x52 (82) [222] : 0x49 (73) [223] : 0x56 (86) [224] : 0xe2 (226) [225] : 0x30 (48) [226] : 0x00 (0) [227] : 0x00 (0) [228] : 0x00 (0) [229] : 0x00 (0) [230] : 0x00 (0) [231] : 0x00 (0) [232] : 0x00 (0) [233] : 0x00 (0) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x00 (0) [240] : 0x00 (0) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x00 (0) [245] : 0x00 (0) [246] : 0x00 (0) [247] : 0x00 (0) [248] : 0x00 (0) [249] : 0x00 (0) [250] : 0x00 (0) [251] : 0x00 (0) [252] : 0x00 (0) [253] : 0x00 (0) [254] : 0x00 (0) [255] : 0x00 (0) [256] : 0x00 (0) [257] : 0x00 (0) [258] : 0x00 (0) [259] : 0x00 (0) [260] : 0x00 (0) [261] : 0x00 (0) [262] : 0x00 (0) [263] : 0x00 (0) [264] : 0x00 (0) [265] : 0x00 (0) [266] : 0x00 (0) [267] : 0x00 (0) [268] : 0x00 (0) [269] : 0x00 (0) [270] : 0x00 (0) [271] : 0x00 (0) [272] : 0x00 (0) [273] : 0x00 (0) [274] : 0x00 (0) [275] : 0x00 (0) [276] : 0x00 (0) [277] : 0x00 (0) [278] : 0x00 (0) [279] : 0x00 (0) [280] : 0x00 (0) [281] : 0x00 (0) [282] : 0x00 (0) [283] : 0x00 (0) [284] : 0x00 (0) [285] : 0x00 (0) [286] : 0x00 (0) [287] : 0x00 (0) [288] : 0x00 (0) [289] : 0x00 (0) [290] : 0x00 (0) [291] : 0x00 (0) [292] : 0x00 (0) [293] : 0x00 (0) [294] : 0x00 (0) [295] : 0x00 (0) [296] : 0x00 (0) [297] : 0x00 (0) [298] : 0x00 (0) [299] : 0x00 (0) [300] : 0x00 (0) [301] : 0x00 (0) [302] : 0x00 (0) [303] : 0x00 (0) [304] : 0x00 (0) [305] : 0x00 (0) [306] : 0x00 (0) [307] : 0x00 (0) [308] : 0x18 (24) [309] : 0x00 (0) [310] : 0x00 (0) [311] : 0x00 (0) [312] : 0x00 (0) [313] : 0x00 (0) [314] : 0x10 (16) [315] : 0x27 (39) [316] : 0x10 (16) [317] : 0x27 (39) [318] : 0x10 (16) [319] : 0x27 (39) [320] : 0x00 (0) [321] : 0x00 (0) [322] : 0x10 (16) [323] : 0x27 (39) [324] : 0x00 (0) [325] : 0x00 (0) [326] : 0x00 (0) [327] : 0x00 (0) [328] : 0x00 (0) [329] : 0x00 (0) [330] : 0x00 (0) [331] : 0x00 (0) [332] : 0x80 (128) [333] : 0x00 (0) [334] : 0x54 (84) [335] : 0x03 (3) [336] : 0x00 (0) [337] : 0x00 (0) [338] : 0x00 (0) [339] : 0x00 (0) [340] : 0x00 (0) [341] : 0x00 (0) [342] : 0x00 (0) [343] : 0x00 (0) [344] : 0x00 (0) [345] : 0x00 (0) [346] : 0x00 (0) [347] : 0x00 (0) [348] : 0x00 (0) [349] : 0x00 (0) [350] : 0x00 (0) [351] : 0x00 (0) [352] : 0x00 (0) [353] : 0x00 (0) [354] : 0x00 (0) [355] : 0x00 (0) [356] : 0x00 (0) [357] : 0x00 (0) [358] : 0x00 (0) [359] : 0x00 (0) [360] : 0x03 (3) [361] : 0x00 (0) [362] : 0x00 (0) [363] : 0x00 (0) [364] : 0x00 (0) [365] : 0x00 (0) [366] : 0x00 (0) [367] : 0x00 (0) [368] : 0x00 (0) [369] : 0x00 (0) [370] : 0x10 (16) [371] : 0x00 (0) [372] : 0x50 (80) [373] : 0x34 (52) [374] : 0x03 (3) [375] : 0x00 (0) [376] : 0x28 (40) [377] : 0x88 (136) [378] : 0x04 (4) [379] : 0x00 (0) [380] : 0x00 (0) [381] : 0x00 (0) [382] : 0x00 (0) [383] : 0x00 (0) [384] : 0x00 (0) [385] : 0x00 (0) [386] : 0x00 (0) [387] : 0x00 (0) [388] : 0x00 (0) [389] : 0x00 (0) [390] : 0x01 (1) [391] : 0x00 (0) [392] : 0x00 (0) [393] : 0x00 (0) [394] : 0x00 (0) [395] : 0x00 (0) [396] : 0x00 (0) [397] : 0x00 (0) [398] : 0x00 (0) [399] : 0x00 (0) [400] : 0x00 (0) [401] : 0x00 (0) [402] : 0x00 (0) [403] : 0x00 (0) [404] : 0x00 (0) [405] : 0x00 (0) [406] : 0x00 (0) [407] : 0x00 (0) [408] : 0x24 (36) [409] : 0x01 (1) [410] : 0xdf (223) [411] : 0x8c (140) [412] : 0x03 (3) [413] : 0x00 (0) [414] : 0x00 (0) [415] : 0x00 (0) [416] : 0x05 (5) [417] : 0x00 (0) [418] : 0x0b (11) [419] : 0x00 (0) [420] : 0xff (255) [421] : 0x00 (0) [422] : 0x00 (0) [423] : 0x00 (0) [424] : 0x00 (0) [425] : 0x00 (0) [426] : 0x00 (0) [427] : 0x00 (0) [428] : 0x00 (0) [429] : 0x00 (0) [430] : 0x00 (0) [431] : 0x00 (0) [432] : 0x00 (0) [433] : 0x00 (0) [434] : 0x00 (0) [435] : 0x00 (0) [436] : 0x00 (0) [437] : 0x00 (0) [438] : 0x00 (0) [439] : 0x00 (0) [440] : 0x00 (0) [441] : 0x00 (0) [442] : 0x00 (0) [443] : 0x00 (0) [444] : 0x00 (0) [445] : 0x00 (0) [446] : 0x00 (0) [447] : 0x00 (0) [448] : 0x00 (0) [449] : 0x00 (0) [450] : 0x00 (0) [451] : 0x00 (0) [452] : 0x00 (0) [453] : 0x00 (0) [454] : 0x00 (0) [455] : 0x00 (0) [456] : 0x00 (0) [457] : 0x00 (0) [458] : 0x00 (0) [459] : 0x00 (0) [460] : 0x00 (0) [461] : 0x00 (0) [462] : 0x00 (0) [463] : 0x00 (0) [464] : 0x00 (0) [465] : 0x00 (0) [466] : 0x00 (0) [467] : 0x00 (0) [468] : 0x00 (0) [469] : 0x00 (0) [470] : 0x00 (0) [471] : 0x00 (0) [472] : 0x00 (0) [473] : 0x00 (0) [474] : 0x00 (0) [475] : 0x00 (0) [476] : 0x00 (0) [477] : 0x00 (0) [478] : 0x00 (0) [479] : 0x00 (0) [480] : 0x00 (0) [481] : 0x00 (0) [482] : 0x00 (0) [483] : 0x00 (0) [484] : 0x00 (0) [485] : 0x00 (0) [486] : 0x00 (0) [487] : 0x00 (0) [488] : 0x00 (0) [489] : 0x00 (0) [490] : 0x00 (0) [491] : 0x00 (0) [492] : 0x00 (0) [493] : 0x00 (0) [494] : 0x00 (0) [495] : 0x00 (0) [496] : 0x00 (0) [497] : 0x00 (0) [498] : 0x00 (0) [499] : 0x00 (0) [500] : 0x00 (0) [501] : 0x00 (0) [502] : 0x00 (0) [503] : 0x00 (0) [504] : 0x00 (0) [505] : 0x00 (0) [506] : 0x00 (0) [507] : 0x00 (0) [508] : 0x00 (0) [509] : 0x00 (0) [510] : 0x00 (0) [511] : 0x00 (0) [512] : 0x00 (0) [513] : 0x00 (0) [514] : 0x00 (0) [515] : 0x00 (0) [516] : 0x00 (0) [517] : 0x00 (0) [518] : 0x00 (0) [519] : 0x00 (0) [520] : 0x00 (0) [521] : 0x00 (0) [522] : 0x00 (0) [523] : 0x00 (0) [524] : 0x00 (0) [525] : 0x00 (0) [526] : 0x00 (0) [527] : 0x00 (0) [528] : 0x00 (0) [529] : 0x00 (0) [530] : 0x00 (0) [531] : 0x00 (0) [532] : 0x00 (0) [533] : 0x00 (0) [534] : 0x00 (0) [535] : 0x00 (0) [536] : 0x00 (0) [537] : 0x00 (0) [538] : 0x00 (0) [539] : 0x00 (0) [540] : 0x00 (0) [541] : 0x00 (0) [542] : 0x00 (0) [543] : 0x00 (0) [544] : 0x00 (0) [545] : 0x00 (0) [546] : 0x00 (0) [547] : 0x00 (0) [548] : 0x00 (0) [549] : 0x00 (0) [550] : 0x00 (0) [551] : 0x00 (0) [552] : 0x00 (0) [553] : 0x00 (0) [554] : 0x00 (0) [555] : 0x00 (0) [556] : 0x00 (0) [557] : 0x00 (0) [558] : 0x00 (0) [559] : 0x00 (0) [560] : 0x00 (0) [561] : 0x00 (0) [562] : 0x00 (0) [563] : 0x00 (0) [564] : 0x00 (0) [565] : 0x00 (0) [566] : 0x00 (0) [567] : 0x00 (0) [568] : 0x00 (0) [569] : 0x00 (0) [570] : 0x00 (0) [571] : 0x00 (0) [572] : 0x00 (0) [573] : 0x00 (0) [574] : 0x00 (0) [575] : 0x00 (0) [576] : 0x00 (0) [577] : 0x00 (0) [578] : 0x00 (0) [579] : 0x00 (0) [580] : 0x00 (0) [581] : 0x00 (0) [582] : 0x00 (0) [583] : 0x00 (0) [584] : 0x00 (0) [585] : 0x00 (0) [586] : 0x00 (0) [587] : 0x00 (0) [588] : 0x00 (0) [589] : 0x00 (0) [590] : 0x00 (0) [591] : 0x00 (0) [592] : 0x00 (0) [593] : 0x00 (0) [594] : 0x00 (0) [595] : 0x00 (0) [596] : 0x00 (0) [597] : 0x00 (0) [598] : 0x00 (0) [599] : 0x00 (0) [600] : 0x00 (0) [601] : 0x00 (0) [602] : 0x00 (0) [603] : 0x00 (0) [604] : 0x00 (0) [605] : 0x00 (0) [606] : 0x00 (0) [607] : 0x00 (0) [608] : 0x00 (0) [609] : 0x00 (0) [610] : 0x00 (0) [611] : 0x00 (0) [612] : 0x00 (0) [613] : 0x00 (0) [614] : 0x00 (0) [615] : 0x00 (0) [616] : 0x00 (0) [617] : 0x00 (0) [618] : 0x00 (0) [619] : 0x00 (0) [620] : 0x00 (0) [621] : 0x00 (0) [622] : 0x00 (0) [623] : 0x00 (0) [624] : 0x00 (0) [625] : 0x00 (0) [626] : 0x00 (0) [627] : 0x00 (0) [628] : 0x00 (0) [629] : 0x00 (0) [630] : 0x00 (0) [631] : 0x00 (0) [632] : 0x00 (0) [633] : 0x00 (0) [634] : 0x00 (0) [635] : 0x00 (0) [636] : 0x00 (0) [637] : 0x00 (0) [638] : 0x00 (0) [639] : 0x00 (0) [640] : 0x00 (0) [641] : 0x00 (0) [642] : 0x00 (0) [643] : 0x00 (0) [644] : 0x00 (0) [645] : 0x00 (0) [646] : 0x00 (0) [647] : 0x00 (0) [648] : 0x00 (0) [649] : 0x00 (0) [650] : 0x00 (0) [651] : 0x00 (0) [652] : 0x00 (0) [653] : 0x00 (0) [654] : 0x00 (0) [655] : 0x00 (0) [656] : 0x00 (0) [657] : 0x00 (0) [658] : 0x00 (0) [659] : 0x00 (0) [660] : 0x00 (0) [661] : 0x00 (0) [662] : 0x00 (0) [663] : 0x00 (0) [664] : 0x00 (0) [665] : 0x00 (0) [666] : 0x00 (0) [667] : 0x00 (0) [668] : 0x00 (0) [669] : 0x00 (0) [670] : 0x00 (0) [671] : 0x00 (0) [672] : 0x00 (0) [673] : 0x00 (0) [674] : 0x00 (0) [675] : 0x00 (0) [676] : 0x00 (0) [677] : 0x00 (0) [678] : 0x00 (0) [679] : 0x00 (0) [680] : 0x00 (0) [681] : 0x00 (0) [682] : 0x00 (0) [683] : 0x00 (0) [684] : 0x00 (0) [685] : 0x00 (0) [686] : 0x00 (0) [687] : 0x00 (0) [688] : 0x00 (0) [689] : 0x00 (0) [690] : 0x00 (0) [691] : 0x00 (0) [692] : 0x00 (0) [693] : 0x00 (0) [694] : 0x00 (0) [695] : 0x00 (0) [696] : 0x00 (0) [697] : 0x00 (0) [698] : 0x00 (0) [699] : 0x00 (0) [700] : 0x00 (0) [701] : 0x00 (0) [702] : 0x00 (0) [703] : 0x00 (0) [704] : 0x00 (0) [705] : 0x00 (0) [706] : 0x00 (0) [707] : 0x00 (0) [708] : 0x00 (0) [709] : 0x00 (0) [710] : 0x00 (0) [711] : 0x00 (0) [712] : 0x00 (0) [713] : 0x00 (0) [714] : 0x00 (0) [715] : 0x00 (0) [716] : 0x00 (0) [717] : 0x00 (0) [718] : 0x00 (0) [719] : 0x00 (0) [720] : 0x00 (0) [721] : 0x00 (0) [722] : 0x00 (0) [723] : 0x00 (0) [724] : 0x00 (0) [725] : 0x00 (0) [726] : 0x00 (0) [727] : 0x00 (0) [728] : 0x00 (0) [729] : 0x00 (0) [730] : 0x00 (0) [731] : 0x00 (0) [732] : 0x00 (0) [733] : 0x00 (0) [734] : 0x00 (0) [735] : 0x00 (0) [736] : 0x00 (0) [737] : 0x00 (0) [738] : 0x00 (0) [739] : 0x00 (0) [740] : 0x00 (0) [741] : 0x00 (0) [742] : 0x00 (0) [743] : 0x00 (0) [744] : 0x00 (0) [745] : 0x00 (0) [746] : 0x00 (0) [747] : 0x00 (0) [748] : 0x00 (0) [749] : 0x00 (0) [750] : 0x00 (0) [751] : 0x00 (0) [752] : 0x00 (0) [753] : 0x00 (0) [754] : 0x00 (0) [755] : 0x00 (0) [756] : 0x00 (0) [757] : 0x00 (0) [758] : 0x00 (0) [759] : 0x00 (0) [760] : 0x00 (0) [761] : 0x00 (0) [762] : 0x00 (0) [763] : 0x00 (0) [764] : 0x00 (0) [765] : 0x00 (0) [766] : 0x00 (0) [767] : 0x00 (0) [768] : 0x00 (0) [769] : 0x00 (0) [770] : 0x00 (0) [771] : 0x00 (0) [772] : 0x00 (0) [773] : 0x00 (0) [774] : 0x00 (0) [775] : 0x00 (0) [776] : 0x00 (0) [777] : 0x00 (0) [778] : 0x00 (0) [779] : 0x00 (0) [780] : 0x00 (0) [781] : 0x00 (0) [782] : 0x00 (0) [783] : 0x00 (0) [784] : 0x00 (0) [785] : 0x00 (0) [786] : 0x00 (0) [787] : 0x00 (0) [788] : 0x00 (0) [789] : 0x00 (0) [790] : 0x00 (0) [791] : 0x00 (0) [792] : 0x00 (0) [793] : 0x00 (0) [794] : 0x00 (0) [795] : 0x00 (0) [796] : 0x00 (0) [797] : 0x00 (0) [798] : 0x00 (0) [799] : 0x00 (0) [800] : 0x00 (0) [801] : 0x00 (0) [802] : 0x00 (0) [803] : 0x00 (0) [804] : 0x00 (0) [805] : 0x00 (0) [806] : 0x00 (0) [807] : 0x00 (0) [808] : 0x00 (0) [809] : 0x00 (0) [810] : 0x00 (0) [811] : 0x00 (0) [812] : 0x00 (0) [813] : 0x00 (0) [814] : 0x00 (0) [815] : 0x00 (0) [816] : 0x00 (0) [817] : 0x00 (0) [818] : 0x00 (0) [819] : 0x00 (0) [820] : 0x00 (0) [821] : 0x00 (0) [822] : 0x00 (0) [823] : 0x00 (0) [824] : 0x00 (0) [825] : 0x00 (0) [826] : 0x00 (0) [827] : 0x00 (0) [828] : 0x00 (0) [829] : 0x00 (0) [830] : 0x00 (0) [831] : 0x00 (0) [832] : 0x00 (0) [833] : 0x00 (0) [834] : 0x00 (0) [835] : 0x00 (0) [836] : 0x00 (0) [837] : 0x00 (0) [838] : 0x00 (0) [839] : 0x00 (0) [840] : 0x00 (0) [841] : 0x00 (0) [842] : 0x00 (0) [843] : 0x00 (0) [844] : 0x00 (0) [845] : 0x00 (0) [846] : 0x00 (0) [847] : 0x00 (0) [848] : 0x00 (0) [849] : 0x00 (0) [850] : 0x00 (0) [851] : 0x00 (0) [852] : 0x00 (0) [853] : 0x00 (0) [854] : 0x00 (0) [855] : 0x00 (0) [856] : 0x00 (0) [857] : 0x00 (0) [858] : 0x00 (0) [859] : 0x00 (0) [860] : 0x00 (0) [861] : 0x00 (0) [862] : 0x00 (0) [863] : 0x00 (0) [864] : 0x00 (0) [865] : 0x00 (0) [866] : 0x00 (0) [867] : 0x00 (0) [868] : 0x00 (0) [869] : 0x00 (0) [870] : 0x00 (0) [871] : 0x00 (0) [872] : 0x00 (0) [873] : 0x00 (0) [874] : 0x00 (0) [875] : 0x00 (0) [876] : 0x00 (0) [877] : 0x00 (0) [878] : 0x00 (0) [879] : 0x00 (0) [880] : 0x00 (0) [881] : 0x00 (0) [882] : 0x00 (0) [883] : 0x00 (0) [884] : 0x00 (0) [885] : 0x00 (0) [886] : 0x00 (0) [887] : 0x00 (0) [888] : 0x00 (0) [889] : 0x00 (0) [890] : 0x00 (0) [891] : 0x00 (0) [892] : 0x00 (0) [893] : 0x00 (0) [894] : 0x00 (0) [895] : 0x00 (0) [896] : 0x00 (0) [897] : 0x00 (0) [898] : 0x00 (0) [899] : 0x00 (0) [900] : 0x00 (0) [901] : 0x00 (0) [902] : 0x00 (0) [903] : 0x00 (0) [904] : 0x00 (0) [905] : 0x00 (0) [906] : 0x00 (0) [907] : 0x00 (0) [908] : 0x00 (0) [909] : 0x00 (0) [910] : 0x00 (0) [911] : 0x00 (0) [912] : 0x00 (0) [913] : 0x00 (0) [914] : 0x00 (0) [915] : 0x00 (0) [916] : 0x00 (0) [917] : 0x00 (0) [918] : 0x00 (0) [919] : 0x00 (0) [920] : 0x00 (0) [921] : 0x00 (0) [922] : 0x00 (0) [923] : 0x00 (0) [924] : 0x00 (0) [925] : 0x00 (0) [926] : 0x00 (0) [927] : 0x00 (0) [928] : 0x01 (1) [929] : 0x00 (0) [930] : 0x00 (0) [931] : 0x00 (0) [932] : 0x00 (0) [933] : 0x00 (0) [934] : 0x00 (0) [935] : 0x00 (0) [936] : 0x00 (0) [937] : 0x00 (0) [938] : 0x00 (0) [939] : 0x00 (0) [940] : 0x00 (0) [941] : 0x00 (0) [942] : 0x00 (0) [943] : 0x00 (0) [944] : 0x80 (128) [945] : 0x00 (0) [946] : 0x00 (0) [947] : 0x00 (0) [948] : 0x53 (83) [949] : 0x4d (77) [950] : 0x54 (84) [951] : 0x4a (74) [952] : 0x00 (0) [953] : 0x00 (0) [954] : 0x00 (0) [955] : 0x00 (0) [956] : 0x10 (16) [957] : 0x00 (0) [958] : 0x70 (112) [959] : 0x00 (0) [960] : 0x49 (73) [961] : 0x00 (0) [962] : 0x53 (83) [963] : 0x00 (0) [964] : 0x65 (101) [965] : 0x00 (0) [966] : 0x72 (114) [967] : 0x00 (0) [968] : 0x76 (118) [969] : 0x00 (0) [970] : 0x20 (32) [971] : 0x00 (0) [972] : 0x50 (80) [973] : 0x00 (0) [974] : 0x72 (114) [975] : 0x00 (0) [976] : 0x69 (105) [977] : 0x00 (0) [978] : 0x6e (110) [979] : 0x00 (0) [980] : 0x74 (116) [981] : 0x00 (0) [982] : 0x20 (32) [983] : 0x00 (0) [984] : 0x44 (68) [985] : 0x00 (0) [986] : 0x72 (114) [987] : 0x00 (0) [988] : 0x69 (105) [989] : 0x00 (0) [990] : 0x76 (118) [991] : 0x00 (0) [992] : 0x65 (101) [993] : 0x00 (0) [994] : 0x72 (114) [995] : 0x00 (0) [996] : 0x00 (0) [997] : 0x00 (0) [998] : 0x52 (82) [999] : 0x65 (101) [1000] : 0x73 (115) [1001] : 0x6f (111) [1002] : 0x6c (108) [1003] : 0x75 (117) [1004] : 0x74 (116) [1005] : 0x69 (105) [1006] : 0x6f (111) [1007] : 0x6e (110) [1008] : 0x00 (0) [1009] : 0x36 (54) [1010] : 0x30 (48) [1011] : 0x30 (48) [1012] : 0x64 (100) [1013] : 0x70 (112) [1014] : 0x69 (105) [1015] : 0x00 (0) [1016] : 0x50 (80) [1017] : 0x61 (97) [1018] : 0x67 (103) [1019] : 0x65 (101) [1020] : 0x53 (83) [1021] : 0x69 (105) [1022] : 0x7a (122) [1023] : 0x65 (101) [1024] : 0x00 (0) [1025] : 0x41 (65) [1026] : 0x34 (52) [1027] : 0x00 (0) [1028] : 0x50 (80) [1029] : 0x61 (97) [1030] : 0x67 (103) [1031] : 0x65 (101) [1032] : 0x52 (82) [1033] : 0x65 (101) [1034] : 0x67 (103) [1035] : 0x69 (105) [1036] : 0x6f (111) [1037] : 0x6e (110) [1038] : 0x00 (0) [1039] : 0x00 (0) [1040] : 0x00 (0) [1041] : 0x00 (0) [1042] : 0x00 (0) [1043] : 0x00 (0) [1044] : 0x00 (0) [1045] : 0x00 (0) [1046] : 0x00 (0) [1047] : 0x00 (0) [1048] : 0x00 (0) [1049] : 0x00 (0) [1050] : 0x00 (0) [1051] : 0x00 (0) [1052] : 0x00 (0) [1053] : 0x00 (0) [1054] : 0x00 (0) [1055] : 0x00 (0) [1056] : 0x00 (0) [1057] : 0x00 (0) [1058] : 0x00 (0) [1059] : 0x00 (0) [1060] : 0x00 (0) [1061] : 0x00 (0) [1062] : 0x00 (0) [1063] : 0x00 (0) [1064] : 0x00 (0) [1065] : 0x00 (0) [1066] : 0x00 (0) [1067] : 0x00 (0) [1068] : 0x00 (0) [1069] : 0x00 (0) [1070] : 0x00 (0) [1071] : 0x00 (0) size : * size : 0x00000430 (1072) length : * length : 0x00000430 (1072) result : WERR_OK [2016/11/10 14:56:30.658100, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001c-0000-0000-2458-8e7c274a0000 enum_index : 0x00000012 (18) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.658175, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1C 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.658199, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HLL8250CDN] [2016/11/10 14:56:30.658210, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x20 (32) [1] : 0x4a (74) [2] : 0xa8 (168) [3] : 0x17 (23) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2016/11/10 14:56:30.658315, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001c-0000-0000-2458-8e7c274a0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2016/11/10 14:56:30.658383, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1C 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.658407, 7, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HLL8250CDN] [2016/11/10 14:56:30.658416, 7, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/11/10 14:56:30.658429, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x00000430 (1072) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2016/11/10 14:56:30.658475, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001c-0000-0000-2458-8e7c274a0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x00000430 (1072) data_length : * data_length : 0x00000000 (0) [2016/11/10 14:56:30.658547, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1C 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.658571, 7, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HLL8250CDN] [2016/11/10 14:56:30.658580, 7, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/11/10 14:56:30.658592, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(1072) [0] : 0x5c (92) [1] : 0x00 (0) [2] : 0x5c (92) [3] : 0x00 (0) [4] : 0x69 (105) [5] : 0x00 (0) [6] : 0x73 (115) [7] : 0x00 (0) [8] : 0x65 (101) [9] : 0x00 (0) [10] : 0x72 (114) [11] : 0x00 (0) [12] : 0x76 (118) [13] : 0x00 (0) [14] : 0x5c (92) [15] : 0x00 (0) [16] : 0x78 (120) [17] : 0x00 (0) [18] : 0x79 (121) [19] : 0x00 (0) [20] : 0x7a (122) [21] : 0x00 (0) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x00 (0) [28] : 0x00 (0) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x00 (0) [33] : 0x00 (0) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x00 (0) [44] : 0x00 (0) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x00 (0) [49] : 0x00 (0) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x00 (0) [53] : 0x00 (0) [54] : 0x00 (0) [55] : 0x00 (0) [56] : 0x00 (0) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x00 (0) [62] : 0x00 (0) [63] : 0x00 (0) [64] : 0x01 (1) [65] : 0x04 (4) [66] : 0x00 (0) [67] : 0x06 (6) [68] : 0xdc (220) [69] : 0x00 (0) [70] : 0x54 (84) [71] : 0x03 (3) [72] : 0x53 (83) [73] : 0xef (239) [74] : 0x81 (129) [75] : 0x01 (1) [76] : 0x01 (1) [77] : 0x00 (0) [78] : 0x09 (9) [79] : 0x00 (0) [80] : 0xea (234) [81] : 0x0a (10) [82] : 0x6f (111) [83] : 0x08 (8) [84] : 0x64 (100) [85] : 0x00 (0) [86] : 0x01 (1) [87] : 0x00 (0) [88] : 0x0f (15) [89] : 0x00 (0) [90] : 0x58 (88) [91] : 0x02 (2) [92] : 0x02 (2) [93] : 0x00 (0) [94] : 0x01 (1) [95] : 0x00 (0) [96] : 0x58 (88) [97] : 0x02 (2) [98] : 0x03 (3) [99] : 0x00 (0) [100] : 0x01 (1) [101] : 0x00 (0) [102] : 0x41 (65) [103] : 0x00 (0) [104] : 0x34 (52) [105] : 0x00 (0) [106] : 0x00 (0) [107] : 0x00 (0) [108] : 0x00 (0) [109] : 0x00 (0) [110] : 0x00 (0) [111] : 0x00 (0) [112] : 0x00 (0) [113] : 0x00 (0) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x00 (0) [120] : 0x00 (0) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x00 (0) [125] : 0x00 (0) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x00 (0) [132] : 0x00 (0) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0x00 (0) [137] : 0x00 (0) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x00 (0) [144] : 0x00 (0) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x00 (0) [149] : 0x00 (0) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x00 (0) [154] : 0x00 (0) [155] : 0x00 (0) [156] : 0x00 (0) [157] : 0x00 (0) [158] : 0x00 (0) [159] : 0x00 (0) [160] : 0x00 (0) [161] : 0x00 (0) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x00 (0) [168] : 0x00 (0) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x00 (0) [173] : 0x00 (0) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x00 (0) [178] : 0x00 (0) [179] : 0x00 (0) [180] : 0x01 (1) [181] : 0x00 (0) [182] : 0x00 (0) [183] : 0x00 (0) [184] : 0x00 (0) [185] : 0x00 (0) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x01 (1) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x00 (0) [192] : 0x02 (2) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x01 (1) [197] : 0x00 (0) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x00 (0) [202] : 0x00 (0) [203] : 0x00 (0) [204] : 0x00 (0) [205] : 0x00 (0) [206] : 0x00 (0) [207] : 0x00 (0) [208] : 0x00 (0) [209] : 0x00 (0) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x00 (0) [216] : 0x00 (0) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x50 (80) [221] : 0x52 (82) [222] : 0x49 (73) [223] : 0x56 (86) [224] : 0xe2 (226) [225] : 0x30 (48) [226] : 0x00 (0) [227] : 0x00 (0) [228] : 0x00 (0) [229] : 0x00 (0) [230] : 0x00 (0) [231] : 0x00 (0) [232] : 0x00 (0) [233] : 0x00 (0) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x00 (0) [240] : 0x00 (0) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x00 (0) [245] : 0x00 (0) [246] : 0x00 (0) [247] : 0x00 (0) [248] : 0x00 (0) [249] : 0x00 (0) [250] : 0x00 (0) [251] : 0x00 (0) [252] : 0x00 (0) [253] : 0x00 (0) [254] : 0x00 (0) [255] : 0x00 (0) [256] : 0x00 (0) [257] : 0x00 (0) [258] : 0x00 (0) [259] : 0x00 (0) [260] : 0x00 (0) [261] : 0x00 (0) [262] : 0x00 (0) [263] : 0x00 (0) [264] : 0x00 (0) [265] : 0x00 (0) [266] : 0x00 (0) [267] : 0x00 (0) [268] : 0x00 (0) [269] : 0x00 (0) [270] : 0x00 (0) [271] : 0x00 (0) [272] : 0x00 (0) [273] : 0x00 (0) [274] : 0x00 (0) [275] : 0x00 (0) [276] : 0x00 (0) [277] : 0x00 (0) [278] : 0x00 (0) [279] : 0x00 (0) [280] : 0x00 (0) [281] : 0x00 (0) [282] : 0x00 (0) [283] : 0x00 (0) [284] : 0x00 (0) [285] : 0x00 (0) [286] : 0x00 (0) [287] : 0x00 (0) [288] : 0x00 (0) [289] : 0x00 (0) [290] : 0x00 (0) [291] : 0x00 (0) [292] : 0x00 (0) [293] : 0x00 (0) [294] : 0x00 (0) [295] : 0x00 (0) [296] : 0x00 (0) [297] : 0x00 (0) [298] : 0x00 (0) [299] : 0x00 (0) [300] : 0x00 (0) [301] : 0x00 (0) [302] : 0x00 (0) [303] : 0x00 (0) [304] : 0x00 (0) [305] : 0x00 (0) [306] : 0x00 (0) [307] : 0x00 (0) [308] : 0x18 (24) [309] : 0x00 (0) [310] : 0x00 (0) [311] : 0x00 (0) [312] : 0x00 (0) [313] : 0x00 (0) [314] : 0x10 (16) [315] : 0x27 (39) [316] : 0x10 (16) [317] : 0x27 (39) [318] : 0x10 (16) [319] : 0x27 (39) [320] : 0x00 (0) [321] : 0x00 (0) [322] : 0x10 (16) [323] : 0x27 (39) [324] : 0x00 (0) [325] : 0x00 (0) [326] : 0x00 (0) [327] : 0x00 (0) [328] : 0x00 (0) [329] : 0x00 (0) [330] : 0x00 (0) [331] : 0x00 (0) [332] : 0x80 (128) [333] : 0x00 (0) [334] : 0x54 (84) [335] : 0x03 (3) [336] : 0x00 (0) [337] : 0x00 (0) [338] : 0x00 (0) [339] : 0x00 (0) [340] : 0x00 (0) [341] : 0x00 (0) [342] : 0x00 (0) [343] : 0x00 (0) [344] : 0x00 (0) [345] : 0x00 (0) [346] : 0x00 (0) [347] : 0x00 (0) [348] : 0x00 (0) [349] : 0x00 (0) [350] : 0x00 (0) [351] : 0x00 (0) [352] : 0x00 (0) [353] : 0x00 (0) [354] : 0x00 (0) [355] : 0x00 (0) [356] : 0x00 (0) [357] : 0x00 (0) [358] : 0x00 (0) [359] : 0x00 (0) [360] : 0x03 (3) [361] : 0x00 (0) [362] : 0x00 (0) [363] : 0x00 (0) [364] : 0x00 (0) [365] : 0x00 (0) [366] : 0x00 (0) [367] : 0x00 (0) [368] : 0x00 (0) [369] : 0x00 (0) [370] : 0x10 (16) [371] : 0x00 (0) [372] : 0x50 (80) [373] : 0x34 (52) [374] : 0x03 (3) [375] : 0x00 (0) [376] : 0x28 (40) [377] : 0x88 (136) [378] : 0x04 (4) [379] : 0x00 (0) [380] : 0x00 (0) [381] : 0x00 (0) [382] : 0x00 (0) [383] : 0x00 (0) [384] : 0x00 (0) [385] : 0x00 (0) [386] : 0x00 (0) [387] : 0x00 (0) [388] : 0x00 (0) [389] : 0x00 (0) [390] : 0x01 (1) [391] : 0x00 (0) [392] : 0x00 (0) [393] : 0x00 (0) [394] : 0x00 (0) [395] : 0x00 (0) [396] : 0x00 (0) [397] : 0x00 (0) [398] : 0x00 (0) [399] : 0x00 (0) [400] : 0x00 (0) [401] : 0x00 (0) [402] : 0x00 (0) [403] : 0x00 (0) [404] : 0x00 (0) [405] : 0x00 (0) [406] : 0x00 (0) [407] : 0x00 (0) [408] : 0x24 (36) [409] : 0x01 (1) [410] : 0xdf (223) [411] : 0x8c (140) [412] : 0x03 (3) [413] : 0x00 (0) [414] : 0x00 (0) [415] : 0x00 (0) [416] : 0x05 (5) [417] : 0x00 (0) [418] : 0x0b (11) [419] : 0x00 (0) [420] : 0xff (255) [421] : 0x00 (0) [422] : 0x00 (0) [423] : 0x00 (0) [424] : 0x00 (0) [425] : 0x00 (0) [426] : 0x00 (0) [427] : 0x00 (0) [428] : 0x00 (0) [429] : 0x00 (0) [430] : 0x00 (0) [431] : 0x00 (0) [432] : 0x00 (0) [433] : 0x00 (0) [434] : 0x00 (0) [435] : 0x00 (0) [436] : 0x00 (0) [437] : 0x00 (0) [438] : 0x00 (0) [439] : 0x00 (0) [440] : 0x00 (0) [441] : 0x00 (0) [442] : 0x00 (0) [443] : 0x00 (0) [444] : 0x00 (0) [445] : 0x00 (0) [446] : 0x00 (0) [447] : 0x00 (0) [448] : 0x00 (0) [449] : 0x00 (0) [450] : 0x00 (0) [451] : 0x00 (0) [452] : 0x00 (0) [453] : 0x00 (0) [454] : 0x00 (0) [455] : 0x00 (0) [456] : 0x00 (0) [457] : 0x00 (0) [458] : 0x00 (0) [459] : 0x00 (0) [460] : 0x00 (0) [461] : 0x00 (0) [462] : 0x00 (0) [463] : 0x00 (0) [464] : 0x00 (0) [465] : 0x00 (0) [466] : 0x00 (0) [467] : 0x00 (0) [468] : 0x00 (0) [469] : 0x00 (0) [470] : 0x00 (0) [471] : 0x00 (0) [472] : 0x00 (0) [473] : 0x00 (0) [474] : 0x00 (0) [475] : 0x00 (0) [476] : 0x00 (0) [477] : 0x00 (0) [478] : 0x00 (0) [479] : 0x00 (0) [480] : 0x00 (0) [481] : 0x00 (0) [482] : 0x00 (0) [483] : 0x00 (0) [484] : 0x00 (0) [485] : 0x00 (0) [486] : 0x00 (0) [487] : 0x00 (0) [488] : 0x00 (0) [489] : 0x00 (0) [490] : 0x00 (0) [491] : 0x00 (0) [492] : 0x00 (0) [493] : 0x00 (0) [494] : 0x00 (0) [495] : 0x00 (0) [496] : 0x00 (0) [497] : 0x00 (0) [498] : 0x00 (0) [499] : 0x00 (0) [500] : 0x00 (0) [501] : 0x00 (0) [502] : 0x00 (0) [503] : 0x00 (0) [504] : 0x00 (0) [505] : 0x00 (0) [506] : 0x00 (0) [507] : 0x00 (0) [508] : 0x00 (0) [509] : 0x00 (0) [510] : 0x00 (0) [511] : 0x00 (0) [512] : 0x00 (0) [513] : 0x00 (0) [514] : 0x00 (0) [515] : 0x00 (0) [516] : 0x00 (0) [517] : 0x00 (0) [518] : 0x00 (0) [519] : 0x00 (0) [520] : 0x00 (0) [521] : 0x00 (0) [522] : 0x00 (0) [523] : 0x00 (0) [524] : 0x00 (0) [525] : 0x00 (0) [526] : 0x00 (0) [527] : 0x00 (0) [528] : 0x00 (0) [529] : 0x00 (0) [530] : 0x00 (0) [531] : 0x00 (0) [532] : 0x00 (0) [533] : 0x00 (0) [534] : 0x00 (0) [535] : 0x00 (0) [536] : 0x00 (0) [537] : 0x00 (0) [538] : 0x00 (0) [539] : 0x00 (0) [540] : 0x00 (0) [541] : 0x00 (0) [542] : 0x00 (0) [543] : 0x00 (0) [544] : 0x00 (0) [545] : 0x00 (0) [546] : 0x00 (0) [547] : 0x00 (0) [548] : 0x00 (0) [549] : 0x00 (0) [550] : 0x00 (0) [551] : 0x00 (0) [552] : 0x00 (0) [553] : 0x00 (0) [554] : 0x00 (0) [555] : 0x00 (0) [556] : 0x00 (0) [557] : 0x00 (0) [558] : 0x00 (0) [559] : 0x00 (0) [560] : 0x00 (0) [561] : 0x00 (0) [562] : 0x00 (0) [563] : 0x00 (0) [564] : 0x00 (0) [565] : 0x00 (0) [566] : 0x00 (0) [567] : 0x00 (0) [568] : 0x00 (0) [569] : 0x00 (0) [570] : 0x00 (0) [571] : 0x00 (0) [572] : 0x00 (0) [573] : 0x00 (0) [574] : 0x00 (0) [575] : 0x00 (0) [576] : 0x00 (0) [577] : 0x00 (0) [578] : 0x00 (0) [579] : 0x00 (0) [580] : 0x00 (0) [581] : 0x00 (0) [582] : 0x00 (0) [583] : 0x00 (0) [584] : 0x00 (0) [585] : 0x00 (0) [586] : 0x00 (0) [587] : 0x00 (0) [588] : 0x00 (0) [589] : 0x00 (0) [590] : 0x00 (0) [591] : 0x00 (0) [592] : 0x00 (0) [593] : 0x00 (0) [594] : 0x00 (0) [595] : 0x00 (0) [596] : 0x00 (0) [597] : 0x00 (0) [598] : 0x00 (0) [599] : 0x00 (0) [600] : 0x00 (0) [601] : 0x00 (0) [602] : 0x00 (0) [603] : 0x00 (0) [604] : 0x00 (0) [605] : 0x00 (0) [606] : 0x00 (0) [607] : 0x00 (0) [608] : 0x00 (0) [609] : 0x00 (0) [610] : 0x00 (0) [611] : 0x00 (0) [612] : 0x00 (0) [613] : 0x00 (0) [614] : 0x00 (0) [615] : 0x00 (0) [616] : 0x00 (0) [617] : 0x00 (0) [618] : 0x00 (0) [619] : 0x00 (0) [620] : 0x00 (0) [621] : 0x00 (0) [622] : 0x00 (0) [623] : 0x00 (0) [624] : 0x00 (0) [625] : 0x00 (0) [626] : 0x00 (0) [627] : 0x00 (0) [628] : 0x00 (0) [629] : 0x00 (0) [630] : 0x00 (0) [631] : 0x00 (0) [632] : 0x00 (0) [633] : 0x00 (0) [634] : 0x00 (0) [635] : 0x00 (0) [636] : 0x00 (0) [637] : 0x00 (0) [638] : 0x00 (0) [639] : 0x00 (0) [640] : 0x00 (0) [641] : 0x00 (0) [642] : 0x00 (0) [643] : 0x00 (0) [644] : 0x00 (0) [645] : 0x00 (0) [646] : 0x00 (0) [647] : 0x00 (0) [648] : 0x00 (0) [649] : 0x00 (0) [650] : 0x00 (0) [651] : 0x00 (0) [652] : 0x00 (0) [653] : 0x00 (0) [654] : 0x00 (0) [655] : 0x00 (0) [656] : 0x00 (0) [657] : 0x00 (0) [658] : 0x00 (0) [659] : 0x00 (0) [660] : 0x00 (0) [661] : 0x00 (0) [662] : 0x00 (0) [663] : 0x00 (0) [664] : 0x00 (0) [665] : 0x00 (0) [666] : 0x00 (0) [667] : 0x00 (0) [668] : 0x00 (0) [669] : 0x00 (0) [670] : 0x00 (0) [671] : 0x00 (0) [672] : 0x00 (0) [673] : 0x00 (0) [674] : 0x00 (0) [675] : 0x00 (0) [676] : 0x00 (0) [677] : 0x00 (0) [678] : 0x00 (0) [679] : 0x00 (0) [680] : 0x00 (0) [681] : 0x00 (0) [682] : 0x00 (0) [683] : 0x00 (0) [684] : 0x00 (0) [685] : 0x00 (0) [686] : 0x00 (0) [687] : 0x00 (0) [688] : 0x00 (0) [689] : 0x00 (0) [690] : 0x00 (0) [691] : 0x00 (0) [692] : 0x00 (0) [693] : 0x00 (0) [694] : 0x00 (0) [695] : 0x00 (0) [696] : 0x00 (0) [697] : 0x00 (0) [698] : 0x00 (0) [699] : 0x00 (0) [700] : 0x00 (0) [701] : 0x00 (0) [702] : 0x00 (0) [703] : 0x00 (0) [704] : 0x00 (0) [705] : 0x00 (0) [706] : 0x00 (0) [707] : 0x00 (0) [708] : 0x00 (0) [709] : 0x00 (0) [710] : 0x00 (0) [711] : 0x00 (0) [712] : 0x00 (0) [713] : 0x00 (0) [714] : 0x00 (0) [715] : 0x00 (0) [716] : 0x00 (0) [717] : 0x00 (0) [718] : 0x00 (0) [719] : 0x00 (0) [720] : 0x00 (0) [721] : 0x00 (0) [722] : 0x00 (0) [723] : 0x00 (0) [724] : 0x00 (0) [725] : 0x00 (0) [726] : 0x00 (0) [727] : 0x00 (0) [728] : 0x00 (0) [729] : 0x00 (0) [730] : 0x00 (0) [731] : 0x00 (0) [732] : 0x00 (0) [733] : 0x00 (0) [734] : 0x00 (0) [735] : 0x00 (0) [736] : 0x00 (0) [737] : 0x00 (0) [738] : 0x00 (0) [739] : 0x00 (0) [740] : 0x00 (0) [741] : 0x00 (0) [742] : 0x00 (0) [743] : 0x00 (0) [744] : 0x00 (0) [745] : 0x00 (0) [746] : 0x00 (0) [747] : 0x00 (0) [748] : 0x00 (0) [749] : 0x00 (0) [750] : 0x00 (0) [751] : 0x00 (0) [752] : 0x00 (0) [753] : 0x00 (0) [754] : 0x00 (0) [755] : 0x00 (0) [756] : 0x00 (0) [757] : 0x00 (0) [758] : 0x00 (0) [759] : 0x00 (0) [760] : 0x00 (0) [761] : 0x00 (0) [762] : 0x00 (0) [763] : 0x00 (0) [764] : 0x00 (0) [765] : 0x00 (0) [766] : 0x00 (0) [767] : 0x00 (0) [768] : 0x00 (0) [769] : 0x00 (0) [770] : 0x00 (0) [771] : 0x00 (0) [772] : 0x00 (0) [773] : 0x00 (0) [774] : 0x00 (0) [775] : 0x00 (0) [776] : 0x00 (0) [777] : 0x00 (0) [778] : 0x00 (0) [779] : 0x00 (0) [780] : 0x00 (0) [781] : 0x00 (0) [782] : 0x00 (0) [783] : 0x00 (0) [784] : 0x00 (0) [785] : 0x00 (0) [786] : 0x00 (0) [787] : 0x00 (0) [788] : 0x00 (0) [789] : 0x00 (0) [790] : 0x00 (0) [791] : 0x00 (0) [792] : 0x00 (0) [793] : 0x00 (0) [794] : 0x00 (0) [795] : 0x00 (0) [796] : 0x00 (0) [797] : 0x00 (0) [798] : 0x00 (0) [799] : 0x00 (0) [800] : 0x00 (0) [801] : 0x00 (0) [802] : 0x00 (0) [803] : 0x00 (0) [804] : 0x00 (0) [805] : 0x00 (0) [806] : 0x00 (0) [807] : 0x00 (0) [808] : 0x00 (0) [809] : 0x00 (0) [810] : 0x00 (0) [811] : 0x00 (0) [812] : 0x00 (0) [813] : 0x00 (0) [814] : 0x00 (0) [815] : 0x00 (0) [816] : 0x00 (0) [817] : 0x00 (0) [818] : 0x00 (0) [819] : 0x00 (0) [820] : 0x00 (0) [821] : 0x00 (0) [822] : 0x00 (0) [823] : 0x00 (0) [824] : 0x00 (0) [825] : 0x00 (0) [826] : 0x00 (0) [827] : 0x00 (0) [828] : 0x00 (0) [829] : 0x00 (0) [830] : 0x00 (0) [831] : 0x00 (0) [832] : 0x00 (0) [833] : 0x00 (0) [834] : 0x00 (0) [835] : 0x00 (0) [836] : 0x00 (0) [837] : 0x00 (0) [838] : 0x00 (0) [839] : 0x00 (0) [840] : 0x00 (0) [841] : 0x00 (0) [842] : 0x00 (0) [843] : 0x00 (0) [844] : 0x00 (0) [845] : 0x00 (0) [846] : 0x00 (0) [847] : 0x00 (0) [848] : 0x00 (0) [849] : 0x00 (0) [850] : 0x00 (0) [851] : 0x00 (0) [852] : 0x00 (0) [853] : 0x00 (0) [854] : 0x00 (0) [855] : 0x00 (0) [856] : 0x00 (0) [857] : 0x00 (0) [858] : 0x00 (0) [859] : 0x00 (0) [860] : 0x00 (0) [861] : 0x00 (0) [862] : 0x00 (0) [863] : 0x00 (0) [864] : 0x00 (0) [865] : 0x00 (0) [866] : 0x00 (0) [867] : 0x00 (0) [868] : 0x00 (0) [869] : 0x00 (0) [870] : 0x00 (0) [871] : 0x00 (0) [872] : 0x00 (0) [873] : 0x00 (0) [874] : 0x00 (0) [875] : 0x00 (0) [876] : 0x00 (0) [877] : 0x00 (0) [878] : 0x00 (0) [879] : 0x00 (0) [880] : 0x00 (0) [881] : 0x00 (0) [882] : 0x00 (0) [883] : 0x00 (0) [884] : 0x00 (0) [885] : 0x00 (0) [886] : 0x00 (0) [887] : 0x00 (0) [888] : 0x00 (0) [889] : 0x00 (0) [890] : 0x00 (0) [891] : 0x00 (0) [892] : 0x00 (0) [893] : 0x00 (0) [894] : 0x00 (0) [895] : 0x00 (0) [896] : 0x00 (0) [897] : 0x00 (0) [898] : 0x00 (0) [899] : 0x00 (0) [900] : 0x00 (0) [901] : 0x00 (0) [902] : 0x00 (0) [903] : 0x00 (0) [904] : 0x00 (0) [905] : 0x00 (0) [906] : 0x00 (0) [907] : 0x00 (0) [908] : 0x00 (0) [909] : 0x00 (0) [910] : 0x00 (0) [911] : 0x00 (0) [912] : 0x00 (0) [913] : 0x00 (0) [914] : 0x00 (0) [915] : 0x00 (0) [916] : 0x00 (0) [917] : 0x00 (0) [918] : 0x00 (0) [919] : 0x00 (0) [920] : 0x00 (0) [921] : 0x00 (0) [922] : 0x00 (0) [923] : 0x00 (0) [924] : 0x00 (0) [925] : 0x00 (0) [926] : 0x00 (0) [927] : 0x00 (0) [928] : 0x01 (1) [929] : 0x00 (0) [930] : 0x00 (0) [931] : 0x00 (0) [932] : 0x00 (0) [933] : 0x00 (0) [934] : 0x00 (0) [935] : 0x00 (0) [936] : 0x00 (0) [937] : 0x00 (0) [938] : 0x00 (0) [939] : 0x00 (0) [940] : 0x00 (0) [941] : 0x00 (0) [942] : 0x00 (0) [943] : 0x00 (0) [944] : 0x80 (128) [945] : 0x00 (0) [946] : 0x00 (0) [947] : 0x00 (0) [948] : 0x53 (83) [949] : 0x4d (77) [950] : 0x54 (84) [951] : 0x4a (74) [952] : 0x00 (0) [953] : 0x00 (0) [954] : 0x00 (0) [955] : 0x00 (0) [956] : 0x10 (16) [957] : 0x00 (0) [958] : 0x70 (112) [959] : 0x00 (0) [960] : 0x49 (73) [961] : 0x00 (0) [962] : 0x53 (83) [963] : 0x00 (0) [964] : 0x65 (101) [965] : 0x00 (0) [966] : 0x72 (114) [967] : 0x00 (0) [968] : 0x76 (118) [969] : 0x00 (0) [970] : 0x20 (32) [971] : 0x00 (0) [972] : 0x50 (80) [973] : 0x00 (0) [974] : 0x72 (114) [975] : 0x00 (0) [976] : 0x69 (105) [977] : 0x00 (0) [978] : 0x6e (110) [979] : 0x00 (0) [980] : 0x74 (116) [981] : 0x00 (0) [982] : 0x20 (32) [983] : 0x00 (0) [984] : 0x44 (68) [985] : 0x00 (0) [986] : 0x72 (114) [987] : 0x00 (0) [988] : 0x69 (105) [989] : 0x00 (0) [990] : 0x76 (118) [991] : 0x00 (0) [992] : 0x65 (101) [993] : 0x00 (0) [994] : 0x72 (114) [995] : 0x00 (0) [996] : 0x00 (0) [997] : 0x00 (0) [998] : 0x52 (82) [999] : 0x65 (101) [1000] : 0x73 (115) [1001] : 0x6f (111) [1002] : 0x6c (108) [1003] : 0x75 (117) [1004] : 0x74 (116) [1005] : 0x69 (105) [1006] : 0x6f (111) [1007] : 0x6e (110) [1008] : 0x00 (0) [1009] : 0x36 (54) [1010] : 0x30 (48) [1011] : 0x30 (48) [1012] : 0x64 (100) [1013] : 0x70 (112) [1014] : 0x69 (105) [1015] : 0x00 (0) [1016] : 0x50 (80) [1017] : 0x61 (97) [1018] : 0x67 (103) [1019] : 0x65 (101) [1020] : 0x53 (83) [1021] : 0x69 (105) [1022] : 0x7a (122) [1023] : 0x65 (101) [1024] : 0x00 (0) [1025] : 0x41 (65) [1026] : 0x34 (52) [1027] : 0x00 (0) [1028] : 0x50 (80) [1029] : 0x61 (97) [1030] : 0x67 (103) [1031] : 0x65 (101) [1032] : 0x52 (82) [1033] : 0x65 (101) [1034] : 0x67 (103) [1035] : 0x69 (105) [1036] : 0x6f (111) [1037] : 0x6e (110) [1038] : 0x00 (0) [1039] : 0x00 (0) [1040] : 0x00 (0) [1041] : 0x00 (0) [1042] : 0x00 (0) [1043] : 0x00 (0) [1044] : 0x00 (0) [1045] : 0x00 (0) [1046] : 0x00 (0) [1047] : 0x00 (0) [1048] : 0x00 (0) [1049] : 0x00 (0) [1050] : 0x00 (0) [1051] : 0x00 (0) [1052] : 0x00 (0) [1053] : 0x00 (0) [1054] : 0x00 (0) [1055] : 0x00 (0) [1056] : 0x00 (0) [1057] : 0x00 (0) [1058] : 0x00 (0) [1059] : 0x00 (0) [1060] : 0x00 (0) [1061] : 0x00 (0) [1062] : 0x00 (0) [1063] : 0x00 (0) [1064] : 0x00 (0) [1065] : 0x00 (0) [1066] : 0x00 (0) [1067] : 0x00 (0) [1068] : 0x00 (0) [1069] : 0x00 (0) [1070] : 0x00 (0) [1071] : 0x00 (0) data_size : * data_size : 0x00000430 (1072) data_length : * data_length : 0x00000430 (1072) result : WERR_OK [2016/11/10 14:56:30.662219, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/11/10 14:56:30.662265, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/11/10 14:56:30.662276, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/11/10 14:56:30.662287, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/11/10 14:56:30.662297, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/11/10 14:56:30.662307, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.662323, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM] [2016/11/10 14:56:30.662348, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.662373, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001d-0000-0000-2458-8e7c274a0000 result : WERR_OK [2016/11/10 14:56:30.662415, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001d-0000-0000-2458-8e7c274a0000 keyname: struct winreg_String name_len : 0x008e (142) name_size : 0x008e (142) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HLL8250CDN' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/11/10 14:56:30.662505, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.662530, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/11/10 14:56:30.662540, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (3->4) [2016/11/10 14:56:30.662550, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/11/10 14:56:30.662559, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/11/10 14:56:30.662570, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.662578, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE] [2016/11/10 14:56:30.662600, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/11/10 14:56:30.662613, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (4->5) [2016/11/10 14:56:30.662623, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.662632, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.662642, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.662651, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.662670, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/11/10 14:56:30.662680, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (5->6) [2016/11/10 14:56:30.662694, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.662706, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.662717, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.662726, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.662744, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/11/10 14:56:30.662754, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (6->7) [2016/11/10 14:56:30.662763, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.662773, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.662784, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.662793, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf76f87c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.662816, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/11/10 14:56:30.662826, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (7->8) [2016/11/10 14:56:30.662836, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.662847, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.662859, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.662868, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf76f87c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.662885, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/11/10 14:56:30.662895, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (8->9) [2016/11/10 14:56:30.662905, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.662915, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.662926, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.662935, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.662979, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HLL8250CDN] [2016/11/10 14:56:30.662989, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (9->10) [2016/11/10 14:56:30.662999, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HLL8250CDN] [2016/11/10 14:56:30.663009, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HLL8250CDN] [2016/11/10 14:56:30.663021, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.663030, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HLL8250CDN] [2016/11/10 14:56:30.663052, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (10->9) [2016/11/10 14:56:30.663062, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (9->8) [2016/11/10 14:56:30.663072, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (8->7) [2016/11/10 14:56:30.663082, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (7->6) [2016/11/10 14:56:30.663091, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (6->5) [2016/11/10 14:56:30.663101, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (5->4) [2016/11/10 14:56:30.663114, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.663139, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001e-0000-0000-2458-8e7c274a0000 result : WERR_OK [2016/11/10 14:56:30.663181, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001e-0000-0000-2458-8e7c274a0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2016/11/10 14:56:30.663253, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.663276, 7, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HLL8250CDN] [2016/11/10 14:56:30.663288, 7, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/11/10 14:56:30.663298, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HLL8250CDN' (ops 0xf7331040) [2016/11/10 14:56:30.663308, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HLL8250CDN] [2016/11/10 14:56:30.663327, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2016/11/10 14:56:30.663342, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[1]: name[Datatype] len[8] [2016/11/10 14:56:30.663354, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[2]: name[Default Priority] len[4] [2016/11/10 14:56:30.663367, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[3]: name[Port] len[38] [2016/11/10 14:56:30.663377, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[4]: name[Name] len[22] [2016/11/10 14:56:30.663387, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[5]: name[Print Processor] len[18] [2016/11/10 14:56:30.663397, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[6]: name[Priority] len[4] [2016/11/10 14:56:30.663407, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[7]: name[Security] len[248] [2016/11/10 14:56:30.663417, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[8]: name[Share Name] len[22] [2016/11/10 14:56:30.663427, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[9]: name[StartTime] len[4] [2016/11/10 14:56:30.663437, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[10]: name[UntilTime] len[4] [2016/11/10 14:56:30.663447, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[11]: name[Description] len[22] [2016/11/10 14:56:30.663458, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[12]: name[Printer Driver] len[38] [2016/11/10 14:56:30.663468, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[13]: name[Location] len[2] [2016/11/10 14:56:30.663478, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[14]: name[Parameters] len[2] [2016/11/10 14:56:30.663488, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[15]: name[Separator File] len[2] [2016/11/10 14:56:30.663499, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[16]: name[Status] len[4] [2016/11/10 14:56:30.663510, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[17]: name[Default DevMode] len[1072] [2016/11/10 14:56:30.663521, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[18]: name[ChangeID] len[4] [2016/11/10 14:56:30.663532, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2016/11/10 14:56:30.663580, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001e-0000-0000-2458-8e7c274a0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2016/11/10 14:56:30.663657, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.663683, 7, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HLL8250CDN] [2016/11/10 14:56:30.663693, 7, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/11/10 14:56:30.663704, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xae (174) [101] : 0x66 (102) [102] : 0x85 (133) [103] : 0x50 (80) [104] : 0xdc (220) [105] : 0x80 (128) [106] : 0xb5 (181) [107] : 0x88 (136) [108] : 0x63 (99) [109] : 0xbb (187) [110] : 0x04 (4) [111] : 0x8c (140) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xae (174) [137] : 0x66 (102) [138] : 0x85 (133) [139] : 0x50 (80) [140] : 0xdc (220) [141] : 0x80 (128) [142] : 0xb5 (181) [143] : 0x88 (136) [144] : 0x63 (99) [145] : 0xbb (187) [146] : 0x04 (4) [147] : 0x8c (140) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2016/11/10 14:56:30.664632, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001e-0000-0000-2458-8e7c274a0000 [2016/11/10 14:56:30.664661, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.664686, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.664708, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) Closed policy [2016/11/10 14:56:30.664720, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (4->3) [2016/11/10 14:56:30.664730, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/11/10 14:56:30.664765, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001d-0000-0000-2458-8e7c274a0000 [2016/11/10 14:56:30.664792, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.664816, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.664839, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) Closed policy [2016/11/10 14:56:30.664848, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/11/10 14:56:30.664858, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/11/10 14:56:30.664895, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001c-0000-0000-2458-8e7c274a0000 [2016/11/10 14:56:30.664921, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1C 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.664944, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1C 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.664967, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) Closed policy [2016/11/10 14:56:30.664977, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (2->1) [2016/11/10 14:56:30.664987, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/11/10 14:56:30.665020, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001b-0000-0000-2458-8e7c274a0000 [2016/11/10 14:56:30.665046, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1B 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.665069, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1B 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.665091, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) Closed policy [2016/11/10 14:56:30.665100, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (1->0) [2016/11/10 14:56:30.665163, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/11/10 14:56:30.665204, 10, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:418(close_policy_by_pipe) Deleted handle list for RPC connection winreg printername: HLL8250CDN [2016/11/10 14:56:30.665230, 4, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) Create pipe requested winreg [2016/11/10 14:56:30.665241, 10, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:223(init_pipe_handles) init_pipe_handle_list: created handle list for pipe winreg [2016/11/10 14:56:30.665251, 10, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:240(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg [2016/11/10 14:56:30.665276, 4, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) Created internal pipe winreg [2016/11/10 14:56:30.665296, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/11/10 14:56:30.665343, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/11/10 14:56:30.665359, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2016/11/10 14:56:30.665371, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:491(push_conn_ctx) push_conn_ctx(14969) : conn_ctx_stack_ndx = 0 [2016/11/10 14:56:30.665381, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2016/11/10 14:56:30.665391, 5, pid=18983, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/11/10 14:56:30.665400, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/11/10 14:56:30.665457, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2016/11/10 14:56:30.665469, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:885(regdb_open) regdb_open: registry db opened. refcount reset (1) [2016/11/10 14:56:30.665480, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/11/10 14:56:30.665490, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/11/10 14:56:30.665500, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.665509, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM] [2016/11/10 14:56:30.665538, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 1F 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.665567, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001f-0000-0000-2458-8e7c274a0000 result : WERR_OK [2016/11/10 14:56:30.665608, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001f-0000-0000-2458-8e7c274a0000 keyname: struct winreg_String name_len : 0x0082 (130) name_size : 0x0082 (130) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\asdf' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/11/10 14:56:30.665695, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1F 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.665720, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/11/10 14:56:30.665730, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (1->2) [2016/11/10 14:56:30.665740, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/11/10 14:56:30.665749, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/11/10 14:56:30.665760, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.665768, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE] [2016/11/10 14:56:30.665790, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/11/10 14:56:30.665800, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/11/10 14:56:30.665809, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.665821, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.665832, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.665840, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.665862, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/11/10 14:56:30.665873, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (3->4) [2016/11/10 14:56:30.665883, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.665892, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.665903, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.665911, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.665928, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/11/10 14:56:30.665938, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (4->5) [2016/11/10 14:56:30.665948, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.665957, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.665969, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.665977, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf76f87c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.666001, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/11/10 14:56:30.666012, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (5->6) [2016/11/10 14:56:30.666022, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.666031, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.666043, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.666052, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf76f87c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.666072, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/11/10 14:56:30.666082, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (6->7) [2016/11/10 14:56:30.666091, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.666101, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.666112, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.666121, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.666165, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [asdf] [2016/11/10 14:56:30.666176, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (7->8) [2016/11/10 14:56:30.666187, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\asdf] [2016/11/10 14:56:30.666197, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\asdf] [2016/11/10 14:56:30.666209, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.666218, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\asdf] [2016/11/10 14:56:30.666240, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (8->7) [2016/11/10 14:56:30.666251, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (7->6) [2016/11/10 14:56:30.666261, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (6->5) [2016/11/10 14:56:30.666270, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (5->4) [2016/11/10 14:56:30.666280, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (4->3) [2016/11/10 14:56:30.666289, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/11/10 14:56:30.666300, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 24 58 8E 7C .... ... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.666328, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000020-0000-0000-2458-8e7c274a0000 result : WERR_OK [2016/11/10 14:56:30.666371, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000020-0000-0000-2458-8e7c274a0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2016/11/10 14:56:30.666416, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 24 58 8E 7C .... ... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.666441, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\asdf' (ops 0xf7331040) [2016/11/10 14:56:30.666451, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\asdf] [2016/11/10 14:56:30.666469, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2016/11/10 14:56:30.666480, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[1]: name[Datatype] len[8] [2016/11/10 14:56:30.666490, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[2]: name[Default Priority] len[4] [2016/11/10 14:56:30.666499, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[3]: name[Port] len[38] [2016/11/10 14:56:30.666509, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[4]: name[Name] len[10] [2016/11/10 14:56:30.666519, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[5]: name[Print Processor] len[18] [2016/11/10 14:56:30.666529, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[6]: name[Priority] len[4] [2016/11/10 14:56:30.666539, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[7]: name[Security] len[248] [2016/11/10 14:56:30.666548, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[8]: name[Share Name] len[10] [2016/11/10 14:56:30.666559, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[9]: name[StartTime] len[4] [2016/11/10 14:56:30.666571, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[10]: name[UntilTime] len[4] [2016/11/10 14:56:30.666581, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[11]: name[Description] len[48] [2016/11/10 14:56:30.666591, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[12]: name[Printer Driver] len[38] [2016/11/10 14:56:30.666602, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[13]: name[Location] len[12] [2016/11/10 14:56:30.666612, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[14]: name[Parameters] len[2] [2016/11/10 14:56:30.666622, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[15]: name[Separator File] len[2] [2016/11/10 14:56:30.666632, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[16]: name[Status] len[4] [2016/11/10 14:56:30.666644, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[17]: name[Default DevMode] len[1072] [2016/11/10 14:56:30.666655, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[18]: name[ChangeID] len[4] [2016/11/10 14:56:30.666666, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\asdf] [2016/11/10 14:56:30.666684, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x00000013 (19) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x00000430 (1072) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2016/11/10 14:56:30.666775, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000020-0000-0000-2458-8e7c274a0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.666856, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 24 58 8E 7C .... ... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.666880, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\asdf] [2016/11/10 14:56:30.666891, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2016/11/10 14:56:30.666973, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000020-0000-0000-2458-8e7c274a0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.667048, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 24 58 8E 7C .... ... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.667074, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\asdf] [2016/11/10 14:56:30.667086, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2016/11/10 14:56:30.667187, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000020-0000-0000-2458-8e7c274a0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.667264, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 24 58 8E 7C .... ... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.667288, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\asdf] [2016/11/10 14:56:30.667298, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2016/11/10 14:56:30.667382, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000020-0000-0000-2458-8e7c274a0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.667456, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 24 58 8E 7C .... ... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.667479, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\asdf] [2016/11/10 14:56:30.667490, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2016/11/10 14:56:30.667695, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000020-0000-0000-2458-8e7c274a0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.667769, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 24 58 8E 7C .... ... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.667792, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\asdf] [2016/11/10 14:56:30.667803, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(10) [0] : 0x61 (97) [1] : 0x00 (0) [2] : 0x73 (115) [3] : 0x00 (0) [4] : 0x64 (100) [5] : 0x00 (0) [6] : 0x66 (102) [7] : 0x00 (0) [8] : 0x00 (0) [9] : 0x00 (0) size : * size : 0x0000000a (10) length : * length : 0x0000000a (10) result : WERR_OK [2016/11/10 14:56:30.667908, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000020-0000-0000-2458-8e7c274a0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.667983, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 24 58 8E 7C .... ... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.668006, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\asdf] [2016/11/10 14:56:30.668017, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2016/11/10 14:56:30.668166, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000020-0000-0000-2458-8e7c274a0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.668241, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 24 58 8E 7C .... ... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.668264, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\asdf] [2016/11/10 14:56:30.668275, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2016/11/10 14:56:30.668354, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000020-0000-0000-2458-8e7c274a0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.668431, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 24 58 8E 7C .... ... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.668454, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\asdf] [2016/11/10 14:56:30.668464, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xae (174) [101] : 0x66 (102) [102] : 0x85 (133) [103] : 0x50 (80) [104] : 0xdc (220) [105] : 0x80 (128) [106] : 0xb5 (181) [107] : 0x88 (136) [108] : 0x63 (99) [109] : 0xbb (187) [110] : 0x04 (4) [111] : 0x8c (140) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xae (174) [137] : 0x66 (102) [138] : 0x85 (133) [139] : 0x50 (80) [140] : 0xdc (220) [141] : 0x80 (128) [142] : 0xb5 (181) [143] : 0x88 (136) [144] : 0x63 (99) [145] : 0xbb (187) [146] : 0x04 (4) [147] : 0x8c (140) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) size : * size : 0x000000f8 (248) length : * length : 0x000000f8 (248) result : WERR_OK [2016/11/10 14:56:30.669384, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000020-0000-0000-2458-8e7c274a0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.669458, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 24 58 8E 7C .... ... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.669482, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\asdf] [2016/11/10 14:56:30.669493, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(10) [0] : 0x61 (97) [1] : 0x00 (0) [2] : 0x73 (115) [3] : 0x00 (0) [4] : 0x64 (100) [5] : 0x00 (0) [6] : 0x66 (102) [7] : 0x00 (0) [8] : 0x00 (0) [9] : 0x00 (0) size : * size : 0x0000000a (10) length : * length : 0x0000000a (10) result : WERR_OK [2016/11/10 14:56:30.669602, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000020-0000-0000-2458-8e7c274a0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.669682, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 24 58 8E 7C .... ... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.669706, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\asdf] [2016/11/10 14:56:30.669717, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2016/11/10 14:56:30.669806, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000020-0000-0000-2458-8e7c274a0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.669882, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 24 58 8E 7C .... ... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.669908, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\asdf] [2016/11/10 14:56:30.669919, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2016/11/10 14:56:30.670004, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000020-0000-0000-2458-8e7c274a0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.670078, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 24 58 8E 7C .... ... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.670102, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\asdf] [2016/11/10 14:56:30.670113, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(48) [0] : 0x61 (97) [1] : 0x00 (0) [2] : 0x73 (115) [3] : 0x00 (0) [4] : 0x64 (100) [5] : 0x00 (0) [6] : 0x66 (102) [7] : 0x00 (0) [8] : 0x2c (44) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x30 (48) [13] : 0x00 (0) [14] : 0x2b (43) [15] : 0x00 (0) [16] : 0x30 (48) [17] : 0x00 (0) [18] : 0x20 (32) [19] : 0x00 (0) [20] : 0x23 (35) [21] : 0x00 (0) [22] : 0x72 (114) [23] : 0x00 (0) [24] : 0x65 (101) [25] : 0x00 (0) [26] : 0x73 (115) [27] : 0x00 (0) [28] : 0x74 (116) [29] : 0x00 (0) [30] : 0x72 (114) [31] : 0x00 (0) [32] : 0x69 (105) [33] : 0x00 (0) [34] : 0x63 (99) [35] : 0x00 (0) [36] : 0x74 (116) [37] : 0x00 (0) [38] : 0x72 (114) [39] : 0x00 (0) [40] : 0x6f (111) [41] : 0x00 (0) [42] : 0x6f (111) [43] : 0x00 (0) [44] : 0x6d (109) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) size : * size : 0x00000030 (48) length : * length : 0x00000030 (48) result : WERR_OK [2016/11/10 14:56:30.670362, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000020-0000-0000-2458-8e7c274a0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.670439, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 24 58 8E 7C .... ... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.670464, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\asdf] [2016/11/10 14:56:30.670475, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x001e (30) size : 0x0024 (36) name : * name : 'Printer Driver' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x49 (73) [1] : 0x00 (0) [2] : 0x53 (83) [3] : 0x00 (0) [4] : 0x65 (101) [5] : 0x00 (0) [6] : 0x72 (114) [7] : 0x00 (0) [8] : 0x76 (118) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x20 (32) [23] : 0x00 (0) [24] : 0x44 (68) [25] : 0x00 (0) [26] : 0x72 (114) [27] : 0x00 (0) [28] : 0x69 (105) [29] : 0x00 (0) [30] : 0x76 (118) [31] : 0x00 (0) [32] : 0x65 (101) [33] : 0x00 (0) [34] : 0x72 (114) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2016/11/10 14:56:30.670676, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000020-0000-0000-2458-8e7c274a0000 enum_index : 0x0000000d (13) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.670753, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 24 58 8E 7C .... ... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.670777, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\asdf] [2016/11/10 14:56:30.670788, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Location' type : * type : REG_SZ (1) value : * value: ARRAY(12) [0] : 0x4d (77) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6c (108) [5] : 0x00 (0) [6] : 0x74 (116) [7] : 0x00 (0) [8] : 0x65 (101) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) size : * size : 0x0000000c (12) length : * length : 0x0000000c (12) result : WERR_OK [2016/11/10 14:56:30.670903, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000020-0000-0000-2458-8e7c274a0000 enum_index : 0x0000000e (14) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.670980, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 24 58 8E 7C .... ... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.671004, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\asdf] [2016/11/10 14:56:30.671014, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Parameters' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2016/11/10 14:56:30.671092, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000020-0000-0000-2458-8e7c274a0000 enum_index : 0x0000000f (15) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.671166, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 24 58 8E 7C .... ... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.671190, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\asdf] [2016/11/10 14:56:30.671201, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x001e (30) size : 0x0024 (36) name : * name : 'Separator File' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2016/11/10 14:56:30.671278, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000020-0000-0000-2458-8e7c274a0000 enum_index : 0x00000010 (16) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.671354, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 24 58 8E 7C .... ... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.671379, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\asdf] [2016/11/10 14:56:30.671389, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000e (14) size : 0x0024 (36) name : * name : 'Status' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2016/11/10 14:56:30.671477, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000020-0000-0000-2458-8e7c274a0000 enum_index : 0x00000011 (17) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.671557, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 24 58 8E 7C .... ... