[000] 00 5C 00 50 00 49 00 50 00 45 00 00 00 05 00 00 .\.P.I.P .E...... [010] 03 10 00 00 00 5E 00 00 00 06 00 00 00 46 00 00 .....^.. .....F.. [020] 00 00 00 0C 00 00 00 00 00 08 00 00 00 00 00 00 ........ ........ [030] 00 01 76 E8 3E 01 09 00 00 0A 00 0C 00 30 02 49 ..v.>... .....0.I [040] 00 06 00 00 00 00 00 00 00 05 00 00 00 54 00 45 ........ .....T.E [050] 00 53 00 54 00 24 00 7D 1A B0 00 05 E0 53 00 45 .S.T.$.} .....S.E [060] 00 52 00 56 00 45 00 52 00 53 00 .R.V.E.R .S. switch message SMBtrans (pid 2305) change_to_user: Skipping user change - already user trans <\PIPE> data=94 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply search for pipe pnum=74fc pipe name samr pnum=74fc (pipes_open=1) Got API command 0x26 on pipe "samr" (pnum 74fc)api_fd_reply: p:0x8365af0 max_trans_reply: 512 write_to_pipe: 74fc name: samr open: Yes len: 94 write_to_pipe: data_left = 94 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 94 fill_rpc_header: data_to_copy = 94, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 78 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 78 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 005e 000a auth_len : 0000 000c call_id : 00000006 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 78 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 78, incoming data = 78 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000046 0004 context_id: 0000 0006 opnum : 000c free_pipe_context: destroying talloc pool of size 0 Requested \PIPE\samr Doing \PIPE\samr api_rpcTNP: samr op 0xc - unknown