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.671582, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\asdf] [2016/11/10 14:56:30.671592, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Default DevMode' type : * type : REG_BINARY (3) value : * value: ARRAY(1072) [0] : 0x5c (92) [1] : 0x00 (0) [2] : 0x5c (92) [3] : 0x00 (0) [4] : 0x69 (105) [5] : 0x00 (0) [6] : 0x73 (115) [7] : 0x00 (0) [8] : 0x65 (101) [9] : 0x00 (0) [10] : 0x72 (114) [11] : 0x00 (0) [12] : 0x76 (118) [13] : 0x00 (0) [14] : 0x5c (92) [15] : 0x00 (0) [16] : 0x78 (120) [17] : 0x00 (0) [18] : 0x79 (121) [19] : 0x00 (0) [20] : 0x7a (122) [21] : 0x00 (0) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x00 (0) [28] : 0x00 (0) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x00 (0) [33] : 0x00 (0) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x00 (0) [44] : 0x00 (0) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x00 (0) [49] : 0x00 (0) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x00 (0) [53] : 0x00 (0) [54] : 0x00 (0) [55] : 0x00 (0) [56] : 0x00 (0) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x00 (0) [62] : 0x00 (0) [63] : 0x00 (0) [64] : 0x01 (1) [65] : 0x04 (4) [66] : 0x00 (0) [67] : 0x06 (6) [68] : 0xdc (220) [69] : 0x00 (0) [70] : 0x54 (84) [71] : 0x03 (3) [72] : 0x53 (83) [73] : 0xef (239) [74] : 0x81 (129) [75] : 0x01 (1) [76] : 0x01 (1) [77] : 0x00 (0) [78] : 0x09 (9) [79] : 0x00 (0) [80] : 0xea (234) [81] : 0x0a (10) [82] : 0x6f (111) [83] : 0x08 (8) [84] : 0x64 (100) [85] : 0x00 (0) [86] : 0x01 (1) [87] : 0x00 (0) [88] : 0x0f (15) [89] : 0x00 (0) [90] : 0x58 (88) [91] : 0x02 (2) [92] : 0x02 (2) [93] : 0x00 (0) [94] : 0x01 (1) [95] : 0x00 (0) [96] : 0x58 (88) [97] : 0x02 (2) [98] : 0x03 (3) [99] : 0x00 (0) [100] : 0x01 (1) [101] : 0x00 (0) [102] : 0x41 (65) [103] : 0x00 (0) [104] : 0x34 (52) [105] : 0x00 (0) [106] : 0x00 (0) [107] : 0x00 (0) [108] : 0x00 (0) [109] : 0x00 (0) [110] : 0x00 (0) [111] : 0x00 (0) [112] : 0x00 (0) [113] : 0x00 (0) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x00 (0) [120] : 0x00 (0) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x00 (0) [125] : 0x00 (0) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x00 (0) [132] : 0x00 (0) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0x00 (0) [137] : 0x00 (0) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x00 (0) [144] : 0x00 (0) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x00 (0) [149] : 0x00 (0) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x00 (0) [154] : 0x00 (0) [155] : 0x00 (0) [156] : 0x00 (0) [157] : 0x00 (0) [158] : 0x00 (0) [159] : 0x00 (0) [160] : 0x00 (0) [161] : 0x00 (0) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x00 (0) [168] : 0x00 (0) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x00 (0) [173] : 0x00 (0) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x00 (0) [178] : 0x00 (0) [179] : 0x00 (0) [180] : 0x01 (1) [181] : 0x00 (0) [182] : 0x00 (0) [183] : 0x00 (0) [184] : 0x00 (0) [185] : 0x00 (0) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x01 (1) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x00 (0) [192] : 0x02 (2) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x01 (1) [197] : 0x00 (0) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x00 (0) [202] : 0x00 (0) [203] : 0x00 (0) [204] : 0x00 (0) [205] : 0x00 (0) [206] : 0x00 (0) [207] : 0x00 (0) [208] : 0x00 (0) [209] : 0x00 (0) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x00 (0) [216] : 0x00 (0) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x50 (80) [221] : 0x52 (82) [222] : 0x49 (73) [223] : 0x56 (86) [224] : 0xe2 (226) [225] : 0x30 (48) [226] : 0x00 (0) [227] : 0x00 (0) [228] : 0x00 (0) [229] : 0x00 (0) [230] : 0x00 (0) [231] : 0x00 (0) [232] : 0x00 (0) [233] : 0x00 (0) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x00 (0) [240] : 0x00 (0) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x00 (0) [245] : 0x00 (0) [246] : 0x00 (0) [247] : 0x00 (0) [248] : 0x00 (0) [249] : 0x00 (0) [250] : 0x00 (0) [251] : 0x00 (0) [252] : 0x00 (0) [253] : 0x00 (0) [254] : 0x00 (0) [255] : 0x00 (0) [256] : 0x00 (0) [257] : 0x00 (0) [258] : 0x00 (0) [259] : 0x00 (0) [260] : 0x00 (0) [261] : 0x00 (0) [262] : 0x00 (0) [263] : 0x00 (0) [264] : 0x00 (0) [265] : 0x00 (0) [266] : 0x00 (0) [267] : 0x00 (0) [268] : 0x00 (0) [269] : 0x00 (0) [270] : 0x00 (0) [271] : 0x00 (0) [272] : 0x00 (0) [273] : 0x00 (0) [274] : 0x00 (0) [275] : 0x00 (0) [276] : 0x00 (0) [277] : 0x00 (0) [278] : 0x00 (0) [279] : 0x00 (0) [280] : 0x00 (0) [281] : 0x00 (0) [282] : 0x00 (0) [283] : 0x00 (0) [284] : 0x00 (0) [285] : 0x00 (0) [286] : 0x00 (0) [287] : 0x00 (0) [288] : 0x00 (0) [289] : 0x00 (0) [290] : 0x00 (0) [291] : 0x00 (0) [292] : 0x00 (0) [293] : 0x00 (0) [294] : 0x00 (0) [295] : 0x00 (0) [296] : 0x00 (0) [297] : 0x00 (0) [298] : 0x00 (0) [299] : 0x00 (0) [300] : 0x00 (0) [301] : 0x00 (0) [302] : 0x00 (0) [303] : 0x00 (0) [304] : 0x00 (0) [305] : 0x00 (0) [306] : 0x00 (0) [307] : 0x00 (0) [308] : 0x18 (24) [309] : 0x00 (0) [310] : 0x00 (0) [311] : 0x00 (0) [312] : 0x00 (0) [313] : 0x00 (0) [314] : 0x10 (16) [315] : 0x27 (39) [316] : 0x10 (16) [317] : 0x27 (39) [318] : 0x10 (16) [319] : 0x27 (39) [320] : 0x00 (0) [321] : 0x00 (0) [322] : 0x10 (16) [323] : 0x27 (39) [324] : 0x00 (0) [325] : 0x00 (0) [326] : 0x00 (0) [327] : 0x00 (0) [328] : 0x00 (0) [329] : 0x00 (0) [330] : 0x00 (0) [331] : 0x00 (0) [332] : 0x80 (128) [333] : 0x00 (0) [334] : 0x54 (84) [335] : 0x03 (3) [336] : 0x00 (0) [337] : 0x00 (0) [338] : 0x00 (0) [339] : 0x00 (0) [340] : 0x00 (0) [341] : 0x00 (0) [342] : 0x00 (0) [343] : 0x00 (0) [344] : 0x00 (0) [345] : 0x00 (0) [346] : 0x00 (0) [347] : 0x00 (0) [348] : 0x00 (0) [349] : 0x00 (0) [350] : 0x00 (0) [351] : 0x00 (0) [352] : 0x00 (0) [353] : 0x00 (0) [354] : 0x00 (0) [355] : 0x00 (0) [356] : 0x00 (0) [357] : 0x00 (0) [358] : 0x00 (0) [359] : 0x00 (0) [360] : 0x03 (3) [361] : 0x00 (0) [362] : 0x00 (0) [363] : 0x00 (0) [364] : 0x00 (0) [365] : 0x00 (0) [366] : 0x00 (0) [367] : 0x00 (0) [368] : 0x00 (0) [369] : 0x00 (0) [370] : 0x10 (16) [371] : 0x00 (0) [372] : 0x50 (80) [373] : 0x34 (52) [374] : 0x03 (3) [375] : 0x00 (0) [376] : 0x28 (40) [377] : 0x88 (136) [378] : 0x04 (4) [379] : 0x00 (0) [380] : 0x00 (0) [381] : 0x00 (0) [382] : 0x00 (0) [383] : 0x00 (0) [384] : 0x00 (0) [385] : 0x00 (0) [386] : 0x00 (0) [387] : 0x00 (0) [388] : 0x00 (0) [389] : 0x00 (0) [390] : 0x01 (1) [391] : 0x00 (0) [392] : 0x00 (0) [393] : 0x00 (0) [394] : 0x00 (0) [395] : 0x00 (0) [396] : 0x00 (0) [397] : 0x00 (0) [398] : 0x00 (0) [399] : 0x00 (0) [400] : 0x00 (0) [401] : 0x00 (0) [402] : 0x00 (0) [403] : 0x00 (0) [404] : 0x00 (0) [405] : 0x00 (0) [406] : 0x00 (0) [407] : 0x00 (0) [408] : 0x24 (36) [409] : 0x01 (1) [410] : 0xdf (223) [411] : 0x8c (140) [412] : 0x03 (3) [413] : 0x00 (0) [414] : 0x00 (0) [415] : 0x00 (0) [416] : 0x05 (5) [417] : 0x00 (0) [418] : 0x0b (11) [419] : 0x00 (0) [420] : 0xff (255) [421] : 0x00 (0) [422] : 0x00 (0) [423] : 0x00 (0) [424] : 0x00 (0) [425] : 0x00 (0) [426] : 0x00 (0) [427] : 0x00 (0) [428] : 0x00 (0) [429] : 0x00 (0) [430] : 0x00 (0) [431] : 0x00 (0) [432] : 0x00 (0) [433] : 0x00 (0) [434] : 0x00 (0) [435] : 0x00 (0) [436] : 0x00 (0) [437] : 0x00 (0) [438] : 0x00 (0) [439] : 0x00 (0) [440] : 0x00 (0) [441] : 0x00 (0) [442] : 0x00 (0) [443] : 0x00 (0) [444] : 0x00 (0) [445] : 0x00 (0) [446] : 0x00 (0) [447] : 0x00 (0) [448] : 0x00 (0) [449] : 0x00 (0) [450] : 0x00 (0) [451] : 0x00 (0) [452] : 0x00 (0) [453] : 0x00 (0) [454] : 0x00 (0) [455] : 0x00 (0) [456] : 0x00 (0) [457] : 0x00 (0) [458] : 0x00 (0) [459] : 0x00 (0) [460] : 0x00 (0) [461] : 0x00 (0) [462] : 0x00 (0) [463] : 0x00 (0) [464] : 0x00 (0) [465] : 0x00 (0) [466] : 0x00 (0) [467] : 0x00 (0) [468] : 0x00 (0) [469] : 0x00 (0) [470] : 0x00 (0) [471] : 0x00 (0) [472] : 0x00 (0) [473] : 0x00 (0) [474] : 0x00 (0) [475] : 0x00 (0) [476] : 0x00 (0) [477] : 0x00 (0) [478] : 0x00 (0) [479] : 0x00 (0) [480] : 0x00 (0) [481] : 0x00 (0) [482] : 0x00 (0) [483] : 0x00 (0) [484] : 0x00 (0) [485] : 0x00 (0) [486] : 0x00 (0) [487] : 0x00 (0) [488] : 0x00 (0) [489] : 0x00 (0) [490] : 0x00 (0) [491] : 0x00 (0) [492] : 0x00 (0) [493] : 0x00 (0) [494] : 0x00 (0) [495] : 0x00 (0) [496] : 0x00 (0) [497] : 0x00 (0) [498] : 0x00 (0) [499] : 0x00 (0) [500] : 0x00 (0) [501] : 0x00 (0) [502] : 0x00 (0) [503] : 0x00 (0) [504] : 0x00 (0) [505] : 0x00 (0) [506] : 0x00 (0) [507] : 0x00 (0) [508] : 0x00 (0) [509] : 0x00 (0) [510] : 0x00 (0) [511] : 0x00 (0) [512] : 0x00 (0) [513] : 0x00 (0) [514] : 0x00 (0) [515] : 0x00 (0) [516] : 0x00 (0) [517] : 0x00 (0) [518] : 0x00 (0) [519] : 0x00 (0) [520] : 0x00 (0) [521] : 0x00 (0) [522] : 0x00 (0) [523] : 0x00 (0) [524] : 0x00 (0) [525] : 0x00 (0) [526] : 0x00 (0) [527] : 0x00 (0) [528] : 0x00 (0) [529] : 0x00 (0) [530] : 0x00 (0) [531] : 0x00 (0) [532] : 0x00 (0) [533] : 0x00 (0) [534] : 0x00 (0) [535] : 0x00 (0) [536] : 0x00 (0) [537] : 0x00 (0) [538] : 0x00 (0) [539] : 0x00 (0) [540] : 0x00 (0) [541] : 0x00 (0) [542] : 0x00 (0) [543] : 0x00 (0) [544] : 0x00 (0) [545] : 0x00 (0) [546] : 0x00 (0) [547] : 0x00 (0) [548] : 0x00 (0) [549] : 0x00 (0) [550] : 0x00 (0) [551] : 0x00 (0) [552] : 0x00 (0) [553] : 0x00 (0) [554] : 0x00 (0) [555] : 0x00 (0) [556] : 0x00 (0) [557] : 0x00 (0) [558] : 0x00 (0) [559] : 0x00 (0) [560] : 0x00 (0) [561] : 0x00 (0) [562] : 0x00 (0) [563] : 0x00 (0) [564] : 0x00 (0) [565] : 0x00 (0) [566] : 0x00 (0) [567] : 0x00 (0) [568] : 0x00 (0) [569] : 0x00 (0) [570] : 0x00 (0) [571] : 0x00 (0) [572] : 0x00 (0) [573] : 0x00 (0) [574] : 0x00 (0) [575] : 0x00 (0) [576] : 0x00 (0) [577] : 0x00 (0) [578] : 0x00 (0) [579] : 0x00 (0) [580] : 0x00 (0) [581] : 0x00 (0) [582] : 0x00 (0) [583] : 0x00 (0) [584] : 0x00 (0) [585] : 0x00 (0) [586] : 0x00 (0) [587] : 0x00 (0) [588] : 0x00 (0) [589] : 0x00 (0) [590] : 0x00 (0) [591] : 0x00 (0) [592] : 0x00 (0) [593] : 0x00 (0) [594] : 0x00 (0) [595] : 0x00 (0) [596] : 0x00 (0) [597] : 0x00 (0) [598] : 0x00 (0) [599] : 0x00 (0) [600] : 0x00 (0) [601] : 0x00 (0) [602] : 0x00 (0) [603] : 0x00 (0) [604] : 0x00 (0) [605] : 0x00 (0) [606] : 0x00 (0) [607] : 0x00 (0) [608] : 0x00 (0) [609] : 0x00 (0) [610] : 0x00 (0) [611] : 0x00 (0) [612] : 0x00 (0) [613] : 0x00 (0) [614] : 0x00 (0) [615] : 0x00 (0) [616] : 0x00 (0) [617] : 0x00 (0) [618] : 0x00 (0) [619] : 0x00 (0) [620] : 0x00 (0) [621] : 0x00 (0) [622] : 0x00 (0) [623] : 0x00 (0) [624] : 0x00 (0) [625] : 0x00 (0) [626] : 0x00 (0) [627] : 0x00 (0) [628] : 0x00 (0) [629] : 0x00 (0) [630] : 0x00 (0) [631] : 0x00 (0) [632] : 0x00 (0) [633] : 0x00 (0) [634] : 0x00 (0) [635] : 0x00 (0) [636] : 0x00 (0) [637] : 0x00 (0) [638] : 0x00 (0) [639] : 0x00 (0) [640] : 0x00 (0) [641] : 0x00 (0) [642] : 0x00 (0) [643] : 0x00 (0) [644] : 0x00 (0) [645] : 0x00 (0) [646] : 0x00 (0) [647] : 0x00 (0) [648] : 0x00 (0) [649] : 0x00 (0) [650] : 0x00 (0) [651] : 0x00 (0) [652] : 0x00 (0) [653] : 0x00 (0) [654] : 0x00 (0) [655] : 0x00 (0) [656] : 0x00 (0) [657] : 0x00 (0) [658] : 0x00 (0) [659] : 0x00 (0) [660] : 0x00 (0) [661] : 0x00 (0) [662] : 0x00 (0) [663] : 0x00 (0) [664] : 0x00 (0) [665] : 0x00 (0) [666] : 0x00 (0) [667] : 0x00 (0) [668] : 0x00 (0) [669] : 0x00 (0) [670] : 0x00 (0) [671] : 0x00 (0) [672] : 0x00 (0) [673] : 0x00 (0) [674] : 0x00 (0) [675] : 0x00 (0) [676] : 0x00 (0) [677] : 0x00 (0) [678] : 0x00 (0) [679] : 0x00 (0) [680] : 0x00 (0) [681] : 0x00 (0) [682] : 0x00 (0) [683] : 0x00 (0) [684] : 0x00 (0) [685] : 0x00 (0) [686] : 0x00 (0) [687] : 0x00 (0) [688] : 0x00 (0) [689] : 0x00 (0) [690] : 0x00 (0) [691] : 0x00 (0) [692] : 0x00 (0) [693] : 0x00 (0) [694] : 0x00 (0) [695] : 0x00 (0) [696] : 0x00 (0) [697] : 0x00 (0) [698] : 0x00 (0) [699] : 0x00 (0) [700] : 0x00 (0) [701] : 0x00 (0) [702] : 0x00 (0) [703] : 0x00 (0) [704] : 0x00 (0) [705] : 0x00 (0) [706] : 0x00 (0) [707] : 0x00 (0) [708] : 0x00 (0) [709] : 0x00 (0) [710] : 0x00 (0) [711] : 0x00 (0) [712] : 0x00 (0) [713] : 0x00 (0) [714] : 0x00 (0) [715] : 0x00 (0) [716] : 0x00 (0) [717] : 0x00 (0) [718] : 0x00 (0) [719] : 0x00 (0) [720] : 0x00 (0) [721] : 0x00 (0) [722] : 0x00 (0) [723] : 0x00 (0) [724] : 0x00 (0) [725] : 0x00 (0) [726] : 0x00 (0) [727] : 0x00 (0) [728] : 0x00 (0) [729] : 0x00 (0) [730] : 0x00 (0) [731] : 0x00 (0) [732] : 0x00 (0) [733] : 0x00 (0) [734] : 0x00 (0) [735] : 0x00 (0) [736] : 0x00 (0) [737] : 0x00 (0) [738] : 0x00 (0) [739] : 0x00 (0) [740] : 0x00 (0) [741] : 0x00 (0) [742] : 0x00 (0) [743] : 0x00 (0) [744] : 0x00 (0) [745] : 0x00 (0) [746] : 0x00 (0) [747] : 0x00 (0) [748] : 0x00 (0) [749] : 0x00 (0) [750] : 0x00 (0) [751] : 0x00 (0) [752] : 0x00 (0) [753] : 0x00 (0) [754] : 0x00 (0) [755] : 0x00 (0) [756] : 0x00 (0) [757] : 0x00 (0) [758] : 0x00 (0) [759] : 0x00 (0) [760] : 0x00 (0) [761] : 0x00 (0) [762] : 0x00 (0) [763] : 0x00 (0) [764] : 0x00 (0) [765] : 0x00 (0) [766] : 0x00 (0) [767] : 0x00 (0) [768] : 0x00 (0) [769] : 0x00 (0) [770] : 0x00 (0) [771] : 0x00 (0) [772] : 0x00 (0) [773] : 0x00 (0) [774] : 0x00 (0) [775] : 0x00 (0) [776] : 0x00 (0) [777] : 0x00 (0) [778] : 0x00 (0) [779] : 0x00 (0) [780] : 0x00 (0) [781] : 0x00 (0) [782] : 0x00 (0) [783] : 0x00 (0) [784] : 0x00 (0) [785] : 0x00 (0) [786] : 0x00 (0) [787] : 0x00 (0) [788] : 0x00 (0) [789] : 0x00 (0) [790] : 0x00 (0) [791] : 0x00 (0) [792] : 0x00 (0) [793] : 0x00 (0) [794] : 0x00 (0) [795] : 0x00 (0) [796] : 0x00 (0) [797] : 0x00 (0) [798] : 0x00 (0) [799] : 0x00 (0) [800] : 0x00 (0) [801] : 0x00 (0) [802] : 0x00 (0) [803] : 0x00 (0) [804] : 0x00 (0) [805] : 0x00 (0) [806] : 0x00 (0) [807] : 0x00 (0) [808] : 0x00 (0) [809] : 0x00 (0) [810] : 0x00 (0) [811] : 0x00 (0) [812] : 0x00 (0) [813] : 0x00 (0) [814] : 0x00 (0) [815] : 0x00 (0) [816] : 0x00 (0) [817] : 0x00 (0) [818] : 0x00 (0) [819] : 0x00 (0) [820] : 0x00 (0) [821] : 0x00 (0) [822] : 0x00 (0) [823] : 0x00 (0) [824] : 0x00 (0) [825] : 0x00 (0) [826] : 0x00 (0) [827] : 0x00 (0) [828] : 0x00 (0) [829] : 0x00 (0) [830] : 0x00 (0) [831] : 0x00 (0) [832] : 0x00 (0) [833] : 0x00 (0) [834] : 0x00 (0) [835] : 0x00 (0) [836] : 0x00 (0) [837] : 0x00 (0) [838] : 0x00 (0) [839] : 0x00 (0) [840] : 0x00 (0) [841] : 0x00 (0) [842] : 0x00 (0) [843] : 0x00 (0) [844] : 0x00 (0) [845] : 0x00 (0) [846] : 0x00 (0) [847] : 0x00 (0) [848] : 0x00 (0) [849] : 0x00 (0) [850] : 0x00 (0) [851] : 0x00 (0) [852] : 0x00 (0) [853] : 0x00 (0) [854] : 0x00 (0) [855] : 0x00 (0) [856] : 0x00 (0) [857] : 0x00 (0) [858] : 0x00 (0) [859] : 0x00 (0) [860] : 0x00 (0) [861] : 0x00 (0) [862] : 0x00 (0) [863] : 0x00 (0) [864] : 0x00 (0) [865] : 0x00 (0) [866] : 0x00 (0) [867] : 0x00 (0) [868] : 0x00 (0) [869] : 0x00 (0) [870] : 0x00 (0) [871] : 0x00 (0) [872] : 0x00 (0) [873] : 0x00 (0) [874] : 0x00 (0) [875] : 0x00 (0) [876] : 0x00 (0) [877] : 0x00 (0) [878] : 0x00 (0) [879] : 0x00 (0) [880] : 0x00 (0) [881] : 0x00 (0) [882] : 0x00 (0) [883] : 0x00 (0) [884] : 0x00 (0) [885] : 0x00 (0) [886] : 0x00 (0) [887] : 0x00 (0) [888] : 0x00 (0) [889] : 0x00 (0) [890] : 0x00 (0) [891] : 0x00 (0) [892] : 0x00 (0) [893] : 0x00 (0) [894] : 0x00 (0) [895] : 0x00 (0) [896] : 0x00 (0) [897] : 0x00 (0) [898] : 0x00 (0) [899] : 0x00 (0) [900] : 0x00 (0) [901] : 0x00 (0) [902] : 0x00 (0) [903] : 0x00 (0) [904] : 0x00 (0) [905] : 0x00 (0) [906] : 0x00 (0) [907] : 0x00 (0) [908] : 0x00 (0) [909] : 0x00 (0) [910] : 0x00 (0) [911] : 0x00 (0) [912] : 0x00 (0) [913] : 0x00 (0) [914] : 0x00 (0) [915] : 0x00 (0) [916] : 0x00 (0) [917] : 0x00 (0) [918] : 0x00 (0) [919] : 0x00 (0) [920] : 0x00 (0) [921] : 0x00 (0) [922] : 0x00 (0) [923] : 0x00 (0) [924] : 0x00 (0) [925] : 0x00 (0) [926] : 0x00 (0) [927] : 0x00 (0) [928] : 0x01 (1) [929] : 0x00 (0) [930] : 0x00 (0) [931] : 0x00 (0) [932] : 0x00 (0) [933] : 0x00 (0) [934] : 0x00 (0) [935] : 0x00 (0) [936] : 0x00 (0) [937] : 0x00 (0) [938] : 0x00 (0) [939] : 0x00 (0) [940] : 0x00 (0) [941] : 0x00 (0) [942] : 0x00 (0) [943] : 0x00 (0) [944] : 0x80 (128) [945] : 0x00 (0) [946] : 0x00 (0) [947] : 0x00 (0) [948] : 0x53 (83) [949] : 0x4d (77) [950] : 0x54 (84) [951] : 0x4a (74) [952] : 0x00 (0) [953] : 0x00 (0) [954] : 0x00 (0) [955] : 0x00 (0) [956] : 0x10 (16) [957] : 0x00 (0) [958] : 0x70 (112) [959] : 0x00 (0) [960] : 0x49 (73) [961] : 0x00 (0) [962] : 0x53 (83) [963] : 0x00 (0) [964] : 0x65 (101) [965] : 0x00 (0) [966] : 0x72 (114) [967] : 0x00 (0) [968] : 0x76 (118) [969] : 0x00 (0) [970] : 0x20 (32) [971] : 0x00 (0) [972] : 0x50 (80) [973] : 0x00 (0) [974] : 0x72 (114) [975] : 0x00 (0) [976] : 0x69 (105) [977] : 0x00 (0) [978] : 0x6e (110) [979] : 0x00 (0) [980] : 0x74 (116) [981] : 0x00 (0) [982] : 0x20 (32) [983] : 0x00 (0) [984] : 0x44 (68) [985] : 0x00 (0) [986] : 0x72 (114) [987] : 0x00 (0) [988] : 0x69 (105) [989] : 0x00 (0) [990] : 0x76 (118) [991] : 0x00 (0) [992] : 0x65 (101) [993] : 0x00 (0) [994] : 0x72 (114) [995] : 0x00 (0) [996] : 0x00 (0) [997] : 0x00 (0) [998] : 0x52 (82) [999] : 0x65 (101) [1000] : 0x73 (115) [1001] : 0x6f (111) [1002] : 0x6c (108) [1003] : 0x75 (117) [1004] : 0x74 (116) [1005] : 0x69 (105) [1006] : 0x6f (111) [1007] : 0x6e (110) [1008] : 0x00 (0) [1009] : 0x36 (54) [1010] : 0x30 (48) [1011] : 0x30 (48) [1012] : 0x64 (100) [1013] : 0x70 (112) [1014] : 0x69 (105) [1015] : 0x00 (0) [1016] : 0x50 (80) [1017] : 0x61 (97) [1018] : 0x67 (103) [1019] : 0x65 (101) [1020] : 0x53 (83) [1021] : 0x69 (105) [1022] : 0x7a (122) [1023] : 0x65 (101) [1024] : 0x00 (0) [1025] : 0x41 (65) [1026] : 0x34 (52) [1027] : 0x00 (0) [1028] : 0x50 (80) [1029] : 0x61 (97) [1030] : 0x67 (103) [1031] : 0x65 (101) [1032] : 0x52 (82) [1033] : 0x65 (101) [1034] : 0x67 (103) [1035] : 0x69 (105) [1036] : 0x6f (111) [1037] : 0x6e (110) [1038] : 0x00 (0) [1039] : 0x00 (0) [1040] : 0x00 (0) [1041] : 0x00 (0) [1042] : 0x00 (0) [1043] : 0x00 (0) [1044] : 0x00 (0) [1045] : 0x00 (0) [1046] : 0x00 (0) [1047] : 0x00 (0) [1048] : 0x00 (0) [1049] : 0x00 (0) [1050] : 0x00 (0) [1051] : 0x00 (0) [1052] : 0x00 (0) [1053] : 0x00 (0) [1054] : 0x00 (0) [1055] : 0x00 (0) [1056] : 0x00 (0) [1057] : 0x00 (0) [1058] : 0x00 (0) [1059] : 0x00 (0) [1060] : 0x00 (0) [1061] : 0x00 (0) [1062] : 0x00 (0) [1063] : 0x00 (0) [1064] : 0x00 (0) [1065] : 0x00 (0) [1066] : 0x00 (0) [1067] : 0x00 (0) [1068] : 0x00 (0) [1069] : 0x00 (0) [1070] : 0x00 (0) [1071] : 0x00 (0) size : * size : 0x00000430 (1072) length : * length : 0x00000430 (1072) result : WERR_OK [2016/11/10 14:56:30.675208, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000020-0000-0000-2458-8e7c274a0000 enum_index : 0x00000012 (18) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.675287, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 24 58 8E 7C .... ... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.675311, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\asdf] [2016/11/10 14:56:30.675322, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x29 (41) [1] : 0x4a (74) [2] : 0xa8 (168) [3] : 0x17 (23) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2016/11/10 14:56:30.675426, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000020-0000-0000-2458-8e7c274a0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2016/11/10 14:56:30.675494, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 24 58 8E 7C .... ... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.675517, 7, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\asdf] [2016/11/10 14:56:30.675529, 7, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/11/10 14:56:30.675542, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x00000430 (1072) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2016/11/10 14:56:30.675587, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000020-0000-0000-2458-8e7c274a0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x00000430 (1072) data_length : * data_length : 0x00000000 (0) [2016/11/10 14:56:30.675657, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 24 58 8E 7C .... ... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.675681, 7, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\asdf] [2016/11/10 14:56:30.675691, 7, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/11/10 14:56:30.675703, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(1072) [0] : 0x5c (92) [1] : 0x00 (0) [2] : 0x5c (92) [3] : 0x00 (0) [4] : 0x69 (105) [5] : 0x00 (0) [6] : 0x73 (115) [7] : 0x00 (0) [8] : 0x65 (101) [9] : 0x00 (0) [10] : 0x72 (114) [11] : 0x00 (0) [12] : 0x76 (118) [13] : 0x00 (0) [14] : 0x5c (92) [15] : 0x00 (0) [16] : 0x78 (120) [17] : 0x00 (0) [18] : 0x79 (121) [19] : 0x00 (0) [20] : 0x7a (122) [21] : 0x00 (0) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x00 (0) [28] : 0x00 (0) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x00 (0) [33] : 0x00 (0) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x00 (0) [44] : 0x00 (0) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x00 (0) [49] : 0x00 (0) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x00 (0) [53] : 0x00 (0) [54] : 0x00 (0) [55] : 0x00 (0) [56] : 0x00 (0) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x00 (0) [62] : 0x00 (0) [63] : 0x00 (0) [64] : 0x01 (1) [65] : 0x04 (4) [66] : 0x00 (0) [67] : 0x06 (6) [68] : 0xdc (220) [69] : 0x00 (0) [70] : 0x54 (84) [71] : 0x03 (3) [72] : 0x53 (83) [73] : 0xef (239) [74] : 0x81 (129) [75] : 0x01 (1) [76] : 0x01 (1) [77] : 0x00 (0) [78] : 0x09 (9) [79] : 0x00 (0) [80] : 0xea (234) [81] : 0x0a (10) [82] : 0x6f (111) [83] : 0x08 (8) [84] : 0x64 (100) [85] : 0x00 (0) [86] : 0x01 (1) [87] : 0x00 (0) [88] : 0x0f (15) [89] : 0x00 (0) [90] : 0x58 (88) [91] : 0x02 (2) [92] : 0x02 (2) [93] : 0x00 (0) [94] : 0x01 (1) [95] : 0x00 (0) [96] : 0x58 (88) [97] : 0x02 (2) [98] : 0x03 (3) [99] : 0x00 (0) [100] : 0x01 (1) [101] : 0x00 (0) [102] : 0x41 (65) [103] : 0x00 (0) [104] : 0x34 (52) [105] : 0x00 (0) [106] : 0x00 (0) [107] : 0x00 (0) [108] : 0x00 (0) [109] : 0x00 (0) [110] : 0x00 (0) [111] : 0x00 (0) [112] : 0x00 (0) [113] : 0x00 (0) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x00 (0) [120] : 0x00 (0) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x00 (0) [125] : 0x00 (0) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x00 (0) [132] : 0x00 (0) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0x00 (0) [137] : 0x00 (0) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x00 (0) [144] : 0x00 (0) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x00 (0) [149] : 0x00 (0) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x00 (0) [154] : 0x00 (0) [155] : 0x00 (0) [156] : 0x00 (0) [157] : 0x00 (0) [158] : 0x00 (0) [159] : 0x00 (0) [160] : 0x00 (0) [161] : 0x00 (0) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x00 (0) [168] : 0x00 (0) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x00 (0) [173] : 0x00 (0) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x00 (0) [178] : 0x00 (0) [179] : 0x00 (0) [180] : 0x01 (1) [181] : 0x00 (0) [182] : 0x00 (0) [183] : 0x00 (0) [184] : 0x00 (0) [185] : 0x00 (0) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x01 (1) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x00 (0) [192] : 0x02 (2) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x01 (1) [197] : 0x00 (0) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x00 (0) [202] : 0x00 (0) [203] : 0x00 (0) [204] : 0x00 (0) [205] : 0x00 (0) [206] : 0x00 (0) [207] : 0x00 (0) [208] : 0x00 (0) [209] : 0x00 (0) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x00 (0) [216] : 0x00 (0) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x50 (80) [221] : 0x52 (82) [222] : 0x49 (73) [223] : 0x56 (86) [224] : 0xe2 (226) [225] : 0x30 (48) [226] : 0x00 (0) [227] : 0x00 (0) [228] : 0x00 (0) [229] : 0x00 (0) [230] : 0x00 (0) [231] : 0x00 (0) [232] : 0x00 (0) [233] : 0x00 (0) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x00 (0) [240] : 0x00 (0) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x00 (0) [245] : 0x00 (0) [246] : 0x00 (0) [247] : 0x00 (0) [248] : 0x00 (0) [249] : 0x00 (0) [250] : 0x00 (0) [251] : 0x00 (0) [252] : 0x00 (0) [253] : 0x00 (0) [254] : 0x00 (0) [255] : 0x00 (0) [256] : 0x00 (0) [257] : 0x00 (0) [258] : 0x00 (0) [259] : 0x00 (0) [260] : 0x00 (0) [261] : 0x00 (0) [262] : 0x00 (0) [263] : 0x00 (0) [264] : 0x00 (0) [265] : 0x00 (0) [266] : 0x00 (0) [267] : 0x00 (0) [268] : 0x00 (0) [269] : 0x00 (0) [270] : 0x00 (0) [271] : 0x00 (0) [272] : 0x00 (0) [273] : 0x00 (0) [274] : 0x00 (0) [275] : 0x00 (0) [276] : 0x00 (0) [277] : 0x00 (0) [278] : 0x00 (0) [279] : 0x00 (0) [280] : 0x00 (0) [281] : 0x00 (0) [282] : 0x00 (0) [283] : 0x00 (0) [284] : 0x00 (0) [285] : 0x00 (0) [286] : 0x00 (0) [287] : 0x00 (0) [288] : 0x00 (0) [289] : 0x00 (0) [290] : 0x00 (0) [291] : 0x00 (0) [292] : 0x00 (0) [293] : 0x00 (0) [294] : 0x00 (0) [295] : 0x00 (0) [296] : 0x00 (0) [297] : 0x00 (0) [298] : 0x00 (0) [299] : 0x00 (0) [300] : 0x00 (0) [301] : 0x00 (0) [302] : 0x00 (0) [303] : 0x00 (0) [304] : 0x00 (0) [305] : 0x00 (0) [306] : 0x00 (0) [307] : 0x00 (0) [308] : 0x18 (24) [309] : 0x00 (0) [310] : 0x00 (0) [311] : 0x00 (0) [312] : 0x00 (0) [313] : 0x00 (0) [314] : 0x10 (16) [315] : 0x27 (39) [316] : 0x10 (16) [317] : 0x27 (39) [318] : 0x10 (16) [319] : 0x27 (39) [320] : 0x00 (0) [321] : 0x00 (0) [322] : 0x10 (16) [323] : 0x27 (39) [324] : 0x00 (0) [325] : 0x00 (0) [326] : 0x00 (0) [327] : 0x00 (0) [328] : 0x00 (0) [329] : 0x00 (0) [330] : 0x00 (0) [331] : 0x00 (0) [332] : 0x80 (128) [333] : 0x00 (0) [334] : 0x54 (84) [335] : 0x03 (3) [336] : 0x00 (0) [337] : 0x00 (0) [338] : 0x00 (0) [339] : 0x00 (0) [340] : 0x00 (0) [341] : 0x00 (0) [342] : 0x00 (0) [343] : 0x00 (0) [344] : 0x00 (0) [345] : 0x00 (0) [346] : 0x00 (0) [347] : 0x00 (0) [348] : 0x00 (0) [349] : 0x00 (0) [350] : 0x00 (0) [351] : 0x00 (0) [352] : 0x00 (0) [353] : 0x00 (0) [354] : 0x00 (0) [355] : 0x00 (0) [356] : 0x00 (0) [357] : 0x00 (0) [358] : 0x00 (0) [359] : 0x00 (0) [360] : 0x03 (3) [361] : 0x00 (0) [362] : 0x00 (0) [363] : 0x00 (0) [364] : 0x00 (0) [365] : 0x00 (0) [366] : 0x00 (0) [367] : 0x00 (0) [368] : 0x00 (0) [369] : 0x00 (0) [370] : 0x10 (16) [371] : 0x00 (0) [372] : 0x50 (80) [373] : 0x34 (52) [374] : 0x03 (3) [375] : 0x00 (0) [376] : 0x28 (40) [377] : 0x88 (136) [378] : 0x04 (4) [379] : 0x00 (0) [380] : 0x00 (0) [381] : 0x00 (0) [382] : 0x00 (0) [383] : 0x00 (0) [384] : 0x00 (0) [385] : 0x00 (0) [386] : 0x00 (0) [387] : 0x00 (0) [388] : 0x00 (0) [389] : 0x00 (0) [390] : 0x01 (1) [391] : 0x00 (0) [392] : 0x00 (0) [393] : 0x00 (0) [394] : 0x00 (0) [395] : 0x00 (0) [396] : 0x00 (0) [397] : 0x00 (0) [398] : 0x00 (0) [399] : 0x00 (0) [400] : 0x00 (0) [401] : 0x00 (0) [402] : 0x00 (0) [403] : 0x00 (0) [404] : 0x00 (0) [405] : 0x00 (0) [406] : 0x00 (0) [407] : 0x00 (0) [408] : 0x24 (36) [409] : 0x01 (1) [410] : 0xdf (223) [411] : 0x8c (140) [412] : 0x03 (3) [413] : 0x00 (0) [414] : 0x00 (0) [415] : 0x00 (0) [416] : 0x05 (5) [417] : 0x00 (0) [418] : 0x0b (11) [419] : 0x00 (0) [420] : 0xff (255) [421] : 0x00 (0) [422] : 0x00 (0) [423] : 0x00 (0) [424] : 0x00 (0) [425] : 0x00 (0) [426] : 0x00 (0) [427] : 0x00 (0) [428] : 0x00 (0) [429] : 0x00 (0) [430] : 0x00 (0) [431] : 0x00 (0) [432] : 0x00 (0) [433] : 0x00 (0) [434] : 0x00 (0) [435] : 0x00 (0) [436] : 0x00 (0) [437] : 0x00 (0) [438] : 0x00 (0) [439] : 0x00 (0) [440] : 0x00 (0) [441] : 0x00 (0) [442] : 0x00 (0) [443] : 0x00 (0) [444] : 0x00 (0) [445] : 0x00 (0) [446] : 0x00 (0) [447] : 0x00 (0) [448] : 0x00 (0) [449] : 0x00 (0) [450] : 0x00 (0) [451] : 0x00 (0) [452] : 0x00 (0) [453] : 0x00 (0) [454] : 0x00 (0) [455] : 0x00 (0) [456] : 0x00 (0) [457] : 0x00 (0) [458] : 0x00 (0) [459] : 0x00 (0) [460] : 0x00 (0) [461] : 0x00 (0) [462] : 0x00 (0) [463] : 0x00 (0) [464] : 0x00 (0) [465] : 0x00 (0) [466] : 0x00 (0) [467] : 0x00 (0) [468] : 0x00 (0) [469] : 0x00 (0) [470] : 0x00 (0) [471] : 0x00 (0) [472] : 0x00 (0) [473] : 0x00 (0) [474] : 0x00 (0) [475] : 0x00 (0) [476] : 0x00 (0) [477] : 0x00 (0) [478] : 0x00 (0) [479] : 0x00 (0) [480] : 0x00 (0) [481] : 0x00 (0) [482] : 0x00 (0) [483] : 0x00 (0) [484] : 0x00 (0) [485] : 0x00 (0) [486] : 0x00 (0) [487] : 0x00 (0) [488] : 0x00 (0) [489] : 0x00 (0) [490] : 0x00 (0) [491] : 0x00 (0) [492] : 0x00 (0) [493] : 0x00 (0) [494] : 0x00 (0) [495] : 0x00 (0) [496] : 0x00 (0) [497] : 0x00 (0) [498] : 0x00 (0) [499] : 0x00 (0) [500] : 0x00 (0) [501] : 0x00 (0) [502] : 0x00 (0) [503] : 0x00 (0) [504] : 0x00 (0) [505] : 0x00 (0) [506] : 0x00 (0) [507] : 0x00 (0) [508] : 0x00 (0) [509] : 0x00 (0) [510] : 0x00 (0) [511] : 0x00 (0) [512] : 0x00 (0) [513] : 0x00 (0) [514] : 0x00 (0) [515] : 0x00 (0) [516] : 0x00 (0) [517] : 0x00 (0) [518] : 0x00 (0) [519] : 0x00 (0) [520] : 0x00 (0) [521] : 0x00 (0) [522] : 0x00 (0) [523] : 0x00 (0) [524] : 0x00 (0) [525] : 0x00 (0) [526] : 0x00 (0) [527] : 0x00 (0) [528] : 0x00 (0) [529] : 0x00 (0) [530] : 0x00 (0) [531] : 0x00 (0) [532] : 0x00 (0) [533] : 0x00 (0) [534] : 0x00 (0) [535] : 0x00 (0) [536] : 0x00 (0) [537] : 0x00 (0) [538] : 0x00 (0) [539] : 0x00 (0) [540] : 0x00 (0) [541] : 0x00 (0) [542] : 0x00 (0) [543] : 0x00 (0) [544] : 0x00 (0) [545] : 0x00 (0) [546] : 0x00 (0) [547] : 0x00 (0) [548] : 0x00 (0) [549] : 0x00 (0) [550] : 0x00 (0) [551] : 0x00 (0) [552] : 0x00 (0) [553] : 0x00 (0) [554] : 0x00 (0) [555] : 0x00 (0) [556] : 0x00 (0) [557] : 0x00 (0) [558] : 0x00 (0) [559] : 0x00 (0) [560] : 0x00 (0) [561] : 0x00 (0) [562] : 0x00 (0) [563] : 0x00 (0) [564] : 0x00 (0) [565] : 0x00 (0) [566] : 0x00 (0) [567] : 0x00 (0) [568] : 0x00 (0) [569] : 0x00 (0) [570] : 0x00 (0) [571] : 0x00 (0) [572] : 0x00 (0) [573] : 0x00 (0) [574] : 0x00 (0) [575] : 0x00 (0) [576] : 0x00 (0) [577] : 0x00 (0) [578] : 0x00 (0) [579] : 0x00 (0) [580] : 0x00 (0) [581] : 0x00 (0) [582] : 0x00 (0) [583] : 0x00 (0) [584] : 0x00 (0) [585] : 0x00 (0) [586] : 0x00 (0) [587] : 0x00 (0) [588] : 0x00 (0) [589] : 0x00 (0) [590] : 0x00 (0) [591] : 0x00 (0) [592] : 0x00 (0) [593] : 0x00 (0) [594] : 0x00 (0) [595] : 0x00 (0) [596] : 0x00 (0) [597] : 0x00 (0) [598] : 0x00 (0) [599] : 0x00 (0) [600] : 0x00 (0) [601] : 0x00 (0) [602] : 0x00 (0) [603] : 0x00 (0) [604] : 0x00 (0) [605] : 0x00 (0) [606] : 0x00 (0) [607] : 0x00 (0) [608] : 0x00 (0) [609] : 0x00 (0) [610] : 0x00 (0) [611] : 0x00 (0) [612] : 0x00 (0) [613] : 0x00 (0) [614] : 0x00 (0) [615] : 0x00 (0) [616] : 0x00 (0) [617] : 0x00 (0) [618] : 0x00 (0) [619] : 0x00 (0) [620] : 0x00 (0) [621] : 0x00 (0) [622] : 0x00 (0) [623] : 0x00 (0) [624] : 0x00 (0) [625] : 0x00 (0) [626] : 0x00 (0) [627] : 0x00 (0) [628] : 0x00 (0) [629] : 0x00 (0) [630] : 0x00 (0) [631] : 0x00 (0) [632] : 0x00 (0) [633] : 0x00 (0) [634] : 0x00 (0) [635] : 0x00 (0) [636] : 0x00 (0) [637] : 0x00 (0) [638] : 0x00 (0) [639] : 0x00 (0) [640] : 0x00 (0) [641] : 0x00 (0) [642] : 0x00 (0) [643] : 0x00 (0) [644] : 0x00 (0) [645] : 0x00 (0) [646] : 0x00 (0) [647] : 0x00 (0) [648] : 0x00 (0) [649] : 0x00 (0) [650] : 0x00 (0) [651] : 0x00 (0) [652] : 0x00 (0) [653] : 0x00 (0) [654] : 0x00 (0) [655] : 0x00 (0) [656] : 0x00 (0) [657] : 0x00 (0) [658] : 0x00 (0) [659] : 0x00 (0) [660] : 0x00 (0) [661] : 0x00 (0) [662] : 0x00 (0) [663] : 0x00 (0) [664] : 0x00 (0) [665] : 0x00 (0) [666] : 0x00 (0) [667] : 0x00 (0) [668] : 0x00 (0) [669] : 0x00 (0) [670] : 0x00 (0) [671] : 0x00 (0) [672] : 0x00 (0) [673] : 0x00 (0) [674] : 0x00 (0) [675] : 0x00 (0) [676] : 0x00 (0) [677] : 0x00 (0) [678] : 0x00 (0) [679] : 0x00 (0) [680] : 0x00 (0) [681] : 0x00 (0) [682] : 0x00 (0) [683] : 0x00 (0) [684] : 0x00 (0) [685] : 0x00 (0) [686] : 0x00 (0) [687] : 0x00 (0) [688] : 0x00 (0) [689] : 0x00 (0) [690] : 0x00 (0) [691] : 0x00 (0) [692] : 0x00 (0) [693] : 0x00 (0) [694] : 0x00 (0) [695] : 0x00 (0) [696] : 0x00 (0) [697] : 0x00 (0) [698] : 0x00 (0) [699] : 0x00 (0) [700] : 0x00 (0) [701] : 0x00 (0) [702] : 0x00 (0) [703] : 0x00 (0) [704] : 0x00 (0) [705] : 0x00 (0) [706] : 0x00 (0) [707] : 0x00 (0) [708] : 0x00 (0) [709] : 0x00 (0) [710] : 0x00 (0) [711] : 0x00 (0) [712] : 0x00 (0) [713] : 0x00 (0) [714] : 0x00 (0) [715] : 0x00 (0) [716] : 0x00 (0) [717] : 0x00 (0) [718] : 0x00 (0) [719] : 0x00 (0) [720] : 0x00 (0) [721] : 0x00 (0) [722] : 0x00 (0) [723] : 0x00 (0) [724] : 0x00 (0) [725] : 0x00 (0) [726] : 0x00 (0) [727] : 0x00 (0) [728] : 0x00 (0) [729] : 0x00 (0) [730] : 0x00 (0) [731] : 0x00 (0) [732] : 0x00 (0) [733] : 0x00 (0) [734] : 0x00 (0) [735] : 0x00 (0) [736] : 0x00 (0) [737] : 0x00 (0) [738] : 0x00 (0) [739] : 0x00 (0) [740] : 0x00 (0) [741] : 0x00 (0) [742] : 0x00 (0) [743] : 0x00 (0) [744] : 0x00 (0) [745] : 0x00 (0) [746] : 0x00 (0) [747] : 0x00 (0) [748] : 0x00 (0) [749] : 0x00 (0) [750] : 0x00 (0) [751] : 0x00 (0) [752] : 0x00 (0) [753] : 0x00 (0) [754] : 0x00 (0) [755] : 0x00 (0) [756] : 0x00 (0) [757] : 0x00 (0) [758] : 0x00 (0) [759] : 0x00 (0) [760] : 0x00 (0) [761] : 0x00 (0) [762] : 0x00 (0) [763] : 0x00 (0) [764] : 0x00 (0) [765] : 0x00 (0) [766] : 0x00 (0) [767] : 0x00 (0) [768] : 0x00 (0) [769] : 0x00 (0) [770] : 0x00 (0) [771] : 0x00 (0) [772] : 0x00 (0) [773] : 0x00 (0) [774] : 0x00 (0) [775] : 0x00 (0) [776] : 0x00 (0) [777] : 0x00 (0) [778] : 0x00 (0) [779] : 0x00 (0) [780] : 0x00 (0) [781] : 0x00 (0) [782] : 0x00 (0) [783] : 0x00 (0) [784] : 0x00 (0) [785] : 0x00 (0) [786] : 0x00 (0) [787] : 0x00 (0) [788] : 0x00 (0) [789] : 0x00 (0) [790] : 0x00 (0) [791] : 0x00 (0) [792] : 0x00 (0) [793] : 0x00 (0) [794] : 0x00 (0) [795] : 0x00 (0) [796] : 0x00 (0) [797] : 0x00 (0) [798] : 0x00 (0) [799] : 0x00 (0) [800] : 0x00 (0) [801] : 0x00 (0) [802] : 0x00 (0) [803] : 0x00 (0) [804] : 0x00 (0) [805] : 0x00 (0) [806] : 0x00 (0) [807] : 0x00 (0) [808] : 0x00 (0) [809] : 0x00 (0) [810] : 0x00 (0) [811] : 0x00 (0) [812] : 0x00 (0) [813] : 0x00 (0) [814] : 0x00 (0) [815] : 0x00 (0) [816] : 0x00 (0) [817] : 0x00 (0) [818] : 0x00 (0) [819] : 0x00 (0) [820] : 0x00 (0) [821] : 0x00 (0) [822] : 0x00 (0) [823] : 0x00 (0) [824] : 0x00 (0) [825] : 0x00 (0) [826] : 0x00 (0) [827] : 0x00 (0) [828] : 0x00 (0) [829] : 0x00 (0) [830] : 0x00 (0) [831] : 0x00 (0) [832] : 0x00 (0) [833] : 0x00 (0) [834] : 0x00 (0) [835] : 0x00 (0) [836] : 0x00 (0) [837] : 0x00 (0) [838] : 0x00 (0) [839] : 0x00 (0) [840] : 0x00 (0) [841] : 0x00 (0) [842] : 0x00 (0) [843] : 0x00 (0) [844] : 0x00 (0) [845] : 0x00 (0) [846] : 0x00 (0) [847] : 0x00 (0) [848] : 0x00 (0) [849] : 0x00 (0) [850] : 0x00 (0) [851] : 0x00 (0) [852] : 0x00 (0) [853] : 0x00 (0) [854] : 0x00 (0) [855] : 0x00 (0) [856] : 0x00 (0) [857] : 0x00 (0) [858] : 0x00 (0) [859] : 0x00 (0) [860] : 0x00 (0) [861] : 0x00 (0) [862] : 0x00 (0) [863] : 0x00 (0) [864] : 0x00 (0) [865] : 0x00 (0) [866] : 0x00 (0) [867] : 0x00 (0) [868] : 0x00 (0) [869] : 0x00 (0) [870] : 0x00 (0) [871] : 0x00 (0) [872] : 0x00 (0) [873] : 0x00 (0) [874] : 0x00 (0) [875] : 0x00 (0) [876] : 0x00 (0) [877] : 0x00 (0) [878] : 0x00 (0) [879] : 0x00 (0) [880] : 0x00 (0) [881] : 0x00 (0) [882] : 0x00 (0) [883] : 0x00 (0) [884] : 0x00 (0) [885] : 0x00 (0) [886] : 0x00 (0) [887] : 0x00 (0) [888] : 0x00 (0) [889] : 0x00 (0) [890] : 0x00 (0) [891] : 0x00 (0) [892] : 0x00 (0) [893] : 0x00 (0) [894] : 0x00 (0) [895] : 0x00 (0) [896] : 0x00 (0) [897] : 0x00 (0) [898] : 0x00 (0) [899] : 0x00 (0) [900] : 0x00 (0) [901] : 0x00 (0) [902] : 0x00 (0) [903] : 0x00 (0) [904] : 0x00 (0) [905] : 0x00 (0) [906] : 0x00 (0) [907] : 0x00 (0) [908] : 0x00 (0) [909] : 0x00 (0) [910] : 0x00 (0) [911] : 0x00 (0) [912] : 0x00 (0) [913] : 0x00 (0) [914] : 0x00 (0) [915] : 0x00 (0) [916] : 0x00 (0) [917] : 0x00 (0) [918] : 0x00 (0) [919] : 0x00 (0) [920] : 0x00 (0) [921] : 0x00 (0) [922] : 0x00 (0) [923] : 0x00 (0) [924] : 0x00 (0) [925] : 0x00 (0) [926] : 0x00 (0) [927] : 0x00 (0) [928] : 0x01 (1) [929] : 0x00 (0) [930] : 0x00 (0) [931] : 0x00 (0) [932] : 0x00 (0) [933] : 0x00 (0) [934] : 0x00 (0) [935] : 0x00 (0) [936] : 0x00 (0) [937] : 0x00 (0) [938] : 0x00 (0) [939] : 0x00 (0) [940] : 0x00 (0) [941] : 0x00 (0) [942] : 0x00 (0) [943] : 0x00 (0) [944] : 0x80 (128) [945] : 0x00 (0) [946] : 0x00 (0) [947] : 0x00 (0) [948] : 0x53 (83) [949] : 0x4d (77) [950] : 0x54 (84) [951] : 0x4a (74) [952] : 0x00 (0) [953] : 0x00 (0) [954] : 0x00 (0) [955] : 0x00 (0) [956] : 0x10 (16) [957] : 0x00 (0) [958] : 0x70 (112) [959] : 0x00 (0) [960] : 0x49 (73) [961] : 0x00 (0) [962] : 0x53 (83) [963] : 0x00 (0) [964] : 0x65 (101) [965] : 0x00 (0) [966] : 0x72 (114) [967] : 0x00 (0) [968] : 0x76 (118) [969] : 0x00 (0) [970] : 0x20 (32) [971] : 0x00 (0) [972] : 0x50 (80) [973] : 0x00 (0) [974] : 0x72 (114) [975] : 0x00 (0) [976] : 0x69 (105) [977] : 0x00 (0) [978] : 0x6e (110) [979] : 0x00 (0) [980] : 0x74 (116) [981] : 0x00 (0) [982] : 0x20 (32) [983] : 0x00 (0) [984] : 0x44 (68) [985] : 0x00 (0) [986] : 0x72 (114) [987] : 0x00 (0) [988] : 0x69 (105) [989] : 0x00 (0) [990] : 0x76 (118) [991] : 0x00 (0) [992] : 0x65 (101) [993] : 0x00 (0) [994] : 0x72 (114) [995] : 0x00 (0) [996] : 0x00 (0) [997] : 0x00 (0) [998] : 0x52 (82) [999] : 0x65 (101) [1000] : 0x73 (115) [1001] : 0x6f (111) [1002] : 0x6c (108) [1003] : 0x75 (117) [1004] : 0x74 (116) [1005] : 0x69 (105) [1006] : 0x6f (111) [1007] : 0x6e (110) [1008] : 0x00 (0) [1009] : 0x36 (54) [1010] : 0x30 (48) [1011] : 0x30 (48) [1012] : 0x64 (100) [1013] : 0x70 (112) [1014] : 0x69 (105) [1015] : 0x00 (0) [1016] : 0x50 (80) [1017] : 0x61 (97) [1018] : 0x67 (103) [1019] : 0x65 (101) [1020] : 0x53 (83) [1021] : 0x69 (105) [1022] : 0x7a (122) [1023] : 0x65 (101) [1024] : 0x00 (0) [1025] : 0x41 (65) [1026] : 0x34 (52) [1027] : 0x00 (0) [1028] : 0x50 (80) [1029] : 0x61 (97) [1030] : 0x67 (103) [1031] : 0x65 (101) [1032] : 0x52 (82) [1033] : 0x65 (101) [1034] : 0x67 (103) [1035] : 0x69 (105) [1036] : 0x6f (111) [1037] : 0x6e (110) [1038] : 0x00 (0) [1039] : 0x00 (0) [1040] : 0x00 (0) [1041] : 0x00 (0) [1042] : 0x00 (0) [1043] : 0x00 (0) [1044] : 0x00 (0) [1045] : 0x00 (0) [1046] : 0x00 (0) [1047] : 0x00 (0) [1048] : 0x00 (0) [1049] : 0x00 (0) [1050] : 0x00 (0) [1051] : 0x00 (0) [1052] : 0x00 (0) [1053] : 0x00 (0) [1054] : 0x00 (0) [1055] : 0x00 (0) [1056] : 0x00 (0) [1057] : 0x00 (0) [1058] : 0x00 (0) [1059] : 0x00 (0) [1060] : 0x00 (0) [1061] : 0x00 (0) [1062] : 0x00 (0) [1063] : 0x00 (0) [1064] : 0x00 (0) [1065] : 0x00 (0) [1066] : 0x00 (0) [1067] : 0x00 (0) [1068] : 0x00 (0) [1069] : 0x00 (0) [1070] : 0x00 (0) [1071] : 0x00 (0) data_size : * data_size : 0x00000430 (1072) data_length : * data_length : 0x00000430 (1072) result : WERR_OK [2016/11/10 14:56:30.679428, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/11/10 14:56:30.679475, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/11/10 14:56:30.679486, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/11/10 14:56:30.679497, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/11/10 14:56:30.679507, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/11/10 14:56:30.679516, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.679525, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM] [2016/11/10 14:56:30.679550, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 21 00 00 00 00 00 00 00 24 58 8E 7C ....!... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.679575, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000021-0000-0000-2458-8e7c274a0000 result : WERR_OK [2016/11/10 14:56:30.679616, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000021-0000-0000-2458-8e7c274a0000 keyname: struct winreg_String name_len : 0x0082 (130) name_size : 0x0082 (130) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\asdf' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/11/10 14:56:30.679707, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 21 00 00 00 00 00 00 00 24 58 8E 7C ....!... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.679733, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/11/10 14:56:30.679742, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (3->4) [2016/11/10 14:56:30.679753, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/11/10 14:56:30.679762, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/11/10 14:56:30.679772, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.679782, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE] [2016/11/10 14:56:30.679804, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/11/10 14:56:30.679815, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (4->5) [2016/11/10 14:56:30.679826, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.679835, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.679847, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.679856, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.679875, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/11/10 14:56:30.679886, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (5->6) [2016/11/10 14:56:30.679896, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.679905, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.679917, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.679926, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.679946, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/11/10 14:56:30.679956, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (6->7) [2016/11/10 14:56:30.679967, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.679976, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.679988, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.679998, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf76f87c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.680022, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/11/10 14:56:30.680032, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (7->8) [2016/11/10 14:56:30.680042, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.680051, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.680063, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.680072, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf76f87c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.680098, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/11/10 14:56:30.680110, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (8->9) [2016/11/10 14:56:30.680120, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.680129, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.680141, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.680150, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.680194, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [asdf] [2016/11/10 14:56:30.680204, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (9->10) [2016/11/10 14:56:30.680217, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\asdf] [2016/11/10 14:56:30.680227, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\asdf] [2016/11/10 14:56:30.680239, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.680247, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\asdf] [2016/11/10 14:56:30.680270, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (10->9) [2016/11/10 14:56:30.680280, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (9->8) [2016/11/10 14:56:30.680290, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (8->7) [2016/11/10 14:56:30.680299, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (7->6) [2016/11/10 14:56:30.680309, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (6->5) [2016/11/10 14:56:30.680318, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (5->4) [2016/11/10 14:56:30.680328, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 22 00 00 00 00 00 00 00 24 58 8E 7C ...."... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.680353, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000022-0000-0000-2458-8e7c274a0000 result : WERR_OK [2016/11/10 14:56:30.680396, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000022-0000-0000-2458-8e7c274a0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2016/11/10 14:56:30.680465, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 22 00 00 00 00 00 00 00 24 58 8E 7C ...."... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.680491, 7, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\asdf] [2016/11/10 14:56:30.680501, 7, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/11/10 14:56:30.680511, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\asdf' (ops 0xf7331040) [2016/11/10 14:56:30.680521, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\asdf] [2016/11/10 14:56:30.680539, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2016/11/10 14:56:30.680550, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[1]: name[Datatype] len[8] [2016/11/10 14:56:30.680560, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[2]: name[Default Priority] len[4] [2016/11/10 14:56:30.680570, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[3]: name[Port] len[38] [2016/11/10 14:56:30.680580, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[4]: name[Name] len[10] [2016/11/10 14:56:30.680590, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[5]: name[Print Processor] len[18] [2016/11/10 14:56:30.680601, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[6]: name[Priority] len[4] [2016/11/10 14:56:30.680611, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[7]: name[Security] len[248] [2016/11/10 14:56:30.680621, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[8]: name[Share Name] len[10] [2016/11/10 14:56:30.680632, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[9]: name[StartTime] len[4] [2016/11/10 14:56:30.680642, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[10]: name[UntilTime] len[4] [2016/11/10 14:56:30.680652, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[11]: name[Description] len[48] [2016/11/10 14:56:30.680663, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[12]: name[Printer Driver] len[38] [2016/11/10 14:56:30.680673, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[13]: name[Location] len[12] [2016/11/10 14:56:30.680686, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[14]: name[Parameters] len[2] [2016/11/10 14:56:30.680697, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[15]: name[Separator File] len[2] [2016/11/10 14:56:30.680708, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[16]: name[Status] len[4] [2016/11/10 14:56:30.680720, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[17]: name[Default DevMode] len[1072] [2016/11/10 14:56:30.680731, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[18]: name[ChangeID] len[4] [2016/11/10 14:56:30.680742, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2016/11/10 14:56:30.680791, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000022-0000-0000-2458-8e7c274a0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2016/11/10 14:56:30.680861, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 22 00 00 00 00 00 00 00 24 58 8E 7C ...."... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.680885, 7, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\asdf] [2016/11/10 14:56:30.680894, 7, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/11/10 14:56:30.680905, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xae (174) [101] : 0x66 (102) [102] : 0x85 (133) [103] : 0x50 (80) [104] : 0xdc (220) [105] : 0x80 (128) [106] : 0xb5 (181) [107] : 0x88 (136) [108] : 0x63 (99) [109] : 0xbb (187) [110] : 0x04 (4) [111] : 0x8c (140) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xae (174) [137] : 0x66 (102) [138] : 0x85 (133) [139] : 0x50 (80) [140] : 0xdc (220) [141] : 0x80 (128) [142] : 0xb5 (181) [143] : 0x88 (136) [144] : 0x63 (99) [145] : 0xbb (187) [146] : 0x04 (4) [147] : 0x8c (140) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2016/11/10 14:56:30.681782, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000022-0000-0000-2458-8e7c274a0000 [2016/11/10 14:56:30.681810, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 22 00 00 00 00 00 00 00 24 58 8E 7C ...."... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.681833, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 22 00 00 00 00 00 00 00 24 58 8E 7C ...."... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.681856, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) Closed policy [2016/11/10 14:56:30.681867, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (4->3) [2016/11/10 14:56:30.681876, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/11/10 14:56:30.681914, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000021-0000-0000-2458-8e7c274a0000 [2016/11/10 14:56:30.681942, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 21 00 00 00 00 00 00 00 24 58 8E 7C ....!... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.681966, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 21 00 00 00 00 00 00 00 24 58 8E 7C ....!... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.681989, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) Closed policy [2016/11/10 14:56:30.681998, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/11/10 14:56:30.682008, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/11/10 14:56:30.682042, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000020-0000-0000-2458-8e7c274a0000 [2016/11/10 14:56:30.682068, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 24 58 8E 7C .... ... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.682091, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 24 58 8E 7C .... ... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.682113, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) Closed policy [2016/11/10 14:56:30.682124, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (2->1) [2016/11/10 14:56:30.682134, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/11/10 14:56:30.682170, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001f-0000-0000-2458-8e7c274a0000 [2016/11/10 14:56:30.682197, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1F 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.682220, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1F 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.682243, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) Closed policy [2016/11/10 14:56:30.682252, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (1->0) [2016/11/10 14:56:30.682313, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/11/10 14:56:30.682351, 10, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:418(close_policy_by_pipe) Deleted handle list for RPC connection winreg printername: asdf [2016/11/10 14:56:30.682378, 4, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) Create pipe requested winreg [2016/11/10 14:56:30.682390, 10, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:223(init_pipe_handles) init_pipe_handle_list: created handle list for pipe winreg [2016/11/10 14:56:30.682400, 10, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:240(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg [2016/11/10 14:56:30.682426, 4, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) Created internal pipe winreg [2016/11/10 14:56:30.682447, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/11/10 14:56:30.682493, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/11/10 14:56:30.682509, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2016/11/10 14:56:30.682525, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:491(push_conn_ctx) push_conn_ctx(14969) : conn_ctx_stack_ndx = 0 [2016/11/10 14:56:30.682535, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2016/11/10 14:56:30.682544, 5, pid=18983, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/11/10 14:56:30.682554, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/11/10 14:56:30.682614, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2016/11/10 14:56:30.682626, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:885(regdb_open) regdb_open: registry db opened. refcount reset (1) [2016/11/10 14:56:30.682636, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/11/10 14:56:30.682646, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/11/10 14:56:30.682656, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.682664, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM] [2016/11/10 14:56:30.682694, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 23 00 00 00 00 00 00 00 24 58 8E 7C ....#... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.682719, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000023-0000-0000-2458-8e7c274a0000 result : WERR_OK [2016/11/10 14:56:30.682760, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000023-0000-0000-2458-8e7c274a0000 keyname: struct winreg_String name_len : 0x0082 (130) name_size : 0x0082 (130) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\test' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/11/10 14:56:30.682852, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 23 00 00 00 00 00 00 00 24 58 8E 7C ....#... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.682877, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/11/10 14:56:30.682887, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (1->2) [2016/11/10 14:56:30.682897, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/11/10 14:56:30.682906, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/11/10 14:56:30.682916, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.682925, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE] [2016/11/10 14:56:30.682947, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/11/10 14:56:30.682957, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/11/10 14:56:30.682967, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.682977, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.682987, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.682996, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.683017, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/11/10 14:56:30.683027, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (3->4) [2016/11/10 14:56:30.683037, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.683047, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.683057, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.683066, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.683084, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/11/10 14:56:30.683097, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (4->5) [2016/11/10 14:56:30.683115, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.683126, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.683138, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.683147, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf76f87c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.683172, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/11/10 14:56:30.683182, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (5->6) [2016/11/10 14:56:30.683191, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.683201, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.683213, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.683221, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf76f87c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.683238, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/11/10 14:56:30.683248, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (6->7) [2016/11/10 14:56:30.683258, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.683268, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.683280, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.683289, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.683333, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [test] [2016/11/10 14:56:30.683344, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (7->8) [2016/11/10 14:56:30.683354, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\test] [2016/11/10 14:56:30.683364, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\test] [2016/11/10 14:56:30.683379, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.683388, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\test] [2016/11/10 14:56:30.683411, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (8->7) [2016/11/10 14:56:30.683422, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (7->6) [2016/11/10 14:56:30.683432, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (6->5) [2016/11/10 14:56:30.683441, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (5->4) [2016/11/10 14:56:30.683451, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (4->3) [2016/11/10 14:56:30.683461, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/11/10 14:56:30.683471, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 24 58 8E 7C ....$... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.683496, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-2458-8e7c274a0000 result : WERR_OK [2016/11/10 14:56:30.683538, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-2458-8e7c274a0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2016/11/10 14:56:30.683582, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 24 58 8E 7C ....$... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.683608, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\test' (ops 0xf7331040) [2016/11/10 14:56:30.683618, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\test] [2016/11/10 14:56:30.683636, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2016/11/10 14:56:30.683653, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[1]: name[Datatype] len[8] [2016/11/10 14:56:30.683663, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[2]: name[Default Priority] len[4] [2016/11/10 14:56:30.683674, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[3]: name[Port] len[38] [2016/11/10 14:56:30.683683, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[4]: name[Name] len[10] [2016/11/10 14:56:30.683693, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[5]: name[Print Processor] len[18] [2016/11/10 14:56:30.683703, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[6]: name[Priority] len[4] [2016/11/10 14:56:30.683713, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[7]: name[Security] len[248] [2016/11/10 14:56:30.683723, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[8]: name[Share Name] len[10] [2016/11/10 14:56:30.683733, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[9]: name[StartTime] len[4] [2016/11/10 14:56:30.683743, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[10]: name[UntilTime] len[4] [2016/11/10 14:56:30.683753, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[11]: name[Description] len[20] [2016/11/10 14:56:30.683763, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[12]: name[Printer Driver] len[38] [2016/11/10 14:56:30.683773, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[13]: name[Location] len[2] [2016/11/10 14:56:30.683783, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[14]: name[Parameters] len[2] [2016/11/10 14:56:30.683793, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[15]: name[Separator File] len[2] [2016/11/10 14:56:30.683804, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[16]: name[Status] len[4] [2016/11/10 14:56:30.683816, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[17]: name[Default DevMode] len[1072] [2016/11/10 14:56:30.683826, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[18]: name[ChangeID] len[4] [2016/11/10 14:56:30.683837, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\test] [2016/11/10 14:56:30.683858, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x00000013 (19) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x00000430 (1072) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2016/11/10 14:56:30.683951, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-2458-8e7c274a0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.684026, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 24 58 8E 7C ....$... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.684050, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\test] [2016/11/10 14:56:30.684061, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2016/11/10 14:56:30.684158, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-2458-8e7c274a0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.684236, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 24 58 8E 7C ....$... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.684260, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\test] [2016/11/10 14:56:30.684270, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2016/11/10 14:56:30.684368, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-2458-8e7c274a0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.684446, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 24 58 8E 7C ....$... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.684470, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\test] [2016/11/10 14:56:30.684481, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2016/11/10 14:56:30.684562, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-2458-8e7c274a0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.684638, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 24 58 8E 7C ....$... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.684665, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\test] [2016/11/10 14:56:30.684676, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2016/11/10 14:56:30.684889, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-2458-8e7c274a0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.684966, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 24 58 8E 7C ....$... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.684991, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\test] [2016/11/10 14:56:30.685001, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(10) [0] : 0x74 (116) [1] : 0x00 (0) [2] : 0x65 (101) [3] : 0x00 (0) [4] : 0x73 (115) [5] : 0x00 (0) [6] : 0x74 (116) [7] : 0x00 (0) [8] : 0x00 (0) [9] : 0x00 (0) size : * size : 0x0000000a (10) length : * length : 0x0000000a (10) result : WERR_OK [2016/11/10 14:56:30.685110, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-2458-8e7c274a0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.685186, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 24 58 8E 7C ....$... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.685213, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\test] [2016/11/10 14:56:30.685223, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2016/11/10 14:56:30.685354, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-2458-8e7c274a0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.685430, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 24 58 8E 7C ....$... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.685454, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\test] [2016/11/10 14:56:30.685467, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2016/11/10 14:56:30.685556, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-2458-8e7c274a0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.685630, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 24 58 8E 7C ....$... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.685654, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\test] [2016/11/10 14:56:30.685664, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xae (174) [101] : 0x66 (102) [102] : 0x85 (133) [103] : 0x50 (80) [104] : 0xdc (220) [105] : 0x80 (128) [106] : 0xb5 (181) [107] : 0x88 (136) [108] : 0x63 (99) [109] : 0xbb (187) [110] : 0x04 (4) [111] : 0x8c (140) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xae (174) [137] : 0x66 (102) [138] : 0x85 (133) [139] : 0x50 (80) [140] : 0xdc (220) [141] : 0x80 (128) [142] : 0xb5 (181) [143] : 0x88 (136) [144] : 0x63 (99) [145] : 0xbb (187) [146] : 0x04 (4) [147] : 0x8c (140) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) size : * size : 0x000000f8 (248) length : * length : 0x000000f8 (248) result : WERR_OK [2016/11/10 14:56:30.686672, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-2458-8e7c274a0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.686748, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 24 58 8E 7C ....$... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.686773, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\test] [2016/11/10 14:56:30.686787, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(10) [0] : 0x74 (116) [1] : 0x00 (0) [2] : 0x65 (101) [3] : 0x00 (0) [4] : 0x73 (115) [5] : 0x00 (0) [6] : 0x74 (116) [7] : 0x00 (0) [8] : 0x00 (0) [9] : 0x00 (0) size : * size : 0x0000000a (10) length : * length : 0x0000000a (10) result : WERR_OK [2016/11/10 14:56:30.686896, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-2458-8e7c274a0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.686970, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 24 58 8E 7C ....$... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.686995, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\test] [2016/11/10 14:56:30.687005, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2016/11/10 14:56:30.687094, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-2458-8e7c274a0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.687167, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 24 58 8E 7C ....$... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.687191, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\test] [2016/11/10 14:56:30.687202, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2016/11/10 14:56:30.687287, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-2458-8e7c274a0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.687363, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 24 58 8E 7C ....$... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.687387, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\test] [2016/11/10 14:56:30.687397, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x74 (116) [1] : 0x00 (0) [2] : 0x65 (101) [3] : 0x00 (0) [4] : 0x73 (115) [5] : 0x00 (0) [6] : 0x74 (116) [7] : 0x00 (0) [8] : 0x2c (44) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x30 (48) [13] : 0x00 (0) [14] : 0x2b (43) [15] : 0x00 (0) [16] : 0x30 (48) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2016/11/10 14:56:30.687541, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-2458-8e7c274a0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.687618, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 24 58 8E 7C ....$... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.687642, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\test] [2016/11/10 14:56:30.687652, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x001e (30) size : 0x0024 (36) name : * name : 'Printer Driver' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x49 (73) [1] : 0x00 (0) [2] : 0x53 (83) [3] : 0x00 (0) [4] : 0x65 (101) [5] : 0x00 (0) [6] : 0x72 (114) [7] : 0x00 (0) [8] : 0x76 (118) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x20 (32) [23] : 0x00 (0) [24] : 0x44 (68) [25] : 0x00 (0) [26] : 0x72 (114) [27] : 0x00 (0) [28] : 0x69 (105) [29] : 0x00 (0) [30] : 0x76 (118) [31] : 0x00 (0) [32] : 0x65 (101) [33] : 0x00 (0) [34] : 0x72 (114) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2016/11/10 14:56:30.687853, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-2458-8e7c274a0000 enum_index : 0x0000000d (13) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.687929, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 24 58 8E 7C ....$... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.687954, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\test] [2016/11/10 14:56:30.687964, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Location' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2016/11/10 14:56:30.688043, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-2458-8e7c274a0000 enum_index : 0x0000000e (14) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.688126, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 24 58 8E 7C ....$... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.688150, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\test] [2016/11/10 14:56:30.688161, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Parameters' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2016/11/10 14:56:30.688239, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-2458-8e7c274a0000 enum_index : 0x0000000f (15) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.688313, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 24 58 8E 7C ....$... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.688338, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\test] [2016/11/10 14:56:30.688348, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x001e (30) size : 0x0024 (36) name : * name : 'Separator File' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2016/11/10 14:56:30.688428, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-2458-8e7c274a0000 enum_index : 0x00000010 (16) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.688504, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 24 58 8E 7C ....$... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.688528, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\test] [2016/11/10 14:56:30.688539, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000e (14) size : 0x0024 (36) name : * name : 'Status' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2016/11/10 14:56:30.688624, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-2458-8e7c274a0000 enum_index : 0x00000011 (17) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.688700, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 24 58 8E 7C ....$... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.688731, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\test] [2016/11/10 14:56:30.688745, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Default DevMode' type : * type : REG_BINARY (3) value : * value: ARRAY(1072) [0] : 0x5c (92) [1] : 0x00 (0) [2] : 0x5c (92) [3] : 0x00 (0) [4] : 0x69 (105) [5] : 0x00 (0) [6] : 0x73 (115) [7] : 0x00 (0) [8] : 0x65 (101) [9] : 0x00 (0) [10] : 0x72 (114) [11] : 0x00 (0) [12] : 0x76 (118) [13] : 0x00 (0) [14] : 0x5c (92) [15] : 0x00 (0) [16] : 0x78 (120) [17] : 0x00 (0) [18] : 0x79 (121) [19] : 0x00 (0) [20] : 0x7a (122) [21] : 0x00 (0) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x00 (0) [28] : 0x00 (0) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x00 (0) [33] : 0x00 (0) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x00 (0) [44] : 0x00 (0) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x00 (0) [49] : 0x00 (0) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x00 (0) [53] : 0x00 (0) [54] : 0x00 (0) [55] : 0x00 (0) [56] : 0x00 (0) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x00 (0) [62] : 0x00 (0) [63] : 0x00 (0) [64] : 0x01 (1) [65] : 0x04 (4) [66] : 0x00 (0) [67] : 0x06 (6) [68] : 0xdc (220) [69] : 0x00 (0) [70] : 0x54 (84) [71] : 0x03 (3) [72] : 0x53 (83) [73] : 0xef (239) [74] : 0x81 (129) [75] : 0x01 (1) [76] : 0x01 (1) [77] : 0x00 (0) [78] : 0x09 (9) [79] : 0x00 (0) [80] : 0xea (234) [81] : 0x0a (10) [82] : 0x6f (111) [83] : 0x08 (8) [84] : 0x64 (100) [85] : 0x00 (0) [86] : 0x01 (1) [87] : 0x00 (0) [88] : 0x0f (15) [89] : 0x00 (0) [90] : 0x58 (88) [91] : 0x02 (2) [92] : 0x02 (2) [93] : 0x00 (0) [94] : 0x01 (1) [95] : 0x00 (0) [96] : 0x58 (88) [97] : 0x02 (2) [98] : 0x03 (3) [99] : 0x00 (0) [100] : 0x01 (1) [101] : 0x00 (0) [102] : 0x41 (65) [103] : 0x00 (0) [104] : 0x34 (52) [105] : 0x00 (0) [106] : 0x00 (0) [107] : 0x00 (0) [108] : 0x00 (0) [109] : 0x00 (0) [110] : 0x00 (0) [111] : 0x00 (0) [112] : 0x00 (0) [113] : 0x00 (0) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x00 (0) [120] : 0x00 (0) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x00 (0) [125] : 0x00 (0) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x00 (0) [132] : 0x00 (0) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0x00 (0) [137] : 0x00 (0) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x00 (0) [144] : 0x00 (0) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x00 (0) [149] : 0x00 (0) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x00 (0) [154] : 0x00 (0) [155] : 0x00 (0) [156] : 0x00 (0) [157] : 0x00 (0) [158] : 0x00 (0) [159] : 0x00 (0) [160] : 0x00 (0) [161] : 0x00 (0) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x00 (0) [168] : 0x00 (0) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x00 (0) [173] : 0x00 (0) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x00 (0) [178] : 0x00 (0) [179] : 0x00 (0) [180] : 0x01 (1) [181] : 0x00 (0) [182] : 0x00 (0) [183] : 0x00 (0) [184] : 0x00 (0) [185] : 0x00 (0) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x01 (1) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x00 (0) [192] : 0x02 (2) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x01 (1) [197] : 0x00 (0) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x00 (0) [202] : 0x00 (0) [203] : 0x00 (0) [204] : 0x00 (0) [205] : 0x00 (0) [206] : 0x00 (0) [207] : 0x00 (0) [208] : 0x00 (0) [209] : 0x00 (0) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x00 (0) [216] : 0x00 (0) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x50 (80) [221] : 0x52 (82) [222] : 0x49 (73) [223] : 0x56 (86) [224] : 0xe2 (226) [225] : 0x30 (48) [226] : 0x00 (0) [227] : 0x00 (0) [228] : 0x00 (0) [229] : 0x00 (0) [230] : 0x00 (0) [231] : 0x00 (0) [232] : 0x00 (0) [233] : 0x00 (0) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x00 (0) [240] : 0x00 (0) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x00 (0) [245] : 0x00 (0) [246] : 0x00 (0) [247] : 0x00 (0) [248] : 0x00 (0) [249] : 0x00 (0) [250] : 0x00 (0) [251] : 0x00 (0) [252] : 0x00 (0) [253] : 0x00 (0) [254] : 0x00 (0) [255] : 0x00 (0) [256] : 0x00 (0) [257] : 0x00 (0) [258] : 0x00 (0) [259] : 0x00 (0) [260] : 0x00 (0) [261] : 0x00 (0) [262] : 0x00 (0) [263] : 0x00 (0) [264] : 0x00 (0) [265] : 0x00 (0) [266] : 0x00 (0) [267] : 0x00 (0) [268] : 0x00 (0) [269] : 0x00 (0) [270] : 0x00 (0) [271] : 0x00 (0) [272] : 0x00 (0) [273] : 0x00 (0) [274] : 0x00 (0) [275] : 0x00 (0) [276] : 0x00 (0) [277] : 0x00 (0) [278] : 0x00 (0) [279] : 0x00 (0) [280] : 0x00 (0) [281] : 0x00 (0) [282] : 0x00 (0) [283] : 0x00 (0) [284] : 0x00 (0) [285] : 0x00 (0) [286] : 0x00 (0) [287] : 0x00 (0) [288] : 0x00 (0) [289] : 0x00 (0) [290] : 0x00 (0) [291] : 0x00 (0) [292] : 0x00 (0) [293] : 0x00 (0) [294] : 0x00 (0) [295] : 0x00 (0) [296] : 0x00 (0) [297] : 0x00 (0) [298] : 0x00 (0) [299] : 0x00 (0) [300] : 0x00 (0) [301] : 0x00 (0) [302] : 0x00 (0) [303] : 0x00 (0) [304] : 0x00 (0) [305] : 0x00 (0) [306] : 0x00 (0) [307] : 0x00 (0) [308] : 0x18 (24) [309] : 0x00 (0) [310] : 0x00 (0) [311] : 0x00 (0) [312] : 0x00 (0) [313] : 0x00 (0) [314] : 0x10 (16) [315] : 0x27 (39) [316] : 0x10 (16) [317] : 0x27 (39) [318] : 0x10 (16) [319] : 0x27 (39) [320] : 0x00 (0) [321] : 0x00 (0) [322] : 0x10 (16) [323] : 0x27 (39) [324] : 0x00 (0) [325] : 0x00 (0) [326] : 0x00 (0) [327] : 0x00 (0) [328] : 0x00 (0) [329] : 0x00 (0) [330] : 0x00 (0) [331] : 0x00 (0) [332] : 0x80 (128) [333] : 0x00 (0) [334] : 0x54 (84) [335] : 0x03 (3) [336] : 0x00 (0) [337] : 0x00 (0) [338] : 0x00 (0) [339] : 0x00 (0) [340] : 0x00 (0) [341] : 0x00 (0) [342] : 0x00 (0) [343] : 0x00 (0) [344] : 0x00 (0) [345] : 0x00 (0) [346] : 0x00 (0) [347] : 0x00 (0) [348] : 0x00 (0) [349] : 0x00 (0) [350] : 0x00 (0) [351] : 0x00 (0) [352] : 0x00 (0) [353] : 0x00 (0) [354] : 0x00 (0) [355] : 0x00 (0) [356] : 0x00 (0) [357] : 0x00 (0) [358] : 0x00 (0) [359] : 0x00 (0) [360] : 0x03 (3) [361] : 0x00 (0) [362] : 0x00 (0) [363] : 0x00 (0) [364] : 0x00 (0) [365] : 0x00 (0) [366] : 0x00 (0) [367] : 0x00 (0) [368] : 0x00 (0) [369] : 0x00 (0) [370] : 0x10 (16) [371] : 0x00 (0) [372] : 0x50 (80) [373] : 0x34 (52) [374] : 0x03 (3) [375] : 0x00 (0) [376] : 0x28 (40) [377] : 0x88 (136) [378] : 0x04 (4) [379] : 0x00 (0) [380] : 0x00 (0) [381] : 0x00 (0) [382] : 0x00 (0) [383] : 0x00 (0) [384] : 0x00 (0) [385] : 0x00 (0) [386] : 0x00 (0) [387] : 0x00 (0) [388] : 0x00 (0) [389] : 0x00 (0) [390] : 0x01 (1) [391] : 0x00 (0) [392] : 0x00 (0) [393] : 0x00 (0) [394] : 0x00 (0) [395] : 0x00 (0) [396] : 0x00 (0) [397] : 0x00 (0) [398] : 0x00 (0) [399] : 0x00 (0) [400] : 0x00 (0) [401] : 0x00 (0) [402] : 0x00 (0) [403] : 0x00 (0) [404] : 0x00 (0) [405] : 0x00 (0) [406] : 0x00 (0) [407] : 0x00 (0) [408] : 0x24 (36) [409] : 0x01 (1) [410] : 0xdf (223) [411] : 0x8c (140) [412] : 0x03 (3) [413] : 0x00 (0) [414] : 0x00 (0) [415] : 0x00 (0) [416] : 0x05 (5) [417] : 0x00 (0) [418] : 0x0b (11) [419] : 0x00 (0) [420] : 0xff (255) [421] : 0x00 (0) [422] : 0x00 (0) [423] : 0x00 (0) [424] : 0x00 (0) [425] : 0x00 (0) [426] : 0x00 (0) [427] : 0x00 (0) [428] : 0x00 (0) [429] : 0x00 (0) [430] : 0x00 (0) [431] : 0x00 (0) [432] : 0x00 (0) [433] : 0x00 (0) [434] : 0x00 (0) [435] : 0x00 (0) [436] : 0x00 (0) [437] : 0x00 (0) [438] : 0x00 (0) [439] : 0x00 (0) [440] : 0x00 (0) [441] : 0x00 (0) [442] : 0x00 (0) [443] : 0x00 (0) [444] : 0x00 (0) [445] : 0x00 (0) [446] : 0x00 (0) [447] : 0x00 (0) [448] : 0x00 (0) [449] : 0x00 (0) [450] : 0x00 (0) [451] : 0x00 (0) [452] : 0x00 (0) [453] : 0x00 (0) [454] : 0x00 (0) [455] : 0x00 (0) [456] : 0x00 (0) [457] : 0x00 (0) [458] : 0x00 (0) [459] : 0x00 (0) [460] : 0x00 (0) [461] : 0x00 (0) [462] : 0x00 (0) [463] : 0x00 (0) [464] : 0x00 (0) [465] : 0x00 (0) [466] : 0x00 (0) [467] : 0x00 (0) [468] : 0x00 (0) [469] : 0x00 (0) [470] : 0x00 (0) [471] : 0x00 (0) [472] : 0x00 (0) [473] : 0x00 (0) [474] : 0x00 (0) [475] : 0x00 (0) [476] : 0x00 (0) [477] : 0x00 (0) [478] : 0x00 (0) [479] : 0x00 (0) [480] : 0x00 (0) [481] : 0x00 (0) [482] : 0x00 (0) [483] : 0x00 (0) [484] : 0x00 (0) [485] : 0x00 (0) [486] : 0x00 (0) [487] : 0x00 (0) [488] : 0x00 (0) [489] : 0x00 (0) [490] : 0x00 (0) [491] : 0x00 (0) [492] : 0x00 (0) [493] : 0x00 (0) [494] : 0x00 (0) [495] : 0x00 (0) [496] : 0x00 (0) [497] : 0x00 (0) [498] : 0x00 (0) [499] : 0x00 (0) [500] : 0x00 (0) [501] : 0x00 (0) [502] : 0x00 (0) [503] : 0x00 (0) [504] : 0x00 (0) [505] : 0x00 (0) [506] : 0x00 (0) [507] : 0x00 (0) [508] : 0x00 (0) [509] : 0x00 (0) [510] : 0x00 (0) [511] : 0x00 (0) [512] : 0x00 (0) [513] : 0x00 (0) [514] : 0x00 (0) [515] : 0x00 (0) [516] : 0x00 (0) [517] : 0x00 (0) [518] : 0x00 (0) [519] : 0x00 (0) [520] : 0x00 (0) [521] : 0x00 (0) [522] : 0x00 (0) [523] : 0x00 (0) [524] : 0x00 (0) [525] : 0x00 (0) [526] : 0x00 (0) [527] : 0x00 (0) [528] : 0x00 (0) [529] : 0x00 (0) [530] : 0x00 (0) [531] : 0x00 (0) [532] : 0x00 (0) [533] : 0x00 (0) [534] : 0x00 (0) [535] : 0x00 (0) [536] : 0x00 (0) [537] : 0x00 (0) [538] : 0x00 (0) [539] : 0x00 (0) [540] : 0x00 (0) [541] : 0x00 (0) [542] : 0x00 (0) [543] : 0x00 (0) [544] : 0x00 (0) [545] : 0x00 (0) [546] : 0x00 (0) [547] : 0x00 (0) [548] : 0x00 (0) [549] : 0x00 (0) [550] : 0x00 (0) [551] : 0x00 (0) [552] : 0x00 (0) [553] : 0x00 (0) [554] : 0x00 (0) [555] : 0x00 (0) [556] : 0x00 (0) [557] : 0x00 (0) [558] : 0x00 (0) [559] : 0x00 (0) [560] : 0x00 (0) [561] : 0x00 (0) [562] : 0x00 (0) [563] : 0x00 (0) [564] : 0x00 (0) [565] : 0x00 (0) [566] : 0x00 (0) [567] : 0x00 (0) [568] : 0x00 (0) [569] : 0x00 (0) [570] : 0x00 (0) [571] : 0x00 (0) [572] : 0x00 (0) [573] : 0x00 (0) [574] : 0x00 (0) [575] : 0x00 (0) [576] : 0x00 (0) [577] : 0x00 (0) [578] : 0x00 (0) [579] : 0x00 (0) [580] : 0x00 (0) [581] : 0x00 (0) [582] : 0x00 (0) [583] : 0x00 (0) [584] : 0x00 (0) [585] : 0x00 (0) [586] : 0x00 (0) [587] : 0x00 (0) [588] : 0x00 (0) [589] : 0x00 (0) [590] : 0x00 (0) [591] : 0x00 (0) [592] : 0x00 (0) [593] : 0x00 (0) [594] : 0x00 (0) [595] : 0x00 (0) [596] : 0x00 (0) [597] : 0x00 (0) [598] : 0x00 (0) [599] : 0x00 (0) [600] : 0x00 (0) [601] : 0x00 (0) [602] : 0x00 (0) [603] : 0x00 (0) [604] : 0x00 (0) [605] : 0x00 (0) [606] : 0x00 (0) [607] : 0x00 (0) [608] : 0x00 (0) [609] : 0x00 (0) [610] : 0x00 (0) [611] : 0x00 (0) [612] : 0x00 (0) [613] : 0x00 (0) [614] : 0x00 (0) [615] : 0x00 (0) [616] : 0x00 (0) [617] : 0x00 (0) [618] : 0x00 (0) [619] : 0x00 (0) [620] : 0x00 (0) [621] : 0x00 (0) [622] : 0x00 (0) [623] : 0x00 (0) [624] : 0x00 (0) [625] : 0x00 (0) [626] : 0x00 (0) [627] : 0x00 (0) [628] : 0x00 (0) [629] : 0x00 (0) [630] : 0x00 (0) [631] : 0x00 (0) [632] : 0x00 (0) [633] : 0x00 (0) [634] : 0x00 (0) [635] : 0x00 (0) [636] : 0x00 (0) [637] : 0x00 (0) [638] : 0x00 (0) [639] : 0x00 (0) [640] : 0x00 (0) [641] : 0x00 (0) [642] : 0x00 (0) [643] : 0x00 (0) [644] : 0x00 (0) [645] : 0x00 (0) [646] : 0x00 (0) [647] : 0x00 (0) [648] : 0x00 (0) [649] : 0x00 (0) [650] : 0x00 (0) [651] : 0x00 (0) [652] : 0x00 (0) [653] : 0x00 (0) [654] : 0x00 (0) [655] : 0x00 (0) [656] : 0x00 (0) [657] : 0x00 (0) [658] : 0x00 (0) [659] : 0x00 (0) [660] : 0x00 (0) [661] : 0x00 (0) [662] : 0x00 (0) [663] : 0x00 (0) [664] : 0x00 (0) [665] : 0x00 (0) [666] : 0x00 (0) [667] : 0x00 (0) [668] : 0x00 (0) [669] : 0x00 (0) [670] : 0x00 (0) [671] : 0x00 (0) [672] : 0x00 (0) [673] : 0x00 (0) [674] : 0x00 (0) [675] : 0x00 (0) [676] : 0x00 (0) [677] : 0x00 (0) [678] : 0x00 (0) [679] : 0x00 (0) [680] : 0x00 (0) [681] : 0x00 (0) [682] : 0x00 (0) [683] : 0x00 (0) [684] : 0x00 (0) [685] : 0x00 (0) [686] : 0x00 (0) [687] : 0x00 (0) [688] : 0x00 (0) [689] : 0x00 (0) [690] : 0x00 (0) [691] : 0x00 (0) [692] : 0x00 (0) [693] : 0x00 (0) [694] : 0x00 (0) [695] : 0x00 (0) [696] : 0x00 (0) [697] : 0x00 (0) [698] : 0x00 (0) [699] : 0x00 (0) [700] : 0x00 (0) [701] : 0x00 (0) [702] : 0x00 (0) [703] : 0x00 (0) [704] : 0x00 (0) [705] : 0x00 (0) [706] : 0x00 (0) [707] : 0x00 (0) [708] : 0x00 (0) [709] : 0x00 (0) [710] : 0x00 (0) [711] : 0x00 (0) [712] : 0x00 (0) [713] : 0x00 (0) [714] : 0x00 (0) [715] : 0x00 (0) [716] : 0x00 (0) [717] : 0x00 (0) [718] : 0x00 (0) [719] : 0x00 (0) [720] : 0x00 (0) [721] : 0x00 (0) [722] : 0x00 (0) [723] : 0x00 (0) [724] : 0x00 (0) [725] : 0x00 (0) [726] : 0x00 (0) [727] : 0x00 (0) [728] : 0x00 (0) [729] : 0x00 (0) [730] : 0x00 (0) [731] : 0x00 (0) [732] : 0x00 (0) [733] : 0x00 (0) [734] : 0x00 (0) [735] : 0x00 (0) [736] : 0x00 (0) [737] : 0x00 (0) [738] : 0x00 (0) [739] : 0x00 (0) [740] : 0x00 (0) [741] : 0x00 (0) [742] : 0x00 (0) [743] : 0x00 (0) [744] : 0x00 (0) [745] : 0x00 (0) [746] : 0x00 (0) [747] : 0x00 (0) [748] : 0x00 (0) [749] : 0x00 (0) [750] : 0x00 (0) [751] : 0x00 (0) [752] : 0x00 (0) [753] : 0x00 (0) [754] : 0x00 (0) [755] : 0x00 (0) [756] : 0x00 (0) [757] : 0x00 (0) [758] : 0x00 (0) [759] : 0x00 (0) [760] : 0x00 (0) [761] : 0x00 (0) [762] : 0x00 (0) [763] : 0x00 (0) [764] : 0x00 (0) [765] : 0x00 (0) [766] : 0x00 (0) [767] : 0x00 (0) [768] : 0x00 (0) [769] : 0x00 (0) [770] : 0x00 (0) [771] : 0x00 (0) [772] : 0x00 (0) [773] : 0x00 (0) [774] : 0x00 (0) [775] : 0x00 (0) [776] : 0x00 (0) [777] : 0x00 (0) [778] : 0x00 (0) [779] : 0x00 (0) [780] : 0x00 (0) [781] : 0x00 (0) [782] : 0x00 (0) [783] : 0x00 (0) [784] : 0x00 (0) [785] : 0x00 (0) [786] : 0x00 (0) [787] : 0x00 (0) [788] : 0x00 (0) [789] : 0x00 (0) [790] : 0x00 (0) [791] : 0x00 (0) [792] : 0x00 (0) [793] : 0x00 (0) [794] : 0x00 (0) [795] : 0x00 (0) [796] : 0x00 (0) [797] : 0x00 (0) [798] : 0x00 (0) [799] : 0x00 (0) [800] : 0x00 (0) [801] : 0x00 (0) [802] : 0x00 (0) [803] : 0x00 (0) [804] : 0x00 (0) [805] : 0x00 (0) [806] : 0x00 (0) [807] : 0x00 (0) [808] : 0x00 (0) [809] : 0x00 (0) [810] : 0x00 (0) [811] : 0x00 (0) [812] : 0x00 (0) [813] : 0x00 (0) [814] : 0x00 (0) [815] : 0x00 (0) [816] : 0x00 (0) [817] : 0x00 (0) [818] : 0x00 (0) [819] : 0x00 (0) [820] : 0x00 (0) [821] : 0x00 (0) [822] : 0x00 (0) [823] : 0x00 (0) [824] : 0x00 (0) [825] : 0x00 (0) [826] : 0x00 (0) [827] : 0x00 (0) [828] : 0x00 (0) [829] : 0x00 (0) [830] : 0x00 (0) [831] : 0x00 (0) [832] : 0x00 (0) [833] : 0x00 (0) [834] : 0x00 (0) [835] : 0x00 (0) [836] : 0x00 (0) [837] : 0x00 (0) [838] : 0x00 (0) [839] : 0x00 (0) [840] : 0x00 (0) [841] : 0x00 (0) [842] : 0x00 (0) [843] : 0x00 (0) [844] : 0x00 (0) [845] : 0x00 (0) [846] : 0x00 (0) [847] : 0x00 (0) [848] : 0x00 (0) [849] : 0x00 (0) [850] : 0x00 (0) [851] : 0x00 (0) [852] : 0x00 (0) [853] : 0x00 (0) [854] : 0x00 (0) [855] : 0x00 (0) [856] : 0x00 (0) [857] : 0x00 (0) [858] : 0x00 (0) [859] : 0x00 (0) [860] : 0x00 (0) [861] : 0x00 (0) [862] : 0x00 (0) [863] : 0x00 (0) [864] : 0x00 (0) [865] : 0x00 (0) [866] : 0x00 (0) [867] : 0x00 (0) [868] : 0x00 (0) [869] : 0x00 (0) [870] : 0x00 (0) [871] : 0x00 (0) [872] : 0x00 (0) [873] : 0x00 (0) [874] : 0x00 (0) [875] : 0x00 (0) [876] : 0x00 (0) [877] : 0x00 (0) [878] : 0x00 (0) [879] : 0x00 (0) [880] : 0x00 (0) [881] : 0x00 (0) [882] : 0x00 (0) [883] : 0x00 (0) [884] : 0x00 (0) [885] : 0x00 (0) [886] : 0x00 (0) [887] : 0x00 (0) [888] : 0x00 (0) [889] : 0x00 (0) [890] : 0x00 (0) [891] : 0x00 (0) [892] : 0x00 (0) [893] : 0x00 (0) [894] : 0x00 (0) [895] : 0x00 (0) [896] : 0x00 (0) [897] : 0x00 (0) [898] : 0x00 (0) [899] : 0x00 (0) [900] : 0x00 (0) [901] : 0x00 (0) [902] : 0x00 (0) [903] : 0x00 (0) [904] : 0x00 (0) [905] : 0x00 (0) [906] : 0x00 (0) [907] : 0x00 (0) [908] : 0x00 (0) [909] : 0x00 (0) [910] : 0x00 (0) [911] : 0x00 (0) [912] : 0x00 (0) [913] : 0x00 (0) [914] : 0x00 (0) [915] : 0x00 (0) [916] : 0x00 (0) [917] : 0x00 (0) [918] : 0x00 (0) [919] : 0x00 (0) [920] : 0x00 (0) [921] : 0x00 (0) [922] : 0x00 (0) [923] : 0x00 (0) [924] : 0x00 (0) [925] : 0x00 (0) [926] : 0x00 (0) [927] : 0x00 (0) [928] : 0x01 (1) [929] : 0x00 (0) [930] : 0x00 (0) [931] : 0x00 (0) [932] : 0x00 (0) [933] : 0x00 (0) [934] : 0x00 (0) [935] : 0x00 (0) [936] : 0x00 (0) [937] : 0x00 (0) [938] : 0x00 (0) [939] : 0x00 (0) [940] : 0x00 (0) [941] : 0x00 (0) [942] : 0x00 (0) [943] : 0x00 (0) [944] : 0x80 (128) [945] : 0x00 (0) [946] : 0x00 (0) [947] : 0x00 (0) [948] : 0x53 (83) [949] : 0x4d (77) [950] : 0x54 (84) [951] : 0x4a (74) [952] : 0x00 (0) [953] : 0x00 (0) [954] : 0x00 (0) [955] : 0x00 (0) [956] : 0x10 (16) [957] : 0x00 (0) [958] : 0x70 (112) [959] : 0x00 (0) [960] : 0x49 (73) [961] : 0x00 (0) [962] : 0x53 (83) [963] : 0x00 (0) [964] : 0x65 (101) [965] : 0x00 (0) [966] : 0x72 (114) [967] : 0x00 (0) [968] : 0x76 (118) [969] : 0x00 (0) [970] : 0x20 (32) [971] : 0x00 (0) [972] : 0x50 (80) [973] : 0x00 (0) [974] : 0x72 (114) [975] : 0x00 (0) [976] : 0x69 (105) [977] : 0x00 (0) [978] : 0x6e (110) [979] : 0x00 (0) [980] : 0x74 (116) [981] : 0x00 (0) [982] : 0x20 (32) [983] : 0x00 (0) [984] : 0x44 (68) [985] : 0x00 (0) [986] : 0x72 (114) [987] : 0x00 (0) [988] : 0x69 (105) [989] : 0x00 (0) [990] : 0x76 (118) [991] : 0x00 (0) [992] : 0x65 (101) [993] : 0x00 (0) [994] : 0x72 (114) [995] : 0x00 (0) [996] : 0x00 (0) [997] : 0x00 (0) [998] : 0x52 (82) [999] : 0x65 (101) [1000] : 0x73 (115) [1001] : 0x6f (111) [1002] : 0x6c (108) [1003] : 0x75 (117) [1004] : 0x74 (116) [1005] : 0x69 (105) [1006] : 0x6f (111) [1007] : 0x6e (110) [1008] : 0x00 (0) [1009] : 0x36 (54) [1010] : 0x30 (48) [1011] : 0x30 (48) [1012] : 0x64 (100) [1013] : 0x70 (112) [1014] : 0x69 (105) [1015] : 0x00 (0) [1016] : 0x50 (80) [1017] : 0x61 (97) [1018] : 0x67 (103) [1019] : 0x65 (101) [1020] : 0x53 (83) [1021] : 0x69 (105) [1022] : 0x7a (122) [1023] : 0x65 (101) [1024] : 0x00 (0) [1025] : 0x41 (65) [1026] : 0x34 (52) [1027] : 0x00 (0) [1028] : 0x50 (80) [1029] : 0x61 (97) [1030] : 0x67 (103) [1031] : 0x65 (101) [1032] : 0x52 (82) [1033] : 0x65 (101) [1034] : 0x67 (103) [1035] : 0x69 (105) [1036] : 0x6f (111) [1037] : 0x6e (110) [1038] : 0x00 (0) [1039] : 0x00 (0) [1040] : 0x00 (0) [1041] : 0x00 (0) [1042] : 0x00 (0) [1043] : 0x00 (0) [1044] : 0x00 (0) [1045] : 0x00 (0) [1046] : 0x00 (0) [1047] : 0x00 (0) [1048] : 0x00 (0) [1049] : 0x00 (0) [1050] : 0x00 (0) [1051] : 0x00 (0) [1052] : 0x00 (0) [1053] : 0x00 (0) [1054] : 0x00 (0) [1055] : 0x00 (0) [1056] : 0x00 (0) [1057] : 0x00 (0) [1058] : 0x00 (0) [1059] : 0x00 (0) [1060] : 0x00 (0) [1061] : 0x00 (0) [1062] : 0x00 (0) [1063] : 0x00 (0) [1064] : 0x00 (0) [1065] : 0x00 (0) [1066] : 0x00 (0) [1067] : 0x00 (0) [1068] : 0x00 (0) [1069] : 0x00 (0) [1070] : 0x00 (0) [1071] : 0x00 (0) size : * size : 0x00000430 (1072) length : * length : 0x00000430 (1072) result : WERR_OK [2016/11/10 14:56:30.692362, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-2458-8e7c274a0000 enum_index : 0x00000012 (18) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.692440, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 24 58 8E 7C ....$... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.692465, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\test] [2016/11/10 14:56:30.692475, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x2b (43) [1] : 0x4a (74) [2] : 0xa8 (168) [3] : 0x17 (23) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2016/11/10 14:56:30.692581, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-2458-8e7c274a0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2016/11/10 14:56:30.692650, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 24 58 8E 7C ....$... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.692674, 7, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\test] [2016/11/10 14:56:30.692684, 7, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/11/10 14:56:30.692703, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x00000430 (1072) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2016/11/10 14:56:30.692758, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-2458-8e7c274a0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x00000430 (1072) data_length : * data_length : 0x00000000 (0) [2016/11/10 14:56:30.692834, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 24 58 8E 7C ....$... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.692857, 7, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\test] [2016/11/10 14:56:30.692867, 7, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/11/10 14:56:30.692879, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(1072) [0] : 0x5c (92) [1] : 0x00 (0) [2] : 0x5c (92) [3] : 0x00 (0) [4] : 0x69 (105) [5] : 0x00 (0) [6] : 0x73 (115) [7] : 0x00 (0) [8] : 0x65 (101) [9] : 0x00 (0) [10] : 0x72 (114) [11] : 0x00 (0) [12] : 0x76 (118) [13] : 0x00 (0) [14] : 0x5c (92) [15] : 0x00 (0) [16] : 0x78 (120) [17] : 0x00 (0) [18] : 0x79 (121) [19] : 0x00 (0) [20] : 0x7a (122) [21] : 0x00 (0) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x00 (0) [28] : 0x00 (0) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x00 (0) [33] : 0x00 (0) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x00 (0) [44] : 0x00 (0) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x00 (0) [49] : 0x00 (0) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x00 (0) [53] : 0x00 (0) [54] : 0x00 (0) [55] : 0x00 (0) [56] : 0x00 (0) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x00 (0) [62] : 0x00 (0) [63] : 0x00 (0) [64] : 0x01 (1) [65] : 0x04 (4) [66] : 0x00 (0) [67] : 0x06 (6) [68] : 0xdc (220) [69] : 0x00 (0) [70] : 0x54 (84) [71] : 0x03 (3) [72] : 0x53 (83) [73] : 0xef (239) [74] : 0x81 (129) [75] : 0x01 (1) [76] : 0x01 (1) [77] : 0x00 (0) [78] : 0x09 (9) [79] : 0x00 (0) [80] : 0xea (234) [81] : 0x0a (10) [82] : 0x6f (111) [83] : 0x08 (8) [84] : 0x64 (100) [85] : 0x00 (0) [86] : 0x01 (1) [87] : 0x00 (0) [88] : 0x0f (15) [89] : 0x00 (0) [90] : 0x58 (88) [91] : 0x02 (2) [92] : 0x02 (2) [93] : 0x00 (0) [94] : 0x01 (1) [95] : 0x00 (0) [96] : 0x58 (88) [97] : 0x02 (2) [98] : 0x03 (3) [99] : 0x00 (0) [100] : 0x01 (1) [101] : 0x00 (0) [102] : 0x41 (65) [103] : 0x00 (0) [104] : 0x34 (52) [105] : 0x00 (0) [106] : 0x00 (0) [107] : 0x00 (0) [108] : 0x00 (0) [109] : 0x00 (0) [110] : 0x00 (0) [111] : 0x00 (0) [112] : 0x00 (0) [113] : 0x00 (0) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x00 (0) [120] : 0x00 (0) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x00 (0) [125] : 0x00 (0) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x00 (0) [132] : 0x00 (0) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0x00 (0) [137] : 0x00 (0) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x00 (0) [144] : 0x00 (0) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x00 (0) [149] : 0x00 (0) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x00 (0) [154] : 0x00 (0) [155] : 0x00 (0) [156] : 0x00 (0) [157] : 0x00 (0) [158] : 0x00 (0) [159] : 0x00 (0) [160] : 0x00 (0) [161] : 0x00 (0) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x00 (0) [168] : 0x00 (0) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x00 (0) [173] : 0x00 (0) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x00 (0) [178] : 0x00 (0) [179] : 0x00 (0) [180] : 0x01 (1) [181] : 0x00 (0) [182] : 0x00 (0) [183] : 0x00 (0) [184] : 0x00 (0) [185] : 0x00 (0) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x01 (1) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x00 (0) [192] : 0x02 (2) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x01 (1) [197] : 0x00 (0) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x00 (0) [202] : 0x00 (0) [203] : 0x00 (0) [204] : 0x00 (0) [205] : 0x00 (0) [206] : 0x00 (0) [207] : 0x00 (0) [208] : 0x00 (0) [209] : 0x00 (0) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x00 (0) [216] : 0x00 (0) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x50 (80) [221] : 0x52 (82) [222] : 0x49 (73) [223] : 0x56 (86) [224] : 0xe2 (226) [225] : 0x30 (48) [226] : 0x00 (0) [227] : 0x00 (0) [228] : 0x00 (0) [229] : 0x00 (0) [230] : 0x00 (0) [231] : 0x00 (0) [232] : 0x00 (0) [233] : 0x00 (0) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x00 (0) [240] : 0x00 (0) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x00 (0) [245] : 0x00 (0) [246] : 0x00 (0) [247] : 0x00 (0) [248] : 0x00 (0) [249] : 0x00 (0) [250] : 0x00 (0) [251] : 0x00 (0) [252] : 0x00 (0) [253] : 0x00 (0) [254] : 0x00 (0) [255] : 0x00 (0) [256] : 0x00 (0) [257] : 0x00 (0) [258] : 0x00 (0) [259] : 0x00 (0) [260] : 0x00 (0) [261] : 0x00 (0) [262] : 0x00 (0) [263] : 0x00 (0) [264] : 0x00 (0) [265] : 0x00 (0) [266] : 0x00 (0) [267] : 0x00 (0) [268] : 0x00 (0) [269] : 0x00 (0) [270] : 0x00 (0) [271] : 0x00 (0) [272] : 0x00 (0) [273] : 0x00 (0) [274] : 0x00 (0) [275] : 0x00 (0) [276] : 0x00 (0) [277] : 0x00 (0) [278] : 0x00 (0) [279] : 0x00 (0) [280] : 0x00 (0) [281] : 0x00 (0) [282] : 0x00 (0) [283] : 0x00 (0) [284] : 0x00 (0) [285] : 0x00 (0) [286] : 0x00 (0) [287] : 0x00 (0) [288] : 0x00 (0) [289] : 0x00 (0) [290] : 0x00 (0) [291] : 0x00 (0) [292] : 0x00 (0) [293] : 0x00 (0) [294] : 0x00 (0) [295] : 0x00 (0) [296] : 0x00 (0) [297] : 0x00 (0) [298] : 0x00 (0) [299] : 0x00 (0) [300] : 0x00 (0) [301] : 0x00 (0) [302] : 0x00 (0) [303] : 0x00 (0) [304] : 0x00 (0) [305] : 0x00 (0) [306] : 0x00 (0) [307] : 0x00 (0) [308] : 0x18 (24) [309] : 0x00 (0) [310] : 0x00 (0) [311] : 0x00 (0) [312] : 0x00 (0) [313] : 0x00 (0) [314] : 0x10 (16) [315] : 0x27 (39) [316] : 0x10 (16) [317] : 0x27 (39) [318] : 0x10 (16) [319] : 0x27 (39) [320] : 0x00 (0) [321] : 0x00 (0) [322] : 0x10 (16) [323] : 0x27 (39) [324] : 0x00 (0) [325] : 0x00 (0) [326] : 0x00 (0) [327] : 0x00 (0) [328] : 0x00 (0) [329] : 0x00 (0) [330] : 0x00 (0) [331] : 0x00 (0) [332] : 0x80 (128) [333] : 0x00 (0) [334] : 0x54 (84) [335] : 0x03 (3) [336] : 0x00 (0) [337] : 0x00 (0) [338] : 0x00 (0) [339] : 0x00 (0) [340] : 0x00 (0) [341] : 0x00 (0) [342] : 0x00 (0) [343] : 0x00 (0) [344] : 0x00 (0) [345] : 0x00 (0) [346] : 0x00 (0) [347] : 0x00 (0) [348] : 0x00 (0) [349] : 0x00 (0) [350] : 0x00 (0) [351] : 0x00 (0) [352] : 0x00 (0) [353] : 0x00 (0) [354] : 0x00 (0) [355] : 0x00 (0) [356] : 0x00 (0) [357] : 0x00 (0) [358] : 0x00 (0) [359] : 0x00 (0) [360] : 0x03 (3) [361] : 0x00 (0) [362] : 0x00 (0) [363] : 0x00 (0) [364] : 0x00 (0) [365] : 0x00 (0) [366] : 0x00 (0) [367] : 0x00 (0) [368] : 0x00 (0) [369] : 0x00 (0) [370] : 0x10 (16) [371] : 0x00 (0) [372] : 0x50 (80) [373] : 0x34 (52) [374] : 0x03 (3) [375] : 0x00 (0) [376] : 0x28 (40) [377] : 0x88 (136) [378] : 0x04 (4) [379] : 0x00 (0) [380] : 0x00 (0) [381] : 0x00 (0) [382] : 0x00 (0) [383] : 0x00 (0) [384] : 0x00 (0) [385] : 0x00 (0) [386] : 0x00 (0) [387] : 0x00 (0) [388] : 0x00 (0) [389] : 0x00 (0) [390] : 0x01 (1) [391] : 0x00 (0) [392] : 0x00 (0) [393] : 0x00 (0) [394] : 0x00 (0) [395] : 0x00 (0) [396] : 0x00 (0) [397] : 0x00 (0) [398] : 0x00 (0) [399] : 0x00 (0) [400] : 0x00 (0) [401] : 0x00 (0) [402] : 0x00 (0) [403] : 0x00 (0) [404] : 0x00 (0) [405] : 0x00 (0) [406] : 0x00 (0) [407] : 0x00 (0) [408] : 0x24 (36) [409] : 0x01 (1) [410] : 0xdf (223) [411] : 0x8c (140) [412] : 0x03 (3) [413] : 0x00 (0) [414] : 0x00 (0) [415] : 0x00 (0) [416] : 0x05 (5) [417] : 0x00 (0) [418] : 0x0b (11) [419] : 0x00 (0) [420] : 0xff (255) [421] : 0x00 (0) [422] : 0x00 (0) [423] : 0x00 (0) [424] : 0x00 (0) [425] : 0x00 (0) [426] : 0x00 (0) [427] : 0x00 (0) [428] : 0x00 (0) [429] : 0x00 (0) [430] : 0x00 (0) [431] : 0x00 (0) [432] : 0x00 (0) [433] : 0x00 (0) [434] : 0x00 (0) [435] : 0x00 (0) [436] : 0x00 (0) [437] : 0x00 (0) [438] : 0x00 (0) [439] : 0x00 (0) [440] : 0x00 (0) [441] : 0x00 (0) [442] : 0x00 (0) [443] : 0x00 (0) [444] : 0x00 (0) [445] : 0x00 (0) [446] : 0x00 (0) [447] : 0x00 (0) [448] : 0x00 (0) [449] : 0x00 (0) [450] : 0x00 (0) [451] : 0x00 (0) [452] : 0x00 (0) [453] : 0x00 (0) [454] : 0x00 (0) [455] : 0x00 (0) [456] : 0x00 (0) [457] : 0x00 (0) [458] : 0x00 (0) [459] : 0x00 (0) [460] : 0x00 (0) [461] : 0x00 (0) [462] : 0x00 (0) [463] : 0x00 (0) [464] : 0x00 (0) [465] : 0x00 (0) [466] : 0x00 (0) [467] : 0x00 (0) [468] : 0x00 (0) [469] : 0x00 (0) [470] : 0x00 (0) [471] : 0x00 (0) [472] : 0x00 (0) [473] : 0x00 (0) [474] : 0x00 (0) [475] : 0x00 (0) [476] : 0x00 (0) [477] : 0x00 (0) [478] : 0x00 (0) [479] : 0x00 (0) [480] : 0x00 (0) [481] : 0x00 (0) [482] : 0x00 (0) [483] : 0x00 (0) [484] : 0x00 (0) [485] : 0x00 (0) [486] : 0x00 (0) [487] : 0x00 (0) [488] : 0x00 (0) [489] : 0x00 (0) [490] : 0x00 (0) [491] : 0x00 (0) [492] : 0x00 (0) [493] : 0x00 (0) [494] : 0x00 (0) [495] : 0x00 (0) [496] : 0x00 (0) [497] : 0x00 (0) [498] : 0x00 (0) [499] : 0x00 (0) [500] : 0x00 (0) [501] : 0x00 (0) [502] : 0x00 (0) [503] : 0x00 (0) [504] : 0x00 (0) [505] : 0x00 (0) [506] : 0x00 (0) [507] : 0x00 (0) [508] : 0x00 (0) [509] : 0x00 (0) [510] : 0x00 (0) [511] : 0x00 (0) [512] : 0x00 (0) [513] : 0x00 (0) [514] : 0x00 (0) [515] : 0x00 (0) [516] : 0x00 (0) [517] : 0x00 (0) [518] : 0x00 (0) [519] : 0x00 (0) [520] : 0x00 (0) [521] : 0x00 (0) [522] : 0x00 (0) [523] : 0x00 (0) [524] : 0x00 (0) [525] : 0x00 (0) [526] : 0x00 (0) [527] : 0x00 (0) [528] : 0x00 (0) [529] : 0x00 (0) [530] : 0x00 (0) [531] : 0x00 (0) [532] : 0x00 (0) [533] : 0x00 (0) [534] : 0x00 (0) [535] : 0x00 (0) [536] : 0x00 (0) [537] : 0x00 (0) [538] : 0x00 (0) [539] : 0x00 (0) [540] : 0x00 (0) [541] : 0x00 (0) [542] : 0x00 (0) [543] : 0x00 (0) [544] : 0x00 (0) [545] : 0x00 (0) [546] : 0x00 (0) [547] : 0x00 (0) [548] : 0x00 (0) [549] : 0x00 (0) [550] : 0x00 (0) [551] : 0x00 (0) [552] : 0x00 (0) [553] : 0x00 (0) [554] : 0x00 (0) [555] : 0x00 (0) [556] : 0x00 (0) [557] : 0x00 (0) [558] : 0x00 (0) [559] : 0x00 (0) [560] : 0x00 (0) [561] : 0x00 (0) [562] : 0x00 (0) [563] : 0x00 (0) [564] : 0x00 (0) [565] : 0x00 (0) [566] : 0x00 (0) [567] : 0x00 (0) [568] : 0x00 (0) [569] : 0x00 (0) [570] : 0x00 (0) [571] : 0x00 (0) [572] : 0x00 (0) [573] : 0x00 (0) [574] : 0x00 (0) [575] : 0x00 (0) [576] : 0x00 (0) [577] : 0x00 (0) [578] : 0x00 (0) [579] : 0x00 (0) [580] : 0x00 (0) [581] : 0x00 (0) [582] : 0x00 (0) [583] : 0x00 (0) [584] : 0x00 (0) [585] : 0x00 (0) [586] : 0x00 (0) [587] : 0x00 (0) [588] : 0x00 (0) [589] : 0x00 (0) [590] : 0x00 (0) [591] : 0x00 (0) [592] : 0x00 (0) [593] : 0x00 (0) [594] : 0x00 (0) [595] : 0x00 (0) [596] : 0x00 (0) [597] : 0x00 (0) [598] : 0x00 (0) [599] : 0x00 (0) [600] : 0x00 (0) [601] : 0x00 (0) [602] : 0x00 (0) [603] : 0x00 (0) [604] : 0x00 (0) [605] : 0x00 (0) [606] : 0x00 (0) [607] : 0x00 (0) [608] : 0x00 (0) [609] : 0x00 (0) [610] : 0x00 (0) [611] : 0x00 (0) [612] : 0x00 (0) [613] : 0x00 (0) [614] : 0x00 (0) [615] : 0x00 (0) [616] : 0x00 (0) [617] : 0x00 (0) [618] : 0x00 (0) [619] : 0x00 (0) [620] : 0x00 (0) [621] : 0x00 (0) [622] : 0x00 (0) [623] : 0x00 (0) [624] : 0x00 (0) [625] : 0x00 (0) [626] : 0x00 (0) [627] : 0x00 (0) [628] : 0x00 (0) [629] : 0x00 (0) [630] : 0x00 (0) [631] : 0x00 (0) [632] : 0x00 (0) [633] : 0x00 (0) [634] : 0x00 (0) [635] : 0x00 (0) [636] : 0x00 (0) [637] : 0x00 (0) [638] : 0x00 (0) [639] : 0x00 (0) [640] : 0x00 (0) [641] : 0x00 (0) [642] : 0x00 (0) [643] : 0x00 (0) [644] : 0x00 (0) [645] : 0x00 (0) [646] : 0x00 (0) [647] : 0x00 (0) [648] : 0x00 (0) [649] : 0x00 (0) [650] : 0x00 (0) [651] : 0x00 (0) [652] : 0x00 (0) [653] : 0x00 (0) [654] : 0x00 (0) [655] : 0x00 (0) [656] : 0x00 (0) [657] : 0x00 (0) [658] : 0x00 (0) [659] : 0x00 (0) [660] : 0x00 (0) [661] : 0x00 (0) [662] : 0x00 (0) [663] : 0x00 (0) [664] : 0x00 (0) [665] : 0x00 (0) [666] : 0x00 (0) [667] : 0x00 (0) [668] : 0x00 (0) [669] : 0x00 (0) [670] : 0x00 (0) [671] : 0x00 (0) [672] : 0x00 (0) [673] : 0x00 (0) [674] : 0x00 (0) [675] : 0x00 (0) [676] : 0x00 (0) [677] : 0x00 (0) [678] : 0x00 (0) [679] : 0x00 (0) [680] : 0x00 (0) [681] : 0x00 (0) [682] : 0x00 (0) [683] : 0x00 (0) [684] : 0x00 (0) [685] : 0x00 (0) [686] : 0x00 (0) [687] : 0x00 (0) [688] : 0x00 (0) [689] : 0x00 (0) [690] : 0x00 (0) [691] : 0x00 (0) [692] : 0x00 (0) [693] : 0x00 (0) [694] : 0x00 (0) [695] : 0x00 (0) [696] : 0x00 (0) [697] : 0x00 (0) [698] : 0x00 (0) [699] : 0x00 (0) [700] : 0x00 (0) [701] : 0x00 (0) [702] : 0x00 (0) [703] : 0x00 (0) [704] : 0x00 (0) [705] : 0x00 (0) [706] : 0x00 (0) [707] : 0x00 (0) [708] : 0x00 (0) [709] : 0x00 (0) [710] : 0x00 (0) [711] : 0x00 (0) [712] : 0x00 (0) [713] : 0x00 (0) [714] : 0x00 (0) [715] : 0x00 (0) [716] : 0x00 (0) [717] : 0x00 (0) [718] : 0x00 (0) [719] : 0x00 (0) [720] : 0x00 (0) [721] : 0x00 (0) [722] : 0x00 (0) [723] : 0x00 (0) [724] : 0x00 (0) [725] : 0x00 (0) [726] : 0x00 (0) [727] : 0x00 (0) [728] : 0x00 (0) [729] : 0x00 (0) [730] : 0x00 (0) [731] : 0x00 (0) [732] : 0x00 (0) [733] : 0x00 (0) [734] : 0x00 (0) [735] : 0x00 (0) [736] : 0x00 (0) [737] : 0x00 (0) [738] : 0x00 (0) [739] : 0x00 (0) [740] : 0x00 (0) [741] : 0x00 (0) [742] : 0x00 (0) [743] : 0x00 (0) [744] : 0x00 (0) [745] : 0x00 (0) [746] : 0x00 (0) [747] : 0x00 (0) [748] : 0x00 (0) [749] : 0x00 (0) [750] : 0x00 (0) [751] : 0x00 (0) [752] : 0x00 (0) [753] : 0x00 (0) [754] : 0x00 (0) [755] : 0x00 (0) [756] : 0x00 (0) [757] : 0x00 (0) [758] : 0x00 (0) [759] : 0x00 (0) [760] : 0x00 (0) [761] : 0x00 (0) [762] : 0x00 (0) [763] : 0x00 (0) [764] : 0x00 (0) [765] : 0x00 (0) [766] : 0x00 (0) [767] : 0x00 (0) [768] : 0x00 (0) [769] : 0x00 (0) [770] : 0x00 (0) [771] : 0x00 (0) [772] : 0x00 (0) [773] : 0x00 (0) [774] : 0x00 (0) [775] : 0x00 (0) [776] : 0x00 (0) [777] : 0x00 (0) [778] : 0x00 (0) [779] : 0x00 (0) [780] : 0x00 (0) [781] : 0x00 (0) [782] : 0x00 (0) [783] : 0x00 (0) [784] : 0x00 (0) [785] : 0x00 (0) [786] : 0x00 (0) [787] : 0x00 (0) [788] : 0x00 (0) [789] : 0x00 (0) [790] : 0x00 (0) [791] : 0x00 (0) [792] : 0x00 (0) [793] : 0x00 (0) [794] : 0x00 (0) [795] : 0x00 (0) [796] : 0x00 (0) [797] : 0x00 (0) [798] : 0x00 (0) [799] : 0x00 (0) [800] : 0x00 (0) [801] : 0x00 (0) [802] : 0x00 (0) [803] : 0x00 (0) [804] : 0x00 (0) [805] : 0x00 (0) [806] : 0x00 (0) [807] : 0x00 (0) [808] : 0x00 (0) [809] : 0x00 (0) [810] : 0x00 (0) [811] : 0x00 (0) [812] : 0x00 (0) [813] : 0x00 (0) [814] : 0x00 (0) [815] : 0x00 (0) [816] : 0x00 (0) [817] : 0x00 (0) [818] : 0x00 (0) [819] : 0x00 (0) [820] : 0x00 (0) [821] : 0x00 (0) [822] : 0x00 (0) [823] : 0x00 (0) [824] : 0x00 (0) [825] : 0x00 (0) [826] : 0x00 (0) [827] : 0x00 (0) [828] : 0x00 (0) [829] : 0x00 (0) [830] : 0x00 (0) [831] : 0x00 (0) [832] : 0x00 (0) [833] : 0x00 (0) [834] : 0x00 (0) [835] : 0x00 (0) [836] : 0x00 (0) [837] : 0x00 (0) [838] : 0x00 (0) [839] : 0x00 (0) [840] : 0x00 (0) [841] : 0x00 (0) [842] : 0x00 (0) [843] : 0x00 (0) [844] : 0x00 (0) [845] : 0x00 (0) [846] : 0x00 (0) [847] : 0x00 (0) [848] : 0x00 (0) [849] : 0x00 (0) [850] : 0x00 (0) [851] : 0x00 (0) [852] : 0x00 (0) [853] : 0x00 (0) [854] : 0x00 (0) [855] : 0x00 (0) [856] : 0x00 (0) [857] : 0x00 (0) [858] : 0x00 (0) [859] : 0x00 (0) [860] : 0x00 (0) [861] : 0x00 (0) [862] : 0x00 (0) [863] : 0x00 (0) [864] : 0x00 (0) [865] : 0x00 (0) [866] : 0x00 (0) [867] : 0x00 (0) [868] : 0x00 (0) [869] : 0x00 (0) [870] : 0x00 (0) [871] : 0x00 (0) [872] : 0x00 (0) [873] : 0x00 (0) [874] : 0x00 (0) [875] : 0x00 (0) [876] : 0x00 (0) [877] : 0x00 (0) [878] : 0x00 (0) [879] : 0x00 (0) [880] : 0x00 (0) [881] : 0x00 (0) [882] : 0x00 (0) [883] : 0x00 (0) [884] : 0x00 (0) [885] : 0x00 (0) [886] : 0x00 (0) [887] : 0x00 (0) [888] : 0x00 (0) [889] : 0x00 (0) [890] : 0x00 (0) [891] : 0x00 (0) [892] : 0x00 (0) [893] : 0x00 (0) [894] : 0x00 (0) [895] : 0x00 (0) [896] : 0x00 (0) [897] : 0x00 (0) [898] : 0x00 (0) [899] : 0x00 (0) [900] : 0x00 (0) [901] : 0x00 (0) [902] : 0x00 (0) [903] : 0x00 (0) [904] : 0x00 (0) [905] : 0x00 (0) [906] : 0x00 (0) [907] : 0x00 (0) [908] : 0x00 (0) [909] : 0x00 (0) [910] : 0x00 (0) [911] : 0x00 (0) [912] : 0x00 (0) [913] : 0x00 (0) [914] : 0x00 (0) [915] : 0x00 (0) [916] : 0x00 (0) [917] : 0x00 (0) [918] : 0x00 (0) [919] : 0x00 (0) [920] : 0x00 (0) [921] : 0x00 (0) [922] : 0x00 (0) [923] : 0x00 (0) [924] : 0x00 (0) [925] : 0x00 (0) [926] : 0x00 (0) [927] : 0x00 (0) [928] : 0x01 (1) [929] : 0x00 (0) [930] : 0x00 (0) [931] : 0x00 (0) [932] : 0x00 (0) [933] : 0x00 (0) [934] : 0x00 (0) [935] : 0x00 (0) [936] : 0x00 (0) [937] : 0x00 (0) [938] : 0x00 (0) [939] : 0x00 (0) [940] : 0x00 (0) [941] : 0x00 (0) [942] : 0x00 (0) [943] : 0x00 (0) [944] : 0x80 (128) [945] : 0x00 (0) [946] : 0x00 (0) [947] : 0x00 (0) [948] : 0x53 (83) [949] : 0x4d (77) [950] : 0x54 (84) [951] : 0x4a (74) [952] : 0x00 (0) [953] : 0x00 (0) [954] : 0x00 (0) [955] : 0x00 (0) [956] : 0x10 (16) [957] : 0x00 (0) [958] : 0x70 (112) [959] : 0x00 (0) [960] : 0x49 (73) [961] : 0x00 (0) [962] : 0x53 (83) [963] : 0x00 (0) [964] : 0x65 (101) [965] : 0x00 (0) [966] : 0x72 (114) [967] : 0x00 (0) [968] : 0x76 (118) [969] : 0x00 (0) [970] : 0x20 (32) [971] : 0x00 (0) [972] : 0x50 (80) [973] : 0x00 (0) [974] : 0x72 (114) [975] : 0x00 (0) [976] : 0x69 (105) [977] : 0x00 (0) [978] : 0x6e (110) [979] : 0x00 (0) [980] : 0x74 (116) [981] : 0x00 (0) [982] : 0x20 (32) [983] : 0x00 (0) [984] : 0x44 (68) [985] : 0x00 (0) [986] : 0x72 (114) [987] : 0x00 (0) [988] : 0x69 (105) [989] : 0x00 (0) [990] : 0x76 (118) [991] : 0x00 (0) [992] : 0x65 (101) [993] : 0x00 (0) [994] : 0x72 (114) [995] : 0x00 (0) [996] : 0x00 (0) [997] : 0x00 (0) [998] : 0x52 (82) [999] : 0x65 (101) [1000] : 0x73 (115) [1001] : 0x6f (111) [1002] : 0x6c (108) [1003] : 0x75 (117) [1004] : 0x74 (116) [1005] : 0x69 (105) [1006] : 0x6f (111) [1007] : 0x6e (110) [1008] : 0x00 (0) [1009] : 0x36 (54) [1010] : 0x30 (48) [1011] : 0x30 (48) [1012] : 0x64 (100) [1013] : 0x70 (112) [1014] : 0x69 (105) [1015] : 0x00 (0) [1016] : 0x50 (80) [1017] : 0x61 (97) [1018] : 0x67 (103) [1019] : 0x65 (101) [1020] : 0x53 (83) [1021] : 0x69 (105) [1022] : 0x7a (122) [1023] : 0x65 (101) [1024] : 0x00 (0) [1025] : 0x41 (65) [1026] : 0x34 (52) [1027] : 0x00 (0) [1028] : 0x50 (80) [1029] : 0x61 (97) [1030] : 0x67 (103) [1031] : 0x65 (101) [1032] : 0x52 (82) [1033] : 0x65 (101) [1034] : 0x67 (103) [1035] : 0x69 (105) [1036] : 0x6f (111) [1037] : 0x6e (110) [1038] : 0x00 (0) [1039] : 0x00 (0) [1040] : 0x00 (0) [1041] : 0x00 (0) [1042] : 0x00 (0) [1043] : 0x00 (0) [1044] : 0x00 (0) [1045] : 0x00 (0) [1046] : 0x00 (0) [1047] : 0x00 (0) [1048] : 0x00 (0) [1049] : 0x00 (0) [1050] : 0x00 (0) [1051] : 0x00 (0) [1052] : 0x00 (0) [1053] : 0x00 (0) [1054] : 0x00 (0) [1055] : 0x00 (0) [1056] : 0x00 (0) [1057] : 0x00 (0) [1058] : 0x00 (0) [1059] : 0x00 (0) [1060] : 0x00 (0) [1061] : 0x00 (0) [1062] : 0x00 (0) [1063] : 0x00 (0) [1064] : 0x00 (0) [1065] : 0x00 (0) [1066] : 0x00 (0) [1067] : 0x00 (0) [1068] : 0x00 (0) [1069] : 0x00 (0) [1070] : 0x00 (0) [1071] : 0x00 (0) data_size : * data_size : 0x00000430 (1072) data_length : * data_length : 0x00000430 (1072) result : WERR_OK [2016/11/10 14:56:30.696526, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/11/10 14:56:30.696572, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/11/10 14:56:30.696583, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/11/10 14:56:30.696594, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/11/10 14:56:30.696603, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/11/10 14:56:30.696613, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.696621, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM] [2016/11/10 14:56:30.696646, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 25 00 00 00 00 00 00 00 24 58 8E 7C ....%... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.696671, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000025-0000-0000-2458-8e7c274a0000 result : WERR_OK [2016/11/10 14:56:30.696711, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000025-0000-0000-2458-8e7c274a0000 keyname: struct winreg_String name_len : 0x0082 (130) name_size : 0x0082 (130) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\test' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/11/10 14:56:30.696801, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 25 00 00 00 00 00 00 00 24 58 8E 7C ....%... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.696826, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/11/10 14:56:30.696836, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (3->4) [2016/11/10 14:56:30.696846, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/11/10 14:56:30.696856, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/11/10 14:56:30.696866, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.696875, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE] [2016/11/10 14:56:30.696898, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/11/10 14:56:30.696908, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (4->5) [2016/11/10 14:56:30.696918, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.696928, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.696938, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.696948, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.696967, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/11/10 14:56:30.696977, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (5->6) [2016/11/10 14:56:30.696987, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.696996, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.697007, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.697016, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.697033, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/11/10 14:56:30.697045, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (6->7) [2016/11/10 14:56:30.697056, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.697066, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.697077, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.697086, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf76f87c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.697110, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/11/10 14:56:30.697121, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (7->8) [2016/11/10 14:56:30.697131, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.697140, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.697152, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.697161, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf76f87c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.697178, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/11/10 14:56:30.697188, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (8->9) [2016/11/10 14:56:30.697198, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.697207, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.697219, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.697228, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.697273, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [test] [2016/11/10 14:56:30.697283, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (9->10) [2016/11/10 14:56:30.697293, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\test] [2016/11/10 14:56:30.697304, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\test] [2016/11/10 14:56:30.697316, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.697325, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\test] [2016/11/10 14:56:30.697347, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (10->9) [2016/11/10 14:56:30.697358, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (9->8) [2016/11/10 14:56:30.697368, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (8->7) [2016/11/10 14:56:30.697377, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (7->6) [2016/11/10 14:56:30.697386, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (6->5) [2016/11/10 14:56:30.697395, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (5->4) [2016/11/10 14:56:30.697405, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 26 00 00 00 00 00 00 00 24 58 8E 7C ....&... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.697429, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000026-0000-0000-2458-8e7c274a0000 result : WERR_OK [2016/11/10 14:56:30.697470, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000026-0000-0000-2458-8e7c274a0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2016/11/10 14:56:30.697539, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 26 00 00 00 00 00 00 00 24 58 8E 7C ....&... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.697564, 7, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\test] [2016/11/10 14:56:30.697576, 7, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/11/10 14:56:30.697585, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\test' (ops 0xf7331040) [2016/11/10 14:56:30.697595, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\test] [2016/11/10 14:56:30.697613, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2016/11/10 14:56:30.697624, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[1]: name[Datatype] len[8] [2016/11/10 14:56:30.697634, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[2]: name[Default Priority] len[4] [2016/11/10 14:56:30.697644, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[3]: name[Port] len[38] [2016/11/10 14:56:30.697653, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[4]: name[Name] len[10] [2016/11/10 14:56:30.697663, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[5]: name[Print Processor] len[18] [2016/11/10 14:56:30.697673, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[6]: name[Priority] len[4] [2016/11/10 14:56:30.697683, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[7]: name[Security] len[248] [2016/11/10 14:56:30.697693, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[8]: name[Share Name] len[10] [2016/11/10 14:56:30.697703, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[9]: name[StartTime] len[4] [2016/11/10 14:56:30.697713, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[10]: name[UntilTime] len[4] [2016/11/10 14:56:30.697724, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[11]: name[Description] len[20] [2016/11/10 14:56:30.697734, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[12]: name[Printer Driver] len[38] [2016/11/10 14:56:30.697744, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[13]: name[Location] len[2] [2016/11/10 14:56:30.697755, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[14]: name[Parameters] len[2] [2016/11/10 14:56:30.697767, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[15]: name[Separator File] len[2] [2016/11/10 14:56:30.697778, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[16]: name[Status] len[4] [2016/11/10 14:56:30.697789, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[17]: name[Default DevMode] len[1072] [2016/11/10 14:56:30.697800, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[18]: name[ChangeID] len[4] [2016/11/10 14:56:30.697811, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2016/11/10 14:56:30.697860, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000026-0000-0000-2458-8e7c274a0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2016/11/10 14:56:30.697932, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 26 00 00 00 00 00 00 00 24 58 8E 7C ....&... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.697956, 7, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\test] [2016/11/10 14:56:30.697966, 7, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/11/10 14:56:30.697977, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xae (174) [101] : 0x66 (102) [102] : 0x85 (133) [103] : 0x50 (80) [104] : 0xdc (220) [105] : 0x80 (128) [106] : 0xb5 (181) [107] : 0x88 (136) [108] : 0x63 (99) [109] : 0xbb (187) [110] : 0x04 (4) [111] : 0x8c (140) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xae (174) [137] : 0x66 (102) [138] : 0x85 (133) [139] : 0x50 (80) [140] : 0xdc (220) [141] : 0x80 (128) [142] : 0xb5 (181) [143] : 0x88 (136) [144] : 0x63 (99) [145] : 0xbb (187) [146] : 0x04 (4) [147] : 0x8c (140) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2016/11/10 14:56:30.698873, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000026-0000-0000-2458-8e7c274a0000 [2016/11/10 14:56:30.698903, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 26 00 00 00 00 00 00 00 24 58 8E 7C ....&... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.698927, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 26 00 00 00 00 00 00 00 24 58 8E 7C ....&... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.698949, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) Closed policy [2016/11/10 14:56:30.698960, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (4->3) [2016/11/10 14:56:30.698970, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/11/10 14:56:30.699008, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000025-0000-0000-2458-8e7c274a0000 [2016/11/10 14:56:30.699035, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 25 00 00 00 00 00 00 00 24 58 8E 7C ....%... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.699058, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 25 00 00 00 00 00 00 00 24 58 8E 7C ....%... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.699080, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) Closed policy [2016/11/10 14:56:30.699089, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/11/10 14:56:30.699098, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/11/10 14:56:30.699133, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-2458-8e7c274a0000 [2016/11/10 14:56:30.699158, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 24 58 8E 7C ....$... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.699181, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 24 58 8E 7C ....$... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.699203, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) Closed policy [2016/11/10 14:56:30.699214, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (2->1) [2016/11/10 14:56:30.699223, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/11/10 14:56:30.699257, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000023-0000-0000-2458-8e7c274a0000 [2016/11/10 14:56:30.699286, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 23 00 00 00 00 00 00 00 24 58 8E 7C ....#... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.699309, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 23 00 00 00 00 00 00 00 24 58 8E 7C ....#... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.699332, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) Closed policy [2016/11/10 14:56:30.699342, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (1->0) [2016/11/10 14:56:30.699406, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/11/10 14:56:30.699445, 10, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:418(close_policy_by_pipe) Deleted handle list for RPC connection winreg printername: test [2016/11/10 14:56:30.699484, 10, pid=18983, effective(0, 0), real(0, 0), class=tdb] ../source3/lib/gencache.c:333(gencache_set_data_blob) Adding cache entry with key=[PRINTERNAME/AAAAAAAAAAAAAAAAAAAAAÄ] and timeout=[Fr Jan 2 01:39:15 1970 CET] (-1478697435 seconds in the past) set_printer_hnd_name: Printer found: AAAAAAAAAAAAAAAAAAAAAÄ -> aaaaaaaaaaaaaaaaaaaaaä [2016/11/10 14:56:30.699623, 5, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:771(open_printer_hnd) 1 printer handles active [2016/11/10 14:56:30.699634, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0E 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.699665, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0E 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.699697, 4, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:490(get_printer_snum) short name:aaaaaaaaaaaaaaaaaaaaaä [2016/11/10 14:56:30.699720, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/access.c:338(allow_access) Allowed connection from 192.168.9.8 (192.168.9.8) [2016/11/10 14:56:30.699766, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/share_access.c:237(user_ok_token) user_ok_token: share aaaaaaaaaaaaaaaaaaaaaä is ok for unix user root [2016/11/10 14:56:30.699790, 4, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:1922(_spoolss_OpenPrinterEx) Setting printer access = PRINTER_ACCESS_ADMINISTER [2016/11/10 14:56:30.699808, 4, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) Create pipe requested winreg [2016/11/10 14:56:30.699824, 10, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:223(init_pipe_handles) init_pipe_handle_list: created handle list for pipe winreg [2016/11/10 14:56:30.699834, 10, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:240(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg [2016/11/10 14:56:30.699858, 4, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) Created internal pipe winreg [2016/11/10 14:56:30.699874, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/11/10 14:56:30.699921, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/11/10 14:56:30.699937, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2016/11/10 14:56:30.699949, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:491(push_conn_ctx) push_conn_ctx(14969) : conn_ctx_stack_ndx = 0 [2016/11/10 14:56:30.699959, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2016/11/10 14:56:30.699968, 5, pid=18983, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/11/10 14:56:30.699977, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/11/10 14:56:30.700034, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2016/11/10 14:56:30.700046, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:885(regdb_open) regdb_open: registry db opened. refcount reset (1) [2016/11/10 14:56:30.700056, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/11/10 14:56:30.700066, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/11/10 14:56:30.700075, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.700091, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM] [2016/11/10 14:56:30.700123, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 24 58 8E 7C ....'... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.700149, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000027-0000-0000-2458-8e7c274a0000 result : WERR_OK [2016/11/10 14:56:30.700196, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000027-0000-0000-2458-8e7c274a0000 keyname: struct winreg_String name_len : 0x00a6 (166) name_size : 0x00a6 (166) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/11/10 14:56:30.700287, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 24 58 8E 7C ....'... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.700314, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/11/10 14:56:30.700324, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (1->2) [2016/11/10 14:56:30.700335, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/11/10 14:56:30.700344, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/11/10 14:56:30.700355, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.700364, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE] [2016/11/10 14:56:30.700386, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/11/10 14:56:30.700396, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/11/10 14:56:30.700406, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.700416, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.700427, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.700436, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.700461, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/11/10 14:56:30.700472, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (3->4) [2016/11/10 14:56:30.700483, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.700492, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.700503, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.700512, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.700529, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/11/10 14:56:30.700539, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (4->5) [2016/11/10 14:56:30.700549, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.700558, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.700570, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.700578, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf76f87c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.700601, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/11/10 14:56:30.700611, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (5->6) [2016/11/10 14:56:30.700621, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.700631, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.700643, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.700651, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf76f87c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.700669, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/11/10 14:56:30.700679, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (6->7) [2016/11/10 14:56:30.700691, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.700701, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.700712, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.700721, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.700764, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.700775, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (7->8) [2016/11/10 14:56:30.700785, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.700794, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.700806, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.700815, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.700839, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (8->7) [2016/11/10 14:56:30.700849, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (7->6) [2016/11/10 14:56:30.700859, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (6->5) [2016/11/10 14:56:30.700869, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (5->4) [2016/11/10 14:56:30.700878, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (4->3) [2016/11/10 14:56:30.700888, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/11/10 14:56:30.700898, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 24 58 8E 7C ....(... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.700922, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000028-0000-0000-2458-8e7c274a0000 result : WERR_OK [2016/11/10 14:56:30.700966, 2, pid=18983, effective(0, 0), real(0, 0)] ../source3/rpc_client/cli_winreg_spoolss.c:626(winreg_create_printer) winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä already exists [2016/11/10 14:56:30.700986, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000028-0000-0000-2458-8e7c274a0000 [2016/11/10 14:56:30.701013, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 24 58 8E 7C ....(... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.701038, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 24 58 8E 7C ....(... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.701060, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) Closed policy [2016/11/10 14:56:30.701070, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (2->1) [2016/11/10 14:56:30.701080, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/11/10 14:56:30.701117, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000027-0000-0000-2458-8e7c274a0000 [2016/11/10 14:56:30.701145, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 24 58 8E 7C ....'... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.701168, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 24 58 8E 7C ....'... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.701191, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) Closed policy [2016/11/10 14:56:30.701201, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (1->0) [2016/11/10 14:56:30.701254, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/11/10 14:56:30.701295, 10, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:418(close_policy_by_pipe) Deleted handle list for RPC connection winreg [2016/11/10 14:56:30.701307, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx out: struct spoolss_OpenPrinterEx handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000e-0000-0000-2458-8e7c274a0000 result : WERR_OK [2016/11/10 14:56:30.701340, 5, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1496(api_rpcTNP) api_rpcTNP: called spoolss successfully [2016/11/10 14:56:30.701357, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2016/11/10 14:56:30.701372, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000006 (6) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 0E 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 00 00 00 00 'J...... [2016/11/10 14:56:30.701494, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:509(named_pipe_packet_process) Sending 1 fragments in a total of 24 bytes [2016/11/10 14:56:30.701504, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:514(named_pipe_packet_process) Sending PDU number: 0, PDU Length: 48 [2016/11/10 14:56:30.701542, 10, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:417(np_read_recv) Received 48 bytes. There is no more data outstanding [2016/11/10 14:56:30.701554, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2016/11/10 14:56:30.701564, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/util.c:171(show_msg) [2016/11/10 14:56:30.701571, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/util.c:181(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51223 smb_tid=13490 smb_pid=18981 smb_uid=14969 smb_mid=12 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2016/11/10 14:56:30.701630, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 06 00 00 ........ .0...... [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 0E 00 00 ........ ........ [0020] 00 00 00 00 00 24 58 8E 7C 27 4A 00 00 00 00 00 .....$X. |'J..... [0030] 00 . [2016/11/10 14:56:30.701675, 10, pid=18983, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:158(smb_signing_md5) smb_signing_md5: sequence number 21 [2016/11/10 14:56:30.701686, 10, pid=18983, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:271(smb_signing_sign_pdu) smb_signing_sign_pdu: sent SMB signature of [2016/11/10 14:56:30.701695, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) [0000] 16 4C 31 19 75 49 68 25 .L1.uIh% [2016/11/10 14:56:30.701835, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/util_sock.c:248(read_smb_length_return_keepalive) got smb length of 140 [2016/11/10 14:56:30.701848, 10, pid=18983, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:158(smb_signing_md5) smb_signing_md5: sequence number 22 [2016/11/10 14:56:30.701858, 10, pid=18983, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:330(smb_signing_check_pdu) smb_signing_check_pdu: seq 22: got good SMB signature of [2016/11/10 14:56:30.701867, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) [0000] 98 81 06 4F 7E 21 E1 25 ...O~!.% [2016/11/10 14:56:30.701882, 6, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1955(process_smb) got message type 0x0 of len 0x8c [2016/11/10 14:56:30.701891, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1957(process_smb) Transaction 13 of length 144 (0 toread) [2016/11/10 14:56:30.701901, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/util.c:171(show_msg) [2016/11/10 14:56:30.701908, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/util.c:181(show_msg) size=140 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51287 smb_tid=13490 smb_pid=18981 smb_uid=14969 smb_mid=13 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 56 (0x38) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 56 (0x38) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=15992 (0x3E78) smb_bcc=73 [2016/11/10 14:56:30.701981, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 38 00 00 00 07 00 00 ........ .8...... [0020] 00 20 00 00 00 00 00 08 00 00 00 00 00 0E 00 00 . ...... ........ [0030] 00 00 00 00 00 24 58 8E 7C 27 4A 00 00 02 00 00 .....$X. |'J..... [0040] 00 00 00 00 00 00 00 00 00 ........ . [2016/11/10 14:56:30.702037, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1538(switch_message) switch message SMBtrans (pid 18983) conn 0xf93f01e8 [2016/11/10 14:56:30.702048, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2016/11/10 14:56:30.702060, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:591(handle_trans) trans <\PIPE\> data=56 params=0 setup=2 [2016/11/10 14:56:30.702071, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:624(handle_trans) calling named_pipe [2016/11/10 14:56:30.702080, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:542(named_pipe) named pipe command on <> name [2016/11/10 14:56:30.702093, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:464(api_fd_reply) api_fd_reply [2016/11/10 14:56:30.702103, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:506(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 3e78) [2016/11/10 14:56:30.702113, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:508(api_fd_reply) api_fd_reply: p:0xf93f09e8 max_trans_reply: 4280 [2016/11/10 14:56:30.702123, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:172(np_write_send) np_write_send: len: 56 [2016/11/10 14:56:30.702156, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:441(named_pipe_packet_process) PDU is in Little Endian format! [2016/11/10 14:56:30.702167, 10, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1685(process_complete_pdu) Processing packet type 0 [2016/11/10 14:56:30.702177, 10, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1554(dcesrv_auth_request) Checking request auth. [2016/11/10 14:56:30.702190, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2016/11/10 14:56:30.702202, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2016/11/10 14:56:30.702212, 5, pid=18983, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1350919854-2293596380-2349120355-1000 SID[ 1]: S-1-5-21-1350919854-2293596380-2349120355-513 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-1-0 SID[ 4]: S-1-5-2 SID[ 5]: S-1-5-11 SID[ 6]: S-1-22-1-0 Privileges (0x 0): Rights (0x 0): [2016/11/10 14:56:30.702248, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 1 supplementary groups Group[ 0]: 0 [2016/11/10 14:56:30.702268, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:452(smbd_become_authenticated_pipe_user) Impersonated user: uid=(0,0), gid=(0,0) [2016/11/10 14:56:30.702279, 5, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1404(api_pipe_request) Requested spoolss rpc service [2016/11/10 14:56:30.702289, 4, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1429(api_rpcTNP) api_rpcTNP: spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2016/11/10 14:56:30.702300, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1469(api_rpcTNP) api_rpc_cmds[8].fn == 0xf750ca20 [2016/11/10 14:56:30.702310, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter in: struct spoolss_GetPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000e-0000-0000-2458-8e7c274a0000 level : 0x00000002 (2) buffer : NULL offered : 0x00000000 (0) [2016/11/10 14:56:30.702348, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0E 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.702373, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0E 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.702399, 4, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:490(get_printer_snum) short name:aaaaaaaaaaaaaaaaaaaaaä [2016/11/10 14:56:30.702419, 4, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) Create pipe requested winreg [2016/11/10 14:56:30.702430, 10, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:223(init_pipe_handles) init_pipe_handle_list: created handle list for pipe winreg [2016/11/10 14:56:30.702440, 10, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:240(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg [2016/11/10 14:56:30.702458, 4, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) Created internal pipe winreg [2016/11/10 14:56:30.702477, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/11/10 14:56:30.702522, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/11/10 14:56:30.702535, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2016/11/10 14:56:30.702546, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:491(push_conn_ctx) push_conn_ctx(14969) : conn_ctx_stack_ndx = 0 [2016/11/10 14:56:30.702556, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2016/11/10 14:56:30.702565, 5, pid=18983, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/11/10 14:56:30.702573, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/11/10 14:56:30.702623, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2016/11/10 14:56:30.702634, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:885(regdb_open) regdb_open: registry db opened. refcount reset (1) [2016/11/10 14:56:30.702644, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/11/10 14:56:30.702654, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/11/10 14:56:30.702663, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.702672, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM] [2016/11/10 14:56:30.702699, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 29 00 00 00 00 00 00 00 24 58 8E 7C ....)... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.702728, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000029-0000-0000-2458-8e7c274a0000 result : WERR_OK [2016/11/10 14:56:30.702771, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000029-0000-0000-2458-8e7c274a0000 keyname: struct winreg_String name_len : 0x00a6 (166) name_size : 0x00a6 (166) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/11/10 14:56:30.702861, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 29 00 00 00 00 00 00 00 24 58 8E 7C ....)... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.702886, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/11/10 14:56:30.702896, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (1->2) [2016/11/10 14:56:30.702906, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/11/10 14:56:30.702916, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/11/10 14:56:30.702926, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.702935, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE] [2016/11/10 14:56:30.702957, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/11/10 14:56:30.702967, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/11/10 14:56:30.702977, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.702989, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.703001, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.703010, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.703031, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/11/10 14:56:30.703042, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (3->4) [2016/11/10 14:56:30.703052, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.703062, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.703073, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.703082, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.703100, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/11/10 14:56:30.703110, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (4->5) [2016/11/10 14:56:30.703120, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.703129, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.703140, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.703149, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf76f87c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.703172, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/11/10 14:56:30.703182, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (5->6) [2016/11/10 14:56:30.703192, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.703202, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.703213, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.703222, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf76f87c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.703242, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/11/10 14:56:30.703252, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (6->7) [2016/11/10 14:56:30.703262, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.703271, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.703283, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.703292, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.703335, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.703345, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (7->8) [2016/11/10 14:56:30.703355, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.703365, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.703377, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.703386, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.703409, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (8->7) [2016/11/10 14:56:30.703419, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (7->6) [2016/11/10 14:56:30.703429, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (6->5) [2016/11/10 14:56:30.703439, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (5->4) [2016/11/10 14:56:30.703448, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (4->3) [2016/11/10 14:56:30.703457, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/11/10 14:56:30.703467, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 2A 00 00 00 00 00 00 00 24 58 8E 7C ....*... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.703493, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002a-0000-0000-2458-8e7c274a0000 result : WERR_OK [2016/11/10 14:56:30.703534, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002a-0000-0000-2458-8e7c274a0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2016/11/10 14:56:30.703579, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2A 00 00 00 00 00 00 00 24 58 8E 7C ....*... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.703604, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä' (ops 0xf7331040) [2016/11/10 14:56:30.703615, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.703634, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2016/11/10 14:56:30.703645, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[1]: name[Datatype] len[8] [2016/11/10 14:56:30.703655, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[2]: name[Default Priority] len[4] [2016/11/10 14:56:30.703665, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[3]: name[Port] len[38] [2016/11/10 14:56:30.703675, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[4]: name[Name] len[46] [2016/11/10 14:56:30.703685, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[5]: name[Print Processor] len[18] [2016/11/10 14:56:30.703696, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[6]: name[Priority] len[4] [2016/11/10 14:56:30.703706, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[7]: name[Security] len[248] [2016/11/10 14:56:30.703716, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[8]: name[Share Name] len[46] [2016/11/10 14:56:30.703727, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[9]: name[StartTime] len[4] [2016/11/10 14:56:30.703740, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[10]: name[UntilTime] len[4] [2016/11/10 14:56:30.703750, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[11]: name[Description] len[56] [2016/11/10 14:56:30.703761, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[12]: name[Printer Driver] len[38] [2016/11/10 14:56:30.703771, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[13]: name[Location] len[2] [2016/11/10 14:56:30.703781, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[14]: name[Parameters] len[2] [2016/11/10 14:56:30.703791, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[15]: name[Separator File] len[2] [2016/11/10 14:56:30.703802, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[16]: name[Status] len[4] [2016/11/10 14:56:30.703814, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[17]: name[Default DevMode] len[1072] [2016/11/10 14:56:30.703825, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[18]: name[ChangeID] len[4] [2016/11/10 14:56:30.703836, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.703856, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x00000013 (19) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x00000430 (1072) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2016/11/10 14:56:30.703949, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002a-0000-0000-2458-8e7c274a0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.704028, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2A 00 00 00 00 00 00 00 24 58 8E 7C ....*... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.704051, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.704063, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2016/11/10 14:56:30.704154, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002a-0000-0000-2458-8e7c274a0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.704229, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2A 00 00 00 00 00 00 00 24 58 8E 7C ....*... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.704255, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.704266, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2016/11/10 14:56:30.704362, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002a-0000-0000-2458-8e7c274a0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.704437, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2A 00 00 00 00 00 00 00 24 58 8E 7C ....*... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.704462, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.704472, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2016/11/10 14:56:30.704558, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002a-0000-0000-2458-8e7c274a0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.704633, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2A 00 00 00 00 00 00 00 24 58 8E 7C ....*... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.704658, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.704669, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2016/11/10 14:56:30.704923, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002a-0000-0000-2458-8e7c274a0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.705000, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2A 00 00 00 00 00 00 00 24 58 8E 7C ....*... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.705025, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.705036, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(46) [0] : 0x61 (97) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x61 (97) [5] : 0x00 (0) [6] : 0x61 (97) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x61 (97) [11] : 0x00 (0) [12] : 0x61 (97) [13] : 0x00 (0) [14] : 0x61 (97) [15] : 0x00 (0) [16] : 0x61 (97) [17] : 0x00 (0) [18] : 0x61 (97) [19] : 0x00 (0) [20] : 0x61 (97) [21] : 0x00 (0) [22] : 0x61 (97) [23] : 0x00 (0) [24] : 0x61 (97) [25] : 0x00 (0) [26] : 0x61 (97) [27] : 0x00 (0) [28] : 0x61 (97) [29] : 0x00 (0) [30] : 0x61 (97) [31] : 0x00 (0) [32] : 0x61 (97) [33] : 0x00 (0) [34] : 0x61 (97) [35] : 0x00 (0) [36] : 0x61 (97) [37] : 0x00 (0) [38] : 0x61 (97) [39] : 0x00 (0) [40] : 0x61 (97) [41] : 0x00 (0) [42] : 0xe4 (228) [43] : 0x00 (0) [44] : 0x00 (0) [45] : 0x00 (0) size : * size : 0x0000002e (46) length : * length : 0x0000002e (46) result : WERR_OK [2016/11/10 14:56:30.705283, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002a-0000-0000-2458-8e7c274a0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.705361, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2A 00 00 00 00 00 00 00 24 58 8E 7C ....*... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.705386, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.705397, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2016/11/10 14:56:30.705529, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002a-0000-0000-2458-8e7c274a0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.705607, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2A 00 00 00 00 00 00 00 24 58 8E 7C ....*... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.705632, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.705645, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2016/11/10 14:56:30.705734, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002a-0000-0000-2458-8e7c274a0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.705809, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2A 00 00 00 00 00 00 00 24 58 8E 7C ....*... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.705833, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.705844, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xae (174) [101] : 0x66 (102) [102] : 0x85 (133) [103] : 0x50 (80) [104] : 0xdc (220) [105] : 0x80 (128) [106] : 0xb5 (181) [107] : 0x88 (136) [108] : 0x63 (99) [109] : 0xbb (187) [110] : 0x04 (4) [111] : 0x8c (140) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xae (174) [137] : 0x66 (102) [138] : 0x85 (133) [139] : 0x50 (80) [140] : 0xdc (220) [141] : 0x80 (128) [142] : 0xb5 (181) [143] : 0x88 (136) [144] : 0x63 (99) [145] : 0xbb (187) [146] : 0x04 (4) [147] : 0x8c (140) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) size : * size : 0x000000f8 (248) length : * length : 0x000000f8 (248) result : WERR_OK [2016/11/10 14:56:30.706838, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002a-0000-0000-2458-8e7c274a0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.706914, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2A 00 00 00 00 00 00 00 24 58 8E 7C ....*... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.706941, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.706952, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(46) [0] : 0x61 (97) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x61 (97) [5] : 0x00 (0) [6] : 0x61 (97) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x61 (97) [11] : 0x00 (0) [12] : 0x61 (97) [13] : 0x00 (0) [14] : 0x61 (97) [15] : 0x00 (0) [16] : 0x61 (97) [17] : 0x00 (0) [18] : 0x61 (97) [19] : 0x00 (0) [20] : 0x61 (97) [21] : 0x00 (0) [22] : 0x61 (97) [23] : 0x00 (0) [24] : 0x61 (97) [25] : 0x00 (0) [26] : 0x61 (97) [27] : 0x00 (0) [28] : 0x61 (97) [29] : 0x00 (0) [30] : 0x61 (97) [31] : 0x00 (0) [32] : 0x61 (97) [33] : 0x00 (0) [34] : 0x61 (97) [35] : 0x00 (0) [36] : 0x61 (97) [37] : 0x00 (0) [38] : 0x61 (97) [39] : 0x00 (0) [40] : 0x61 (97) [41] : 0x00 (0) [42] : 0xe4 (228) [43] : 0x00 (0) [44] : 0x00 (0) [45] : 0x00 (0) size : * size : 0x0000002e (46) length : * length : 0x0000002e (46) result : WERR_OK [2016/11/10 14:56:30.707195, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002a-0000-0000-2458-8e7c274a0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.707269, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2A 00 00 00 00 00 00 00 24 58 8E 7C ....*... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.707293, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.707304, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2016/11/10 14:56:30.707389, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002a-0000-0000-2458-8e7c274a0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.707465, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2A 00 00 00 00 00 00 00 24 58 8E 7C ....*... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.707490, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.707501, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2016/11/10 14:56:30.707589, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002a-0000-0000-2458-8e7c274a0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.707664, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2A 00 00 00 00 00 00 00 24 58 8E 7C ....*... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.707688, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.707699, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(56) [0] : 0x61 (97) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x61 (97) [5] : 0x00 (0) [6] : 0x61 (97) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x61 (97) [11] : 0x00 (0) [12] : 0x61 (97) [13] : 0x00 (0) [14] : 0x61 (97) [15] : 0x00 (0) [16] : 0x61 (97) [17] : 0x00 (0) [18] : 0x61 (97) [19] : 0x00 (0) [20] : 0x61 (97) [21] : 0x00 (0) [22] : 0x61 (97) [23] : 0x00 (0) [24] : 0x61 (97) [25] : 0x00 (0) [26] : 0x61 (97) [27] : 0x00 (0) [28] : 0x61 (97) [29] : 0x00 (0) [30] : 0x61 (97) [31] : 0x00 (0) [32] : 0x61 (97) [33] : 0x00 (0) [34] : 0x61 (97) [35] : 0x00 (0) [36] : 0x61 (97) [37] : 0x00 (0) [38] : 0x61 (97) [39] : 0x00 (0) [40] : 0x61 (97) [41] : 0x00 (0) [42] : 0xe4 (228) [43] : 0x00 (0) [44] : 0x2c (44) [45] : 0x00 (0) [46] : 0x20 (32) [47] : 0x00 (0) [48] : 0x30 (48) [49] : 0x00 (0) [50] : 0x2b (43) [51] : 0x00 (0) [52] : 0x30 (48) [53] : 0x00 (0) [54] : 0x00 (0) [55] : 0x00 (0) size : * size : 0x00000038 (56) length : * length : 0x00000038 (56) result : WERR_OK [2016/11/10 14:56:30.707979, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002a-0000-0000-2458-8e7c274a0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.708055, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2A 00 00 00 00 00 00 00 24 58 8E 7C ....*... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.708080, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.708100, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x001e (30) size : 0x0024 (36) name : * name : 'Printer Driver' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x49 (73) [1] : 0x00 (0) [2] : 0x53 (83) [3] : 0x00 (0) [4] : 0x65 (101) [5] : 0x00 (0) [6] : 0x72 (114) [7] : 0x00 (0) [8] : 0x76 (118) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x20 (32) [23] : 0x00 (0) [24] : 0x44 (68) [25] : 0x00 (0) [26] : 0x72 (114) [27] : 0x00 (0) [28] : 0x69 (105) [29] : 0x00 (0) [30] : 0x76 (118) [31] : 0x00 (0) [32] : 0x65 (101) [33] : 0x00 (0) [34] : 0x72 (114) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2016/11/10 14:56:30.708298, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002a-0000-0000-2458-8e7c274a0000 enum_index : 0x0000000d (13) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.708376, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2A 00 00 00 00 00 00 00 24 58 8E 7C ....*... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.708400, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.708412, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Location' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2016/11/10 14:56:30.708491, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002a-0000-0000-2458-8e7c274a0000 enum_index : 0x0000000e (14) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.708569, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2A 00 00 00 00 00 00 00 24 58 8E 7C ....*... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.708593, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.708604, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Parameters' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2016/11/10 14:56:30.708681, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002a-0000-0000-2458-8e7c274a0000 enum_index : 0x0000000f (15) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.708755, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2A 00 00 00 00 00 00 00 24 58 8E 7C ....*... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.708783, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.708794, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x001e (30) size : 0x0024 (36) name : * name : 'Separator File' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2016/11/10 14:56:30.708869, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002a-0000-0000-2458-8e7c274a0000 enum_index : 0x00000010 (16) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.708943, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2A 00 00 00 00 00 00 00 24 58 8E 7C ....*... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.708967, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.708977, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000e (14) size : 0x0024 (36) name : * name : 'Status' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2016/11/10 14:56:30.709066, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002a-0000-0000-2458-8e7c274a0000 enum_index : 0x00000011 (17) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.709140, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2A 00 00 00 00 00 00 00 24 58 8E 7C ....*... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.709164, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.709175, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Default DevMode' type : * type : REG_BINARY (3) value : * value: ARRAY(1072) [0] : 0x5c (92) [1] : 0x00 (0) [2] : 0x5c (92) [3] : 0x00 (0) [4] : 0x69 (105) [5] : 0x00 (0) [6] : 0x73 (115) [7] : 0x00 (0) [8] : 0x65 (101) [9] : 0x00 (0) [10] : 0x72 (114) [11] : 0x00 (0) [12] : 0x76 (118) [13] : 0x00 (0) [14] : 0x5c (92) [15] : 0x00 (0) [16] : 0x78 (120) [17] : 0x00 (0) [18] : 0x79 (121) [19] : 0x00 (0) [20] : 0x7a (122) [21] : 0x00 (0) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x00 (0) [28] : 0x00 (0) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x00 (0) [33] : 0x00 (0) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x00 (0) [44] : 0x00 (0) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x00 (0) [49] : 0x00 (0) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x00 (0) [53] : 0x00 (0) [54] : 0x00 (0) [55] : 0x00 (0) [56] : 0x00 (0) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x00 (0) [62] : 0x00 (0) [63] : 0x00 (0) [64] : 0x01 (1) [65] : 0x04 (4) [66] : 0x00 (0) [67] : 0x06 (6) [68] : 0xdc (220) [69] : 0x00 (0) [70] : 0x54 (84) [71] : 0x03 (3) [72] : 0x53 (83) [73] : 0xef (239) [74] : 0x81 (129) [75] : 0x01 (1) [76] : 0x01 (1) [77] : 0x00 (0) [78] : 0x09 (9) [79] : 0x00 (0) [80] : 0xea (234) [81] : 0x0a (10) [82] : 0x6f (111) [83] : 0x08 (8) [84] : 0x64 (100) [85] : 0x00 (0) [86] : 0x01 (1) [87] : 0x00 (0) [88] : 0x0f (15) [89] : 0x00 (0) [90] : 0x58 (88) [91] : 0x02 (2) [92] : 0x02 (2) [93] : 0x00 (0) [94] : 0x01 (1) [95] : 0x00 (0) [96] : 0x58 (88) [97] : 0x02 (2) [98] : 0x03 (3) [99] : 0x00 (0) [100] : 0x01 (1) [101] : 0x00 (0) [102] : 0x41 (65) [103] : 0x00 (0) [104] : 0x34 (52) [105] : 0x00 (0) [106] : 0x00 (0) [107] : 0x00 (0) [108] : 0x00 (0) [109] : 0x00 (0) [110] : 0x00 (0) [111] : 0x00 (0) [112] : 0x00 (0) [113] : 0x00 (0) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x00 (0) [120] : 0x00 (0) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x00 (0) [125] : 0x00 (0) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x00 (0) [132] : 0x00 (0) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0x00 (0) [137] : 0x00 (0) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x00 (0) [144] : 0x00 (0) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x00 (0) [149] : 0x00 (0) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x00 (0) [154] : 0x00 (0) [155] : 0x00 (0) [156] : 0x00 (0) [157] : 0x00 (0) [158] : 0x00 (0) [159] : 0x00 (0) [160] : 0x00 (0) [161] : 0x00 (0) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x00 (0) [168] : 0x00 (0) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x00 (0) [173] : 0x00 (0) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x00 (0) [178] : 0x00 (0) [179] : 0x00 (0) [180] : 0x01 (1) [181] : 0x00 (0) [182] : 0x00 (0) [183] : 0x00 (0) [184] : 0x00 (0) [185] : 0x00 (0) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x01 (1) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x00 (0) [192] : 0x02 (2) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x01 (1) [197] : 0x00 (0) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x00 (0) [202] : 0x00 (0) [203] : 0x00 (0) [204] : 0x00 (0) [205] : 0x00 (0) [206] : 0x00 (0) [207] : 0x00 (0) [208] : 0x00 (0) [209] : 0x00 (0) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x00 (0) [216] : 0x00 (0) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x50 (80) [221] : 0x52 (82) [222] : 0x49 (73) [223] : 0x56 (86) [224] : 0xe2 (226) [225] : 0x30 (48) [226] : 0x00 (0) [227] : 0x00 (0) [228] : 0x00 (0) [229] : 0x00 (0) [230] : 0x00 (0) [231] : 0x00 (0) [232] : 0x00 (0) [233] : 0x00 (0) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x00 (0) [240] : 0x00 (0) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x00 (0) [245] : 0x00 (0) [246] : 0x00 (0) [247] : 0x00 (0) [248] : 0x00 (0) [249] : 0x00 (0) [250] : 0x00 (0) [251] : 0x00 (0) [252] : 0x00 (0) [253] : 0x00 (0) [254] : 0x00 (0) [255] : 0x00 (0) [256] : 0x00 (0) [257] : 0x00 (0) [258] : 0x00 (0) [259] : 0x00 (0) [260] : 0x00 (0) [261] : 0x00 (0) [262] : 0x00 (0) [263] : 0x00 (0) [264] : 0x00 (0) [265] : 0x00 (0) [266] : 0x00 (0) [267] : 0x00 (0) [268] : 0x00 (0) [269] : 0x00 (0) [270] : 0x00 (0) [271] : 0x00 (0) [272] : 0x00 (0) [273] : 0x00 (0) [274] : 0x00 (0) [275] : 0x00 (0) [276] : 0x00 (0) [277] : 0x00 (0) [278] : 0x00 (0) [279] : 0x00 (0) [280] : 0x00 (0) [281] : 0x00 (0) [282] : 0x00 (0) [283] : 0x00 (0) [284] : 0x00 (0) [285] : 0x00 (0) [286] : 0x00 (0) [287] : 0x00 (0) [288] : 0x00 (0) [289] : 0x00 (0) [290] : 0x00 (0) [291] : 0x00 (0) [292] : 0x00 (0) [293] : 0x00 (0) [294] : 0x00 (0) [295] : 0x00 (0) [296] : 0x00 (0) [297] : 0x00 (0) [298] : 0x00 (0) [299] : 0x00 (0) [300] : 0x00 (0) [301] : 0x00 (0) [302] : 0x00 (0) [303] : 0x00 (0) [304] : 0x00 (0) [305] : 0x00 (0) [306] : 0x00 (0) [307] : 0x00 (0) [308] : 0x18 (24) [309] : 0x00 (0) [310] : 0x00 (0) [311] : 0x00 (0) [312] : 0x00 (0) [313] : 0x00 (0) [314] : 0x10 (16) [315] : 0x27 (39) [316] : 0x10 (16) [317] : 0x27 (39) [318] : 0x10 (16) [319] : 0x27 (39) [320] : 0x00 (0) [321] : 0x00 (0) [322] : 0x10 (16) [323] : 0x27 (39) [324] : 0x00 (0) [325] : 0x00 (0) [326] : 0x00 (0) [327] : 0x00 (0) [328] : 0x00 (0) [329] : 0x00 (0) [330] : 0x00 (0) [331] : 0x00 (0) [332] : 0x80 (128) [333] : 0x00 (0) [334] : 0x54 (84) [335] : 0x03 (3) [336] : 0x00 (0) [337] : 0x00 (0) [338] : 0x00 (0) [339] : 0x00 (0) [340] : 0x00 (0) [341] : 0x00 (0) [342] : 0x00 (0) [343] : 0x00 (0) [344] : 0x00 (0) [345] : 0x00 (0) [346] : 0x00 (0) [347] : 0x00 (0) [348] : 0x00 (0) [349] : 0x00 (0) [350] : 0x00 (0) [351] : 0x00 (0) [352] : 0x00 (0) [353] : 0x00 (0) [354] : 0x00 (0) [355] : 0x00 (0) [356] : 0x00 (0) [357] : 0x00 (0) [358] : 0x00 (0) [359] : 0x00 (0) [360] : 0x03 (3) [361] : 0x00 (0) [362] : 0x00 (0) [363] : 0x00 (0) [364] : 0x00 (0) [365] : 0x00 (0) [366] : 0x00 (0) [367] : 0x00 (0) [368] : 0x00 (0) [369] : 0x00 (0) [370] : 0x10 (16) [371] : 0x00 (0) [372] : 0x50 (80) [373] : 0x34 (52) [374] : 0x03 (3) [375] : 0x00 (0) [376] : 0x28 (40) [377] : 0x88 (136) [378] : 0x04 (4) [379] : 0x00 (0) [380] : 0x00 (0) [381] : 0x00 (0) [382] : 0x00 (0) [383] : 0x00 (0) [384] : 0x00 (0) [385] : 0x00 (0) [386] : 0x00 (0) [387] : 0x00 (0) [388] : 0x00 (0) [389] : 0x00 (0) [390] : 0x01 (1) [391] : 0x00 (0) [392] : 0x00 (0) [393] : 0x00 (0) [394] : 0x00 (0) [395] : 0x00 (0) [396] : 0x00 (0) [397] : 0x00 (0) [398] : 0x00 (0) [399] : 0x00 (0) [400] : 0x00 (0) [401] : 0x00 (0) [402] : 0x00 (0) [403] : 0x00 (0) [404] : 0x00 (0) [405] : 0x00 (0) [406] : 0x00 (0) [407] : 0x00 (0) [408] : 0x24 (36) [409] : 0x01 (1) [410] : 0xdf (223) [411] : 0x8c (140) [412] : 0x03 (3) [413] : 0x00 (0) [414] : 0x00 (0) [415] : 0x00 (0) [416] : 0x05 (5) [417] : 0x00 (0) [418] : 0x0b (11) [419] : 0x00 (0) [420] : 0xff (255) [421] : 0x00 (0) [422] : 0x00 (0) [423] : 0x00 (0) [424] : 0x00 (0) [425] : 0x00 (0) [426] : 0x00 (0) [427] : 0x00 (0) [428] : 0x00 (0) [429] : 0x00 (0) [430] : 0x00 (0) [431] : 0x00 (0) [432] : 0x00 (0) [433] : 0x00 (0) [434] : 0x00 (0) [435] : 0x00 (0) [436] : 0x00 (0) [437] : 0x00 (0) [438] : 0x00 (0) [439] : 0x00 (0) [440] : 0x00 (0) [441] : 0x00 (0) [442] : 0x00 (0) [443] : 0x00 (0) [444] : 0x00 (0) [445] : 0x00 (0) [446] : 0x00 (0) [447] : 0x00 (0) [448] : 0x00 (0) [449] : 0x00 (0) [450] : 0x00 (0) [451] : 0x00 (0) [452] : 0x00 (0) [453] : 0x00 (0) [454] : 0x00 (0) [455] : 0x00 (0) [456] : 0x00 (0) [457] : 0x00 (0) [458] : 0x00 (0) [459] : 0x00 (0) [460] : 0x00 (0) [461] : 0x00 (0) [462] : 0x00 (0) [463] : 0x00 (0) [464] : 0x00 (0) [465] : 0x00 (0) [466] : 0x00 (0) [467] : 0x00 (0) [468] : 0x00 (0) [469] : 0x00 (0) [470] : 0x00 (0) [471] : 0x00 (0) [472] : 0x00 (0) [473] : 0x00 (0) [474] : 0x00 (0) [475] : 0x00 (0) [476] : 0x00 (0) [477] : 0x00 (0) [478] : 0x00 (0) [479] : 0x00 (0) [480] : 0x00 (0) [481] : 0x00 (0) [482] : 0x00 (0) [483] : 0x00 (0) [484] : 0x00 (0) [485] : 0x00 (0) [486] : 0x00 (0) [487] : 0x00 (0) [488] : 0x00 (0) [489] : 0x00 (0) [490] : 0x00 (0) [491] : 0x00 (0) [492] : 0x00 (0) [493] : 0x00 (0) [494] : 0x00 (0) [495] : 0x00 (0) [496] : 0x00 (0) [497] : 0x00 (0) [498] : 0x00 (0) [499] : 0x00 (0) [500] : 0x00 (0) [501] : 0x00 (0) [502] : 0x00 (0) [503] : 0x00 (0) [504] : 0x00 (0) [505] : 0x00 (0) [506] : 0x00 (0) [507] : 0x00 (0) [508] : 0x00 (0) [509] : 0x00 (0) [510] : 0x00 (0) [511] : 0x00 (0) [512] : 0x00 (0) [513] : 0x00 (0) [514] : 0x00 (0) [515] : 0x00 (0) [516] : 0x00 (0) [517] : 0x00 (0) [518] : 0x00 (0) [519] : 0x00 (0) [520] : 0x00 (0) [521] : 0x00 (0) [522] : 0x00 (0) [523] : 0x00 (0) [524] : 0x00 (0) [525] : 0x00 (0) [526] : 0x00 (0) [527] : 0x00 (0) [528] : 0x00 (0) [529] : 0x00 (0) [530] : 0x00 (0) [531] : 0x00 (0) [532] : 0x00 (0) [533] : 0x00 (0) [534] : 0x00 (0) [535] : 0x00 (0) [536] : 0x00 (0) [537] : 0x00 (0) [538] : 0x00 (0) [539] : 0x00 (0) [540] : 0x00 (0) [541] : 0x00 (0) [542] : 0x00 (0) [543] : 0x00 (0) [544] : 0x00 (0) [545] : 0x00 (0) [546] : 0x00 (0) [547] : 0x00 (0) [548] : 0x00 (0) [549] : 0x00 (0) [550] : 0x00 (0) [551] : 0x00 (0) [552] : 0x00 (0) [553] : 0x00 (0) [554] : 0x00 (0) [555] : 0x00 (0) [556] : 0x00 (0) [557] : 0x00 (0) [558] : 0x00 (0) [559] : 0x00 (0) [560] : 0x00 (0) [561] : 0x00 (0) [562] : 0x00 (0) [563] : 0x00 (0) [564] : 0x00 (0) [565] : 0x00 (0) [566] : 0x00 (0) [567] : 0x00 (0) [568] : 0x00 (0) [569] : 0x00 (0) [570] : 0x00 (0) [571] : 0x00 (0) [572] : 0x00 (0) [573] : 0x00 (0) [574] : 0x00 (0) [575] : 0x00 (0) [576] : 0x00 (0) [577] : 0x00 (0) [578] : 0x00 (0) [579] : 0x00 (0) [580] : 0x00 (0) [581] : 0x00 (0) [582] : 0x00 (0) [583] : 0x00 (0) [584] : 0x00 (0) [585] : 0x00 (0) [586] : 0x00 (0) [587] : 0x00 (0) [588] : 0x00 (0) [589] : 0x00 (0) [590] : 0x00 (0) [591] : 0x00 (0) [592] : 0x00 (0) [593] : 0x00 (0) [594] : 0x00 (0) [595] : 0x00 (0) [596] : 0x00 (0) [597] : 0x00 (0) [598] : 0x00 (0) [599] : 0x00 (0) [600] : 0x00 (0) [601] : 0x00 (0) [602] : 0x00 (0) [603] : 0x00 (0) [604] : 0x00 (0) [605] : 0x00 (0) [606] : 0x00 (0) [607] : 0x00 (0) [608] : 0x00 (0) [609] : 0x00 (0) [610] : 0x00 (0) [611] : 0x00 (0) [612] : 0x00 (0) [613] : 0x00 (0) [614] : 0x00 (0) [615] : 0x00 (0) [616] : 0x00 (0) [617] : 0x00 (0) [618] : 0x00 (0) [619] : 0x00 (0) [620] : 0x00 (0) [621] : 0x00 (0) [622] : 0x00 (0) [623] : 0x00 (0) [624] : 0x00 (0) [625] : 0x00 (0) [626] : 0x00 (0) [627] : 0x00 (0) [628] : 0x00 (0) [629] : 0x00 (0) [630] : 0x00 (0) [631] : 0x00 (0) [632] : 0x00 (0) [633] : 0x00 (0) [634] : 0x00 (0) [635] : 0x00 (0) [636] : 0x00 (0) [637] : 0x00 (0) [638] : 0x00 (0) [639] : 0x00 (0) [640] : 0x00 (0) [641] : 0x00 (0) [642] : 0x00 (0) [643] : 0x00 (0) [644] : 0x00 (0) [645] : 0x00 (0) [646] : 0x00 (0) [647] : 0x00 (0) [648] : 0x00 (0) [649] : 0x00 (0) [650] : 0x00 (0) [651] : 0x00 (0) [652] : 0x00 (0) [653] : 0x00 (0) [654] : 0x00 (0) [655] : 0x00 (0) [656] : 0x00 (0) [657] : 0x00 (0) [658] : 0x00 (0) [659] : 0x00 (0) [660] : 0x00 (0) [661] : 0x00 (0) [662] : 0x00 (0) [663] : 0x00 (0) [664] : 0x00 (0) [665] : 0x00 (0) [666] : 0x00 (0) [667] : 0x00 (0) [668] : 0x00 (0) [669] : 0x00 (0) [670] : 0x00 (0) [671] : 0x00 (0) [672] : 0x00 (0) [673] : 0x00 (0) [674] : 0x00 (0) [675] : 0x00 (0) [676] : 0x00 (0) [677] : 0x00 (0) [678] : 0x00 (0) [679] : 0x00 (0) [680] : 0x00 (0) [681] : 0x00 (0) [682] : 0x00 (0) [683] : 0x00 (0) [684] : 0x00 (0) [685] : 0x00 (0) [686] : 0x00 (0) [687] : 0x00 (0) [688] : 0x00 (0) [689] : 0x00 (0) [690] : 0x00 (0) [691] : 0x00 (0) [692] : 0x00 (0) [693] : 0x00 (0) [694] : 0x00 (0) [695] : 0x00 (0) [696] : 0x00 (0) [697] : 0x00 (0) [698] : 0x00 (0) [699] : 0x00 (0) [700] : 0x00 (0) [701] : 0x00 (0) [702] : 0x00 (0) [703] : 0x00 (0) [704] : 0x00 (0) [705] : 0x00 (0) [706] : 0x00 (0) [707] : 0x00 (0) [708] : 0x00 (0) [709] : 0x00 (0) [710] : 0x00 (0) [711] : 0x00 (0) [712] : 0x00 (0) [713] : 0x00 (0) [714] : 0x00 (0) [715] : 0x00 (0) [716] : 0x00 (0) [717] : 0x00 (0) [718] : 0x00 (0) [719] : 0x00 (0) [720] : 0x00 (0) [721] : 0x00 (0) [722] : 0x00 (0) [723] : 0x00 (0) [724] : 0x00 (0) [725] : 0x00 (0) [726] : 0x00 (0) [727] : 0x00 (0) [728] : 0x00 (0) [729] : 0x00 (0) [730] : 0x00 (0) [731] : 0x00 (0) [732] : 0x00 (0) [733] : 0x00 (0) [734] : 0x00 (0) [735] : 0x00 (0) [736] : 0x00 (0) [737] : 0x00 (0) [738] : 0x00 (0) [739] : 0x00 (0) [740] : 0x00 (0) [741] : 0x00 (0) [742] : 0x00 (0) [743] : 0x00 (0) [744] : 0x00 (0) [745] : 0x00 (0) [746] : 0x00 (0) [747] : 0x00 (0) [748] : 0x00 (0) [749] : 0x00 (0) [750] : 0x00 (0) [751] : 0x00 (0) [752] : 0x00 (0) [753] : 0x00 (0) [754] : 0x00 (0) [755] : 0x00 (0) [756] : 0x00 (0) [757] : 0x00 (0) [758] : 0x00 (0) [759] : 0x00 (0) [760] : 0x00 (0) [761] : 0x00 (0) [762] : 0x00 (0) [763] : 0x00 (0) [764] : 0x00 (0) [765] : 0x00 (0) [766] : 0x00 (0) [767] : 0x00 (0) [768] : 0x00 (0) [769] : 0x00 (0) [770] : 0x00 (0) [771] : 0x00 (0) [772] : 0x00 (0) [773] : 0x00 (0) [774] : 0x00 (0) [775] : 0x00 (0) [776] : 0x00 (0) [777] : 0x00 (0) [778] : 0x00 (0) [779] : 0x00 (0) [780] : 0x00 (0) [781] : 0x00 (0) [782] : 0x00 (0) [783] : 0x00 (0) [784] : 0x00 (0) [785] : 0x00 (0) [786] : 0x00 (0) [787] : 0x00 (0) [788] : 0x00 (0) [789] : 0x00 (0) [790] : 0x00 (0) [791] : 0x00 (0) [792] : 0x00 (0) [793] : 0x00 (0) [794] : 0x00 (0) [795] : 0x00 (0) [796] : 0x00 (0) [797] : 0x00 (0) [798] : 0x00 (0) [799] : 0x00 (0) [800] : 0x00 (0) [801] : 0x00 (0) [802] : 0x00 (0) [803] : 0x00 (0) [804] : 0x00 (0) [805] : 0x00 (0) [806] : 0x00 (0) [807] : 0x00 (0) [808] : 0x00 (0) [809] : 0x00 (0) [810] : 0x00 (0) [811] : 0x00 (0) [812] : 0x00 (0) [813] : 0x00 (0) [814] : 0x00 (0) [815] : 0x00 (0) [816] : 0x00 (0) [817] : 0x00 (0) [818] : 0x00 (0) [819] : 0x00 (0) [820] : 0x00 (0) [821] : 0x00 (0) [822] : 0x00 (0) [823] : 0x00 (0) [824] : 0x00 (0) [825] : 0x00 (0) [826] : 0x00 (0) [827] : 0x00 (0) [828] : 0x00 (0) [829] : 0x00 (0) [830] : 0x00 (0) [831] : 0x00 (0) [832] : 0x00 (0) [833] : 0x00 (0) [834] : 0x00 (0) [835] : 0x00 (0) [836] : 0x00 (0) [837] : 0x00 (0) [838] : 0x00 (0) [839] : 0x00 (0) [840] : 0x00 (0) [841] : 0x00 (0) [842] : 0x00 (0) [843] : 0x00 (0) [844] : 0x00 (0) [845] : 0x00 (0) [846] : 0x00 (0) [847] : 0x00 (0) [848] : 0x00 (0) [849] : 0x00 (0) [850] : 0x00 (0) [851] : 0x00 (0) [852] : 0x00 (0) [853] : 0x00 (0) [854] : 0x00 (0) [855] : 0x00 (0) [856] : 0x00 (0) [857] : 0x00 (0) [858] : 0x00 (0) [859] : 0x00 (0) [860] : 0x00 (0) [861] : 0x00 (0) [862] : 0x00 (0) [863] : 0x00 (0) [864] : 0x00 (0) [865] : 0x00 (0) [866] : 0x00 (0) [867] : 0x00 (0) [868] : 0x00 (0) [869] : 0x00 (0) [870] : 0x00 (0) [871] : 0x00 (0) [872] : 0x00 (0) [873] : 0x00 (0) [874] : 0x00 (0) [875] : 0x00 (0) [876] : 0x00 (0) [877] : 0x00 (0) [878] : 0x00 (0) [879] : 0x00 (0) [880] : 0x00 (0) [881] : 0x00 (0) [882] : 0x00 (0) [883] : 0x00 (0) [884] : 0x00 (0) [885] : 0x00 (0) [886] : 0x00 (0) [887] : 0x00 (0) [888] : 0x00 (0) [889] : 0x00 (0) [890] : 0x00 (0) [891] : 0x00 (0) [892] : 0x00 (0) [893] : 0x00 (0) [894] : 0x00 (0) [895] : 0x00 (0) [896] : 0x00 (0) [897] : 0x00 (0) [898] : 0x00 (0) [899] : 0x00 (0) [900] : 0x00 (0) [901] : 0x00 (0) [902] : 0x00 (0) [903] : 0x00 (0) [904] : 0x00 (0) [905] : 0x00 (0) [906] : 0x00 (0) [907] : 0x00 (0) [908] : 0x00 (0) [909] : 0x00 (0) [910] : 0x00 (0) [911] : 0x00 (0) [912] : 0x00 (0) [913] : 0x00 (0) [914] : 0x00 (0) [915] : 0x00 (0) [916] : 0x00 (0) [917] : 0x00 (0) [918] : 0x00 (0) [919] : 0x00 (0) [920] : 0x00 (0) [921] : 0x00 (0) [922] : 0x00 (0) [923] : 0x00 (0) [924] : 0x00 (0) [925] : 0x00 (0) [926] : 0x00 (0) [927] : 0x00 (0) [928] : 0x01 (1) [929] : 0x00 (0) [930] : 0x00 (0) [931] : 0x00 (0) [932] : 0x00 (0) [933] : 0x00 (0) [934] : 0x00 (0) [935] : 0x00 (0) [936] : 0x00 (0) [937] : 0x00 (0) [938] : 0x00 (0) [939] : 0x00 (0) [940] : 0x00 (0) [941] : 0x00 (0) [942] : 0x00 (0) [943] : 0x00 (0) [944] : 0x80 (128) [945] : 0x00 (0) [946] : 0x00 (0) [947] : 0x00 (0) [948] : 0x53 (83) [949] : 0x4d (77) [950] : 0x54 (84) [951] : 0x4a (74) [952] : 0x00 (0) [953] : 0x00 (0) [954] : 0x00 (0) [955] : 0x00 (0) [956] : 0x10 (16) [957] : 0x00 (0) [958] : 0x70 (112) [959] : 0x00 (0) [960] : 0x49 (73) [961] : 0x00 (0) [962] : 0x53 (83) [963] : 0x00 (0) [964] : 0x65 (101) [965] : 0x00 (0) [966] : 0x72 (114) [967] : 0x00 (0) [968] : 0x76 (118) [969] : 0x00 (0) [970] : 0x20 (32) [971] : 0x00 (0) [972] : 0x50 (80) [973] : 0x00 (0) [974] : 0x72 (114) [975] : 0x00 (0) [976] : 0x69 (105) [977] : 0x00 (0) [978] : 0x6e (110) [979] : 0x00 (0) [980] : 0x74 (116) [981] : 0x00 (0) [982] : 0x20 (32) [983] : 0x00 (0) [984] : 0x44 (68) [985] : 0x00 (0) [986] : 0x72 (114) [987] : 0x00 (0) [988] : 0x69 (105) [989] : 0x00 (0) [990] : 0x76 (118) [991] : 0x00 (0) [992] : 0x65 (101) [993] : 0x00 (0) [994] : 0x72 (114) [995] : 0x00 (0) [996] : 0x00 (0) [997] : 0x00 (0) [998] : 0x52 (82) [999] : 0x65 (101) [1000] : 0x73 (115) [1001] : 0x6f (111) [1002] : 0x6c (108) [1003] : 0x75 (117) [1004] : 0x74 (116) [1005] : 0x69 (105) [1006] : 0x6f (111) [1007] : 0x6e (110) [1008] : 0x00 (0) [1009] : 0x36 (54) [1010] : 0x30 (48) [1011] : 0x30 (48) [1012] : 0x64 (100) [1013] : 0x70 (112) [1014] : 0x69 (105) [1015] : 0x00 (0) [1016] : 0x50 (80) [1017] : 0x61 (97) [1018] : 0x67 (103) [1019] : 0x65 (101) [1020] : 0x53 (83) [1021] : 0x69 (105) [1022] : 0x7a (122) [1023] : 0x65 (101) [1024] : 0x00 (0) [1025] : 0x41 (65) [1026] : 0x34 (52) [1027] : 0x00 (0) [1028] : 0x50 (80) [1029] : 0x61 (97) [1030] : 0x67 (103) [1031] : 0x65 (101) [1032] : 0x52 (82) [1033] : 0x65 (101) [1034] : 0x67 (103) [1035] : 0x69 (105) [1036] : 0x6f (111) [1037] : 0x6e (110) [1038] : 0x00 (0) [1039] : 0x00 (0) [1040] : 0x00 (0) [1041] : 0x00 (0) [1042] : 0x00 (0) [1043] : 0x00 (0) [1044] : 0x00 (0) [1045] : 0x00 (0) [1046] : 0x00 (0) [1047] : 0x00 (0) [1048] : 0x00 (0) [1049] : 0x00 (0) [1050] : 0x00 (0) [1051] : 0x00 (0) [1052] : 0x00 (0) [1053] : 0x00 (0) [1054] : 0x00 (0) [1055] : 0x00 (0) [1056] : 0x00 (0) [1057] : 0x00 (0) [1058] : 0x00 (0) [1059] : 0x00 (0) [1060] : 0x00 (0) [1061] : 0x00 (0) [1062] : 0x00 (0) [1063] : 0x00 (0) [1064] : 0x00 (0) [1065] : 0x00 (0) [1066] : 0x00 (0) [1067] : 0x00 (0) [1068] : 0x00 (0) [1069] : 0x00 (0) [1070] : 0x00 (0) [1071] : 0x00 (0) size : * size : 0x00000430 (1072) length : * length : 0x00000430 (1072) result : WERR_OK [2016/11/10 14:56:30.713151, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002a-0000-0000-2458-8e7c274a0000 enum_index : 0x00000012 (18) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.713246, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2A 00 00 00 00 00 00 00 24 58 8E 7C ....*... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.713272, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.713284, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0xc7 (199) [1] : 0xe5 (229) [2] : 0x03 (3) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2016/11/10 14:56:30.713397, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002a-0000-0000-2458-8e7c274a0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2016/11/10 14:56:30.713469, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2A 00 00 00 00 00 00 00 24 58 8E 7C ....*... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.713493, 7, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.713503, 7, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/11/10 14:56:30.713520, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x00000430 (1072) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2016/11/10 14:56:30.713589, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002a-0000-0000-2458-8e7c274a0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x00000430 (1072) data_length : * data_length : 0x00000000 (0) [2016/11/10 14:56:30.713690, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2A 00 00 00 00 00 00 00 24 58 8E 7C ....*... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.713727, 7, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.713741, 7, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/11/10 14:56:30.713759, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(1072) [0] : 0x5c (92) [1] : 0x00 (0) [2] : 0x5c (92) [3] : 0x00 (0) [4] : 0x69 (105) [5] : 0x00 (0) [6] : 0x73 (115) [7] : 0x00 (0) [8] : 0x65 (101) [9] : 0x00 (0) [10] : 0x72 (114) [11] : 0x00 (0) [12] : 0x76 (118) [13] : 0x00 (0) [14] : 0x5c (92) [15] : 0x00 (0) [16] : 0x78 (120) [17] : 0x00 (0) [18] : 0x79 (121) [19] : 0x00 (0) [20] : 0x7a (122) [21] : 0x00 (0) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x00 (0) [28] : 0x00 (0) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x00 (0) [33] : 0x00 (0) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x00 (0) [44] : 0x00 (0) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x00 (0) [49] : 0x00 (0) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x00 (0) [53] : 0x00 (0) [54] : 0x00 (0) [55] : 0x00 (0) [56] : 0x00 (0) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x00 (0) [62] : 0x00 (0) [63] : 0x00 (0) [64] : 0x01 (1) [65] : 0x04 (4) [66] : 0x00 (0) [67] : 0x06 (6) [68] : 0xdc (220) [69] : 0x00 (0) [70] : 0x54 (84) [71] : 0x03 (3) [72] : 0x53 (83) [73] : 0xef (239) [74] : 0x81 (129) [75] : 0x01 (1) [76] : 0x01 (1) [77] : 0x00 (0) [78] : 0x09 (9) [79] : 0x00 (0) [80] : 0xea (234) [81] : 0x0a (10) [82] : 0x6f (111) [83] : 0x08 (8) [84] : 0x64 (100) [85] : 0x00 (0) [86] : 0x01 (1) [87] : 0x00 (0) [88] : 0x0f (15) [89] : 0x00 (0) [90] : 0x58 (88) [91] : 0x02 (2) [92] : 0x02 (2) [93] : 0x00 (0) [94] : 0x01 (1) [95] : 0x00 (0) [96] : 0x58 (88) [97] : 0x02 (2) [98] : 0x03 (3) [99] : 0x00 (0) [100] : 0x01 (1) [101] : 0x00 (0) [102] : 0x41 (65) [103] : 0x00 (0) [104] : 0x34 (52) [105] : 0x00 (0) [106] : 0x00 (0) [107] : 0x00 (0) [108] : 0x00 (0) [109] : 0x00 (0) [110] : 0x00 (0) [111] : 0x00 (0) [112] : 0x00 (0) [113] : 0x00 (0) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x00 (0) [120] : 0x00 (0) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x00 (0) [125] : 0x00 (0) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x00 (0) [132] : 0x00 (0) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0x00 (0) [137] : 0x00 (0) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x00 (0) [144] : 0x00 (0) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x00 (0) [149] : 0x00 (0) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x00 (0) [154] : 0x00 (0) [155] : 0x00 (0) [156] : 0x00 (0) [157] : 0x00 (0) [158] : 0x00 (0) [159] : 0x00 (0) [160] : 0x00 (0) [161] : 0x00 (0) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x00 (0) [168] : 0x00 (0) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x00 (0) [173] : 0x00 (0) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x00 (0) [178] : 0x00 (0) [179] : 0x00 (0) [180] : 0x01 (1) [181] : 0x00 (0) [182] : 0x00 (0) [183] : 0x00 (0) [184] : 0x00 (0) [185] : 0x00 (0) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x01 (1) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x00 (0) [192] : 0x02 (2) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x01 (1) [197] : 0x00 (0) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x00 (0) [202] : 0x00 (0) [203] : 0x00 (0) [204] : 0x00 (0) [205] : 0x00 (0) [206] : 0x00 (0) [207] : 0x00 (0) [208] : 0x00 (0) [209] : 0x00 (0) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x00 (0) [216] : 0x00 (0) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x50 (80) [221] : 0x52 (82) [222] : 0x49 (73) [223] : 0x56 (86) [224] : 0xe2 (226) [225] : 0x30 (48) [226] : 0x00 (0) [227] : 0x00 (0) [228] : 0x00 (0) [229] : 0x00 (0) [230] : 0x00 (0) [231] : 0x00 (0) [232] : 0x00 (0) [233] : 0x00 (0) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x00 (0) [240] : 0x00 (0) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x00 (0) [245] : 0x00 (0) [246] : 0x00 (0) [247] : 0x00 (0) [248] : 0x00 (0) [249] : 0x00 (0) [250] : 0x00 (0) [251] : 0x00 (0) [252] : 0x00 (0) [253] : 0x00 (0) [254] : 0x00 (0) [255] : 0x00 (0) [256] : 0x00 (0) [257] : 0x00 (0) [258] : 0x00 (0) [259] : 0x00 (0) [260] : 0x00 (0) [261] : 0x00 (0) [262] : 0x00 (0) [263] : 0x00 (0) [264] : 0x00 (0) [265] : 0x00 (0) [266] : 0x00 (0) [267] : 0x00 (0) [268] : 0x00 (0) [269] : 0x00 (0) [270] : 0x00 (0) [271] : 0x00 (0) [272] : 0x00 (0) [273] : 0x00 (0) [274] : 0x00 (0) [275] : 0x00 (0) [276] : 0x00 (0) [277] : 0x00 (0) [278] : 0x00 (0) [279] : 0x00 (0) [280] : 0x00 (0) [281] : 0x00 (0) [282] : 0x00 (0) [283] : 0x00 (0) [284] : 0x00 (0) [285] : 0x00 (0) [286] : 0x00 (0) [287] : 0x00 (0) [288] : 0x00 (0) [289] : 0x00 (0) [290] : 0x00 (0) [291] : 0x00 (0) [292] : 0x00 (0) [293] : 0x00 (0) [294] : 0x00 (0) [295] : 0x00 (0) [296] : 0x00 (0) [297] : 0x00 (0) [298] : 0x00 (0) [299] : 0x00 (0) [300] : 0x00 (0) [301] : 0x00 (0) [302] : 0x00 (0) [303] : 0x00 (0) [304] : 0x00 (0) [305] : 0x00 (0) [306] : 0x00 (0) [307] : 0x00 (0) [308] : 0x18 (24) [309] : 0x00 (0) [310] : 0x00 (0) [311] : 0x00 (0) [312] : 0x00 (0) [313] : 0x00 (0) [314] : 0x10 (16) [315] : 0x27 (39) [316] : 0x10 (16) [317] : 0x27 (39) [318] : 0x10 (16) [319] : 0x27 (39) [320] : 0x00 (0) [321] : 0x00 (0) [322] : 0x10 (16) [323] : 0x27 (39) [324] : 0x00 (0) [325] : 0x00 (0) [326] : 0x00 (0) [327] : 0x00 (0) [328] : 0x00 (0) [329] : 0x00 (0) [330] : 0x00 (0) [331] : 0x00 (0) [332] : 0x80 (128) [333] : 0x00 (0) [334] : 0x54 (84) [335] : 0x03 (3) [336] : 0x00 (0) [337] : 0x00 (0) [338] : 0x00 (0) [339] : 0x00 (0) [340] : 0x00 (0) [341] : 0x00 (0) [342] : 0x00 (0) [343] : 0x00 (0) [344] : 0x00 (0) [345] : 0x00 (0) [346] : 0x00 (0) [347] : 0x00 (0) [348] : 0x00 (0) [349] : 0x00 (0) [350] : 0x00 (0) [351] : 0x00 (0) [352] : 0x00 (0) [353] : 0x00 (0) [354] : 0x00 (0) [355] : 0x00 (0) [356] : 0x00 (0) [357] : 0x00 (0) [358] : 0x00 (0) [359] : 0x00 (0) [360] : 0x03 (3) [361] : 0x00 (0) [362] : 0x00 (0) [363] : 0x00 (0) [364] : 0x00 (0) [365] : 0x00 (0) [366] : 0x00 (0) [367] : 0x00 (0) [368] : 0x00 (0) [369] : 0x00 (0) [370] : 0x10 (16) [371] : 0x00 (0) [372] : 0x50 (80) [373] : 0x34 (52) [374] : 0x03 (3) [375] : 0x00 (0) [376] : 0x28 (40) [377] : 0x88 (136) [378] : 0x04 (4) [379] : 0x00 (0) [380] : 0x00 (0) [381] : 0x00 (0) [382] : 0x00 (0) [383] : 0x00 (0) [384] : 0x00 (0) [385] : 0x00 (0) [386] : 0x00 (0) [387] : 0x00 (0) [388] : 0x00 (0) [389] : 0x00 (0) [390] : 0x01 (1) [391] : 0x00 (0) [392] : 0x00 (0) [393] : 0x00 (0) [394] : 0x00 (0) [395] : 0x00 (0) [396] : 0x00 (0) [397] : 0x00 (0) [398] : 0x00 (0) [399] : 0x00 (0) [400] : 0x00 (0) [401] : 0x00 (0) [402] : 0x00 (0) [403] : 0x00 (0) [404] : 0x00 (0) [405] : 0x00 (0) [406] : 0x00 (0) [407] : 0x00 (0) [408] : 0x24 (36) [409] : 0x01 (1) [410] : 0xdf (223) [411] : 0x8c (140) [412] : 0x03 (3) [413] : 0x00 (0) [414] : 0x00 (0) [415] : 0x00 (0) [416] : 0x05 (5) [417] : 0x00 (0) [418] : 0x0b (11) [419] : 0x00 (0) [420] : 0xff (255) [421] : 0x00 (0) [422] : 0x00 (0) [423] : 0x00 (0) [424] : 0x00 (0) [425] : 0x00 (0) [426] : 0x00 (0) [427] : 0x00 (0) [428] : 0x00 (0) [429] : 0x00 (0) [430] : 0x00 (0) [431] : 0x00 (0) [432] : 0x00 (0) [433] : 0x00 (0) [434] : 0x00 (0) [435] : 0x00 (0) [436] : 0x00 (0) [437] : 0x00 (0) [438] : 0x00 (0) [439] : 0x00 (0) [440] : 0x00 (0) [441] : 0x00 (0) [442] : 0x00 (0) [443] : 0x00 (0) [444] : 0x00 (0) [445] : 0x00 (0) [446] : 0x00 (0) [447] : 0x00 (0) [448] : 0x00 (0) [449] : 0x00 (0) [450] : 0x00 (0) [451] : 0x00 (0) [452] : 0x00 (0) [453] : 0x00 (0) [454] : 0x00 (0) [455] : 0x00 (0) [456] : 0x00 (0) [457] : 0x00 (0) [458] : 0x00 (0) [459] : 0x00 (0) [460] : 0x00 (0) [461] : 0x00 (0) [462] : 0x00 (0) [463] : 0x00 (0) [464] : 0x00 (0) [465] : 0x00 (0) [466] : 0x00 (0) [467] : 0x00 (0) [468] : 0x00 (0) [469] : 0x00 (0) [470] : 0x00 (0) [471] : 0x00 (0) [472] : 0x00 (0) [473] : 0x00 (0) [474] : 0x00 (0) [475] : 0x00 (0) [476] : 0x00 (0) [477] : 0x00 (0) [478] : 0x00 (0) [479] : 0x00 (0) [480] : 0x00 (0) [481] : 0x00 (0) [482] : 0x00 (0) [483] : 0x00 (0) [484] : 0x00 (0) [485] : 0x00 (0) [486] : 0x00 (0) [487] : 0x00 (0) [488] : 0x00 (0) [489] : 0x00 (0) [490] : 0x00 (0) [491] : 0x00 (0) [492] : 0x00 (0) [493] : 0x00 (0) [494] : 0x00 (0) [495] : 0x00 (0) [496] : 0x00 (0) [497] : 0x00 (0) [498] : 0x00 (0) [499] : 0x00 (0) [500] : 0x00 (0) [501] : 0x00 (0) [502] : 0x00 (0) [503] : 0x00 (0) [504] : 0x00 (0) [505] : 0x00 (0) [506] : 0x00 (0) [507] : 0x00 (0) [508] : 0x00 (0) [509] : 0x00 (0) [510] : 0x00 (0) [511] : 0x00 (0) [512] : 0x00 (0) [513] : 0x00 (0) [514] : 0x00 (0) [515] : 0x00 (0) [516] : 0x00 (0) [517] : 0x00 (0) [518] : 0x00 (0) [519] : 0x00 (0) [520] : 0x00 (0) [521] : 0x00 (0) [522] : 0x00 (0) [523] : 0x00 (0) [524] : 0x00 (0) [525] : 0x00 (0) [526] : 0x00 (0) [527] : 0x00 (0) [528] : 0x00 (0) [529] : 0x00 (0) [530] : 0x00 (0) [531] : 0x00 (0) [532] : 0x00 (0) [533] : 0x00 (0) [534] : 0x00 (0) [535] : 0x00 (0) [536] : 0x00 (0) [537] : 0x00 (0) [538] : 0x00 (0) [539] : 0x00 (0) [540] : 0x00 (0) [541] : 0x00 (0) [542] : 0x00 (0) [543] : 0x00 (0) [544] : 0x00 (0) [545] : 0x00 (0) [546] : 0x00 (0) [547] : 0x00 (0) [548] : 0x00 (0) [549] : 0x00 (0) [550] : 0x00 (0) [551] : 0x00 (0) [552] : 0x00 (0) [553] : 0x00 (0) [554] : 0x00 (0) [555] : 0x00 (0) [556] : 0x00 (0) [557] : 0x00 (0) [558] : 0x00 (0) [559] : 0x00 (0) [560] : 0x00 (0) [561] : 0x00 (0) [562] : 0x00 (0) [563] : 0x00 (0) [564] : 0x00 (0) [565] : 0x00 (0) [566] : 0x00 (0) [567] : 0x00 (0) [568] : 0x00 (0) [569] : 0x00 (0) [570] : 0x00 (0) [571] : 0x00 (0) [572] : 0x00 (0) [573] : 0x00 (0) [574] : 0x00 (0) [575] : 0x00 (0) [576] : 0x00 (0) [577] : 0x00 (0) [578] : 0x00 (0) [579] : 0x00 (0) [580] : 0x00 (0) [581] : 0x00 (0) [582] : 0x00 (0) [583] : 0x00 (0) [584] : 0x00 (0) [585] : 0x00 (0) [586] : 0x00 (0) [587] : 0x00 (0) [588] : 0x00 (0) [589] : 0x00 (0) [590] : 0x00 (0) [591] : 0x00 (0) [592] : 0x00 (0) [593] : 0x00 (0) [594] : 0x00 (0) [595] : 0x00 (0) [596] : 0x00 (0) [597] : 0x00 (0) [598] : 0x00 (0) [599] : 0x00 (0) [600] : 0x00 (0) [601] : 0x00 (0) [602] : 0x00 (0) [603] : 0x00 (0) [604] : 0x00 (0) [605] : 0x00 (0) [606] : 0x00 (0) [607] : 0x00 (0) [608] : 0x00 (0) [609] : 0x00 (0) [610] : 0x00 (0) [611] : 0x00 (0) [612] : 0x00 (0) [613] : 0x00 (0) [614] : 0x00 (0) [615] : 0x00 (0) [616] : 0x00 (0) [617] : 0x00 (0) [618] : 0x00 (0) [619] : 0x00 (0) [620] : 0x00 (0) [621] : 0x00 (0) [622] : 0x00 (0) [623] : 0x00 (0) [624] : 0x00 (0) [625] : 0x00 (0) [626] : 0x00 (0) [627] : 0x00 (0) [628] : 0x00 (0) [629] : 0x00 (0) [630] : 0x00 (0) [631] : 0x00 (0) [632] : 0x00 (0) [633] : 0x00 (0) [634] : 0x00 (0) [635] : 0x00 (0) [636] : 0x00 (0) [637] : 0x00 (0) [638] : 0x00 (0) [639] : 0x00 (0) [640] : 0x00 (0) [641] : 0x00 (0) [642] : 0x00 (0) [643] : 0x00 (0) [644] : 0x00 (0) [645] : 0x00 (0) [646] : 0x00 (0) [647] : 0x00 (0) [648] : 0x00 (0) [649] : 0x00 (0) [650] : 0x00 (0) [651] : 0x00 (0) [652] : 0x00 (0) [653] : 0x00 (0) [654] : 0x00 (0) [655] : 0x00 (0) [656] : 0x00 (0) [657] : 0x00 (0) [658] : 0x00 (0) [659] : 0x00 (0) [660] : 0x00 (0) [661] : 0x00 (0) [662] : 0x00 (0) [663] : 0x00 (0) [664] : 0x00 (0) [665] : 0x00 (0) [666] : 0x00 (0) [667] : 0x00 (0) [668] : 0x00 (0) [669] : 0x00 (0) [670] : 0x00 (0) [671] : 0x00 (0) [672] : 0x00 (0) [673] : 0x00 (0) [674] : 0x00 (0) [675] : 0x00 (0) [676] : 0x00 (0) [677] : 0x00 (0) [678] : 0x00 (0) [679] : 0x00 (0) [680] : 0x00 (0) [681] : 0x00 (0) [682] : 0x00 (0) [683] : 0x00 (0) [684] : 0x00 (0) [685] : 0x00 (0) [686] : 0x00 (0) [687] : 0x00 (0) [688] : 0x00 (0) [689] : 0x00 (0) [690] : 0x00 (0) [691] : 0x00 (0) [692] : 0x00 (0) [693] : 0x00 (0) [694] : 0x00 (0) [695] : 0x00 (0) [696] : 0x00 (0) [697] : 0x00 (0) [698] : 0x00 (0) [699] : 0x00 (0) [700] : 0x00 (0) [701] : 0x00 (0) [702] : 0x00 (0) [703] : 0x00 (0) [704] : 0x00 (0) [705] : 0x00 (0) [706] : 0x00 (0) [707] : 0x00 (0) [708] : 0x00 (0) [709] : 0x00 (0) [710] : 0x00 (0) [711] : 0x00 (0) [712] : 0x00 (0) [713] : 0x00 (0) [714] : 0x00 (0) [715] : 0x00 (0) [716] : 0x00 (0) [717] : 0x00 (0) [718] : 0x00 (0) [719] : 0x00 (0) [720] : 0x00 (0) [721] : 0x00 (0) [722] : 0x00 (0) [723] : 0x00 (0) [724] : 0x00 (0) [725] : 0x00 (0) [726] : 0x00 (0) [727] : 0x00 (0) [728] : 0x00 (0) [729] : 0x00 (0) [730] : 0x00 (0) [731] : 0x00 (0) [732] : 0x00 (0) [733] : 0x00 (0) [734] : 0x00 (0) [735] : 0x00 (0) [736] : 0x00 (0) [737] : 0x00 (0) [738] : 0x00 (0) [739] : 0x00 (0) [740] : 0x00 (0) [741] : 0x00 (0) [742] : 0x00 (0) [743] : 0x00 (0) [744] : 0x00 (0) [745] : 0x00 (0) [746] : 0x00 (0) [747] : 0x00 (0) [748] : 0x00 (0) [749] : 0x00 (0) [750] : 0x00 (0) [751] : 0x00 (0) [752] : 0x00 (0) [753] : 0x00 (0) [754] : 0x00 (0) [755] : 0x00 (0) [756] : 0x00 (0) [757] : 0x00 (0) [758] : 0x00 (0) [759] : 0x00 (0) [760] : 0x00 (0) [761] : 0x00 (0) [762] : 0x00 (0) [763] : 0x00 (0) [764] : 0x00 (0) [765] : 0x00 (0) [766] : 0x00 (0) [767] : 0x00 (0) [768] : 0x00 (0) [769] : 0x00 (0) [770] : 0x00 (0) [771] : 0x00 (0) [772] : 0x00 (0) [773] : 0x00 (0) [774] : 0x00 (0) [775] : 0x00 (0) [776] : 0x00 (0) [777] : 0x00 (0) [778] : 0x00 (0) [779] : 0x00 (0) [780] : 0x00 (0) [781] : 0x00 (0) [782] : 0x00 (0) [783] : 0x00 (0) [784] : 0x00 (0) [785] : 0x00 (0) [786] : 0x00 (0) [787] : 0x00 (0) [788] : 0x00 (0) [789] : 0x00 (0) [790] : 0x00 (0) [791] : 0x00 (0) [792] : 0x00 (0) [793] : 0x00 (0) [794] : 0x00 (0) [795] : 0x00 (0) [796] : 0x00 (0) [797] : 0x00 (0) [798] : 0x00 (0) [799] : 0x00 (0) [800] : 0x00 (0) [801] : 0x00 (0) [802] : 0x00 (0) [803] : 0x00 (0) [804] : 0x00 (0) [805] : 0x00 (0) [806] : 0x00 (0) [807] : 0x00 (0) [808] : 0x00 (0) [809] : 0x00 (0) [810] : 0x00 (0) [811] : 0x00 (0) [812] : 0x00 (0) [813] : 0x00 (0) [814] : 0x00 (0) [815] : 0x00 (0) [816] : 0x00 (0) [817] : 0x00 (0) [818] : 0x00 (0) [819] : 0x00 (0) [820] : 0x00 (0) [821] : 0x00 (0) [822] : 0x00 (0) [823] : 0x00 (0) [824] : 0x00 (0) [825] : 0x00 (0) [826] : 0x00 (0) [827] : 0x00 (0) [828] : 0x00 (0) [829] : 0x00 (0) [830] : 0x00 (0) [831] : 0x00 (0) [832] : 0x00 (0) [833] : 0x00 (0) [834] : 0x00 (0) [835] : 0x00 (0) [836] : 0x00 (0) [837] : 0x00 (0) [838] : 0x00 (0) [839] : 0x00 (0) [840] : 0x00 (0) [841] : 0x00 (0) [842] : 0x00 (0) [843] : 0x00 (0) [844] : 0x00 (0) [845] : 0x00 (0) [846] : 0x00 (0) [847] : 0x00 (0) [848] : 0x00 (0) [849] : 0x00 (0) [850] : 0x00 (0) [851] : 0x00 (0) [852] : 0x00 (0) [853] : 0x00 (0) [854] : 0x00 (0) [855] : 0x00 (0) [856] : 0x00 (0) [857] : 0x00 (0) [858] : 0x00 (0) [859] : 0x00 (0) [860] : 0x00 (0) [861] : 0x00 (0) [862] : 0x00 (0) [863] : 0x00 (0) [864] : 0x00 (0) [865] : 0x00 (0) [866] : 0x00 (0) [867] : 0x00 (0) [868] : 0x00 (0) [869] : 0x00 (0) [870] : 0x00 (0) [871] : 0x00 (0) [872] : 0x00 (0) [873] : 0x00 (0) [874] : 0x00 (0) [875] : 0x00 (0) [876] : 0x00 (0) [877] : 0x00 (0) [878] : 0x00 (0) [879] : 0x00 (0) [880] : 0x00 (0) [881] : 0x00 (0) [882] : 0x00 (0) [883] : 0x00 (0) [884] : 0x00 (0) [885] : 0x00 (0) [886] : 0x00 (0) [887] : 0x00 (0) [888] : 0x00 (0) [889] : 0x00 (0) [890] : 0x00 (0) [891] : 0x00 (0) [892] : 0x00 (0) [893] : 0x00 (0) [894] : 0x00 (0) [895] : 0x00 (0) [896] : 0x00 (0) [897] : 0x00 (0) [898] : 0x00 (0) [899] : 0x00 (0) [900] : 0x00 (0) [901] : 0x00 (0) [902] : 0x00 (0) [903] : 0x00 (0) [904] : 0x00 (0) [905] : 0x00 (0) [906] : 0x00 (0) [907] : 0x00 (0) [908] : 0x00 (0) [909] : 0x00 (0) [910] : 0x00 (0) [911] : 0x00 (0) [912] : 0x00 (0) [913] : 0x00 (0) [914] : 0x00 (0) [915] : 0x00 (0) [916] : 0x00 (0) [917] : 0x00 (0) [918] : 0x00 (0) [919] : 0x00 (0) [920] : 0x00 (0) [921] : 0x00 (0) [922] : 0x00 (0) [923] : 0x00 (0) [924] : 0x00 (0) [925] : 0x00 (0) [926] : 0x00 (0) [927] : 0x00 (0) [928] : 0x01 (1) [929] : 0x00 (0) [930] : 0x00 (0) [931] : 0x00 (0) [932] : 0x00 (0) [933] : 0x00 (0) [934] : 0x00 (0) [935] : 0x00 (0) [936] : 0x00 (0) [937] : 0x00 (0) [938] : 0x00 (0) [939] : 0x00 (0) [940] : 0x00 (0) [941] : 0x00 (0) [942] : 0x00 (0) [943] : 0x00 (0) [944] : 0x80 (128) [945] : 0x00 (0) [946] : 0x00 (0) [947] : 0x00 (0) [948] : 0x53 (83) [949] : 0x4d (77) [950] : 0x54 (84) [951] : 0x4a (74) [952] : 0x00 (0) [953] : 0x00 (0) [954] : 0x00 (0) [955] : 0x00 (0) [956] : 0x10 (16) [957] : 0x00 (0) [958] : 0x70 (112) [959] : 0x00 (0) [960] : 0x49 (73) [961] : 0x00 (0) [962] : 0x53 (83) [963] : 0x00 (0) [964] : 0x65 (101) [965] : 0x00 (0) [966] : 0x72 (114) [967] : 0x00 (0) [968] : 0x76 (118) [969] : 0x00 (0) [970] : 0x20 (32) [971] : 0x00 (0) [972] : 0x50 (80) [973] : 0x00 (0) [974] : 0x72 (114) [975] : 0x00 (0) [976] : 0x69 (105) [977] : 0x00 (0) [978] : 0x6e (110) [979] : 0x00 (0) [980] : 0x74 (116) [981] : 0x00 (0) [982] : 0x20 (32) [983] : 0x00 (0) [984] : 0x44 (68) [985] : 0x00 (0) [986] : 0x72 (114) [987] : 0x00 (0) [988] : 0x69 (105) [989] : 0x00 (0) [990] : 0x76 (118) [991] : 0x00 (0) [992] : 0x65 (101) [993] : 0x00 (0) [994] : 0x72 (114) [995] : 0x00 (0) [996] : 0x00 (0) [997] : 0x00 (0) [998] : 0x52 (82) [999] : 0x65 (101) [1000] : 0x73 (115) [1001] : 0x6f (111) [1002] : 0x6c (108) [1003] : 0x75 (117) [1004] : 0x74 (116) [1005] : 0x69 (105) [1006] : 0x6f (111) [1007] : 0x6e (110) [1008] : 0x00 (0) [1009] : 0x36 (54) [1010] : 0x30 (48) [1011] : 0x30 (48) [1012] : 0x64 (100) [1013] : 0x70 (112) [1014] : 0x69 (105) [1015] : 0x00 (0) [1016] : 0x50 (80) [1017] : 0x61 (97) [1018] : 0x67 (103) [1019] : 0x65 (101) [1020] : 0x53 (83) [1021] : 0x69 (105) [1022] : 0x7a (122) [1023] : 0x65 (101) [1024] : 0x00 (0) [1025] : 0x41 (65) [1026] : 0x34 (52) [1027] : 0x00 (0) [1028] : 0x50 (80) [1029] : 0x61 (97) [1030] : 0x67 (103) [1031] : 0x65 (101) [1032] : 0x52 (82) [1033] : 0x65 (101) [1034] : 0x67 (103) [1035] : 0x69 (105) [1036] : 0x6f (111) [1037] : 0x6e (110) [1038] : 0x00 (0) [1039] : 0x00 (0) [1040] : 0x00 (0) [1041] : 0x00 (0) [1042] : 0x00 (0) [1043] : 0x00 (0) [1044] : 0x00 (0) [1045] : 0x00 (0) [1046] : 0x00 (0) [1047] : 0x00 (0) [1048] : 0x00 (0) [1049] : 0x00 (0) [1050] : 0x00 (0) [1051] : 0x00 (0) [1052] : 0x00 (0) [1053] : 0x00 (0) [1054] : 0x00 (0) [1055] : 0x00 (0) [1056] : 0x00 (0) [1057] : 0x00 (0) [1058] : 0x00 (0) [1059] : 0x00 (0) [1060] : 0x00 (0) [1061] : 0x00 (0) [1062] : 0x00 (0) [1063] : 0x00 (0) [1064] : 0x00 (0) [1065] : 0x00 (0) [1066] : 0x00 (0) [1067] : 0x00 (0) [1068] : 0x00 (0) [1069] : 0x00 (0) [1070] : 0x00 (0) [1071] : 0x00 (0) data_size : * data_size : 0x00000430 (1072) data_length : * data_length : 0x00000430 (1072) result : WERR_OK [2016/11/10 14:56:30.717715, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/11/10 14:56:30.717764, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/11/10 14:56:30.717775, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/11/10 14:56:30.717786, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/11/10 14:56:30.717796, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/11/10 14:56:30.717806, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.717815, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM] [2016/11/10 14:56:30.717845, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 2B 00 00 00 00 00 00 00 24 58 8E 7C ....+... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.717871, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002b-0000-0000-2458-8e7c274a0000 result : WERR_OK [2016/11/10 14:56:30.717913, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002b-0000-0000-2458-8e7c274a0000 keyname: struct winreg_String name_len : 0x00a6 (166) name_size : 0x00a6 (166) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/11/10 14:56:30.718005, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2B 00 00 00 00 00 00 00 24 58 8E 7C ....+... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.718031, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/11/10 14:56:30.718041, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (3->4) [2016/11/10 14:56:30.718051, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/11/10 14:56:30.718060, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/11/10 14:56:30.718071, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.718080, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE] [2016/11/10 14:56:30.718103, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/11/10 14:56:30.718113, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (4->5) [2016/11/10 14:56:30.718123, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.718132, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.718143, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.718151, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.718170, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/11/10 14:56:30.718180, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (5->6) [2016/11/10 14:56:30.718190, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.718202, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.718213, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.718221, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.718239, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/11/10 14:56:30.718249, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (6->7) [2016/11/10 14:56:30.718259, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.718268, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.718279, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.718288, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf76f87c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.718312, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/11/10 14:56:30.718321, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (7->8) [2016/11/10 14:56:30.718331, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.718341, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.718353, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.718361, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf76f87c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.718379, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/11/10 14:56:30.718389, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (8->9) [2016/11/10 14:56:30.718398, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.718408, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.718420, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.718429, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.718476, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.718487, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (9->10) [2016/11/10 14:56:30.718497, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.718506, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.718519, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.718527, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.718551, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (10->9) [2016/11/10 14:56:30.718561, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (9->8) [2016/11/10 14:56:30.718571, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (8->7) [2016/11/10 14:56:30.718581, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (7->6) [2016/11/10 14:56:30.718590, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (6->5) [2016/11/10 14:56:30.718599, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (5->4) [2016/11/10 14:56:30.718609, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 24 58 8E 7C ....,... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.718633, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002c-0000-0000-2458-8e7c274a0000 result : WERR_OK [2016/11/10 14:56:30.718675, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002c-0000-0000-2458-8e7c274a0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2016/11/10 14:56:30.718748, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 24 58 8E 7C ....,... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.718771, 7, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.718781, 7, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/11/10 14:56:30.718790, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä' (ops 0xf7331040) [2016/11/10 14:56:30.718800, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.718820, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2016/11/10 14:56:30.718831, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[1]: name[Datatype] len[8] [2016/11/10 14:56:30.718841, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[2]: name[Default Priority] len[4] [2016/11/10 14:56:30.718851, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[3]: name[Port] len[38] [2016/11/10 14:56:30.718861, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[4]: name[Name] len[46] [2016/11/10 14:56:30.718871, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[5]: name[Print Processor] len[18] [2016/11/10 14:56:30.718882, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[6]: name[Priority] len[4] [2016/11/10 14:56:30.718892, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[7]: name[Security] len[248] [2016/11/10 14:56:30.718902, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[8]: name[Share Name] len[46] [2016/11/10 14:56:30.718913, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[9]: name[StartTime] len[4] [2016/11/10 14:56:30.718923, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[10]: name[UntilTime] len[4] [2016/11/10 14:56:30.718940, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[11]: name[Description] len[56] [2016/11/10 14:56:30.718955, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[12]: name[Printer Driver] len[38] [2016/11/10 14:56:30.718969, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[13]: name[Location] len[2] [2016/11/10 14:56:30.718983, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[14]: name[Parameters] len[2] [2016/11/10 14:56:30.718997, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[15]: name[Separator File] len[2] [2016/11/10 14:56:30.719012, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[16]: name[Status] len[4] [2016/11/10 14:56:30.719025, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[17]: name[Default DevMode] len[1072] [2016/11/10 14:56:30.719036, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[18]: name[ChangeID] len[4] [2016/11/10 14:56:30.719047, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2016/11/10 14:56:30.719100, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002c-0000-0000-2458-8e7c274a0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2016/11/10 14:56:30.719171, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 24 58 8E 7C ....,... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.719195, 7, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.719208, 7, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/11/10 14:56:30.719219, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xae (174) [101] : 0x66 (102) [102] : 0x85 (133) [103] : 0x50 (80) [104] : 0xdc (220) [105] : 0x80 (128) [106] : 0xb5 (181) [107] : 0x88 (136) [108] : 0x63 (99) [109] : 0xbb (187) [110] : 0x04 (4) [111] : 0x8c (140) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xae (174) [137] : 0x66 (102) [138] : 0x85 (133) [139] : 0x50 (80) [140] : 0xdc (220) [141] : 0x80 (128) [142] : 0xb5 (181) [143] : 0x88 (136) [144] : 0x63 (99) [145] : 0xbb (187) [146] : 0x04 (4) [147] : 0x8c (140) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2016/11/10 14:56:30.720103, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002c-0000-0000-2458-8e7c274a0000 [2016/11/10 14:56:30.720133, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 24 58 8E 7C ....,... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.720156, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 24 58 8E 7C ....,... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.720181, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) Closed policy [2016/11/10 14:56:30.720192, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (4->3) [2016/11/10 14:56:30.720202, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/11/10 14:56:30.720238, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002b-0000-0000-2458-8e7c274a0000 [2016/11/10 14:56:30.720264, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2B 00 00 00 00 00 00 00 24 58 8E 7C ....+... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.720287, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2B 00 00 00 00 00 00 00 24 58 8E 7C ....+... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.720309, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) Closed policy [2016/11/10 14:56:30.720319, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/11/10 14:56:30.720328, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/11/10 14:56:30.720364, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002a-0000-0000-2458-8e7c274a0000 [2016/11/10 14:56:30.720392, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2A 00 00 00 00 00 00 00 24 58 8E 7C ....*... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.720415, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2A 00 00 00 00 00 00 00 24 58 8E 7C ....*... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.720438, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) Closed policy [2016/11/10 14:56:30.720452, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (2->1) [2016/11/10 14:56:30.720462, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/11/10 14:56:30.720497, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000029-0000-0000-2458-8e7c274a0000 [2016/11/10 14:56:30.720524, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 29 00 00 00 00 00 00 00 24 58 8E 7C ....)... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.720549, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 29 00 00 00 00 00 00 00 24 58 8E 7C ....)... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.720572, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) Closed policy [2016/11/10 14:56:30.720581, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (1->0) [2016/11/10 14:56:30.720647, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/11/10 14:56:30.720693, 10, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:418(close_policy_by_pipe) Deleted handle list for RPC connection winreg [2016/11/10 14:56:30.720748, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/printing/printing.c:1374(print_cache_expired) print_cache_expired: cache expired for queue aaaaaaaaaaaaaaaaaaaaaä (last_qscan_time = 1478784182, time now = 1478786190, qcachetime = 30) [2016/11/10 14:56:30.720771, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/printing/printing.c:1791(print_queue_update) print_queue_update: Sending message -> printer = aaaaaaaaaaaaaaaaaaaaaä, type = 8, lpq command = [aaaaaaaaaaaaaaaaaaaaaä] lprm command = [] [2016/11/10 14:56:30.720806, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2016/11/10 14:56:30.720820, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:491(push_conn_ctx) push_conn_ctx(14969) : conn_ctx_stack_ndx = 0 [2016/11/10 14:56:30.720830, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2016/11/10 14:56:30.720840, 5, pid=18983, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/11/10 14:56:30.720852, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/11/10 14:56:30.720871, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/messages_dgm.c:323(messaging_dgm_send) messaging_dgm_send: Sending message to 17855 [2016/11/10 14:56:30.720895, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2016/11/10 14:56:30.720955, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter out: struct spoolss_GetPrinter info : NULL needed : * needed : 0x000006c0 (1728) result : WERR_INSUFFICIENT_BUFFER [2016/11/10 14:56:30.720986, 5, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1496(api_rpcTNP) api_rpcTNP: called spoolss successfully [2016/11/10 14:56:30.721003, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2016/11/10 14:56:30.721019, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0024 (36) auth_length : 0x0000 (0) call_id : 0x00000007 (7) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x0000000c (12) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=12 [0000] 00 00 00 00 C0 06 00 00 7A 00 00 00 ........ z... [2016/11/10 14:56:30.721130, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:509(named_pipe_packet_process) Sending 1 fragments in a total of 12 bytes [2016/11/10 14:56:30.721140, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:514(named_pipe_packet_process) Sending PDU number: 0, PDU Length: 36 [2016/11/10 14:56:30.721180, 10, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:417(np_read_recv) Received 36 bytes. There is no more data outstanding [2016/11/10 14:56:30.721192, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..36] (align 0) [2016/11/10 14:56:30.721202, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/util.c:171(show_msg) [2016/11/10 14:56:30.721209, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/util.c:181(show_msg) size=92 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51223 smb_tid=13490 smb_pid=18981 smb_uid=14969 smb_mid=13 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 36 (0x24) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=37 [2016/11/10 14:56:30.721269, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) [0000] 00 05 00 02 03 10 00 00 00 24 00 00 00 07 00 00 ........ .$...... [0010] 00 0C 00 00 00 00 00 00 00 00 00 00 00 C0 06 00 ........ ........ [0020] 00 7A 00 00 00 .z... [2016/11/10 14:56:30.721303, 10, pid=18983, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:158(smb_signing_md5) smb_signing_md5: sequence number 23 [2016/11/10 14:56:30.721314, 10, pid=18983, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:271(smb_signing_sign_pdu) smb_signing_sign_pdu: sent SMB signature of [2016/11/10 14:56:30.721323, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) [0000] 90 C8 7C 8D 56 00 1C 90 ..|.V... [2016/11/10 14:56:30.721468, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/util_sock.c:248(read_smb_length_return_keepalive) got smb length of 1872 [2016/11/10 14:56:30.721485, 10, pid=18983, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:158(smb_signing_md5) smb_signing_md5: sequence number 24 [2016/11/10 14:56:30.721500, 10, pid=18983, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:330(smb_signing_check_pdu) smb_signing_check_pdu: seq 24: got good SMB signature of [2016/11/10 14:56:30.721512, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) [0000] 7F 1D 24 2E C4 23 63 67 ..$..#cg [2016/11/10 14:56:30.721528, 6, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1955(process_smb) got message type 0x0 of len 0x750 [2016/11/10 14:56:30.721538, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1957(process_smb) Transaction 14 of length 1876 (0 toread) [2016/11/10 14:56:30.721547, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/util.c:171(show_msg) [2016/11/10 14:56:30.721554, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/util.c:181(show_msg) size=1872 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51287 smb_tid=13490 smb_pid=18981 smb_uid=14969 smb_mid=14 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 1788 (0x6FC) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 1788 (0x6FC) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=15992 (0x3E78) smb_bcc=1805 [2016/11/10 14:56:30.721626, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 FC 06 00 00 08 00 00 ........ ........ [0020] 00 E4 06 00 00 00 00 08 00 00 00 00 00 0E 00 00 ........ ........ [0030] 00 00 00 00 00 24 58 8E 7C 27 4A 00 00 02 00 00 .....$X. |'J..... [0040] 00 00 00 02 00 C0 06 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2016/11/10 14:56:30.721947, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1538(switch_message) switch message SMBtrans (pid 18983) conn 0xf93f01e8 [2016/11/10 14:56:30.721958, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2016/11/10 14:56:30.721971, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:591(handle_trans) trans <\PIPE\> data=1788 params=0 setup=2 [2016/11/10 14:56:30.721982, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:624(handle_trans) calling named_pipe [2016/11/10 14:56:30.721991, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:542(named_pipe) named pipe command on <> name [2016/11/10 14:56:30.722000, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:464(api_fd_reply) api_fd_reply [2016/11/10 14:56:30.722010, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:506(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 3e78) [2016/11/10 14:56:30.722019, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:508(api_fd_reply) api_fd_reply: p:0xf93f09e8 max_trans_reply: 4280 [2016/11/10 14:56:30.722029, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:172(np_write_send) np_write_send: len: 1788 [2016/11/10 14:56:30.722064, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:441(named_pipe_packet_process) PDU is in Little Endian format! [2016/11/10 14:56:30.722076, 10, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1685(process_complete_pdu) Processing packet type 0 [2016/11/10 14:56:30.722086, 10, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1554(dcesrv_auth_request) Checking request auth. [2016/11/10 14:56:30.722106, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2016/11/10 14:56:30.722118, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2016/11/10 14:56:30.722136, 5, pid=18983, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1350919854-2293596380-2349120355-1000 SID[ 1]: S-1-5-21-1350919854-2293596380-2349120355-513 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-1-0 SID[ 4]: S-1-5-2 SID[ 5]: S-1-5-11 SID[ 6]: S-1-22-1-0 Privileges (0x 0): Rights (0x 0): [2016/11/10 14:56:30.722175, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 1 supplementary groups Group[ 0]: 0 [2016/11/10 14:56:30.722196, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:452(smbd_become_authenticated_pipe_user) Impersonated user: uid=(0,0), gid=(0,0) [2016/11/10 14:56:30.722208, 5, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1404(api_pipe_request) Requested spoolss rpc service [2016/11/10 14:56:30.722217, 4, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1429(api_rpcTNP) api_rpcTNP: spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2016/11/10 14:56:30.722229, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1469(api_rpcTNP) api_rpc_cmds[8].fn == 0xf750ca20 [2016/11/10 14:56:30.722240, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter in: struct spoolss_GetPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000e-0000-0000-2458-8e7c274a0000 level : 0x00000002 (2) buffer : * buffer : DATA_BLOB length=1728 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ skipping zero buffer bytes [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ offered : 0x000006c0 (1728) [2016/11/10 14:56:30.722318, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0E 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.722343, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0E 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.722366, 4, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:490(get_printer_snum) short name:aaaaaaaaaaaaaaaaaaaaaä [2016/11/10 14:56:30.722389, 4, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) Create pipe requested winreg [2016/11/10 14:56:30.722400, 10, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:223(init_pipe_handles) init_pipe_handle_list: created handle list for pipe winreg [2016/11/10 14:56:30.722410, 10, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:240(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg [2016/11/10 14:56:30.722433, 4, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) Created internal pipe winreg [2016/11/10 14:56:30.722452, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/11/10 14:56:30.722501, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/11/10 14:56:30.722516, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2016/11/10 14:56:30.722527, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:491(push_conn_ctx) push_conn_ctx(14969) : conn_ctx_stack_ndx = 0 [2016/11/10 14:56:30.722537, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2016/11/10 14:56:30.722546, 5, pid=18983, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/11/10 14:56:30.722555, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/11/10 14:56:30.722613, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2016/11/10 14:56:30.722625, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:885(regdb_open) regdb_open: registry db opened. refcount reset (1) [2016/11/10 14:56:30.722636, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/11/10 14:56:30.722645, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/11/10 14:56:30.722655, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.722664, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM] [2016/11/10 14:56:30.722698, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 2D 00 00 00 00 00 00 00 24 58 8E 7C ....-... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.722727, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002d-0000-0000-2458-8e7c274a0000 result : WERR_OK [2016/11/10 14:56:30.722773, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002d-0000-0000-2458-8e7c274a0000 keyname: struct winreg_String name_len : 0x00a6 (166) name_size : 0x00a6 (166) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/11/10 14:56:30.722873, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2D 00 00 00 00 00 00 00 24 58 8E 7C ....-... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.722902, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/11/10 14:56:30.722912, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (1->2) [2016/11/10 14:56:30.722922, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/11/10 14:56:30.722932, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/11/10 14:56:30.722942, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.722951, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE] [2016/11/10 14:56:30.722974, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/11/10 14:56:30.722985, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/11/10 14:56:30.722995, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.723004, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.723015, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.723023, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.723042, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/11/10 14:56:30.723052, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (3->4) [2016/11/10 14:56:30.723062, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.723072, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.723083, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.723091, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.723111, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/11/10 14:56:30.723121, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (4->5) [2016/11/10 14:56:30.723131, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.723140, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.723152, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.723161, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf76f87c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.723184, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/11/10 14:56:30.723194, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (5->6) [2016/11/10 14:56:30.723204, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.723214, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.723225, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.723234, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf76f87c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.723252, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/11/10 14:56:30.723261, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (6->7) [2016/11/10 14:56:30.723272, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.723281, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.723293, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.723302, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.723345, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.723356, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (7->8) [2016/11/10 14:56:30.723368, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.723378, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.723391, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.723400, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.723424, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (8->7) [2016/11/10 14:56:30.723434, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (7->6) [2016/11/10 14:56:30.723445, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (6->5) [2016/11/10 14:56:30.723454, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (5->4) [2016/11/10 14:56:30.723464, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (4->3) [2016/11/10 14:56:30.723473, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/11/10 14:56:30.723484, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 2E 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.723508, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002e-0000-0000-2458-8e7c274a0000 result : WERR_OK [2016/11/10 14:56:30.723549, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002e-0000-0000-2458-8e7c274a0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2016/11/10 14:56:30.723597, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2E 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.723623, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä' (ops 0xf7331040) [2016/11/10 14:56:30.723640, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.723661, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2016/11/10 14:56:30.723672, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[1]: name[Datatype] len[8] [2016/11/10 14:56:30.723682, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[2]: name[Default Priority] len[4] [2016/11/10 14:56:30.723692, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[3]: name[Port] len[38] [2016/11/10 14:56:30.723701, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[4]: name[Name] len[46] [2016/11/10 14:56:30.723711, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[5]: name[Print Processor] len[18] [2016/11/10 14:56:30.723721, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[6]: name[Priority] len[4] [2016/11/10 14:56:30.723731, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[7]: name[Security] len[248] [2016/11/10 14:56:30.723740, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[8]: name[Share Name] len[46] [2016/11/10 14:56:30.723750, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[9]: name[StartTime] len[4] [2016/11/10 14:56:30.723760, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[10]: name[UntilTime] len[4] [2016/11/10 14:56:30.723770, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[11]: name[Description] len[56] [2016/11/10 14:56:30.723780, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[12]: name[Printer Driver] len[38] [2016/11/10 14:56:30.723790, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[13]: name[Location] len[2] [2016/11/10 14:56:30.723800, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[14]: name[Parameters] len[2] [2016/11/10 14:56:30.723810, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[15]: name[Separator File] len[2] [2016/11/10 14:56:30.723821, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[16]: name[Status] len[4] [2016/11/10 14:56:30.723833, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[17]: name[Default DevMode] len[1072] [2016/11/10 14:56:30.723846, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[18]: name[ChangeID] len[4] [2016/11/10 14:56:30.723857, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.723876, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x00000013 (19) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x00000430 (1072) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2016/11/10 14:56:30.723970, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002e-0000-0000-2458-8e7c274a0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.724047, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2E 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.724071, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.724083, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2016/11/10 14:56:30.724181, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002e-0000-0000-2458-8e7c274a0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.724257, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2E 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.724280, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.724291, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2016/11/10 14:56:30.724390, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002e-0000-0000-2458-8e7c274a0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.724464, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2E 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.724487, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.724497, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2016/11/10 14:56:30.724578, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002e-0000-0000-2458-8e7c274a0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.724659, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2E 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.724684, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.724695, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2016/11/10 14:56:30.724914, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002e-0000-0000-2458-8e7c274a0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.724988, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2E 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.725012, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.725023, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(46) [0] : 0x61 (97) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x61 (97) [5] : 0x00 (0) [6] : 0x61 (97) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x61 (97) [11] : 0x00 (0) [12] : 0x61 (97) [13] : 0x00 (0) [14] : 0x61 (97) [15] : 0x00 (0) [16] : 0x61 (97) [17] : 0x00 (0) [18] : 0x61 (97) [19] : 0x00 (0) [20] : 0x61 (97) [21] : 0x00 (0) [22] : 0x61 (97) [23] : 0x00 (0) [24] : 0x61 (97) [25] : 0x00 (0) [26] : 0x61 (97) [27] : 0x00 (0) [28] : 0x61 (97) [29] : 0x00 (0) [30] : 0x61 (97) [31] : 0x00 (0) [32] : 0x61 (97) [33] : 0x00 (0) [34] : 0x61 (97) [35] : 0x00 (0) [36] : 0x61 (97) [37] : 0x00 (0) [38] : 0x61 (97) [39] : 0x00 (0) [40] : 0x61 (97) [41] : 0x00 (0) [42] : 0xe4 (228) [43] : 0x00 (0) [44] : 0x00 (0) [45] : 0x00 (0) size : * size : 0x0000002e (46) length : * length : 0x0000002e (46) result : WERR_OK [2016/11/10 14:56:30.725273, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002e-0000-0000-2458-8e7c274a0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.725350, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2E 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.725375, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.725386, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2016/11/10 14:56:30.725544, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002e-0000-0000-2458-8e7c274a0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.725621, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2E 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.725645, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.725656, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2016/11/10 14:56:30.725747, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002e-0000-0000-2458-8e7c274a0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.725824, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2E 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.725849, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.725860, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xae (174) [101] : 0x66 (102) [102] : 0x85 (133) [103] : 0x50 (80) [104] : 0xdc (220) [105] : 0x80 (128) [106] : 0xb5 (181) [107] : 0x88 (136) [108] : 0x63 (99) [109] : 0xbb (187) [110] : 0x04 (4) [111] : 0x8c (140) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xae (174) [137] : 0x66 (102) [138] : 0x85 (133) [139] : 0x50 (80) [140] : 0xdc (220) [141] : 0x80 (128) [142] : 0xb5 (181) [143] : 0x88 (136) [144] : 0x63 (99) [145] : 0xbb (187) [146] : 0x04 (4) [147] : 0x8c (140) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) size : * size : 0x000000f8 (248) length : * length : 0x000000f8 (248) result : WERR_OK [2016/11/10 14:56:30.726854, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002e-0000-0000-2458-8e7c274a0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.726929, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2E 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.726954, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.726964, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(46) [0] : 0x61 (97) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x61 (97) [5] : 0x00 (0) [6] : 0x61 (97) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x61 (97) [11] : 0x00 (0) [12] : 0x61 (97) [13] : 0x00 (0) [14] : 0x61 (97) [15] : 0x00 (0) [16] : 0x61 (97) [17] : 0x00 (0) [18] : 0x61 (97) [19] : 0x00 (0) [20] : 0x61 (97) [21] : 0x00 (0) [22] : 0x61 (97) [23] : 0x00 (0) [24] : 0x61 (97) [25] : 0x00 (0) [26] : 0x61 (97) [27] : 0x00 (0) [28] : 0x61 (97) [29] : 0x00 (0) [30] : 0x61 (97) [31] : 0x00 (0) [32] : 0x61 (97) [33] : 0x00 (0) [34] : 0x61 (97) [35] : 0x00 (0) [36] : 0x61 (97) [37] : 0x00 (0) [38] : 0x61 (97) [39] : 0x00 (0) [40] : 0x61 (97) [41] : 0x00 (0) [42] : 0xe4 (228) [43] : 0x00 (0) [44] : 0x00 (0) [45] : 0x00 (0) size : * size : 0x0000002e (46) length : * length : 0x0000002e (46) result : WERR_OK [2016/11/10 14:56:30.727207, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002e-0000-0000-2458-8e7c274a0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.727284, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2E 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.727309, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.727323, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2016/11/10 14:56:30.727411, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002e-0000-0000-2458-8e7c274a0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.727486, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2E 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.727510, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.727520, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2016/11/10 14:56:30.727608, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002e-0000-0000-2458-8e7c274a0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.727682, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2E 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.727706, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.727716, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(56) [0] : 0x61 (97) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x61 (97) [5] : 0x00 (0) [6] : 0x61 (97) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x61 (97) [11] : 0x00 (0) [12] : 0x61 (97) [13] : 0x00 (0) [14] : 0x61 (97) [15] : 0x00 (0) [16] : 0x61 (97) [17] : 0x00 (0) [18] : 0x61 (97) [19] : 0x00 (0) [20] : 0x61 (97) [21] : 0x00 (0) [22] : 0x61 (97) [23] : 0x00 (0) [24] : 0x61 (97) [25] : 0x00 (0) [26] : 0x61 (97) [27] : 0x00 (0) [28] : 0x61 (97) [29] : 0x00 (0) [30] : 0x61 (97) [31] : 0x00 (0) [32] : 0x61 (97) [33] : 0x00 (0) [34] : 0x61 (97) [35] : 0x00 (0) [36] : 0x61 (97) [37] : 0x00 (0) [38] : 0x61 (97) [39] : 0x00 (0) [40] : 0x61 (97) [41] : 0x00 (0) [42] : 0xe4 (228) [43] : 0x00 (0) [44] : 0x2c (44) [45] : 0x00 (0) [46] : 0x20 (32) [47] : 0x00 (0) [48] : 0x30 (48) [49] : 0x00 (0) [50] : 0x2b (43) [51] : 0x00 (0) [52] : 0x30 (48) [53] : 0x00 (0) [54] : 0x00 (0) [55] : 0x00 (0) size : * size : 0x00000038 (56) length : * length : 0x00000038 (56) result : WERR_OK [2016/11/10 14:56:30.728026, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002e-0000-0000-2458-8e7c274a0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.728129, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2E 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.728155, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.728171, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x001e (30) size : 0x0024 (36) name : * name : 'Printer Driver' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x49 (73) [1] : 0x00 (0) [2] : 0x53 (83) [3] : 0x00 (0) [4] : 0x65 (101) [5] : 0x00 (0) [6] : 0x72 (114) [7] : 0x00 (0) [8] : 0x76 (118) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x20 (32) [23] : 0x00 (0) [24] : 0x44 (68) [25] : 0x00 (0) [26] : 0x72 (114) [27] : 0x00 (0) [28] : 0x69 (105) [29] : 0x00 (0) [30] : 0x76 (118) [31] : 0x00 (0) [32] : 0x65 (101) [33] : 0x00 (0) [34] : 0x72 (114) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2016/11/10 14:56:30.728375, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002e-0000-0000-2458-8e7c274a0000 enum_index : 0x0000000d (13) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.728452, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2E 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.728477, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.728488, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Location' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2016/11/10 14:56:30.728568, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002e-0000-0000-2458-8e7c274a0000 enum_index : 0x0000000e (14) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.728642, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2E 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.728666, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.728677, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Parameters' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2016/11/10 14:56:30.728758, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002e-0000-0000-2458-8e7c274a0000 enum_index : 0x0000000f (15) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.728831, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2E 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.728855, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.728866, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x001e (30) size : 0x0024 (36) name : * name : 'Separator File' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2016/11/10 14:56:30.728942, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002e-0000-0000-2458-8e7c274a0000 enum_index : 0x00000010 (16) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.729021, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2E 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.729045, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.729056, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000e (14) size : 0x0024 (36) name : * name : 'Status' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2016/11/10 14:56:30.729149, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002e-0000-0000-2458-8e7c274a0000 enum_index : 0x00000011 (17) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.729224, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2E 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.729251, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.729262, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Default DevMode' type : * type : REG_BINARY (3) value : * value: ARRAY(1072) [0] : 0x5c (92) [1] : 0x00 (0) [2] : 0x5c (92) [3] : 0x00 (0) [4] : 0x69 (105) [5] : 0x00 (0) [6] : 0x73 (115) [7] : 0x00 (0) [8] : 0x65 (101) [9] : 0x00 (0) [10] : 0x72 (114) [11] : 0x00 (0) [12] : 0x76 (118) [13] : 0x00 (0) [14] : 0x5c (92) [15] : 0x00 (0) [16] : 0x78 (120) [17] : 0x00 (0) [18] : 0x79 (121) [19] : 0x00 (0) [20] : 0x7a (122) [21] : 0x00 (0) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x00 (0) [28] : 0x00 (0) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x00 (0) [33] : 0x00 (0) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x00 (0) [44] : 0x00 (0) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x00 (0) [49] : 0x00 (0) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x00 (0) [53] : 0x00 (0) [54] : 0x00 (0) [55] : 0x00 (0) [56] : 0x00 (0) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x00 (0) [62] : 0x00 (0) [63] : 0x00 (0) [64] : 0x01 (1) [65] : 0x04 (4) [66] : 0x00 (0) [67] : 0x06 (6) [68] : 0xdc (220) [69] : 0x00 (0) [70] : 0x54 (84) [71] : 0x03 (3) [72] : 0x53 (83) [73] : 0xef (239) [74] : 0x81 (129) [75] : 0x01 (1) [76] : 0x01 (1) [77] : 0x00 (0) [78] : 0x09 (9) [79] : 0x00 (0) [80] : 0xea (234) [81] : 0x0a (10) [82] : 0x6f (111) [83] : 0x08 (8) [84] : 0x64 (100) [85] : 0x00 (0) [86] : 0x01 (1) [87] : 0x00 (0) [88] : 0x0f (15) [89] : 0x00 (0) [90] : 0x58 (88) [91] : 0x02 (2) [92] : 0x02 (2) [93] : 0x00 (0) [94] : 0x01 (1) [95] : 0x00 (0) [96] : 0x58 (88) [97] : 0x02 (2) [98] : 0x03 (3) [99] : 0x00 (0) [100] : 0x01 (1) [101] : 0x00 (0) [102] : 0x41 (65) [103] : 0x00 (0) [104] : 0x34 (52) [105] : 0x00 (0) [106] : 0x00 (0) [107] : 0x00 (0) [108] : 0x00 (0) [109] : 0x00 (0) [110] : 0x00 (0) [111] : 0x00 (0) [112] : 0x00 (0) [113] : 0x00 (0) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x00 (0) [120] : 0x00 (0) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x00 (0) [125] : 0x00 (0) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x00 (0) [132] : 0x00 (0) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0x00 (0) [137] : 0x00 (0) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x00 (0) [144] : 0x00 (0) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x00 (0) [149] : 0x00 (0) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x00 (0) [154] : 0x00 (0) [155] : 0x00 (0) [156] : 0x00 (0) [157] : 0x00 (0) [158] : 0x00 (0) [159] : 0x00 (0) [160] : 0x00 (0) [161] : 0x00 (0) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x00 (0) [168] : 0x00 (0) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x00 (0) [173] : 0x00 (0) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x00 (0) [178] : 0x00 (0) [179] : 0x00 (0) [180] : 0x01 (1) [181] : 0x00 (0) [182] : 0x00 (0) [183] : 0x00 (0) [184] : 0x00 (0) [185] : 0x00 (0) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x01 (1) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x00 (0) [192] : 0x02 (2) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x01 (1) [197] : 0x00 (0) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x00 (0) [202] : 0x00 (0) [203] : 0x00 (0) [204] : 0x00 (0) [205] : 0x00 (0) [206] : 0x00 (0) [207] : 0x00 (0) [208] : 0x00 (0) [209] : 0x00 (0) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x00 (0) [216] : 0x00 (0) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x50 (80) [221] : 0x52 (82) [222] : 0x49 (73) [223] : 0x56 (86) [224] : 0xe2 (226) [225] : 0x30 (48) [226] : 0x00 (0) [227] : 0x00 (0) [228] : 0x00 (0) [229] : 0x00 (0) [230] : 0x00 (0) [231] : 0x00 (0) [232] : 0x00 (0) [233] : 0x00 (0) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x00 (0) [240] : 0x00 (0) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x00 (0) [245] : 0x00 (0) [246] : 0x00 (0) [247] : 0x00 (0) [248] : 0x00 (0) [249] : 0x00 (0) [250] : 0x00 (0) [251] : 0x00 (0) [252] : 0x00 (0) [253] : 0x00 (0) [254] : 0x00 (0) [255] : 0x00 (0) [256] : 0x00 (0) [257] : 0x00 (0) [258] : 0x00 (0) [259] : 0x00 (0) [260] : 0x00 (0) [261] : 0x00 (0) [262] : 0x00 (0) [263] : 0x00 (0) [264] : 0x00 (0) [265] : 0x00 (0) [266] : 0x00 (0) [267] : 0x00 (0) [268] : 0x00 (0) [269] : 0x00 (0) [270] : 0x00 (0) [271] : 0x00 (0) [272] : 0x00 (0) [273] : 0x00 (0) [274] : 0x00 (0) [275] : 0x00 (0) [276] : 0x00 (0) [277] : 0x00 (0) [278] : 0x00 (0) [279] : 0x00 (0) [280] : 0x00 (0) [281] : 0x00 (0) [282] : 0x00 (0) [283] : 0x00 (0) [284] : 0x00 (0) [285] : 0x00 (0) [286] : 0x00 (0) [287] : 0x00 (0) [288] : 0x00 (0) [289] : 0x00 (0) [290] : 0x00 (0) [291] : 0x00 (0) [292] : 0x00 (0) [293] : 0x00 (0) [294] : 0x00 (0) [295] : 0x00 (0) [296] : 0x00 (0) [297] : 0x00 (0) [298] : 0x00 (0) [299] : 0x00 (0) [300] : 0x00 (0) [301] : 0x00 (0) [302] : 0x00 (0) [303] : 0x00 (0) [304] : 0x00 (0) [305] : 0x00 (0) [306] : 0x00 (0) [307] : 0x00 (0) [308] : 0x18 (24) [309] : 0x00 (0) [310] : 0x00 (0) [311] : 0x00 (0) [312] : 0x00 (0) [313] : 0x00 (0) [314] : 0x10 (16) [315] : 0x27 (39) [316] : 0x10 (16) [317] : 0x27 (39) [318] : 0x10 (16) [319] : 0x27 (39) [320] : 0x00 (0) [321] : 0x00 (0) [322] : 0x10 (16) [323] : 0x27 (39) [324] : 0x00 (0) [325] : 0x00 (0) [326] : 0x00 (0) [327] : 0x00 (0) [328] : 0x00 (0) [329] : 0x00 (0) [330] : 0x00 (0) [331] : 0x00 (0) [332] : 0x80 (128) [333] : 0x00 (0) [334] : 0x54 (84) [335] : 0x03 (3) [336] : 0x00 (0) [337] : 0x00 (0) [338] : 0x00 (0) [339] : 0x00 (0) [340] : 0x00 (0) [341] : 0x00 (0) [342] : 0x00 (0) [343] : 0x00 (0) [344] : 0x00 (0) [345] : 0x00 (0) [346] : 0x00 (0) [347] : 0x00 (0) [348] : 0x00 (0) [349] : 0x00 (0) [350] : 0x00 (0) [351] : 0x00 (0) [352] : 0x00 (0) [353] : 0x00 (0) [354] : 0x00 (0) [355] : 0x00 (0) [356] : 0x00 (0) [357] : 0x00 (0) [358] : 0x00 (0) [359] : 0x00 (0) [360] : 0x03 (3) [361] : 0x00 (0) [362] : 0x00 (0) [363] : 0x00 (0) [364] : 0x00 (0) [365] : 0x00 (0) [366] : 0x00 (0) [367] : 0x00 (0) [368] : 0x00 (0) [369] : 0x00 (0) [370] : 0x10 (16) [371] : 0x00 (0) [372] : 0x50 (80) [373] : 0x34 (52) [374] : 0x03 (3) [375] : 0x00 (0) [376] : 0x28 (40) [377] : 0x88 (136) [378] : 0x04 (4) [379] : 0x00 (0) [380] : 0x00 (0) [381] : 0x00 (0) [382] : 0x00 (0) [383] : 0x00 (0) [384] : 0x00 (0) [385] : 0x00 (0) [386] : 0x00 (0) [387] : 0x00 (0) [388] : 0x00 (0) [389] : 0x00 (0) [390] : 0x01 (1) [391] : 0x00 (0) [392] : 0x00 (0) [393] : 0x00 (0) [394] : 0x00 (0) [395] : 0x00 (0) [396] : 0x00 (0) [397] : 0x00 (0) [398] : 0x00 (0) [399] : 0x00 (0) [400] : 0x00 (0) [401] : 0x00 (0) [402] : 0x00 (0) [403] : 0x00 (0) [404] : 0x00 (0) [405] : 0x00 (0) [406] : 0x00 (0) [407] : 0x00 (0) [408] : 0x24 (36) [409] : 0x01 (1) [410] : 0xdf (223) [411] : 0x8c (140) [412] : 0x03 (3) [413] : 0x00 (0) [414] : 0x00 (0) [415] : 0x00 (0) [416] : 0x05 (5) [417] : 0x00 (0) [418] : 0x0b (11) [419] : 0x00 (0) [420] : 0xff (255) [421] : 0x00 (0) [422] : 0x00 (0) [423] : 0x00 (0) [424] : 0x00 (0) [425] : 0x00 (0) [426] : 0x00 (0) [427] : 0x00 (0) [428] : 0x00 (0) [429] : 0x00 (0) [430] : 0x00 (0) [431] : 0x00 (0) [432] : 0x00 (0) [433] : 0x00 (0) [434] : 0x00 (0) [435] : 0x00 (0) [436] : 0x00 (0) [437] : 0x00 (0) [438] : 0x00 (0) [439] : 0x00 (0) [440] : 0x00 (0) [441] : 0x00 (0) [442] : 0x00 (0) [443] : 0x00 (0) [444] : 0x00 (0) [445] : 0x00 (0) [446] : 0x00 (0) [447] : 0x00 (0) [448] : 0x00 (0) [449] : 0x00 (0) [450] : 0x00 (0) [451] : 0x00 (0) [452] : 0x00 (0) [453] : 0x00 (0) [454] : 0x00 (0) [455] : 0x00 (0) [456] : 0x00 (0) [457] : 0x00 (0) [458] : 0x00 (0) [459] : 0x00 (0) [460] : 0x00 (0) [461] : 0x00 (0) [462] : 0x00 (0) [463] : 0x00 (0) [464] : 0x00 (0) [465] : 0x00 (0) [466] : 0x00 (0) [467] : 0x00 (0) [468] : 0x00 (0) [469] : 0x00 (0) [470] : 0x00 (0) [471] : 0x00 (0) [472] : 0x00 (0) [473] : 0x00 (0) [474] : 0x00 (0) [475] : 0x00 (0) [476] : 0x00 (0) [477] : 0x00 (0) [478] : 0x00 (0) [479] : 0x00 (0) [480] : 0x00 (0) [481] : 0x00 (0) [482] : 0x00 (0) [483] : 0x00 (0) [484] : 0x00 (0) [485] : 0x00 (0) [486] : 0x00 (0) [487] : 0x00 (0) [488] : 0x00 (0) [489] : 0x00 (0) [490] : 0x00 (0) [491] : 0x00 (0) [492] : 0x00 (0) [493] : 0x00 (0) [494] : 0x00 (0) [495] : 0x00 (0) [496] : 0x00 (0) [497] : 0x00 (0) [498] : 0x00 (0) [499] : 0x00 (0) [500] : 0x00 (0) [501] : 0x00 (0) [502] : 0x00 (0) [503] : 0x00 (0) [504] : 0x00 (0) [505] : 0x00 (0) [506] : 0x00 (0) [507] : 0x00 (0) [508] : 0x00 (0) [509] : 0x00 (0) [510] : 0x00 (0) [511] : 0x00 (0) [512] : 0x00 (0) [513] : 0x00 (0) [514] : 0x00 (0) [515] : 0x00 (0) [516] : 0x00 (0) [517] : 0x00 (0) [518] : 0x00 (0) [519] : 0x00 (0) [520] : 0x00 (0) [521] : 0x00 (0) [522] : 0x00 (0) [523] : 0x00 (0) [524] : 0x00 (0) [525] : 0x00 (0) [526] : 0x00 (0) [527] : 0x00 (0) [528] : 0x00 (0) [529] : 0x00 (0) [530] : 0x00 (0) [531] : 0x00 (0) [532] : 0x00 (0) [533] : 0x00 (0) [534] : 0x00 (0) [535] : 0x00 (0) [536] : 0x00 (0) [537] : 0x00 (0) [538] : 0x00 (0) [539] : 0x00 (0) [540] : 0x00 (0) [541] : 0x00 (0) [542] : 0x00 (0) [543] : 0x00 (0) [544] : 0x00 (0) [545] : 0x00 (0) [546] : 0x00 (0) [547] : 0x00 (0) [548] : 0x00 (0) [549] : 0x00 (0) [550] : 0x00 (0) [551] : 0x00 (0) [552] : 0x00 (0) [553] : 0x00 (0) [554] : 0x00 (0) [555] : 0x00 (0) [556] : 0x00 (0) [557] : 0x00 (0) [558] : 0x00 (0) [559] : 0x00 (0) [560] : 0x00 (0) [561] : 0x00 (0) [562] : 0x00 (0) [563] : 0x00 (0) [564] : 0x00 (0) [565] : 0x00 (0) [566] : 0x00 (0) [567] : 0x00 (0) [568] : 0x00 (0) [569] : 0x00 (0) [570] : 0x00 (0) [571] : 0x00 (0) [572] : 0x00 (0) [573] : 0x00 (0) [574] : 0x00 (0) [575] : 0x00 (0) [576] : 0x00 (0) [577] : 0x00 (0) [578] : 0x00 (0) [579] : 0x00 (0) [580] : 0x00 (0) [581] : 0x00 (0) [582] : 0x00 (0) [583] : 0x00 (0) [584] : 0x00 (0) [585] : 0x00 (0) [586] : 0x00 (0) [587] : 0x00 (0) [588] : 0x00 (0) [589] : 0x00 (0) [590] : 0x00 (0) [591] : 0x00 (0) [592] : 0x00 (0) [593] : 0x00 (0) [594] : 0x00 (0) [595] : 0x00 (0) [596] : 0x00 (0) [597] : 0x00 (0) [598] : 0x00 (0) [599] : 0x00 (0) [600] : 0x00 (0) [601] : 0x00 (0) [602] : 0x00 (0) [603] : 0x00 (0) [604] : 0x00 (0) [605] : 0x00 (0) [606] : 0x00 (0) [607] : 0x00 (0) [608] : 0x00 (0) [609] : 0x00 (0) [610] : 0x00 (0) [611] : 0x00 (0) [612] : 0x00 (0) [613] : 0x00 (0) [614] : 0x00 (0) [615] : 0x00 (0) [616] : 0x00 (0) [617] : 0x00 (0) [618] : 0x00 (0) [619] : 0x00 (0) [620] : 0x00 (0) [621] : 0x00 (0) [622] : 0x00 (0) [623] : 0x00 (0) [624] : 0x00 (0) [625] : 0x00 (0) [626] : 0x00 (0) [627] : 0x00 (0) [628] : 0x00 (0) [629] : 0x00 (0) [630] : 0x00 (0) [631] : 0x00 (0) [632] : 0x00 (0) [633] : 0x00 (0) [634] : 0x00 (0) [635] : 0x00 (0) [636] : 0x00 (0) [637] : 0x00 (0) [638] : 0x00 (0) [639] : 0x00 (0) [640] : 0x00 (0) [641] : 0x00 (0) [642] : 0x00 (0) [643] : 0x00 (0) [644] : 0x00 (0) [645] : 0x00 (0) [646] : 0x00 (0) [647] : 0x00 (0) [648] : 0x00 (0) [649] : 0x00 (0) [650] : 0x00 (0) [651] : 0x00 (0) [652] : 0x00 (0) [653] : 0x00 (0) [654] : 0x00 (0) [655] : 0x00 (0) [656] : 0x00 (0) [657] : 0x00 (0) [658] : 0x00 (0) [659] : 0x00 (0) [660] : 0x00 (0) [661] : 0x00 (0) [662] : 0x00 (0) [663] : 0x00 (0) [664] : 0x00 (0) [665] : 0x00 (0) [666] : 0x00 (0) [667] : 0x00 (0) [668] : 0x00 (0) [669] : 0x00 (0) [670] : 0x00 (0) [671] : 0x00 (0) [672] : 0x00 (0) [673] : 0x00 (0) [674] : 0x00 (0) [675] : 0x00 (0) [676] : 0x00 (0) [677] : 0x00 (0) [678] : 0x00 (0) [679] : 0x00 (0) [680] : 0x00 (0) [681] : 0x00 (0) [682] : 0x00 (0) [683] : 0x00 (0) [684] : 0x00 (0) [685] : 0x00 (0) [686] : 0x00 (0) [687] : 0x00 (0) [688] : 0x00 (0) [689] : 0x00 (0) [690] : 0x00 (0) [691] : 0x00 (0) [692] : 0x00 (0) [693] : 0x00 (0) [694] : 0x00 (0) [695] : 0x00 (0) [696] : 0x00 (0) [697] : 0x00 (0) [698] : 0x00 (0) [699] : 0x00 (0) [700] : 0x00 (0) [701] : 0x00 (0) [702] : 0x00 (0) [703] : 0x00 (0) [704] : 0x00 (0) [705] : 0x00 (0) [706] : 0x00 (0) [707] : 0x00 (0) [708] : 0x00 (0) [709] : 0x00 (0) [710] : 0x00 (0) [711] : 0x00 (0) [712] : 0x00 (0) [713] : 0x00 (0) [714] : 0x00 (0) [715] : 0x00 (0) [716] : 0x00 (0) [717] : 0x00 (0) [718] : 0x00 (0) [719] : 0x00 (0) [720] : 0x00 (0) [721] : 0x00 (0) [722] : 0x00 (0) [723] : 0x00 (0) [724] : 0x00 (0) [725] : 0x00 (0) [726] : 0x00 (0) [727] : 0x00 (0) [728] : 0x00 (0) [729] : 0x00 (0) [730] : 0x00 (0) [731] : 0x00 (0) [732] : 0x00 (0) [733] : 0x00 (0) [734] : 0x00 (0) [735] : 0x00 (0) [736] : 0x00 (0) [737] : 0x00 (0) [738] : 0x00 (0) [739] : 0x00 (0) [740] : 0x00 (0) [741] : 0x00 (0) [742] : 0x00 (0) [743] : 0x00 (0) [744] : 0x00 (0) [745] : 0x00 (0) [746] : 0x00 (0) [747] : 0x00 (0) [748] : 0x00 (0) [749] : 0x00 (0) [750] : 0x00 (0) [751] : 0x00 (0) [752] : 0x00 (0) [753] : 0x00 (0) [754] : 0x00 (0) [755] : 0x00 (0) [756] : 0x00 (0) [757] : 0x00 (0) [758] : 0x00 (0) [759] : 0x00 (0) [760] : 0x00 (0) [761] : 0x00 (0) [762] : 0x00 (0) [763] : 0x00 (0) [764] : 0x00 (0) [765] : 0x00 (0) [766] : 0x00 (0) [767] : 0x00 (0) [768] : 0x00 (0) [769] : 0x00 (0) [770] : 0x00 (0) [771] : 0x00 (0) [772] : 0x00 (0) [773] : 0x00 (0) [774] : 0x00 (0) [775] : 0x00 (0) [776] : 0x00 (0) [777] : 0x00 (0) [778] : 0x00 (0) [779] : 0x00 (0) [780] : 0x00 (0) [781] : 0x00 (0) [782] : 0x00 (0) [783] : 0x00 (0) [784] : 0x00 (0) [785] : 0x00 (0) [786] : 0x00 (0) [787] : 0x00 (0) [788] : 0x00 (0) [789] : 0x00 (0) [790] : 0x00 (0) [791] : 0x00 (0) [792] : 0x00 (0) [793] : 0x00 (0) [794] : 0x00 (0) [795] : 0x00 (0) [796] : 0x00 (0) [797] : 0x00 (0) [798] : 0x00 (0) [799] : 0x00 (0) [800] : 0x00 (0) [801] : 0x00 (0) [802] : 0x00 (0) [803] : 0x00 (0) [804] : 0x00 (0) [805] : 0x00 (0) [806] : 0x00 (0) [807] : 0x00 (0) [808] : 0x00 (0) [809] : 0x00 (0) [810] : 0x00 (0) [811] : 0x00 (0) [812] : 0x00 (0) [813] : 0x00 (0) [814] : 0x00 (0) [815] : 0x00 (0) [816] : 0x00 (0) [817] : 0x00 (0) [818] : 0x00 (0) [819] : 0x00 (0) [820] : 0x00 (0) [821] : 0x00 (0) [822] : 0x00 (0) [823] : 0x00 (0) [824] : 0x00 (0) [825] : 0x00 (0) [826] : 0x00 (0) [827] : 0x00 (0) [828] : 0x00 (0) [829] : 0x00 (0) [830] : 0x00 (0) [831] : 0x00 (0) [832] : 0x00 (0) [833] : 0x00 (0) [834] : 0x00 (0) [835] : 0x00 (0) [836] : 0x00 (0) [837] : 0x00 (0) [838] : 0x00 (0) [839] : 0x00 (0) [840] : 0x00 (0) [841] : 0x00 (0) [842] : 0x00 (0) [843] : 0x00 (0) [844] : 0x00 (0) [845] : 0x00 (0) [846] : 0x00 (0) [847] : 0x00 (0) [848] : 0x00 (0) [849] : 0x00 (0) [850] : 0x00 (0) [851] : 0x00 (0) [852] : 0x00 (0) [853] : 0x00 (0) [854] : 0x00 (0) [855] : 0x00 (0) [856] : 0x00 (0) [857] : 0x00 (0) [858] : 0x00 (0) [859] : 0x00 (0) [860] : 0x00 (0) [861] : 0x00 (0) [862] : 0x00 (0) [863] : 0x00 (0) [864] : 0x00 (0) [865] : 0x00 (0) [866] : 0x00 (0) [867] : 0x00 (0) [868] : 0x00 (0) [869] : 0x00 (0) [870] : 0x00 (0) [871] : 0x00 (0) [872] : 0x00 (0) [873] : 0x00 (0) [874] : 0x00 (0) [875] : 0x00 (0) [876] : 0x00 (0) [877] : 0x00 (0) [878] : 0x00 (0) [879] : 0x00 (0) [880] : 0x00 (0) [881] : 0x00 (0) [882] : 0x00 (0) [883] : 0x00 (0) [884] : 0x00 (0) [885] : 0x00 (0) [886] : 0x00 (0) [887] : 0x00 (0) [888] : 0x00 (0) [889] : 0x00 (0) [890] : 0x00 (0) [891] : 0x00 (0) [892] : 0x00 (0) [893] : 0x00 (0) [894] : 0x00 (0) [895] : 0x00 (0) [896] : 0x00 (0) [897] : 0x00 (0) [898] : 0x00 (0) [899] : 0x00 (0) [900] : 0x00 (0) [901] : 0x00 (0) [902] : 0x00 (0) [903] : 0x00 (0) [904] : 0x00 (0) [905] : 0x00 (0) [906] : 0x00 (0) [907] : 0x00 (0) [908] : 0x00 (0) [909] : 0x00 (0) [910] : 0x00 (0) [911] : 0x00 (0) [912] : 0x00 (0) [913] : 0x00 (0) [914] : 0x00 (0) [915] : 0x00 (0) [916] : 0x00 (0) [917] : 0x00 (0) [918] : 0x00 (0) [919] : 0x00 (0) [920] : 0x00 (0) [921] : 0x00 (0) [922] : 0x00 (0) [923] : 0x00 (0) [924] : 0x00 (0) [925] : 0x00 (0) [926] : 0x00 (0) [927] : 0x00 (0) [928] : 0x01 (1) [929] : 0x00 (0) [930] : 0x00 (0) [931] : 0x00 (0) [932] : 0x00 (0) [933] : 0x00 (0) [934] : 0x00 (0) [935] : 0x00 (0) [936] : 0x00 (0) [937] : 0x00 (0) [938] : 0x00 (0) [939] : 0x00 (0) [940] : 0x00 (0) [941] : 0x00 (0) [942] : 0x00 (0) [943] : 0x00 (0) [944] : 0x80 (128) [945] : 0x00 (0) [946] : 0x00 (0) [947] : 0x00 (0) [948] : 0x53 (83) [949] : 0x4d (77) [950] : 0x54 (84) [951] : 0x4a (74) [952] : 0x00 (0) [953] : 0x00 (0) [954] : 0x00 (0) [955] : 0x00 (0) [956] : 0x10 (16) [957] : 0x00 (0) [958] : 0x70 (112) [959] : 0x00 (0) [960] : 0x49 (73) [961] : 0x00 (0) [962] : 0x53 (83) [963] : 0x00 (0) [964] : 0x65 (101) [965] : 0x00 (0) [966] : 0x72 (114) [967] : 0x00 (0) [968] : 0x76 (118) [969] : 0x00 (0) [970] : 0x20 (32) [971] : 0x00 (0) [972] : 0x50 (80) [973] : 0x00 (0) [974] : 0x72 (114) [975] : 0x00 (0) [976] : 0x69 (105) [977] : 0x00 (0) [978] : 0x6e (110) [979] : 0x00 (0) [980] : 0x74 (116) [981] : 0x00 (0) [982] : 0x20 (32) [983] : 0x00 (0) [984] : 0x44 (68) [985] : 0x00 (0) [986] : 0x72 (114) [987] : 0x00 (0) [988] : 0x69 (105) [989] : 0x00 (0) [990] : 0x76 (118) [991] : 0x00 (0) [992] : 0x65 (101) [993] : 0x00 (0) [994] : 0x72 (114) [995] : 0x00 (0) [996] : 0x00 (0) [997] : 0x00 (0) [998] : 0x52 (82) [999] : 0x65 (101) [1000] : 0x73 (115) [1001] : 0x6f (111) [1002] : 0x6c (108) [1003] : 0x75 (117) [1004] : 0x74 (116) [1005] : 0x69 (105) [1006] : 0x6f (111) [1007] : 0x6e (110) [1008] : 0x00 (0) [1009] : 0x36 (54) [1010] : 0x30 (48) [1011] : 0x30 (48) [1012] : 0x64 (100) [1013] : 0x70 (112) [1014] : 0x69 (105) [1015] : 0x00 (0) [1016] : 0x50 (80) [1017] : 0x61 (97) [1018] : 0x67 (103) [1019] : 0x65 (101) [1020] : 0x53 (83) [1021] : 0x69 (105) [1022] : 0x7a (122) [1023] : 0x65 (101) [1024] : 0x00 (0) [1025] : 0x41 (65) [1026] : 0x34 (52) [1027] : 0x00 (0) [1028] : 0x50 (80) [1029] : 0x61 (97) [1030] : 0x67 (103) [1031] : 0x65 (101) [1032] : 0x52 (82) [1033] : 0x65 (101) [1034] : 0x67 (103) [1035] : 0x69 (105) [1036] : 0x6f (111) [1037] : 0x6e (110) [1038] : 0x00 (0) [1039] : 0x00 (0) [1040] : 0x00 (0) [1041] : 0x00 (0) [1042] : 0x00 (0) [1043] : 0x00 (0) [1044] : 0x00 (0) [1045] : 0x00 (0) [1046] : 0x00 (0) [1047] : 0x00 (0) [1048] : 0x00 (0) [1049] : 0x00 (0) [1050] : 0x00 (0) [1051] : 0x00 (0) [1052] : 0x00 (0) [1053] : 0x00 (0) [1054] : 0x00 (0) [1055] : 0x00 (0) [1056] : 0x00 (0) [1057] : 0x00 (0) [1058] : 0x00 (0) [1059] : 0x00 (0) [1060] : 0x00 (0) [1061] : 0x00 (0) [1062] : 0x00 (0) [1063] : 0x00 (0) [1064] : 0x00 (0) [1065] : 0x00 (0) [1066] : 0x00 (0) [1067] : 0x00 (0) [1068] : 0x00 (0) [1069] : 0x00 (0) [1070] : 0x00 (0) [1071] : 0x00 (0) size : * size : 0x00000430 (1072) length : * length : 0x00000430 (1072) result : WERR_OK [2016/11/10 14:56:30.732882, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002e-0000-0000-2458-8e7c274a0000 enum_index : 0x00000012 (18) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.732960, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2E 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.732985, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.732999, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0xc7 (199) [1] : 0xe5 (229) [2] : 0x03 (3) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2016/11/10 14:56:30.733104, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002e-0000-0000-2458-8e7c274a0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2016/11/10 14:56:30.733172, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2E 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.733195, 7, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.733205, 7, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/11/10 14:56:30.733218, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x00000430 (1072) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2016/11/10 14:56:30.733264, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002e-0000-0000-2458-8e7c274a0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x00000430 (1072) data_length : * data_length : 0x00000000 (0) [2016/11/10 14:56:30.733337, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2E 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.733361, 7, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.733371, 7, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/11/10 14:56:30.733383, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(1072) [0] : 0x5c (92) [1] : 0x00 (0) [2] : 0x5c (92) [3] : 0x00 (0) [4] : 0x69 (105) [5] : 0x00 (0) [6] : 0x73 (115) [7] : 0x00 (0) [8] : 0x65 (101) [9] : 0x00 (0) [10] : 0x72 (114) [11] : 0x00 (0) [12] : 0x76 (118) [13] : 0x00 (0) [14] : 0x5c (92) [15] : 0x00 (0) [16] : 0x78 (120) [17] : 0x00 (0) [18] : 0x79 (121) [19] : 0x00 (0) [20] : 0x7a (122) [21] : 0x00 (0) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x00 (0) [28] : 0x00 (0) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x00 (0) [33] : 0x00 (0) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x00 (0) [44] : 0x00 (0) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x00 (0) [49] : 0x00 (0) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x00 (0) [53] : 0x00 (0) [54] : 0x00 (0) [55] : 0x00 (0) [56] : 0x00 (0) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x00 (0) [62] : 0x00 (0) [63] : 0x00 (0) [64] : 0x01 (1) [65] : 0x04 (4) [66] : 0x00 (0) [67] : 0x06 (6) [68] : 0xdc (220) [69] : 0x00 (0) [70] : 0x54 (84) [71] : 0x03 (3) [72] : 0x53 (83) [73] : 0xef (239) [74] : 0x81 (129) [75] : 0x01 (1) [76] : 0x01 (1) [77] : 0x00 (0) [78] : 0x09 (9) [79] : 0x00 (0) [80] : 0xea (234) [81] : 0x0a (10) [82] : 0x6f (111) [83] : 0x08 (8) [84] : 0x64 (100) [85] : 0x00 (0) [86] : 0x01 (1) [87] : 0x00 (0) [88] : 0x0f (15) [89] : 0x00 (0) [90] : 0x58 (88) [91] : 0x02 (2) [92] : 0x02 (2) [93] : 0x00 (0) [94] : 0x01 (1) [95] : 0x00 (0) [96] : 0x58 (88) [97] : 0x02 (2) [98] : 0x03 (3) [99] : 0x00 (0) [100] : 0x01 (1) [101] : 0x00 (0) [102] : 0x41 (65) [103] : 0x00 (0) [104] : 0x34 (52) [105] : 0x00 (0) [106] : 0x00 (0) [107] : 0x00 (0) [108] : 0x00 (0) [109] : 0x00 (0) [110] : 0x00 (0) [111] : 0x00 (0) [112] : 0x00 (0) [113] : 0x00 (0) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x00 (0) [120] : 0x00 (0) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x00 (0) [125] : 0x00 (0) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x00 (0) [132] : 0x00 (0) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0x00 (0) [137] : 0x00 (0) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x00 (0) [144] : 0x00 (0) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x00 (0) [149] : 0x00 (0) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x00 (0) [154] : 0x00 (0) [155] : 0x00 (0) [156] : 0x00 (0) [157] : 0x00 (0) [158] : 0x00 (0) [159] : 0x00 (0) [160] : 0x00 (0) [161] : 0x00 (0) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x00 (0) [168] : 0x00 (0) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x00 (0) [173] : 0x00 (0) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x00 (0) [178] : 0x00 (0) [179] : 0x00 (0) [180] : 0x01 (1) [181] : 0x00 (0) [182] : 0x00 (0) [183] : 0x00 (0) [184] : 0x00 (0) [185] : 0x00 (0) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x01 (1) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x00 (0) [192] : 0x02 (2) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x01 (1) [197] : 0x00 (0) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x00 (0) [202] : 0x00 (0) [203] : 0x00 (0) [204] : 0x00 (0) [205] : 0x00 (0) [206] : 0x00 (0) [207] : 0x00 (0) [208] : 0x00 (0) [209] : 0x00 (0) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x00 (0) [216] : 0x00 (0) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x50 (80) [221] : 0x52 (82) [222] : 0x49 (73) [223] : 0x56 (86) [224] : 0xe2 (226) [225] : 0x30 (48) [226] : 0x00 (0) [227] : 0x00 (0) [228] : 0x00 (0) [229] : 0x00 (0) [230] : 0x00 (0) [231] : 0x00 (0) [232] : 0x00 (0) [233] : 0x00 (0) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x00 (0) [240] : 0x00 (0) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x00 (0) [245] : 0x00 (0) [246] : 0x00 (0) [247] : 0x00 (0) [248] : 0x00 (0) [249] : 0x00 (0) [250] : 0x00 (0) [251] : 0x00 (0) [252] : 0x00 (0) [253] : 0x00 (0) [254] : 0x00 (0) [255] : 0x00 (0) [256] : 0x00 (0) [257] : 0x00 (0) [258] : 0x00 (0) [259] : 0x00 (0) [260] : 0x00 (0) [261] : 0x00 (0) [262] : 0x00 (0) [263] : 0x00 (0) [264] : 0x00 (0) [265] : 0x00 (0) [266] : 0x00 (0) [267] : 0x00 (0) [268] : 0x00 (0) [269] : 0x00 (0) [270] : 0x00 (0) [271] : 0x00 (0) [272] : 0x00 (0) [273] : 0x00 (0) [274] : 0x00 (0) [275] : 0x00 (0) [276] : 0x00 (0) [277] : 0x00 (0) [278] : 0x00 (0) [279] : 0x00 (0) [280] : 0x00 (0) [281] : 0x00 (0) [282] : 0x00 (0) [283] : 0x00 (0) [284] : 0x00 (0) [285] : 0x00 (0) [286] : 0x00 (0) [287] : 0x00 (0) [288] : 0x00 (0) [289] : 0x00 (0) [290] : 0x00 (0) [291] : 0x00 (0) [292] : 0x00 (0) [293] : 0x00 (0) [294] : 0x00 (0) [295] : 0x00 (0) [296] : 0x00 (0) [297] : 0x00 (0) [298] : 0x00 (0) [299] : 0x00 (0) [300] : 0x00 (0) [301] : 0x00 (0) [302] : 0x00 (0) [303] : 0x00 (0) [304] : 0x00 (0) [305] : 0x00 (0) [306] : 0x00 (0) [307] : 0x00 (0) [308] : 0x18 (24) [309] : 0x00 (0) [310] : 0x00 (0) [311] : 0x00 (0) [312] : 0x00 (0) [313] : 0x00 (0) [314] : 0x10 (16) [315] : 0x27 (39) [316] : 0x10 (16) [317] : 0x27 (39) [318] : 0x10 (16) [319] : 0x27 (39) [320] : 0x00 (0) [321] : 0x00 (0) [322] : 0x10 (16) [323] : 0x27 (39) [324] : 0x00 (0) [325] : 0x00 (0) [326] : 0x00 (0) [327] : 0x00 (0) [328] : 0x00 (0) [329] : 0x00 (0) [330] : 0x00 (0) [331] : 0x00 (0) [332] : 0x80 (128) [333] : 0x00 (0) [334] : 0x54 (84) [335] : 0x03 (3) [336] : 0x00 (0) [337] : 0x00 (0) [338] : 0x00 (0) [339] : 0x00 (0) [340] : 0x00 (0) [341] : 0x00 (0) [342] : 0x00 (0) [343] : 0x00 (0) [344] : 0x00 (0) [345] : 0x00 (0) [346] : 0x00 (0) [347] : 0x00 (0) [348] : 0x00 (0) [349] : 0x00 (0) [350] : 0x00 (0) [351] : 0x00 (0) [352] : 0x00 (0) [353] : 0x00 (0) [354] : 0x00 (0) [355] : 0x00 (0) [356] : 0x00 (0) [357] : 0x00 (0) [358] : 0x00 (0) [359] : 0x00 (0) [360] : 0x03 (3) [361] : 0x00 (0) [362] : 0x00 (0) [363] : 0x00 (0) [364] : 0x00 (0) [365] : 0x00 (0) [366] : 0x00 (0) [367] : 0x00 (0) [368] : 0x00 (0) [369] : 0x00 (0) [370] : 0x10 (16) [371] : 0x00 (0) [372] : 0x50 (80) [373] : 0x34 (52) [374] : 0x03 (3) [375] : 0x00 (0) [376] : 0x28 (40) [377] : 0x88 (136) [378] : 0x04 (4) [379] : 0x00 (0) [380] : 0x00 (0) [381] : 0x00 (0) [382] : 0x00 (0) [383] : 0x00 (0) [384] : 0x00 (0) [385] : 0x00 (0) [386] : 0x00 (0) [387] : 0x00 (0) [388] : 0x00 (0) [389] : 0x00 (0) [390] : 0x01 (1) [391] : 0x00 (0) [392] : 0x00 (0) [393] : 0x00 (0) [394] : 0x00 (0) [395] : 0x00 (0) [396] : 0x00 (0) [397] : 0x00 (0) [398] : 0x00 (0) [399] : 0x00 (0) [400] : 0x00 (0) [401] : 0x00 (0) [402] : 0x00 (0) [403] : 0x00 (0) [404] : 0x00 (0) [405] : 0x00 (0) [406] : 0x00 (0) [407] : 0x00 (0) [408] : 0x24 (36) [409] : 0x01 (1) [410] : 0xdf (223) [411] : 0x8c (140) [412] : 0x03 (3) [413] : 0x00 (0) [414] : 0x00 (0) [415] : 0x00 (0) [416] : 0x05 (5) [417] : 0x00 (0) [418] : 0x0b (11) [419] : 0x00 (0) [420] : 0xff (255) [421] : 0x00 (0) [422] : 0x00 (0) [423] : 0x00 (0) [424] : 0x00 (0) [425] : 0x00 (0) [426] : 0x00 (0) [427] : 0x00 (0) [428] : 0x00 (0) [429] : 0x00 (0) [430] : 0x00 (0) [431] : 0x00 (0) [432] : 0x00 (0) [433] : 0x00 (0) [434] : 0x00 (0) [435] : 0x00 (0) [436] : 0x00 (0) [437] : 0x00 (0) [438] : 0x00 (0) [439] : 0x00 (0) [440] : 0x00 (0) [441] : 0x00 (0) [442] : 0x00 (0) [443] : 0x00 (0) [444] : 0x00 (0) [445] : 0x00 (0) [446] : 0x00 (0) [447] : 0x00 (0) [448] : 0x00 (0) [449] : 0x00 (0) [450] : 0x00 (0) [451] : 0x00 (0) [452] : 0x00 (0) [453] : 0x00 (0) [454] : 0x00 (0) [455] : 0x00 (0) [456] : 0x00 (0) [457] : 0x00 (0) [458] : 0x00 (0) [459] : 0x00 (0) [460] : 0x00 (0) [461] : 0x00 (0) [462] : 0x00 (0) [463] : 0x00 (0) [464] : 0x00 (0) [465] : 0x00 (0) [466] : 0x00 (0) [467] : 0x00 (0) [468] : 0x00 (0) [469] : 0x00 (0) [470] : 0x00 (0) [471] : 0x00 (0) [472] : 0x00 (0) [473] : 0x00 (0) [474] : 0x00 (0) [475] : 0x00 (0) [476] : 0x00 (0) [477] : 0x00 (0) [478] : 0x00 (0) [479] : 0x00 (0) [480] : 0x00 (0) [481] : 0x00 (0) [482] : 0x00 (0) [483] : 0x00 (0) [484] : 0x00 (0) [485] : 0x00 (0) [486] : 0x00 (0) [487] : 0x00 (0) [488] : 0x00 (0) [489] : 0x00 (0) [490] : 0x00 (0) [491] : 0x00 (0) [492] : 0x00 (0) [493] : 0x00 (0) [494] : 0x00 (0) [495] : 0x00 (0) [496] : 0x00 (0) [497] : 0x00 (0) [498] : 0x00 (0) [499] : 0x00 (0) [500] : 0x00 (0) [501] : 0x00 (0) [502] : 0x00 (0) [503] : 0x00 (0) [504] : 0x00 (0) [505] : 0x00 (0) [506] : 0x00 (0) [507] : 0x00 (0) [508] : 0x00 (0) [509] : 0x00 (0) [510] : 0x00 (0) [511] : 0x00 (0) [512] : 0x00 (0) [513] : 0x00 (0) [514] : 0x00 (0) [515] : 0x00 (0) [516] : 0x00 (0) [517] : 0x00 (0) [518] : 0x00 (0) [519] : 0x00 (0) [520] : 0x00 (0) [521] : 0x00 (0) [522] : 0x00 (0) [523] : 0x00 (0) [524] : 0x00 (0) [525] : 0x00 (0) [526] : 0x00 (0) [527] : 0x00 (0) [528] : 0x00 (0) [529] : 0x00 (0) [530] : 0x00 (0) [531] : 0x00 (0) [532] : 0x00 (0) [533] : 0x00 (0) [534] : 0x00 (0) [535] : 0x00 (0) [536] : 0x00 (0) [537] : 0x00 (0) [538] : 0x00 (0) [539] : 0x00 (0) [540] : 0x00 (0) [541] : 0x00 (0) [542] : 0x00 (0) [543] : 0x00 (0) [544] : 0x00 (0) [545] : 0x00 (0) [546] : 0x00 (0) [547] : 0x00 (0) [548] : 0x00 (0) [549] : 0x00 (0) [550] : 0x00 (0) [551] : 0x00 (0) [552] : 0x00 (0) [553] : 0x00 (0) [554] : 0x00 (0) [555] : 0x00 (0) [556] : 0x00 (0) [557] : 0x00 (0) [558] : 0x00 (0) [559] : 0x00 (0) [560] : 0x00 (0) [561] : 0x00 (0) [562] : 0x00 (0) [563] : 0x00 (0) [564] : 0x00 (0) [565] : 0x00 (0) [566] : 0x00 (0) [567] : 0x00 (0) [568] : 0x00 (0) [569] : 0x00 (0) [570] : 0x00 (0) [571] : 0x00 (0) [572] : 0x00 (0) [573] : 0x00 (0) [574] : 0x00 (0) [575] : 0x00 (0) [576] : 0x00 (0) [577] : 0x00 (0) [578] : 0x00 (0) [579] : 0x00 (0) [580] : 0x00 (0) [581] : 0x00 (0) [582] : 0x00 (0) [583] : 0x00 (0) [584] : 0x00 (0) [585] : 0x00 (0) [586] : 0x00 (0) [587] : 0x00 (0) [588] : 0x00 (0) [589] : 0x00 (0) [590] : 0x00 (0) [591] : 0x00 (0) [592] : 0x00 (0) [593] : 0x00 (0) [594] : 0x00 (0) [595] : 0x00 (0) [596] : 0x00 (0) [597] : 0x00 (0) [598] : 0x00 (0) [599] : 0x00 (0) [600] : 0x00 (0) [601] : 0x00 (0) [602] : 0x00 (0) [603] : 0x00 (0) [604] : 0x00 (0) [605] : 0x00 (0) [606] : 0x00 (0) [607] : 0x00 (0) [608] : 0x00 (0) [609] : 0x00 (0) [610] : 0x00 (0) [611] : 0x00 (0) [612] : 0x00 (0) [613] : 0x00 (0) [614] : 0x00 (0) [615] : 0x00 (0) [616] : 0x00 (0) [617] : 0x00 (0) [618] : 0x00 (0) [619] : 0x00 (0) [620] : 0x00 (0) [621] : 0x00 (0) [622] : 0x00 (0) [623] : 0x00 (0) [624] : 0x00 (0) [625] : 0x00 (0) [626] : 0x00 (0) [627] : 0x00 (0) [628] : 0x00 (0) [629] : 0x00 (0) [630] : 0x00 (0) [631] : 0x00 (0) [632] : 0x00 (0) [633] : 0x00 (0) [634] : 0x00 (0) [635] : 0x00 (0) [636] : 0x00 (0) [637] : 0x00 (0) [638] : 0x00 (0) [639] : 0x00 (0) [640] : 0x00 (0) [641] : 0x00 (0) [642] : 0x00 (0) [643] : 0x00 (0) [644] : 0x00 (0) [645] : 0x00 (0) [646] : 0x00 (0) [647] : 0x00 (0) [648] : 0x00 (0) [649] : 0x00 (0) [650] : 0x00 (0) [651] : 0x00 (0) [652] : 0x00 (0) [653] : 0x00 (0) [654] : 0x00 (0) [655] : 0x00 (0) [656] : 0x00 (0) [657] : 0x00 (0) [658] : 0x00 (0) [659] : 0x00 (0) [660] : 0x00 (0) [661] : 0x00 (0) [662] : 0x00 (0) [663] : 0x00 (0) [664] : 0x00 (0) [665] : 0x00 (0) [666] : 0x00 (0) [667] : 0x00 (0) [668] : 0x00 (0) [669] : 0x00 (0) [670] : 0x00 (0) [671] : 0x00 (0) [672] : 0x00 (0) [673] : 0x00 (0) [674] : 0x00 (0) [675] : 0x00 (0) [676] : 0x00 (0) [677] : 0x00 (0) [678] : 0x00 (0) [679] : 0x00 (0) [680] : 0x00 (0) [681] : 0x00 (0) [682] : 0x00 (0) [683] : 0x00 (0) [684] : 0x00 (0) [685] : 0x00 (0) [686] : 0x00 (0) [687] : 0x00 (0) [688] : 0x00 (0) [689] : 0x00 (0) [690] : 0x00 (0) [691] : 0x00 (0) [692] : 0x00 (0) [693] : 0x00 (0) [694] : 0x00 (0) [695] : 0x00 (0) [696] : 0x00 (0) [697] : 0x00 (0) [698] : 0x00 (0) [699] : 0x00 (0) [700] : 0x00 (0) [701] : 0x00 (0) [702] : 0x00 (0) [703] : 0x00 (0) [704] : 0x00 (0) [705] : 0x00 (0) [706] : 0x00 (0) [707] : 0x00 (0) [708] : 0x00 (0) [709] : 0x00 (0) [710] : 0x00 (0) [711] : 0x00 (0) [712] : 0x00 (0) [713] : 0x00 (0) [714] : 0x00 (0) [715] : 0x00 (0) [716] : 0x00 (0) [717] : 0x00 (0) [718] : 0x00 (0) [719] : 0x00 (0) [720] : 0x00 (0) [721] : 0x00 (0) [722] : 0x00 (0) [723] : 0x00 (0) [724] : 0x00 (0) [725] : 0x00 (0) [726] : 0x00 (0) [727] : 0x00 (0) [728] : 0x00 (0) [729] : 0x00 (0) [730] : 0x00 (0) [731] : 0x00 (0) [732] : 0x00 (0) [733] : 0x00 (0) [734] : 0x00 (0) [735] : 0x00 (0) [736] : 0x00 (0) [737] : 0x00 (0) [738] : 0x00 (0) [739] : 0x00 (0) [740] : 0x00 (0) [741] : 0x00 (0) [742] : 0x00 (0) [743] : 0x00 (0) [744] : 0x00 (0) [745] : 0x00 (0) [746] : 0x00 (0) [747] : 0x00 (0) [748] : 0x00 (0) [749] : 0x00 (0) [750] : 0x00 (0) [751] : 0x00 (0) [752] : 0x00 (0) [753] : 0x00 (0) [754] : 0x00 (0) [755] : 0x00 (0) [756] : 0x00 (0) [757] : 0x00 (0) [758] : 0x00 (0) [759] : 0x00 (0) [760] : 0x00 (0) [761] : 0x00 (0) [762] : 0x00 (0) [763] : 0x00 (0) [764] : 0x00 (0) [765] : 0x00 (0) [766] : 0x00 (0) [767] : 0x00 (0) [768] : 0x00 (0) [769] : 0x00 (0) [770] : 0x00 (0) [771] : 0x00 (0) [772] : 0x00 (0) [773] : 0x00 (0) [774] : 0x00 (0) [775] : 0x00 (0) [776] : 0x00 (0) [777] : 0x00 (0) [778] : 0x00 (0) [779] : 0x00 (0) [780] : 0x00 (0) [781] : 0x00 (0) [782] : 0x00 (0) [783] : 0x00 (0) [784] : 0x00 (0) [785] : 0x00 (0) [786] : 0x00 (0) [787] : 0x00 (0) [788] : 0x00 (0) [789] : 0x00 (0) [790] : 0x00 (0) [791] : 0x00 (0) [792] : 0x00 (0) [793] : 0x00 (0) [794] : 0x00 (0) [795] : 0x00 (0) [796] : 0x00 (0) [797] : 0x00 (0) [798] : 0x00 (0) [799] : 0x00 (0) [800] : 0x00 (0) [801] : 0x00 (0) [802] : 0x00 (0) [803] : 0x00 (0) [804] : 0x00 (0) [805] : 0x00 (0) [806] : 0x00 (0) [807] : 0x00 (0) [808] : 0x00 (0) [809] : 0x00 (0) [810] : 0x00 (0) [811] : 0x00 (0) [812] : 0x00 (0) [813] : 0x00 (0) [814] : 0x00 (0) [815] : 0x00 (0) [816] : 0x00 (0) [817] : 0x00 (0) [818] : 0x00 (0) [819] : 0x00 (0) [820] : 0x00 (0) [821] : 0x00 (0) [822] : 0x00 (0) [823] : 0x00 (0) [824] : 0x00 (0) [825] : 0x00 (0) [826] : 0x00 (0) [827] : 0x00 (0) [828] : 0x00 (0) [829] : 0x00 (0) [830] : 0x00 (0) [831] : 0x00 (0) [832] : 0x00 (0) [833] : 0x00 (0) [834] : 0x00 (0) [835] : 0x00 (0) [836] : 0x00 (0) [837] : 0x00 (0) [838] : 0x00 (0) [839] : 0x00 (0) [840] : 0x00 (0) [841] : 0x00 (0) [842] : 0x00 (0) [843] : 0x00 (0) [844] : 0x00 (0) [845] : 0x00 (0) [846] : 0x00 (0) [847] : 0x00 (0) [848] : 0x00 (0) [849] : 0x00 (0) [850] : 0x00 (0) [851] : 0x00 (0) [852] : 0x00 (0) [853] : 0x00 (0) [854] : 0x00 (0) [855] : 0x00 (0) [856] : 0x00 (0) [857] : 0x00 (0) [858] : 0x00 (0) [859] : 0x00 (0) [860] : 0x00 (0) [861] : 0x00 (0) [862] : 0x00 (0) [863] : 0x00 (0) [864] : 0x00 (0) [865] : 0x00 (0) [866] : 0x00 (0) [867] : 0x00 (0) [868] : 0x00 (0) [869] : 0x00 (0) [870] : 0x00 (0) [871] : 0x00 (0) [872] : 0x00 (0) [873] : 0x00 (0) [874] : 0x00 (0) [875] : 0x00 (0) [876] : 0x00 (0) [877] : 0x00 (0) [878] : 0x00 (0) [879] : 0x00 (0) [880] : 0x00 (0) [881] : 0x00 (0) [882] : 0x00 (0) [883] : 0x00 (0) [884] : 0x00 (0) [885] : 0x00 (0) [886] : 0x00 (0) [887] : 0x00 (0) [888] : 0x00 (0) [889] : 0x00 (0) [890] : 0x00 (0) [891] : 0x00 (0) [892] : 0x00 (0) [893] : 0x00 (0) [894] : 0x00 (0) [895] : 0x00 (0) [896] : 0x00 (0) [897] : 0x00 (0) [898] : 0x00 (0) [899] : 0x00 (0) [900] : 0x00 (0) [901] : 0x00 (0) [902] : 0x00 (0) [903] : 0x00 (0) [904] : 0x00 (0) [905] : 0x00 (0) [906] : 0x00 (0) [907] : 0x00 (0) [908] : 0x00 (0) [909] : 0x00 (0) [910] : 0x00 (0) [911] : 0x00 (0) [912] : 0x00 (0) [913] : 0x00 (0) [914] : 0x00 (0) [915] : 0x00 (0) [916] : 0x00 (0) [917] : 0x00 (0) [918] : 0x00 (0) [919] : 0x00 (0) [920] : 0x00 (0) [921] : 0x00 (0) [922] : 0x00 (0) [923] : 0x00 (0) [924] : 0x00 (0) [925] : 0x00 (0) [926] : 0x00 (0) [927] : 0x00 (0) [928] : 0x01 (1) [929] : 0x00 (0) [930] : 0x00 (0) [931] : 0x00 (0) [932] : 0x00 (0) [933] : 0x00 (0) [934] : 0x00 (0) [935] : 0x00 (0) [936] : 0x00 (0) [937] : 0x00 (0) [938] : 0x00 (0) [939] : 0x00 (0) [940] : 0x00 (0) [941] : 0x00 (0) [942] : 0x00 (0) [943] : 0x00 (0) [944] : 0x80 (128) [945] : 0x00 (0) [946] : 0x00 (0) [947] : 0x00 (0) [948] : 0x53 (83) [949] : 0x4d (77) [950] : 0x54 (84) [951] : 0x4a (74) [952] : 0x00 (0) [953] : 0x00 (0) [954] : 0x00 (0) [955] : 0x00 (0) [956] : 0x10 (16) [957] : 0x00 (0) [958] : 0x70 (112) [959] : 0x00 (0) [960] : 0x49 (73) [961] : 0x00 (0) [962] : 0x53 (83) [963] : 0x00 (0) [964] : 0x65 (101) [965] : 0x00 (0) [966] : 0x72 (114) [967] : 0x00 (0) [968] : 0x76 (118) [969] : 0x00 (0) [970] : 0x20 (32) [971] : 0x00 (0) [972] : 0x50 (80) [973] : 0x00 (0) [974] : 0x72 (114) [975] : 0x00 (0) [976] : 0x69 (105) [977] : 0x00 (0) [978] : 0x6e (110) [979] : 0x00 (0) [980] : 0x74 (116) [981] : 0x00 (0) [982] : 0x20 (32) [983] : 0x00 (0) [984] : 0x44 (68) [985] : 0x00 (0) [986] : 0x72 (114) [987] : 0x00 (0) [988] : 0x69 (105) [989] : 0x00 (0) [990] : 0x76 (118) [991] : 0x00 (0) [992] : 0x65 (101) [993] : 0x00 (0) [994] : 0x72 (114) [995] : 0x00 (0) [996] : 0x00 (0) [997] : 0x00 (0) [998] : 0x52 (82) [999] : 0x65 (101) [1000] : 0x73 (115) [1001] : 0x6f (111) [1002] : 0x6c (108) [1003] : 0x75 (117) [1004] : 0x74 (116) [1005] : 0x69 (105) [1006] : 0x6f (111) [1007] : 0x6e (110) [1008] : 0x00 (0) [1009] : 0x36 (54) [1010] : 0x30 (48) [1011] : 0x30 (48) [1012] : 0x64 (100) [1013] : 0x70 (112) [1014] : 0x69 (105) [1015] : 0x00 (0) [1016] : 0x50 (80) [1017] : 0x61 (97) [1018] : 0x67 (103) [1019] : 0x65 (101) [1020] : 0x53 (83) [1021] : 0x69 (105) [1022] : 0x7a (122) [1023] : 0x65 (101) [1024] : 0x00 (0) [1025] : 0x41 (65) [1026] : 0x34 (52) [1027] : 0x00 (0) [1028] : 0x50 (80) [1029] : 0x61 (97) [1030] : 0x67 (103) [1031] : 0x65 (101) [1032] : 0x52 (82) [1033] : 0x65 (101) [1034] : 0x67 (103) [1035] : 0x69 (105) [1036] : 0x6f (111) [1037] : 0x6e (110) [1038] : 0x00 (0) [1039] : 0x00 (0) [1040] : 0x00 (0) [1041] : 0x00 (0) [1042] : 0x00 (0) [1043] : 0x00 (0) [1044] : 0x00 (0) [1045] : 0x00 (0) [1046] : 0x00 (0) [1047] : 0x00 (0) [1048] : 0x00 (0) [1049] : 0x00 (0) [1050] : 0x00 (0) [1051] : 0x00 (0) [1052] : 0x00 (0) [1053] : 0x00 (0) [1054] : 0x00 (0) [1055] : 0x00 (0) [1056] : 0x00 (0) [1057] : 0x00 (0) [1058] : 0x00 (0) [1059] : 0x00 (0) [1060] : 0x00 (0) [1061] : 0x00 (0) [1062] : 0x00 (0) [1063] : 0x00 (0) [1064] : 0x00 (0) [1065] : 0x00 (0) [1066] : 0x00 (0) [1067] : 0x00 (0) [1068] : 0x00 (0) [1069] : 0x00 (0) [1070] : 0x00 (0) [1071] : 0x00 (0) data_size : * data_size : 0x00000430 (1072) data_length : * data_length : 0x00000430 (1072) result : WERR_OK [2016/11/10 14:56:30.737011, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/11/10 14:56:30.737060, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/11/10 14:56:30.737071, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/11/10 14:56:30.737083, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/11/10 14:56:30.737092, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/11/10 14:56:30.737102, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.737111, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM] [2016/11/10 14:56:30.737137, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 24 58 8E 7C ..../... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.737163, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002f-0000-0000-2458-8e7c274a0000 result : WERR_OK [2016/11/10 14:56:30.737205, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002f-0000-0000-2458-8e7c274a0000 keyname: struct winreg_String name_len : 0x00a6 (166) name_size : 0x00a6 (166) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/11/10 14:56:30.737295, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 24 58 8E 7C ..../... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.737321, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/11/10 14:56:30.737331, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (3->4) [2016/11/10 14:56:30.737344, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/11/10 14:56:30.737354, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/11/10 14:56:30.737364, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.737373, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE] [2016/11/10 14:56:30.737395, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/11/10 14:56:30.737405, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (4->5) [2016/11/10 14:56:30.737415, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.737424, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.737435, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.737444, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.737463, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/11/10 14:56:30.737473, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (5->6) [2016/11/10 14:56:30.737483, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.737492, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.737503, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.737511, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.737529, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/11/10 14:56:30.737538, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (6->7) [2016/11/10 14:56:30.737548, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.737557, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.737569, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.737577, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf76f87c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.737604, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/11/10 14:56:30.737614, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (7->8) [2016/11/10 14:56:30.737624, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.737633, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.737645, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.737654, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf76f87c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.737672, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/11/10 14:56:30.737682, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (8->9) [2016/11/10 14:56:30.737691, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.737701, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.737713, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.737721, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.737766, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.737776, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (9->10) [2016/11/10 14:56:30.737786, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.737796, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.737808, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.737817, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.737840, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (10->9) [2016/11/10 14:56:30.737853, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (9->8) [2016/11/10 14:56:30.737863, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (8->7) [2016/11/10 14:56:30.737872, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (7->6) [2016/11/10 14:56:30.737882, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (6->5) [2016/11/10 14:56:30.737891, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (5->4) [2016/11/10 14:56:30.737901, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 24 58 8E 7C ....0... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.737925, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000030-0000-0000-2458-8e7c274a0000 result : WERR_OK [2016/11/10 14:56:30.737966, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000030-0000-0000-2458-8e7c274a0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2016/11/10 14:56:30.738037, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 24 58 8E 7C ....0... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.738061, 7, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.738071, 7, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/11/10 14:56:30.738081, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä' (ops 0xf7331040) [2016/11/10 14:56:30.738091, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.738113, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2016/11/10 14:56:30.738124, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[1]: name[Datatype] len[8] [2016/11/10 14:56:30.738134, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[2]: name[Default Priority] len[4] [2016/11/10 14:56:30.738144, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[3]: name[Port] len[38] [2016/11/10 14:56:30.738154, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[4]: name[Name] len[46] [2016/11/10 14:56:30.738164, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[5]: name[Print Processor] len[18] [2016/11/10 14:56:30.738174, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[6]: name[Priority] len[4] [2016/11/10 14:56:30.738185, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[7]: name[Security] len[248] [2016/11/10 14:56:30.738195, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[8]: name[Share Name] len[46] [2016/11/10 14:56:30.738205, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[9]: name[StartTime] len[4] [2016/11/10 14:56:30.738215, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[10]: name[UntilTime] len[4] [2016/11/10 14:56:30.738226, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[11]: name[Description] len[56] [2016/11/10 14:56:30.738236, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[12]: name[Printer Driver] len[38] [2016/11/10 14:56:30.738246, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[13]: name[Location] len[2] [2016/11/10 14:56:30.738256, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[14]: name[Parameters] len[2] [2016/11/10 14:56:30.738266, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[15]: name[Separator File] len[2] [2016/11/10 14:56:30.738277, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[16]: name[Status] len[4] [2016/11/10 14:56:30.738289, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[17]: name[Default DevMode] len[1072] [2016/11/10 14:56:30.738299, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[18]: name[ChangeID] len[4] [2016/11/10 14:56:30.738312, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2016/11/10 14:56:30.738360, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000030-0000-0000-2458-8e7c274a0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2016/11/10 14:56:30.738428, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 24 58 8E 7C ....0... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.738452, 7, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.738461, 7, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/11/10 14:56:30.738472, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xae (174) [101] : 0x66 (102) [102] : 0x85 (133) [103] : 0x50 (80) [104] : 0xdc (220) [105] : 0x80 (128) [106] : 0xb5 (181) [107] : 0x88 (136) [108] : 0x63 (99) [109] : 0xbb (187) [110] : 0x04 (4) [111] : 0x8c (140) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xae (174) [137] : 0x66 (102) [138] : 0x85 (133) [139] : 0x50 (80) [140] : 0xdc (220) [141] : 0x80 (128) [142] : 0xb5 (181) [143] : 0x88 (136) [144] : 0x63 (99) [145] : 0xbb (187) [146] : 0x04 (4) [147] : 0x8c (140) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2016/11/10 14:56:30.739363, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000030-0000-0000-2458-8e7c274a0000 [2016/11/10 14:56:30.739392, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 24 58 8E 7C ....0... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.739416, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 24 58 8E 7C ....0... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.739438, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) Closed policy [2016/11/10 14:56:30.739449, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (4->3) [2016/11/10 14:56:30.739459, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/11/10 14:56:30.739493, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002f-0000-0000-2458-8e7c274a0000 [2016/11/10 14:56:30.739520, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 24 58 8E 7C ..../... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.739546, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 24 58 8E 7C ..../... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.739568, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) Closed policy [2016/11/10 14:56:30.739577, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/11/10 14:56:30.739587, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/11/10 14:56:30.739627, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002e-0000-0000-2458-8e7c274a0000 [2016/11/10 14:56:30.739662, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2E 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.739692, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2E 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.739715, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) Closed policy [2016/11/10 14:56:30.739726, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (2->1) [2016/11/10 14:56:30.739736, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/11/10 14:56:30.739774, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002d-0000-0000-2458-8e7c274a0000 [2016/11/10 14:56:30.739801, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2D 00 00 00 00 00 00 00 24 58 8E 7C ....-... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.739824, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2D 00 00 00 00 00 00 00 24 58 8E 7C ....-... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.739850, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) Closed policy [2016/11/10 14:56:30.739860, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (1->0) [2016/11/10 14:56:30.739919, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/11/10 14:56:30.739957, 10, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:418(close_policy_by_pipe) Deleted handle list for RPC connection winreg [2016/11/10 14:56:30.740014, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter out: struct spoolss_GetPrinter info : * info : union spoolss_PrinterInfo(case 2) info2: struct spoolss_PrinterInfo2 servername : * servername : '\\ISERV' printername : * printername : '\\ISERV\aaaaaaaaaaaaaaaaaaaaaä' sharename : * sharename : 'aaaaaaaaaaaaaaaaaaaaaä' portname : * portname : 'Samba Printer Port' drivername : * drivername : 'IServ Print Driver' comment : * comment : 'aaaaaaaaaaaaaaaaaaaaaä, 0+0' location : * location : '' devmode : * devmode: struct spoolss_DeviceMode devicename : '\\ISERV\aaaaaaaaaaaaaaaaaaaaaä' specversion : DMSPEC_NT4_AND_ABOVE (1025) driverversion : 0x0600 (1536) size : 0x00dc (220) __driverextra_length : 0x0354 (852) fields : 0x0181ef53 (25292627) 1: DEVMODE_ORIENTATION 1: DEVMODE_PAPERSIZE 0: DEVMODE_PAPERLENGTH 0: DEVMODE_PAPERWIDTH 1: DEVMODE_SCALE 0: DEVMODE_POSITION 1: DEVMODE_NUP 1: DEVMODE_COPIES 1: DEVMODE_DEFAULTSOURCE 1: DEVMODE_PRINTQUALITY 1: DEVMODE_COLOR 0: DEVMODE_DUPLEX 1: DEVMODE_YRESOLUTION 1: DEVMODE_TTOPTION 1: DEVMODE_COLLATE 1: DEVMODE_FORMNAME 0: DEVMODE_LOGPIXELS 0: DEVMODE_BITSPERPEL 0: DEVMODE_PELSWIDTH 0: DEVMODE_PELSHEIGHT 0: DEVMODE_DISPLAYFLAGS 0: DEVMODE_DISPLAYFREQUENCY 1: DEVMODE_ICMMETHOD 1: DEVMODE_ICMINTENT 0: DEVMODE_MEDIATYPE 0: DEVMODE_DITHERTYPE 0: DEVMODE_PANNINGWIDTH 0: DEVMODE_PANNINGHEIGHT orientation : DMORIENT_PORTRAIT (1) papersize : DMPAPER_A4 (9) paperlength : 0x0aea (2794) paperwidth : 0x086f (2159) scale : 0x0064 (100) copies : 0x0001 (1) defaultsource : DMBIN_FORMSOURCE (15) printquality : UNKNOWN_ENUM_VALUE (600) color : DMRES_COLOR (2) duplex : DMDUP_SIMPLEX (1) yresolution : 0x0258 (600) ttoption : DMTT_SUBDEV (3) collate : DMCOLLATE_TRUE (1) formname : 'A4' logpixels : 0x0000 (0) bitsperpel : 0x00000000 (0) pelswidth : 0x00000000 (0) pelsheight : 0x00000000 (0) displayflags : DMNUP_SYSTEM (1) displayfrequency : 0x00000000 (0) icmmethod : DMICMMETHOD_NONE (1) icmintent : DMICM_CONTRAST (2) mediatype : DMMEDIA_STANDARD (1) dithertype : UNKNOWN_ENUM_VALUE (0) reserved1 : 0x00000000 (0) reserved2 : 0x00000000 (0) panningwidth : 0x00000000 (0) panningheight : 0x00000000 (0) driverextra_data : DATA_BLOB length=852 [0000] 50 52 49 56 E2 30 00 00 00 00 00 00 00 00 00 00 PRIV.0.. ........ skipping zero buffer bytes [0050] 00 00 00 00 00 00 00 00 18 00 00 00 00 00 10 27 ........ .......' [0060] 10 27 10 27 00 00 10 27 00 00 00 00 00 00 00 00 .'.'...' ........ [0070] 80 00 54 03 00 00 00 00 00 00 00 00 00 00 00 00 ..T..... ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 10 00 50 34 03 00 28 88 04 00 ........ P4..(... [00A0] 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 24 01 DF 8C ........ ....$... [00C0] 03 00 00 00 05 00 0B 00 FF 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 80 00 00 00 53 4D 54 4A 00 00 00 00 ........ SMTJ.... [02E0] 10 00 70 00 49 00 53 00 65 00 72 00 76 00 20 00 ..p.I.S. e.r.v. . [02F0] 50 00 72 00 69 00 6E 00 74 00 20 00 44 00 72 00 P.r.i.n. t. .D.r. [0300] 69 00 76 00 65 00 72 00 00 00 52 65 73 6F 6C 75 i.v.e.r. ..Resolu [0310] 74 69 6F 6E 00 36 30 30 64 70 69 00 50 61 67 65 tion.600 dpi.Page [0320] 53 69 7A 65 00 41 34 00 50 61 67 65 52 65 67 69 Size.A4. PageRegi [0330] 6F 6E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 on...... ........ [0350] 00 00 00 00 .... sepfile : * sepfile : '' printprocessor : * printprocessor : 'winprint' datatype : * datatype : 'RAW' parameters : * parameters : '' secdesc : * secdesc: struct security_descriptor revision : SECURITY_DESCRIPTOR_REVISION_1 (1) type : 0x8004 (32772) 0: SEC_DESC_OWNER_DEFAULTED 0: SEC_DESC_GROUP_DEFAULTED 1: SEC_DESC_DACL_PRESENT 0: SEC_DESC_DACL_DEFAULTED 0: SEC_DESC_SACL_PRESENT 0: SEC_DESC_SACL_DEFAULTED 0: SEC_DESC_DACL_TRUSTED 0: SEC_DESC_SERVER_SECURITY 0: SEC_DESC_DACL_AUTO_INHERIT_REQ 0: SEC_DESC_SACL_AUTO_INHERIT_REQ 0: SEC_DESC_DACL_AUTO_INHERITED 0: SEC_DESC_SACL_AUTO_INHERITED 0: SEC_DESC_DACL_PROTECTED 0: SEC_DESC_SACL_PROTECTED 0: SEC_DESC_RM_CONTROL_VALID 1: SEC_DESC_SELF_RELATIVE owner_sid : * owner_sid : S-1-5-32-544 group_sid : * group_sid : S-1-5-32-544 sacl : NULL dacl : * dacl: struct security_acl revision : SECURITY_ACL_REVISION_NT4 (2) size : 0x00c4 (196) num_aces : 0x00000007 (7) aces: ARRAY(7) aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0014 (20) access_mask : 0x20020008 (537001992) object : union security_ace_object_ctr(case 0) trustee : S-1-1-0 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1350919854-2293596380-2349120355-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1350919854-2293596380-2349120355-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 attributes : 0x00001048 (4168) 0: PRINTER_ATTRIBUTE_QUEUED 0: PRINTER_ATTRIBUTE_DIRECT 0: PRINTER_ATTRIBUTE_DEFAULT 1: PRINTER_ATTRIBUTE_SHARED 0: PRINTER_ATTRIBUTE_NETWORK 0: PRINTER_ATTRIBUTE_HIDDEN 1: PRINTER_ATTRIBUTE_LOCAL 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST 0: PRINTER_ATTRIBUTE_WORK_OFFLINE 0: PRINTER_ATTRIBUTE_ENABLE_BIDI 1: PRINTER_ATTRIBUTE_RAW_ONLY 0: PRINTER_ATTRIBUTE_PUBLISHED 0: PRINTER_ATTRIBUTE_FAX 0: PRINTER_ATTRIBUTE_TS priority : 0x00000001 (1) defaultpriority : 0x00000001 (1) starttime : 0x00000000 (0) untiltime : 0x00000000 (0) status : 0x00000000 (0) 0: PRINTER_STATUS_PAUSED 0: PRINTER_STATUS_ERROR 0: PRINTER_STATUS_PENDING_DELETION 0: PRINTER_STATUS_PAPER_JAM 0: PRINTER_STATUS_PAPER_OUT 0: PRINTER_STATUS_MANUAL_FEED 0: PRINTER_STATUS_PAPER_PROBLEM 0: PRINTER_STATUS_OFFLINE 0: PRINTER_STATUS_IO_ACTIVE 0: PRINTER_STATUS_BUSY 0: PRINTER_STATUS_PRINTING 0: PRINTER_STATUS_OUTPUT_BIN_FULL 0: PRINTER_STATUS_NOT_AVAILABLE 0: PRINTER_STATUS_WAITING 0: PRINTER_STATUS_PROCESSING 0: PRINTER_STATUS_INITIALIZING 0: PRINTER_STATUS_WARMING_UP 0: PRINTER_STATUS_TONER_LOW 0: PRINTER_STATUS_NO_TONER 0: PRINTER_STATUS_PAGE_PUNT 0: PRINTER_STATUS_USER_INTERVENTION 0: PRINTER_STATUS_OUT_OF_MEMORY 0: PRINTER_STATUS_DOOR_OPEN 0: PRINTER_STATUS_SERVER_UNKNOWN 0: PRINTER_STATUS_POWER_SAVE cjobs : 0x00000000 (0) averageppm : 0x00000000 (0) needed : * needed : 0x000006c0 (1728) result : WERR_OK [2016/11/10 14:56:30.741413, 5, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1496(api_rpcTNP) api_rpcTNP: called spoolss successfully [2016/11/10 14:56:30.741436, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2016/11/10 14:56:30.741453, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x06e8 (1768) auth_length : 0x0000 (0) call_id : 0x00000008 (8) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x000006d0 (1744) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=1744 [0000] 04 00 02 00 C0 06 00 00 B0 06 00 00 72 06 00 00 ........ ....r... [0010] 44 06 00 00 1E 06 00 00 F8 05 00 00 C0 05 00 00 D....... ........ [0020] BE 05 00 00 70 01 00 00 BC 05 00 00 AA 05 00 00 ....p... ........ [0030] A2 05 00 00 A0 05 00 00 78 00 00 00 48 10 00 00 ........ x...H... [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ skipping zero buffer bytes [0080] 01 00 04 80 D8 00 00 00 E8 00 00 00 00 00 00 00 ........ ........ [0090] 14 00 00 00 02 00 C4 00 07 00 00 00 00 02 14 00 ........ ........ [00A0] 08 00 02 20 01 01 00 00 00 00 00 01 00 00 00 00 ... .... ........ [00B0] 00 09 24 00 0C 00 0F 10 01 05 00 00 00 00 00 05 ..$..... ........ [00C0] 15 00 00 00 AE 66 85 50 DC 80 B5 88 63 BB 04 8C .....f.P ....c... [00D0] 00 02 00 00 00 02 24 00 0C 00 0F 10 01 05 00 00 ......$. ........ [00E0] 00 00 00 05 15 00 00 00 AE 66 85 50 DC 80 B5 88 ........ .f.P.... [00F0] 63 BB 04 8C 00 02 00 00 00 09 18 00 0C 00 0F 10 c....... ........ [0100] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... [0110] 00 02 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ [0120] 20 00 00 00 20 02 00 00 00 09 18 00 0C 00 0F 10 ... ... ........ [0130] 01 02 00 00 00 00 00 05 20 00 00 00 26 02 00 00 ........ ...&... [0140] 00 02 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ [0150] 20 00 00 00 26 02 00 00 01 02 00 00 00 00 00 05 ...&... ........ [0160] 20 00 00 00 20 02 00 00 01 02 00 00 00 00 00 05 ... ... ........ [0170] 20 00 00 00 20 02 00 00 5C 00 5C 00 49 00 53 00 ... ... \.\.I.S. [0180] 45 00 52 00 56 00 5C 00 61 00 61 00 61 00 61 00 E.R.V.\. a.a.a.a. [0190] 61 00 61 00 61 00 61 00 61 00 61 00 61 00 61 00 a.a.a.a. a.a.a.a. [01A0] 61 00 61 00 61 00 61 00 61 00 61 00 61 00 61 00 a.a.a.a. a.a.a.a. [01B0] 61 00 E4 00 00 00 00 00 01 04 00 06 DC 00 54 03 a....... ......T. [01C0] 53 EF 81 01 01 00 09 00 EA 0A 6F 08 64 00 01 00 S....... ..o.d... [01D0] 0F 00 58 02 02 00 01 00 58 02 03 00 01 00 41 00 ..X..... X.....A. [01E0] 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4....... ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ........ ........ [0230] 00 00 00 00 01 00 00 00 02 00 00 00 01 00 00 00 ........ ........ [0250] 00 00 00 00 50 52 49 56 E2 30 00 00 00 00 00 00 ....PRIV .0...... [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 18 00 00 00 ........ ........ [02B0] 00 00 10 27 10 27 10 27 00 00 10 27 00 00 00 00 ...'.'.' ...'.... [02C0] 00 00 00 00 80 00 54 03 00 00 00 00 00 00 00 00 ......T. ........ [02E0] 03 00 00 00 00 00 00 00 00 00 10 00 50 34 03 00 ........ ....P4.. [02F0] 28 88 04 00 00 00 00 00 00 00 00 00 00 00 01 00 (....... ........ [0310] 24 01 DF 8C 03 00 00 00 05 00 0B 00 FF 00 00 00 $....... ........ [0510] 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 80 00 00 00 53 4D 54 4A ........ ....SMTJ [0530] 00 00 00 00 10 00 70 00 49 00 53 00 65 00 72 00 ......p. I.S.e.r. [0540] 76 00 20 00 50 00 72 00 69 00 6E 00 74 00 20 00 v. .P.r. i.n.t. . [0550] 44 00 72 00 69 00 76 00 65 00 72 00 00 00 52 65 D.r.i.v. e.r...Re [0560] 73 6F 6C 75 74 69 6F 6E 00 36 30 30 64 70 69 00 solution .600dpi. [0570] 50 61 67 65 53 69 7A 65 00 41 34 00 50 61 67 65 PageSize .A4.Page [0580] 52 65 67 69 6F 6E 00 00 00 00 00 00 00 00 00 00 Region.. ........ [05A0] 00 00 00 00 00 00 00 00 00 00 52 00 41 00 57 00 ........ ..R.A.W. [05B0] 00 00 77 00 69 00 6E 00 70 00 72 00 69 00 6E 00 ..w.i.n. p.r.i.n. [05C0] 74 00 00 00 00 00 00 00 61 00 61 00 61 00 61 00 t....... a.a.a.a. [05D0] 61 00 61 00 61 00 61 00 61 00 61 00 61 00 61 00 a.a.a.a. a.a.a.a. [05E0] 61 00 61 00 61 00 61 00 61 00 61 00 61 00 61 00 a.a.a.a. a.a.a.a. [05F0] 61 00 E4 00 2C 00 20 00 30 00 2B 00 30 00 00 00 a...,. . 0.+.0... [0600] 49 00 53 00 65 00 72 00 76 00 20 00 50 00 72 00 I.S.e.r. v. .P.r. [0610] 69 00 6E 00 74 00 20 00 44 00 72 00 69 00 76 00 i.n.t. . D.r.i.v. [0620] 65 00 72 00 00 00 53 00 61 00 6D 00 62 00 61 00 e.r...S. a.m.b.a. [0630] 20 00 50 00 72 00 69 00 6E 00 74 00 65 00 72 00 .P.r.i. n.t.e.r. [0640] 20 00 50 00 6F 00 72 00 74 00 00 00 61 00 61 00 .P.o.r. t...a.a. [0650] 61 00 61 00 61 00 61 00 61 00 61 00 61 00 61 00 a.a.a.a. a.a.a.a. [0660] 61 00 61 00 61 00 61 00 61 00 61 00 61 00 61 00 a.a.a.a. a.a.a.a. [0670] 61 00 61 00 61 00 E4 00 00 00 5C 00 5C 00 49 00 a.a.a... ..\.\.I. [0680] 53 00 45 00 52 00 56 00 5C 00 61 00 61 00 61 00 S.E.R.V. \.a.a.a. [0690] 61 00 61 00 61 00 61 00 61 00 61 00 61 00 61 00 a.a.a.a. a.a.a.a. [06A0] 61 00 61 00 61 00 61 00 61 00 61 00 61 00 61 00 a.a.a.a. a.a.a.a. [06B0] 61 00 61 00 E4 00 00 00 5C 00 5C 00 49 00 53 00 a.a..... \.\.I.S. [06C0] 45 00 52 00 56 00 00 00 C0 06 00 00 00 00 00 00 E.R.V... ........ [2016/11/10 14:56:30.742532, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:509(named_pipe_packet_process) Sending 1 fragments in a total of 1744 bytes [2016/11/10 14:56:30.742542, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:514(named_pipe_packet_process) Sending PDU number: 0, PDU Length: 1768 [2016/11/10 14:56:30.742583, 10, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:417(np_read_recv) Received 1768 bytes. There is no more data outstanding [2016/11/10 14:56:30.742596, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..1768] (align 0) [2016/11/10 14:56:30.742606, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/util.c:171(show_msg) [2016/11/10 14:56:30.742613, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/util.c:181(show_msg) size=1824 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51223 smb_tid=13490 smb_pid=18981 smb_uid=14969 smb_mid=14 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 1768 (0x6E8) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 1768 (0x6E8) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=1769 [2016/11/10 14:56:30.742670, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) [0000] 00 05 00 02 03 10 00 00 00 E8 06 00 00 08 00 00 ........ ........ [0010] 00 D0 06 00 00 00 00 00 00 04 00 02 00 C0 06 00 ........ ........ [0020] 00 B0 06 00 00 72 06 00 00 44 06 00 00 1E 06 00 .....r.. .D...... [0030] 00 F8 05 00 00 C0 05 00 00 BE 05 00 00 70 01 00 ........ .....p.. [0040] 00 BC 05 00 00 AA 05 00 00 A2 05 00 00 A0 05 00 ........ ........ [0050] 00 78 00 00 00 48 10 00 00 01 00 00 00 01 00 00 .x...H.. ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 01 00 04 80 D8 00 00 ........ ........ [00A0] 00 E8 00 00 00 00 00 00 00 14 00 00 00 02 00 C4 ........ ........ [00B0] 00 07 00 00 00 00 02 14 00 08 00 02 20 01 01 00 ........ .... ... [00C0] 00 00 00 00 01 00 00 00 00 00 09 24 00 0C 00 0F ........ ...$.... [00D0] 10 01 05 00 00 00 00 00 05 15 00 00 00 AE 66 85 ........ ......f. [00E0] 50 DC 80 B5 88 63 BB 04 8C 00 02 00 00 00 02 24 P....c.. .......$ [00F0] 00 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 ........ ........ [0100] 00 AE 66 85 50 DC 80 B5 88 63 BB 04 8C 00 02 00 ..f.P... .c...... [0110] 00 00 09 18 00 0C 00 0F 10 01 02 00 00 00 00 00 ........ ........ [0120] 05 20 00 00 00 20 02 00 00 00 02 18 00 0C 00 0F . ... .. ........ [0130] 10 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 ........ . ... .. [0140] 00 00 09 18 00 0C 00 0F 10 01 02 00 00 00 00 00 ........ ........ [0150] 05 20 00 00 00 26 02 00 00 00 02 18 00 0C 00 0F . ...&.. ........ [0160] 10 01 02 00 00 00 00 00 05 20 00 00 00 26 02 00 ........ . ...&.. [0170] 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 ........ . ... .. [0180] 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 ........ . ... .. [0190] 00 5C 00 5C 00 49 00 53 00 45 00 52 00 56 00 5C .\.\.I.S .E.R.V.\ [01A0] 00 61 00 61 00 61 00 61 00 61 00 61 00 61 00 61 .a.a.a.a .a.a.a.a [01B0] 00 61 00 61 00 61 00 61 00 61 00 61 00 61 00 61 .a.a.a.a .a.a.a.a [01C0] 00 61 00 61 00 61 00 61 00 61 00 E4 00 00 00 00 .a.a.a.a .a...... [01D0] 00 01 04 00 06 DC 00 54 03 53 EF 81 01 01 00 09 .......T .S...... [01E0] 00 EA 0A 6F 08 64 00 01 00 0F 00 58 02 02 00 01 ...o.d.. ...X.... [01F0] 00 58 02 03 00 01 00 41 00 34 00 00 00 00 00 00 .X.....A .4...... [2016/11/10 14:56:30.742991, 10, pid=18983, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:158(smb_signing_md5) smb_signing_md5: sequence number 25 [2016/11/10 14:56:30.743005, 10, pid=18983, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:271(smb_signing_sign_pdu) smb_signing_sign_pdu: sent SMB signature of [2016/11/10 14:56:30.743014, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) [0000] E2 48 8C 6E 82 5D 6F 7A .H.n.]oz [2016/11/10 14:56:30.743226, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/util_sock.c:248(read_smb_length_return_keepalive) got smb length of 700 [2016/11/10 14:56:30.743239, 10, pid=18983, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:158(smb_signing_md5) smb_signing_md5: sequence number 26 [2016/11/10 14:56:30.743250, 10, pid=18983, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:330(smb_signing_check_pdu) smb_signing_check_pdu: seq 26: got good SMB signature of [2016/11/10 14:56:30.743259, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) [0000] B8 80 E8 C8 CE 36 AD F2 .....6.. [2016/11/10 14:56:30.743274, 6, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1955(process_smb) got message type 0x0 of len 0x2bc [2016/11/10 14:56:30.743283, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1957(process_smb) Transaction 15 of length 704 (0 toread) [2016/11/10 14:56:30.743293, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/util.c:171(show_msg) [2016/11/10 14:56:30.743299, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/util.c:181(show_msg) size=700 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51287 smb_tid=13490 smb_pid=18981 smb_uid=14969 smb_mid=15 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 616 (0x268) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 616 (0x268) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=15992 (0x3E78) smb_bcc=633 [2016/11/10 14:56:30.743371, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 68 02 00 00 09 00 00 ........ .h...... [0020] 00 50 02 00 00 00 00 07 00 00 00 00 00 0E 00 00 .P...... ........ [0030] 00 00 00 00 00 24 58 8E 7C 27 4A 00 00 02 00 00 .....$X. |'J..... [0040] 00 02 00 00 00 00 00 02 00 04 00 02 00 08 00 02 ........ ........ [0050] 00 0C 00 02 00 10 00 02 00 14 00 02 00 18 00 02 ........ ........ [0060] 00 1C 00 02 00 00 00 00 00 20 00 02 00 24 00 02 ........ . ...$.. [0070] 00 28 00 02 00 2C 00 02 00 00 00 00 00 48 10 00 .(...,.. .....H.. [0080] 00 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 00 ........ ........ [00A0] 00 00 00 00 00 08 00 00 00 5C 00 5C 00 49 00 53 ........ .\.\.I.S [00B0] 00 45 00 52 00 56 00 00 00 1F 00 00 00 00 00 00 .E.R.V.. ........ [00C0] 00 1F 00 00 00 5C 00 5C 00 49 00 53 00 45 00 52 .....\.\ .I.S.E.R [00D0] 00 56 00 5C 00 61 00 61 00 61 00 61 00 61 00 61 .V.\.a.a .a.a.a.a [00E0] 00 61 00 61 00 61 00 61 00 61 00 61 00 61 00 61 .a.a.a.a .a.a.a.a [00F0] 00 61 00 61 00 61 00 61 00 61 00 61 00 61 00 E4 .a.a.a.a .a.a.a.. [0100] 00 00 00 00 00 17 00 00 00 00 00 00 00 17 00 00 ........ ........ [0110] 00 61 00 61 00 61 00 61 00 61 00 61 00 61 00 61 .a.a.a.a .a.a.a.a [0120] 00 61 00 61 00 61 00 61 00 61 00 61 00 61 00 61 .a.a.a.a .a.a.a.a [0130] 00 61 00 61 00 61 00 61 00 61 00 E4 00 00 00 00 .a.a.a.a .a...... [0140] 00 13 00 00 00 00 00 00 00 13 00 00 00 53 00 61 ........ .....S.a [0150] 00 6D 00 62 00 61 00 20 00 50 00 72 00 69 00 6E .m.b.a. .P.r.i.n [0160] 00 74 00 65 00 72 00 20 00 50 00 6F 00 72 00 74 .t.e.r. .P.o.r.t [0170] 00 00 00 00 00 1D 00 00 00 00 00 00 00 1D 00 00 ........ ........ [0180] 00 48 00 50 00 20 00 55 00 6E 00 69 00 76 00 65 .H.P. .U .n.i.v.e [0190] 00 72 00 73 00 61 00 6C 00 20 00 50 00 72 00 69 .r.s.a.l . .P.r.i [01A0] 00 6E 00 74 00 20 00 44 00 72 00 69 00 76 00 65 .n.t. .D .r.i.v.e [01B0] 00 72 00 20 00 50 00 53 00 00 00 00 00 1C 00 00 .r. .P.S ........ [01C0] 00 00 00 00 00 1C 00 00 00 61 00 61 00 61 00 61 ........ .a.a.a.a [01D0] 00 61 00 61 00 61 00 61 00 61 00 61 00 61 00 61 .a.a.a.a .a.a.a.a [01E0] 00 61 00 61 00 61 00 61 00 61 00 61 00 61 00 61 .a.a.a.a .a.a.a.a [01F0] 00 61 00 E4 00 2C 00 20 00 30 00 2B 00 30 00 00 .a...,. .0.+.0.. [2016/11/10 14:56:30.743703, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1538(switch_message) switch message SMBtrans (pid 18983) conn 0xf93f01e8 [2016/11/10 14:56:30.743714, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2016/11/10 14:56:30.743726, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:591(handle_trans) trans <\PIPE\> data=616 params=0 setup=2 [2016/11/10 14:56:30.743738, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:624(handle_trans) calling named_pipe [2016/11/10 14:56:30.743747, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:542(named_pipe) named pipe command on <> name [2016/11/10 14:56:30.743757, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:464(api_fd_reply) api_fd_reply [2016/11/10 14:56:30.743766, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:506(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 3e78) [2016/11/10 14:56:30.743776, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:508(api_fd_reply) api_fd_reply: p:0xf93f09e8 max_trans_reply: 4280 [2016/11/10 14:56:30.743786, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:172(np_write_send) np_write_send: len: 616 [2016/11/10 14:56:30.743822, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:441(named_pipe_packet_process) PDU is in Little Endian format! [2016/11/10 14:56:30.743833, 10, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1685(process_complete_pdu) Processing packet type 0 [2016/11/10 14:56:30.743846, 10, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1554(dcesrv_auth_request) Checking request auth. [2016/11/10 14:56:30.743865, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2016/11/10 14:56:30.743877, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2016/11/10 14:56:30.743888, 5, pid=18983, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1350919854-2293596380-2349120355-1000 SID[ 1]: S-1-5-21-1350919854-2293596380-2349120355-513 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-1-0 SID[ 4]: S-1-5-2 SID[ 5]: S-1-5-11 SID[ 6]: S-1-22-1-0 Privileges (0x 0): Rights (0x 0): [2016/11/10 14:56:30.743923, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 1 supplementary groups Group[ 0]: 0 [2016/11/10 14:56:30.743944, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:452(smbd_become_authenticated_pipe_user) Impersonated user: uid=(0,0), gid=(0,0) [2016/11/10 14:56:30.743956, 5, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1404(api_pipe_request) Requested spoolss rpc service [2016/11/10 14:56:30.743966, 4, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1429(api_rpcTNP) api_rpcTNP: spoolss op 0x7 - api_rpcTNP: rpc command: SPOOLSS_SETPRINTER [2016/11/10 14:56:30.743977, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1469(api_rpcTNP) api_rpc_cmds[7].fn == 0xf750cd00 [2016/11/10 14:56:30.744005, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) spoolss_SetPrinter: struct spoolss_SetPrinter in: struct spoolss_SetPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000e-0000-0000-2458-8e7c274a0000 info_ctr : * info_ctr: struct spoolss_SetPrinterInfoCtr level : 0x00000002 (2) info : union spoolss_SetPrinterInfo(case 2) info2 : * info2: struct spoolss_SetPrinterInfo2 servername : * servername : '\\ISERV' printername : * printername : '\\ISERV\aaaaaaaaaaaaaaaaaaaaaä' sharename : * sharename : 'aaaaaaaaaaaaaaaaaaaaaä' portname : * portname : 'Samba Printer Port' drivername : * drivername : 'HP Universal Print Driver PS' comment : * comment : 'aaaaaaaaaaaaaaaaaaaaaä, 0+0' location : * location : '' devmode_ptr : NULL sepfile : * sepfile : '' printprocessor : * printprocessor : 'winprint' datatype : * datatype : 'RAW' parameters : * parameters : '' secdesc_ptr : NULL attributes : 0x00001048 (4168) 0: PRINTER_ATTRIBUTE_QUEUED 0: PRINTER_ATTRIBUTE_DIRECT 0: PRINTER_ATTRIBUTE_DEFAULT 1: PRINTER_ATTRIBUTE_SHARED 0: PRINTER_ATTRIBUTE_NETWORK 0: PRINTER_ATTRIBUTE_HIDDEN 1: PRINTER_ATTRIBUTE_LOCAL 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST 0: PRINTER_ATTRIBUTE_WORK_OFFLINE 0: PRINTER_ATTRIBUTE_ENABLE_BIDI 1: PRINTER_ATTRIBUTE_RAW_ONLY 0: PRINTER_ATTRIBUTE_PUBLISHED 0: PRINTER_ATTRIBUTE_FAX 0: PRINTER_ATTRIBUTE_TS priority : 0x00000001 (1) defaultpriority : 0x00000001 (1) starttime : 0x00000000 (0) untiltime : 0x00000000 (0) status : 0x00000000 (0) 0: PRINTER_STATUS_PAUSED 0: PRINTER_STATUS_ERROR 0: PRINTER_STATUS_PENDING_DELETION 0: PRINTER_STATUS_PAPER_JAM 0: PRINTER_STATUS_PAPER_OUT 0: PRINTER_STATUS_MANUAL_FEED 0: PRINTER_STATUS_PAPER_PROBLEM 0: PRINTER_STATUS_OFFLINE 0: PRINTER_STATUS_IO_ACTIVE 0: PRINTER_STATUS_BUSY 0: PRINTER_STATUS_PRINTING 0: PRINTER_STATUS_OUTPUT_BIN_FULL 0: PRINTER_STATUS_NOT_AVAILABLE 0: PRINTER_STATUS_WAITING 0: PRINTER_STATUS_PROCESSING 0: PRINTER_STATUS_INITIALIZING 0: PRINTER_STATUS_WARMING_UP 0: PRINTER_STATUS_TONER_LOW 0: PRINTER_STATUS_NO_TONER 0: PRINTER_STATUS_PAGE_PUNT 0: PRINTER_STATUS_USER_INTERVENTION 0: PRINTER_STATUS_OUT_OF_MEMORY 0: PRINTER_STATUS_DOOR_OPEN 0: PRINTER_STATUS_SERVER_UNKNOWN 0: PRINTER_STATUS_POWER_SAVE cjobs : 0x00000000 (0) averageppm : 0x00000000 (0) devmode_ctr : * devmode_ctr: struct spoolss_DevmodeContainer _ndr_size : 0x00000000 (0) devmode : NULL secdesc_ctr : * secdesc_ctr: struct sec_desc_buf sd_size : 0x00000000 (0) sd : NULL command : SPOOLSS_PRINTER_CONTROL_UNPAUSE (0) [2016/11/10 14:56:30.744362, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0E 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.744389, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0E 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.744412, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:6795(update_printer) update_printer [2016/11/10 14:56:30.744421, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0E 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.744445, 4, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:490(get_printer_snum) short name:aaaaaaaaaaaaaaaaaaaaaä [2016/11/10 14:56:30.744471, 4, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) Create pipe requested winreg [2016/11/10 14:56:30.744483, 10, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:223(init_pipe_handles) init_pipe_handle_list: created handle list for pipe winreg [2016/11/10 14:56:30.744493, 10, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:240(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe winreg [2016/11/10 14:56:30.744518, 4, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) Created internal pipe winreg [2016/11/10 14:56:30.744542, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/11/10 14:56:30.744603, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/11/10 14:56:30.744626, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2016/11/10 14:56:30.744642, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:491(push_conn_ctx) push_conn_ctx(14969) : conn_ctx_stack_ndx = 0 [2016/11/10 14:56:30.744654, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2016/11/10 14:56:30.744665, 5, pid=18983, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/11/10 14:56:30.744674, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/11/10 14:56:30.744742, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2016/11/10 14:56:30.744757, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:885(regdb_open) regdb_open: registry db opened. refcount reset (1) [2016/11/10 14:56:30.744768, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/11/10 14:56:30.744778, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/11/10 14:56:30.744788, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.744797, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM] [2016/11/10 14:56:30.744828, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 31 00 00 00 00 00 00 00 24 58 8E 7C ....1... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.744853, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000031-0000-0000-2458-8e7c274a0000 result : WERR_OK [2016/11/10 14:56:30.744899, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000031-0000-0000-2458-8e7c274a0000 keyname: struct winreg_String name_len : 0x00a6 (166) name_size : 0x00a6 (166) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/11/10 14:56:30.744993, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 31 00 00 00 00 00 00 00 24 58 8E 7C ....1... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.745019, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/11/10 14:56:30.745028, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (1->2) [2016/11/10 14:56:30.745039, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/11/10 14:56:30.745051, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/11/10 14:56:30.745062, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.745071, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE] [2016/11/10 14:56:30.745094, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/11/10 14:56:30.745104, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/11/10 14:56:30.745114, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.745123, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.745134, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.745143, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.745164, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/11/10 14:56:30.745174, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (3->4) [2016/11/10 14:56:30.745184, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.745194, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.745205, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.745214, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.745231, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/11/10 14:56:30.745241, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (4->5) [2016/11/10 14:56:30.745251, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.745260, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.745271, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.745280, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf76f87c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.745307, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/11/10 14:56:30.745317, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (5->6) [2016/11/10 14:56:30.745327, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.745337, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.745349, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.745358, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf76f87c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.745375, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/11/10 14:56:30.745385, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (6->7) [2016/11/10 14:56:30.745395, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.745405, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.745416, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.745425, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.745468, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.745478, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (7->8) [2016/11/10 14:56:30.745488, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.745498, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.745509, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.745518, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.745542, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (8->7) [2016/11/10 14:56:30.745552, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (7->6) [2016/11/10 14:56:30.745570, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (6->5) [2016/11/10 14:56:30.745579, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (5->4) [2016/11/10 14:56:30.745589, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (4->3) [2016/11/10 14:56:30.745598, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/11/10 14:56:30.745609, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 24 58 8E 7C ....2... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.745633, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000032-0000-0000-2458-8e7c274a0000 result : WERR_OK [2016/11/10 14:56:30.745673, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000032-0000-0000-2458-8e7c274a0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2016/11/10 14:56:30.745718, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 24 58 8E 7C ....2... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.745743, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä' (ops 0xf7331040) [2016/11/10 14:56:30.745754, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.745774, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2016/11/10 14:56:30.745785, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[1]: name[Datatype] len[8] [2016/11/10 14:56:30.745795, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[2]: name[Default Priority] len[4] [2016/11/10 14:56:30.745806, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[3]: name[Port] len[38] [2016/11/10 14:56:30.745818, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[4]: name[Name] len[46] [2016/11/10 14:56:30.745828, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[5]: name[Print Processor] len[18] [2016/11/10 14:56:30.745838, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[6]: name[Priority] len[4] [2016/11/10 14:56:30.745849, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[7]: name[Security] len[248] [2016/11/10 14:56:30.745859, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[8]: name[Share Name] len[46] [2016/11/10 14:56:30.745870, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[9]: name[StartTime] len[4] [2016/11/10 14:56:30.745880, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[10]: name[UntilTime] len[4] [2016/11/10 14:56:30.745890, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[11]: name[Description] len[56] [2016/11/10 14:56:30.745901, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[12]: name[Printer Driver] len[38] [2016/11/10 14:56:30.745911, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[13]: name[Location] len[2] [2016/11/10 14:56:30.745921, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[14]: name[Parameters] len[2] [2016/11/10 14:56:30.745932, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[15]: name[Separator File] len[2] [2016/11/10 14:56:30.745943, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[16]: name[Status] len[4] [2016/11/10 14:56:30.745955, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[17]: name[Default DevMode] len[1072] [2016/11/10 14:56:30.745966, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[18]: name[ChangeID] len[4] [2016/11/10 14:56:30.745977, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:2088(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.745997, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x00000013 (19) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x00000430 (1072) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2016/11/10 14:56:30.746093, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000032-0000-0000-2458-8e7c274a0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.746167, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 24 58 8E 7C ....2... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.746190, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.746202, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2016/11/10 14:56:30.746284, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000032-0000-0000-2458-8e7c274a0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.746361, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 24 58 8E 7C ....2... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.746386, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.746396, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2016/11/10 14:56:30.746492, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000032-0000-0000-2458-8e7c274a0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.746571, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 24 58 8E 7C ....2... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.746595, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.746606, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2016/11/10 14:56:30.746690, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000032-0000-0000-2458-8e7c274a0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.746767, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 24 58 8E 7C ....2... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.746800, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.746812, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2016/11/10 14:56:30.747032, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000032-0000-0000-2458-8e7c274a0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.747108, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 24 58 8E 7C ....2... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.747133, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.747144, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(46) [0] : 0x61 (97) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x61 (97) [5] : 0x00 (0) [6] : 0x61 (97) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x61 (97) [11] : 0x00 (0) [12] : 0x61 (97) [13] : 0x00 (0) [14] : 0x61 (97) [15] : 0x00 (0) [16] : 0x61 (97) [17] : 0x00 (0) [18] : 0x61 (97) [19] : 0x00 (0) [20] : 0x61 (97) [21] : 0x00 (0) [22] : 0x61 (97) [23] : 0x00 (0) [24] : 0x61 (97) [25] : 0x00 (0) [26] : 0x61 (97) [27] : 0x00 (0) [28] : 0x61 (97) [29] : 0x00 (0) [30] : 0x61 (97) [31] : 0x00 (0) [32] : 0x61 (97) [33] : 0x00 (0) [34] : 0x61 (97) [35] : 0x00 (0) [36] : 0x61 (97) [37] : 0x00 (0) [38] : 0x61 (97) [39] : 0x00 (0) [40] : 0x61 (97) [41] : 0x00 (0) [42] : 0xe4 (228) [43] : 0x00 (0) [44] : 0x00 (0) [45] : 0x00 (0) size : * size : 0x0000002e (46) length : * length : 0x0000002e (46) result : WERR_OK [2016/11/10 14:56:30.747391, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000032-0000-0000-2458-8e7c274a0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.747467, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 24 58 8E 7C ....2... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.747492, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.747502, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2016/11/10 14:56:30.747630, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000032-0000-0000-2458-8e7c274a0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.747707, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 24 58 8E 7C ....2... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.747731, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.747742, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2016/11/10 14:56:30.747828, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000032-0000-0000-2458-8e7c274a0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.747904, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 24 58 8E 7C ....2... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.747929, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.747939, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xae (174) [101] : 0x66 (102) [102] : 0x85 (133) [103] : 0x50 (80) [104] : 0xdc (220) [105] : 0x80 (128) [106] : 0xb5 (181) [107] : 0x88 (136) [108] : 0x63 (99) [109] : 0xbb (187) [110] : 0x04 (4) [111] : 0x8c (140) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xae (174) [137] : 0x66 (102) [138] : 0x85 (133) [139] : 0x50 (80) [140] : 0xdc (220) [141] : 0x80 (128) [142] : 0xb5 (181) [143] : 0x88 (136) [144] : 0x63 (99) [145] : 0xbb (187) [146] : 0x04 (4) [147] : 0x8c (140) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) size : * size : 0x000000f8 (248) length : * length : 0x000000f8 (248) result : WERR_OK [2016/11/10 14:56:30.748942, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000032-0000-0000-2458-8e7c274a0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.749023, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 24 58 8E 7C ....2... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.749047, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.749058, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(46) [0] : 0x61 (97) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x61 (97) [5] : 0x00 (0) [6] : 0x61 (97) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x61 (97) [11] : 0x00 (0) [12] : 0x61 (97) [13] : 0x00 (0) [14] : 0x61 (97) [15] : 0x00 (0) [16] : 0x61 (97) [17] : 0x00 (0) [18] : 0x61 (97) [19] : 0x00 (0) [20] : 0x61 (97) [21] : 0x00 (0) [22] : 0x61 (97) [23] : 0x00 (0) [24] : 0x61 (97) [25] : 0x00 (0) [26] : 0x61 (97) [27] : 0x00 (0) [28] : 0x61 (97) [29] : 0x00 (0) [30] : 0x61 (97) [31] : 0x00 (0) [32] : 0x61 (97) [33] : 0x00 (0) [34] : 0x61 (97) [35] : 0x00 (0) [36] : 0x61 (97) [37] : 0x00 (0) [38] : 0x61 (97) [39] : 0x00 (0) [40] : 0x61 (97) [41] : 0x00 (0) [42] : 0xe4 (228) [43] : 0x00 (0) [44] : 0x00 (0) [45] : 0x00 (0) size : * size : 0x0000002e (46) length : * length : 0x0000002e (46) result : WERR_OK [2016/11/10 14:56:30.749301, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000032-0000-0000-2458-8e7c274a0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.749376, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 24 58 8E 7C ....2... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.749400, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.749411, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2016/11/10 14:56:30.749500, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000032-0000-0000-2458-8e7c274a0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.749576, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 24 58 8E 7C ....2... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.749600, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.749611, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2016/11/10 14:56:30.749696, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000032-0000-0000-2458-8e7c274a0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.749772, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 24 58 8E 7C ....2... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.749796, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.749806, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(56) [0] : 0x61 (97) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x61 (97) [5] : 0x00 (0) [6] : 0x61 (97) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x61 (97) [11] : 0x00 (0) [12] : 0x61 (97) [13] : 0x00 (0) [14] : 0x61 (97) [15] : 0x00 (0) [16] : 0x61 (97) [17] : 0x00 (0) [18] : 0x61 (97) [19] : 0x00 (0) [20] : 0x61 (97) [21] : 0x00 (0) [22] : 0x61 (97) [23] : 0x00 (0) [24] : 0x61 (97) [25] : 0x00 (0) [26] : 0x61 (97) [27] : 0x00 (0) [28] : 0x61 (97) [29] : 0x00 (0) [30] : 0x61 (97) [31] : 0x00 (0) [32] : 0x61 (97) [33] : 0x00 (0) [34] : 0x61 (97) [35] : 0x00 (0) [36] : 0x61 (97) [37] : 0x00 (0) [38] : 0x61 (97) [39] : 0x00 (0) [40] : 0x61 (97) [41] : 0x00 (0) [42] : 0xe4 (228) [43] : 0x00 (0) [44] : 0x2c (44) [45] : 0x00 (0) [46] : 0x20 (32) [47] : 0x00 (0) [48] : 0x30 (48) [49] : 0x00 (0) [50] : 0x2b (43) [51] : 0x00 (0) [52] : 0x30 (48) [53] : 0x00 (0) [54] : 0x00 (0) [55] : 0x00 (0) size : * size : 0x00000038 (56) length : * length : 0x00000038 (56) result : WERR_OK [2016/11/10 14:56:30.750089, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000032-0000-0000-2458-8e7c274a0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.750165, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 24 58 8E 7C ....2... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.750189, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.750200, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x001e (30) size : 0x0024 (36) name : * name : 'Printer Driver' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x49 (73) [1] : 0x00 (0) [2] : 0x53 (83) [3] : 0x00 (0) [4] : 0x65 (101) [5] : 0x00 (0) [6] : 0x72 (114) [7] : 0x00 (0) [8] : 0x76 (118) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x20 (32) [23] : 0x00 (0) [24] : 0x44 (68) [25] : 0x00 (0) [26] : 0x72 (114) [27] : 0x00 (0) [28] : 0x69 (105) [29] : 0x00 (0) [30] : 0x76 (118) [31] : 0x00 (0) [32] : 0x65 (101) [33] : 0x00 (0) [34] : 0x72 (114) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2016/11/10 14:56:30.750396, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000032-0000-0000-2458-8e7c274a0000 enum_index : 0x0000000d (13) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.750471, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 24 58 8E 7C ....2... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.750494, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.750505, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Location' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2016/11/10 14:56:30.750586, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000032-0000-0000-2458-8e7c274a0000 enum_index : 0x0000000e (14) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.750660, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 24 58 8E 7C ....2... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.750683, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.750694, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Parameters' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2016/11/10 14:56:30.750771, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000032-0000-0000-2458-8e7c274a0000 enum_index : 0x0000000f (15) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.750854, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 24 58 8E 7C ....2... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.750878, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.750889, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x001e (30) size : 0x0024 (36) name : * name : 'Separator File' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2016/11/10 14:56:30.750967, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000032-0000-0000-2458-8e7c274a0000 enum_index : 0x00000010 (16) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.751040, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 24 58 8E 7C ....2... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.751067, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.751077, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000e (14) size : 0x0024 (36) name : * name : 'Status' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2016/11/10 14:56:30.751163, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000032-0000-0000-2458-8e7c274a0000 enum_index : 0x00000011 (17) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.751236, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 24 58 8E 7C ....2... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.751261, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.751271, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Default DevMode' type : * type : REG_BINARY (3) value : * value: ARRAY(1072) [0] : 0x5c (92) [1] : 0x00 (0) [2] : 0x5c (92) [3] : 0x00 (0) [4] : 0x69 (105) [5] : 0x00 (0) [6] : 0x73 (115) [7] : 0x00 (0) [8] : 0x65 (101) [9] : 0x00 (0) [10] : 0x72 (114) [11] : 0x00 (0) [12] : 0x76 (118) [13] : 0x00 (0) [14] : 0x5c (92) [15] : 0x00 (0) [16] : 0x78 (120) [17] : 0x00 (0) [18] : 0x79 (121) [19] : 0x00 (0) [20] : 0x7a (122) [21] : 0x00 (0) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x00 (0) [28] : 0x00 (0) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x00 (0) [33] : 0x00 (0) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x00 (0) [44] : 0x00 (0) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x00 (0) [49] : 0x00 (0) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x00 (0) [53] : 0x00 (0) [54] : 0x00 (0) [55] : 0x00 (0) [56] : 0x00 (0) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x00 (0) [62] : 0x00 (0) [63] : 0x00 (0) [64] : 0x01 (1) [65] : 0x04 (4) [66] : 0x00 (0) [67] : 0x06 (6) [68] : 0xdc (220) [69] : 0x00 (0) [70] : 0x54 (84) [71] : 0x03 (3) [72] : 0x53 (83) [73] : 0xef (239) [74] : 0x81 (129) [75] : 0x01 (1) [76] : 0x01 (1) [77] : 0x00 (0) [78] : 0x09 (9) [79] : 0x00 (0) [80] : 0xea (234) [81] : 0x0a (10) [82] : 0x6f (111) [83] : 0x08 (8) [84] : 0x64 (100) [85] : 0x00 (0) [86] : 0x01 (1) [87] : 0x00 (0) [88] : 0x0f (15) [89] : 0x00 (0) [90] : 0x58 (88) [91] : 0x02 (2) [92] : 0x02 (2) [93] : 0x00 (0) [94] : 0x01 (1) [95] : 0x00 (0) [96] : 0x58 (88) [97] : 0x02 (2) [98] : 0x03 (3) [99] : 0x00 (0) [100] : 0x01 (1) [101] : 0x00 (0) [102] : 0x41 (65) [103] : 0x00 (0) [104] : 0x34 (52) [105] : 0x00 (0) [106] : 0x00 (0) [107] : 0x00 (0) [108] : 0x00 (0) [109] : 0x00 (0) [110] : 0x00 (0) [111] : 0x00 (0) [112] : 0x00 (0) [113] : 0x00 (0) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x00 (0) [120] : 0x00 (0) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x00 (0) [125] : 0x00 (0) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x00 (0) [132] : 0x00 (0) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0x00 (0) [137] : 0x00 (0) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x00 (0) [144] : 0x00 (0) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x00 (0) [149] : 0x00 (0) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x00 (0) [154] : 0x00 (0) [155] : 0x00 (0) [156] : 0x00 (0) [157] : 0x00 (0) [158] : 0x00 (0) [159] : 0x00 (0) [160] : 0x00 (0) [161] : 0x00 (0) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x00 (0) [168] : 0x00 (0) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x00 (0) [173] : 0x00 (0) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x00 (0) [178] : 0x00 (0) [179] : 0x00 (0) [180] : 0x01 (1) [181] : 0x00 (0) [182] : 0x00 (0) [183] : 0x00 (0) [184] : 0x00 (0) [185] : 0x00 (0) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x01 (1) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x00 (0) [192] : 0x02 (2) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x01 (1) [197] : 0x00 (0) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x00 (0) [202] : 0x00 (0) [203] : 0x00 (0) [204] : 0x00 (0) [205] : 0x00 (0) [206] : 0x00 (0) [207] : 0x00 (0) [208] : 0x00 (0) [209] : 0x00 (0) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x00 (0) [216] : 0x00 (0) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x50 (80) [221] : 0x52 (82) [222] : 0x49 (73) [223] : 0x56 (86) [224] : 0xe2 (226) [225] : 0x30 (48) [226] : 0x00 (0) [227] : 0x00 (0) [228] : 0x00 (0) [229] : 0x00 (0) [230] : 0x00 (0) [231] : 0x00 (0) [232] : 0x00 (0) [233] : 0x00 (0) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x00 (0) [240] : 0x00 (0) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x00 (0) [245] : 0x00 (0) [246] : 0x00 (0) [247] : 0x00 (0) [248] : 0x00 (0) [249] : 0x00 (0) [250] : 0x00 (0) [251] : 0x00 (0) [252] : 0x00 (0) [253] : 0x00 (0) [254] : 0x00 (0) [255] : 0x00 (0) [256] : 0x00 (0) [257] : 0x00 (0) [258] : 0x00 (0) [259] : 0x00 (0) [260] : 0x00 (0) [261] : 0x00 (0) [262] : 0x00 (0) [263] : 0x00 (0) [264] : 0x00 (0) [265] : 0x00 (0) [266] : 0x00 (0) [267] : 0x00 (0) [268] : 0x00 (0) [269] : 0x00 (0) [270] : 0x00 (0) [271] : 0x00 (0) [272] : 0x00 (0) [273] : 0x00 (0) [274] : 0x00 (0) [275] : 0x00 (0) [276] : 0x00 (0) [277] : 0x00 (0) [278] : 0x00 (0) [279] : 0x00 (0) [280] : 0x00 (0) [281] : 0x00 (0) [282] : 0x00 (0) [283] : 0x00 (0) [284] : 0x00 (0) [285] : 0x00 (0) [286] : 0x00 (0) [287] : 0x00 (0) [288] : 0x00 (0) [289] : 0x00 (0) [290] : 0x00 (0) [291] : 0x00 (0) [292] : 0x00 (0) [293] : 0x00 (0) [294] : 0x00 (0) [295] : 0x00 (0) [296] : 0x00 (0) [297] : 0x00 (0) [298] : 0x00 (0) [299] : 0x00 (0) [300] : 0x00 (0) [301] : 0x00 (0) [302] : 0x00 (0) [303] : 0x00 (0) [304] : 0x00 (0) [305] : 0x00 (0) [306] : 0x00 (0) [307] : 0x00 (0) [308] : 0x18 (24) [309] : 0x00 (0) [310] : 0x00 (0) [311] : 0x00 (0) [312] : 0x00 (0) [313] : 0x00 (0) [314] : 0x10 (16) [315] : 0x27 (39) [316] : 0x10 (16) [317] : 0x27 (39) [318] : 0x10 (16) [319] : 0x27 (39) [320] : 0x00 (0) [321] : 0x00 (0) [322] : 0x10 (16) [323] : 0x27 (39) [324] : 0x00 (0) [325] : 0x00 (0) [326] : 0x00 (0) [327] : 0x00 (0) [328] : 0x00 (0) [329] : 0x00 (0) [330] : 0x00 (0) [331] : 0x00 (0) [332] : 0x80 (128) [333] : 0x00 (0) [334] : 0x54 (84) [335] : 0x03 (3) [336] : 0x00 (0) [337] : 0x00 (0) [338] : 0x00 (0) [339] : 0x00 (0) [340] : 0x00 (0) [341] : 0x00 (0) [342] : 0x00 (0) [343] : 0x00 (0) [344] : 0x00 (0) [345] : 0x00 (0) [346] : 0x00 (0) [347] : 0x00 (0) [348] : 0x00 (0) [349] : 0x00 (0) [350] : 0x00 (0) [351] : 0x00 (0) [352] : 0x00 (0) [353] : 0x00 (0) [354] : 0x00 (0) [355] : 0x00 (0) [356] : 0x00 (0) [357] : 0x00 (0) [358] : 0x00 (0) [359] : 0x00 (0) [360] : 0x03 (3) [361] : 0x00 (0) [362] : 0x00 (0) [363] : 0x00 (0) [364] : 0x00 (0) [365] : 0x00 (0) [366] : 0x00 (0) [367] : 0x00 (0) [368] : 0x00 (0) [369] : 0x00 (0) [370] : 0x10 (16) [371] : 0x00 (0) [372] : 0x50 (80) [373] : 0x34 (52) [374] : 0x03 (3) [375] : 0x00 (0) [376] : 0x28 (40) [377] : 0x88 (136) [378] : 0x04 (4) [379] : 0x00 (0) [380] : 0x00 (0) [381] : 0x00 (0) [382] : 0x00 (0) [383] : 0x00 (0) [384] : 0x00 (0) [385] : 0x00 (0) [386] : 0x00 (0) [387] : 0x00 (0) [388] : 0x00 (0) [389] : 0x00 (0) [390] : 0x01 (1) [391] : 0x00 (0) [392] : 0x00 (0) [393] : 0x00 (0) [394] : 0x00 (0) [395] : 0x00 (0) [396] : 0x00 (0) [397] : 0x00 (0) [398] : 0x00 (0) [399] : 0x00 (0) [400] : 0x00 (0) [401] : 0x00 (0) [402] : 0x00 (0) [403] : 0x00 (0) [404] : 0x00 (0) [405] : 0x00 (0) [406] : 0x00 (0) [407] : 0x00 (0) [408] : 0x24 (36) [409] : 0x01 (1) [410] : 0xdf (223) [411] : 0x8c (140) [412] : 0x03 (3) [413] : 0x00 (0) [414] : 0x00 (0) [415] : 0x00 (0) [416] : 0x05 (5) [417] : 0x00 (0) [418] : 0x0b (11) [419] : 0x00 (0) [420] : 0xff (255) [421] : 0x00 (0) [422] : 0x00 (0) [423] : 0x00 (0) [424] : 0x00 (0) [425] : 0x00 (0) [426] : 0x00 (0) [427] : 0x00 (0) [428] : 0x00 (0) [429] : 0x00 (0) [430] : 0x00 (0) [431] : 0x00 (0) [432] : 0x00 (0) [433] : 0x00 (0) [434] : 0x00 (0) [435] : 0x00 (0) [436] : 0x00 (0) [437] : 0x00 (0) [438] : 0x00 (0) [439] : 0x00 (0) [440] : 0x00 (0) [441] : 0x00 (0) [442] : 0x00 (0) [443] : 0x00 (0) [444] : 0x00 (0) [445] : 0x00 (0) [446] : 0x00 (0) [447] : 0x00 (0) [448] : 0x00 (0) [449] : 0x00 (0) [450] : 0x00 (0) [451] : 0x00 (0) [452] : 0x00 (0) [453] : 0x00 (0) [454] : 0x00 (0) [455] : 0x00 (0) [456] : 0x00 (0) [457] : 0x00 (0) [458] : 0x00 (0) [459] : 0x00 (0) [460] : 0x00 (0) [461] : 0x00 (0) [462] : 0x00 (0) [463] : 0x00 (0) [464] : 0x00 (0) [465] : 0x00 (0) [466] : 0x00 (0) [467] : 0x00 (0) [468] : 0x00 (0) [469] : 0x00 (0) [470] : 0x00 (0) [471] : 0x00 (0) [472] : 0x00 (0) [473] : 0x00 (0) [474] : 0x00 (0) [475] : 0x00 (0) [476] : 0x00 (0) [477] : 0x00 (0) [478] : 0x00 (0) [479] : 0x00 (0) [480] : 0x00 (0) [481] : 0x00 (0) [482] : 0x00 (0) [483] : 0x00 (0) [484] : 0x00 (0) [485] : 0x00 (0) [486] : 0x00 (0) [487] : 0x00 (0) [488] : 0x00 (0) [489] : 0x00 (0) [490] : 0x00 (0) [491] : 0x00 (0) [492] : 0x00 (0) [493] : 0x00 (0) [494] : 0x00 (0) [495] : 0x00 (0) [496] : 0x00 (0) [497] : 0x00 (0) [498] : 0x00 (0) [499] : 0x00 (0) [500] : 0x00 (0) [501] : 0x00 (0) [502] : 0x00 (0) [503] : 0x00 (0) [504] : 0x00 (0) [505] : 0x00 (0) [506] : 0x00 (0) [507] : 0x00 (0) [508] : 0x00 (0) [509] : 0x00 (0) [510] : 0x00 (0) [511] : 0x00 (0) [512] : 0x00 (0) [513] : 0x00 (0) [514] : 0x00 (0) [515] : 0x00 (0) [516] : 0x00 (0) [517] : 0x00 (0) [518] : 0x00 (0) [519] : 0x00 (0) [520] : 0x00 (0) [521] : 0x00 (0) [522] : 0x00 (0) [523] : 0x00 (0) [524] : 0x00 (0) [525] : 0x00 (0) [526] : 0x00 (0) [527] : 0x00 (0) [528] : 0x00 (0) [529] : 0x00 (0) [530] : 0x00 (0) [531] : 0x00 (0) [532] : 0x00 (0) [533] : 0x00 (0) [534] : 0x00 (0) [535] : 0x00 (0) [536] : 0x00 (0) [537] : 0x00 (0) [538] : 0x00 (0) [539] : 0x00 (0) [540] : 0x00 (0) [541] : 0x00 (0) [542] : 0x00 (0) [543] : 0x00 (0) [544] : 0x00 (0) [545] : 0x00 (0) [546] : 0x00 (0) [547] : 0x00 (0) [548] : 0x00 (0) [549] : 0x00 (0) [550] : 0x00 (0) [551] : 0x00 (0) [552] : 0x00 (0) [553] : 0x00 (0) [554] : 0x00 (0) [555] : 0x00 (0) [556] : 0x00 (0) [557] : 0x00 (0) [558] : 0x00 (0) [559] : 0x00 (0) [560] : 0x00 (0) [561] : 0x00 (0) [562] : 0x00 (0) [563] : 0x00 (0) [564] : 0x00 (0) [565] : 0x00 (0) [566] : 0x00 (0) [567] : 0x00 (0) [568] : 0x00 (0) [569] : 0x00 (0) [570] : 0x00 (0) [571] : 0x00 (0) [572] : 0x00 (0) [573] : 0x00 (0) [574] : 0x00 (0) [575] : 0x00 (0) [576] : 0x00 (0) [577] : 0x00 (0) [578] : 0x00 (0) [579] : 0x00 (0) [580] : 0x00 (0) [581] : 0x00 (0) [582] : 0x00 (0) [583] : 0x00 (0) [584] : 0x00 (0) [585] : 0x00 (0) [586] : 0x00 (0) [587] : 0x00 (0) [588] : 0x00 (0) [589] : 0x00 (0) [590] : 0x00 (0) [591] : 0x00 (0) [592] : 0x00 (0) [593] : 0x00 (0) [594] : 0x00 (0) [595] : 0x00 (0) [596] : 0x00 (0) [597] : 0x00 (0) [598] : 0x00 (0) [599] : 0x00 (0) [600] : 0x00 (0) [601] : 0x00 (0) [602] : 0x00 (0) [603] : 0x00 (0) [604] : 0x00 (0) [605] : 0x00 (0) [606] : 0x00 (0) [607] : 0x00 (0) [608] : 0x00 (0) [609] : 0x00 (0) [610] : 0x00 (0) [611] : 0x00 (0) [612] : 0x00 (0) [613] : 0x00 (0) [614] : 0x00 (0) [615] : 0x00 (0) [616] : 0x00 (0) [617] : 0x00 (0) [618] : 0x00 (0) [619] : 0x00 (0) [620] : 0x00 (0) [621] : 0x00 (0) [622] : 0x00 (0) [623] : 0x00 (0) [624] : 0x00 (0) [625] : 0x00 (0) [626] : 0x00 (0) [627] : 0x00 (0) [628] : 0x00 (0) [629] : 0x00 (0) [630] : 0x00 (0) [631] : 0x00 (0) [632] : 0x00 (0) [633] : 0x00 (0) [634] : 0x00 (0) [635] : 0x00 (0) [636] : 0x00 (0) [637] : 0x00 (0) [638] : 0x00 (0) [639] : 0x00 (0) [640] : 0x00 (0) [641] : 0x00 (0) [642] : 0x00 (0) [643] : 0x00 (0) [644] : 0x00 (0) [645] : 0x00 (0) [646] : 0x00 (0) [647] : 0x00 (0) [648] : 0x00 (0) [649] : 0x00 (0) [650] : 0x00 (0) [651] : 0x00 (0) [652] : 0x00 (0) [653] : 0x00 (0) [654] : 0x00 (0) [655] : 0x00 (0) [656] : 0x00 (0) [657] : 0x00 (0) [658] : 0x00 (0) [659] : 0x00 (0) [660] : 0x00 (0) [661] : 0x00 (0) [662] : 0x00 (0) [663] : 0x00 (0) [664] : 0x00 (0) [665] : 0x00 (0) [666] : 0x00 (0) [667] : 0x00 (0) [668] : 0x00 (0) [669] : 0x00 (0) [670] : 0x00 (0) [671] : 0x00 (0) [672] : 0x00 (0) [673] : 0x00 (0) [674] : 0x00 (0) [675] : 0x00 (0) [676] : 0x00 (0) [677] : 0x00 (0) [678] : 0x00 (0) [679] : 0x00 (0) [680] : 0x00 (0) [681] : 0x00 (0) [682] : 0x00 (0) [683] : 0x00 (0) [684] : 0x00 (0) [685] : 0x00 (0) [686] : 0x00 (0) [687] : 0x00 (0) [688] : 0x00 (0) [689] : 0x00 (0) [690] : 0x00 (0) [691] : 0x00 (0) [692] : 0x00 (0) [693] : 0x00 (0) [694] : 0x00 (0) [695] : 0x00 (0) [696] : 0x00 (0) [697] : 0x00 (0) [698] : 0x00 (0) [699] : 0x00 (0) [700] : 0x00 (0) [701] : 0x00 (0) [702] : 0x00 (0) [703] : 0x00 (0) [704] : 0x00 (0) [705] : 0x00 (0) [706] : 0x00 (0) [707] : 0x00 (0) [708] : 0x00 (0) [709] : 0x00 (0) [710] : 0x00 (0) [711] : 0x00 (0) [712] : 0x00 (0) [713] : 0x00 (0) [714] : 0x00 (0) [715] : 0x00 (0) [716] : 0x00 (0) [717] : 0x00 (0) [718] : 0x00 (0) [719] : 0x00 (0) [720] : 0x00 (0) [721] : 0x00 (0) [722] : 0x00 (0) [723] : 0x00 (0) [724] : 0x00 (0) [725] : 0x00 (0) [726] : 0x00 (0) [727] : 0x00 (0) [728] : 0x00 (0) [729] : 0x00 (0) [730] : 0x00 (0) [731] : 0x00 (0) [732] : 0x00 (0) [733] : 0x00 (0) [734] : 0x00 (0) [735] : 0x00 (0) [736] : 0x00 (0) [737] : 0x00 (0) [738] : 0x00 (0) [739] : 0x00 (0) [740] : 0x00 (0) [741] : 0x00 (0) [742] : 0x00 (0) [743] : 0x00 (0) [744] : 0x00 (0) [745] : 0x00 (0) [746] : 0x00 (0) [747] : 0x00 (0) [748] : 0x00 (0) [749] : 0x00 (0) [750] : 0x00 (0) [751] : 0x00 (0) [752] : 0x00 (0) [753] : 0x00 (0) [754] : 0x00 (0) [755] : 0x00 (0) [756] : 0x00 (0) [757] : 0x00 (0) [758] : 0x00 (0) [759] : 0x00 (0) [760] : 0x00 (0) [761] : 0x00 (0) [762] : 0x00 (0) [763] : 0x00 (0) [764] : 0x00 (0) [765] : 0x00 (0) [766] : 0x00 (0) [767] : 0x00 (0) [768] : 0x00 (0) [769] : 0x00 (0) [770] : 0x00 (0) [771] : 0x00 (0) [772] : 0x00 (0) [773] : 0x00 (0) [774] : 0x00 (0) [775] : 0x00 (0) [776] : 0x00 (0) [777] : 0x00 (0) [778] : 0x00 (0) [779] : 0x00 (0) [780] : 0x00 (0) [781] : 0x00 (0) [782] : 0x00 (0) [783] : 0x00 (0) [784] : 0x00 (0) [785] : 0x00 (0) [786] : 0x00 (0) [787] : 0x00 (0) [788] : 0x00 (0) [789] : 0x00 (0) [790] : 0x00 (0) [791] : 0x00 (0) [792] : 0x00 (0) [793] : 0x00 (0) [794] : 0x00 (0) [795] : 0x00 (0) [796] : 0x00 (0) [797] : 0x00 (0) [798] : 0x00 (0) [799] : 0x00 (0) [800] : 0x00 (0) [801] : 0x00 (0) [802] : 0x00 (0) [803] : 0x00 (0) [804] : 0x00 (0) [805] : 0x00 (0) [806] : 0x00 (0) [807] : 0x00 (0) [808] : 0x00 (0) [809] : 0x00 (0) [810] : 0x00 (0) [811] : 0x00 (0) [812] : 0x00 (0) [813] : 0x00 (0) [814] : 0x00 (0) [815] : 0x00 (0) [816] : 0x00 (0) [817] : 0x00 (0) [818] : 0x00 (0) [819] : 0x00 (0) [820] : 0x00 (0) [821] : 0x00 (0) [822] : 0x00 (0) [823] : 0x00 (0) [824] : 0x00 (0) [825] : 0x00 (0) [826] : 0x00 (0) [827] : 0x00 (0) [828] : 0x00 (0) [829] : 0x00 (0) [830] : 0x00 (0) [831] : 0x00 (0) [832] : 0x00 (0) [833] : 0x00 (0) [834] : 0x00 (0) [835] : 0x00 (0) [836] : 0x00 (0) [837] : 0x00 (0) [838] : 0x00 (0) [839] : 0x00 (0) [840] : 0x00 (0) [841] : 0x00 (0) [842] : 0x00 (0) [843] : 0x00 (0) [844] : 0x00 (0) [845] : 0x00 (0) [846] : 0x00 (0) [847] : 0x00 (0) [848] : 0x00 (0) [849] : 0x00 (0) [850] : 0x00 (0) [851] : 0x00 (0) [852] : 0x00 (0) [853] : 0x00 (0) [854] : 0x00 (0) [855] : 0x00 (0) [856] : 0x00 (0) [857] : 0x00 (0) [858] : 0x00 (0) [859] : 0x00 (0) [860] : 0x00 (0) [861] : 0x00 (0) [862] : 0x00 (0) [863] : 0x00 (0) [864] : 0x00 (0) [865] : 0x00 (0) [866] : 0x00 (0) [867] : 0x00 (0) [868] : 0x00 (0) [869] : 0x00 (0) [870] : 0x00 (0) [871] : 0x00 (0) [872] : 0x00 (0) [873] : 0x00 (0) [874] : 0x00 (0) [875] : 0x00 (0) [876] : 0x00 (0) [877] : 0x00 (0) [878] : 0x00 (0) [879] : 0x00 (0) [880] : 0x00 (0) [881] : 0x00 (0) [882] : 0x00 (0) [883] : 0x00 (0) [884] : 0x00 (0) [885] : 0x00 (0) [886] : 0x00 (0) [887] : 0x00 (0) [888] : 0x00 (0) [889] : 0x00 (0) [890] : 0x00 (0) [891] : 0x00 (0) [892] : 0x00 (0) [893] : 0x00 (0) [894] : 0x00 (0) [895] : 0x00 (0) [896] : 0x00 (0) [897] : 0x00 (0) [898] : 0x00 (0) [899] : 0x00 (0) [900] : 0x00 (0) [901] : 0x00 (0) [902] : 0x00 (0) [903] : 0x00 (0) [904] : 0x00 (0) [905] : 0x00 (0) [906] : 0x00 (0) [907] : 0x00 (0) [908] : 0x00 (0) [909] : 0x00 (0) [910] : 0x00 (0) [911] : 0x00 (0) [912] : 0x00 (0) [913] : 0x00 (0) [914] : 0x00 (0) [915] : 0x00 (0) [916] : 0x00 (0) [917] : 0x00 (0) [918] : 0x00 (0) [919] : 0x00 (0) [920] : 0x00 (0) [921] : 0x00 (0) [922] : 0x00 (0) [923] : 0x00 (0) [924] : 0x00 (0) [925] : 0x00 (0) [926] : 0x00 (0) [927] : 0x00 (0) [928] : 0x01 (1) [929] : 0x00 (0) [930] : 0x00 (0) [931] : 0x00 (0) [932] : 0x00 (0) [933] : 0x00 (0) [934] : 0x00 (0) [935] : 0x00 (0) [936] : 0x00 (0) [937] : 0x00 (0) [938] : 0x00 (0) [939] : 0x00 (0) [940] : 0x00 (0) [941] : 0x00 (0) [942] : 0x00 (0) [943] : 0x00 (0) [944] : 0x80 (128) [945] : 0x00 (0) [946] : 0x00 (0) [947] : 0x00 (0) [948] : 0x53 (83) [949] : 0x4d (77) [950] : 0x54 (84) [951] : 0x4a (74) [952] : 0x00 (0) [953] : 0x00 (0) [954] : 0x00 (0) [955] : 0x00 (0) [956] : 0x10 (16) [957] : 0x00 (0) [958] : 0x70 (112) [959] : 0x00 (0) [960] : 0x49 (73) [961] : 0x00 (0) [962] : 0x53 (83) [963] : 0x00 (0) [964] : 0x65 (101) [965] : 0x00 (0) [966] : 0x72 (114) [967] : 0x00 (0) [968] : 0x76 (118) [969] : 0x00 (0) [970] : 0x20 (32) [971] : 0x00 (0) [972] : 0x50 (80) [973] : 0x00 (0) [974] : 0x72 (114) [975] : 0x00 (0) [976] : 0x69 (105) [977] : 0x00 (0) [978] : 0x6e (110) [979] : 0x00 (0) [980] : 0x74 (116) [981] : 0x00 (0) [982] : 0x20 (32) [983] : 0x00 (0) [984] : 0x44 (68) [985] : 0x00 (0) [986] : 0x72 (114) [987] : 0x00 (0) [988] : 0x69 (105) [989] : 0x00 (0) [990] : 0x76 (118) [991] : 0x00 (0) [992] : 0x65 (101) [993] : 0x00 (0) [994] : 0x72 (114) [995] : 0x00 (0) [996] : 0x00 (0) [997] : 0x00 (0) [998] : 0x52 (82) [999] : 0x65 (101) [1000] : 0x73 (115) [1001] : 0x6f (111) [1002] : 0x6c (108) [1003] : 0x75 (117) [1004] : 0x74 (116) [1005] : 0x69 (105) [1006] : 0x6f (111) [1007] : 0x6e (110) [1008] : 0x00 (0) [1009] : 0x36 (54) [1010] : 0x30 (48) [1011] : 0x30 (48) [1012] : 0x64 (100) [1013] : 0x70 (112) [1014] : 0x69 (105) [1015] : 0x00 (0) [1016] : 0x50 (80) [1017] : 0x61 (97) [1018] : 0x67 (103) [1019] : 0x65 (101) [1020] : 0x53 (83) [1021] : 0x69 (105) [1022] : 0x7a (122) [1023] : 0x65 (101) [1024] : 0x00 (0) [1025] : 0x41 (65) [1026] : 0x34 (52) [1027] : 0x00 (0) [1028] : 0x50 (80) [1029] : 0x61 (97) [1030] : 0x67 (103) [1031] : 0x65 (101) [1032] : 0x52 (82) [1033] : 0x65 (101) [1034] : 0x67 (103) [1035] : 0x69 (105) [1036] : 0x6f (111) [1037] : 0x6e (110) [1038] : 0x00 (0) [1039] : 0x00 (0) [1040] : 0x00 (0) [1041] : 0x00 (0) [1042] : 0x00 (0) [1043] : 0x00 (0) [1044] : 0x00 (0) [1045] : 0x00 (0) [1046] : 0x00 (0) [1047] : 0x00 (0) [1048] : 0x00 (0) [1049] : 0x00 (0) [1050] : 0x00 (0) [1051] : 0x00 (0) [1052] : 0x00 (0) [1053] : 0x00 (0) [1054] : 0x00 (0) [1055] : 0x00 (0) [1056] : 0x00 (0) [1057] : 0x00 (0) [1058] : 0x00 (0) [1059] : 0x00 (0) [1060] : 0x00 (0) [1061] : 0x00 (0) [1062] : 0x00 (0) [1063] : 0x00 (0) [1064] : 0x00 (0) [1065] : 0x00 (0) [1066] : 0x00 (0) [1067] : 0x00 (0) [1068] : 0x00 (0) [1069] : 0x00 (0) [1070] : 0x00 (0) [1071] : 0x00 (0) size : * size : 0x00000430 (1072) length : * length : 0x00000430 (1072) result : WERR_OK [2016/11/10 14:56:30.754901, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000032-0000-0000-2458-8e7c274a0000 enum_index : 0x00000012 (18) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x00000430 (1072) length : * length : 0x00000000 (0) [2016/11/10 14:56:30.754976, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 24 58 8E 7C ....2... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.755000, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.755011, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0xc7 (199) [1] : 0xe5 (229) [2] : 0x03 (3) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2016/11/10 14:56:30.755117, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000032-0000-0000-2458-8e7c274a0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2016/11/10 14:56:30.755191, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 24 58 8E 7C ....2... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.755215, 7, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.755225, 7, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/11/10 14:56:30.755238, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x00000430 (1072) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2016/11/10 14:56:30.755285, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000032-0000-0000-2458-8e7c274a0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x00000430 (1072) data_length : * data_length : 0x00000000 (0) [2016/11/10 14:56:30.755357, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 24 58 8E 7C ....2... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.755383, 7, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.755393, 7, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/11/10 14:56:30.755405, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(1072) [0] : 0x5c (92) [1] : 0x00 (0) [2] : 0x5c (92) [3] : 0x00 (0) [4] : 0x69 (105) [5] : 0x00 (0) [6] : 0x73 (115) [7] : 0x00 (0) [8] : 0x65 (101) [9] : 0x00 (0) [10] : 0x72 (114) [11] : 0x00 (0) [12] : 0x76 (118) [13] : 0x00 (0) [14] : 0x5c (92) [15] : 0x00 (0) [16] : 0x78 (120) [17] : 0x00 (0) [18] : 0x79 (121) [19] : 0x00 (0) [20] : 0x7a (122) [21] : 0x00 (0) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x00 (0) [28] : 0x00 (0) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x00 (0) [33] : 0x00 (0) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x00 (0) [44] : 0x00 (0) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x00 (0) [49] : 0x00 (0) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x00 (0) [53] : 0x00 (0) [54] : 0x00 (0) [55] : 0x00 (0) [56] : 0x00 (0) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x00 (0) [62] : 0x00 (0) [63] : 0x00 (0) [64] : 0x01 (1) [65] : 0x04 (4) [66] : 0x00 (0) [67] : 0x06 (6) [68] : 0xdc (220) [69] : 0x00 (0) [70] : 0x54 (84) [71] : 0x03 (3) [72] : 0x53 (83) [73] : 0xef (239) [74] : 0x81 (129) [75] : 0x01 (1) [76] : 0x01 (1) [77] : 0x00 (0) [78] : 0x09 (9) [79] : 0x00 (0) [80] : 0xea (234) [81] : 0x0a (10) [82] : 0x6f (111) [83] : 0x08 (8) [84] : 0x64 (100) [85] : 0x00 (0) [86] : 0x01 (1) [87] : 0x00 (0) [88] : 0x0f (15) [89] : 0x00 (0) [90] : 0x58 (88) [91] : 0x02 (2) [92] : 0x02 (2) [93] : 0x00 (0) [94] : 0x01 (1) [95] : 0x00 (0) [96] : 0x58 (88) [97] : 0x02 (2) [98] : 0x03 (3) [99] : 0x00 (0) [100] : 0x01 (1) [101] : 0x00 (0) [102] : 0x41 (65) [103] : 0x00 (0) [104] : 0x34 (52) [105] : 0x00 (0) [106] : 0x00 (0) [107] : 0x00 (0) [108] : 0x00 (0) [109] : 0x00 (0) [110] : 0x00 (0) [111] : 0x00 (0) [112] : 0x00 (0) [113] : 0x00 (0) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x00 (0) [120] : 0x00 (0) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x00 (0) [125] : 0x00 (0) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x00 (0) [132] : 0x00 (0) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0x00 (0) [137] : 0x00 (0) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x00 (0) [144] : 0x00 (0) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x00 (0) [149] : 0x00 (0) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x00 (0) [154] : 0x00 (0) [155] : 0x00 (0) [156] : 0x00 (0) [157] : 0x00 (0) [158] : 0x00 (0) [159] : 0x00 (0) [160] : 0x00 (0) [161] : 0x00 (0) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x00 (0) [168] : 0x00 (0) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x00 (0) [173] : 0x00 (0) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x00 (0) [178] : 0x00 (0) [179] : 0x00 (0) [180] : 0x01 (1) [181] : 0x00 (0) [182] : 0x00 (0) [183] : 0x00 (0) [184] : 0x00 (0) [185] : 0x00 (0) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x01 (1) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x00 (0) [192] : 0x02 (2) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x01 (1) [197] : 0x00 (0) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x00 (0) [202] : 0x00 (0) [203] : 0x00 (0) [204] : 0x00 (0) [205] : 0x00 (0) [206] : 0x00 (0) [207] : 0x00 (0) [208] : 0x00 (0) [209] : 0x00 (0) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x00 (0) [216] : 0x00 (0) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x50 (80) [221] : 0x52 (82) [222] : 0x49 (73) [223] : 0x56 (86) [224] : 0xe2 (226) [225] : 0x30 (48) [226] : 0x00 (0) [227] : 0x00 (0) [228] : 0x00 (0) [229] : 0x00 (0) [230] : 0x00 (0) [231] : 0x00 (0) [232] : 0x00 (0) [233] : 0x00 (0) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x00 (0) [240] : 0x00 (0) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x00 (0) [245] : 0x00 (0) [246] : 0x00 (0) [247] : 0x00 (0) [248] : 0x00 (0) [249] : 0x00 (0) [250] : 0x00 (0) [251] : 0x00 (0) [252] : 0x00 (0) [253] : 0x00 (0) [254] : 0x00 (0) [255] : 0x00 (0) [256] : 0x00 (0) [257] : 0x00 (0) [258] : 0x00 (0) [259] : 0x00 (0) [260] : 0x00 (0) [261] : 0x00 (0) [262] : 0x00 (0) [263] : 0x00 (0) [264] : 0x00 (0) [265] : 0x00 (0) [266] : 0x00 (0) [267] : 0x00 (0) [268] : 0x00 (0) [269] : 0x00 (0) [270] : 0x00 (0) [271] : 0x00 (0) [272] : 0x00 (0) [273] : 0x00 (0) [274] : 0x00 (0) [275] : 0x00 (0) [276] : 0x00 (0) [277] : 0x00 (0) [278] : 0x00 (0) [279] : 0x00 (0) [280] : 0x00 (0) [281] : 0x00 (0) [282] : 0x00 (0) [283] : 0x00 (0) [284] : 0x00 (0) [285] : 0x00 (0) [286] : 0x00 (0) [287] : 0x00 (0) [288] : 0x00 (0) [289] : 0x00 (0) [290] : 0x00 (0) [291] : 0x00 (0) [292] : 0x00 (0) [293] : 0x00 (0) [294] : 0x00 (0) [295] : 0x00 (0) [296] : 0x00 (0) [297] : 0x00 (0) [298] : 0x00 (0) [299] : 0x00 (0) [300] : 0x00 (0) [301] : 0x00 (0) [302] : 0x00 (0) [303] : 0x00 (0) [304] : 0x00 (0) [305] : 0x00 (0) [306] : 0x00 (0) [307] : 0x00 (0) [308] : 0x18 (24) [309] : 0x00 (0) [310] : 0x00 (0) [311] : 0x00 (0) [312] : 0x00 (0) [313] : 0x00 (0) [314] : 0x10 (16) [315] : 0x27 (39) [316] : 0x10 (16) [317] : 0x27 (39) [318] : 0x10 (16) [319] : 0x27 (39) [320] : 0x00 (0) [321] : 0x00 (0) [322] : 0x10 (16) [323] : 0x27 (39) [324] : 0x00 (0) [325] : 0x00 (0) [326] : 0x00 (0) [327] : 0x00 (0) [328] : 0x00 (0) [329] : 0x00 (0) [330] : 0x00 (0) [331] : 0x00 (0) [332] : 0x80 (128) [333] : 0x00 (0) [334] : 0x54 (84) [335] : 0x03 (3) [336] : 0x00 (0) [337] : 0x00 (0) [338] : 0x00 (0) [339] : 0x00 (0) [340] : 0x00 (0) [341] : 0x00 (0) [342] : 0x00 (0) [343] : 0x00 (0) [344] : 0x00 (0) [345] : 0x00 (0) [346] : 0x00 (0) [347] : 0x00 (0) [348] : 0x00 (0) [349] : 0x00 (0) [350] : 0x00 (0) [351] : 0x00 (0) [352] : 0x00 (0) [353] : 0x00 (0) [354] : 0x00 (0) [355] : 0x00 (0) [356] : 0x00 (0) [357] : 0x00 (0) [358] : 0x00 (0) [359] : 0x00 (0) [360] : 0x03 (3) [361] : 0x00 (0) [362] : 0x00 (0) [363] : 0x00 (0) [364] : 0x00 (0) [365] : 0x00 (0) [366] : 0x00 (0) [367] : 0x00 (0) [368] : 0x00 (0) [369] : 0x00 (0) [370] : 0x10 (16) [371] : 0x00 (0) [372] : 0x50 (80) [373] : 0x34 (52) [374] : 0x03 (3) [375] : 0x00 (0) [376] : 0x28 (40) [377] : 0x88 (136) [378] : 0x04 (4) [379] : 0x00 (0) [380] : 0x00 (0) [381] : 0x00 (0) [382] : 0x00 (0) [383] : 0x00 (0) [384] : 0x00 (0) [385] : 0x00 (0) [386] : 0x00 (0) [387] : 0x00 (0) [388] : 0x00 (0) [389] : 0x00 (0) [390] : 0x01 (1) [391] : 0x00 (0) [392] : 0x00 (0) [393] : 0x00 (0) [394] : 0x00 (0) [395] : 0x00 (0) [396] : 0x00 (0) [397] : 0x00 (0) [398] : 0x00 (0) [399] : 0x00 (0) [400] : 0x00 (0) [401] : 0x00 (0) [402] : 0x00 (0) [403] : 0x00 (0) [404] : 0x00 (0) [405] : 0x00 (0) [406] : 0x00 (0) [407] : 0x00 (0) [408] : 0x24 (36) [409] : 0x01 (1) [410] : 0xdf (223) [411] : 0x8c (140) [412] : 0x03 (3) [413] : 0x00 (0) [414] : 0x00 (0) [415] : 0x00 (0) [416] : 0x05 (5) [417] : 0x00 (0) [418] : 0x0b (11) [419] : 0x00 (0) [420] : 0xff (255) [421] : 0x00 (0) [422] : 0x00 (0) [423] : 0x00 (0) [424] : 0x00 (0) [425] : 0x00 (0) [426] : 0x00 (0) [427] : 0x00 (0) [428] : 0x00 (0) [429] : 0x00 (0) [430] : 0x00 (0) [431] : 0x00 (0) [432] : 0x00 (0) [433] : 0x00 (0) [434] : 0x00 (0) [435] : 0x00 (0) [436] : 0x00 (0) [437] : 0x00 (0) [438] : 0x00 (0) [439] : 0x00 (0) [440] : 0x00 (0) [441] : 0x00 (0) [442] : 0x00 (0) [443] : 0x00 (0) [444] : 0x00 (0) [445] : 0x00 (0) [446] : 0x00 (0) [447] : 0x00 (0) [448] : 0x00 (0) [449] : 0x00 (0) [450] : 0x00 (0) [451] : 0x00 (0) [452] : 0x00 (0) [453] : 0x00 (0) [454] : 0x00 (0) [455] : 0x00 (0) [456] : 0x00 (0) [457] : 0x00 (0) [458] : 0x00 (0) [459] : 0x00 (0) [460] : 0x00 (0) [461] : 0x00 (0) [462] : 0x00 (0) [463] : 0x00 (0) [464] : 0x00 (0) [465] : 0x00 (0) [466] : 0x00 (0) [467] : 0x00 (0) [468] : 0x00 (0) [469] : 0x00 (0) [470] : 0x00 (0) [471] : 0x00 (0) [472] : 0x00 (0) [473] : 0x00 (0) [474] : 0x00 (0) [475] : 0x00 (0) [476] : 0x00 (0) [477] : 0x00 (0) [478] : 0x00 (0) [479] : 0x00 (0) [480] : 0x00 (0) [481] : 0x00 (0) [482] : 0x00 (0) [483] : 0x00 (0) [484] : 0x00 (0) [485] : 0x00 (0) [486] : 0x00 (0) [487] : 0x00 (0) [488] : 0x00 (0) [489] : 0x00 (0) [490] : 0x00 (0) [491] : 0x00 (0) [492] : 0x00 (0) [493] : 0x00 (0) [494] : 0x00 (0) [495] : 0x00 (0) [496] : 0x00 (0) [497] : 0x00 (0) [498] : 0x00 (0) [499] : 0x00 (0) [500] : 0x00 (0) [501] : 0x00 (0) [502] : 0x00 (0) [503] : 0x00 (0) [504] : 0x00 (0) [505] : 0x00 (0) [506] : 0x00 (0) [507] : 0x00 (0) [508] : 0x00 (0) [509] : 0x00 (0) [510] : 0x00 (0) [511] : 0x00 (0) [512] : 0x00 (0) [513] : 0x00 (0) [514] : 0x00 (0) [515] : 0x00 (0) [516] : 0x00 (0) [517] : 0x00 (0) [518] : 0x00 (0) [519] : 0x00 (0) [520] : 0x00 (0) [521] : 0x00 (0) [522] : 0x00 (0) [523] : 0x00 (0) [524] : 0x00 (0) [525] : 0x00 (0) [526] : 0x00 (0) [527] : 0x00 (0) [528] : 0x00 (0) [529] : 0x00 (0) [530] : 0x00 (0) [531] : 0x00 (0) [532] : 0x00 (0) [533] : 0x00 (0) [534] : 0x00 (0) [535] : 0x00 (0) [536] : 0x00 (0) [537] : 0x00 (0) [538] : 0x00 (0) [539] : 0x00 (0) [540] : 0x00 (0) [541] : 0x00 (0) [542] : 0x00 (0) [543] : 0x00 (0) [544] : 0x00 (0) [545] : 0x00 (0) [546] : 0x00 (0) [547] : 0x00 (0) [548] : 0x00 (0) [549] : 0x00 (0) [550] : 0x00 (0) [551] : 0x00 (0) [552] : 0x00 (0) [553] : 0x00 (0) [554] : 0x00 (0) [555] : 0x00 (0) [556] : 0x00 (0) [557] : 0x00 (0) [558] : 0x00 (0) [559] : 0x00 (0) [560] : 0x00 (0) [561] : 0x00 (0) [562] : 0x00 (0) [563] : 0x00 (0) [564] : 0x00 (0) [565] : 0x00 (0) [566] : 0x00 (0) [567] : 0x00 (0) [568] : 0x00 (0) [569] : 0x00 (0) [570] : 0x00 (0) [571] : 0x00 (0) [572] : 0x00 (0) [573] : 0x00 (0) [574] : 0x00 (0) [575] : 0x00 (0) [576] : 0x00 (0) [577] : 0x00 (0) [578] : 0x00 (0) [579] : 0x00 (0) [580] : 0x00 (0) [581] : 0x00 (0) [582] : 0x00 (0) [583] : 0x00 (0) [584] : 0x00 (0) [585] : 0x00 (0) [586] : 0x00 (0) [587] : 0x00 (0) [588] : 0x00 (0) [589] : 0x00 (0) [590] : 0x00 (0) [591] : 0x00 (0) [592] : 0x00 (0) [593] : 0x00 (0) [594] : 0x00 (0) [595] : 0x00 (0) [596] : 0x00 (0) [597] : 0x00 (0) [598] : 0x00 (0) [599] : 0x00 (0) [600] : 0x00 (0) [601] : 0x00 (0) [602] : 0x00 (0) [603] : 0x00 (0) [604] : 0x00 (0) [605] : 0x00 (0) [606] : 0x00 (0) [607] : 0x00 (0) [608] : 0x00 (0) [609] : 0x00 (0) [610] : 0x00 (0) [611] : 0x00 (0) [612] : 0x00 (0) [613] : 0x00 (0) [614] : 0x00 (0) [615] : 0x00 (0) [616] : 0x00 (0) [617] : 0x00 (0) [618] : 0x00 (0) [619] : 0x00 (0) [620] : 0x00 (0) [621] : 0x00 (0) [622] : 0x00 (0) [623] : 0x00 (0) [624] : 0x00 (0) [625] : 0x00 (0) [626] : 0x00 (0) [627] : 0x00 (0) [628] : 0x00 (0) [629] : 0x00 (0) [630] : 0x00 (0) [631] : 0x00 (0) [632] : 0x00 (0) [633] : 0x00 (0) [634] : 0x00 (0) [635] : 0x00 (0) [636] : 0x00 (0) [637] : 0x00 (0) [638] : 0x00 (0) [639] : 0x00 (0) [640] : 0x00 (0) [641] : 0x00 (0) [642] : 0x00 (0) [643] : 0x00 (0) [644] : 0x00 (0) [645] : 0x00 (0) [646] : 0x00 (0) [647] : 0x00 (0) [648] : 0x00 (0) [649] : 0x00 (0) [650] : 0x00 (0) [651] : 0x00 (0) [652] : 0x00 (0) [653] : 0x00 (0) [654] : 0x00 (0) [655] : 0x00 (0) [656] : 0x00 (0) [657] : 0x00 (0) [658] : 0x00 (0) [659] : 0x00 (0) [660] : 0x00 (0) [661] : 0x00 (0) [662] : 0x00 (0) [663] : 0x00 (0) [664] : 0x00 (0) [665] : 0x00 (0) [666] : 0x00 (0) [667] : 0x00 (0) [668] : 0x00 (0) [669] : 0x00 (0) [670] : 0x00 (0) [671] : 0x00 (0) [672] : 0x00 (0) [673] : 0x00 (0) [674] : 0x00 (0) [675] : 0x00 (0) [676] : 0x00 (0) [677] : 0x00 (0) [678] : 0x00 (0) [679] : 0x00 (0) [680] : 0x00 (0) [681] : 0x00 (0) [682] : 0x00 (0) [683] : 0x00 (0) [684] : 0x00 (0) [685] : 0x00 (0) [686] : 0x00 (0) [687] : 0x00 (0) [688] : 0x00 (0) [689] : 0x00 (0) [690] : 0x00 (0) [691] : 0x00 (0) [692] : 0x00 (0) [693] : 0x00 (0) [694] : 0x00 (0) [695] : 0x00 (0) [696] : 0x00 (0) [697] : 0x00 (0) [698] : 0x00 (0) [699] : 0x00 (0) [700] : 0x00 (0) [701] : 0x00 (0) [702] : 0x00 (0) [703] : 0x00 (0) [704] : 0x00 (0) [705] : 0x00 (0) [706] : 0x00 (0) [707] : 0x00 (0) [708] : 0x00 (0) [709] : 0x00 (0) [710] : 0x00 (0) [711] : 0x00 (0) [712] : 0x00 (0) [713] : 0x00 (0) [714] : 0x00 (0) [715] : 0x00 (0) [716] : 0x00 (0) [717] : 0x00 (0) [718] : 0x00 (0) [719] : 0x00 (0) [720] : 0x00 (0) [721] : 0x00 (0) [722] : 0x00 (0) [723] : 0x00 (0) [724] : 0x00 (0) [725] : 0x00 (0) [726] : 0x00 (0) [727] : 0x00 (0) [728] : 0x00 (0) [729] : 0x00 (0) [730] : 0x00 (0) [731] : 0x00 (0) [732] : 0x00 (0) [733] : 0x00 (0) [734] : 0x00 (0) [735] : 0x00 (0) [736] : 0x00 (0) [737] : 0x00 (0) [738] : 0x00 (0) [739] : 0x00 (0) [740] : 0x00 (0) [741] : 0x00 (0) [742] : 0x00 (0) [743] : 0x00 (0) [744] : 0x00 (0) [745] : 0x00 (0) [746] : 0x00 (0) [747] : 0x00 (0) [748] : 0x00 (0) [749] : 0x00 (0) [750] : 0x00 (0) [751] : 0x00 (0) [752] : 0x00 (0) [753] : 0x00 (0) [754] : 0x00 (0) [755] : 0x00 (0) [756] : 0x00 (0) [757] : 0x00 (0) [758] : 0x00 (0) [759] : 0x00 (0) [760] : 0x00 (0) [761] : 0x00 (0) [762] : 0x00 (0) [763] : 0x00 (0) [764] : 0x00 (0) [765] : 0x00 (0) [766] : 0x00 (0) [767] : 0x00 (0) [768] : 0x00 (0) [769] : 0x00 (0) [770] : 0x00 (0) [771] : 0x00 (0) [772] : 0x00 (0) [773] : 0x00 (0) [774] : 0x00 (0) [775] : 0x00 (0) [776] : 0x00 (0) [777] : 0x00 (0) [778] : 0x00 (0) [779] : 0x00 (0) [780] : 0x00 (0) [781] : 0x00 (0) [782] : 0x00 (0) [783] : 0x00 (0) [784] : 0x00 (0) [785] : 0x00 (0) [786] : 0x00 (0) [787] : 0x00 (0) [788] : 0x00 (0) [789] : 0x00 (0) [790] : 0x00 (0) [791] : 0x00 (0) [792] : 0x00 (0) [793] : 0x00 (0) [794] : 0x00 (0) [795] : 0x00 (0) [796] : 0x00 (0) [797] : 0x00 (0) [798] : 0x00 (0) [799] : 0x00 (0) [800] : 0x00 (0) [801] : 0x00 (0) [802] : 0x00 (0) [803] : 0x00 (0) [804] : 0x00 (0) [805] : 0x00 (0) [806] : 0x00 (0) [807] : 0x00 (0) [808] : 0x00 (0) [809] : 0x00 (0) [810] : 0x00 (0) [811] : 0x00 (0) [812] : 0x00 (0) [813] : 0x00 (0) [814] : 0x00 (0) [815] : 0x00 (0) [816] : 0x00 (0) [817] : 0x00 (0) [818] : 0x00 (0) [819] : 0x00 (0) [820] : 0x00 (0) [821] : 0x00 (0) [822] : 0x00 (0) [823] : 0x00 (0) [824] : 0x00 (0) [825] : 0x00 (0) [826] : 0x00 (0) [827] : 0x00 (0) [828] : 0x00 (0) [829] : 0x00 (0) [830] : 0x00 (0) [831] : 0x00 (0) [832] : 0x00 (0) [833] : 0x00 (0) [834] : 0x00 (0) [835] : 0x00 (0) [836] : 0x00 (0) [837] : 0x00 (0) [838] : 0x00 (0) [839] : 0x00 (0) [840] : 0x00 (0) [841] : 0x00 (0) [842] : 0x00 (0) [843] : 0x00 (0) [844] : 0x00 (0) [845] : 0x00 (0) [846] : 0x00 (0) [847] : 0x00 (0) [848] : 0x00 (0) [849] : 0x00 (0) [850] : 0x00 (0) [851] : 0x00 (0) [852] : 0x00 (0) [853] : 0x00 (0) [854] : 0x00 (0) [855] : 0x00 (0) [856] : 0x00 (0) [857] : 0x00 (0) [858] : 0x00 (0) [859] : 0x00 (0) [860] : 0x00 (0) [861] : 0x00 (0) [862] : 0x00 (0) [863] : 0x00 (0) [864] : 0x00 (0) [865] : 0x00 (0) [866] : 0x00 (0) [867] : 0x00 (0) [868] : 0x00 (0) [869] : 0x00 (0) [870] : 0x00 (0) [871] : 0x00 (0) [872] : 0x00 (0) [873] : 0x00 (0) [874] : 0x00 (0) [875] : 0x00 (0) [876] : 0x00 (0) [877] : 0x00 (0) [878] : 0x00 (0) [879] : 0x00 (0) [880] : 0x00 (0) [881] : 0x00 (0) [882] : 0x00 (0) [883] : 0x00 (0) [884] : 0x00 (0) [885] : 0x00 (0) [886] : 0x00 (0) [887] : 0x00 (0) [888] : 0x00 (0) [889] : 0x00 (0) [890] : 0x00 (0) [891] : 0x00 (0) [892] : 0x00 (0) [893] : 0x00 (0) [894] : 0x00 (0) [895] : 0x00 (0) [896] : 0x00 (0) [897] : 0x00 (0) [898] : 0x00 (0) [899] : 0x00 (0) [900] : 0x00 (0) [901] : 0x00 (0) [902] : 0x00 (0) [903] : 0x00 (0) [904] : 0x00 (0) [905] : 0x00 (0) [906] : 0x00 (0) [907] : 0x00 (0) [908] : 0x00 (0) [909] : 0x00 (0) [910] : 0x00 (0) [911] : 0x00 (0) [912] : 0x00 (0) [913] : 0x00 (0) [914] : 0x00 (0) [915] : 0x00 (0) [916] : 0x00 (0) [917] : 0x00 (0) [918] : 0x00 (0) [919] : 0x00 (0) [920] : 0x00 (0) [921] : 0x00 (0) [922] : 0x00 (0) [923] : 0x00 (0) [924] : 0x00 (0) [925] : 0x00 (0) [926] : 0x00 (0) [927] : 0x00 (0) [928] : 0x01 (1) [929] : 0x00 (0) [930] : 0x00 (0) [931] : 0x00 (0) [932] : 0x00 (0) [933] : 0x00 (0) [934] : 0x00 (0) [935] : 0x00 (0) [936] : 0x00 (0) [937] : 0x00 (0) [938] : 0x00 (0) [939] : 0x00 (0) [940] : 0x00 (0) [941] : 0x00 (0) [942] : 0x00 (0) [943] : 0x00 (0) [944] : 0x80 (128) [945] : 0x00 (0) [946] : 0x00 (0) [947] : 0x00 (0) [948] : 0x53 (83) [949] : 0x4d (77) [950] : 0x54 (84) [951] : 0x4a (74) [952] : 0x00 (0) [953] : 0x00 (0) [954] : 0x00 (0) [955] : 0x00 (0) [956] : 0x10 (16) [957] : 0x00 (0) [958] : 0x70 (112) [959] : 0x00 (0) [960] : 0x49 (73) [961] : 0x00 (0) [962] : 0x53 (83) [963] : 0x00 (0) [964] : 0x65 (101) [965] : 0x00 (0) [966] : 0x72 (114) [967] : 0x00 (0) [968] : 0x76 (118) [969] : 0x00 (0) [970] : 0x20 (32) [971] : 0x00 (0) [972] : 0x50 (80) [973] : 0x00 (0) [974] : 0x72 (114) [975] : 0x00 (0) [976] : 0x69 (105) [977] : 0x00 (0) [978] : 0x6e (110) [979] : 0x00 (0) [980] : 0x74 (116) [981] : 0x00 (0) [982] : 0x20 (32) [983] : 0x00 (0) [984] : 0x44 (68) [985] : 0x00 (0) [986] : 0x72 (114) [987] : 0x00 (0) [988] : 0x69 (105) [989] : 0x00 (0) [990] : 0x76 (118) [991] : 0x00 (0) [992] : 0x65 (101) [993] : 0x00 (0) [994] : 0x72 (114) [995] : 0x00 (0) [996] : 0x00 (0) [997] : 0x00 (0) [998] : 0x52 (82) [999] : 0x65 (101) [1000] : 0x73 (115) [1001] : 0x6f (111) [1002] : 0x6c (108) [1003] : 0x75 (117) [1004] : 0x74 (116) [1005] : 0x69 (105) [1006] : 0x6f (111) [1007] : 0x6e (110) [1008] : 0x00 (0) [1009] : 0x36 (54) [1010] : 0x30 (48) [1011] : 0x30 (48) [1012] : 0x64 (100) [1013] : 0x70 (112) [1014] : 0x69 (105) [1015] : 0x00 (0) [1016] : 0x50 (80) [1017] : 0x61 (97) [1018] : 0x67 (103) [1019] : 0x65 (101) [1020] : 0x53 (83) [1021] : 0x69 (105) [1022] : 0x7a (122) [1023] : 0x65 (101) [1024] : 0x00 (0) [1025] : 0x41 (65) [1026] : 0x34 (52) [1027] : 0x00 (0) [1028] : 0x50 (80) [1029] : 0x61 (97) [1030] : 0x67 (103) [1031] : 0x65 (101) [1032] : 0x52 (82) [1033] : 0x65 (101) [1034] : 0x67 (103) [1035] : 0x69 (105) [1036] : 0x6f (111) [1037] : 0x6e (110) [1038] : 0x00 (0) [1039] : 0x00 (0) [1040] : 0x00 (0) [1041] : 0x00 (0) [1042] : 0x00 (0) [1043] : 0x00 (0) [1044] : 0x00 (0) [1045] : 0x00 (0) [1046] : 0x00 (0) [1047] : 0x00 (0) [1048] : 0x00 (0) [1049] : 0x00 (0) [1050] : 0x00 (0) [1051] : 0x00 (0) [1052] : 0x00 (0) [1053] : 0x00 (0) [1054] : 0x00 (0) [1055] : 0x00 (0) [1056] : 0x00 (0) [1057] : 0x00 (0) [1058] : 0x00 (0) [1059] : 0x00 (0) [1060] : 0x00 (0) [1061] : 0x00 (0) [1062] : 0x00 (0) [1063] : 0x00 (0) [1064] : 0x00 (0) [1065] : 0x00 (0) [1066] : 0x00 (0) [1067] : 0x00 (0) [1068] : 0x00 (0) [1069] : 0x00 (0) [1070] : 0x00 (0) [1071] : 0x00 (0) data_size : * data_size : 0x00000430 (1072) data_length : * data_length : 0x00000430 (1072) result : WERR_OK [2016/11/10 14:56:30.759104, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/11/10 14:56:30.759150, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/11/10 14:56:30.759160, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/11/10 14:56:30.759171, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/11/10 14:56:30.759181, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/11/10 14:56:30.759190, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.759199, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM] [2016/11/10 14:56:30.759224, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 33 00 00 00 00 00 00 00 24 58 8E 7C ....3... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.759253, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000033-0000-0000-2458-8e7c274a0000 result : WERR_OK [2016/11/10 14:56:30.759294, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000033-0000-0000-2458-8e7c274a0000 keyname: struct winreg_String name_len : 0x00a6 (166) name_size : 0x00a6 (166) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/11/10 14:56:30.759385, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 33 00 00 00 00 00 00 00 24 58 8E 7C ....3... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.759410, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/11/10 14:56:30.759420, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (3->4) [2016/11/10 14:56:30.759431, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/11/10 14:56:30.759440, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/11/10 14:56:30.759451, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.759460, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE] [2016/11/10 14:56:30.759482, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/11/10 14:56:30.759492, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (4->5) [2016/11/10 14:56:30.759503, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.759514, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.759525, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.759534, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.759553, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/11/10 14:56:30.759563, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (5->6) [2016/11/10 14:56:30.759573, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.759582, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.759593, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.759602, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.759619, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/11/10 14:56:30.759629, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (6->7) [2016/11/10 14:56:30.759638, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.759648, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.759659, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.759668, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf76f87c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.759692, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/11/10 14:56:30.759702, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (7->8) [2016/11/10 14:56:30.759712, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.759721, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.759733, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.759742, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf76f87c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.759767, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/11/10 14:56:30.759777, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (8->9) [2016/11/10 14:56:30.759787, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.759797, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.759808, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.759817, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.759862, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.759872, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (9->10) [2016/11/10 14:56:30.759883, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.759893, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.759905, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.759914, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.759937, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (10->9) [2016/11/10 14:56:30.759948, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (9->8) [2016/11/10 14:56:30.759958, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (8->7) [2016/11/10 14:56:30.759967, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (7->6) [2016/11/10 14:56:30.759977, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (6->5) [2016/11/10 14:56:30.759986, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (5->4) [2016/11/10 14:56:30.759996, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 34 00 00 00 00 00 00 00 24 58 8E 7C ....4... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.760023, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000034-0000-0000-2458-8e7c274a0000 result : WERR_OK [2016/11/10 14:56:30.760064, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000034-0000-0000-2458-8e7c274a0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2016/11/10 14:56:30.760143, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 34 00 00 00 00 00 00 00 24 58 8E 7C ....4... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.760168, 7, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.760178, 7, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/11/10 14:56:30.760187, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä' (ops 0xf7331040) [2016/11/10 14:56:30.760198, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.760218, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2016/11/10 14:56:30.760229, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[1]: name[Datatype] len[8] [2016/11/10 14:56:30.760239, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[2]: name[Default Priority] len[4] [2016/11/10 14:56:30.760249, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[3]: name[Port] len[38] [2016/11/10 14:56:30.760260, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[4]: name[Name] len[46] [2016/11/10 14:56:30.760273, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[5]: name[Print Processor] len[18] [2016/11/10 14:56:30.760283, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[6]: name[Priority] len[4] [2016/11/10 14:56:30.760294, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[7]: name[Security] len[248] [2016/11/10 14:56:30.760304, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[8]: name[Share Name] len[46] [2016/11/10 14:56:30.760314, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[9]: name[StartTime] len[4] [2016/11/10 14:56:30.760324, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[10]: name[UntilTime] len[4] [2016/11/10 14:56:30.760335, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[11]: name[Description] len[56] [2016/11/10 14:56:30.760346, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[12]: name[Printer Driver] len[38] [2016/11/10 14:56:30.760356, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[13]: name[Location] len[2] [2016/11/10 14:56:30.760366, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[14]: name[Parameters] len[2] [2016/11/10 14:56:30.760377, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[15]: name[Separator File] len[2] [2016/11/10 14:56:30.760387, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[16]: name[Status] len[4] [2016/11/10 14:56:30.760399, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[17]: name[Default DevMode] len[1072] [2016/11/10 14:56:30.760409, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[18]: name[ChangeID] len[4] [2016/11/10 14:56:30.760420, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2016/11/10 14:56:30.760468, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000034-0000-0000-2458-8e7c274a0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2016/11/10 14:56:30.760541, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 34 00 00 00 00 00 00 00 24 58 8E 7C ....4... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.760565, 7, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.760575, 7, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2016/11/10 14:56:30.760586, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xae (174) [101] : 0x66 (102) [102] : 0x85 (133) [103] : 0x50 (80) [104] : 0xdc (220) [105] : 0x80 (128) [106] : 0xb5 (181) [107] : 0x88 (136) [108] : 0x63 (99) [109] : 0xbb (187) [110] : 0x04 (4) [111] : 0x8c (140) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xae (174) [137] : 0x66 (102) [138] : 0x85 (133) [139] : 0x50 (80) [140] : 0xdc (220) [141] : 0x80 (128) [142] : 0xb5 (181) [143] : 0x88 (136) [144] : 0x63 (99) [145] : 0xbb (187) [146] : 0x04 (4) [147] : 0x8c (140) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2016/11/10 14:56:30.761484, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000034-0000-0000-2458-8e7c274a0000 [2016/11/10 14:56:30.761514, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 34 00 00 00 00 00 00 00 24 58 8E 7C ....4... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.761538, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 34 00 00 00 00 00 00 00 24 58 8E 7C ....4... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.761561, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) Closed policy [2016/11/10 14:56:30.761572, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (4->3) [2016/11/10 14:56:30.761582, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/11/10 14:56:30.761617, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000033-0000-0000-2458-8e7c274a0000 [2016/11/10 14:56:30.761644, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 33 00 00 00 00 00 00 00 24 58 8E 7C ....3... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.761668, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 33 00 00 00 00 00 00 00 24 58 8E 7C ....3... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.761690, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) Closed policy [2016/11/10 14:56:30.761700, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/11/10 14:56:30.761709, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/11/10 14:56:30.761746, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000032-0000-0000-2458-8e7c274a0000 [2016/11/10 14:56:30.761774, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 24 58 8E 7C ....2... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.761798, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 24 58 8E 7C ....2... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.761820, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) Closed policy [2016/11/10 14:56:30.761831, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (2->1) [2016/11/10 14:56:30.761842, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/11/10 14:56:30.761877, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000031-0000-0000-2458-8e7c274a0000 [2016/11/10 14:56:30.761904, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 31 00 00 00 00 00 00 00 24 58 8E 7C ....1... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.761928, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 31 00 00 00 00 00 00 00 24 58 8E 7C ....1... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.761952, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) Closed policy [2016/11/10 14:56:30.761961, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (1->0) [2016/11/10 14:56:30.762019, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/11/10 14:56:30.762058, 5, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:6182(check_printer_ok) check_printer_ok: servername=\\ISERV printername=\\ISERV\aaaaaaaaaaaaaaaaaaaaaä sharename=aaaaaaaaaaaaaaaaaaaaaä portname=Samba Printer Port drivername=HP Universal Print Driver PS comment=aaaaaaaaaaaaaaaaaaaaaä, 0+0 location= [2016/11/10 14:56:30.762086, 4, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p) Create pipe requested winreg [2016/11/10 14:56:30.762099, 10, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:240(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 2 for pipe winreg [2016/11/10 14:56:30.762126, 4, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p) Created internal pipe winreg [2016/11/10 14:56:30.762139, 8, pid=18983, effective(0, 0), real(0, 0)] ../source3/rpc_client/cli_winreg_spoolss.c:1919(winreg_set_printer_dataex) winreg_set_printer_dataex: Open printer key DsSpooler, value driverName, access_mask: 0x2000000 for [aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.762153, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/11/10 14:56:30.762198, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/11/10 14:56:30.762214, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2016/11/10 14:56:30.762226, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:491(push_conn_ctx) push_conn_ctx(14969) : conn_ctx_stack_ndx = 0 [2016/11/10 14:56:30.762236, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2016/11/10 14:56:30.762245, 5, pid=18983, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/11/10 14:56:30.762254, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/11/10 14:56:30.762315, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2016/11/10 14:56:30.762327, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:885(regdb_open) regdb_open: registry db opened. refcount reset (1) [2016/11/10 14:56:30.762337, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/11/10 14:56:30.762347, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/11/10 14:56:30.762356, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.762365, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM] [2016/11/10 14:56:30.762392, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 35 00 00 00 00 00 00 00 24 58 8E 7C ....5... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.762419, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000035-0000-0000-2458-8e7c274a0000 result : WERR_OK [2016/11/10 14:56:30.762465, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000035-0000-0000-2458-8e7c274a0000 name: struct winreg_String name_len : 0x00ba (186) name_size : 0x00ba (186) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä\DsSpooler' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_ACTION_NONE (0) [2016/11/10 14:56:30.762578, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 35 00 00 00 00 00 00 00 24 58 8E 7C ....5... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.762603, 10, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:785(_winreg_CreateKey) _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä\DsSpooler' [2016/11/10 14:56:30.762652, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2016/11/10 14:56:30.762663, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/11/10 14:56:30.762673, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (1->2) [2016/11/10 14:56:30.762684, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/11/10 14:56:30.762693, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/11/10 14:56:30.762706, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.762716, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE] [2016/11/10 14:56:30.762743, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2016/11/10 14:56:30.762753, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/11/10 14:56:30.762763, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/11/10 14:56:30.762773, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.762782, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.762793, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.762802, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.762822, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/11/10 14:56:30.762833, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2016/11/10 14:56:30.762842, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/11/10 14:56:30.762854, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/11/10 14:56:30.762868, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.762879, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.762891, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.762899, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.762915, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/11/10 14:56:30.762926, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2016/11/10 14:56:30.762935, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/11/10 14:56:30.762944, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/11/10 14:56:30.762954, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.762966, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.762978, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.762986, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf76f87c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.763008, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/11/10 14:56:30.763018, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2016/11/10 14:56:30.763027, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/11/10 14:56:30.763037, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/11/10 14:56:30.763046, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.763056, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.763068, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.763076, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf76f87c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.763098, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/11/10 14:56:30.763108, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2016/11/10 14:56:30.763117, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/11/10 14:56:30.763127, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/11/10 14:56:30.763136, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.763146, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.763158, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.763166, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.763208, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/11/10 14:56:30.763221, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2016/11/10 14:56:30.763230, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.763240, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/11/10 14:56:30.763250, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.763260, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.763272, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.763281, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.763303, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/11/10 14:56:30.763313, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [DsSpooler] [2016/11/10 14:56:30.763323, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/11/10 14:56:30.763333, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä\DsSpooler] [2016/11/10 14:56:30.763343, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä\DsSpooler] [2016/11/10 14:56:30.763355, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.763364, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä\DsSpooler] [2016/11/10 14:56:30.763383, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/11/10 14:56:30.763394, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 24 58 8E 7C ....6... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.763419, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000036-0000-0000-2458-8e7c274a0000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK [2016/11/10 14:56:30.763468, 8, pid=18983, effective(0, 0), real(0, 0)] ../source3/rpc_client/cli_winreg_spoolss.c:285(winreg_printer_openkey) winreg_printer_openkey: createkey opened existing SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä\DsSpooler [2016/11/10 14:56:30.763488, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000036-0000-0000-2458-8e7c274a0000 name: struct winreg_String name_len : 0x0016 (22) name_size : 0x0016 (22) name : * name : 'driverName' type : REG_SZ (1) data : * data: ARRAY(58) [0] : 0x48 (72) [1] : 0x00 (0) [2] : 0x50 (80) [3] : 0x00 (0) [4] : 0x20 (32) [5] : 0x00 (0) [6] : 0x55 (85) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x76 (118) [13] : 0x00 (0) [14] : 0x65 (101) [15] : 0x00 (0) [16] : 0x72 (114) [17] : 0x00 (0) [18] : 0x73 (115) [19] : 0x00 (0) [20] : 0x61 (97) [21] : 0x00 (0) [22] : 0x6c (108) [23] : 0x00 (0) [24] : 0x20 (32) [25] : 0x00 (0) [26] : 0x50 (80) [27] : 0x00 (0) [28] : 0x72 (114) [29] : 0x00 (0) [30] : 0x69 (105) [31] : 0x00 (0) [32] : 0x6e (110) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x20 (32) [37] : 0x00 (0) [38] : 0x44 (68) [39] : 0x00 (0) [40] : 0x72 (114) [41] : 0x00 (0) [42] : 0x69 (105) [43] : 0x00 (0) [44] : 0x76 (118) [45] : 0x00 (0) [46] : 0x65 (101) [47] : 0x00 (0) [48] : 0x72 (114) [49] : 0x00 (0) [50] : 0x20 (32) [51] : 0x00 (0) [52] : 0x50 (80) [53] : 0x00 (0) [54] : 0x53 (83) [55] : 0x00 (0) [56] : 0x00 (0) [57] : 0x00 (0) size : 0x0000003a (58) [2016/11/10 14:56:30.763750, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 24 58 8E 7C ....6... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.763775, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä\DsSpooler:driverName] [2016/11/10 14:56:30.763822, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä\DsSpooler' (ops 0xf7331040) [2016/11/10 14:56:30.763834, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä\DsSpooler] [2016/11/10 14:56:30.763859, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[0]: name[printerName] len[46] [2016/11/10 14:56:30.763870, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[1]: name[shortServerName] len[12] [2016/11/10 14:56:30.763881, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[2]: name[versionNumber] len[4] [2016/11/10 14:56:30.763891, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[3]: name[printStartTime] len[4] [2016/11/10 14:56:30.763902, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[4]: name[printEndTime] len[4] [2016/11/10 14:56:30.763912, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[5]: name[priority] len[4] [2016/11/10 14:56:30.763922, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[6]: name[printKeepPrintedJobs] len[4] [2016/11/10 14:56:30.763932, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[7]: name[driverName] len[38] [2016/11/10 14:56:30.763942, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[8]: name[description] len[56] [2016/11/10 14:56:30.763953, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[9]: name[serverName] len[40] [2016/11/10 14:56:30.763963, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[10]: name[uNCName] len[62] [2016/11/10 14:56:30.763977, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2016/11/10 14:56:30.763992, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1970(regdb_store_values_internal) regdb_store_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä\DsSpooler] [2016/11/10 14:56:30.764011, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2016/11/10 14:56:30.764021, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order) check lock order 1 for /var/lib/samba/registry.tdb [2016/11/10 14:56:30.764031, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/var/lib/samba/registry.tdb 2: 3: [2016/11/10 14:56:30.764043, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 53414D42415F52454756 [2016/11/10 14:56:30.764054, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0xf94035a8 [2016/11/10 14:56:30.764076, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 53414D42415F52454756 [2016/11/10 14:56:30.764093, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /var/lib/samba/registry.tdb [2016/11/10 14:56:30.764102, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2016/11/10 14:56:30.766764, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2016/11/10 14:56:30.766797, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000036-0000-0000-2458-8e7c274a0000 [2016/11/10 14:56:30.766827, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 24 58 8E 7C ....6... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.766852, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 24 58 8E 7C ....6... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.766875, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) Closed policy [2016/11/10 14:56:30.766886, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (2->1) [2016/11/10 14:56:30.766896, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/11/10 14:56:30.766937, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000035-0000-0000-2458-8e7c274a0000 [2016/11/10 14:56:30.766966, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 35 00 00 00 00 00 00 00 24 58 8E 7C ....5... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.766989, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 35 00 00 00 00 00 00 00 24 58 8E 7C ....5... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.767012, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) Closed policy [2016/11/10 14:56:30.767022, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (1->0) [2016/11/10 14:56:30.767067, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/11/10 14:56:30.767119, 10, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:6415(update_dsspooler) update_printer: changing driver [HP Universal Print Driver PS]! Sending event! [2016/11/10 14:56:30.767140, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x00/0x04 for printer aaaaaaaaaaaaaaaaaaaaaä to notify_queue_head [2016/11/10 14:56:30.767164, 8, pid=18983, effective(0, 0), real(0, 0)] ../source3/rpc_client/cli_winreg_spoolss.c:1919(winreg_set_printer_dataex) winreg_set_printer_dataex: Open printer key DsSpooler, value printerName, access_mask: 0x2000000 for [aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.767184, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/11/10 14:56:30.767233, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/11/10 14:56:30.767248, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2016/11/10 14:56:30.767259, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:491(push_conn_ctx) push_conn_ctx(14969) : conn_ctx_stack_ndx = 0 [2016/11/10 14:56:30.767269, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2016/11/10 14:56:30.767282, 5, pid=18983, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/11/10 14:56:30.767291, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/11/10 14:56:30.767344, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2016/11/10 14:56:30.767356, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:885(regdb_open) regdb_open: registry db opened. refcount reset (1) [2016/11/10 14:56:30.767366, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/11/10 14:56:30.767376, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/11/10 14:56:30.767386, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.767395, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM] [2016/11/10 14:56:30.767421, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 37 00 00 00 00 00 00 00 24 58 8E 7C ....7... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.767448, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000037-0000-0000-2458-8e7c274a0000 result : WERR_OK [2016/11/10 14:56:30.767495, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000037-0000-0000-2458-8e7c274a0000 name: struct winreg_String name_len : 0x00ba (186) name_size : 0x00ba (186) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä\DsSpooler' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_ACTION_NONE (0) [2016/11/10 14:56:30.767619, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 37 00 00 00 00 00 00 00 24 58 8E 7C ....7... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.767647, 10, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:785(_winreg_CreateKey) _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä\DsSpooler' [2016/11/10 14:56:30.767696, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2016/11/10 14:56:30.767707, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/11/10 14:56:30.767717, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (1->2) [2016/11/10 14:56:30.767728, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/11/10 14:56:30.767737, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/11/10 14:56:30.767747, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.767756, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE] [2016/11/10 14:56:30.767784, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2016/11/10 14:56:30.767794, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/11/10 14:56:30.767804, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/11/10 14:56:30.767814, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.767823, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.767834, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.767842, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.767863, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/11/10 14:56:30.767873, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2016/11/10 14:56:30.767883, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/11/10 14:56:30.767892, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/11/10 14:56:30.767905, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.767914, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.767925, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.767934, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.767949, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/11/10 14:56:30.767959, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2016/11/10 14:56:30.767969, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/11/10 14:56:30.767978, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/11/10 14:56:30.767989, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.767998, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.768010, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.768019, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf76f87c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.768040, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/11/10 14:56:30.768050, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2016/11/10 14:56:30.768060, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/11/10 14:56:30.768069, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/11/10 14:56:30.768079, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.768099, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.768115, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.768127, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf76f87c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.768150, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/11/10 14:56:30.768165, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2016/11/10 14:56:30.768174, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/11/10 14:56:30.768184, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/11/10 14:56:30.768194, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.768204, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.768216, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.768225, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.768268, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/11/10 14:56:30.768278, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2016/11/10 14:56:30.768288, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.768297, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/11/10 14:56:30.768307, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.768317, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.768329, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.768338, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.768358, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/11/10 14:56:30.768368, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [DsSpooler] [2016/11/10 14:56:30.768377, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/11/10 14:56:30.768387, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä\DsSpooler] [2016/11/10 14:56:30.768397, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä\DsSpooler] [2016/11/10 14:56:30.768411, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.768420, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä\DsSpooler] [2016/11/10 14:56:30.768439, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/11/10 14:56:30.768450, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 38 00 00 00 00 00 00 00 24 58 8E 7C ....8... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.768475, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000038-0000-0000-2458-8e7c274a0000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK [2016/11/10 14:56:30.768519, 8, pid=18983, effective(0, 0), real(0, 0)] ../source3/rpc_client/cli_winreg_spoolss.c:285(winreg_printer_openkey) winreg_printer_openkey: createkey opened existing SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä\DsSpooler [2016/11/10 14:56:30.768537, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000038-0000-0000-2458-8e7c274a0000 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'printerName' type : REG_SZ (1) data : * data: ARRAY(46) [0] : 0x61 (97) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x61 (97) [5] : 0x00 (0) [6] : 0x61 (97) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x61 (97) [11] : 0x00 (0) [12] : 0x61 (97) [13] : 0x00 (0) [14] : 0x61 (97) [15] : 0x00 (0) [16] : 0x61 (97) [17] : 0x00 (0) [18] : 0x61 (97) [19] : 0x00 (0) [20] : 0x61 (97) [21] : 0x00 (0) [22] : 0x61 (97) [23] : 0x00 (0) [24] : 0x61 (97) [25] : 0x00 (0) [26] : 0x61 (97) [27] : 0x00 (0) [28] : 0x61 (97) [29] : 0x00 (0) [30] : 0x61 (97) [31] : 0x00 (0) [32] : 0x61 (97) [33] : 0x00 (0) [34] : 0x61 (97) [35] : 0x00 (0) [36] : 0x61 (97) [37] : 0x00 (0) [38] : 0x61 (97) [39] : 0x00 (0) [40] : 0x61 (97) [41] : 0x00 (0) [42] : 0xe4 (228) [43] : 0x00 (0) [44] : 0x00 (0) [45] : 0x00 (0) size : 0x0000002e (46) [2016/11/10 14:56:30.768757, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 38 00 00 00 00 00 00 00 24 58 8E 7C ....8... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.768782, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä\DsSpooler:printerName] [2016/11/10 14:56:30.768830, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä\DsSpooler' (ops 0xf7331040) [2016/11/10 14:56:30.768842, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä\DsSpooler] [2016/11/10 14:56:30.768866, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[0]: name[printerName] len[46] [2016/11/10 14:56:30.768878, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[1]: name[shortServerName] len[12] [2016/11/10 14:56:30.768888, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[2]: name[versionNumber] len[4] [2016/11/10 14:56:30.768898, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[3]: name[printStartTime] len[4] [2016/11/10 14:56:30.768908, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[4]: name[printEndTime] len[4] [2016/11/10 14:56:30.768918, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[5]: name[priority] len[4] [2016/11/10 14:56:30.768928, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[6]: name[printKeepPrintedJobs] len[4] [2016/11/10 14:56:30.768941, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[7]: name[description] len[56] [2016/11/10 14:56:30.768951, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[8]: name[serverName] len[40] [2016/11/10 14:56:30.768961, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[9]: name[uNCName] len[62] [2016/11/10 14:56:30.768975, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[10]: name[driverName] len[58] [2016/11/10 14:56:30.768989, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2016/11/10 14:56:30.769015, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000038-0000-0000-2458-8e7c274a0000 [2016/11/10 14:56:30.769043, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 38 00 00 00 00 00 00 00 24 58 8E 7C ....8... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.769067, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 38 00 00 00 00 00 00 00 24 58 8E 7C ....8... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.769090, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) Closed policy [2016/11/10 14:56:30.769100, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (2->1) [2016/11/10 14:56:30.769110, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/11/10 14:56:30.769146, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000037-0000-0000-2458-8e7c274a0000 [2016/11/10 14:56:30.769176, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 37 00 00 00 00 00 00 00 24 58 8E 7C ....7... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.769207, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 37 00 00 00 00 00 00 00 24 58 8E 7C ....7... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.769234, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) Closed policy [2016/11/10 14:56:30.769244, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (1->0) [2016/11/10 14:56:30.769274, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/11/10 14:56:30.769332, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/printing/notify.c:327(send_spoolss_notify2_msg) send_spoolss_notify2_msg: appending message 0x00/0x01 for printer aaaaaaaaaaaaaaaaaaaaaä to notify_queue_head [2016/11/10 14:56:30.769348, 5, pid=18983, effective(0, 0), real(0, 0), class=tdb] ../source3/lib/gencache.c:929(gencache_iterate_blobs) Searching cache keys with pattern PRINTERNAME/* [2016/11/10 14:56:30.769383, 10, pid=18983, effective(0, 0), real(0, 0), class=tdb] ../source3/lib/gencache.c:907(gencache_iterate_blobs_fn) Calling function with arguments (key=[PRINTERNAME/Täst], timeout=[Fr Jan 2 01:38:38 1970 CET]) [2016/11/10 14:56:30.769398, 10, pid=18983, effective(0, 0), real(0, 0), class=tdb] ../source3/lib/gencache.c:980(gencache_iterate_fn) Calling function with arguments (key=[PRINTERNAME/Täst], value=[Täst], timeout=[Fr Jan 2 01:38:38 1970 CET]) [2016/11/10 14:56:30.769410, 10, pid=18983, effective(0, 0), real(0, 0), class=tdb] ../source3/lib/gencache.c:400(gencache_del) Deleting cache entry (key=[PRINTERNAME/Täst]) [2016/11/10 14:56:30.769427, 10, pid=18983, effective(0, 0), real(0, 0), class=tdb] ../source3/lib/gencache.c:333(gencache_set_data_blob) Adding cache entry with key=[PRINTERNAME/Täst] and timeout=[Do Jan 1 01:00:00 1970 CET] (-1478786190 seconds in the past) [2016/11/10 14:56:30.769505, 10, pid=18983, effective(0, 0), real(0, 0), class=tdb] ../source3/lib/gencache.c:678(gencache_stabilize) Could not get allrecord lock on gencache_notrans.tdb: Locking error [2016/11/10 14:56:30.769521, 10, pid=18983, effective(0, 0), real(0, 0), class=tdb] ../source3/lib/gencache.c:907(gencache_iterate_blobs_fn) Calling function with arguments (key=[PRINTERNAME/testdrucjker], timeout=[Fr Jan 2 01:38:37 1970 CET]) [2016/11/10 14:56:30.769533, 10, pid=18983, effective(0, 0), real(0, 0), class=tdb] ../source3/lib/gencache.c:980(gencache_iterate_fn) Calling function with arguments (key=[PRINTERNAME/testdrucjker], value=[testdrucjker], timeout=[Fr Jan 2 01:38:37 1970 CET]) [2016/11/10 14:56:30.769544, 10, pid=18983, effective(0, 0), real(0, 0), class=tdb] ../source3/lib/gencache.c:400(gencache_del) Deleting cache entry (key=[PRINTERNAME/testdrucjker]) [2016/11/10 14:56:30.769557, 10, pid=18983, effective(0, 0), real(0, 0), class=tdb] ../source3/lib/gencache.c:333(gencache_set_data_blob) Adding cache entry with key=[PRINTERNAME/testdrucjker] and timeout=[Do Jan 1 01:00:00 1970 CET] (-1478786190 seconds in the past) [2016/11/10 14:56:30.769601, 10, pid=18983, effective(0, 0), real(0, 0), class=tdb] ../source3/lib/gencache.c:678(gencache_stabilize) Could not get allrecord lock on gencache_notrans.tdb: Locking error [2016/11/10 14:56:30.769618, 10, pid=18983, effective(0, 0), real(0, 0), class=tdb] ../source3/lib/gencache.c:907(gencache_iterate_blobs_fn) Calling function with arguments (key=[PRINTERNAME/AAAAAAAAAAAAAAAAAAAAAAÄ], timeout=[Fr Jan 2 01:34:01 1970 CET]) [2016/11/10 14:56:30.769630, 10, pid=18983, effective(0, 0), real(0, 0), class=tdb] ../source3/lib/gencache.c:980(gencache_iterate_fn) Calling function with arguments (key=[PRINTERNAME/AAAAAAAAAAAAAAAAAAAAAAÄ], value=[aaaaaaaaaaaaaaaaaaaaaaä], timeout=[Fr Jan 2 01:34:01 1970 CET]) [2016/11/10 14:56:30.769645, 10, pid=18983, effective(0, 0), real(0, 0), class=tdb] ../source3/lib/gencache.c:400(gencache_del) Deleting cache entry (key=[PRINTERNAME/AAAAAAAAAAAAAAAAAAAAAAÄ]) [2016/11/10 14:56:30.769658, 10, pid=18983, effective(0, 0), real(0, 0), class=tdb] ../source3/lib/gencache.c:333(gencache_set_data_blob) Adding cache entry with key=[PRINTERNAME/AAAAAAAAAAAAAAAAAAAAAAÄ] and timeout=[Do Jan 1 01:00:00 1970 CET] (-1478786190 seconds in the past) [2016/11/10 14:56:30.769701, 10, pid=18983, effective(0, 0), real(0, 0), class=tdb] ../source3/lib/gencache.c:678(gencache_stabilize) Could not get allrecord lock on gencache_notrans.tdb: Locking error [2016/11/10 14:56:30.769715, 10, pid=18983, effective(0, 0), real(0, 0), class=tdb] ../source3/lib/gencache.c:907(gencache_iterate_blobs_fn) Calling function with arguments (key=[PRINTERNAME/AAAAAAAAAAAAAAAAAAAAAÄ], timeout=[Fr Jan 2 01:39:15 1970 CET]) [2016/11/10 14:56:30.769727, 10, pid=18983, effective(0, 0), real(0, 0), class=tdb] ../source3/lib/gencache.c:980(gencache_iterate_fn) Calling function with arguments (key=[PRINTERNAME/AAAAAAAAAAAAAAAAAAAAAÄ], value=[aaaaaaaaaaaaaaaaaaaaaä], timeout=[Fr Jan 2 01:39:15 1970 CET]) [2016/11/10 14:56:30.769739, 10, pid=18983, effective(0, 0), real(0, 0), class=tdb] ../source3/lib/gencache.c:400(gencache_del) Deleting cache entry (key=[PRINTERNAME/AAAAAAAAAAAAAAAAAAAAAÄ]) [2016/11/10 14:56:30.769752, 10, pid=18983, effective(0, 0), real(0, 0), class=tdb] ../source3/lib/gencache.c:333(gencache_set_data_blob) Adding cache entry with key=[PRINTERNAME/AAAAAAAAAAAAAAAAAAAAAÄ] and timeout=[Do Jan 1 01:00:00 1970 CET] (-1478786190 seconds in the past) [2016/11/10 14:56:30.769793, 10, pid=18983, effective(0, 0), real(0, 0), class=tdb] ../source3/lib/gencache.c:678(gencache_stabilize) Could not get allrecord lock on gencache_notrans.tdb: Locking error [2016/11/10 14:56:30.774727, 8, pid=18983, effective(0, 0), real(0, 0)] ../source3/rpc_client/cli_winreg_spoolss.c:1919(winreg_set_printer_dataex) winreg_set_printer_dataex: Open printer key DsSpooler, value shortServerName, access_mask: 0x2000000 for [aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.774747, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/11/10 14:56:30.774795, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/11/10 14:56:30.774810, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2016/11/10 14:56:30.774822, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:491(push_conn_ctx) push_conn_ctx(14969) : conn_ctx_stack_ndx = 0 [2016/11/10 14:56:30.774831, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2016/11/10 14:56:30.774841, 5, pid=18983, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/11/10 14:56:30.774850, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/11/10 14:56:30.774904, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2016/11/10 14:56:30.774915, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:885(regdb_open) regdb_open: registry db opened. refcount reset (1) [2016/11/10 14:56:30.774926, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/11/10 14:56:30.774936, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/11/10 14:56:30.774945, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.774954, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM] [2016/11/10 14:56:30.774984, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 39 00 00 00 00 00 00 00 24 58 8E 7C ....9... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.775020, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000039-0000-0000-2458-8e7c274a0000 result : WERR_OK [2016/11/10 14:56:30.775069, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000039-0000-0000-2458-8e7c274a0000 name: struct winreg_String name_len : 0x00ba (186) name_size : 0x00ba (186) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä\DsSpooler' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_ACTION_NONE (0) [2016/11/10 14:56:30.775188, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 39 00 00 00 00 00 00 00 24 58 8E 7C ....9... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.775217, 10, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:785(_winreg_CreateKey) _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä\DsSpooler' [2016/11/10 14:56:30.775266, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2016/11/10 14:56:30.775278, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/11/10 14:56:30.775288, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (1->2) [2016/11/10 14:56:30.775299, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/11/10 14:56:30.775308, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/11/10 14:56:30.775320, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.775333, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE] [2016/11/10 14:56:30.775364, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2016/11/10 14:56:30.775374, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/11/10 14:56:30.775384, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/11/10 14:56:30.775394, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.775406, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.775418, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.775427, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.775449, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/11/10 14:56:30.775459, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2016/11/10 14:56:30.775469, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/11/10 14:56:30.775478, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/11/10 14:56:30.775488, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.775497, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.775512, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.775521, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.775536, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/11/10 14:56:30.775546, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2016/11/10 14:56:30.775555, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/11/10 14:56:30.775564, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/11/10 14:56:30.775574, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.775584, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.775598, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.775609, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf76f87c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.775633, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/11/10 14:56:30.775643, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2016/11/10 14:56:30.775653, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/11/10 14:56:30.775662, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/11/10 14:56:30.775672, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.775682, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.775693, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.775702, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf76f87c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.775723, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/11/10 14:56:30.775734, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2016/11/10 14:56:30.775743, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/11/10 14:56:30.775755, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/11/10 14:56:30.775766, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.775775, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.775787, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.775796, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.775838, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/11/10 14:56:30.775848, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2016/11/10 14:56:30.775858, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.775868, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/11/10 14:56:30.775878, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.775888, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.775901, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.775910, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.775931, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/11/10 14:56:30.775942, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [DsSpooler] [2016/11/10 14:56:30.775951, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/11/10 14:56:30.775962, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä\DsSpooler] [2016/11/10 14:56:30.775972, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä\DsSpooler] [2016/11/10 14:56:30.775984, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.775996, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä\DsSpooler] [2016/11/10 14:56:30.776015, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/11/10 14:56:30.776026, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 24 58 8E 7C ....:... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.776052, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003a-0000-0000-2458-8e7c274a0000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK [2016/11/10 14:56:30.776109, 8, pid=18983, effective(0, 0), real(0, 0)] ../source3/rpc_client/cli_winreg_spoolss.c:285(winreg_printer_openkey) winreg_printer_openkey: createkey opened existing SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä\DsSpooler [2016/11/10 14:56:30.776126, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003a-0000-0000-2458-8e7c274a0000 name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'shortServerName' type : REG_SZ (1) data : * data: ARRAY(12) [0] : 0x49 (73) [1] : 0x00 (0) [2] : 0x53 (83) [3] : 0x00 (0) [4] : 0x45 (69) [5] : 0x00 (0) [6] : 0x52 (82) [7] : 0x00 (0) [8] : 0x56 (86) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) size : 0x0000000c (12) [2016/11/10 14:56:30.776223, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 24 58 8E 7C ....:... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.776247, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä\DsSpooler:shortServerName] [2016/11/10 14:56:30.776294, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä\DsSpooler' (ops 0xf7331040) [2016/11/10 14:56:30.776309, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä\DsSpooler] [2016/11/10 14:56:30.776334, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[0]: name[printerName] len[46] [2016/11/10 14:56:30.776345, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[1]: name[shortServerName] len[12] [2016/11/10 14:56:30.776355, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[2]: name[versionNumber] len[4] [2016/11/10 14:56:30.776365, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[3]: name[printStartTime] len[4] [2016/11/10 14:56:30.776376, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[4]: name[printEndTime] len[4] [2016/11/10 14:56:30.776385, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[5]: name[priority] len[4] [2016/11/10 14:56:30.776396, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[6]: name[printKeepPrintedJobs] len[4] [2016/11/10 14:56:30.776406, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[7]: name[description] len[56] [2016/11/10 14:56:30.776420, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[8]: name[serverName] len[40] [2016/11/10 14:56:30.776433, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[9]: name[uNCName] len[62] [2016/11/10 14:56:30.776446, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[10]: name[driverName] len[58] [2016/11/10 14:56:30.776463, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2016/11/10 14:56:30.776495, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003a-0000-0000-2458-8e7c274a0000 [2016/11/10 14:56:30.776524, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 24 58 8E 7C ....:... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.776549, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 24 58 8E 7C ....:... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.776575, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) Closed policy [2016/11/10 14:56:30.776586, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (2->1) [2016/11/10 14:56:30.776596, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/11/10 14:56:30.776632, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000039-0000-0000-2458-8e7c274a0000 [2016/11/10 14:56:30.776660, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 39 00 00 00 00 00 00 00 24 58 8E 7C ....9... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.776692, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 39 00 00 00 00 00 00 00 24 58 8E 7C ....9... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.776715, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) Closed policy [2016/11/10 14:56:30.776725, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (1->0) [2016/11/10 14:56:30.776755, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/11/10 14:56:30.776812, 8, pid=18983, effective(0, 0), real(0, 0)] ../source3/rpc_client/cli_winreg_spoolss.c:1919(winreg_set_printer_dataex) winreg_set_printer_dataex: Open printer key DsSpooler, value serverName, access_mask: 0x2000000 for [aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.776832, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/11/10 14:56:30.776885, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/11/10 14:56:30.776900, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2016/11/10 14:56:30.776915, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:491(push_conn_ctx) push_conn_ctx(14969) : conn_ctx_stack_ndx = 0 [2016/11/10 14:56:30.776925, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2016/11/10 14:56:30.776934, 5, pid=18983, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/11/10 14:56:30.776943, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/11/10 14:56:30.776992, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2016/11/10 14:56:30.777004, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:885(regdb_open) regdb_open: registry db opened. refcount reset (1) [2016/11/10 14:56:30.777015, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/11/10 14:56:30.777024, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/11/10 14:56:30.777034, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.777043, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM] [2016/11/10 14:56:30.777069, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 3B 00 00 00 00 00 00 00 24 58 8E 7C ....;... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.777095, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003b-0000-0000-2458-8e7c274a0000 result : WERR_OK [2016/11/10 14:56:30.777142, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003b-0000-0000-2458-8e7c274a0000 name: struct winreg_String name_len : 0x00ba (186) name_size : 0x00ba (186) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä\DsSpooler' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_ACTION_NONE (0) [2016/11/10 14:56:30.777264, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3B 00 00 00 00 00 00 00 24 58 8E 7C ....;... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.777290, 10, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:785(_winreg_CreateKey) _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä\DsSpooler' [2016/11/10 14:56:30.777337, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2016/11/10 14:56:30.777349, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/11/10 14:56:30.777359, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (1->2) [2016/11/10 14:56:30.777369, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/11/10 14:56:30.777378, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/11/10 14:56:30.777389, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.777397, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE] [2016/11/10 14:56:30.777424, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2016/11/10 14:56:30.777434, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/11/10 14:56:30.777444, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/11/10 14:56:30.777454, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.777463, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.777473, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.777482, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.777502, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/11/10 14:56:30.777513, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2016/11/10 14:56:30.777525, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/11/10 14:56:30.777535, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/11/10 14:56:30.777545, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.777554, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.777565, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.777574, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.777589, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/11/10 14:56:30.777599, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2016/11/10 14:56:30.777608, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/11/10 14:56:30.777618, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/11/10 14:56:30.777628, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.777637, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.777648, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.777657, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf76f87c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.777678, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/11/10 14:56:30.777689, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2016/11/10 14:56:30.777698, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/11/10 14:56:30.777707, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/11/10 14:56:30.777718, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.777727, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.777743, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.777757, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf76f87c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.777781, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/11/10 14:56:30.777792, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2016/11/10 14:56:30.777801, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/11/10 14:56:30.777811, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/11/10 14:56:30.777821, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.777831, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.777843, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.777852, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.777894, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/11/10 14:56:30.777904, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2016/11/10 14:56:30.777914, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.777923, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/11/10 14:56:30.777934, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.777944, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.777956, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.777965, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.777985, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/11/10 14:56:30.777995, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [DsSpooler] [2016/11/10 14:56:30.778007, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/11/10 14:56:30.778023, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä\DsSpooler] [2016/11/10 14:56:30.778035, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä\DsSpooler] [2016/11/10 14:56:30.778050, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.778062, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä\DsSpooler] [2016/11/10 14:56:30.778082, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/11/10 14:56:30.778094, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 3C 00 00 00 00 00 00 00 24 58 8E 7C ....<... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.778119, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003c-0000-0000-2458-8e7c274a0000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK [2016/11/10 14:56:30.778164, 8, pid=18983, effective(0, 0), real(0, 0)] ../source3/rpc_client/cli_winreg_spoolss.c:285(winreg_printer_openkey) winreg_printer_openkey: createkey opened existing SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä\DsSpooler [2016/11/10 14:56:30.778181, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003c-0000-0000-2458-8e7c274a0000 name: struct winreg_String name_len : 0x0016 (22) name_size : 0x0016 (22) name : * name : 'serverName' type : REG_SZ (1) data : * data: ARRAY(40) [0] : 0x69 (105) [1] : 0x00 (0) [2] : 0x73 (115) [3] : 0x00 (0) [4] : 0x65 (101) [5] : 0x00 (0) [6] : 0x72 (114) [7] : 0x00 (0) [8] : 0x76 (118) [9] : 0x00 (0) [10] : 0x2e (46) [11] : 0x00 (0) [12] : 0x64 (100) [13] : 0x00 (0) [14] : 0x65 (101) [15] : 0x00 (0) [16] : 0x76 (118) [17] : 0x00 (0) [18] : 0x32 (50) [19] : 0x00 (0) [20] : 0x2e (46) [21] : 0x00 (0) [22] : 0x69 (105) [23] : 0x00 (0) [24] : 0x73 (115) [25] : 0x00 (0) [26] : 0x65 (101) [27] : 0x00 (0) [28] : 0x72 (114) [29] : 0x00 (0) [30] : 0x76 (118) [31] : 0x00 (0) [32] : 0x2e (46) [33] : 0x00 (0) [34] : 0x65 (101) [35] : 0x00 (0) [36] : 0x75 (117) [37] : 0x00 (0) [38] : 0x00 (0) [39] : 0x00 (0) size : 0x00000028 (40) [2016/11/10 14:56:30.778377, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3C 00 00 00 00 00 00 00 24 58 8E 7C ....<... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.778402, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä\DsSpooler:serverName] [2016/11/10 14:56:30.778448, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä\DsSpooler' (ops 0xf7331040) [2016/11/10 14:56:30.778460, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä\DsSpooler] [2016/11/10 14:56:30.778484, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[0]: name[printerName] len[46] [2016/11/10 14:56:30.778495, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[1]: name[shortServerName] len[12] [2016/11/10 14:56:30.778505, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[2]: name[versionNumber] len[4] [2016/11/10 14:56:30.778515, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[3]: name[printStartTime] len[4] [2016/11/10 14:56:30.778525, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[4]: name[printEndTime] len[4] [2016/11/10 14:56:30.778535, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[5]: name[priority] len[4] [2016/11/10 14:56:30.778548, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[6]: name[printKeepPrintedJobs] len[4] [2016/11/10 14:56:30.778558, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[7]: name[description] len[56] [2016/11/10 14:56:30.778568, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[8]: name[serverName] len[40] [2016/11/10 14:56:30.778578, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[9]: name[uNCName] len[62] [2016/11/10 14:56:30.778588, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[10]: name[driverName] len[58] [2016/11/10 14:56:30.778601, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2016/11/10 14:56:30.778627, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003c-0000-0000-2458-8e7c274a0000 [2016/11/10 14:56:30.778655, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3C 00 00 00 00 00 00 00 24 58 8E 7C ....<... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.778679, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3C 00 00 00 00 00 00 00 24 58 8E 7C ....<... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.778702, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) Closed policy [2016/11/10 14:56:30.778712, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (2->1) [2016/11/10 14:56:30.778722, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/11/10 14:56:30.778758, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003b-0000-0000-2458-8e7c274a0000 [2016/11/10 14:56:30.778784, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3B 00 00 00 00 00 00 00 24 58 8E 7C ....;... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.778808, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3B 00 00 00 00 00 00 00 24 58 8E 7C ....;... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.778833, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) Closed policy [2016/11/10 14:56:30.778843, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (1->0) [2016/11/10 14:56:30.778872, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/11/10 14:56:30.778931, 8, pid=18983, effective(0, 0), real(0, 0)] ../source3/rpc_client/cli_winreg_spoolss.c:1919(winreg_set_printer_dataex) winreg_set_printer_dataex: Open printer key DsSpooler, value uNCName, access_mask: 0x2000000 for [aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.778951, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/11/10 14:56:30.779002, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/11/10 14:56:30.779017, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2016/11/10 14:56:30.779028, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:491(push_conn_ctx) push_conn_ctx(14969) : conn_ctx_stack_ndx = 0 [2016/11/10 14:56:30.779038, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2016/11/10 14:56:30.779047, 5, pid=18983, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/11/10 14:56:30.779056, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/11/10 14:56:30.779105, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2016/11/10 14:56:30.779117, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:885(regdb_open) regdb_open: registry db opened. refcount reset (1) [2016/11/10 14:56:30.779128, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/11/10 14:56:30.779137, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/11/10 14:56:30.779147, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.779155, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM] [2016/11/10 14:56:30.779185, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 24 58 8E 7C ....=... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.779211, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003d-0000-0000-2458-8e7c274a0000 result : WERR_OK [2016/11/10 14:56:30.779257, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003d-0000-0000-2458-8e7c274a0000 name: struct winreg_String name_len : 0x00ba (186) name_size : 0x00ba (186) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä\DsSpooler' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_ACTION_NONE (0) [2016/11/10 14:56:30.779378, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 24 58 8E 7C ....=... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.779413, 10, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:785(_winreg_CreateKey) _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä\DsSpooler' [2016/11/10 14:56:30.779471, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2016/11/10 14:56:30.779483, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/11/10 14:56:30.779493, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (1->2) [2016/11/10 14:56:30.779504, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/11/10 14:56:30.779525, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/11/10 14:56:30.779536, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.779545, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE] [2016/11/10 14:56:30.779573, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2016/11/10 14:56:30.779584, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/11/10 14:56:30.779593, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/11/10 14:56:30.779603, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.779612, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.779623, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.779632, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.779652, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/11/10 14:56:30.779662, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2016/11/10 14:56:30.779671, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/11/10 14:56:30.779681, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/11/10 14:56:30.779691, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.779700, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.779711, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.779719, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.779734, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/11/10 14:56:30.779744, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2016/11/10 14:56:30.779753, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/11/10 14:56:30.779765, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/11/10 14:56:30.779775, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.779785, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.779797, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.779806, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf76f87c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.779827, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/11/10 14:56:30.779837, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2016/11/10 14:56:30.779847, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/11/10 14:56:30.779856, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/11/10 14:56:30.779866, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.779876, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.779888, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.779897, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf76f87c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.779918, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/11/10 14:56:30.779929, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2016/11/10 14:56:30.779938, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/11/10 14:56:30.779948, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/11/10 14:56:30.779959, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.779968, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.779980, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.779989, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.780034, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/11/10 14:56:30.780045, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2016/11/10 14:56:30.780054, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.780063, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/11/10 14:56:30.780073, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.780083, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.780113, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.780122, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.780145, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/11/10 14:56:30.780155, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [DsSpooler] [2016/11/10 14:56:30.780165, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/11/10 14:56:30.780175, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä\DsSpooler] [2016/11/10 14:56:30.780185, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä\DsSpooler] [2016/11/10 14:56:30.780197, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.780205, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä\DsSpooler] [2016/11/10 14:56:30.780224, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/11/10 14:56:30.780235, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 3E 00 00 00 00 00 00 00 24 58 8E 7C ....>... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.780260, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003e-0000-0000-2458-8e7c274a0000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK [2016/11/10 14:56:30.780309, 8, pid=18983, effective(0, 0), real(0, 0)] ../source3/rpc_client/cli_winreg_spoolss.c:285(winreg_printer_openkey) winreg_printer_openkey: createkey opened existing SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä\DsSpooler [2016/11/10 14:56:30.780326, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003e-0000-0000-2458-8e7c274a0000 name: struct winreg_String name_len : 0x0010 (16) name_size : 0x0010 (16) name : * name : 'uNCName' type : REG_SZ (1) data : * data: ARRAY(62) [0] : 0x5c (92) [1] : 0x00 (0) [2] : 0x5c (92) [3] : 0x00 (0) [4] : 0x49 (73) [5] : 0x00 (0) [6] : 0x53 (83) [7] : 0x00 (0) [8] : 0x45 (69) [9] : 0x00 (0) [10] : 0x52 (82) [11] : 0x00 (0) [12] : 0x56 (86) [13] : 0x00 (0) [14] : 0x5c (92) [15] : 0x00 (0) [16] : 0x61 (97) [17] : 0x00 (0) [18] : 0x61 (97) [19] : 0x00 (0) [20] : 0x61 (97) [21] : 0x00 (0) [22] : 0x61 (97) [23] : 0x00 (0) [24] : 0x61 (97) [25] : 0x00 (0) [26] : 0x61 (97) [27] : 0x00 (0) [28] : 0x61 (97) [29] : 0x00 (0) [30] : 0x61 (97) [31] : 0x00 (0) [32] : 0x61 (97) [33] : 0x00 (0) [34] : 0x61 (97) [35] : 0x00 (0) [36] : 0x61 (97) [37] : 0x00 (0) [38] : 0x61 (97) [39] : 0x00 (0) [40] : 0x61 (97) [41] : 0x00 (0) [42] : 0x61 (97) [43] : 0x00 (0) [44] : 0x61 (97) [45] : 0x00 (0) [46] : 0x61 (97) [47] : 0x00 (0) [48] : 0x61 (97) [49] : 0x00 (0) [50] : 0x61 (97) [51] : 0x00 (0) [52] : 0x61 (97) [53] : 0x00 (0) [54] : 0x61 (97) [55] : 0x00 (0) [56] : 0x61 (97) [57] : 0x00 (0) [58] : 0xe4 (228) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x00 (0) size : 0x0000003e (62) [2016/11/10 14:56:30.780602, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3E 00 00 00 00 00 00 00 24 58 8E 7C ....>... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.780627, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä\DsSpooler:uNCName] [2016/11/10 14:56:30.780673, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä\DsSpooler' (ops 0xf7331040) [2016/11/10 14:56:30.780685, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä\DsSpooler] [2016/11/10 14:56:30.780709, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[0]: name[printerName] len[46] [2016/11/10 14:56:30.780720, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[1]: name[shortServerName] len[12] [2016/11/10 14:56:30.780730, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[2]: name[versionNumber] len[4] [2016/11/10 14:56:30.780740, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[3]: name[printStartTime] len[4] [2016/11/10 14:56:30.780751, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[4]: name[printEndTime] len[4] [2016/11/10 14:56:30.780761, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[5]: name[priority] len[4] [2016/11/10 14:56:30.780771, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[6]: name[printKeepPrintedJobs] len[4] [2016/11/10 14:56:30.780781, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[7]: name[description] len[56] [2016/11/10 14:56:30.780793, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[8]: name[serverName] len[40] [2016/11/10 14:56:30.780804, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[9]: name[uNCName] len[62] [2016/11/10 14:56:30.780814, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[10]: name[driverName] len[58] [2016/11/10 14:56:30.780827, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2016/11/10 14:56:30.780852, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003e-0000-0000-2458-8e7c274a0000 [2016/11/10 14:56:30.780880, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3E 00 00 00 00 00 00 00 24 58 8E 7C ....>... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.780904, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3E 00 00 00 00 00 00 00 24 58 8E 7C ....>... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.780926, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) Closed policy [2016/11/10 14:56:30.780936, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (2->1) [2016/11/10 14:56:30.780946, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/11/10 14:56:30.780982, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003d-0000-0000-2458-8e7c274a0000 [2016/11/10 14:56:30.781009, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 24 58 8E 7C ....=... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.781033, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 24 58 8E 7C ....=... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.781056, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) Closed policy [2016/11/10 14:56:30.781066, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (1->0) [2016/11/10 14:56:30.781097, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/11/10 14:56:30.781169, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2016/11/10 14:56:30.781222, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2016/11/10 14:56:30.781237, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2016/11/10 14:56:30.781249, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:491(push_conn_ctx) push_conn_ctx(14969) : conn_ctx_stack_ndx = 0 [2016/11/10 14:56:30.781259, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2016/11/10 14:56:30.781268, 5, pid=18983, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/11/10 14:56:30.781277, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/11/10 14:56:30.781327, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2016/11/10 14:56:30.781339, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:885(regdb_open) regdb_open: registry db opened. refcount reset (1) [2016/11/10 14:56:30.781350, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2016/11/10 14:56:30.781359, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2016/11/10 14:56:30.781369, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.781378, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM] [2016/11/10 14:56:30.781404, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 3F 00 00 00 00 00 00 00 24 58 8E 7C ....?... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.781433, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003f-0000-0000-2458-8e7c274a0000 result : WERR_OK [2016/11/10 14:56:30.781491, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003f-0000-0000-2458-8e7c274a0000 name: struct winreg_String name_len : 0x00a6 (166) name_size : 0x00a6 (166) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_ACTION_NONE (0) [2016/11/10 14:56:30.781605, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3F 00 00 00 00 00 00 00 24 58 8E 7C ....?... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.781630, 10, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:785(_winreg_CreateKey) _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä' [2016/11/10 14:56:30.781677, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2016/11/10 14:56:30.781688, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2016/11/10 14:56:30.781698, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (1->2) [2016/11/10 14:56:30.781708, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2016/11/10 14:56:30.781718, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2016/11/10 14:56:30.781728, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.781737, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE] [2016/11/10 14:56:30.781764, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2016/11/10 14:56:30.781777, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2016/11/10 14:56:30.781787, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/11/10 14:56:30.781797, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.781807, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.781820, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.781832, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft] [2016/11/10 14:56:30.781860, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/11/10 14:56:30.781874, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2016/11/10 14:56:30.781884, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2016/11/10 14:56:30.781893, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/11/10 14:56:30.781904, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.781913, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.781925, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.781933, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2016/11/10 14:56:30.781949, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/11/10 14:56:30.781960, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2016/11/10 14:56:30.781969, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2016/11/10 14:56:30.781979, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/11/10 14:56:30.781989, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.781998, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.782010, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.782022, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf76f87c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2016/11/10 14:56:30.782043, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/11/10 14:56:30.782054, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2016/11/10 14:56:30.782063, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2016/11/10 14:56:30.782072, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/11/10 14:56:30.782082, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.782092, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.782104, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.782112, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf76f87c0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2016/11/10 14:56:30.782133, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/11/10 14:56:30.782144, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2016/11/10 14:56:30.782153, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2016/11/10 14:56:30.782163, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/11/10 14:56:30.782172, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.782184, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.782200, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.782212, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2016/11/10 14:56:30.782256, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/11/10 14:56:30.782266, 7, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.782275, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:857(regdb_open) regdb_open: incrementing refcount (2->3) [2016/11/10 14:56:30.782286, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.782298, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.782311, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2016/11/10 14:56:30.782320, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xf7331040 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.782343, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (3->2) [2016/11/10 14:56:30.782354, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 40 00 00 00 00 00 00 00 24 58 8E 7C ....@... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.782379, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000040-0000-0000-2458-8e7c274a0000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK [2016/11/10 14:56:30.782424, 8, pid=18983, effective(0, 0), real(0, 0)] ../source3/rpc_client/cli_winreg_spoolss.c:285(winreg_printer_openkey) winreg_printer_openkey: createkey opened existing SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä [2016/11/10 14:56:30.782441, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000040-0000-0000-2458-8e7c274a0000 name: struct winreg_String name_len : 0x0016 (22) name_size : 0x0016 (22) name : * name : 'Attributes' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2016/11/10 14:56:30.782514, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 40 00 00 00 00 00 00 00 24 58 8E 7C ....@... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.782539, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä:Attributes] [2016/11/10 14:56:30.782586, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä' (ops 0xf7331040) [2016/11/10 14:56:30.782601, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1905(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.782630, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2016/11/10 14:56:30.782642, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[1]: name[Datatype] len[8] [2016/11/10 14:56:30.782652, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[2]: name[Default Priority] len[4] [2016/11/10 14:56:30.782662, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[3]: name[Port] len[38] [2016/11/10 14:56:30.782672, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[4]: name[Name] len[46] [2016/11/10 14:56:30.782682, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[5]: name[Print Processor] len[18] [2016/11/10 14:56:30.782692, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[6]: name[Priority] len[4] [2016/11/10 14:56:30.782702, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[7]: name[Security] len[248] [2016/11/10 14:56:30.782712, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[8]: name[Share Name] len[46] [2016/11/10 14:56:30.782722, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[9]: name[StartTime] len[4] [2016/11/10 14:56:30.782732, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[10]: name[UntilTime] len[4] [2016/11/10 14:56:30.782742, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[11]: name[Description] len[56] [2016/11/10 14:56:30.782752, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[12]: name[Printer Driver] len[38] [2016/11/10 14:56:30.782763, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[13]: name[Location] len[2] [2016/11/10 14:56:30.782773, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[14]: name[Parameters] len[2] [2016/11/10 14:56:30.782783, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[15]: name[Separator File] len[2] [2016/11/10 14:56:30.782794, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[16]: name[Status] len[4] [2016/11/10 14:56:30.782813, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[17]: name[Default DevMode] len[1072] [2016/11/10 14:56:30.782825, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1850(regdb_unpack_values) regdb_unpack_values: value[18]: name[ChangeID] len[4] [2016/11/10 14:56:30.782838, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2016/11/10 14:56:30.782868, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000040-0000-0000-2458-8e7c274a0000 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'Description' type : REG_SZ (1) data : * data: ARRAY(56) [0] : 0x61 (97) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x61 (97) [5] : 0x00 (0) [6] : 0x61 (97) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x61 (97) [11] : 0x00 (0) [12] : 0x61 (97) [13] : 0x00 (0) [14] : 0x61 (97) [15] : 0x00 (0) [16] : 0x61 (97) [17] : 0x00 (0) [18] : 0x61 (97) [19] : 0x00 (0) [20] : 0x61 (97) [21] : 0x00 (0) [22] : 0x61 (97) [23] : 0x00 (0) [24] : 0x61 (97) [25] : 0x00 (0) [26] : 0x61 (97) [27] : 0x00 (0) [28] : 0x61 (97) [29] : 0x00 (0) [30] : 0x61 (97) [31] : 0x00 (0) [32] : 0x61 (97) [33] : 0x00 (0) [34] : 0x61 (97) [35] : 0x00 (0) [36] : 0x61 (97) [37] : 0x00 (0) [38] : 0x61 (97) [39] : 0x00 (0) [40] : 0x61 (97) [41] : 0x00 (0) [42] : 0xe4 (228) [43] : 0x00 (0) [44] : 0x2c (44) [45] : 0x00 (0) [46] : 0x20 (32) [47] : 0x00 (0) [48] : 0x30 (48) [49] : 0x00 (0) [50] : 0x2b (43) [51] : 0x00 (0) [52] : 0x30 (48) [53] : 0x00 (0) [54] : 0x00 (0) [55] : 0x00 (0) size : 0x00000038 (56) [2016/11/10 14:56:30.783109, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 40 00 00 00 00 00 00 00 24 58 8E 7C ....@... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.783133, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä:Description] [2016/11/10 14:56:30.783183, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2016/11/10 14:56:30.783212, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000040-0000-0000-2458-8e7c274a0000 name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Datatype' type : REG_SZ (1) data : * data: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : 0x00000008 (8) [2016/11/10 14:56:30.783295, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 40 00 00 00 00 00 00 00 24 58 8E 7C ....@... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.783319, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä:Datatype] [2016/11/10 14:56:30.783371, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2016/11/10 14:56:30.783398, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000040-0000-0000-2458-8e7c274a0000 name: struct winreg_String name_len : 0x0022 (34) name_size : 0x0022 (34) name : * name : 'Default Priority' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2016/11/10 14:56:30.783472, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 40 00 00 00 00 00 00 00 24 58 8E 7C ....@... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.783495, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä:Default Priority] [2016/11/10 14:56:30.783547, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2016/11/10 14:56:30.783574, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000040-0000-0000-2458-8e7c274a0000 name: struct winreg_String name_len : 0x001e (30) name_size : 0x001e (30) name : * name : 'Printer Driver' type : REG_SZ (1) data : * data: ARRAY(58) [0] : 0x48 (72) [1] : 0x00 (0) [2] : 0x50 (80) [3] : 0x00 (0) [4] : 0x20 (32) [5] : 0x00 (0) [6] : 0x55 (85) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x76 (118) [13] : 0x00 (0) [14] : 0x65 (101) [15] : 0x00 (0) [16] : 0x72 (114) [17] : 0x00 (0) [18] : 0x73 (115) [19] : 0x00 (0) [20] : 0x61 (97) [21] : 0x00 (0) [22] : 0x6c (108) [23] : 0x00 (0) [24] : 0x20 (32) [25] : 0x00 (0) [26] : 0x50 (80) [27] : 0x00 (0) [28] : 0x72 (114) [29] : 0x00 (0) [30] : 0x69 (105) [31] : 0x00 (0) [32] : 0x6e (110) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x20 (32) [37] : 0x00 (0) [38] : 0x44 (68) [39] : 0x00 (0) [40] : 0x72 (114) [41] : 0x00 (0) [42] : 0x69 (105) [43] : 0x00 (0) [44] : 0x76 (118) [45] : 0x00 (0) [46] : 0x65 (101) [47] : 0x00 (0) [48] : 0x72 (114) [49] : 0x00 (0) [50] : 0x20 (32) [51] : 0x00 (0) [52] : 0x50 (80) [53] : 0x00 (0) [54] : 0x53 (83) [55] : 0x00 (0) [56] : 0x00 (0) [57] : 0x00 (0) size : 0x0000003a (58) [2016/11/10 14:56:30.783821, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 40 00 00 00 00 00 00 00 24 58 8E 7C ....@... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.783844, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä:Printer Driver] [2016/11/10 14:56:30.783898, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2016/11/10 14:56:30.783918, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1970(regdb_store_values_internal) regdb_store_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.783946, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2016/11/10 14:56:30.783956, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order) check lock order 1 for /var/lib/samba/registry.tdb [2016/11/10 14:56:30.783965, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/var/lib/samba/registry.tdb 2: 3: [2016/11/10 14:56:30.783977, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 53414D42415F52454756 [2016/11/10 14:56:30.783988, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0xf9406d00 [2016/11/10 14:56:30.784005, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 53414D42415F52454756 [2016/11/10 14:56:30.784018, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /var/lib/samba/registry.tdb [2016/11/10 14:56:30.784027, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2016/11/10 14:56:30.785247, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2016/11/10 14:56:30.785283, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000040-0000-0000-2458-8e7c274a0000 name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Location' type : REG_SZ (1) data : * data: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : 0x00000002 (2) [2016/11/10 14:56:30.785348, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 40 00 00 00 00 00 00 00 24 58 8E 7C ....@... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.785372, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä:Location] [2016/11/10 14:56:30.785429, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2016/11/10 14:56:30.785458, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000040-0000-0000-2458-8e7c274a0000 name: struct winreg_String name_len : 0x0016 (22) name_size : 0x0016 (22) name : * name : 'Parameters' type : REG_SZ (1) data : * data: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : 0x00000002 (2) [2016/11/10 14:56:30.785528, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 40 00 00 00 00 00 00 00 24 58 8E 7C ....@... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.785552, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä:Parameters] [2016/11/10 14:56:30.785610, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2016/11/10 14:56:30.785639, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000040-0000-0000-2458-8e7c274a0000 name: struct winreg_String name_len : 0x000a (10) name_size : 0x000a (10) name : * name : 'Port' type : REG_SZ (1) data : * data: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : 0x00000026 (38) [2016/11/10 14:56:30.785827, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 40 00 00 00 00 00 00 00 24 58 8E 7C ....@... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.785851, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä:Port] [2016/11/10 14:56:30.785904, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2016/11/10 14:56:30.785935, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000040-0000-0000-2458-8e7c274a0000 name: struct winreg_String name_len : 0x000a (10) name_size : 0x000a (10) name : * name : 'Name' type : REG_SZ (1) data : * data: ARRAY(46) [0] : 0x61 (97) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x61 (97) [5] : 0x00 (0) [6] : 0x61 (97) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x61 (97) [11] : 0x00 (0) [12] : 0x61 (97) [13] : 0x00 (0) [14] : 0x61 (97) [15] : 0x00 (0) [16] : 0x61 (97) [17] : 0x00 (0) [18] : 0x61 (97) [19] : 0x00 (0) [20] : 0x61 (97) [21] : 0x00 (0) [22] : 0x61 (97) [23] : 0x00 (0) [24] : 0x61 (97) [25] : 0x00 (0) [26] : 0x61 (97) [27] : 0x00 (0) [28] : 0x61 (97) [29] : 0x00 (0) [30] : 0x61 (97) [31] : 0x00 (0) [32] : 0x61 (97) [33] : 0x00 (0) [34] : 0x61 (97) [35] : 0x00 (0) [36] : 0x61 (97) [37] : 0x00 (0) [38] : 0x61 (97) [39] : 0x00 (0) [40] : 0x61 (97) [41] : 0x00 (0) [42] : 0xe4 (228) [43] : 0x00 (0) [44] : 0x00 (0) [45] : 0x00 (0) size : 0x0000002e (46) [2016/11/10 14:56:30.786147, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 40 00 00 00 00 00 00 00 24 58 8E 7C ....@... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.786172, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä:Name] [2016/11/10 14:56:30.786224, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2016/11/10 14:56:30.786251, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000040-0000-0000-2458-8e7c274a0000 name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Print Processor' type : REG_SZ (1) data : * data: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : 0x00000012 (18) [2016/11/10 14:56:30.786365, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 40 00 00 00 00 00 00 00 24 58 8E 7C ....@... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.786388, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä:Print Processor] [2016/11/10 14:56:30.786439, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2016/11/10 14:56:30.786468, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000040-0000-0000-2458-8e7c274a0000 name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Priority' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2016/11/10 14:56:30.786544, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 40 00 00 00 00 00 00 00 24 58 8E 7C ....@... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.786567, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä:Priority] [2016/11/10 14:56:30.786620, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2016/11/10 14:56:30.786648, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000040-0000-0000-2458-8e7c274a0000 name: struct winreg_String name_len : 0x001e (30) name_size : 0x001e (30) name : * name : 'Separator File' type : REG_SZ (1) data : * data: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : 0x00000002 (2) [2016/11/10 14:56:30.786710, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 40 00 00 00 00 00 00 00 24 58 8E 7C ....@... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.786733, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä:Separator File] [2016/11/10 14:56:30.786786, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2016/11/10 14:56:30.786813, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000040-0000-0000-2458-8e7c274a0000 name: struct winreg_String name_len : 0x0016 (22) name_size : 0x0016 (22) name : * name : 'Share Name' type : REG_SZ (1) data : * data: ARRAY(46) [0] : 0x61 (97) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x61 (97) [5] : 0x00 (0) [6] : 0x61 (97) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x61 (97) [11] : 0x00 (0) [12] : 0x61 (97) [13] : 0x00 (0) [14] : 0x61 (97) [15] : 0x00 (0) [16] : 0x61 (97) [17] : 0x00 (0) [18] : 0x61 (97) [19] : 0x00 (0) [20] : 0x61 (97) [21] : 0x00 (0) [22] : 0x61 (97) [23] : 0x00 (0) [24] : 0x61 (97) [25] : 0x00 (0) [26] : 0x61 (97) [27] : 0x00 (0) [28] : 0x61 (97) [29] : 0x00 (0) [30] : 0x61 (97) [31] : 0x00 (0) [32] : 0x61 (97) [33] : 0x00 (0) [34] : 0x61 (97) [35] : 0x00 (0) [36] : 0x61 (97) [37] : 0x00 (0) [38] : 0x61 (97) [39] : 0x00 (0) [40] : 0x61 (97) [41] : 0x00 (0) [42] : 0xe4 (228) [43] : 0x00 (0) [44] : 0x00 (0) [45] : 0x00 (0) size : 0x0000002e (46) [2016/11/10 14:56:30.787121, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 40 00 00 00 00 00 00 00 24 58 8E 7C ....@... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.787160, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä:Share Name] [2016/11/10 14:56:30.787227, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2016/11/10 14:56:30.787260, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000040-0000-0000-2458-8e7c274a0000 name: struct winreg_String name_len : 0x0014 (20) name_size : 0x0014 (20) name : * name : 'StartTime' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2016/11/10 14:56:30.787340, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 40 00 00 00 00 00 00 00 24 58 8E 7C ....@... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.787376, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä:StartTime] [2016/11/10 14:56:30.787448, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2016/11/10 14:56:30.787485, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000040-0000-0000-2458-8e7c274a0000 name: struct winreg_String name_len : 0x000e (14) name_size : 0x000e (14) name : * name : 'Status' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2016/11/10 14:56:30.787585, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 40 00 00 00 00 00 00 00 24 58 8E 7C ....@... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.787620, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä:Status] [2016/11/10 14:56:30.787691, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2016/11/10 14:56:30.787727, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000040-0000-0000-2458-8e7c274a0000 name: struct winreg_String name_len : 0x0014 (20) name_size : 0x0014 (20) name : * name : 'UntilTime' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2016/11/10 14:56:30.787801, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 40 00 00 00 00 00 00 00 24 58 8E 7C ....@... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.787826, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä:UntilTime] [2016/11/10 14:56:30.787884, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2016/11/10 14:56:30.787914, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000040-0000-0000-2458-8e7c274a0000 name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'ChangeID' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0xbb (187) [1] : 0x48 (72) [2] : 0x05 (5) [3] : 0x00 (0) size : 0x00000004 (4) [2016/11/10 14:56:30.787984, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 40 00 00 00 00 00 00 00 24 58 8E 7C ....@... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.788007, 8, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:815(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä:ChangeID] [2016/11/10 14:56:30.788079, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2016/11/10 14:56:30.788109, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:1970(regdb_store_values_internal) regdb_store_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\aaaaaaaaaaaaaaaaaaaaaä] [2016/11/10 14:56:30.788148, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2016/11/10 14:56:30.788161, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order) check lock order 1 for /var/lib/samba/registry.tdb [2016/11/10 14:56:30.788173, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/var/lib/samba/registry.tdb 2: 3: [2016/11/10 14:56:30.788193, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 53414D42415F52454756 [2016/11/10 14:56:30.788208, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0xf940c728 [2016/11/10 14:56:30.788234, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 53414D42415F52454756 [2016/11/10 14:56:30.788247, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /var/lib/samba/registry.tdb [2016/11/10 14:56:30.788259, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2016/11/10 14:56:30.789563, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2016/11/10 14:56:30.789600, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000040-0000-0000-2458-8e7c274a0000 [2016/11/10 14:56:30.789632, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 40 00 00 00 00 00 00 00 24 58 8E 7C ....@... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.789657, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 40 00 00 00 00 00 00 00 24 58 8E 7C ....@... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.789702, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) Closed policy [2016/11/10 14:56:30.789715, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (2->1) [2016/11/10 14:56:30.789726, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/11/10 14:56:30.789765, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000003f-0000-0000-2458-8e7c274a0000 [2016/11/10 14:56:30.789793, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3F 00 00 00 00 00 00 00 24 58 8E 7C ....?... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.789817, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3F 00 00 00 00 00 00 00 24 58 8E 7C ....?... ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.789845, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) Closed policy [2016/11/10 14:56:30.789855, 10, pid=18983, effective(0, 0), real(0, 0), class=registry] ../source3/registry/reg_backend_db.c:902(regdb_close) regdb_close: decrementing refcount (1->0) [2016/11/10 14:56:30.789917, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/11/10 14:56:30.789977, 10, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:418(close_policy_by_pipe) Deleted handle list for RPC connection winreg [2016/11/10 14:56:30.789993, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) spoolss_SetPrinter: struct spoolss_SetPrinter out: struct spoolss_SetPrinter result : WERR_OK [2016/11/10 14:56:30.790013, 5, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1496(api_rpcTNP) api_rpcTNP: called spoolss successfully [2016/11/10 14:56:30.790033, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2016/11/10 14:56:30.790050, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x001c (28) auth_length : 0x0000 (0) call_id : 0x00000009 (9) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000004 (4) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4 [0000] 00 00 00 00 .... [2016/11/10 14:56:30.790158, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:509(named_pipe_packet_process) Sending 1 fragments in a total of 4 bytes [2016/11/10 14:56:30.790184, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:514(named_pipe_packet_process) Sending PDU number: 0, PDU Length: 28 [2016/11/10 14:56:30.790237, 10, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:417(np_read_recv) Received 28 bytes. There is no more data outstanding [2016/11/10 14:56:30.790251, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..28] (align 0) [2016/11/10 14:56:30.790261, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/util.c:171(show_msg) [2016/11/10 14:56:30.790271, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/util.c:181(show_msg) size=84 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51223 smb_tid=13490 smb_pid=18981 smb_uid=14969 smb_mid=15 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 28 (0x1C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 28 (0x1C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [2016/11/10 14:56:30.790328, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) [0000] 00 05 00 02 03 10 00 00 00 1C 00 00 00 09 00 00 ........ ........ [0010] 00 04 00 00 00 00 00 00 00 00 00 00 00 ........ ..... [2016/11/10 14:56:30.790354, 10, pid=18983, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:158(smb_signing_md5) smb_signing_md5: sequence number 27 [2016/11/10 14:56:30.790365, 10, pid=18983, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:271(smb_signing_sign_pdu) smb_signing_sign_pdu: sent SMB signature of [2016/11/10 14:56:30.790374, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) [0000] DE 3D 81 06 57 1B 2C 68 .=..W.,h [2016/11/10 14:56:30.790518, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/util_sock.c:248(read_smb_length_return_keepalive) got smb length of 128 [2016/11/10 14:56:30.790537, 10, pid=18983, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:158(smb_signing_md5) smb_signing_md5: sequence number 28 [2016/11/10 14:56:30.790548, 10, pid=18983, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:330(smb_signing_check_pdu) smb_signing_check_pdu: seq 28: got good SMB signature of [2016/11/10 14:56:30.790557, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) [0000] C0 70 B5 38 8D 43 F7 21 .p.8.C.! [2016/11/10 14:56:30.790572, 6, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1955(process_smb) got message type 0x0 of len 0x80 [2016/11/10 14:56:30.790582, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1957(process_smb) Transaction 16 of length 132 (0 toread) [2016/11/10 14:56:30.790591, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/util.c:171(show_msg) [2016/11/10 14:56:30.790598, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/util.c:181(show_msg) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51287 smb_tid=13490 smb_pid=18981 smb_uid=14969 smb_mid=16 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=15992 (0x3E78) smb_bcc=61 [2016/11/10 14:56:30.790685, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 0A 00 00 ........ .,...... [0020] 00 14 00 00 00 00 00 1D 00 00 00 00 00 0E 00 00 ........ ........ [0030] 00 00 00 00 00 24 58 8E 7C 27 4A 00 00 .....$X. |'J.. [2016/11/10 14:56:30.790735, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1538(switch_message) switch message SMBtrans (pid 18983) conn 0xf93f01e8 [2016/11/10 14:56:30.790745, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2016/11/10 14:56:30.790758, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:591(handle_trans) trans <\PIPE\> data=44 params=0 setup=2 [2016/11/10 14:56:30.790773, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:624(handle_trans) calling named_pipe [2016/11/10 14:56:30.790782, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:542(named_pipe) named pipe command on <> name [2016/11/10 14:56:30.790791, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:464(api_fd_reply) api_fd_reply [2016/11/10 14:56:30.790801, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:506(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 3e78) [2016/11/10 14:56:30.790810, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:508(api_fd_reply) api_fd_reply: p:0xf93f09e8 max_trans_reply: 4280 [2016/11/10 14:56:30.790820, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:172(np_write_send) np_write_send: len: 44 [2016/11/10 14:56:30.790870, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:441(named_pipe_packet_process) PDU is in Little Endian format! [2016/11/10 14:56:30.790882, 10, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1685(process_complete_pdu) Processing packet type 0 [2016/11/10 14:56:30.790892, 10, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1554(dcesrv_auth_request) Checking request auth. [2016/11/10 14:56:30.790906, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2016/11/10 14:56:30.790918, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2016/11/10 14:56:30.790929, 5, pid=18983, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1350919854-2293596380-2349120355-1000 SID[ 1]: S-1-5-21-1350919854-2293596380-2349120355-513 SID[ 2]: S-1-22-2-0 SID[ 3]: S-1-1-0 SID[ 4]: S-1-5-2 SID[ 5]: S-1-5-11 SID[ 6]: S-1-22-1-0 Privileges (0x 0): Rights (0x 0): [2016/11/10 14:56:30.790965, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 1 supplementary groups Group[ 0]: 0 [2016/11/10 14:56:30.790987, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:452(smbd_become_authenticated_pipe_user) Impersonated user: uid=(0,0), gid=(0,0) [2016/11/10 14:56:30.790998, 5, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1404(api_pipe_request) Requested spoolss rpc service [2016/11/10 14:56:30.791008, 4, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1429(api_rpcTNP) api_rpcTNP: spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER [2016/11/10 14:56:30.791019, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1469(api_rpcTNP) api_rpc_cmds[29].fn == 0xf75094b0 [2016/11/10 14:56:30.791030, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter in: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000e-0000-0000-2458-8e7c274a0000 [2016/11/10 14:56:30.791070, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0E 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.791095, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0E 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.791122, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0E 00 00 00 00 00 00 00 24 58 8E 7C ........ ....$X.| [0010] 27 4A 00 00 'J.. [2016/11/10 14:56:30.791145, 6, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd) Closed policy [2016/11/10 14:56:30.791155, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter out: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2016/11/10 14:56:30.791186, 5, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1496(api_rpcTNP) api_rpcTNP: called spoolss successfully [2016/11/10 14:56:30.791201, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2016/11/10 14:56:30.791215, 1, pid=18983, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:402(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x0000000a (10) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 ........ [2016/11/10 14:56:30.791349, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:509(named_pipe_packet_process) Sending 1 fragments in a total of 24 bytes [2016/11/10 14:56:30.791359, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:514(named_pipe_packet_process) Sending PDU number: 0, PDU Length: 48 [2016/11/10 14:56:30.791389, 10, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:417(np_read_recv) Received 48 bytes. There is no more data outstanding [2016/11/10 14:56:30.791400, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2016/11/10 14:56:30.791410, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/util.c:171(show_msg) [2016/11/10 14:56:30.791417, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/util.c:181(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51223 smb_tid=13490 smb_pid=18981 smb_uid=14969 smb_mid=16 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2016/11/10 14:56:30.791493, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0A 00 00 ........ .0...... [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 . [2016/11/10 14:56:30.791547, 10, pid=18983, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:158(smb_signing_md5) smb_signing_md5: sequence number 29 [2016/11/10 14:56:30.791558, 10, pid=18983, effective(0, 0), real(0, 0)] ../libcli/smb/smb_signing.c:271(smb_signing_sign_pdu) smb_signing_sign_pdu: sent SMB signature of [2016/11/10 14:56:30.791567, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/util/util.c:559(dump_data) [0000] 62 B9 9F AB D2 1E 3E 1A b.....>. [2016/11/10 14:56:31.768590, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2016/11/10 14:56:31.768611, 5, pid=18983, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/11/10 14:56:31.768622, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/11/10 14:56:31.768643, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2016/11/10 14:56:31.768662, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/printing/notify.c:180(print_notify_send_messages_to_printer) print_notify_send_messages_to_printer: sending 2 print notify messages to printer aaaaaaaaaaaaaaaaaaaaaä [2016/11/10 14:56:34.752031, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/util_sock.c:134(read_fd_with_timeout) read_fd_with_timeout: blocking read. EOF from client. [2016/11/10 14:56:34.752053, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:554(receive_smb_talloc) receive_smb_raw_talloc failed for client ipv4:192.168.9.8:35412 read error = NT_STATUS_END_OF_FILE. [2016/11/10 14:56:34.752070, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2016/11/10 14:56:34.752081, 5, pid=18983, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/11/10 14:56:34.752101, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/11/10 14:56:34.752122, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2016/11/10 14:56:34.752134, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2016/11/10 14:56:34.752143, 5, pid=18983, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/11/10 14:56:34.752152, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/11/10 14:56:34.752168, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2016/11/10 14:56:34.752184, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2016/11/10 14:56:34.752194, 5, pid=18983, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/11/10 14:56:34.752203, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/11/10 14:56:34.752218, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2016/11/10 14:56:34.752231, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order) check lock order 1 for /var/run/samba/smbXsrv_tcon_global.tdb [2016/11/10 14:56:34.752241, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/var/run/samba/smbXsrv_tcon_global.tdb 2: 3: [2016/11/10 14:56:34.752273, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 6114D4AA [2016/11/10 14:56:34.752289, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0xf93f2d80 [2016/11/10 14:56:34.752306, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 6114D4AA [2016/11/10 14:56:34.752318, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /var/run/samba/smbXsrv_tcon_global.tdb [2016/11/10 14:56:34.752328, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2016/11/10 14:56:34.752340, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order) check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2016/11/10 14:56:34.752350, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: [2016/11/10 14:56:34.752360, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 35AFBF44 [2016/11/10 14:56:34.752372, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0xf94014d0 [2016/11/10 14:56:34.752385, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 35AFBF44 [2016/11/10 14:56:34.752395, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2016/11/10 14:56:34.752405, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2016/11/10 14:56:34.752424, 10, pid=18983, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:418(close_policy_by_pipe) Deleted handle list for RPC connection spoolss [2016/11/10 14:56:34.752444, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/files.c:554(file_free) freed files structure 15992 (0 used) [2016/11/10 14:56:34.752454, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2016/11/10 14:56:34.752479, 5, pid=18983, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/11/10 14:56:34.752488, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/11/10 14:56:34.752508, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2016/11/10 14:56:34.752520, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/service.c:1148(close_cnum) iserv (ipv4:192.168.9.8:35412) closed connection to service IPC$ [2016/11/10 14:56:34.752533, 4, pid=18983, effective(0, 0), real(0, 0), class=vfs] ../source3/smbd/vfs.c:844(vfs_ChDir) vfs_ChDir to / [2016/11/10 14:56:34.752561, 4, pid=18983, effective(0, 0), real(0, 0), class=vfs] ../source3/smbd/vfs.c:855(vfs_ChDir) vfs_ChDir got / [2016/11/10 14:56:34.752572, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2016/11/10 14:56:34.752582, 5, pid=18983, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/11/10 14:56:34.752591, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/11/10 14:56:34.752606, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2016/11/10 14:56:34.752622, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order) check lock order 1 for /var/run/samba/smbXsrv_session_global.tdb [2016/11/10 14:56:34.752632, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/var/run/samba/smbXsrv_session_global.tdb 2: 3: [2016/11/10 14:56:34.752642, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 6880A3D1 [2016/11/10 14:56:34.752655, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0xf93f20c0 [2016/11/10 14:56:34.752674, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 6880A3D1 [2016/11/10 14:56:34.752702, 5, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /var/run/samba/smbXsrv_session_global.tdb [2016/11/10 14:56:34.752713, 10, pid=18983, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2016/11/10 14:56:34.752727, 4, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2016/11/10 14:56:34.752740, 5, pid=18983, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2016/11/10 14:56:34.752752, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:639(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2016/11/10 14:56:34.752769, 5, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:425(smbd_change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2016/11/10 14:56:34.752800, 10, pid=18983, effective(0, 0), real(0, 0)] ../source3/lib/messages_dgm_ref.c:142(msg_dgm_ref_destructor) msg_dgm_ref_destructor: refs=(nil) [2016/11/10 14:56:34.752905, 3, pid=18983, effective(0, 0), real(0, 0)] ../source3/smbd/server_exit.c:246(exit_server_common) Server exit (failed to receive smb request)